Skip to content

Instantly share code, notes, and snippets.

@michaellihs

michaellihs/gitlab_access_token.md

Last active May 10, 2024 06:46
Show Gist options
  • Save michaellihs/5ef5e8dbf48e63e2172a573f7b32c638 to your computer and use it in GitHub Desktop.
Save michaellihs/5ef5e8dbf48e63e2172a573f7b32c638 to your computer and use it in GitHub Desktop.
Download ZIP
Create Gitlab Personal Access Token using curl
Raw
gitlab_access_token.md

Create Gitlab Personal Access Token using curl

Prerequisites

  • You need a Gitlab server up and running
  • You need user credentials for a (admin) user on the Gitlab server
  • You need curl and Perl on your server

What does it do?

  1. Open the login page of Gitlab to get session cookie
  2. Login to Gitlab using username and password to get authenticated session cookie
  3. Open the Personal Access Tokens page
  4. POSTing the Personal Access Token for to generate a personal access token
  5. Scrape the personal access token from the returned HTML page

Code

gitlab_host="http://localhost:8080"
gitlab_user="root"
gitlab_password="12341234"

# 1. curl for the login page to get a session cookie and the sources with the auth tokens
body_header=$(curl -c cookies.txt -i "${gitlab_host}/users/sign_in" -s)

# grep the auth token for the user login for
#   not sure whether another token on the page will work, too - there are 3 of them
csrf_token=$(echo $body_header | perl -ne 'print "$1\n" if /new_user.*?authenticity_token"[[:blank:]]value="(.+?)"/' | sed -n 1p)

# 2. send login credentials with curl, using cookies and token from previous request
curl -b cookies.txt -c cookies.txt -i "${gitlab_host}/users/sign_in" \
	--data "user[login]=${gitlab_user}&user[password]=${gitlab_password}" \
	--data-urlencode "authenticity_token=${csrf_token}"

# 3. send curl GET request to personal access token page to get auth token
body_header=$(curl -H 'user-agent: curl' -b cookies.txt -i "${gitlab_host}/profile/personal_access_tokens" -s)
csrf_token=$(echo $body_header | perl -ne 'print "$1\n" if /authenticity_token"[[:blank:]]value="(.+?)"/' | sed -n 1p)

# 4. curl POST request to send the "generate personal access token form"
#      the response will be a redirect, so we have to follow using `-L`
body_header=$(curl -L -b cookies.txt "${gitlab_host}/profile/personal_access_tokens" \
	--data-urlencode "authenticity_token=${csrf_token}" \
	--data 'personal_access_token[name]=golab-generated&personal_access_token[expires_at]=&personal_access_token[scopes][]=api')

# 5. Scrape the personal access token from the response HTML
personal_access_token=$(echo $body_header | perl -ne 'print "$1\n" if /created-personal-access-token"[[:blank:]]value="(.+?)"/' | sed -n 1p)

Usage of token in API Requests

According to the Gitlab API documentation, you can now use the personal_access_token to make API requests:

curl --header "Private-Token: ${personal_access_token}" https://gitlab.example.com/api/v4/projects
@kchou94
Copy link

kchou94 commented May 10, 2024 

gitlab_host="https://"
gitlab_user=""
gitlab_password=""

# 1. curl for the login page to get a session cookie and the sources with the auth tokens
body_header=$(curl -k -c cookies.txt -i "${gitlab_host}/users/sign_in" -s)

# grep the auth token for the user login for
#   not sure whether another token on the page will work, too - there are 3 of them
csrf_token=$(echo $body_header | perl -ne 'print "$1\n" if /gl-show-field-errors.*?authenticity_token"[[:blank:]]value="(.+?)"/' | sed -n 1p)

# 2. send login credentials with curl, using cookies and token from previous request
curl -k -b cookies.txt -c cookies.txt -i "${gitlab_host}/users/sign_in" \
	--data "user[login]=${gitlab_user}&user[password]=${gitlab_password}" \
	--data-urlencode "authenticity_token=${csrf_token}"

# 3. send curl GET request to personal access token page to get auth token
body_header=$(curl -k -H 'user-agent: curl' -b cookies.txt -i "${gitlab_host}-/user_settings/personal_access_tokens" -s)
csrf_token=$(echo $body_header | perl -ne 'print "$1\n" if /csrf-token"[[:blank:]]value="(.+?)"/' | sed -n 1p)

# 4. curl POST request to send the "generate personal access token form"
#      the response will be a redirect, so we have to follow using `-L`
body_header=$(curl -k -L -b cookies.txt "${gitlab_host}-/user_settings/personal_access_tokens" \
	--data-urlencode "authenticity_token=${csrf_token}" \
	--data 'personal_access_token[name]=golab-generated&personal_access_token[expires_at]=&personal_access_token[scopes][]=api')

# 5. Scrape the personal access token from the response HTML
personal_access_token=$(echo $body_header | perl -ne 'print "$1\n" if /new_token"[[:blank:]]value="(.+?)"/' | sed -n 1p)

version GitLab Community Edition [16.11]

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment