I have a grails app that is using jsecurity plugin for authentication.
How do I use curl to send my credentials? If I just do curl -u username mysite
I get a prompt for a password, then nothing.
I tried to do an anyauth command and this is what I got for the site. Any idea why it is returning a 302?
dcole#DCOLE-L /cygdrive/c/dev
$ curl --anyauth --verbose http://localhost:8080/SkillsDB
* About to connect() to localhost port 8080 (#0)
* Trying ::1... connected
* Connected to localhost (::1) port 8080 (#0)
> GET /SkillsDB HTTP/1.1
> User-Agent: curl/7.20.1 (i686-pc-cygwin) libcurl/7.20.1 OpenSSL/0.9.8o zlib/1.
2.5 libidn/1.18 libssh2/1.2.5
> Host: localhost:8080
> Accept: */*
>
< HTTP/1.1 302 Moved Temporarily
< Server: Apache-Coyote/1.1
< Location: http://localhost:8080/SkillsDB/
< Transfer-Encoding: chunked
< Date: Thu, 07 Oct 2010 14:32:32 GMT
<
* Connection #0 to host localhost left intact
* Closing connection #0
here is additional information:
Rob is correct that it is form based. When I go to the address
http://localhost:8080/SkillsDB/auth/initialLogin
This is the form code that is displayed:
<form action="/SkillsDB/auth/initialSignIn" method="post" name="logform" id="logform">
<input name="targetUri" value="" type="hidden">
<input value="" widgetid="username" tabindex="0" id="username" class="dijit dijitReset dijitLeft dijitTextBox" dojoattachpoint="textbox,focusNode" name="username" dojoattachevent="onmouseenter:_onMouse,onmouseleave:_onMouse,onfocus:_onMouse,onblur:_onMouse,onkeypress:_onKeyPress" autocomplete="off" type="text"></td>
<input value="" widgetid="password" tabindex="0" id="password" class="dijit dijitReset dijitLeft dijitTextBox" dojoattachpoint="textbox,focusNode" name="password" dojoattachevent="onmouseenter:_onMouse,onmouseleave:_onMouse,onfocus:_onMouse,onblur:_onMouse,onkeypress:_onKeyPress" autocomplete="off" type="password"></td>
<td style=""><span widgetid="dijit_form_Button_0" class="dijit dijitReset dijitLeft dijitInline dijitButton" dojoattachevent="ondijitclick:_onButtonClick,onmouseenter:_onMouse,onmouseleave:_onMouse,onmousedown:_onMouse"><span class="dijitReset dijitRight dijitInline"><span class="dijitReset dijitInline dijitButtonNode"><button style="-moz-user-select: none;" tabindex="0" value="Log In" id="dijit_form_Button_0" aria-labelledby="dijit_form_Button_0_label" role="button" class="dijitReset dijitStretch dijitButtonContents" dojoattachpoint="titleNode,focusNode" name="" type="submit" wairole="button" waistate="labelledby-dijit_form_Button_0_label"><span class="dijitReset dijitInline" dojoattachpoint="iconNode"><span class="dijitReset dijitToggleButtonIconChar">✓</span></span><span class="dijitReset dijitInline dijitButtonText" id="dijit_form_Button_0_label" dojoattachpoint="containerNode">Log In</span></button></span></span></span></td>
</form>
If you're using a form-based authentication method, it's likely you're going to have to make an HTTP POST request to your login form, something along the lines of:
curl --data="username=foo&password=bar" http://localhost:8080/SkillsDB/login/auth
# note that '--data' causes the request to be a POST
I can't remember what JSecurity's login action is, but you'll have to replace login/auth (in the curl command above) with it. Have a look at the action of the <form> that the login page submits to.
Note that you'll be passing the password as plain text here. You'll probably want to use HTTPS for this transaction, but that's a whole different question.
Unless JSecurity is extending its authentication to use HTTP Basic Authentication, using the --anyauth is not likely to work, as I would imagine curl uses that to determine the proper HTTP authentication method.
Regarding your question about the 302, what happens when you add --location to your curl arguments? That should make curl follow the Location header that comes back in the response.
Related
So, this is my first post on stack, if I missed something please let me know.
So I have project that's working well on localhost Dev but when i uploaded to the server the API given 405 method not allowed.
I have a login form:
<form #submit.prevent="login" method="POST">
<input type="hidden" name="_token" :value="form.csrf">
<p><input type="email" name="login" placeholder="Username or Email" v-model="form.email"></p>
<p><input type="password" placeholder="Please Enter Password" v-model="form.password"></p>
<p class="remember_me">
</p>
<p class="submit"><input type="submit" value="Login"></p>
</form>
The form has some inputs, a textarea and a file input. Those are my routes:
Route::middleware('auth:sanctum')->get('/user', function (Request $request) {
return $request->user();
});
Route::controller(AuthController::class)->group(function(){
Route::post('/login', 'login');
});
When I submit the form I get the The GET method is not supported for this route. Supported methods: POST. error.
Here is my Route list :
enter image description here
after everything possible things updating still on same error.
enter image description here
In Chrome network tab showing this
enter image description here
Maybe you guys have any idea what is happening here and point me in the right direction.
Thanks!
Here is the PHP code for pg3.php:
<html>
<body>
<form method="post" action="pg3.php">
<h2><font color="red">::Welcome to Server1: 172.16.24.150::</font></h2>
<input type="text" name="user">
<input type="submit" value="Submit">
</body>
</html>
<?php
if(!empty($_POST["user"])){
echo $_POST["user"];
}
?>
I sent the following request:
curl --data "8\r\nuser=mehran\r\n0\r\n" --header "Transfer-Encoding: chunked" "http://172.16.17.10/pg3.php"
I got the following response:
<html>
<body>
<form method="post" action="pg3.php">
<h2><font color="red">::Welcome to Server1: 172.16.24.150::</font></h2>
<input type="text" name="user">
<input type="submit" value="Submit">
</body>
</html>
As the above shows, user=meh is not in the response, while it must be there if Transfer-Encoding works correctly.
What's the problem??
TNX.
See this example in the documentation:
You send a chunked POST with curl like this:
curl -H "Transfer-Encoding: chunked" -d "payload to send" http://example.com
You don't need to try to create the chunked encoded payload yourself. In your case:
curl --data "user=mehran" --header "Transfer-Encoding: chunked" "http://172.16.17.10/pg3.php"
is enough for curl to send:
POST / HTTP/1.1
...
Transfer-Encoding: chunked
Content-Type: application/x-www-form-urlencoded
b
user=mehran
0
Here's the context. I have a Joomla Backend with tons of custom code in a very old Joomla 1.X version. Everything is still surprisingly holding up well. The site owner wants a new front facing website and his company chose WordPress. Website was built, now we want to add a log in form to the Joomla backend from a WP page.
Here's what worked:
Go to Joomla login page (domain.com/administrator)
Copy the HTML form (including hidden input with token)
Paste the HTML and adjust the action attribute of the form
Went to the WP page (domain.com/wordpressFolder/page, entered credentials and it works perfectly!
Obviously these tokens can only be used once. Added a shortcode in WP that gets the form from Joomla and "extract" the token and returns it to the page.
function st_login_form( $atts ) {
$joomla = file_get_contents('http://www.example.com/administrator/index.php');
$doc = new DOMDocument();
$doc->loadHTML($joomla);
$inputs = $doc->getElementsByTagName('input');
$token = $inputs[5]->attributes[1]->nodeValue;
$html = '<form action="https://www.example.com/administrator/index.php" method="post" name="login" id="form-login" style="clear: both;">
<p id="form-login-username">
<label for="modlgn_username">Username</label>
<input name="username" id="modlgn_username" type="text" class="inputbox" size="15">
</p>
<p id="form-login-password">
<label for="modlgn_passwd">Password</label>
<input name="passwd" id="modlgn_passwd" type="text" class="inputbox" size="15">
</p>
<input type="submit" value="Connexion" />
<input type="hidden" name="option" value="com_login">
<input type="hidden" name="task" value="login">
<input type="hidden" name="'.$token.'" value="1">
</form>';
return $html;
}
The code behaves has expected and inspecting the form on the WP page with injected token looks fine, however when logging in it gives me an invalid token error.
I don't quite understand why it works when copy pasting but not when I retrieve the token from PHP. Any clue or potential solutions?
Found my first mistake. The GET is done over HTTP while the POST is sent over HTTPS. Obviously, CSRF token are domain-signed.
Now it simply redirects me to the login page but I'm not logged in.
I am struggling to use ESP8266 client to log into my web server (which is running in a PC host in local network). The ESP must login in order to see weather it must activate the sensor connected to it or not. Users can change the state of sensor activation (on/off) by logging in their portal. Therefore the esp8266 must be always aware of that. The way that comes to my mind is that the ESP8266 must log in like other browser clients. First, it should enter the login page through the following code:
client.print(String("GET /public_html/login.php") + " HTTP/1.1\r\n" +
"Host: " + host + "\r\n" +
"Connection: close\r\n" +
"\r\n"
);
Then I should post the username and password to the server. Normal human users who log in through a browser log in through the form below:
<form action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]); ?>" method="post">
<div class="form-group <?php echo (!empty($username_err)) ? 'has-error' : ''; ?>">
<label>username</label>
<input type="text" name="username" class="form-control" value="<?php echo $username; >">
</div>
<div class="form-group <?php echo (!empty($password_err)) ? 'has-error' : ''; ?>">
<label>password</label>
<input type="password" name="password" class="form-control">
</div>
<div class="form-group">
<input type="submit" class="btn btn-primary" value="Login">
</div>
</form>
How can I do the same thing implemented above in ESP8266?
First you have to define a post route at server which can listen to esp post requests.
And you can send a json string from esp with post method which contains encrypted credentials.
Depending on credentials received at server end you can decide whether to authenticate or not the device and respond the same result back to device.
I'm trying to send a POST request to get a file downloaded, but I'm having problem complete this operation using URL.
The form looks like this:
<FORM action='download.php' method='post' encType='multipart/form-data'>
<TD bgcolor="white" valign="top" style="padding:10px;">
<TABLE cellspacing=0 cellpadding=0 width='100%'>
<TR>
<TD width='30%' align='center'>
Uploaded torrent code (date+hash):<BR>
<INPUT size=58 name="ref" value="1333f4f84bb41d5adc0f61e8f5a4658460da70b2737" style="font-size:10px;"><INPUT TYPE="hidden" NAME="reff" value="MTM3OTU2Mjk4OQ=="><BR>
downloaded: 27988<BR>
<INPUT type="submit" height=27 width=174 value=download border=0 name=submit valign="bottom" onclick="setpos(1);">
</TD>
</TR>
</TABLE>
</TD>
</FORM>
So I tried to use URL:
www.site.com/download.php?ref=1333f4f84bb41d5adc0f61e8f5a4658460da70b2737
but that doesn't work. Chrome seems to show me a browser based form data:
------WebKitFormBoundaryeqA3pQupG0ndfLMZ
Content-Disposition: form-data; name="ref"
1333f4f84bb41d5adc0f61e8f5a4658460da70b2737
------WebKitFormBoundaryeqA3pQupG0ndfLMZ
Content-Disposition: form-data; name="reff"
MTM3OTQ4NzQwMQ==
------WebKitFormBoundaryeqA3pQupG0ndfLMZ
Content-Disposition: form-data; name="submit"
download
------WebKitFormBoundaryeqA3pQupG0ndfLMZ--
What should I do now?
Post request can't be made in browser url.
-> This is is first way to do this
Sample post request using curl:
curl -F param1=val1 -F param2=val2 -F param3=val3 http://host:port/abc.json
Hit this in terminal/console/cmd
curl -F ref=1333f4f84bb41d5adc0f61e8f5a4658460da70b2737 www.site.com/download.php
-> Or install RestConsole in chrome browser using Google Web Store. There you can handle every kind of request.