HTTPS auth using QML and XMLHttpRequest

Question

I try to access a remote REST API service using QML. According to the service API I have to use HTTPS requests. I don't know how to interpret the output I get from the code.

methods.js

function makeRequest()                                                              
{                                                                                   
var doc = new XMLHttpRequest();                                                 
                                                            
doc.onreadystatechange = function() {                                           
    if (doc.readyState == XMLHttpRequest.HEADERS_RECEIVED) {                    
        console.debug("Headers -->");                                           
        console.debug(doc.getAllResponseHeaders ());                            
        console.debug("Last modified -->");                                     
        console.debug(doc.getResponseHeader ("Last-Modified"));                 
        console.debug("error: " + doc.status);                                  
                                                                                
    }                                                                           
}                                                                               
                                                                                
doc.open("GET", "https://somedomain.com");                          
//var user="username"                                                             
//var pass="password"                                                             
doc.setRequestHeader('Content-type', 'application/x-www-form-urlencoded');      
//doc.setRequestHeader( 'Authorization', 'Basic ' + Qt.btoa( user + ':' + pass ) )
//doc.withCredentials = true;                                                     
doc.send();                                                                     
}

output:

Headers -->
date: Sun, 20 Dec 2020 16:04:25 GMT
server: Apache
cache-control: private
expires: Thu, 01 Jan 1970 01:00:00 CET
www-authenticate: FORM comment="Use form to authenticate"
content-length: 6529
x-powered-by: PleskLin
connection: close
content-type: text/html;charset=ISO-8859-1
Last modified -->
error: 401

commenting out the commented lines doesn't change the output. Does the output try to tell me, that I can only get authentication if I fill the login form? I don't find this very logic, because the service's api is made for automatic interaction with devices.

well, everything related to authentication (Basic) in the code you posted is commented. What do you expect? — Olaf Kock, Dec 21 '20 at 01:06
As already mentioned I get the the exact same output without commenting out those lines. Is it possible that the service is not configured correctly? The login via browser and form is possible, but not the basic auth via code. — Pj Toopmuch, Dec 21 '20 at 06:54
Use some tools to check the connection, like Postman or else and then fix your code accordingly. The error (401) unambiguously indicates that problem is authentication. The server should provide the auth method btw. Read the answer for [this](https://stackoverflow.com/questions/3463723/determining-web-http-authentication-methods) question. — folibis, Dec 21 '20 at 08:24
Easily missed, sorry @PjToopmuch. However, the way you phrase the question should be the other way around: Currently you're asking why authentication doesn't work, with code that explicitly doesn't even provide any. I'd suggest to turn it around. It's no miracle that you can't authenticate without any authentication. — Olaf Kock, Dec 21 '20 at 10:57

score 0 · Accepted Answer · answered Dec 21 '20 at 10:41

There were two flaws. The service documented the wrong url. It was https://someurl.com/api instead of https://someurl.com/restapi and the service does expect a UTF-8 user:password for Basic Auth instead of Base64 encoded user:password. Just for completeness: The working code:

function makeRequest()
{
var fetch={};
fetch["some"]="requestcontent";
var postData = JSON.stringify(fetch);
var doc = new XMLHttpRequest();
doc.onreadystatechange = function() {
    if (doc.readyState == doc.DONE) {
        console.debug("Headers -->");
        console.debug(doc.getAllResponseHeaders ());
        console.debug("Last modified -->");
        console.debug(doc.getResponseHeader ("Last-Modified"));
        console.debug("code: " + doc.status);
        var serverResponse = doc.responseText;
        var result = JSON.parse(serverResponse);
    }
}
doc.open("POST", "https://someurl.com/api");
var user="username"
var pass="password"
doc.setRequestHeader('Content-type', 'application/json');
doc.setRequestHeader( 'Authorization', 'Basic ' + user+':'+pass);
doc.withCredentials = true;
doc.send(postData);
}

HTTPS auth using QML and XMLHttpRequest

1 Answers1