继续使用Perl中的WWW :: Pusher获得401'd

时间:2014-06-09 06:00:01

标签: perl pusher

我在Perl中使用WWW::Pusher来尝试发送测试消息,但我没有充分的理由继续获取401。

这是转出的HTTP::Request响应。正如你所看到的一切都完全符合预期,但是当它真的没有时,我仍然会从“无效签名”中获得401'd。从WWW::Pusher的源代码开始,这就是他们这样做的方式,而且一切正确:

my $signature = "POST\n".$uri->path."\n".$uri->query;
my $auth_signature = hmac_sha256_hex($signature, $self->{secret});

my $request = HTTP::Request->new(
    'POST',
    $uri->as_string."&auth_signature=".$auth_signature,
    ['Content-Type' => 'application/json'],
    $payload
);

RESPONSE DUMP:

$VAR1 = bless( {
    '_protocol' => 'HTTP/1.1',
    '_content' => 'Invalid signature: you should have sent HmacSHA256Hex("POST\\n/apps/77409/channels/eventname/events\\nauth_key=a07f61975e3c3f7903f3&auth_timestamp=1402292321&auth_version=1.0&body_md5=224adf45124f9ba44f83f49cc7964687&name=client rsync&socket_id=", your_secret_key), but you sent "bb8628f91445ac1251e90fb1ef8f0b568cf381b5f0a77dddf3faa890f22cfb68"',
    '_rc' => '401',
    '_headers' => bless( {
            'connection' => 'Close',
            'client-response-num' => 1,
            'client-peer' => 'x.x.x.x:80',
            'content-length' => '339',
            'client-date' => 'Mon, 09 Jun 2014 05:38:41 GMT',
            'client-warning' => 'Missing Authenticate header',
            'content-type' => 'text/html;charset=utf-8',
            'server' => 'thin 1.6.1 codename Death Proof'
        }, 'HTTP::Headers' ),
    '_msg' => 'Unauthorized',
    '_request' => bless( {
            '_content' => '"test message"',
            '_uri' => bless( do{\(my $o = 'http://api.pusherapp.com:80/apps/77409/channels/eventname/events?auth_key=a07f61975e3c3f7903f3&auth_timestamp=1402292321&auth_version=1.0&body_md5=224adf45124f9ba44f83f49cc7964687&name=client+rsync&socket_id=&auth_signature=bb8628f91445ac1251e90fb1ef8f0b568cf381b5f0a77dddf3faa890f22cfb68')}, 'URI::http' ),
            '_headers' => bless( {
                'user-agent' => 'libwww-perl/5.833',
                'content-type' => 'application/json'
            }, 'HTTP::Headers' ),
        '_method' => 'POST',
        '_uri_canonical' => bless( do{\(my $o = 'http://api.pusherapp.com/apps/77409/channels/eventname/events?auth_key=a07f61975e3c3f7903f3&auth_timestamp=1402292321&auth_version=1.0&body_md5=224adf45124f9ba44f83f49cc7964687&name=client+rsync&socket_id=&auth_signature=bb8628f91445ac1251e90fb1ef8f0b568cf381b5f0a77dddf3faa890f22cfb68')}, 'URI::http' )
    }, 'HTTP::Request' )
}, 'HTTP::Response' );

1 个答案:

答案 0 :(得分:2)

这可能很重要:

'client-warning' => 'Missing Authenticate header',

他们是否期望在标题中使用auth信息而不是POST请求的查询字符串?

没关系;文档表明401将有关于内容中问题的信息,实际上确实如此:

Invalid signature: you should have sent HmacSHA256Hex("POST\\n/apps/77409/channels/eventname/events\\nauth_key=a07f61975e3c3f7903f3&auth_timestamp=1402292321&auth_version=1.0&body_md5=224adf45124f9ba44f83f49cc7964687&name=client rsync&socket_id=", your_secret_key), but you sent "bb8628f91445ac1251e90fb1ef8f0b568cf381b5f0a77dddf3faa890f22cfb68"

让我觉得你在哪里签名"客户端+ rsync"你应该签署"客户端rsync"。

这是他们的documentation

  

按键排序的查询参数,键转换为小写,然后在查询字符串中加入。请注意,字符串不能被url转义(例如,给定密钥auth_key:foo,Name:Something,你得到auth_key = foo& name = Something)

相关问题
最新问题