I want to passively check the permissions (scopes) of a GitHub security token passively (without pushing something into a repository). I tried the following command. I replaced your_username: your access token and the URL of my repo. But it shows an error.
curl: (3) URL using bad/illegal format or missing URL
curl -u your_username:your_access_token \
-H "Accept: application/vnd.github.v3+json" \
https://api.github.com/repos/octocat/hello-world/collaborators/USERNAME/permission
If the goal is to determine which scopes a token has access to, check the response header with prefix x-oauth-scopes (using curl with -I):
$ GITHUB_TOKEN=ghp_DefineYourOwnToken
$ curl -sS -f -I -H "Authorization: token ${GITHUB_TOKEN}" https://api.github.com | grep ^x-oauth-scopes: | cut -d' ' -f2- | tr -d "[:space:]" | tr ',' '\n'
Note that tr -d "[:space:]" above is essential for removing some unusual whitespace, failing which a matching command such as grep -x doesn't subsequently work correctly.
Sample output 1:
gist
repo
workflow
Sample output 2:
delete:packages
public_repo
read:packages
repo:invite
repo:status
Credit: answer by VK
Related
This curl command works as expected and shows when the repository was first created.
curl https://api.github.com/repos/RaRe-Technologies/gensim | grep created
"created_at": "2011-02-10T07:43:04Z",
But this does not show when a file in that repo was created.
curl
https://api.github.com/repos/RaRe-Technologies/gensim/blob/develop/gensim/scripts/make_wikicorpus.py
| grep created
Is there any way to find the date on which the file was introduced?
You can use https://api.github.com/repos/OWNER/REPO/commits?path=<path/to/file>, as described here.
The results of this request can then be parsed by jq, with the following options .[-1].commit.author.date.
This tells jq to get the last item of the array ([-1]), and then parse the value of commit, then author and then the date, which is the date of the commit.
So using the follwing command
curl "https://api.github.com/repos/RaRe-Technologies/gensim/commits?path=gensim/scripts/make_wikicor
pus.py" | jq -r ".[-1].commit.author.date"
will result in
2012-07-21T20:00:29Z
The alternative, using GitHub CLI gh, and its gh api command:
# Windows
gh api -X GET repos/RaRe-Technologies/gensim/commits \
-f path="gensim/scripts/make_wikicorpus.py" \
--jq ".[-1].commit.author.date"
# Linux
gh api -X GET repos/RaRe-Technologies/gensim/commits \
-f path='gensim/scripts/make_wikicorpus.py' \
--jq '.[-1].commit.author.date'
2012-07-21T20:00:29Z
You don't even need jq if you have gh installed.
After I switched to the new Github Token format, I am not able anymore to perform a call for this github API:
https://docs.github.com/en/rest/issues/comments#list-issue-comments
My script does the following:
[[ -z "$GITHUB_REPO_SLUG" ]] && export GITHUB_REPO_SLUG="$TRAVIS_REPO_SLUG"
GITHUB_API_BASE_URL="https://api.github.com/repos/${GITHUB_REPO_SLUG}"
GITHUB_AUTH_HEADER="Authorization: token $GITHUB_TOKEN"
comment_ids=$(curl -s -H "$GITHUB_AUTH_HEADER" "$GITHUB_API_BASE_URL/issues/$pull_request_id/comments" \
| jq --arg USER "$GITHUB_USER" -r '. | map(select(.user.login==$USER)) | map(.id) | .[]')
for comment_id in $(echo $comment_ids); do
jq -n -r --arg message "$message" '{ body: $message }' \
| curl -s -H "$GITHUB_AUTH_HEADER" "$GITHUB_API_BASE_URL/issues/comments/$comment_id" -X PATCH --data #- > /dev/null
echo "Edited comment with id $comment_id of PR $pull_request_id"
done
The api call that list comments ids responds:
{
"message": "Not Found",
"documentation_url": "https://docs.github.com/rest/reference/issues#list-issue-comments"
}
This still works using tokens in the old format, but doesn't with tokens in the new format.
Is there any way to use the GHP to call that api?
The github user associated with the github token must be provided writing access to the repository.
Since this was missing API responded 404 (default behaviour set for Github APIs).
I am using AppVeyor to set up the CI for a GitHub repository and upload the build artifacts to a draft named CI builds. The file is e.g. located under
https://github.com/an_organisation/a_project/releases/tag/untagged-1111aaaacccc0000dddd/filename.tar.gz
and can be accessed and downloaded from a browser.
Now I would like to access those uploaded artifact from another AppVeyor project (i.e. an appveyor.yml script). I tried without success to download with AppVeyor DownloadFile command, curl, and wget using the following commands
set DOWNLOAD_FILENAME=filename.tar.gz
set DOWNLOAD_ADDRESS=https://github.com/an_organisation/a_project/releases/download/untagged-1111aaaacccc0000dddd/$DOWNLOAD_FILENAME
wget --header "Authorization: token $GH_AUTH_TOKEN" --output-document=$DOWNLOAD_FILENAME $DOWNLOAD_ADDRESS
wget --auth-no-challenge --header "Accept:application/octet-stream" --output-document=$DOWNLOAD_FILENAME "$DOWNLOAD_ADDRESS?access_token:$GH_AUTH_TOKEN"
curl -fsSL -G --user "$APPVEYOR_ACCOUNT_NAME:$GH_AUTH_TOKEN" -o $DOWNLOAD_FILENAME $DOWNLOAD_ADDRESS
curl -fsSL -G -H "Authorization: token $GH_AUTH_TOKEN" -H "Accept: application/octet-stream" -o $DOWNLOAD_FILENAME $DOWNLOAD_ADDRESS
curl -fsSL -G -H "Authorization: token $GH_AUTH_TOKEN" -H "Accept: application/octet-stream" -o $DOWNLOAD_FILENAME https://api.github.com/repos/an_organisation/a_project/releases/download/untagged-1111aaaacccc0000dddd/
Slowly I get a feeling that a file download from a draft via GitHub API or download link is not possible.
What is the correct command to download such a file?
TLDR Use the Get Release asset API with header Accept: application/octet-stream :
curl -OJ -L -H "Accept: application/octet-stream" \
-H "Authorization: Token $YOUR_TOKEN" \
"https://api.github.com/repos/$REPO/releases/assets/$ASSET_ID"
You need to have the assetID. In order to have it you need the releaseID if you have not already this information use GET /repos/:user/:repo/releases :
curl -s -H "Authorization: Token $YOUR_TOKEN" \
"https://api.github.com/repos/$REPO/releases" | jq '.[] | {(.name): .id}'
Then get the assets IDs use GET /repos/:user/:repo/releases/:release_id :
curl -s -H "Authorization: Token $YOUR_TOKEN" \
"https://api.github.com/repos/$REPO/releases/$RELEASE_ID" | \
jq -r '.assets[] | {(.id |tostring): .name}'
Then once you have assetID (maybe you already had it btw) you can finally use GET /repos/:user/:repo/releases/assets/:asset_id with header Accept: application/octet-stream. From the documentation :
To download the asset's binary content, set the Accept header of the
request to application/octet-stream. The API will either redirect the
client to the location, or stream it directly if possible. API clients
should handle both a 200 or 302 response.
The following download the file locally :
curl -OJ -L -H "Accept: application/octet-stream" \
-H "Authorization: Token $YOUR_TOKEN" \
"https://api.github.com/repos/$REPO/releases/assets/$ASSET_ID"
I'd like to move an attachment to a different space (i.e, update the parent container of an attachment in a Confluence page) using Cloud REST API and "curl" command. I looked up REST API endpoint URL and found this:
PUT /rest/api/content/{id}/child/attachment/{attachmentId}
Could somebody provide an example for a correctly constructed JSON input to achieve this? I tried the one below to move an attachment called "test.jpeg" with ID "att000" and current version 5 to parent with ID 1234, but it fails:
curl -v -u 'admin:password' -X PUT -H 'Content-Type:application/json' -d '{"id":"att000","type":"attachment","title":"test.jpeg","version":{"number":5,"minorEdit":false},"ancestors":[{"id":1234}]' -H ‘X-Atlassian-Token:access-token' https://test.atlassian.net/wiki/rest/api/content/170234/child/attachment | python -m json.tool
Given below is the error message
< HTTP/1.1 415 Unsupported Media Type
.
.
.
No JSON object could be decoded
Thank you for your time!
I believe in your curl example you are uploading it under space which is not possible. Attachments in Confluence needs to be under content. Take a look at following example:
curl -v -S -u admin:admin -X POST -H "X-Atlassian-Token: no-check" -F "file=#myfile.txt" -F "comment=this is my file" "http://localhost:8080/confluence/rest/api/content/3604482/child/attachment" | python -mjson.tool
You have to set the container property in the request object.
Specify "container":{"id":"123456","type":"attachment"}
curl -v -u 'admin:password' -X PUT -H 'Content-Type:application/json' -d '{"id":"att000","type":"attachment","title":"test.jpeg","version":{"number":5,"minorEdit":false},"container":{"id":"123456","type":"attachment"}, "ancestors":[{"id":1234}]' -H ‘X-Atlassian-Token:access-token' https://test.atlassian.net/wiki/rest/api/content/170234/child/attachment | python -m json.tool
id => id of the page where attachment is being moved.
Is there a simple way to use a cURL request to the REST API to access a file on my Sharepoint account? For example
curl -i -H "Authorization: Bearer <some-key-here>" https://mysharepoint.com/_api/web/Lists
I have read all the documentation about authentication and authorization for apps, but in this case I don't have an "application" that I can register. I simply need an API key of some kind to use in REST requests. How can I use the REST API in this way?
I appreciate any insight into this problem.
Create a bash script:
$ nano get_access_token.sh
Paste the next content to it, changing YourTenant, client_id, client_secret to your own values (you could get in Sharepoint's part below).
wwwauthenticate=$(curl -i -H "Authorization: Bearer" -s "https://YourTenant.sharepoint.com/_vti_bin/client.svc/" | grep -i "www-authenticate")
bearer_realm=$(echo $wwwauthenticate | awk -F"," '{print $1}' | awk -F"=" '{print $2}' | tr -d '"')
app_id=$(echo $wwwauthenticate | awk -F"," '{print $2}' | awk -F"=" '{print $2}' | tr -d '"')
grant_type="grant_type=client_credentials"
cl_id="client_id=c2xxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxx#$bearer_realm"
cl_secret="client_secret=3zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz"
res="resource=$app_id/YourTenant.sharepoint.com#$bearer_realm"
url="https://accounts.accesscontrol.windows.net/$bearer_realm/tokens/OAuth/2"
content_type="Conent-Type: application/x-www-form-urlencoded"
access_token=$(curl -X POST -H $content_type --data-urlencode $grant_type --data-urlencode $cl_id --data-urlencode $cl_secret --data-urlencode $res -s $url | awk -F":" '{print $NF}' | tr -d '"}')
echo $access_token
Apply proper permissions: chmod 700 get_access_token.sh
You could use curl with that token the next way:
curl -i -H "Authorization: Bearer $(./get_access_token.sh)" -H "Accept: application/json;odata=verbose" -s "https://YourTenant.sharepoint.com/_api/web"
You could replace ./ by the full path to the script.
Sharepoint's part:
Register a new app by
following https://YourTenant.sharepoint.com/_layouts/15/appregnew.aspx link
generating Client Id and ** Client Secret** values
filling Title, App Domain and Redirect URI fields (I've input localhost.com as on the picture - it works)
clicking Create button
Save somewhere into file the next parameters:
The app identifier has been successfully created.
Client Id: 898c898f-89238-43d0-4b2d-7a64c26f386a
Client Secret: 4/T+21I1DSoAJdOX9DL1Ne4KssEaP7rqb11gdtskhXn=
Title: SomeTitle
App Domain: localhost.com
Redirect URI: https://localhost.com/default.aspx
Apply permissions to this app by
following https://YourTennant.sharepoint.com/sites/SharePointRND/_layouts/15/appinv.aspx
inserting Client Id: 898c898f-89238-43d0-4b2d-7a64c26f386a into App Id field
clicking Lookup button
pasting into Permission Request XML the next code (in my case I needed only Read access, so I changed Rights value from FullControl to Read):
<AppPermissionRequests AllowAppOnlyPolicy="true">
<AppPermissionRequest Scope="http://sharepoint/content/sitecollection/web" Right="FullControl" />
</AppPermissionRequests>
Create bottom button clicking
Trust it button clicking
Here's Postman related but similar answer
If this is still relevant, this did it for me:
curl https://mysharepoint.com/_api/web/Lists -v --ntlm --negotiate -u user:password
You basically authenticate using ntlm (Note that some sharepoints might require Kerberos) and then can easily access the REST API like you can via browser.
Edit does not work with Office 365 apparently.