0

发起 HTTP 发布请求时出现错误:

'访问被拒绝:无效的令牌,错误的代码'。我已经尝试了所有可能的解决方案,但我无法传递此错误。

本次挑战赛详情:

授权

URL 受 HTTP 基本身份验证保护,RFC2617 第 2 章对此进行了说明,因此您必须在 POST 请求中提供 Authorization: 标头字段

对于 HTTP 基本身份验证的用户 ID,请使用您在 JSON 字符串中输入的相同电子邮件地址。对于密码,请提供符合 RFC6238 TOTP 的 10 位基于时间的一次性密码。授权密码 要生成 TOTP 密码,您需要使用以下设置:

您必须阅读 RFC6238(以及勘误表!)并自己获得正确的一次性密码。TOTP 的 Time Step X 为 30 秒。T0 为 0。使用 HMAC-SHA-512 作为哈希函数,而不是默认的 HMAC-SHA-1。令牌共享密钥是用户 ID,后跟 ASCII 字符串值“HENNGECHALLENGE003”(不包括双引号)。

const axios = require('axios');
const base64 = require('base-64');
const utf8 = require('utf8');
const { totp } = require('otplib');

const ReqJSON = {
  "github_url":    "ABC",
  "contact_email": "ABC"
}

const stringData = JSON.stringify(ReqJSON);
const URL = "ABC";
const sharedSecret = ReqJSON.contact_email + "HENNGECHALLENGE003";

totp.options = { digits: 10, algorithm: "sha512", epoch: 0 };

const MyTOTP = totp.generate(sharedSecret);
const isValid = totp.check(MyTOTP, sharedSecret);

console.log("Token Info:", {MyTOTP, isValid});

const authStringUTF = ReqJSON.contact_email + ":" + MyTOTP;
const bytes = utf8.encode(authStringUTF);
const encoded = base64.encode(bytes);

const createReq = async () => {
    try {
        const config = {
            headers: {
                'Content-Type': 'application/json',
                "Authorization": "Basic " + encoded
            }
        };

        console.log("Making request", {URL, ReqJSON, config});

        const response = await axios.post(URL, stringData, config);
        console.log(response.data);
    } catch (err) {
        console.error(err.response.data);
    }
};

createReq();
4

2 回答 2

3

通过更改必要的字段来尝试这个!

const axios = require('axios');
const base64 = require('base-64');
const utf8 = require('utf8');
const hotpTotpGenerator = require('hotp-totp-generator');

const ReqJSON = {
  github_url: '',
  contact_email: '',
};

const stringData = JSON.stringify(ReqJSON);
const URL = '';
const sharedSecret = ReqJSON.contact_email + '';

const MyTOTP = hotpTotpGenerator.totp({
  key: sharedSecret,
  T0: 0,
  X: 30,
  algorithm: 'sha512',
  digits: 10,
});

const authStringUTF = ReqJSON.contact_email + ':' + MyTOTP;
const bytes = utf8.encode(authStringUTF);
const encoded = base64.encode(bytes);

const createReq = async () => {
  try {
    const config = {
      withCredentials: true,
      headers: {
        'Content-Type': 'application/json',
         Authorization: 'Basic ' + encoded,
      },
    };

    console.log('Making request', { URL, ReqJSON, config });

    const response = await axios.post(URL, stringData, config);
    console.log(response.data);
  } catch (err) {
    console.error(err.response.data);
  }
};

createReq();
于 2020-10-17T10:57:07.170 回答
-1

使用 php 安装依赖项并编写此

<?php

require_once 'vendor/autoload.php';
use OTPHP\TOTP;

$email = 'Email';
$secret = "{$email}HENNGECHALLENGE003";

$totp = TOTP::create(ParagonIE\ConstantTime\Base32::encode($secret), 30, 'sha512', 10, 0);
$token = $totp->now();
$token = base64_encode( utf8_encode("{$email}:{$token}") );

$url = 'https://api.challenge.hennge.com/challenges/003';
$data = [
    'github_url' => 'URL',
    'contact_email' => $email
];
$headers = [
    //'Accept' => '/',
    'Content-Type' => 'application/json',
    //'Content-Length' => strlen(json_encode( $data )),
    'Authorization' => 'Basic '. $token
];

PostRequest($url, $data, $headers);

function        PostRequest($url, $data, $headers = [])
{
    $context = curl_init($url);

    curl_setopt($context, CURLOPT_POST, true);
    curl_setopt($context, CURLOPT_POSTFIELDS, json_encode($data));
    curl_setopt($context, CURLOPT_RETURNTRANSFER, true);

    $h = [];
    foreach ($headers as $key => $value) {
        $h[] = "{$key}: {$value}";
    }
    echo "- Headers".PHP_EOL;
    var_dump($h);
    echo "- Data".PHP_EOL;
    var_dump($data);
    curl_setopt($context, CURLOPT_HTTPHEADER, $h);
    $ret = curl_exec($context);
    curl_close($context);

    var_dump($ret);
    return ($ret);
}

?>
于 2020-06-10T05:10:52.577 回答