使用cURL使用用户名和密码登录到Gitlab [英] Login to Gitlab with username and password using cURL
问题描述
要针对Docker中的Gitlab实例测试命令行工具,我想使用用户名和密码登录到Gitlab,并抓住创建的会话来验证我的API请求。
For testing a command line tool against a Gitlab instance in Docker, I would like to login to Gitlab using username and password and grab the created session to authenticate my API requests.
因此我要执行以下操作:
Therefore I do the following:
- 使用
curl -i http://来卷曲用户登录页面本地主机:8080 / users / sign_in -s
- 从标题中获取
_gitlab_session
- 从登录表单中获取
authenticity_token
- 使用第二个卷曲请求
- curl the user login page with
curl -i http://localhost:8080/users/sign_in -s
- get me the
_gitlab_session
from the headers - get me the
authenticity_token
from the login form - send a second curl request with
curl 'http://localhost:8080/users/sign_in' \
-H "_gitlab_session=${cookie}" \
-H 'Origin: http://localhost:8080' \
-H 'Content-Type: application/x-www-form-urlencoded' \
-H 'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8' \
-H 'Referer: http://localhost:8080/users/sign_in' \
-H 'Connection: keep-alive' \
--data-urlencode "authenticity_token=${token}" \
--data-urlencode "user[login]=root" \
--data-urlencode "user[password]=12341234" \
--data-urlencode "user[remember_me]=0"
但我没有获得有效的用户登录名,而是获得
But instead of a valid user login, I get a
422 - The change you requested was rejected.
在日志文件中,我看到了
And in the logfiles, I see
==> gitlab-rails/production.log <==
Started POST "/users/sign_in" for 172.17.0.1 at 2017-12-23 00:22:16 +0000
Processing by SessionsController#create as HTML
Parameters: {"authenticity_token"=>"[FILTERED]", "user"=>{"login"=>"root", "password"=>"[FILTERED]", "remember_me"=>"0"}}
Can't verify CSRF token authenticity
Completed 422 Unprocessable Entity in 125ms (ActiveRecord: 7.8ms)
==> gitlab-rails/production_json.log <==
{"method":"POST","path":"/users/sign_in","format":"html","controller":"SessionsController",
"action":"create","status":422,"error":"
ActionController::InvalidAuthenticityToken:ActionController::InvalidAuthenticityToken",
"duration":126.29,"view":0.0,"db":7.78,"time":"2017-12-23T00:22:16.039Z",
"params":{"authenticity_token":"[FILTERED]","user":{"login":"root","password":"
[FILTERED]","remember_me":"0"}},"remote_ip":"172.17.0.1",
"user_id":1,"username":"root"}
==> gitlab-rails/production.log <==
ActionController::InvalidAuthenticityToken (ActionController::InvalidAuthenticityToken):
lib/gitlab/middleware/multipart.rb:93:in `call'
lib/gitlab/request_profiler/middleware.rb:14:in `call'
lib/gitlab/middleware/go.rb:18:in `call'
lib/gitlab/etag_caching/middleware.rb:11:in `call'
lib/gitlab/middleware/read_only.rb:31:in `call'
lib/gitlab/request_context.rb:18:in `call'
lib/gitlab/metrics/requests_rack_middleware.rb:27:in `call'
我忘了在第二个请求中传递必要的成分-但我不知道是哪个。
I assume that I forgot to pass a necessary ingredient in the second request - but I can't figure out, which one.
推荐答案
通过其他答案和评论的有用提示,我终于想到了以下解决方案:
With some helpful tips by other answers and comments, I finally came up with this solution:
gitlab_host="http://localhost:8080"
gitlab_user="root"
gitlab_password="12341234"
# curl for the login page to get a session cookie and the sources with the auth tokens
body_header=$(curl -c cookies.txt -i "${gitlab_host}/users/sign_in" -s)
# grep the auth token for the user login for
# not sure whether another token on the page will work, too - there are 3 of them
csrf_token=$(echo $body_header | perl -ne 'print "$1\n" if /new_user.*?authenticity_token"[[:blank:]]value="(.+?)"/' | sed -n 1p)
# send login credentials with curl, using cookies and token from previous request
curl -b cookies.txt -c cookies.txt -i "${gitlab_host}/users/sign_in" \
--data "user[login]=${gitlab_user}&user[password]=${gitlab_password}" \
--data-urlencode "authenticity_token=${csrf_token}"
# send curl GET request to personal access token page to get auth token
body_header=$(curl -H 'user-agent: curl' -b cookies.txt -i "${gitlab_host}/profile/personal_access_tokens" -s)
csrf_token=$(echo $body_header | perl -ne 'print "$1\n" if /authenticity_token"[[:blank:]]value="(.+?)"/' | sed -n 1p)
# curl POST request to send the "generate personal access token form"
# the response will be a redirect, so we have to follow using `-L`
body_header=$(curl -L -b cookies.txt "${gitlab_host}/profile/personal_access_tokens" \
--data-urlencode "authenticity_token=${csrf_token}" \
--data 'personal_access_token[name]=golab-generated&personal_access_token[expires_at]=&personal_access_token[scopes][]=api')
# Scrape the personal access token from the response HTML
personal_access_token=$(echo $body_header | perl -ne 'print "$1\n" if /created-personal-access-token"[[:blank:]]value="(.+?)"/' | sed -n 1p)
根据 GitLab API文档,您现在可以使用会话cookie来验证API请求:
According to the GitLab API documentation you can now use the session cookie to authenticate API requests:
curl --header "Private-Token: ${personal_access_token}" https://gitlab.example.com/api/v4/projects
一些提示:
- 我首先对
curl感到困惑- c文件
(从标头读取cookie并将其写入文件)与curl -b文件
(在文件头中使用cookie)文件并随请求发送给他们) - 很遗憾,我找不到与
sed
一起使用的正则表达式,因此我必须使用perl
此处。 - 在Chrome中使用开发者控制台并将
POST
请求复制为curl命令非常他lpful: https:// www.alexkras.com/copy-any-api-call-as-curl-request-with-chrome-developer-tools/
- I first got confused with the
curl -c file
(which reads cookies from the headers and writes them to the file) vs. thecurl -b file
(which uses the cookies in the file and sends them with the request) - Unfortunately I did not find a regex that worked with
sed
so I have to useperl
here. - Using the developer console in Chrome and copying a
POST
request as curl command was very helpful: https://www.alexkras.com/copy-any-api-call-as-curl-request-with-chrome-developer-tools/
这篇关于使用cURL使用用户名和密码登录到Gitlab的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!