Titanium JIRA Archive
Appcelerator Community (AC)

[AC-1358] iOS: TiUIWebview - Base64-encoded credentials contain linebreaks

GitHub Issuen/a
TypeBug
Priorityn/a
StatusResolved
ResolutionCannot Reproduce
Resolution Date2015-09-30T02:25:44.000+0000
Affected Version/sn/a
Fix Version/sn/a
ComponentsTitanium SDK & CLI
Labelsn/a
ReporterDaniel Pfeiffer
AssigneeShak Hossain
Created2015-04-30T18:09:42.000+0000
Updated2016-03-08T07:37:46.000+0000

Description

Problem The WebView component called [setBasicAuthentication](http://docs.appcelerator.com/titanium/3.0/#!/api/Titanium.UI.WebView-method-setBasicAuthentication). This attempts to set the Authorization header on any requests initialized by setting the url property. Depending on the length of the username and password, the resulting base64-encoded value may have line breaks. Line breaks are not allowed in HTTP headers so everything following is truncated, of course causing authentication to fail. The line breaks need to be removed before setting to the Authorization header. I assume this is also an issue on the HTTP Client on iOS, but I haven't checked. Test case 1. Use setBasicAuthentication to set a username and password for a WebView request; set the username and password to something longer than 30 characters each. 2. Set a breakpoint at about line 184 in TiUIWebView.m and inspect the value of basicCredentials before it is set to the Authorization header. 3. The value should have no line breaks to ensure the entire value is received by the server. But, if the username/password combination was long enough, it will have line breaks.

Comments

  1. Rakhi Mitro 2015-09-07

    Hello, Tested your issue. We could not reproduce it. *Test Environments:* CLI Version :4.0.1 Titanium SDK Version:4.1.0.GA Android: Google Galaxy Nexus:4.1.1 - API 16 - 720x1280 Appc Studio: Appcelerator Studio, build: 4.1.1.201507141126 Alloy: 1.7.6 Android Device: Nexus 7 iOS SDK: 8.1 *Steps to Reproduce:* * Create a classic project. * Paste sample code. * Run the project *Test code:* app.js 
       
   
   //
   
   // create base UI tab and root window
   
   //
   
   var win1 = Titanium.UI.createWindow({  
   
       title:'Tab 1',
   
       backgroundColor:'#fff'
   
   });
   
   
   
   
   
   username='sccscssgdasadsvsdvasdcartrt';
   
   password='ertededqwtedtqdwetdqewdqtwedqtdetqdwetqdwed';
   
   authstr = Titanium.Utils.base64encode(username.value + ':' + password.value);
   
   Ti.API.info('encode is'+authstr);
   
   var webView = Ti.UI.createWebView();
   
   webView.setBasicAuthentication(username,password);
   
   webView.url = 'http://juktashor.com/';
   
   
   
   win1.open();
    *Test Result:* No lines break found using using base64-encode. *Simulator Console logs:* 
       
   Application started
   [INFO] :   TC4766Classic/1.0 (4.1.0.d57aa7d)
   [INFO] :   encode isdW5kZWZpbmVkOnVuZGVmaW5lZA==

JSON Source