Titanium

[TIMOB-1412] iPhone: username/pass on URL (https only?) will break

GitHub Issuen/a
TypeBug
PriorityLow
StatusClosed
ResolutionFixed
Resolution Date2011-04-17T01:56:06.000+0000
Affected Version/sn/a
Fix Version/sRelease 1.5.0
ComponentsiOS
Labelshttps, ios, iphone
ReporterJeff Haynie
AssigneeStephen Tramer
Created2011-04-15T02:51:39.000+0000
Updated2011-04-17T01:56:06.000+0000

Description

From blog post...

There is a thread on the QA on HTTPS being broken. This broke in a fairly recent build as we were using the nightly from a week or two ago with no issue. URL formats like this: https://username:password@api.lafitness.com">https://username:password@api.lafitness.com will fail 100% of the
time. Take out https and just go with http and it works fine. Our cert is not self signed.

I think this might be related to the UTF-8 URI change (although, that should effect both http right?).

Attachments

FileDateSize
resources.zip2011-04-15T02:51:39.000+0000146064

Comments

  1. zeroendless 2011-04-15

    I have twitter Xauth with similar posting issues. it've been working great on 1.3.2 and early 1.3.3 built version with iOS 4/iOS 4.01, but refused to work on 1.4. I can reserve it back to early version and it would work again.

    I attached files for testing if that helps speed up the progress. With 1.4, i always get authentication error "Error Domain=ASIHTTPRequestErrorDomain Code=3 "Authentication needed" UserInfo=0x7a1cbd0 {NSLocalizedDescription=Authentication needed" despite all parameters checked and submit as requested, including a valid pair of twitter username and password. It seems like there's problem with parameters encoding issue on 1.4 too?

    Thanks

  2. Jeff Haynie 2011-04-15

    (from [60364b73b1c5d17d7e8f42ecaf80b58efb5e5d4f]) [#1412 state:resolved] CFURLCreateStringBy... automatically doesn't substitute escapes for valid URL characters. http://github.com/appcelerator/titanium_mobile/commit/60364b73b1c5d17d7e8f42ecaf80b58efb5e5d4f"> http://github.com/appcelerator/titanium_mobile/commit/60364b73b1c5d...

  3. zeroendless 2011-04-15

    Hi Jeff,
    Thanks for the quick attention.

    I tried the patch, copy the util file to 1.4 but still having the same issue on Twitter Xauth posting.

    Thanks

  4. Stephen Tramer 2011-04-15

    The problem appears to be this:

    ['oauth_signature_method', 'HMAC-SHA1'],

    I took a look at the generated URL, and this is the only portion of it which was escaped:

    oauth_signature=imhFTmernI9uy7a2keXj%2FEWoC%2BE%3D

    HMAC-SHA1 may be placing unicode characters which would normally need to be escaped into your authorization string. I would recommend using a different signature method, since there is no workaround for this on our end.

  5. Jeff Haynie 2011-04-15

    i think the problem is that we're escaping twice. the path should be escaped on our end but not the entire query string. this is a platform problem i believe since this worked before this change.

  6. Jeff Haynie 2011-04-15

    (from [3bca7969873c164f4596a1249a2f1f5e0143e172]) [#1412 state:resolved] Original list of characters to not escape was right... just not the right argument. http://github.com/appcelerator/titanium_mobile/commit/3bca7969873c164f4596a1249a2f1f5e0143e172"> http://github.com/appcelerator/titanium_mobile/commit/3bca7969873c1...

  7. Luke Melia 2011-04-15

    I had this problem and can confirm that 3bca7969873c164f4596a1249a2f1f5e0143e172 fixed it for me. Thanks.

  8. zeroendless 2011-04-15

    Brilliant, Thanks.

JSON Source