0

curl put リクエストを実行しようとしていますが、サーバーのセットアップに基づいているのではないかと恐れる、自動化されていない応答が返されます。

リクエストは次のとおりです。

curl  -X PUT -v -u 'admin:adminpwd' https://myexampledomain.com/cloud/ocs/v1.php/cloud/users/pinuccio -d 'key=display' -d 'value=ajeje' -H "OCS-APIRequest: true"

私が受け取る応答は、自動化されていない (401) です。これは詳細ログです。

*   Trying 127.0.1.1...
* TCP_NODELAY set
* Connected to myexampledomain.com (127.0.1.1) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/certs/ca-certificates.crt
  CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS Unknown, Certificate Status (22):
* TLSv1.3 (IN), TLS handshake, Unknown (8):
* TLSv1.3 (IN), TLS Unknown, Certificate Status (22):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS Unknown, Certificate Status (22):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS Unknown, Certificate Status (22):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Client hello (1):
* TLSv1.3 (OUT), TLS Unknown, Certificate Status (22):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN, server accepted to use http/1.1
* Server certificate:
*  subject: CN=myexampledomain.com
*  start date: May  1 17:18:35 2020 GMT
*  expire date: Jul 30 17:18:35 2020 GMT
*  subjectAltName: host "myexampledomain.com" matched cert's "myexampledomain.com"
*  issuer: C=US; O=Let's Encrypt; CN=Let's Encrypt Authority X3
*  SSL certificate verify ok.
* Server auth using Basic with user 'admin'
* TLSv1.3 (OUT), TLS Unknown, Unknown (23):
> PUT /cloud/ocs/v1.php/cloud/users/pinuccio HTTP/1.1
> Host: mydomain.com
> Authorization: Basic YWRtaW46QzRsMW0zcjA=
> User-Agent: curl/7.58.0
> Accept: */*
> OCS-APIRequest: true
> Content-Length: 23
> Content-Type: application/x-www-form-urlencoded
> 
* upload completely sent off: 23 out of 23 bytes
* TLSv1.3 (IN), TLS Unknown, Certificate Status (22):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.3 (IN), TLS Unknown, Certificate Status (22):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.3 (IN), TLS Unknown, Unknown (23):
< HTTP/1.1 401 Unauthorized
< Date: Tue, 30 Jun 2020 14:07:28 GMT
< Server: Apache/2.4.29 (Ubuntu)
< Strict-Transport-Security: max-age=15552000; includeSubDomains
< X-Content-Type-Options: nosniff
< X-XSS-Protection: 1; mode=block
< X-Robots-Tag: none
< X-Frame-Options: SAMEORIGIN
< X-Download-Options: noopen
< X-Permitted-Cross-Domain-Policies: none
< Set-Cookie: oczw6f5q1725=a8va678tu6ifnku9qqb8ad6g9r; path=/cloud; secure; HttpOnly
< Expires: Thu, 19 Nov 1981 08:52:00 GMT
< Cache-Control: no-store, no-cache, must-revalidate
< Pragma: no-cache
< Set-Cookie: oc_sessionPassphrase=aX2nBbeRkkjX2AOsL9pWoxCcB5vvtdiR4wT9UtOAxfM61oVxCX5LvX02eZkNSfqUPekCdo20A65%2BplZBgHQo%2FyaVQdiQ42d7O4TAqyWpsx8f3gBAeNV%2B2EphYBGNxLmW; path=/cloud; secure; HttpOnly
< Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; frame-src *; img-src * data: blob:; font-src 'self' data:; media-src *; connect-src *
< Set-Cookie: oczw6f5q1725=0h8mkv831pq6aukvoivr7gf5t2; path=/cloud; secure; HttpOnly
< Set-Cookie: cookie_test=test; expires=Tue, 30-Jun-2020 15:07:28 GMT; Max-Age=3600
< Set-Cookie: oc_username=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/cloud; secure; HttpOnly
< Set-Cookie: oc_token=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/cloud; secure; HttpOnly
< Set-Cookie: oc_remember_login=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/cloud; secure; HttpOnly
< Set-Cookie: oc_username=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/cloud/; secure; HttpOnly
< Set-Cookie: oc_token=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/cloud/; secure; HttpOnly
< Set-Cookie: oc_remember_login=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/cloud/; secure; HttpOnly
< Set-Cookie: oczw6f5q1725=pi2oc8f3cgut57emv2ikflsooq; path=/cloud; secure; HttpOnly
< Set-Cookie: oczw6f5q1725=4hhk94mvb1l6j6re7qi9v68kjo; path=/cloud; secure; HttpOnly
* Authentication problem. Ignoring this.
< WWW-Authenticate: Basic realm="Authorisation Required"
< Access-Control-Allow-Origin: https://myexampledomain.com/cloud
< Content-Length: 132
< Content-Type: text/xml; charset=UTF-8
< 
* TLSv1.3 (IN), TLS Unknown, Unknown (23):

失敗したログからはわかりません。誰でも理解するのを手伝ってもらえますか? APIが実行されているサーバーから直接リクエストを実行しています。mydomain.com/cloud の CORS 許可も追加しましたが、何も変わりませんでした。

同じ API で、基本認証なしで POST リクエストを実行できます。その要求はスムーズに実行されます。ある時点で TLS1.3 が認証を維持できないように見えます...

これは API ドキュメントです:ユーザー プロビジョニング API - ユーザーの編集

4

1 に答える 1