Closed jostney closed 3 months ago
Sorry for asking it on flutter repo but i could not find proper place to ask it
according to the server documentation, the parameters for the generation of the signature should be placed in alphabetical order. it means when you add the user to the signature this parameter should be placed there in the alphabetical order too.
@jostney I meant the stringForSignature
with the user should look next:
const stringForSignature = `application_id=${config.applicationId}&auth_key=${config.authKey}&nonce=${nonce}×tamp=${timestamp}&user[email]=${emailAddress}&user[password]=${password}`;
In docs, the last two params(&user[email]=${emailAddress}&user[password]=${password}
) did not mention.
By the way, i modifed stringForSignature as you did, still having same error when calling createSessionWithLogin
const getSignatureForUserSession = (emailAddress, password) => {
const nonce = Math.floor(Math.random() * 1000000);
const timestamp = Math.floor(Date.now() / 1000);
const stringForSignature = `application_id=${config.applicationId}&auth_key=${config.authKey}&nonce=${nonce}×tamp=${timestamp}&user[email]=${emailAddress}&user[password]=${password}`;
const signature = crypto.createHmac('sha1', config.authSecret).update(stringForSignature).digest('hex');
return { signature: signature, timestamp: timestamp, nonce: nonce };
}
const createSessionWithLogin = async (login, password) => {
const signature = getSignatureForUserSession(login, password);
const requestData = {
'application_id': config.applicationId,
'auth_key': config.authKey,
'nonce': signature.nonce,
'signature': signature.signature,
'timestamp': signature.timestamp,
"user": {
"email": login,
"password": password
}
};
return await axios.post(
'https://api.connectycube.com/session',
requestData,
{
headers: {
'Content-Type': 'application/json'
}
}
);
};
Who can assist me about this from back-end team ? In my latest answer i did all required things but still getting unexpected signature
@banshiAnton can assist here, I will ask him
Hi @jostney
Can you please send stringForSignature
before and after hashing and requestData
Send this on our support email support@connectycube.com
because this logs can contain sensitive account information
and double check your config (application_id/auth_key/auth_secret)
Sent it, waiting. Thanks
Same issue on my side,
Same issue on my side
@eznix86 please share here your string to signing and the body of the request. or you can send this info to our support team's e-mail support@connectycube.com
Same issue on my side
@eznix86 please share here your string to signing and the body of the request. or you can send this info to our support team's e-mail support@connectycube.com
I already sent. No answer yet.
@eznix86 in the provided info, the string you want to subscribe is absent, please provide all required information
@eznix86 in the provided info, the string you want to subscribe is absent, please provide all required information
Please reply to my email. I would happy to share code snippets.
will ask the support team to do it
@eznix86 have you seen the PHP example for session creation here?
Hi,
Yes, I already did (spent 5 hours on google), it is the same thing, but with modern PHP.
I tested in nodeJS also, still the same issue. Even if I write it manually. Scroll down completely to see the code. I even tried a bare http request. Same result.
To explain: http_build_query does the same thing as the github link it concatenates with &. I even tried it manually.
On Mon, Feb 26, 2024 at 5:53 PM TatankaConCube @.***> wrote:
@eznix86 https://github.com/eznix86 have you seen the PHP example for session creation here https://github.com/ConnectyCube/connectycube-reactnative-samples/issues/13#issuecomment-540114109 ?
— Reply to this email directly, view it on GitHub https://github.com/ConnectyCube/connectycube-flutter-samples/issues/323#issuecomment-1964200494, or unsubscribe https://github.com/notifications/unsubscribe-auth/AGKSW2X22RDXVLISZW55XUTYVSHWJAVCNFSM6AAAAABBH3SLIOVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTSNRUGIYDANBZGQ . You are receiving this because you were mentioned.Message ID: @.*** com>
have you ordered your parameters in line 103 in your code in the right way?
does this parameters contains all data from the body request (except signature)? could you provide the ready for signing string in the raw formate before signing?
Yes
This is the results:
application_id=7578&auth_key=VM-JanUakwoI&nonce=6210×tamp=1708956650&user[login]=demo5&user[password]=password
Side note: I am not generating an application session, what I want is a user session. The application session works well.
On Mon, Feb 26, 2024 at 6:04 PM TatankaConCube @.***> wrote:
have you ordered your parameters in line 103 in your code in the right way?
— Reply to this email directly, view it on GitHub https://github.com/ConnectyCube/connectycube-flutter-samples/issues/323#issuecomment-1964223507, or unsubscribe https://github.com/notifications/unsubscribe-auth/AGKSW2XZVBRACEW2O2YONALYVSJADAVCNFSM6AAAAABBH3SLIOVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTSNRUGIZDGNJQG4 . You are receiving this because you were mentioned.Message ID: @.*** com>
sorry, but I'm not well experienced in the PHP, but the Dart code below works in my case, please check the differences and additionaly please check the time on your local machine where you run the code
Map<String, dynamic> parameters = request.params;
StringBuffer keyValueSortedString = StringBuffer();
Map<String, String> sortedParams = SplayTreeMap.from(parameters);
for (String key in sortedParams.keys) {
keyValueSortedString.write("$key=${sortedParams[key]}&");
}
String signString = keyValueSortedString.toString();
signString = signString.substring(0, signString.length - 1);
String key = CubeSettings.instance.authorizationSecret!;
log('Sign string : $signString');
List<int> messageBytes = utf8.encode(signString);
List<int> keyBytes = utf8.encode(key);
Hmac hmac = Hmac(sha1, keyBytes);
Digest digest = hmac.convert(messageBytes);
String signature = digest.toString();
CB-SDK: : Sign string : application_id=476&auth_key=PDZjPBzAO8WPfCp&nonce=911182476×tamp=1708958827&user[login]=flutter_sdk_tests_user&user[password]=flutter_sdk_tests_user
CB-SDK: : =========================================================
=== REQUEST ==== 20db44b9-a879-4dcd-af97-80227f2a3056 ===
REQUEST
POST https://api.connectycube.com/session
HEADERS
{Content-type: application/json, ConnectyCube-REST-API-Version: 0.1.1, CB-SDK: Flutter 2.11.2, CB-Token: }
BODY
{"application_id":"476","auth_key":"PDZjPBzAO8WPfCp","nonce":"911182476","timestamp":"1708958827","signature":"bd31b16e034197c187ac9ade6f4df65513f744d1","user":{"login":"flutter_sdk_tests_user","password":"flutter_sdk_tests_user"}}
CB-SDK: : *********************************************************
*** RESPONSE *** 201 *** 20db44b9-a879-4dcd-af97-80227f2a3056 ***
HEADERS
{cb-token-expirationdate: 2024-02-26 16:47:08 UTC, connection: keep-alive, date: Mon, 26 Feb 2024 14:47:08 GMT, strict-transport-security: max-age=15768000; includeSubDomains, content-length: 674, access-control-expose-headers: CB-Token-ExpirationDate, Date, content-type: application/json; charset=utf-8, server: nginx/1.25.0}
BODY
{"session":{"created_at":"2024-02-26T14:47:08.627Z","updated_at":"2024-02-26T14:47:08.627Z","application_id":476,"token":"3C50709786E66B78C618850B6E7D00B359B9","nonce":911182476,"ts":1708958827,"user_id":2325293,"id":2325293,"user":{"_id":"60926149f8550e007e061943","id":2325293,"created_at":"2020-10-28T13:29:49Z","updated_at":"2024-01-02T10:43:52Z","last_request_at":"2024-01-02T10:43:52Z","timezone":null,"login":"flutter_sdk_tests_user","email":null,"full_name":"Flutter SDK Tests User","phone":null,"website":null,"twitter_id":null,"external_user_id":null,"facebook_id":null,"custom_data":null,"user_tags":"tag1,tag2","avatar":null,"external_id":null,"is_guest":null}}}
@eznix86 could you please share the request
value before the return hash_hmac('sha1', $request, config("services.connectycube.secret"));
I suppos the function http_build_query
adds some symbols to the string instead of '[' and ']'. Try to use the example I shared before
Hey,
I am back. Finally, You are right, the issue was with the http_build_query which was doing some special encoding.
On Mon, Feb 26, 2024 at 7:09 PM TatankaConCube @.***> wrote:
@eznix86 https://github.com/eznix86 could you please share the request value before the return hash_hmac('sha1', $request, config("services.connectycube.secret")); I suppos the function http_build_query adds some symbols to the string instead of '[' and ']'. Try to use the example I shared before
— Reply to this email directly, view it on GitHub https://github.com/ConnectyCube/connectycube-flutter-samples/issues/323#issuecomment-1964371070, or unsubscribe https://github.com/notifications/unsubscribe-auth/AGKSW2RBI6YRDB4UYSVMLALYVSQSRAVCNFSM6AAAAABBH3SLIOVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTSNRUGM3TCMBXGA . You are receiving this because you were mentioned.Message ID: @.*** com>
I am currently facing an issue when attempting to create a
user session token
using the ConnectyCube REST API. The server consistently returns an "unexpected signature" error, despite the fact that the signature generation appears to work correctly for other actions, such as creating anapp session token
.Here's the method I use to generate the signature:
The signature generation seems correct, as evidenced by the successful creation of an app session token:
However, the same signature, when used to create a user session token, leads to the server responding with an "unexpected signature" error:
I would expect the user session token creation to be successful, similar to the app session token creation. However, the server consistently returns an "unexpected signature" error for user session token creation.