0

I'm trying to use request to make API calls to a Fortigate device. The login method is to do a POST against /logincheckwith the credentials and then use the response cookies for subsequent API calls.

That part works fine and I do get the cookies. However, I can't see the Cookie header when I make the second call and the cookieJar looks empty.

Here's the code:

const config = require('./config/config');
const request = require('request');  

var url = `${config.fortigate.adminURL}/logincheck`;
var cookieJar = request.jar();

request.post(
    {
        url : url,
        headers : {

            "Accept": "application/json"
        },
        form: {
            username: config.fortigate.user,
            secretkey: config.fortigate.password
        },
        jar: cookieJar
    },
    function (error, response, body) {
      
        url = `${config.fortigate.adminURL}/api/v2/monitor/router/ipv4/`;

        request({
            url : url,
            headers : {
                "Accept": "application/json"
            },
            jar: cookieJar
        },
        function (error, response, body) {
            console.log(response.request.headers);
            console.log(response.statusCode);
            console.log(cookieJar);
        });
    }
);

Output of the console.log commands below:

Headers: { Accept: 'application/json' }
Status code: 401
RequestJar {
  _jar:
   CookieJar {
     enableLooseMode: true,
     store: { idx: { '192.168.1.99': { '/': {} } } } } }

I've read the manual here https://github.com/request/request but still can't get it to work.

Also found another post which does have a solution, but other people also has issues with it: How to maintain a request session in NodeJS

Surely I have missed something, but what? Any ideas?

Update

The cookies expires 1969. Maybe the cookie jar does not persist in memory cookies between requests?

Cookie="APSCOOKIE_2739400828="0%260"; Expires=Fri, 09 May 1969 12:47:54 GMT; Path=/; Secure; SameSite=Strict; hostOnly=true; aAge=6ms; cAge=6ms"
Improve this question
2
  • Can you check in see whether you're getting the response cookies from the first API call? Commented Apr 27, 2019 at 5:08
  • Yes, I do get them after the first call. Commented Apr 27, 2019 at 6:42

2 Answers 2

Reset to default
1

Not an answer though, but the below code works fine for me.

const express = require('express')
const app = express();
const request = require('request')
app.use(express.urlencoded({extended: true}));
app.listen(8080, () => console.log('server running on 8080'))


const jar = request.jar();

app.get('/', function(req, res){
    request.post({
        url: 'http://localhost:8080/post',
        form: {
                    username: 'Shobhit',
            },
            jar
    }, () => {
        request({
                    url : 'http://localhost:8080/dummy',
                    jar
            },
             () => {
                    console.log(jar)
            res.end()
            });
    })
})

app.get('/dummy', function(req, res){
    res.end();
})

app.post('/post', function(req, res){
    console.log(req.body);
    let randomNumber= Math.random().toString();
        randomNumber = randomNumber.substring(2,randomNumber.length);
    res.cookie('tough-cookie', randomNumber, {  maxAge: 900000, httpOnly: true });
    res.end();
})

The jar at the end of the second request contains the cookie set in the previous request.

    RequestJar {
  _jar:
   CookieJar {
     enableLooseMode: true,
     store: { idx: { localhost:
   { '/':
      { 'tough-cookie': Cookie="tough-cookie=33128391647421696; Expires=Sat, 27 Apr 2019 14:02:46 GMT; Max-Age=900; Path=/; HttpOnly; hostOnly=true; aAge=3ms; cAge=7ms" } } } } } }
Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Thank you so much for investing time to help me with this, I really appreciate it!
0

This is a bit awkward. I finally found the issue I had and it turns out that my credentials did not have the access needed. Since I configured an REST admin account I assumed it would work, but it did not. Instead I added a normal admin account and that worked fine.

What made me realize this was to compare the raw set-cookie headers in Chrome after making a successful login with the ones I got from NodeJS. The content did not follow the same pattern.

Here's a sample code for authenticating against a Fortinet firewall using Node.js:

const config = require('./config/config');
const request = require('request');
const fs = require('fs');

var url = `${config.fortigate.adminURL}/logincheck`;

var cookieJar = request.jar();
const req = request.defaults({
     agentOptions: {
         ca: fs.readFileSync('./caroot.crt'),   
     },
     jar: cookieJar
})

req.post(
    {
        url : url,
        headers : {
            "Accept": "application/json"
        },
        form: {
            username: config.fortigate.user,
            secretkey: config.fortigate.password
        }        
    },
    function (error, response, body) {

        url = `${config.fortigate.adminURL}/api/v2/monitor/router/ipv4/`;

        req.get({
            url : url,
            headers : {
                "Accept": "application/json"
            }
        },
        function (error, response, body) {
            console.log(body);
        });
    }
);

Hope it helps someone.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.