Hey there @rahenr, have you tried this guide?
where is the api docs for nodebb?
-
where is the api docs for nodebb?
i want to know how to post to nodebb/login for authentication
and what's its response.thanks.
-
You can mimic a standard login by
POST
ing/login
with username and password (and csrf token).Otherwise, if you're looking to access protected user data via API, then you may want to look into Write API, which allows you to use bearer tokens to access user data.
-
i write code like it's in the test .js below:
async function loginNodeBB(name,pass) { let jar = request.jar(); let res = await request.post('https://localhost/login',{ form: { username: name, password: pass }, json: true, jar: jar, rejectUnauthorized: false, requestCert: true, agent: false, headers: { } }); console.log(res.body); } loginNodeBB('creatxr','creatxr');
console message is:
username=creatxr&password=creatxr
it doesn't get the info if the user is authenticated or not !
-
if i do like this
async function loginNodeBB(name,pass) { let jar = request.jar(); let res = await request.post('https://172.16.220.133/login',{ form: { username: name, password: pass }, json: true, jar: jar, rejectUnauthorized: false, requestCert: true, agent: false, headers: { } }, function (err, response, body) { console.log(body); console.log('1111111111111'); } ); console.log(res.body); }
output is:
username=creatxr&password=creatxr
Forbidden
1111111111111 -
Looks like you're not passing CSRF token in. You can get it by checking
config.csrf_token
on client side. Pass it in underx-csrf-token
header. -
async function loginNodeBB(name,pass) { let jar = request.jar(); let res = await request({ url: 'https://172.16.220.133/api/config', json: true, jar: jar, rejectUnauthorized: false, requestCert: true, agent: false, }, function(err,res,body) { if(err) { console.log(err); } console.log('11111111111111'); request.post('https://172.16.220.133/login', { form: { username: name, password: pass, }, json: true, jar: jar, rejectUnauthorized: false, requestCert: true, agent: false, headers: { 'x-csrf-token': body.csrf_token, }, }, function (err, res, body) { //callback(err, response, body, jar); console.log(err); // console.log(res); // console.log(jar); }); } ); }
now i change like this,
even username or password is wrong,
the err always is 'null'
how can i know authentication is passed? -
@creatxr
res.statusCode
-
thanks.
if success, code is 200 ? i think i get it.
if not , code is 403 ? or maybe has others. -
Not to be picky, but
request
is not a Promise.async
is doing nothing. -
yes, i know. i've tried. console print before data return.
i just want to know how the auth works, then to find the way to do what i want.
thanks
-
it seems that 'jar' option is required. without it, even with csrf token, the reponse is '403 err'
-
This post is deleted! -
This post is deleted! -
now the code below with axios is success.
const axiosCookieJarSupport = require('axios-cookiejar-support').default; const tough = require('tough-cookie'); axiosCookieJarSupport(axios); async function authNodeBB(name,pass) { let cookieJar = new tough.CookieJar(); let instance = await axios.create({ jar:cookieJar, withCredentials: true, httpsAgent: new https.Agent({ rejectUnauthorized: false, requestCert: true, keepAlive: true}) }); let res = await instance.get('https://172.16.220.133/api/config'); console.log(res.data.csrf_token); instance.defaults.headers['x-csrf-token'] = res.data.csrf_token; res = await instance.post('https://172.16.220.133/login',{username:name,password:pass}); console.log(res.statusCode); console.log(res); }
-
the code with promised request is success
async function authBB(name,pass) { let jar = requestPromise.jar(); let res = await requestPromise({ url: 'https://172.16.220.133/api/config', json: true, jar: jar, rejectUnauthorized: false, requestCert: true, agent: false, }); console.log(res.csrf_token); res = await requestPromise.post('https://172.16.220.133/login', { form: { username: name, password: pass, }, json: true, jar: jar, rejectUnauthorized: false, requestCert: true, agent: false, headers: { 'x-csrf-token': res.csrf_token, }, // resolveWithFullResponse: true }); console.log(res.header.user); console.log(res); console.log(res.statusCode); }
-
the code with python is success
#coding=utf-8 import requests client = requests.session() csrf = client.get(url='https://172.16.220.133/api/config', verify=False).json()["csrf_token"] print csrf r = client.post(url='https://172.16.220.133/login', verify=False, data={'username':'creatxr', 'password':'creatxr'}, headers={'x-csrf-token': csrf}) print r.content
-
Glad to hear it
-
-
If you are getting
uid===-1
on the/api/config
route it means your request was classified as a spider. https://github.com/NodeBB/NodeBB/blob/master/src/routes/authentication.js#L38