Curl command for digest auth using a json post

梦想的初衷 提交于 2020-01-05 15:25:32

问题


(Using node.js, express, passport-http)

I have a POST route doing digest auth, trying to application-json content type.

I can hit the GET route with digest, without issues, and I can hit the POST route with basic auth without issues, but when I try to do the POST with digest auth, I'm getting 400 - Bad Request. It looks like curl puts the content-type on the initial digest request (with a content-length of 0, so it knows enough not to send the json body on the initial digest-auth request), and my side (express) fails with invalid json (empty body):

$ curl  -v --digest  -X POST --data @body.json --user org2user2:lameduck -H "content-type: application/json"  http://127.0.0.1:3002/user

* About to connect() to 127.0.0.1 port 3002 (#0)
*   Trying 127.0.0.1...
* connected
* Connected to 127.0.0.1 (127.0.0.1) port 3002 (#0)
* Server auth using Digest with user 'org2user2'
> POST /user HTTP/1.1
> User-Agent: curl/7.24.0 (x86_64-apple-darwin12.0) libcurl/7.24.0 OpenSSL/0.9.8r zlib/1.2.5
> Host: 127.0.0.1:3002
> Accept: */*
> content-type: application/json
> Content-Length: 0
> 
< HTTP/1.1 400 Bad Request
< X-Powered-By: Express
< Content-Type: text/plain
< Date: Thu, 21 Mar 2013 15:33:10 GMT
< Connection: keep-alive
< Transfer-Encoding: chunked

I can't seem to figure out the curl magic to send the digest initial packet without this, only adding the content-type in the actual data request that follows.

For reference, although I don't think it helps, here is the BASIC transcript for the same call:

$ curl  -v --basic  -X POST --data @body.json --user org2user2:lameduck -H "content-type: application/json"  http://127.0.0.1:3002/user
* About to connect() to 127.0.0.1 port 3002 (#0)
*   Trying 127.0.0.1...
* connected
* Connected to 127.0.0.1 (127.0.0.1) port 3002 (#0)
* Server auth using Basic with user 'org2user2'
> POST /user HTTP/1.1
> Authorization: Basic b3JnMnVzZXIyOmxhbWVkdWNr
> User-Agent: curl/7.24.0 (x86_64-apple-darwin12.0) libcurl/7.24.0 OpenSSL/0.9.8r zlib/1.2.5
> Host: 127.0.0.1:3002
> Accept: */*
> content-type: application/json
> Content-Length: 48
> 
* upload completely sent off: 48 out of 48 bytes
< HTTP/1.1 200 OK
< X-Powered-By: Express
< Content-Type: application/json; charset=utf-8
< Content-Length: 51
< Date: Thu, 21 Mar 2013 15:43:48 GMT
< Connection: keep-alive
< 
{
  "this": "is working",
  "that": "is annoying"
* Connection #0 to host 127.0.0.1 left intact
}* Closing connection #0

Any help would be awesome.


回答1:


I ran into this same issue. I can't answer your question about the command line magic to tell CURL not to send the content-type on the initial request (I don't think there is any magic).

However, I can tell you that the root cause of the issue is that Node+Express(connect) is sending the initial digest request through the bodyParser and since the application/json headers are there it tries to parse the body (which is empty). Personally I don't think express should freak out if the body is empty, instead just return an empty JSON structure (my work around below).

There may be a better (official) workaround in the future as this particular issue is in discussion right now on github here (1 day old) https://github.com/senchalabs/connect/issues/415

My workaround (connect/lib/middleware/json.js:70)

if (0 == buf.length) {
//  return next(400, 'invalid json, empty body');
    req.body = {};
    return next();
}


来源:https://stackoverflow.com/questions/15552053/curl-command-for-digest-auth-using-a-json-post

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!