[SOLVED] HTTP/1.1 401 Permission denied - invalid csrf token - CLI

[AlexFatta]

Hi guys,

I'm trying to create a script to automatically create a VM. I'm using the PVE API to do it. I get a PVE cookie but if I try to use it, I have the following error : HTTP/1.1 401 Permission denied - invalid csrf token.

This is the script I created :

#echo "Adresse IP : $2"
#echo "Macaddress : $3"
#echo "Hostname : $4"

export NEWID

if [ $1 == 'auth' ]
then

    export NEWID=$2

    echo "- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -"

    echo "Requesting an authorization cookie..."

    echo > cookie

    curl -k -d "username=USER@pam&password=PASSWORD" https://DOMAIN:8006/api2/json/access/ticket | jq --raw-output '.data.ticket' > cookie | sed 's/^/PVEAuthCookie=/' > cookie

    echo "Cookie requested !"
    cat cookie

    echo " "
    echo "- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -"
    echo "Requesting CSRFPreventionToken...."

    echo > csrftoken

    curl -k -d "username=USER@pam&password=PASSWORD" https://DOMAIN:8006/api2/json/access/ticket | jq --raw-output '.data.CSRFPreventionToken' | sed 's/^/CSRFPreventionToken:/' > csrftoken

    echo "CSRFPreventionToken requested !"
    cat csrftoken

    echo " "
    echo "- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -"
    echo "Informations : "
    curl  --insecure --cookie "$(<cookie)" https://DOMAIN:8006/api2/json/nodes/NODE/qemu/status | jq '.'

else
    export NEWID=$1
fi

echo "Requesting with following parameters :"
echo "Nouvel ID : $1"


echo " "
echo "- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -"
echo "Informations : "
curl  --insecure --cookie "$(<cookie)" https://DOMAIN:8006/api2/json/nodes/NODE/qemu/status | jq '.'

echo " "
echo "- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -"

curl -v -k --cookie "PVEAuthCookie=$(<cookie)" --header "CSRFPreventionToken=$(<csrftoken)" -X POST \
--data name:"VM-Test"\
--data newid:"$NEWID"\
--date node:"NODE"\
https://DOMAIN:8006/api2/json/nodes/NODE/qemu/1000/clone

For the moment, I just want to have a connection to my PVE. Afte, I'll create the part to clone the template and edit the new VM.

Just to be clear, I have to create a token ID ? That's correct ?

If someone have an idea, I'm listening to you !

Thanks everyone,

Alex

 

[r.jochum]

Have a look at https://forum.proxmox.com/threads/working-with-api-getting-401-no-ticket.75108/#post-334658

 

[AlexFatta]

Hello !

Good news. I identified the problem. I'll explain it here for the next people. (I didn't use your topic sorry ^^' )

I followed the official Proxmox's documentation, but I meant problems with it. First of all, this part :

I did it. So each time, I made two request. One for the cookie and one for the CSRF. The problem is, each request return a pair of cookie and CSRF Token. So your CSRF can't be verified with your cookie (first request). So I saved the result of the request in a file and export the values in my cookie and csrftoken files :

echo "- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -"

    echo "Requesting an authorization cookie..."

    echo > cookie

    curl -k -d "username=USER@pam&password=PASSWORD" https://DOMAIN:8006/api2/json/access/ticket > json_result

    cat json_result | jq --raw-output '.data.ticket' | sed 's/^/PVEAuthCookie=/' > cookie

    echo "Cookie requested !"
    cat cookie

    echo "Requesting CSRFPreventionToken...."

    echo > csrftoken

    cat json_result | jq --raw-output '.data.CSRFPreventionToken' | sed 's/^/CSRFPreventionToken:/' > csrftoken

    echo "CSRFPreventionToken requested !"
    cat csrftoken

Now, the problem of the "HTTP/1.1.401 Invalid CSRF Token" message is solved !

Just a few informations for curl's datas, you don't have to specify the values you entered in the url (in my case VMID and NODE). I used this for my final curl request :

curl -v -k --cookie "$(<cookie)" -H "$(<csrftoken)" \
--data-urlencode "newid=$NEWID" \
--data-urlencode "name=$NEWNAME" \
https://DOMAIN:8006/api2/json/nodes/NODE/qemu/VMID/clone | jq

Thanks a lot,

Alex