Make possible to get the password via Curl

[ebuildy]

Feature Request:

"With the secured link, make possible to retrieve raw password via a simple Linux curl command"

[jameswthorne]

I'm been maintaining my own fork of snappass that includes an API. I'm working on rebasing all of my changes on top of the latest changes in pinterest/snappass.

Stay tuned =)

[nichochar]

It would be very nice tom separate the code out and have an API and a default web client. This way we could start building multiple clients, like:

• curl
• slack
• web
• ios
• android

[jameswthorne]

Just pushed PR #51 to accomplish this.

[wooyek]

For anyone that will need this:

curl -d "password=secret&ttl=day" -X POST https://snappass.herokuapp.com | grep "value" | awk -F '"' '{print $8}'

[Kav7]

thanks @wooyek , based on your comment I converted to PowerShell for the system admins out there:

$Password = 'something1122'
$RawPasswordLink = Invoke-WebRequest -Method POST -Body "password=$Password&ttl=day" -Uri https://snappass.herokuapp.com/ -UseBasicParsing

$Link = $RawPasswordLink.RawContent.Substring($RawPasswordLink.RawContent.IndexOf('value="') + 7)
$Link = $Link.Substring(0, $link.IndexOf(' ') - 1)

$Link

[silverl]

Here's my PowerShell function taking advantage of the recent addition of JSON support.

function Get-OneTimeUsePasswordLink {
    param
    (
        [String] $password,
        [ValidateSet("Week", "Day", "Hour")]
        [String]
        $ttl
    )
    $postParams = @{password = $password; ttl = $ttl }
    $response = Invoke-WebRequest -Uri "https://your.site.here" -Method Post -ContentType "application/x-www-form-urlencoded" -Body $postParams -Headers @{"accept"="application/json"}
    $json = $response | ConvertFrom-Json
    return $json.Link
}

[yuval-katzman-digsec]

For anyone that will need this:

curl -d "password=secret&ttl=day" -X POST https://snappass.herokuapp.com[](https://snappass.herokuapp.com) | grep "value" | awk -F '"' '{print $8}'

is there a way to pull the secret content using a curl command and the generated URL?

[reinoud]

I've created a PR that adds a /api endpoint that might facilitate this:

[Kav7]

Here's my PowerShell function taking advantage of the recent addition of JSON support.

function Get-OneTimeUsePasswordLink {
    param
    (
        [String] $password,
        [ValidateSet("Week", "Day", "Hour")]
        [String]
        $ttl
    )
    $postParams = @{password = $password; ttl = $ttl }
    $response = Invoke-WebRequest -Uri "https://your.site.here" -Method Post -ContentType "application/x-www-form-urlencoded" -Body $postParams -Headers @{"accept"="application/json"}
    $json = $response | ConvertFrom-Json
    return $json.Link
}

Hey, do you know what the TTL parameter is for 2 weeks expiry?

[silverl]

Hey, do you know what the TTL parameter is for 2 weeks expiry?

Looks like it's "Two Weeks". I checked the code.

[silverl]

Here's the PowerShell function rewritten to use the new API:

function Get-OneTimeUsePasswordLink {
    param
    (
        [String] $password,
        [int] $ttl = 604800 # one week default
    )

    $ErrorActionPreference = "Stop"

    # Define the request body as a hashtable and convert it to JSON
    $body = @{
        password = $password
        ttl = $ttl
    } | ConvertTo-Json


    # Define the headers
    $headers = @{
        "Content-Type" = "application/json"
    }

    # Make the POST request
    $response = Invoke-RestMethod -Uri "http://your.site.here/api/set_password/" -Method 'Post' -Headers $headers -Body $body
    # Return just the link
    $response.link
}

[Kav7]

Hey, do you know what the TTL parameter is for 2 weeks expiry?

Looks like it's "Two Weeks". I checked the code.

Amazing thank you!