Laravel API cURL请求Python
I followed this Laravel token API tutorial: http://rjv.im/post/95988160186/api-token-authentication-with-laravel-and-sentry-part. I have written the following cURL request to communicate with my API:
curl -H "X-Auth-Token:tokenhere" http://localhost:8000/account
The request works properly, and accurately returns the expected data. When I translate this to Python I receive urllib2.HTTPError: HTTP Error 401: Unauthorized
import urllib2
req = urllib2.Request('http://localhost:8000/account')
req.add_header("X-Auth-Token", "tokenhere")
resp = urllib2.urlopen(req)
content = resp.read()
print content
If I pass user credentials using basic auth instead of an X-Auth-Token, the request works as expected:
import urllib2
def basic_authorization(user, password):
s = user + ":" + password
return "Basic " + s.encode("base64").rstrip()
req = urllib2.Request("http://localhost:8000/account", headers = { "Authorization": basic_authorization("usernameHere", "passwordHere"), })
f = urllib2.urlopen(req)
print f.read()
Any assistance would be much appreciated.
我遵循了这个Laravel令牌API教程: http://rjv.im/post/95988160186/api-token-authentication-with-laravel-and-sentry-part 。 我写了以下cURL请求与我的API通信: p>
curl -H“X-Auth-Token:tokenhere”http:// localhost:8000 / account
code> pre>
请求正常工作,并准确返回预期数据。 当我将其翻译为Python时,我收到 urllib2.HTTPError:HTTP错误401:未授权 code> p>
import urllib2
req = urllib2.Request('http: //localhost:8000/account')
req.add_header("X-Auth-Token“,”tokenhere“)
resp = urllib2.urlopen(req)
content = resp.read()
print content
code> pre>
如果我使用基本身份验证而不是X-Auth-Token传递用户凭据,请求将按预期工作: p>
import urllib2
def basic_authorization(user,password):
s = user +“:”+ password
return“Basic”+ s.encode(“base64”)。rstrip()
req = urllib2.Request (“http:// localhost:8000 / account”,headers = {“Authorization”:basic_authorization(“usernameHere”,“passwordHere”),})
f = urllib2.urlopen(req)
print f。 read()
code> pre>
非常感谢任何帮助。 p>
div>
There is something you missed in the tutorial. In the tokens table there is a column:
$table->string('client');
It is important from which client you are sending your request. I am using https://github.com/hisorange/browser-detect to detect from which client I got the request.
But for now I will just try to see User Agent. In my laravel code I just logged every request to see what's happening with the following code:
Route::filter('auth.token', function($route, $request)
{
....
Log::info($request);
....
}
Now, Let's see:
When I use curl from command line:
curl -u user@example.com:password -X GET http://localhost:8000/account
My User Agent is
User-Agent: curl/7.32.0
I sent the same from python using your code above, User Agent is:
User-Agent: Python-urllib/2.7
Ah! That must be it. You have to authenticate your user at least once using Basic Auth, it will give you a token and that token is valid for only that client. In the first part http://rjv.im/post/78940780589/api-token-authentication-with-laravel-and-sentry-part of tutorial there was no such condition. In the comments I received someone posted a query on how to support multiple clients, so this example was made to solve that problem.
Apart from that, may I suggest this library: https://github.com/chrisbjr/api-guard It supports Rate Limiting, easy to integrate with Sentry. It's a bit different from my tutorial. Using my solution you can hit any endpoint using Basic Auth or Token. Using above library, only token is permitted, so there is dedicated route to generate token. Let me know how it goes.