curl - 如何使用 curl 确认用户范围访问?
问题描述
我配置了一个授权服务器,我可以向它发送以下请求:
curl -i -H "Accept:application/json" -H "Content-Type: application/json" -H "Authorization:Bearer eyJhbGciOiJIUzUxMiJ9.eyJlbWFpbCI6Im1pdHRpcHJvdmVuY2VAeWFob28uc2UiLCJmdWxsbmFtZSI6IlN0ZXBoYW5lIEV5YmVydCIsInNjb3BlcyI6WyJST0xFX1VTRVIiXSwic3ViIjoibWl0dGlwcm92ZW5jZUB5YWhvby5zZSIsImlzcyI6Imh0dHA6Ly90aGFsYXNvZnQuY29tIiwiaWF0IjoxNTQxNTExMDg0LCJleHAiOjE1NDE1MTQ2ODR9.90fZX0wjd0YH4ooosjBNvzmYM3tsusULl5GyBYy8B9wEexW_tu2yBS8ZEIbotwqDUryZkPxXFt5qqJvOjiVVAQ" "http://localhost:8080/api/auth/authorize?client_id=ng-zero&redirect_uri=http%3A%2F%2Flocalhost%3A4200%2Fcallback&state=DCEeFWf45A53sdfKef424&response_type=code&scope=read_profile" -X POST
HTTP/1.1 200
Set-Cookie: JSESSIONID=1E87C912487850BE2DE6C71343C35E6E; Path=/api; HttpOnly
Cache-Control: no-store
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
X-Frame-Options: DENY
Content-Type: text/html;charset=UTF-8
Content-Language: en
Content-Length: 571
Date: Tue, 06 Nov 2018 14:20:15 GMT
<html><body><h1>OAuth Approval</h1><p>Do you authorize "ng-zero" to access your protected resources?</p><form id="confirmationForm" name="confirmationForm" action="/api/oauth/authorize" method="post"><input name="user_oauth_approval" value="true" type="hidden"/><label><input name="authorize" value="Authorize" type="submit"/></label></form><form id="denialForm" name="denialForm" action="/api/oauth/authorize" method="post"><input name="user_oauth_approval" value="false" type="hidden"/><label><input name="deny" value="Deny" type="submit"/></label></form></body></html>
现在我想验证该表单,即伪单击其Authorize按钮。
由此,我希望收到一个重定向到回调 url 的响应。
我尝试给它user_oauth_approval表单参数,但它没有帮助:
$ curl -i -H "Accept:application/json" -H "Content-Type: application/json" -H "Authorization:Bearer eyJhbGciOiJIUzUxMiJ9.eyJlbWFpbCI6Im1pdHRpcHJvdmVuY2VAeWFob28uc2UiLCJmdWxsbmFtZSI6IlN0ZXBoYW5lIEV5YmVydCIsInNjb3BlcyI6WyJST0xFX1VTRVIiXSwic3ViIjoibWl0dGlwcm92ZW5jZUB5YWhvby5zZSIsImlzcyI6Imh0dHA6Ly90aGFsYXNvZnQuY29tIiwiaWF0IjoxNTQxNTExMDg0LCJleHAiOjE1NDE1MTQ2ODR9.90fZX0wjd0YH4ooosjBNvzmYM3tsusULl5GyBYy8B9wEexW_tu2yBS8ZEIbotwqDUryZkPxXFt5qqJvOjiVVAQ" "http://localhost:8080/api/auth/authorize?client_id=ng-zero&redirect_uri=http%3A%2F%2Flocalhost%3A4200%2Fcallback&state=DCEeFWf45A53sdfKef424&response_type=code&scope=read_profile" -X POST -d "{ \"user_oauth_approval\" : \"true\" }"HTTP/1.1 200
Set-Cookie: JSESSIONID=BDB2B137C9A6E10B3E802A8AF9E705C8; Path=/api; HttpOnly
Cache-Control: no-store
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
X-Frame-Options: DENY
Content-Type: text/html;charset=UTF-8
Content-Language: en
Content-Length: 571
Date: Tue, 06 Nov 2018 14:15:59 GMT
<html><body><h1>OAuth Approval</h1><p>Do you authorize "ng-zero" to access your protected resources?</p><form id="confirmationForm" name="confirmationForm" action="/api/oauth/authorize" method="post"><input name="user_oauth_approval" value="true" type="hidden"/><label><input name="authorize" value="Authorize" type="submit"/></label></form><form id="denialForm" name="denialForm" action="/api/oauth/authorize" method="post"><input name="user_oauth_approval" value="false" type="hidden"/><label><input name="deny" value="Deny" type="submit"/></label></form></body></html>[stephane@stephane-ThinkPad-X201 user-rest (master)]
我尝试将JSESSIONIDcookie 传递给它,但它也没有帮助:
curl -i -H "Accept:application/json" -H "Content-Type: application/json" -H "Authorization:Bearer eyJhbGciOiJIUzUxMiJ9.eyJlbWFpbCI6Im1pdHRpcHJvdmVuY2VAeWFob28uc2UiLCJmdWxsbmFtZSI6IlN0ZXBoYW5lIEV5YmVydCIsInNjb3BlcyI6WyJST0xFX1VTRVIiXSwic3ViIjoibWl0dGlwcm92ZW5jZUB5YWhvby5zZSIsImlzcyI6Imh0dHA6Ly90aGFsYXNvZnQuY29tIiwiaWF0IjoxNTQxNTE5OTU5LCJleHAiOjE1NDE1MjM1NTl9.vcUtEhLDLF5vpeMofwQ9k2rKgZzo52l2nuCN7GZ04D4ZCMXpckS5mwEoROZ5CqucjoTJEDHg-CwSDH4HcM0Xtw" -H "Cookie: JSESSIONID=D7A7AE9A76C46AA49FA928979BEB5FF6" "http://localhost:8080/api/auth/authorize?client_id=ng-zero&redirect_uri=http%3A%2F%2Flocalhost%3A4200%2Fcallback&state=DCEeFWf45A53sdfKef424&response_type=code&scope=read_profile" -X POST -d "{ \"user_oauth_approval\" : \"true\" }"
HTTP/1.1 200
Set-Cookie: JSESSIONID=43D30521A2C3F8EF66D0F5B655DEFAF5; Path=/api; HttpOnly
Cache-Control: no-store
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
X-Frame-Options: DENY
Content-Type: text/html;charset=UTF-8
Content-Language: en
Content-Length: 571
Date: Tue, 06 Nov 2018 16:01:21 GMT
<html><body><h1>OAuth Approval</h1><p>Do you authorize "ng-zero" to access your protected resources?</p><form id="confirmationForm" name="confirmationForm" action="/api/oauth/authorize" method="post"><input name="user_oauth_approval" value="true" type="hidden"/><label><input name="authorize" value="Authorize" type="submit"/></label></form><form id="denialForm" name="denialForm" action="/api/oauth/authorize" method="post"><input name="user_oauth_approval" value="false" type="hidden"/><label><input name="deny" value="Deny" type="submit"/></label></form></body></html>
我还尝试添加提交元素数据:
curl -i -H "Accept:application/json" -H "Content-Type: application/json" -H "Authorization:Bearer eyJhbGciOiJIUzUxMiJ9.eyJlbWFpbCI6Im1pdHRpcHJvdmVuY2VAeWFob28uc2UiLCJmdWxsbmFtZSI6IlN0ZXBoYW5lIEV5YmVydCIsInNjb3BlcyI6WyJST0xFX1VTRVIiXSwic3ViIjoibWl0dGlwcm92ZW5jZUB5YWhvby5zZSIsImlzcyI6Imh0dHA6Ly90aGFsYXNvZnQuY29tIiwiaWF0IjoxNTQxNTE5OTU5LCJleHAiOjE1NDE1MjM1NTl9.vcUtEhLDLF5vpeMofwQ9k2rKgZzo52l2nuCN7GZ04D4ZCMXpckS5mwEoROZ5CqucjoTJEDHg-CwSDH4HcM0Xtw" -H "Cookie: JSESSIONID=D7A7AE9A76C46AA49FA928979BEB5FF6" "http://localhost:8080/api/auth/authorize?client_id=ng-zero&redirect_uri=http%3A%2F%2Flocalhost%3A4200%2Fcallback&state=DCEeFWf45A53sdfKef424&response_type=code&scope=read_profile" -X POST -d "{ \"user_oauth_approval\" : \"true\", \"authorize\" : \"Authorize\" }"
但它仍然是相同的响应。
我也尝试过使用 httpie 请求:
$ http -f POST http://localhost:8080/api/auth/authorize client_id=="ng-zero" redirect_uri=="http://localhost:4200/callback" state=="DCEeFWf45A53sdfKef424" response_type=="code" scope=="read_profile" "Accept:application/json" "Content-Type:application/json" "Authorization:Bearer $TOKEN" "Cookie:JSESSIONID=8D6D0C673961FB6DDB5F94DB1AC93EC7; Path=/api; HttpOnly" user_oauth_approval="true" authorize="Authorize"
HTTP/1.1 200
Cache-Control: no-store
Content-Language: en
Content-Length: 571
Content-Type: text/html;charset=UTF-8
Date: Wed, 07 Nov 2018 13:53:23 GMT
Set-Cookie: JSESSIONID=5CB863D4C5F594E05D9E0C5422DE3B9A; Path=/api; HttpOnly
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-XSS-Protection: 1; mode=block
<html><body><h1>OAuth Approval</h1><p>Do you authorize "ng-zero" to access your protected resources?</p><form id="confirmationForm" name="confirmationForm" action="/api/oauth/authorize" method="post"><input name="user_oauth_approval" value="true" type="hidden"/><label><input name="authorize" value="Authorize" type="submit"/></label></form><form id="denialForm" name="denialForm" action="/api/oauth/authorize" method="post"><input name="user_oauth_approval" value="false" type="hidden"/><label><input name="deny" value="Deny" type="submit"/></label></form></body></html>
但这是同一个问题。
提供JSESSIONID前一个请求的值不会提交表单而是再次显示它。
我怎样才能curl再次使用提交此表格?
解决方案
推荐阅读
- azure-functions - 我无法从 python(Azure 函数)发送电子邮件(smtp.office365.com/587)
- javascript - 在对象数组中调用对象
- android - 在后台运行的服务应用程序
- java - 服务器从窗口和 linux 上的数据库返回不同的响应
- python - Numpy 连接中的内存错误 (np.concatenate)
- google-cloud-platform - 如何在谷歌云 sql 上下载 postgres 数据库的架构?
- python - 如何将熊猫数据框中的字符串转换为浮点数或整数
- java - SpringBoot中多个UnicastProcessor之间的消息传递
- database - MongoDB 从每个组中采样特定时间
- angular - 在 inetllij idea 中使用 Karma 运行 Angular 测试