1. 首頁
  2. 問答
  3. 即使GET和POST令牌相同,爲什麼我會在Android Studio中收到CSRF令牌不匹配錯誤?

即使GET和POST令牌相同,爲什麼我會在Android Studio中收到CSRF令牌不匹配錯誤?

2016-04-30 67 views
0

我正在爲朋友的網站(node.js/mongoDB)開發一個android應用程序(android studio),我正在通過該應用程序處理用戶登錄。一切工作正常在服務器端,但當試圖登錄android服務器收到POST 403錯誤與CSRF令牌不匹配異常。在Android Studio中,我使用HttpURLConnection的,在我的主要RequestServer類我已經創建了一個GET方法,這將搶請求爲一個字符串,返回CSRF標記爲一子:即使GET和POST令牌相同,爲什麼我會在Android Studio中收到CSRF令牌不匹配錯誤?

public String getCsrf(String url) { 
    try { 
     urlObj = new URL(url); 

     conn = (HttpURLConnection) urlObj.openConnection(); 

     conn.setDoOutput(false); 

     conn.setRequestMethod("GET"); 

     conn.setUseCaches(false); 

     conn.setConnectTimeout(15000); 

     conn.connect(); 

      //Receive the response from the server 
     InputStream in = new BufferedInputStream(conn.getInputStream()); 
     BufferedReader reader = new BufferedReader(new InputStreamReader(in, "UTF-8")); 
     result = new StringBuilder(); 
     String line; 
     while ((line = reader.readLine()) != null) { 
      result.append(line); 
     } 
     reader.close(); 
     jsonstr = result.toString(); 

     Log.d("getCsrf JSON", "result: " + jsonstr); 

     // getting csrf token 
     int position = result.indexOf("<meta name=\"csrf-token\" content"); 
     // position of token in GET response 
     String token = result.substring(position + 33, position + 30 + 41); 
     System.out.println("Printing CSRF content from string in getCsrf....... " + token); 

     return token; 

    } catch (IOException e) { 
     e.printStackTrace(); 
    } 
    conn.disconnect(); 
    return null; 
}

在我登錄類我做POST請求時加入此令牌與我的電子郵件/密碼參數一起:

@Override 
     public void onClick(View v) {     
      email = email_txt.getText().toString(); 
      pwd = pw_txt.getText().toString(); 
      RequestServer sR = new RequestServer(); 
      //calling 'getCsrfFromUrl' method from RequestServer class to retrieve token (Async background method) 
      String CSRFToken = sR.getCsrfFromUrl("http://192.168.2.6:3000/login"); // Async background method for getCsrf 
      System.out.println("token in Login.java: " + CSRFToken); 
      HashMap<String, String> params = new HashMap<>(); 
      params.put("_csrf", CSRFToken); // the token being added to the parameters HashMap matches with the one I am retrieving from my GET request 
      params.put("email", email); 
      params.put("password", pwd); 
      JSONObject json = sR.postJSON("http://192.168.2.6:3000/login", params);// Async background method for makeHttpRequest.....rest of code not shown as error occurs at this postJSON line 
    }

現在,這裏是我的RequestServer類中的方法對我的POST請求:

public JSONObject makeHttpRequest(String url, 
            HashMap<String, String> params) { 

    sbParams = new StringBuilder(); 
    int i = 0; 
    for (String key : params.keySet()) { 
     // append params on POST 
     if (i != 0){ 
      sbParams.append("&"); 
     } 
     sbParams.append(key).append("=").append(params.get(key)); 

     i++; 
    } 
     // request method is POST 
     try { 
      urlObj = new URL(url); 

      conn = (HttpURLConnection) urlObj.openConnection(); 

      conn.setDoOutput(true); // set to true so that we can POST data to the url 

      conn.setRequestMethod("POST"); // default is GET 

      conn.setRequestProperty("Accept", "application/json"); 

      conn.setUseCaches(false); 

      conn.setReadTimeout(10000); 
      conn.setConnectTimeout(15000); 

      conn.connect(); 

      paramsString = sbParams.toString(); 

      wr = new DataOutputStream(conn.getOutputStream()); // Transmit data by writing to the stream returned by this 
      wr.writeBytes(paramsString); 
      wr.flush(); // clean up 
      wr.close(); 
      System.out.println("POST Response Status: " + conn.getResponseCode() + " " + conn.getResponseMessage()); 

     } catch (IOException e) { 
      e.printStackTrace(); 
     } 

    try { 
     //Receive the response from the server 
     InputStream in = new BufferedInputStream(conn.getInputStream()); 
     BufferedReader reader = new BufferedReader(new InputStreamReader(in, "UTF-8")); 
     result = new StringBuilder(); 
     String line; 
     while ((line = reader.readLine()) != null) { 
      result.append(line); 
     } 

     reader.close(); 
     jsonstr = result.toString(); 

     Log.d("POST JSON", "result: " + jsonstr); 

    } catch (IOException e) { 
     e.printStackTrace(); 
    } 
    conn.disconnect(); 

    // try to parse the string to a JSON object 
    try { 
     jObj = new JSONObject(jsonstr); 
    } catch (JSONException e) { 
     Log.e("POST JSON Parser", "Error parsing data " + e.toString() + " " + jObj); 
    } 

    // return JSON Object 
    return jObj; 

}

這裏是在Android Studio中(注意兩個標記的是在打印語句是相同的,但我仍然得到一個CSRF令牌不匹配錯誤)我的錯誤控制檯: node POST 403 error

android stack trace

錯誤從服務器端返回

我環顧了幾個星期,對於這種特殊情況沒有任何幫助。只是想知道我還缺少了什麼?提前致謝!

來源

2016-04-30 jn-szn

回答

0

請將您的Android Studio更新至v2.1.1 它有一個修復程序。它應該工作!

來源

2016-05-12 05:19:26 Exceptional

+0

你好,感謝你的回覆,不幸的是,在更新到v2.1.1之後,問題仍然存在。 –

+0

糟糕!那麼代碼中的任何地方都可能存在一些問題!不確定對不起! – Exceptional

相關問題

 相關問題