My understanding of the process:
From mediawikis login manual https://www.mediawiki.org/wiki/API:Login
When using MediaWiki's web service API, you will probably need your application or client to log in. This involves submitting a login query, constructing a cookie, and confirming the login by resubmitting the login request with the confirmation token returned.
1) Attempt to login with username and password, this will fail with 'result="NeedToken"' as part of response html. Response will also contain the token to be passed in for the next login attempt.
2) Attempt to login again, this time passing in token in addition to un/pw. This should return with 'result="Success"'
My code:
###Attempt first login setup cookie jar
loginRes1=$(curl --cookie-jar cjar -X POST "$domain/wiki/api.php?action=login&lgname=$lgname&lgpassword=$lgpassword")
###Grab the token from login attempt
lgtoken=$(echo $loginRes1 |sed -rn "s/.*token="([0-9a-zA-Z]+)".*/\1/p" )
###Attempt second login, this time passing token as well
loginRes2=$(curl --cookie-jar cjar -X POST "$domain/wiki/api.php?action=login&lgname=$lgname&lgpassword=$lgpassword&lgtoken=$lgtoken")
Result:
echo $loginRes1
###Only relevant html from echo shown below, cleaned up into xml syntax
<?xml version="1.0"?> <api> <login result="NeedToken" token="944af711913a037cfb8b90d477d51f6c" cookieprefix="ronk" sessionid="isqvhm955lj35g1q2e2klme091" /> </api>
echo $loginRes2
###Only relevant html from echo shown below, cleaned up into xml syntax
<?xml version="1.0"?> <api> <login result="NeedToken" token="ffdd1aa6dc3699df26b9de6dd1c6d5a5" cookieprefix="ronk" sessionid="fdahoh4gh7junrqm1tk2p1qd25" /> </api>
I'm still getting the NeedToken result the second time, instead of Success as I would expect.
Logging in via browser
I can login normally with a browser with a form submission, the post request contains 4 parameters: wpName, wpPassword, wpLoginAttempt, wpLoginToken
wpName=myName&wpPassword=myPassword&wpLoginAttempt=Log+in&wpLoginToken=d3fe3a1de6fbc934acd3039149f3c56d
Other Notes
1) I confirmed that the un/pw works when logging in normally through a browser.
2) It's unclear to me if I'm using the curl cookie-jar syntax appropriately
3) I don't know the version of mediawiki I'm connecting to, it was installed recently and is likely the highest stable version.
4) You'll notice in the successful browser attempt, the parameters have the wp prefix instead of lg, if I change the curl attempt to match (i.e. wpName, wpPassword) then the returned result is:
<?xml version="1.0"?> <api> <warnings> <main xml:space="preserve">Unrecognized parameters: 'wpName', 'wpPassword'</main> </warnings> <login result="NoName" /> </api>
The --cookie-jar option to curl only tells curl to save cookies to the jar. It doesn't tell curl to load cookies from the jar.
To get curl to load cookies from the jar you need to use the -b option to specify the cookie jar to use.
Related
i am trying to access google search console api - tried the sample [https://github.com/googleapis/google-api-python-client/blob/master/samples/searchconsole/search_analytics_api_sample.py][1]
i followed the instructions:
1) Install the Google Python client library, as shown at
https://developers.google.com/webmaster-tools/v3/libraries.
2) Sign up for a new project in the Google APIs console at
https://code.google.com/apis/console.
3) Register the project to use
OAuth2.0 for installed applications.
4) Copy your client ID, client
secret, and redirect URL into the client_secrets.json file included in
this package.
5) Run the app in the command-line as shown below.
Sample usage: $ python search_analytics_api_sample.py
'https://www.example.com/' '2015-05-01' '2015-05-30'
of course for my site and newer dates..
recieved in cmd the warning:
\AppData\Local\Programs\Python\Python38\lib\site-packages\oauth2client_helpers.py:255:
UserWarning: Cannot access webmasters.dat: No such file or directory
in the window opened in the browser got the message:
Error 400: redirect_uri_mismatch The redirect URI in the request,
http://localhost:8080/, does not match the ones authorized for the
OAuth client. To update the authorized redirect URIs, visit:
https://console.developers.google.com/apis/credentials/oauthclient/xxxxxxxxxxxxxxxxxxxx.apps.googleusercontent.com?project=xxxxxxxxxxxx
i configured the redirect URI as http://localhost:8080/ but still the same
appreciate any help thanks
I have the following problem that my curl request with login isn’t working. I tried different things I saw on stack overflow but I couldn’t get this working.
My AXIS-Camera has an API to access some data like the date and much more. On the browser I use a link like this:
http://root:root#IP/axis-cgi/date.cgi?action=get
The feedback is this:
Nov 20, 2017 14:27:00
Using curl:
curl "http://root:root#IP/axis-cgi/date.cgi?action=get"
or:
curl –user "root:root" "http://IP/axis-cgi/date.cgi?action=get"
I always get this result:
<!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>401 Unauthorized</title>
</head><body>
<h1>Unauthorized</h1>
<p>This server could not verify that you
are authorized to access the document
requested. Either you supplied the wrong
credentials (e.g., bad password), or your
browser doesn't understand how to supply
the credentials required.</p>
</body></html>
Axis requires Digest mode for the auth, and curl doesn't use it by default.
Try this:
curl --digest -u root:root http://IP/axis-cgi/date.cgi?action=get
I did this on an Axis 231D+ PTZ that I'm trying to figure out. Firmware 4.47. API version is probably really old. But this worked:
curl http://user:pass#host/axis-cgi/admin/date.cgi?action=get
I've been looking through the cgi directories trying to figure out where stuff lives. I think you may have missed a directory in your path. Or this camera has it in a different place. Hope this helps someone else too.
I do:
curl --digest -u user:pass http://host/axis-cgi/admin/uptime.cgi
And it does this:
<HTML><HEAD><TITLE>401 Unauthorized</TITLE></HEAD>
<BODY><H1>401 Unauthorized</H1>
Your client does not have permission to get URL /axis-cgi/admin/uptime.cgi from this server.
</BODY></HTML
I need to post a .json file to a server with a rest API with a Chef recipe, following Chef's documentation I came up with this code:
http_request '/tmp/bpp.json' do
url 'http://localhost:8080/api/v1/blueprints/bpp'
headers ({
'AUTHORIZATION' => "Basic #{Base64.encode64(user)}",
'CONTENT-TYPE' => 'aplication/json'
})
action :post
end
For authorization token, user is a variable that contains 'user:password'
When I run this chef recipe I obtain the following response:
Error executing action `post` on resource 'http_request[POST /tmp/bpp.json]'
Net::HTTPServerException
------------------------
400 "Bad Request"
Prior to this I was just executing a curl call and it was working fine, but I need to change to the http_request resource. This was the old (working) curl request:
curl --user user:password -H 'X-Requested-By:My-cookbook' --data #/tmp/bpp.json localhost:8080/api/v1/blueprints/bpp
I am not very used with REST apis and seems like an uncharted territory to me.
You forget about message. Using file name as resource name won't send this file as data. Try adding:
...
message lazy { IO.read('/tmp/bpp.json') }
...
In your case only the resource name - /tmp/bpp.json, will be sent. Not a file content. As stated in linked doc:
The message that is sent by the HTTP request. Default value: the name of the resource block See “Syntax” section above for more information.
I am load testing an HTTPS service using jmeter.
It works well by using following curl on a linux box:
curl -k -v -HContent-Type:application/json
-HauthToken:abcdefghijkla995e2f9-6cba-46e7-8b08-a7ffb67ca95d20150416163318
-Hsystem_name:testingsystemname -X POST --data-binary '{"deviceId":"1","cookieId":null,"emailId":"jmetertest#gmail.com"}'
https://localhost:9443/service/push/datacheck
How do I use jmeter to hit the request for load testing.
I was putting the authToken and system_name under 'send parameters with request' but it did not work and i keep on getting a 403 error.
Please help
You need to add HTTP Header Manager to your Test Plan and configure it to send the following headers:
authToken=abcdefghijkla995e2f9-6cba-46e7-8b08-a7ffb67ca95d20150416163318
system_name=testingsystemname
For sending JSON switch HTTP Request sampler to "Body Data" tab and put it there.
The below works perfectly in SoapUI (that's where I constructed it), but when I copy the exact request and attempt to execute with cURL in the bash command line (cygwin actually), it says:
<?xml version="1.0" encoding="UTF-8"?>
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<soapenv:Body>
<soapenv:Fault>
<faultcode xmlns:ns1="http://xml.apache.org/axis/">ns1:Client.NoSOAPAction</faultcode>
<faultstring>no SOAPAction header!</faultstring>
<detail/>
</soapenv:Fault>
</soapenv:Body>
The command I'm using is:
curl -H "Content-Type: text/xml; charset=utf-8" -H "SOAPAction:" -d "<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:urn="urn:ebay:apis:eBLBaseComponents"><soapenv:Header><urn:RequesterCredentials><urn:eBayAuthToken>AgA***GO</urn:eBayAuthToken></urn:RequesterCredentials></soapenv:Header><soapenv:Body><urn:GetMyeBaySellingRequest><urn:Version>793</urn:Version><urn:ActiveList><urn:Include>1</urn:Include><urn:IncludeNotes>0</urn:IncludeNotes></urn:ActiveList><urn:OutputSelector>ActiveList.ItemArray.Item.ItemID</urn:OutputSelector><urn:DetailLevel>ReturnAll</urn:DetailLevel><urn:HideVariations>1</urn:HideVariations></urn:GetMyeBaySellingRequest></soapenv:Body></soapenv:Envelope>" -X POST https://api.ebay.com/wsapi?callname=GetMyeBaySelling
I've used this exact syntax on other APIs with no issue, not sure what's different about eBay.
Open your wsdl. search for the operation which you are using to send this "GetMyeBaySellingRequest" request.
Copy the soap action from there and add in you command line
"SOAPAction: add soap action here from bindings or from soapui"
or in SOAP UI click on the operation and see at bottom left corner, you will see "operation properties". From there copy soap action value and put it in your command.