基本认证标题出现丢失 [英] Basic Auth Header appears to be lost
问题描述
我写一个REST风格的瓶服务器和AngularJS客户端,正在运行到它出现的用户名和密码信息在传输中被丢失的问题,可以这么说。
在JavaScript控制台中,我可以告诉客户端发送的授权头如预期:授权:基本的用户名:密码。然而,@ auth.verify_password回调中,他们都同时为空。
我的code的服务器部分围绕单元测试的公平一点,并且认证信息似乎是所有的人都present,所以这是令人欣慰我至少可以得到的用户名和从在一些情况下,报头内的密码。
此外,我已经添加了CORS扩展到服务器code,并允许它的服务器宽。看来,一个OPTIONS(它总是返回200)以下网址总是马上叫GET之前(返回401,由于用户名和密码的问题)相同的URL。
参考code:
服务器授权的回调:
@ app.route('/ API /用户/令牌')
@ auth.login_required
高清get_auth_token():
令牌= g.user.generate_auth_token()
返回jsonify({'令牌':token.de code('ASCII码')})@ auth.verify_password
高清verify_password(email_or_token,密码):
打印email_or_token:'+ email_or_token
打印密码:+密码
...
服务器单元测试code表现为预期的:
高清_get_user_token(个体经营,电子邮件= TEST_EMAIL,密码= TEST_PASSWORD):
标题= {
'授权':'基本'+ b64en code({0}:{1}。格式(电子邮件,密码))
}
响应= self.app.get('/ API /用户/令牌',标题=标题)
返回响应
AngularJS code这将产生于权威性回调浏览器,但空的用户名和密码检查时相应的标题:
$ http.get(silkyAppConstants.BASE_URL +'/ API /用户/令牌',{
标题:{授权:基本+用户名+:+密码}
})
我怀疑你的问题是,你要发送一个无效的授权头。在用户名+:标头+密码部分必须采用base64 EN codeD(见的 RFC 2617 。当接收瓶要发送它正试图通过它通过一个base64德coder和失败的明文凭据。
I am writing a Flask RESTful server and an AngularJS client, and am running into an issue where it appears the username and password information are being lost in transmission, so to speak.
In the Javascript console, I can tell that the client is sending the the Authorization header as expected: Authorization: Basic username:password. However, within the @auth.verify_password callback, they are both both empty.
I have a fair bit of unit tests around the server portion of the code, and the auth information appears to be present in all of them, so it is reassuring that I can at least get the username and password from within the header in some instances.
Additionally, I have added the CORS extension to the server code, and allow it server wide. It appears that an OPTIONS(which always returns 200) to the below url is always called immediately before the GET(returns 401, due to username and password issue) to the same url.
Reference code:
Server auth callback:
@app.route('/api/users/token')
@auth.login_required
def get_auth_token():
token = g.user.generate_auth_token()
return jsonify({ 'token': token.decode('ascii') })
@auth.verify_password
def verify_password(email_or_token, password):
print 'email_or_token: ' + email_or_token
print 'password: ' + password
...
Server Unit test code behaving as expected:
def _get_user_token(self, email=TEST_EMAIL, password=TEST_PASSWORD):
headers = {
'Authorization': 'Basic ' + b64encode("{0}:{1}".format(email, password))
}
response = self.app.get('/api/users/token', headers=headers)
return response
AngularJS code which yields appropriate header when inspected in browser but empty username and password in auth callback:
$http.get(silkyAppConstants.BASE_URL + '/api/users/token', {
headers: { "Authorization": "Basic " + username + ":" + password }
})
I suspect your problem is that you are sending an invalid Authorization header. The username + ":" + password portion of the header must be base64 encoded (see Section 2 of RFC 2617. When Flask receives the plain text credentials that you are sending it is trying pass it through a base64 decoder and that fails.
这篇关于基本认证标题出现丢失的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
