Autologin to cherrymusic using PHP / Python or Curl

Hi guys,

Its not a bug or an actual issue, but rather I need your advice.. Will greatly appreciate if someone from developers can help..

I've added simple registration to CherryMusic with cherrymusic --adduser (thanks for this feature @devsnd ;-) ) And now trying to autologin user to CherryMusic after registration. I tried to implement this server side with PHP / Python and Curl (so many at once, since no one working as expected, so I'm testing with all possible variants to find the clue. if would be a programmer, that helped me to resolve the issue much quicker, lol)

Getting back to the topic I should mention that since registration already working fine, autologin implementation left before combining both. Autologin almost working, and gives back web-page fine, but then in a second some API issues arising and cherrymusic gives up with errors:

HTML action calling PHP script mentioned below with POST parameters by dummy button pressed ends up with the following:

Cherrymusic login.html form structure:

 <form method="post" action="" name="loginform">
            Username:<br><input type="text" name="username" /><br>
            Password:<br><input type="password" name="password" /><br>
            <br>
            <input type="submit" name="login" value="login" />

Curl example:

$ curl -d "username=test1212&password=1q2w3e&login=login" 127.0.0.1:8080

PHP example:

<?php
  if( $curl = curl_init() ) {
    curl_setopt($curl, CURLOPT_URL, 'http://127.0.0.1:8080/');
    curl_setopt($curl, CURLOPT_RETURNTRANSFER,true);
    curl_setopt($curl, CURLOPT_POST, true);
    curl_setopt($curl, CURLOPT_POSTFIELDS, "username=test1212&login=login&password=1q2w3e");
    $out = curl_exec($curl);
    echo $out;
    curl_close($curl);
  }
?>

Python example:

import requests
url = 'http://127.0.0.1:8080/'
payload = {'login': 'login', 'username': 'test1212', 'password': '1q2w3e'}
r = requests.post(url, data=payload)
print r.text
print r.status_code

All of above ^^ gives back Cherrymusic inner HTML, but not login page (so its not auth issue).

Very likely it happens because cherrymusic internal python functions are not callable and returnong 401 status code. Nginx proxy_pass for /api /res /serve prevents from 404 file not found errors (such as res/bootstrap3/gen/cherrymusic.css or res/js/cherrymusic.js, but internal functions still can't be called.

Reverse proxyfing rom nginx.conf:

location  /a/res/ { proxy_pass http://127.0.0.1:8080/res/; }
location  /a/api/ { proxy_pass http://127.0.0.1:8080/api/; }
location  /a/serve/ { proxy_pass http://127.0.0.1:8080/serve/; }

401 statuses from Nginx log :

192.168.1.1 - - [22/Dec/2015:13:12:56 +0200] "POST /a/api/getconfiguration HTTP/1.1" 401 705 "https://example.com/a/reg" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.106 Safari/537.36" "-"
192.168.1.1 - - [22/Dec/2015:13:12:56 +0200] "POST /a/api/getuseroptions HTTP/1.1" 401 705 "https://example.com/a/reg" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.106 Safari/537.36" "-"
192.168.1.1 - - [22/Dec/2015:13:12:56 +0200] "POST /a/api/heartbeat HTTP/1.1" 401 705 "https://example.com/a/reg" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.106 Safari/537.36" "-"
192.168.1.1 - - [22/Dec/2015:13:12:56 +0200] "POST /a/api/getmotd HTTP/1.1" 401 705 "https://example.com/a/reg" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.106 Safari/537.36" "-"

200 and 401 statuses from nginx.log

192.168.1.1 - - [22/Dec/2015:15:17:41 +0200] "GET /a/reg HTTP/1.1" 200 34309 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:43.0) Gecko/20100101 Firefox/43.0" "-"
192.168.1.1 - - [22/Dec/2015:15:17:41 +0200] "GET /a/res/bootstrap3/gen/cherrymusic.css HTTP/1.1" 200 16931 "https://example.com/a/reg" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:43.0) Gecko/20100101 Firefox/43.0" "-"
192.168.1.1 - - [22/Dec/2015:15:17:42 +0200] "GET /a/res/img/favicon32.png HTTP/1.1" 200 1544 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:43.0) Gecko/20100101 Firefox/43.0" "-"
192.168.1.1 - - [22/Dec/2015:15:17:42 +0200] "GET /a/res/dist/cherrymusic.dist.js HTTP/1.1" 200 370740 "https://example.com/a/reg" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:43.0) Gecko/20100101 Firefox/43.0" "-"
192.168.1.1 - - [22/Dec/2015:15:17:42 +0200] "GET /a/res/img/cherrymusic_logo_big.png HTTP/1.1" 200 48581 "https://example.com/a/reg" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:43.0) Gecko/20100101 Firefox/43.0" "-"
192.168.1.1 - - [22/Dec/2015:15:17:42 +0200] "GET /a/res/templates/mediabrowser-directory.html HTTP/1.1" 200 429 "https://example.com/a/reg" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:43.0) Gecko/20100101 Firefox/43.0" "-"
192.168.1.1 - - [22/Dec/2015:15:17:42 +0200] "GET /a/res/templates/mediabrowser-file.html HTTP/1.1" 200 243 "https://example.com/a/reg" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:43.0) Gecko/20100101 Firefox/43.0" "-"
192.168.1.1 - - [22/Dec/2015:15:17:42 +0200] "GET /a/res/templates/mediabrowser-compact.html HTTP/1.1" 200 139 "https://example.com/a/reg" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:43.0) Gecko/20100101 Firefox/43.0" "-"
192.168.1.1 - - [22/Dec/2015:15:17:42 +0200] "GET /a/res/templates/mediabrowser-message.html HTTP/1.1" 200 107 "https://example.com/a/reg" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:43.0) Gecko/20100101 Firefox/43.0" "-"
192.168.1.1 - - [22/Dec/2015:15:17:42 +0200] "GET /a/res/templates/mediabrowser-playlist.html HTTP/1.1" 200 506 "https://example.com/a/reg" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:43.0) Gecko/20100101 Firefox/43.0" "-"
192.168.1.1 - - [22/Dec/2015:15:17:42 +0200] "GET /a/res/templates/flash-message.html HTTP/1.1" 200 140 "https://example.com/a/reg" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:43.0) Gecko/20100101 Firefox/43.0" "-"
192.168.1.1 - - [22/Dec/2015:15:17:42 +0200] "GET /a/res/img/progress-bars.gif HTTP/1.1" 200 5872 "https://example.com/a/res/bootstrap3/gen/cherrymusic.css" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:43.0) Gecko/20100101 Firefox/43.0" "-"
192.168.1.1 - - [22/Dec/2015:15:17:42 +0200] "GET /a/res/img/favicon32glow.png HTTP/1.1" 200 16709 "https://example.com/a/res/bootstrap3/gen/cherrymusic.css" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:43.0) Gecko/20100101 Firefox/43.0" "-"
192.168.1.1 - - [22/Dec/2015:15:17:42 +0200] "GET /a/res/bootstrap3/fonts/glyphicons-halflings-regular.woff HTTP/1.1" 200 16448 "https://example.com/a/res/bootstrap3/gen/cherrymusic.css" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:43.0) Gecko/20100101 Firefox/43.0" "-"
192.168.1.1 - - [22/Dec/2015:15:17:42 +0200] "GET /a/res/img/cherrymusic_loader.gif HTTP/1.1" 200 170503 "https://example.com/a/res/bootstrap3/gen/cherrymusic.css" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:43.0) Gecko/20100101 Firefox/43.0" "-"

192.168.1.1 - - [22/Dec/2015:15:17:42 +0200] "POST /a/api/getconfiguration HTTP/1.1" 401 705 "https://example.com/a/reg" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:43.0) Gecko/20100101 Firefox/43.0" "-"
192.168.1.1 - - [22/Dec/2015:15:17:42 +0200] "POST /a/api/getuseroptions HTTP/1.1" 401 705 "https://example.com/a/reg" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:43.0) Gecko/20100101 Firefox/43.0" "-"
192.168.1.1 - - [22/Dec/2015:15:17:42 +0200] "POST /a/api/heartbeat HTTP/1.1" 401 705 "https://example.com/a/reg" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:43.0) Gecko/20100101 Firefox/43.0" "-"
192.168.1.1 - - [22/Dec/2015:15:17:42 +0200] "POST /a/api/getmotd HTTP/1.1" 499 0 "https://example.com/a/reg" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:43.0) Gecko/20100101 Firefox/43.0" "-"

Thanks

devsnd / cherrymusic

Autologin to cherrymusic using PHP / Python or Curl #602