Tastypie and python-requests

[David Fawcett]

I have a Django-Tastypie app running and I can make successful calls to it through a browser (GET) and through curl (GET, PATCH).  The routes utilize Apikey authentication. 

What I can't figure out how to do correctly is make the same PATCH request via the Python Requests module.  The issue is how to pass the authentication type, username, and api_key. 

Here are a few of the examples that didn't work:

# in the headers

r = requests.patch("http://127.0.0.1:9000/api/v1/node-resources/24/", data=json.dumps({"update_needed":9}), headers={'Content-Type': 'application/json',"username":"MY_USER", "api_key":"MY_KEY"})

# in the data

payload = '{"update_needed": 5, "username":"MY_USER", "api_key":"MY_KEY"}'
r = requests.patch('http://127.0.0.1:9000/api/v1/node-resources/344/', data=payload, headers={'Content-Type': 'application/json'})

# including authorization type in header and user:key pair
#r = requests.patch('http://127.0.0.1:9000/api/v1/node-resources/344/', data='{"update_needed": 5}', headers={'Content-Type': 'application/json', 'Authorization':'ApiKey','MY_USER':MY_KEY'})

I have done quite a bit of searching around, and I am pretty surprised that I can't find any examples out there.

Any Requests ninjas out there?

Thanks,

David.

[Kyle Marek-Spartz]

I would try 

auth = (‘MY_USER’, ‘MY_KEY’)

r = requests.patch(…, auth=auth)

to start. If that doesn’t work, I would take a look at:

http://docs.python-requests.org/en/latest/user/advanced/#custom-authentication

Have you tried it with HTTPie? (https://github.com/jakubroztocil/httpie) If you can get it to work with that, take a look at how they implement PATCH.

–

Kyle Marek-Spartz

On May 15, 2014, 9:50:56 AM, David Fawcett <david....@gmail.com> wrote:

---

--
Meetings Schedule / RVSP on our Meetup at http://python.mn
---
You received this message because you are subscribed to the Google Groups "PyMNtos" group.
To unsubscribe from this group and stop receiving emails from it, send an email to pymntos+u...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[David Fawcett]

Kyle,

Thanks for the input.  Your first example still gives me a 401.  I will dig into HTTPie

David

[Peter J. Farrell]

What is the string that you are using in curl to test PATCH?  I've found curl to be a ninny when it comes to PATCH and if you don't have everything perfect -- it actually does a GET behind the scenes (because GET is the default).

Also, what does your is_authenticated() method look like in Tastypie? Are you sure you are allowing PATCH?

Have you tried adding this header workaround for clients that don't support PATCH right?

X-HTTP-Method-Override: PATCH

You'd just use a POST request and add the extra header to indicate to Tasty that it's really a PATCH request.

http://django-tastypie.readthedocs.org/en/latest/resources.html#using-put-delete-patch-in-unsupported-places

Have you tried to temporarily turn off auth to ensure it's not Python Requests but really an auth problem with PATCH in tastypie?

David Fawcett said the following on 05/15/2014 09:50 AM:

--
Meetings Schedule / RVSP on our Meetup at http://python.mn
---
You received this message because you are subscribed to the Google Groups "PyMNtos" group.
To unsubscribe from this group and stop receiving emails from it, send an email to pymntos+u...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

-- 
Peter J. Farrell
Principal Technologist - Maestro Publishing, LLC
http://blog.maestropublishing.com
Identi.ca / Twitter: @maestrofjp

* Learn about VSRE. I prioritize emails with VSRE in the subject!  http://vsre.info/
* Please do not send me Microsoft Office/Apple iWork documents. Send OpenDocument instead! http://fsf.org/campaigns/opendocument/

[Peter J. Farrell]

David Fawcett said the following on 05/15/2014 02:38 PM:

Kyle,

Thanks for the input.  Your first example still gives me a 401.  I will dig into HTTPie

What are you using for authentication in Tastypie?  Possibly?

from tastypie.authentication import SessionAuthentication

The reason I ask is SessionAuthentication requires a CRSF token for POST, PUT and PATCH methods.  Are PUT and POST working for you with authentication?  Just trying to narrow things down.

http://django-tastypie.readthedocs.org/en/latest/cookbook.html#using-sessionauthentication

If you can get it to work with curl and PATCH but not requests, I would suggest using Wireshark to see the actual packets being sent from Python Requests and compare it to curl's stuff...

[David Fawcett]

Peter,

Thanks for the great help.  I am using http://django-tastypie.readthedocs.org/en/latest/authentication.html#apikeyauthentication

The request has worked with curl from the beginning, and I can do an ugly PATCH by including the username and api_key params as URL vars in the base URL of the PATCH request, but that just seems wrong. 

I am just updating one column/property.  e.g. {"update_needed":9}

I like the packet capture suggestion.  It is not a public IP, and I am not sure if I will be able to get wireshark installed on the server, but I will give it a shot.

David.

--

[Peter J. Farrell]

David Fawcett said the following on 05/15/2014 09:29 PM:

> Peter,
>
> Thanks for the great help. I am using
> http://django-tastypie.readthedocs.org/en/latest/authentication.html#apikeyauthentication
>
> The request has worked with curl from the beginning, and I can do an
> ugly PATCH by including the username and api_key params as URL vars in
> the base URL of the PATCH request, but that just seems wrong.
>
> I am just updating one column/property. e.g. {"update_needed":9}
>
> I like the packet capture suggestion. It is not a public IP, and I am
> not sure if I will be able to get wireshark installed on the server,
> but I will give it a shot.

You don't have to install wireshark on the server -- if you have it
installed on you local machine -- you can watch the requests you are
creating from curl and Python Requests locally.

[David Fawcett]

Peter,

Thanks.  I realize that Wireshark should go on the client machine.  Right now, I am testing from the shell on the box and from my work desktop.  Not sure if I will be able to put wireshark on my desktop either. 

Sounds like a very good strategy though.

David.

[Nate Swanson]

Bit of a late response, but if you're only doing HTTP, I really like MITMProxy. It's Python, too.  

http://mitmproxy.org/

[Kyle Marek-Spartz]

Nate,

Could you give a talk on mitmproxy at the web-dev or the main meeting? That would be great!

–

Kyle Marek-Spartz

On May 16, 2014, 10:38:08 AM, Nate Swanson <swanso...@gmail.com> wrote:

---

Bit of a late response, but if you're only doing HTTP, I really like MITMProxy. It's Python, too.  

http://mitmproxy.org/

[Peter J. Farrell]

Kyle Marek-Spartz said the following on 05/16/2014 01:10 PM:

Could you give a talk on mitmproxy at the web-dev or the main meeting? That would be great!

Ditto.  Great idea for a talk!

[Nate Swanson]

Sure. Any requests for targets? I'm thinking that something on iOS might be fun, since it's otherwise tough to see what's happening.

[Peter J. Farrell]

Nate Swanson said the following on 05/16/2014 01:35 PM:

Sure. Any requests for targets? I'm thinking that something on iOS might be fun, since it's otherwise tough to see what's happening.

iOS sounds ok to me...

[Nathaniel Swanson]

Ok, cool. I'll be out June 7-14, so the web dev meeting is the only one that works for me.

--

[Peter J. Farrell]

Consider yourself scheduled for the Web Dev meeting.

Nathaniel Swanson said the following on 05/16/2014 01:39 PM:

[Tim Zehta]

I find httpie much much easier to use than curl.

> HTTPie is a command line HTTP client, a human-friendly cURL replacement.

https://github.com/jakubroztocil/httpie

[Peter J. Farrell]

Fabulous suggestion Tim!

Tim Zehta said the following on 06/02/2014 09:39 AM:

> I find httpie much much easier to use than curl.
>
>> HTTPie is a command line HTTP client, a human-friendly cURL replacement.
>
> https://github.com/jakubroztocil/httpie
>

[Kyle Marek-Spartz]

See above:

"Have you tried it with HTTPie? (https://github.com/jakubroztocil/httpie) If you can get it to work with that, take a look at how they implement PATCH.”

;)

Another HTTPie user.


–

Kyle Marek-Spartz

On Jun 3, 2014, 1:19:44 PM, Peter J. Farrell <p...@maestropublishing.com> wrote:

---

Fabulous suggestion Tim!

Tim Zehta said the following on 06/02/2014 09:39 AM:
> I find httpie much much easier to use than curl.
>
> > HTTPie is a command line HTTP client, a human-friendly cURL replacement.
>
> https://github.com/jakubroztocil/httpie
>


--
Peter J. Farrell
Principal Technologist - Maestro Publishing, LLC
http://blog.maestropublishing.com

http://Identi.ca / Twitter: @maestrofjp

* Learn about VSRE. I prioritize emails with VSRE in the subject! http://vsre.info/
* Please do not send me Microsoft Office/Apple iWork documents. Send OpenDocument instead! http://fsf.org/campaigns/opendocument/

--
Meetings Schedule / RVSP on our Meetup at http://python.mn
---
You received this message because you are subscribed to the Google Groups "PyMNtos" group.

To unsubscribe from this group and stop receiving emails from it, send an email to mailto:pymntos+u...@googlegroups.com.