Contents

Django login form

%load_ext restmagic
%rest_root http://mezzanine.jupo.org

Requests defaults are set.

First attempt to login

%%rest --extract //p/text()
POST /en/admin/login/?next=/en/admin/
Content-Type: application/x-www-form-urlencoded

username=demo&password=demo

{
  "/html/body/div[1]/p[1]": "CSRF verification failed. Request aborted.",
  "/html/body/div[1]/p[2]": "You are seeing this message because this site requires a CSRF cookie when submitting forms. This cookie is required for security reasons, to ensure that your browser is not being hijacked by third parties.",
  "/html/body/div[1]/p[3]": "If you have configured your browser to disable cookies, please re-enable them, at least for this site, or for 'same-origin' requests."
}

<Response [403]>

Enable cookies

%rest_session

New session started.

Get the login page, this will set session CSRF cookie

r = %rest -q /en/admin/login/

Still can’t login, need a CSRF token

%%rest --extract //p/text()
POST /en/admin/login/?next=/en/admin/
Content-Type: application/x-www-form-urlencoded

username=demo&password=demo

{
  "/html/body/div[1]/p": "CSRF verification failed. Request aborted."
}

<Response [403]>

Login success

%%rest -q
POST /en/admin/login/?next=/en/admin
Content-Type: application/x-www-form-urlencoded

username=demo&password=demo&csrfmiddlewaretoken=$token

<Response [200]>

‘csrfmiddlewaretoken’ field

CSRF token is also available in the hidden HTML form field:

%rest -e "//input[@name='csrfmiddlewaretoken']/@value" /en/admin/login/

{
  "/html/body/div/div[4]/div[1]/div[1]/form/input": "zhWj8iiRqsN0aCxsxrc5TGvNZEus3MzQG4HpR3w0RiZfvcrjTqSBPayc4aqjtWR0"
}

<Response [200]>
%rest usage example GitHub API usage example