Geek Answers Handbook

How to authenticate urllib2 script to access HTTPS web services from Django site?

all. I am working on a django / mod_wsgi / apache2 site that serves sensitive information using https for all requests and responses. All views are recorded for redirection if the user is not authenticated. It also has several views designed to function as a RESTful web service.

I am currently writing a script that uses urllib / urllib2 to contact several of these services to download a series of very large files. I am having problems with 403: FORBIDDEN errors when trying to login.

The method (draft) that I use for authentication and login:

def login( base_address, username=None, password=None ):

    # prompt for the username (if needed), password
    if username == None:
        username = raw_input( 'Username: ' )
    if password == None:
        password = getpass.getpass( 'Password: ' )
    log.info( 'Logging in %s' % username )

    # fetch the login page in order to get the csrf token
    cookieHandler = urllib2.HTTPCookieProcessor()
    opener = urllib2.build_opener( urllib2.HTTPSHandler(), cookieHandler )
    urllib2.install_opener( opener )

    login_url = base_address + PATH_TO_LOGIN
    log.debug( "login_url: " + login_url )
    login_page = opener.open( login_url )

    # attempt to get the csrf token from the cookie jar
    csrf_cookie = None
    for cookie in cookieHandler.cookiejar:
        if cookie.name == 'csrftoken':
             csrf_cookie = cookie
             break
    if not cookie:
        raise IOError( "No csrf cookie found" )
    log.debug(  "found csrf cookie: " + str( csrf_cookie ) )
    log.debug(  "csrf_token = %s" % csrf_cookie.value )

    # login using the usr, pwd, and csrf token
    login_data = urllib.urlencode( dict(
        username=username, password=password,
        csrfmiddlewaretoken=csrf_cookie.value ) )
    log.debug( "login_data: %s" % login_data )

    req = urllib2.Request( login_url, login_data )
    response = urllib2.urlopen( req )
    # <--- 403: FORBIDDEN here

    log.debug( 'response url:\n' + str( response.geturl() ) + '\n' )
    log.debug( 'response info:\n' + str( response.info() ) + '\n' )

    # should redirect to the welcome page here, if back at log in - refused
    if response.geturl() == login_url:
        raise IOError( 'Authentication refused' )

    log.info( '\t%s is logged in' % username )
    # save the cookies/opener for further actions
    return opener

HTTPCookieHandler cookie Django script, - .

, CSRFmiddleware Django , csrf , / load cookiejar. , http/ .

, 403 / https-. , http-.

Apache ( ). script , , - Apache ( ).

python, , SSL.

, urllib2 https . -, , script - . ?

, , cookie , , .

.

+4
2

, , , - , , :

, HTTP Referer URL- , .

req.add_header( 'Referer', login_url )

Django CSRF - , 4.

- , HTTPS , DEBUG = False, csrf_failure ( : " - " ), DEBUG-. Apache error_log STFW'd . code.djangoproject/.../csrf.py Referer.

+5

django https, ​​. , ... -? .

, ssl nginx, apache . , - script :) !

import urllib
import urllib2
import contextlib


def login(login_url, username, password):
    """
    Login to site
    """
    cookies = urllib2.HTTPCookieProcessor()
    opener = urllib2.build_opener(cookies)
    urllib2.install_opener(opener)

    opener.open(login_url)

    try:
        token = [x.value for x in cookies.cookiejar if x.name == 'csrftoken'][0]
    except IndexError:
        return False, "no csrftoken"

    params = dict(username=username, password=password, \
        this_is_the_login_form=True,
        csrfmiddlewaretoken=token,
         )
    encoded_params = urllib.urlencode(params)

    with contextlib.closing(opener.open(login_url, encoded_params)) as f:
        html = f.read()

        print html
        # we're in.
+4

More articles:


All Articles