Authenticate request - Githubissues

Streamlyne / Cocoa-SDK

Streamlyne API for Cocoa Developers

https://github.com/Streamlyne/Cocoa-SDK

2 stars 1 forks source link

Authenticate request #11

Closed Glavin001 closed 10 years ago

Glavin001 commented 10 years ago

See https://github.com/Streamlyne/web-app/blob/develop/app/scripts/adapters/streamlyne_adapter.js#L80-L86

And http://stackoverflow.com/a/3469033/2578205

Glavin001 commented 10 years ago

Get time: http://stackoverflow.com/a/6150506/2578205

Glavin001 commented 10 years ago

HMAC: http://stackoverflow.com/a/12157913/2578205 or http://stackoverflow.com/a/16458798/2578205

Glavin001 commented 10 years ago

Use https://github.com/soffes/sskeychain for accessing Keychain and saving and retrieving accounts.

Glavin001 commented 10 years ago

Don't fret too much about securing sensitive data in-memory: http://stackoverflow.com/a/1635286/2578205 Not much you can do, besides obfuscate it, and even that doesn't help from someone who knows what they are doing.

Glavin001 commented 10 years ago

relativePath to extract the URL path from the full URL (as does https://github.com/Streamlyne/web-app/blob/develop/app/scripts/adapters/streamlyne_adapter.js#L50 ) See https://developer.apple.com/library/Mac/documentation/Cocoa/Reference/Foundation/Classes/NSURL_Class/Reference/Reference.html#jumpTo_45

Glavin001 commented 10 years ago

Implement and Unit Tests

[x] HMAC

var message = "ILove2Test!tTest!t";
var secret = "Streamlyne";        
var shaObj = new jsSHA(message, 'TEXT');
var hmac = shaObj.getHMAC(secret, 'TEXT', 'SHA-1', 'HEX');
// hmac => "1c2c34e017a17a6ae42c0dbdf6a3586f6735de3b"

[x] Password (secret) saving

Glavin001 commented 10 years ago

[x] Build message (from the headers and body and stuff). See https://github.com/Streamlyne/web-app/blob/develop/app/scripts/adapters/streamlyne_adapter.js#L48-L54

Glavin001 commented 10 years ago

Encountered this, Request failed: unacceptable content-type: text/html using AFNetworking 2.0: http://stackoverflow.com/questions/19114623/request-failed-unacceptable-content-type-text-html-using-afnetworking-2-0 It is actually a bug with the server for the MeHandler, it is using the old self.write and self.finish methods instead of self.respond. I will submit a fix (/cc @dreid93).

Glavin001 commented 10 years ago

Also received this error: http://stackoverflow.com/questions/14171111/cocoa-error-3840-using-json-ios

The fix I am pushing to the server will also resolve this. The trick was to use

        self.respond(json.loads(ret_data))

Instead of

        self.respond(ret_data)

I looked over the source code of other methods calling self.respond and they all used dictionaries (JSON in-memory) instead of strings (already stringified JSON).