I'm trying to upload files to Redmine from a shell script with cURL:
url=localhost/redmine
curl -c cookie -F username=admin -F password=admin $url/login
curl -b cookie -F 'attachments[1][file]'=#file $url/projects/test/files/new
The first curl stores the session cookie into the file cookie after a successful login. But the second curl to upload always fails. Redmine's mysterious error message is
ActionController::MethodNotAllowed
Only get requests are allowed.
Any ideas?
This seems to do the trick:
curl -c cookie -F username=admin -F password=admin $url/login
curl -b cookie -F attachments[0][file]=#file $url/projects/test/files/new
It seems Ruby belongs to the family of rare languages that index arrays from zero, as attachments[0][file] is OK, while attachments[1][file] is not.
Related
We have multiple Kubernetes clusters across our company. To get the kubectl config content we use Dex to login and copy/paste the content to our local confi for kubectl.
I want to make this automated and so run a bunch of command to get the content using curl.
I couldn't work out how by checking the requests responses. Please help me if anyone knows how.
I found how to do it. So we need to make two calls. First one retrieves the login page in which we can grab the request id:
the_id=$(curl -s -v -L "https://login.${cluster}" | grep -Po 'action="(.*)"')
The above searches in the response for attribute action= where it tells you where to submit the request
Then use the_id in the next call:
konfig=$(curl --insecure POST -H 'Content-Type: application/x-www-form-urlencoded' -d "login=$username&password=$password" -v -L "${cluster}${the_id}" | grep -Pzo '(?s)id=".*?</')
This command will return a HTML page in which you can find the config. Obviously for you it can be different response but fetching the request id from the first call is the key that I missed to begin with.
I tried setup ALLINONE in my local, followed the documentation https://apim.docs.wso2.com/en/latest/learn/api-security/api-authentication/secure-apis-using-mutual-ssl/
it worked, but what will be the curl command for request because the document talks about testing only through postman
You can use the following curl commands when you want to use the header-based approach.
curl -X GET -H "X-WSO2-CLIENT-CERTIFICATE: (Base64 encoded public cert)" "https://localhost:8243/mock/v1" -v
curl -X GET -H "X-WSO2-CLIENT-CERTIFICATE: (Base64 encoded public cert)" "http://localhost:8280/mock/v1" -v
In order to work this, you need to add the following configuration to the deployment.toml in wso2am-3.2.0/repository/conf location.
[apimgt.mutual_ssl]
enable_client_validation = false
You can use the following curl commands if you are using the cert and key.
curl -k --cert int.ext.wso2.com.crt --key int.ext.wso2.com.key -X GET "https://localhost:8243/mock/v1" -v
I've created a simple AD on AWS and I'm trying to connect to it using the Administrator credentials set up while creating the simple AD. I'm running the ldapsearch command from another EC2 instance in the same subnet. However I"m running into an authentication error and I'm pretty sure it's not the password, as I've tried changing it multiple time with no luck.
Below is the ldapsearch command I'm using.
$ldapsearch -x -v -h "10.*.*.112" -b "dc=corp-testing,dc=example,dc=com" –D "Administrator#corp-testing.example.com" -W sAMAccountName=Administrator
Below is the output:
ldap_initialize( ldap://10.*.*.112 )
Enter LDAP Password:
ldap_bind: Invalid credentials (49)
additional info: 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db1
Would someone be able to point out the issue on this?
I ran into the same issue and I have found the solution, the username needs to be prefixed with the Directory NetBIOS name (this is available from the Directory details page), then login with:
ldapsearch -x \
-h 10.*.*.112 \
-b "cn=Users,dc=corp-testing,dc=example,dc=com" \
–D "${NetBIOSNAME}\\Administrator" \
-W sAMAccountName=Administrator
Obviously, change ${NetBIOSNAME} to the appropriate value.
Okay I figured it out, however I don't know the WHY. Try changing your search to:
ldapsearch -x -v -H "ldap://10.*.*.112:389/" -b "dc=corp-testing,dc=example,dc=com" –D "cn=Administrator,dc=corp-testing,dc=example,dc=com" -W sAMAccountName=Administrator
I tried this several times without the trailing / on the URI but it didn't work.
Problem was that the Administrator is inside of the Users node, so -D should include cn=Users also:
ldapsearch -x -v -h "10.*.*.112" -b "dc=corp-testing,dc=example,dc=com" –D "cn=Administrator,cn=Users,dc=corp-testing,dc=example,dc=com" -W sAMAccountName=Administrator
We are trying to use sonarqube webapi and as part of prototyping I was testing the authentication apis using cURL .
The session is not getting deactivated after calling logout , and when I call a service again with a logged out cookie, it is getting authorized successfully.
Following are the steps I followed
Login
curl -v -c cookies.txt POST -d "login=admin&password=admin" http://sonar:9919/api/authentication/login
Do a user token search (which needs authorization) with the cookie
curl -b cookies.txt http://sonar:9919/api/user_tokens/search
This is successfull and returns
{"login":"admin","userTokens":[{"name":"arunvg","createdAt":"2017-10-11T15:03:18+0400"}]}
Logout
curl -v -b cookies.txt POST http://sonar:9919/api/authentication/logout
Repeat Step 2, was expecting an error message like
{"errors":[{"msg":"Authentication is required"}]}
but the call got successful and with same result in Step 2
Am I missing something here ? Any hints ?
I am building a web service for a web application, and I would like a simple tool to test this as I am developing. I have tried some firefox plug-ins (Poster, 'REST Client'), and even though these work fine I have been unable to upload files with them.
Also, I would rather have a command-line tool that I can use to easily write a set of integration tests for this web service and that I can send to consumers of this web service as an example.
I know that curl can work for this but would like a few examples, especially around authentication (using HTTP Basic) and file uploads.
Answering my own question.
curl -X GET --basic --user username:password \
https://www.example.com/mobile/resource
curl -X DELETE --basic --user username:password \
https://www.example.com/mobile/resource
curl -X PUT --basic --user username:password -d 'param1_name=param1_value' \
-d 'param2_name=param2_value' https://www.example.com/mobile/resource
POSTing a file and additional parameter
curl -X POST -F 'param_name=#/filepath/filename' \
-F 'extra_param_name=extra_param_value' --basic --user username:password \
https://www.example.com/mobile/resource
In addition to existing answers it is often desired to format the REST output (typically JSON and XML lacks indentation). Try this:
$ curl https://api.twitter.com/1/help/configuration.xml | xmllint --format -
$ curl https://api.twitter.com/1/help/configuration.json | python -mjson.tool
Tested on Ubuntu 11.0.4/11.10.
Another issue is the desired content type. Twitter uses .xml/.json extension, but more idiomatic REST would require Accept header:
$ curl -H "Accept: application/json"
From the documentation on http://curl.haxx.se/docs/httpscripting.html :
HTTP Authentication
curl --user name:password http://www.example.com
Put a file to a HTTP server with curl:
curl --upload-file uploadfile http://www.example.com/receive.cgi
Send post data with curl:
curl --data "birthyear=1905&press=%20OK%20" http://www.example.com/when.cgi