1. 首頁
  2. 問答
  3. CSRF令牌驗證失敗的Drupal服務從iphone要求

CSRF令牌驗證失敗的Drupal服務從iphone要求

2014-02-27 77 views
0

1.Is有必要https://www.mysite.com/my_services/user/token 拿到令牌和我設置登錄呼叫,但它的出現錯誤「CSRF令牌問題」CSRF令牌驗證失敗的Drupal服務從iphone要求

  1. https://www.mysite.com/my_services/user/login 與後paramater用戶名和密碼

我是問題 我是否有用戶/令牌每次打電話..for獲得令牌,並在報頭設置x-CSRF令牌值POST請求。

  • (無效)viewDidLoad中 { [超級viewDidLoad中];

    的NSString * notificationName = @ 「MTPostNotificationTut」; [[NSNotificationCenter defaultCenter] addObserver:self selector:@selector(useNotificationWithString :) name:notificationName object:nil]; }

  • (無效)didReceiveMemoryWarning { [超級didReceiveMemoryWarning];

}

- (無效)viewWillAppear中:(BOOL)動畫{

NSString *urlString = @"https://www.mysite.com/my_services/user/token.json"; 


NSString *urlS = [urlString stringByAddingPercentEscapesUsingEncoding:NSUTF8StringEncoding]; 


NSMutableURLRequest *request = [NSMutableURLRequest requestWithURL:[NSURL URLWithString:urlS]cachePolicy:NSURLCacheStorageAllowed timeoutInterval:10.0]; 
[request setHTTPMethod:@"POST"]; 

[request setValue:@"application/json" forHTTPHeaderField:@"Content-Type"]; 


NSURLResponse *response; 
NSError *err; 


NSData *responseData = [NSURLConnection sendSynchronousRequest:request returningResponse:&response error:&err]; 

NSString *string = [[NSString alloc] initWithData:responseData encoding:NSUTF8StringEncoding]; 
NSLog(@"stringFromData = %@",string); 

id jsonResponseData = [NSJSONSerialization JSONObjectWithData:responseData options:kNilOptions error:nil]; 

NSLog(@"jsonResponseData = %@",jsonResponseData); 

NSDictionary *jsonResponseDict; 
if ([jsonResponseData isKindOfClass:[NSDictionary class]]) { 
    jsonResponseDict = jsonResponseData; 
} else { 
    // Error-handling code 
} 
jsonResponseData = [jsonResponseDict objectForKey:@"d"]; 
if (jsonResponseData == nil) { 

    id jsonExceptioTypeData = [jsonResponseDict objectForKey:@"ExceptionType"]; 
    if (jsonExceptioTypeData != nil) { 
     NSLog(@"%s ERROR : Server returned an exception", __func__); 
     NSLog(@"%s ERROR : Server error details = %@", __func__, jsonResponseDict); 
    } 
} 

token = [jsonResponseDict objectForKey:@"token"]; 
NSLog(@"token = %@",token); 


if (token !=NULL) { 

    NSString *notificationName = @"MTPostNotificationTut"; 
    NSString *key = @"token"; 
    NSDictionary *dictionary = [NSDictionary dictionaryWithObject:token forKey:key]; 
    [[NSNotificationCenter defaultCenter] postNotificationName:notificationName object:nil userInfo:dictionary]; 
}

}

- (無效)checkWithServer:(的NSString *)URLNAME jsonString:(的NSString *)jsonString {

NSMutableURLRequest *request = [NSMutableURLRequest requestWithURL:[NSURL URLWithString:urlname]cachePolicy:NSURLCacheStorageAllowed timeoutInterval:10.0]; 
[request setHTTPMethod:@"POST"]; 
[request setValue:@"application/json" forHTTPHeaderField:@"Content-Type"]; 
[request setHTTPBody:[jsonString dataUsingEncoding:NSUTF8StringEncoding]]; 


NSURLResponse *response; 
NSError *err; 


NSData *responseData = [NSURLConnection sendSynchronousRequest:request returningResponse:&response error:&err]; 

NSString *string = [[NSString alloc] initWithData:responseData encoding:NSUTF8StringEncoding]; 
NSLog(@"stringFromData = %@",string); 

id jsonResponseData = [NSJSONSerialization JSONObjectWithData:responseData options:kNilOptions error:nil]; 



NSDictionary *jsonResponseDict; 
if ([jsonResponseData isKindOfClass:[NSDictionary class]]) { 
    jsonResponseDict = jsonResponseData; 
} else { 

} 
jsonResponseData = [jsonResponseDict objectForKey:@"d"]; 
if (jsonResponseData == nil) { 

    id jsonExceptioTypeData = [jsonResponseDict objectForKey:@"ExceptionType"]; 
    if (jsonExceptioTypeData != nil) { 
     NSLog(@"%s ERROR : Server returned an exception", __func__); 
     NSLog(@"%s ERROR : Server error details = %@", __func__, jsonResponseDict); 
    } 
} 
NSLog(@"jsonResponseData = %@",jsonResponseDict); 
token = [jsonResponseDict objectForKey:@"token"]; 
NSLog(@"token = %@",token);

}

- (無效)useNotificationWithString:(NSNotification *)通知{

NSString *urlString = @"https://www.mysite.com/my_services/user/login.json"; 

NSString *urlS = [urlString stringByAddingPercentEscapesUsingEncoding:NSUTF8StringEncoding]; 

NSDictionary *inputData = [[NSDictionary alloc] initWithObjectsAndKeys: 
          @"ranjeet.gholave", @"username", 
          @"ran123", @"password", 
          nil]; 

NSError *error = nil; 
NSData *jsonInputData = [NSJSONSerialization dataWithJSONObject:inputData options:NSJSONWritingPrettyPrinted error:&error]; 
NSString *jsonInputString = [[NSString alloc] initWithData:jsonInputData encoding:NSUTF8StringEncoding]; 
[self getTokenFromServer:urlS jsonString:jsonInputString];

}

- (無效)getTokenFromServer:(的NSString *)URLNAME jsonString:(的NSString *)jsonString {

NSMutableURLRequest *request = [NSMutableURLRequest requestWithURL:[NSURL URLWithString:urlname]cachePolicy:NSURLCacheStorageAllowed timeoutInterval:30.0]; 
[request setHTTPMethod:@"POST"]; 
// [request setValue:@"application/json" forHTTPHeaderField:@"Accept"]; 
[request setValue:@"application/json" forHTTPHeaderField:@"Content-Type"]; 
[request addValue:token forHTTPHeaderField:@"X-CSRFToken"]; 

[request setHTTPBody:[jsonString dataUsingEncoding:NSUTF8StringEncoding]]; 



NSURLResponse *response; 
NSError *err; 


NSData *responseData = [NSURLConnection sendSynchronousRequest:request returningResponse:&response error:&err]; 
NSLog(@"responseDataIn Second Method = %@",responseData); 


id jsonResponseData = [NSJSONSerialization JSONObjectWithData:responseData options:kNilOptions error:nil]; 

NSLog(@"jsonResponseData = %@",jsonResponseData); 


NSDictionary *jsonResponseDict; 
if ([jsonResponseData isKindOfClass:[NSDictionary class]]) { 
    jsonResponseDict = jsonResponseData; 
} else { 
    // Error-handling code 
} 
jsonResponseData = [jsonResponseDict objectForKey:@"d"]; 
if (jsonResponseData == nil) { 

    id jsonExceptioTypeData = [jsonResponseDict objectForKey:@"ExceptionType"]; 
    if (jsonExceptioTypeData != nil) { 
     NSLog(@"%s ERROR : Server returned an exception", __func__); 
     NSLog(@"%s ERROR : Server error details = %@", __func__, jsonResponseDict); 
    } 
}

} 如果我允許的cookie,然後CSRF令牌驗證問題來 和COOKIE的時候不允許我再CSRF令牌ISS呃不來....如何解決問題..感謝 關心, Ranjeet Gholave

來源

2014-02-27 Gholave Ranjeett Vijaykumar

回答

1

我知道這是一個古老的線程。但你應該檢查出https://github.com/kylebrowning/drupal-ios-sdk以及AFNetworking。你真的比你的工作更難。

但是,爲了回答你的問題,一旦你登錄時,CSRF令牌將在用戶對象被退回,將是有效的,然後整個用戶會話。所以你可以緩存並使用它,直到用戶註銷或者他們的會話過期。

使用Drupal IOS SDK它是那樣簡單:

[DIOSUser userMakeSureUserIsLoggedInWithUsername:username 
        andPassword:password 
         success:^(AFHTTPRequestOperation *op, id response) { 
          DLog(@"user: %@", response); 
          [DIOSSession sharedSession].user = response; 

          //NOTE: fix for services 3.4+ CSRF Token Validation 
          [[DIOSSession sharedSession] setDefaultHeader:@"X-CSRF-Token" value:response[@"token"]]; 

          [self saveLoginInfoForUserWithUsername:username andPassword:password]; 
          [self processUserInfoWithUser:response]; 
          success(response); 
         } 
         failure:^(AFHTTPRequestOperation *op, NSError *err) { 
          failure(err); 
         } 
];

來源

2014-05-06 05:14:07

+0

我知道這是舊的,但需要你的幫助!試圖實現這一點,並XCode告訴我,沒有可見的@interface setDefaultHeader:值?任何想法爲什麼這是(我已經導入DIOSSession)? – Brittany

+0

自那時起他們已經改變了代碼..我還沒有測試過這個,但看着新的頭文件:[[DIOSSession sharedSession] .requestSerializer setValue:response [@「token」] forHTTPHeaderField:@「X-CSRF-Token 「]; –

相關問題

 相關問題