Login GITLAB using request

Question

Login GITLAB using request

Asked 4 years, 10 months ago

Viewed 73 times

1

I am trying to log in to gitlab using python requests library but is showing the error (The change you requested was Rejected (422))

Note. I cannot use any external library(Selenium, bs4, mechanizer).

Obs2. I removed the login and password from Data for security reasons.

follows code from below:

import requests

headers = {

'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 
(KHTML, like Gecko) Chrome/76.0.3809.132 Safari/537.36',
'Accept-Language': 'pt-BR,pt;q=0.9,en-US;q=0.8,en;q=0.7',
 }

data = {
'utf8': '\u2713',
'authenticity_token': '1iTsnSyWPBSq21gKe5_z',
'user[login]': 'login',
'user[password]': 'senha',

}

 response = requests.post('https://gitlab.com/users/sign_in', 
 headers=headers, data=data)


 print(response.content)

1 answer

Browser other questions tagged python-3.x python-requests

You are not signed in. Login or sign up in order to post.

by Guilherme Nascimento • **98,651** points · Answer 1 · 2019-09-01T15:55:19+00:00

This error occurs because the authenticity_token changes at all times, probably is an anti-CSRF (Cross-site request forgery), the only way to make it work would be to follow the following steps:

A GET request on https://gitlab.com/users/sign_in and use cookies like this:

import requests

session = requests.Session()

response = session.get('https://gitlab.com/users/sign_in')

#contem a resposta da página
html = response.text

In the sequence you should take the value of the attribute value of <input type="hidden" name="authenticity_token" value="..." /> which came from the get request, for this you can use the lib https://www.crummy.com/software/BeautifulSoup/, install with Pip:
```
pip install beautifulsoup4
```
It should look something like:
```
soup = BeautifulSoup(html)
authenticity_token = soup.find('input', {'name': 'authenticity_token'}).get('value')
```

And finally to authenticate:

data = {
    'utf8': '\u2713',
    'authenticity_token': authenticity_token,
    'user[login]': 'login',
    'user[password]': 'senha'
}

response = session.post('https://gitlab.com/users/sign_in', headers=headers, data=data)

Note that I’ve changed request.post for session.post, because you need access to the cookie set by gitlab itself to recognize the token.

I just suggested the above answer for study purposes, this means of obtaining the data is not very reliable, since if an anti-bot or anti-ddos suspect will soon stop it, i believe that the official Gitlab API is the way for you to get the desired results, go to:

https://docs.gitlab.com/ee/api/

I recommend you change your approach before doing too much unnecessary work, using the official API at first will require you to study a bit but it will help you avoid too many problems.