HP OO 10.70 REST API - CSRF Help

Hi all,

I'm currently attempting to write a web server in python - the idea is to listen for commands from the Slack API and forward them off to an OO flow.

I have tested the OO Central API in the Postman tool and it's all working well, however when I attempt to do the same query within python I get a 401 error...

I have implemented the double CSRF GET recommendation from this page, however this does not fix my issue.

Here is what I have so far:

def call_oo(oo_input):
	with requests.Session() as session:

		get_url = 'localhost:8443/.../v2'
		#GET request #1 to get initial CSRF Token
		get=session.get(get_url, verify=False)
		get.auth = ("slack_bot", "passsword")
	
		#GET request #2 to get second CSRF Token
		get=session.get(get_url, verify=False)
		get.auth = ("slack_bot", "password")
	
		#Get CSRF Token
		CSRF=get.headers['X-CSRF-TOKEN']
		print(CSRF)
	
		post_url = 'localhost:8443/.../executions'
		headers = {"Content-Type": "application/json", "X-CSRF-TOKEN": CSRF}
		#cookies = {"X-CSRF-TOKEN-OO": CSRF}
		payload = {"flowUuid":"d5b1e934-d1c2-492b-98ca-8752a1b0d60e","inputs":{"slack_post":oo_input}}
		print(headers)
		print(payload)
	
		post = session.post(post_url, data=payload, headers=headers, verify=False)
		print(post.text)

The result of this is:

HTTP Status 401 - Security feature is enabled in the system. Anonymous authentication is not allowed anymore - User should authenticate.

Am I missing something? I'm definitely correctly passing the CSRF token as a header.
This python request initiates a session so all cookies should be being passed automattically. I have tried to manually pass the cookies with no luck also.

Any help would be greatly appreciated!

Cheers,
Ryan

  • Verified Answer

    Figured it out finally...

    Authorisation of the GET wasn't even working in the first place I was sending the body as a dict and not a string.

    The following snippet works as intended.

    def call_oo(oo_input):
    	with requests.Session() as session:
    
    		session.auth = ("slack_bot", "password")
    	
    		get_url = 'localhost:8443/.../executions'
    		#GET request #1 to get initial CSRF Token
    		get=session.get(get_url, verify=False)
    	
    		#GET request #2 to get second CSRF Token
    		get=session.get(get_url, verify=False)
    	
    		#Get CSRF Token
    		CSRF=get.headers['X-CSRF-TOKEN']
    		print(CSRF)
    	
    		oo_input = oo_input.decode('utf-8')
    	
    		post_url = 'localhost:8443/.../executions'
    		headers = {'Content-Type':'application/json','X-CSRF-TOKEN':CSRF}
    		payload = "{\"flowUuid\":\"d5b1e934-d1c2-492b-98ca-8752a1b0d60e\",\"inputs\":{\"slack_post\":\""   oo_input   "\"}}"
    		print(headers)
    		print(payload)
    	
    		post = session.post(post_url, data=payload, headers=headers, verify=False)
    		print(post.text)
  • Super that you made it working! 

    Just wondering, as there is an OO ChatOps solution that integrates with Slack as well, what is the functionality that is missing and you are adding?

    https://marketplace.microfocus.com/itom/content/oo-chatops 

    Thanks,

    Lucian 

  • Hi there, I have set-up and played around with the chat-ops bot, however I'm looking to implement interactive buttons and slash commands with the bot to simplify running flows for our users.

    I'm just using the python web server on the OO central server to forward the payload from Slack to OO and I'm handling the slack bot logic with OO.