From a4a5c78c01f679f4b1844ba5de470b823dfa52ba Mon Sep 17 00:00:00 2001 From: Dietmar Maurer Date: Mon, 18 Feb 2019 11:01:49 +0100 Subject: [PATCH] src/client/http_client.rs: send csrf token --- src/client/http_client.rs | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/src/client/http_client.rs b/src/client/http_client.rs index eca17520..a7bea2d2 100644 --- a/src/client/http_client.rs +++ b/src/client/http_client.rs @@ -82,7 +82,7 @@ impl HttpClient { let path = path.trim_matches('/'); let url: Uri = format!("https://{}:8007/{}", self.server, path).parse()?; - let ticket = self.login()?; + let (ticket, _token) = self.login()?; let enc_ticket = percent_encode(ticket.as_bytes(), DEFAULT_ENCODE_SET).to_string(); @@ -96,7 +96,7 @@ impl HttpClient { Self::run_request(request) } - fn login(&self) -> Result { + fn login(&self) -> Result<(String, String), Error> { let url: Uri = format!("https://{}:8007/{}", self.server, "/api2/json/access/ticket").parse()?; @@ -123,8 +123,12 @@ impl HttpClient { Some(t) => t, None => bail!("got unexpected respose for login request."), }; + let token = match auth_res["data"]["CSRFPreventionToken"].as_str() { + Some(t) => t, + None => bail!("got unexpected respose for login request."), + }; - Ok(ticket.to_owned()) + Ok((ticket.to_owned(), token.to_owned())) } pub fn upload(&self, content_type: &str, body: Body, path: &str) -> Result { @@ -132,7 +136,7 @@ impl HttpClient { let path = path.trim_matches('/'); let url: Uri = format!("https://{}:8007/{}", self.server, path).parse()?; - let ticket = self.login()?; + let (ticket, token) = self.login()?; let enc_ticket = percent_encode(ticket.as_bytes(), DEFAULT_ENCODE_SET).to_string(); @@ -141,6 +145,7 @@ impl HttpClient { .uri(url) .header("User-Agent", "proxmox-backup-client/1.0") .header("Cookie", format!("PBSAuthCookie={}", enc_ticket)) + .header("CSRFPreventionToken", token) .header("Content-Type", content_type) .body(body)?;