starred/ntfy

Fork 0

mirror of https://github.com/binwiederhier/ntfy.git synced 2026-05-10 00:08:52 +02:00

[GH-ISSUE #595] Ansible URI module and base64 for Auth #450

New issue

Closed

opened 2026-05-07 00:24:17 +02:00 by BreizhHardware · 8 comments

BreizhHardware commented

2026-05-07 00:24:17 +02:00

Owner

Originally created by @fred-gb on GitHub (Jan 29, 2023).
Original GitHub issue: https://github.com/binwiederhier/ntfy/issues/595

Hi,

I would like to use Ansible URI module to send to my self-hosted server.
username and password are variables

    - name: Notification | NTFY
      uri:
        url: "https://example-ntfy-server.com/notif?auth={{ (username + ':' + password) | b64encode  | replace('=', '') }}"
        method: POST
        body: "TEST"
        status_code:
            - 200
      delegate_to: localhost
      become: no

I get a 403 reponse. with in fail message:

"url": "https://example-ntfy-server.com/notif?auth=BASE64AuthencodedGENERATEDbyAnsible"

But If I do manually in my terminal:

@fred ~ $ echo -n "Basic `echo -n 'MyUser:MySuperSecrePassword' | base64`" | base64 | tr -d '='

The encoded response is totally different from fail message before, I don't know why.

And If I paste the key generated manually.

    - name: Notification | NTFY
      uri:
        url: "https://example-ntfy-server.com/notif?auth=BASE64AuthencodedPASTEMANUALLY"
        method: POST
        body: "TEST"
        status_code:
            - 200
      delegate_to: localhost
      become: no

It works fine!

I tried another way like this:

     - name: Generate base64 auth
       shell: echo -n "Basic `echo -n 'MyUser:MySuperSecrePassword' | base64`" | base64 | tr -d '='
       register: auth_base64

    - debug:
        msg: "{{ auth_base64.stdout }}"

The result is little bit weird, beacause, the auth_base64.stdout is near of manually generated auth encoded.

For my exemple, if BASE64encodedPASTEMANUALLY is my manually generated and working Auth encoded, BASE64encodedPASTE\nMANUALLY is the result of ansible shell module. Why it puts \n inside auth encoded?

I don't understand where come from my mistake.
I know there is already a action_plugin for send to ntfy by ansible (thanks a lot to @jpmens, I tried it for testing) but I would like to use URI module.

Thanks

Originally created by @fred-gb on GitHub (Jan 29, 2023). Original GitHub issue: https://github.com/binwiederhier/ntfy/issues/595 Hi, I would like to use Ansible URI module to send to my self-hosted server. username and password are variables ``` - name: Notification | NTFY uri: url: "https://example-ntfy-server.com/notif?auth={{ (username + ':' + password) | b64encode | replace('=', '') }}" method: POST body: "TEST" status_code: - 200 delegate_to: localhost become: no ``` I get a 403 reponse. with in fail message: ``` "url": "https://example-ntfy-server.com/notif?auth=BASE64AuthencodedGENERATEDbyAnsible" ``` But If I do manually in my terminal: ``` @fred ~ $ echo -n "Basic `echo -n 'MyUser:MySuperSecrePassword' | base64`" | base64 | tr -d '=' ``` The encoded response is totally different from fail message before, I don't know why. And If I paste the key generated manually. ``` - name: Notification | NTFY uri: url: "https://example-ntfy-server.com/notif?auth=BASE64AuthencodedPASTEMANUALLY" method: POST body: "TEST" status_code: - 200 delegate_to: localhost become: no ``` It works fine! I tried another way like this: ``` - name: Generate base64 auth shell: echo -n "Basic `echo -n 'MyUser:MySuperSecrePassword' | base64`" | base64 | tr -d '=' register: auth_base64 - debug: msg: "{{ auth_base64.stdout }}" ``` The result is little bit weird, beacause, the auth_base64.stdout is near of manually generated auth encoded. For my exemple, if `BASE64encodedPASTEMANUALLY` is my manually generated and working Auth encoded, `BASE64encodedPASTE\nMANUALLY` is the result of ansible shell module. Why it puts `\n` inside auth encoded? I don't understand where come from my mistake. I know there is already a action_plugin for send to ntfy by ansible (thanks a lot to @jpmens, I tried it for testing) but I would like to use URI module. Thanks

BreizhHardware closed this issue

2026-05-07 00:24:17 +02:00

BreizhHardware commented

2026-05-07 00:24:17 +02:00

Author

Owner

@jpmens commented on GitHub (Jan 30, 2023):

Why are you removing the = symbols from the base64-encoded value? It's padding and they are part of it, and the HTTP code 403 (Forbidden) seems to corrobare my view.

Also in your shell example you are double encoding the string ... I don't think that can work.

@jpmens commented on GitHub (Jan 30, 2023): Why are you removing the `=` symbols from the base64-encoded value? It's padding and they are part of it, and the HTTP code 403 (Forbidden) seems to corrobare my view. Also in your `shell` example you are double encoding the string ... I don't think that can work.

BreizhHardware commented

2026-05-07 00:24:17 +02:00

Author

Owner

@jpmens commented on GitHub (Jan 30, 2023):

Example:

$ printf "fred:secret" | base64
ZnJlZDpzZWNyZXQ=

$ printf "ZnJlZDpzZWNyZXQ=" | base64 -d
fred:secret

$ printf "ZnJlZDpzZWNyZXQ" | base64 -d   # after removing the '='
fred:sec

@jpmens commented on GitHub (Jan 30, 2023): Example: ```console $ printf "fred:secret" | base64 ZnJlZDpzZWNyZXQ= $ printf "ZnJlZDpzZWNyZXQ=" | base64 -d fred:secret $ printf "ZnJlZDpzZWNyZXQ" | base64 -d # after removing the '=' fred:sec ```

BreizhHardware commented

2026-05-07 00:24:17 +02:00

Author

Owner

@fred-gb commented on GitHub (Jan 30, 2023):

Hi,
Yes I removed trailing = by ansible filter replace.

For double encoded base64 is a try. I also try with only one encoded.

Thanks

@fred-gb commented on GitHub (Jan 30, 2023): Hi, Yes I removed trailing = by ansible filter replace. For double encoded base64 is a try. I also try with only one encoded. Thanks

BreizhHardware commented

2026-05-07 00:24:17 +02:00

Author

Owner

@fred-gb commented on GitHub (Jan 30, 2023):

Sorry bad read.

In doc, say: remove trailing =

I'm not at my office.

@fred-gb commented on GitHub (Jan 30, 2023): Sorry bad read. In doc, say: remove trailing = I'm not at my office.

BreizhHardware commented

2026-05-07 00:24:18 +02:00

Author

Owner

@jpmens commented on GitHub (Jan 30, 2023):

In doc, say: remove trailing =

which doc?

@jpmens commented on GitHub (Jan 30, 2023): >In doc, say: remove trailing = which doc?

BreizhHardware commented

2026-05-07 00:24:18 +02:00

Author

Owner

@fred-gb commented on GitHub (Jan 30, 2023):

I found solution!

TL;DR:

- name: Generate base64 auth
  set_fact:
    auth_base64: "{{ ( 'Basic ' + ( username + ':' + password ) | b64encode ) | b64encode }}"

To found this, thanks @jpmens you give me the way with:

$ printf "ZnJlZDpzZWNyZXQ=" | base64 -d
fred:secret

I tried decode with my manually generated b64. And give me something like:

TASK [debug] **************************************************************************************
ok: [localhost => {
    "msg": "Basic ANOTHERBase64EncodedOUTofTHEblackBOX? "
}

As you can see, Basic (with space after) appears. It's that why double encode exists.

And in NTFY docs # authentification in Query param part. you will find:

echo -n "Basic `echo -n 'testuser:fakepassword' | base64`" | base64 | tr -d '='

So to use the Ansible URI module as simplest example:

   - name: Notification | NTFY
     uri:
       url: "https://example-ntfy-server.com/{{ topic }}?auth={{ ( 'Basic ' + ( username + ':' + password ) | b64encode ) | b64encode }}"
       method: POST
       body: "TEST"
       status_code:
           - 200
     delegate_to: localhost
     become: no

Voilà !
Thanks and hope that can help too.

@fred-gb commented on GitHub (Jan 30, 2023): I found solution! TL;DR: ``` - name: Generate base64 auth set_fact: auth_base64: "{{ ( 'Basic ' + ( username + ':' + password ) | b64encode ) | b64encode }}" ``` To found this, thanks @jpmens you give me the way with: ``` $ printf "ZnJlZDpzZWNyZXQ=" | base64 -d fred:secret ``` I tried decode with my manually generated b64. And give me something like: ``` TASK [debug] ************************************************************************************** ok: [localhost => { "msg": "Basic ANOTHERBase64EncodedOUTofTHEblackBOX? " } ``` As you can see, `Basic `(with space after) appears. It's that why double encode exists. And in [NTFY docs # authentification](https://docs.ntfy.sh/publish/#authentication) in Query param part. you will find: ``` echo -n "Basic `echo -n 'testuser:fakepassword' | base64`" | base64 | tr -d '=' ``` So to use the Ansible URI module as simplest example: ``` - name: Notification | NTFY uri: url: "https://example-ntfy-server.com/{{ topic }}?auth={{ ( 'Basic ' + ( username + ':' + password ) | b64encode ) | b64encode }}" method: POST body: "TEST" status_code: - 200 delegate_to: localhost become: no ``` Voilà ! Thanks and hope that can help too.

BreizhHardware commented

2026-05-07 00:24:18 +02:00

Author

Owner

@jpmens commented on GitHub (Jan 30, 2023):

I don't see how that is possible, in spite of the documentation saying so:

$ printf "Basic $(printf "fred:secret" | base64)" | base64
QmFzaWMgWm5KbFpEcHpaV055WlhRPQ==

$ printf "QmFzaWMgWm5KbFpEcHpaV055WlhRPQ" | base64 -d
Basic ZnJlZDpzZWNyZXQ

$ printf "ZnJlZDpzZWNyZXQ" | base64 -d ; echo
fred:secr

Truncating the = characters renders the password inoperable. The padding is required, and the formula will only work if the username/password combination doesn't produce padding characters.

@jpmens commented on GitHub (Jan 30, 2023): I don't see how that is possible, in spite of the documentation saying so: ```console $ printf "Basic $(printf "fred:secret" | base64)" | base64 QmFzaWMgWm5KbFpEcHpaV055WlhRPQ== $ printf "QmFzaWMgWm5KbFpEcHpaV055WlhRPQ" | base64 -d Basic ZnJlZDpzZWNyZXQ $ printf "ZnJlZDpzZWNyZXQ" | base64 -d ; echo fred:secr ``` Truncating the `=` characters renders the password inoperable. The padding is required, and the formula will only work if the username/password combination doesn't produce padding characters.

BreizhHardware commented

2026-05-07 00:24:18 +02:00

Author

Owner

@fred-gb commented on GitHub (Jan 30, 2023):

I found another thing. No needed to truncating =

That works too with:

- debug:
    msg: "{{ ( 'Basic ' + ( username + ':' + password ) | b64encode ) | b64encode }}"

Symbols == appear only in the first encoding . And give something like: QmFzaWMgWm5KbFpEcHpaV055WlhRPQ==
And after, you can encode again to make it work.

I don't understand really why but now, it's better!

Thanks

@fred-gb commented on GitHub (Jan 30, 2023): I found another thing. No needed to truncating `=` That works too with: ``` - debug: msg: "{{ ( 'Basic ' + ( username + ':' + password ) | b64encode ) | b64encode }}" ``` Symbols `==` appear only in the first encoding . And give something like: `QmFzaWMgWm5KbFpEcHpaV055WlhRPQ== ` And after, you can encode again to make it work. I don't understand really why but now, it's better! Thanks