我解决了你的案子。
TL;DR:您需要导航到 /customer/account/changepassword/ 页面并从这个新加载的页面重新获取与更改密码表单关联的新 form_key。
下面的 Python 脚本可以工作。
import requests
from bs4 import BeautifulSoup
web_user = 'your_user'
web_pass = 'your_current_pass'
new_pass = 'your_new_pass'
s = requests.session()
main_url = 'https://account.magento.com/customer/account/login/'
html_data = s.get(main_url)
form_soup = BeautifulSoup(html_data.content, 'html.parser')
form_key = form_soup.find('input', {'name': 'form_key'})['value']
login_route = 'https://account.magento.com/customer/account/loginPost/'
login_payload = {
'form_key': form_key,
'login[username]': web_user,
'login[password]': web_pass
}
login_req = s.post(login_route, data=login_payload)
nav_url = 'https://account.magento.com/customer/account/changepassword'
html_nav_data = s.get(nav_url)
nav_form_soup = BeautifulSoup(html_nav_data.content, 'html.parser')
nav_form_key = nav_form_soup.find('input', {'name': 'form_key'}['value']
account_change_password_post = "https://account.magento.com/customer/account/changePasswordPost/"
change_password_payload = {
'form_key': nav_form_key,
'current_password': web_pass,
'password': new_pass,
'password_confirmation': new_pass
}
change_pass_req = s.post(account_change_password_post, data=change_password_payload)
但是出了什么问题?
与您问题中的脚本相关的 API 响应标头实际上揭示了问题所在尽管 200 响应状态。如果您检查响应标头并查看 Set-Cookie 键,然后查看 mage-messages 部分,您会发现与您的 API 调用相关的错误消息。
{
"Date":"Mon, 30 Aug 2021 18:39:57 GMT",
"Content-Type":"text/html; charset=UTF-8",
"Transfer-Encoding":"chunked",
"Connection":"keep-alive",
"Server":"nginx",
"Vary":"Accept-Encoding",
"Set-Cookie":"PHPSESSID=02e1fa14808aabbb1bc1eefdd2482ddc; expires=Mon, 30-Aug-2021 18:54:57 GMT; Max-Age=900; path=/; domain=magento.com; secure; HttpOnly; SameSite=Lax, mage-messages=%5B%7B%22type%22%3A%22error%22%2C%22text%22%3A%22Invalid%20Form%20Key.%20Please%20refresh%20the%20page.%22%7D%5D; expires=Tue, 30-Aug-2022 18:39:57 GMT; Max-Age=31536000; path=/; SameSite=Strict, X-Magento-Vary=9bf9a599123e6402b85cde67144717a08b817412; expires=Mon, 30-Aug-2021 18:54:57 GMT; Max-Age=900; path=/; secure; HttpOnly; SameSite=Lax",
"Pragma":"no-cache",
"Cache-Control":"max-age=0, must-revalidate, no-cache, no-store",
"Expires":"Sun, 30 Aug 2020 18:39:57 GMT",
"fastly-page-cacheable":"NO",
"X-Magento-Tags":"FPC",
"Content-Security-Policy-Report-Only":"font-src use.typekit.net data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net www.googletagmanager.com www.paypal.com www.sandbox.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com *.paypal.com *.braintreegateway.com tst.kaptcha.com www.google.com www.youtube.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com www.google.com *.paypal.com *.magento.com magento.com embedwistia-a.akamaihd.net fast.wistia.com embed-fastly.wistia.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.youtube.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com use.typekit.net *.paypal.com *.adobe.com js-agent.newrelic.com s3.amazonaws.com fast.wistia.com bam.nr-data.net www.gstatic.com www.google.com *.d41.co so.rlcdn.com *.braintree-api.com *.braintreegateway.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com use.typekit.net p.typekit.net www.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src magento.com *.magento.com blob: 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com *.adobe.com www.google-analytics.com stats.g.doubleclick.net google.com *.paypal.com *.braintree-api.com adobe.tt.omtrdc.net bam.nr-data.net *.wistia.com *.litix.io int-api.magedevteam.com api.magento.com *.d41.co *.braintreegateway.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline';",
"X-Content-Type-Options":"nosniff",
"X-XSS-Protection":"1; mode=block",
"X-Frame-Options":"SAMEORIGIN, SAMEORIGIN",
"Strict-Transport-Security":"max-age=15984000",
"Access-Control-Allow-Origin":"https://www.magentocommerce.com",
"Access-Control-Allow-Headers":"Origin, X-Requested-With, X-Forwarded-For, X-Forwarded-Proto",
"Access-Control-Allow-Credentials":"true",
"Content-Encoding":"gzip"
}
错误是US-ASCII URL 编码:
%5B%7B%22type%22%3A%22error%22%2C%22text%22%3A%22Invalid%20Form%20Key.%20Please%20refresh%20the%20page.%22%7D%5D
并解码为:
[
{
"type":"error",
"text":"Invalid Form Key. Please refresh the page."
}
]