Authorization through API with MD5 hashed password
28 views
Skip to first unread message
Michel Hageman
Feb 14, 2024, 12:22:57 PM2/14/24
to Mistserver.org
Hello all,
I'm trying to authorize with a curl-command to the Mistserver api as follows:
curl -X GET https://mistserver.server.com/api?command=%7B%22authorize%22%3A%7B%22username%22%3A%22username1%22%2C%22password%22%3A%22a5762fbd2b0104e61a47ec748290842e
I'm trying to authorize with a curl-command to the Mistserver api as follows:
curl -X GET https://mistserver.server.com/api?command=%7B%22authorize%22%3A%7B%22username%22%3A%22username1%22%2C%22password%22%3A%22a5762fbd2b0104e61a47ec748290842e
I'm getting the CHALL response back all the time. I use the Username that we use to login to the web-api. The password I generated as per the documentation by:
MD5 (MD5 (password) + challenge), where Password is of course the password we use to login.
But it doesn't function and gives me the error....
When I try it through an api on the website, I get the same results.
Could somebody please help me with this? What am I doing wrong here?
Regards,
Michel
MD5 (MD5 (password) + challenge), where Password is of course the password we use to login.
But it doesn't function and gives me the error....
When I try it through an api on the website, I get the same results.
Could somebody please help me with this? What am I doing wrong here?
Regards,
Michel
Balder Vietor
Feb 15, 2024, 3:49:20 AM2/15/24
to mists...@googlegroups.com
Hey Michel,
The curl command you shared doesn't get closed, though that could just be a copy to mail mistake. You seem to be missing the final "} to close it. It would keep repeating the challenge if you got the authorization wrong, and not closing the password could cause that.
Since you're using curl you can also look at our bash example, it uses curl, jq, md5sum, cut & cat
That should give you a good hint as well.
With kind regards,
Balder Viëtor
Head of Testing
Balder Viëtor
Head of Testing
MistServer
--
You received this message because you are subscribed to the Google Groups "Mistserver.org" group.
To unsubscribe from this group and stop receiving emails from it, send an email to mistserver+...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/mistserver/7dd12c86-fb6f-4dcc-837e-c9c13e4f0c99n%40googlegroups.com.
Michel Hageman
Feb 15, 2024, 5:36:04 AM2/15/24
to mists...@googlegroups.com
Thank you, again, Baldor,
I managed to get the curl command in an API action now, I just used the formula with the MD5 hashing to get to the hash, after having closed it, thanks, and am able to log in locally.
All other API actions run fine like this, adding a stream, removing it etc. So the code is functional. I am still not able to login to a remote instance though. The CHALL comes up again.
Could it be the reverse proxy not sending the headers? This Nginx as a reverse proxy. And, if you remember, I had to put extra code in to get the port 8080 working behind it on the same sub domain name as the API, which is HTTPS.
Anyway, thank you for your time and your answer! When we grow as a company, I'm going to hire you guys, you're great!
Thanks again!
Op do 15 feb. 2024 09:49 schreef Balder Vietor <balder...@ddvtech.com>:
To view this discussion on the web visit https://groups.google.com/d/msgid/mistserver/CAKPFDa3%2B8zfyVe00VDEiKnYjwUB2y2ijfsqc_D-VSOmz3ZYYVQ%40mail.gmail.com.
Michel Hageman
Feb 15, 2024, 5:44:55 AM2/15/24
to mists...@googlegroups.com
And I'm sorry for spelling your name wrong Balder... I was working on the mobile telephone and it corrected it I guess.
Op do 15 feb 2024 om 11:35 schreef Michel Hageman <mhag...@gmail.com>:
Balder Vietor
Feb 15, 2024, 7:25:41 AM2/15/24
to mists...@googlegroups.com
Hey Michel,
No worries about the name, happens way more often so I barely notice it.
On local the CHALL isn't necessary, so if you're testing this on the same server as MistServer it could mean the script you've made isn't working. Then again if you only ever need to run this locally it won't matter too much...
The CHALL being repeated means it failed.
Did just confirm using with our jsontest (which shows how the JSON is parsed) that technically only closing the password field is needed:
Valid JSON
jsontest
{"authorize":{"username":"username1","password":"a5762fbd2b0104e61a47ec748290842e"}}
{
"authorize":{
"password":"a5762fbd2b0104e61a47ec748290842e",
"username":"username1"
}
}
{"authorize":{"username":"username1","password":"a5762fbd2b0104e61a47ec748290842e"}}
{
"authorize":{
"password":"a5762fbd2b0104e61a47ec748290842e",
"username":"username1"
}
}
Missing "}}
jsontest
{"authorize":{"username":"username1","password":"a5762fbd2b0104e61a47ec748290842e
{
"authorize":{
"password":"a5762fbd2b0104e61a47ec748290842ee",
"username":"username1"
}
}
{"authorize":{"username":"username1","password":"a5762fbd2b0104e61a47ec748290842e
{
"authorize":{
"password":"a5762fbd2b0104e61a47ec748290842ee",
"username":"username1"
}
}
Only "
jsontest
{"authorize":{"username":"username1","password":"a5762fbd2b0104e61a47ec748290842e"
{
"authorize":{
"password":"a5762fbd2b0104e61a47ec748290842e",
"username":"username1"
}
}
jsontest
{"authorize":{"username":"username1","password":"a5762fbd2b0104e61a47ec748290842e"
{
"authorize":{
"password":"a5762fbd2b0104e61a47ec748290842e",
"username":"username1"
}
}
The password grew an additional "e" when not closing the password field properly. So that would mean the CHALL indeed fails as it wouldn't match the needed result.
The jsontest is in the build/test directory if you're compiling MistServer yourself. It can be used by starting it, pasting/typing the json and then closing it with "ctrl+d" to show the result.
With kind regards,
Balder Viëtor
Head of Testing
Balder Viëtor
Head of Testing
MistServer
To view this discussion on the web visit https://groups.google.com/d/msgid/mistserver/CAEb0UUAJKA%2Bqit_iE6KjqmXR3Z-foZ91H_FNzy1d0QJzwBVHyw%40mail.gmail.com.
Reply all
Reply to author
Forward
0 new messages