How to authenticate into Project Server SOAP API? - project-server

I'm trying to perform soap action from C# code.
(btw its using non-standard api not available in projectserverservices.dll)
Below working action through a web browser:
curl 'http://servername/pwa/_vti_bin/PSI/ProjectServer.svc' -H 'AsmxRoutedCall: true' -H 'Origin: http://servername' -H 'Accept-Encoding: gzip, deflate' -H 'Accept-Language: en-US,en;q=0.9,pl;q=0.8' -H 'User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.100 Safari/537.36' -H 'Content-Type: text/xml; charset=UTF-8' -H 'Accept: */*' -H 'Referer: http://servername/pwa/Timesheet.aspx?tsUID=06b92bf0-806e-44d5-8c94-616c50471920&Source=http://servername/pwa/_layouts/pwa/timesheet/mytssummary.aspx' -H 'Cookie: ASP.NET_SessionId=kiihu1na3qifbojttxlauu3u; loginAsDifferentAttemptCount=; previousLoggedInAs=; PWA_Perf=0; OfflineClientInstalled=0; Ribbon.ContextualTabs.TiedMode.Home=1639690|-1|436|1720094216; PWA6637f161eb954cdc9bc621ab4641ce27CORPNET+AF8-TEST1=703012DE208D9FAF800770FA89647B17B21C3F5345D974ED344773B4049A0532D0757CD3B9103EEA8B41053A136ED4740A696A746CF5D3C5B272D0E94F935AF541C1EAD826B960CEBF9F63B6AB631A99576BD9DDE240346B12E247D3932E57CF850CD5066C0F360CDC2982E74C71D8727A2F2858B3DC9F0E9BAD53A90E9C3166BAC37B4853057B4ACD426B46AD1AF70E3C42406DAC090113F461529640E3E2EE3012C9339A62798236643998734757A0990F58F0B68483D4B3C0F570EDA809E2EDCA0AFC19333876B493CF6D43ECA43C9B6944D93C0DAAE641D32AAEFBF58DA878887838EE7BD87F9A9CDB0EFA09618EFDEFB7ED7E021A83EE1FB1B679D7D707A18C750AFEE9F63E844CBAB9B73B95389C56E46A2BE67C223A828AD2565966836B868C832F6D37FE35AFAE8D3003EEF2D91DE9A5DCE5C2E41C32AE4CF01A6A1C04A3405AC614089953C25D64CA44E016A7FD9958CB51339AE7BB542C291C5A44DDF61F33520BC62DED70E94FA48F4D157B714C9BFCE97DFC3338E1F6FCBEE8B310F137D612865B34B738087F4586FAFF30F2E15D70CBB96F969354B91B22B0FE11D3B12858B4778DF87F8F52FB4B6B9D0EDF16C6A84D783217EE81D780D59CAF40EE15B8EE2B6D89461C8DA6E7002D04CDA8EABE4C5DA4FEBD199A95A96A2D75F3FA9C14E2FEFE8B6C3D5C5D14D611A29FE5103226C8EDEDDC69A85B526DFEA6DB0EBEDCE8A4790E908C7251F0B7A3A8CEE0496C545AD8C58D77D29ED965A71D3E4227792E153BFE967B7A76EE2C92C86ABCE56D70E36F257C4B743F07CEA0E43F9A3CBC3F367D4257BF070AA654EAA07E182386CBFDBEE02D83C382504F844F15206643F3EAD946B392DBBDD41FFC412FBA06A8950A0D14588FF535B04B02BA0CCC5765F49C34541DCCA674E5DA4B3DBA75BA5CB208D0D7CBA8D7710315A6FD9D5DDDFA6C7D1A893F9FD6DD9DBF66DB545D9E73' -H 'Connection: keep-alive' -H 'SOAPAction: http://schemas.microsoft.com/office/project/server/webservices/PWA/TimeSheetSendGridUpdatesForSave' --data-binary '<?xml version="1.0" encoding="UTF-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><TimeSheetSendGridUpdatesForSave xmlns="http://schemas.microsoft.com/office/project/server/webservices/PWA/"><jobUid>{f6880caf-9407-4454-ac60-84a30f57079c}</jobUid><tsUid>{06b92bf0-806e-44d5-8c94-616c50471920}</tsUid><changesJson>[{"updates":[{"type":2,"recordKey":"a81cc5f7-307a-46ce-a131-77e15468c29f","fieldKey":"TPD_col2a","newProp":{"dataValue":"600000","hasDataValue":true}},{"type":2,"recordKey":"a81cc5f7-307a-46ce-a131-77e15468c29f","fieldKey":"TPD_col2t","newProp":{"dataValue":"600000","hasDataValue":true}}],"changeNumber":1},{"updates":[{"type":2,"recordKey":"9f076a35-1394-4c6b-950a-aee4179febdc","fieldKey":"TPD_col2a","newProp":{"dataValue":"600000","hasDataValue":true}}],"changeNumber":2},{"updates":[{"type":2,"recordKey":"9f076a35-1394-4c6b-950a-aee4179febdc","fieldKey":"TPD_col2t","newProp":{"dataValue":"600000","hasDataValue":true}}],"changeNumber":3}]</changesJson><viewOptionsJson>{"dateFormat":3,"workFormat":2,"durationFormat":7,"filterType":5,"loadViewProperties":true,"newTasks":[],"importTasks":[],"removedLines":[]}</viewOptionsJson></TimeSheetSendGridUpdatesForSave></soap:Body></soap:Envelope>' --compressed --insecure
If i try to use it in a postman, it just does not work (Responds with 401 Not Authorized) using NTLM Auth (beta)
If i try to generate code from postman to C# (RestSharp) - same result 401
Any idea how should i create such a request?
I can use whatever technique, other than magic libraries (like projectserverservices.dll) :)

I have successfully authenticated the user by making a call from SOAP UI.
As disclosed, i was performing undocumented call (without WSDL) so to make such a request from SOAP UI you have to create empty REST project and add a wsdl endpoint to it.
If thats possible in SOAP UI then its for sure possible in C#.
Endpoint: http://servername
Resource: /pwa/_vti_bin/PSI/ProjectServer.svc
Headers:
AsmxRoutedCall: true
X-FORMS_BASED_AUTH_ACCEPTED: f
User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.100 Safari/537.36
SOAPAction: http://schemas.microsoft.com/office/project/server/webservices/PWA/TimeSheetSendGridUpdatesForSave
Creating such call from C# is quite simple.
If you're using HttpClient just use
httpClient.UseDefaultCredentials = true
# or
httpclient.Credentials = new NetworkCredentials(username,password,domain)
If youre using RestSharp then use:
client.Authenticator = new NtlmAuthenticator(new NetworkCredential(username,password,domain));

Related

ForgotPasswordScreen in firebase_ui_auth is revealing if account does not exist

I am following example for firebase_ui_auth , When a visitor to site enters a valid but non existing email address, the site is revealing that the EMAIL_NOT_FOUND as shown below
We do not want to reveal if the user exist or not.
Below is what chrome sends as curl equivalent
curl "https://identitytoolkit.googleapis.com/v1/accounts:sendOobCode?key=AgwiSyC-tRO9CaBdWeRMU_a1234567-Jl1234ec" ^
-H "authority: identitytoolkit.googleapis.com" ^
-H "accept: */*" ^
-H "accept-language: en-US,en;q=0.9" ^
-H "content-type: application/json" ^
-H "origin: http://localhost:63865" ^
-H "sec-ch-ua: ^\^"Not_A Brand^\^";v=^\^"99^\^", ^\^"Google Chrome^\^";v=^\^"109^\^", ^\^"Chromium^\^";v=^\^"109^\^"" ^
-H "sec-ch-ua-mobile: ?0" ^
-H "sec-ch-ua-platform: ^\^"Windows^\^"" ^
-H "sec-fetch-dest: empty" ^
-H "sec-fetch-mode: cors" ^
-H "sec-fetch-site: cross-site" ^
-H "user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36" ^
-H "x-client-data: CInaygE=" ^
-H "x-client-version: Chrome/JsCore/9.15.0/FirebaseCore-web" ^
-H "x-firebase-gmpid: 1:621401234567:web:7d6e685agh2315aea7f93b" ^
--data-raw "^{^\^"requestType^\^":^\^"PASSWORD_RESET^\^",^\^"email^\^":^\^"example1^#example.com^\^"^}" ^
--compressed
and below is the response
{ "error": {
"code": 400,
"message": "EMAIL_NOT_FOUND",
"errors": [
{
"message": "EMAIL_NOT_FOUND",
"domain": "global",
"reason": "invalid"
}
] } }
Basically there are two scenario when Email Enumeration protection can help, but it does not help when to find out if the user exists in system and a person tries to register ( sign-up) with that email again at that time the app will reveal that the account does exists.
It works in other two scenario that is when password reset or an attempt is made to log on.
That sounds correct: Firebase Authentication can only send password reset emails to accounts that it knows about. If no user was registered for the email before, it cannot send a password reset email to it.

Encoded page downloaded with wget?

I'm trying to mirror a site using :
wget --header 'accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8' --header 'upgrade-insecure-requests: 1' --header 'user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36' --header 'dnt: 1' --header 'accept-encoding: gzip, deflate, br' --header 'accept-language: en-US,en;q=0.9' --header 'cookie: _ga=GA1.2.3865356.1523153047; ........' -N -m -p -w 3 --convert-links 'mysite.com/
I've added a couple of headers and noticed that the recursive downloading was not happening. Just the initial index.html page is downloaded. When I looked at the page I see the screenshot. What is being downloaded here. How can I download regular html files instead?
If you add the option --server-response what do you see in the Content-Type header of the response? Is it anything like text/html?
P.S.: since you used the -m (i.e. --mirror) option you do not need to specify the flag -N as well.

Use curl to POST files on a two stages form - endomondo

I'm trying to build a simple bash script to automatically upload .gpx file to endomondo from my home made "smartskateboard" using a raspberry.
The steps to do this using a browser are :
-Login on the website (and browse to the right place)
-Select a local file and post it. (the file is uploaded and parsed by the server)
-Validate the track and chose the sport.
Here are some pictures :
http://i.stack.imgur.com/aH1Yr.png
http://i.stack.imgur.com/jQVXM.png
I tried to use chrome dev tools and this is what I'v done yet.
I have managed to get the curl command to post a message :
curl 'https://www.endomondo.com/rest/v1/users/12598/feeds/' -H 'Pragma: no-cache' -H 'Origin: https://www.endomondo.com' -H 'Accept-Encoding: gzip, deflate' -H 'X-CSRF-TOKEN: rd7g3v4jn7qb3tn850tadctgku' -H 'Accept-Language: en-US,en;q=0.8,fr-FR;q=0.6,fr;q=0.4' -H 'User-Agent: Mozilla/5.0 (iPad; CPU OS 7_0 like Mac OS X) AppleWebKit/537.51.1 (KHTML, like Gecko) Version/7.0 Mobile/11A465 Safari/9537.53' -H 'Content-Type: application/json;charset=UTF-8' -H 'Accept: application/json, text/plain, */*' -H 'Cache-Control: no-cache' -H 'Referer: https://www.endomondo.com/home' -H 'Cookie: CSRF_TOKEN=rd7g3v4jn7qb3tn850tadctgku; EndomondoApplication_AUTO=; EndomondoApplication_AUTH="440BDF49EEB9D76EURIPamw77KUpPuQyzORKeykOJHruw8sKNRBWWA0HJ7BP6kfWNLgIy0ZrtapJam0G7F4xt7lZB7M%2FGp7aHoGLRcuXFnNE2UqIonAMHmNL6Nc%3D"; EndomondoApplication_USER="test%40test.test"; JSESSIONID=D44DF5952D9FB9ECB5770809674604BC; AWSELB=13FDC17D1C2B68745BCB41EBB6BDDC3DB8274D93D6BFB2FED334D90D6839B6C1C83CB494F784DFC9E02CB65D818CE77DB9BD0EC99020A8445EE98B4DBDFCA6E4A764395BA73DF1CBDA0BA244DD4CE2E654387EB981; __utma=162144232.146159703.1442243029.1451137760.1451149929.4; __utmb=162144232.9.10.1451149929; __utmc=162144232; __utmz=162144232.1442243029.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); USER_TOKEN=23EEE323B7AEA408yrCg5GoWVwn5pzcXtsVfJop8VgkqdNw9y6XCU1hTgcylJixgbmFwGy8k7IUp25N2CeS0aSn0B9R0B5KIcbwPK5HhL5znQwSCTQR%2FcV4xHZ8%3D; _dc_gtm_UA-273418-98=1; _gat=1; acceptCookies=1; _ga=GA1.2.146159703.1442243029' -H 'Connection: keep-alive' --data-binary '{"message":"I love sports and I dont care who know.","picture_keys":[]}' --compressed
Or, easier to see :
curl
'https://www.endomondo.com/rest/v1/users/12598/feeds/' -H
'Pragma: no-cache' -H
'Origin: https://www.endomondo.com' -H
'Accept-Encoding: gzip, deflate' -H
'X-CSRF-TOKEN: rd7g3v4jn7qb3tn850tadctgku' -H
'Accept-Language: en-US,en;q=0.8,fr-FR;q=0.6,fr;q=0.4' -H
'User-Agent: Mozilla/5.0 (iPad; CPU OS 7_0 like Mac OS X) AppleWebKit/537.51.1 (KHTML, like Gecko) Version/7.0 Mobile/11A465 Safari/9537.53' -H
'Content-Type: application/json;charset=UTF-8' -H
'Accept: application/json, text/plain, */*' -H
'Cache-Control: no-cache' -H
'Referer: https://www.endomondo.com/home' -H
'Cookie: CSRF_TOKEN=rd7g3v4jn7qb3tn850tadctgku; EndomondoApplication_AUTO=; EndomondoApplication_AUTH="440BDF49EEB9D76EURIPamw77KUpPuQyzORKeykOJHruw8sKNRBWWA0HJ7BP6kfWNLgIy0ZrtapJam0G7F4xt7lZB7M%2FGp7aHoGLRcuXFnNE2UqIonAMHmNL6Nc%3D"; EndomondoApplication_USER="test%40test.test"; JSESSIONID=D44DF5952D9FB9ECB5770809674604BC; AWSELB=13FDC17D1C2B68745BCB41EBB6BDDC3DB8274D93D6BFB2FED334D90D6839B6C1C83CB494F784DFC9E02CB65D818CE77DB9BD0EC99020A8445EE98B4DBDFCA6E4A764395BA73DF1CBDA0BA244DD4CE2E654387EB981; __utma=162144232.146159703.1442243029.1451137760.1451149929.4; __utmb=162144232.9.10.1451149929; __utmc=162144232; __utmz=162144232.1442243029.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); USER_TOKEN=23EEE323B7AEA408yrCg5GoWVwn5pzcXtsVfJop8VgkqdNw9y6XCU1hTgcylJixgbmFwGy8k7IUp25N2CeS0aSn0B9R0B5KIcbwPK5HhL5znQwSCTQR%2FcV4xHZ8%3D; _dc_gtm_UA-273418-98=1; _gat=1; acceptCookies=1; _ga=GA1.2.146159703.1442243029' -H
'Connection: keep-alive' --data-binary
'{"message":"I love sports and I dont care who know.","picture_keys":[]}' --compressed
But when I try to use the same "copy to cURL" technique to upload a gpx this is what I get :
curl 'https://www.endomondo.com/?x=0vBK0C*OVDu7aPYFZkE-CVgVIAFbs93VmWFtfCp7PaWi1ZSVu574S9sV8PL-3zjJUvnwjalxBcDaHd*-JuZnu52USOr5snwbRLbnzcTIw1AXlA-F028Z-Xs-0k5SWzAWYCg3I-wtaU3iwIxLLlrHgzW4j28xUw0QNh0zDH4z*Js&random=0.6610315972939134' -H 'Pragma: no-cache' -H 'Origin: https://www.endomondo.com' -H 'Accept-Encoding: gzip, deflate' -H 'Accept-Language: en-US,en;q=0.8,fr-FR;q=0.6,fr;q=0.4' -H 'User-Agent: Mozilla/5.0 (iPhone; U; CPU iPhone OS 4_2_1 like Mac OS X; en-us) AppleWebKit/533.17.9 (KHTML, like Gecko) Version/5.0.2 Mobile/8C148 Safari/6533.18.5' -H 'Content-Type: application/x-www-form-urlencoded' -H 'Accept: text/xml' -H 'Cache-Control: no-cache' -H 'Referer: https://www.endomondo.com/?x=-Ut4ofqQrclJ*V-2TTUglw' -H 'Cookie: CSRF_TOKEN=rd7g3v4jn7qb3tn850tadctgku; __utmt=1; _dc_gtm_UA-273418-98=1; _gat=1; EndomondoApplication_AUTO=; EndomondoApplication_AUTH="440BDF49EEB9D76EURIPamw77KUpPuQyzORKeykOJHruw8sKNRBWWA0HJ7BP6kfWNLgIy0ZrtapJam0G7F4xt7lZB7M%2FGp7aHoGLRcuXFnNE2UqIonAMHmNL6Nc%3D"; EndomondoApplication_USER="test%40test.test"; JSESSIONID=D44DF5952D9FB9ECB5770809674604BC; USER_TOKEN=4E6208A8CF58143F9JU58ueFMl0S5AJJhA8kgpfKDUL50Siopic6W7lYJlfi8BVhAr0s8LCDSyHNXNGXGMFfFpaxkpf0p8Voa9OIjSFxhWLuAHzq35QK7WQoX94%3D; AWSELB=13FDC17D1C2B68745BCB41EBB6BDDC3DB8274D93D6BFB2FED334D90D6839B6C1C83CB494F784DFC9E02CB65D818CE77DB9BD0EC99020A8445EE98B4DBDFCA6E4A764395BA73DF1CBDA0BA244DD4CE2E654387EB981; acceptCookies=1; _ga=GA1.2.146159703.1442243029; __utma=162144232.146159703.1442243029.1451137760.1451149929.4; __utmb=162144232.7.10.1451149929; __utmc=162144232; __utmz=162144232.1442243029.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)' -H 'Connection: keep-alive' -H 'Wicket-Ajax: true' --data 'id40_hf_0=&csrftoken=rd7g3v4jn7qb3tn850tadctgku&workoutRow%3A0%3Amark=on&workoutRow%3A0%3Asport=89&reviewSumbit=1' --compressed
Or :
curl '
https://www.endomondo.com/?x=0vBK0C*OVDu7aPYFZkE-CVgVIAFbs93VmWFtfCp7PaWi1ZSVu574S9sV8PL-3zjJUvnwjalxBcDaHd*-JuZnu52USOr5snwbRLbnzcTIw1AXlA-F028Z-Xs-0k5SWzAWYCg3I-wtaU3iwIxLLlrHgzW4j28xUw0QNh0zDH4z*Js&random=0.6610315972939134' -H '
Pragma: no-cache' -H '
Origin: https://www.endomondo.com' -H '
Accept-Encoding: gzip, deflate' -H '
Accept-Language: en-US,en;q=0.8,fr-FR;q=0.6,fr;q=0.4' -H '
User-Agent: Mozilla/5.0 (iPhone; U; CPU iPhone OS 4_2_1 like Mac OS X; en-us) AppleWebKit/533.17.9 (KHTML, like Gecko) Version/5.0.2 Mobile/8C148 Safari/6533.18.5' -H '
Content-Type: application/x-www-form-urlencoded' -H '
Accept: text/xml' -H '
Cache-Control: no-cache' -H '
Referer: https://www.endomondo.com/?x=-Ut4ofqQrclJ*V-2TTUglw' -H '
Cookie: CSRF_TOKEN=rd7g3v4jn7qb3tn850tadctgku; __utmt=1; _dc_gtm_UA-273418-98=1; _gat=1; EndomondoApplication_AUTO=; EndomondoApplication_AUTH="440BDF49EEB9D76EURIPamw77KUpPuQyzORKeykOJHruw8sKNRBWWA0HJ7BP6kfWNLgIy0ZrtapJam0G7F4xt7lZB7M%2FGp7aHoGLRcuXFnNE2UqIonAMHmNL6Nc%3D"; EndomondoApplication_USER="test%40test.test"; JSESSIONID=D44DF5952D9FB9ECB5770809674604BC; USER_TOKEN=4E6208A8CF58143F9JU58ueFMl0S5AJJhA8kgpfKDUL50Siopic6W7lYJlfi8BVhAr0s8LCDSyHNXNGXGMFfFpaxkpf0p8Voa9OIjSFxhWLuAHzq35QK7WQoX94%3D; AWSELB=13FDC17D1C2B68745BCB41EBB6BDDC3DB8274D93D6BFB2FED334D90D6839B6C1C83CB494F784DFC9E02CB65D818CE77DB9BD0EC99020A8445EE98B4DBDFCA6E4A764395BA73DF1CBDA0BA244DD4CE2E654387EB981; acceptCookies=1; _ga=GA1.2.146159703.1442243029; __utma=162144232.146159703.1442243029.1451137760.1451149929.4; __utmb=162144232.7.10.1451149929; __utmc=162144232; __utmz=162144232.1442243029.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)' -H '
Connection: keep-alive' -H '
Wicket-Ajax: true' --data '
id40_hf_0=&csrftoken=rd7g3v4jn7qb3tn850tadctgku&workoutRow%3A0%3Amark=on&workoutRow%3A0%3Asport=89&reviewSumbit=1' --compressed
I get :
<ajax-response><redirect><![CDATA[error]]></redirect></ajax-response>
So I didn't even been able to try to submit it with the second command :
curl 'https://www.endomondo.com/?x=WlHAHVtjhk33-6IZe8pKNMcha8tKpVMtc7*LCDzjZIEH14OF2*ZrTz5U6XsxRTk3xhNTap*KHozta0ZwGX4renCl4kla788HolvOCWj8Yz9gkvwj2Yngw-hgnzScvIqHiZAZFeNpfszko*MwYqk2W2GbbT2zy9AALpIO4IAb1lw&random=0.6173482222948223' -H 'Pragma: no-cache' -H 'Origin: https://www.endomondo.com' -H 'Accept-Encoding: gzip, deflate' -H 'Accept-Language: en-US,en;q=0.8,fr-FR;q=0.6,fr;q=0.4' -H 'User-Agent: Mozilla/5.0 (iPad; CPU OS 7_0 like Mac OS X) AppleWebKit/537.51.1 (KHTML, like Gecko) Version/7.0 Mobile/11A465 Safari/9537.53' -H 'Content-Type: application/x-www-form-urlencoded' -H 'Accept: text/xml' -H 'Cache-Control: no-cache' -H 'Referer: https://www.endomondo.com/?x=C-bb6EzoU1JGg3brORVo4w' -H 'Cookie: CSRF_TOKEN=rd7g3v4jn7qb3tn850tadctgku; EndomondoApplication_AUTO=; EndomondoApplication_AUTH="440BDF49EEB9D76EURIPamw77KUpPuQyzORKeykOJHruw8sKNRBWWA0HJ7BP6kfWNLgIy0ZrtapJam0G7F4xt7lZB7M%2FGp7aHoGLRcuXFnNE2UqIonAMHmNL6Nc%3D"; EndomondoApplication_USER="test%40test.test"; JSESSIONID=D44DF5952D9FB9ECB5770809674604BC; AWSELB=13FDC17D1C2B68745BCB41EBB6BDDC3DB8274D93D6BFB2FED334D90D6839B6C1C83CB494F784DFC9E02CB65D818CE77DB9BD0EC99020A8445EE98B4DBDFCA6E4A764395BA73DF1CBDA0BA244DD4CE2E654387EB981; acceptCookies=1; _ga=GA1.2.146159703.1442243029; __utma=162144232.146159703.1442243029.1451137760.1451149929.4; __utmb=162144232.9.10.1451149929; __utmc=162144232; __utmz=162144232.1442243029.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); USER_TOKEN=23EEE323B7AEA408yrCg5GoWVwn5pzcXtsVfJop8VgkqdNw9y6XCU1hTgcylJixgbmFwGy8k7IUp25N2CeS0aSn0B9R0B5KIcbwPK5HhL5znQwSCTQR%2FcV4xHZ8%3D' -H 'Connection: keep-alive' -H 'Wicket-Ajax: true' --data 'id56_hf_0=&csrftoken=rd7g3v4jn7qb3tn850tadctgku&workoutRow%3A0%3Amark=on&workoutRow%3A0%3Asport=8&reviewSumbit=1' --compressed
I guess there should be a cleaner way to do this, but I don't know where to start.
Thanks for reading, feel free to ask more details.
Have a great day.
François

How to enable/disable action rules in VAPIX 3?

Does somebody faced VAPIX 3 api? I need to enable/disable action rules for camera. Leafing through some api from the internet i have not found any specific information for action rules, so i sniffed requests from web-panel. On required action it sends 4 soap requests:
curl 'http://**.***.***.***:****/vapix/services?timestamp=1395407004744'
-X POST -H 'Host: **.***.***.***:****'
-H 'User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/28.0'
-H 'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8'
-H 'Accept-Language: en-US,en;q=0.5'
-H 'Accept-Encoding: gzip, deflate'
-H 'SOAPAction: http://www.axis.com/vapix/ws/action1/RemoveActionRule'
-H 'Content-Type: text/xml; charset=utf-8'
-H 'Referer: http://**.***.***.***:****/operator/action_rule_setup.shtml?doAction=modify&ruleId=18&timestamp=1395406986842'
curl 'http://**.***.***.***:****/vapix/services?timestamp=1395407005154'
-X POST -H 'Host: **.***.***.***:****'
-H 'User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/28.0'
-H 'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8'
-H 'Accept-Language: en-US,en;q=0.5'
-H 'Accept-Encoding: gzip, deflate'
-H 'SOAPAction: http://www.axis.com/vapix/ws/action1/RemoveActionConfiguration'
-H 'Content-Type: text/xml; charset=utf-8'
-H 'Referer: http://**.***.***.***:****/operator/action_rule_setup.shtml?doAction=modify&ruleId=18&timestamp=1395406986842'
curl 'http://**.***.***.***:****/vapix/services?timestamp=1395407005333'
-X POST
-H 'Host: **.***.***.***:****'
-H 'User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/28.0'
-H 'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8'
-H 'Accept-Language: en-US,en;q=0.5'
-H 'Accept-Encoding: gzip, deflate'
-H 'SOAPAction: http://www.axis.com/vapix/ws/action1/AddActionConfiguration'
-H 'Content-Type: text/xml; charset=utf-8'
-H 'Referer: http://**.***.***.***:****/operator/action_rule_setup.shtml?doAction=modify&ruleId=18&timestamp=1395406986842'
curl 'http://**.***.***.***:****/vapix/services?timestamp=1395407005575'
-X POST
-H 'Host: **.***.***.***:****'
-H 'User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/28.0'
-H 'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8'
-H 'Accept-Language: en-US,en;q=0.5'
-H 'Accept-Encoding: gzip, deflate'
-H 'SOAPAction: http://www.axis.com/vapix/ws/action1/AddActionRule'
-H 'Content-Type: text/xml; charset=utf-8'
-H 'Referer: http://**.***.***.***:****/operator/action_rule_setup.shtml?doAction=modify&ruleId=18&timestamp=1395406986842'
Do i really need to delete/create actions for disable/enable it ?
Yes, you need to create/recreate action rules in order the enable or disable them. If you look at the SOAP actions generated form the web interface, it actually does the same.
One work-around would be to combine the conditions in your rule with a virtual (or even non-virtual) input. The input is stateful and can be toggled with the ChangeVirtualInputState method in the EventService. You need to check if your camera supports inputs, though.

How i can handle http requests in perl?

I tried to use CGI.pm (3.15), but it can't handle PUT requests.
I'm building a REST API, so I need methods PUT, GET, POST and DELETE.
Any ideas?
Code:
#!/usr/bin/perl
use strict;
use CGI;
use CGI::Carp qw(fatalsToBrowser);
main: {
print "Content-Type: text/html; charset=utf-8\n\n";
my $query = CGI->new;
my $value1 = $query->param('param1');
my $value2 = $query->param('param2');
my $data = $query->param('PUTDATA');
print "value1[$value1] value2[$value2] data[$data]\n";
};
Curl:
curl 'http://localhost/cgi-bin/testing.cgi' -X PUT -H 'Origin: chrome-extension://hgmloofddffdnphfgcellkdfbfbjeloo' -H 'Accept-Encoding: gzip,deflate,sdch' -H 'Host: 192.168.8.197' -H 'Accept-Language: es-419,es;q=0.8' -H 'User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1500.71 Safari/537.36' -H 'Content-Type: application/x-www-form-urlencoded' -H 'Accept: */*' -H 'Connection: keep-alive' --data 'param1=hola&param2=hola' --compressed
value1, value2 and data always empty.
I found it!
The solution was doing an update to the perl module CGI to 3.63 and now works fine.