在 Python 中从 Quickblox 进行身份验证和获取会话令牌

Posted

技术标签:

【中文标题】在 Python 中从 Quickblox 进行身份验证和获取会话令牌【英文标题】:Authentication and getting a session token from Quickblox in Python 【发布时间】:2013-07-31 05:07:58 【问题描述】:

我正在通过 REST API 进行操作。两个问题

1) 我想将一些现有数据推送到 Quickblox 自定义对象。我需要多少个 REST 调用? (我不太清楚涉及计算机安全的整个事件状态。)是否首先(a)获取会话令牌。然后就跟着创建新记录here?

2) 我正在尝试获取会话令牌,但我收到了 "errors":"base":["Unexpected signature"] 作为响应。这是我生成随机数、签名和获取会话令牌的代码:

# Of course these are not really 0, x, and y's.
appId = '0000'
authKey = 'XXXXXXXXXXX'
authSecret = 'YYYYYYYYYYYYYY'

def getNonce():
    import random
    return random.random()

def createSignature(nonce):
    import hashlib
    import hmac
    import binascii
    import time
    stringForSignature = 'application_id=id&auth_key=auth_key&nonce=nonce&timestamp=timestamp'.format(id=appId,
                           auth_key=authKey, nonce=nonce, timestamp=time.time())
    hmacObj = hmac.new(authKey, stringForSignature, hashlib.sha1)
    return binascii.b2a_base64(hmacObj.digest())[:-1] # -1 to get rid of \n

def getSessionToken():
    import time
    epoch = "%s" % int(time.time())
    nonce = getNonce()
    params = 'application_id': appId,
                    'auth_key': authKey,
                   'timestamp': epoch,
                       'nonce': nonce,
                   'signature': createSignature(nonce)
    jsonData = json.dumps(params)

    httpHeaders = 'Content-Type': 'application/json',
                   'QuickBlox-REST-API-Version': '0.1.0'

    r = requests.post('https://api.quickblox.com/session.json', data=jsonData, headers = httpHeaders)
    print 'status code:', r.status_code
    responseJson = r.text
    print responseJson
    response = json.loads(responseJson)

getSessionToken()

我想是生成签名的方式导致了问题?

【问题讨论】:

我想在调用 hmac.new 时使用 authSecret 而不是 authKey?但我更换了它,我仍然得到相同的响应。 【参考方案1】:

Here 是我问题的答案。事实证明,timestamp 应该只是整数,hamc 应该使用密钥,并且应该使用https://api.quickblox.com/auth.json 而不是 session。而且我的签名没有使用正确的编码。

【讨论】:

【参考方案2】:

我在您的代码中发现了以下问题:

功能。 RANDOM - 我们需要整数值(不在 0 和 1 之间) 功能。时间戳。您计算“时间戳”两次。最好使用一次“时间戳” (def createSignature) - 正如您已经知道的那样...您的代码使用了我们需要的其他算法。

我建议您使用以下代码,上面的错误已被修改。 结果,您将获得以下身份验证: - - - - - 要求 - - - - - - - - - - - - - - - - --------- 请求用户授权 --------- --------- 带设备参数的请求 ----------

# -*- encoding: utf-8 -*-
# Link: http://quickblox.com/developers/Authentication_and_Authorization#Signature_generation
import json
import requests
import sha
import hmac
#========== YOUR DATA =======================
application_id = 'XXXX'
authorization_key = 'xxxxxxx-XXX-XX'
authorization_secret = 'XXXXXXXXXXXXXXXXXX'
var_login = 'user1'
var_password = 'password1'
# ===========================================

platform = "ios"     # like you want
udid = "7847674035"  # like you want


def getTimestampNonce():
    import random
    import time

    return str(time.time()), str(random.randint(1, 10000))

def createSignatureSimple(timestamp, nonce):
    stringForSignature = 'application_id=id&auth_key=auth_key&nonce=nonce&timestamp=timestamp'.format(id=application_id,
                           auth_key=authorization_key, nonce=nonce, timestamp=timestamp)

    return hmac.new(authorization_secret, stringForSignature, sha).hexdigest()

def getParamsSimple():
    timestamp, nonce = getTimestampNonce()
    return 'application_id': application_id,
            'auth_key': authorization_key,
            'timestamp': timestamp,
            'nonce': nonce,
            'signature': createSignatureSimple(timestamp, nonce)

def createSignatureUser(timestamp, nonce):
    stringForSignature = 'application_id=id&auth_key=auth_key&nonce=nonce&timestamp=timestamp&user[login]=login&user[password]=password'.format(id=application_id,
                           auth_key=authorization_key, nonce=nonce, timestamp=timestamp, login=var_login, password=var_password)

    return hmac.new(authorization_secret, stringForSignature, sha).hexdigest()

def getParamsUser():
    timestamp, nonce = getTimestampNonce()
    return 'application_id': application_id,
            'auth_key': authorization_key,
            'timestamp': timestamp,
            'nonce': nonce,
            'signature': createSignatureUser(timestamp, nonce),
            'user': 'login': var_login,
                    'password': var_password

def createSignatureDevice(timestamp, nonce):
    stringForSignature = 'application_id=id&auth_key=auth_key&device[platform]=platform&device[udid]=udid&nonce=nonce&timestamp=timestamp&user[login]=login&user[password]=password'.format(id=application_id,
                           auth_key=authorization_key, platform=platform, udid=udid, nonce=nonce, timestamp=timestamp, login=var_login, password=var_password)

    return hmac.new(authorization_secret, stringForSignature, sha).hexdigest()

def getParamsDevice():
    timestamp, nonce = getTimestampNonce()
    return 'application_id': application_id,
            'auth_key': authorization_key,
            'timestamp': timestamp,
            'nonce': nonce,
            'signature': createSignatureDevice(timestamp, nonce),
            'user': 'login': var_login,
                    'password': var_password,
            'device': 'platform': platform,
                        'udid': udid

def getSessionToken():
    httpHeaders = 'Content-Type': 'application/json',
                   'QuickBlox-REST-API-Version': '0.1.0'
    requestPath = 'https://api.quickblox.com/session.json'

    print "===================================================="
    print "---------  Request  --------------------------------"
    jsonData = json.dumps(getParamsSimple())
    r = requests.post(requestPath, data=jsonData, headers = httpHeaders)
    print 'status code:', r.status_code
    responseJson = r.text
    print responseJson
    print "===================================================="


    print "---------  Request With User authorization ---------"
    jsonData = json.dumps(getParamsUser())
    r = requests.post(requestPath, data=jsonData, headers = httpHeaders)
    print 'status code:', r.status_code
    responseJson = r.text
    print responseJson
    print "===================================================="


    print "---------  Request With Device parameters ---------"
    jsonData = json.dumps(getParamsDevice())
    r = requests.post(requestPath, data=jsonData, headers = httpHeaders)
    print 'status code:', r.status_code
    responseJson = r.text
    print responseJson
    print "====================================================="


getSessionToken()

【讨论】:

以上是关于在 Python 中从 Quickblox 进行身份验证和获取会话令牌的主要内容,如果未能解决你的问题,请参考以下文章

如何在 Quickblox iOS 中从远程视频中捕获视频帧

如何在 QuickBlox 通话期间截取正在进行的视频

Quickblox:对离线用户进行视频通话的策略是啥

使用 Quickblox 进行跨平台视频聊天

在 iOS 中与 REST Api 进行会话时出现 QuickBlox“意外签名”错误

QuickBlox Chat:无法进行视频通话