Replicate this curl post

General
1

I'm trying to login to a server, the following curl command works

curl --insecure --request POST "https://IP:PORT/login" --form "username=user" --form "password=pass"

If I try to replicate this with Node-RED using

msg.payload = { username: "user", password: "pass" };
msg.headers = {'content-type':'application/x-www-form-urlencoded'};
return msg;

I'm using the HTTP request function node, it's set to POST, I've configured the SSL/TLS certificates. But I get an 'unauthorized' message from the server. I can replicate this 'unauthorized' message with curl if, for example, I change the login details to something invalid.

curl --insecure --request POST "https://IP:PORT/login" --form "username=user" --form "password=wrongpass"

returns 'unauthorized' from the server

I also get the same response if I use "multipart/form-data" for the header.

What am I missing to replicate the curl command?

2

Can you post the whole message debug from the request?

How exactly is the data body looking in the response?

Anything in Debug or the Console?

3

I'm using node-red 0.19.3 on RPi if that makes any difference.
The full message debug looks like

_msgid: "c20f6921.631e28"
topic: ""
payload: "unauthorized↵"
headers: object
server: "nginx/1.17.7"
date: "Thu, 20 Feb 2020 20:36:34 GMT"
content-type: "text/plain; charset=utf-8"
content-length: "13"
connection: "close"
x-content-type-options: "nosniff"
strict-transport-security: "max-age=31536000;"
x-node-red-request-node: "20a71027"
statusCode: 401

4

This is going to sound silly but I'm just thinking out loud...

Try and initialise a new object with the body then pass that as the payload?

let headerObject = {'content-type':'application/x-www-form-urlencoded'};
let bodyObject = { username: "user", password: "pass" };
let newmsg = { headers: headerObject, payload: bodyObject };
return newmsg

Just in case it's something to do with the object cloning?

5

no luck, still get the 'unauthorized' message...
curl command still works fine.

6

Hmm - can you change the debug level to trace in settings.js then get us a full output of the console log?

Can you screenshot the setup of the HTTP request settings too?

7

20 Feb 21:54:13 - [trace] runtime event: {"id":"runtime-state","retain":true}
20 Feb 21:54:13 - [trace] runtime event: {"id":"runtime-deploy","payload":{"revision":"4f3162d66a107a10a0dc91d86dfc0adc"},"retain":true}
20 Feb 21:54:13 - [info] Starting flows
20 Feb 21:54:13 - [debug] red/nodes/flows.start : starting flow : global
20 Feb 21:54:13 - [debug] red/nodes/flows.start : starting flow : b6263066.0ae12
20 Feb 21:54:13 - [trace] [flow:global] start flow
20 Feb 21:54:13 - [trace] [flow:global] ------------------|--------------|-----------------
20 Feb 21:54:13 - [trace] [flow:global] id | type | alias
20 Feb 21:54:13 - [trace] [flow:global] ------------------|--------------|-----------------
20 Feb 21:54:13 - [trace] [flow:global] b8131fa3.0b165 | tls-config |
20 Feb 21:54:13 - [trace] [flow:global] ------------------|--------------|-----------------
20 Feb 21:54:13 - [trace] [flow:b6263066.0ae12] start flow
20 Feb 21:54:13 - [trace] [flow:b6263066.0ae12] ------------------|--------------|-----------------
20 Feb 21:54:13 - [trace] [flow:b6263066.0ae12] id | type | alias
20 Feb 21:54:13 - [trace] [flow:b6263066.0ae12] ------------------|--------------|-----------------
20 Feb 21:54:13 - [trace] [flow:b6263066.0ae12] eda0f865.9a64f8 | http request |
20 Feb 21:54:13 - [trace] [flow:b6263066.0ae12] 1315f340.2a058d | function |
20 Feb 21:54:13 - [trace] [flow:b6263066.0ae12] b34d3406.aa03c8 | inject |
20 Feb 21:54:13 - [trace] [flow:b6263066.0ae12] 4bf05c2d.b856f4 | debug |
20 Feb 21:54:13 - [trace] [flow:b6263066.0ae12] 3558d5c3.9914ca | debug |
20 Feb 21:54:13 - [trace] [flow:b6263066.0ae12] ------------------|--------------|-----------------
20 Feb 21:54:13 - [trace] runtime event: {"id":"runtime-state","retain":true}
20 Feb 21:54:13 - [info] Started flows
20 Feb 21:54:13 - [audit] {"event":"comms.open","level":98,"timestamp":1582235653572}
20 Feb 21:54:13 - [trace] comms.open I5fPOrqeyPzcO7mXxKEiE3Hv9o5o1Eig
20 Feb 21:54:22 - [metric] {"level":99,"nodeid":"b34d3406.aa03c8","event":"node.inject.receive","msgid":"c4b5dd99.95a43","timestamp":1582235662999}
20 Feb 21:54:23 - [metric] {"level":99,"nodeid":"b34d3406.aa03c8","event":"node.inject.send","msgid":"c4b5dd99.95a43","timestamp":1582235663020}
20 Feb 21:54:23 - [metric] {"level":99,"nodeid":"1315f340.2a058d","event":"node.function.receive","msgid":"c4b5dd99.95a43","timestamp":1582235663021}
20 Feb 21:54:23 - [metric] {"level":99,"nodeid":"1315f340.2a058d","event":"node.function.send","msgid":"c4b5dd99.95a43","timestamp":1582235663025}
20 Feb 21:54:23 - [metric] {"level":99,"nodeid":"eda0f865.9a64f8","event":"node.http request.receive","msgid":"c4b5dd99.95a43","timestamp":1582235663025}
20 Feb 21:54:23 - [metric] {"level":99,"nodeid":"3558d5c3.9914ca","event":"node.debug.receive","msgid":"c4b5dd99.95a43","timestamp":1582235663026}
20 Feb 21:54:23 - [metric] {"level":99,"nodeid":"1315f340.2a058d","event":"node.function.duration","msgid":"c4b5dd99.95a43","value":3.98,"timestamp":1582235663027} 20 Feb 21:54:23 - [metric] {"level":99,"nodeid":"eda0f865.9a64f8","event":"node.http request.duration.millis","msgid":"c4b5dd99.95a43","value":"210.636","timestamp":1582235663241}
20 Feb 21:54:23 - [metric] {"level":99,"nodeid":"eda0f865.9a64f8","event":"node.http request.size.bytes","msgid":"c4b5dd99.95a43","value":260,"timestamp":1582235663241}
20 Feb 21:54:23 - [metric] {"level":99,"nodeid":"eda0f865.9a64f8","event":"node.http request.send","msgid":"c4b5dd99.95a43","timestamp":1582235663242}
20 Feb 21:54:23 - [metric] {"level":99,"nodeid":"4bf05c2d.b856f4","event":"node.debug.receive","msgid":"c4b5dd99.95a43","timestamp":1582235663242}
20 Feb 21:54:26 - [metric] {"level":99,"event":"runtime.memory.rss","value":60993536,"timestamp":1582235666566}
20 Feb 21:54:26 - [metric] {"level":99,"event":"runtime.memory.heapTotal","value":20738048,"timestamp":1582235666566}
20 Feb 21:54:26 - [metric] {"level":99,"event":"runtime.memory.heapUsed","value":18586432,"timestamp":1582235666567}
20 Feb 21:54:41 - [metric] {"level":99,"event":"runtime.memory.rss","value":60329984,"timestamp":1582235681590}
20 Feb 21:54:41 - [metric] {"level":99,"event":"runtime.memory.heapTotal","value":20475904,"timestamp":1582235681591}
20 Feb 21:54:41 - [metric] {"level":99,"event":"runtime.memory.heapUsed","value":17733764,"timestamp":1582235681591}

8

1014×845 64.3 KB

obviously the url is actually set correctly but it's not a public server so i've hidden it for now

9

Can you temporarily try accessing over http instead of https in case it's something to do with the TLS configuration?

Or make another endpoint on the API you're trying to reach accessible without authentication?

Nothing I've seen so far is jumping out at me - all seems to be correct!

Can you send the output of the request to a function node and JSON stringify the entire object then log that?

10

yeah there's something funky going on...
http://IP:8080/login2/
works in node-red

11

Trailing slashes redirected?

Try it with the / after /login?

TLS/SSL settings not working - how's that all set up?

12

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.