从Python脚本更改Magento密码帐户

2024-05-13 23:35:21 发布

您现在位置:Python中文网/ 问答频道 /正文
2693 3

我正在尝试使用请求模块从Python脚本更改Magento密码帐户,我编写的相关代码如下所示:

import requests
from bs4 import BeautifulSoup
[...]
s = requests.session()
main_url = 'https://account.magento.com/customer/account/login/'
html_data = s.get(main_url)
form_soup = BeautifulSoup(html_data.content, 'html.parser')
form_key = form_soup.find('input', {'name':'form_key'})['value']
    
login_route = 'https://account.magento.com/customer/account/loginPost/'
login_payload = {
      'form_key': form_key,
      'login[username]': web_user,
      'login[password]': web_pass
}
login_req = s.post(login_route, data=login_payload)
[..]
account_change_password_post = "https://account.magento.com/customer/account/changePasswordPost/"
change_password_payload = {
       'form_key': form_key,
       'current_password': web_pass,
       'password': new_pass,
       'password_confirmation' : new_pass
}
    
change_pass_req = s.post(account_change_password_post, data=change_password_payload)

但是它不允许我更新密码,所以我想知道是否有人可以告诉我,通过Python将密码更新到Magento帐户需要什么


Tags: keyhttpsformcom密码dataloginaccount
1条回答
网友
1楼 · 发布于 2024-05-13 23:35:21

我解决了你的案子

TL;DR:您需要导航到/customer/account/changepassword/页面,并从这个新加载的页面重新获取与更改密码表单关联的新form_key

Python脚本将起作用

import requests
from bs4 import BeautifulSoup

web_user = 'your_user'
web_pass = 'your_current_pass'
new_pass = 'your_new_pass'

s = requests.session()
main_url = 'https://account.magento.com/customer/account/login/'
html_data = s.get(main_url)
form_soup = BeautifulSoup(html_data.content, 'html.parser')
form_key = form_soup.find('input', {'name': 'form_key'})['value']

login_route = 'https://account.magento.com/customer/account/loginPost/'
login_payload = {
    'form_key': form_key,
    'login[username]': web_user,
    'login[password]': web_pass
}
login_req = s.post(login_route, data=login_payload)

nav_url = 'https://account.magento.com/customer/account/changepassword'
html_nav_data = s.get(nav_url)
nav_form_soup = BeautifulSoup(html_nav_data.content, 'html.parser')
nav_form_key = nav_form_soup.find('input', {'name': 'form_key'}['value']

account_change_password_post = "https://account.magento.com/customer/account/changePasswordPost/"
change_password_payload = {
    'form_key': nav_form_key,
    'current_password': web_pass,
    'password': new_pass,
    'password_confirmation': new_pass
}

change_pass_req = s.post(account_change_password_post, data=change_password_payload)

但出了什么问题

与问题中的脚本相关的API响应标题实际上揭示了问题所在,尽管响应状态为200。如果您签出响应头并查看Set-Cookie键,然后签出mage-messages部分,您将发现与API调用相关的错误消息

{
   "Date":"Mon, 30 Aug 2021 18:39:57 GMT",
   "Content-Type":"text/html; charset=UTF-8",
   "Transfer-Encoding":"chunked",
   "Connection":"keep-alive",
   "Server":"nginx",
   "Vary":"Accept-Encoding",
   "Set-Cookie":"PHPSESSID=02e1fa14808aabbb1bc1eefdd2482ddc; expires=Mon, 30-Aug-2021 18:54:57 GMT; Max-Age=900; path=/; domain=magento.com; secure; HttpOnly; SameSite=Lax, mage-messages=%5B%7B%22type%22%3A%22error%22%2C%22text%22%3A%22Invalid%20Form%20Key.%20Please%20refresh%20the%20page.%22%7D%5D; expires=Tue, 30-Aug-2022 18:39:57 GMT; Max-Age=31536000; path=/; SameSite=Strict, X-Magento-Vary=9bf9a599123e6402b85cde67144717a08b817412; expires=Mon, 30-Aug-2021 18:54:57 GMT; Max-Age=900; path=/; secure; HttpOnly; SameSite=Lax",
   "Pragma":"no-cache",
   "Cache-Control":"max-age=0, must-revalidate, no-cache, no-store",
   "Expires":"Sun, 30 Aug 2020 18:39:57 GMT",
   "fastly-page-cacheable":"NO",
   "X-Magento-Tags":"FPC",
   "Content-Security-Policy-Report-Only":"font-src use.typekit.net data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net www.googletagmanager.com www.paypal.com www.sandbox.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com *.paypal.com *.braintreegateway.com tst.kaptcha.com www.google.com www.youtube.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com www.google.com *.paypal.com *.magento.com magento.com embedwistia-a.akamaihd.net fast.wistia.com embed-fastly.wistia.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.youtube.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com use.typekit.net *.paypal.com *.adobe.com js-agent.newrelic.com s3.amazonaws.com fast.wistia.com bam.nr-data.net www.gstatic.com www.google.com *.d41.co so.rlcdn.com *.braintree-api.com *.braintreegateway.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com use.typekit.net p.typekit.net www.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src magento.com *.magento.com blob: 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com *.adobe.com www.google-analytics.com stats.g.doubleclick.net google.com *.paypal.com *.braintree-api.com adobe.tt.omtrdc.net bam.nr-data.net *.wistia.com *.litix.io int-api.magedevteam.com api.magento.com *.d41.co *.braintreegateway.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline';",
   "X-Content-Type-Options":"nosniff",
   "X-XSS-Protection":"1; mode=block",
   "X-Frame-Options":"SAMEORIGIN, SAMEORIGIN",
   "Strict-Transport-Security":"max-age=15984000",
   "Access-Control-Allow-Origin":"https://www.magentocommerce.com",
   "Access-Control-Allow-Headers":"Origin, X-Requested-With, X-Forwarded-For, X-Forwarded-Proto",
   "Access-Control-Allow-Credentials":"true",
   "Content-Encoding":"gzip"
}

错误是US-ASCIIURL编码的:

%5B%7B%22type%22%3A%22error%22%2C%22text%22%3A%22Invalid%20Form%20Key.%20Please%20refresh%20the%20page.%22%7D%5D

并解码至:

[
   {
      "type":"error",
      "text":"Invalid Form Key. Please refresh the page."
   }
]

相关问题 更多 >

    编程相关推荐