Dragon Arrow written by Tatsuya Nakaji, all rights reserved animated-dragon-image-0164

【パズル2】ほとんどのエンジニアには解けるが、下位20%のダメなエンジニアにだけ解けないパズル?

Mar 15, 2019

こちらの問題 https://www.jabba.cloud/20151228212010/


$ curl http://challenge-your-limits2.herokuapp.com/call/my/APIs
{"error":"Ok. Let's get started! End Point is correct. But HTTP Method should be..."}

エンドポイントはOK httpメソッドが違う(GETじゃない)


$ curl -x POST https://challenge-your-limits2.herokuapp.com/call/my/APIs
0curl: (5) Could not resolve proxy: POST

POSTでは解決できないと。


$ curl -X DELETE http://challenge-your-limits2.herokuapp.com/call/my/APIs
{"message":"Well done! haha! Surprised? Yeah, the answer was DELETE. Ok. Next === /c2_users/:id/hacker_apply"}

DELETEでした。次は"/c2_users/:id/hacker_apply"とさ


$ curl http://challenge-your-limits2.herokuapp.com/c2_users/:id/hacker_apply
{"error":"Please authenticate using Basic Auth with your username and password. You want a clue? Shout out 'help/me/out'"}


ユーザ名とパスワードを認証してきて。ヒントが欲しいならhelp/me/out を呼べとさ


$ curl http://challenge-your-limits2.herokuapp.com/help/me/out
{"message":"By the way, Have you already registered? This is the clue only for REGISTERED user. You should have your id before you check the clue. If you don't, go to /c2_users/ and register. Hey, Registered users! Here you go. === bit.ly/1T8gVdG === You don't know about 'bit.ly'? Google it!"}

ところで登録済みのユーザーなの?違うなら "/c2_users/" にいけ。登録済みのユーザーよ、bit.ly/1T8gVdG に行け、'bit.ly'を知らない? バァたれ!


$ curl http://challenge-your-limits2.herokuapp.com/c2_users
{"error":"GET? No. No."}

GET?違う違う。


$ curl -X POST http://challenge-your-limits2.herokuapp.com/c2_users
{"error":"Validation Error - [:username, \"can't be blank\"]"}

ユーザーネームが空だぞ


$ curl -X POST -d "username=twinko" http://challenge-your-limits2.herokuapp.com/c2_users
{"error":"Validation Error - [:email, \"can't be blank\"]"}

emailが空だぞ


$ curl -X POST -d "username=twinko&email=twinko@bn.com&password=twinko" http://challenge-your-limits2.herokuapp.com/c2_users
{"id":3370,"username":"twinko","email":"twinko@bn.com","password":"RN2y6JQikEhEheEA","comment":null,"created_at":"2019-03-15T07:39:26.861Z","updated_at":"2019-03-15T07:39:26.861Z"}

アカウントできた


$ curl --user twinko:RN2y6JQikEhEheEA http://challenge-your-limits2.herokuapp.com/c2_users/:id/hacker_apply
{"error":"Your id is a bit weird. Can you check it?"}

奇妙な IDだな、確認したか?


$ curl --user twinko:RN2y6JQikEhEheEA http://challenge-your-limits2.herokuapp.com/c2_users/3370/hacker_apply
{"message":"Awesome! Can you come over here? === R29vZCBqb2IhISBQbGVhc2UgYWNjZXNzIHRvIHRoZSB1cmwgZnJvbSB5b3VyIHdlYiBicm93c2VyLiA9PT0gXApodHRwOi8vY2hhbGxlbmdlLXlvdXItbGltaXRzMi5oZXJva3VhcHAuY29tL3dpbm5lcl9jb21tZW50cy9xUWVwYWQtZDBXMHp0cVpY      You want a clue? Shout out 'give me a clue'"}

素晴らしい "base64変換後の文字列" まで来てくれるかい?


$ echo -n "R29vZCBqb2IhISBQbGVhc2UgYWNjZXNzIHRvIHRoZSB1cmwgZnJvbSB5b3VyIHdlYiBicm93c2VyLiA9PT0gXApodHRwOi8vY2hhbGxlbmdlLXlvdXItbGltaXRzMi5oZXJva3VhcHAuY29tL3dpbm5lcl9jb21tZW50cy9xUWVwYWQtZDBXMHp0cVpY" | base64 -D(--decodeでも可)
Good job!! Please access to the url from your web browser. === \
http://challenge-your-limits2.herokuapp.com/winner_comments/qQepad-d0W0ztqZX

Basic認証では、ユーザ名とパスワードの組みをコロン ":" でつなぎ、Base64でエンコードして送信するBasic認証base64変換はもうセット

完!!!


***豆知識
エンコード

$ echo -n "デコード後" | base64
エンコード

デコード

$ echo -n "エンコード後" | base64 -D
デコード後