-
-
Notifications
You must be signed in to change notification settings - Fork 68
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Issue with adding attachments with API #154
Comments
# ots-cli create -f cert.pem --no-text --log-level=debug
INFO[0000] reading secret content...
INFO[0000] attaching file... file=cert.pem
INFO[0000] creating the secret...
DEBU[0000] attachment type not allowed content-type=application/x-x509-ca-cert
Error: sanity checking secret: attachment type is not allowed That's the issue with mime-type guessing: You're (probably) missing Also that result might vary depending on the system the tool is executed on: https://pkg.go.dev/mime#TypeByExtension (Please note: The debug-logging is not yet available in any released version, I just applied some gaffa-tape and a proper version will be available in |
Signed-off-by: Knut Ahlers <knut@ahlers.me>
Recap:
with test.txt being a plain text file containing: INFO[0000] reading secret content...
INFO[0000] reading secret content... Am I missing something ? I cannot make it work. |
API does not return anything: There is no and cannot be any server-side checking as nothing is sent to the server in plain! - The check is only done in
You could try building the ots-cli from this PR: #155 (branch Afterwards it should tell you the detected mime type when rejecting an attachment using |
Was able to reproduce: # ots-cli create --instance=http://localhost:4000 --no-text -f test.txt --log-level=debug
INFO[0000] reading secret content...
INFO[0000] attaching file... file=test.txt
INFO[0000] creating the secret...
DEBU[0000] attachment type not allowed content-type="text/plain; charset=utf-8"
Error: sanity checking secret: attachment type is not allowed Added a fix (stripping off everything after a |
Things are still not working for me. 1- OTS server version 1.10.0-dc47bf0
2- ots-cli create --instance https://host.domain.com/ots --no-text -f file.p12
As you can see, MIME type application/x-pkcs12 is allowed. 3- With the exact same settings, the WEB UI works fine. So the issue is with the OTS cli. |
I can't guess what the detected mime-type on your system is. Until the next release you can build Like stated above: The mime-type detection entirely depends on your local system and will differ at least between major operating systems but also might differ between two recent Linux systems. |
Fair point, see below
I thought the standard was: application/x-pkcs12 |
Yeah the browsers are doing their own magic… 🤷🏻♀️ A |
Interesting, you're right. I'll look this up in the future to make sure it matches.
|
# rg '(p12|pfx)' /usr/local/share/mime/globs2 /usr/share/mime/globs2 /etc/mime.types /etc/apache2/mime.types /etc/apache/mime.types
/usr/local/share/mime/globs2: No such file or directory (os error 2)
/etc/apache2/mime.types: No such file or directory (os error 2)
/etc/apache/mime.types: No such file or directory (os error 2)
/etc/mime.types
324:application/pkcs12 p12 pfx
/usr/share/mime/globs2
10:75:application/x-pkcs12:*.p12
24:55:application/x-pkcs12:*.pfx
719:50:application/pkcs12:*.pfx
963:50:application/pkcs12:*.p12 Well. |
Agree, I included both:
|
An then it's probably what is encountered first in https://pkg.go.dev/mime#TypeByExtension - first one wins and that might be either of them depending on the order of the file and the system and where the mars stands in relation to jupiter… |
1- Can we display
[FAILURE]
with log-level=debug 2- If attachment type is unauthorized, can we please not diplay the help reminder. I think the error message is sufficient IMO.
|
Another idea would be to have a flag in ots to display all translated MIME types resolved from acceptedFileTypes. I think it would really help if possible. |
Sure. Adding a debug message about what gets attached is no issue.
Just had a look, is possible. Keeping this as info for me:
I don't think that's easily possible as the resolve is either by file extension or by mime type directly but as we support wildcards and there is no list I can get from the mime stdlib I currently don't see how that would work out. |
# ots-cli create -f ~/Downloads/test.pdf --no-text --log-level=debug
INFO[0000] reading secret content...
INFO[0000] attaching file... file=/home/luzifer/Downloads/test.pdf
INFO[0000] creating the secret...
DEBU[0000] attachment allowed allowed_by=application/pdf content-type=application/pdf
INFO[0000] secret created, see URL below expires-at="2023-12-08 17:52:39.550321453 +0000 UTC"
https://ots.fyi/#...
# ots-cli create -f ~/Downloads/test.txt --no-text --log-level=debug
INFO[0000] reading secret content...
INFO[0000] attaching file... file=/home/luzifer/Downloads/test.txt
INFO[0000] creating the secret...
DEBU[0000] attachment allowed allowed_by="text/*" content-type=text/plain
INFO[0000] secret created, see URL below expires-at="2023-12-08 17:52:49.31302586 +0000 UTC"
https://ots.fyi/#...
# ots-cli create -f ~/Downloads/test.mp4 --no-text --log-level=debug
INFO[0000] reading secret content...
INFO[0000] attaching file... file=/home/luzifer/Downloads/test.mp4
INFO[0000] creating the secret...
DEBU[0000] attachment type not allowed content-type=video/mp4
Error: sanity checking secret: attachment type is not allowed |
Signed-off-by: Knut Ahlers <knut@ahlers.me>
Thank you for all your support. This solution is quickly becoming the best available product for OTS. |
1- OTS server version 1.10.0
acceptedFileTypes: 'image/*,text/plain,text/csv,application/pdf,application/xml,application/json,application/zip,application/x-pkcs12,application/x-pem-file'
2- Works fine with the Web UI
3- Does not work for me with API
ots-cli create -u USER:PASSWORD --secret-from pem/file.pem --instance https://host.domain.com/ots -f test.txt
INFO[0000] reading secret content...
INFO[0000] attaching file... file=test.txt
INFO[0000] creating the secret...
Error: sanity checking secret: attachment type is not allowed
The text was updated successfully, but these errors were encountered: