0

I have searched all over but can't find VBscript examples and all my attempts have failed. I need to run a Jenkins job from a classic ASP web page (VBScript). I can submit the job with the code below, but it returns a 403 crumb error. What I need to do is provide the user/password (which I have) for this job but I don't know how to setup the authentication for Jenkins in VBScript. I know the crumb error is due to CSRF (I read that much and can't turn that off) and hope that authentication will resolve that. Any help is much appreciated. Thanks in advance.

Dim strJenkinsURL, HttpReq
strJenkinsURL = "http://<jenkinsmaster>/job/<myjob>/buildWithParameters?token=test&Description="& strDesc &"&TestEnv="& testEnv

Set HttpReq = Server.CreateObject("MSXML2.ServerXMLHTTP")
HttpReq.Open "POST", strJenkinsURL, False
HttpReq.Send
Response.Write "<br>Status: "& HttpReq.Status & vbNewline
Response.Write "<br>Response: "& HttpReq.responseText & vbNewline

EDIT: Based on comments, I attempted to add the Jenkins login information but I am still getting the 403 crumb error from Jenkins. I've tried searching for solution to getting the crumb, but haven't found any VBScript examples. Here is the code and response I am trying now but I have no idea if the setRequestHeaders are correct for Jenkins and the Jenkins documentation hasn't been any help:

Dim strJenkinsURL
strJenkinsURL = "http://<jenkins master>/job/testjob/buildWithParameters?token=test&Description="& strDesc &"&TestEnv="& testEnv

Set HttpReq = Server.CreateObject("MSXML2.ServerXMLHTTP")
HttpReq.Open "POST", strJenkinsURL, False
HttpReq.setRequestHeader "UserName", "jenkinsuser"
HttpReq.setRequestHeader "Password", "userpassword"
HttpReq.setRequestHeader "Jenkins-Crumb", "<crumbvalue>"
HttpReq.Send
Response.Write "<br>Status: "& HttpReq.Status & vbNewline
Response.Write "<br>Response: "& HttpReq.responseText & vbNewline

Status: 403 Response: HTTP ERROR 403 Problem accessing /job/testjob/buildWithParameters. Reason: No valid crumb was included in the request

PondScum
  • 9
  • 3
  • 1
    In order to validate if the error is in your vbscript, try with curl or postman. Share us the result – JRichardsz Jun 29 '19 at 02:30
  • There is no code error in the VBScript. The issue that I need to know how to add the authentication to the POST to Jenkins API. The 403 error is from Jenkins due to CRSF protection. If I can add login authentication to the POST request, I think that would resolve it like in curl examples where it shows --user USER:PASSWORD. But to your suggestion of using curl, I haven't been able to format a curl command that would even make a connection to the Jenkins URL even after following multiple examples on the Jenkins Remote API page and other things I have searched. – PondScum Jun 30 '19 at 13:07
  • @PondScum You'll need to understand what headers need to be set and how their value is calculated, which you should get from [the documentation](https://stackoverflow.com/a/25685928/692942). – user692942 Jul 01 '19 at 15:28
  • 3
    Possible duplicate of [How can I post data using cURL in asp classic?](https://stackoverflow.com/questions/37462580/how-can-i-post-data-using-curl-in-asp-classic) – user692942 Jul 01 '19 at 15:35
  • 1
    "I know the crumb error is due to CSRF (I read that much and can't turn that off) and hope that authentication will resolve that. " - It really shouldn't. A CSRF attack is where *some other site* gets a browser to make a request to do something to the site being attacked (i.e. Jenkins in this case) and uses the credentials stored in the browser to make it work. – Quentin Jul 01 '19 at 15:41
  • Have you tried HttpReq.Open "POST", strJenkinsURL, False, {my_user_name}, {my_password}. Or adding HttpReq.setRequestHeader "UserName", "{my_user_name}", and same for password? – Ralpharama Jul 02 '19 at 09:08

2 Answers2

0

For a HTTP POST request, the URL specifies the resource, i.e. strJenkinsURL = "http://<jenkinsmaster>/job/<myjob>/buildWithParameters

The parameters are added as part of the .Send command: 

Dim sParams
sParams = "token=test&Description=" & strDesc & "&TestEnv=" & testEnv
HttpReq.Send(sParams)

As @Lankymart pointed out, you also need to set the appropriate headers, e.g.

HttpReq.setRequestHeader("Content-Type", "application/x-www-form-urlencoded")
HttpReq.setRequestHeader("Content-Length", CStr(Len(sParams)))
Hel O'Ween
  • 1,423
  • 9
  • 15
  • I was actually referring to the authorisation specific headers you might need to include as with [the example](https://stackoverflow.com/a/37462944/692942) I linked on the question comments. Most APIs require passing an API-key or username and password *(usually hashed)* as a form of authorisation. – user692942 Jul 02 '19 at 18:53
  • That doesn't solve the problem. Yes, I want to add the API info but HOW to format it so Jenkins API will accept it? From the other comments, I added the login information but that doesn't address the 403 crumb issue. – PondScum Jul 02 '19 at 18:58
  • @PondScum you need to add the login information using `SetRequestHeader()`, there's a full example [here](https://stackoverflow.com/questions/37462580/how-can-i-post-data-using-curl-in-asp-classic). – user692942 Jul 04 '19 at 07:58
  • Is did add .SetRequestHeader(). See the updated code and response returned by Jenkins. The example your reference uses "X-Api-Key" and ""X-Auth-Token" but I don't know if that applies to Jenkins since others has said UserName and Password. I can't find VBScript examples for Jenkins API. I have found curl examples using --user USER:PASSWORD as well as --header from your link, but nothing that shows proper key/value pairing for Jenkins API in VBScript. The Jenkins documentation doesn't have this info either as far as I can tell. I have read everything I can find on this but still no luck. – PondScum Jul 05 '19 at 14:11
0

After piecing together many suggestions with some trial and error, I was finally able to get the Jenkins job to run remotely with the VBScript code below (with variables set to proper values such as strCrumb). The returned Status will be 201 for success. The Base64 functions were taken from Base64 Encode String in VBScript

Dim strJenkinsURL, strParam1, strParam2, strCrumb, strUsername, strPassword
strJenkinsURL = "https://<jenkinsURL>/job/testjob/buildWithParameters?token=test&param1="& strParam1 &"&param2="& strParam2

Set HttpReq = Server.CreateObject("MSXML2.ServerXMLHTTP")
HttpReq.Open "POST", strJenkinsURL, False
HttpReq.setOption 2, 13056
HttpReq.setRequestHeader "Jenkins-Crumb", strCrumb
HttpReq.setRequestHeader "Authorization", "Basic "& Base64Encode(strUsername &":"& strPassword)
HttpReq.Send
Response.Write "<br>Status: "& HttpReq.Status & vbNewline
Response.Write "<br>Response: "& HttpReq.responseText & vbNewline

Function Base64Encode(sText)
    Dim oXML, oNode
    Set oXML = CreateObject("Msxml2.DOMDocument.3.0")
    Set oNode = oXML.CreateElement("base64")
    oNode.dataType = "bin.base64"
    oNode.nodeTypedValue = Stream_StringToBinary(sText)
    Base64Encode = oNode.text
    Set oNode = Nothing
    Set oXML = Nothing
End Function

Private Function Stream_StringToBinary(Text)
    Const adTypeText = 2
    Const adTypeBinary = 1
    Dim BinaryStream 'As New Stream
    Set BinaryStream = CreateObject("ADODB.Stream")
    BinaryStream.Type = adTypeText
    BinaryStream.CharSet = "us-ascii"
    BinaryStream.Open
    BinaryStream.WriteText Text
    BinaryStream.Position = 0
    BinaryStream.Type = adTypeBinary
    BinaryStream.Position = 0
    Stream_StringToBinary = BinaryStream.Read
    Set BinaryStream = Nothing
End Function
PondScum
  • 9
  • 3