It's all about the answers!

Ask a question

Nodejs Authentication to access REST APIs


Leonardo Schuler (112) | asked Oct 26 '18, 1:27 p.m.
edited Oct 26 '18, 1:29 p.m.
I am working on a node js automation to retrieve data from RTC, thru OSLC API or report API.

right now I am having trouble authenticating. my server uses a form base authentication, I have created a simple code to test that, based on what I could gather from the documentation and forum. the code and the credential seems ok, but I am keeping getting the authentication fail header message
 'x-com-ibm-team-repository-web-auth-msg': 'authfailed', I am posting the code here to see if someone can help me:



var request = require('request');

var cookies = request.jar();
var SERVER_BASE_URL = "-----------------------"; //removed PI
var USERNAME = "-----------------";  //removed PI
var PASSWORD = "----------------";  //removed PI


BaseRequest = request.defaults({
    headers: {
        //'Accept': 'application/rdf+xml',  // reliably available RDF representation
        //'OSLC-Core-Version': '2.0'
        "X-Requested-With":"XMLHttpRequest"
    },
    strictSSL: false,         // could not make it work with stricSSL
    jar: cookies,                // use the cookie jar to save cookies
    followAllRedirects: true  // for FORM based authentication
})

var LoginOptions = {
  url: SERVER_BASE_URL +'/authenticated/j_security_check',
  method:"POST",
  formData:{"j_username": USERNAME, "j_password": PASSWORD},
  resolveWithFullResponse: true ,
  headers:{
      "X-Requested-With":"XMLHttpRequest",
      'OSLC-Core-Version': '2.0',
      "Cache-Control":"no-cache,no-store,must-revalidate",
      "Pragma":"no-cache",
      "Expires":"-1"
    }
};

// setRequestHeader("X-jazz-downstream-auth-client-level","4.0"); 

    BaseRequest({
        url:SERVER_BASE_URL + "/authenticated/identity",
        method:"POST"
        }, function( err1, iResp, body1 ) {


            console.log(iResp.headers);
            console.log("indetity body:");
            console.log(body1)

            BaseRequest( LoginOptions , function ( error, response, body ) {
                if( error ) {
                    console.log("error")    
                } else {
                    console.log("sucess Login request");
                    console.log(response.headers);
                    //console.log("body:");
                    //console.log(body);
                }




                var myOptions = {
                        method:"GET",                       
                        url:SERVER_BASE_URL + "/authenticated/identity",
                }

                BaseRequest(myOptions ,  function(err2, resp2, body2) {
                    if( err2 ) {
                        console.log("Error 2");
                        console.log(err2)
                    } else {
                        console.log("sucess2");
                        console.log(resp2.headers);
                        console.log(body2);
                    }



                });
            });
        });



here is the log information:

{ 'x-powered-by': 'Servlet/3.1',
'content-type': 'text/json; charset=utf-8',
'content-language': 'en-US',
'set-cookie':
[ 'X-com-ibm-team-foundation-auth-loop-avoidance=false; Secure; HttpOnly' ],
'transfer-encoding': 'chunked',
connection: 'Close',
date: 'Fri, 26 Oct 2018 17:14:47 GMT',
expires: 'Thu, 01 Dec 1994 16:00:00 GMT',
'cache-control': 'no-cache="set-cookie, set-cookie2"' }
indetity body:
{
"userId": null,
"roles": [
]
}

sucess Login request
{ 'x-powered-by': 'Servlet/3.1',
'x-com-ibm-team-repository-web-auth-msg': 'authfailed',
'content-type': 'text/html; charset=UTF-8',
'content-language': 'en-US',
'transfer-encoding': 'chunked',
connection: 'Close',
date: 'Fri, 26 Oct 2018 17:14:49 GMT' }
sucess2
{
"userId": null,
"roles": [
]
}
 

One answer



permanent link
Leonardo Schuler (112) | answered Oct 30 '18, 8:59 a.m.
I was able to make the code work, the problem was in the form login submission, I will post the working code here, nothing fancy, just a place to start, I will probably create a module for this and share when it is done:



var request = require('request');

var cookies = request.jar();
var SERVER_BASE_URL = "______________________"; //SPI
var USERNAME = "_____________"; //SPI
var PASSWORD = "________"; //SPI


BaseRequest = request.defaults({
    headers: {
        "X-Requested-With":"XMLHttpRequest"
    },
    strictSSL: false,         // could not make it work with stricSSL
    jar: cookies,                // use the cookie jar to save cookies
    followAllRedirects: true  // for FORM based authentication
})

var LoginOptions = {
  url: SERVER_BASE_URL +'/authenticated/j_security_check',
  method:"POST",
  jar:cookies,

  form:{"j_username": USERNAME, "j_password": PASSWORD},
  resolveWithFullResponse: true ,
  headers:{
      'Content-Type' : 'application/x-www-form-urlencoded' ,
      'OSLC-Core-Version': '2.0',     
    }
};


    BaseRequest({
        url:SERVER_BASE_URL + "/authenticated/identity",
        method:"GET",
        jar:cookies,
        }, function( err1, iResp, body1 ) {


            console.log(iResp.headers);
            console.log("identity body:");
            console.log(iResp.body);


                BaseRequest( LoginOptions , function ( error, response, body ) {
                    if( error ) {
                        console.log("error")    
                    } else {
                        console.log("sucess Login request");
                        console.log(response.headers);
                    }




                    var myOptions = {
                            method:"GET",
                            jar:cookies,
                            url:SERVER_BASE_URL + "/authenticated/identity",
                    }

                    BaseRequest(myOptions ,  function(err2, resp2, body2) {
                        if( err2 ) {
                            console.log("Error 2");
                            console.log(err2)
                        } else {
                            console.log("sucess2");
                            console.log(resp2.headers);
                            console.log(body2);
                        }



                    });
                });

        });




Your answer


Register or to post your answer.