I'm attempting to build a two-way Slack integration with on on-premises Microsoft TFS REST endpoint, using Node.js and PHP as the main processors of the data to and from. I can successfully perform GETs against the on-prem TFS install using NTLM authentication, and parse the data through to Slack. So I know that (1) the endpoint is working, (2) I am capable of authenticating to it, and (3) I can get data from it without problem.
Where I'm hitting a blocking point is trying to POST a query to the TFS endpoint and get a successful response. I'm generating the POST request within PHP, and when it executes against an insecure website, the POST body and headers pass through just fine. However, when I change the URL on that POST request to be the TFS endpoint, protected by an NTLM layer, I get an error saying that the content-type is invalid (TFS requires "application/json" and the request it's receiving has no header, so is defaulting to "application/x-www-form-urlencoded" and failing).
It looks like somehow the request body and headers aren't being passed beyond the NTLM authentication step, but I have no idea why that would be, nor how to ensure that it will push through. I've checked out some tips and tricks online, but haven't been able to break through yet.
Here's the latest version of the PHP code that I'm using:
$ch = curl_init();
curl_setopt($ch, CURLINFO_HEADER_OUT, TRUE);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
//curl_setopt($ch, CURLOPT_POST, TRUE);
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "POST");
curl_setopt($ch, CURLOPT_RETURNTRANSFER,TRUE);
curl_setopt($ch, CURLOPT_HEADER, TRUE);
curl_setopt($ch, CURLOPT_URL,$baseURL);
curl_setopt($ch, CURLOPT_UNRESTRICTED_AUTH, TRUE);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, TRUE);
curl_setopt($ch, CURLOPT_POSTREDIR,3);
curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_NTLM);
curl_setopt($ch, CURLOPT_USERPWD, $userpwd);
curl_setopt($ch, CURLOPT_POSTFIELDS, $postBody);
curl_setopt($ch, CURLOPT_HTTPHEADER, array(
'Accept: application/json',
'Transfer-Encoding: chunked',
'x-metadata: testing',
'x-testing: This is a value'
));
Any ideas on how to ensure that the POST body and HTTP headers are surviving the trip through the NTLM layer?
