csrf token validation failed for drupal services from iphone request

0
votes

1.Is it necessary https://www.mysite.com/my_services/user/token get that token and i set for login call but its get error 'csrf token issue'

  1. before https://www.mysite.com/my_services/user/login with post paramater username and password

i am question whether i have to call user/token every time ..for getting token and set the x-csrf-token value in header for post requests.

  • (void)viewDidLoad { [super viewDidLoad];

    NSString *notificationName = @"MTPostNotificationTut"; [[NSNotificationCenter defaultCenter] addObserver:self selector:@selector(useNotificationWithString:) name:notificationName object:nil]; }

  • (void)didReceiveMemoryWarning { [super didReceiveMemoryWarning];

}

-(void)viewWillAppear:(BOOL)animated {

 NSString *urlString = @"https://www.mysite.com/my_services/user/token.json";


 NSString *urlS = [urlString stringByAddingPercentEscapesUsingEncoding:NSUTF8StringEncoding];


NSMutableURLRequest *request = [NSMutableURLRequest requestWithURL:[NSURL URLWithString:urlS]cachePolicy:NSURLCacheStorageAllowed timeoutInterval:10.0];
[request setHTTPMethod:@"POST"];

[request setValue:@"application/json" forHTTPHeaderField:@"Content-Type"];


NSURLResponse *response;
NSError *err;


NSData *responseData = [NSURLConnection sendSynchronousRequest:request returningResponse:&response error:&err];

NSString *string = [[NSString alloc] initWithData:responseData encoding:NSUTF8StringEncoding];
NSLog(@"stringFromData = %@",string);

id jsonResponseData = [NSJSONSerialization JSONObjectWithData:responseData options:kNilOptions error:nil];

NSLog(@"jsonResponseData = %@",jsonResponseData);

NSDictionary *jsonResponseDict;
if ([jsonResponseData isKindOfClass:[NSDictionary class]]) {
    jsonResponseDict = jsonResponseData;
} else {
    // Error-handling code
}
jsonResponseData = [jsonResponseDict objectForKey:@"d"];
if (jsonResponseData == nil) {

    id jsonExceptioTypeData = [jsonResponseDict objectForKey:@"ExceptionType"];
    if (jsonExceptioTypeData != nil) {
        NSLog(@"%s ERROR : Server returned an exception", __func__);
        NSLog(@"%s ERROR : Server error details = %@", __func__, jsonResponseDict);
    }
}

token = [jsonResponseDict objectForKey:@"token"];
NSLog(@"token = %@",token);


if (token !=NULL) {

    NSString *notificationName = @"MTPostNotificationTut";
    NSString *key = @"token";
    NSDictionary *dictionary = [NSDictionary dictionaryWithObject:token forKey:key];
    [[NSNotificationCenter defaultCenter] postNotificationName:notificationName object:nil userInfo:dictionary];
}

}

-(void)checkWithServer:(NSString *)urlname jsonString:(NSString *)jsonString {

NSMutableURLRequest *request = [NSMutableURLRequest requestWithURL:[NSURL URLWithString:urlname]cachePolicy:NSURLCacheStorageAllowed timeoutInterval:10.0];
[request setHTTPMethod:@"POST"];
[request setValue:@"application/json" forHTTPHeaderField:@"Content-Type"];
[request setHTTPBody:[jsonString dataUsingEncoding:NSUTF8StringEncoding]];


NSURLResponse *response;
NSError *err;


NSData *responseData = [NSURLConnection sendSynchronousRequest:request returningResponse:&response error:&err];

NSString *string = [[NSString alloc] initWithData:responseData encoding:NSUTF8StringEncoding];
NSLog(@"stringFromData = %@",string);

id jsonResponseData = [NSJSONSerialization JSONObjectWithData:responseData options:kNilOptions error:nil];



NSDictionary *jsonResponseDict;
if ([jsonResponseData isKindOfClass:[NSDictionary class]]) {
    jsonResponseDict = jsonResponseData;
} else {

}
jsonResponseData = [jsonResponseDict objectForKey:@"d"];
if (jsonResponseData == nil) {

    id jsonExceptioTypeData = [jsonResponseDict objectForKey:@"ExceptionType"];
    if (jsonExceptioTypeData != nil) {
        NSLog(@"%s ERROR : Server returned an exception", __func__);
        NSLog(@"%s ERROR : Server error details = %@", __func__, jsonResponseDict);
    }
}
NSLog(@"jsonResponseData = %@",jsonResponseDict);
token = [jsonResponseDict objectForKey:@"token"];
NSLog(@"token = %@",token);

}

-(void)useNotificationWithString:(NSNotification*)notification {

NSString *urlString = @"https://www.mysite.com/my_services/user/login.json";

NSString *urlS = [urlString stringByAddingPercentEscapesUsingEncoding:NSUTF8StringEncoding];

NSDictionary *inputData = [[NSDictionary alloc] initWithObjectsAndKeys:
                           @"ranjeet.gholave", @"username",
                           @"ran123", @"password",
                           nil];

NSError *error = nil;
NSData *jsonInputData = [NSJSONSerialization dataWithJSONObject:inputData options:NSJSONWritingPrettyPrinted error:&error];
NSString *jsonInputString = [[NSString alloc] initWithData:jsonInputData encoding:NSUTF8StringEncoding];
[self getTokenFromServer:urlS jsonString:jsonInputString];

}

-(void)getTokenFromServer:(NSString *)urlname jsonString:(NSString *)jsonString {

NSMutableURLRequest *request = [NSMutableURLRequest requestWithURL:[NSURL URLWithString:urlname]cachePolicy:NSURLCacheStorageAllowed timeoutInterval:30.0];
[request setHTTPMethod:@"POST"];
//    [request setValue:@"application/json" forHTTPHeaderField:@"Accept"];
[request setValue:@"application/json" forHTTPHeaderField:@"Content-Type"];
[request addValue:token forHTTPHeaderField:@"X-CSRFToken"];

[request setHTTPBody:[jsonString dataUsingEncoding:NSUTF8StringEncoding]];



NSURLResponse *response;
NSError *err;


NSData *responseData = [NSURLConnection sendSynchronousRequest:request returningResponse:&response error:&err];
NSLog(@"responseDataIn Second Method = %@",responseData);


id jsonResponseData = [NSJSONSerialization JSONObjectWithData:responseData options:kNilOptions error:nil];

NSLog(@"jsonResponseData = %@",jsonResponseData);


NSDictionary *jsonResponseDict;
if ([jsonResponseData isKindOfClass:[NSDictionary class]]) {
    jsonResponseDict = jsonResponseData;
} else {
    // Error-handling code
}
jsonResponseData = [jsonResponseDict objectForKey:@"d"];
if (jsonResponseData == nil) {

    id jsonExceptioTypeData = [jsonResponseDict objectForKey:@"ExceptionType"];
    if (jsonExceptioTypeData != nil) {
        NSLog(@"%s ERROR : Server returned an exception", __func__);
        NSLog(@"%s ERROR : Server error details = %@", __func__, jsonResponseDict);
    }
}

} if i cookie allowed then csrf token validation issue comes and when i cookie not allowed then csrf token issue not comes ....how to resolved issue..thanks Regards, Ranjeet Gholave

1
iphoneservicedrupal-7csrf

1 Answers

1
votes

I know this is a bit of an old thread. But you should check out https://github.com/kylebrowning/drupal-ios-sdk as well as AFNetworking. You're really working way harder than you have to.

But to answer your question, once you log in, the CSRF token will be returned in the user object and will be valid for then entire user session. So you can cache it and use it until the user logs out or their session expires.

With Drupal IOS SDK it is as simple as:

[DIOSUser userMakeSureUserIsLoggedInWithUsername:username
                    andPassword:password
                        success:^(AFHTTPRequestOperation *op, id response) {
                            DLog(@"user: %@", response);
                            [DIOSSession sharedSession].user = response;

                            //NOTE: fix for services 3.4+ CSRF Token Validation
                            [[DIOSSession sharedSession] setDefaultHeader:@"X-CSRF-Token" value:response[@"token"]];

                            [self saveLoginInfoForUserWithUsername:username andPassword:password];
                            [self processUserInfoWithUser:response];
                            success(response);
                        }
                        failure:^(AFHTTPRequestOperation *op, NSError *err) {
                            failure(err);
                        }
 ];