[ZendTo] AutoPickUp

Dale E. Qualls deq at pattishall.com
Wed May 27 15:26:47 BST 2020 

If adding this to a release diminished the security, even in a small way, wouldn't it be best to make it as some type of add-on and not actually put it in the public release?

Just my 2 cents.






[http://images.pattishall.com/images/pattishalllogo.jpg]

Dale E. Qualls
Director of Information Technology
Pattishall, McAuliffe, Newbury, Hilliard & Geraldson LLP
200 South Wacker Drive, Suite 2900
Chicago, IL 60606-5896
Direct: (312) 554-7979 Main: (312) 554-8000 Fax: (312) 554-8015
deq at pattishall.com<mailto:deq at pattishall.com> www.pattishall.com<http://www.pattishall.com> Follow us on Twitter<http://www.twitter.com/Pattishall>



[http://images.pattishall.com/images/25pixelimage.gif]  [http://images.pattishall.com/images/25pixelimage.gif]  [http://images.pattishall.com/images/blf-badge.jpg]     [http://images.pattishall.com/images/25pixelimage.gif]  Pattishall Ranks GOLD in the United States and in Illinois in the prestigious
WTR 1000        [http://images.pattishall.com/images/25pixelimage.gif]  [http://images.pattishall.com/images/2014chambers-65.jpg]       [http://images.pattishall.com/images/25pixelimage.gif]  [http://images.pattishall.com/images/2013gototop500.jpg]

________________________________
The preceding message and any attachments may contain confidential information protected by the attorney-client or other privilege. You may not forward this message or any attachments without the permission of the sender. If you believe that it has been sent to you in error, please reply to the sender that you received the message in error and then delete it. Nothing in this email message, including the typed name of the sender and/or this signature block, is intended to constitute an electronic signature unless a specific statement to the contrary is included in the message.
________________________________
From: ZendTo [mailto:zendto-bounces at zend.to] On Behalf Of Jules via ZendTo
Sent: Wednesday, May 27, 2020 9:13 AM
To: Cole, Sean
Cc: Jules; ZendTo Users list
Subject: Re: [ZendTo] AutoPickUp


External email, exercise caution.



Sean,

I've written the script for you. It will be in /opt/zendto/bin/autolist. Run it without any command-line parameters to see the usage. It will dump a huge JSON structure as its output. If you pipe its output through the "jq" command, it will be nicely laid out for you.
And see
zend.to/automation.php<http://zend.to/automation.php>
to learn about the automation scripts in general, and what you need to configure before you can use them.

This will be in the next beta release, which will probably happen tomorrow now.

Cheers,
Jules.
On 27/05/2020 10:55, Cole, Sean wrote:

I thought about the risk as well.  We are more interested in automating the process, so yes another "autolist" script that dumped the details of every single drop-off in the system would be useful. We will use firewall rules and permissions to restrict the access.



Again Thanks for your assistance.

Sean

________________________________
From: Jules <Jules at Zend.To><mailto:Jules at Zend.To>
Sent: Wednesday, May 27, 2020 4:30 AM
To: Cole, Sean; ZendTo Users
Subject: Re: [ZendTo] AutoPickUp

Sean,

Would another "autolist" script that dumped the details of every single drop-off in the system, as 1 big JSON structure, do what you need?

Then you can use your own code to search the data for the drop-offs you're looking for, get the ClaimID and Passcode of the relevant ones, then use "autopickup" to download them.

Having that script exist at all is risky, in my view, as it gives anyone who gets access to it "the keys to the castle vault". But then again if, like most people, you're using SQLite3 then it's just saving a hacker the step of working out how the DB schema works. Which would take someone competent about 10 minutes. It's very simple and obvious.

Let me know if that would be a good solution for you.

Cheers,
Jules.
On 26/05/2020 21:32, Cole, Sean wrote:

We are basically looking to have our students drop documents off and don't want the staff to have to go to their email click on the link to ZendTo, then download the file, then place it in the folder where it has to go.  We want o have an automated process to check for any documents a student may have dropped off every 10 minutes.  Pick them up and put them in the necessary folder on the server.



Thanks for any help you can provide.

Sean Cole

________________________________
From: Cole, Sean
Sent: Tuesday, May 26, 2020 1:56 PM
To: Jules; ZendTo Users
Subject: Re: [ZendTo] AutoPickUp


Each Drop-off has a different claimID and passcode so if you have 10 drop-offs how can you automate the pickup if you don't have the unique claimID and passcode for each of the 10 drop-offs?



Thanks Again for you help,

Sean Cole



________________________________
From: Jules <Jules at Zend.To><mailto:Jules at Zend.To>
Sent: Saturday, May 23, 2020 5:41 AM
To: ZendTo Users
Cc: Cole, Sean
Subject: Re: [ZendTo] AutoPickUp

Sean,

Before using any of the scripts, you need to create a user that will be only used for driving the automation scripts of ZendTo. Don't use a real user's account, create one just for the purpose.
Put that username in the 'automationUsers' setting in preferences.php.

For this example, let's set a few things:
- The automation user is going to have the username "robot" with a password of "machines".
- The claimID and passcode of the drop-off will be "aaaClaimIDaaa" and "bbbPasscodebbb".
- The address of your ZendTo site will be "https://your-zendto-site.com/<https://your-zendto-site.com/>". The site address always goes at the very end of the command, after all the other options.

To see the command-line usage:
    /opt/zendto/bin/autopickup --help

Fetch information about the drop-off, without downloading anything:
    /opt/zendto/bin/autopickup --username "robot" --password "machines" --claimid "aaaClaimIDaaa" --passcode "bbbPasscodebbb" --list --nofiles https://your-zendto-site.com/<https://your-zendto-site.com/>

Fetch all the files in the drop-off to the current directory, verifying their checksums, and logging that they were picked up by "user at yourdomain.com"<mailto:user at yourdomain.com>:
    /opt/zendto/bin/autopickup --username "robot" --password "machines" --claimid "aaaClaimIDaaa" --passcode "bbbPasscodebbb" --checksum --pickedupby "user at yourdomain.com"<mailto:user at yourdomain.com> https://your-zendto-site.com/<https://your-zendto-site.com/>

Fetch all the files in the drop-off to the directory "/var/tmp/downloads", not bothering with checksums or logging who did it:
    /opt/zendto/bin/autopickup --username "robot" --password "machines" --claimid "aaaClaimIDaaa" --passcode "bbbPasscodebbb" --output "/var/tmp/downloads" https://your-zendto-site.com/<https://your-zendto-site.com/>

The output of the "--list --nofiles" command above will give you a unique "fileid" number for each of the files in the drop-off. So let's download file number 123, verify its checksum and save it to the file "~/Downloads/my-picked-up-file":
    /opt/zendto/bin/autopickup --username "robot" --password "machines" --claimid "aaaClaimIDaaa" --passcode "bbbPasscodebbb" --file 123 --checksum --output "~/Downloads/my-picked-up-file" https://your-zendto-site.com/<https://your-zendto-site.com/>

If you are using a locally-signed SSL certificate on your ZendTo server, you may need to add the option
    --insecure
to all of the above examples.

To see the "curl" command it creates, which is what does all the work, but not actually run anything, add the option
    --debug
to any of the above examples.

Does that help?

The point of me using "curl" is that all the script really does is create all the parameters for an HTTP POST request to your ZendTo server, and then pull out the JSON results from the right header in the returned data. The "--debug" option will help you understand what it's doing.

Once you have played with it a bit, take a look how the script works (90% is just parsing the command-line!) and you will see how you could use a .Net http request to achieve the same result with your own code running on a Windows server.

Cheers,
Jules.
On 22/05/2020 20:25, Cole, Sean via ZendTo wrote:

​Is anyone using the AutoPickUp Script?  Any documentation on the use of the script or examples. Trying to move the files uploaded from the ZendTo server to a Windows server.



Regards,
Sean Cole
Mgr. Network Services

SeanCole at sunywcc.edu<mailto:SeanCole at sunywcc.edu>
914-606-6923



_______________________________________________

ZendTo mailing list

ZendTo at zend.to<mailto:ZendTo at zend.to>

http://jul.es/mailman/listinfo/zendto<http://jul.es/mailman/listinfo/zendto>



Jules



--

Julian Field MEng CEng CITP MBCS MIEEE MACM



The current UK shipping forecast:

Trafalgar: Northerly or northeasterly 5 to 7, occasionally 4 at first. Rough.

Rain or showers at first. Good, occasionally moderate at first.



www.Zend.To<http://www.Zend.To>

Twitter: @JulesFM



Jules



--

Julian Field MEng CEng CITP MBCS MIEEE MACM



'Intelligence is quickness to apprehend as distinct from ability,

 which is capacity to act wisely on the thing apprehended.'

 - Alfred North Whitehead



www.Zend.To<http://www.Zend.To>

Twitter: @JulesFM



Jules



--

Julian Field MEng CEng CITP MBCS MIEEE MACM



The current UK shipping forecast:

Sole, Lundy, Fastnet: East 4 or 5 veering southeast 5 or 6 later. Moderate.

Fog patches at first. Moderate or good, occasionally very poor at first.



www.Zend.To<http://www.Zend.To>

Twitter: @JulesFM




-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://jul.es/pipermail/zendto/attachments/20200527/a4052638/attachment-0001.html>

More information about the ZendTo mailing list