I am trying to login on a website by use method requests POST.
ssn = requests.session()
data = {"LoginForm[email]":"gmail#gmail.com", "LoginForm[password]":"pw12345", "LoginForm[rememberMe]":0}
r = ssn.post("https://www.fshare.vn/site/login", data = data)
print(r.json)
# bound method Response.json of <Response [400]>
as I know, I missing a value in data is called "csrf-app" :
HTTP Header POST : _csrf-app=gXvuYHZnQpoA37zC1Yncpb1BMstVUqRcVdj9x1QHJqK1AoYoHlUV21G9jaya0Jjy9iJRrz1_nRIft4ywO0RD-g==&LoginForm[email]=gmail#gmail.com&LoginForm[password]=pw12345&LoginForm[rememberMe]=0
So how to get this value ""csrf-app" to post that along the other data ?
CSRF is used to avoid someone calling the APIs without the form.
You can refer to this post for more information. You should instead look for their login REST APIs, and see if they have any.
Related
There are 2 forms. The urls of both forms are different.
1st is : mobileSearch.jsp
2nd is : mobileModify.jsp
On 1st form i need to provide ctn and click on submit.After that i will get 2nd form where i will have to provide some text fields let's say username.
Now the issue is i'm sending POST req to 1st form and getting proper response but i am not clear on how to use this response and send another POST req to update some text field.
I suppose i need to use Sessions module but not clear on its use.
I have been searching the net for the past few days but didn't find anything useful. Any help regarding this would be appreciated?
Below is my code. Its not giving any error but its also not updating the value of parameter "paramName1".
import requests
proxy = {'http':'http://myhost:myport','https':'http://myhost:myport'}
url = 'myUrl'
data = {'paramName':'paramValue'}
s = requests.session()
s.auth = ('uname', 'pswd')
s.proxies = (proxy)
s.post(url, data=data)
data1 = {'paramName1':'paramValue1'}
url1 = 'myUrlNew'
s.post(url1, data=data1)
This works fine, I can get data returned:
r = urllib2.Request("http://myServer.com:12345/myAction")
data = json.dumps(q) #q is a python dict
r.add_data(data)
r=urllib2.urlopen(r)
But doing the same with requests package fails:
r=requests.get("http://myServer.com:12345/myAction", data=q)
r.text #This will return a message that says method is not allowed.
It works if I make it a post request: r=requests.post("http://myServer.com:12345/myAction", data=json.dumps(q))
But why?
According to the urllib2.urlopen documentation:
the HTTP request will be a POST instead of a GET when the data parameter is provided.
This way, r=urllib2.urlopen(r) is also making a POST request. That is why your requests.get does not work, but requests.post does.
Set up a session
import session
session = requests.Session()
r = session.get("http://myServer.com:12345/myAction", data=q)
print r.content (<- or could us r.raw)
I am trying to make a post request within the Matchbook API.
I have logged in and I got below "Session- Tocken":
{"session-token":"xxxx_b0b8a6f22a82396b6afcfa344f3022","user-id":xx685,"role":"USER"}
However, I am not sure how to make the post request. See below code used:
headers = {"session-token" : "xxxx_b0b8a6f22a82396b6afcfa344f3022"}
r = requests.post('https://api.matchbook.com/edge/rest/reports/v1/offers/current/?odds-type=DECIMAL&exchange-type=binary¤cy=EUR, headers = headers')
print r.text
Below is the error message that I got. It does not make sense to me because I logged in successfully and got the above session-token in response.
{"errors":[{"messages":["You are not authorised to access this resource. Login to continue."]}]}
Am I properly indicating the session-token in the header information of the post request?
You need to pass headers argument in post function.
headers = {"session-token" : "xxxx_b0b8a6f22a82396b6afcfa344f3022"}
response = requests.post('https://api.matchbook.com/edge/rest/reports/v1/offers/current/?odds-type=DECIMAL&exchange-type=binary¤cy=EUR', headers=headers)
also if you need to get an json response, just call json() function on response variable.
something like response.json()
I was making slack api calls through python library slackclient which is a wrapper around slack api. However, for some cases I need to make conventional api calls also with url and get/post method. I was trying to open a direct message channel with another user by my bot. The documentation - https://api.slack.com/methods/im.open says to "Present these parameters as part of an application/x-www-form-urlencoded querystring or POST body. application/json is not currently accepted."
Now in python, I can write,
url = 'https://slack.com/api/im.open'
headers = {'content-type':'x-www-form-urlencoded'}
data = {'token':BOT_TOKEN, 'user':user_id, 'include_locale':'true','return_im':'true'}
r= requests.post(url,headers,data )
print r.text
The message I get is {"ok":false,"error":"not_authed"}
I know the message is "not authed" although I use my bot token and another user id, my hunch is that I'm sending the request in wrong format because I just wrote it some way reading the documentation. I'm not sure how to exactly send these requests.
Any help?
since the Content-Type header is x-www-form-urlencoded sending data in form of dictionary does not work. you can try something like this.
import requests
url = 'https://slack.com/api/im.open'
headers = {'content-type': 'x-www-form-urlencoded'}
data = [
('token', BOT_TOKEN),
('user', user_id),
('include_locale', 'true'),
('return_im', 'true')
]
r = requests.post(url, data, **headers)
print r.text
The second parameter in requests.post is used for data, so in your request you're actually posting the headers dictionary. If you want to use headers you can pass arguments by name.
r= requests.post(url, data, headers=headers)
However this is not necessary in this case because 'x-www-form-urlencoded' is the default when posting form data.
I decided to try to make an automated login script for Minecraft. However, the new authentication API is stumping me. I can't find any mentions of the new functionality of the API on here. This is my code as it stands:
import requests
import json
data = json.dumps({"agent":{"name":"Minecraft","version":1},"username":"abcdef","password":"abcdef","clientToken":""})
headers = {'Content-Type': 'application/json'}
r = requests.post('https://authserver.mojang.com', data=data, headers=headers)
print (r.text)
Unfortunately, this returns:
{"error":"Method Not Allowed","errorMessage":"The method specified in the request is not allowed for the resource identified by the request URI"}
According to this resource on request format, this error means that I didn't correctly send a post request. However, I clearly declared requests.post(), so my first question is how am I incorrect, and what is the correct way to go about this?
My second question is, since I'm relatively new to Python and JSON, how would I replace the username and password fields with my own data, inside a variable?
You haven't specified an endpoint in your POST request, for example:
https://authserver.mojang.com/authenticate
The root of the website probably does not accept POST requests
http://wiki.vg/Authentication#Authenticate