2

I know you can open webpages quite simply using the webbrowser module like:

import webbrowser
webbrowser.open('http://www.google.com')

but is it possible to pass log-in credentials to these websites? I would like to create a script that automates some stuff that I do on a regular basis, for example, open gmail in firefox to check my mail.

In addition, if it is possible to do so, can you somehow provide your password in this script in a secure way? So rather than plainly saying in the code:

pw = "defaultPass123"
webbrowser.sendPass(pw) # made up function, I don't think this actually works :)

you could somehow encrypt this data?

NSchrading
  • 144
  • 1
  • 13
  • possible duplicate of [Controlling Browser using Python?](http://stackoverflow.com/questions/3369073/controlling-browser-using-python) – David Wolever Aug 11 '11 at 06:51

3 Answers3

0

Depending on how the server handles authentication, you might be able to create a GET request that would do the trick:

from urllib import urlencode

credentials = {
    'username': 'bob',
    'password': 'secret'}
url = "http://example.com/login?" + urlencode(credentials)

Whether this will work depends on the service you are trying to access. You may be able to authenticate using a POST request, but if the goal is to open the site in an external browser, there aren't any consistent ways of passing POST request details to an external browser.

You could encrypt the password, yes. But since the script would need to decrypt the password in order to send it to the server, anyone with access to the script can probably still read your password. (Though it might keep casual non-programmer snoopers from reading your password.)

cdhowie
  • 158,093
  • 24
  • 286
  • 300
  • Does urlencode encrypt the data or is the plain-text password still within this string somewhere? http://docs.python.org/library/urllib.html#urllib.urlencode isn't really clear about what a “percent-encoded” string is. – NSchrading Aug 11 '11 at 07:14
  • It's a simple encoding scheme used to deal with non-ASCII characters and URL-special characters (like `=` or `&`) that are embedded in the data. It's not an encryption scheme, but rather is a required step when constructing a GET query string. If you are worried about your password being seen in transit across the Internet, you should be authenticating via HTTPS. – cdhowie Aug 11 '11 at 07:15
  • How would one authenticate with HTTPS or is that up to the website you are sending the password to? e.g. https://www.google.com/accounts/ServiceLogin? – NSchrading Aug 11 '11 at 07:20
  • Generally, just make sure that your URL begins with `https://`. The site of course needs to support HTTPS. – cdhowie Aug 11 '11 at 07:24
  • Got it, thanks. Alright, I guess I will get to trying out urllib and seeing if it works out. – NSchrading Aug 11 '11 at 07:27
0

yes it is possible via the use of OpenID.

http://openid.net/

OpenID basically is a login mechanism that allows users/programs to login WITHOUT exposing their login name and password. As far as I know, if you have a Google Account, you already can use OpenID, many others implement OpenID too, like Yahoo Facebook MySpace Flickr etc

Gapton
  • 2,044
  • 2
  • 20
  • 33
  • 1
    I think this question is about authenticating to *existing* websites, not developing new ones. – cdhowie Aug 11 '11 at 06:54
  • I never suggested the OP to develop anything new. From OP: for example, open gmail in firefox to check my mail. <--- You can use OpenID with Google. – Gapton Aug 11 '11 at 07:09
  • I agree with Gapton, except I think you could have been a bit more specific than just pointing to the openid site. Xoauth is the way Google recommend to access Gmail programmatically. – Duncan Aug 11 '11 at 08:05
0

Is your question specifically about accessing Google's sites, or about sites in general? If it is the former then Google provide APIs for most of their services and usually include Python as a supported language. For example, to check your Gmail with Python follow the instructions on http://code.google.com/p/google-mail-xoauth-tools/wiki/XoauthDotPyRunThrough

Even outside the Google world the first question you should be asking is 'does this site expose an api?'. If it does then that will be much easier to use than either simulating a web browser or driving a browser remotely.

If you decide you do just want to drive a browser remotely then look at Selenium as that will give you an easy way to drive almost any web browser from a separate application.

Duncan
  • 92,073
  • 11
  • 122
  • 156
  • Awesome, thanks for the information. My question was more about the general case of accessing any site, but since a lot of the sites I want to access automatically are Google-run, that API information should help. – NSchrading Aug 11 '11 at 22:32