| Auth Challenge troubles... |
[Aug. 26th, 2004|12:42 am]
LiveJournal Client Discussions
|
I'm having a problem with getting the challenge method to work; in fact, I can't get it to work at all.
I've studied the protocol documentation and tried looking at the perl example, but I'm not all that familiar with perl.
For right now, in the first stages of my client development, I'm starting off with the flat protocol. I have the client logging in with the clear text, but I don't know how to do the challenge method.
What exactly am I supposed to send to the server to issue the challenge? And how is it sent?
"Essentially, you generate a challenge by issuing a blank request to the getchallenge method. If your method call is successful you're given:"
How is that blank request to the getchallenge method issued?
Thanks. |
|
|
| Comments: |
I just tried this, it worked like a champ...
user=vanbeast&mode=getchallenge
I've not worked with the flat protocol, so there may be more that you need there for a "proper" submission, but that got the job done.
Turns out you don't even need to send a username.
Yup, mode=getchallenge is all I am sending and it works great. The response body you get back is just some long string. You don't have to worry what that string is. Just take the full response body, append the HEX MD5 hash of the users password. Then generate the HEX MD5 hash of that. In psudo C style code you get:
str GetChalengeResponse() {
str ServerChallenge = HTTPRequest("mode=getchallenge");
str PasswordMD5 = Str2MD5Hex("password");
str ChalengeResponse = Str2MD5Hex(ServerChallenge + PasswordMD5);
// Send the ChalengeResponse string to all the other protocol modes
return ChalengeResponse;
}
str HTTPRequest(str Body) {
// Impliment sending HTTP request to server her with the given Body
// Return the full HTTP response body from this method
}
str Str2MD5Hex(str Text) {
// Impliment generating a LOWER CASE MD5 Hex hash for the given Text
}
One thing to note which took my ages to figure out is that the MD5 hashes are case sensative! So if your MD5 generator generates mixed case hashes (as the one I am useing does) remember to make them all lower case!
Actually, the server returns a bunch of crap, not just the challenge...
auth_scheme
c0
challenge
c0:1093496400:3277:60:TIT5jfZ88taNAZmjevaQ:b03bb1880829dead6d48b53cc45128d1
expire_time
1093499737
server_time
1093499677
success
OK
from a call just now. If you try to hash your response with the entire response body, it's not going to work. You have to extract the challenge key/value pair and just use that value.
Oops! You're totaly right. Serves me right for trying to write code from memory at 7am when I have had no sleep yet! lol
If I hadn't just been telnetting to the server and issuing getchallenge commands to answer the post in the first place, there's no way I would have known! I've never used the flat protocol... on top of that, I've been in FotoBilder land, where everything is in HTTP headers anyway :)
Of course I just noticed (from his main journal) that  dragon is using VB6, so my C sntax code may be as lost on him as the PERL code! My VB6 is rather rusty now so I best not attempt providing any code in it at this early hour of the morning!
Sorry dagon! I really need sleep!
Ok WHY have I hard coded the password!! Password should be a perameter of the CetChalengeResponse method!
I give up! lol
Oh my god that was so easy! I had been trying to issue the command by using auth_method=challenge (which I now understand that it's only used when you're logging in (mode=login)), and sending just getchallenge, and a couple other ways of trying it.
Thanks a lot.
And yes indeed, I'm using VB6, although I know C a -little- bit more than I know perl. :)
I -think-, at least from what I've seen, that my client will be the first VB6 client -- or at least the first that will be open source (most likely). I know I'm a little behind the times with VB6, and a lot of people are using some flavor of .NET, but I love my good ol VB6.
Thanks for the help guys! | |
