Description:

Greetings to all.

I am writing a parser. I am trying to log in to the Publisher Unity Asset Store account using the Jsoup library. But nothing comes out, because I can't get a token normally.

Using HTTPAnalyzer looked what is sent in the request.

POST request content

As you can see in the screenshot above, in the request there is a field authenticity_token. The token is located on the authorization page (the first link above) in the html-code of the page in one of the <meta> tags.

I describe this so that it is clear that you cannot get a token BEFORE loading the page. Also, the token changes with each page refresh.

And it turns out that I can load the page as follows and fill in all the fields except the token.

 Connection.Response response = Jsoup .connect(url) .userAgent(client) .data("utf8", "?") .data("authenticity_token", "???????????") .data("conversations_create_session_form[email]", "email@email.com") .data("conversations_create_session_form[password]", "password") .data("conversations_create_session_form[remember_me]", "true") .data("commit", "Log in") .execute();

Then parse the token:

 token = response.parse() .select("meta") .get(5) .attr("content");

But it will not make sense, because the request has already been sent. Creating a new request will refresh the page and invalidate the sparking token.

Question: How to send a current token?

Please do not hesitate to make assumptions, I will be glad to any help :)

    2 answers 2

    Here is the code I got, which is authorized and allows you to request data from other pages on the site.

     package tk.seawind.unityauth; import java.io.IOException; import org.jsoup.Connection; import org.jsoup.Jsoup; import org.jsoup.nodes.Document; import org.jsoup.nodes.Element; public class App { public static void main(String[] args) throws IOException { String token = ""; Connection.Response response = Jsoup .connect("https://publisher.assetstore.unity3d.com/") .execute(); Document doc = response.parse(); for (Element meta : doc.select("meta")) { if (meta.attr("name").equals("csrf-token")) { token = meta.attr("content"); } } response = Jsoup .connect("https://id.unity.com" + doc.select("form").attr("action")) .method(Connection.Method.POST) .data("utf8", "%E2%9C%93") .data("_method", "put") .data("authenticity_token", token) .data("conversations_create_session_form[email]", "***@***.***") .data("conversations_create_session_form[password]", "********") .data("conversations_create_session_form[remember_me]", "true") .data("commit", "Log in") .cookies(response.cookies()) .execute(); // С этого места мы уже авторизированны и работаем с сайтом (не забывая вставлять куки). Для проверки запросил страницу редактирования аккаунта. response = Jsoup .connect("https://id.unity.com/account/edit") .cookies(response.cookies()) .execute(); System.out.println(response.body()); } }

    • First parse token to: publisher.assetstore.unity3d.com then specify it in the login form sent id.unity.com - Morewind
    • Your way worked, thank you so much! Perhaps you will have ideas on how to parse the information from the page, if this information is loaded by a js-script and only then inserted into the html? - Denis Perfomer
    • You need to use something like this: docs.seleniumhq.org/docs/03_webdriver.jsp which can perform javascript. - Morewind

    Get a token on the home page, with him already logged in form. Something like this:

      String token = ""; Document doc = Jsoup .connect("https://publisher.assetstore.unity3d.com/") .get(); for (Element meta : doc.select("meta")) { if (meta.attr("name").equals("csrf-token")) { token = meta.attr("content"); } }
    • Thanks for the reply, Morewind. However, the question is not how to get the token. I have already done this, as you see. If you know how to send it to the form after receiving the token, please write) - Denis Perfomer