This question about Authentication or Authorisation: Answered

Uploading an attachment from the commandline

I'm trying to upload an attachment to a topic using curl. Looking through the FAQs there's a similar problem (i.e., Question317), but I'm not sure whether there was any conclusive resolution.

Here is the curl command that I'm using:
curl --cookie-jar cookies --verbose -k --user wikiupload:XXXXXXXX -F "noredirect=1" -F "createlink=1"  -F "filecomment=A test attachement" -F "filepath=@./wikitest.png" https://xxx.xxx.xxx.xxx/sailwiki/bin/upload/Sandbox/UploadTesting  

And the response I get from curl is:
 
* About to connect() to xxx.xxx.xxx.xxx port 443 (#0)
*   Trying xxx.xxx.xxx.xxx...
* connected
* Connected to xxx.xxx.xxx.xxx (xxx.xxx.xxx.xxx) port 443 (#0)
* error setting certificate verify locations, continuing anyway:
*   CAfile: /usr/ssl/certs/ca-bundle.crt
  CApath: none
* SSLv3, TLS handshake, Client hello (1):
} [data not shown]
* SSLv3, TLS handshake, Server hello (2):
{ [data not shown]
* SSLv3, TLS handshake, CERT (11):
{ [data not shown]
* SSLv3, TLS handshake, Server key exchange (12):
{ [data not shown]
* SSLv3, TLS handshake, Server finished (14):
{ [data not shown]
* SSLv3, TLS handshake, Client key exchange (16):
} [data not shown]
* SSLv3, TLS change cipher, Client hello (1):
} [data not shown]
* SSLv3, TLS handshake, Finished (20):
} [data not shown]
* SSLv3, TLS change cipher, Client hello (1):
{ [data not shown]
* SSLv3, TLS handshake, Finished (20):
{ [data not shown]
* SSL connection using DHE-RSA-AES256-SHA
* Server certificate:
[Redacted]
*      SSL certificate verify result: self signed certificate (18), continuing anyway.
* Server auth using Basic with user 'wikiupload'
> POST /sailwiki/bin/upload/Sandbox/UploadTestingHTTP/1.1
> Authorization: Basic d2lraXVwbG9hZDpNbGhLV0RxQkNt
> User-Agent: curl/7.28.1
> Host:  xxx.xxx.xxx.xxx
> Accept: */*
> Content-Length: 14916
> Expect: 100-continue
> Content-Type: multipart/form-data; boundary=----------------------------0971586fca22
> 
* HTTP 1.1 or later with persistent connection, pipelining supported
< HTTP/1.1 100 Continue
} [data not shown]
* HTTP 1.1 or later with persistent connection, pipelining supported
< HTTP/1.1 302 Found
< Date: Fri, 11 Jan 2013 15:24:52 GMT
< Server: Apache/2.2.15 (Red Hat)
* Added cookie SFOSWIKISID="c7826f8a0f4906243b0b6a56c7ce4ba9" for domain  xxx.xxx.xxx.xxx, path /, expire 0
< Set-Cookie: SFOSWIKISID=c7826f8a0f4906243b0b6a56c7ce4ba9; path=/; secure; HttpOnly
< Location: https:// xxx.xxx.xxx.xxx/sailwiki/bin/oops/Sandbox/MatlabTesting?template=oopsredirectdenied;def=redirect_denied;param1=https:// xxx.xxx.xxx.xxx/sailwiki/bin/login/Sandbox/MatlabTesting%3ffoswikiloginaction%3dvalidate%3bfoswikioriginalquery%3d762dc52417d89f8405772c9a0a06aa70;param2=http:// xxx.xxx.xxx.xxx/sailwiki
< Content-Length: 0
< Connection: close
< Content-Type: text/html; charset=ISO-8859-1
< 

* Closing connection #0
* SSLv3, TLS alert, Client hello (1):
} [data not shown]

Is this the same strikeone issue discussed in Question317? Is there a standard means of doing this through curl? Is there a more detailed recipe for scraping the validation info out of the 'edit' or 'attach' pages?

Thanks,

John

-- JohnEnright - 11 Jan 2013

An update:

So I'm trying to follow the general directions sketched out in the older question:
  1. Pull the validation key from a similar page (attach or edit), e.g.: e798df7954bea393fd99894b29469a63
  2. Pull the FOSWIKISTRIKEONE value out of the cookie: e.g., 752e331eb11e31c06dc1c13aa9d01a57
  3. Concatenate the strings (Validation+Cookie)
  4. Calculate the MD5-hash from the concatenated string: i.e., e26942957f6cc4e4dc4bbccce41380a8
  5. Send this to the 'key_validation' field of the upload POST form:
curl --cookie-jar cookies --verbose -k --user wikiupload:XXXXXXXX -F "noredirect=1" -F "createlink=1"  -F "filecomment=A test attachement" -F "filepath=@./wikitest.png" -F "validation_key=e26942957f6cc4e4dc4bbccce41380a8" https://xxx.xxx.xxx.xxx/sailwiki/bin/upload/Sandbox/UploadTesting

Is that the correct set of operations? I'm still getting the oops redirect response. I don't really know javascript so my interpretation of strikeone.js may be off. Has anyone got this to work?

-- JohnEnright - 15 Jan 2013

Take a look at the perl code in http://trac.foswiki.org/browser/trunk/BuildContrib/lib/Foswiki/Contrib/BuildContrib/Targets/upload.pm This module interfaces with strikeone to upload attachments to the foswiki Extensions web.

It may be that you need to login to get the session cookie. There are a couple of other topics to see as well:

-- GeorgeClark - 15 Jan 2013

Take a look at wikiup at https://bitbucket.org/djerius/wikiup/overview

The wikiup script v1.3.2 is working for me under Foswiki 1.1.9

-- TroyGoodson - 13 Jul 2015

 

QuestionForm edit

Subject Authentication or Authorisation
Extension
Version Foswiki 1.1.6
Status Answered
Related Topics
Topic revision: r8 - 09 Sep 2015, MichaelDaum - This page was cached on 30 Mar 2017 - 13:27.

The copyright of the content on this website is held by the contributing authors, except where stated elsewhere. See Copyright Statement. Creative Commons License