I am using a HTML login form to access an application. This works in a browser but when I try to replicate using curl, I get "Authentication failed, bad username/password". I only have limited access to the serverside (but the logs don't contain any additional information other than message previously quoted).
Using a browser:
There are 2 fields on the form, username and password along with a submit button. In web developer tools, after submitting the request, under Request/payload, I only see the 2 values.
The ENCODED string reported in developer tools is 58 characters long.
The request header field reports a content-length value of 57 bytes.
Using Curl:
Using this command to replicate the browser request including the non-dynamic request headers, authentication fails.
curl -v -d "username=$USER" -d "password=$PASS" \
"https://example.com/app/j_spring_security_check" \
--header @extraheadersfile \
--cookie-jar "cookiefile"
what's different?
The only difference I can see between the Browser and Curl requests (other than the date and cookie values) is that the curl request header reports a content-length of 55 bytes.
(http protocol, method, user agent, accept-* all match)
The values for username and password are input correctly in both cases.
I suspect that the issue is with the POST payload / there may be some difference in how the data is being encoded, but I can't see where the 57 bytes is coming from (curl Content-length: 55 / browser Content-length: 57 / browser payload, url-encoded is 58 characters).
Usually, when dealing with cookies, you need to enable writing and reading at the same time in the same file.
You can fix your code like this:
curl --cookie-jar "cookiefile" --cookie "cookiefile" .......
or
curl -b "cookiefile" -c "cookiefile" .......