具有摘要式身份验证的 HTTParty

发布于 2024-11-17 16:29:59 字数 670 浏览 5 评论 0原文

我想使用 Ruby On Rails 2.3.8 和 HTTParty gem 连接到 API。

我的模型如下：

class Onnion < ActiveRecord::Base
  require 'net/http'
  include HTTParty

  base_uri 'http://myapiurl.com'
  digest_auth 'user', 'password'
  disable_rails_query_string_format

  def self.create_rma(order)

    put('/orders/rma', :query => {:action => 'put', :data => {:api_key => 'user', :onnion_order_id => order.id, :customer_rma => order.saving.profile.user.id, :comments => ''}})
  end
end

我想做的是调用 API 的一个名为 Put 的方法，并将某些参数分组在 data 参数中。

执行此方法后，我收到 401 Unauthorized 错误消息。

我做错了什么？这是我第一次尝试做这样的事情。

原文

I would like to connect to an API using Ruby On Rails 2.3.8 and HTTParty gem.

My model is the following:

class Onnion < ActiveRecord::Base
  require 'net/http'
  include HTTParty

  base_uri 'http://myapiurl.com'
  digest_auth 'user', 'password'
  disable_rails_query_string_format

  def self.create_rma(order)

    put('/orders/rma', :query => {:action => 'put', :data => {:api_key => 'user', :onnion_order_id => order.id, :customer_rma => order.saving.profile.user.id, :comments => ''}})
  end
end

What I would like to do is to call a method of the API called Put, with certain parameters grouped within data parameter.

After executing this method I'm getting a 401 Unauthorized error message.

What am I doing wrong? This is the first time I'm trying to do something like this.

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

卷耳 2024-11-24 16:29:59

您使用的是哪个版本的 HTTParty？您是否尝试过使用 Github 上的最新版本？不久前，0.7.3 版本中修复了一些与摘要身份验证安全性相关的问题。

如果这不起作用，则可能是您尝试与之通信的服务器未正确遵循协议。我以前也遇到过这种情况，必须给 HTTParty 打补丁才能正确登录。我将把我使用的补丁放在这里，以防它对您有用...

module Net
  module HTTPHeader
    class DigestAuthenticator
      # use NC = 1 instead of 0
      def authorization_header
        @cnonce = md5(random)
        header = [%Q(Digest username="#{@username}"),
          %Q(realm="#{@response['realm']}"),
          %Q(nonce="#{@response['nonce']}"),
          %Q(uri="#{@path}"),
          %Q(response="#{request_digest}")]
        [%Q(cnonce="#{@cnonce}"),
          %Q(opaque="#{@response['opaque']}"),
          %Q(qop="#{@response['qop']}"),
          %Q(nc="1")].each { |field| header << field } if qop_present?
        header
      end

    private
      def request_digest
        a = [md5(a1), @response['nonce'], md5(a2)]
        a.insert(2, "1", @cnonce, @response['qop']) if qop_present?
        md5(a.join(":"))
      end
    end
  end
end

module HTTParty
  class Request
    def setup_digest_auth
      # issue a get instead of a head request
      res = http.get(uri.request_uri, options[:headers]||{})
      if res['www-authenticate'] != nil && res['www-authenticate'].length > 0
        @raw_request.digest_auth(username, password, res)
      end
    end
  end
end

所做的更改是发送 NC 1 而不是 NC 0，并且还执行 GET 请求，而不是 setup_digest_auth 中的 HEAD 请求

What version of HTTParty are you using, and have you tried using the very latest version from Github? There were some fixes to do with digest auth security a little while ago in version 0.7.3.

If that doesn't work it could be that the server you're attempting to talk to isn't following protocol correctly. I've had this happen before, had to monkey patch HTTParty to get it to login correctly. I'll put the patch I used here in-case it works for you...

module Net
  module HTTPHeader
    class DigestAuthenticator
      # use NC = 1 instead of 0
      def authorization_header
        @cnonce = md5(random)
        header = [%Q(Digest username="#{@username}"),
          %Q(realm="#{@response['realm']}"),
          %Q(nonce="#{@response['nonce']}"),
          %Q(uri="#{@path}"),
          %Q(response="#{request_digest}")]
        [%Q(cnonce="#{@cnonce}"),
          %Q(opaque="#{@response['opaque']}"),
          %Q(qop="#{@response['qop']}"),
          %Q(nc="1")].each { |field| header << field } if qop_present?
        header
      end

    private
      def request_digest
        a = [md5(a1), @response['nonce'], md5(a2)]
        a.insert(2, "1", @cnonce, @response['qop']) if qop_present?
        md5(a.join(":"))
      end
    end
  end
end

module HTTParty
  class Request
    def setup_digest_auth
      # issue a get instead of a head request
      res = http.get(uri.request_uri, options[:headers]||{})
      if res['www-authenticate'] != nil && res['www-authenticate'].length > 0
        @raw_request.digest_auth(username, password, res)
      end
    end
  end
end

The changes made were to send NC 1 and not NC 0, and also to do a GET request, rather than a HEAD request in setup_digest_auth

回复收藏 0 原文

~没有更多了~