问题描述
我使用的是真棒创建与智威汤逊验证的CRUD API 。我看了看教程但是我收到一个401错误发布POST请求我的端点需要令牌身份验证。
I'm using the awesome Eve REST-framework for creating a CRUD API with JWT authentication. I've looked at the tutorials posted here but I'm receiving a 401 error when doing a POST request to my endpoints that require token auth.
我读过这太问题:但我pretty确保令牌的Base64 EN codeD。
I've read this SO question: Issue with the Python Eve TokenAuth Feature but I'm pretty sure the token is Base64 encoded.
这是做一个卷曲GET请求,当我从服务器获取回响应:
This is the response I'm getting back from the server when doing a cURL GET request:
curl -H "Authorization: <MYTOKEN>" -i http://MY_IP/users/548f6ecd64e6d12236c9576b
---- Response ----
HTTP/1.1 401 UNAUTHORIZED
Server: nginx/1.4.6 (Ubuntu)
Date: Tue, 16 Dec 2014 10:49:25 GMT
Content-Type: application/json
Content-Length: 91
Connection: keep-alive
WWW-Authenticate: Basic realm:"eve"
{"_status": "ERR", "_error": {"message": "Please provide proper credentials", "code": 401}}
下面是我的code:
Below is my code:
app.py
from eve import Eve
from eve.auth import TokenAuth
import jwt
class RolesAuth(TokenAuth):
def check_auth(self, token, allowed_roles, resource, method):
users = app.data.driver.db['users']
# Add check of user credentials by decoding JWT
user = users.find_one({'token': token})
return user
def add_token(documents):
for document in documents:
payload = {'username': document['username']}
document["token"] = jwt.encode(payload, 'secret')
if __name__ == '__main__':
app = Eve(auth=RolesAuth)
app.on_insert_users += add_token
app.run()
settings.py
users_schema = {
'username': {
'type': 'string',
'required': True,
},
'password': {
'type': 'string',
'required': True,
},
'email': {
'type': 'string',
'minlength': 1,
'maxlength': 200,
'required': True,
},
'token': {
'type': 'string',
},
'created': {
'type': 'datetime',
}
}
users = {
'cache_control': '',
'cache_expires': 0,
'extra_response_fields': ['token'],
'public_methods': ['POST'],
'schema': users_schema
}
DOMAIN = {
'users': users,
}
我保存在我的MongoDB为用户令牌,我正在用和要求我包括Authorization头,像这样的标记:
I have a token stored in my MongoDB for the user and I'm making the request with Postman and I'm including the token in the Authorization header like so:
Authorization: <USERTOKEN>
为什么这让我有什么想法一401
Any thoughts on why this gives me a 401.
谢谢!
推荐答案
我测试了code,但为简单起见,我摆脱了 jwt.en code :
I tested your code but, for simplicity, I got rid of jwt.encode:
def add_token(documents):
for document in documents:
payload = {'username': document['username']}
document["token"] = 'hello'
我发布了一个新用户 /用户,然后做一个GET与邮差同一端点:它就像一个魅力( 200 )。然后我做了相同的测试卷曲:
I POSTed a new user to /users and then did a GET to the same endpoint with Postman: it works like a charm (200). Then I did the same test with curl:
curl -H "Authorization: Basic Y2lhbzo=" -i http://localhost:5000/users
这也retuns一个 200 。正如你所看到的验证标头是连接codeD(复制和放大器;从邮差请求preVIEW粘贴)。只要确保您传递正确的东西,也许是设置在 check_auth 断点来验证什么进入它和羯羊数据库查找成功与否。
That also retuns a 200. As you can see the Auth header is encoded (copy & paste from Postman request preview). Just make sure you are passing the right stuff, maybe set a breakpoint in check_auth to validate what's coming into it and wether the db lookup is successful or not.
希望这有助于诊断您的问题。
Hope this helps in diagnosing your issue.
PS:请注意,在袅袅的Authorization头也有令牌,这似乎缺乏在code段之前一个基本语句
PS: please note that in curl the Authorization header also has a Basic statement before the token, which seems to be lacking in your code snippet.
更新
有关它的缘故,我也装PyJWT并测试了code和......它只是罚款在我结束。一定是坏了你的要求。
For the sake of it I also installed PyJWT and tested your code and... it works just fine on my end. Must be something wrong with your request.
UPDATE2
有一件事情可能不那么明显的是,你还需要追加一个(EN codeD):来的AUTH头(它的基本认证,它解析包含用户名和PW)。这就是为什么在上面的例子中,你在连接codeD'你好'的结尾有一个 = 。
One thing that might not be so obvious is that you still need to append an (encoded) : to your auth header (it's Basic Auth and it parses both username and pw). That's why in the above example you have a = at the end of the encoded 'hello'.
这篇关于401试图在平安夜瓶框架来验证用户时,的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!