3

I'm doing it through the REST API. Two questions

1) I want to push some existing data to Quickblox custom object. How many REST calls do I need? (I am not really clear about the whole state of affair involving computer security.) Is it first to (a) Get a session token. And then just follow Create new record here?

2) I'm trying to get a session token but I'm getting {"errors":{"base":["Unexpected signature"]}} as response. Here is my code to genereate nonce, signature, and getting session token:

# Of course these are not really 0, x, and y's.
appId = '0000'
authKey = 'XXXXXXXXXXX'
authSecret = 'YYYYYYYYYYYYYY'

def getNonce():
    import random
    return random.random()

def createSignature(nonce):
    import hashlib
    import hmac
    import binascii
    import time
    stringForSignature = 'application_id={id}&auth_key={auth_key}&nonce={nonce}&timestamp={timestamp}'.format(id=appId,
                           auth_key=authKey, nonce=nonce, timestamp=time.time())
    hmacObj = hmac.new(authKey, stringForSignature, hashlib.sha1)
    return binascii.b2a_base64(hmacObj.digest())[:-1] # -1 to get rid of \n

def getSessionToken():
    import time
    epoch = "%s" % int(time.time())
    nonce = getNonce()
    params = {'application_id': appId,
                    'auth_key': authKey,
                   'timestamp': epoch,
                       'nonce': nonce,
                   'signature': createSignature(nonce)}
    jsonData = json.dumps(params)

    httpHeaders = {'Content-Type': 'application/json',
                   'QuickBlox-REST-API-Version': '0.1.0'}

    r = requests.post('https://api.quickblox.com/session.json', data=jsonData, headers = httpHeaders)
    print 'status code:', r.status_code
    responseJson = r.text
    print responseJson
    response = json.loads(responseJson)

getSessionToken()

I suppose it's the way the signature is generated that is causing the problem?

huggie
  • 17,587
  • 27
  • 82
  • 139
  • I'm I suppose to use authSecret instead of authKey in the call to hmac.new? But I replaced it and I'm still getting the same response back. – huggie Jul 31 '13 at 05:18

2 Answers2

2

Here is the answer to my question. It turns out that timestamp should be integer only, hamc should use the secret key, and https://api.quickblox.com/auth.json should be used instead of session. And also I didn't use the right encoding for my signature.

Community
  • 1
  • 1
huggie
  • 17,587
  • 27
  • 82
  • 139
2

I have found the following problem in your code:

  • Func. RANDOM - We need the integer value (not between 0 and 1)
  • Func. timestamp. You calculate "timestamp" twice. It is better to use one time "timestamp"
  • (def createSignature) - as your alredy know... Your code use the other algoruthm, than we need.

I recomend you to use the following code, where mistake above were modified. As result you will get the following auth: --------- Request -------------------------------- --------- Request With User authorization --------- --------- Request With Device parameters ----------

# -*- encoding: utf-8 -*-
# Link: http://quickblox.com/developers/Authentication_and_Authorization#Signature_generation
import json
import requests
import sha
import hmac
#========== YOUR DATA =======================
application_id = 'XXXX'
authorization_key = 'xxxxxxx-XXX-XX'
authorization_secret = 'XXXXXXXXXXXXXXXXXX'
var_login = 'user1'
var_password = 'password1'
# ===========================================

platform = "ios"     # like you want
udid = "7847674035"  # like you want


def getTimestampNonce():
    import random
    import time

    return str(time.time()), str(random.randint(1, 10000))

def createSignatureSimple(timestamp, nonce):
    stringForSignature = 'application_id={id}&auth_key={auth_key}&nonce={nonce}&timestamp={timestamp}'.format(id=application_id,
                           auth_key=authorization_key, nonce=nonce, timestamp=timestamp)

    return hmac.new(authorization_secret, stringForSignature, sha).hexdigest()

def getParamsSimple():
    timestamp, nonce = getTimestampNonce()
    return {'application_id': application_id,
            'auth_key': authorization_key,
            'timestamp': timestamp,
            'nonce': nonce,
            'signature': createSignatureSimple(timestamp, nonce)}

def createSignatureUser(timestamp, nonce):
    stringForSignature = 'application_id={id}&auth_key={auth_key}&nonce={nonce}&timestamp={timestamp}&user[login]={login}&user[password]={password}'.format(id=application_id,
                           auth_key=authorization_key, nonce=nonce, timestamp=timestamp, login=var_login, password=var_password)

    return hmac.new(authorization_secret, stringForSignature, sha).hexdigest()

def getParamsUser():
    timestamp, nonce = getTimestampNonce()
    return {'application_id': application_id,
            'auth_key': authorization_key,
            'timestamp': timestamp,
            'nonce': nonce,
            'signature': createSignatureUser(timestamp, nonce),
            'user': {'login': var_login,
                    'password': var_password}}

def createSignatureDevice(timestamp, nonce):
    stringForSignature = 'application_id={id}&auth_key={auth_key}&device[platform]={platform}&device[udid]={udid}&nonce={nonce}&timestamp={timestamp}&user[login]={login}&user[password]={password}'.format(id=application_id,
                           auth_key=authorization_key, platform=platform, udid=udid, nonce=nonce, timestamp=timestamp, login=var_login, password=var_password)

    return hmac.new(authorization_secret, stringForSignature, sha).hexdigest()

def getParamsDevice():
    timestamp, nonce = getTimestampNonce()
    return {'application_id': application_id,
            'auth_key': authorization_key,
            'timestamp': timestamp,
            'nonce': nonce,
            'signature': createSignatureDevice(timestamp, nonce),
            'user': {'login': var_login,
                    'password': var_password},
            'device': {'platform': platform,
                        'udid': udid}}

def getSessionToken():
    httpHeaders = {'Content-Type': 'application/json',
                   'QuickBlox-REST-API-Version': '0.1.0'}
    requestPath = 'https://api.quickblox.com/session.json'

    print "===================================================="
    print "---------  Request  --------------------------------"
    jsonData = json.dumps(getParamsSimple())
    r = requests.post(requestPath, data=jsonData, headers = httpHeaders)
    print 'status code:', r.status_code
    responseJson = r.text
    print responseJson
    print "===================================================="


    print "---------  Request With User authorization ---------"
    jsonData = json.dumps(getParamsUser())
    r = requests.post(requestPath, data=jsonData, headers = httpHeaders)
    print 'status code:', r.status_code
    responseJson = r.text
    print responseJson
    print "===================================================="


    print "---------  Request With Device parameters ---------"
    jsonData = json.dumps(getParamsDevice())
    r = requests.post(requestPath, data=jsonData, headers = httpHeaders)
    print 'status code:', r.status_code
    responseJson = r.text
    print responseJson
    print "====================================================="


getSessionToken()
Gurom
  • 61
  • 4