I am using the REST API for iObeya, I wish to use Python Requests but currently I cannot authenticate with the server. The documentation states that you can authenticate using a POST request and upon return, you should get a cookie called 'JSESSIONID' when the auth is correct.
So far I have this:
url = 'https://link-to.com/iobeya/'
auth_url = 'https://link-to.com/iobeya/j_spring_security_check'
headers = {"content-type": "application/x-www-form-urlencoded; charset=utf-8"}
session = requests.Session()
session.auth = ("username", "password")
auth = session.post(url, verify=False)
r = session.get(url, verify=False, headers=headers)
print(r.status_code)
print(r.headers)
print(r.cookies)
The return of cookies is null. Is this the right way to be doing a auth request using a POST method?
Here is the page describing how the auth API works:
It just wants you to make a normal POST with username and password.
auth_url = 'https://link-to.com/iobeya/j_spring_security_check'
session = requests.Session()
auth = session.post(auth_url, data={'username': username, 'password': password})
Related
I am trying to make a simple request to get the access token from Citrix ShareFile, but it's throwing 400 error.
I am going exactly as it's mentioned in the documentation, except changing Python2 code with HTTPLib, with Python3 code with Requests. The code is:
url = 'https://{my_domain}.sharefile.com/oauth/token'
headers = {'Content_Type': 'application/x-www-form-urlencoded'}
params = {'grant_type':'password', 'client_id':my_client_id, 'client_secret':my_client_secret, 'username':my_username, 'password':my_password}
response = requests.post(url, params=params, headers = headers)
print(response.status_code, response.reason)
I get the following response:
400 Bad Request
I also added urllib.parse.urlencode to params, but am still getting the same response error
response = requests.post(url, params=urllib.parse.urlencode(params), headers = headers)
Request guidance on what am I doing wrong. TIA
It could be the password, in the context of Sharefile it means app_password and not the password used to login to website. Or response_type to 'code'.
SF Auth is through OAuth2 with a GrandType: OAuth2 Password Grant
This way works for me:
url = 'https://{my_domain}.sharefile.com/oauth/token'
headers = {'Content-Type': 'application/x-www-form-urlencoded'}
data = {
'response_type': 'code',
'grant_type': 'password',
'client_id': '<YOUR CLIENT ID>',
'client_secret': '<YOUR SECRET>',
'username': '<USERNAME>',
'password': '<APP_PASSWORD>' # not regular password to login using web
}
response = requests.post(url, data=data, headers=headers)
Response contains token and refresh token.
When I add content-type my issue solved.
Check and add valid content-type
I need to use urllib/urllib2 libraries to login to a first website to retrieve session cookie that will allow me to log in to the proper, final website. Using requests library is pretty straight forward (I did it to make sure I can actually access the website):
import requests
payload = {"userName": "username", "password": "password", "apiKey": "myApiKey"}
url = "https://sso.somewebsite.com/api/authenticateme"
session = requests.session()
r = session.post(url, payload)
# Now that I have a cookie I can actually access my final website
r2 = session.get("https://websiteineed.somewebsite.com")
I tried to replicate this behavior using urllib/urllib2 libraries but keep getting HTTP Error 403: Forbidden:
cj = cookielib.CookieJar()
opener = urllib2.build_opener(urllib2.HTTPCookieProcessor(cj))
urllib2.install_opener(opener)
values = {"userId": username , "password": password, "apiKey": apiKey}
url = 'https://sso.somewebsite.com/api/authenticateme'
data = urllib.urlencode(values)
req = urllib2.Request(url, data)
resp = urllib2.urlopen(req)
req2 = urllib2.Request('https://download.somewebsite.com')
resp2 = urllib2.urlopen(req2)
I tried solutions I found here and here and here but none of them worked for me... I would appreciate any suggestions!
The reason why the 'final page' was rejecting the cookies is because Python was adding 'User-agent', 'Python-urllib/2.7'to the header. After removing this element I was able to login to a website:
opener.addheaders.pop(0)
I'm trying to make a POST requst using python requests library to a website that authenticate using Bearer token. Here's my code:
sess = requests.session()
post_url = 'someURL'
payload = {'username': 'myusername',
'password': 'mypassword'}
post_header = {'Authentication': f'Bearer {token_value}'}
r = sess.post(url_post, data=payload, headers=post_header)
with open('index.html', 'w', encoding="utf-8") as f:
f.write(r.text)
In response I get the login page again with status_code 200.
I also tried the auth parameter in post function but none of them worked.
anyone knows what should i do?
I am learning python for fun, and my project for that is parsing popular sites with flash deals and posting it to site https://www.pepper.pl/ . I had a look on networking while messing with the site in chrome, and I've found that request body for login contains following data:
_token: gse5bAi58jnciXdynLu7D7ncXmTg1twChWMjsOFF
source: generic_join_button_header
identity: login
password: password
remember: on
So using postman I've filled this data into request with content-type as application/x-www-form-urlencoded. And the response was correct, I was able to login with postman. But when I tried to reproduce that with python, it was a failure, I received 404.
def get_pepper_token():
url = "https://www.pepper.pl/login/modal/login"
request = requests.get(url)
soup = BeautifulSoup(page, features="html.parser")
return soup.find('input', attrs={'name': '_token'})['value']
def get_login_headers():
url = "https://www.pepper.pl/login"
username = 'username'
password = 'password'
token = get_pepper_token()
payload = {
'_token': token,
'source': 'generic_join_button_header',
'identity': username,
'password': password,
'remember': 'on'
}
headers = {
'Content-Type': "application/x-www-form-urlencoded"
}
response = requests.post(url, payload, headers=headers)
So I've monitored in postman console what was exactly in request:
Request Headers:
content-type:"application/x-www-form-urlencoded"
cache-control:"no-cache"
postman-token:"de74adb5-5e9b-4c98-9a95-bb69bc739270"
user-agent:"PostmanRuntime/7.2.0"
accept:"*/*"
cookie:"__cfduid=d32b701203ce16ee47549cbe5388b3faa1534746292; first_visit=%22bf0e1200-a441-11e8-b92e-6805ca619fd2%22; pepper_session=%2255c4b461a56c37f5c2ce1a7323b44f8d12353e91%22; browser_push_permission_requested=1534748540; remember_afba1956ef54387311fa0b0cd07acd2b=%22100085%7ChX2GS7H3l8QY79HasDcB3scptVyKGDVMJHdz4Ux2ONIih6Rp2VKhU0BpxvzD%22; view_layout_horizontal=%220-1%22; show_my_tab=0; navi=%5B%5D"
accept-encoding:"gzip, deflate"
referer:"https://www.pepper.pl/login"
and as you can see there are some fields in request headers which I did not enter in postman. I added manually cookie value from request headers from postman, and it worked. Rest of those fields are not required.
Do you know how I may generate this cookie?
The answer is simple library RoboBrowser, here is how I solved part of the problem:
Very short and handy solution compare to my previous attempts.
RoboBrowser GitHub page
url = "https://www.pepper.pl/login/modal/login"
browser = RoboBrowser()
browser.open(url)
signup_form = browser.get_form('login_form')
signup_form['identity'].value = self.username
signup_form['password'].value = self.password
browser.submit_form(signup_form)
I am new to Python and I'm trying to log into a website using the Requests module and print out some of my account information. See code below :
import requests
username = 'myusername'
password = 'mypassword'
URL = 'https://www.mmoga.com/login.php'
payload = {'email_address': username, 'password': password}
session = requests.session()
r = requests.post(URL, data=payload)
account = session.get('https://www.mmoga.com/shopping_cart.php')
print account.content
Do I also have to add headers to the requests.post?
When I look at the html source I am seeing
<div class="boxHeading">
- My Account -
</div>
however I should be seeing
<div class="boxHeading">
- My Account -
</div>
When posting the the login form on that page you also need to pass a query string with a "get" parameter named action:
import requests
username = 'myusername'
password = 'mypassword'
URL = 'https://www.mmoga.com/login.php'
payload = {'email_address': username, 'password': password}
params = {'action': 'process'}
session = requests.session()
r = session.post(URL, data=payload, params=params)
account = session.get('https://www.mmoga.com/shopping_cart.php')
print account.content
That should fix the login problem. Also, the session is not being used during login, so you should use session.post() as shown above.
Looking at https://www.mmoga.com the login URL seems to be: https://www.mmoga.com/login.php?action=process
i think you should use the session object for the POST too, so that credential cookies are actually stored in it
r = session.post(URL, data=payload)