Closed NathanielMaier closed 4 years ago
It sounds like cross-site scripting protection or similar. If you wanted to investigate the validity of escaping values, you can create your own requests fairly simply using the module to help:
#after New-PASSession
$s = Get-PASSession
$id = "278_210"
$pw = "PasswordStringValue"
$Request = @{
"Body" = @{ "NewCredentials" = $pw } | ConvertTo-Json
"Method"="POST"
"Uri" = "$($s.BaseUri)/API/Accounts/$id/Password/Update"
"WebSession" = $s.WebSession
"ContentType" = "application/json"
}
Invoke-RestMethod @Request
Thanks, @pspete. I agree this looks like the XSS-protection or something, but I'm surprised to see that related to password content. I of course can use the "," and "<" characters in a password via the PVWA interactively, so I wonder if this is a bug that the REST API is complaining.
I'll try some troubleshooting with your Invoke-RestMethod
suggestion and let you know if I'm able to make any progress using a password with the "," and "<" characters. Thanks!
Provisions/attempts to circumvent security protections or similar which exist in the API will not be made part of the module; now closing this - hopefully acceptable with you.
Describe the issue I'm trying to use
Invoke-PASCPMOperation
to change the password (in the Vault only) for an existing account. Unfortunately, I'm getting an HTTP 400 error saying "A potentially dangerous value was detected from the client." I suspect this is related to one or more special characters in the password, but I'm hopeful there's some workaround for this.The password in question does contain both a comma and less than character ("," and "<"). I suspect that "dangerous value" is related to the "<" character.
To Reproduce Steps to reproduce the behavior:
New-PASSession
Expected behavior I expect the password to be set correctly/updated in the Vault. Any hints on how to get this working would be terrific!
Screenshots & Console Output Console Output Code Block:
Your Environment
Additional context I wonder if this is at all related to issue #243 - I know it's a different error, but could a similar approach be used to "escape" the potentially-dangerous special characters?
Also for awareness, I tried using the Password Upload Utility for this instead of psPAS, but ran into a separate/unrelated issue: the password in question has a comma (",") included and PUU/PACLI does not seem to handle that well, with or without double quotes in the CSV file.