对摘要式身份验证的错误请求（用户：false）

Question

我试图在使用Passport的应用程序中实现摘要式身份验证，但我遇到了以下问题，无法弄清楚如何解决它。

当我卷曲我的“受保护的URL”如下，我得到一个400 - 错误请求响应：

$curl --user test:123456 --digest http://localhost:3000/users 

您可以在年底全部卷曲请求/响应。

我已经试过为了看它是什么让使用自定义回调passport.authenticate：

users.get('/', function(req, res, next) { 
    passport.authenticate('digest', {session: false}, function(err, user, info) { 
    console.log('Err: %s', err); 
    console.log('User: %s', user); 
    console.log('Info: %s', info); 
})(req, res, next); 
}, otherMiddleware); 

，结果是：

Err: null 
User: false 
Info: Digest realm="Users", nonce="YTFqg2z17mYU039DvuLzONN48F0q1Xmk", qop="auth" 

所以我认为，用户没有正确发送，但无法弄清楚原因。

我已经配置了护照使用摘要身份验证如下：

• 我试图设置好的默认选项舍弃了一切，所以现时和境界参数通过护照
• 样品outpout设置好的在不同的时间被采取，这就是为什么nonce值不一样。
• 如果我将策略改为“基本”，它就会起作用。

index.js：

// ... 
var passport = require('passport); 
var usersRoute = require('./routes/users'); 

// ... 

app.use(passport.initialize()); 
app.use('/users', usersRoute); 

users.js

var passport = require('passport'), 
    DigestStrategy = require('passport-http').DigestStrategy, 
    User = require('../../models/users'); 


passport.use(new DigestStrategy({qop: 'auth'},function(username, done) { 
    User.findOne({username: username}, function (err, user) { 
    if (err) {return done(err);} 
    if (!user) {return done(null, false);} 
    return done(null, user, user.password); 
    }); 
})); 

users.get('/', passport.authenticate('digest', {session: false}), function(req, res) { 
    res.send('Hi!'); 
}); 

然后，当我尝试：

$curl --user test:123456 --digest http://localhost:3000/users 

我得到一个 “400 - 错误的请求” 响应。

我在-v选项上留下了一个完整的curl命令输出。

Eileen :: ~ » curl -v --user test:123456 --digest http://localhost:3000/users 
    * Adding handle: conn: 0x7f858b803a00 
    * Adding handle: send: 0 
    * Adding handle: recv: 0 
    * Curl_addHandleToPipeline: length: 1 
    * - Conn 0 (0x7f858b803a00) send_pipe: 1, recv_pipe: 0 
    * About to connect() to localhost port 3000 (#0) 
    * Trying ::1... 
    * Trying 127.0.0.1... 
    * Connected to localhost (127.0.0.1) port 3000 (#0) 
    * Server auth using Digest with user 'test' 
    > GET /users HTTP/1.1 
    > User-Agent: curl/7.30.0 
    > Host: localhost:3000 
    > Accept: */* 
    > 
    < HTTP/1.1 401 Unauthorized 
    < X-Powered-By: Express 
    < WWW-Authenticate: Digest realm="Users", nonce="Ah0vZigHMrDx6SMcA3cMeaFm46RtYmv9", qop="auth" 
    < Date: Wed, 18 Jun 2014 11:13:58 GMT 
    < Connection: keep-alive 
    < Transfer-Encoding: chunked 
    < 
    * Ignoring the response-body 
    * Connection #0 to host localhost left intact 
    * Issue another request to this URL: 'http://localhost:3000/users' 
    * Found bundle for host localhost: 0x7f858b4151c0 
    * Re-using existing connection! (#0) with host localhost 
    * Connected to localhost (127.0.0.1) port 3000 (#0) 
    * Adding handle: conn: 0x7f858b803a00 
    * Adding handle: send: 0 
    * Adding handle: recv: 0 
    * Curl_addHandleToPipeline: length: 1 
    * - Conn 0 (0x7f858b803a00) send_pipe: 1, recv_pipe: 0 
    * Server auth using Digest with user 'test' 
    > GET /users HTTP/1.1 
    > Authorization: Digest username="test", realm="Users", nonce="Ah0vZigHMrDx6SMcA3cMeaFm46RtYmv9", uri="/users", cnonce="ICAgICAgICAgICAgICAgICAgICAgIDE0MDMyNjc5MTY=", nc=00000001, qop=auth, response="7c7d3c5bb1b8882915d3ffe1a2b0231c" 
    > User-Agent: curl/7.30.0 
    > Host: localhost:3000 
    > Accept: */* 
    > 
    < HTTP/1.1 400 Bad Request 
    < X-Powered-By: Express 
    < Date: Wed, 18 Jun 2014 11:13:58 GMT 
    < Connection: keep-alive 
    < Transfer-Encoding: chunked 
    < 
    * Connection #0 to host localhost left intact 
    Bad Request% 

Answer 1

我遇到了类似的问题，并认为，在我们的两种情况下，问题在于passport-http对安装的应用程序无效。

有一个公开的拉请求，https://github.com/jaredhanson/passport-http/pull/16，如果可以通过CI构建可以修复该错误。

解决方法是仅删除Express路由器实例并传递应用实例以将所有端点直接安装在应用对象上。