使用json帖子进行摘要身份验证的卷曲命令 [英] Curl command for digest auth using a json post

问题描述

(使用node.js，express，passport-http)

(Using node.js, express, passport-http)

我有一个执行摘要身份验证的POST路由，尝试使用application-json内容类型.

I have a POST route doing digest auth, trying to application-json content type.

我可以使用摘要执行GET路由，而不会出现问题，并且可以使用基本身份验证执行POST路由而不会出现问题，但是当我尝试使用摘要身份验证执行POST时，我得到了400-错误请求.看起来curl将内容类型放在初始摘要请求中(内容长度为0，因此知道在初始摘要身份验证请求中不发送json正文就足够了)，而我这一边(表达)失败了无效的json(空主体):

I can hit the GET route with digest, without issues, and I can hit the POST route with basic auth without issues, but when I try to do the POST with digest auth, I'm getting 400 - Bad Request. It looks like curl puts the content-type on the initial digest request (with a content-length of 0, so it knows enough not to send the json body on the initial digest-auth request), and my side (express) fails with invalid json (empty body):

$ curl  -v --digest  -X POST --data @body.json --user org2user2:lameduck -H "content-type: application/json"  http://127.0.0.1:3002/user

* About to connect() to 127.0.0.1 port 3002 (#0)
*   Trying 127.0.0.1...
* connected
* Connected to 127.0.0.1 (127.0.0.1) port 3002 (#0)
* Server auth using Digest with user 'org2user2'
> POST /user HTTP/1.1
> User-Agent: curl/7.24.0 (x86_64-apple-darwin12.0) libcurl/7.24.0 OpenSSL/0.9.8r zlib/1.2.5
> Host: 127.0.0.1:3002
> Accept: */*
> content-type: application/json
> Content-Length: 0
> 
< HTTP/1.1 400 Bad Request
< X-Powered-By: Express
< Content-Type: text/plain
< Date: Thu, 21 Mar 2013 15:33:10 GMT
< Connection: keep-alive
< Transfer-Encoding: chunked

我似乎无法弄清楚在没有此发送摘要摘要数据包的情况下，只能在随后的实际数据请求中添加内容类型.

I can't seem to figure out the curl magic to send the digest initial packet without this, only adding the content-type in the actual data request that follows.

作为参考，尽管我认为这没有帮助，但这是同一电话的基本笔录:

For reference, although I don't think it helps, here is the BASIC transcript for the same call:

$ curl  -v --basic  -X POST --data @body.json --user org2user2:lameduck -H "content-type: application/json"  http://127.0.0.1:3002/user
* About to connect() to 127.0.0.1 port 3002 (#0)
*   Trying 127.0.0.1...
* connected
* Connected to 127.0.0.1 (127.0.0.1) port 3002 (#0)
* Server auth using Basic with user 'org2user2'
> POST /user HTTP/1.1
> Authorization: Basic b3JnMnVzZXIyOmxhbWVkdWNr
> User-Agent: curl/7.24.0 (x86_64-apple-darwin12.0) libcurl/7.24.0 OpenSSL/0.9.8r zlib/1.2.5
> Host: 127.0.0.1:3002
> Accept: */*
> content-type: application/json
> Content-Length: 48
> 
* upload completely sent off: 48 out of 48 bytes
< HTTP/1.1 200 OK
< X-Powered-By: Express
< Content-Type: application/json; charset=utf-8
< Content-Length: 51
< Date: Thu, 21 Mar 2013 15:43:48 GMT
< Connection: keep-alive
< 
{
  "this": "is working",
  "that": "is annoying"
* Connection #0 to host 127.0.0.1 left intact
}* Closing connection #0

任何帮助都会很棒.

推荐答案

我遇到了同样的问题.我无法回答有关命令行魔术的问题，以告诉CURL不要在初始请求上发送内容类型(我认为没有魔术).

I ran into this same issue. I can't answer your question about the command line magic to tell CURL not to send the content-type on the initial request (I don't think there is any magic).

但是，我可以告诉您问题的根本原因是Node + Express(connect)通过bodyParser发送初始摘要请求，并且由于存在application/json标头，因此它尝试解析主体(是空的).就个人而言，如果主体为空，我不认为express应该吓坏了，而是只返回一个空的JSON结构(我在下面的工作).

However, I can tell you that the root cause of the issue is that Node+Express(connect) is sending the initial digest request through the bodyParser and since the application/json headers are there it tries to parse the body (which is empty). Personally I don't think express should freak out if the body is empty, instead just return an empty JSON structure (my work around below).

将来可能会有更好的(官方)解决方法，因为此特定问题正在github上进行讨论(已存在1天) https://github.com/senchalabs/connect/issues/415

There may be a better (official) workaround in the future as this particular issue is in discussion right now on github here (1 day old) https://github.com/senchalabs/connect/issues/415

我的解决方法(connect/lib/middleware/json.js:70)

My workaround (connect/lib/middleware/json.js:70)

if (0 == buf.length) {
//  return next(400, 'invalid json, empty body');
    req.body = {};
    return next();
}

这篇关于使用json帖子进行摘要身份验证的卷曲命令的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！