需要身份验证 - 使用 Python 建立 AIM OSCAR 会话时出现问题

发布于 2024-07-14 04:29:43 字数 2928 浏览 13 评论 0原文

我正在编写一个简单的 python 脚本,它将使用 OSCAR 协议 与 AIM 服务器进行交互。 它包括一个有点复杂的握手协议。 您本质上必须向特定 URL 发送 GET 请求,接收 XML 或 JSON 编码的回复,提取特殊的会话令牌和密钥,然后使用令牌和密钥生成响应。

我尝试按照这些步骤进行操作,但该过程最后失败了一。 这是我的代码:

class simpleOSCAR:
  def __init__(self, username, password):
    self.username = username
    self.password = password

    self.open_aim_key = 'whatever'
    self.client_name = 'blah blah blah'
    self.client_version = 'yadda yadda yadda'


  def authenticate(self):

    # STEP 1
    url = 'https://api.screenname.aol.com/auth/clientLogin?f=json'
        data = urllib.urlencode( [
                 ('k', self.open_aim_key), 
                 ('s', self.username),
                 ('pwd', self.password), 
                 ('clientVersion', self.client_version),
                 ('clientName', self.client_name)]
                )

    response = urllib2.urlopen(url, data)
    json_response = simplejson.loads(urllib.unquote(response.read()))

    session_secret = json_response['response']['data']['sessionSecret']
    host_time = json_response['response']['data']['hostTime']
    self.token = json_response['response']['data']['token']['a']

    # STEP 2
    self.session_key = base64.b64encode(hmac.new(self.password, session_secret, sha256).digest())

    #STEP 3
    uri = "http://api.oscar.aol.com/aim/startOSCARSession?"

    data = urllib.urlencode([   
                    ('a', self.token),  
                    ('clientName', self.client_name),
                    ('clientVersion', self.client_version),
                    ('f', 'json'),
                    ('k', self.open_aim_key), 
                    ('ts', host_time), 
                                    ]
                )
    urldata = uri+data
    hashdata = "GET&" + urllib.quote("http://api.oscar.aol.com/aim/startOSCARSession?") + data

    digest = base64.b64encode(hmac.new(self.session_key, hashdata, sha256).digest())

    urldata =  urldata + "&sig_sha256=" + digest

    print urldata + "\n"

    response = urllib2.urlopen(urldata)
    json_response = urllib.unquote(response.read())

    print json_response

if __name__ == '__main__':
so = simpleOSCAR("aimscreenname", "somepassword")
so.authenticate()

我从服务器得到以下响应:

{ "response" : {
                 "statusCode":401, 
                 "statusText":"Authentication Required. statusDetailCode 1014",
                 "statusDetailCode":1014, 
                 "data":{
                           "ts":1235878395
                         }
               }
}

我尝试以各种方式对其进行故障排除,但我生成的 URL 看起来与 登录流程示例。 然而,它失败了。

知道我在这里做错了什么吗? 我对值进行哈希处理是否错误? 我是否对某些内容进行了不正确的编码? 我的会话超时了吗?

I'm writing a simple python script that will interface with the AIM servers using the OSCAR protocol. It includes a somewhat complex handshake protocol. You essentially have to send a GET request to a specific URL, receive XML or JSON encoded reply, extract a special session token and secret key, then generate a response using the token and the key.

I tried to follow these steps to a tee, but the process fails in the last one. Here is my code:

class simpleOSCAR:
  def __init__(self, username, password):
    self.username = username
    self.password = password

    self.open_aim_key = 'whatever'
    self.client_name = 'blah blah blah'
    self.client_version = 'yadda yadda yadda'


  def authenticate(self):

    # STEP 1
    url = 'https://api.screenname.aol.com/auth/clientLogin?f=json'
        data = urllib.urlencode( [
                 ('k', self.open_aim_key), 
                 ('s', self.username),
                 ('pwd', self.password), 
                 ('clientVersion', self.client_version),
                 ('clientName', self.client_name)]
                )

    response = urllib2.urlopen(url, data)
    json_response = simplejson.loads(urllib.unquote(response.read()))

    session_secret = json_response['response']['data']['sessionSecret']
    host_time = json_response['response']['data']['hostTime']
    self.token = json_response['response']['data']['token']['a']

    # STEP 2
    self.session_key = base64.b64encode(hmac.new(self.password, session_secret, sha256).digest())

    #STEP 3
    uri = "http://api.oscar.aol.com/aim/startOSCARSession?"

    data = urllib.urlencode([   
                    ('a', self.token),  
                    ('clientName', self.client_name),
                    ('clientVersion', self.client_version),
                    ('f', 'json'),
                    ('k', self.open_aim_key), 
                    ('ts', host_time), 
                                    ]
                )
    urldata = uri+data
    hashdata = "GET&" + urllib.quote("http://api.oscar.aol.com/aim/startOSCARSession?") + data

    digest = base64.b64encode(hmac.new(self.session_key, hashdata, sha256).digest())

    urldata =  urldata + "&sig_sha256=" + digest

    print urldata + "\n"

    response = urllib2.urlopen(urldata)
    json_response = urllib.unquote(response.read())

    print json_response

if __name__ == '__main__':
so = simpleOSCAR("aimscreenname", "somepassword")
so.authenticate()

I get the following response from the server:

{ "response" : {
                 "statusCode":401, 
                 "statusText":"Authentication Required. statusDetailCode 1014",
                 "statusDetailCode":1014, 
                 "data":{
                           "ts":1235878395
                         }
               }
}

I tried troubleshooting it in various ways, but the URL's I generate look the same as the ones shown in the signon flow example. And yet, it fails.

Any idea what I'm doing wrong here? Am I hashing the values wrong? Am I encoding something improperly? Is my session timing out?

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(2

蒗幽 2024-07-21 04:29:43

尝试使用 Twisted 的 OSCAR 支持,而不是编写自己的? 它没有经过太多维护,但我相信它有效。

Try using Twisted's OSCAR support instead of writing your own? It hasn't seen a lot of maintenance, but I believe it works.

烧了回忆取暖 2024-07-21 04:29:43

URI 对您的摘要进行编码?

-莫克斯福德

URI Encode your digest?

-moxford

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文