How to obtain GitLab Personal Access Token from co

2019-05-07 14:27发布

问题:

Is there any possibility to get Personal Access Token for Gitlab API via command line rather than web interface? I'm working on some integration tests, and Gitlab deployment into the clean environment is a part of test session setup. After deployment test user is doing some work with Gitlab API. In order to access API, test user need to provide Personal Access Token.

I managed to dump traffic, and I see that token is provided within a rendered HTML template in response to POST request:

00:06:40.616996 IP6 localhost.amanda > localhost.53808: Flags [P.], seq 1:580, ack 1054, win 497, options [nop,nop,TS val 3133641719 ecr 3133641673], length 579
`..U.c.@................................'`.0...y.eIz.....k.....
........HTTP/1.1 302 Found
Server: nginx
Date: Tue, 21 Nov 2017 21:06:40 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 119
Connection: keep-alive
Cache-Control: no-cache
Location: http://localhost:10080/profile/personal_access_tokens
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-Request-Id: 88178813-95ad-419a-b56b-5a5ddb183885
X-Runtime: 0.044209
X-Ua-Compatible: IE=edge
X-Xss-Protection: 1; mode=block
X-Accel-Buffering: no

Deep inside response:

<input type="text" name="created-personal-access-token" id="created-personal-access-token" value="j1WZujuaKVVEkh8h8Fej" readonly="readonly" class="form-control js-select-on-focus" aria-describedby="created-personal-access-token-help-block" />

However, it seems too be dirty to POST HTML Form and then parse resulting HTML in order to get the token. Can anyone share the secret how to do it right?

回答1:

Workaround based on HTML parsing: https://gist.github.com/vitalyisaev2/215f890e75252cd36794221c2debf365



回答2:

Dirty as well but with 10.2 the api/v4/session command is gone, so a login via basic auth is impossible. If you need this for integration tests and may access the created gitlab instance via ssh you may insert the token via SQL directly, the tokens seem not to be hashed or crypted but plain text.