在Python中从Quickblox进行身份验证和获取会话令牌

2024-06-09 21:04:47 发布

您现在位置:Python中文网/ 问答频道 /正文
1686 3

我是通过restapi实现的。两个问题

1)我想将一些现有数据推送到Quickblox自定义对象。我需要多少个休息电话?(我不太清楚涉及计算机安全的整个情况。)是先(a)获得会话令牌吗。然后按照createnewrecordhere创建新记录?在

2)我试图获取一个会话令牌,但是我得到了{"errors":{"base":["Unexpected signature"]}}作为响应。以下是生成nonce、签名和获取会话令牌的代码:

# Of course these are not really 0, x, and y's.
appId = '0000'
authKey = 'XXXXXXXXXXX'
authSecret = 'YYYYYYYYYYYYYY'

def getNonce():
    import random
    return random.random()

def createSignature(nonce):
    import hashlib
    import hmac
    import binascii
    import time
    stringForSignature = 'application_id={id}&auth_key={auth_key}&nonce={nonce}&timestamp={timestamp}'.format(id=appId,
                           auth_key=authKey, nonce=nonce, timestamp=time.time())
    hmacObj = hmac.new(authKey, stringForSignature, hashlib.sha1)
    return binascii.b2a_base64(hmacObj.digest())[:-1] # -1 to get rid of \n

def getSessionToken():
    import time
    epoch = "%s" % int(time.time())
    nonce = getNonce()
    params = {'application_id': appId,
                    'auth_key': authKey,
                   'timestamp': epoch,
                       'nonce': nonce,
                   'signature': createSignature(nonce)}
    jsonData = json.dumps(params)

    httpHeaders = {'Content-Type': 'application/json',
                   'QuickBlox-REST-API-Version': '0.1.0'}

    r = requests.post('https://api.quickblox.com/session.json', data=jsonData, headers = httpHeaders)
    print 'status code:', r.status_code
    responseJson = r.text
    print responseJson
    response = json.loads(responseJson)

getSessionToken()

我想是签名的生成方式导致了这个问题?在


Tags: keyimportauthidjsontimeapplicationdef
2条回答
网友
1楼 · 编辑于 2024-06-09 21:04:47

Here是我问题的答案。结果表明,时间戳应该是整数,hamc应该使用密钥,并且应该使用https://api.quickblox.com/auth.json而不是session。而且我的签名没有使用正确的编码。在

网友
2楼 · 编辑于 2024-06-09 21:04:47

我在您的代码中发现以下问题:

  • 功能。随机-我们需要整数值(不在0和1之间)
  • 功能。时间戳。你计算“时间戳”两次。最好使用一次“时间戳”
  • (def createSignature)-正如你的朋友所知。。。你的代码使用了我们需要的其他算法。在

我建议您使用下面的代码,其中修改了上面的错误。 因此,您将获得以下身份验证: -请求 -用户授权请求- -设备参数请求

# -*- encoding: utf-8 -*-
# Link: http://quickblox.com/developers/Authentication_and_Authorization#Signature_generation
import json
import requests
import sha
import hmac
#========== YOUR DATA =======================
application_id = 'XXXX'
authorization_key = 'xxxxxxx-XXX-XX'
authorization_secret = 'XXXXXXXXXXXXXXXXXX'
var_login = 'user1'
var_password = 'password1'
# ===========================================

platform = "ios"     # like you want
udid = "7847674035"  # like you want


def getTimestampNonce():
    import random
    import time

    return str(time.time()), str(random.randint(1, 10000))

def createSignatureSimple(timestamp, nonce):
    stringForSignature = 'application_id={id}&auth_key={auth_key}&nonce={nonce}&timestamp={timestamp}'.format(id=application_id,
                           auth_key=authorization_key, nonce=nonce, timestamp=timestamp)

    return hmac.new(authorization_secret, stringForSignature, sha).hexdigest()

def getParamsSimple():
    timestamp, nonce = getTimestampNonce()
    return {'application_id': application_id,
            'auth_key': authorization_key,
            'timestamp': timestamp,
            'nonce': nonce,
            'signature': createSignatureSimple(timestamp, nonce)}

def createSignatureUser(timestamp, nonce):
    stringForSignature = 'application_id={id}&auth_key={auth_key}&nonce={nonce}&timestamp={timestamp}&user[login]={login}&user[password]={password}'.format(id=application_id,
                           auth_key=authorization_key, nonce=nonce, timestamp=timestamp, login=var_login, password=var_password)

    return hmac.new(authorization_secret, stringForSignature, sha).hexdigest()

def getParamsUser():
    timestamp, nonce = getTimestampNonce()
    return {'application_id': application_id,
            'auth_key': authorization_key,
            'timestamp': timestamp,
            'nonce': nonce,
            'signature': createSignatureUser(timestamp, nonce),
            'user': {'login': var_login,
                    'password': var_password}}

def createSignatureDevice(timestamp, nonce):
    stringForSignature = 'application_id={id}&auth_key={auth_key}&device[platform]={platform}&device[udid]={udid}&nonce={nonce}&timestamp={timestamp}&user[login]={login}&user[password]={password}'.format(id=application_id,
                           auth_key=authorization_key, platform=platform, udid=udid, nonce=nonce, timestamp=timestamp, login=var_login, password=var_password)

    return hmac.new(authorization_secret, stringForSignature, sha).hexdigest()

def getParamsDevice():
    timestamp, nonce = getTimestampNonce()
    return {'application_id': application_id,
            'auth_key': authorization_key,
            'timestamp': timestamp,
            'nonce': nonce,
            'signature': createSignatureDevice(timestamp, nonce),
            'user': {'login': var_login,
                    'password': var_password},
            'device': {'platform': platform,
                        'udid': udid}}

def getSessionToken():
    httpHeaders = {'Content-Type': 'application/json',
                   'QuickBlox-REST-API-Version': '0.1.0'}
    requestPath = 'https://api.quickblox.com/session.json'

    print "===================================================="
    print "    -  Request                  "
    jsonData = json.dumps(getParamsSimple())
    r = requests.post(requestPath, data=jsonData, headers = httpHeaders)
    print 'status code:', r.status_code
    responseJson = r.text
    print responseJson
    print "===================================================="


    print "    -  Request With User authorization     -"
    jsonData = json.dumps(getParamsUser())
    r = requests.post(requestPath, data=jsonData, headers = httpHeaders)
    print 'status code:', r.status_code
    responseJson = r.text
    print responseJson
    print "===================================================="


    print "    -  Request With Device parameters     -"
    jsonData = json.dumps(getParamsDevice())
    r = requests.post(requestPath, data=jsonData, headers = httpHeaders)
    print 'status code:', r.status_code
    responseJson = r.text
    print responseJson
    print "====================================================="


getSessionToken()

相关问题 更多 >

    编程相关推荐