cross
New Foswiki release 2.1.6 is available with important security fixes.
Sourceforge foswiki email lists being discontinued. Subscribe to the new Foswiki announce and discuss lists at MailingLists
This question about Authentication or Authorisation: Answered

Uploading an attachment from the commandline

I'm trying to upload an attachment to a topic using curl. Looking through the FAQs there's a similar problem (i.e., Question317), but I'm not sure whether there was any conclusive resolution.

Here is the curl command that I'm using:
curl --cookie-jar cookies --verbose -k --user wikiupload:XXXXXXXX -F "noredirect=1" -F "createlink=1"  -F "filecomment=A test attachement" -F "filepath=@./wikitest.png" https://xxx.xxx.xxx.xxx/sailwiki/bin/upload/Sandbox/UploadTesting  

And the response I get from curl is:
 
* About to connect() to xxx.xxx.xxx.xxx port 443 (#0)
*   Trying xxx.xxx.xxx.xxx...
* connected
* Connected to xxx.xxx.xxx.xxx (xxx.xxx.xxx.xxx) port 443 (#0)
* error setting certificate verify locations, continuing anyway:
*   CAfile: /usr/ssl/certs/ca-bundle.crt
  CApath: none
* SSLv3, TLS handshake, Client hello (1):
} [data not shown]
* SSLv3, TLS handshake, Server hello (2):
{ [data not shown]
* SSLv3, TLS handshake, CERT (11):
{ [data not shown]
* SSLv3, TLS handshake, Server key exchange (12):
{ [data not shown]
* SSLv3, TLS handshake, Server finished (14):
{ [data not shown]
* SSLv3, TLS handshake, Client key exchange (16):
} [data not shown]
* SSLv3, TLS change cipher, Client hello (1):
} [data not shown]
* SSLv3, TLS handshake, Finished (20):
} [data not shown]
* SSLv3, TLS change cipher, Client hello (1):
{ [data not shown]
* SSLv3, TLS handshake, Finished (20):
{ [data not shown]
* SSL connection using DHE-RSA-AES256-SHA
* Server certificate:
[Redacted]
*      SSL certificate verify result: self signed certificate (18), continuing anyway.
* Server auth using Basic with user 'wikiupload'
> POST /sailwiki/bin/upload/Sandbox/UploadTestingHTTP/1.1
> Authorization: Basic d2lraXVwbG9hZDpNbGhLV0RxQkNt
> User-Agent: curl/7.28.1
> Host:  xxx.xxx.xxx.xxx
> Accept: */*
> Content-Length: 14916
> Expect: 100-continue
> Content-Type: multipart/form-data; boundary=----------------------------0971586fca22
> 
* HTTP 1.1 or later with persistent connection, pipelining supported
< HTTP/1.1 100 Continue
} [data not shown]
* HTTP 1.1 or later with persistent connection, pipelining supported
< HTTP/1.1 302 Found
< Date: Fri, 11 Jan 2013 15:24:52 GMT
< Server: Apache/2.2.15 (Red Hat)
* Added cookie SFOSWIKISID="c7826f8a0f4906243b0b6a56c7ce4ba9" for domain  xxx.xxx.xxx.xxx, path /, expire 0
< Set-Cookie: SFOSWIKISID=c7826f8a0f4906243b0b6a56c7ce4ba9; path=/; secure; HttpOnly
< Location: https:// xxx.xxx.xxx.xxx/sailwiki/bin/oops/Sandbox/MatlabTesting?template=oopsredirectdenied;def=redirect_denied;param1=https:// xxx.xxx.xxx.xxx/sailwiki/bin/login/Sandbox/MatlabTesting%3ffoswikiloginaction%3dvalidate%3bfoswikioriginalquery%3d762dc52417d89f8405772c9a0a06aa70;param2=http:// xxx.xxx.xxx.xxx/sailwiki
< Content-Length: 0
< Connection: close
< Content-Type: text/html; charset=ISO-8859-1
< 

* Closing connection #0
* SSLv3, TLS alert, Client hello (1):
} [data not shown]

Is this the same strikeone issue discussed in Question317? Is there a standard means of doing this through curl? Is there a more detailed recipe for scraping the validation info out of the 'edit' or 'attach' pages?

Thanks,

John

-- JohnEnright - 11 Jan 2013

An update:

So I'm trying to follow the general directions sketched out in the older question:
  1. Pull the validation key from a similar page (attach or edit), e.g.: e798df7954bea393fd99894b29469a63
  2. Pull the FOSWIKISTRIKEONE value out of the cookie: e.g., 752e331eb11e31c06dc1c13aa9d01a57
  3. Concatenate the strings (Validation+Cookie)
  4. Calculate the MD5-hash from the concatenated string: i.e., e26942957f6cc4e4dc4bbccce41380a8
  5. Send this to the 'key_validation' field of the upload POST form:
curl --cookie-jar cookies --verbose -k --user wikiupload:XXXXXXXX -F "noredirect=1" -F "createlink=1"  -F "filecomment=A test attachement" -F "filepath=@./wikitest.png" -F "validation_key=e26942957f6cc4e4dc4bbccce41380a8" https://xxx.xxx.xxx.xxx/sailwiki/bin/upload/Sandbox/UploadTesting

Is that the correct set of operations? I'm still getting the oops redirect response. I don't really know javascript so my interpretation of strikeone.js may be off. Has anyone got this to work?

-- JohnEnright - 15 Jan 2013

Take a look at the perl code in http://trac.foswiki.org/browser/trunk/BuildContrib/lib/Foswiki/Contrib/BuildContrib/Targets/upload.pm This module interfaces with strikeone to upload attachments to the foswiki Extensions web.

It may be that you need to login to get the session cookie. There are a couple of other topics to see as well:

-- GeorgeClark - 15 Jan 2013

Take a look at wikiup at https://bitbucket.org/djerius/wikiup/overview

The wikiup script v1.3.2 is working for me under Foswiki 1.1.9

-- TroyGoodson - 13 Jul 2015

 

QuestionForm edit

Subject Authentication or Authorisation
Extension
Version Foswiki 1.1.6
Status Answered
Related Topics
Topic revision: r8 - 09 Sep 2015, MichaelDaum - This page was cached on 18 Aug 2018 - 18:40.

The copyright of the content on this website is held by the contributing authors, except where stated elsewhere. See Copyright Statement. Creative Commons License    Legal Imprint    Privacy Policy