Warning: file_get_contents(/data/phpspider/zhask/data//catemap/2/node.js/35.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
Node.js 使用摘要身份验证测试路由_Node.js_Request_Passport.js_Digest Authentication_Supertest - Fatal编程技术网
Fatal编程技术网
  • node.js/
  • Node.js 使用摘要身份验证测试路由

Node.js 使用摘要身份验证测试路由

node.js

Node.js 使用摘要身份验证测试路由,node.js,request,passport.js,digest-authentication,supertest,Node.js,Request,Passport.js,Digest Authentication,Supertest,我正试图针对受摘要策略保护的API编写一些测试 request.post(url + '/route', { auth: { 'user': 'anakin@empire.gx', 'pass': 'l1ghts4ber', 'sendImmediately': false }, json: true, body: { some: 'thing' } }, function (error, response, body) { console.log(e

我正试图针对受摘要策略保护的API编写一些测试

request.post(url + '/route', {
  auth: {
    'user': 'anakin@empire.gx',
    'pass': 'l1ghts4ber',
    'sendImmediately': false
  },
  json: true,
  body: { some: 'thing' }
}, function (error, response, body) {
  console.log(error, body);
});
我尝试了supertest和request,但都未通过身份验证。API使用passport http摘要方法。有什么想法吗

更新

我首先在curl上遇到了一些问题,并认为我的密码是用bcrypt生成的,所以我将数据库中的密码更改为纯文本密码。我试着让它与SHA1一起工作,但这并没有立即起作用,为了测试请求,我将暂时不讨论它

这是curl的输出,测试中的请求仍然不起作用

curl -X POST --digest -u "anakin@empire.gx:l1ghts4ber" http://localhost:3005/api/route -v
* Adding handle: conn: 0x7fa48380b600
* Adding handle: send: 0
* Adding handle: recv: 0
* Curl_addHandleToPipeline: length: 1
* - Conn 0 (0x7fa48380b600) send_pipe: 1, recv_pipe: 0
* About to connect() to localhost port 3005 (#0)
*   Trying ::1...
*   Trying 127.0.0.1...
* Connected to localhost (127.0.0.1) port 3005 (#0)
* Server auth using Digest with user 'anakin@empire.gx'
> POST /api/route HTTP/1.1
> User-Agent: curl/7.30.0
> Host: localhost:3005
> Accept: */*
> 
< HTTP/1.1 401 Unauthorized
< X-Powered-By: Express
< access-control-allow-origin: *
< access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
< access-control-allow-headers: content-type, accept, x-requested-with, authorization
< access-control-expose-headers: WWW-Authenticate
< WWW-Authenticate: Digest realm="Administrators@myapp.com", nonce="6aD1vEM44Pi5cfWBi469tug1vQciQS0u", qop="auth"
< Date: Sun, 29 Sep 2013 10:19:24 GMT
< Connection: keep-alive
< Transfer-Encoding: chunked
< 
* Ignoring the response-body
* Connection #0 to host localhost left intact
* Issue another request to this URL: 'http://localhost:3005/api/route'
* Found bundle for host localhost: 0x7fa482d0c460
* Re-using existing connection! (#0) with host localhost
* Connected to localhost (127.0.0.1) port 3005 (#0)
* Adding handle: conn: 0x7fa48380b600
* Adding handle: send: 0
* Adding handle: recv: 0
* Curl_addHandleToPipeline: length: 1
* - Conn 0 (0x7fa48380b600) send_pipe: 1, recv_pipe: 0
* Server auth using Digest with user 'anakin@empire.gx'
> POST /api/route HTTP/1.1
> Authorization: Digest username="anakin@empire.gx", realm="Administrators@myapp.com", nonce="6aD1vEM44Pi5cfWBi469tug1vQciQS0u", uri="/api/route", cnonce="ICAgICAgICAgICAgICAgICAgICAgIDEzODA5MjA4ODY=", nc=00000001, qop=auth, response="2c7aaaa198414749a47684d2d8aefea1"
> User-Agent: curl/7.30.0
> Host: localhost:3005
> Accept: */*
> 
< HTTP/1.1 200 OK
< X-Powered-By: Express
< access-control-allow-origin: *
< access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
< access-control-allow-headers: content-type, accept, x-requested-with, authorization
< access-control-expose-headers: WWW-Authenticate
< Content-Type: text/plain
< Content-Length: 2
< Date: Sun, 29 Sep 2013 10:19:24 GMT
< Connection: keep-alive
<
尝试在命令行上使用cURL,并将其用作已知良好客户机代码的参考。这将让您确定您的凭据是正确的。我一眼就看出上面的代码片段没有任何错误。我们需要了解一些请求/响应的详细信息,以便进行智能调试。谢谢@PeterLyons,我添加了更多信息。我对digest auth有点困惑和沮丧,它看起来真的很复杂。不知道我是否可以更简单地更改为oauth。好的,接下来我将在express中添加代码来记录所有请求头,并查看request.js发送的内容是否与curl发送的内容匹配。您可以使用位于堆栈最顶端的中间件来完成此操作。完成。请求中的qop和nc存在一些问题,但即使在修改之后,也无法工作。我检查了请求中的算法,它与我在不同的工作摘要机制中使用的算法相同。var ha1=md5self.\u user+':'+challenge.realm+':'+self.\u pass var ha2=md5self.method+':'+self.uri.path var digestResponse=md5ha1+':'+challenge.nonce+':1::auth:'+ha2不管怎样,我认为您无法通过尝试发送正确的加密位来让超级测试示例工作。问题是服务器用nonce响应,并且必须使用它来构造正确的应答 
curl:
{ 'user-agent': 'curl/7.30.0',
  host: '127.0.0.1:3005',
  accept: '*/*' }
POST /api/route 401 1ms
{ authorization: 'Digest username="anakin@empire.gx", realm="Administrators@myapp.com", nonce="fpf9MByyMQItfEob3u9QD4v86K3byCBZ", uri="/api/route", cnonce="ICAgICAgICAgICAgICAgICAgICAgIDEzODA4Mjk4NzQ=", nc=00000001, qop=auth, response="c766607c032fa142cd9f932977931a3a"',
  'user-agent': 'curl/7.30.0',
  host: '127.0.0.1:3005',
  accept: '*/*' }
POST /api/route 200 1ms - 2b

request:
{ host: '127.0.0.1:3005',
  accept: 'application/json',
  'content-type': 'application/json',
  'content-length': '75',
  connection: 'keep-alive' }
POST /api/route 401 1ms
{ accept: 'application/json',
  'content-type': 'application/json',
  'content-length': '75',
  authorization: 'Digest username="anakin@empire.gx", realm="Administrators@myapp.com", nonce="mdOAymaut4VyndpvyJYuKmXLlnTNcvZD", uri="/api/route", qop=auth, response="d064b7a5140b979ec7dc7b027a6cb070", nc=00000001, cnonce="NT1UOADbjjIaxfI8kPeLHZk5FJIRs3uOzejTUZhlxh86Blmua7YKctF0NUPHUn"',
  host: '127.0.0.1:3005',
  connection: 'keep-alive' }
POST /api/route 401 75ms