search

TimMcCool / scratchattach

Scratch API wrapper with support for almost all site features, cloud requests framework and more
MIT License
174 stars 44 forks source link

Why not use JSON login? #249

Open TheI1 opened 1 week ago

TheI1 commented 1 week ago

I can see that the login function in session.py uses the login API to get the session ID by requesting the entire page.

I was wondering why not just get the JSON response from the login API, which includes the x-token already, the same way the browser does when you login using the box on the top-right?

Also I was curious why you did not not use the "json" and "cookies" parameters for the requests functions instead of setting the data to a json.dumps result and adding cookies to the header?

This is a (working) example of how I implemented this request for one of my personal projects:

request = requests.post(
    "https://scratch.mit.edu/accounts/login/",
    json={
        "username": username,
        "password": password
    },
    headers={
        "x-requested-with": "XMLHttpRequest",
        "referer": "https://scratch.mit.edu/",
        "x-csrftoken": token
    },
    cookies={
        "scratchcsrftoken": token
    }
)

and request.json()[0]["token"] to get the x-token. The session ID can still be obtained the same way through "Set-Cookie".

TimMcCool commented 3 days ago

I didn't use scratch.mit.edu/accounts/login because I couldn't get it to work for some reason. I always get [{'username': '', 'num_tries': 0, 'success': 0, 'msg': '', 'messages': [], 'id': None}] from the API.