I wrote a python script that lets users log in into a website by entering username and password and submit content using terminal. I am using mechanize to accomplish this. The problem is that users have to enter username and password every time they run the script. I want some way to cache the password for some time so that user doesn't have to enter password everytime and they get logged in for some time after they enter they enter username and password once. How can I do this?
Related
I want to connect two python scripts together, Let me show what I want to do, there is one login.py file and another main.py file, now when someone run login.py script, It will ask password and if password is correct then it will run main.py. The problem is if someone directly run main.py then there should be a condition if he logged in or not, If not then it will run login.py, and one more thing that I don't want to combine both files.
login.py
import os
enterPass = input('Please enter password')
if enterPass == "admin":
os.system('python main.py')
else:
print('Password Wrong')
main.py
print("Logged in successfully")
#my code that I want to run
This doesn't work. At least not securely. You're trying to replicate the authentication process of a website, but that's not how it works locally on a machine.
When you successfully log in to a website, it'll put an authentication token in your browser. This will be sent every time you visit the site the next time and act like your password. For it to work locally, you'd have to ask the user for the password every time (as in Tomerikoo's answer).
A hack to make it work is to store the some state on the user that tells them that they've logged in. A simple example would be:
login.py
import os
password = input('Please enter password')
if password == "admin":
os.environ['USER_PASSWORD'] = "Logged in"
else:
os.environ['USER_PASSWORD'] = "Not logged in"
main.py
import os
if os.environ.get('USER_PASSWORD', 'Not logged in') == "Logged in":
print('Running code...')
else:
print('Please log in')
This will work but doesn't provide any security at all. The problem is that all code and all data is already in the hand of the user. So they can just set USER_PASSWORD manually, change the source code, or whatever, and they'll circumvent this security check.
Even checking password == "admin" isn't secure. It could be more secure if you hashed it by downloading something like passlib and stored the encrypted password as an environment variable SECRET_PASSWORD:
from passlib.hash import sha256_crypt
encrypted_password = os.environ.get('SECRET_PASSWORD', '')
password = input('Please enter password')
if sha256_crypt.verify(password, encrypted_password):
# Do something on success.
But even then it's not secure, because you must set USER_PASSWORD to something which the user can always introspect and figure out.
You might want to run the main.py from the longin.py via the shell
import os
os.system('python3 main.py')
I am creating a basic login page using Python Sockets and I am trying to make the Password input blank when the user types, I am using CLIENT.send() to send the "Password: " string and CLIENT.recv(1024) to fetch the given data.
you can use the getpass library like this:
import getpass
password = getpass.getpass()
this will make the password variable get an input, but nothing will come up as you type
I am currently trying to push to Git via GitPython using HTTPS. I am able to do this successfully, but I am prompted to enter my username and password for every fetch, push, and pull operation.
I would like to have my username and password be entered as command line arguments as my script makes a couple of git interactions. This repo will be on probably 40+ servers as a method of config management, and I don't want to set up all the SSH keys especially since it will often be used from a user on the host that is not myself.
Does anyone know how to take context of the shell from the python script to programmatically enter my username and password (they are already in my code as variables from the command line) or a way to pass my username and password to GitPython so that the shell prompt never even happens?
git_repo = Repo.init(repo_dir)
origin = git_repo.remote('origin')
origin.fetch() # Shell prompted here for username and password
git_repo.heads.dev.checkout()
origin.pull() # Shell prompted here for username and password
git_repo.git.add([added_filename])
git_repo.git.commit(commit_message)
origin.push() # Shell prompted here for username and password
As user logged in, he had provided his name and raw password which was hashed and compared with db's value.
def login(request):
username = request.POST['username']
password = request.POST['password']
user = auth.authenticate(username=username, password=password)
if user is not None and user.is_active:
# user is active
auth.login(request, user)
# relink to right page
return HttpResponseRedirect("/account/loggedin/")
else:
# error page
return HttpResponseRedirect("/account/invalid/")
or I could just use:
#login_required
def index(request):
if request.user.is_authenticated():
return render_to_response('polls/index.html', {'sessionDic' : request.session})
else:
#some stuff
The problem is: once user logged in, the following requests comprises only cookies which are checked and user have no need to put his credentials again.
But, I need to have raw user's password in View in every method to log in to linux user and execute some linux program as this user. For exmaple the su program is used to switch the ritgh linux user:
def ssh_command (user, password, command):
child = pexpect.spawn('su -l %s -c \'%s\'' % (user, command))
i = child.expect([pexpect.TIMEOUT, pexpect.EOF, 'Password: '])
if i == 0: # Timeout
print 'ERROR!'
print 'su can\'t be executed:'
print child.before, child.after
return None
if i == 1: # EOF
print 'ERROR'
print 'EOF error'
print child.before, child.after
return None
child.sendline(password)
return child
def main ():
user = 'test'
password = 'test'
child = ssh_command (user, password, 'curl habrahabr.ru | wc -c')
child.expect(pexpect.EOF)
print child.before
print child.after
print child.match
How can I store raw user's password and substitute it to required functions?
You could store it in the session data from the login view function. At least then it would die with the session. The other option, stashing it in a database field, would be horrendous if some hacker got DB access. At least if a hacker gets DB access with passwords in sessions they'd only get the plain text passwords of current sessions. Make sure you timeout sessions appropriately, or encourage your users to logout and remove session data on logout.
Here's another idea. Don't require password authentication for su. Instead use /etc/sudoers to allow your web server user to run things as other users. This way you can also restrict which commands can be run - does your current view protect against injecting stuff into the command line?
This way you don't need to keep users passwords, you just give one username (wwwuser) the privs it needs. Django has already decided who the user is from the login, so I don't think there's a problem in giving it enough privs to do something as that user.
You need access to the cleartext password. Ideally you would store that and regenerate the hash for authentication. You should store it encrypted with a site password, as well, for security. I have implemented this myself, but not for Django. You would have to re-write Django's authentication code to achieve that.
I need a python script that prompts for a username and password and tries to login to Hotmail using those credentials, outputting whether they are valid or not.
Hotmail login!
import poplib
M = poplib.POP3_SSL('pop3.live.com', 995) #Connect to hotmail pop3 server
try:
M.user(raw_input("username: ")) #Get the username from the standar input
M.pass_(raw_input("password: ")) #Get the password from the standar input
except:
print "username or password incorrect"
else:
print "Successful login"
Edit: since you only need to know if you can do a login, I rewrite the code
If you lose connection during the typing the username or password, I don't know what will happend.
This is alternative if pop3 failed. just check login using IMAP for hotmail,live or now only outlook.com by using python outlook library you can download here :
https://github.com/awangga/outlook
import outlook
mail = outlook.Outlook()
mail.checkLogin()
it will attemp username and password for authentication validation.