search

sabre-io / Baikal

Baïkal is a Calendar+Contacts server
https://sabre.io/baikal/
GNU General Public License v3.0
2.42k stars 281 forks source link

Users API #1271

Open Abyss777 opened 4 weeks ago

Abyss777 commented 4 weeks ago

Baikal version: 0.9.5

I'm using Apache authorization and need to create users in Baikal externally. I'm trying to write python script, just reproduce web-browser, but it looks monstrous:

Create session:

s = requests.Session()

Login and store PHPSESSID in session

login_url = "http://localhost/dav/admin/"
login_data = { "auth":1, 
    "login": "admin",
    "password": "admin"
}

login_resp = s.post(url = login_url, data = login_data)

Now I need a CSRF_TOKEN, it is only in the html text, neither in headers nor in cookies Doing GET and parse page

users_url = "http://localhost/dav/admin/?/users/new/1/"
token_resp = s.get(url = token_url)
soup = BeautifulSoup(token_resp.text, 'html.parser')
token = str(soup.find('input', attrs = {"name":"CSRF_TOKEN"})["value"])

Now I have to send a lot of useless parameters in form

new_data = {
    "Baikal_Model_User::submitted": 1,
    "CSRF_TOKEN": token,
    "data[username]": "1234",
    "witness[username]": 1,
    "data[displayname]": "1234",
    "witness[displayname]": 1,
    "data[email]": "example@example.com",
    "witness[email]": 1,
    "data[password]": "1234",
    "witness[password]": 1,
    "data[passwordconfirm]": "1234",
    "witness[passwordconfirm]": 1
}
new_resp = s.post(url = users_url,  data=new_data)

Also the problem is that all requests returns 200 OK, and I can't handle any errors.

I'll need to update users in future and there is no way to get a list of users. Only from DB.

Creating users in DB is a bad idea, a lot of subsequent actions I have to do: create user and principal, create Default calendar and Default addressbook.

Am I missing something and there is a normal API to create/edit/list users with JSON requests and responses?