为什么在curl中引用密码变量会导致授权失败?(Bash)

huangapple go评论76阅读模式
英文:

Why does quoting password-variable in curl lead to authorization failure? (Bash)

问题

以下是翻译好的内容:

我在bash和curl中遇到一个非常具体的问题。

我们的操作如下:

  • 从Jenkins读取密码并将其粘贴到配置文件中(我无法访问密码)。
  • 在bash中从配置文件中读取参数(主机、用户、密码等)并将其存储在变量中。
  • 使用curl将某些内容发布到数据库并将结果存储在变量中。

最近,我们将ShellCheck添加到我们的部署脚本中,因此我们需要将变量放在引号中。

这是我们想要发送的请求(经过ShellCheck批准):

result=$(curl -s -XPOST "${dbURL}" --header "Authorization: Basic $(echo -n "${dbUser}:${dbPwd}" | base64)" --data-binary "blabla")

这是我们收到的错误消息:

{"error":"authorization failed"}

如果我取消引用密码变量("${dbUser}:${dbPwd}"),它可以正常工作。但然后ShellCheck会抱怨,要求将所有变量都放在引号中。另外,在另一台具有不同密码的机器上也可以正常工作(我也无法访问该密码)。

当我使用--user username:password时情况相同。因此,问题似乎出现在密码中。

使用Google并测试不同特殊字符的过程(不使用curl)也无法解决问题。

是否有人经历过类似的情况?

编辑1:
这是来自Jenkins部署文件的摘录:

stage('config files') {
        withCredentials([string(credentialsId: "${env_params.db_password}", variable: 'db_pw')]) {
            sshagent(credentials: ["${env_params.user}"]) {
                sh "echo \"dbPwd=${db_pw}\" >> environment_variables/config.properties"

这是shell脚本存储密码的方式:

dbPwd=$(grep "^${dbPwd}" <PATH>/config.properties | cut -d "=" -f2)
英文:

I have a very specific problem with bash and curl.

What we do is:

  • reading a password from jenkins and paste it to a config-file (i don't have access to the password)
  • read parameters from config-file in bash (host, user, password, etc.) and store it in variables
  • post something with curl to a database and store the result in a variable

Recently we added shellcheck to our deploy-scripts and therefore we need to put the variables in quotes.

That's the request we want to send (shellcheck-approved):

result=$(curl -s -XPOST &quot;${dbURL}&quot; --header &quot;Authorization: Basic $(echo -n &quot;${dbUser}:${dbPwd}&quot; | base64)&quot; --data-binary &quot;blabla&quot;)

And here's the error message we get in return:

{"error":"authorization failed"}

It does work, when I unquote the password-variable ("${dbUser}":${dbPwd}). But then spellcheck complains, that I need to put all variables in quotes. Also it does work on another machine with different password (which I have no access to either).

It is the same, when I use --user username:password. So it seems like the problem lies within the password.

Using google and testing the procedure (without the curl) with different special characters couldn't solve it either.

Has anyone experienced something like this?

Edit1:
This is an extract from jenkins-deploy-file ..

stage(&#39;config files&#39;) {
        withCredentials([string(credentialsId: &quot;${env_params.db_password}&quot;, variable: &#39;db_pw&#39;)]) {
            sshagent(credentials: [&quot;${env_params.user}&quot;]) {
                sh &quot;echo \&quot;dbPwd=${db_pw}\&quot; &gt;&gt;  environment_variables/config.properties&quot;

This is how the shell script stores the password ..

dbPwd=$(grep ^&quot;$dbPwd&quot; &lt;PATH&gt;/config.properties | cut -d &quot;=&quot; -f2)

答案1

得分: 0

Thanks for your support.
It seems like there are trailing whitespaces in the password-storage.
I removed them using sed and now it works.

英文:

thanks for your support.
It seems like there are trailing whitespaces in the password-storage.
I removed them using sed and now it works.

dbPwd=$(grep ^&quot;$dbPwd&quot; &lt;PATH&gt;/config.properties | cut -d &quot;=&quot; -f2 | sed -e &#39;s/[[:space:]]*$//&#39;)

答案2

得分: -1

你可以只在另一个文件中设置密码,并使用文件的内容作为你的密码变量。

英文:

You can just set the password in another file and use the content of the file as your password variable.

huangapple
  • 本文由 发表于 2020年1月3日 22:50:03
  • 转载请务必保留本文链接:https://go.coder-hub.com/59580621.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定