在 python 中验证 Github 私有仓库

Question

I want to verify if the given combination of repo URL, userid and password is valid or not. I am using request for this. Below is my python code:

requests.get('https://github.com/geetikatalreja/WebApp_DotNet.git', auth = ('valid_username', 'Valid_password'))

or

requests.get('https://github.com/geetikatalreja/WebApp_DotNet.git', auth=HTTPBasicAuth('valid_username', 'Valid_password'))

Both the statements are returning Error code 401. Error code 401 occurs when authentication is required and has failed or has not yet been provided, but I am able to login using the same credentials and URL from Github UI.

Kindly assist.

Answer 1

This kind of authentication works if you use the GitHub API but you cannot use the Web UI with basic authentication.

Normally, a Web UI uses a login form that sends a POST Request when you log in. After that, the session cookie is used in order to stay logged in (for the session). If the login should persist after the session expired, the website could use cookies that persist longer. I think GitHub uses this concept.

I would recommend you to use the API for automated processes because you can parse the responses easier.

Also, I strongly recommand not to use basic authentication with the real password. I would use PATs instead.

If you want to send authenticated requests to the API you can eg execute

requests.get('https://api.github.com/repos/geetikatalreja/WebApp_DotNet', auth = ('valid_username', 'Valid_password'))

Instead of the password, you can also just use a PAT of your account(which is more secure). You can create a PAT over there .

The GitHub API documentation can be found here and the documentation for accessing repositories there .

Answer 2

You can pass in the application/vnd.github.VERSION.diff media type to get the diff. So that would make it

requests.get('https://api.github.com/geetikatalreja/WebApp_DotNet.git/:owner/:repo/pulls/:number', auth = ('valid_username', 'Valid_password'))

the format should be like

requests.get('https://api.github.com/repos/:owner/:repo/pulls/:number', auth = ('valid_username', 'Valid_password'), headers=headers)

where

headers = {
    'Authorization': 'token mygithubtoken',
    'Accept': 'application/vnd.github.VERSION.diff',
}

We can't use OAuth tokens to access the website. However, diffs are available through the API:

https://developer.github.com/v3/pulls/#get-a-single-pull-request

Answer 3

Use token based authentication instead. Here is the link to get the personal token from github

https://help.github.com/en/github/authenticating-to-github/creating-a-personal-access-token-for-the-command-line

Once you have the token, you can -

1. Login from Command Line

    $ git clone https://github.com/geetikatalreja/WebApp_DotNet.git
    Username: your_username
    Password: your_token

2. Login using Code (Python urllib2 module)

    url = "https://api.github.com/geetikatalreja/WebApp_DotNet.git/:owner/:repo/pulls/:number"
    token = "your_token"

    request = Request(url)
    request.add_header('Authorization', 'token %s' % token)
    response = urlopen(request) 

3. Login using python request module

    import requests
    url = "https://github.com/geetikatalreja"
    response = requests.get(url, headers={'Authorization': 'your_token'})

BUT for some reason if you have to login using username/password then you can use below code

Disclaimer : code not tested, copied from here . This code is not using API instead parsing web page and doing the login

    s = requests.Session()
    r = s.get('https://www.github.com/login')
    tree = html.fromstring(r.content)
    data = {i.get('name'):i.get('value') for i in tree.cssselect('input')}
    data['login'] = username
    data['password'] = password
    r = s.post('https://github.com/session', data=data)