3

我正在通过 REST API 进行操作。两个问题

1)我想将一些现有数据推送到 Quickblox 自定义对象。我需要多少个 REST 调用?(我不太清楚涉及计算机安全的整个事件状态。)是否首先(a)获取会话令牌。然后就按照在这里创建新记录?

2)我正在尝试获取会话令牌,但我得到{"errors":{"base":["Unexpected signature"]}}了响应。这是我生成随机数、签名和获取会话令牌的代码:

# Of course these are not really 0, x, and y's.
appId = '0000'
authKey = 'XXXXXXXXXXX'
authSecret = 'YYYYYYYYYYYYYY'

def getNonce():
    import random
    return random.random()

def createSignature(nonce):
    import hashlib
    import hmac
    import binascii
    import time
    stringForSignature = 'application_id={id}&auth_key={auth_key}&nonce={nonce}&timestamp={timestamp}'.format(id=appId,
                           auth_key=authKey, nonce=nonce, timestamp=time.time())
    hmacObj = hmac.new(authKey, stringForSignature, hashlib.sha1)
    return binascii.b2a_base64(hmacObj.digest())[:-1] # -1 to get rid of \n

def getSessionToken():
    import time
    epoch = "%s" % int(time.time())
    nonce = getNonce()
    params = {'application_id': appId,
                    'auth_key': authKey,
                   'timestamp': epoch,
                       'nonce': nonce,
                   'signature': createSignature(nonce)}
    jsonData = json.dumps(params)

    httpHeaders = {'Content-Type': 'application/json',
                   'QuickBlox-REST-API-Version': '0.1.0'}

    r = requests.post('https://api.quickblox.com/session.json', data=jsonData, headers = httpHeaders)
    print 'status code:', r.status_code
    responseJson = r.text
    print responseJson
    response = json.loads(responseJson)

getSessionToken()

我想这是导致问题的生成签名的方式?

4

2 回答 2

2

是我的问题的答案。事实证明,timestamp 应该只是整数,hamc 应该使用密钥,并且应该使用https://api.quickblox.com/auth.json而不是 session。而且我没有为我的签名使用正确的编码。

于 2013-08-01T05:53:30.393 回答
2

我在您的代码中发现了以下问题:

  • 功能。RANDOM - 我们需要整数值(不在 0 和 1 之间)
  • 功能。时间戳。您计算“时间戳”两次。最好使用一次“时间戳”
  • (def createSignature) - 正如您已经知道的那样......您的代码使用了其他算法,而不是我们需要的。

我建议您使用以下代码,上面的错误已被修改。结果,您将获得以下身份验证: --------- 请求 ------------------------------- - --------- 请求用户授权 --------- --------- 请求设备参数 ----------

# -*- encoding: utf-8 -*-
# Link: http://quickblox.com/developers/Authentication_and_Authorization#Signature_generation
import json
import requests
import sha
import hmac
#========== YOUR DATA =======================
application_id = 'XXXX'
authorization_key = 'xxxxxxx-XXX-XX'
authorization_secret = 'XXXXXXXXXXXXXXXXXX'
var_login = 'user1'
var_password = 'password1'
# ===========================================

platform = "ios"     # like you want
udid = "7847674035"  # like you want


def getTimestampNonce():
    import random
    import time

    return str(time.time()), str(random.randint(1, 10000))

def createSignatureSimple(timestamp, nonce):
    stringForSignature = 'application_id={id}&auth_key={auth_key}&nonce={nonce}&timestamp={timestamp}'.format(id=application_id,
                           auth_key=authorization_key, nonce=nonce, timestamp=timestamp)

    return hmac.new(authorization_secret, stringForSignature, sha).hexdigest()

def getParamsSimple():
    timestamp, nonce = getTimestampNonce()
    return {'application_id': application_id,
            'auth_key': authorization_key,
            'timestamp': timestamp,
            'nonce': nonce,
            'signature': createSignatureSimple(timestamp, nonce)}

def createSignatureUser(timestamp, nonce):
    stringForSignature = 'application_id={id}&auth_key={auth_key}&nonce={nonce}&timestamp={timestamp}&user[login]={login}&user[password]={password}'.format(id=application_id,
                           auth_key=authorization_key, nonce=nonce, timestamp=timestamp, login=var_login, password=var_password)

    return hmac.new(authorization_secret, stringForSignature, sha).hexdigest()

def getParamsUser():
    timestamp, nonce = getTimestampNonce()
    return {'application_id': application_id,
            'auth_key': authorization_key,
            'timestamp': timestamp,
            'nonce': nonce,
            'signature': createSignatureUser(timestamp, nonce),
            'user': {'login': var_login,
                    'password': var_password}}

def createSignatureDevice(timestamp, nonce):
    stringForSignature = 'application_id={id}&auth_key={auth_key}&device[platform]={platform}&device[udid]={udid}&nonce={nonce}&timestamp={timestamp}&user[login]={login}&user[password]={password}'.format(id=application_id,
                           auth_key=authorization_key, platform=platform, udid=udid, nonce=nonce, timestamp=timestamp, login=var_login, password=var_password)

    return hmac.new(authorization_secret, stringForSignature, sha).hexdigest()

def getParamsDevice():
    timestamp, nonce = getTimestampNonce()
    return {'application_id': application_id,
            'auth_key': authorization_key,
            'timestamp': timestamp,
            'nonce': nonce,
            'signature': createSignatureDevice(timestamp, nonce),
            'user': {'login': var_login,
                    'password': var_password},
            'device': {'platform': platform,
                        'udid': udid}}

def getSessionToken():
    httpHeaders = {'Content-Type': 'application/json',
                   'QuickBlox-REST-API-Version': '0.1.0'}
    requestPath = 'https://api.quickblox.com/session.json'

    print "===================================================="
    print "---------  Request  --------------------------------"
    jsonData = json.dumps(getParamsSimple())
    r = requests.post(requestPath, data=jsonData, headers = httpHeaders)
    print 'status code:', r.status_code
    responseJson = r.text
    print responseJson
    print "===================================================="


    print "---------  Request With User authorization ---------"
    jsonData = json.dumps(getParamsUser())
    r = requests.post(requestPath, data=jsonData, headers = httpHeaders)
    print 'status code:', r.status_code
    responseJson = r.text
    print responseJson
    print "===================================================="


    print "---------  Request With Device parameters ---------"
    jsonData = json.dumps(getParamsDevice())
    r = requests.post(requestPath, data=jsonData, headers = httpHeaders)
    print 'status code:', r.status_code
    responseJson = r.text
    print responseJson
    print "====================================================="


getSessionToken()
于 2014-04-23T16:57:14.917 回答