我使用QT 5.0.2预构建和QT creator 2.7.0,我的目标是登录到蒸汽网络编程使用uname,密码和steamguard代码。或者更精确地说:将QNetworkAccessManager从初始的未初始化状态获取到可以从steam相关站点检索任何数据的状态,就像它作为某个用户登录一样。
所以登录发生在4个步骤(4个请求-响应组合):注意:Steam站点javascript在所有请求中使用post,但似乎get也有效。假设用户名"hyper"
1。初始请求:
post https://store.steampowered.com/login/getrsakey/?username=hyper
下面是我的函数:
void http::steam_auth(const QString &uname, const QString &pwd)
{
QString encrypted_password, sg, pkey_exp, pkey_mod, timestamp, emailsteamid;
QJsonDocument json_buffer;
QByteArray buffer;
QUrl rsa(steam_getrsa), login(steam_dologin); //steam login urls
QUrlQuery urlquery;
在这里我们发送请求:
urlquery.addQueryItem("username", uname); //first step
urlquery.addQueryItem("l", "english"); //set communication language
rsa.setQuery(urlquery);
QNetworkRequest first(rsa);
QNetworkReply *reply = this->get(first);
buffer = reply->readAll();
作为响应,我们得到:
{"success":true,"publickey_mod":"AC41A964789638B6A3B3BD5ADD9F3680FA45881C70FD2032B10A3BB6D2ACF021C2B3D564DC44DE3054E3BF78A1753399223C794A0DED03A76CD1F1DFE851E30F0D6F14484C258EB6053676A47D20A68E11ECCD783F343594DDA3817AA5DCCE75FAF5C68BB197DA1FF12F22F9FCD83624D00A23CC57A367563ADBBCEDF5C8742A57B12A4BD04DC02A55C80F4F6984B1E2D5A99081510326E1C6BAB2C2723560487E8F7EA1A2CB55AEFC5594C9FBB71CAD553CB2D866214BC41156259FEC55362D38DCDBE8FADFB577FE0736CE3E37AF6D2CDDF28FA218C1E477E29B17713BFC48A227455B6B0DE09884CC0820CE40CD4877D93704D00E20A235FCF55D100A01C1","publickey_exp":"010001","timestamp":"284691100000"}
表示一切正常。现在我们需要在发送密码之前加密它
json_buffer = QJsonDocument::fromJson(buffer);
pkey_exp = json_buffer.object().value("publickey_exp").toString();
pkey_mod = json_buffer.object().value("publickey_mod").toString();
timestamp = json_buffer.object().value("timestamp").toString();
delete reply;
urlquery.clear();
encrypted_password = app::core::get_encrypted_password(pwd, pkey_exp, pkey_mod);
2。发送加密密码:
urlquery.addQueryItem("username", uname);
urlquery.addQueryItem("password", encrypted_password);
urlquery.addQueryItem("emailauth", "");
urlquery.addQueryItem("captchagid", "");
urlquery.addQueryItem("captcha_text", "");
urlquery.addQueryItem("emailsteamid", "");
urlquery.addQueryItem("rsatimestamp", timestamp);
urlquery.addQueryItem("remember_login", "false");
login.setQuery(urlquery);
QNetworkRequest second(login);
second.setUrl(login);
reply = this->get(second);
buffer = reply->readAll();
我们得到一个请求字符串,如下所示:
post https://store.steampowered.com/login/dologin/?username=solidbeetle2&password=YmhTKVkRXyiCYe6wx+ZJ8PIhzj4A4BLWgJFOE5ge7nbIAM6m1G9qHh+Iqx30ZLdB0wW0xdWDNCgHBNPHKLA+P2pYhPF0DeL9v8UQsers6NCNNPZ0SFN4HhNlu6Gwh8QAjrNykev7N5FADXwJnFjPBvmvthATmrktVEtFYF54lckaPnijXYSDIpfEjmG8+bCDKT/GLaUiftA2QauUY9ap8WHSEoykiTmfL344ghzjhCA33UKx0NIgBrDdI1RLfHVcmAcU/c9NEhoHLOT93n8hqWY+YVx9VbOcKqqZPrbCiQoU2BZrqK6N7aj+K6kH0VWHH7+LD2KJx4BUJgHOmNqVDg%3D%3D&emailauth=&captchagid=&captcha_text=&emailsteamid=&rsatimestamp=50693150000&remember_login=false
这是完全有效的,据我所知,JS在蒸汽网站发送ajax相同,但…问题在这里当我得到这个响应时,它说json中的message:Invalid login
…但是如果我保存完整的查询字符串从我的请求文件,然后将其粘贴在浏览器或在HTTP分析器内的HTTP请求生成器,它可以很好地显示消息:SteamGuard出什么事了?我是不是漏掉了什么?QNetworkAccessManager是否以某种方式打破了这一点?: c 如果有什么不清楚的地方,我很抱歉,如果需要的话,我会尽力再解释一遍。提前感谢!
注:是否有可靠的方法来检查我的应用程序发送的请求?
P.S.S.
我检查了所有这些东西,最终能够实现我的目标。简而言之,问题出在qt面向网络的类上。很明显,qurlquery应该以%编码的形式对/或=等字符进行编码。但事实并非如此,因此我不得不在QString中手动替换它们。如果有人需要一个工作程序,可以在这里找到(它不漂亮:c)