This is probably going to be a very naive question, so bear with me.
I'm trying my hand at an AuthFAS plugin for Drupal. As part of that
code, I'm trying to verify the setting of a FAS instance URL, by using
curl to hit https://<URL>/json/ (like
https://admin.fedoraproject.org/accounts/json/). I give the
administrator an opportunity to enter FAS credentials to be used in
the curl process.
The code is found here (in the authfas_admin_validate() function):
If I'm at a browser and I hit https://admin.fp.o/accounts/json/
directly, I have to enter my username/passphrase, and then I get a
JSON result that includes a 'help' element, which is what I'm checking
for in the code. This is sort of an optional step, really. I wanted to
make it possible for people to know if they made a typo in the URL.
But if I have to drop that validation step, and simply depend on the
admin to get it right, that's probably acceptable. Maybe I'm trying to
be too clever.
In any case, regardless of the username and password I use, I don't
get back a positive result. It's possible that's because I'm getting a
login or some sort of CSRF intermediary request. I confess I haven't
had a ton of time to dig deeply into the problem. I was hoping someone
here would be able to say, "Here's something you need to do if you're
using curl like that...". The curl code here is drawn from the
original Auth_FAS.php on the wiki, but I'm not sure if the changes I
made are all kosher.
Any help appreciated!
infrastructure mailing list