[英]How to solve the problem of “Access Denied: Invalid token, wrong code”?
A recent school project I was assigned has a coding challenge we have to complete.我最近分配的一个学校项目有一个我们必须完成的编码挑战。 The challenge has multiple parts, and the final part is uploading to a private GitHub repo and submitting a completion request by making a POST request under certain conditions.
挑战有多个部分,最后一部分是上传到私有 GitHub 存储库,并通过在特定条件下发出 POST 请求来提交完成请求。
I have successfully completed the other parts of the challenge and am stuck on submitting the request.我已经成功完成了挑战的其他部分,并且一直在提交请求。 The submission has to follow these rules:
提交必须遵循以下规则:
Build your solution request构建您的解决方案请求
First, construct a JSON string like below:首先,构造一个 JSON 字符串,如下所示:
{ {
"github_url": "https://github.com/YOUR_ACCOUNT/GITHUB_REPOSITORY",
"contact_email": "YOUR_EMAIL"
} }
Fill in your email address for YOUR_EMAIL, and the private Github repository with your solution in YOUR_ACCOUNT/GITHUB_REPOSITORY.填写 YOUR_EMAIL 的 email 地址,以及在 YOUR_ACCOUNT/GITHUB_REPOSITORY 中使用解决方案的私有 Github 存储库。 Then, make an HTTP POST request to the following URL with the JSON string as the body part.
然后,以 JSON 字符串作为正文部分,向以下 URL 发出 HTTP POST 请求。
CHALLENGE_URL CHALLENGE_URL
Content type内容类型
The Content-Type: of the request must be application/json.请求的 Content-Type: 必须是 application/json。
Authorization授权
The URL is protected by HTTP Basic Authentication, which is explained on Chapter 2 of RFC2617, so you have to provide an Authorization: header field in your POST request. URL 受 HTTP 基本身份验证的保护,这在 RFC2617 的第 2 章中进行了说明,因此您必须在您的 POST 请求中的 3 字段中提供授权:Z099FB995346F31C749F6E40DB0F395。
For the userid of HTTP Basic Authentication, use the same email address you put in the JSON string.对于 HTTP 基本身份验证的用户 ID,使用您在 JSON 字符串中输入的相同 email 地址。 For the password, provide a 10-digit time-based one time password conforming to RFC6238 TOTP.
对于密码,请提供符合 RFC6238 TOTP 的 10 位基于时间的一次性密码。 Authorization password
授权密码
For generating the TOTP password, you will need to use the following setup:要生成 TOTP 密码,您需要使用以下设置:
You have to generate a correct TOTP password according to RFC6238 TOTP's Time Step X is 30 seconds.您必须根据 RFC6238 TOTP 的 Time Step X 为 30 秒生成正确的 TOTP 密码。 T0 is 0. Use HMAC-SHA-512 for the hash function, instead of the default HMAC-SHA-1.
T0 为 0。对 hash function 使用 HMAC-SHA-512,而不是默认的 HMAC-SHA-1。 Token shared secret is the userid followed by ASCII string value "APICHALLENGE" (not including double quotations).
令牌共享密钥是用户 ID,后跟 ASCII 字符串值“APICHALLENGE”(不包括双引号)。 Shared secret examples
共享秘密示例
For example, if the userid is "email@example.com", the token shared secret is "email@example.comAPICHALLENGE" (without quotes).例如,如果用户 ID 是“email@example.com”,则令牌共享密钥是“email@example.comAPICHALLENGE”(不带引号)。
If your POST request succeeds, the server returns HTTP status code 200.如果您的 POST 请求成功,服务器返回 HTTP 状态码 200。
I have tried to follow this outline very carefully, and testing my work in different ways.我试图非常仔细地遵循这个大纲,并以不同的方式测试我的工作。 However, it seems I can't get it right.
但是,似乎我无法正确处理。 We are supposed to make the request from a Node server backend.
我们应该从 Node 服务器后端发出请求。 This is what I have done so far.
这是我到目前为止所做的。 I created a new npm project with npm init and installed the dependencies you will see in the code below:
我使用 npm init 创建了一个新的 npm 项目,并安装了您将在下面的代码中看到的依赖项:
const base64 = require('base-64');
const utf8 = require('utf8');
const { totp } = require('otplib');
const reqJSON =
{
github_url: GITHUB_URL,
contact_email: MY_EMAIL
}
const stringData = JSON.stringify(reqJSON);
const URL = CHALLENGE_URL;
const sharedSecret = reqJSON.contact_email + "APICHALLENGE";
totp.options = { digits: 10, algorithm: "sha512" , epoch: 0}
const myTotp = totp.generate(sharedSecret);
const isValid = totp.check(myTotp, sharedSecret);
console.log("Token Info:", {myTotp, isValid});
const authStringUTF = reqJSON.contact_email + ":" + myTotp;
const bytes = utf8.encode(authStringUTF);
const encoded = base64.encode(bytes);
const createReq = async () =>
{
try
{
// set the headers
const config = {
headers: {
'Content-Type': 'application/json',
"Authorization": "Basic " + encoded
}
};
console.log("Making req", {URL, reqJSON, config});
const res = await axios.post(URL, stringData, config);
console.log(res.data);
}
catch (err)
{
console.error(err.response.data);
}
};
createReq();```
As far as I understand, I'm not sure where I'm making a mistake. I have tried to be very careful in my understanding of the requirements. I have briefly looked into all of the documents the challenge outlines, and gathered the necessary requirements needed to correctly generate a TOTP under the given conditions.
I have found the npm package otplib can satisfy these requirements with the options I have passed in.
However, my solution is incorrect. When I try to submit my solution, I get the error message, "Invalid token, wrong code". Can someone please help me see what I'm doing wrong?
I really don't want all my hard work to be for nothing, as this was a lengthy project.
Thank you so much in advance for your time and help on this. I am very grateful.
Try this code with hotp-totp-generator Library使用hotp-totp-generator库尝试此代码
const axios = require('axios');
const base64 = require('base-64');
const utf8 = require('utf8');
const hotpTotpGenerator = require('hotp-totp-generator');
const ReqJSON = {
github_url: 'GITHUB_REPO',
contact_email: 'YOUR_MAIL',
};
const stringData = JSON.stringify(ReqJSON);
const URL = 'CHALLENGE_URL';
const sharedSecret = ReqJSON.contact_email + 'SPECIAL_CODE';
const MyTOTP = hotpTotpGenerator.totp({
key: sharedSecret,
T0: 0,
X: 30,
algorithm: 'sha512',
digits: 10,
});
const authStringUTF = ReqJSON.contact_email + ':' + MyTOTP;
const bytes = utf8.encode(authStringUTF);
const encoded = base64.encode(bytes);
const createReq = async () => {
try {
const config = {
withCredentials: true,
headers: {
'Content-Type': 'application/json',
Authorization: 'Basic ' + encoded,
},
};
console.log('Making request', { URL, ReqJSON, config });
const response = await axios.post(URL, stringData, config);
console.log(response.data);
} catch (err) {
console.error(err.response.data);
}
};
createReq();
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.