Working RETS Auth Script

[jrottman]

Well since this project got canned due to server errors with my local IDX provider I really don't have time to write up a formal tutorial on how I did this. But I am going to post my code (pretty easy to understand).


<cfhttp url="

http://myrets.server.com/LOGIN_URI"

method="get" />

<h3>Initial Server Response</h3>
<cfdump var="#cfhttp#" />

<cfscript>
/* These three vars should be provided to you by your IDX provided.
In the case you are not given the login url, use everything after the port number or tld (.com)
Do not use the page name in your login uri (login.aspx) It should look something like this /rets/login
*/
username = "USERNAME";
password = "PASSWORD";
login_uri = "LOGINURI";
// create an array without the auth type. So you are left only with the auth parameters.
tempList = Replace(cfhttp.responseHeader["WWW-Authenticate"],"Digest ",','All');
headerArr = ListToArray(Trim(tempList));
/* create an array holding the auth type. This can be used to extend
this script to allow fo both basic and digest auth
*/
auth_Temp = ListToArray(Trim(cfhttp.responseHeader["WWW-Authenticate"]),' ');
/* Set a variable to the auth type */
auth_Type = auth_Temp[1];

/* Create a structure that will hold the auth parameter objects.
We set the struct key to the value of the auth paramter.
*/
authStc = structNew();
for(i=1;i lte ArrayLen(headerArr);i=i+1){
key = Replace(Left(headerArr,Find('=',headerArr)),'=',','ALL');
value = Replace(RemoveChars(headerArr,1,Find('=',headerArr,"1")),'"',','ALL');
authStc[key] = value;
}
// Define the authentication realm.
auth_Realm = authStc['realm'];

A1 = username & ':' & auth_Realm & ':' & password;
A2 = 'GET:' & login_uri;

auth_Nonce = authStc['nonce'];
auth_Opaque = authStc['opaque'];
// create the raw_digest
raw_Digest = Lcase(Hash(A1,"MD5")) & ':' & auth_Nonce & ':' & Lcase(Hash(A2,"MD5"));
// create the final response
response = Lcase(Hash(raw_digest,"MD5"));
// create the final digest auth string
encodedAuth = 'Digest username=' & chr(34) & username & chr(34) & ',' &
'realm=' & chr(34) & auth_Realm & chr(34) & ',' &
'nonce=' & chr(34) & auth_Nonce & chr(34) & ',' &
'uri=' & chr(34) & login_uri & chr(34) & ',' &
'response=' & chr(34) & response & chr(34) & ',' &
'opaque=' & chr(34) & auth_Opaque & chr(34);
</cfscript>

<cfoutput>#encodedAuth#</cfoutput><br />
<br />



<cfhttp url="

http://myrets.server.com/LOGIN_URI"

method="get" >
<cfhttpparam name="Authorization:" type="header" value="#encodedAuth#" />
</cfhttp>

<cfoutput>#cfhttp.StatusCode#</cfoutput>

 

[3plains]

Hey MochaLotte, thanks for the script, but I can't get it to work. I pasted your code into a CFM page with the appropriate variables and this is the message I get back:

Invalid CFML construct found on line 15 at column 85.
ColdFusion was looking at the following text:

All

The CFML compiler was processing:

- an expression beginning with "Replace", on line 15, column 22.This message is usually caused by a problem in the expressions structure.

Any help would be appreciated! Thanks.
- a script statement beginning with "tempList" on line 15, column 11.
- a cfscript tag beginning on line 6, column 2.

 

[jrottman]

Did you modify the script at all? The only reason it would be looking at ALL or replace is if there was a ; or a "/' missing from the script/

 

[jrottman]

Ah I got it figured out. I guess tek-tips parsed out certain parts of my script.


Here is the updated script. Lets just hope it doesn't get parsed to hell.

<cfhttp url="

http://myrets.server.com/LOGIN_URI"

method="get" />

<h3>Initial Server Response</h3>
<cfdump var="#cfhttp#" />

<cfscript>
/* These three vars should be provided to you by your IDX provided.
In the case you are not given the login url, use everything after the port number or tld (.com)
Do not use the page name in your login uri (login.aspx) It should look something like this /rets/login
*/
username = "USERNAME";
password = "PASSWORD";
login_uri = "LOGINURI";
// create an array without the auth type. So you are left only with the auth parameters.
tempList = Replace(cfhttp.responseHeader["WWW-Authenticate"],"Digest ",'','All');
headerArr = ListToArray(Trim(tempList));
/* create an array holding the auth type. This can be used to extend
this script to allow fo both basic and digest auth
*/
auth_Temp = ListToArray(Trim(cfhttp.responseHeader["WWW-Authenticate"]),' ');
/* Set a variable to the auth type */
auth_Type = auth_Temp[1];

/* Create a structure that will hold the auth parameter objects.
We set the struct key to the value of the auth paramter.
*/
authStc = structNew();
for(i=1;i lte ArrayLen(headerArr);i=i+1){
key = Replace(Left(headerArr,Find('=',headerArr)),'=','','ALL');
value = Replace(RemoveChars(headerArr,1,Find('=',headerArr,"1")),'"','','ALL');
authStc[key] = value;
}
// Define the authentication realm.
auth_Realm = authStc['realm'];

A1 = username & ':' & auth_Realm & ':' & password;
A2 = 'GET:' & login_uri;

auth_Nonce = authStc['nonce'];
auth_Opaque = authStc['opaque'];
// create the raw_digest
raw_Digest = Lcase(Hash(A1,"MD5")) & ':' & auth_Nonce & ':' & Lcase(Hash(A2,"MD5"));
// create the final response
response = Lcase(Hash(raw_digest,"MD5"));
// create the final digest auth string
encodedAuth = 'Digest username=' & chr(34) & username & chr(34) & ',' &
'realm=' & chr(34) & auth_Realm & chr(34) & ',' &
'nonce=' & chr(34) & auth_Nonce & chr(34) & ',' &
'uri=' & chr(34) & login_uri & chr(34) & ',' &
'response=' & chr(34) & response & chr(34) & ',' &
'opaque=' & chr(34) & auth_Opaque & chr(34);
</cfscript>

<cfoutput>#encodedAuth#</cfoutput><br />
<br />



<cfhttp url="

http://myrets.server.com/LOGIN_URI"

method="get" >
<cfhttpparam name="Authorization:" type="header" value="#encodedAuth#" />
</cfhttp>

<cfoutput>#cfhttp.StatusCode#</cfoutput>