Last active
March 24, 2017 09:06
-
-
Save repodevs/42358db6e2841cc7352c218625d201c3 to your computer and use it in GitHub Desktop.
Django Bypas CSRF and simple requests login
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# app/views.py | |
from django.contrib.auth import authenticate, login | |
from django.http import HttpResponse | |
from django.views.decorators.csrf import csrf_exempt | |
@csrf_exempt | |
def login_user(request): | |
user = authenticate(username=request.POST['username'], password=request.POST['password']) | |
login(request, user) | |
return HttpResponse("Logged In") | |
def getAllTracks(request): | |
if request.user.is_authenticated(): | |
return HttpResponse("Authenticated user") | |
else: | |
return HttpResponse("Non Authenticated user") | |
# urls.py | |
from app import views as app_views | |
urlpatterns = [ | |
url(r'^login/$', app_views.login_user, name='login'), | |
url(r'^all/$', app_views.getAllTracks), | |
] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import requests | |
resp = requests.post('http://127.0.0.1:8000/login/', {'username': 'admin', 'password': 'qweasd123'}) | |
print(resp.content) | |
print(resp.cookies) | |
cookies = dict(sessionid=resp.cookies['sessionid']) | |
print requests.get('http://127.0.0.1:8000/all/').content # without cookies | |
print requests.get('http://127.0.0.1:8000/all/', cookies=cookies).content # with cookies |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment