0
votes

Initiating an HTTP post request I am getting an error:

'Access Denied: Invalid token, wrong code'. I have tried every possible solution but I can't pass this error.

Details for this challenge:

Authorization

The URL is protected by HTTP Basic Authentication, which is explained on Chapter 2 of RFC2617, so you have to provide an Authorization: header field in your POST request

For the userid of HTTP Basic Authentication, use the same email address you put in the JSON string. For the password, provide a 10-digit time-based one time password conforming to RFC6238 TOTP. Authorization password For generating the TOTP password, you will need to use the following setup:

You have to read RFC6238 (and the errata too!) and get a correct one time password by yourself. TOTP's Time Step X is 30 seconds. T0 is 0. Use HMAC-SHA-512 for the hash function, instead of the default HMAC-SHA-1. Token shared secret is the userid followed by ASCII string value "HENNGECHALLENGE003" (not including double quotations).

const axios = require('axios');
const base64 = require('base-64');
const utf8 = require('utf8');
const { totp } = require('otplib');

const ReqJSON = {
  "github_url":    "ABC",
  "contact_email": "ABC"
}

const stringData = JSON.stringify(ReqJSON);
const URL = "ABC";
const sharedSecret = ReqJSON.contact_email + "HENNGECHALLENGE003";

totp.options = { digits: 10, algorithm: "sha512", epoch: 0 };

const MyTOTP = totp.generate(sharedSecret);
const isValid = totp.check(MyTOTP, sharedSecret);

console.log("Token Info:", {MyTOTP, isValid});

const authStringUTF = ReqJSON.contact_email + ":" + MyTOTP;
const bytes = utf8.encode(authStringUTF);
const encoded = base64.encode(bytes);

const createReq = async () => {
    try {
        const config = {
            headers: {
                'Content-Type': 'application/json',
                "Authorization": "Basic " + encoded
            }
        };

        console.log("Making request", {URL, ReqJSON, config});

        const response = await axios.post(URL, stringData, config);
        console.log(response.data);
    } catch (err) {
        console.error(err.response.data);
    }
};

createReq();
2

2 Answers

3
votes

Try this one by changing necessary fields!

const axios = require('axios');
const base64 = require('base-64');
const utf8 = require('utf8');
const hotpTotpGenerator = require('hotp-totp-generator');

const ReqJSON = {
  github_url: '',
  contact_email: '',
};

const stringData = JSON.stringify(ReqJSON);
const URL = '';
const sharedSecret = ReqJSON.contact_email + '';

const MyTOTP = hotpTotpGenerator.totp({
  key: sharedSecret,
  T0: 0,
  X: 30,
  algorithm: 'sha512',
  digits: 10,
});

const authStringUTF = ReqJSON.contact_email + ':' + MyTOTP;
const bytes = utf8.encode(authStringUTF);
const encoded = base64.encode(bytes);

const createReq = async () => {
  try {
    const config = {
      withCredentials: true,
      headers: {
        'Content-Type': 'application/json',
         Authorization: 'Basic ' + encoded,
      },
    };

    console.log('Making request', { URL, ReqJSON, config });

    const response = await axios.post(URL, stringData, config);
    console.log(response.data);
  } catch (err) {
    console.error(err.response.data);
  }
};

createReq();
-1
votes

Use php install the dependencies and write this

<?php

require_once 'vendor/autoload.php';
use OTPHP\TOTP;

$email = 'Email';
$secret = "{$email}HENNGECHALLENGE003";

$totp = TOTP::create(ParagonIE\ConstantTime\Base32::encode($secret), 30, 'sha512', 10, 0);
$token = $totp->now();
$token = base64_encode( utf8_encode("{$email}:{$token}") );

$url = 'https://api.challenge.hennge.com/challenges/003';
$data = [
    'github_url' => 'URL',
    'contact_email' => $email
];
$headers = [
    //'Accept' => '/',
    'Content-Type' => 'application/json',
    //'Content-Length' => strlen(json_encode( $data )),
    'Authorization' => 'Basic '. $token
];

PostRequest($url, $data, $headers);

function        PostRequest($url, $data, $headers = [])
{
    $context = curl_init($url);

    curl_setopt($context, CURLOPT_POST, true);
    curl_setopt($context, CURLOPT_POSTFIELDS, json_encode($data));
    curl_setopt($context, CURLOPT_RETURNTRANSFER, true);

    $h = [];
    foreach ($headers as $key => $value) {
        $h[] = "{$key}: {$value}";
    }
    echo "- Headers".PHP_EOL;
    var_dump($h);
    echo "- Data".PHP_EOL;
    var_dump($data);
    curl_setopt($context, CURLOPT_HTTPHEADER, $h);
    $ret = curl_exec($context);
    curl_close($context);

    var_dump($ret);
    return ($ret);
}

?>