在使用带有正确标题和SHA512哈希令牌的Node生成正确的TOTP时遇到错误? [英] Getting error on generating the correct TOTP with Node with correct Headers and SHA512 hashed Token?

问题描述

启动HTTP发布请求时出现错误:

Initiating an HTTP post request I am getting an error:

访问被拒绝:无效的令牌，错误的代码".我尝试了所有可能的解决方案，但我无法通过此错误.

'Access Denied: Invalid token, wrong code'. I have tried every possible solution but I can't pass this error.

此挑战的详细信息:

授权

URL受HTTP基本身份验证保护，这在RFC2617的第2章中进行了说明，因此您必须在POST请求中提供一个Authorization:标头字段

The URL is protected by HTTP Basic Authentication, which is explained on Chapter 2 of RFC2617, so you have to provide an Authorization: header field in your POST request

对于HTTP基本身份验证的用户ID，请使用您在JSON字符串中输入的相同电子邮件地址.对于密码，请提供一个符合RFC6238 TOTP的10位基于时间的一次性密码.授权密码要生成TOTP密码，您将需要使用以下设置:

For the userid of HTTP Basic Authentication, use the same email address you put in the JSON string. For the password, provide a 10-digit time-based one time password conforming to RFC6238 TOTP. Authorization password For generating the TOTP password, you will need to use the following setup:

您必须阅读RFC6238(以及勘误表！)，并自己获得正确的一次性密码.TOTP的时间步长X为30秒.T0为0.使用HMAC-SHA-512作为哈希函数，而不是默认的HMAC-SHA-1.令牌共享密钥是用户ID，后跟ASCII字符串值"HENNGECHALLENGE003".(不包括双引号).

You have to read RFC6238 (and the errata too!) and get a correct one time password by yourself. TOTP's Time Step X is 30 seconds. T0 is 0. Use HMAC-SHA-512 for the hash function, instead of the default HMAC-SHA-1. Token shared secret is the userid followed by ASCII string value "HENNGECHALLENGE003" (not including double quotations).

const axios = require('axios');
const base64 = require('base-64');
const utf8 = require('utf8');
const { totp } = require('otplib');

const ReqJSON = {
  "github_url":    "ABC",
  "contact_email": "ABC"
}

const stringData = JSON.stringify(ReqJSON);
const URL = "ABC";
const sharedSecret = ReqJSON.contact_email + "HENNGECHALLENGE003";

totp.options = { digits: 10, algorithm: "sha512", epoch: 0 };

const MyTOTP = totp.generate(sharedSecret);
const isValid = totp.check(MyTOTP, sharedSecret);

console.log("Token Info:", {MyTOTP, isValid});

const authStringUTF = ReqJSON.contact_email + ":" + MyTOTP;
const bytes = utf8.encode(authStringUTF);
const encoded = base64.encode(bytes);

const createReq = async () => {
    try {
        const config = {
            headers: {
                'Content-Type': 'application/json',
                "Authorization": "Basic " + encoded
            }
        };

        console.log("Making request", {URL, ReqJSON, config});

        const response = await axios.post(URL, stringData, config);
        console.log(response.data);
    } catch (err) {
        console.error(err.response.data);
    }
};

createReq();

推荐答案

通过更改必填字段来尝试这一操作！

Try this one by changing necessary fields!

const axios = require('axios');
const base64 = require('base-64');
const utf8 = require('utf8');
const hotpTotpGenerator = require('hotp-totp-generator');

const ReqJSON = {
  github_url: '',
  contact_email: '',
};

const stringData = JSON.stringify(ReqJSON);
const URL = '';
const sharedSecret = ReqJSON.contact_email + '';

const MyTOTP = hotpTotpGenerator.totp({
  key: sharedSecret,
  T0: 0,
  X: 30,
  algorithm: 'sha512',
  digits: 10,
});

const authStringUTF = ReqJSON.contact_email + ':' + MyTOTP;
const bytes = utf8.encode(authStringUTF);
const encoded = base64.encode(bytes);

const createReq = async () => {
  try {
    const config = {
      withCredentials: true,
      headers: {
        'Content-Type': 'application/json',
         Authorization: 'Basic ' + encoded,
      },
    };

    console.log('Making request', { URL, ReqJSON, config });

    const response = await axios.post(URL, stringData, config);
    console.log(response.data);
  } catch (err) {
    console.error(err.response.data);
  }
};

createReq();

这篇关于在使用带有正确标题和SHA512哈希令牌的Node生成正确的TOTP时遇到错误?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！