Jump to content

SandroL

Members
  • Content Count

    3
  • Joined

  • Last visited

  1. SandroL

    Multiple issues with the webapi

    Hi, bugs 2 and 3 are fixed (host api), but bug 1 (searchpasswords) persists in build 8459. Here is my code: headers = { 'APIKey': apiKey } uri = "https://ourvault.ourtld/api/searchpasswords/"+str(passwordlist['PasswordListID'])+"?username="+user response = requests.get(uri, headers=headers, verify=False) print(uri) print() print(response.status_code) print() print(response.headers) print() print(response.content) Results: URI: https://ourvault.ourtld/api/searchpasswords/59?username=root Returncode: 500 Returnheader: {'Cache-Control': 'no-cache,max-age=0, no-cache, must-revalidate', 'Pragma': 'no-cache,no-cache', 'Content-Length': '120', 'Content-Type': 'text/plain; charset=utf-8', 'Expires': '-1,Thu, 01 Jan 1970 00:00:00 GMT', 'Server': 'Microsoft-IIS/8.5', 'Strict-Transport-Security': 'max-age=31536000', 'X-AspNet-Version': '4.0.30319', 'X-Powered-By': 'ASP.NET', 'X-UA-Compatible': 'IE=edge', 'Date': 'Mon, 03 Sep 2018 11:37:14 GMT'} Returnbody: b'[{"errors":[{"message":"Invalid API Call"},{"phrase":"Error = Object reference not set to an instance of an object."}]}]' Here the api/passwords QueryAll to compare: headers = { 'APIKey': apiKey } uri = "https://ourvault.ourtld/api/passwords/"+str(passwordlist['PasswordListID'])+"?QueryAll" response = requests.get(uri, headers=headers, verify=False) print(uri) print() print(response.status_code) print() print(response.headers) print() print(response.content) URI: https://ourvault.ourtld/api/passwords/59?QueryAll Returncode: 200 Returnheader: {'Cache-Control': 'no-cache,max-age=0, no-cache, must-revalidate', 'Pragma': 'no-cache,no-cache', 'Content-Type': 'application/json; charset=utf-8', 'Expires': '-1,Thu, 01 Jan 1970 00:00:00 GMT', 'Server': 'Microsoft-IIS/8.5', 'Strict-Transport-Security': 'max-age=31536000', 'X-AspNet-Version': '4.0.30319', 'X-Powered-By': 'ASP.NET', 'X-UA-Compatible': 'IE=edge', 'Date': 'Mon, 03 Sep 2018 11:37:14 GMT', 'Content-Length': '412'} Returnbody: b'[{"PasswordID":13,"Title":"ssh","Domain":"","HostName":"testhost","UserName":"root","Description":"","GenericField1":"","GenericField2":"","GenericField3":"","GenericField4":"","GenericField5":"","GenericField6":"","GenericField7":"","GenericField8":"","GenericField9":"","GenericField10":"","AccountTypeID":0,"Notes":"","URL":"","Password":"XXXXXX","ExpiryDate":"","AllowExport":true,"AccountType":""}]'
  2. SandroL

    Multiple issues with the webapi

    - I'm getting the same error in powershell too for the searchpasswords function (see screenshots). - A new api would not be necessary for the query host problem when it'll be patched in the next version. When do you expect the next releasedate for the bugfixed version? Best regards Sandro
  3. Hi, i'm evaluating the usage of passwordstate for the company i'm working for and one of the main criteria is the webapi. I'm connectiong to the api with a python script and i have found three issues that i think could be bugs, and one is a showstopper for us. 1. The searchpasswords function in combination with a passwordlist-id and username seems to be broken Examplecode: headers = { 'APIKey': apiKey } uri = 'https://ourvault.ourtld/api/searchpasswords/'+str(passwordlist['PasswordListID'])+"?username="+user response = requests.get(uri, headers=headers, verify=False) print(uri) print() print(response.status_code) print() print(response.headers) print() print(response.content) Results: URI: https://ourvault.ourtld/api/searchpasswords/26?username=root Returncode: 500 Returnheader: {'Cache-Control': 'no-cache,max-age=0, no-cache, must-revalidate', 'Pragma': 'no-cache,no-cache', 'Content-Length': '120', 'Content-Type': 'text/plain; charset=utf-8', 'Expires': '-1,Thu, 01 Jan 1970 00:00:00 GMT', 'Server': 'Microsoft-IIS/8.5', 'Strict-Transport-Security': 'max-age=31536000', 'X-AspNet-Version': '4.0.30319', 'X-Powered-By': 'ASP.NET', 'X-UA-Compatible': 'IE=edge', 'Date': 'Wed, 29 Aug 2018 09:18:31 GMT'} Returnbody: b'[{"errors":[{"message":"Invalid API Call"},{"phrase":"Error = Object reference not set to an instance of an object."}]}]' api/passwords/26?QueryAll is working fine, so it seems it's the searchpasswords function. 2. Inserting hosts is working, but returns an error Examplecode: data = json.loads(parameters) data['HostName'] = hostname data['HostType'] = "Linux" data['APIKey'] = apiKey print(data) print() uri = 'https://ourvault.ourtld/api/hosts' response = requests.post(uri, data=data, verify=False) print(uri) print() print(response.status_code) print() print(response.headers) print() print(response.content) Results: POSTDATA: {'HostType': 'Linux', 'OperatingSystem': 'Ubuntu', 'RemoteConnectionType': 'SSH', 'RemoteConnectionPortNumber': '22', 'InternalIP': '192.168.1.57', 'MACAddress': '28-C2-DD-E2-52-0E', 'VirtualMachine': 'True', 'VirtualMachineType': 'VMware', 'HostName': 'testhost', 'APIKey': '49d65a2cb83e73f733a8d5f4cb26e94d'} URI: https://ourvault.ourtld/api/hosts Returncode: 500 Returnheader: {'Cache-Control': 'no-cache,max-age=0, no-cache, must-revalidate', 'Pragma': 'no-cache,no-cache', 'Content-Length': '120', 'Content-Type': 'text/plain; charset=utf-8', 'Expires': '-1,Thu, 01 Jan 1970 00:00:00 GMT', 'Server': 'Microsoft-IIS/8.5', 'Strict-Transport-Security': 'max-age=31536000', 'X-AspNet-Version': '4.0.30319', 'X-Powered-By': 'ASP.NET', 'X-UA-Compatible': 'IE=edge', 'Date': 'Wed, 29 Aug 2018 09:30:12 GMT'} Returnbody: b'[{"errors":[{"message":"Invalid API Call"},{"phrase":"Error = Object reference not set to an instance of an object."}]}]' The host is getting inserted correctly, but the expected returnbody is broken. 3. The hostsearch function is broken Examplecode: headers = { 'APIKey': apiKey } uri ='https://ourvault.ourtld/api/hosts?HostName='+hostname response = requests.get(uri, headers=headers, verify=False) print(uri) print() print(response.status_code) print() print(response.headers) print() print(response.content) Results: URI: https://ourvault.ourtld/api/hosts?HostName=testhost Returncode: 500 Returnheader: {'Cache-Control': 'no-cache,max-age=0, no-cache, must-revalidate', 'Pragma': 'no-cache,no-cache', 'Content-Length': '120', 'Content-Type': 'text/plain; charset=utf-8', 'Expires': '-1,Thu, 01 Jan 1970 00:00:00 GMT', 'Server': 'Microsoft-IIS/8.5', 'Strict-Transport-Security': 'max-age=31536000', 'X-AspNet-Version': '4.0.30319', 'X-Powered-By': 'ASP.NET', 'X-UA-Compatible': 'IE=edge', 'Date': 'Wed, 29 Aug 2018 09:21:38 GMT'} Returnbody: b'[{"errors":[{"message":"Invalid API Call"},{"phrase":"Error = Object reference not set to an instance of an object."}]}]' The examplehost "testhost" exists in our passwordstate instance. Also strange is that in the Apidocs, the GET function for hosts is declared as "GET /api/hosts", but all the search examples are for the path "/winapi/hosts/" Other functions like creating folders, passwordlists and passwords are working witout any problems.
×