1

I'm trying to change Magento password account from Python script using requests module, the relevant code I made looks as below:

import requests
from bs4 import BeautifulSoup
[...]
s = requests.session()
main_url = 'https://account.magento.com/customer/account/login/'
html_data = s.get(main_url)
form_soup = BeautifulSoup(html_data.content, 'html.parser')
form_key = form_soup.find('input', {'name':'form_key'})['value']
    
login_route = 'https://account.magento.com/customer/account/loginPost/'
login_payload = {
      'form_key': form_key,
      'login[username]': web_user,
      'login[password]': web_pass
}
login_req = s.post(login_route, data=login_payload)
[..]
account_change_password_post = "https://account.magento.com/customer/account/changePasswordPost/"
change_password_payload = {
       'form_key': form_key,
       'current_password': web_pass,
       'password': new_pass,
       'password_confirmation' : new_pass
}
    
change_pass_req = s.post(account_change_password_post, data=change_password_payload)

But it doesn't let me update the password so I was wondering if someone could tell me what it takes to be able to update the password through Python to Magento account?

Improve this question
9
  • Is account_change_password_post an api end point? Commented Aug 26, 2021 at 11:58
  • @Sabil yes it is. Commented Aug 27, 2021 at 8:11
  • Then you can construct a password reset request to do that. it will better if you can share the error log for this api call Commented Aug 27, 2021 at 8:30
  • 1
    Is it possible to share the complete working code? what is the response you received from magento api? Commented Aug 27, 2021 at 12:47
  • 1
    @marcuse yes it's ok for me thanks Commented Sep 1, 2021 at 15:24

1 Answer 1

Reset to default
2
+200

I solved your case.

TL;DR: You need to navigate to the /customer/account/changepassword/ page and re-fetch from this newly loaded page the new form_key associated with the change password form.

The beneath Python script will work.

import requests
from bs4 import BeautifulSoup

web_user = 'your_user'
web_pass = 'your_current_pass'
new_pass = 'your_new_pass'

s = requests.session()
main_url = 'https://account.magento.com/customer/account/login/'
html_data = s.get(main_url)
form_soup = BeautifulSoup(html_data.content, 'html.parser')
form_key = form_soup.find('input', {'name': 'form_key'})['value']

login_route = 'https://account.magento.com/customer/account/loginPost/'
login_payload = {
    'form_key': form_key,
    'login[username]': web_user,
    'login[password]': web_pass
}
login_req = s.post(login_route, data=login_payload)

nav_url = 'https://account.magento.com/customer/account/changepassword'
html_nav_data = s.get(nav_url)
nav_form_soup = BeautifulSoup(html_nav_data.content, 'html.parser')
nav_form_key = nav_form_soup.find('input', {'name': 'form_key'}['value']

account_change_password_post = "https://account.magento.com/customer/account/changePasswordPost/"
change_password_payload = {
    'form_key': nav_form_key,
    'current_password': web_pass,
    'password': new_pass,
    'password_confirmation': new_pass
}

change_pass_req = s.post(account_change_password_post, data=change_password_payload)

But what went wrong?

The API response headers related to the script in your question reveal actually what's wrong despite the 200 response status. If you check the response headers out and take a look at the Set-Cookie key and then check out the mage-messages section, you will find the error message related to your API call.

{
   "Date":"Mon, 30 Aug 2021 18:39:57 GMT",
   "Content-Type":"text/html; charset=UTF-8",
   "Transfer-Encoding":"chunked",
   "Connection":"keep-alive",
   "Server":"nginx",
   "Vary":"Accept-Encoding",
   "Set-Cookie":"PHPSESSID=02e1fa14808aabbb1bc1eefdd2482ddc; expires=Mon, 30-Aug-2021 18:54:57 GMT; Max-Age=900; path=/; domain=magento.com; secure; HttpOnly; SameSite=Lax, mage-messages=%5B%7B%22type%22%3A%22error%22%2C%22text%22%3A%22Invalid%20Form%20Key.%20Please%20refresh%20the%20page.%22%7D%5D; expires=Tue, 30-Aug-2022 18:39:57 GMT; Max-Age=31536000; path=/; SameSite=Strict, X-Magento-Vary=9bf9a599123e6402b85cde67144717a08b817412; expires=Mon, 30-Aug-2021 18:54:57 GMT; Max-Age=900; path=/; secure; HttpOnly; SameSite=Lax",
   "Pragma":"no-cache",
   "Cache-Control":"max-age=0, must-revalidate, no-cache, no-store",
   "Expires":"Sun, 30 Aug 2020 18:39:57 GMT",
   "fastly-page-cacheable":"NO",
   "X-Magento-Tags":"FPC",
   "Content-Security-Policy-Report-Only":"font-src use.typekit.net data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net www.googletagmanager.com www.paypal.com www.sandbox.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com *.paypal.com *.braintreegateway.com tst.kaptcha.com www.google.com www.youtube.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com www.google.com *.paypal.com *.magento.com magento.com embedwistia-a.akamaihd.net fast.wistia.com embed-fastly.wistia.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.youtube.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com use.typekit.net *.paypal.com *.adobe.com js-agent.newrelic.com s3.amazonaws.com fast.wistia.com bam.nr-data.net www.gstatic.com www.google.com *.d41.co so.rlcdn.com *.braintree-api.com *.braintreegateway.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com use.typekit.net p.typekit.net www.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src magento.com *.magento.com blob: 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com *.adobe.com www.google-analytics.com stats.g.doubleclick.net google.com *.paypal.com *.braintree-api.com adobe.tt.omtrdc.net bam.nr-data.net *.wistia.com *.litix.io int-api.magedevteam.com api.magento.com *.d41.co *.braintreegateway.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline';",
   "X-Content-Type-Options":"nosniff",
   "X-XSS-Protection":"1; mode=block",
   "X-Frame-Options":"SAMEORIGIN, SAMEORIGIN",
   "Strict-Transport-Security":"max-age=15984000",
   "Access-Control-Allow-Origin":"https://www.magentocommerce.com",
   "Access-Control-Allow-Headers":"Origin, X-Requested-With, X-Forwarded-For, X-Forwarded-Proto",
   "Access-Control-Allow-Credentials":"true",
   "Content-Encoding":"gzip"
}

The error is US-ASCII URL encoded:

%5B%7B%22type%22%3A%22error%22%2C%22text%22%3A%22Invalid%20Form%20Key.%20Please%20refresh%20the%20page.%22%7D%5D

And decodes to:

[
   {
      "type":"error",
      "text":"Invalid Form Key. Please refresh the page."
   }
]
Improve this answer
Sign up to request clarification or add additional context in comments.

7 Comments

how you did to display the header, please ?
form_key and nav_form_keyis the same when i debug your code
You can print change_pass_req.headers
i have the same error: messages=%5B%7B%22type%22%3A%22error%22%2C%22text%22%3A%22Invalid%20Form%20Key.%20Please%20refresh%20the%20page.%22%7D%5D;
Hmmm, are you sure you aren't mixing up some variables? I re-tested the code and it works just fine.. This page refresh does the trick s.get(nav_url).
|

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.