We are trying to use sonarqube webapi and as part of prototyping I was testing the authentication apis using cURL .
The session is not getting deactivated after calling logout , and when I call a service again with a logged out cookie, it is getting authorized successfully.
Following are the steps I followed
Login
curl -v -c cookies.txt POST -d "login=admin&password=admin" http://sonar:9919/api/authentication/login
Do a user token search (which needs authorization) with the cookie
curl -b cookies.txt http://sonar:9919/api/user_tokens/search
This is successfull and returns
{"login":"admin","userTokens":[{"name":"arunvg","createdAt":"2017-10-11T15:03:18+0400"}]}
Logout
curl -v -b cookies.txt POST http://sonar:9919/api/authentication/logout
Repeat Step 2, was expecting an error message like
{"errors":[{"msg":"Authentication is required"}]}
but the call got successful and with same result in Step 2
Am I missing something here ? Any hints ?
Related
We have multiple Kubernetes clusters across our company. To get the kubectl config content we use Dex to login and copy/paste the content to our local confi for kubectl.
I want to make this automated and so run a bunch of command to get the content using curl.
I couldn't work out how by checking the requests responses. Please help me if anyone knows how.
I found how to do it. So we need to make two calls. First one retrieves the login page in which we can grab the request id:
the_id=$(curl -s -v -L "https://login.${cluster}" | grep -Po 'action="(.*)"')
The above searches in the response for attribute action= where it tells you where to submit the request
Then use the_id in the next call:
konfig=$(curl --insecure POST -H 'Content-Type: application/x-www-form-urlencoded' -d "login=$username&password=$password" -v -L "${cluster}${the_id}" | grep -Pzo '(?s)id=".*?</')
This command will return a HTML page in which you can find the config. Obviously for you it can be different response but fetching the request id from the first call is the key that I missed to begin with.
I need to test a web service in visual studio command prompt.
This web service needs authentication in order to be added or created.
How do I set those authentication (ie: The username and password needed to pass the web service)?
Try wget:
wget --http-user=<user> --http-password=<pass> https://<url>
For the webcall arguments see here e.g.
wget --post-file "hello.xml" --header "content-type: text/xml;charset=utf-8" --header "SOAPAction: http://tepmuri.org/myservice/IService/Hello" http://localhost/Service.svc
I am following https://django-oauth-toolkit.readthedocs.org/en/0.7.0/rest-framework/getting_started.html for setting up Django OAuth Toolkit with rest framework.
As on step 4: https://django-oauth-toolkit.readthedocs.org/en/0.7.0/rest-framework/getting_started.html#step-4-get-your-token-and-use-your-api
It says to get token, we need to do a curl like:
curl -X POST -d "grant_type=password&username=<user_name>&password=<password>" http://<client_id>:<client_secret>#localhost:8000/o/token/
My Actual curl request for this process looks something like this(for already generated client_id and client_secret)
curl -X POST -d "grant_type=password&username=test&password=test" http://mbqvonqO7sI1lrh87uDd.C1U..NbKTb#0=eCM8Fl::2O=!0ZjE5UCha0UW?Oie-XCVUn;3XtmjT2SbFpzDJeM#Bn3.vPS!KLoDqVz7L-3.FfjP9v6yYyu2ghxObnIdIWppu=J#RPxPOfU#Q7KPt7da.?Bg0o5kCt5tY:wamsF#127.0.0.1:8000/o/token/
which didn't return any response and gives an error "bash: !0: event not found"
Any wrong in call made?
Issue is with the "client id" and "client secret" generated during register application(http://django-oauth-toolkit.readthedocs.org/en/0.7.0/rest-framework/getting_started.html#step-3-register-an-application)
"client id" and "client secret" contains special characters which can't be used with curl request in the mentioned way in documentation.
We can use it with the way suggested by Almalki as:
curl -X POST -d "client_id=YOUR_CLIENT_ID&client_secret=YOUR_CLIENT_SECRET&grant_type=password&username=YOUR_USERNAME&password=YOUR_PASSWORD" http://localhost:8000/o/token/
You can set client_id and client_secret as POST parameters:
curl -X POST -d "client_id=YOUR_CLIENT_ID&client_secret=YOUR_CLIENT_SECRET&grant_type=password&username=YOUR_USERNAME&password=YOUR_PASSWORD" http://localhost:8000/o/token/
I had the same problem as the OP and this was the only solution that worked for me:
curl -X POST -d 'grant_type=password&username=<username>&password=<password>' --user '<client_id>:<client_secret>' 'http://localhost:8000/o/token/'
I found this solution at Django OAuth Toolkit's Github issue #167. There is a great explanation there.
I'm trying to upload files to Redmine from a shell script with cURL:
url=localhost/redmine
curl -c cookie -F username=admin -F password=admin $url/login
curl -b cookie -F 'attachments[1][file]'=#file $url/projects/test/files/new
The first curl stores the session cookie into the file cookie after a successful login. But the second curl to upload always fails. Redmine's mysterious error message is
ActionController::MethodNotAllowed
Only get requests are allowed.
Any ideas?
This seems to do the trick:
curl -c cookie -F username=admin -F password=admin $url/login
curl -b cookie -F attachments[0][file]=#file $url/projects/test/files/new
It seems Ruby belongs to the family of rare languages that index arrays from zero, as attachments[0][file] is OK, while attachments[1][file] is not.
I managed to install cf on aws ec2 followingthe guide http://docs.cloudfoundry.com/docs/running/deploying-cf/ec2/
after some tryes, It seens that all be good with curl api.subdomain.domain/info
returning as expected.
Then I went to the next step, creating a user with this guide: http://docs.cloudfoundry.com/docs/running/managing-cf/managing-users.html
1 - executed:
uaac target uaa.[your-domain].com
got as response:
Context: admin, from client admin
2 - executed:
uaac token client get admin -s [admin-cliente-secret}
got:
Context: admin, from client admin
When i try to execute
uaac user add [test-user] -p [test-password] --emails [testemail]
I getting:
error response:
{
"error": "access_denied",
"error_description": "Access is denied"
}
*Note that the brackets hold valid values
How can I fetch some info about this error, debug it in some way, or find out wath is wrong?
I guess it might be a configuration problem.
Config your UAA configuration file like this.
https://groups.google.com/a/cloudfoundry.org/forum/#!starred/vcap-dev/y_qcaCczSVw
https://groups.google.com/a/cloudfoundry.org/forum/#!topic/vcap-dev/eaH4c2OmDEQ