Как использовать curl для подтверждения доступа к области пользователя? - PullRequest
0 голосов
/ 06 ноября 2018

Я настроил сервер авторизации и могу отправить ему следующий запрос:

curl -i -H "Accept:application/json" -H "Content-Type: application/json" -H "Authorization:Bearer eyJhbGciOiJIUzUxMiJ9.eyJlbWFpbCI6Im1pdHRpcHJvdmVuY2VAeWFob28uc2UiLCJmdWxsbmFtZSI6IlN0ZXBoYW5lIEV5YmVydCIsInNjb3BlcyI6WyJST0xFX1VTRVIiXSwic3ViIjoibWl0dGlwcm92ZW5jZUB5YWhvby5zZSIsImlzcyI6Imh0dHA6Ly90aGFsYXNvZnQuY29tIiwiaWF0IjoxNTQxNTExMDg0LCJleHAiOjE1NDE1MTQ2ODR9.90fZX0wjd0YH4ooosjBNvzmYM3tsusULl5GyBYy8B9wEexW_tu2yBS8ZEIbotwqDUryZkPxXFt5qqJvOjiVVAQ" "http://localhost:8080/api/auth/authorize?client_id=ng-zero&redirect_uri=http%3A%2F%2Flocalhost%3A4200%2Fcallback&state=DCEeFWf45A53sdfKef424&response_type=code&scope=read_profile" -X POST 
HTTP/1.1 200 
Set-Cookie: JSESSIONID=1E87C912487850BE2DE6C71343C35E6E; Path=/api; HttpOnly
Cache-Control: no-store
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
X-Frame-Options: DENY
Content-Type: text/html;charset=UTF-8
Content-Language: en
Content-Length: 571
Date: Tue, 06 Nov 2018 14:20:15 GMT

<html><body><h1>OAuth Approval</h1><p>Do you authorize "ng-zero" to access your protected resources?</p><form id="confirmationForm" name="confirmationForm" action="/api/oauth/authorize" method="post"><input name="user_oauth_approval" value="true" type="hidden"/><label><input name="authorize" value="Authorize" type="submit"/></label></form><form id="denialForm" name="denialForm" action="/api/oauth/authorize" method="post"><input name="user_oauth_approval" value="false" type="hidden"/><label><input name="deny" value="Deny" type="submit"/></label></form></body></html>

Теперь я хотел бы проверить эту форму, то есть псевдо-клик по ее кнопке Authorize.

Исходя из этого, я ожидаю получить ответ, который является перенаправлением на URL обратного вызова.

Я попытался задать ему параметр формы user_oauth_approval, но это не помогло:

$ curl -i -H "Accept:application/json" -H "Content-Type: application/json" -H "Authorization:Bearer eyJhbGciOiJIUzUxMiJ9.eyJlbWFpbCI6Im1pdHRpcHJvdmVuY2VAeWFob28uc2UiLCJmdWxsbmFtZSI6IlN0ZXBoYW5lIEV5YmVydCIsInNjb3BlcyI6WyJST0xFX1VTRVIiXSwic3ViIjoibWl0dGlwcm92ZW5jZUB5YWhvby5zZSIsImlzcyI6Imh0dHA6Ly90aGFsYXNvZnQuY29tIiwiaWF0IjoxNTQxNTExMDg0LCJleHAiOjE1NDE1MTQ2ODR9.90fZX0wjd0YH4ooosjBNvzmYM3tsusULl5GyBYy8B9wEexW_tu2yBS8ZEIbotwqDUryZkPxXFt5qqJvOjiVVAQ" "http://localhost:8080/api/auth/authorize?client_id=ng-zero&redirect_uri=http%3A%2F%2Flocalhost%3A4200%2Fcallback&state=DCEeFWf45A53sdfKef424&response_type=code&scope=read_profile" -X POST -d "{ \"user_oauth_approval\" : \"true\" }"HTTP/1.1 200 
Set-Cookie: JSESSIONID=BDB2B137C9A6E10B3E802A8AF9E705C8; Path=/api; HttpOnly
Cache-Control: no-store
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
X-Frame-Options: DENY
Content-Type: text/html;charset=UTF-8
Content-Language: en
Content-Length: 571
Date: Tue, 06 Nov 2018 14:15:59 GMT

<html><body><h1>OAuth Approval</h1><p>Do you authorize "ng-zero" to access your protected resources?</p><form id="confirmationForm" name="confirmationForm" action="/api/oauth/authorize" method="post"><input name="user_oauth_approval" value="true" type="hidden"/><label><input name="authorize" value="Authorize" type="submit"/></label></form><form id="denialForm" name="denialForm" action="/api/oauth/authorize" method="post"><input name="user_oauth_approval" value="false" type="hidden"/><label><input name="deny" value="Deny" type="submit"/></label></form></body></html>[stephane@stephane-ThinkPad-X201 user-rest (master)]

Я попытался передать ему файл cookie JSESSIONID, но он тоже не помог:

curl -i -H "Accept:application/json" -H "Content-Type: application/json" -H "Authorization:Bearer eyJhbGciOiJIUzUxMiJ9.eyJlbWFpbCI6Im1pdHRpcHJvdmVuY2VAeWFob28uc2UiLCJmdWxsbmFtZSI6IlN0ZXBoYW5lIEV5YmVydCIsInNjb3BlcyI6WyJST0xFX1VTRVIiXSwic3ViIjoibWl0dGlwcm92ZW5jZUB5YWhvby5zZSIsImlzcyI6Imh0dHA6Ly90aGFsYXNvZnQuY29tIiwiaWF0IjoxNTQxNTE5OTU5LCJleHAiOjE1NDE1MjM1NTl9.vcUtEhLDLF5vpeMofwQ9k2rKgZzo52l2nuCN7GZ04D4ZCMXpckS5mwEoROZ5CqucjoTJEDHg-CwSDH4HcM0Xtw" -H "Cookie: JSESSIONID=D7A7AE9A76C46AA49FA928979BEB5FF6" "http://localhost:8080/api/auth/authorize?client_id=ng-zero&redirect_uri=http%3A%2F%2Flocalhost%3A4200%2Fcallback&state=DCEeFWf45A53sdfKef424&response_type=code&scope=read_profile" -X POST -d "{ \"user_oauth_approval\" : \"true\" }"
HTTP/1.1 200 
Set-Cookie: JSESSIONID=43D30521A2C3F8EF66D0F5B655DEFAF5; Path=/api; HttpOnly
Cache-Control: no-store
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
X-Frame-Options: DENY
Content-Type: text/html;charset=UTF-8
Content-Language: en
Content-Length: 571
Date: Tue, 06 Nov 2018 16:01:21 GMT

<html><body><h1>OAuth Approval</h1><p>Do you authorize "ng-zero" to access your protected resources?</p><form id="confirmationForm" name="confirmationForm" action="/api/oauth/authorize" method="post"><input name="user_oauth_approval" value="true" type="hidden"/><label><input name="authorize" value="Authorize" type="submit"/></label></form><form id="denialForm" name="denialForm" action="/api/oauth/authorize" method="post"><input name="user_oauth_approval" value="false" type="hidden"/><label><input name="deny" value="Deny" type="submit"/></label></form></body></html>

Я также попытался добавить данные элемента submit:

curl -i -H "Accept:application/json" -H "Content-Type: application/json" -H "Authorization:Bearer eyJhbGciOiJIUzUxMiJ9.eyJlbWFpbCI6Im1pdHRpcHJvdmVuY2VAeWFob28uc2UiLCJmdWxsbmFtZSI6IlN0ZXBoYW5lIEV5YmVydCIsInNjb3BlcyI6WyJST0xFX1VTRVIiXSwic3ViIjoibWl0dGlwcm92ZW5jZUB5YWhvby5zZSIsImlzcyI6Imh0dHA6Ly90aGFsYXNvZnQuY29tIiwiaWF0IjoxNTQxNTE5OTU5LCJleHAiOjE1NDE1MjM1NTl9.vcUtEhLDLF5vpeMofwQ9k2rKgZzo52l2nuCN7GZ04D4ZCMXpckS5mwEoROZ5CqucjoTJEDHg-CwSDH4HcM0Xtw" -H "Cookie: JSESSIONID=D7A7AE9A76C46AA49FA928979BEB5FF6" "http://localhost:8080/api/auth/authorize?client_id=ng-zero&redirect_uri=http%3A%2F%2Flocalhost%3A4200%2Fcallback&state=DCEeFWf45A53sdfKef424&response_type=code&scope=read_profile" -X POST -d "{ \"user_oauth_approval\" : \"true\", \"authorize\" : \"Authorize\" }"

но это все тот же ответ.

Я также пытался с httpie, используя запрос:

$ http -f POST http://localhost:8080/api/auth/authorize client_id=="ng-zero" redirect_uri=="http://localhost:4200/callback" state=="DCEeFWf45A53sdfKef424" response_type=="code" scope=="read_profile" "Accept:application/json" "Content-Type:application/json" "Authorization:Bearer $TOKEN" "Cookie:JSESSIONID=8D6D0C673961FB6DDB5F94DB1AC93EC7; Path=/api; HttpOnly" user_oauth_approval="true" authorize="Authorize"
HTTP/1.1 200 
Cache-Control: no-store
Content-Language: en
Content-Length: 571
Content-Type: text/html;charset=UTF-8
Date: Wed, 07 Nov 2018 13:53:23 GMT
Set-Cookie: JSESSIONID=5CB863D4C5F594E05D9E0C5422DE3B9A; Path=/api; HttpOnly
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-XSS-Protection: 1; mode=block

<html><body><h1>OAuth Approval</h1><p>Do you authorize "ng-zero" to access your protected resources?</p><form id="confirmationForm" name="confirmationForm" action="/api/oauth/authorize" method="post"><input name="user_oauth_approval" value="true" type="hidden"/><label><input name="authorize" value="Authorize" type="submit"/></label></form><form id="denialForm" name="denialForm" action="/api/oauth/authorize" method="post"><input name="user_oauth_approval" value="false" type="hidden"/><label><input name="deny" value="Deny" type="submit"/></label></form></body></html>

но это та же проблема.

Предоставление значения JSESSIONID предыдущего запроса не отправляет форму, а отображает ее снова.

Как я могу отправить эту форму, используя curl снова?

...