03-07-2013, 04:08 AM | #1 |
Junior Member
Posts: 5
Karma: 10
Join Date: Mar 2013
Device: Android
|
http ajax request authentication
HI,
I would like to use calibre server ajax functionality. For authentication purposes: Can anybody of you give me a hint how to do this with javascript (I want to develop a calibre mobile app based on phonegap). How do I send the correct authentication information to the server? TIA Martin |
03-07-2013, 04:15 AM | #2 |
creator of calibre
Posts: 43,871
Karma: 22666666
Join Date: Oct 2006
Location: Mumbai, India
Device: Various
|
The server supports http digest authentication. Ajax based authentication is insecure without https and you cant use https on a private server (the certificate wont validate).
|
03-07-2013, 06:41 AM | #3 | |
Junior Member
Posts: 5
Karma: 10
Join Date: Mar 2013
Device: Android
|
Quote:
would it be possible to provide a dedicated login call which returns a token (or maybe it is enought to get the session cookie)- where username and password are sent encrypted ? TIA Martin |
|
03-07-2013, 07:05 AM | #4 |
creator of calibre
Posts: 43,871
Karma: 22666666
Join Date: Oct 2006
Location: Mumbai, India
Device: Various
|
Implementing such a thing securely is not a job lightly undertaken. It isn't one that I have the time for, but patches are welcome.
In any case, what's preventing you from using digest auth for your ajax calls? That's what the current calibre content server frontend does. |
03-07-2013, 07:28 AM | #5 |
Junior Member
Posts: 5
Karma: 10
Join Date: Mar 2013
Device: Android
|
I tried to pass username and password to jquery's ajax function -> which works successfully.
It seems that query handles the autentication process behind the seems.... But I'm not really sure if this approach is secure... Do you think it is a reasonable way to provide username/passwort on every jquery ajax call? |
03-07-2013, 09:01 AM | #6 |
creator of calibre
Posts: 43,871
Karma: 22666666
Join Date: Oct 2006
Location: Mumbai, India
Device: Various
|
You should need to do anything, the browser will automatically provide suername password when using ajax once the user has entered it for the initial page load.
|
03-08-2013, 09:41 AM | #7 |
Junior Member
Posts: 5
Karma: 10
Join Date: Mar 2013
Device: Android
|
Unfortunately under Android (with Phonegap/cordova) it seems not possible to pass the username/password combination to the server via jquery's ajax call - get "Unauthorized" error...
|
03-08-2013, 10:50 AM | #8 |
creator of calibre
Posts: 43,871
Karma: 22666666
Join Date: Oct 2006
Location: Mumbai, India
Device: Various
|
You dont pass the username/password via ajax. What you do is direct the browser to the server home page. The browser will then ask the user for the username/password. Once the user provides it, the browser automatically uses it for future ajax calls to the same domain.
|
03-08-2013, 11:40 AM | #9 | |
Junior Member
Posts: 5
Karma: 10
Join Date: Mar 2013
Device: Android
|
Quote:
I want a mobile cross plattform calibre client written with cordova/phonegap. This means that the app is delivered as native app. Under the hood it works like a local web app -> html / js / css etc. is therefore within the native mobile app. This app should communicate with calibre server (only via ajax calls to get data from the server) And thats the problem... When I try it e.g. with google chrome and certain development flags (--disable-web-security -–allow-file-access-from-files) auth. works fine... (jquery ajax call handles apparently the authentification procedure) -> but with the android app it doesn't work... |
|
03-08-2013, 11:47 AM | #10 |
creator of calibre
Posts: 43,871
Karma: 22666666
Join Date: Oct 2006
Location: Mumbai, India
Device: Various
|
Then you're out of luck. I for one have have no interest in that use case. If you want to write a html/js interface to calibre, write one as part of the content server, there's absolutely no need to have it delivered as a "native" app.
|
09-22-2014, 04:56 PM | #11 |
Junior Member
Posts: 8
Karma: 10
Join Date: Sep 2014
Location: Edinburgh
Device: Kindle
|
jQuery absolutely can perform HTTP basic authentication, for AJAX calls. See here for a demonstration:
https://www.mobileread.com/forums/sho...d.php?t=207644 |
09-23-2014, 02:46 AM | #12 |
Grand Sorcerer
Posts: 11,742
Karma: 6997045
Join Date: Jan 2010
Location: Notts, England
Device: Kobo Libra 2
|
FWIW: calibre companion is a native android app and it uses digest authentication and ajax. All we needed to do was set up the correct security environment in the http connection.
Code:
// Set up authentication. Try digest before basic List<String> authpref = new ArrayList<String>(); authpref.add(AuthPolicy.DIGEST); authpref.add(AuthPolicy.BASIC); httpClient.getParams().setParameter(AuthPNames.TARGET_AUTH_PREF, authpref); |
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
HTTP Error 407: Proxy Authentication Required | pieterwiese | Devices | 11 | 06-11-2012 02:23 AM |
HTTP Request - Mimic Different Browsers? | EnergyLens | Recipes | 4 | 06-13-2011 02:01 PM |
http://www.morphzone.org request please | trott3r | Recipes | 11 | 10-15-2010 02:20 PM |
Calibre Content Server HTTP Authentication - Basic or Digest? | Jim Chapman | Calibre | 6 | 10-04-2010 12:09 PM |
HTTP authentication for feeds with calibre | DAiki | Calibre | 2 | 10-12-2008 08:49 AM |