-
Type: Bug
-
Status: Resolved
-
Priority: Major
-
Resolution: Fixed
-
Affects Version/s: Android 1.1
-
Fix Version/s: iOS 1.7, Android 1.4
-
Sprint:nxfit 9.1.6
-
Story Points:3
On Android, the redirection to the CAS login page does not work, the app displays the basic auth form. Then when trying to log in through basic auth we get an error.
On iOS, the redirection works but once logged in we get the "successfully logged in" page without being redirected to the start screen.
------------------------------------------------------------------------------------
Fix analysis:
1/ Basic auth form displayed on Android
On Android, when trying to connect to a server configured with CAS, this error is throw. As it is caught the app switches to basic auth.
TypeError: Network request failed at XMLHttpRequest.xhr.onerror (index.android.bundle?platform=android&dev=true&hot=true&minify=false:30441) at XMLHttpRequest.dispatchEvent (index.android.bundle?platform=android&dev=true&hot=true&minify=false:15513) at XMLHttpRequest.setReadyState (index.android.bundle?platform=android&dev=true&hot=true&minify=false:32637) at XMLHttpRequest.__didCompleteResponse (index.android.bundle?platform=android&dev=true&hot=true&minify=false:32473) at index.android.bundle?platform=android&dev=true&hot=true&minify=false:32577 at RCTDeviceEventEmitter.emit (index.android.bundle?platform=android&dev=true&hot=true&minify=false:14614) at MessageQueue.__callFunction (index.android.bundle?platform=android&dev=true&hot=true&minify=false:12419) at index.android.bundle?platform=android&dev=true&hot=true&minify=false:12291 at guard (index.android.bundle?platform=android&dev=true&hot=true&minify=false:12229) at MessageQueue.callFunctionReturnFlushedQueue (index.android.bundle?platform=android&dev=true&hot=true&minify=false:12290)
Unfortunately the stack trace useless as it doesn't show the underlying Java exception.
See NXMOB-290 for improving this.
Yet when using some native code relying on java.net.HttpURLConnection to perform the HEAD request we get the Java error: java.io.IOException: Content-Length and stream length disagree.
This is thrown by OkHttp because the response of the HEAD request, once redirected to the CAS URL http://host/cas/login?service=xxx, indeed has a positive Content-Length but an empty body.
According to https://www.w3.org/Protocols/rfc2616/rfc2616-sec9.html it is expected to have the same Content-Length header sent in response to a GET request.
Surprisingly the Content-Length is -1 for a standard URL http://host/nuxeo/login.jsp?requestedUrl=acquire_token.jsp (but not via curl...) that's why it doesn't fail with no CAS.
Maybe the issue is in the React Native Java implementation of XMLHttpRequest where responseBody.string() shouldn't be called in NetworkingModule#sendRequest?
if (responseType.equals("text")) { responseString = responseBody.string(); } else if (responseType.equals("base64")) { responseString = Base64.encodeToString(responseBody.bytes(), Base64.NO_WRAP); }
=> Should investigate this and create a PR if needed.
Anyway, using GET instead of HEAD fixes it: https://github.com/nuxeo/nuxeo-mobile/commit/135684db21074ad8f835b402d4be091a19e6f9f1
2/ No redirection to the start screen after CAS login on iOS and basic auth error on Android
Both due to the fact that we were using the CAS redirection URL http://host/cas to acquire the token instead of the Nuxeo server one http://host/nuxeo.
- On iOS once logged in through CAS we would simply not hit acquire_token.jsp thus wouldn't acquire any token.
- On Android using basic auth we would store the HTML of the CAS login page as a token (!) thus triggering the error once reported in Bugsnag: https://app.bugsnag.com/nuxeo/nuxeo-mobile/errors/589aff501eecd39ad90f4e47.
Thus the fix: https://github.com/nuxeo/nuxeo-mobile/commit/08542c7859d8b5561a3de8d2bfc4f881883f306f