You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I have a flask application, and I want to interact with it through requests. To this end, I have coded a small script providing a client that is supposed to keep around jwt and CSFR tokens that are sent back by the server:
fromhttpimportHTTPStatusfromtypingimportCallableimportrequestsfromrequestsimportResponseclassAuthenticatedClient:
def__init__(self, base_url: str, email: str, password: str):
self._client=requests.Session()
self._base_url=base_url.rstrip('/')
response=self.post('/api/auth/login', json=dict(email=email, password=password))
ifresponse.status_code!=HTTPStatus.OK:
raiseRuntimeError('Authentication did not succeed')
def_get_csfr(self, kwargs) ->None:
response=self._client.get(f'{self._base_url}/api/csrf')
kwargs['headers'] =kwargs.get('headers', {}) | {'X-CSRF-Token': response.json()['csrf']}
def_action(self, method: Callable, url: str, *args, **kwargs) ->Response:
url=url.lstrip('/')
returnmethod(f'{self._base_url}/{url}', *args, **kwargs)
defget(self, url, *args, **kwargs) ->Response:
returnself._action(self._client.get, url, *args, **kwargs)
defput(self, url, *args, **kwargs) ->Response:
self._get_csfr(kwargs)
returnself._action(self._client.put, url, *args, **kwargs)
defpost(self, url, *args, **kwargs) ->Response:
self._get_csfr(kwargs)
returnself._action(self._client.post, url, *args, **kwargs)
defdelete(self, url, *args, **kwargs) ->Response:
self._get_csfr(kwargs)
returnself._action(self._client.delete, url, *args, **kwargs)
def__enter__(self):
returnselfdef__exit__(self, exc_type, exc_val, exc_tb):
self._client.close()
if__name__=="__main__":
credentials=dict(email='myuser@email.com', password='mypassword')
# get an authenticated clientwithAuthenticatedClient('http://127.0.0.1:5000', **credentials) asclient:
# get all the lists for the user, and request their deletionlists=client.get('/api/todolists')
Expected Result
I would expect to get something back on the "lists" variable, given that the credentials are correct.
Actual Result
I am getting an error due to the CSRF validation. Upon inspection of the trace with wireshark, I can conclude that the session cookie is being received and stored when doing the get for the CSRF token, but is not sent with the POST request when the AuthenticatedClient object is initialized.
I have a flask application, and I want to interact with it through requests. To this end, I have coded a small script providing a client that is supposed to keep around jwt and CSFR tokens that are sent back by the server:
Expected Result
I would expect to get something back on the "lists" variable, given that the credentials are correct.
Actual Result
I am getting an error due to the CSRF validation. Upon inspection of the trace with wireshark, I can conclude that the session cookie is being received and stored when doing the get for the CSRF token, but is not sent with the POST request when the AuthenticatedClient object is initialized.
System Information
The text was updated successfully, but these errors were encountered: