halfstackpgr / py-codeforces

💻 Py-Codeforces is a super-fast and type-safe focused library for codeforces.
https://codeforces.com/apiHelp
GNU General Public License v3.0
2 stars 0 forks source link

Invalid Signature while Authorization handshake with API #1

Closed halfstackpgr closed 6 months ago

halfstackpgr commented 7 months ago

Status:

Issue related to Authorization.

Code where the problem is:

In AsyncMethod:

    def _generate_authorisation(
        self,
        end_point_url: str,
        method_name: t.Literal[
            "blogEntry.comments",
            "blogEntry.view",
            "contest.hacks",
            "contest.list",
            "contest.ratingChanges",
            "contest.standings",
            "contest.status",
            "problemset.problems",
            "problemset.recentStatus",
            "recentActions",
            "user.blogEntries",
            "user.friends",
            "user.info",
            "user.ratedList",
            "user.rating",
            "user.status",
        ],
    ) -> str:
        if self._auth_enabled is True:
            if not self._time:
                self._time = int(time.time())
            randon_six_digit_num = random.randint(111111, 999999)
            head = end_point_url.removeprefix(
                f"https://codeforces.com/api/{method_name}?"
            )
            to_hash = f"{randon_six_digit_num}/{method_name}?apiKey={self._auth_key}&{head}&time={self._time}#{self._secret}"
            hashed_string = (hashlib.sha512(to_hash.encode("utf8"))).hexdigest()
            final_url = f"https://codeforces.com/api/{method_name}?{head}&apiKey={self._auth_key}&time={self._time}&apiSig={randon_six_digit_num}{hashed_string}"
            return final_url
        else:
            return end_point_url

In SyncMethod:

    def _generate_authorisation(
        self,
        end_point_url: str,
        method_name: t.Literal[
            "blogEntry.comments",
            "blogEntry.view",
            "contest.hacks",
            "contest.list",
            "contest.ratingChanges",
            "contest.standings",
            "contest.status",
            "problemset.problems",
            "problemset.recentStatus",
            "recentActions",
            "user.blogEntries",
            "user.friends",
            "user.info",
            "user.ratedList",
            "user.rating",
            "user.status",
        ],
    ) -> str:
        if self._auth_enabled is True:
            if not self._time:
                self._time = int(time.time())
            randon_six_digit_num = random.randint(111111, 999999)
            head = end_point_url.removeprefix(
                f"https://codeforces.com/api/{method_name}?"
            )
            to_hash = f"{randon_six_digit_num}/{method_name}?apiKey={self._auth_key}&{head}&time={self._time}#{self._secret}"
            hashed_string = (hashlib.sha512(to_hash.encode("utf8"))).hexdigest()
            final_url = f"https://codeforces.com/api/{method_name}?{head}&apiKey={self._auth_key}&time={self._time}&apiSig={randon_six_digit_num}{hashed_string}"
            return final_url
        else:
            return end_point_url

To reproduce the error:

Asynchronous usage:

import asyncio
import pycodeforces

async def main():
    api = pycodeforces.AsyncMethod(enable_auth=True, auth_key="YOUR_AUTH_KEY", secret="YOUR SECRET")
    users = await api.get_user_info(handles="DmitriyH;Fefer_Ivan")
    # use `;` to add multiple parameters.
    async for user in users:
        print(user.avatar)

asyncio.run(main())

Synchronous usage:

import pycodeforces

async def main():
    get = pycodeforces.SyncMethod(enable_auth=True, auth_key="YOUR_AUTH_KEY", secret="YOUR SECRET")
    users = get.get_user_info(handles="DmitriyH;Fefer_Ivan")
    # use `;` to add multiple parameters.
    for user in users:
        print(user.avatar)

Reference to authorization with API:

In: Documentation

Ref:

image

Guessed Problem:

Hashing of apiSig. Or the way apiSig is hashed.

Vauth commented 6 months ago

The Codeforces API may requires the params to be sorted in lexicographical order. Try.

head = "&".join(sorted(head.split("&")))

# ... ?{head}&apiKey= ...
halfstackpgr commented 6 months ago

The Codeforces API may requires the params to be sorted in lexicographical order. Try.

head = "&".join(sorted(head.split("&")))

# ... ?{head}&apiKey= ...

Thank you for the recommendation, but seems like it should be ; and not &. PS: I've fixed the issue but thank you for the review.