My Java is sitting on my desk right now... on the plus side, when Java is on my desk, my Python is incredible...
(Translation: Java scares me) :) On Tue, Jul 11, 2017 at 4:23 PM, Paul Rogers <[email protected]> wrote: > Hi John, > > All good points! > > How comfortable are you with Java? The current REST API evolved > organically based on the needs of the web UI. While we could wait for a > REST re-design, we could also move forward just adding the messages you > need — especially if you can contribute the code. > > The code is in org.apache.drill.exec.server.rest.LogInLogOutResources. > This is a mercifully short file. The login page message itself is one line > of actual code: > > @POST > @Path("/login") > @Produces(MediaType.TEXT_HTML) > public Viewable getLoginPageAfterValidationError() { > return ViewableWithPermissions.createLoginPage("Invalid > username/password credentials."); > } > > Seems simple enough to change above method to add the HTTP status to the > generated web page; the browser won’t care. > > The web framework Drill uses is quite rich (mucked about with it a year > ago, but have gotten rusty since.) There is an easy way to indicate the > HTTP status; I just can’t remember what it is… > > Anyone else remember how to set the return status in a Jetty response? > > Thanks, > > - Paul > > > > On Jul 7, 2017, at 5:48 AM, John Omernik <[email protected]> wrote: > > > > Hello all, I recently setup some notebooks using the Rest API. > > > > I found that I was using Drill 1.8, and my code for determining > > authentication in Python, while hacky, worked... What I found is using > > python requests, when I posted to j_security check, the requests object > > almost always returned a HTTP 200. > > > > If it was a bad username/password, I parsed the page and looked for that > > text. In 1.8, if login was successful the string "Number of Drill Bits" > > appeared on in the response text. From the requests module perspective, > > both used HTTP 200 as a status code. However, on a successful login, > Drill > > actually sends a HTTP 303 that goes to / and apparently requests auto > grabs > > that request like nothing happened. Never telling me, the programmer > about > > the 303. > > > > However, in Drill 1.10, the UI for the / page improved, and likely, the > > string "Number of Drill Bits" was removed. This made it so I now had to > > reprogram my auth code to handle it better. > > > > So here I am, What IS the best way to determine programmatically in a way > > that will remain stable if login was successful. Obviously string parsing > > is prone to error and can be changed. I tried checking for the presence > of > > a JSESSIONID but that can show up either way. > > > > So what is the "right" way to indicate login is successful? Could we do > > something better with response codes? I know having the Form seems to > make > > sense, but could we just use basic authentication and set the header with > > the form? That way, we could issue single queries with basic auth and > get a > > Unauthorized if the authentication didn't work. I don't know if I have > an > > answer, but I do know that working with the Rest API isn't all that > > intuitive, it should be easier to tell if login was successful... I am > > interested in the thoughts of others here. > > > > John > > > > > > > > > > > > > > > > (Code) > > def authDrill(self): > > url = self.drill_base_url + "/j_security_check" > > login = {'j_username': self.drill_user, 'j_password': > > self.drill_pass} > > > > verify = "/etc/ssl/certs/ca-certificates.crt" > > > > if self.drill_pin_to_ip == True: > > verify = False > > > > requests.packages.urllib3.disable_warnings(InsecureRequestWarning) > > else: > > verify = "/etc/ssl/certs/ca-certificates.crt" > > > > r = self.session.post(url, data=login, headers=self.drill_headers, > > verify=verify) > > if r.status_code == 200: > > if r.text.find("Invalid username/password credentials") >= 0: > > raise Exception("Invalid username/password credentials") > > elif r.text.find("Number of Drill Bits") >= 0: > > pass > > else: > > raise Exception("Unknown HTTP 200 Code: %s" % r.text) > > else: > > raise Exception("Status Code: %s - Error" % r.status_code) > > return self.session > >
