Re: Python3 using requests to grab HTTP Auth Data
Τη Πέμπτη, 2 Φεβρουαρίου 2017 - 9:38:47 μ.μ. UTC+2, ο χρήστης Ian έγραψε: > If you want the user to authenticate to your script and not just > whatever file you're redirecting them to, then you need to configure > the server to require authorization for the script and not just the > redirect target. Most likely you would do this with an .htaccess > directive as Michael Torrie already suggested. Once that's done, then > as soon as your script is invoked you'll be able to get the > REMOTE_USER. The tag has nothing to do with requesting auth and > you only need it if you want the browser to perform a delayed redirect > to that file. I have also came up with this idea but the problem with that approach is that in order for 'files.py' script to run an authentice dialog must come first. As i have the script coded the 'files.py' need to run first normally and only after a form submit bases on user selection of a a listed file, onlty then the authentication process to be initiated , not earlier. To see what i eman just visit my website at http://superhost.gr, scroll down on the middle of the page, hit download now image link. A list of files will be presented to you and when you click someone then the tage initiate the authentication. Can this also be done in such a way with .htaccess & .htpasswd ?! -- https://mail.python.org/mailman/listinfo/python-list
Re: Python3 using requests to grab HTTP Auth Data
On Wed, Feb 1, 2017 at 5:22 PM, Νίκος Βέργος wrote: > > # Give user the file requested > > print(''' content="5;url=http://superhost.gr/data/files/%s";>''' % realfile) > > authuser = os.environ.get( 'REMOTE_USER', 'Άγνωστος' ) > print( authuser ) > > > Trying this, feels liek i'm almost there except that when printing the value > of authuser variable it default to "Άγνωστος" meaning not there. > > is there any other way i can grab what the user gave a auth login info? Hold on, are those consecutive lines within the same script? I think you need to better understand the HTTP request cycle. The browser sends a request to your server, the server runs your CGI which builds a response, and then the server sends the response back to the browser. At that point the CGI is done with this request. The tag that you're printing is part of that response. The browser can't do anything with it until it sees it. When it does, it will perform the refresh which creates a second request to the server at the new URL. If the server's response to the second request is a 401 Unauthorized, then the browser shows the username/password dialog and after the user enters those it will make a /third/ request containing that info, also to the new URL. Your script which ran on the first request is trying to get the REMOTE_USER from the authentication data that was passed to that first request, but there wasn't any. The user didn't enter any until the third request, at which point your script was long since finished running. If you want the user to authenticate to your script and not just whatever file you're redirecting them to, then you need to configure the server to require authorization for the script and not just the redirect target. Most likely you would do this with an .htaccess directive as Michael Torrie already suggested. Once that's done, then as soon as your script is invoked you'll be able to get the REMOTE_USER. The tag has nothing to do with requesting auth and you only need it if you want the browser to perform a delayed redirect to that file. -- https://mail.python.org/mailman/listinfo/python-list
Re: Python3 using requests to grab HTTP Auth Data
# Give user the file requested print('''http://superhost.gr/data/files/%s";>''' % realfile) authuser = os.environ.get( 'REMOTE_USER', 'Άγνωστος' ) print( authuser ) Trying this, feels liek i'm almost there except that when printing the value of authuser variable it default to "Άγνωστος" meaning not there. is there any other way i can grab what the user gave a auth login info? -- https://mail.python.org/mailman/listinfo/python-list
Re: Python3 using requests to grab HTTP Auth Data
Τη Πέμπτη, 2 Φεβρουαρίου 2017 - 1:51:52 π.μ. UTC+2, ο χρήστης Ian έγραψε: > On Wed, Feb 1, 2017 at 2:51 PM, Νίκος Βέργος wrote: > > Τη Τετάρτη, 1 Φεβρουαρίου 2017 - 11:41:28 μ.μ. UTC+2, ο χρήστης Michael > > Torrie έγραψε: > >> On 02/01/2017 01:51 PM, Νίκος Βέργος wrote: > >> > as well as input() for both user & pass combo but iam not getting in > >> > chrome the basic pop-up HTTP auth window. > >> > > >> > Any idea why? > >> > >> What you're describing is not something you can do with an interactive > >> Python script. HTTP-level authentication is requested of your browser > >> by the web server itself. On Apache there are numerous methods you can > >> use. Individual users can use .htaccess directives to add > >> authentication to a directory, for example. You'll need to learn about it: > >> https://www.google.com/search?q=apache+http+authentication > >> > >> If you're using a framework like Django, there are mechanisms for > >> checking the username and password against a Python method. Again, > >> google for http authentication and whatever framework you're using. > >> > >> I once used a special python script that was called by an Apache module > >> to verify users against a customized LDAP filter. Again, that involves > >> server cooperation though a module. > >> > >> In general, the browser pops up the username and password box in > >> response to a request from the web server. It's not something your CGI > >> script can just do without some cooperation from the web server. > > > > I used to have this workaround solution for triggering the web server to > > pop-up the HTTP Auth window > > > > print ''' > content="2;url=http://superhost.gr/data/files/%s";>''' % file_requested > > > > and i have tried to read the the login auth name that user entered by using > > > > authuser = os.environ.get( 'REMOTE_USER', 'Άγνωστος' ) > > > > unfortunately it always failes to receive it that's why i'm trying to do > > the trick with the requests module. > > Fails how? It doesn't ask the user, or the environment variable is empty? > > requests is an HTTP client library. It's not very useful server-side > unless you're talking to other servers. It is, in any case, > nonsensical to send an HTTP request to the browser. triggers the http auth windows, so the user can enter the auth info, i just cant seem to grab the auth username back. -- https://mail.python.org/mailman/listinfo/python-list
Re: Python3 using requests to grab HTTP Auth Data
On Wed, Feb 1, 2017 at 2:51 PM, Νίκος Βέργος wrote: > Τη Τετάρτη, 1 Φεβρουαρίου 2017 - 11:41:28 μ.μ. UTC+2, ο χρήστης Michael > Torrie έγραψε: >> On 02/01/2017 01:51 PM, Νίκος Βέργος wrote: >> > as well as input() for both user & pass combo but iam not getting in >> > chrome the basic pop-up HTTP auth window. >> > >> > Any idea why? >> >> What you're describing is not something you can do with an interactive >> Python script. HTTP-level authentication is requested of your browser >> by the web server itself. On Apache there are numerous methods you can >> use. Individual users can use .htaccess directives to add >> authentication to a directory, for example. You'll need to learn about it: >> https://www.google.com/search?q=apache+http+authentication >> >> If you're using a framework like Django, there are mechanisms for >> checking the username and password against a Python method. Again, >> google for http authentication and whatever framework you're using. >> >> I once used a special python script that was called by an Apache module >> to verify users against a customized LDAP filter. Again, that involves >> server cooperation though a module. >> >> In general, the browser pops up the username and password box in >> response to a request from the web server. It's not something your CGI >> script can just do without some cooperation from the web server. > > I used to have this workaround solution for triggering the web server to > pop-up the HTTP Auth window > > print ''' content="2;url=http://superhost.gr/data/files/%s";>''' % file_requested > > and i have tried to read the the login auth name that user entered by using > > authuser = os.environ.get( 'REMOTE_USER', 'Άγνωστος' ) > > unfortunately it always failes to receive it that's why i'm trying to do the > trick with the requests module. Fails how? It doesn't ask the user, or the environment variable is empty? requests is an HTTP client library. It's not very useful server-side unless you're talking to other servers. It is, in any case, nonsensical to send an HTTP request to the browser. -- https://mail.python.org/mailman/listinfo/python-list
Re: Python3 using requests to grab HTTP Auth Data
Τη Τετάρτη, 1 Φεβρουαρίου 2017 - 11:41:28 μ.μ. UTC+2, ο χρήστης Michael Torrie έγραψε: > On 02/01/2017 01:51 PM, Νίκος Βέργος wrote: > > as well as input() for both user & pass combo but iam not getting in chrome > > the basic pop-up HTTP auth window. > > > > Any idea why? > > What you're describing is not something you can do with an interactive > Python script. HTTP-level authentication is requested of your browser > by the web server itself. On Apache there are numerous methods you can > use. Individual users can use .htaccess directives to add > authentication to a directory, for example. You'll need to learn about it: > https://www.google.com/search?q=apache+http+authentication > > If you're using a framework like Django, there are mechanisms for > checking the username and password against a Python method. Again, > google for http authentication and whatever framework you're using. > > I once used a special python script that was called by an Apache module > to verify users against a customized LDAP filter. Again, that involves > server cooperation though a module. > > In general, the browser pops up the username and password box in > response to a request from the web server. It's not something your CGI > script can just do without some cooperation from the web server. I used to have this workaround solution for triggering the web server to pop-up the HTTP Auth window print '''http://superhost.gr/data/files/%s";>''' % file_requested and i have tried to read the the login auth name that user entered by using authuser = os.environ.get( 'REMOTE_USER', 'Άγνωστος' ) unfortunately it always failes to receive it that's why i'm trying to do the trick with the requests module. -- https://mail.python.org/mailman/listinfo/python-list
Re: Python3 using requests to grab HTTP Auth Data
On 02/01/2017 01:51 PM, Νίκος Βέργος wrote: > as well as input() for both user & pass combo but iam not getting in chrome > the basic pop-up HTTP auth window. > > Any idea why? What you're describing is not something you can do with an interactive Python script. HTTP-level authentication is requested of your browser by the web server itself. On Apache there are numerous methods you can use. Individual users can use .htaccess directives to add authentication to a directory, for example. You'll need to learn about it: https://www.google.com/search?q=apache+http+authentication If you're using a framework like Django, there are mechanisms for checking the username and password against a Python method. Again, google for http authentication and whatever framework you're using. I once used a special python script that was called by an Apache module to verify users against a customized LDAP filter. Again, that involves server cooperation though a module. In general, the browser pops up the username and password box in response to a request from the web server. It's not something your CGI script can just do without some cooperation from the web server. -- https://mail.python.org/mailman/listinfo/python-list
Re: Python3 using requests to grab HTTP Auth Data
Τη Τετάρτη, 1 Φεβρουαρίου 2017 - 9:22:46 μ.μ. UTC+2, ο χρήστης Chris Angelico έγραψε: > You should use the input() function (called raw_input() in Python 2) > for a user name, and the getpass module for the password: I have just tried === # Give user the file requested url = "http://superhost.gr/data/files/%s"; % realfile username = getpass.getuser() password = getpass.getpass() r = requests.get( url, auth = (username, password) )# ask user for authentication data r.raise_for_status() === as well as input() for both user & pass combo but iam not getting in chrome the basic pop-up HTTP auth window. Any idea why? -- https://mail.python.org/mailman/listinfo/python-list
Re: Python3 using requests to grab HTTP Auth Data
Τη Τετάρτη, 1 Φεβρουαρίου 2017 - 9:22:46 μ.μ. UTC+2, ο χρήστης Chris > You should use the input() function (called raw_input() in Python 2) > for a user name, and the getpass module for the password: i have just tried: # Give user the file requested url = "http://superhost.gr/data/files/%s"; % realfile username = getpass.getuser() password = getpass.getpass() r = requests.get( url, auth = (username, password) )# ask user for authentication data r.raise_for_status() -- https://mail.python.org/mailman/listinfo/python-list
Re: Python3 using requests to grab HTTP Auth Data
In Peter Pearson writes: > > How can i ASK the user for http auth data and store them isntead of > > giving them to the script? > Maybe like this? > user = raw_input("User: ") > password = raw_input("Password: ") If it doesn't need to be interactive, you could require that the user supply a file in the current directory containing the username and password. -- John Gordon A is for Amy, who fell down the stairs gor...@panix.com B is for Basil, assaulted by bears -- Edward Gorey, "The Gashlycrumb Tinies" -- https://mail.python.org/mailman/listinfo/python-list
Re: Python3 using requests to grab HTTP Auth Data
On Thu, Feb 2, 2017 at 2:10 AM, Νίκος Βέργος wrote: > # Give user the file requested > url = "http://superhost.gr/data/files/%s"; % realfile > > user, password = 'user', 'passwd' > > r = requests.get( url, auth = (user, password) ) # send auth unconditionally > r.raise_for_status() > == > > How can i ASK the user for http auth data and store them isntead of giving > them to the script? You should use the input() function (called raw_input() in Python 2) for a user name, and the getpass module for the password: https://docs.python.org/3/library/getpass.html ChrisA -- https://mail.python.org/mailman/listinfo/python-list
Re: Python3 using requests to grab HTTP Auth Data
On Wed, 1 Feb 2017 07:10:39 -0800 (PST), Νίκος Βέργος wrote: > # Give user the file requested > url = "http://superhost.gr/data/files/%s"; % realfile > > user, password = 'user', 'passwd' > > r = requests.get( url, auth = (user, password) ) # send auth unconditionally > r.raise_for_status() >== > > How can i ASK the user for http auth data and store them isntead of > giving them to the script? Maybe like this? user = raw_input("User: ") password = raw_input("Password: ") -- To email me, substitute nowhere->runbox, invalid->com. -- https://mail.python.org/mailman/listinfo/python-list
Python3 using requests to grab HTTP Auth Data
# Give user the file requested url = "http://superhost.gr/data/files/%s"; % realfile user, password = 'user', 'passwd' r = requests.get( url, auth = (user, password) ) # send auth unconditionally r.raise_for_status() == How can i ASK the user for http auth data and store them isntead of giving them to the script? -- https://mail.python.org/mailman/listinfo/python-list