There is a webscript in share for creating a site in Alfresco (‘service/modules/create-site’).
In the body of the request you can define :
- visibility: ‘PUBLIC’, ‘MODERATED’ and ‘PRIVATE’
- title: The name of the site,
- shortName: The short name for the site, this parameter will appear in the URL, it should be a valid shortName.
- description: A description of the site.
- sitePreset: The template for creating the site, typically ‘site-dashboard’
The problem with using this webscript like that is that you will receive an error:
javax.servlet.ServletException: Possible CSRF attack noted when comparing token in session and request header. Request: POST /share/service/modules/create-site
One possibility is to disable CSRF for any request from a particular trusted server
That methodoly is described in:
http://docs.alfresco.com/5.1/concepts/csrf-policy.html
The second one is to provide an appropriated CSRF header. To achieve this you will run three HTTP Request in order.
- /share/page/dologin POST: This will authenticate you and will give you a session
- /share/page/user/admin/dashboard GET : This will give you the CSRF header
- /share/service/modules/create-site POST : This finally will create the site. You should put the CSRF in the header ‘alfresco-csrftoken’
It is important to noticed that you have to carry all the cookies from one request to another.
Code example in node Javascript:
———–
var querystring = require('querystring');
var http = require('http');
// BEGIN configuration
var username = 'admin';
var password = 'admin';
var url = 'localhost';
var port = '8080';
var site_title= 'My Site Title'; // name of the site
var site_shortName = 'my_site'; // should be a valid shortName
var site_description = 'This site is an example'; // description of the site
var site_sitePreset = 'site-dashboard"'; //
// END configuration
/**
** login http request
** @param {function} callback function called when request success
*/
function httpRequestLogin(callback) {
var path = '/share/page/dologin';
var options = {
'method': 'POST',
'hostname': url,
'port': port,
'path': path,
'headers': {
'content-type': 'application/x-www-form-urlencoded',
'origin': 'http://' + url + ':' + port,
'cache-control': 'no-cache'
}
};
var request = http.request(options, function (response) {
response.on('data', function () {
});
response.on('end', function () {
var cookiesManager = new CookiesManager();
cookiesManager.addCookies(response);
if (response.statusCode === 302) {
callback(cookiesManager);
} else {
console.error('error request: ' + path + ' message:' + response.statusCode);
}
});
response.on('error', function (err) {
console.error('error request: ' + path + ' message:' + response.statusCode);
console.error(err.stack);
});
});
var query = querystring.stringify({
username: username,
password: password,
success: '/share/page/',
failure: '/share/page/?error=true'
});
request.write(query);
request.end();
}
/**
** call dashboard http request, it is important to do this query for receiving
** the csrf cookie
** @param {CookiesManager} cookie manager
** @param {function} callback function called when request success
*/
function httpRequestDashboard(cookiesManager, callback) {
var options = {
'method': 'GET',
'hostname': url,
'port': port,
'path': '/share/page/user/admin/dashboard',
'headers': {
'Cookie': cookiesManager.toString(),
'origin': 'http://' + url + ':' + port,
'cache-control': 'no-cache'
}
};
var request = http.request(options, function (response) {
response.on('data', function () {
});
response.on('end', function () {
cookiesManager.addCookies(response);
if (response.statusCode === 200) {
callback(cookiesManager);
} else {
console.error('error request: ' + path + ' message:' + response.statusCode);
}
});
response.on('error', function (err) {
console.error('error request: ' + path + ' message:' + response.statusCode);
console.error(err.stack);
});
});
request.end();
}
/**
** create site http request
** @param {CookiesManager} cookie manager
** @param {function} callback function called when request success
*/
function httpRequestCreateSite(cookiesManager, callback) {
var csrf = cookiesManager.getCookie('Alfresco-CSRFToken');
csrf = unescape(csrf);
var options = {
'method': 'POST',
'hostname': url,
'port': port,
'path': '/share/service/modules/create-site',
'headers': {
'Cookie': cookiesManager.toString() ,
'content-type': 'application/json',
'alfresco-csrftoken': csrf,
'referer': 'http://' + url + ':' + port + '/share/page/user/admin/dashboard',
'cache-control': 'no-cache',
}
};
var request = http.request(options, function (response) {
var chunks = [];
response.on('data', function (chunk) {
chunks.push(chunk);
});
response.on('end', function () {
var body = Buffer.concat(chunks);
callback(body.toString());
});
});
var body = JSON.stringify({
visibility: 'PUBLIC',
title: site_title,
shortName: site_shortName,
description: site_description,
sitePreset: site_sitePreset,
siteTemplate: ''
});
request.write(body);
request.end();
}
/**
** cookie Manager class
*/
function CookiesManager() {
this.arr = {};
}
/**
** add to the current cookies the cookies in the response
** @param {response} http response
*/
CookiesManager.prototype.addCookies = function(response) {
var this_ = this;
var cookiesResponse = response.headers['set-cookie'];
if ( cookiesResponse ) {
cookiesResponse.forEach(
function ( cookieStr ) {
if (cookieStr) {
var path = cookieStr.split(/[=;]/);
var name = path[0];
var value = path[1];
this_.arr[name] = value;
}
}
);
}
}
/**
** get cookie value
** @param {string} cookie name
*/
CookiesManager.prototype.getCookie= function(name) {
return this.arr[name];
}
/**
** concatenate the cookies
*/
CookiesManager.prototype.toString= function() {
var text = '';
for (var key in this.arr) {
if(! this.arr.hasOwnProperty(key)){ continue };
text += key + '=' + this.arr[key] + '; ';
}
return text;
}
// start program
console.log('init program');
httpRequestLogin(function(cookiesManager){
console.log('finish login');
httpRequestDashboard(cookiesManager, function(cookiesManager) {
console.log('finish dashboard');
httpRequestCreateSite(cookiesManager, function(message) {
console.log('Create Site Response:');
console.log(message);
});
});
});
