Sending different values to API than stored in NSUserDefaults - iphone

I have an app in the App Store that uses geofences to post updates to our local API. To date, this has been a smashing success. A couple months ago I installed Flurry to get some insight into customer usage and any unhandled exceptions out there. What I started getting back were some errors pertaining to the saved token we use to authenticate the user id.
This token is an MD5 salted hash of the username and password. No issues here, we use it for everything in the app. I store it in the NSUserDefaults and retrieve it before every API call. As we started narrowing down our search for the culprit, it is showing that we are sending a token that doesn't exist anywhere on our servers. When the user trips a geofence, it updates their status automatically, but a very small percent has been failing in the background causing some customer concerns.
Sorry for the long precursor, on to the question. What would cause my value in NSUserDefaults to get loaded to an NSString differently from one time to the next? I have tested the logic, it will update me 3 times in a row when I show up for work, but the 4th, I'll get a token failure error back from the server. There is no rhyme or reason to why it fails. Our server is logging these failed tokens and we can't match them up to anything.
So if anyone has any insight on this matter, I would very much appreciate it. Could it be messing up when I store it to NSString? Could it be some inconsistencies with my POST method? It might even be on our server, I dunno. I'm hoping everyone on SO can lend a hand and help me get some new insight. Thanks in advance.
//Loading the token... done this way for EVERY API call
NSUserDefaults *defaults = [NSUserDefaults standardUserDefaults];
NSString *token = [defaults objectForKey:#"token"];
Code taken from my API class
//My POST method for updating our API
NSString *requestData = [NSString stringWithFormat:#"?auth_token=%#", token];
NSData *myRequestData = [NSData dataWithBytes: [requestData UTF8String] length: [requestData length]];
NSMutableURLRequest *request = [[NSMutableURLRequest alloc] initWithURL: [NSURL URLWithString:[NSString stringWithFormat:#"%#/api/user.json%#", webAddress, requestData]]];
[request setHTTPMethod: #"POST"];
[request setHTTPBody: myRequestData];
NSData *jsonData = [NSURLConnection sendSynchronousRequest: request returningResponse: nil error: nil];
NSString *json = [[NSString alloc] initWithData:jsonData encoding:NSUTF8StringEncoding];
NSDictionary *payloadData = [json JSONValue];
if([[payloadData objectForKey:#"success"] boolValue]) {
// if i get here, successful update
} else {
// update unsuccessful, error message returned... bad token
}

Are you using any 3rd party libraries? "token" is a very common string, I would change it to something else. It's possible some other code is stomping on your token with their token.

I don't want this question to linger out there and waste anyone's time or energy. After some recent testing, I don't believe my issue is with the user defaults or the saved token. There are already answers out there, so I can't delete the question. So I'll just leave a small answer here and close it out.
I ended up moving all the login credentials to the iOS keychain. I salt and hash the email and password each time I need an API token. It creates a little more overhead for each API, but knowing my users' credentials are safe and secure is probably worth it. I still have my issue, but I think I'm getting closer to nailing it down. Thank you to anyone that has looked at my question.

Related

Facebook iOS SDK 3.0, implement like action on a url?

I'm trying to implement Like via the facebook open-graph-api with the Facebook iOS SDK 3.0.
Everything seems to work except the FbGraphObject and that's because I have no idea how it should look because this clearly does not work.
What I'm trying to do is to like a url posted as an object. A simple Like with via the open-graph.
The error message I get the the code below is:
The action you're trying to publish is invalid because it does not specify any
reference objects. At least one of the following properties must be specified: object.
The code I use is this:
FBGraphObject *objectToLike = [[FBGraphObject alloc]initWithContentsOfURL:[NSURL URLWithString:facebookLike.titleLabel.text]];
FBRequest *requestLike = [[FBRequest alloc]initForPostWithSession:[FBSession activeSession] graphPath:#"me/og.likes" graphObject:objectToLike];
FBRequestConnection *connection = [[FBRequestConnection alloc] init];
[connection addRequest:requestLike
completionHandler:
^(FBRequestConnection *connection, id result, NSError *error) {
if (!error &&
result) {
DLog(#"NothingWentWrong");
}
DLog(#"MajorError: %#", error);
}
];
[connection start];
UPDATE:
Checked some more info and my guess it to use this method:
https://developers.facebook.com/docs/sdk-reference/iossdk/3.0/class/FBGraphObject/#//api/name/graphObject
To somehow create an object. It's the graphObject method that I probably need to do something with. Any help at all would be appreciated.
I've actually manage to create a simple and quite dirty solution of this.
The solution does not seem optimal but it's currently a working solution.
If anybody has used the explorer tool on facebook on this url:
https://developers.facebook.com/tools/explorer/
You know how the URL will look like when facebook is sharing a like. It has to have the URL and an access-token.
So my solution became just to disregard sending anything from the Facebook SDK and just send a post request to the same URL that I've used in the explorer tool.
There seems to be some referencing to it on the facebooks docs if you look closely and deep, but no one explains exactly how to actually make the connection, so this is my solution:
NSString *urlToLikeFor = facebookLike.titleLabel.text;
NSString *theWholeUrl = [NSString stringWithFormat:#"https://graph.facebook.com/me/og.likes?object=%#&access_token=%#", urlToLikeFor, FBSession.activeSession.accessToken];
NSLog(#"TheWholeUrl: %#", theWholeUrl);
NSURL *facebookUrl = [NSURL URLWithString:theWholeUrl];
NSMutableURLRequest *req = [NSMutableURLRequest requestWithURL:facebookUrl];
[req setHTTPMethod:#"POST"];
NSURLResponse *response;
NSError *err;
NSData *responseData = [NSURLConnection sendSynchronousRequest:req returningResponse:&response error:&err];
NSString *content = [NSString stringWithUTF8String:[responseData bytes]];
NSLog(#"responseData: %#", content);
If you look at the code I just take the url and puts two dynamic strings in the url, one with the object-url and one with the access token. I create a URLRequest and make it a POST request, and the response from facebook gets logged so one actually can see if the like go through or not.
There might be some performance improvements that can be done with the actual requests but I will leave it up to you if you see any slowdowns.
I'm still interested in other solutions but this is the one I will use for now.
We don't currently support Like through our Graph API.
What you can look through is something like this :
https://developers.facebook.com/docs/opengraph/actions/builtin/likes/
I’m not sure what initWithContentsOfURL does, but from the name I guess it tries to actually load content from a given URL(?).
You only have to give the URL as a text parameter – a URL is what represents an Open Graph object. Facebook will do the rest, scraping the page behind that URL and reading it’s OG meta tags, etc.
Maybe just this?
FBRequest *requestLike = [[FBRequest alloc]initForPostWithSession:[FBSession activeSession]
graphPath:#"me/og.likes"
graphObject:[NSURL URLWithString:facebookLike.titleLabel.text]];

Response for Registering on Wordpress Site through iPhone

I am writing an app that displays content from a Wordpress Site, and also allows reading of comments as well as posting comments. I am handling logging in to leave a comment and posting a comment via XML-RPC. All that is working quite well. However, this particular site does not allow anonymous commenting. So, I need to allow Registering for an account through the app.
Currently, I take the desired "username" and "email" and submit via POST as follows:
ASIFormDataRequest *request = [[ASIFormDataRequest alloc] initWithURL:[NSURL URLWithString:#"http://www.lamebook.com/wp-signup.php"]];
[request setPostValue:#"example" forKey:#"user_name"];
[request setPostValue:#"example#test.com" forKey:#"user_test"];
[request setDelegate:self];
[request setDidFinishSelector:#selector(registerFinished:)];
[request setDidFailSelector:#selector(registerFailed:)];
[request startAsynchronous];
This works in that it will create the account. However, my issue is that in my registerFinished method:
- (void)registerFinished:(ASIFormDataRequest *)request {
NSString *response = [[NSString alloc] initWithData:[request responseData] encoding:NSASCIIStringEncoding];
NSLog(#"response %#", response);
}
The response is simply the HTML of the registration page. The HTML contains no information about the success or failure of the registration.
When using the webform the returned HTML has entries if any error occurred, for example:
<p class="error">Username must be at least 4 characters</p>
However, I do not seem to get these elements in the HTML I receive on the phone. Is there a proper way to do registration on the phone?
If you have access to the site, which I guess you do, you should be able to write a small plugin that let's you perform the registration by posting data to an URL specified by your plugin. This would be fairly simple, just hook up a function to the init action and check for the $_POST variable for any input.
Then simply use username_exists to check for existing users and wp_create_user to perform the registration. These functions will give return values that you in turn can send as a JSON reponse (or whatever is appropriate) back to you application.
In fact, my experience with XML-RPC is that it's somewhat limited, and not really up to date with the rest of WordPress, so I often make these little mini API's to handle situations like this. All that might have changed in the latest releases, however.

Difficulties signing in to Twitter from iPhone

I'm using MGTwitterEngine to add Twitter functionality to my app. It's very easy to simply prompt the user for a username and password and then start posting. Strangely, however, I've noticed other apps (eg Foursquare and Brightkite) require you to visit their website to associate your Twitter account with your foursquare/brightkite/whatever account.
Why do they do it this way?
Is there a reason why my app shouldn't prompt the user for a Twitter username and password, even though it would be so easy?
Thanks a bunch!
Tristan
This is because you're using Basic Auth, which is just a username/password. Most new Twitter apps use the more robust OAuth, which requires you to visit Twitter.com to allow access, but does not require a username/password. The Twitter API docs claim that support for Basic Auth will be dropped soon, so you should be using OAuth as well.
Twitter supports OAuth, which allows you to access their account without asking for their password directly.
The main concern is security. What happens if/when your database gets hacked? The attackers will have access to all of your user's twitter passwords.
On hte other hand, those sites don't store their users passwords; if they get hacked, twitter can easily disable the oauth credentials, locking out any attackers before they can do harm.
Use OAuth; it's a lot safer.
Just replace YOUR_TWITTER_USERNAME and YOUR_TWITTER_PASSWORD. The code below has to be included in your viewController.m
NSMutableURLRequest *theRequest=[NSMutableURLRequest requestWithURL: [NSURL
URLWithString: #”http: //YOUR_TWITTER_USERNAME: YOUR_TWITTER_PASSWORD#twitter. com/
statuses/update. xml”]
cachePolicy:NSURLRequestUseProtocolCachePolicy
timeoutInterval: 60. 0] ;
[theRequest setHTTPMethod: #”POST”] ;
[theRequest setHTTPBody: [[NSString stringWithFormat: #”status=%#”,
themessage] dataUsingEncoding: NSASCIIStringEncoding] ] ;
NSURLResponse* response;
NSError* error;
NSData* result = [NSURLConnection sendSynchronousRequest:theRequest
returningResponse: &response error: &error] ;
NSLog( #”%#”, [[[ NSString alloc] initWithData: result
encoding: NSASCIIStringEncoding] autorelease] ) ;

Has anyone implemented the PayPal API through a native iPhone app?

It seems the only way to stay "in app" is to give them a UIWebView of the paypal mobile site and let them complete the transaction there, otherwise the user would need to use their API key.
Does this sound right and has anyone got or seen any sample code? I have to think this is a common piece of code.
UPDATE:
Will Apple allow this?
It is a charity app, so I am assuming there is no issue.
Re-UPDATE:
I assumed wrong.
Apple will not allow payments directly within apps using paypal. You have to re-direct to a web interface.
Re-Update:
As answered below this code may still be useful for the purchase of physical goods
Update:
Although this code works, App Store terms won't allow you to use this code within an app.
Original Answer:
I figured this out after some heavy API research. Below is a method that creates an HTTP POST to send to Paypal and makes an NSURLRequest. You can fill in the appropriate string format variables. I used HTTP Client to check what I was doing.
- (void)sendPayPalRequestPOST{
perfomingSetMobileCheckout=YES;
recordResults = FALSE;
NSString *parameterString = [NSString stringWithFormat:#"USER=%#&PWD=%#&SIGNATURE=%#&VERSION=57.0&METHOD=SetMobileCheckout&AMT=%.2f&CURRENCYCODE=USD&DESC=%#&RETURNURL=%#", userName, password, signature, self.donationAmount, #"Some Charge", returnCallURL];
NSLog(parameterString);
NSURL *url = [NSURL URLWithString:paypalUrlNVP];
NSMutableURLRequest *theRequest = [NSMutableURLRequest requestWithURL:url];
NSString *msgLength = [NSString stringWithFormat:#"%d", [parameterString length]];
[theRequest addValue: msgLength forHTTPHeaderField:#"Content-Length"];
[theRequest setHTTPMethod:#"POST"];
[theRequest setHTTPBody: [parameterString dataUsingEncoding:NSUTF8StringEncoding]];
NSURLConnection *theConnection = [[NSURLConnection alloc] initWithRequest:theRequest delegate:self];
if( theConnection ){
webData = [[NSMutableData data] retain];
[self displayConnectingView];
}else{
NSLog(#"theConnection is NULL");
}
}
After this you need to parse the response, grab the session key and create a UIWebView to take them to the mobile paypal site. Paypal lets you specify a "return URL" which you can make anything you want. Just keep checking the UIWebview in the delegate method for this address and then you know the transaction is complete.
Then you send one more HTTP Post (similar to the one above) to Paypal to finalize the transaction. You can find the API information in the Paypal Mobile Checkout API docs.
Apple will allow custom checkouts for physical purchases. I talked with them at the iPhone Tech Talks in London and they said that they will not support physical purchases with In App Purchase as they would have to deal with refunds, etc. They also referred to existing apps that have custom checkouts.
When you say "I assumed wrong" about Apple allowing charitable donations within an app, can you provide any more information? I'm working on an app and there's a requirement to allow charitable donations...I haven't been able to find anything from Apple strictly forbidding it, but I haven't been able to find an app that allows charitable donations in the store, either.
(I struggled with whether to post this here and not as a new top-level question, but you're the first person I've come across with direct knowledge about the charitable giving within an iPhone app question).
Is it not possible using Paypal's Mobile Payment Library?
https://www.x.com/community/ppx/xspaces/mobile/mep?view=overview
Depending on the complexity of your needs, PayPal's iOS SDK (released March 2013) might be the ticket.

Unable to POST data from IPhone using google account authentication

I'm working on an IPhone application that works with a Google App Engine application. I manage to get logged by using a google account and I get the authentication token. I'm also able to GET data from the GAE service (I did it after reading another question written here) but now I need to POST data so I need to send the authentication token in the header of the POST request. I tried several options but none of them worked.
Here is the code I use to put that auth into the header:
NSString* urlStr = [NSString stringWithFormat:#"%#%#", HOST, url];
NSMutableURLRequest* urlPost = [NSMutableURLRequest requestWithURL:[NSURL URLWithString:urlStr]];
NSString* authStr = [NSString stringWithFormat:#"GoogleLogin auth=%#", token];
[urlPost addValue:authStr forHTTPHeaderField:#"Authorization"];
but it doesn't work.
Any help?
You need to use [request setHTTPMethod: #"POST"] and [request setHTTPBody: postdata] to properly configure the POST components. See the NSMutableURLRequest docs for more details.
Whenever I'm troubleshooting a problem related to HTTP, the first tool I'll grab is Charles HTTP Proxy. It will show you the entire request and response for closer examination.
If you're authenticating against an App Engine app, you need to obtain and send an authentication cookie, rather than using the GoogleLogin authentication. The source of appengine_rpc.py in the Python SDK demonstrates how.