How to access *incoming* headers in Sinatra? - ruby

I'm sending a request to a Sinatra application by this:
curl -X POST --header "MyHeader: 123444" http://localhost:9292/test -d ""
How can I access it in the route? These don't work:
headers["MyHeader"]
request["MyHeader"]
request.env["MyHeader"]
They're all nil.

Have you tried adding HTTP to the header name? So it would be request.env["HTTP_ MyHeader"] This is part of the rack spec.

Related

How to POST a Laravel form with cURL from CLI?

I have a laravel application with a form, where upon a GET request (example.my.lan/form) of the formular the user receives a *_session cookie and a XSRF-TOKEN cookie. Now I'm trying to call the controller (example.my.lan/form/confirmation) via POST on the command line with cURL:
curl -vvv -k -X POST -d "param1=value1&param2=value2" \
-H "Content-Type: application/x-www-form-urlencoded" \
--cookie "my_form_session=a...z" \
--cookie "XSRF-TOKEN=a...z" https://example.my.lan/form/confirmation
curl -vvv -k -X POST -d "param1=value1&param2=value2" \
-H "Content-Type: application/x-www-form-urlencoded" \
-H "my_form_session=a...z" \
-H "XSRF-TOKEN=a...z" https://example.my.lan/form/confirmation
curl -vvv -k -X POST -d "param1=value1&param2=value2" \
-H "Content-Type: application/x-www-form-urlencoded" \
-H "my_form_session: a...z" \
-H "XSRF-TOKEN: a...z" https://example.my.lan/form/confirmation
From my browser everything works as expected. But if I call the controller on the CLI using cURL, the laravel app is always responding with a 419 (The page has expired). I know this is some cookie related issue, but still can't figure ou how to solve it - maybe someone has an idea?
So roughly speaking here's what needs to happen:
You need to perform an initial request to get a valid session cookie (which is essentially an encrypted session id) and along with that you also need to somehow obtain a valid CSRF token.
To get the token you have two options.
Visit a page which has a form which includes it via #csrf
Grab the cookie called XSRF-TOKEN which contains the encrypted csrf token
When you send the request you need to be sure you send the correct session cookie e.g. --cookie "my_form_session=a...z".
If you got the token from the #csrf field then you either send the header X-CSRF-TOKEN or as an additional form field _token=csrftoken
If you got the token from the XSRF-TOKEN cookie, which contains an encrypted CSRF token, this needs to go in the X-XSRF-TOKEN field.
By convention, all non-standard HTTP headers should be prefixed with X- (indicating an extension to the protocol) which is why those headers start with X-

Obtaining Authorization Code from Spring OAuth 2.0 Authorization Server programmatically

I am trying to obtain an authorization code from a Spring OAuth 2.0 authorization server using simple CURL command.
curl -v --header "Authorization: Basic hasfhfashfakhsfakhf712641246" "http://0.0.0.0:0000/oauth-server/oauth2/authorize?response_type=code&client_id=dummyclient&client_secret=dummyclient&redirect_uri=http://oauth2server/oauth2callback/"
However, instead of getting back a redirect URL with the code, I am getting back a 302 redirect response to the login URL. Since I am already sending the username, password in the Authorization Header, is there a way to skip the login page redirect and get the Authorization Code directly?
you might need to tell curl to follow redirect with the -L flag
curl -L -v --header "Authorization: Basic hasfhfashfakhsfakhf712641246" "http://0.0.0.0:0000/oauth-server/oauth2/authorize?response_type=code&client_id=dummyclient&client_secret=dummyclient&redirect_uri=http://oauth2server/oauth2callback/"

Ruby GET request with headers and data?

This is a cUrl command I want to do in Ruby
curl --get 'https://api.twitter.com/1.1/statuses/user_timeline.json' --data 'screen_name=example' --header 'Authorization: OAuth oauth_consumer_key="example", oauth_version="1.0"' --verbose
So far I only know how to GET requests using Net::HTTP but these don't have headers and data like the cUrl command above.
It would be great if someone could tell me how to GET in Ruby with headers and data.
If you don't mind using additional GEMS, try UniRest

From Ruby to Perl, Post data is disappearing

I'm trying to mimic the following curl command that works perfectly:
curl -k -i -d #content.json -H "Content-Type: application/json" -H "Accept: applicaztion/json" https://localhost:909/api/authenticateUser
I'm mimicking the curl command in Ruby/rails. I'm using the rest-client gem. The target is an API written in old-style Perl. The problem is that the API does NOT "see" the payload that is sent in the new ruby code:
pload = '<string>'.to_json
response = RestClient::Request.execute(url: 'https://localhost:909/api/authenticateUser', method: :post, payload: pload, accept: :json, content_type: :json, verify_ssl: false)
What is going wrong? Is my Ruby code bad or is the Perl code "too stupid/old" to pick up the payload from ruby. This is the Perl code:
my $data = $cgi->param('POSTDATA') || "";
I tend to think the problem is with my ruby code since the old Perl code receives the payload properly from the curl command above and from some other old Perl code.
Thanks for the help.
For POSTDATA to be populated,
The request must have a Content-Length header
The value of the request's Content-Length header must be non-zero.
The request method must be POST.
The request must have a Content-Type header.
The value of the request's Content-Type header must not include any of the following:
application/x-www-form-urlencoded
multipart/form-data
application/xml
multipart/related

Invoking SOAP request from shell command

I using curl to send a SOAP request to a web service and get the response using shell scripting. please find below the command i am using:-
curl -H "Content-Type: text/xml; charset=utf-8" -H "SOAPAction:" -d #sample_request.txt -X POST http://someWebServiceURL
I am getting an error response which says no SOAPAction header.
PFB the response body part
<soapenv:Body>
<soapenv:Fault>
<faultcode>Client.NoSOAPAction</faultcode>
<faultstring>WSWS3147E: Error: no SOAPAction header!</faultstring>
</soapenv:Fault>
</soapenv:Body>
Any help is appreciated !!
You need to provide the name of the SOAP action. You have:
-H "SOAPAction:"
Supply the name of the action in there. E.g.
-H "SOAPAction: http://my_example/my_action"
Get the name of the action from the WSDL if you have one. E.g., see How do you determine a valid SoapAction?.
From the WSDL of the service, you can find the SoapAction. And you can find the operation you're trying to invoke and access the WSDL by opening a web browser to the URL of the service.
Using the curl to invoke the SoapAction, you should specify the Action by "-H", such as -H SOAPAction: http://tempuri.org/Execute.

Resources