Skip to content

Instantly share code, notes, and snippets.

@gpocentek

gpocentek/gl-form.py

Created December 12, 2017 11:44
Show Gist options
  • Star 16 You must be signed in to star a gist
  • Fork 4 You must be signed in to fork a gist
  • Save gpocentek/bd4c3fbf8a6ce226ebddc4aad6b46c0a to your computer and use it in GitHub Desktop.
Save gpocentek/bd4c3fbf8a6ce226ebddc4aad6b46c0a to your computer and use it in GitHub Desktop.
Download ZIP
python-gitlab login/password auth using cookies
Raw
gl-form.py
import re
import sys
import requests
import gitlab
URL = 'https://gitlab.com'
SIGN_IN_URL = 'https://gitlab.com/users/sign_in'
LOGIN_URL = 'https://gitlab.com/users/sign_in'
session = requests.Session()
sign_in_page = session.get(SIGN_IN_URL).content
for l in sign_in_page.split('\n'):
m = re.search('name="authenticity_token" value="([^"]+)"', l)
if m:
break
token = None
if m:
token = m.group(1)
if not token:
print('Unable to find the authenticity token')
sys.exit(1)
data = {'user[login]': 'login_or_email',
'user[password]': 'SECRET',
'authenticity_token': token}
r = session.post(LOGIN_URL, data=data)
if r.status_code != 200:
print('Failed to log in')
sys.exit(1)
gl = gitlab.Gitlab(URL, api_version=4, session=session)
@Lobbyra
Copy link

Lobbyra commented Mar 28, 2024

Hello nice work.

Today in 16.8.1-ce.0, i had to fetch again the CSRF token because the login create a new gitlab session.

So here the process that worked for me :

  1. Get a first CSRF in an anon session
  2. Try to login
  3. Receive a 302 to /
  4. Get the CSRF again from the 302 location
  5. Use gitlab

In additionnal note, i changed the regex to <meta\s+name="csrf-token"\s+content="([^"]+)". It simply avoid the use of beautiful soup.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment