I am trying to make an HTTP post, but json returns "message":"Unauthorized"

import httplib2
import hmac
import hashlib
import time
import sys
import struct
import json

root = "https://api.challenge.hennge.com/challenges/003"
content_type = "application/json"
userid = "toufiqurrahman45@gmail.com"
shared_secret = userid+name

timestep = 30
T0 = 0

def HOTP(K, C, digits=10):
    K_bytes = str.encode(K)
    C_bytes = struct.pack(">Q", C)
    hmac_sha512 = hmac.new(key = K_bytes, msg=C_bytes, digestmod=hashlib.sha512).hexdigest()
    return Truncate(hmac_sha512)[-digits:]

def Truncate(hmac_sha512):
    offset = int(hmac_sha512[-1], 16)
    binary = int(hmac_sha512[(offset *2):((offset*2)+8)], 16) & 0x7FFFFFFF
    return str(binary)

def TOTP(K, digits=10, timeref = 0, timestep = 30):
    C = int ( time.time() - timeref ) // timestep
    return HOTP(K, C, digits = digits)

data = { "github_url": "https://gist.github.com/TaufiqurRahman45/f5347e5ba6e7d24aa61ac8c78fda452e", "contact_email": "toufiqurrahman45@gmail.com" }

password = TOTP(shared_secret, 10, T0, timestep).zfill(10) 

h = httplib2.Http()
h.add_credentials( userid, password )
header = {"content-type": "application/json"}
resp, content = h.request(root, "POST", headers = header, body = json.dumps(data))


The URL is protected by HTTP Basic Authentication, which is explained on Chapter 2 of RFC2617, so you have to provide an Authorization: header field in your POST request

For the userid of HTTP Basic Authentication, use the same email address you put in the JSON string. For the password, provide a 10-digit time-based one time password conforming to RFC6238 TOTP.

I generating also password and using hash function HMAC-SHA-512

asked on Stack Overflow Apr 11, 2020 by Toufiqur Rahman • edited Jun 20, 2020 by Community

0 Answers

Nobody has answered this question yet.

User contributions licensed under CC BY-SA 3.0