rest api

115 views
Skip to first unread message

Drew Pierce

unread,
Mar 9, 2016, 6:24:13 PM3/9/16
to webpasswordsafe
I'm trying to use the rest api and in the documentation it says that we can do a curl call but it doesn't look like Tomcat likes the curl request.  Any help or pointers in debugging would help.
-Drew

When running the following I'm getting a 400 error.
curl -v -H "X-WPS-Username: username" -H 'X-WPS-Password: password' http://host:8080/wps/rest/passwords?query=test

< HTTP/1.1 400 Bad Request

< Server: Apache-Coyote/1.1

< Content-Security-Policy: default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; connect-src 'self'; img-src 'self' data:; frame-src 'self'; style-src 'self' 'unsafe-inline'

< X-WebKit-CSP: default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; connect-src 'self'; img-src 'self' data:; frame-src 'self'; style-src 'self' 'unsafe-inline'

< X-Content-Security-Policy: default-src 'self' data:; img-src 'self' data:; options inline-script eval-script

< Content-Type: text/html;charset=utf-8

< Content-Language: en

< Content-Length: 968

< Date: Wed, 09 Mar 2016 23:11:39 GMT

< Connection: close

* Closing connection 0

HTTP Status 400 -

type Status report

message

description The request sent by the client was syntactically incorrect.

Apache Tomcat/7.0.47


Gordon Tetlow

unread,
Mar 9, 2016, 8:24:15 PM3/9/16
to Drew Pierce, webpasswordsafe
The default implementation for the REST API requires the TOTP header as well, even if it isn't used:
curl -v -H "X-WPS-Username: username" -H 'X-WPS-Password: password' -D 'X-WPS-TOTP: 123456' http://host:8080/wps/rest/passwords?query=test

I've got a fix in github for it if you are interested:

Regards,
Gordon

--
You received this message because you are subscribed to the Google Groups "webpasswordsafe" group.
To unsubscribe from this group and stop receiving emails from it, send an email to webpasswordsa...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Drew Pierce

unread,
Mar 10, 2016, 1:25:17 AM3/10/16
to webpasswordsafe, dr...@drewart.com
Thanks Gordon,
I was able to turn on debug and was seeing 'X-WPS-TOTP' missing but didn't know what that was until I saw 1.3 release notes the figured out the "two step Verification" and figured deduced it was a kind of like a token that needed to be passed.
-Drew

Gordon Tetlow

unread,
Mar 10, 2016, 10:18:16 AM3/10/16
to Drew Pierce, webpasswordsafe
To be clear, if you aren't using the TOTP plugin, you can just pass any bogus value.

Gordon
Reply all
Reply to author
Forward
0 new messages