Different HTTP status codes returned by requests and flask server

Question

I have written a python script which uses the requests library in order to test a Flask application.

While testing the login mechanism, the script isn't able to distinguish succesful login attempts from failed ones. HTTP POST requests always return a 200 HTTP status code.

On the server end insted, succesfull user login attempts are logged with status code 302, since I redirect the user to the homepage after login.

Tester code (with correct user credentials):

>>> import requests
>>> from utils import retrieve_csrf_token
>>> url = 'http://localhost:5000/login'
>>> token = retrieve_csrf_token(url)
>>> session = requests.Session()
>>> r = session.post(url, data={'email':'admin@test.com','password':'123456','csrf_token':token})
>>> r.status_code
>>> 200

Server log:

Valid form submitted
127.0.0.1 - - [29/Dec/2018 17:33:32] "POST /login HTTP/1.1" 302 -
127.0.0.1 - - [29/Dec/2018 17:33:32] "GET /home HTTP/1.1" 200 -
127.0.0.1 - - [29/Dec/2018 17:33:32] "GET /favicon.ico HTTP/1.1" 404 -

EDIT:

After further inspection I noticed that, after sending the POST request, the response in r.text is the homepage source code.

Following the same steps using a proxy or inspecting the requests using Chrome Developer tools I see the correct codes.

Answer 1

I'm not sure what the "session" object in your test code does, but if you wan't requests to not follow redirects (so that it gives you the actual status code) you'd generally do it like this:

r = requests.get('http://github.com', allow_redirects=False)

Documentation: http://docs.python-requests.org/en/latest/user/quickstart/#redirection-and-history