Hello all, I recently setup some notebooks using the Rest API.
I found that I was using Drill 1.8, and my code for determining
authentication in Python, while hacky, worked... What I found is using
python requests, when I posted to j_security check, the requests object
almost always returned a HTTP 200.
If it was a bad username/password, I parsed the page and looked for that
text. In 1.8, if login was successful the string "Number of Drill Bits"
appeared on in the response text. From the requests module perspective,
both used HTTP 200 as a status code. However, on a successful login, Drill
actually sends a HTTP 303 that goes to / and apparently requests auto grabs
that request like nothing happened. Never telling me, the programmer about
the 303.
However, in Drill 1.10, the UI for the / page improved, and likely, the
string "Number of Drill Bits" was removed. This made it so I now had to
reprogram my auth code to handle it better.
So here I am, What IS the best way to determine programmatically in a way
that will remain stable if login was successful. Obviously string parsing
is prone to error and can be changed. I tried checking for the presence of
a JSESSIONID but that can show up either way.
So what is the "right" way to indicate login is successful? Could we do
something better with response codes? I know having the Form seems to make
sense, but could we just use basic authentication and set the header with
the form? That way, we could issue single queries with basic auth and get a
Unauthorized if the authentication didn't work. I don't know if I have an
answer, but I do know that working with the Rest API isn't all that
intuitive, it should be easier to tell if login was successful... I am
interested in the thoughts of others here.
John
(Code)
def authDrill(self):
url = self.drill_base_url + "/j_security_check"
login = {'j_username': self.drill_user, 'j_password':
self.drill_pass}
verify = "/etc/ssl/certs/ca-certificates.crt"
if self.drill_pin_to_ip == True:
verify = False
requests.packages.urllib3.disable_warnings(InsecureRequestWarning)
else:
verify = "/etc/ssl/certs/ca-certificates.crt"
r = self.session.post(url, data=login, headers=self.drill_headers,
verify=verify)
if r.status_code == 200:
if r.text.find("Invalid username/password credentials") >= 0:
raise Exception("Invalid username/password credentials")
elif r.text.find("Number of Drill Bits") >= 0:
pass
else:
raise Exception("Unknown HTTP 200 Code: %s" % r.text)
else:
raise Exception("Status Code: %s - Error" % r.status_code)
return self.session
