发表新帖
发表新帖

django-allauth logging in with Facebook token from iOS Device

前端 未结
关注
2 790
轻奢々
轻奢々 2021-02-02 01:43

I am using the Facebook iOS SDK to POST the Facebook Access Token to my Django server URI. The corresponding views.py function is shown below and I get a 200 Response code when

相关标签:
2条回答
  • 迷失自我
    2021-02-02 02:02

    I have run into a very similar problem as yours, in implementing Facebook login from an iOS app to a server running django-allauth. I noticed in the successful POST response in iOS that the sessionid cookie was not being automatically saved as it normally is. I believe that's the reason your subsequent calls are being denied and redirected to your main page.

    Adding the following line seemed to solve it for me, but I admit that I do not have a complete understanding of why it works. Something to do with refreshing the session key, perhaps. Anyway, since there were no other answers, thought this might be helpful for you to try:

    user = User.objects.get(email=email) # Get User
# Login the user from Django's perspective
user.backend = 'django.contrib.auth.backends.ModelBackend'
auth_login(request,user)
request.session.cycle_key() #Refresh session key

    Then, on the iOS app side, I check whether there exists a session cookie:

    NSArray *cookies = [[NSHTTPCookieStorage sharedHTTPCookieStorage] cookiesForURL:[NSURL URLWithString:WEB_APP_BASE_URL]];
for (NSHTTPCookie *cookie in cookies)
{
    if ([cookie.name isEqualToString:@"sessionid"]) {
        NSLog(@"found session cookie: %@",cookie.value);
    }
}
    0 讨论(0)
  • 再見小時候
    2021-02-02 02:05

    Thanks for all the help and input -- I finally solved it. I don't know the exact root cause of why logging in with Facebook munged the cookies and standard login worked fine. I did notice that the domain of the cookies returned from the Facebook login were formatted with a leading "." like this:

    [ .domain.com ]

    Whereas the standard login that worked had cookie domains like this:

    [ www.domain.com ]

    I parsed the cookies from the HTTP response after successfully logging in with Facebook and stored them in the singleton:

                    // Extract cookie information
                NSRange range = [cookieString rangeOfString:@"csrftoken="];
                if (range.location!=NSNotFound){
                    cookieString = [cookieString substringFromIndex:NSMaxRange(range)];
                    range = [cookieString rangeOfString:@";"];
                    if (range.location!=NSNotFound){
                        self.appDelegate.djangoCsrftoken = [cookieString substringToIndex:range.location];
                    }
                }
                range = [cookieString rangeOfString:@"sessionid="];
                if (range.location!=NSNotFound){
                    cookieString = [cookieString substringFromIndex:NSMaxRange(range)];
                    range = [cookieString rangeOfString:@";"];
                    if (range.location!=NSNotFound){
                        self.appDelegate.djangoSessionId = [cookieString substringToIndex:range.location];
                    }
                }

                if (LOGIN_DEBUG) { // Debug the response
                    NSLog(@"Extracted csrftoken is: %@",self.appDelegate.djangoCsrftoken);
                    NSLog(@"Extracted sessionid is: %@",self.appDelegate.djangoSessionId);
                }

    I then, created those cookies explicitly for the following request:

        // Clear all cookies when app launches
    NSHTTPCookieStorage *cookieStorage = [NSHTTPCookieStorage sharedHTTPCookieStorage];
    for (NSHTTPCookie *each in cookieStorage.cookies) {
        //if ( [each.domain isEqualToString:DOMAIN] ) {
        NSLog(@"Deleting cookie: %@ -- %@",each.name,each.domain);
        [cookieStorage deleteCookie:each];
        //}
    }

    //////////////// CSRF TOKEN /////////////////////

    // Create cookies based on parsed values
    NSMutableDictionary *cookieCsrfProperties = [NSMutableDictionary dictionary];
    [cookieCsrfProperties setObject:@"csrftoken" forKey:NSHTTPCookieName];
    [cookieCsrfProperties setObject:self.appDelegate.djangoCsrftoken forKey:NSHTTPCookieValue];
    [cookieCsrfProperties setObject:DOMAIN forKey:NSHTTPCookieDomain];
    [cookieCsrfProperties setObject:DOMAIN forKey:NSHTTPCookieOriginURL];
    [cookieCsrfProperties setObject:@"/" forKey:NSHTTPCookiePath];
    [cookieCsrfProperties setObject:@"0" forKey:NSHTTPCookieVersion];

    // Set expiration to one month from now or any NSDate of your choosing
    // this makes the cookie sessionless and it will persist across web sessions and app launches
    /// if you want the cookie to be destroyed when your app exits, don't set this
    [cookieCsrfProperties setObject:[[NSDate date] dateByAddingTimeInterval:2629743] forKey:NSHTTPCookieExpires];

    NSHTTPCookie *csrfCookie = [NSHTTPCookie cookieWithProperties:cookieCsrfProperties];
    [[NSHTTPCookieStorage sharedHTTPCookieStorage] setCookie:csrfCookie];

    //////////////// SessionId TOKEN /////////////////////

    // Create cookies based on parsed values
    NSMutableDictionary *cookieSessionIdProperties = [NSMutableDictionary dictionary];
    [cookieSessionIdProperties setObject:@"sessionid" forKey:NSHTTPCookieName];
    [cookieSessionIdProperties setObject:self.appDelegate.djangoSessionId forKey:NSHTTPCookieValue];
    [cookieSessionIdProperties setObject:DOMAIN forKey:NSHTTPCookieDomain];
    [cookieSessionIdProperties setObject:DOMAIN forKey:NSHTTPCookieOriginURL];
    [cookieSessionIdProperties setObject:@"/" forKey:NSHTTPCookiePath];
    [cookieSessionIdProperties setObject:@"0" forKey:NSHTTPCookieVersion];

    // Set expiration to one month from now or any NSDate of your choosing
    // this makes the cookie sessionless and it will persist across web sessions and app launches
    /// if you want the cookie to be destroyed when your app exits, don't set this
    [cookieCsrfProperties setObject:[[NSDate date] dateByAddingTimeInterval:2629743] forKey:NSHTTPCookieExpires];

    NSHTTPCookie *sessionIdCookie = [NSHTTPCookie cookieWithProperties:cookieSessionIdProperties];
    [[NSHTTPCookieStorage sharedHTTPCookieStorage] setCookie:sessionIdCookie];

    ///////////////////////////////////////////////////

    // Create request
    NSURL *url = [NSURL URLWithString:requestUrl];
    NSMutableURLRequest *urlRequest = [NSMutableURLRequest requestWithURL:url];
    urlRequest.HTTPShouldHandleCookies = YES;

    NSHTTPCookie *setCookie;
    for (setCookie in [NSHTTPCookieStorage sharedHTTPCookieStorage].cookies) {
        if ( ([setCookie.name isEqualToString:@"csrftoken" ] || [setCookie.name isEqualToString:@"sessionid"]) ) {
            NSLog(@"Adding Cookie: %@ = %@  [ %@ ]", setCookie.name, setCookie.value, setCookie.domain);
            [urlRequest addValue:setCookie.value forHTTPHeaderField:setCookie.name];
        }
    }
    NSURLResponse *response = nil;
    NSError * error = nil;
    NSData *responseData = [NSURLConnection sendSynchronousRequest:urlRequest returningResponse:&response error:&error];

    After doing that, I could successfully login with Facebook using Django-allauth.

    0 讨论(0)
 看不清?
提交回复
热议问题