我正在尝试针对受摘要策略保护的 API 编写一些测试。
request.post(url + '/route', {
auth: {
'user': 'anakin@empire.gx',
'pass': 'l1ghts4ber',
'sendImmediately': false
},
json: true,
body: { some: 'thing' }
}, function (error, response, body) {
console.log(error, body);
});
我尝试了 supertest 和 request 但都未能通过身份验证。API 使用 passport-http 摘要方法。有任何想法吗?
更新
我首先在使用 curl 时遇到了一些问题,并认为我的密码是用 bcrypt 生成的,所以我在数据库中将它们更改为纯文本密码。我试图让它与 SHA1 一起工作,但这并没有立即解决,为了测试请求,我现在将其保持简单。
这是 curl 的输出,测试中的请求仍然不起作用。
curl -X POST --digest -u "anakin@empire.gx:l1ghts4ber" http://localhost:3005/api/route -v
* Adding handle: conn: 0x7fa48380b600
* Adding handle: send: 0
* Adding handle: recv: 0
* Curl_addHandleToPipeline: length: 1
* - Conn 0 (0x7fa48380b600) send_pipe: 1, recv_pipe: 0
* About to connect() to localhost port 3005 (#0)
* Trying ::1...
* Trying 127.0.0.1...
* Connected to localhost (127.0.0.1) port 3005 (#0)
* Server auth using Digest with user 'anakin@empire.gx'
> POST /api/route HTTP/1.1
> User-Agent: curl/7.30.0
> Host: localhost:3005
> Accept: */*
>
< HTTP/1.1 401 Unauthorized
< X-Powered-By: Express
< access-control-allow-origin: *
< access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
< access-control-allow-headers: content-type, accept, x-requested-with, authorization
< access-control-expose-headers: WWW-Authenticate
< WWW-Authenticate: Digest realm="Administrators@myapp.com", nonce="6aD1vEM44Pi5cfWBi469tug1vQciQS0u", qop="auth"
< Date: Sun, 29 Sep 2013 10:19:24 GMT
< Connection: keep-alive
< Transfer-Encoding: chunked
<
* Ignoring the response-body
* Connection #0 to host localhost left intact
* Issue another request to this URL: 'http://localhost:3005/api/route'
* Found bundle for host localhost: 0x7fa482d0c460
* Re-using existing connection! (#0) with host localhost
* Connected to localhost (127.0.0.1) port 3005 (#0)
* Adding handle: conn: 0x7fa48380b600
* Adding handle: send: 0
* Adding handle: recv: 0
* Curl_addHandleToPipeline: length: 1
* - Conn 0 (0x7fa48380b600) send_pipe: 1, recv_pipe: 0
* Server auth using Digest with user 'anakin@empire.gx'
> POST /api/route HTTP/1.1
> Authorization: Digest username="anakin@empire.gx", realm="Administrators@myapp.com", nonce="6aD1vEM44Pi5cfWBi469tug1vQciQS0u", uri="/api/route", cnonce="ICAgICAgICAgICAgICAgICAgICAgIDEzODA5MjA4ODY=", nc=00000001, qop=auth, response="2c7aaaa198414749a47684d2d8aefea1"
> User-Agent: curl/7.30.0
> Host: localhost:3005
> Accept: */*
>
< HTTP/1.1 200 OK
< X-Powered-By: Express
< access-control-allow-origin: *
< access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
< access-control-allow-headers: content-type, accept, x-requested-with, authorization
< access-control-expose-headers: WWW-Authenticate
< Content-Type: text/plain
< Content-Length: 2
< Date: Sun, 29 Sep 2013 10:19:24 GMT
< Connection: keep-alive
<
更新 2 稍微修改请求后,我终于有了与 curl 完全相同的标头,但在响应中仍然得到 401。
curl:
{ 'user-agent': 'curl/7.30.0',
host: '127.0.0.1:3005',
accept: '*/*' }
POST /api/route 401 1ms
{ authorization: 'Digest username="anakin@empire.gx", realm="Administrators@myapp.com", nonce="fpf9MByyMQItfEob3u9QD4v86K3byCBZ", uri="/api/route", cnonce="ICAgICAgICAgICAgICAgICAgICAgIDEzODA4Mjk4NzQ=", nc=00000001, qop=auth, response="c766607c032fa142cd9f932977931a3a"',
'user-agent': 'curl/7.30.0',
host: '127.0.0.1:3005',
accept: '*/*' }
POST /api/route 200 1ms - 2b
request:
{ host: '127.0.0.1:3005',
accept: 'application/json',
'content-type': 'application/json',
'content-length': '75',
connection: 'keep-alive' }
POST /api/route 401 1ms
{ accept: 'application/json',
'content-type': 'application/json',
'content-length': '75',
authorization: 'Digest username="anakin@empire.gx", realm="Administrators@myapp.com", nonce="mdOAymaut4VyndpvyJYuKmXLlnTNcvZD", uri="/api/route", qop=auth, response="d064b7a5140b979ec7dc7b027a6cb070", nc=00000001, cnonce="NT1UOADbjjIaxfI8kPeLHZk5FJIRs3uOzejTUZhlxh86Blmua7YKctF0NUPHUn"',
host: '127.0.0.1:3005',
connection: 'keep-alive' }
POST /api/route 401 75ms