Hi all!
I’m trying to create a resource via API and I’m having a problem with the authentication for the POST operation.
I’m using the 3.8.1-1-ce version of Passbolt and the http client I’m currently using is curl.
Following the instructions at Passbolt Help | Authentication in passbolt, I successfully execute the login (getting a 200 response with the header X-GPGAuth-Authenticated = true and a perefct body response)
Then, I perform a call to “/users/me.json” (a call to “/” results the same) in order to retrieve de csrfToken. So far so good.
Then, I try a POST call to “/resources.json” in order to create a new resource, including the csrfToken both in the header and as a cookie, as well as the passbolt_session as another cookie. With this operation, I’m getting a 401 error “Authentication is required to continue”.
I’ve created a new resource for the same user using the web portal and it works ok.
Any GET operation I’ve tried with the API executes successfully. I can retrieve the user profile (GET /users/me.json), the resources associated to the user (GET /resources.json) and also the groups realated to the user (GET /groups.json). But I can´t perform any other operation, for example, I couldn’t delete (DELETE /resources/{resourceId}.json) the resource that I created via web portal. I’m always getting a 401 error.
An example of the latter call:
+ curl -L -s -X DELETE 'https://myserver/resources/3e2d6c4a-678e-402f-8726-e46be844d7f5.json' -b 'passbolt_session=leftrr1d82igo8v108qushuse6' -b 'csrfToken=5f56f5ffc26dfb73ec5f70ebf6f4d30bb5a3503556a9c3c0b421461cc542ea47dd3560c2323138c63e7bac264ba56db6308079fafdea77cbc9d8b468ba5ab387' -H 'X-CSRF-Token: 5f56f5ffc26dfb73ec5f70ebf6f4d30bb5a3503556a9c3c0b421461cc542ea47dd3560c2323138c63e7bac264ba56db6308079fafdea77cbc9d8b468ba5ab387'
HTTP/1.1 401 Unauthorized
Server: nginx
Date: Thu, 13 Jul 2023 08:26:49 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=5
Set-Cookie: passbolt_session=hgiioju8to9gket4jbh8d84138; path=/; secure; HttpOnly; SameSite=Lax
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
strict-transport-security: max-age=31536000; includeSubDomains
Content-Security-Policy: default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self';frame-src 'self';
{"header":{"id":"190bd2ad-0fcd-43f3-8da7-6224710685a8","status":"error","servertime":1689236809,"action":"bf1a9a51-eb99-51b3-b15a-fe21a235585c","message":"Authentication is required to continue","url":"\/resources\/3e2d6c4a-678e-402f-8726-e46be844d7f5.json","code":401},"body":""}
Any help will be appreciated.
Thanks!