fortigate-api icon indicating copy to clipboard operation
fortigate-api copied to clipboard
verified publisher icon vladimirs-git

Logic simplification for login with user/pw

Open Christiandus opened this issue 1 year ago • 1 comments

Inside the login function the logic for user/password authentication seems flawed.

  • The response to the post is not raised.
  • The request to /system/vdom seems unnecessary as the existence of an authenticated session is provided by the existence of the CSRF token
Current code 
try:
    session.post(
        url=f"{self.url}/logincheck",
        data=urlencode([("username", self.username), ("secretkey", self.password)]),
        timeout=self.timeout,
        verify=self.verify,
    )
except Exception as ex:
    raise self._hide_secret_ex(ex)

token = self._get_token_from_cookies(session)
session.headers.update({"X-CSRFTOKEN": token})

response = session.get(url=f"{self.url}/api/v2/cmdb/system/vdom")
response.raise_for_status()
self._session = session

Let me know what you think about my suggestion!

My suggestion 
# password
try:
    response: Response = session.post(
        url=f"{self.url}/logincheck",
        data=urlencode([("username", self.username), ("secretkey", self.password)]),
        timeout=self.timeout,
        verify=self.verify,
    )
except Exception as ex:
    raise self._hide_secret_ex(ex)
response.raise_for_status()
token = self._get_token_from_cookies(session)
session.headers.update({"X-CSRFTOKEN": token})
self._session = session

Christiandus avatar May 08 '24 00:05 Christiandus

Agree, your proposal is correct.

vladimirs-git avatar May 08 '24 12:05 vladimirs-git

fixed in 2.0.2

vladimirs-git avatar May 17 '24 06:05 vladimirs-git