where is the api docs for nodebb?
-
You can mimic a standard login by
POSTing/loginwith username and password (and csrf token).Otherwise, if you're looking to access protected user data via API, then you may want to look into Write API, which allows you to use bearer tokens to access user data.
-
i write code like it's in the test .js below:
async function loginNodeBB(name,pass) { let jar = request.jar(); let res = await request.post('https://localhost/login',{ form: { username: name, password: pass }, json: true, jar: jar, rejectUnauthorized: false, requestCert: true, agent: false, headers: { } }); console.log(res.body); } loginNodeBB('creatxr','creatxr');
console message is:
username=creatxr&password=creatxr
it doesn't get the info if the user is authenticated or not !
-
if i do like this
async function loginNodeBB(name,pass) { let jar = request.jar(); let res = await request.post('https://172.16.220.133/login',{ form: { username: name, password: pass }, json: true, jar: jar, rejectUnauthorized: false, requestCert: true, agent: false, headers: { } }, function (err, response, body) { console.log(body); console.log('1111111111111'); } ); console.log(res.body); }output is:
username=creatxr&password=creatxr
Forbidden
1111111111111 -
async function loginNodeBB(name,pass) { let jar = request.jar(); let res = await request({ url: 'https://172.16.220.133/api/config', json: true, jar: jar, rejectUnauthorized: false, requestCert: true, agent: false, }, function(err,res,body) { if(err) { console.log(err); } console.log('11111111111111'); request.post('https://172.16.220.133/login', { form: { username: name, password: pass, }, json: true, jar: jar, rejectUnauthorized: false, requestCert: true, agent: false, headers: { 'x-csrf-token': body.csrf_token, }, }, function (err, res, body) { //callback(err, response, body, jar); console.log(err); // console.log(res); // console.log(jar); }); } ); }now i change like this,
even username or password is wrong,
the err always is 'null'
how can i know authentication is passed? -
@creatxr
res.statusCode -
Not to be picky, but
requestis not a Promise.asyncis doing nothing. -
now the code below with axios is success.
const axiosCookieJarSupport = require('axios-cookiejar-support').default; const tough = require('tough-cookie'); axiosCookieJarSupport(axios); async function authNodeBB(name,pass) { let cookieJar = new tough.CookieJar(); let instance = await axios.create({ jar:cookieJar, withCredentials: true, httpsAgent: new https.Agent({ rejectUnauthorized: false, requestCert: true, keepAlive: true}) }); let res = await instance.get('https://172.16.220.133/api/config'); console.log(res.data.csrf_token); instance.defaults.headers['x-csrf-token'] = res.data.csrf_token; res = await instance.post('https://172.16.220.133/login',{username:name,password:pass}); console.log(res.statusCode); console.log(res); } -
the code with promised request is success
async function authBB(name,pass) { let jar = requestPromise.jar(); let res = await requestPromise({ url: 'https://172.16.220.133/api/config', json: true, jar: jar, rejectUnauthorized: false, requestCert: true, agent: false, }); console.log(res.csrf_token); res = await requestPromise.post('https://172.16.220.133/login', { form: { username: name, password: pass, }, json: true, jar: jar, rejectUnauthorized: false, requestCert: true, agent: false, headers: { 'x-csrf-token': res.csrf_token, }, // resolveWithFullResponse: true }); console.log(res.header.user); console.log(res); console.log(res.statusCode); } -
the code with python is success
#coding=utf-8 import requests client = requests.session() csrf = client.get(url='https://172.16.220.133/api/config', verify=False).json()["csrf_token"] print csrf r = client.post(url='https://172.16.220.133/login', verify=False, data={'username':'creatxr', 'password':'creatxr'}, headers={'x-csrf-token': csrf}) print r.content -
