Special characters in curl post - bash

I am trying to use the following curl
curl -k 'https://myhost.com:9091/nifi-api/access/token' -H 'Content-Type: application/x-www-form-urlencoded; charset=UTF-8' --data "username=$USERNAME&password=$PASSWORD" --compressed —insecure
But get an error with a % in the password saying
URLDecoder: Incomplete trailing escape (%) pattern
I have seen suggestions online to use --data-urlencode but then I get the following error.
The username and password must be specified.
How can I resolve this issue?

--data-urlencode is the way to go adding it multiple times, one per parameter
userh='vf&re'
passwordh='asdaf%'
curl 'http://127.0.0.1:8080/' --data-urlencode "username=$userh" --data-urlencode "password=$passwordh"
Let's start a netcat listener to check what was sent
netcat -l 8080
Received data:
POST / HTTP/1.1
Host: 127.0.0.1:8080
User-Agent: curl/7.60.0
Accept: */*
Content-Length: 34
Content-Type: application/x-www-form-urlencoded
username=vf%26re&password=asdaf%25
Sending all parameters in one option will not work since password parameter gets lost triggering the server error "The username and password must be specified."
curl 'http://127.0.0.1:8080/' --data-urlencode "username=$userh&password=$passwordh"
Response:
POST / HTTP/1.1
Host: 127.0.0.1:8080
User-Agent: curl/7.60.0
Accept: */*
Content-Length: 38
Content-Type: application/x-www-form-urlencoded
username=vf%26re%26password%3Dasdaf%25
First command from OP with --data will not work either as it sends the % sign as is triggering a server error that "sees" and incomplete percent encoded request.
POST / HTTP/1.1
Host: 127.0.0.1:8080
User-Agent: curl/7.60.0
Accept: */*
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Content-Length: 33
username=asdasdas&password=asdaf%
Based on this answer.

Related

Adapt multipart/form-data request to curl with image and json in the same request

I need to rewrite this curl request extracted from the browser to execute it from bash, it is a multipart/form-data that combines the upload of an image together with a json in the same request, I have carried out several tests substituting the raw data for two -F but the server responds with error.
What would be the correct way?
I also fail to understand the key that is next to WebKitFormBoundary is a value that seems random, is it just a separator? can i use anything?
I have removed the headers that I considered irrelevant
curl 'https://localhost' \
-H 'Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryXXXXXXXXXXXXXXXX'
-H 'Accept: */*' \
--data-raw $'------WebKitFormBoundaryXXXXXXXXXXXXXXXX\r\nContent-Disposition: form-data; name="image"; filename="image.jpg"\r\nContent-Type: image/jpeg\r\n\r\n\r\n------WebKitFormBoundaryXXXXXXXXXXXXXXXX\r\nContent-Disposition: form-data; name="item"; filename="blob"\r\nContent-Type: application/json\r\n\r\n{"item1":"xxxx","item2":"yyyy"}\r\n------WebKitFormBoundaryXXXXXXXXXXXXXXXX--\r\n' \
Thanks
I also fail to understand the key that is next to WebKitFormBoundary is a value that seems random, is it just a separator? can i use anything?
yes and yes and practically speaking yes. it's supposed to be a random-guaranteed-unique string used as separator to signal start and end of forms.. if you know beforehand that none of your uploads contains the string stackoverflow, you could use Content-Type: multipart/form-data; boundary=stackoverflow for example (but this may break if you upload a file actually containing the string stackoverflow !), but you should let curl generate that string automatically, rather than specifying it yourself, curl will auto-generate a string that is practically guaranteed to be unique.
I have removed the headers that I considered irrelevant
... if you guessed wrong, the server may give you an error for missing a required header. assuimg that you didn't make any mistakes in removing irrelevant headers though, i think it's
curl 'https://localhost'\
--form "image=#image.jpg;type=image/jpeg"\
--form "item=#blob;type=application/json"
the request generated by that command is roghly:
POST / HTTP/1.1
Host: localhost
User-Agent: curl/7.81.0
Accept: */*
Content-Length: 359
Content-Type: multipart/form-data; boundary=------------------------7d0262831ce8f248
--------------------------7d0262831ce8f248
Content-Disposition: form-data; name="image"; filename="image.jpg"
Content-Type: image/jpeg
image.jpg content
--------------------------7d0262831ce8f248
Content-Disposition: form-data; name="item"; filename="blob"
Content-Type: application/json
["json lol"]
--------------------------7d0262831ce8f248--
as you can see above, Accept: */* is curl's default accept-header anyway, so there's no need to specify it, and curl auto-generated the boundary ------------------------7d0262831ce8f248 so there's no need to manually specify a boundary either.

Microsoft Bot Framework (WebChat) - 500 Internal Server Error

From "Test in Web Chat" window in Azure Dashboard, I entered "hello" which is correctly received in my backend, but I'm still figuring out how to reply.
Note: WORDS IN CAPS means variable.
curl -d "grant_type=client_credentials&client_id=CLI-ENT-ID&client_secret=SECRET&scope=https%3A%2F%2Fapi.botframework.com%2F.default" -X POST https://login.microsoftonline.com/botframework.com/oauth2/v2.0/token
Response: {"token_type":"Bearer","expires_in":3600,"ext_expires_in":0,"access_token":"VERY_LONG_STRING"}
curl -d '{"type":"message","from":{"id":"mybot#SOME_ID","name":"mybot"},"conversation":{"id":"CONVERSATION_ID"},"recipient":{"id":"RECIPIENT_ID","name":"You"},"locale":"en","text":"hello too","replyToId":"CONVERSATION_ID|0000008"}' -H "Content-Type: application/json" -H "Authorization: Bearer VERY_LONG_STRING" -X POST https://api.botframework.com/v3/conversations/CONVERSATION_ID/activities/CONVERSATION_ID%7C0000008
Response: The page cannot be displayed because an internal server error has occurred.
Request from my app (also same error):
POST /v3/conversations/CONVERSATION_ID/activities/CONVERSATION_ID%7C0000008 HTTP/1.1
Accept: application/json
Content-Type: application/json
Authorization: Bearer VERY_LONG_STRING
User-Agent: Java-SDK
Content-Length: 273
Host: api.botframework.com
Connection: Keep-Alive
Accept-Encoding: gzip,deflate
{"type":"message","from":{"id":"mybot#SOME_ID","name":"mybot"},"conversation":{"id":"CONVERSATION_ID"},"recipient":{"id":"RECIPIENT_ID","name":"You"},"locale":"en","text":"hello too","replyToId":"CONVERSATION_ID|0000008"}
What do I miss?
Thanks to comment from Eric Dahlvang, I figure it out.
By default, ApiClient generated from swagger will have its basePath hardcoded to https://api.botframework.com.
Before replying, take the serviceUrl from incoming Activity and use it to change the basePath.

curl does not terminate after successful POST

I have created some curl command to send a POST to my server where I am listening on that port for input to trigger additional action. The command is the following (Just masked the URL):
curl -v -H "Content-Type: application/json" -X POST -d "{\"Location\":\"Some Name\",\"Value\":\"40%\"}" http://example.com:8885/
I get the following output from curl:
About to connect() to example.com port 8885 (#0)
Trying 5.147.XXX.XXX...
Connected to example.com (5.147.XXX.XXX) port 8885 (#0)
POST / HTTP/1.1
User-Agent: curl/7.29.0
Host: example.com:8885
Accept: /
Content-Type: application/json
Content-Length: 40
upload completely sent off: 40 out of 40 bytes
However after that curl does not close the connection. Am I doing something wrong? Also on the server I only receive the POST as soon as I hit ctrl+c.
It sits there waiting for the proper HTTP response, and after that has been received it will exit cleanly.
A minimal HTTP/1.1 response could look something like:
HTTP/1.1 200 OK
Content-Length: 0
... and it needs an extra CRLF after the last header to signal the end of headers.
I'm a bit rusty on this, but according to section 6.1 of RFC7230, you might need to add a Connection: close header as well. Quoting part of the paragraph:
The "close" connection option is defined for a sender to signal
that this connection will be closed after completion of the
response. For example,
Connection: close
in either the request or the response header fields indicates that
the sender is going to close the connection after the current
request/response is complete (Section 6.6).
Let me know if it solves your issue :-)
Is there a question mark in link ?
I found that my link had question mark like http... .com/something/something?properties=1 and i tried header connection: close but it was still active so i tried then removing ?properties etc. and it worked...

curl command to upload file to form

I'm trying to build a curl command that will upload my xpi to validation at Mozilla Add-on Validator.
I've captured the traffic with fiddler to see what the site is doing and try to mimic it's behavior from curl.
I've seen whats the post url, and tried curl https://addons.mozilla.org/en-US/developers/standalone-upload --form 'upload=#path-to-xpi.xpi' and also with csrfmiddlewaretoken=#path-to-xpi.xpi. And also tried adding the Content-Type.
This is the raw data from the first request:
POST https://addons.mozilla.org/en-US/developers/standalone-upload HTTP/1.1
Host: addons.mozilla.org
Connection: keep-alive
Content-Length: 41021
Origin: https://addons.mozilla.org
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.111 Safari/537.36
Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryI0LeCjkeJnsfGipU
Accept: */*
Referer: https://addons.mozilla.org/en-US/developers/addon/validate
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.8,he;q=0.6
Cookie: _ga=GA1.2.710702590.1450107779; sessionid=".eJyrVkouLkqLL8nPTs1TslLKznAOTYzI8czOTEzxCTe0SCzKichONjMO8PUO9Q5wcVfSUYpPLC3JiC8tTi2Kz0xRsjI0MrCwNDE3QZFISkwGmgeUVQJxi_Wg_GI9x9z8UKCIE1QeqKk4tbg4Mz8vPrWiILOoEmyepZmBQS0Aqsk0IA:1aLYVj:cbZQtNCkFRasDdFtJKI9b_WB6GA"
------WebKitFormBoundaryI0LeCjkeJnsfGipU
Content-Disposition: form-data; name="csrfmiddlewaretoken"
khCUaXlIkiadLW18arlXkc63PMKUKPDG
------WebKitFormBoundaryI0LeCjkeJnsfGipU
Content-Disposition: form-data; name="upload"; filename="extension.xpi"
Content-Type: application/octet-stream
Currently I'm receiving an html page with Not allowed.
What am I missing? What else should I add to the request to receive a good response?
Thanks
Not resolving the curl upload command thing, but the original problem - validate an xpi through command line.
Validating an xpi through command line
This can be achieved with the addons-linter by Mozilla, which was in its early stages when this question was asked.

Ruby cURL POST Request not going through

I am using Paw, an application to test REST requests. I have the follow request working using the application but need to change it to use cURL to use in my ruby on rails application.
POST /rest/api/latest/result/TRUNKDEVQAUNIT-TESTANDRGITBUILDDEV-12/comment HTTP/1.1
Content-type: application/json
Accept: application/json
Authorization: Basic dWkud29ya2JvdDpFVmgzUFQ0dEch
Cookie: JSESSIONID=C851F60AFB4A83F12753B9CCBC745093
Host: bamboo10.com
Connection: close
User-Agent: Paw/2.2.5 (Macintosh; OS X/10.10.5) GCDHTTPRequest
Content-Length: 32
{"content":"here is a comment, for testing purposes“}
I think it should look something like this but it is not working. I did not add the real username and password (or host) in for security reasons. Any help would be much appreciated. Thank you!
`curl -X POST -u username:password --data {"body": "This is a comment, for testing purposes"} -H "Accept: application/json" -H "Content-type: application/json" https://bamboo.com/rest/api/latest/result/TRUNKDEVQAUNIT-TESTANDRGITBUILDDEV-12/comment`
After a little time, I found the correct way to do it. It appears I was missing a ' before and after the data, as well as changing the json element to be content and not body
curl -H "Accept: application/json" -H "Content-type: application/json" -X POST -u username:password -d '{"content": "This is a comment, for testing purposes"}' https://bamboo10.com/rest/api/latest/result/TRUNKDEVQAUNIT-TESTANDRGITBUILDDEV-12/comment

Resources