向 API 发送与 NSUserDefaults 中存储的值不同的值
我在 App Store 中有一个应用程序,它使用地理围栏将更新发布到我们的本地 API。迄今为止,这已经取得了巨大的成功。几个月前,我安装了 Flurry,以深入了解客户的使用情况以及任何未处理的异常情况。我开始返回的是一些与我们用来验证用户 ID 的已保存令牌相关的错误。
该令牌是用户名和密码的 MD5 salt 哈希值。这里没有问题,我们将它用于应用程序中的所有内容。我将其存储在 NSUserDefaults 中,并在每次 API 调用之前检索它。当我们开始缩小对罪魁祸首的搜索范围时,它表明我们正在发送一个在我们的服务器上不存在的令牌。当用户越过地理围栏时,它会自动更新其状态,但有一小部分在后台出现故障,导致了一些客户的担忧。
抱歉,前言很长,现在开始回答问题。什么会导致 NSUserDefaults 中的值每次以不同的方式加载到 NSString 中?我已经测试了逻辑,当我上班时,它会连续更新我 3 次,但第四次,我会从服务器返回令牌失败错误。它的失败没有任何规律或理由。我们的服务器正在记录这些失败的令牌,但我们无法将它们与任何内容进行匹配。
因此,如果有人对此事有任何见解,我将非常感激。当我将它存储到 NSString 时会出现混乱吗?难道是我的POST方法有些不一致?它甚至可能在我们的服务器上,我不知道。我希望 SO 上的每个人都能伸出援手,帮助我获得一些新的见解。提前致谢。
//Loading the token... done this way for EVERY API call
NSUserDefaults *defaults = [NSUserDefaults standardUserDefaults];
NSString *token = [defaults objectForKey:@"token"];
代码取自我的 API 类
//My POST method for updating our API
NSString *requestData = [NSString stringWithFormat:@"?auth_token=%@", token];
NSData *myRequestData = [NSData dataWithBytes: [requestData UTF8String] length: [requestData length]];
NSMutableURLRequest *request = [[NSMutableURLRequest alloc] initWithURL: [NSURL URLWithString:[NSString stringWithFormat:@"%@/api/user.json%@", webAddress, requestData]]];
[request setHTTPMethod: @"POST"];
[request setHTTPBody: myRequestData];
NSData *jsonData = [NSURLConnection sendSynchronousRequest: request returningResponse: nil error: nil];
NSString *json = [[NSString alloc] initWithData:jsonData encoding:NSUTF8StringEncoding];
NSDictionary *payloadData = [json JSONValue];
if([[payloadData objectForKey:@"success"] boolValue]) {
// if i get here, successful update
} else {
// update unsuccessful, error message returned... bad token
}
I have an app in the App Store that uses geofences to post updates to our local API. To date, this has been a smashing success. A couple months ago I installed Flurry to get some insight into customer usage and any unhandled exceptions out there. What I started getting back were some errors pertaining to the saved token we use to authenticate the user id.
This token is an MD5 salted hash of the username and password. No issues here, we use it for everything in the app. I store it in the NSUserDefaults and retrieve it before every API call. As we started narrowing down our search for the culprit, it is showing that we are sending a token that doesn't exist anywhere on our servers. When the user trips a geofence, it updates their status automatically, but a very small percent has been failing in the background causing some customer concerns.
Sorry for the long precursor, on to the question. What would cause my value in NSUserDefaults to get loaded to an NSString differently from one time to the next? I have tested the logic, it will update me 3 times in a row when I show up for work, but the 4th, I'll get a token failure error back from the server. There is no rhyme or reason to why it fails. Our server is logging these failed tokens and we can't match them up to anything.
So if anyone has any insight on this matter, I would very much appreciate it. Could it be messing up when I store it to NSString? Could it be some inconsistencies with my POST method? It might even be on our server, I dunno. I'm hoping everyone on SO can lend a hand and help me get some new insight. Thanks in advance.
//Loading the token... done this way for EVERY API call
NSUserDefaults *defaults = [NSUserDefaults standardUserDefaults];
NSString *token = [defaults objectForKey:@"token"];
Code taken from my API class
//My POST method for updating our API
NSString *requestData = [NSString stringWithFormat:@"?auth_token=%@", token];
NSData *myRequestData = [NSData dataWithBytes: [requestData UTF8String] length: [requestData length]];
NSMutableURLRequest *request = [[NSMutableURLRequest alloc] initWithURL: [NSURL URLWithString:[NSString stringWithFormat:@"%@/api/user.json%@", webAddress, requestData]]];
[request setHTTPMethod: @"POST"];
[request setHTTPBody: myRequestData];
NSData *jsonData = [NSURLConnection sendSynchronousRequest: request returningResponse: nil error: nil];
NSString *json = [[NSString alloc] initWithData:jsonData encoding:NSUTF8StringEncoding];
NSDictionary *payloadData = [json JSONValue];
if([[payloadData objectForKey:@"success"] boolValue]) {
// if i get here, successful update
} else {
// update unsuccessful, error message returned... bad token
}
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
您使用任何第三方库吗? “token”是一个非常常见的字符串,我会将其更改为其他字符串。有可能其他一些代码正在用他们的令牌踩踏您的令牌。
Are you using any 3rd party libraries? "token" is a very common string, I would change it to something else. It's possible some other code is stomping on your token with their token.
我不想让这个问题一直存在并浪费任何人的时间或精力。经过最近的一些测试,我认为我的问题不在于用户默认值或保存的令牌。已经有答案了,所以我不能删除这个问题。所以我只在这里留下一个小答案并结束它。
我最终将所有登录凭据移至 iOS 钥匙串。每次需要 API 令牌时,我都会对电子邮件和密码进行加盐和哈希处理。它为每个 API 带来了更多的开销,但知道我的用户的凭据是安全的可能是值得的。我仍然有我的问题,但我想我已经接近解决这个问题了。感谢所有看过我的问题的人。
I don't want this question to linger out there and waste anyone's time or energy. After some recent testing, I don't believe my issue is with the user defaults or the saved token. There are already answers out there, so I can't delete the question. So I'll just leave a small answer here and close it out.
I ended up moving all the login credentials to the iOS keychain. I salt and hash the email and password each time I need an API token. It creates a little more overhead for each API, but knowing my users' credentials are safe and secure is probably worth it. I still have my issue, but I think I'm getting closer to nailing it down. Thank you to anyone that has looked at my question.