javascript - GreaseMonkey script to auto login using HTTP authentication

Question

I've got quite a few GreaseMonkey scripts that I wrote at my work which automatically log me into the internal sites we have here. I've managed to write a script for nearly each one of these sites except for our time sheet application, which uses HTTP authentication.

Is there a way I can use GreaseMonkey to log me into this site automatically?

Edit: I am aware of the store password functionality in browsers, but my scripts go a step further by checking if I'm logged into the site when it loads (by traversing HTML) and then submitting a post to the login page. This removes the step of having to load up the site, entering the login page, entering my credentials, then hitting submit

Answer 1

It is possible to log in using HTTP authentication by setting the "Authorization" HTTP header, with the value of this header set to the string "basic username:password", but with the "username:password" portion of the string Base 64 encoded.

http://frontier.userland.com/stories/storyReader$2159

A bit of researching found that GreaseMonkey has a a function built into it where you can send GET / POST requests to the server called GM_xmlhttpRequest

http://diveintogreasemonkey.org/api/gm_xmlhttprequest.html

So putting it all together (and also getting this JavaScript code to convert strings into base64 I get the following

http://www.webtoolkit.info/javascript-base64.html

var loggedInText = document.getElementById('metanav').firstChild.firstChild.innerHTML;
if (loggedInText != "logged in as jklp") {
    var username = 'jklp';
    var password = 'jklpPass';
    var base64string = Base64.encode(username + ":" + password);

    GM_xmlhttpRequest({
        method: 'GET',
        url: 'http://foo.com/trac/login',
        headers: {
            'User-agent': 'Mozilla/4.0 (compatible) Greasemonkey/0.3',
            'Accept': 'application/atom+xml,application/xml,text/xml',
            'Authorization':'Basic ' + base64string,
        }
    });
}

So when I now visit the site, it traverses the DOM and if I'm not logged in, it automagically logs me in.