身份验证错误

Question

所以我编写了几个版本的代码，应该能够让我登录到需要身份验证的网页。 代码如下：

import urllib2
import sys
import re
import base64
from urlparse import urlparse

theurl = 'https://canvas.brown.edu/' #this is the real url
#a protected page - need to write the username and password below

username = 'username' #my username is here
password = 'XXXXXXXXX' #my password is here

print "Code begins"

req = urllib2.Request(theurl)
try:
    handle = urllib2.urlopen(req)
except IOError, e:
    #here we want to fail
        print "Authentification error found"
        pass

else:
    #if we don't fail then the page isn't protected
    print "This page isn't protected by authentication"
    sys.exit(1)

if not hasattr(e, 'code') or e.code != 401:
    #we got an error but not a 401 (need authentication) error
    print "This page isn't protected by authentication"
    print 'but we failed for another reason'
    sys.exit(1)

authline = e.headers['www-authenticate']
#this gets www-athenticate from the headers
#which has the authentication scheme and realm in it

authobj = re.compile(
        r'''(?:\s*www-authenticate\s*:)?\s*(\w*)\s+realm=['"]([^'"]+)['"]''', re.IGNORECASE)
    #this regular expression is used to extract scheme and realm
matchobj = authobj.match(authline)

if not matchobj:
    #if the authline isn't matched by the regular expression then something is wrong
    print 'The authentication header is badly formed'
    print authline
    sys.exit(1)

scheme = matchobj.group(1)
realm = matchobj.group(2)
#here we've extracted the scheme and the realm from the header
if scheme.lower() != 'basic':
    print 'This example only works with BASIC authentication'
    sys.exit(1)

base64string = base64.encodestring(
    '%s:%s'%(username, password))[:--1]
authheader = "Basic %s" %base64string
req.add_header("Authorization", authheader) 
try:
    handle = urllib2.urlopen(req)
except IOError, e:
    #here we shouldn't fail if the username and password is right
    print "It Looks like the username and password is wrong"
    sys.exit(1)
thepage = handle.read()
print "It worked!"

我运行它然后我得到这个错误：

C:\Python27>python authen_example.py
Code begins
Authentification error found
This page isn't protected by authentication
but we failed for another reason

并且 1) 我知道我需要对此页面进行身份验证 2) 用来说服务器超时的错误 3）如果可能的话，我还希望我的代码提示我输入用户名和密码，而不是直接在代码中要求它

对于充满代码的帖子感到抱歉，但这已经困扰了我两个星期，但我仍然无处可去。 提前致谢。

Answer 1

很难在此服务器上放置没有帐户的工作示例。

服务器可以检查许多元素的安全性 - 例如 cookie、用户代理、会话 ID。

我从类似这样的代码开始

import requests

#username = 'username'
username = raw_input("Username:")

#password = 'XXXXXXXXX'
username = raw_input("Password:")

start_url = 'https://canvas.brown.edu/' #this is the real url

session = requests.Session()

headers = {
    'User-Agent': 'Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:30.0) Gecko/20100101 Firefox/30.0'
}

print "Code begins"

response = session.get(start_url, headers=headers)

print response.status_code
print response.url

print "Login"

payload = {
    'username': username,
    'password': password
}

response = session.post(response.url, headers=headers, data=payload)

print response.status_code
print response.url

我在 Firefox 中使用 Firebug 来查看浏览器如何与服务器“接受” - 在登录期间将哪些元素发送到服务器。

有时我使用http://httpbin.org 来测试我的脚本发送的内容。

---

例如，您的服务器将username 和password 发送为j_username 和j_password。
所以你需要：

payload = {
    'j_username': username,
    'j_password': password
}