this is my fist post, as I can't find any solution for my problem. (googled days now) I'm not a programmer, I'm a good googler :)
I'm trying to login to a Website with Username, Password and some options. (/api/login/Basic) Afterwards I'm trying to access a Site. (/api/sitemaster/run) But here I'm getting the message: "User does not have adequate access rights" If I do this with a browser, everything works fine.
I guess I need to pass some Authtoken to the Get request, but I have no clue.
Here my code snippet:
//this is working fine
const toSend = {
email :"my@mail.com",
force_sm_off: false, //I have no clue (found from Net Sniffing of the original Application)
password:"mypassword",
username:"installer"}
const jsonString = JSON.stringify(toSend) ;
const xhr = new XMLHttpRequest() ;
process.env['NODE_TLS_REJECT_UNAUTHORIZED'] = 0 //I have no certificate and only access the Site in my local network
xhr.open("POST", "https://192.168.2.77/api/login/Basic",false,"Provider_Engineer","mypassword" ) ;
xhr.setRequestHeader ("Content-Type", "application/json") ;
xhr.withCredentials=true ;
xhr.onreadystatechange = function() {
const myresponse = JSON.parse(this.responseText) ; //myresponse contains: email, firstname, lastname, roles: Array(1), token
var myauth=myresponse.token //Saving Token for further use
//fine until here
//Now I'm trying to get the Page
const xhr1 = new XMLHttpRequest() ;
process.env['NODE_TLS_REJECT_UNAUTHORIZED'] = 0
xhr1.open("GET", "https://tesla/api/sitemaster/run",false ) ;
xhr1.setRequestHeader ("Content-Type", "application/json") ;
xhr1.setRequestHeader ("credentials", "same-origin") ;
xhr1.setRequestHeader ("AuthCookie", myauth) ; //In Browser F12 I can see AuthCookie and Userrecord
xhr1.onreadystatechange = function() {
console.log(this.responseText) //getting Message: User does not have adequate access rights
}
xhr1.send(null)
};
xhr.send(jsonString) ; //Post Request, that is working fine
Any suggestions how I can access this site?
Regards Stefan
