curl / Mailing Lists / curl-users / Single Mail

curl-users

CURL 7.64.0

From: Pierre Brico <pierre.brico_at_gmail.com>
Date: Tue, 5 Mar 2019 15:51:34 +0100

 Hi all,

I've been using an old version of curl for a while without any issue. Here
is the version I used:

$ curl --version
curl 7.40.0 (i686-pc-mingw32) libcurl/7.40.0 OpenSSL/1.0.1k zlib/1.2.8
Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3
pop3s rtsp smb smbs smtp smtps telnet tftp
Features: Largefile NTLM SSL libz TLS-SRP

Now, I've recently upgraded my MSYS system to MSYS2. This new version of
MYSYS2 embeds curl in it's latest version 7.64.0. Here is the output of the
--version option:
$ curl --version
curl 7.64.0 (x86_64-pc-msys) libcurl/7.64.0 OpenSSL/1.1.1b zlib/1.2.11
brotli/1.0.7 libidn2/2.1.1 libpsl/0.20.2 (+libidn2/2.1.1) libssh2/1.8.0
nghttp2/1.36.0
Release-Date: 2019-02-06
Protocols: dict file ftp ftps gopher http https imap imaps pop3 pop3s rtsp
scp sftp smb smbs smtp smtps telnet tftp
Features: AsynchDNS Debug TrackMemory IDN IPv6 Largefile GSS-API Kerberos
SPNEGO NTLM NTLM_WB SSL libz brotli TLS-SRP HTTP2 UnixSockets HTTPS-proxy
PSL Metalink

My issue is related to the cookies usage. I've written a script which
emulates a simple user who logs into a web site and execute a certain
action. With curl version 7.40, everything was working as expected... With
the new version of curl, no cookie is sent when executing the POST.
I've searched the documentation but found no changes related to the cookie
engine. That's the reason why I've post my issue to this mailing list...

Here is a fragment of my script:

curl $CURL_OPTIONS -sSL -k -j -c cookies-out.txt -o $PAGE "
https://fronteo-keycloak-rmm:8443/auth/realms/fhome/protocol/openid-connect/auth?response_type=code&scope=aisp&client_id=$CLIENT_ID&state=12345&redirect_uri=http://localhost:8080
"
if [ $? -ne 0 ]; then
  echo "Couldn't get login page from Redhat SSO"
  exit 1
fi

mv cookies-out.txt cookies-in.txt
curl $CURL_OPTIONS -sS -k -b cookies-in.txt -c cookies-out.txt -X POST -o
$PAGE --data "username=XXXXX&password=YYYYYY" "
https://fronteo-keycloak-rmm:8443/auth/realms/fhome/protocol/openid-connect/auth?response_type=code&scope=aisp&client_id=$CLIENT_ID&state=12345&redirect_uri=http://localhost:8080
"
if [ $? -ne 0 ]; then
  echo "Couldn't post user/password to Redhat SSO"
  exit 2
fi

The first call to curl (GET) will start the session (get the cookies) and
the second call to curl (POST) will send credentials (with the cookies) to
continue the process.

Executing the script in DEBUG mode shows that cookies are ignored with the
latest version:

> POST
/auth/realms/fhome/login-actions/authenticate?session_code=anEjPMdR-9_Xl0t68_vDaT5yu6JoXAizauJ3rtrgcPw&execution=f65ccedb-cc7a-4f46-b386-f59408012698&client_id=XXXXXXXXXXXXX&tab_id=SwFAuhzueT0
HTTP/2
> Host: fronteo-keycloak-rmm:8443
> User-Agent: curl/7.64.0
> Accept: */*
> Content-Length: 27
> Content-Type: application/x-www-form-urlencoded
>

And this output of the old version:

> POST
/auth/realms/fhome/login-actions/authenticate?session_code=yRyjuGxKaOLa-628N1ZLQi4l39Yc1g7BcBa1EwTgJvo&execution=f65ccedb-cc7a-4f46-b386-f59408012698&client_id=
XXXXXXXXXXXXX&tab_id=episi_krhDY HTTP/1.1
> User-Agent: curl/7.40.0
> Host: fronteo-keycloak-rmm:8443
> Accept: */*
> Cookie:
AUTH_SESSION_ID=bd7a2b29-f09d-4950-adb4-733c2d2f8cfb.fronteo-keycloak-rmm;
KC_RESTART=eyJhbGciOiJIUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICIyOTNiZDllMy0wMDJlLTQ4OTYtYjg0Ny0xODdlMDkzNjdmZGQifQ.eyJjaWQiOiIzNDY2Njg3YS03ZTNmLTRjOGYtYjRhMy1iZjE1ZmIxMWFhYTQiLCJwdHkiOiJvcGVuaWQtY29ubmVjdCIsInJ1cmkiOiJodHRwOi8vbG9jYWxob3N0OjgwODAiLCJhY3QiOiJBVVRIRU5USUNBVEUiLCJub3RlcyI6eyJzY29wZSI6ImFpc3AiLCJpc3MiOiJodHRwczovL2Zyb250ZW8ta2V5Y2xvYWstcm1tOjg0NDMvYXV0aC9yZWFsbXMvZmhvbWUiLCJyZXNwb25zZV90eXBlIjoiY29kZSIsImNvZGVfY2hhbGxlbmdlX21ldGhvZCI6InBsYWluIiwicmVkaXJlY3RfdXJpIjoiaHR0cDovL2xvY2FsaG9zdDo4MDgwIiwic3RhdGUiOiIxMjM0NSJ9fQ.JhMJmSKLESr_flL3SRZgmaFw4T1e5ueg-1z9OEFoRX8
> Content-Length: 27
> Content-Type: application/x-www-form-urlencoded
>

The cookies file "cookies-out.txt" is created and I don't see any
differences between both execution.

Any idea ?

Thanks,
Pierre

-----------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-users
Etiquette: https://curl.haxx.se/mail/etiquette.html
Received on 2019-03-05