Node.js 使用摘要身份验证测试路由
我正试图针对受摘要策略保护的API编写一些测试Node.js 使用摘要身份验证测试路由,node.js,request,passport.js,digest-authentication,supertest,Node.js,Request,Passport.js,Digest Authentication,Supertest,我正试图针对受摘要策略保护的API编写一些测试 request.post(url + '/route', { auth: { 'user': 'anakin@empire.gx', 'pass': 'l1ghts4ber', 'sendImmediately': false }, json: true, body: { some: 'thing' } }, function (error, response, body) { console.log(e
request.post(url + '/route', {
auth: {
'user': 'anakin@empire.gx',
'pass': 'l1ghts4ber',
'sendImmediately': false
},
json: true,
body: { some: 'thing' }
}, function (error, response, body) {
console.log(error, body);
});
我尝试了supertest和request,但都未通过身份验证。API使用passport http摘要方法。有什么想法吗
更新
我首先在curl上遇到了一些问题,并认为我的密码是用bcrypt生成的,所以我将数据库中的密码更改为纯文本密码。我试着让它与SHA1一起工作,但这并没有立即起作用,为了测试请求,我将暂时不讨论它
这是curl的输出,测试中的请求仍然不起作用
curl -X POST --digest -u "anakin@empire.gx:l1ghts4ber" http://localhost:3005/api/route -v
* Adding handle: conn: 0x7fa48380b600
* Adding handle: send: 0
* Adding handle: recv: 0
* Curl_addHandleToPipeline: length: 1
* - Conn 0 (0x7fa48380b600) send_pipe: 1, recv_pipe: 0
* About to connect() to localhost port 3005 (#0)
* Trying ::1...
* Trying 127.0.0.1...
* Connected to localhost (127.0.0.1) port 3005 (#0)
* Server auth using Digest with user 'anakin@empire.gx'
> POST /api/route HTTP/1.1
> User-Agent: curl/7.30.0
> Host: localhost:3005
> Accept: */*
>
< HTTP/1.1 401 Unauthorized
< X-Powered-By: Express
< access-control-allow-origin: *
< access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
< access-control-allow-headers: content-type, accept, x-requested-with, authorization
< access-control-expose-headers: WWW-Authenticate
< WWW-Authenticate: Digest realm="Administrators@myapp.com", nonce="6aD1vEM44Pi5cfWBi469tug1vQciQS0u", qop="auth"
< Date: Sun, 29 Sep 2013 10:19:24 GMT
< Connection: keep-alive
< Transfer-Encoding: chunked
<
* Ignoring the response-body
* Connection #0 to host localhost left intact
* Issue another request to this URL: 'http://localhost:3005/api/route'
* Found bundle for host localhost: 0x7fa482d0c460
* Re-using existing connection! (#0) with host localhost
* Connected to localhost (127.0.0.1) port 3005 (#0)
* Adding handle: conn: 0x7fa48380b600
* Adding handle: send: 0
* Adding handle: recv: 0
* Curl_addHandleToPipeline: length: 1
* - Conn 0 (0x7fa48380b600) send_pipe: 1, recv_pipe: 0
* Server auth using Digest with user 'anakin@empire.gx'
> POST /api/route HTTP/1.1
> Authorization: Digest username="anakin@empire.gx", realm="Administrators@myapp.com", nonce="6aD1vEM44Pi5cfWBi469tug1vQciQS0u", uri="/api/route", cnonce="ICAgICAgICAgICAgICAgICAgICAgIDEzODA5MjA4ODY=", nc=00000001, qop=auth, response="2c7aaaa198414749a47684d2d8aefea1"
> User-Agent: curl/7.30.0
> Host: localhost:3005
> Accept: */*
>
< HTTP/1.1 200 OK
< X-Powered-By: Express
< access-control-allow-origin: *
< access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
< access-control-allow-headers: content-type, accept, x-requested-with, authorization
< access-control-expose-headers: WWW-Authenticate
< Content-Type: text/plain
< Content-Length: 2
< Date: Sun, 29 Sep 2013 10:19:24 GMT
< Connection: keep-alive
<
尝试在命令行上使用cURL,并将其用作已知良好客户机代码的参考。这将让您确定您的凭据是正确的。我一眼就看出上面的代码片段没有任何错误。我们需要了解一些请求/响应的详细信息,以便进行智能调试。谢谢@PeterLyons,我添加了更多信息。我对digest auth有点困惑和沮丧,它看起来真的很复杂。不知道我是否可以更简单地更改为oauth。好的,接下来我将在express中添加代码来记录所有请求头,并查看request.js发送的内容是否与curl发送的内容匹配。您可以使用位于堆栈最顶端的中间件来完成此操作。完成。请求中的qop和nc存在一些问题,但即使在修改之后,也无法工作。我检查了请求中的算法,它与我在不同的工作摘要机制中使用的算法相同。var ha1=md5self.\u user+':'+challenge.realm+':'+self.\u pass var ha2=md5self.method+':'+self.uri.path var digestResponse=md5ha1+':'+challenge.nonce+':1::auth:'+ha2不管怎样,我认为您无法通过尝试发送正确的加密位来让超级测试示例工作。问题是服务器用nonce响应,并且必须使用它来构造正确的应答
curl:
{ 'user-agent': 'curl/7.30.0',
host: '127.0.0.1:3005',
accept: '*/*' }
POST /api/route 401 1ms
{ authorization: 'Digest username="anakin@empire.gx", realm="Administrators@myapp.com", nonce="fpf9MByyMQItfEob3u9QD4v86K3byCBZ", uri="/api/route", cnonce="ICAgICAgICAgICAgICAgICAgICAgIDEzODA4Mjk4NzQ=", nc=00000001, qop=auth, response="c766607c032fa142cd9f932977931a3a"',
'user-agent': 'curl/7.30.0',
host: '127.0.0.1:3005',
accept: '*/*' }
POST /api/route 200 1ms - 2b
request:
{ host: '127.0.0.1:3005',
accept: 'application/json',
'content-type': 'application/json',
'content-length': '75',
connection: 'keep-alive' }
POST /api/route 401 1ms
{ accept: 'application/json',
'content-type': 'application/json',
'content-length': '75',
authorization: 'Digest username="anakin@empire.gx", realm="Administrators@myapp.com", nonce="mdOAymaut4VyndpvyJYuKmXLlnTNcvZD", uri="/api/route", qop=auth, response="d064b7a5140b979ec7dc7b027a6cb070", nc=00000001, cnonce="NT1UOADbjjIaxfI8kPeLHZk5FJIRs3uOzejTUZhlxh86Blmua7YKctF0NUPHUn"',
host: '127.0.0.1:3005',
connection: 'keep-alive' }
POST /api/route 401 75ms