【发布时间】:2020-08-11 07:47:07
【问题描述】:
这是我的第一篇文章,因为我找不到任何解决我的问题的方法。 (现在谷歌天) 我不是程序员,我是一名优秀的 googler :)
我正在尝试使用用户名、密码和一些选项登录网站。 (/api/登录/基本) 之后我试图访问一个站点。 (/api/站点管理员/运行) 但在这里我收到消息:“用户没有足够的访问权限” 如果我使用浏览器执行此操作,一切正常。
我想我需要将一些 Authtoken 传递给 Get 请求,但我不知道。
这是我的代码 sn-p:
//这很好用
const toSend = {
email :"my@mail.com",
force_sm_off: false, //I have no clue (found from Net Sniffing of the original Application)
password:"mypassword",
username:"installer"}
const jsonString = JSON.stringify(toSend) ;
const xhr = new XMLHttpRequest() ;
process.env['NODE_TLS_REJECT_UNAUTHORIZED'] = 0 //I have no certificate and only access the Site in my local network
xhr.open("POST", "https://192.168.2.77/api/login/Basic",false,"Provider_Engineer","mypassword" ) ;
xhr.setRequestHeader ("Content-Type", "application/json") ;
xhr.withCredentials=true ;
xhr.onreadystatechange = function() {
const myresponse = JSON.parse(this.responseText) ; //myresponse contains: email, firstname, lastname, roles: Array(1), token
var myauth=myresponse.token //Saving Token for further use
//fine until here
//Now I'm trying to get the Page
const xhr1 = new XMLHttpRequest() ;
process.env['NODE_TLS_REJECT_UNAUTHORIZED'] = 0
xhr1.open("GET", "https://tesla/api/sitemaster/run",false ) ;
xhr1.setRequestHeader ("Content-Type", "application/json") ;
xhr1.setRequestHeader ("credentials", "same-origin") ;
xhr1.setRequestHeader ("AuthCookie", myauth) ; //In Browser F12 I can see AuthCookie and Userrecord
xhr1.onreadystatechange = function() {
console.log(this.responseText) //getting Message: User does not have adequate access rights
}
xhr1.send(null)
};
xhr.send(jsonString) ; //Post Request, that is working fine
有什么建议可以访问这个网站吗?
问候 斯蒂芬
【问题讨论】:
标签: javascript authentication cookies xmlhttprequest