We're Hiring!

Credentials with WebGateway, webclient URLs

General and open developer discussion about using OMERO APIs from C++, Java, Python, Matlab and more! Please new questions at https://forum.image.sc/tags/omero
Please note:
Historical discussions about OMERO. Please look for and ask new questions at https://forum.image.sc/tags/omero

If you are having trouble with custom code, please provide a link to a public repository, ideally GitHub.

Credentials with WebGateway, webclient URLs

Postby dsudar » Wed Jul 06, 2016 12:32 am

Hi,
I'm probably missing something obvious but is there a way to programmatically (in Python) passing login credentials to WebGateway and WebClient URL calls? I want to retrieve data from an OMERO instance (without a public user) through those convenient access methods but doing it all from a Python script.
Thanks,
- Damir
dsudar
 
Posts: 235
Joined: Mon May 14, 2012 8:43 pm
Location: Berkeley, CA, USA

Re: Credentials with WebGateway, webclient URLs

Postby wmoore » Wed Jul 06, 2016 9:11 am

Hi Damir,

Here's a Python script that logs in and retrieves json data via webgateway urls using the requests library http://docs.python-requests.org/

https://gist.github.com/will-moore/36c0 ... aabc028d70

A full list of the webgateway urls is at http://downloads.openmicroscopy.org/ome ... teway.urls (although you may find the source code easier to read!
https://github.com/openmicroscopy/openm ... ay/urls.py

I'm afraid the functionality provided by the current webgateway json urls is a kinda limited.

The webclient uses a different set of urls to load json data for the tree. These urls are prefixed with 'api' in https://github.com/openmicroscopy/openm ... nt/urls.py
One way to explore these is to use the development tools in your browser to see what urls are being accessed (E.g. "Network" tab of Chrome dev tools) while you're browsing the tree.
The only caveat is that webclient urls are not really considered a public 'API' and may change in minor releases.

We have started working on a new json api that will provide much more complete api coverage than the current webgateway urls. Hopefully you should see the first part of this in 5.3.0.

Regards,

Will.
User avatar
wmoore
Team Member
 
Posts: 674
Joined: Mon May 18, 2009 12:46 pm

Re: Credentials with WebGateway, webclient URLs

Postby dsudar » Wed Jul 06, 2016 6:08 pm

Hi Will,

Thanks much for the quick response and clear instructions. The piece of example code is great and makes sense. One problem: the session.post() call results in a 403 error back from the server. My server runs nginx over https. Does that require some additional code to handle the login process? I'm sure that is all in http://docs.python-requests.org/en/master/ but a bit too complex for me to easily understand.

Thanks,
- Damir
dsudar
 
Posts: 235
Joined: Mon May 14, 2012 8:43 pm
Location: Berkeley, CA, USA

Re: Credentials with WebGateway, webclient URLs

Postby atarkowska » Wed Jul 06, 2016 6:37 pm

Hi Damir

OMERO.web offers only session based authentication. You have to obtain CSRF token from the login page first

Code: Select all
>>> login_url = "https://server.openmicroscopy.org/webclient/login/"
>>> client = requests.session()
>>> client.get(login_url)
>>> csrftoken = client.cookies['csrftoken']
>>> data = {'username': "user", 'password': "secret", 'server': 1, 'noredirect':1, 'csrfmiddlewaretoken':csrftoken}
>>> r = client.post(login_url, data=data, headers=dict(Referer=login_url))
>>> print r.content
OK


Make sure you include a valid CSRF token for any following "unsafe" HTTP method calls in your script.

Ola
atarkowska
 
Posts: 327
Joined: Mon May 18, 2009 12:44 pm

Re: Credentials with WebGateway, webclient URLs

Postby atarkowska » Wed Jul 06, 2016 6:57 pm

You are right, Will's example doesn't work also because of lack of referrer, I updated my previous post.

Ola
atarkowska
 
Posts: 327
Joined: Mon May 18, 2009 12:44 pm

Re: Credentials with WebGateway, webclient URLs

Postby dsudar » Thu Jul 07, 2016 5:24 am

Hi Ola,

This works great with my https/nginx server. Thanks!
I actually managed to get the code in Will's example to work when connecting to the Django development server which was running over http. But everything is much better with the real and secure web server.

Indeed, I'm using the 'client' session id for all subsequent requests and that works very well. What is actually the appropriate way to close that session to make sure any resources are released at the end of my script?

The webgateway json tools may be a bit limited but are quite usable. Looking forward to an even better json API in 5.3 and future versions.

Cheers,
- Damir
dsudar
 
Posts: 235
Joined: Mon May 14, 2012 8:43 pm
Location: Berkeley, CA, USA

Re: Credentials with WebGateway, webclient URLs

Postby wmoore » Thu Jul 07, 2016 9:26 am

Hi Damir,

Simply logging out is sufficient to close the session:

Code: Select all
logout_url = BASE_URL + "webclient/logout/"
r = session.post(logout_url, headers=dict(Referer=login_url))


Regards,

Will.
User avatar
wmoore
Team Member
 
Posts: 674
Joined: Mon May 18, 2009 12:46 pm

Re: Credentials with WebGateway, webclient URLs

Postby atarkowska » Thu Jul 07, 2016 9:56 am

Hi Damir,

dsudar wrote:This works great with my https/nginx server. Thanks!
I actually managed to get the code in Will's example to work when connecting to the Django development server which was running over http. But everything is much better with the real and secure web server.


That is because script have to set referrer, that check is absolutely necessary for the security of Django's CSRF protection. Without it, Django won't prevent MITM attacks on SSL sites.

Ola
atarkowska
 
Posts: 327
Joined: Mon May 18, 2009 12:44 pm


Return to Developer Discussion

Who is online

Users browsing this forum: Bing [Bot] and 1 guest

cron