Commit 1c189036 authored by jackie / Andrea Ida Malkah Klaura's avatar jackie / Andrea Ida Malkah Klaura
Browse files

fix tag matching & catch false login credentials

parent 8f7d0eb3
......@@ -54,7 +54,9 @@ def handle_login_form (cfg, parameters):
jar = response.cookies
m = re.search('<form action="([^"]*)"', response.text)
submit_url = m.groups()[0]
m = re.search("<input type='hidden' name='csrfmiddlewaretoken' value='([^']*)'", response.text)
# different steering versions seem to inconsistent in using ' or " for the
# arguments of the csrfmiddlewaretoken input tag
m = re.search("<input type=['\"]hidden['\"] name=['\"]csrfmiddlewaretoken['\"] value=['\"]([^'\"]*)['\"]", response.text)
csrf_mw_token = m.groups()[0]
m = re.search('<input type="hidden" name="next" value="([^"]*)"', response.text)
next_field = m.groups()[0]
......@@ -84,6 +86,13 @@ def handle_login_form (cfg, parameters):
print("CSRF cookie:", jar.get("csrftoken"))
print("session cookie:", jar.get("sessionid"))
# in case the login was successful, we should receive a 302. if we receive
# a 200, it means that the credentials have to be entered again because they
# are not correct
if (response.status_code == 200):
print("Username and/or password are not correct!")
sys.exit(1)
# attempt to retrieve final callback redirect
jar = response.cookies
url = cfg["base_url"] + next_field
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment