Reputation: 7068
RestKit deals with username and password strangely
I am using RestKit pretty basically with RKClient and doing a get request. My system uses username/password/account to authenticate the user. It is just httpbasic for username/password and the account is just a subdomain.
The issue I have is that if I do the following:
- Sign in with the correct information (then it downloads all the data for the app)
- Reset the data (this deletes all my core data objects and I also set the username and password of the shared RKClient to blank)
- Put in the wrong username / password, but the correct account, then it will download data as if it was all correct.
I put puts before and after setting the username and password and I can see it is being changed to incorrect data. And I've set caching to be RKRequestCachePolicyNone (both on the shared client and on the RKRequest instance).
The returned request says it wasn't pulled from cache. And when I try to duplicate the issue in terminal using curl I get the correct response (that I can't get the data with the wrong username password).
So why/how would RestKit get the proper response back? It is hitting the server and getting a 200 response back.
Example Code:
- (void)startDownload {
NSUserDefaults *defaults = [NSUserDefaults standardUserDefaults];
NSLog(@"username and password before (%@,%@)",[RKClient sharedClient].username,[RKClient sharedClient].password);
[RKClient sharedClient].username = self.login;
[RKClient sharedClient].password = self.password;
NSLog(@"username and password after (%@,%@)",[RKClient sharedClient].username,[RKClient sharedClient].password);
NSString *base = [NSString stringWithFormat:@"http://%@.%@api",self.accountName,[defaults stringForKey:@"myURL"]];
[[RKClient sharedClient] setBaseURL:base];
[[RKClient sharedClient] setAuthenticationType:RKRequestAuthenticationTypeHTTPBasic];
[[RKClient sharedClient] setCachePolicy:RKRequestCachePolicyNone];
RKRequest *request = [[RKClient sharedClient] get:@"/verify.json" delegate:self];
[request setCachePolicy:RKRequestCachePolicyNone];
}
Update
I also noticed that if I put in the wrong password when first logging in and it comes back as a failure. If I then correct the password, it will always fail there after.
Upvotes: 3
Views: 575
Answers (1)
Reputation: 818
Apparently Restkit stores some kind of cookie for authentication. In my case I could log out and log back in with the wrong password as long as the username stayed the same.
In my case I could solve the problem with:
NSHTTPCookieStorage *cookieStorage = [NSHTTPCookieStorage sharedHTTPCookieStorage];
for (NSHTTPCookie *cookie in cookieStorage.cookies)
{
[cookieStorage deleteCookie:cookie];
}
Which got rid of all stored cookies. I hope this will resolve your issue as well.
Upvotes: 1
Related Questions
- "Authentication Required" with NSURLSession. User/Key correct
- NSURLRequest with HTTP Authentication
- Basic Authentication using Restkit
- RestKit - Handling authentication
- RestKit OAuth 2 Password Authentication Flow
- Restkit Basic Auth with http code 405
- iOS RestKit Authentication
- How to Get Response from Simple RestKit call with only username and password?
- How do I use basic auth with RestKit's getObject?
- Objective-C NSURLConnection with RESTful web service, error handling