1

我正在尝试将 codeigniter-restserver 代码集成到我现有的 CI3 项目中。我不知道如何通过身份验证获得工作凭据。

这是它卡住的代码(REST_Controller.php):

    if (strcasecmp($digest['response'], $valid_response) !== 0)
    {
        // Display an error response
        $this->response([
                $this->config->item('rest_status_field_name') => "false",
                $this->config->item('rest_message_field_name') => $this->lang->line('text_rest_invalid_credentials')
            ], self::HTTP_UNAUTHORIZED);
    }

rest.php // 配置

$config['rest_auth'] = 'digest';
$config['auth_source'] = 'library';
$config['auth_library_class'] = 'auth_model';
$config['auth_library_function'] = 'validate_user';

上面提到的类(来自数据库的认证):

function validate_user($username='',$password=null)
    {
        if($username!=''&&$password!=null)
        {
            $this->db->select('md5');
            $this->db->where('username', $username);
            $query = $this->db->get('user');
            $result = $query->result_array();
            return $result[0]['md5']; // stored as md5(username:realm:password);
        }
        return false;
    }

响应json:

{"status":"false","error":"Invalid credentials"}

使用邮递员,这是我为标题设置的方式:

Digest username="user", realm="REST API", nonce="", uri="/restapi/dashboard", response="928e85782ff2322fd2232ebbac4f058f", opaque=""
4

2 回答 2

1

确保您包含 qop=auth在授权中

于 2017-08-17T08:15:44.500 回答
0

@Japheth 是对的,但是您应该添加 Nonce、Nonce Count 和 Client Nonce 一个值空白就可以了。

nonce=" "  // Nonce
nc=" "     // Nonce Count
cnonce=" " // Client Nonce
qop=auth

标头将如下所示:

Authorization:Digest username="user", realm="REST API", nonce=" ", uri="/restapi/dashboard", qop=auth, nc= , cnonce=" ", response="928e85782ff2322fd2232ebbac4f058f", opaque=""
于 2017-09-29T04:26:50.670 回答