我正在尝试访问 Shopware 的 REST API。我使用的是 Shopware 5.1.3 版。我正在使用 documentation 的代码.
我总是收到一个 http 代码 400(无效或缺少授权)。
当我尝试通过 Google Chrome 访问 API 时,它会在使用 http 身份验证登录后运行,因此凭据应该没问题。
我猜 Chrome 发送的身份验证 header 与我使用 PHP curl 发送的不同。
使用 Chrome:
Accept:text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Encoding:gzip, deflate, sdch
Accept-Language:nl-NL,nl;q=0.8,en-US;q=0.6,en;q=0.4
Authorization:Digest username="demo", realm="Shopware REST-API", nonce="7aa6aa7e8089c60e5930cb45ead39197", uri="/api/articles", algorithm=MD5, response="cee77e425508605dfbcf2deda8f83938", opaque="d75db7b160fe72d1346d2bd1f67bfd10", qop=auth, nc=0000001e, cnonce="8b5121e862c4fce1"
Cache-Control:max-age=0
Connection:keep-alive
Cookie:session-1=2d0cb2941684d2767e76ffeb48c7337706cba39c
Host:shopware.example.com
Upgrade-Insecure-Requests:1
User-Agent:Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/48.0.2564.116 Safari/537.36
使用 PHP Curl
GET /api/articles? HTTP/1.1\r\n
Host: shopware.example.com\r\n
Authorization: Digest username="demo",realm="",nonce="806c9770a53bf2f82b87734a9d8eb98c",uri="/api/articles?",cnonce="60e6c8db046db8f4e63fece37e38f92e",nc=00000001,algorithm=MD5,response="299069d4659af386a4ec7058796267c2",qop="auth",opaque="d75db7b160fe72d1346d2bd1f67bfd10"\r\n
User-Agent: Shopware shopwareApiClient\r\n
Accept: */*\r\n
Content-Type: application/json; charset=utf-8\r\n
Content-Length: 2\r\n
用于获取 header 信息的额外 PHP curl 指令:
curl_setopt($this->cURL, CURLINFO_HEADER_OUT, true);
print_r(curl_getinfo($this->cURL, CURLINFO_HEADER_OUT ));
我使用的代码:
<?php
namespace App;
class shopwareApiClient
{
const METHOD_GET = 'GET';
const METHOD_PUT = 'PUT';
const METHOD_POST = 'POST';
const METHOD_DELETE = 'DELETE';
protected $validMethods = array(
self::METHOD_GET,
self::METHOD_PUT,
self::METHOD_POST,
self::METHOD_DELETE
);
protected $apiUrl;
protected $cURL;
public function __construct($apiUrl, $username, $apiKey)
{
$this->apiUrl = rtrim($apiUrl, '/') . '/';
//Initializes the cURL instance
$this->cURL = curl_init();
curl_setopt($this->cURL, CURLOPT_RETURNTRANSFER, true);
curl_setopt($this->cURL, CURLOPT_FOLLOWLOCATION, false);
curl_setopt($this->cURL, CURLOPT_USERAGENT, 'Shopware shopwareApiClient');
curl_setopt($this->cURL, CURLOPT_HTTPAUTH, CURLAUTH_DIGEST);
curl_setopt($this->cURL, CURLOPT_USERPWD, $username . ':' . $apiKey);
curl_setopt($this->cURL, CURLOPT_HTTPHEADER, array(
'Content-Type: application/json; charset=utf-8',
));
curl_setopt($this->cURL, CURLINFO_HEADER_OUT, true);
}
public function call($url, $method = self::METHOD_GET, $data = array(), $params = array())
{
if (!in_array($method, $this->validMethods))
{
throw new Exception('Invalid HTTP-Methode: ' . $method);
}
$queryString = '';
if (!empty($params))
{
$queryString = http_build_query($params);
}
$url = rtrim($url, '?') . '?';
$url = $this->apiUrl . $url . $queryString;
$dataString = json_encode($data);
curl_setopt($this->cURL, CURLOPT_URL, $url);
curl_setopt($this->cURL, CURLOPT_CUSTOMREQUEST, $method);
curl_setopt($this->cURL, CURLOPT_POSTFIELDS, $dataString);
$result = curl_exec($this->cURL);
dd(curl_getinfo($this->cURL, CURLINFO_HEADER_OUT ));
$httpCode = curl_getinfo($this->cURL, CURLINFO_HTTP_CODE);
return $this->prepareResponse($result, $httpCode);
}
public function get($url, $params = array())
{
return $this->call($url, self::METHOD_GET, array(), $params);
}
public function post($url, $data = array(), $params = array())
{
return $this->call($url, self::METHOD_POST, $data, $params);
}
public function put($url, $data = array(), $params = array())
{
return $this->call($url, self::METHOD_PUT, $data, $params);
}
public function delete($url, $params = array())
{
return $this->call($url, self::METHOD_DELETE, array(), $params);
}
protected function prepareResponse($result, $httpCode)
{
echo "<h2>HTTP: $httpCode</h2>";
if (null === $decodedResult = json_decode($result, true))
{
$jsonErrors = array(
JSON_ERROR_NONE => 'No error occurred',
JSON_ERROR_DEPTH => 'The maximum stack depth has been reached',
JSON_ERROR_CTRL_CHAR => 'Control character issue, maybe wrong encoded',
JSON_ERROR_SYNTAX => 'Syntaxerror',
);
echo "<h2>Could not decode json</h2>";
echo "json_last_error: " . $jsonErrors[json_last_error()];
echo "<br>Raw:<br>";
echo "<pre>" . print_r($result, true) . "</pre>";
return;
}
if (!isset($decodedResult['success']))
{
echo "Invalid Response";
return;
}
if (!$decodedResult['success'])
{
echo "<h2>No Success</h2>";
echo "<p>" . $decodedResult['message'] . "</p>";
return;
}
echo "<h2>Success</h2>";
if (isset($decodedResult['data']))
{
echo "<pre>" . print_r($decodedResult['data'], true) . "</pre>";
}
return $decodedResult;
}
}
编辑:找到一个 php bug report其中指出 PHP 在 5.6 及更高版本的 Windows 中存在错误。我在 Windows 上使用 XAMP。我打算在 Linux 上试试看它是否有效。
最佳答案
bug report是正确的。我在 Windows 上使用 XAMP 和 PHP 5.6。
将我的 PHP 代码放到 linux 机器上后,代码就可以运行了。
引用错误报告:
[2015-07-19 09:51 UTC] roeycohen at gmail dot com
Description:
trying to use curl_exec with digest authentication does not work properly. running the test script always fails to pass the security challenge. using the browser or wget directly works perfectly.
also, trying to run the same test on another server of mine, works from an amazon linux with php 5.5.21 but does not work from my windows 7 x64 machine with php 5.6.11.
trying to run the test with php 5.5 or 5.4 using CLI on several windows machines caused a complete crush of the php executable.
it seems like bug #69088 is related, but this bug also happens on linux (5.5).
Test script:
<?
$curl = curl_init();
$curl_options = [
CURLOPT_HTTPAUTH => CURLAUTH_ANY,
CURLOPT_USERPWD => 'test_user:password',
CURLOPT_URL => 'http://test_user:password@httpbin.org/digest-auth/auth/user/password',
CURLOPT_HEADER => true,
];
curl_setopt_array($curl, $curl_options);
curl_exec($curl);
curl_close($curl);
Expected result:
{ "authenticated": true, "user": "user" }Actual result:
"Authentication failed" (with header 401)[2015-12-28 16:33 UTC] gohel at basicguru dot de
I have the same problem with PHP-clients/scripts and the CalDAV/SabreDAV-framework (also included in Owncloud, Baikal, etc.) on my Apache 2.4.17 (Win32/VC11 from Apachelounge on Win7/64).
I've played a little bit with different versions of the PHP 5.6.x releases and found the following:
- php_curl.dll <= v5.6.4 - no problems
- php_curl.dll v5.6.5/v5.6.6 - crash with Auth_Digest
- php_curl.dll => v5.6.7 - Auth_Digest failed
The bug is also in the PHP 5.5 release and PHP 5.4 (last stable PHP_CURL.DLL I've found in v5.4.36)
关于php - Shopware REST Api - 无效或缺少授权,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/35701061/
我有两个Rails模型,即Invoice和Invoice_details。一个Invoice_details属于Invoice,一个Invoice有多个Invoice_details。我无法使用accepts_nested_attributes_forinInvoice通过Invoice模型保存Invoice_details。我收到以下错误:(0.2ms)BEGIN(0.2ms)ROLLBACKCompleted422UnprocessableEntityin25ms(ActiveRecord:4.0ms)ActiveRecord::RecordInvalid(Validationfa
我想知道我应该引用什么异常名称。我的日期无效。我检查了文档,但找不到。BeginDate.new(day,month,year)Rescueexceptionnamestatements 最佳答案 我认为您正在寻找ArgumentError.使用irb:>Date.new(2,-200,3)ArgumentError:invaliddatefrom(irb):11:in`new'from(irb):11所以beginDate.new(2,-200,3)rescueArgumentError#yourlogicend
Doorkeeper中Token和Grant的区别我搞不清楚。Doorkeeper在哪个时刻创建访问授权,何时创建访问token?文档似乎对此什么也没说,现在我正在阅读代码,但不是十几行。 最佳答案 我还建议阅读documentationofoauth2据我了解,Doorkeeper也是基于该文档中描述的协议(protocol)。在doorkeeper中,你会先获得accessgrant,然后是accesstoken。访问授权通常只存在很短的时间(doorkeeper中的默认值为10分钟)。您将通过向api-url/oauth/au
按照目前的情况,这个问题不适合我们的问答形式。我们希望答案得到事实、引用或专业知识的支持,但这个问题可能会引发辩论、争论、投票或扩展讨论。如果您觉得这个问题可以改进并可能重新打开,visitthehelpcenter指导。关闭9年前。我来自C、php和bash背景,很容易学习,因为它们都有相同的C结构,我可以将其与我已经知道的联系起来。然后2年前我学了Python并且学得很好,Python对我来说比Ruby更容易学。然后从去年开始,我一直在尝试学习Ruby,然后是Rails,我承认,直到现在我还是学不会,讽刺的是那些打着简单易学的烙印,但是对于我这样一个老练的程序员来说,我只是无法将它
我正在尝试为自己创建一个直接连接到我的日历的应用程序……但我从不想参与重新验证。我只想编写一次身份验证代码并完成它。授权码如下:key=Google::APIClient::PKCS12.load_key(SERVICE_ACCOUNT_PKCS12_FILE_PATH,PASSWORD)asserter=Google::APIClient::JWTAsserter.new(SERVICE_ACCOUNT_EMAIL,'https://www.googleapis.com/auth/calendar',key)@client=Google::APIClient.new@client.a
为什么Ruby的strptime不将其转换为DateTime对象:DateTime.strptime('Monday10:20:20','%A%H:%M:%S')#=>ArgumentError:invaliddate虽然这些有效?DateTime.strptime('Wednesday','%A')#=>#DateTime.strptime('10:20:20','%H:%M:%S')#=># 最佳答案 这看起来像一个错误-minitech'scomment是正确的。不过,现在有一个解决方法(因为您可能希望它现在起作用):您可以在
我正在努力让google-api-ruby-clientgem按照这里的基本用法示例工作:基本用法require'google/apis/drive_v2'Drive=Google::Apis::DriveV2#Aliasthemoduledrive=Drive::DriveService.newdrive.authorization=...#SeeGoogleauthorSignetlibraries#SearchforfilesinDrive(firstpageonly)files=drive.list_files(q:"titlecontains'finances'")files
我正在使用Deviseauthtokengem用于验证我的Rails应用程序的某些部分。但是,当我尝试使用注册路径创建新用户时,出现以下错误{"errors":["Authorizedusersonly."]}。这是我用于测试的rspec代码,it'createsauserusingemail/passwordcombo'dopostapi_user_registration_path,{email:'xxx',password:'yyy',password_confirmation:'yyy'}putslast_response.bodyexpect(last_response.bo
有道无术,术尚可求,有术无道,止于术。本系列SpringBoot版本3.0.4本系列SpringSecurity版本6.0.2本系列SpringAuthorizationServer版本1.0.2源码地址:https://gitee.com/pearl-organization/study-spring-security-demo文章目录前言1.OAuth2AuthorizationServerMetadataEndpointFilter2.OAuth2AuthorizationEndpointFilter3.OidcProviderConfigurationEndpointFilter4.N
我正在寻找一个很好的基于角色的授权解决方案来与Authlogic一起使用。有人有什么好的建议吗?如果可能,请根据您的经验列出一些优缺点。 最佳答案 Acl9与AuthLogic配合得很好:http://github.com/be9/acl9/tree/master 关于ruby-on-rails-与Authlogic一起使用的一些好的角色授权解决方案是什么?,我们在StackOverflow上找到一个类似的问题: https://stackoverflow.c