|
Created on 2008-11-11.05:00:37 by twb, last changed 2009-08-27.14:17:14 by admin.
msg6649 (view) |
Author: twb |
Date: 2008-11-11.05:00:35 |
|
It appears that wiki.darcs.net currently does not allow anonymous
edits:
$ editmoin http://wiki.darcs.net/index.html/TrentBuck
You are not allowed to edit this page.
error: body information not found
Therefore, I have created an account using w3m. Instead of giving
editmoin my username and password and having *it* perform the login
step, I apparently have to give it a session cookie.
Therefore, I am attempting to log in with curl so as to generate a
session cookie. Apart from the fact that I don't know how to extract
session cookies from w3m, this is useful because cookies expire daily
(which I approve of), and therefore I will need to re-create this
session cookie each time I use editmoin.
Where my password is stored (without a trailing newline) in
~/.darcs-wiki.secret,
$ u=http://wiki.darcs.net/index.html/UserPreferences
$ f=~/.darcs-wiki.secret
$ curl $u -F name=TrentBuck -F password=@$f
You are not allowed to access this!
It appears that wiki.darcs.net has blacklisted curl users. Therefore,
I spoof User-Agent accordingly:
$ a='W3C standards are important. Stop fucking obsessing over user-agent already.'
$ curl $u -A "$a" -F name=TrentBuck -F password=@$f
This results in an HTML page that is *not* logged in. You can render
it thusly:
$ curl -s $u -A "$a" -F name=TrentBuck -F password=@$f |
> w3m -dump -T text/html
|
msg6651 (view) |
Author: twb |
Date: 2008-11-11.07:12:49 |
|
On Mon, Nov 10, 2008 at 06:00:35PM +0000, trentbuck@gmail.com wrote:
> $ curl $u -A "$a" -F name=TrentBuck -F password=@$f
This works if I add -F login=Login.
It appears that because moinmoin (naughtily) displays multiple forms
on a single page, it kludgily checks the value of the submit button to
work out WHICH form it is responding to.
A complete script to extract the session ID is thus
#!/bin/sh -ev
f=~/.darcs-wiki.secret
curl -s -o /dev/null -c - \
http://wiki.darcs.net/index.html \
-A 'W3C standards are important. Stop fucking obsessing over user-agent already.' \
-F login=Login -F name=TrentBuck -F password=@$f |
sed -n \$p | cut -d"$(printf \\t)" -f7
I will now attempt to implement this directly in editmoin, so that it
can just get a password from ~/.netrc like any other utility that
deals with pointless and insecure passwords.
See also: http://bugs.debian.org/505257
|
|
Date |
User |
Action |
Args |
2008-11-11 05:00:37 | twb | create | |
2008-11-11 07:12:51 | twb | set | status: unread -> resolved nosy:
kowey, dagit, simon, twb, thorkilnaur, dmitry.kurochkin messages:
+ msg6651 |
2009-04-22 02:36:06 | twb | set | priority: wishlist nosy:
kowey, dagit, simon, twb, thorkilnaur, dmitry.kurochkin |
2009-08-10 23:51:20 | admin | set | nosy:
- dagit |
2009-08-25 17:34:18 | admin | set | nosy:
+ darcs-devel, - simon |
2009-08-27 14:17:14 | admin | set | nosy:
kowey, darcs-devel, twb, thorkilnaur, dmitry.kurochkin |
|