https request basic authentication node.js

Question

I am really getting crazy looking for this over the web and stackoverflow. Other posts about this topic talk of http request, not httpS.

I'm coding server side with node.js and I need to make an https request to another website to login

If I use postman tool in chrome trying with https://user:pass@webstudenti.unica.it/esse3/auth/Logon.do everything works fine and I log in.

If I use request library in node I can't login and I get a page with a custom error message about an error in my getting/sending data.

Maybe I am wrong setting the options to pass to request.

var request = require('request');
var cheerio = require('cheerio');
var user =  'xxx';
var pass = 'yyy';
var options = {
    url : 'https://webstudenti.unica.it',
    path : '/esse3/auth/Logon.do',
    method : 'GET',
    port: 443,
    authorization : {
        username: user,
        password: pass
    }
}

request( options, function(err, res, html){
    if(err){
        console.log(err)
        return
    }
    console.log(html)
    var $ = cheerio.load(html)
    var c = $('head title').text();
    console.log(c);
})

http://jsfiddle.net/985bs0sc/1/

Answer 1

Use Node.js' URL module to build your URL object. The httpsAgent module is required if you are calling servers w self-signed certificates.

const https = require('https');
const httpsAgent = new https.Agent({
      rejectUnauthorized: false,
});
// Allow SELF_SIGNED_CERT, aka set rejectUnauthorized: false
let options = {
    agent: httpsAgent
}
let address = "10.10.10.1";
let path = "/api/v1/foo";
let url = new URL(`https://${address}${path}`);
url.username = "joe";
url.password = "password123";
url.agent = httpsAgent

let apiCall = new Promise(function (resolve, reject) {
    var data = '';
    https.get(url, options, res => {
        res.on('data', function (chunk){ data += chunk }) 
        res.on('end', function () {
           resolve(data);
        })
    }).on('error', function (e) {
      reject(e);
    });
});

try {
    let result = await apiCall;
} catch (e) {
    console.error(e);
} finally {
    console.log('We do cleanup here');
}

Answer 2

Don't use npm package request because it is deprecated, use Node native https instead

const https = require('https')

var options = {
   host: 'test.example.com',
   port: 443,
   path: '/api/service/'+servicename,
   // authentication headers
   headers: {
      'Authorization': 'Basic ' + new Buffer(username + ':' + passw).toString('base64')
   }   
};

//this is the call
request = https.get(options, function(res){
  console.log(`statusCode: ${res.statusCode}`)

  res.on('data', d => {
    process.stdout.write(d)
  })
})

req.on('error', error => {
  console.error(error)
})

req.end()

Answer 3

With the updated version, I am able to make https call with basic auth.

var request = require('request');
    request.get('https://localhost:15672/api/vhosts', {
        'auth': {
            'user': 'guest',
            'pass': 'guest',
            'sendImmediately': false
        }
     },function(error, response, body){
    if(error){
        console.log(error)
        console.log("failed to get vhosts");
        res.status(500).send('health check failed');
    }
    else{
            res.status(200).send('rabbit mq is running');   
    }

 })

Answer 4

You're not setting your http auth options correctly (namely authorization should instead be auth). It should look like:

var options = {
    url: 'https://webstudenti.unica.it',
    path: '/esse3/auth/Logon.do',
    method: 'GET',
    port: 443,
    auth: {
        user: user,
        pass: pass
    }
}

Answer 5

http/https should make no difference in the authentication. Most likely your user/pass needs to be base64 encoded. Try

var user =  new Buffer('xxx').toString('base64');
var pass = new Buffer('yyy').toString('base64');

See: https://security.stackexchange.com/questions/29916/why-does-http-basic-authentication-encode-the-username-and-password-with-base64