强制Content-Type或在瓶暴露request.data已知内容类型 [英] Force Content-Type or expose request.data in Flask for known content-type

问题描述

我重新在Python /瓶服务，并正在运行与现有客户进行身份验证的方式的问题。我要匹配兼容性的原因，现有的客户方案。

I am recreating a service in Python/Flask and am running into an issue with the way the existing clients authenticate. I have to match the existing clients scheme for compatibility reasons.

现有客户采取用户名，密码和连接的base64 code吧。这不是HTTP基本身份验证，尽管发音相似。下面是一些示例code，将创建该登录请求。

The existing clients take the username, password and base64 encode it. This is not HTTP Basic Authentication, despite sounding similar. Below is some sample code that would create this login request.

credentials = {
            'username': 'test@example.com',
            'password': 'password'
}
data = b64encode(urlencode(credentials))
request = urllib2.Request(loginURL)
request.add_data(data)
# request.add_header('Content-Type', 'application/gooblygop')
# 'application/x-www-form-urlencoded' seems to be a default Content-Type
login = urllib2.urlopen(request)

在服务器端，我把POST数据的base64德code将其重新获得用户名和密码信息。

On the server side, I take the POST data and base64 decode it to get the username and password information again.

flask server:
@app.route('/login', methods=['POST'])
def login():
    error = None
    if request.method == 'POST':
        # post data: cGFzc3dvcmQ9ZGVmYXVsdCZlbWFpbD10ZXN0JTQwZXhhbXBsZS5jb20=
        data = b64decode(request.data)
        # decoded data: password=default&email=test%40example.com
        return('ok')

问题是内容类型。如果我在客户机（应用程序/ gooblygop）一个未知的内容类型，瓶暴露了POST数据到request.data，我可以去code以base64字符串。如果我离开的Content-Type为默认值（应用程序/ x-WWW的形式urlen codeD），原始数据不会暴露在request.data，我不知道如何检索的base64 EN codeD字符串，并利用它。

The problem is the Content Type. If I specify an unknown Content-Type in the client (application/gooblygop), Flask exposes the POST data to request.data and I can decode the base64 string. If I leave the Content-Type as default (application/x-www-form-urlencoded), the raw data is not exposed to request.data and I don't know how to retrieve the base64 encoded string and make use of it.

现有的客户端软件的所有pretty很多默认的X WWW的形式urlen $ C $的CD，但我不能依赖于始终既然如此。

The existing client software all pretty much defaults to x-www-form-urlencoded, but I can't rely on that always being the case.

从本质上讲，我需要一个可靠的，服务器端的方法，用于访问连接codeD字符串不管什么内容类型的客户端程序的状态。

Essentially, I need a reliable, server-side method for accessing that encoded string no matter what Content-Type the client program states.

其他注意事项：我很新到Python，从PHP背景的。所以我要建议非常开放。此外，该项目主要是供个人使用。

Other notes: I am very new to Python, coming from a PHP background. So I am very open to suggestions. Also, this project is primarily for personal use.

推荐答案

您想看看的Request.Form 的对象与urlen codeD驿卒打交道时正常MIME类型。在这种情况下，你有一个不寻常的形式，但这里是一个办法做到这一点：

You want to look at the request.form object when dealing with urlencoded posts with normal mimetypes. In this case you have an unusual form, but here is a way to do it:

# mkreq.py
from urllib import urlencode
import urllib2
from base64 import b64encode

credentials = {
            'username': 'test@example.com',
            'password': 'password'
}
data = b64encode(urlencode(credentials))
request = urllib2.Request("http://localhost:5000/login")
request.add_data(data)
request.add_header('Content-Type', 'application/gooblygop')
# 'application/x-www-form-urlencoded' seems to be a default Content-Type
login1 = urllib2.urlopen(request).read()
print(login1)
request2 = urllib2.Request("http://localhost:5000/login")
request2.add_data(data)
login2 = urllib2.urlopen(request2).read()
print(login2)

您可能要修改登录位检查MIME类型，这里是用最少的更改当前设置一个版本：

You probably want to modify the login bit to check the mimetype, here is a version with minimal changes to your current setup:

@app.route('/login', methods=['POST'])
def login():
    error = None
    if request.method == 'POST':
        # post data: cGFzc3dvcmQ9ZGVmYXVsdCZlbWFpbD10ZXN0JTQwZXhhbXBsZS5jb20=
        data = b64decode(request.data)
        # decoded data: password=default&email=test%40example.com
        if not data:
            data = b64decode(request.form.keys()[0])
        special_mimetype = request.mimetype
        return(special_mimetype + '\n' + data)

这是第一个code样品的输出，有两个要求：

This is the output of the first code sample, with two requests:

bvm$ python mkreq.py
application/gooblygop
username=test%40example.com&password=password
application/x-www-form-urlencoded
username=test%40example.com&password=password

这篇关于强制Content-Type或在瓶暴露request.data已知内容类型的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！