Re: cURL or wget with contrib.auth and CSRF
Hi David, It's actually pretty easy in curl. curl -d"csrfmiddlewaretoken=a" -H"Cookie: csrftoken=a" http: //yourdjangosite.com Collin On Thursday, April 14, 2011 7:32:46 AM UTC-4, David wrote: > > Hello, > > I am sorry for asking this, I know similar questions have been asked > before but I could not piece together the answer I needed from > previous contribution! > > I have a view, for example: > > @login_required > def clever_view(request): > #Render a PDF to a string > response = HttpResponse(content_type='application/pdf') > response.write(pdf_as_string) > return response > > Now, in a browser, if I request http://my.host.name/clever_view.pdf I > get sent to the log in page, I log in, and I get my file. If I don't > log out I can later on request http://my.host.name/clever_view.pdf and > I get the file strait away. The browser handles the session and csrf > cookies perfectly. > For clarity, the login requires POST inputs 'username', 'password' and > the submit button is called 'submit'. > > Now a client wants to use wget or curl to get the file: > > wget http://my.host.name/clever_view.pdf > > However, all I get are 403 even when I POST the username and password, > save the cookies and keep the session cookies. > > So in short, how do I access a view when session and csrftoken cookies > are required. > > If someone could show me an example of using curl or wget to access a > view that is not wrapped with @csrf_exempt but is wrapped with > @login_required I would be very grateful indeed. > > Thanks in advance > > Dave > > -- You received this message because you are subscribed to the Google Groups "Django users" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscr...@googlegroups.com. To post to this group, send email to django-users@googlegroups.com. Visit this group at http://groups.google.com/group/django-users. To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/fb6e54a8-c9e7-45f7-882f-bc05c8ee90d2%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: cURL or wget with contrib.auth and CSRF
David, I realize this was a long time ago, wondering if you ever got it working. I'm battling the same dragon currently. Step 1: seems to work wget --save-cookies c:\cifs\cookies.txt --keep-session-cookies --no-check-certificate --http-user=myuser --http-password=mypass https://www.pdfstore.com/ which will save the session cookie allowing you to perform a second wget using the saved cookies Step 2: Is where I'm getting an error "Error 400 not-valid csrf token" wget --load-cookies c:\cifs\cookies.txt --no-check-certificate --no-parent --recursive https://www.pdfstore.com/pdfvault/?T=null I'm inclined to think that wget cannot save csrf tokens in the same way it can session cookies. Wondering if you ever found a way out of this dragons den? Not sure if it makes a diff but im running on windows7 going through a bluecoat proxy on the way out so using Unixutils as it allows me to set the proxy config. Thanks, Kevin On Thursday, April 14, 2011 4:32:46 AM UTC-7, David wrote: > > Hello, > > I am sorry for asking this, I know similar questions have been asked > before but I could not piece together the answer I needed from > previous contribution! > > I have a view, for example: > > @login_required > def clever_view(request): > #Render a PDF to a string > response = HttpResponse(content_type='application/pdf') > response.write(pdf_as_string) > return response > > Now, in a browser, if I request http://my.host.name/clever_view.pdf I > get sent to the log in page, I log in, and I get my file. If I don't > log out I can later on request http://my.host.name/clever_view.pdf and > I get the file strait away. The browser handles the session and csrf > cookies perfectly. > For clarity, the login requires POST inputs 'username', 'password' and > the submit button is called 'submit'. > > Now a client wants to use wget or curl to get the file: > > wget http://my.host.name/clever_view.pdf > > However, all I get are 403 even when I POST the username and password, > save the cookies and keep the session cookies. > > So in short, how do I access a view when session and csrftoken cookies > are required. > > If someone could show me an example of using curl or wget to access a > view that is not wrapped with @csrf_exempt but is wrapped with > @login_required I would be very grateful indeed. > > Thanks in advance > > Dave > > -- You received this message because you are subscribed to the Google Groups "Django users" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscr...@googlegroups.com. To post to this group, send email to django-users@googlegroups.com. Visit this group at http://groups.google.com/group/django-users. To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/a4bd863c-aa3c-45fd-bf0a-54acd5a8b8b7%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: cURL or wget with contrib.auth and CSRF
This isn't a Django question. Check out the man pages for curl and wget -- both have the ability to GET & POST and retain cookie data for future requests. You shouldn't have to change anything in Django. -- You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com. To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-users?hl=en.
cURL or wget with contrib.auth and CSRF
Hello, I am sorry for asking this, I know similar questions have been asked before but I could not piece together the answer I needed from previous contribution! I have a view, for example: @login_required def clever_view(request): #Render a PDF to a string response = HttpResponse(content_type='application/pdf') response.write(pdf_as_string) return response Now, in a browser, if I request http://my.host.name/clever_view.pdf I get sent to the log in page, I log in, and I get my file. If I don't log out I can later on request http://my.host.name/clever_view.pdf and I get the file strait away. The browser handles the session and csrf cookies perfectly. For clarity, the login requires POST inputs 'username', 'password' and the submit button is called 'submit'. Now a client wants to use wget or curl to get the file: wget http://my.host.name/clever_view.pdf However, all I get are 403 even when I POST the username and password, save the cookies and keep the session cookies. So in short, how do I access a view when session and csrftoken cookies are required. If someone could show me an example of using curl or wget to access a view that is not wrapped with @csrf_exempt but is wrapped with @login_required I would be very grateful indeed. Thanks in advance Dave -- You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com. To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-users?hl=en.
