2017-11-11 289 views
0

我想在我的網站上登錄一個用戶,該用戶的登錄表單中有一個CSRF令牌。我在iOS上使用Alamofire和Swift。在Alamofire請求參數中傳遞CSRF令牌

這裏是形式的代碼:

    <form id="login-form" class="body" action="login" method="post"> 

           <div class="form-group label-floating"> 
            <label class="control-label" for="username">Identifiant</label> 
            <input id="username" type="text" name="username" class="form-control" required/> 
           </div> 

           <div class="form-group label-floating"> 
            <label class="control-label" for="password">Mot de passe</label> 
            <input id="password" type="password" name="password" class="form-control" 
              required/> 
           </div> 

           <div class="footer"> 
                     <div class="col-md-offset-3 col-md-6"> 
             <input type="hidden" id="csrf_token" name="_csrf" 
               value="7cf3b95d-1310-4d00-b1b2-7040340b12e6"/> 
             <button type="submit" class="btn btn-lg btn-primary btn-block"> 
              Connexion 
             </button> 
            </div> 
           </div> 
          </form> 

我創建它返回CSRF令牌的功能。然後我調用另一個函數來記錄用戶憑證和CSRF令牌。

下面是這個函數:

func login(token: String, completion: @escaping (_ success: Bool) -> Void) { 

     let customerURL = "https://mywebsite.com/uaa/login" 
     let user = "username" 
     let password = "password" 
     let parameters = [ "username" : user, "password" : password, "Authorization" : token] 

     Alamofire.request(customerURL, method: .post, parameters: parameters, encoding: JSONEncoding.default) 

      .responseString { response in 

       switch response.result { 
       case .success: 
        print("Validation Successful") 
        if let JSON = response.result.value { 
         print(JSON) 
        } 
       case .failure(let error): 
        print(error) 

       } 
     } 
    } 

但是當我運行我的應用程序,這裏是我得到:

{"timestamp":1510425797543,"status":403,"error":"Forbidden","message":"Invalid CSRF Token 'null' was found on the request parameter '_csrf' or header 'X-XSRF-TOKEN'.","path":"/uaa/login"} 

任何想法?在此先感謝您的幫助!

回答

0
'null' was found on the request parameter '_csrf' 

我看你使用的是「授權」名參數,而從讀它「_csrf」的API compline參數從「授權」到「_csrf」

的名字從

改變
let parameters = [ "username" : user, "password" : password, "Authorization" : token] 

let parameters = [ "username" : user, "password" : password, "_csrf" : token]