我是通过REST API完成的。两个问题
1)我想将一些现有数据推送到Quickblox自定义对象。我需要多少个REST呼叫? (我对涉及计算机安全的整个事件的状态并不十分清楚。)首先是(a)获取会话令牌。然后点击创建新记录here?
2)我正在尝试获取会话令牌,但我得到{"errors":{"base":["Unexpected signature"]}}作为回复。这是我的代码,用于生成随机数,签名和获取会话令牌:
# Of course these are not really 0, x, and y's.
appId = '0000'
authKey = 'XXXXXXXXXXX'
authSecret = 'YYYYYYYYYYYYYY'
def getNonce():
import random
return random.random()
def createSignature(nonce):
import hashlib
import hmac
import binascii
import time
stringForSignature = 'application_id={id}&auth_key={auth_key}&nonce={nonce}×tamp={timestamp}'.format(id=appId,
auth_key=authKey, nonce=nonce, timestamp=time.time())
hmacObj = hmac.new(authKey, stringForSignature, hashlib.sha1)
return binascii.b2a_base64(hmacObj.digest())[:-1] # -1 to get rid of \n
def getSessionToken():
import time
epoch = "%s" % int(time.time())
nonce = getNonce()
params = {'application_id': appId,
'auth_key': authKey,
'timestamp': epoch,
'nonce': nonce,
'signature': createSignature(nonce)}
jsonData = json.dumps(params)
httpHeaders = {'Content-Type': 'application/json',
'QuickBlox-REST-API-Version': '0.1.0'}
r = requests.post('https://api.quickblox.com/session.json', data=jsonData, headers = httpHeaders)
print 'status code:', r.status_code
responseJson = r.text
print responseJson
response = json.loads(responseJson)
getSessionToken()
我认为这是导致问题的签名生成方式吗?
答案 0 :(得分:2)
我在您的代码中发现了以下问题:
我建议你使用以下代码,修改上面的错误。 因此,您将获得以下身份验证: ---------请求-------------------------------- ---------用户授权请求--------- ---------使用设备参数请求----------
# -*- encoding: utf-8 -*-
# Link: http://quickblox.com/developers/Authentication_and_Authorization#Signature_generation
import json
import requests
import sha
import hmac
#========== YOUR DATA =======================
application_id = 'XXXX'
authorization_key = 'xxxxxxx-XXX-XX'
authorization_secret = 'XXXXXXXXXXXXXXXXXX'
var_login = 'user1'
var_password = 'password1'
# ===========================================
platform = "ios" # like you want
udid = "7847674035" # like you want
def getTimestampNonce():
import random
import time
return str(time.time()), str(random.randint(1, 10000))
def createSignatureSimple(timestamp, nonce):
stringForSignature = 'application_id={id}&auth_key={auth_key}&nonce={nonce}×tamp={timestamp}'.format(id=application_id,
auth_key=authorization_key, nonce=nonce, timestamp=timestamp)
return hmac.new(authorization_secret, stringForSignature, sha).hexdigest()
def getParamsSimple():
timestamp, nonce = getTimestampNonce()
return {'application_id': application_id,
'auth_key': authorization_key,
'timestamp': timestamp,
'nonce': nonce,
'signature': createSignatureSimple(timestamp, nonce)}
def createSignatureUser(timestamp, nonce):
stringForSignature = 'application_id={id}&auth_key={auth_key}&nonce={nonce}×tamp={timestamp}&user[login]={login}&user[password]={password}'.format(id=application_id,
auth_key=authorization_key, nonce=nonce, timestamp=timestamp, login=var_login, password=var_password)
return hmac.new(authorization_secret, stringForSignature, sha).hexdigest()
def getParamsUser():
timestamp, nonce = getTimestampNonce()
return {'application_id': application_id,
'auth_key': authorization_key,
'timestamp': timestamp,
'nonce': nonce,
'signature': createSignatureUser(timestamp, nonce),
'user': {'login': var_login,
'password': var_password}}
def createSignatureDevice(timestamp, nonce):
stringForSignature = 'application_id={id}&auth_key={auth_key}&device[platform]={platform}&device[udid]={udid}&nonce={nonce}×tamp={timestamp}&user[login]={login}&user[password]={password}'.format(id=application_id,
auth_key=authorization_key, platform=platform, udid=udid, nonce=nonce, timestamp=timestamp, login=var_login, password=var_password)
return hmac.new(authorization_secret, stringForSignature, sha).hexdigest()
def getParamsDevice():
timestamp, nonce = getTimestampNonce()
return {'application_id': application_id,
'auth_key': authorization_key,
'timestamp': timestamp,
'nonce': nonce,
'signature': createSignatureDevice(timestamp, nonce),
'user': {'login': var_login,
'password': var_password},
'device': {'platform': platform,
'udid': udid}}
def getSessionToken():
httpHeaders = {'Content-Type': 'application/json',
'QuickBlox-REST-API-Version': '0.1.0'}
requestPath = 'https://api.quickblox.com/session.json'
print "===================================================="
print "--------- Request --------------------------------"
jsonData = json.dumps(getParamsSimple())
r = requests.post(requestPath, data=jsonData, headers = httpHeaders)
print 'status code:', r.status_code
responseJson = r.text
print responseJson
print "===================================================="
print "--------- Request With User authorization ---------"
jsonData = json.dumps(getParamsUser())
r = requests.post(requestPath, data=jsonData, headers = httpHeaders)
print 'status code:', r.status_code
responseJson = r.text
print responseJson
print "===================================================="
print "--------- Request With Device parameters ---------"
jsonData = json.dumps(getParamsDevice())
r = requests.post(requestPath, data=jsonData, headers = httpHeaders)
print 'status code:', r.status_code
responseJson = r.text
print responseJson
print "====================================================="
getSessionToken()
答案 1 :(得分:1)
Here是我的问题的答案。事实证明,时间戳应该只是整数,hamc应该使用密钥,并且应该使用https://api.quickblox.com/auth.json而不是会话。而且我也没有使用正确的编码来签名。