Last active
August 15, 2022 23:45
-
-
Save bittner/dc5fc8f447901c4778f4 to your computer and use it in GitHub Desktop.
Login and perform actions in a Django site (now with less security issues)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# source this code in a Bash shell ($ . django-csrftoken-login-demo.bash), | |
# and run with a DB name as parameter (e.g. $ django-csrftoken-login-demo demo) | |
django-csrftoken-login-demo() { | |
# -- CHANGE THESE VALUES TO MATCH YOUR ACCOUNT -- | |
local HOSTING_USERID=9988 | |
local HOSTING_PANEL_USER='customer@email.address' | |
local HOSTING_PANEL_PASS='my secret login password' | |
local HOSTING_DB_PREFIX='username_' | |
local DB_NAME=$HOSTING_DB_PREFIX$1 | |
local DB_TYPE=psql | |
local DB_TEMPLATE=default | |
# no changes needed below: | |
local HOSTING_PANEL_LOGIN=https://yourdjangowebsite.com/login/ | |
local HOSTING_PANEL_DATABASE=https://yourdjangowebsite.com/databases/ | |
local COOKIES=cookies.txt | |
local CURL_BIN="curl -s -c $COOKIES -b $COOKIES -e $HOSTING_PANEL_LOGIN" | |
local DATAFILE=curl-data.txt | |
umask 0007 | |
echo -n "Django Auth: get csrftoken ..." | |
$CURL_BIN $HOSTING_PANEL_LOGIN > /dev/null | |
local DJANGO_TOKEN="csrfmiddlewaretoken=$(grep csrftoken $COOKIES | sed 's/^.*csrftoken\s*//')" | |
echo -n " perform login ..." | |
echo "$DJANGO_TOKEN;username=$HOSTING_PANEL_USER;password=$HOSTING_PANEL_PASS" > $DATAFILE | |
$CURL_BIN -X POST -d @$DATAFILE $HOSTING_PANEL_LOGIN | |
echo -n " perform panel activity: CREATE DATABASE '$DB_NAME' ..." | |
echo "$DJANGO_TOKEN;systemuser=$HOSTING_USERID;name=$DB_NAME;type=$DB_TYPE;template=$DB_TEMPLATE" > $DATAFILE | |
$CURL_BIN -X POST -d @$DATAFILE "$HOSTING_PANEL_DATABASE" | |
echo " logout" | |
rm $COOKIES $DATAFILE | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Find this code explained on StackOverflow: how-to-curl-an-authenticated-django-app
Similar question: how-to-use-curl-with-django-csrf-tokens-and-post-requests