Problems with digest authentication with http.client in Node.js
I try to implement digest request when using http.get and get "Digest authentication failed" message every time :(
var hashlib = require('hashlib'),
http = require('http'),
url = require('url'),
qs = require('querystring'),
hashlib = require('hashlib');
var username = 'user';
var password = 'pass';
var options = {
'host' : 'username.livejournal.com',
'path' : '/data/rss?auth=digest'
};
http.get(options, function(res) {
res.setEncoding('utf-8');
// got 401, okay
res.on('data', function(chunk) {
var authResponseParams = qs.parse(res.headers['www-authenticate'].substr(7), ', '); // cut "Digest "
var ha1 = hashlib.md5(username + ':' + authResponseParams.realm + ':' + password);
var ha2 = hashlib.md5('GET:' + options.path);
var response = hashlib.md5(ha1 + ':' + authResponseParams.nonce + ':1::auth:' + ha2);
var authRequestParams = {
'username' : username,
'realm' : authResponseParams.realm,
'nonce' : authResponseParams.nonce,
'uri' : options.path,
'qop' : authResponseParams.qop,
'nc' : '1',
'cnonce' : '',
'response' : response
};
options.headers = {
'Authorization' : 'Digest ' + qs.stringify(authRequestParams, ',')
};
http.get(options, function(res) {
res.setEncoding('开发者_高级运维utf-8');
res.on('data', function(chunk) {
console.log(chunk);
});
});
});
}).on('error', function(e) {
console.log('Got error: ' + e.message);
});
What's the problem with this code?
A couple of things:
- The callback in res.on('data', fn) isn't necessarily invoked because the response doesn't necessarily contain a body, only headers. So use res.on('end', fn) instead.
- Parsing the Digest header resulted in a very peculiar object, since the params can be quoted and can contain spaces (which get escaped).
- Same deal for writing the Authentication header.
Here's a version that worked for me:
var hashlib = require('hashlib'),
http = require('http'),
_ = require('underscore')
var username = 'user';
var password = 'pwd';
var options = {
'host' : 'host',
'path' : '/path'
};
http.get(options, function(res) {
res.setEncoding('utf-8');
res.on('end', function() {
var challengeParams = parseDigest(res.headers['www-authenticate'])
var ha1 = hashlib.md5(username + ':' + challengeParams.realm + ':' + password)
var ha2 = hashlib.md5('GET:' + options.path)
var response = hashlib.md5(ha1 + ':' + challengeParams.nonce + ':1::auth:' + ha2)
var authRequestParams = {
username : username,
realm : challengeParams.realm,
nonce : challengeParams.nonce,
uri : options.path,
qop : challengeParams.qop,
response : response,
nc : '1',
cnonce : '',
}
options.headers = { 'Authorization' : renderDigest(authRequestParams) }
http.get(options, function(res) {
res.setEncoding('utf-8')
var content = ''
res.on('data', function(chunk) {
content += chunk
}).on('end', function() {
console.log(content)
})
});
});
})
function parseDigest(header) {
return _(header.substring(7).split(/,\s+/)).reduce(function(obj, s) {
var parts = s.split('=')
obj[parts[0]] = parts[1].replace(/"/g, '')
return obj
}, {})
}
function renderDigest(params) {
var s = _(_.keys(params)).reduce(function(s1, ii) {
return s1 + ', ' + ii + '="' + params[ii] + '"'
}, '')
return 'Digest ' + s.substring(2);
}
Unable to npm install hashlib
, I used the Crypto module in Node to create md5 hashes.
var ha1 = crypto.createHash('md5').update(new Buffer(username + ':' + challengeParams.realm + ':' + password)).digest('base64');
精彩评论