Session is not maintained between UIWebView - swift

In my app I'm trying to login user through UIWebView. On successful login cookies are set in NSHTTPCookieStorage. Few of my app pages are open in UIWebView.
When request for particular web page is send, it check whether user is logged in or not based on the cookies.
I checked that cookies are present in NSHTTPCookieStorage, but are not valid cookies on server. That is, it consider user as logged out user.
My code for loading UIWebView is as below:
let url = serverURL + urlString
let urlRequest = NSMutableURLRequest(URL: NSURL(string: url)!)
webPage.loadRequest(urlRequest)
Even I tried with NSURLSession and setting cookies as HTTPHeaderField. Below is my code for that too:
let URLRequest: NSMutableURLRequest = NSMutableURLRequest(URL: NSURL(string: url)!)
let cookies = NSHTTPCookieStorage.sharedHTTPCookieStorage().cookiesForURL(NSURL(string: serverURL)!)
for cookie in cookies!{
URLRequest.setValue(cookie.value, forHTTPHeaderField: cookie.name)
}
let sessionConfig = NSURLSessionConfiguration.defaultSessionConfiguration()
let session = NSURLSession(configuration: sessionConfig, delegate: self, delegateQueue: nil)
let task = session.downloadTaskWithRequest(URLRequest)
task.resume()
It's working properly for few cases. I'm unable to find what can be an issue with the cookies.
Any help will be appreciated.
Thanks in advance

The following code does not do what you intend:
for cookie in cookies!{
URLRequest.setValue(cookie.value, forHTTPHeaderField: cookie.name)
}
When cookies are sent over HTTP, they are sent in a Cookie header of the format:
Cookie: cookie1=value1; cookie2=value2
You are creating multiple headers named the cookie name, so your request looks like:
cookie1: value1
cookie2: value2
The easiest way to create the correct headers is with NSHTTPCookie.requestHeaderFieldsWithCookies(_:[NSHTTPCookie]). Since you've added no other headers, you could simply do:
if let cookies = NSHTTPCookieStorage.sharedHTTPCookieStorage().cookiesForURL(NSURL(string: serverURL)!) {
URLRequest.allHTTPHeaderFields = NSHTTPCookie.requestHeaderFieldsWithCookies(cookies)
}
As an aside, you are using different URLs for your request and for looking up the cookies. They should be the same as cookies can be scoped to specific paths in a domain.

Related

Background upload with share extension

I created an macOS ShareExtension which I want to use to upload pictures.
I'm still testing this so any requests will be sent to https://beeceptor.com.
The share extension works fine and it shows up in Preview, once I run it:
I add some text and hit "Post"
But the image is then not uploaded.
This is my code that initiates the background upload:
let sc_uploadURL = "https://xyz.free.beeceptor.com/api/posts" // https://beeceptor.com/console/xyz
override func didSelectPost() {
// This is called after the user selects Post. Do the upload of contentText and/or NSExtensionContext attachments.
let configName = "com.shinobicontrols.ShareAlike.BackgroundSessionConfig"
let sessionConfig = URLSessionConfiguration.background(withIdentifier: configName)
// Extensions aren't allowed their own cache disk space. Need to share with application
sessionConfig.sharedContainerIdentifier = "group.CreateDaily"
let session = URLSession(configuration: sessionConfig)
// Prepare the URL Request
let request = urlRequestWithImage(image: attachedImage, text: contentText)
// Create the task, and kick it off
let task = session.dataTask(with: request! as URLRequest)
task.resume()
// Inform the host that we're done, so it un-blocks its UI. Note: Alternatively you could call super's -didSelectPost, which will similarly complete the extension context.
extensionContext?.completeRequest(returningItems: [AnyObject](), completionHandler: nil)
}
private func urlRequestWithImage(image: NSImage?, text: String) -> NSURLRequest? {
let url = URL(string: sc_uploadURL)!
let request: NSMutableURLRequest? = NSMutableURLRequest(url: url as URL)
request?.addValue("application/json", forHTTPHeaderField: "Content-Type")
request?.addValue("application/json", forHTTPHeaderField: "Accept")
request?.httpMethod = "POST"
let jsonObject = NSMutableDictionary()
jsonObject["text"] = text
if let image = image {
jsonObject["image_details"] = extractDetailsFromImage(image: image)
}
// Create the JSON payload
let jsonData = try! JSONSerialization.data(withJSONObject: jsonObject, options: JSONSerialization.WritingOptions.prettyPrinted)
request?.httpBody = jsonData
return request
}
Please note that the sharedContainerIdentifier is present in the entitlements of the app as well as in the sharing extensions entitlements.
The ShareExtensions is in the respective App Group and has outgoing connections enabled.
Performing a background upload
Once the user has completed their entry, and clicks the Post button, then the extension should upload the content to some web service somewhere. For the purposes of this example, the URL of the endpoint is contained within a property on the view controller:
let sc_uploadURL = "http://requestb.in/oha28noh"
This is a URL for the Request Bin service, which gives you a temporary URL to allow you to test network operations. The above URL (and the one in the sample code) won’t work for you, but if you visit requestb.in then you can get hold of your own URL for testing.
As mentioned previously, it’s important that extensions put very little strain on the limited system resources. Therefore, at the point the Post button is tapped, there is no time to perform a synchronous, foreground network operation. Luckily, NSURLSession provides a simple API for creating background network operations, and that’s what you’ll need here.
The method which gets called when the user taps post is didSelectPost(), and in its simplest form it must look like this:
override func didSelectPost() {
// Perform upload
...
// Inform the host that we're done, so it un-blocks its UI.
extensionContext?.completeRequestReturningItems(nil, completionHandler: nil)
}
Setting up an NSURLSession is pretty standard:
let configName = "com.shinobicontrols.ShareAlike.BackgroundSessionConfig"
let sessionConfig = NSURLSessionConfiguration.backgroundSessionConfigurationWithIdentifier(configName)
// Extensions aren't allowed their own cache disk space. Need to share with application
sessionConfig.sharedContainerIdentifier = "group.ShareAlike"
let session = NSURLSession(configuration: sessionConfig)
The important part to note of the above code segment is the line which sets the sharedContainerIdentifier on the session configuration. This specifies the name of the container that NSURLSession can use as a cache (since extensions don’t have their own writable disc access). This container needs to be set up as part of the host application (i.e. ShareAlike in this demo), and can be done through Xcode:
Go to the capabilities tab of the app’s target
Enable App Groups
Create a new app group, entitled something appropriate. It must
start with group.. In the demo the group is called group.ShareAlike
Let Xcode go through the process of creating this group for you.
Then you need to go to the extension’s target, and follow the same process. Note that you won’t need to create a new app group, but instead select the one that you created for your host application.
These app groups are registered against your developer ID, and the signing process ensures that only your apps are able to access these shared containers.
Xcode will have created an entitlements file for each of your projects, and this will contain the name of the shared container it has access to.
Now that you’ve got your session set up correctly, you need to create a URL request to perform:
// Prepare the URL Request
let request = urlRequestWithImage(attachedImage, text: contentText)
This calls a method which constructs a URL request which uses HTTP POST to send some JSON, which includes the string content, and some metadata properties about the image:
func urlRequestWithImage(image: UIImage?, text: String) -> NSURLRequest? {
let url = NSURL.URLWithString(sc_uploadURL)
let request = NSMutableURLRequest(URL: url)
request.addValue("application/json", forHTTPHeaderField: "Content-Type")
request.addValue("application/json", forHTTPHeaderField: "Accept")
request.HTTPMethod = "POST"
var jsonObject = NSMutableDictionary()
jsonObject["text"] = text
if let image = image {
jsonObject["image_details"] = extractDetailsFromImage(image)
}
// Create the JSON payload
var jsonError: NSError?
let jsonData = NSJSONSerialization.dataWithJSONObject(jsonObject, options: nil, error: &jsonError)
if jsonData {
request.HTTPBody = jsonData
} else {
if let error = jsonError {
println("JSON Error: \(error.localizedDescription)")
}
}
return request
}
This method doesn’t actually create a request which uploads the image, although it could be adapted to do so. Instead, it extracts some details about the image using the following method:
func extractDetailsFromImage(image: UIImage) -> NSDictionary {
var resultDict = [String : AnyObject]()
resultDict["height"] = image.size.height
resultDict["width"] = image.size.width
resultDict["orientation"] = image.imageOrientation.toRaw()
resultDict["scale"] = image.scale
resultDict["description"] = image.description
return resultDict
}
Finally, you can ask the session to create a task associated with the request you’ve built, and then call resume() on it to kick it off in the background:
// Create the task, and kick it off
let task = session.dataTaskWithRequest(request!)
task.resume()
If you run through this process now, with your own requestb.in URL in place, then you can expect to see results like this:
An App Group identifier must start with "group." and must match everywhere it is used - in the entitlements files, in your code, and on the Apple Dev portal.
In your app and share extension entitlement definitions, you have $(TeamIdentifierPrefix).group.CreateDaily. This is not valid, since it does not begin with "group.".
In your code, you just have "group.CreateDaily". This would be fine if it matched what was in your entitlement files, though Apple recommends using reverse domain name notation to avoid conflicts.
My recommendation would be to go to the Apple Dev portal under Certificates, Identifiers & Profiles/ Identifiers/ AppGroups and define your app groups. Apple will not let you enter something that does not begin with "group.". Once that has been setup, make sure that what you have in your entitlement files and code (config.sharedContainerIdentifier) match and then everything should work.

UIApplication.shared.open Add Header Data

I need to open an external link in Safari to a page but the server I'm hitting with the url requires that I need to verify the IP address in a header. How can I pass header data in with UIApplication.shared.open?
There's an option parameter but I can't find any examples or documentation if this is the correct parameter to use to pass header data like ['header': _ipAddress].
Below is an example of where I'm setting headers for another kind of request that just opens in the app itself but I don't know how I can do this for UIApplication.shared.open.
let newRequest = (self.request as NSURLRequest).mutableCopy() as! NSMutableURLRequest
if let _ip = EDataManager.shared.ipAddressOfTheUser, _ip.length() > 0 {
newRequest.setValue(_ip, forHTTPHeaderField: "ex_header")
}
URLProtocol.setProperty("true", forKey: EWebViewAssetDownloadProtocol.CustomKey, in: newRequest)
let defaultConfigObj = URLSessionConfiguration.default
let defaultSession = URLSession(configuration: defaultConfigObj, delegate: self, delegateQueue: nil)
self.dataTask = defaultSession.dataTask(with: newRequest as URLRequest)
self.dataTask!.resume()
Unfortunately this is not supported for UIApplication.openURL(:options:completion:). Additionally, you can't open a URLRequest out to another application, so there really is no way to pass header fields into an external link to open in Safari.
If you have control of the external API, the best way to handle this is to pass URL query parameters into the url you open. However you have to be careful with that, because URL query parameters are viewable by users, so you can't pass any sensitive data that way.

LinkedIn login with Stormpath

I am able to get the access token of my LinkedIn account in swift using the LinkedIn SDK. How do I authenticate this login with Stormpath?
[Update]
let APIURL = "https://api.stormpath.com/v1/applications/LI_APPLICATION_ID/accounts"
func sendRequestWithJSON(accessToken:String)
{
let json = [ "providerData" : ["providerId": "linkedin", "accessToken": accessToken] ]
do {
let jsonData = try NSJSONSerialization.dataWithJSONObject(json, options: .PrettyPrinted)
let username = STORMPATH_API_KEY_ID
let password = STORMPATH_API_KEY_SECRET
let loginString = NSString(format: "%#:%#", username, password)
let loginData: NSData = loginString.dataUsingEncoding(NSUTF8StringEncoding)!
let base64LoginString = loginData.base64EncodedDataWithOptions(NSDataBase64EncodingOptions.Encoding64CharacterLineLength)
// create post request
let url = NSURL(string: APIURL)!
let request = NSMutableURLRequest(URL: url)
request.HTTPMethod = "POST"
// insert json data to the request
request.setValue("Basic \(base64LoginString)", forHTTPHeaderField: "Authorization")
request.setValue("application/json; charset=utf-8", forHTTPHeaderField: "Content-Type")
request.HTTPBody = jsonData
let task = NSURLSession.sharedSession().dataTaskWithRequest(request){ data, response, error in
if error != nil{
print("Error -> \(error)")
return
}
do {
let result = try NSJSONSerialization.JSONObjectWithData(data!, options: []) as? [String:AnyObject]
print("Result -> \(result)")
} catch {
print("Error -> \(error)")
}
}
task.resume()
//return task
} catch {
print(error)
}
}
I am passing accessToken fetch from linkedin to above function, but it return below result:
["message": Authentication required., "status": 401, "code": 401, "developerMessage": Authentication with a valid API Key is required., "moreInfo": http://www.stormpath.com/docs/quickstart/connect]
What's wrong I am doing?
LinkedIn is an interesting beast, since their mobile SDKs have two flaws:
An end user NEEDS the LinkedIn app to be installed, otherwise the "login" button will redirect the user to the App Store.
The mobile access token cannot be used on the server. See this screenshot from LinkedIn's iOS documentation
So - to get auth working on mobile, I would recommend using a server to handle the flow, so you don't have to worry about those two downsides. This is roughly:
The app will redirect the user to your webserver.
The webserver begins the LinkedIn authentication flow, and redirects the user to LinkedIn.
The user logs into LinkedIn, and gets redirected back to your webserver.
The webserver reads the response, and exchanges the Authorization Code with LinkedIn for an access token.
The webserver redirects your user back to the app, using a custom url scheme to send it the LinkedIn access token.
The app uses the LinkedIn access token to login to Stormpath.
Sound complicated? It's actually more straightforward than it seems. I actually wrote some demo code for this flow using Express.js & Swift if you want to try it out. Let me know if it works for you!

Setting Headers for OAuth Authenticated User (Bearer)

I am experimenting on OAuth2 (on Laravel) & Swift with Alamofire. I successfully got token, however I couldn't set the headers to be able to get authenticate-specific data from Api.
Without Alamofire, I was setting this header and it was working.
func me(handler: (data: NSDictionary?, error: String?) -> Void)
{
let url = NSURL(string: "/me", relativeToURL: self.baseUrl)
let request = NSMutableURLRequest(URL: url!)
request.HTTPMethod = "GET"
if let t = self.getAccessToken()
{
request.setValue("Bearer \(t)", forHTTPHeaderField: "Authorization")
}
}
However I didn't get what to do with Alamofire.
Now I can use getAccessToken() to get token as a string, but I got really confused adapting it to Alamofire style.
I tried this but doesn't pass the authentication middleware for a reason:
let token = getAccessToken()
print(token!) // prints
let headers = ["Authorization":"Bearer \(token)"]
Alamofire.request(.GET, userDetailsEndpoint!, headers: headers)...
Still getting error The resource owner or authorization server denied the request

Alamofire - NSURLCache is not working?

I set my cache as below
var cacheSizeMemory = 20 * 1024 * 1024
var cacheSizeDisk = 100 * 1024 * 1024
var sharedCache = NSURLCache(memoryCapacity: cacheSizeMemory, diskCapacity: cacheSizeDisk, diskPath: "SOME_PATH")
NSURLCache.setSharedURLCache(sharedCache)
Create request with cache policy
var request = NSMutableURLRequest(URL: NSURL(string: "\(baseUrl!)\(path)")!, cachePolicy: .ReturnCacheDataElseLoad, timeoutInterval: timeout)
Make a request and get a response with following Cache-Control private, max-age=60
Then try to check the cache
var cachedResponse = NSURLCache.sharedURLCache().cachedResponseForRequest(urlRequest)
value is nil
Any thoughts?
I was able to manually cache pages by writing them to the sharedURLCache like this:
Alamofire.request(req)
.response {(request, res, data, error) in
let cachedURLResponse = NSCachedURLResponse(response: res!, data: (data as NSData), userInfo: nil, storagePolicy: .Allowed)
NSURLCache.sharedURLCache().storeCachedResponse(cachedURLResponse, forRequest: request)
}
NSURLCache seems to respect the headers sent by the server, even if you configure the opposite everywhere else in your code.
The Wikipedia API, for example, sends
Cache-control: private, must-revalidate, max-age=0
Which translates to: Must revalidate after 0 seconds.
So NSURLCache says: “OK, I won’t cache anything.”
But by manually saving the response to the cache, it works. At least on iOS 8.2.
Almost lost my mind on this one. :)
I ended up manually adding Cache-Control as private in the header of my request and it now works. Don't even need to manually check the cache, Alamofire does it for you
let cachePolicy: NSURLRequestCachePolicy = isReachable() ? .ReloadIgnoringLocalCacheData : .ReturnCacheDataElseLoad
var request = NSMutableURLRequest(URL: NSURL(string: "\(baseUrl!)\(path)")!, cachePolicy: cachePolicy, timeoutInterval: timeout)
request.addValue("private", forHTTPHeaderField: "Cache-Control")
var alamoRequest = Manager.sharedInstance.request(urlRequest)
I found that URLCache does not save responses bigger than 5% (1/20) of capacity.
Default cache has memoryCapacity = 512000, it does not save to memory responses greater than 25600.
As a solution extend capacity
[Swift solution for resolving expiration of NSURLcache]
I think that main problem here is this: ReturnCacheDataElseLoad.
#arayax gave you the answer that will fix that probably, but my solution would be something like this:
Since I'm using Alamofire for Network requests I've set my configuration:
configuration.requestCachePolicy = .ReturnCacheDataElseLoad
And when I make request I do check internet connectivity, if it is true, then clear NSURLCache, so it will force Alamofire to make request on server and not from cache:
if Reachability.isConnectedToNetwork() == true {
ConfigService.cache.removeAllCachedResponses()
}
ConfigService.manager?.request(.GET, ...
I hope this will help, maybe for other type of problems with NSURLCache :)
For me it was Pragma →no-cache after removing this everything worked.
This is how I got the cache to work with Alamofire 4 and swift 3 (Semi full function for reference):
func getTheList(courseId : String )-> Void{
appConstants.sharedInstance.startLoading()
let TheURL = DEFAULT_APP_URL + "api/getMyList?Id="+ID
let urlString = NSURL(string: TheURL)
var mutableURLRequest = URLRequest(url: urlString! as URL)
mutableURLRequest.httpMethod = "GET"
mutableURLRequest.setValue("application/json", forHTTPHeaderField: "Content-Type")
mutableURLRequest.cachePolicy = NSURLRequest.CachePolicy.returnCacheDataElseLoad
Alamofire.request(mutableURLRequest)
.responseJSON
{.......