How do I create a script to fill in django admin login form and submit?

[7equiv...@gmail.com]

Here is what I'm doing. I have written a script the runs and monitors a serial connection for incoming data. The data comes from an RFID tag reader. I have that working. What I'd like to do is use this rfid tag number to fill in the password feild and  submit the django Admin login form. I'm still a novice and Any advise is appreciated... Thanks!

[Kelvin Wong]

https://docs.djangoproject.com/en/dev/topics/auth/default/#django.contrib.auth.login

K

[Elena Williams]

Have you explored the packages "selenium" or "sikuli" these are both great fun for front-end testing.

You could intercept the RFID tag using python and feed it through one of the above tools, or something like this perhaps (if I've understood what you're trying to do correctly).

Elena :)

On 14 August 2013 13:23, <7equiv...@gmail.com> wrote:

Here is what I'm doing. I have written a script the runs and monitors a serial connection for incoming data. The data comes from an RFID tag reader. I have that working. What I'd like to do is use this rfid tag number to fill in the password feild and  submit the django Admin login form. I'm still a novice and Any advise is appreciated... Thanks!

--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-users...@googlegroups.com.
To post to this group, send email to django...@googlegroups.com.
Visit this group at http://groups.google.com/group/django-users.
For more options, visit https://groups.google.com/groups/opt_out.
 
 

[7equiv...@gmail.com]

Well this is where I'm at. I have used the requests package  to try and request the Django Admin login page and submit the username and password. However, when I do this I get a 403 error. I have tried to turn off the dependency for csrf tokens in the login view by using the csrf_exempt,but this gave me a 500 error. So I need to break this down to learn whats going on. So here is the code I'm typing into the python prompt:

import rquests

url = "http://192.168.0.21/admin/login/"
payload = {'Username':'jimmy', 'Password':'Beam'}
r = requests.post(url, payload)


I get a 403.

My questions are:
(1) Is the the code above the correct way to fill in and submit the django user login form?
(2) What should I do next to troubleshoot the problem?

[7equiv...@gmail.com]

Ok, I've gotten further. I have confirmed the problem was related to the csrf token. This is my new code:

client = requests.session()

# Retrieve the CSRF token first
client.get(URL)  # sets the cookie
csrftoken = client.cookies['csrftoken']

login_data = dict(Username='jim', Password='beam, csrfmiddlewaretoken=csrftoken)
r = client.post(URL, data=login_data)

Now, I get a 200 for the status code, but it still doesn't actually login..........

[Kelvin Wong]

You were missing a key. The following works on my machine.

K

---


import requests
login_url = "http://192.168.0.21/admin/login/"


client = requests.session()
client.get(login_url)


csrftoken = client.cookies['csrftoken']


login_data = {'username':'jim', 'password':'beam', 'this_is_the_login_form':'1', 'csrfmiddlewaretoken':csrftoken}


r = client.post(login_url, data=login_data)


target_url = "http://192.168.0.21/admin/auth/user/"
t = client.get(target_url)


'Select user to change' in t.text # True

[7equiv...@gmail.com]

I feel as if I'm getting closer, yet haven't successfully  logged in yet. I have added in the missing key. I went to the django.contrib.auth.forms to find the name of the form that gets submitted in the login page. It seems to be called AuthenticationForm.

import requests
login_url = "http://192.168.0.21/admin/login/"


client = requests.session()
client.get(login_url)


csrftoken = client.cookies['csrftoken']

login_data = {'username':'jim', 'password':'beam', 'AuthenticationForm':'1', 'csrfmiddlewaretoken':csrftoken}

r = client.post(login_url, data=login_data)


Basically after I do this from the python shell, I use another machine to log into the admin page and look at user logins, and the user is not logged in. Not sure how to proceed.

[7equiv...@gmail.com]

Still trying to solve this. I cant seem to find anything by googling.

I did read this. https://docs.djangoproject.com/en/dev/topics/auth/default/#django.contrib.auth.login

However, when I'm doing this from the shell, I'm not sure what to use as request in the Login(request,user) function.

Also when I look at the contrib.auth forms. it appears the form is name AuthenticationForm. But when I open the actual admin login page with my browser and view source it appears to be called login-form.

I would thing trying to login as a user from the shell would be a common occurrence, but I cant figure out how.

[7equiv...@gmail.com]

Thankyou Wongo Bongo! Your solution was spot on correct. It came down to one line of code that I modified that was the problem.

login_data = {'username':'jim', 'password':'beam', 'this_is_the_login_form':'1', 'csrfmiddlewaretoken':csrftoken}

You gave me the correct line, however the, 'this_is_the_login_form':'1' I thought you were giving me a generic form name to be replaced with my form name, however 'this_is_the_login_form' is the correct form name.

This is where my inexperince has shown through. How did you know that that was the name of the form? When I went to django.contrib.auth.forms, it seemed the form name was AuthenticationForm, and when I used view source in a browser it looked like the form was named login-form. How could one know the form was named 'this_is_the_login_form'?

On Monday, August 19, 2013 12:13:21 AM UTC-4, WongoBongo wrote:

[Kelvin Wong]

I've used Requests in the past.

All I did was load the page in Chrome and then I looked at what was being sent and compared it to what your script was sending. When I added the missing key it worked.

Trial and error. :)

K

[7equiv...@gmail.com]

Thank you so much! You really helped me. I went back and checked the source code sent to my browser and did indeed see, name = "this_is_the_login_form'.
I was using the "ID" rather than the "name". My weakness in html kicked me this time, thanks for lending a hand!