Note regarding CryptoJS SHA-3 implementation for hashes used by API

[lukvmil]

Wanted to share this in case someone else comes across this issue in the future. I'm using Python to call the API endpoints to automatically download pubs and came across this slightly confusing issue. The /api/login endpoint requires a hashed version of the password be passed in, which the documentation says is the SHA-3 hash. Unfortunately the SHA-3 function provided by the CryptoJS library that pubpub uses is not the current standard defined by NIST (see here). The CryptoJS docs acknowledge this but it's a little hard to find: https://cryptojs.gitbook.io/docs/

Anyway, the SHA-3 function in Python's hashlib library will not match the output of the CryptoJS SHA-3 function which will cause user authentication to fail. In order to fix this you have to use the keccak 512 bit hashing function. I used the pycryptodome library, and I'll also include my code here, hopefully it can help someone else :)

from Crypto.Hash import keccak

# keccak 512 matches old sha-3 algorithm
def false_sha3_hash(string):
    keccak_hash = keccak.new(digest_bits=512)
    keccak_hash.update(string.encode())
    return keccak_hash.hexdigest()

[tefkah]

Thank you for showing this off!

We are working on a much easier way of authentication that should land sometime soon, so this hopefully won't be necessary soon 😅

[Log-of-e]

Thanks
I had good success using Python with the v6 Pubpub API and the above mentioned pycryptodome library.

I had to double check that I was using an account with the proper permissions to manipulate pubs, otherwise the API properly would respond with 403 unauthorized access.

Here is v6 Pubpub API documentation:
https://www.pubpub.org/apiDocs#/

Thanks 😄