Git Product home page Git Product logo

Comments (8)

mpern avatar mpern commented on May 19, 2024 2

Thank you for taking the time to find a workaround.

One other thing came to mind:

Try using --location-trusted (send Authorization header on every redirect) instead of -L and see if it changes the behaviour.

Background:

from commerce-gradle-plugin.

aepfli avatar aepfli commented on May 19, 2024 
BASIC_AUTH="$(echo -n "${SAP_USER_ID}:${SAP_PASSWORD}" | base64)"

curl -L -v -b cookies.txt  \
	-H "Authorization: Basic $BASIC_AUTH" \
	-o "download.file" \
	"https://softwaredownloads.sap.com/file/${SAP_FILE_ID}"

this is the magic i am using

from commerce-gradle-plugin.

mpern avatar mpern commented on May 19, 2024

Hm, that's strange.

I just ran a little test on my end using exactly the script you provided and I can download 2011.8 without a hitch.

Some food for thought:

  • Have you tested the particular S-User in the browser too?
  • Missing shell escaping?
  • Try using -u "$SAP_USER_ID:$SAP_PASSWORD" instead of building the Auth header manually. Maybe it helps?

A couple of redirects until the download actually starts are expected though.

SAP_USER_ID='S0123456789'
SAP_PASSWORD='<redacted>'
SAP_FILE_ID='0020000000820402021'

curl -L -v -b cookies.txt  \
    -u "$SAP_USER_ID:$SAP_PASSWORD" \
    -o "download.file" \
    "https://softwaredownloads.sap.com/file/${SAP_FILE_ID}"

from commerce-gradle-plugin.

aepfli avatar aepfli commented on May 19, 2024

here is the strange thing, the basic auth header, the url everything is the same when i am inspecting the log closely. So i do not assume it has something to do with the Script or the data.

This is the log from locally:

> GET /file/0020000000820402021 HTTP/1.1
> Host: softwaredownloads.sap.com
> User-Agent: curl/7.61.1
> Accept: */*
> Authorization: Basic <stripped>

< HTTP/1.1 302 Found
< Date: Mon, 21 Jun 2021 13:46:35 GMT
* Added cookie JSESSIONID=<stripped> for domain softwaredownloads.sap.com, path /, expire 0
< Set-Cookie: JSESSIONID=<stripped> Path=/; Secure; HttpOnly
< Expires: Thu, 01 Jan 1970 00:00:00 GMT
< Strict-Transport-Security: max-age=31536000; includeSubDomains
< Location: https://softwaredownloads.sap.com/?file=0020000000820402021&downloadId=05672df4-7d4d-4599-b9d1-fc9f35a9ada7
< DownloadId: 05672df4-7d4d-4599-b9d1-fc9f35a9ada7
< Content-Type: text/html;charset=utf-8
< Transfer-Encoding: chunked
< Server: SAP Software Download

compared to CI system:

> GET /file/0020000000820402021 HTTP/1.1
> Host: softwaredownloads.sap.com
> User-Agent: curl/7.61.1
> Accept: */*
> Authorization: Basic <stripped>

< HTTP/1.1 302 Moved Temporarily
< Server: AkamaiGHost
< Content-Length: 0
< Location: https://origin.softwaredownloads.sap.com/tokengen/?file=0020000000820402021
< Expires: Wed, 23 Jun 2021 08:48:43 GMT
< Cache-Control: max-age=0, no-cache, no-store
< Pragma: no-cache
< Date: Wed, 23 Jun 2021 08:48:43 GMT
< Connection: keep-alive
< Strict-Transport-Security: max-age=31536000

Might this be related to the machines hosted in GCP and a special treatment on Akamai?
After the temporarly moved, i am getting forwarded to the token page (but without my auth header) and i get a form which points me to the SSO page.

<?xml version="1.0"?>
<!DOCTYPE html>
<html>
    <head>
        <meta charset="utf-8"/>
            </head>
    <body onload="document.forms[0].submit()">
        <noscript>
            <p>
                <strong>Note:</strong> Since your browser does not support JavaScript,
                you must press the Continue button once to proceed.
            </p>
        </noscript>
        
        <form action="https://accounts.sap.com/saml2/idp/sso" method="post">
            <div>
                <input type="hidden" name="RelayState" value="https://origin.softwaredownloads.sap.com/tokengen/?file=0020000000820402021"/>                
                <input type="hidden" name="SAMLRequest" value="<stripped>"/>                
                                
            </div>
            <noscript>
                <div>
                    <input type="submit" value="Continue"/>
                </div>
            </noscript>
        </form>
            </body>
</html>

i even tried to do the login via curl and mimic the redirect functionality, but that is not as easy as i hoped it will be. (after providing the j_username i get an error that it was not successful, and i should clean everything and start over)

Worst case i thought about tunneling my request through another machine, eg. mine to see if this works, to verify my GCP IP theory - but that is some effort, i am not sure i currently have time for :)

from commerce-gradle-plugin.

mpern avatar mpern commented on May 19, 2024

At that stage, your guess is as good as mine.

But maybe there is some IP filtering going on, I honestly don't know.

For me at takes 2 redirects until I end up at the file. Do you cache any cookies by chance?

from commerce-gradle-plugin.

aepfli avatar aepfli commented on May 19, 2024

from commerce-gradle-plugin.

aepfli avatar aepfli commented on May 19, 2024

it seems like i managed to bypass this by first calling the token endpoint manually.

BASIC_AUTH="$(echo -n "${SAP_USER_ID}:${SAP_PASSWORD}" | base64)"

curl -L -v -b cookies.txt  -c cookie.txt \
	-H "Authorization: Basic $BASIC_AUTH" \
	-o "download.file" \
	"https://origin.softwaredownloads.sap.com/tokengen/?file=${SAP_FILE_ID}"

curl -L -v -b cookies.txt  -c cookie.txt \
	-H "Authorization: Basic $BASIC_AUTH" \
	-o "download.file" \
	"https://softwaredownloads.sap.com/file/${SAP_FILE_ID}"

from commerce-gradle-plugin.

aepfli avatar aepfli commented on May 19, 2024

as i found i workarround i close this ticket - thank you @mpern for your support

from commerce-gradle-plugin.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.