Logging into CSRF protected Django site using Curl?
3,021 views
Skip to first unread message
Stodge
Jan 8, 2012, 10:35:59 AM1/8/12
to Django users
I want to log in to my Django app using something like curl. I know
that I could send a GET to get the login form and the CSRF token and
then submit a POST with the username, password and CSRF token. But
this seems awfully convoluted. Is this the only to login to a Django
site that uses CSRF protection?
that I could send a GET to get the login form and the CSRF token and
then submit a POST with the username, password and CSRF token. But
this seems awfully convoluted. Is this the only to login to a Django
site that uses CSRF protection?
Greg Donald
Jan 8, 2012, 11:28:05 AM1/8/12
to django...@googlegroups.com
https://docs.djangoproject.com/en/1.3/ref/contrib/csrf/#exceptions
I use this on views that my mobile apps post to.
--
Greg Donald
creecode
Jan 8, 2012, 12:16:14 PM1/8/12
to django...@googlegroups.com
Hello Stodge,
It seems a bit convoluted on the command line but in reallity not much more convoluted if you consider all that a browser does for us in this regard. :-)
I've used a similar technique to the one you describe on my Crowdsourcing Nutrition Facts website. Here is an extract from the documentation...
This is not a best practices or anything just a sample to show programmers the mechanics of interacting with the website with whatever tools they choose to use. I attempted to use tools that I thought would be available/familiar to a wide variety of systems/programmers.
Toodle-loooooooooooo...............
creecode
It seems a bit convoluted on the command line but in reallity not much more convoluted if you consider all that a browser does for us in this regard. :-)
I've used a similar technique to the one you describe on my Crowdsourcing Nutrition Facts website. Here is an extract from the documentation...
Get the login webpage and parse the csrf token into the data shell variable.
$ data=$(curl -s -c cookies.txt http://www.crowdsourcingnutritionfacts.info/accounts/login/ | grep -o "name=['\"]csrfmiddlewaretoken['\"] value=['\"][^'\"]*" | sed -e "s/name='//" -e "s/' value='/=/")\&username=user name\&password=password
Log in to the website.
$ curl -b cookies.txt -c cookies.txt -d $data -X POST -H 'Content-Type: application/x-www-form-urlencoded' http://www.crowdsourcingnutritionfacts.info/accounts/login/
Get brands containing the search term "ea".
$ curl -b cookies.txt http://www.crowdsourcingnutritionfacts.info/api/auto-complete/brand/?term=ea
This is not a best practices or anything just a sample to show programmers the mechanics of interacting with the website with whatever tools they choose to use. I attempted to use tools that I thought would be available/familiar to a wide variety of systems/programmers.
Toodle-loooooooooooo...............
creecode
Stodge
Jan 8, 2012, 12:56:43 PM1/8/12
to Django users
Thanks, appreciate it.
On Jan 8, 12:16 pm, creecode <creec...@gmail.com> wrote:
> Hello Stodge,
>
> It seems a bit convoluted on the command line but in reallity not much more
> convoluted if you consider all that a browser does for us in this regard.
> :-)
>
> I've used a similar technique to the one you describe on my Crowdsourcing
> ...
>
> Get the login webpage and parse the csrf token into the data shell
> variable.
>
> $ data=$(curl -s -c cookies.txthttp://www.crowdsourcingnutritionfacts.info/accounts/login/| grep -o "name=['\"]csrfmiddlewaretoken['\"] value=['\"][^'\"]*" | sed -e "s/name='//" -e "s/' value='/=/")\&username=*user name*\&password=*password*
> Get the login webpage and parse the csrf token into the data shell
> variable.
>
>
> Log in to the website.
>
> $ curl -b cookies.txt -c cookies.txt -d $data -X POST -H 'Content-Type: application/x-www-form-urlencoded'http://www.crowdsourcingnutritionfacts.info/accounts/login/
>
> Get brands containing the search term "ea".
>
> $ curl -b cookies.txthttp://www.crowdsourcingnutritionfacts.info/api/auto-complete/brand/?...
> Log in to the website.
>
> $ curl -b cookies.txt -c cookies.txt -d $data -X POST -H 'Content-Type: application/x-www-form-urlencoded'http://www.crowdsourcingnutritionfacts.info/accounts/login/
>
> Get brands containing the search term "ea".
>
Reply all
Reply to author
Forward
0 new messages