开发者

Problems with digest authentication with http.client in Node.js

I try to implement digest request when using http.get and get "Digest authentication failed" message every time :(

var hashlib = require('hashlib'),
    http = require('http'),
    url = require('url'),
    qs = require('querystring'),
    hashlib = require('hashlib');


var username = 'user';
var password = 'pass';

var options = {
    'host' : 'username.livejournal.com',
    'path' : '/data/rss?auth=digest'
};

http.get(options, function(res) {
    res.setEncoding('utf-8');

    // got 401, okay
    res.on('data', function(chunk) {

        var authResponseParams = qs.parse(res.headers['www-authenticate'].substr(7), ', '); // cut "Digest "

        var ha1 = hashlib.md5(username + ':' + authResponseParams.realm + ':' + password);
        var ha2 = hashlib.md5('GET:' + options.path);
        var response = hashlib.md5(ha1 + ':' + authResponseParams.nonce + ':1::auth:' + ha2);

        var authRequestParams = {
            'username' : username,
            'realm' : authResponseParams.realm,
            'nonce' : authResponseParams.nonce,
            'uri' : options.path,
            'qop' : authResponseParams.qop,
            'nc' : '1',
            'cnonce' : '',
            'response' : response
        };

        options.headers = {
            'Authorization' : 'Digest ' + qs.stringify(authRequestParams, ',')
        };

        http.get(options, function(res) {
            res.setEncoding('开发者_高级运维utf-8');

            res.on('data', function(chunk) {
                console.log(chunk);
            });
        });
    });
}).on('error', function(e) {
    console.log('Got error: ' + e.message);
});

What's the problem with this code?


A couple of things:

  • The callback in res.on('data', fn) isn't necessarily invoked because the response doesn't necessarily contain a body, only headers. So use res.on('end', fn) instead.
  • Parsing the Digest header resulted in a very peculiar object, since the params can be quoted and can contain spaces (which get escaped).
  • Same deal for writing the Authentication header.

Here's a version that worked for me:

var hashlib = require('hashlib'),
    http = require('http'),
    _ = require('underscore')

var username = 'user';
var password = 'pwd';

var options = {
  'host' : 'host',
  'path' : '/path'
};

http.get(options, function(res) {
    res.setEncoding('utf-8');
    res.on('end', function() {
        var challengeParams = parseDigest(res.headers['www-authenticate'])
        var ha1 = hashlib.md5(username + ':' + challengeParams.realm + ':' + password)
        var ha2 = hashlib.md5('GET:' + options.path)
        var response = hashlib.md5(ha1 + ':' + challengeParams.nonce + ':1::auth:' + ha2)
        var authRequestParams = {
          username : username,
          realm : challengeParams.realm,
          nonce : challengeParams.nonce,
          uri : options.path, 
          qop : challengeParams.qop,
          response : response,
          nc : '1',
          cnonce : '',
        }
        options.headers = { 'Authorization' : renderDigest(authRequestParams) }
        http.get(options, function(res) {
          res.setEncoding('utf-8')
          var content = ''
          res.on('data', function(chunk) {
            content += chunk
          }).on('end', function() {
            console.log(content)
          })
        });
    });
})

function parseDigest(header) {  
  return _(header.substring(7).split(/,\s+/)).reduce(function(obj, s) {
    var parts = s.split('=')
    obj[parts[0]] = parts[1].replace(/"/g, '')
    return obj
  }, {})  
}
function renderDigest(params) {
  var s = _(_.keys(params)).reduce(function(s1, ii) {
    return s1 + ', ' + ii + '="' + params[ii] + '"'
  }, '')
  return 'Digest ' + s.substring(2);
}


Unable to npm install hashlib, I used the Crypto module in Node to create md5 hashes.

var ha1 = crypto.createHash('md5').update(new Buffer(username + ':' + challengeParams.realm + ':' + password)).digest('base64');

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜