Logic simplification for login with user/pw

Christiandus commented 4 months ago

Inside the login function the logic for user/password authentication seems flawed.

The response to the post is not raised.
The request to /system/vdom seems unnecessary as the existence of an authenticated session is provided by the existence of the CSRF token

Current code

``` try: session.post( url=f"{self.url}/logincheck", data=urlencode([("username", self.username), ("secretkey", self.password)]), timeout=self.timeout, verify=self.verify, ) except Exception as ex: raise self._hide_secret_ex(ex) token = self._get_token_from_cookies(session) session.headers.update({"X-CSRFTOKEN": token}) response = session.get(url=f"{self.url}/api/v2/cmdb/system/vdom") response.raise_for_status() self._session = session ```

Let me know what you think about my suggestion!

My suggestion

``` # password try: response: Response = session.post( url=f"{self.url}/logincheck", data=urlencode([("username", self.username), ("secretkey", self.password)]), timeout=self.timeout, verify=self.verify, ) except Exception as ex: raise self._hide_secret_ex(ex) response.raise_for_status() token = self._get_token_from_cookies(session) session.headers.update({"X-CSRFTOKEN": token}) self._session = session ```

vladimirs-git commented 4 months ago

Agree, your proposal is correct.

vladimirs-git commented 3 months ago

fixed in 2.0.2

vladimirs-git / fortigate-api

Logic simplification for login with user/pw #30