这是我用来执行qlik票证身份验证的代码,但是当我使用反向代理的地址时,票证响应中没有TargetUri。我不太确定自己在做什么错。我将发布用于执行测试和服务器端票证请求的代码。
index.html-简单的登录测试。这被发送到基于php服务器的php服务器,该服务器通过Sql服务器进行身份验证。从那里,我们将用户凭据缓存在会话中,然后执行CURL请求以获取票证。
<!DOCTYPE html>
<html>
<head>
<title>Login Test</title>
<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.4.0/jquery.min.js"></script>
</head>
<body>
<form method="post">
<input type="text" name="email" id="email" value="client@testmail.com"><br>
<input type="text" name="pass" id="pass" value="password"><br>
<input type="button" value="Login" id="submit" />
</form>
<script type="text/javascript">
$(
function()
{
var email = $('#email').val();
var pass = $('#pass').val();
// this is what I want to work but doesn't
var host = 'http://rever-proxy-url';
// this is just a hacked ip address which at the moment is the Qlik virtual proxy address which is public ally accessible at the moment, but later will be closed off to the public
host = 'https://virtual-proxy-ip';
var requireJsLink = host + '/prefix/resources/assets/external/requirejs/require.js';
$('#submit').on(
'click',
function (e)
{
e.preventDefault();
$.post(
'http://localhost:port/auth/login',
{
email: email,
pass: pass
},
)
.done(
function(data)
{
var data = JSON.parse(data);
// opens the inital requireJs file to initalize the session and authenticate
var url = requireJsLink + '?qlikTicket=' + data['ticket'];
// here when I use the Qlik virtual proxy ip then it works and I can open up the second page without the ticket appended etc. But as soon as I comment out the virtual proxy ip hack above then even though on this request i open up the require js and it loads into the browser etc with no problem on the second tab opening I get redirected back to the login page from the virtual proxy
var win = window.open(url, '_blank');
win.focus();
setTimeout(
function ()
{
// close the require js ticket appended tab
win.close();
setTimeout(
function ()
{
// open up a second window just to confirm that we are authenticated and
// can require the requireJs without the ticket appended
// this is where I get redirected when not using the Qlik virtual proxy ip address
var win2 = window.open(requireJsLink, '_blank');
setTimeout(
function ()
{
win2.focus();
// close the tab for lazy dev purposes :)
setTimeout(
function ()
{
win2.close();
},
3000
);
},
1000
);
},
1000
);
},
1500
);
}
);
}
);
}
);
</script>
这是我的php路由器中的代码,它发生在来自请求源的同一ajax请求中。这可能是一个ajax调用,然后我们返回qlik票证。我们的想法是,我们可以将它加载到带有票证的下一页上,或者如果移动设备可以将URL加载到后台的Web窗口中,以使用票证对会话进行身份验证
public static function getQlikTicket()
{
// this is the user attributes from the successful login request that happens just before this. The user attributes get queried from the user table and stored in the session
$user = self::getUser();
if (empty($user['UserId']))
{
return false;
}
$selectedUser = $user['UserId'];
$userDirectory = $user['UserDirectory'];
$userAttributes = $user['Attributes'];
$targetId = !empty($_GET['targetId']) ? $_GET['targetId'] : '';
$xrf = getRandXrf();
$url = "https://virtual-proxy-ip:4243/qps/prefix/ticket?xrfkey={$xrf}";
$config = getConfigArray();
$headers = [
'Accept: application/json',
'Content-Type: application/json',
'Host: reverse-proxy-address',
"X-Qlik-Xrfkey: {$xrf}"
];
if (!file_exists($config['certificateFile']))
{
log('WARNING: Certificate file does not exist: ' . $config['certificateFile']);
return false;
}
if (!file_exists($config['keyFile']))
{
log('WARNING: Key file does not exist: ' . $config['keyFile']);
return false;
}
$options = [
CURLOPT_URL => $url,
CURLOPT_HTTPHEADER => $headers,
CURLOPT_SSLCERT => $config['certificateFile'],
CURLOPT_SSLKEY => $config['keyFile'],
CURLOPT_SSLCERTPASSWD => $config['passphrase'],
CURLOPT_RESOLVE => ['reverse-proxy-address'],
CURLOPT_VERBOSE => true,
CURLOPT_RETURNTRANSFER => true,
CURLOPT_SSL_VERIFYPEER => false,
CURLOPT_SSL_VERIFYHOST => false,
CURLOPT_POSTFIELDS => json_encode(
[
'UserDirectory' => $userDirectory,
'UserId' => $selectedUser,
'Attributes' => $userAttributes,
'TargetId' => $targetId
]
),
];
$ch = curl_init();
curl_setopt_array($ch, $options);
$data = curl_exec($ch);
$data = json_decode($data, true);
log($data, 'DATA: ');
if (!isset($data['Ticket'])) return false;
return $data['Ticket'];
}
// router file
$router->post(
'login',
function ()
{
if (!SqlClass::doLogin($_POST['email'], $_POST['pass']))
{
// handle unauth response
return;
}
if (!$ticket = QlikAuth::getQlikTicket())
{
// handle appropriate response
return;
}
// handle successful response
new Response(200, json_encode(['ticket' => $ticket]))
}
);
日志输出
[ERROR][DATA: ] - array (
'UserDirectory' => 'UserDir',
'UserId' => 'client1@client1.com',
'Attributes' =>
array (
0 =>
array (
'ContentAccessCode' => 'ft lkds',
)
),
'Ticket' => 'lkajdfhlajkeriu87',
// As far as I can see this is where the problem lies. Why is this NULL?
'TargetUri' => NULL,
)
正如上面的注释中所述,当我使用此代码测试我的登录api时,它可以正常工作,但是当我使用反向代理地址时,它不起作用。 最奇怪的是,一切都可以与反向代理一起使用,甚至可以要求带有附加票证的require js。但是,当我请求第二个选项卡时,我被重定向回登录页面。