API: Expected CSRF token not found. Has your session expired?

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

API: Expected CSRF token not found. Has your session expired?

ruz76
Hi all,

I am returning back to the GN after some time and found some interesting
tools like API.
I would like to POST XML file via API. I have followed the example on
Swagger and I am able to get the token and the authorization is confirmed.

curl -X POST -H "X-XSRF-TOKEN: $TOKEN" --user $CATALOGUSER:$CATALOGPASS -b
/tmp/cookie "$CATALOG/srv/eng/info?type=me"

<?xml version="1.0" encoding="UTF-8"?>
<info>
  <me authenticated="true">
    <profile>Administrator</profile>
    <username>admin</username>
    <id>1</id>
    <name>admin</name>
    <surname>admin</surname>
    <email></email>
    <organisation />
    <hash>c65870a7a1de222423a624b1a73e4da7</hash>
  </me>
  <env>
    <baseURL>/geonetwork</baseURL>
    <node>srv</node>
  </env>
</info>

When I try to upload metadata from XML file:
curl -X POST
"$CATALOG/srv/api/0.1/records?metadataType=METADATA&uuidProcessing=NOTHING&rejectIfInvalid=false&publishToAll=false&assignToCatalog=false&transformWith=_none_"
-H "accept: application/json" -H "Content-Type: application/json" -H
"X-XSRF-TOKEN: $TOKEN" -d @sample.xml

I got an error that as I understand the GN does not know about the token or
does not know that the token has been associated with the logged user.

Message: Expected CSRF token not found. Has your session expired?

I have tried a lot of things, but nothing worked for me.

This is a fresh copy of GN 3.10.6.

Any help appreciated

Jan Růžička, Ph.D.
freelancer, researcher and volontaire
Geoinformatics
tel: +420 775 032 091
e-mail: [hidden email] <http://jan.ruzicka.vsb.cz/>
http://github.com/ruz76/
http://gismentors.eu/
http://dolnilhota.info/
http://1jcbo.cz/

_______________________________________________
GeoNetwork-users mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/geonetwork-users
GeoNetwork OpenSource is maintained at http://sourceforge.net/projects/geonetwork
Reply | Threaded
Open this post in threaded view
|

Re: API: Expected CSRF token not found. Has your session expired?

Juan Luis Rodríguez Ponce
Hi Jan,

probably you are missing the cookie in your request. Check the example at
https://www.geonetwork-opensource.org/manuals/trunk/en/api/the-geonetwork-api.html#using-the-api-to-apply-an-xsl-process

Your second request should be

curl -X POST
"$CATALOG/srv/api/0.1/records?metadataType=METADATA&uuidProcessing=NOTHING&rejectIfInvalid=false&publishToAll=false&assignToCatalog=false&transformWith=_none_"
-H "accept: application/json" -H "Content-Type: application/json" -H
"X-XSRF-TOKEN: $TOKEN" -d @sample.xml -b /tmp/cookie

On Wed, Mar 17, 2021 at 1:51 PM Jan Růžička <[hidden email]>
wrote:

> Hi all,
>
> I am returning back to the GN after some time and found some interesting
> tools like API.
> I would like to POST XML file via API. I have followed the example on
> Swagger and I am able to get the token and the authorization is confirmed.
>
> curl -X POST -H "X-XSRF-TOKEN: $TOKEN" --user $CATALOGUSER:$CATALOGPASS -b
> /tmp/cookie "$CATALOG/srv/eng/info?type=me"
>
> <?xml version="1.0" encoding="UTF-8"?>
> <info>
>   <me authenticated="true">
>     <profile>Administrator</profile>
>     <username>admin</username>
>     <id>1</id>
>     <name>admin</name>
>     <surname>admin</surname>
>     <email></email>
>     <organisation />
>     <hash>c65870a7a1de222423a624b1a73e4da7</hash>
>   </me>
>   <env>
>     <baseURL>/geonetwork</baseURL>
>     <node>srv</node>
>   </env>
> </info>
>
> When I try to upload metadata from XML file:
> curl -X POST
>
> "$CATALOG/srv/api/0.1/records?metadataType=METADATA&uuidProcessing=NOTHING&rejectIfInvalid=false&publishToAll=false&assignToCatalog=false&transformWith=_none_"
> -H "accept: application/json" -H "Content-Type: application/json" -H
> "X-XSRF-TOKEN: $TOKEN" -d @sample.xml
>
> I got an error that as I understand the GN does not know about the token or
> does not know that the token has been associated with the logged user.
>
> Message: Expected CSRF token not found. Has your session expired?
>
> I have tried a lot of things, but nothing worked for me.
>
> This is a fresh copy of GN 3.10.6.
>
> Any help appreciated
>
> Jan Růžička, Ph.D.
> freelancer, researcher and volontaire
> Geoinformatics
> tel: +420 775 032 091
> e-mail: [hidden email] <http://jan.ruzicka.vsb.cz/>
> http://github.com/ruz76/
> http://gismentors.eu/
> http://dolnilhota.info/
> http://1jcbo.cz/
>
> _______________________________________________
> GeoNetwork-users mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/geonetwork-users
> GeoNetwork OpenSource is maintained at
> http://sourceforge.net/projects/geonetwork
>


--










*Vriendelijke groeten / Kind regards,Juan Luis Rodríguez.
<http://www.geocat.net/>Veenderweg 136721 WD BennekomThe NetherlandsT: +31
(0)318 416664 <+31318416664>Please consider the environment before printing
this email.*

_______________________________________________
GeoNetwork-users mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/geonetwork-users
GeoNetwork OpenSource is maintained at http://sourceforge.net/projects/geonetwork
Reply | Threaded
Open this post in threaded view
|

Re: API: Expected CSRF token not found. Has your session expired?

Juan Luis Rodríguez Ponce
It seems you need -c parameter too:

curl -X POST \
"$CATALOG/srv/api/0.1/records?metadataType=METADATA&uuidProcessing=NOTHING&rejectIfInvalid=false&publishToAll=false&assignToCatalog=false&transformWith=_none_"
\
-H "accept: application/json" -H "Content-Type: application/json" \
-H "X-XSRF-TOKEN: $TOKEN" -d @sample.xml -c /tmp/cookie -b /tmp/cookie

On Thu, Mar 25, 2021 at 9:03 AM Juan Luis Rodríguez Ponce <
[hidden email]> wrote:

> Hi Jan,
>
> probably you are missing the cookie in your request. Check the example at
> https://www.geonetwork-opensource.org/manuals/trunk/en/api/the-geonetwork-api.html#using-the-api-to-apply-an-xsl-process
>
> Your second request should be
>
> curl -X POST
>
> "$CATALOG/srv/api/0.1/records?metadataType=METADATA&uuidProcessing=NOTHING&rejectIfInvalid=false&publishToAll=false&assignToCatalog=false&transformWith=_none_"
> -H "accept: application/json" -H "Content-Type: application/json" -H
> "X-XSRF-TOKEN: $TOKEN" -d @sample.xml -b /tmp/cookie
>
> On Wed, Mar 17, 2021 at 1:51 PM Jan Růžička <[hidden email]>
> wrote:
>
>> Hi all,
>>
>> I am returning back to the GN after some time and found some interesting
>> tools like API.
>> I would like to POST XML file via API. I have followed the example on
>> Swagger and I am able to get the token and the authorization is confirmed.
>>
>> curl -X POST -H "X-XSRF-TOKEN: $TOKEN" --user $CATALOGUSER:$CATALOGPASS -b
>> /tmp/cookie "$CATALOG/srv/eng/info?type=me"
>>
>> <?xml version="1.0" encoding="UTF-8"?>
>> <info>
>>   <me authenticated="true">
>>     <profile>Administrator</profile>
>>     <username>admin</username>
>>     <id>1</id>
>>     <name>admin</name>
>>     <surname>admin</surname>
>>     <email></email>
>>     <organisation />
>>     <hash>c65870a7a1de222423a624b1a73e4da7</hash>
>>   </me>
>>   <env>
>>     <baseURL>/geonetwork</baseURL>
>>     <node>srv</node>
>>   </env>
>> </info>
>>
>> When I try to upload metadata from XML file:
>> curl -X POST
>>
>> "$CATALOG/srv/api/0.1/records?metadataType=METADATA&uuidProcessing=NOTHING&rejectIfInvalid=false&publishToAll=false&assignToCatalog=false&transformWith=_none_"
>> -H "accept: application/json" -H "Content-Type: application/json" -H
>> "X-XSRF-TOKEN: $TOKEN" -d @sample.xml
>>
>> I got an error that as I understand the GN does not know about the token
>> or
>> does not know that the token has been associated with the logged user.
>>
>> Message: Expected CSRF token not found. Has your session expired?
>>
>> I have tried a lot of things, but nothing worked for me.
>>
>> This is a fresh copy of GN 3.10.6.
>>
>> Any help appreciated
>>
>> Jan Růžička, Ph.D.
>> freelancer, researcher and volontaire
>> Geoinformatics
>> tel: +420 775 032 091
>> e-mail: [hidden email] <http://jan.ruzicka.vsb.cz/>
>> http://github.com/ruz76/
>> http://gismentors.eu/
>> http://dolnilhota.info/
>> http://1jcbo.cz/
>>
>> _______________________________________________
>> GeoNetwork-users mailing list
>> [hidden email]
>> https://lists.sourceforge.net/lists/listinfo/geonetwork-users
>> GeoNetwork OpenSource is maintained at
>> http://sourceforge.net/projects/geonetwork
>>
>
>
> --
>
>
>
>
>
>
>
>
>
>
> *Vriendelijke groeten / Kind regards,Juan Luis Rodríguez.
> <http://www.geocat.net/>Veenderweg 136721 WD BennekomThe NetherlandsT: +31
> (0)318 416664 <+31318416664>Please consider the environment before printing
> this email.*
>


--










*Vriendelijke groeten / Kind regards,Juan Luis Rodríguez.
<http://www.geocat.net/>Veenderweg 136721 WD BennekomThe NetherlandsT: +31
(0)318 416664 <+31318416664>Please consider the environment before printing
this email.*

_______________________________________________
GeoNetwork-users mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/geonetwork-users
GeoNetwork OpenSource is maintained at http://sourceforge.net/projects/geonetwork