comparison adslstats.py @ 38:6f85bedf9966

Authenticate properly in Python 3
author Daniel O'Connor <darius@dons.net.au>
date Wed, 02 Dec 2020 11:19:50 +1030
parents 4f9a79f733ff
children
comparison
equal deleted inserted replaced
37:4f9a79f733ff 38:6f85bedf9966
149 r = br.open(base) 149 r = br.open(base)
150 bs = bs4.BeautifulSoup(r, 'lxml') 150 bs = bs4.BeautifulSoup(r, 'lxml')
151 token = bs.head.find(lambda tag: tag.has_attr('name') and tag['name'] == 'CSRFtoken')['content'] 151 token = bs.head.find(lambda tag: tag.has_attr('name') and tag['name'] == 'CSRFtoken')['content']
152 #print('Got CSRF token ' + token) 152 #print('Got CSRF token ' + token)
153 153
154 usr = srp.User(username, password, hash_alg = srp.SHA256, ng_type = srp.NG_2048) 154 usr = srp.User(username.encode('utf-8'), password.encode('utf-8'), hash_alg = srp.SHA256, ng_type = srp.NG_2048)
155 uname, A = usr.start_authentication() 155 uname, A = usr.start_authentication()
156 156
157 req = mechanize.Request(base + '/authenticate', data = urllib.parse.urlencode({'CSRFtoken' : token, 'I' : uname, 'A' : binascii.hexlify(A)})) 157 req = mechanize.Request(base + '/authenticate', data = urllib.parse.urlencode({'CSRFtoken' : token, 'I' : uname, 'A' : binascii.hexlify(A)}))
158 r = br.open(req) 158 r = br.open(req)
159 j = json.decoder.JSONDecoder().decode(r.read()) 159 j = json.decoder.JSONDecoder().decode(r.read().decode('utf-8'))
160 #print('Sent challenge, got ' + str(j)) 160 #print('Sent challenge, got ' + str(j))
161 161
162 M = usr.process_challenge(binascii.unhexlify(j['s']), binascii.unhexlify(j['B'])) 162 M = usr.process_challenge(binascii.unhexlify(j['s']), binascii.unhexlify(j['B']))
163 req = mechanize.Request(base + '/authenticate', data = urllib.parse.urlencode({'CSRFtoken' : token, 'M' : binascii.hexlify(M)})) 163 req = mechanize.Request(base + '/authenticate', data = urllib.parse.urlencode({'CSRFtoken' : token, 'M' : binascii.hexlify(M)}))
164 r = br.open(req) 164 r = br.open(req)
165 j = json.decoder.JSONDecoder().decode(r.read()) 165 j = json.decoder.JSONDecoder().decode(r.read().decode('utf-8'))
166 #print('Got response ' + str(j)) 166 #print('Got response ' + str(j))
167 167
168 usr.verify_session(binascii.unhexlify(j['M'])) 168 usr.verify_session(binascii.unhexlify(j['M']))
169 if not usr.authenticated(): 169 if not usr.authenticated():
170 print('Failed to authenticate') 170 print('Failed to authenticate')