Forked from bittner/django-csrftoken-login-demo.bash
Last active
August 29, 2015 14:13
-
-
Save gfranxman/257c897b2b11eb9b3742 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# source this code in a Bash shell | |
# and run like django-post-payload '{"a": "b"}' | |
# you can set the credentials by exporting DJANGO_USER and DJANGO_PASSWORD | |
django-post-payload() { | |
local TARGET=http://ws.somesite.com/some/service/endpoint/ | |
local PAYLOAD=$1 | |
#"{\"asd\": \"asd\"}" | |
local LOGIN=http://ws.somesite.com/login/ | |
# | |
local USER=${DJANGO_USER:-admin} | |
local PASSWD=${DJANGO_PASSWORD:-admin} | |
# no changes needed below: | |
local COOKIES=cookies.txt | |
local CURL_BIN="curl -c $COOKIES -b $COOKIES -e $LOGIN" | |
local SCURL_BIN="curl -s -c $COOKIES -b $COOKIES -e $LOGIN --output /dev/null" | |
local ICURL_BIN="curl -s -D- -c $COOKIES -b $COOKIES -e $LOGIN --output /dev/null" | |
local DATAFILE=curl-data.txt | |
umask 0007 | |
echo "Django Auth: get csrftoken ..." | |
echo $SCURL_BIN $LOGIN | |
$SCURL_BIN $LOGIN | |
local DJANGO_TOKEN="csrfmiddlewaretoken=$(grep csrftoken $COOKIES | sed 's/^.*csrftoken\s*//' | awk '{$1=$1}{ print }')" | |
echo "login ..." | |
echo "$DJANGO_TOKEN;username=$USER;password=$PASSWD" > $DATAFILE | |
$SCURL_BIN -X POST -d @$DATAFILE $LOGIN | |
echo "refresh token ..." | |
$SCURL_BIN "$TARGET" | |
local DJANGO_TOKEN="csrfmiddlewaretoken=$(grep csrftoken $COOKIES | sed 's/^.*csrftoken\s*//' | awk '{$1=$1}{ print }')" | |
echo "Posting PAYLOAD to TARGET" | |
echo "$DJANGO_TOKEN;$PAYLOAD" > $DATAFILE | |
$ICURL_BIN -X POST -d @$DATAFILE "$TARGET" | head -1 | |
local RES=$? | |
rm $COOKIES $DATAFILE | |
echo $RES | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
On my osx yosemite machine, curl's cookie file had extra whitespace which I filter out with awk, I moved the credentials to environment vars, and it takes the payload on the commandline.