1 year ago

#366982

test-img

Peder Wessel

Login with CURL and x-auth

Need to do a CURL request to a site that requires login first

I'm unable to actually login, presumably because I'm not able to provide the X-AUTH token. I must be missing something but my understanding of the flow as per below (what occurs when I review network requests):

  1. Go to login page and obtain cookies https://nycidling.azurewebsites.net/login
  2. Do pre-flight OPTIONS request https://idlingapi.azurewebsites.net/api/users/login
  3. Login with POST request https://idlingapi.azurewebsites.net/api/users/login

The last step seems to require an X-AUTH token, but the point of logging in is to obtain it.. so I must be missing something basic...

If I don't provide the X-Auth token as part of the request the server has a 500 error message The given header was not found.

If I provide the X-Auth: token I get 401 Unauthorizedresponse as per below

HTTP/1.1 401 Unauthorized
Cache-Control: no-cache
Pragma: no-cache
Expires: -1
Server: Microsoft-IIS/10.0
WWW-Authenticate: X-Auth Access
Access-Control-Allow-Origin: https://nycidling.azurewebsites.net
X-AspNet-Version: 4.0.30319
Request-Context: appId=cid-v1:0cd212c4-7265-421c-88c6-635f41af2791
Access-Control-Expose-Headers: Request-Context
X-Powered-By: ASP.NET
Date: Sat, 02 Apr 2022 12:40:41 GMT
Content-Length: 0

What am I missing?

The intuitive part would be that you use the cookie from the GET request to provide as Bearer token during the POST request together with the username and password. But this does not seem to be the flow from the network tabs...

In short, how do I provide an X-AUTH token already prior to having logged in? What am I missing?

CODE

// Variables
$userAgent = 'User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.83 Safari/537.36';
$cookie = dirname(__FILE__) . '/cookies.txt';
$username = 'username';
$password = 'password'; // Has special characters if that matters..

// Settings for all curl requests
$ch = curl_init();
curl_setopt_array($ch, array(
    CURLOPT_RETURNTRANSFER => true,
    CURLOPT_COOKIEJAR => $cookie,
    CURLOPT_COOKIEFILE => $cookie,
    CURLOPT_VERBOSE => true,
));

// Get cookies from login site
$url = 'https://nycidling.azurewebsites.net/login';
curl_setopt_array($ch, array(
    CURLOPT_URL => $url,
    CURLOPT_HEADER => 1,
    CURLOPT_USERAGENT => $userAgent,
    // CURLOPT_COOKIESESSION => true,
));
$response = curl_exec($ch);
// curl_close($ch);

// Options method (login)
$url = 'https://idlingapi.azurewebsites.net/api/users/login';
$headers = array(
    "Accept: */*",
    "Accept-Encoding: gzip, deflate, br",
    "Accept-Language: en-US,en;q=0.9",
    "Access-Control-Request-Headers: authorization,x-auth",
    "Access-Control-Request-Method: POST",
    "Connection: keep-alive",
    "Host: idlingapi.azurewebsites.net",
    "Origin: https://nycidling.azurewebsites.net",
    "Referer: https://nycidling.azurewebsites.net/",
    "Sec-Fetch-Dest: empty",
    "Sec-Fetch-Mode: cors",
    "Sec-Fetch-Site: cross-site",
    "User-Agent: $userAgent",
);

curl_setopt_array($ch, array(
    CURLOPT_URL => $url,
    CURLOPT_CUSTOMREQUEST => 'OPTIONS',
    CURLOPT_HTTPHEADER => $headers,
));
$response = curl_exec($ch);
// dd($response);

// Login (with cookies from above)
$url = "https://idlingapi.azurewebsites.net/api/users/login"; 
$postFields['emailaddress1'] = urlencode($username);
$postFields['idc_password'] = urlencode($password);

$headers = array(
    "Accept: application/json, text/plain, */*",
    "Accept-Encoding: gzip, deflate, br",
    "Accept-Language: en-US,en;q=0.9",
    "Authorization: Bearer",
    "Connection: keep-alive",
    "Content-Length: 75",
    "Content-Type: application/json",
    "Host: idlingapi.azurewebsites.net",
    "Origin: https://nycidling.azurewebsites.net",
    "Referer: https://nycidling.azurewebsites.net/",
    'sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="99", "Google Chrome";v="99"',
    "sec-ch-ua-mobile: ?0",
    'sec-ch-ua-platform: "macOS"',
    "Sec-Fetch-Dest: empty",
    "Sec-Fetch-Mode: cors",
    "Sec-Fetch-Site: cross-site",
    "User-Agent: $userAgent",
    "X-Auth: c384bc21-2165-44ee-9353-2593532e2bcc:nLYROABzicqak8GKklq4IlOf1hJbXGDZ6NxLLdedrHE=:9772d6a8-9fed-4e8e-fc3d-1db1766b5adc:1648866676" // <== Where does this X-AUTH token get generated? It is also the response when logged in.. So how can it be obtained prior to login?
);

curl_setopt_array($ch, array(
    CURLOPT_URL => $url,
    CURLOPT_HTTPHEADER => $headers,
    CURLOPT_CUSTOMREQUEST => 'POST',
    CURLOPT_POST => true,
    CURLOPT_POSTFIELDS => $postFields,
    CURLOPT_FOLLOWLOCATION => true,
));
$response = curl_exec($ch);
curl_close($ch);
dd($response);

COOKIE FILE SEEMS TO STORE CORRECTLY*

#HttpOnly_.idlingapi.azurewebsites.net  TRUE    /   TRUE    0   ARRAffinitySameSite 3769bc7afaf737a4a03d956ebdfc5742c39a3f6232952e26cf18xxxxxxxxxxxx
#HttpOnly_.idlingapi.azurewebsites.net  TRUE    /   TRUE    0   ARRAffinity 3769bc7afaf737a4a03d956ebdfc5742c39a3f6232952e26cf18xxxxxxxxxxxx

Have reviewed multiple stackoverflow questions to try to figure out, but have not been successful so far

  1. how to login this web site by php curl?
  2. Login to page with curl in php and then visit link "logged in"
  3. Login to remote site with PHP cURL
  4. How to login in with Curl and SSL and cookies
  5. send request with x-auth-token in header php

curl

php-curl

bearer-token

0 Answers

Your Answer

Accepted video resources

Posts

Questions

Blogs

Jobs