I have the following curl command which works perfectly fine:
curl --silent --location -cookie "$COOKIE" --cookie-jar "$COOKIE" \
--form 'username=xxx' --form 'password=yyy' 'http://example.com'
It logs into site http://example.com posting a form with variable names username and password.
Problem is: I do not want to pass the password in clear.
I have also tried to save the password in a file called passwd in the working directory (chmod 600 passwd) and used the following curl command (this is why I used --form instead of --data, which would have been worked fine with the password in clear), however, it does not work:
curl --silent --location -cookie "$COOKIE" --cookie-jar "$COOKIE" \
--form 'username=xxx' --form 'password=<passwd' 'http://example.com'
Any suggestion about how to solve this?
Regards,
Stefano
Hans Z. answer to use environmental variable is correct in my opinion. Though I might just add that in bash you could use read command, which would prompt for password and not make it visible in history.
So the usage would look like this
$ read -s PASSWD # -s is there so the characters you type don't show up
$ curl --silent --location -cookie "$COOKIE" --cookie-jar "$COOKIE" \
--form 'username=xxx' --form "password=${PASSWD}" 'http://example.com'
UPDATE:
Another solution found in the comments is to use curl's --data-urlencode name#filename argument.
Quoting the manpage:
name#filename
This will make curl load data from the given file (including any newlines), URL-encode that data and pass it on in the POST.
And the final command looked like
$ curl --silent --location -cookie "$COOKIE" --cookie-jar "$COOKIE" \
--data 'username=xxx' --data-urlencode "password#passwd" 'http://example.com'
Set the password in an environment variable, e.g. export PASSWD=secret and use it in --form "password=${PASSWD}".
Passing secrets in command line is insecure as they are available in process list.
You should use the --data-urlencode name#filename approach
This will make curl load data from the given file
(including any newlines), URL-encode that data and
pass it on in the POST.
or -K, --config <file>
Specify a text file to read curl arguments from. The
command line arguments found in the text file will be used
as if they were provided on the command line.
See also this anwser
Related
I'm using this script:
wget -O C:\FlairnetLab\output\x.csv --http-user='[My User]' --http-password='[Password]' --no-check-certificate https://ca-test.adyen.com/reports/download/MerchantAccount/FlairnetECOM/payments_accounting_report_2021_06_10.csv
But i get no file found response. But if i type the url in the browser using the same credential i can download the file.
Can some help me?
The problem is likely to be the encoding of the credentials (both Adyen-generated username and password include several special characters).
An option is to generate the base64-encoded string username: password with a command line (or with an online generator)
# example on Mac
$ echo -n '<username>:<password>' | openssl base64
cmVwb3J0.......5LX4=
then pass it in the Authorization header
# example with wget
wget --header "Authorization: Basic cmVwb3J0.......5LX4=" https://ca-test.adyen.com/reports/download/MerchantAccount/MyMerchantAccount/payments_accounting_report_2021_01_01.csv
# example with curl
curl -H "Authorization: Basic cmVwb3J0.......5LX4=" -X GET https://ca-test.adyen.com/reports/download/MerchantAccount/MyMerchantAccount/payments_accounting_report_2021_01_01.csv
I'm attempting to execute the following CURL call via commandline:
curl -i -H "Content-Type:application/json" \
-u "m19389#dev.acp.co.com:qE2P/N7y1k.\(" \
-X GET -d "https://wefd.it.co.com:3905/events/com.co.mpm.dev.29160-wgdhfgd-v1/dsd/dsdfds-0-0-1-7c49768976-2g7kq"
I've added quotes around the arguments and all, and I'm definitely inclusing the curl url, so I'm not sure what's going on here. Where did I go wrong?
From perl i'm trying to call a servicenow rest api to update some data attributes.
I'm using curl command to achieve this and for some reasons i can't use any of the perl modules available.
I'm able to achieve this successfully without any special characters in the value field of the json.
Following is the code used for formatting the cmd:
my $comments = "b'c";
my $cmd = `curl \"$url\" -i -s --insecure --user test:test --request PUT --header "Accept:application/json" --header "Content-Type:application/json" --data '{\"comments\":\"$comments\"}'`;
If the above value is "bc" i'm able to get the data, but if i give "b'c" the i'm getting following errors:
sh: -c: line 0: unexpected EOF while looking for matching `"'
sh: -c: line 1: syntax error: unexpected end of file
Even i tried the following code:
my $cmd = system "curl https://test.service-now.com/api/now/table/incident/code?sysparm_display_value=true -i -s --insecure --request PUT --header \"Accept:application/json\" --header \"Content-Type:application/json\" --data '{\"comments\":\"bc\"}' --user test:test";
If a string with single quote b'c is given I'm getting the same error.
Could somebody please tell me how to handle single quote inside double quoted string?
I can get this working with
my $comments = "b\"'\"c";
The string that gets passed to the shell is then
--data '{"comments":"b'"'"'c"}'
which is three separate tokens concatenated together:
'{"comments":"b' resolves to {"comments":"b
"'" resolves to '
'c"}' resolves to c"}
Also see String::ShellQuote, which is a godsend for problems like this.
use String::ShellQuote;
$comments = "b'c";
#cmd = ("curl", $URL, "-i", "-s", "--insecure", "--request",
"PUT", "--header", "Accept:applicatin/json", "--header",
"Content-Type:application/json",
"--data", qq[{"comments":$comments}], "--user", "test:test");
$cmd = shell_quote(#cmd);
print $cmd;
Gives you:
curl 'https://test.service-now.com/api/now/table/incident/code?sysparm_display_value=true'
-i -s --insecure --request PUT --header
Accept:application/json --header Content-Type:application/json
--data '{"comments":"b'\''c"}' --user test:test
which would also satisfy the shell's syntax checker.
I am trying to follow the documentation from timekit.io. I am attempting to do something as simple as send a curl request to do basic authentication as seen in this section of the docs. I have replaced the Timekit-App:name-of-app with the name of my app which I found in the app-settings of my timekit account. I also replaced the email & password with the one's I use to login into my account.
I simply copied and pasted the curl command as is into my terminal and I get a response that says {"error":"Content-type should be json!"} I am not sure if I am not supposed to copy and paste it as is, or what I may be doing wrong, but my understanding is I am supposed to get a json response with a email and a api token among some other data.
Here is my curl command.
curl -X POST \
-H 'Timekit-App: jl-fit' \
-d '{
"email": "email#email.com",
"password": "password"
}' \
https://api.timekit.io/v2/auth
Looks like you have discovered a bug in their docs/examples.
The API you're connecting to expects JSON content type, but curl by default (for POSTing data) uses application/x-www-form-urlencoded. You can fix it by adding the header field explicitly with: -H 'Content-Type: application/json'.
Also, when you use the -d/--data option, method defaults to POST, so it doesn't have to be specified explicitly.
All put together, this should work:
curl \
-H 'Content-Type: application/json' \
-H 'Timekit-App: jl-fit' \
-d '{"email": "email#email.com", "password": "password"}' \
"https://api.timekit.io/v2/auth"
When having multiple arguments, it can be convenient to keep them in an array (no need to escape newlines). For example:
args=(
-H 'Content-Type: application/json'
-H 'Timekit-App: jl-fit'
-d '{"email": "email#email.com", "password": "password"}'
"https://api.timekit.io/v2/auth"
)
curl "${args[#]}"
I want to make the following curl call to get an access token:
curl -k -XPOST --user "{user}" {url}/access_token -d 'grant_type=authorization_code&code={code}&redirect_uri={uri}'
However, I get the following error statement:
'code' is not recognized as ane internal or external command, operable program or batch file.
'redirect_uri' is not recognized as ane internal or external command, operable program or batch file.
When I check the trace, I see that the body only contains this: 'grant_type=authorization_code
What can I do to make sure all the parameters get passed?
curl -X "POST" "{url}/access_token" \
--user "{user}" \
-H "Content-Type: application/x-www-form-urlencoded" \
--data-urlencode "code={code}" \
--data-urlencode "redirect_uri={uri}" \
--data-urlencode "grant_type=authorization_code"
I hope this helps
It seems that the &-character is interpreted as "execute as background job". Try escaping each &-character with a backslash - like \&
Alternatively you could write your content into a file and reference this file via the parameter -d #file
The #-character is important for curl to know that file is a file name.