authentication - how to fetch a wordpress admin page using google apps script

Question

I need to fetch a page inside my Wordpress blog admin area. The following script:

function fetchAdminPage() {
   var url = "http://www.mydomain.invalid/wp/wp-admin/wp-login.php";
   var options = {
      "method": "post",
      "payload": {
      "log": "admin",
      "pwd": "password",
      "wp-submit": "Login",
      "redirect_to":"http://www.mydomain.invalid/wp/wp-admin/edit-comments.php",
      "testcookie": 1
      }
   };
   var response = UrlFetchApp.fetch(url, options);
   ...
}

is executed without errors. Anyway, response.getContentText() returns the login page, and I am not able to access the page http://www.mydomain.invalid/wp/wp-admin/edit-comments.php which is the one I want to fetch. Any idea on how to do this?

Answer 1

There might be an issue with Google Apps Scripts and post-ing to a URL that gives you back a redirection header.

It seems like it might not be possible to follow the redirect with a post - here's a discussion on the issue - https://code.google.com/p/google-apps-script-issues/issues/detail?id=1254#c3

Would it be possible, if you modify your code to not follow redirects, capture the cookies and then do a second request to your page? I haven't actually used GAS, but here's my best guess from reading the documentation:

function fetchAdminPage() {
   var url = "http://www.mydomain.invalid/wp/wp-admin/wp-login.php";
   var options = {
      "method": "post",
      "payload": {
      "log": "admin",
      "pwd": "password",
      "wp-submit": "Login",
      "testcookie": 1
      },
      "followRedirects": false
   };
   var response = UrlFetchApp.fetch(url, options);
   if ( response.getResponseCode() == 200 ) {
     // Incorrect user/pass combo
   } else if ( response.getResponseCode() == 302 ) {
     // Logged-in
     var headers = response.getAllHeaders();
     if ( typeof headers['Set-Cookie'] !== 'undefined' ) {
        // Make sure that we are working with an array of cookies
        var cookies = typeof headers['Set-Cookie'] == 'string' ? [ headers['Set-Cookie'] ] : headers['Set-Cookie'];
        for (var i = 0; i < cookies.length; i++) {
           // We only need the cookie's value - it might have path, expiry time, etc here
           cookies[i] = cookies[i].split( ';' )[0];
        };
        url = "http://www.mydomain.invalid/wp/wp-admin/edit-comments.php";
        options = {
            "method": "get",
            // Set the cookies so that we appear logged-in
            "headers": {
               "Cookie": cookies.join(';')
            }
        };
        response = UrlFetchApp.fetch(url, options);
     };
   };
   ...
}

You would obviously need to add some debugging and error handling, but it should get you through.

What happens here is that we first post to the log-in form. Assuming that everything goes correctly, that should give us back a response code of 302(Found). If that's the case, we will then process the headers and look specifically for the "Set-Cookie" header. If it's set, we'll get rid of the un-needed stuff and store the cookies values.

Finally we make a new get request to the desired page on the admin( in this case /wp/wp-admin/edit-comments.php ), but this time we attach the "Cookie" header which contains all of the cookies acquired in the previous step.

If everything works as expected, you should get your admin page :)

I would advise on storing the cookies information(in case you're going to make multiple requests to your page) in order to save time, resources and requests.

Again - I haven't actually tested the code, but in theory it should work. Please test it and come back to me with any findings you make.