401试图在平安夜瓶框架来验证用户时

401试图在平安夜瓶框架来验证用户时

本文介绍了401试图在平安夜瓶框架来验证用户时,的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

限时删除!!

我使用的是真棒创建与智威汤逊验证的CRUD API 。我看了看教程但是我收到一个401错误发布POST请求我的端点需要令牌身份验证。

I'm using the awesome Eve REST-framework for creating a CRUD API with JWT authentication. I've looked at the tutorials posted here but I'm receiving a 401 error when doing a POST request to my endpoints that require token auth.

我读过这太问题:但我pretty确保令牌的Base64 EN codeD。

I've read this SO question: Issue with the Python Eve TokenAuth Feature but I'm pretty sure the token is Base64 encoded.

这是做一个卷曲GET请求,当我从服务器获取回响应:

This is the response I'm getting back from the server when doing a cURL GET request:

curl -H "Authorization: <MYTOKEN>" -i http://MY_IP/users/548f6ecd64e6d12236c9576b

---- Response ----

HTTP/1.1 401 UNAUTHORIZED
Server: nginx/1.4.6 (Ubuntu)
Date: Tue, 16 Dec 2014 10:49:25 GMT
Content-Type: application/json
Content-Length: 91
Connection: keep-alive
WWW-Authenticate: Basic realm:"eve"

{"_status": "ERR", "_error": {"message": "Please provide proper credentials", "code": 401}}

下面是我的code:

Below is my code:

app.py

from eve import Eve
from eve.auth import TokenAuth

import jwt


class RolesAuth(TokenAuth):

    def check_auth(self, token, allowed_roles, resource, method):
        users = app.data.driver.db['users']
        # Add check of user credentials by decoding JWT
        user = users.find_one({'token': token})
        return user


def add_token(documents):
    for document in documents:
        payload = {'username': document['username']}
        document["token"] = jwt.encode(payload, 'secret')


if __name__ == '__main__':
    app = Eve(auth=RolesAuth)
    app.on_insert_users += add_token
    app.run()

settings.py

users_schema = {
    'username': {
        'type': 'string',
        'required': True,
    },
    'password': {
        'type': 'string',
        'required': True,
    },
    'email': {
        'type': 'string',
        'minlength': 1,
        'maxlength': 200,
        'required': True,
    },
    'token': {
        'type': 'string',
    },
    'created': {
        'type': 'datetime',
    }
}

users = {
    'cache_control': '',
    'cache_expires': 0,
    'extra_response_fields': ['token'],
    'public_methods': ['POST'],
    'schema': users_schema
}

DOMAIN = {
    'users': users,
}

我保存在我的MongoDB为用户令牌,我正在用和要求我包括Authorization头,像这样的标记:

I have a token stored in my MongoDB for the user and I'm making the request with Postman and I'm including the token in the Authorization header like so:

Authorization: <USERTOKEN>

为什么这让我有什么想法一401

Any thoughts on why this gives me a 401.

谢谢!

推荐答案

我测试了code,但为简单起见,我摆脱了 jwt.en code

I tested your code but, for simplicity, I got rid of jwt.encode:

def add_token(documents):
    for document in documents:
        payload = {'username': document['username']}
        document["token"] = 'hello'

我发布了一个新用户 /用户,然后做一个GET与邮差同一端点:它就像一个魅力( 200 )。然后我做了相同的测试卷曲

I POSTed a new user to /users and then did a GET to the same endpoint with Postman: it works like a charm (200). Then I did the same test with curl:

curl -H "Authorization: Basic Y2lhbzo=" -i http://localhost:5000/users

这也retuns一个 200 。正如你所看到的验证标头是连接codeD(复制和放大器;从邮差请求preVIEW粘贴)。只要确保您传递正确的东西,也许是设置在 check_auth 断点来验证什么进入它和羯羊数据库查找成功与否。

That also retuns a 200. As you can see the Auth header is encoded (copy & paste from Postman request preview). Just make sure you are passing the right stuff, maybe set a breakpoint in check_auth to validate what's coming into it and wether the db lookup is successful or not.

希望这有助于诊断您的问题。

Hope this helps in diagnosing your issue.

PS:请注意,在袅袅的Authorization头也有令牌,这似乎缺乏在code段之前一个基本语句

PS: please note that in curl the Authorization header also has a Basic statement before the token, which seems to be lacking in your code snippet.

更新

有关它的缘故,我也装PyJWT并测试了code和......它只是罚款在我结束。一定是坏了你的要求。

For the sake of it I also installed PyJWT and tested your code and... it works just fine on my end. Must be something wrong with your request.

UPDATE2

有一件事情可能不那么明显的是,你还需要追加一个(EN codeD)来的AUTH头(它的基本认证,它解析包含用户名和PW)。这就是为什么在上面的例子中,你在连接codeD'你好'的结尾有一个 =

One thing that might not be so obvious is that you still need to append an (encoded) : to your auth header (it's Basic Auth and it parses both username and pw). That's why in the above example you have a = at the end of the encoded 'hello'.

这篇关于401试图在平安夜瓶框架来验证用户时,的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

1403页,肝出来的..

09-06 15:40