[ZendTo] AutoPickUp

Jules Jules at Zend.To
Wed May 27 17:07:16 BST 2020


Dale,

For the vast majority of sites, this won't affect things at all.
Before you can use *any* of the automation features, you need to 
manually create a new user on whatever directory service you use (e.g. 
your Active Directory) and configure that into ZendTo.
All the automation scripts then still require that you know not only the 
exact username, but also know its password.

Very few sites ever set up the configuration required to allow these 
scripts to work at all. If you skip the configuration needed, then the 
scripts output nothing of any value at all.

Cheers,
Jules.

On 27/05/2020 15:26, Dale E. Qualls via ZendTo wrote:
>
> If adding this to a release diminished the security, even in a small 
> way, wouldn't it be best to make it as some type of add-on and not 
> actually put it in the public release?
>
> Just my 2 cents.
>
>
>
>
>
>
> 	
>
> Dale E. Qualls
> Director of Information Technology
> Pattishall, McAuliffe, Newbury, Hilliard & Geraldson LLP
> 200 South Wacker Drive, Suite 2900
> Chicago, IL 60606-5896
> Direct: (312) 554-7979 Main: (312) 554-8000 Fax: (312) 554-8015
> deq at pattishall.com <mailto:deq at pattishall.com> www.pattishall.com 
> <http://www.pattishall.com> Follow us on Twitter 
> <http://www.twitter.com/Pattishall>
>
> 				Pattishall Ranks GOLD in the United States and in Illinois in the 
> prestigious
> WTR 1000 				
>
> ------------------------------------------------------------------------
> The preceding message and any attachments may contain confidential 
> information protected by the attorney-client or other privilege. You 
> may not forward this message or any attachments without the permission 
> of the sender. If you believe that it has been sent to you in error, 
> please reply to the sender that you received the message in error and 
> then delete it. Nothing in this email message, including the typed 
> name of the sender and/or this signature block, is intended to 
> constitute an electronic signature unless a specific statement to the 
> contrary is included in the message.
> ------------------------------------------------------------------------
>
> *From:*ZendTo [mailto:zendto-bounces at zend.to] *On Behalf Of *Jules via 
> ZendTo
> *Sent:* Wednesday, May 27, 2020 9:13 AM
> *To:* Cole, Sean
> *Cc:* Jules; ZendTo Users list
> *Subject:* Re: [ZendTo] AutoPickUp
>
> External email, exercise caution.
>
> Sean,
>
> I've written the script for you. It will be in 
> /opt/zendto/bin/autolist. Run it without any command-line parameters 
> to see the usage. It will dump a huge JSON structure as its output. If 
> you pipe its output through the "jq" command, it will be nicely laid 
> out for you.
> And see
> zend.to/automation.php <http://zend.to/automation.php>
> to learn about the automation scripts in general, and what you need to 
> configure before you can use them.
>
> This will be in the next beta release, which will probably happen 
> tomorrow now.
>
> Cheers,
> Jules.
>
> On 27/05/2020 10:55, Cole, Sean wrote:
>
>     I thought about the risk as well.  We are more interested in
>     automating the process, so yes another "autolist" script that
>     dumped the details of every single drop-off in the system would be
>     useful. We will use firewall rules and permissions to restrict the
>     access.
>
>     Again Thanks for your assistance.
>
>     Sean
>
>     ------------------------------------------------------------------------
>
>     *From:*Jules <Jules at Zend.To> <mailto:Jules at Zend.To>
>     *Sent:* Wednesday, May 27, 2020 4:30 AM
>     *To:* Cole, Sean; ZendTo Users
>     *Subject:* Re: [ZendTo] AutoPickUp
>
>     Sean,
>
>     Would another "autolist" script that dumped the details of every
>     single drop-off in the system, as 1 big JSON structure, do what
>     you need?
>
>     Then you can use your own code to search the data for the
>     drop-offs you're looking for, get the ClaimID and Passcode of the
>     relevant ones, then use "autopickup" to download them.
>
>     Having that script exist at all is risky, in my view, as it gives
>     anyone who gets access to it "the keys to the castle vault". But
>     then again if, like most people, you're using SQLite3 then it's
>     just saving a hacker the step of working out how the DB schema
>     works. Which would take someone competent about 10 minutes. It's
>     very simple and obvious.
>
>     Let me know if that would be a good solution for you.
>
>     Cheers,
>     Jules.
>
>     On 26/05/2020 21:32, Cole, Sean wrote:
>
>         We are basically looking to have our students drop documents
>         off and don't want the staff to have to go to their email
>         click on the link to ZendTo, then download the file, then
>         place it in the folder where it has to go.  We want o have an
>         automated process to check for any documents a student may
>         have dropped off every 10 minutes.  Pick them up and put
>         them in the necessary folder on the server.
>
>         Thanks for any help you can provide.
>
>         Sean Cole
>
>         ------------------------------------------------------------------------
>
>         *From:*Cole, Sean
>         *Sent:* Tuesday, May 26, 2020 1:56 PM
>         *To:* Jules; ZendTo Users
>         *Subject:* Re: [ZendTo] AutoPickUp
>
>         Each Drop-off has a different claimID and passcode so if you
>         have 10 drop-offs how can you automate the pickup if you don't
>         have the unique claimID and passcode for each of the 10 drop-offs?
>
>         Thanks Again for you help,
>
>         Sean Cole
>
>         ------------------------------------------------------------------------
>
>         *From:*Jules <Jules at Zend.To> <mailto:Jules at Zend.To>
>         *Sent:* Saturday, May 23, 2020 5:41 AM
>         *To:* ZendTo Users
>         *Cc:* Cole, Sean
>         *Subject:* Re: [ZendTo] AutoPickUp
>
>         Sean,
>
>         Before using any of the scripts, you need to create a user
>         that will be only used for driving the automation scripts of
>         ZendTo. Don't use a real user's account, create one just for
>         the purpose.
>         Put that username in the 'automationUsers' setting in
>         preferences.php.
>
>         For this example, let's set a few things:
>         - The automation user is going to have the username "robot"
>         with a password of "machines".
>         - The claimID and passcode of the drop-off will be
>         "aaaClaimIDaaa" and "bbbPasscodebbb".
>         - The address of your ZendTo site will be
>         "https://your-zendto-site.com/". The site address always goes
>         at the very end of the command, after all the other options.
>
>         To see the command-line usage:
>         /opt/zendto/bin/autopickup --help
>
>         Fetch information about the drop-off, without downloading
>         anything:
>         /opt/zendto/bin/autopickup --username "robot" --password
>         "machines" --claimid "aaaClaimIDaaa" --passcode
>         "bbbPasscodebbb" --list --nofiles
>         https://your-zendto-site.com/ <https://your-zendto-site.com/>
>
>         Fetch all the files in the drop-off to the current directory,
>         verifying their checksums, and logging that they were picked
>         up by "user at yourdomain.com" <mailto:user at yourdomain.com>:
>         /opt/zendto/bin/autopickup --username "robot" --password
>         "machines" --claimid "aaaClaimIDaaa" --passcode
>         "bbbPasscodebbb" --checksum --pickedupby "user at yourdomain.com"
>         <mailto:user at yourdomain.com> https://your-zendto-site.com/
>         <https://your-zendto-site.com/>
>
>         Fetch all the files in the drop-off to the directory
>         "/var/tmp/downloads", not bothering with checksums or logging
>         who did it:
>         /opt/zendto/bin/autopickup --username "robot" --password
>         "machines" --claimid "aaaClaimIDaaa" --passcode
>         "bbbPasscodebbb" --output "/var/tmp/downloads"
>         https://your-zendto-site.com/ <https://your-zendto-site.com/>
>
>         The output of the "--list --nofiles" command above will give
>         you a unique "fileid" number for each of the files in the
>         drop-off. So let's download file number 123, verify its
>         checksum and save it to the file "~/Downloads/my-picked-up-file":
>         /opt/zendto/bin/autopickup --username "robot" --password
>         "machines" --claimid "aaaClaimIDaaa" --passcode
>         "bbbPasscodebbb" --file 123 --checksum --output
>         "~/Downloads/my-picked-up-file" https://your-zendto-site.com/
>         <https://your-zendto-site.com/>
>
>         If you are using a locally-signed SSL certificate on your
>         ZendTo server, you may need to add the option
>         --insecure
>         to all of the above examples.
>
>         To see the "curl" command it creates, which is what does all
>         the work, but not actually run anything, add the option
>         --debug
>         to any of the above examples.
>
>         Does that help?
>
>         The point of me using "curl" is that all the script really
>         does is create all the parameters for an HTTP POST request to
>         your ZendTo server, and then pull out the JSON results from
>         the right header in the returned data. The "--debug" option
>         will help you understand what it's doing.
>
>         Once you have played with it a bit, take a look how the script
>         works (90% is just parsing the command-line!) and you will see
>         how you could use a .Net http request to achieve the same
>         result with your own code running on a Windows server.
>
>         Cheers,
>         Jules.
>
>         On 22/05/2020 20:25, Cole, Sean via ZendTo wrote:
>
>             ​Is anyone using the AutoPickUp Script?  Any documentation
>             on the use of the script or examples. Trying to move the
>             files uploaded from the ZendTo server to a Windows server.
>
>             Regards,
>
>             *Sean Cole*
>
>             Mgr. Network Services
>
>             SeanCole at sunywcc.edu <mailto:SeanCole at sunywcc.edu>
>
>             914-606-6923
>
>
>
>             _______________________________________________
>
>             ZendTo mailing list
>
>             ZendTo at zend.to <mailto:ZendTo at zend.to>
>
>             http://jul.es/mailman/listinfo/zendto
>
>
>
>         Jules
>
>         -- 
>
>         Julian Field MEng CEng CITP MBCS MIEEE MACM
>
>         The current UK shipping forecast:
>
>         Trafalgar: Northerly or northeasterly 5 to 7, occasionally 4
>         at first. Rough.
>
>         Rain or showers at first. Good, occasionally moderate at first.
>
>         www.Zend.To <http://www.Zend.To>
>
>         Twitter: @JulesFM
>
>
>
>     Jules
>
>     -- 
>
>     Julian Field MEng CEng CITP MBCS MIEEE MACM
>
>     'Intelligence is quickness to apprehend as distinct from ability,
>
>     which is capacity to act wisely on the thing apprehended.'
>
>     - Alfred North Whitehead
>
>     www.Zend.To <http://www.Zend.To>
>
>     Twitter: @JulesFM
>
>
>
> Jules
> -- 
> Julian Field MEng CEng CITP MBCS MIEEE MACM
> The current UK shipping forecast:
> Sole, Lundy, Fastnet: East 4 or 5 veering southeast 5 or 6 later. Moderate.
> Fog patches at first. Moderate or good, occasionally very poor at first.
> www.Zend.To  <http://www.Zend.To>
> Twitter: @JulesFM
>
>
> _______________________________________________
> ZendTo mailing list
> ZendTo at zend.to
> http://jul.es/mailman/listinfo/zendto

Jules

-- 
Julian Field MEng CEng CITP MBCS MIEEE MACM

'A good programmer is someone who always looks both ways
  before crossing a one-way street.' - Doug Linder

www.Zend.To
Twitter: @JulesFM

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://jul.es/pipermail/zendto/attachments/20200527/cf12ef9a/attachment-0001.html>


More information about the ZendTo mailing list