The FOSRestBundle is working perfectly in my project but without authentification. Now, my goal is to make my requests with auth.
To do so, I added this firewall in security.yml
firewalls:
# ...
rest_api:
pattern: ^/api/
stateless: true
http_basic:
provider: fos_userbundle
# ...
access_control:
# ...
- { path: ^/api/, role: IS_AUTHENTICATED_FULLY }
To check this, I used this shell command:
curl -i http://localhost/tuto/web/app_dev.php/api/test/1
The result is:
HTTP/1.1 302 Found
Date: Fri, 11 Apr 2014 13:56:08 GMT
Server: Apache/2.2.22 (Ubuntu)
X-Powered-By: PHP/5.4.9-4ubuntu2.4
Set-Cookie: PHPSESSID=4dtr168vmj1eg523a07kbkjkh1; path=/
Cache-Control: no-cache
Location: http://localhost/tuto/web/app_dev.php/login
Vary: Accept-Language
X-Debug-Token: 220df7
Transfer-Encoding: chunked
Content-Type: application/json
<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta http-equiv="refresh" content="1;url=http://localhost/tuto/web/app_dev.php/login" />
<title>Redirecting to http://localhost/tuto/web/app_dev.php/login</title>
</head>
<body>
Redirecting to http://localhost/tuto/web/app_dev.php/login.
</body>
</html>
As you can see, the returned code is 302 FOUND since it is URL is redirected to http://localhost/tuto/web/app_dev.php/login as I am using FOSUserBundle.
Now, I want to check if the authenfication is working well. I tried this: curl -i http://localhost/tuto/web/app_dev.php/api/test/1 --user user:password but still I have 302 FOUND.
I tried this also curl -i -H 'Accept:application/json' -H 'Authorization:Basic username:password' http://localhost/tuto/web/app_dev.php/api/test/1 but still I have 302 FOUND.
So is there any proposal of curl command to check the auth in my REST api?
Thanks,
Notice: I have tried solutions in many links like: basic authorization command for curl
Solution found!
All you have to do is:
Change the firewall like this:
firewalls:
# ...
rest_api:
# pattern: ^/api/ # to be changed as in the next line
pattern: /api/.* # the correct way
stateless: true
http_basic:
provider: fos_userbundle
# ...
access_control:
# ...
# - { path: ^/api/, role: IS_AUTHENTICATED_FULLY } # to be removed
For the curl command, it has to be like this:
curl -i -H 'Accept:application/json' -H 'Authorization:Basic YW1pbmU6c3RpZ21hdGFn' http://localhost/tuto/web/app_dev.php/api/test/1
where YW1pbmU6c3RpZ21hdGFn is the result of encoding 'user:password' in base64.
Hope it will help others.
Related
How do I build a cURL command that will follow redirects, but only return the content from the final (200) response? For example, I run curl.exe -LIk securityheaders.com and it returns the 301 response headers and the 200 response headers. I want to assign a variable to that cURL and only have the regex from the 200 response headers to check against a set of conditions.
You are using -LIk that means:
-k, --insecure Allow insecure server connections (OK)
-L, --location Follow redirects (OK)
-I, --head Show document info only (WHY)
When you put -I you are request for the document info only when all you want to is the content, just remove -I.
curl -Lk securityheaders.com
<!DOCTYPE HTML>
<html lang="en">
...
I would like to find a PowerShell alternative to curl most specific when calling jenkins api and getting a return output.
curl --silent -k https://jenkins:8443/job/myjob/buildwithParameters -i
The curl parameter -i will return the queue number in the output.
With the queue item I can easily query again the API and get the results of the specific job.
Location: https://jenkinsserver:8443/queue/item/317/
I can successfully wrap curl into a PowerShell script/function however I would like to eliminate this dependency.
PS C:\> curl.exe --silent -k https://jenkinsserver:8443/job/MyJOB/buildWithParameters --user myuser:****myapitoken****** --data ComputerName=XYZ003 --data State=start --data --data ve
rbosity=high -i
HTTP/1.1 201 Created
Date: Wed, 02 Dec 2020 02:52:01 GMT
X-Content-Type-Options: nosniff
Location: https://jenkinsserver:8443/queue/item/317/
Content-Length: 0
Server: Jetty(9.4.30.v20200611)
PS C:\>
Here is my request:
> curl -i -H "Accept: application/json" -H "Content-Type:
> application/json" -X GET
> http://access.alchemyapi.com/calls/image/ImageGetRankedImageKeywords?apikey=<key>&image=file%3A%2F%2Ftmp%2Fimage.jpg&imagePostMode=not-raw&outputMode=json
Following http://www.alchemyapi.com/api/image-tagging/image.html
Response:
HTTP/1.1 200 OK Server: nginx Date: Wed, 13 May 2015 04:27:56 GMT
Content-Type: application/xml; charset=utf-8 Content-Length: 440
Connection: keep-alive Cache-Control: no-cache
X-AlchemyAPI-CurrentVersion: 12.15 X-AlchemyAPI-Error-Msg:
content-is-empty X-AlchemyAPI-Key: X-AlchemyAPI-Params:
sentiment=0&knowledgeGraph=0&detectedLanguage=unknown&submitLanguage=detect
X-AlchemyAPI-Status: ERROR X-AlchemyAPI-Total-Transactions: 4
Access-Control-Allow-Origin: *
ERROR
content-is-empty
By accessing AlchemyAPI or using information generated by AlchemyAPI, you are agreeing to be bound by the AlchemyAPI Terms of
Use: http://www.alchemyapi.com/company/terms.html
4
Why?
The image exists:
$ ls -l /tmp/trash1.jpg
-rw-r-----# 1 xx staff 47846 May 12 15:49 /tmp/image.jpg
$
Their support helped me.
Essentially i need to POST the image directly.
Can't use the "image" parameter and filling it with the name of the local file. That parameter actually needs to contain the contents of the image file instead. So instead need to use imagePostMode=raw, and just add the file as the post body, which I would recommend. Something like this:
wget -qO- --post-file YOUR_IMAGE.png "http://access.alchemyapi.com/calls/image/ImageGetRankedImageKeywords?apikey=API_KEY&imagePostMode=raw"
There's plenty of info on how to prevent curl from showing header information when doing a request for the PHP version, but seemingly nothing for the CLI version.
my request is in the form
curl -i -X POST -H 'Content-Type: application/json; charset=UTF-8' -H 'X-Accept: application/json' -H '-d '{"somedata":"12ihiuhihihed994f63dbef6b012b"}' https://myurl.com/v3/oauth/request
Which works, but returns this:
HTTP/1.1 200 OK
Cache-Control: private
Content-Type: application/json
Date: Wed, 27 Mar 2013 20:42:11 GMT
P3P: policyref="/w3c/p3p.xml", CP="ALL CURa ADMa DEVa OUR IND UNI COM NAV INT STA PRE"
Server: Apache/2.2.23 (Amazon)
Status: 200 OK
X-Powered-By: PHP/5.3.20
Content-Length: 54
Connection: keep-alive
{"code":"jkhjhhjhaa","state":null}
when all I really want is this:
{"code":"jkhjhhjhaa","state":null}
Simply remove the -i switch from your curl command.
man curl
said :
-i, --include
(HTTP) Include the HTTP-header in the output. The HTTP-header includes things like server-name, date of the document, HTTP-version and more...
In order to suppress output from CURL CLI --silent option can be used. It perfectly works when curl output is piped as well.
-s, --silent Silent mode (don't output anything)
In case this isn't obvious, also don't use the -v (verbose) switch with -s (silent)
First I'm pretty sure the riak is setting ok by using the command: riak-admin status
But I can't PUT in into a bucket test:
curl -v -X PUT -d 'This is really cool' -H "Content-Type: text/plain" http://markson.hk:8098/buckets/test/1234
< HTTP/1.1 404 Object Not Found
< Server: MochiWeb/1.1 WebMachine/1.9.0 (participate in the frantic)
< Date: Fri, 18 Nov 2011 12:13:03 GMT
< Content-Type: text/html
< Content-Length: 193
Does the error due to the new bucket test? Should I create it first?
Take a look at Basic Riak API Operations, the basic PUT request looks like this:
PUT /riak/bucket/key
Hence your curl example should be similar to:
curl -v -X PUT -d 'The is so cool' -H "Content-Type: text/plain" http://markson.hk:8098/riak/test/1234
But then again, seems like somebody already deposited a test key for you: