This question about Authentication or Authorisation: Answered
Uploading an attachment from the commandline
I'm trying to upload an attachment to a topic using curl. Looking through the
FAQs there's a similar problem (i.e.,
Question317), but I'm not sure whether there was any conclusive resolution.
Here is the curl command that I'm using:
curl --cookie-jar cookies --verbose -k --user wikiupload:XXXXXXXX -F "noredirect=1" -F "createlink=1" -F "filecomment=A test attachement" -F "filepath=@./wikitest.png" https://xxx.xxx.xxx.xxx/sailwiki/bin/upload/Sandbox/UploadTesting
And the response I get from curl is:
* About to connect() to xxx.xxx.xxx.xxx port 443 (#0)
* Trying xxx.xxx.xxx.xxx...
* connected
* Connected to xxx.xxx.xxx.xxx (xxx.xxx.xxx.xxx) port 443 (#0)
* error setting certificate verify locations, continuing anyway:
* CAfile: /usr/ssl/certs/ca-bundle.crt
CApath: none
* SSLv3, TLS handshake, Client hello (1):
} [data not shown]
* SSLv3, TLS handshake, Server hello (2):
{ [data not shown]
* SSLv3, TLS handshake, CERT (11):
{ [data not shown]
* SSLv3, TLS handshake, Server key exchange (12):
{ [data not shown]
* SSLv3, TLS handshake, Server finished (14):
{ [data not shown]
* SSLv3, TLS handshake, Client key exchange (16):
} [data not shown]
* SSLv3, TLS change cipher, Client hello (1):
} [data not shown]
* SSLv3, TLS handshake, Finished (20):
} [data not shown]
* SSLv3, TLS change cipher, Client hello (1):
{ [data not shown]
* SSLv3, TLS handshake, Finished (20):
{ [data not shown]
* SSL connection using DHE-RSA-AES256-SHA
* Server certificate:
[Redacted]
* SSL certificate verify result: self signed certificate (18), continuing anyway.
* Server auth using Basic with user 'wikiupload'
> POST /sailwiki/bin/upload/Sandbox/UploadTestingHTTP/1.1
> Authorization: Basic d2lraXVwbG9hZDpNbGhLV0RxQkNt
> User-Agent: curl/7.28.1
> Host: xxx.xxx.xxx.xxx
> Accept: */*
> Content-Length: 14916
> Expect: 100-continue
> Content-Type: multipart/form-data; boundary=----------------------------0971586fca22
>
* HTTP 1.1 or later with persistent connection, pipelining supported
< HTTP/1.1 100 Continue
} [data not shown]
* HTTP 1.1 or later with persistent connection, pipelining supported
< HTTP/1.1 302 Found
< Date: Fri, 11 Jan 2013 15:24:52 GMT
< Server: Apache/2.2.15 (Red Hat)
* Added cookie SFOSWIKISID="c7826f8a0f4906243b0b6a56c7ce4ba9" for domain xxx.xxx.xxx.xxx, path /, expire 0
< Set-Cookie: SFOSWIKISID=c7826f8a0f4906243b0b6a56c7ce4ba9; path=/; secure; HttpOnly
< Location: https:// xxx.xxx.xxx.xxx/sailwiki/bin/oops/Sandbox/MatlabTesting?template=oopsredirectdenied;def=redirect_denied;param1=https:// xxx.xxx.xxx.xxx/sailwiki/bin/login/Sandbox/MatlabTesting%3ffoswikiloginaction%3dvalidate%3bfoswikioriginalquery%3d762dc52417d89f8405772c9a0a06aa70;param2=http:// xxx.xxx.xxx.xxx/sailwiki
< Content-Length: 0
< Connection: close
< Content-Type: text/html; charset=ISO-8859-1
<
* Closing connection #0
* SSLv3, TLS alert, Client hello (1):
} [data not shown]
Is this the same strikeone issue discussed in
Question317? Is there a standard means of doing this through curl? Is there a more detailed recipe for scraping the validation info out of the 'edit' or 'attach' pages?
Thanks,
John
--
JohnEnright - 11 Jan 2013
An update:
So I'm trying to follow the general directions sketched out in the older question:
- Pull the validation key from a similar page (attach or edit), e.g.: e798df7954bea393fd99894b29469a63
- Pull the FOSWIKISTRIKEONE value out of the cookie: e.g., 752e331eb11e31c06dc1c13aa9d01a57
- Concatenate the strings (Validation+Cookie)
- Calculate the MD5-hash from the concatenated string: i.e., e26942957f6cc4e4dc4bbccce41380a8
- Send this to the 'key_validation' field of the upload POST form:
curl --cookie-jar cookies --verbose -k --user wikiupload:XXXXXXXX -F "noredirect=1" -F "createlink=1" -F "filecomment=A test attachement" -F "filepath=@./wikitest.png" -F "validation_key=e26942957f6cc4e4dc4bbccce41380a8" https://xxx.xxx.xxx.xxx/sailwiki/bin/upload/Sandbox/UploadTesting
Is that the correct set of operations? I'm still getting the oops redirect response. I don't really know javascript so my interpretation of strikeone.js may be off. Has anyone got this to work?
--
JohnEnright - 15 Jan 2013
Take a look at the perl code in
http://trac.foswiki.org/browser/trunk/BuildContrib/lib/Foswiki/Contrib/BuildContrib/Targets/upload.pm This module interfaces with strikeone to upload attachments to the foswiki Extensions web.
It may be that you need to login to get the session cookie. There are a couple of other topics to see as well:
--
GeorgeClark - 15 Jan 2013
Take a look at
wikiup at
https://bitbucket.org/djerius/wikiup/overview
The
wikiup
script v1.3.2 is working for me under Foswiki 1.1.9
--
TroyGoodson - 13 Jul 2015