Using REST with CLI using curl .... help needed
Hi ! I need simple add/delete member to list using rest ..... but all documentation is for python and not helpfull for me, .... and I need these in CLI using curl command ....
To add member using CLI i tried this command:
curl -d "{'list_id' : 'list.domain.com', 'subscriber' : 'user@email.com'}" -H 'Content-Type: application/json' --user restadmin:restpass http://localhost:8001/3.0/members
and I got this response: Missing parameters: list_id, subscriber
What is wrong in above command here ? ..... I need to add user: user@email.com to list: list@domain.com Also, if someone is willing to give example: delete user: user@email.com from list: list@domain.com
I actually create PHP application .... but CLI example is easy to reproduce in PHP
function AddUserToList($user,$lista) { $url = 'http://llocalhost:8001/3.0'; $request_url = $url . '/members'; $data = array("list_id" => $lista,"subscriber" => $user ); $postdata = json_encode($data); $ch = curl_init($request_url); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_USERPWD, "restadmin:restpass"); curl_setopt($ch, CURLOPT_POST, 1); curl_setopt($ch, CURLOPT_POSTFIELDS, $postdata); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1); curl_setopt($ch, CURLOPT_HTTPHEADER, array('Content-Type: application/json')); $result = curl_exec($ch); curl_close($ch); print_r ($result); }
AddUserToList('user@email.com','list.domain.com');
On 12/8/20 2:01 AM, Krešimir Mihalj wrote:
Hi ! I need simple add/delete member to list using rest ..... but all documentation is for python and not helpfull for me, .... and I need these in CLI using curl command ....
Have you seen <https://docs.mailman3.org/projects/mailman/en/latest/src/mailman/rest/docs/r...>
To add member using CLI i tried this command:
curl -d "{'list_id' : 'list.domain.com', 'subscriber' : 'user@email.com'}" -H 'Content-Type: application/json' --user restadmin:restpass http://localhost:8001/3.0/members
Try this:
curl --user restadmin:restpass --data-raw 'list_id=list.domain.com&subscriber=user@email.com' http://localhost:8001/3.0/members
Also, if someone is willing to give example: delete user: user@email.com from list: list@domain.com
First find the member_id with something like
curl -urestadmin:restpass http://localhost:8001/3.0/lists/list.domain/member/user@email.com
which will return json including the value of member_id
Then you can do
curl -urestadmin:restpass -X DELETE http://localhost:8001/3.0/members/xxxx
where xxx is the member_id.
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
I have this working:
#!/bin/bash H="http://lists.mysite.org/admin.cgi/newsletter-mysite.org/members" case $1 in 'add') curl "$H/add?subscribees=$2&adminpw=verysecret" ;; 'del') curl "$H/del?subscribees=$2&adminpw=verysecret" ;; esac
and scan the return for "Successfully [Un]subscribed"
chucka@blackforest-co.com writes:
I have this working:
#!/bin/bash H="http://lists.mysite.org/admin.cgi/newsletter-mysite.org/members"
You are aware that this "http:" leaves you open to various attacks that allow third parties to read your adminpw? If possible you should change this to https.
case $1 in 'add') curl "$H/add?subscribees=$2&adminpw=verysecret" ;; 'del') curl "$H/del?subscribees=$2&adminpw=verysecret" ;; esac
and scan the return for "Successfully [Un]subscribed"
Great! Thanks for the update.
Steve
On 2/24/22 18:21, chucka@blackforest-co.com wrote:
I have this working:
#!/bin/bash H="http://lists.mysite.org/admin.cgi/newsletter-mysite.org/members" case $1 in 'add') curl "$H/add?subscribees=$2&adminpw=verysecret" ;; 'del') curl "$H/del?subscribees=$2&adminpw=verysecret" ;; esac
and scan the return for "Successfully [Un]subscribed"
Since the above is MM 2.1 I'm assuming you are asking how to do the above in MM 3 via REST. Here are some examples:
To add a single user
curl -urestadmin:restpass
--request POST
-H 'Content-Type: application/json'
--data-binary '{"list_id": "list.example.com",
"subscriber": "user@example.net",
"display_name": "Joe User",
"pre_verified": true,
"pre_confirmed": true,
"pre_approved": true}'
http://localhost:8001/3.1/members
Response is empty or a JSON object describing the error.
To delete a single user:
curl -urestadmin:restpass
--request DELETE
http://localhost:8001/3.1/lists/list.example.com/member/user@example.net
Response as above
To delete a list of users:
curl -urestadmin:restpass
--request DELETE
-H 'Content-Type: application/json'
--data-binary '{"emails": ["user@example.net","other@example.org"]}'
http://localhost:8001/3.1/lists/list.example.com/roster/member
Response is a JSON object similar to
{"user@example.net": true, "other@example.org": false, "http_etag": "\"...\""}
where success or failure is indicated by a true or false value for each address or a JSON object describing the error if any.
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
Hey everyone,
I have the same usecase as Krešimir and tried the example of Mark. So in mailman.cfg I set hostname to "https://lists.mydomain.org" and then fire this command
curl -urestadmin:mypw --referer https://lists.mydomain.org --request POST -H 'Content-Type: application/json' --data-binary '{"list_id": "thelist.lists.mydomain.org", "subscriber": "user@example.net", "display_name": "Joe User", "pre_verified": true, "pre_confirmed": true, "pre_approved": true}' https://lists.mydomain.org/mailman3/postorius/lists/thelist.lists.mydomain.o...
But then I get a CSRF-warning. Do I now have to get the token and put it in my POST or is there an easier way to do this?
cheers, Michael
kontakt@michaelbakonyi.de writes:
I have the same usecase as Krešimir and tried the example of Mark. So in mailman.cfg I set hostname to "https://lists.mydomain.org" and then fire this command
I don't recall this, and unfortunately Mark is on vacation and completely offline until mid-September, except for maybe a couple days next week.
curl -urestadmin:mypw --referer https://lists.mydomain.org --request POST -H 'Content-Type: application/json' --data-binary '{"list_id": "thelist.lists.mydomain.org", "subscriber": "user@example.net", "display_name": "Joe User", "pre_verified": true, "pre_confirmed": true, "pre_approved": true}' https://lists.mydomain.org/mailman3/postorius/lists/thelist.lists.mydomain.o...
But then I get a CSRF-warning. Do I now have to get the token and put it in my POST or is there an easier way to do this?
As far as *I* know there's no way to avoid the CSRF warning. If that means you can't get the response data you need, you will have to do the CSRF two-step.
With luck maybe Mark will see this in a few days but I think he's going to be busy preparing the 2d half of his trip.
Regards, Steve
Dear Stephen,
allright, thx a lot for your quick answer! After fiddling around some more time, I guess I had some misunderstandings regarding the REST-API. I guess if we reach the API correctly, we will not be confronted with the CSRF-Error. We will continue to try but nevertheless: What would be a cleaner approach to reach the API from an external IP? I didn't found any examples in the web so far.
Cheers, Michael
Am 24.08.2022/ 34 um 14:27 schrieb Stephen J. Turnbull <stephenjturnbull@gmail.com>:
kontakt@michaelbakonyi.de writes:
I have the same usecase as Krešimir and tried the example of Mark. So in mailman.cfg I set hostname to "https://lists.mydomain.org" and then fire this command
I don't recall this, and unfortunately Mark is on vacation and completely offline until mid-September, except for maybe a couple days next week.
curl -urestadmin:mypw --referer https://lists.mydomain.org --request POST -H 'Content-Type: application/json' --data-binary '{"list_id": "thelist.lists.mydomain.org", "subscriber": "user@example.net", "display_name": "Joe User", "pre_verified": true, "pre_confirmed": true, "pre_approved": true}' https://lists.mydomain.org/mailman3/postorius/lists/thelist.lists.mydomain.o...
But then I get a CSRF-warning. Do I now have to get the token and put it in my POST or is there an easier way to do this?
As far as *I* know there's no way to avoid the CSRF warning. If that means you can't get the response data you need, you will have to do the CSRF two-step.
With luck maybe Mark will see this in a few days but I think he's going to be busy preparing the 2d half of his trip.
Regards, Steve
Michael Bakonyi writes:
allright, thx a lot for your quick answer! After fiddling around some more time, I guess I had some misunderstandings regarding the REST-API. I guess if we reach the API correctly, we will not be confronted with the CSRF-Error. We will continue to try but nevertheless: What would be a cleaner approach to reach the API from an external IP? I didn't found any examples in the web so far.
If you mean the core REST API, you won't find any useful examples on the Internet. Anything you do find should be considered a form of self-harm and/or an insider threat. Access to the REST API is not securely authenticated, and therefore should never be exposed to the Internet. This API is expected to be contained either to localhost, or to a subnet behind a firewall that prohibits access to that port except from the host(s) serving HyperKitty and/or Postorius. If that's what you're trying to do, I would suggest a secure tunnel (not a generic VPN, but a specific tunnel to the API port).
If you're talking about the Django administrative API to Postorius, you'll probably get a better answer faster from Django channels. Mark may know but he won't be available until mid-September most likely. As I wrote earlier, as far as I know you need to access the Postorius port, provide credentials, get the CSRF token, and then access Django.
Regards, Steve
participants (6)
-
chucka@blackforest-co.com
-
kontakt@michaelbakonyi.de
-
Krešimir Mihalj
-
Mark Sapiro
-
Michael Bakonyi
-
Stephen J. Turnbull