[SOLVED] HTTP/1.1 401 Permission denied - invalid csrf token - CLI

A

AlexFatta

New Member
Sep 14, 2020
4
0
1
24
Hi guys,

I'm trying to create a script to automatically create a VM. I'm using the PVE API to do it. I get a PVE cookie but if I try to use it, I have the following error : HTTP/1.1 401 Permission denied - invalid csrf token.

This is the script I created :

Bash: 
#echo "Adresse IP : $2"
#echo "Macaddress : $3"
#echo "Hostname : $4"

export NEWID

if [ $1 == 'auth' ]
then

    export NEWID=$2

    echo "- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -"

    echo "Requesting an authorization cookie..."

    echo > cookie

    curl -k -d "username=USER@pam&password=PASSWORD" https://DOMAIN:8006/api2/json/access/ticket | jq --raw-output '.data.ticket' > cookie | sed 's/^/PVEAuthCookie=/' > cookie

    echo "Cookie requested !"
    cat cookie

    echo " "
    echo "- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -"
    echo "Requesting CSRFPreventionToken...."

    echo > csrftoken

    curl -k -d "username=USER@pam&password=PASSWORD" https://DOMAIN:8006/api2/json/access/ticket | jq --raw-output '.data.CSRFPreventionToken' | sed 's/^/CSRFPreventionToken:/' > csrftoken

    echo "CSRFPreventionToken requested !"
    cat csrftoken

    echo " "
    echo "- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -"
    echo "Informations : "
    curl  --insecure --cookie "$(<cookie)" https://DOMAIN:8006/api2/json/nodes/NODE/qemu/status | jq '.'

else
    export NEWID=$1
fi

echo "Requesting with following parameters :"
echo "Nouvel ID : $1"


echo " "
echo "- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -"
echo "Informations : "
curl  --insecure --cookie "$(<cookie)" https://DOMAIN:8006/api2/json/nodes/NODE/qemu/status | jq '.'

echo " "
echo "- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -"

curl -v -k --cookie "PVEAuthCookie=$(<cookie)" --header "CSRFPreventionToken=$(<csrftoken)" -X POST \
--data name:"VM-Test"\
--data newid:"$NEWID"\
--date node:"NODE"\
https://DOMAIN:8006/api2/json/nodes/NODE/qemu/1000/clone

For the moment, I just want to have a connection to my PVE. Afte, I'll create the part to clone the template and edit the new VM.

Just to be clear, I have to create a token ID ? That's correct ?

If someone have an idea, I'm listening to you !

Thanks everyone,

Alex
 
Hello !

Good news. I identified the problem. I'll explain it here for the next people. (I didn't use your topic sorry ^^' )

I followed the official Proxmox's documentation, but I meant problems with it. First of all, this part :Capture d’écran, le 2020-09-15 à 16.03.44.png

I did it. So each time, I made two request. One for the cookie and one for the CSRF. The problem is, each request return a pair of cookie and CSRF Token. So your CSRF can't be verified with your cookie (first request). So I saved the result of the request in a file and export the values in my cookie and csrftoken files :
Bash: 
echo "- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -"

    echo "Requesting an authorization cookie..."

    echo > cookie

    curl -k -d "username=USER@pam&password=PASSWORD" https://DOMAIN:8006/api2/json/access/ticket > json_result

    cat json_result | jq --raw-output '.data.ticket' | sed 's/^/PVEAuthCookie=/' > cookie

    echo "Cookie requested !"
    cat cookie

    echo "Requesting CSRFPreventionToken...."

    echo > csrftoken

    cat json_result | jq --raw-output '.data.CSRFPreventionToken' | sed 's/^/CSRFPreventionToken:/' > csrftoken

    echo "CSRFPreventionToken requested !"
    cat csrftoken

Now, the problem of the "HTTP/1.1.401 Invalid CSRF Token" message is solved !

Just a few informations for curl's datas, you don't have to specify the values you entered in the url (in my case VMID and NODE). I used this for my final curl request :

Code: 
curl -v -k --cookie "$(<cookie)" -H "$(<csrftoken)" \
--data-urlencode "newid=$NEWID" \
--data-urlencode "name=$NEWNAME" \
https://DOMAIN:8006/api2/json/nodes/NODE/qemu/VMID/clone | jq

Thanks a lot,

Alex
 
Last edited:
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back