1. 技术文章
  2. Getting error on generating the correct TOTP with Node with correct Headers and SHA512 hashed Token?

Getting error on generating the correct TOTP with Node with correct Headers and SHA512 hashed Token?

孤人 提交于 2020-12-15 06:45:19

问题


Initiating an HTTP post request I am getting an error:

'Access Denied: Invalid token, wrong code'. I have tried every possible solution but I can't pass this error.

Details for this challenge:

Authorization

The URL is protected by HTTP Basic Authentication, which is explained on Chapter 2 of RFC2617, so you have to provide an Authorization: header field in your POST request

For the userid of HTTP Basic Authentication, use the same email address you put in the JSON string. For the password, provide a 10-digit time-based one time password conforming to RFC6238 TOTP. Authorization password For generating the TOTP password, you will need to use the following setup:

You have to read RFC6238 (and the errata too!) and get a correct one time password by yourself. TOTP's Time Step X is 30 seconds. T0 is 0. Use HMAC-SHA-512 for the hash function, instead of the default HMAC-SHA-1. Token shared secret is the userid followed by ASCII string value "HENNGECHALLENGE003" (not including double quotations).

const axios = require('axios');
const base64 = require('base-64');
const utf8 = require('utf8');
const { totp } = require('otplib');

const ReqJSON = {
  "github_url":    "ABC",
  "contact_email": "ABC"
}

const stringData = JSON.stringify(ReqJSON);
const URL = "ABC";
const sharedSecret = ReqJSON.contact_email + "HENNGECHALLENGE003";

totp.options = { digits: 10, algorithm: "sha512", epoch: 0 };

const MyTOTP = totp.generate(sharedSecret);
const isValid = totp.check(MyTOTP, sharedSecret);

console.log("Token Info:", {MyTOTP, isValid});

const authStringUTF = ReqJSON.contact_email + ":" + MyTOTP;
const bytes = utf8.encode(authStringUTF);
const encoded = base64.encode(bytes);

const createReq = async () => {
    try {
        const config = {
            headers: {
                'Content-Type': 'application/json',
                "Authorization": "Basic " + encoded
            }
        };

        console.log("Making request", {URL, ReqJSON, config});

        const response = await axios.post(URL, stringData, config);
        console.log(response.data);
    } catch (err) {
        console.error(err.response.data);
    }
};

createReq();

回答1:


Try this one by changing necessary fields!

const axios = require('axios');
const base64 = require('base-64');
const utf8 = require('utf8');
const hotpTotpGenerator = require('hotp-totp-generator');

const ReqJSON = {
  github_url: '',
  contact_email: '',
};

const stringData = JSON.stringify(ReqJSON);
const URL = '';
const sharedSecret = ReqJSON.contact_email + '';

const MyTOTP = hotpTotpGenerator.totp({
  key: sharedSecret,
  T0: 0,
  X: 30,
  algorithm: 'sha512',
  digits: 10,
});

const authStringUTF = ReqJSON.contact_email + ':' + MyTOTP;
const bytes = utf8.encode(authStringUTF);
const encoded = base64.encode(bytes);

const createReq = async () => {
  try {
    const config = {
      withCredentials: true,
      headers: {
        'Content-Type': 'application/json',
         Authorization: 'Basic ' + encoded,
      },
    };

    console.log('Making request', { URL, ReqJSON, config });

    const response = await axios.post(URL, stringData, config);
    console.log(response.data);
  } catch (err) {
    console.error(err.response.data);
  }
};

createReq();



回答2:


Use php install the dependencies and write this

<?php

require_once 'vendor/autoload.php';
use OTPHP\TOTP;

$email = 'Email';
$secret = "{$email}HENNGECHALLENGE003";

$totp = TOTP::create(ParagonIE\ConstantTime\Base32::encode($secret), 30, 'sha512', 10, 0);
$token = $totp->now();
$token = base64_encode( utf8_encode("{$email}:{$token}") );

$url = 'https://api.challenge.hennge.com/challenges/003';
$data = [
    'github_url' => 'URL',
    'contact_email' => $email
];
$headers = [
    //'Accept' => '/',
    'Content-Type' => 'application/json',
    //'Content-Length' => strlen(json_encode( $data )),
    'Authorization' => 'Basic '. $token
];

PostRequest($url, $data, $headers);

function        PostRequest($url, $data, $headers = [])
{
    $context = curl_init($url);

    curl_setopt($context, CURLOPT_POST, true);
    curl_setopt($context, CURLOPT_POSTFIELDS, json_encode($data));
    curl_setopt($context, CURLOPT_RETURNTRANSFER, true);

    $h = [];
    foreach ($headers as $key => $value) {
        $h[] = "{$key}: {$value}";
    }
    echo "- Headers".PHP_EOL;
    var_dump($h);
    echo "- Data".PHP_EOL;
    var_dump($data);
    curl_setopt($context, CURLOPT_HTTPHEADER, $h);
    $ret = curl_exec($context);
    curl_close($context);

    var_dump($ret);
    return ($ret);
}

?>


来源:https://stackoverflow.com/questions/62017645/getting-error-on-generating-the-correct-totp-with-node-with-correct-headers-and

标签
node.js
authentication
http-headers
totp
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!