Re: Python3 using requests to grab HTTP Auth Data

2017-02-02 Thread Νίκος Βέργος 
Τη Πέμπτη, 2 Φεβρουαρίου 2017 - 9:38:47 μ.μ. UTC+2, ο χρήστης Ian έγραψε:

> If you want the user to authenticate to your script and not just
> whatever file you're redirecting them to, then you need to configure
> the server to require authorization for the script and not just the
> redirect target. Most likely you would do this with an .htaccess
> directive as Michael Torrie already suggested. Once that's done, then
> as soon as your script is invoked you'll be able to get the
> REMOTE_USER. The  tag has nothing to do with requesting auth and
> you only need it if you want the browser to perform a delayed redirect
> to that file.

I have also came up with this idea but the problem with that approach is that 
in order for 'files.py' script to run an authentice dialog must come first.

As i have the script coded the 'files.py' need to run first normally and only 
after a form submit bases on user selection of a a listed file, onlty then the 
authentication process to be initiated , not earlier.

To see what i eman just visit my website at http://superhost.gr, scroll down on 
the middle of the page, hit download now image link.

A list of files will be presented to you and when you click someone then the 
 tage initiate the authentication.

Can this also be done in such a way with .htaccess & .htpasswd ?!
-- 
https://mail.python.org/mailman/listinfo/python-list

Re: Python3 using requests to grab HTTP Auth Data

2017-02-02 Thread Ian Kelly 
On Wed, Feb 1, 2017 at 5:22 PM, Νίκος Βέργος  wrote:
> 
> # Give user the file requested
>
> print(''' content="5;url=http://superhost.gr/data/files/%s";>''' % realfile)
>
> authuser = os.environ.get( 'REMOTE_USER', 'Άγνωστος' )
> print( authuser )
> 
>
> Trying this, feels liek i'm almost there except that when printing the value 
> of authuser variable it default to "Άγνωστος" meaning not there.
>
> is there any other way i can grab what the user gave a auth login info?

Hold on, are those consecutive lines within the same script?

I think you need to better understand the HTTP request cycle. The
browser sends a request to your server, the server runs your CGI which
builds a response, and then the server sends the response back to the
browser. At that point the CGI is done with this request.

The  tag that you're printing is part of that response. The
browser can't do anything with it until it sees it. When it does, it
will perform the refresh which creates a second request to the server
at the new URL. If the server's response to the second request is a
401 Unauthorized, then the browser shows the username/password dialog
and after the user enters those it will make a /third/ request
containing that info, also to the new URL.

Your script which ran on the first request is trying to get the
REMOTE_USER from the authentication data that was passed to that first
request, but there wasn't any. The user didn't enter any until the
third request, at which point your script was long since finished
running.

If you want the user to authenticate to your script and not just
whatever file you're redirecting them to, then you need to configure
the server to require authorization for the script and not just the
redirect target. Most likely you would do this with an .htaccess
directive as Michael Torrie already suggested. Once that's done, then
as soon as your script is invoked you'll be able to get the
REMOTE_USER. The  tag has nothing to do with requesting auth and
you only need it if you want the browser to perform a delayed redirect
to that file.
-- 
https://mail.python.org/mailman/listinfo/python-list

Re: Python3 using requests to grab HTTP Auth Data

2017-02-01 Thread Νίκος Βέργος 

# Give user the file requested

print('''http://superhost.gr/data/files/%s";>''' % realfile)

authuser = os.environ.get( 'REMOTE_USER', 'Άγνωστος' )
print( authuser )


Trying this, feels liek i'm almost there except that when printing the value of 
authuser variable it default to "Άγνωστος" meaning not there.

is there any other way i can grab what the user gave a auth login info?
-- 
https://mail.python.org/mailman/listinfo/python-list

Re: Python3 using requests to grab HTTP Auth Data

2017-02-01 Thread Νίκος Βέργος 
Τη Πέμπτη, 2 Φεβρουαρίου 2017 - 1:51:52 π.μ. UTC+2, ο χρήστης Ian έγραψε:
> On Wed, Feb 1, 2017 at 2:51 PM, Νίκος Βέργος  wrote:
> > Τη Τετάρτη, 1 Φεβρουαρίου 2017 - 11:41:28 μ.μ. UTC+2, ο χρήστης Michael 
> > Torrie έγραψε:
> >> On 02/01/2017 01:51 PM, Νίκος Βέργος wrote:
> >> > as well as input() for both user & pass combo but iam not getting in 
> >> > chrome the basic pop-up HTTP auth window.
> >> >
> >> > Any idea why?
> >>
> >> What you're describing is not something you can do with an interactive
> >> Python script.  HTTP-level authentication is requested of your browser
> >> by the web server itself.  On Apache there are numerous methods you can
> >> use.  Individual users can use .htaccess directives to add
> >> authentication to a directory, for example.  You'll need to learn about it:
> >> https://www.google.com/search?q=apache+http+authentication
> >>
> >> If you're using a framework like Django, there are mechanisms for
> >> checking the username and password against a Python method.  Again,
> >> google for http authentication and whatever framework you're using.
> >>
> >> I once used a special python script that was called by an Apache module
> >> to verify users against a customized LDAP filter.  Again, that involves
> >> server cooperation though a module.
> >>
> >> In general, the browser pops up the username and password box in
> >> response to a request from the web server.  It's not something your CGI
> >> script can just do without some cooperation from the web server.
> >
> > I used to have this workaround solution for triggering the web server to 
> > pop-up the HTTP Auth window
> >
> > print ''' > content="2;url=http://superhost.gr/data/files/%s";>''' % file_requested
> >
> > and i have tried to read the the login auth name that user entered by using
> >
> > authuser = os.environ.get( 'REMOTE_USER', 'Άγνωστος' )
> >
> > unfortunately it always failes to receive it that's why i'm trying to do 
> > the trick with the requests module.
> 
> Fails how? It doesn't ask the user, or the environment variable is empty?
> 
> requests is an HTTP client library. It's not very useful server-side
> unless you're talking to other servers. It is, in any case,
> nonsensical to send an HTTP request to the browser.

 triggers the http auth windows, so the user can enter the auth 
info, i just cant seem to grab the auth username back.
-- 
https://mail.python.org/mailman/listinfo/python-list

Re: Python3 using requests to grab HTTP Auth Data

2017-02-01 Thread Ian Kelly 
On Wed, Feb 1, 2017 at 2:51 PM, Νίκος Βέργος  wrote:
> Τη Τετάρτη, 1 Φεβρουαρίου 2017 - 11:41:28 μ.μ. UTC+2, ο χρήστης Michael 
> Torrie έγραψε:
>> On 02/01/2017 01:51 PM, Νίκος Βέργος wrote:
>> > as well as input() for both user & pass combo but iam not getting in 
>> > chrome the basic pop-up HTTP auth window.
>> >
>> > Any idea why?
>>
>> What you're describing is not something you can do with an interactive
>> Python script.  HTTP-level authentication is requested of your browser
>> by the web server itself.  On Apache there are numerous methods you can
>> use.  Individual users can use .htaccess directives to add
>> authentication to a directory, for example.  You'll need to learn about it:
>> https://www.google.com/search?q=apache+http+authentication
>>
>> If you're using a framework like Django, there are mechanisms for
>> checking the username and password against a Python method.  Again,
>> google for http authentication and whatever framework you're using.
>>
>> I once used a special python script that was called by an Apache module
>> to verify users against a customized LDAP filter.  Again, that involves
>> server cooperation though a module.
>>
>> In general, the browser pops up the username and password box in
>> response to a request from the web server.  It's not something your CGI
>> script can just do without some cooperation from the web server.
>
> I used to have this workaround solution for triggering the web server to 
> pop-up the HTTP Auth window
>
> print ''' content="2;url=http://superhost.gr/data/files/%s";>''' % file_requested
>
> and i have tried to read the the login auth name that user entered by using
>
> authuser = os.environ.get( 'REMOTE_USER', 'Άγνωστος' )
>
> unfortunately it always failes to receive it that's why i'm trying to do the 
> trick with the requests module.

Fails how? It doesn't ask the user, or the environment variable is empty?

requests is an HTTP client library. It's not very useful server-side
unless you're talking to other servers. It is, in any case,
nonsensical to send an HTTP request to the browser.
-- 
https://mail.python.org/mailman/listinfo/python-list

Re: Python3 using requests to grab HTTP Auth Data

2017-02-01 Thread Νίκος Βέργος 
Τη Τετάρτη, 1 Φεβρουαρίου 2017 - 11:41:28 μ.μ. UTC+2, ο χρήστης Michael Torrie 
έγραψε:
> On 02/01/2017 01:51 PM, Νίκος Βέργος wrote:
> > as well as input() for both user & pass combo but iam not getting in chrome 
> > the basic pop-up HTTP auth window.
> > 
> > Any idea why?
> 
> What you're describing is not something you can do with an interactive
> Python script.  HTTP-level authentication is requested of your browser
> by the web server itself.  On Apache there are numerous methods you can
> use.  Individual users can use .htaccess directives to add
> authentication to a directory, for example.  You'll need to learn about it:
> https://www.google.com/search?q=apache+http+authentication
> 
> If you're using a framework like Django, there are mechanisms for
> checking the username and password against a Python method.  Again,
> google for http authentication and whatever framework you're using.
> 
> I once used a special python script that was called by an Apache module
> to verify users against a customized LDAP filter.  Again, that involves
> server cooperation though a module.
> 
> In general, the browser pops up the username and password box in
> response to a request from the web server.  It's not something your CGI
> script can just do without some cooperation from the web server.

I used to have this workaround solution for triggering the web server to pop-up 
the HTTP Auth window

print '''http://superhost.gr/data/files/%s";>''' % file_requested

and i have tried to read the the login auth name that user entered by using

authuser = os.environ.get( 'REMOTE_USER', 'Άγνωστος' )

unfortunately it always failes to receive it that's why i'm trying to do the 
trick with the requests module.
-- 
https://mail.python.org/mailman/listinfo/python-list

Re: Python3 using requests to grab HTTP Auth Data

2017-02-01 Thread Michael Torrie 
On 02/01/2017 01:51 PM, Νίκος Βέργος wrote:
> as well as input() for both user & pass combo but iam not getting in chrome 
> the basic pop-up HTTP auth window.
> 
> Any idea why?

What you're describing is not something you can do with an interactive
Python script.  HTTP-level authentication is requested of your browser
by the web server itself.  On Apache there are numerous methods you can
use.  Individual users can use .htaccess directives to add
authentication to a directory, for example.  You'll need to learn about it:
https://www.google.com/search?q=apache+http+authentication

If you're using a framework like Django, there are mechanisms for
checking the username and password against a Python method.  Again,
google for http authentication and whatever framework you're using.

I once used a special python script that was called by an Apache module
to verify users against a customized LDAP filter.  Again, that involves
server cooperation though a module.

In general, the browser pops up the username and password box in
response to a request from the web server.  It's not something your CGI
script can just do without some cooperation from the web server.
-- 
https://mail.python.org/mailman/listinfo/python-list

Re: Python3 using requests to grab HTTP Auth Data

2017-02-01 Thread Νίκος Βέργος 
Τη Τετάρτη, 1 Φεβρουαρίου 2017 - 9:22:46 μ.μ. UTC+2, ο χρήστης Chris Angelico 
έγραψε:
> You should use the input() function (called raw_input() in Python 2)
> for a user name, and the getpass module for the password:

I have just tried

===
# Give user the file requested
url = "http://superhost.gr/data/files/%s"; % realfile

username = getpass.getuser()
password = getpass.getpass()

r = requests.get( url, auth = (username, password) )# ask user for 
authentication data
r.raise_for_status() 
===

as well as input() for both user & pass combo but iam not getting in chrome the 
basic pop-up HTTP auth window.

Any idea why?

-- 
https://mail.python.org/mailman/listinfo/python-list

Re: Python3 using requests to grab HTTP Auth Data

2017-02-01 Thread Νίκος Βέργος 
Τη Τετάρτη, 1 Φεβρουαρίου 2017 - 9:22:46 μ.μ. UTC+2, ο χρήστης Chris  
> You should use the input() function (called raw_input() in Python 2)
> for a user name, and the getpass module for the password:

i have just tried:

# Give user the file requested
url = "http://superhost.gr/data/files/%s"; % realfile

username = getpass.getuser()
password = getpass.getpass()

r = requests.get( url, auth = (username, password) )# ask user for 
authentication data
r.raise_for_status() 


-- 
https://mail.python.org/mailman/listinfo/python-list

Re: Python3 using requests to grab HTTP Auth Data

2017-02-01 Thread John Gordon 
In  Peter Pearson  
writes:

> > How can i ASK the user for http auth data and store them isntead of
> > giving them to the script?

> Maybe like this?

>   user = raw_input("User: ")
>   password = raw_input("Password: ")

If it doesn't need to be interactive, you could require that the user
supply a file in the current directory containing the username and
password.

-- 
John Gordon   A is for Amy, who fell down the stairs
gor...@panix.com  B is for Basil, assaulted by bears
-- Edward Gorey, "The Gashlycrumb Tinies"

-- 
https://mail.python.org/mailman/listinfo/python-list

Re: Python3 using requests to grab HTTP Auth Data

2017-02-01 Thread Chris Angelico 
On Thu, Feb 2, 2017 at 2:10 AM, Νίκος Βέργος  wrote:
> # Give user the file requested
> url = "http://superhost.gr/data/files/%s"; % realfile
>
> user, password = 'user', 'passwd'
>
> r = requests.get( url, auth = (user, password) ) # send auth unconditionally
> r.raise_for_status()
> ==
>
> How can i ASK the user for http auth data and store them isntead of giving 
> them to the script?

You should use the input() function (called raw_input() in Python 2)
for a user name, and the getpass module for the password:

https://docs.python.org/3/library/getpass.html

ChrisA
-- 
https://mail.python.org/mailman/listinfo/python-list

Re: Python3 using requests to grab HTTP Auth Data

2017-02-01 Thread Peter Pearson 
On Wed, 1 Feb 2017 07:10:39 -0800 (PST), Νίκος Βέργος wrote:
> # Give user the file requested
> url = "http://superhost.gr/data/files/%s"; % realfile
>  
> user, password = 'user', 'passwd'
>  
> r = requests.get( url, auth = (user, password) ) # send auth unconditionally
> r.raise_for_status()
>==
>
> How can i ASK the user for http auth data and store them isntead of
> giving them to the script?

Maybe like this?

  user = raw_input("User: ")
  password = raw_input("Password: ")

-- 
To email me, substitute nowhere->runbox, invalid->com.
-- 
https://mail.python.org/mailman/listinfo/python-list

Python3 using requests to grab HTTP Auth Data

2017-02-01 Thread Νίκος Βέργος 
# Give user the file requested
url = "http://superhost.gr/data/files/%s"; % realfile
 
user, password = 'user', 'passwd'
 
r = requests.get( url, auth = (user, password) ) # send auth unconditionally
r.raise_for_status()
==

How can i ASK the user for http auth data and store them isntead of giving them 
to the script?
-- 
https://mail.python.org/mailman/listinfo/python-list