Mercurial > ~darius > hgwebdir.cgi > adslstats
comparison adslstats.py @ 38:6f85bedf9966
Authenticate properly in Python 3
author | Daniel O'Connor <darius@dons.net.au> |
---|---|
date | Wed, 02 Dec 2020 11:19:50 +1030 |
parents | 4f9a79f733ff |
children |
comparison
equal
deleted
inserted
replaced
37:4f9a79f733ff | 38:6f85bedf9966 |
---|---|
149 r = br.open(base) | 149 r = br.open(base) |
150 bs = bs4.BeautifulSoup(r, 'lxml') | 150 bs = bs4.BeautifulSoup(r, 'lxml') |
151 token = bs.head.find(lambda tag: tag.has_attr('name') and tag['name'] == 'CSRFtoken')['content'] | 151 token = bs.head.find(lambda tag: tag.has_attr('name') and tag['name'] == 'CSRFtoken')['content'] |
152 #print('Got CSRF token ' + token) | 152 #print('Got CSRF token ' + token) |
153 | 153 |
154 usr = srp.User(username, password, hash_alg = srp.SHA256, ng_type = srp.NG_2048) | 154 usr = srp.User(username.encode('utf-8'), password.encode('utf-8'), hash_alg = srp.SHA256, ng_type = srp.NG_2048) |
155 uname, A = usr.start_authentication() | 155 uname, A = usr.start_authentication() |
156 | 156 |
157 req = mechanize.Request(base + '/authenticate', data = urllib.parse.urlencode({'CSRFtoken' : token, 'I' : uname, 'A' : binascii.hexlify(A)})) | 157 req = mechanize.Request(base + '/authenticate', data = urllib.parse.urlencode({'CSRFtoken' : token, 'I' : uname, 'A' : binascii.hexlify(A)})) |
158 r = br.open(req) | 158 r = br.open(req) |
159 j = json.decoder.JSONDecoder().decode(r.read()) | 159 j = json.decoder.JSONDecoder().decode(r.read().decode('utf-8')) |
160 #print('Sent challenge, got ' + str(j)) | 160 #print('Sent challenge, got ' + str(j)) |
161 | 161 |
162 M = usr.process_challenge(binascii.unhexlify(j['s']), binascii.unhexlify(j['B'])) | 162 M = usr.process_challenge(binascii.unhexlify(j['s']), binascii.unhexlify(j['B'])) |
163 req = mechanize.Request(base + '/authenticate', data = urllib.parse.urlencode({'CSRFtoken' : token, 'M' : binascii.hexlify(M)})) | 163 req = mechanize.Request(base + '/authenticate', data = urllib.parse.urlencode({'CSRFtoken' : token, 'M' : binascii.hexlify(M)})) |
164 r = br.open(req) | 164 r = br.open(req) |
165 j = json.decoder.JSONDecoder().decode(r.read()) | 165 j = json.decoder.JSONDecoder().decode(r.read().decode('utf-8')) |
166 #print('Got response ' + str(j)) | 166 #print('Got response ' + str(j)) |
167 | 167 |
168 usr.verify_session(binascii.unhexlify(j['M'])) | 168 usr.verify_session(binascii.unhexlify(j['M'])) |
169 if not usr.authenticated(): | 169 if not usr.authenticated(): |
170 print('Failed to authenticate') | 170 print('Failed to authenticate') |