In the effort to create a unified CICD process for our applications I am trying to connect to my Jenkins remote access API utilizing this (poorly documented) Jenkins-PHP API which is essentially a wrapper for the cURL functions used for accessing a remote website.
Here is my test connection:
$uname = '';
$pword = '';
$api_token = ''; // not yet used
$jenkins = new \JenkinsKhan\Jenkins("http://$uname:$pword#jenkins.svc.local/jobs");
var_dump($jenkins->isAvailable());
This returns:
bool(false)
The isAvailable() function, part of the Jenkins API class is:
public function isAvailable()
{
$curl = curl_init($this->baseUrl . '/api/json');
curl_setopt($curl, \CURLOPT_RETURNTRANSFER, 1);
curl_exec($curl);
if (curl_errno($curl)) {
return false;
} else {
try {
$this->getQueue();
} catch (RuntimeException $e) {
//en cours de lancement de jenkins, on devrait passer par là
return false;
}
}
return true;
}
EDIT: I added an echo curl_error($curl); to the conditional in the function and it returns:
Could not resolve host %mADA
NOTE: the web server I am running and the Jenkins instance are on the same network and the Jenkins instance is pingable.
I have found some unanswered question on Stack Overflow which are similar, like this one but no others which directly address the problem of connecting to the Jenkins instance.
If I change the URL string (remove the user name, replace the password with the API token, etc.) I get authentication errors at the most and a 403 (access denied) at the very least, so I feel as though I am making some headway but I am lead to believe that no real authentication occurs with the Jenkins instance.
Am I missing something obvious here? How can I make a real connection to the Jenkins remote API?
It turns out there are a couple of problems using the JenkinsKahn API class. I can only blame myself for not seeing that there had been no maintenance on the project in a year, so my current version of Jenkins wouldn't respond properly, but it did give me some hints.
Given the error was:
Could not resolve host
I started looking at the host string I was trying to access and determined that putting the user name and password in the string were making the host un-resolvable (thanks to some questions/interrogation/prodding by a good friend). Using the host string alone resulted in:
access denied (403)
First, this means I was reaching the host, but I was unable to access. Consequently I wrote some pure cURL to deal with the issue of not including the user name and password in the host string but letting cURL do the authentication.
Second, if I appended '/api/json' (according to Jenkin's docs on the subject) to the URL in my web browser I would get back a JSON string. So I made sure to include '/api/json' at the end of the URL for my cURL call.
Here is what I ended up with:
$url = "http://jenkins.svc.local/jobs/api/json";
$ch = curl_init($url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_USERPWD, "$uname:$pword");
curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTHBASIC);
$output = curl_exec($ch);
curl_close($ch);
print_r(json_decode($output, true));
This now returns the array of information I was expecting to see and interact with. All that's left to do is use the data as needed and execute commands when required.
Related
I'm using Firebase to do a small project and while testing things I discovered I can do cURL requests from any server to my Firebase Database (tested on an online php tester), so I'm considering this is a security flaw for my project and I have been looking for a method to add some kind of password for cURL requests, but I found nothing, at least nothing I could understand. I know firebase have rules to manage who can read or write on my database, but I didnt find something that could filter requests by server or only allow requests that have an special password sent as parameter.
So my question is if there is a way to do something like that I could use on my project so only cURL requests made for me would work.
Here it is one of my cURL requests, in case it helps for resolving my problem.
$url = "https://mydatabase.firebaseio.com/profile/messages/".$_COOKIE['cookiename'].".json";
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$response = curl_exec($ch);
curl_close($ch);
$data = json_decode($response, true);
Thanks in advance for helping me out.
UPDATE: I found this, I think it could be the thing I need, but Im missing the part where I tell the database to ask for the access token. https://firebase.google.com/docs/database/rest/auth
One solution is to use the Firebase Auth REST API.
In particular, "you can sign in a user with an email and password by issuing an HTTP POST request to the Auth verifyPassword endpoint", see here.
Then you can use the user's uid in your Firebase security rules, in order to protect your database.
You should read and understand the documentation for the REST API. If you want to bypass security rules that would normally apply to web and mobile users, you will need to generate an OAuth token for a service account that has permissions to access your database, and use that in your requests.
If you don't want public access to your database, you will have to set up security rules to limit that. To stop all public access, your rules should be:
{
"rules": {
".read": false,
".write": false
}
}
I had hoped this was an easy task to perform, but now that I've researched it in depth for a couple of days, the whole process seems much more complicated than I had originally thought.
I would like to create a new subdomain under mydomain.com, e.g. test123.mydomain.com, using PHP via either the WHM API 1 or cPanel API 2 and subsequently a new MySQL database to be used under that new subdomain.
I'm assuming I need to authenticate with WHM first (using a WHM remote API token?), then make the call to the appropriate API module and function, and finally check the response for success or errors. Since I'm doing this with PHP, I'm assuming I would need to do this all via curl. In the cPanel API 2 docs, I see this call:
https://hostname.example.com:2087/cpsess##########/json-api/cpanel?cpanel_jsonapi_user=user&cpanel_jsonapi_apiversion=2&cpanel_jsonapi_module=SubDomain&cpanel_jsonapi_func=addsubdomain&domain=subdomain&rootdomain=example.com&dir=%2Fpublic_html%2Fdirectory_name&disallowdot=1
Unfortunately, that's not much help since I don't have an open "cpsess" as I'm doing this via a PHP script and replacing the "cpsess##########" with an WHM remote API token doesn't work either. I've tried a handful of different methods and so far the only one I can get to work is the cPanel API 1 example for listing accounts on the server...it works perfectly, but it's on API 1 which doesn't have the module available to create subdomains:
function getUserAccountList($user,$token){
$userList = "";
$query = "https://hostname.example.com:2087/json-api/listaccts?api.version=1";
$curl = curl_init();
curl_setopt($curl, CURLOPT_SSL_VERIFYHOST,0);
curl_setopt($curl, CURLOPT_SSL_VERIFYPEER,0);
curl_setopt($curl, CURLOPT_RETURNTRANSFER,1);
$header[0] = "Authorization: whm $user:$token";
curl_setopt($curl,CURLOPT_HTTPHEADER,$header);
curl_setopt($curl, CURLOPT_URL, $query);
$result = curl_exec($curl);
$http_status = curl_getinfo($curl, CURLINFO_HTTP_CODE);
if ($http_status != 200) {
$userList = "[!] Error: " . $http_status . " returned\n";
} else {
$json = json_decode($result);
$userList.= "[+] Current cPanel users on the system:<BR><BR>";
foreach ($json->{'data'}->{'acct'} as $userdetails) {
$userList.= $userdetails->{'user'} . "<BR>";
}
}
curl_close($curl);
return $userList;
}
The question is: how do I create a new subdomain and MySQL database with a PHP script using either the WHM API 1 or cPanel API 2? Any help would be greatly appreciated!
I found a solution which works very well and takes most of the guesswork out of dealing with the different API versions available to cPanel and WHM:
https://www.codepunker.com/blog/using-php-to-create-new-subdomains-databases-and-email-accounts-on-a-cpanel-driven-server
This setup requires installing Composer, the PHP dependency manager, and the mgufrone/cpanel-whm package open sourced by Mochamad Gufron, so you'll need root access to the server to do so. On the link above is all of the information to get setup, as well as to both create a new subdomain and a MySQL database via the WHM/cPanel APIs with PHP.
In my PHP-based application, I've been using the Google oAuth 2 server-side flow for several years, and it has always worked flawlessly, until recently. I've been reading on any possible breaking API changes, but can't find any. Most questions having similar issues are several years old, so I'm asking a new question. It is particularly strange that this stopped working without any change on my end.
Below details are from my dev environment, but I'm getting similar results on production. This is the URL I use for getting the permission (not sure what the correct terminology is):
https://accounts.google.com/o/oauth2/auth?
scope=https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuserinfo.email+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuserinfo.profile&state=%2Fprofile
&redirect_uri=http%3A%2F%2Fwww.jungledragon.org%2Fapps%2Fjd4%2Fsignin%2Fgoogle%2Fcallback
&response_type=code
&client_id=652476484487.apps.googleusercontent.com
&approval_prompt=auto
This seems to work correctly. If not given already, the user indeed sees the Google screen to grant access. If the user then approves proceeds, they are redirected back to my application given the callback URL.
With permission given, the next goal is to get some user data. For this, the following code is used:
// get values from the callback URL
parse_str($_SERVER['QUERY_STRING'],$_GET);
$code = $_GET['code'];
$error = $_GET['error'];
$state = $_GET['state'];
// an error reason is returned, something went wrong
if ($error_reason) { return false; }
// our app is recognized, get access token by doing a post to the Google oAuth service
$url = 'https://accounts.google.com//o/oauth2/token';
$data =
"code=" . urlencode($code) .
"&client_id=" . $this->CI->config->item('pd_oauth_google_clientid') .
"&client_secret=" . $this->CI->config->item('pd_oauth_google_clientsecret') .
"&redirect_uri=" . urlencode($this->CI->config->item('pd_oauth_google_callbackurl')) .
"&grant_type=authorization_code";
$ch = curl_init($url);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $data);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$response = curl_exec($ch);
// check the result. anything but a 200 return code is an error
$info = curl_getinfo($ch,CURLINFO_HTTP_CODE);
if ($info!=200) { return false; }
As you can see, a CURL POST request is created with several parameters. None of the param values have changed and this has worked for years, yet now stopped working, for unknown reasons.
The particular problem is that the response of the post is the Google Error 404 (Not Found)!! page. This doesn't give me any meaningful info on what could be wrong.
Help is greatly appreciated, as this issue blocks all users on my production site that log in via Google authentication.
https://accounts.google.com//o/oauth2/token
will result in a 404
https://accounts.google.com/o/oauth2/token
will result in
{
"error" : "invalid_request"
}
No idea why your code worked for the last year you have an extra / in there
I have spent quite some time now trying to establish how, and then the best practise to push some data from my web server to the facebook page created for this purpose.
I have read and understand the process of using access tokens. I have generated an access token for myself, which can be used to post to the page as me ok. I understand this should be used to generate the access token for the page to post as the page which is a ittle more tricky. However, this process involves me logging in and generating an access token which seem inherently bad / inconvenient for an automated process.
For this reason i followed the guides to create an app. I (think I have) linked the app to the page, and thus attempt to push data via the appid and secret from my php code to the page.
When doing this I am presented with this error
{"error":{"message":"(#210) Subject must be a page.","type":"OAuthException","code":210}}
my testing code is this:
$data['picture'] = "http://www.example.com/image.jpg";
$data['link'] = "http://www.example.com/";
$data['message'] = "Your message";
$data['caption'] = "Caption";
$data['description'] = "Description";
$data['access_token'] = $app_token2;
$post_url = 'https://graph.facebook.com/'.$app_id.'/feed';
$url1 = "https://graph.facebook.com/endpoint?key=value&access_token=".$app_id."|". $app_secret ;
echo "<br>$post_url";
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $post_url);
//curl_setopt($ch, CURLOPT_URL, $url1);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $data);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$return = curl_exec($ch);
curl_close($ch);
echo "$return";
I appreciate using the app for server initiated posting using a permanent (ish) secret is the correct way, but I have found very little documentation on how this process is achieved, hence this question.
Your $post_url is pointing to your $app_id variable, the message says it should point to a page, try getting the id of your page from the /me/accounts endpoint of the graph and putting that in there instead. Though I suspect you will need to use a page access_token (also from the /me/accounts endpoint ) to post to your page
Right, I have worked on this for quite some time and found several errors in my code, but have not answered the question fully.
For starters, you do not post to the appid as mentioned above - its just wrong. The code for posting to userid/feed works when using an access token generated from appid + secret using
$url2 = "https://graph.facebook.com/oauth/access_token?client_id=".$app_id."&client_secret=". $app_secret."&grant_type=client_credentials";
this app access token is valid for as long as your app secret is. Also, if I generate a temporary access code for ME via the graph explorer, parse me/accounts manually and use the page token in
$post_url = 'https://graph.facebook.com/'.$page_id.'/feed';
It posts correctlly as the page.
Secondly, all server side call are required to have appsecret_spoof in them which is generated from
$appsecret_proof= hash_hmac('sha256', $app_token2, $app_secret);
now, according to the facebook docs, a http get call to my userid/accounts should yield page access tokens for all pages the user administers (and also presumably the app).
This can also be called directly by using
$url3 = "https://graph.facebook.com/".$page_id."?fields=access_token";
so when a get is made to this address (including app access token & appsecret_spoof) all i get is 'True' ??
Likewise, when the correct call to
$rob1 = "https://graph.facebook.com/".$user_id."/accounts";
I receive an error
{"error":{"message":"(#10) Application does not have permission for this action","type":"OAuthException","code":10}}
OK permission issue then ! Well the documentation says that only manage_pages is required to retrieve the page token from page_id/accounts, so I trawl through lots of pages and find you can do this by calling this url
https://www.facebook.com/dialog/oauth?client_id=YOUR_APP_ID&redirect_uri=https://www.facebook.com/connect/login_success.html&response_type=token&scope=read_stream
This throws up via facebook gui an accept / deny page for each scope (i ended up adding manage_pages, publish_stream & read_stream to my app) none of which seem to solve the problem !
Right sorted !! FWIW the code above functions correctly, however the way it is setup on facebook leaves a lot to be desired !!!
I began messing with my app and changed its name, type (was an app linked to the page - now isnt) removed perms and also changed the domain name (removed) and all site url details (also removed). this prompted a different error msg which stated the domains did not match. So, I readded just the app domain & site url, saved and all of a sudden my failed code started working !
Having tidied my code up a little I can now see the page access token just fine as I expected. I just wish the facebook guides would cross reference this setup as it is not at all obvious !!!
my working code ended up as thus ($perm_url is used as one time link to allow perms via gui)
$perm_url = "https://www.facebook.com/dialog/oauth?client_id=".$appid."&redirect_uri=https://www.facebook.com/connect/login_success.html&response_type=token&scope=publish_stream,manage_pages,read_stream,status_update";
echo "<br>Test";
$facebook = new Facebook(array('appId' => $appid , 'secret' => $appsecret ,));
$access_token = $facebook->getAccessToken();
$pageinfo = $facebook->api("/".$page_id."?fields=access_token");
$page_access_token = $pageinfo['access_token'];
echo "<br>Holy Grail = $page_access_token ";
I was wondering if anyone has implemented a PHP application level access to cPanel on a shared hosting provider ( in my case - Siteground). I've been looking into the documentation on the LiveAPI PHP website and it mentions that it involves managing some files in the main cPanel installation directory. I couldn't find references to any downloadable resources, so if could provide links to those and an example of how you carried out your implementation, that would be great.
I wish to programmatically (in PHP) create subdomains in cPanel and provide the respective routing directories for the same.
I found this related question but it lead to a dead end as the main PHP class link is not working
https://stackoverflow.com/questions/7549015/php-create-subdomain-over-cpanel-api
Citizen Kepler's links are now dead, and the XMLAPI at github here is deprecated.
However, combining the codes given here for authentication and here for adding a subdomain, gives us the following script which seems to work just fine on shared hosting:
<?php
$cpanelusername = "example";
$cpanelpassword = "**********";
$subdomain = 'newsubdomain';
$domain = 'example.com';
$directory = "/public_html/$subdomain"; // A valid directory path, relative to the user's home directory. Or you can use "/$subdomain" depending on how you want to structure your directory tree for all the subdomains.
$query = "https://$domain:2083/json-api/cpanel?cpanel_jsonapi_func=addsubdomain&cpanel_jsonapi_module=SubDomain&cpanel_jsonapi_version=2&domain=$subdomain&rootdomain=$domain&dir=$directory";
$curl = curl_init(); // Create Curl Object
curl_setopt($curl, CURLOPT_SSL_VERIFYPEER,0); // Allow self-signed certs
curl_setopt($curl, CURLOPT_SSL_VERIFYHOST,0); // Allow certs that do not match the hostname
curl_setopt($curl, CURLOPT_HEADER,0); // Do not include header in output
curl_setopt($curl, CURLOPT_RETURNTRANSFER,1); // Return contents of transfer on curl_exec
$header[0] = "Authorization: Basic " . base64_encode($cpanelusername.":".$cpanelpassword) . "\n\r";
curl_setopt($curl, CURLOPT_HTTPHEADER, $header); // set the username and password
curl_setopt($curl, CURLOPT_URL, $query); // execute the query
$result = curl_exec($curl);
if ($result == false) {
error_log("curl_exec threw error \"" . curl_error($curl) . "\" for $query");
// log error if curl exec fails
}
curl_close($curl);
print $result;
?>
The result should be something like this:
{"cpanelresult":{"func":"addsubdomain","event":{"result":1},"apiversion":2,"module":"SubDomain","data":[{"reason":"The subdomain “newsubdomain.example.com” has been added.","result":1}],"preevent":{"result":1},"postevent":{"result":1}}}
Then to delete the subdomain run the same script, but using this query:
$deletesub = "https://$domain:2083/json-api/cpanel?cpanel_jsonapi_func=delsubdomain&cpanel_jsonapi_module=SubDomain&cpanel_jsonapi_version=2&domain=".$subdomain.'.'.$domain."&dir=$directory"; //Note: To delete the subdomain of an addon domain, separate the subdomain with an underscore (_) instead of a dot (.). For example, use the following format: subdomain_addondomain.tld
And to remove the directory (including all its contents), run this:
$deletedir = "https://$domain:2083/json-api/cpanel?cpanel_jsonapi_module=Fileman&cpanel_jsonapi_func=fileop&op=unlink&sourcefiles=$directory";
I believe that you are not looking fte the LiveAPI since the LiveAPI is for developing inside cPAnel/WHM. The LiveAPI is for creating plugins inside the cPanel and WHM interfaces.
If you are looking to add a subdomain to your account, the JSON/XML API's are much more suited to your task. If possible use the JSON api since cPanel Docs cite it as the preferred API due to it being faster than the XML api. To add a subdomain using the JSON/XML APIs you would use the following API call:
XML:
https://domain.tld:2083/xml-api/cpanel?cpanel_xmlapi_func=addsubdomain&cpanel_xmlapi_module=SubDomain&cpanel_xmlapi_version=2&domain=sub&rootdomain=maindomain.tld
JSON:
https://domain.tld:2083/json-api/cpanel?cpanel_jsonapi_func=addsubdomain&cpanel_jsonapi_module=SubDomain&cpanel_jsonapi_version=2&domain=sub&rootdomain=maindomain.tld
In the above string the arguments that you will need to modify are:
domain (string) - The local part of the subdomain you wish to add. (e.g. 'sub' if the subdomain's is sub.example.com) This value should not include the domain with which the subdomain is associated.
rootdomain (string) - The domain to which you wish to add the subdomain.
Below is further documentation including how to integrate these API commands into your php scripts and how to authorize for the API.
http://docs.cpanel.net/twiki/bin/vief/ApiDocs/Api2/ApiSubDomain#SubDomain::addsubdomain
http://docs.cpanel.net/twiki/bin/view/SoftwareDevelopmentKit/CallingAPIFunctions
http://docs.cpanel.net/twiki/bin/view/SoftwareDevelopmentKit/XmlApi
http://docs.cpanel.net/twiki/bin/view/SoftwareDevelopmentKit/ApiAuthentication