Please login or register to participate.
stefan_v Jul 06, 2010 03:10 PM
Is it possible to call a file directly in the cynapse without getting the login-screen?
The Login-data is already in a native client, but if you call the url of the file, the browser redirects on the login-screen.
I already tried to call the site with http://username:passwd@file-url, but it also didn't work.
Is there a hash, I can submit in the url to authorize the person?
(for Example: http://file-url?userhash=md5userhashfromXMLRPC-API)
Thanks a lot.
Replies (4)
dhiraj Jul 06, 2010 03:28 PM
Yes, this is possible.

The http://username:passwd@file-url trick doesn't work because, by default, will not issue a challenge response on access, since the Cookie authentication PAS plugin is at higher priority and it must redirect to the login page in this case. For "proper" success with the above URI authentication, your client would need to send the user&pass without the challenge, in which case, it actually works, btw! Are you trying authenticated direct URL in your web browser? That will just about *never* work, in most modern day browsers. Trying curl, or wget might actually get you more success.

Anyways, we use a redirected login technique in the desktop from the ubify.xmlrpc package to get the filestream directly, you can use the same.
The browser:page responsible for this is in and it comes up at /basic_login, it will challenge with a proper BASIC AUTH challenge, and on success will redirect back to the value passed in via a ?back=<your end url here> argument in the URL querystring.

So suppose your site runs on the domain http://cynindomain and you want to get a file called myfile.doc which is in the Home space, your end url would be formed by adding (and I'm writing it this way because the comment transform on this comment will "do" the URL:
http:// + user:pass + cynindomain + /basic_login?back= + http:// + cynindomain + /home + /myfile.doc

Try that out, see if it works. You might have to play with the URL encoding if you arrive at a slightly off URL, etc. Also, if you're accessing without using the Apache rewriting proxy (i.e. at the direct port 8080, for example, then substitute appropriate changes in the URL).
stefan_v Jul 07, 2010 08:54 AM
I just tried http://user:passwd@cynapseurl/basic_login?back=http//fileurl(URLencoding), but it didn't work.
Did I make an error?

I also tried to do it with a form instead of a normal link.
Link: http://cynapseurl/basic_login?back=http//fileurl(URLencoding)
Formelements: __ac_name & __ac_password
If I try this, I will logon but without access to the called file (not authorized).

Any other solutions?
dhiraj Jul 07, 2010 10:54 AM
Hmm... what happens when you try the pre-authenticated URL? Are you getting redirected to a URL after authenticating, is the authentication failing, or is there an error?

The HTTP POST form authentication can also work, (I'm not sure at the immediate moment whether it's back=url or some other name for the form auth, though. Did it redirect?). Also, make sure that your native client that is attempting the form auth is accepting and resending the auth cookie after the redirect, else you'll get the insufficient privileges error that you're getting.

You should probably try the pre-authenticated url method in the browser, or with wget or curl first before you directly attempt it in code, that way you'll be able to diagnose it better. If you do it with wget, you can open up the downloaded file (if it's HTML you can see the contents of the page to see what happened, if it's binary then you've gotten the file - you succeeded!)
badgeriashwin Apr 02, 2014 11:08 AM
The wget DOS command doesnt seem to work. I wanted a particular file YACHIKA.pdf . When I type wget http://user:pasword@urlWithFIleName. It simply gives us the index.html file with the modified name of require_login@came_from=http%3A%2F%2F192.168.1.9%2Fhome%2Fregistered-users%2FYACHIKA.pdf.
What is the correct format of the wget command?
Please help.