Pritunl Zero - Api not working - Always 401

defaultbr · November 9, 2022, 4:58pm

I’m currently using this code:

import logging
import os
import sys
import json
import time
import uuid
import hmac
import logging
import base64
import urllib3
import hashlib
import requests

BASE_URL = os.environ['PRITUNL_BASE_URL']
API_TOKEN = os.environ['PRITUNL_API_TOKEN']
API_SECRET = os.environ['PRITUNL_API_SECRET']

def auth_request(method, path):
    auth_timestamp = str(int(time.time()))
    auth_nonce = uuid.uuid4().hex
    auth_string = '&'.join([API_TOKEN, auth_timestamp, auth_nonce, method.upper(), path])
    auth_signature = base64.b64encode(hmac.new(
    API_SECRET.encode('utf-8'), auth_string.encode('utf-8'), hashlib.sha256).digest())

    auth_headers = {
        'Auth-Token': API_TOKEN,
        'Auth-Timestamp': auth_timestamp,
        'Auth-Nonce': auth_nonce,
        'Auth-Signature': auth_signature,
        'Content-Type': 'application/json'
    }
    return auth_headers


# Function to call the API, template is optional
def request(method, path, template=None):
    try:
        return requests.request(method, BASE_URL + path,
            headers=auth_request(method, path), 
            verify=True, data=json.dumps(template)
        )
    except Exception as e:
        logging.warning(e)


def get_user( user_id):
    try:
        response = request('GET', '/user/{}'.format(user_id))
        print(response.json())
        assert(response.status_code == 200)
        data = response.json()

        for user in data:
            print(user)

    except Exception as e:
        logging.warning(e)


get_user("619694f4e9025a52daa48130")

I got the token and secret from the user screen and set it to admin

But the response:

python3 pritunl_scripts/get_user.py
WARNING:root:[Errno Extra data] 401 Unauthorized: 4

My envs:

export PRITUNL_BASE_URL="https://${myPritunlZeroHost}.com.br"
export PRITUNL_API_TOKEN="sbe3kBI...redacted"
export PRITUNL_API_SECRET="kNIYz8TL..redacted"

zach · November 10, 2022, 2:18am

Pritunl Zero and Pritunl Cloud use SHA512.

defaultbr · November 10, 2022, 12:58pm

@zach Humm, what should be changed so?

I’m trying the exact auth_request from the docs: https://docs.pritunl.com/docs/api

defaultbr · November 10, 2022, 1:14pm

For anyone strugling:

This auth_request works

def auth_request(method, path, headers=None, data=None):
    auth_timestamp = str(int(time.time()))
    auth_nonce = uuid.uuid4().hex
    auth_string = '&'.join([API_TOKEN, auth_timestamp, auth_nonce,method.upper(), path])
    auth_signature = base64.b64encode(hmac.new(API_SECRET.encode("utf-8"), auth_string.encode("utf-8"), hashlib.sha512).digest())
    auth_headers = {
        'Pritunl-Zero-Token': API_TOKEN,
        'Pritunl-Zero-Timestamp': auth_timestamp,
        'Pritunl-Zero-Nonce': auth_nonce,
        'Pritunl-Zero-Signature': auth_signature,
    }
    if headers:
        auth_headers.update(headers)
    return getattr(requests, method.lower())(
        BASE_URL + path,
        headers=auth_headers,
        data=data,
    )

source: pritunl-zero/add_users.py at master · pritunl/pritunl-zero · GitHub

ps: I had to add the .encode(“utf-8”) when calling hmac.new