Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
3.6k views
in Technique[技术] by (71.8m points)

Python API Call authorization returns 401 for over the retrieval failure of JSESSIONID/Cookie/ClientID by request library

I have simulated successfully API calls with my postman client. Postman client automatically populates the required JSESSIONID, COOKIE, and CLIENT ID.

However, when I try to realize the same with python I get 401. It looks like the session variable of the request API does not hold the required information

I would like to replicate the entire step below with both Postman generated python script and my script

Postman script

In the first POST call, I use my secretKey to request the secret

import requests

url = "https://url.com/v1/session/auth/token?X-Requested-By=Maddy&Content-Type=application/x-www-form-urlencoded"

payload="secret_key=zxcvfc-103f-950d-856d-cxvfdgh&username=myuser001&access_level=FULL"
headers = {
  'X-Requested-By': 'Maddy', #This is my header
  'Content-Type': 'application/x-www-form-urlencoded', #My header
  'Cookie': 'route=e7esaafb42ce234234242347482341f; clientId= zxcvfc-103f-950d-856d-cxvfdg; JSESSIONID=e34cc53d-e99c-4296-a4fe-0d70a246bd11' #Postman generated
}

response = requests.request("POST", url, headers=headers, data=payload)

print(response.text)

I get a secret JHNXZasdasdasdasjdakdasdjdalsdjasdladasdlalsdjajsdjaskdjaksjdaskjdjaskdljasj very long

then the second GET call is done with the secret I have received.

import requests

url = "https://url.com/callosum/v1/session/login/token?username=myuser001&auth_token=JHNXZasdasdasdasjdakdasdjdalsdjasdladasdlalsdjajsdjaskdjaksjdaskjdjaskdljasj&redirect_url=https://url.com/callosum/v1/tspublic/v1/user/list"

payload={}
headers = {
  'Cookie': 'route=e78as0dad9009q029420349249f; clientId=s0255-6598-5103-dec3-defererer090; JSESSIONID=dfgas8484-659595656-6526-5626-7589898ads'
}

response = requests.request("GET", url, headers=headers, data=payload)

print(response.text)

#The response contains JSON output with a list of users

Not the above header junk that contains id and session and cookie is generated by the postman

Now this is how my Python script looks like

    url = "https://url.com/callosum/v1/session/auth/token?X-Requested-By=Maddy&Content-Type=application/x-www-form-urlencoded"
    
    payload="secret_key=zxcvfc-103f-950d-856d-cxvfdgh&username=myuser001&access_level=FULL"
    headers = {
      'X-Requested-By': 'Maddy', #These one is mine
      'Content-Type': 'application/x-www-form-urlencoded' #these one is mine
    }
    with requests.session() as s:
       
        secret = s.post(url, data=payload, headers=headers,verify=False).text
        #secret contain the lengthy secret for the get call stored in the variable secret
        
        
        payload1 = {}

#The url2 contains login url and redirect url that contains the user API for get method 
        url2 = "https://url.com/callosum/v1/session/login/token?username=myuser001&auth_token={}&redirect_url=https://url.com/callosum/v1/tspublic/v1/user/list".format(secret)
        r = s.get(url2,data=payload1,verify =False)
        #Also tried without payload and with and without header results are the same
        print(r.cookies)
        print(r.text) #401 unauthroized
       

I get the secret but not the data. Do let me know if there is something that needs to be added.

Best Regards, Gabby


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Answer

0 votes
by (71.8m points)
等待大神答复

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...