This object is in archive! 

API v2 - Login Jquery, Ajax, Javascript

Ersen Kaya shared this question 6 years ago
Answered

As I understood;


- call "user/init" (get "jsessionid" and "nonce")

- calculate the token (with SHA-1)

- login


https://my.zipato.com/zipato-web/rest/user/login?username=my_mail@gmail.com&token=62dc2e4dbe8bac32480357b352b9fc9981034bff


But it always response like this;


{"success": false,"error": "[User my_mail@gmail.com not found or wrong password]","jsessionid": "FA9E99D47890D97D3CEAE19A4639FF0C-n1.frontend3","nonce": "roxgMfBEMeylqhVH"}


Is there anybody help to me?

Best Answer
photo

Hi Ersen.

The following works for me, even when I still get the error: Refused to set unsafe header "Cookie"

551fbd5413281c3eead712c2340e934d


  1. var USERNAME = "xxx@xxx.xxx";
  2. var PASSWORD = "xxx";

  3. var jsessionid;

  4. initUser();

  5. function initUser()
  6. {
  7. $.ajax({
  8. url: "https://my.zipato.com/zipato-web/v2/user/init";,
  9. type: "GET",
  10. success: function(data){
  11. jsessionid = data.jsessionid;
  12. login(CryptoJS.SHA1(data.nonce + CryptoJS.SHA1(PASSWORD)));
  13. },
  14. error: function(error){
  15. console.log(error);
  16. }
  17. });
  18. }

  19. function login(token)
  20. {
  21. $.ajax({
  22. beforeSend: function(request) {
  23. request.setRequestHeader("Cookie", jsessionid);
  24. },
  25. url: "https://my.zipato.com/zipato-web/v2/user/login?token="; + token + "&username=" + USERNAME,
  26. type: "GET",
  27. success: function(data){
  28. console.log(data);
  29. },
  30. error: function(error){
  31. console.log(error);
  32. }
  33. });
  34. }

I used the following libraries:


  • jquery-3.2.1.min.js
  • CryptoJS.js

Make sure that you are logged out before trying.

With Chrome I used:

chrome.exe --user-data-dir="C:/Chrome dev session" --disable-web-security

I hope it works for you as well.

But of course it is a problem that the jsessionid is set through a header cookie which is not supposed to be used with JS. I guess it will still causes problems.


EDIT: Is there a reason why you want it with JS only?

Replies (3)

photo
2

Hello, we are sending steps for the login to our server. Please check all the steps and see if you have made everything right.

1) Initialize user session - it will give you nonce that you are using in the next API call.

URL: [GET] https://my.zipato.com/zipato-web/v2/user/init

Header { Accept: 'application/json' }

Response: { success: true, jsessionid: 'F91D548CE337896E2358668FD82D0B33-n1.frontend3', nonce: 'CCiLOjZjIGjfSBuj'}

NOTE: jessionId from response should be used in any other call to the server:

Cookie: JSESSIONID=F91D548CE337896E2358668FD82D0B33-n1.frontend3

2) Calculate user token

User data for this example: {username: 'username@xxx.com', password: 'password'}

Algorithm for calculating token.

token = hash(nonce + hash(password))

Calculation steps:

token = hash('CCiLOjZjIGjfSBuj' + hash('password')

token = hash('CCiLOjZjIGjfSBuj' + '5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8')

token = 'ced228631af6a88595e4fb78912e5f5b5ccddae7'

NOTE: Use this link []http://www.sha1-online.com/]; to check that your function returns correct SHA1 result.

3) Login user using token and username

URL: [GET] https://my.zipato.com/zipato-web/v2/user/login

Params: { token: 'ced228631af6a8859e4fb78923e6f6b6ccdae7', username: 'username@xxx.com' }

Header:

Accept: application/json

Cookie: JSESSIONID=F91D548CE337896E2358668FD82D0B33-n1.frontend3

Note: If you get false in response, like 'username not found or wrong password' and you have followed this steps,

try to clear session using URL: https://my.zipato.com/zipato-web/v2/user/logout.

Repeat the steps again.


If you still have problems with login, contacts us back so we can check all your steps and request data.

photo
1

The explanation of calculating the token is kind of weird, as it seems to me as the token needs to get hashed more times as it should be.


  1. 2) Calculate user token
  2. User data for this example: {username: 'username@xxx.com', password: 'password'}
  3. Algorithm for calculating token.
  4. token = hash(nonce + hash(password))
  5. Calculation steps:
  6. token = hash('CCiLOjZjIGjfSBuj' + hash('password')
  7. token = hash('CCiLOjZjIGjfSBuj' + '5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8')
  8. token = 'ced228631af6a88595e4fb78912e5f5b5ccddae7'


Order is:


  1. Hash the password
  2. Chain not hashed nonce with hashed password
  3. Hash the chained string
  4. DONE

  1. PHP Example:
  2. $password = sha1($password);
  3. $token = $nonce . $password;
  4. $token = sha1($token);

photo
1

I still don't understand how to do it

I need so that my voice assistant can take values from the sensors

How to create a link

"https://my.zipato.com:443/zipato-web/v2/attributes/XXXXXXXX-382d-4776-839a-XXXXXXXXXXXX/value/value"

Help please

photo
1

Dear Mirjana,


Thank you for your response.


But i am trying to develope ui with jquery via your api. I can not send "Cookie" with javascript, and also your web api are not allowed cross domain requests.


Is it by design not to allow using web api from browser based applications or just missing feature/option of the api?


Allowing such requests would significantly extend interoperability of Zipato Cloud.

photo
1

The "Cross Domain Thing" is not caused by Zipato. I guess you are testing it locally.

If so use Internet Explorer to test or


If you are using Chrome on Windows try the following steps:


  1. Close Chrome
  2. Open "Run" (Windows + R)
  3. Enter chrome.exe --disable-web-security --user-data-dir
  4. open your .html file
  5. DONE


If you transfer your files on a server it should work without this steps.

photo
1

Thank you Mr. Krieger.


But i also tested with IE and Chrome with (chrome.exe --disable-web-security --user-data-dir) but i got same error.


Other problem, i also tested on my server (not local) but it gave same result.


I develope android application, is ok. .net application is ok but nowadays i am trying to develope frontend side with jquery I have not been successful yet.


Have you got any sample for login api (html & jquery). When i changed only username and password will it work?

photo
2

Maybe I have time to code a quick and dirty solution tomorrow as I do not need it for my own needs.

photo
4

If it is possible, not important code quality. I only want to check workable code.

photo
1

Hi Ersen.

The following works for me, even when I still get the error: Refused to set unsafe header "Cookie"

551fbd5413281c3eead712c2340e934d


  1. var USERNAME = "xxx@xxx.xxx";
  2. var PASSWORD = "xxx";

  3. var jsessionid;

  4. initUser();

  5. function initUser()
  6. {
  7. $.ajax({
  8. url: "https://my.zipato.com/zipato-web/v2/user/init";,
  9. type: "GET",
  10. success: function(data){
  11. jsessionid = data.jsessionid;
  12. login(CryptoJS.SHA1(data.nonce + CryptoJS.SHA1(PASSWORD)));
  13. },
  14. error: function(error){
  15. console.log(error);
  16. }
  17. });
  18. }

  19. function login(token)
  20. {
  21. $.ajax({
  22. beforeSend: function(request) {
  23. request.setRequestHeader("Cookie", jsessionid);
  24. },
  25. url: "https://my.zipato.com/zipato-web/v2/user/login?token="; + token + "&username=" + USERNAME,
  26. type: "GET",
  27. success: function(data){
  28. console.log(data);
  29. },
  30. error: function(error){
  31. console.log(error);
  32. }
  33. });
  34. }

I used the following libraries:


  • jquery-3.2.1.min.js
  • CryptoJS.js

Make sure that you are logged out before trying.

With Chrome I used:

chrome.exe --user-data-dir="C:/Chrome dev session" --disable-web-security

I hope it works for you as well.

But of course it is a problem that the jsessionid is set through a header cookie which is not supposed to be used with JS. I guess it will still causes problems.


EDIT: Is there a reason why you want it with JS only?

photo
1

Thank you Christoph,


It is worked with "With Chrome I used:

chrome.exe --user-data-dir="C:/Chrome dev session" --disable-web-security"


I want to develope ui at frontend, but i see it is impossible now maybe in the future, because of limits.


There is no any reason, only i want to try to solve.


Thank you again.

photo
3

Yes I am also a bit dissapointed as I thougt it would be easier.

However, html and php is still possible without limitations. I also player around with Angularjs and nodejs but I am not too familiar to it.

photo
1

I still don't understand how to do it

I need so that my voice assistant can take values from the sensors

How to create a link

"https://my.zipato.com:443/zipato-web/v2/attributes/XXXXXXXX-382d-4776-839a-XXXXXXXXXXXX/value/value"

Help please

Replies have been locked on this page!