My goal is to access a website that uses HTTP authentication using python. I can open the website from my web browser and the header tells me that I should use HTTBDigestAuth:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.5
Authorization: Digest username="user", realm="CG Downloads", nonce="cTN0pKxqBQA=e46ad250f42f73e9076ebc97c417f0d38bac094a", uri="/fileadmin/teaching/2017/WS/adip/exercises/adip-uebung-00-.pdf", algorithm=MD5, response="5a57ddbcd1b20444100a91b1967a2782", qop=auth, nc=00000001, cnonce="5a6b041b4113bb9a"
Connection: keep-alive
Cookie: fe_typo_user=76b7e7e25372f782d94e91b51b854568
Host: cg.cs.uni-bonn.de
Referer: http://cg.cs.uni-bonn.de/de/lehre/ws-2017/vorlesung-algorithmisches-denken-und-imperative-programmierung/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:59.0) Gecko/20100101 Firefox/59.0
However when I try to go the the page using requests and HTTPDigestAuth I get "401 Unauthorized" as a response.
import logging
import requests
from requests.auth import HTTPDigestAuth
try:
import httplib
except ImportError:
import http.client as httplib
httplib.HTTPConnection.debuglevel = 1
logging.basicConfig(level=logging.DEBUG)
url = 'http://cg.cs.uni-bonn.de/fileadmin/teaching/2017/WS/adip/exercises/adip-uebung-00-.pdf'
response = requests.get(url, auth=HTTPDigestAuth('user', 'pass'),
timeout=10)
print(response.status_code)
print(response.headers)
print(r.text)
Am I using the wrong authorization method or is my code wrong? I appreciate any help you can give me.
EDIT:
I am trying to access sites on cg.cs.uni-bonn.de, for example http://cg.cs.uni-bonn.de/fileadmin/teaching/2017/WS/adip/exercises/adip-uebung-00-.pdf
You just need to pass values to auth=HTTPDigestAuth('user', 'pass') like this:
user = 'admin' # change to your username
pass = '123456' # change to your password
...
response = requests.get(url, auth=HTTPDigestAuth(user, pass),
timeout=10)
...
Related
I need a python script that posts a given Authorization Bearer header to a specific ipand port.
This is what I have so far.
#!/usr/bin/python
import urllib3
import certifi
http = urllib3.PoolManager(ca_certs=certifi.where())
url = 'http://172.10.10.2:3000'
req = http.request('POST', url, fields={'Authorization': 'Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJjbWQiOiJscyR7SUZTfS1sYSR7SUZTfS90bXAvbmMifQ.EziCTtJn1PpPXvemJllF36w7ADNkhKiktZ5sv9ADR3o'})
print(req.data.decode('utf-8'))
I currently get an error when running this stating that the Required authorization token is not found
The bearer code is created manually and then input into the script, if there was a way to import that from the site I create it on that would be helpful.
What I need the output to be in this -
GET / HTTP/1.1
Host: 172.10.10.2:3000
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: close
Upgrade-Insecure-Requests: 1
Cache-Control: max-age=0
Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJjbWQiOiJpcCR7SUZTfWEifQ.RkoZinBcg2_5HRGgv1AtErhscIVBRv2hUcGIF08ZlCM
POST /search HTTP/1.1
Host: chatango.com
User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:51.0) Gecko/20100101 Firefox/51.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Cookie: cookies_enabled.chatango.com=yes; fph.chatango.com=http; id.chatango.com=programmable; auth.chatango.com={MY AUTH KEY - I already have this}
Connection: keep-alive
Referer: http://st.chatango.com/flash/sellers_external.swf
Content-Type: application/x-www-form-urlencoded
Content-Length: 27
s=B&ama=99&ami=13&t=25&f=20
I'd really like to know how to send this via python, I haven't found anything except sending that data part, I really don't understand how I'm supposed to send the cookie data as I have it stored into a variable which I got through an API, which obtains it through sockets.
You can add new headers in the request() method:
HTTPConnection.request(method, url[, body[, headers]])
See request documentation.
To add a cookie, just add the Cookie header.
Here is a POST example from the Python site:
import httplib, urllib
params = urllib.urlencode({'spam': 1, 'eggs': 2, 'bacon': 0})
headers = {"Content-type": "application/x-www-form-urlencoded",
"Accept": "text/plain"}
conn = httplib.HTTPConnection("musi-cal.mojam.com:80")
conn.request("POST", "/cgi-bin/query", params, headers)
response = conn.getresponse()
print response.status, response.reason
data = response.read()
conn.close()
I'm trying to upload an image using requests on python.
This is what I send using browser
POST /upload-photo/{res1}/{res2}/{res3}/ HTTP/1.1
Host: tgt.tgdot.com
Connection: keep-alive
Content-Length: 280487
Authorization: Basic {value}=
Accept: */*
Origin: http://tgt.tgdot.com
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.134 Safari/537.36
Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryA8sGeB48ZZCvG127
Referer: http://tgt.tgdot.com/{res1}/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.8,es;q=0.6
Cookie: fttoken={cookie_value}
This is my code
with open(os.getcwd()+"/images/thee1.JPG", "rb") as image_file:
encoded_image = base64.b64encode(image_file.read())
headers = {"Content-Type":"multipart/form-data", "Authorization":"Basic " + authvalue}
cookie = {cookiename: token.value}
r = requests.post(url, headers =headers, cookies = cookie, params=encoded_image)
print r.request.headers
print r.status_code
print r.text
I keep getting 414 Request-URI Too Large
I'm not sure what's missing here. I would really appreciate help
You are encoding the whole image into the request parameters, effectively extending the URL by the length of the image.
If you already encoded the image data, use the data parameter:
r = requests.post(url, headers=headers, cookies=cookie, data=encoded_image)
Note that requests can encode multipart/form-data POST bodies directly, there is no need for you to encode it yourself. Use the files parameter in that case, passing in a dictionary or sequence of tuples. See the POST Multiple Multipart-Encoded Files section of the documentation.
The library can also handle a username and password pair to handle the Authorization header; simply pass in a (username, password) tuple for the auth keyword argument.
Encoding an image to Base64 is not sufficient however. Your content-type header and your POST payload are not matching. You'd instead post the file with a field name:
with open(os.getcwd()+"/images/thee1.JPG", "rb") as image_file:
files = {'field_name': image_file}
cookie = {cookiename: token.value}
r = requests.post(url, cookies = cookie, files=files, auth=(username, password)
I've been trying to get a NetSuite Restlet to work with Python 3.3 using urllib, but I can't seem to get the authorization to take and continually return a urllib.error.HTTPError: HTTP Error 401: Authorization Required error.
Where am I going wrong with authentication?
My test code is as follows:
import urllib.request
url = 'https://rest.netsuite.com/app/site/hosting/restlet.nl?script=123&deploy=15&recordtype=salesorder&id=123456789'
authorization = 'NLAuth nlauth_account=111111,nlauth_email=email#email.com,nlauth_signature=password,nlauth_role=3'
req = urllib.request.Request(url)
req.add_header('Authorization', authorization)
req.add_header('Content-Type','application/json')
req.add_header('Accept','*/*')
response = urllib.request.urlopen(req)
the_page = response.read()
For reference, NetSuite's REST help was used to build the authorization string as well as the Python docs on urllib located here
--EDIT--
The header that is passed (and works) via REST Console appears as follows:
Accept: application/json
Authorization: NLAuth nlauth_account=111111,nlauth_email=user#email.com,nlauth_signature=password,nlauth_role=3
Connection: keep-alive
Content-Type: application/xml
Origin: chrome-extension: //rest-console-id
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/29.0.1547.66 Safari/537.36
headers output from Python appear as:
{'Content-type': 'application/xml', 'Accept': 'application/json', 'Authorization': 'NLAuth nlauth_account=111111,nlauth_email=email#email.com,nlauth_signature=password,nlauth_role=3'}
still not sure why it's not working....
Issue was NetSuite related (an issue with roles): Code below yeilds a proper response:
import urllib.request
try:
url = 'https://rest.netsuite.com/app/site/hosting/restlet.nl?script=787&deploy=1&recordtype=salesorder&id=8111437'
authorization = 'NLAuth nlauth_account=111111,nlauth_email=email#email.com,nlauth_signature=password,nlauth_role=correctRole'
req = urllib.request.Request(url)
req.add_header('Authorization', authorization)
req.add_header('Content-Type','application/xml')
req.add_header('Accept','application/json')
response = urllib.request.urlopen(req)
print(response.read())
except IOError as e:
print("EXCEPTION OCCURRED--------------------")
print("I/O error: {0}".format(e))
print(e.headers)
print(e.headers['www-authenticate'])
In my case, the original role did not have access to the record. The confusion was I was expecting an error of
error code: INVALID_ROLE
error message:Your role does not give you permission to view this page.
to be returned, not an authentication required which made me suspect the header was missing data.
I'm trying to connect to the twiiter API through a POST request as the docs say but I always get a 403 forbidden error.
This is my code. I'm using urlib2 in python 2.7:
def auth_API():
url = 'https://api.twitter.com/oauth2/token'
header = {}
values = {}
header['User-Agent'] = 'Mozilla/6.0 (Windows NT 6.2; WOW64; rv:16.0.1) Gecko/20121011 Firefox/16.0.1'
header['Authorization'] = 'Basic ' + B64BEARERTOKENCREDS
header['Content-Type'] = 'application/x-www-form-urlencoded;charset=UTF-8'
header['Accept-Encoding'] = 'gzip'
values['grant_type'] = 'client_credentials'
data = urllib.urlencode(values)
req = urllib2.Request(url, data, header)
try:
response = urllib2.urlopen(req)
response.read()
except urllib2.HTTPError as e:
print e
Checking the docs I found an example request wich is the same as mine:
Twitter example:
POST /oauth2/token HTTP/1.1
Host: api.twitter.com
User-Agent: My Twitter App v1.0.23
Authorization: Basic NnB1[...]9JM29jYTNFOA==
Content-Type: application/x-www-form-urlencoded;charset=UTF-8
Content-Length: 29
Accept-Encoding: gzip
grant_type=client_credentials
My request:
POST /oauth2/token HTTP/1.1
Content-Length: 29
Accept-Encoding: gzip
Connection: close
User-Agent: Mozilla/6.0 (Windows NT 6.2; WOW64; rv:16.0.1) Gecko/20121011 Firefox/16.0.1
Host: api.twitter.com
Content-Type: application/x-www-form-urlencoded;charset=UTF-8
Authorization: Basic NnB1[...]YTNFOA==
grant_type=client_credentials
Any idea with what could be wrong with this?
Regards.
PS: I know that there are some third party libs for this but I want to make it by myself.
I solved my problem, the error was with base64.encodestring() which adds an \n at the end of the string messing up the request.
Using base64.b64encode() instead worked fine.
Regards