↖️ Show all posts

Login to a CSRF-Token Secured Website Using Mechanize

Ruby Ruby Ruby

# this is what you need to gem install in the first place
require 'mechanize'
require 'nokogiri'
require 'open-uri'

class EasyLogin
  def initialize(email, password)
    @email = email
    @password = password
    # generate a mechanize agent object for persistent "browsing"
    @browser = Mechanize.new do |agent|
      agent.user_agent_alias = 'Mac Safari'
      agent.follow_meta_refresh = true
    end
  end

  def login(login_url)
    # get the desired page with the login form
    get(login_url) do |page|
      # search the current csrf token in the head of the document
      csrf_token = page.search('//meta[@name="csrf-token"]/@content')
      # now let's dive into the form (authenticity_token is a hidden field)
      login_form = page.form_with(:id => 'new_admin') do |login|
        login.field_with(:name => 'admin[email]').value = @email
        login.field_with(:name => 'admin[password]').value = @password
        login.field_with(:name => 'authenticity_token').value = csrf_token
        # check output in console
        puts login.values
        # submit the form
        login.submit
      end
    end
  end

  def post(post_url, title, content)
    # get the token
    csrf_token = @browser.get(post_url).search('//meta[@name="csrf-token"]/@content')
    # define the data for the form
    payload = { 'article[title]' => title, 'article[content]' => content }
    # post to your controller
    @browser.post(post_url, payload, {})
  end

  def shutdown
    @browser.shutdown
  end
end

# ready to rock!
email = "email@emailprovider.com"
password = "your-password"
easy_login = EasyLogin.new(email, password)

login_url = 'http://localhost:3000/admins/sign_in'
easy_login.login(login_url)

post_url = 'http://localhost:3000/articles/new'
title = "Title of Post"
content = <<~MESSAGE
            "Lorem ipsum bacon gin tonic"
          MESSAGE
easy_login.post(post_url, title, content)

easy_login.shutdown



⬅️ Read previous Read next ➡️