on 12-26-2013 6:58 PM
Hi,
So I'm trying to integrate Python into River to do some testing. The only thing that makes it a bit tricky is that we have to handle XSRF/CSRF within Python and so I use the requests framework to make this easier for me.
I successfully get the X-CSRF-TOKEN and save it into local variable token. The guide then says that you pass it back in the headers. I tried it as a parameter too, and either mechanism works using Postman in Chrome.
Request execution failed due to missing or invalid XSRF token
Presumably I'm doing something wrong!
John
#! /usr/bin/python
import requests
import json
# First, get the X-CSRF-TOKEN
csrfurl='http://localhost:8000/sap/hana/rdl/odata/v1/project/subproject'
params= { 'X-CSRF-TOKEN': 'Fetch' }
auth= 'User','Password'
headers = {'Connection': 'keep-alive'}
r=requests.get(csrfurl,params=params, auth=auth, headers=headers)
params = { 'X-CSRF-TOKEN': r.headers['x-csrf-token'] }
token = r.headers['x-csrf-token']
print token
url='http://localhost:8000/sap/hana/rdl/odata/v1/project/subproject/entitu'
payload='{"customerId": 1, "firstName": "John", "lastName": "Appleby"}'
headers= {'Content-type': 'application/json;charset=utf-8', 'X-CSRF-TOKEN': token, 'Referer': csrfurl, 'Connection': 'keep-alive'}
r=requests.post(url, data=json.dumps(payload), headers=headers, auth=auth, params=params)
print headers
print r.url
print r.headers
print r.text
Found it.. first, I needed to use requests.Session(). It looks like this persists cookies, which was upsetting HANA.
There was also a bug in my payload, I was doing json.dumps, which wasn't necessary.
John
#! /usr/bin/python
import requests
import json
s = requests.Session()
s.headers.update({'Connection': 'keep-alive'})
params= { 'X-CSRF-TOKEN': 'Fetch' }
auth= 'User','Password'
r=s.get('http://localhost:8000/sap/hana/rdl/odata/v1/rca_demo/rca_demo',auth=auth,params=params)
token = r.headers['x-csrf-token']
print token
url='http://localhost:8005/sap/hana/rdl/odata/v1/project/subproject/entity'
payload='{ "customerId": 15, "firstName": "John", "lastName": "Appleby"}'
headers= {'Content-type': 'application/json;charset=utf-8', 'X-CSRF-TOKEN': token}
r2=s.post(url, data=payload, headers=headers, auth=auth)
print headers
print r2.url
print r2.headers
print r2.text
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Thanks, thats great. I've only played with sap-river.com so far, but I'm wondering if .csv/.hdbtid/.hdbtim files in the same package, could be used instead of python for loading static data, assuming River is installed on your local HANA box. Do you think that would be a possible alternative?
Per the discussion on your Top 10 River blog, in the Academy videos as far as I know I always used HTTP headers for x-csrf-token (both for the initial fetch and also when passing it back in the subsequent POST etc). This is in line with the doc. That said, I was testing with Python using your code above as the basis - and indeed the initial fetch works as an HTTP parameter. However I would recommend doing it as a HTTP header like this:
headers= { 'X-CSRF-TOKEN': 'Fetch' }
auth= 'User','Password'
r=s.get('http://localhost:8000/sap/hana/rdl/odata/v1/rca_demo/rca_demo',auth=auth,headers=headers')
token = r.headers['x-csrf-token']
print token
Anyway, great idea to use Python and there's an Academy video explaining how to do it in the works...
Thanks Philip for recording the 3 River/Python videos on HANA Academy. They are a great elaboration of the use case John shared above.
Furthermore, great sentiment on testing the efficacy of the River application instead of just loading CSV or using SQL to insert data into the underlying HANA tables. That statement definitely resonated with me and I'm setting up the Python environment now!
User | Count |
---|---|
85 | |
10 | |
10 | |
10 | |
7 | |
6 | |
6 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.