Add "followRedirects" and "agent" options to request

[Meshz]

Hello, I'm currently doing a NTLM authentication through RNFB in order to receive a fedAuth cookie. I've been able to crypt/decrypt all the required information through crypto-js but now I'm stuck with the options to give to RFNB.fetch() method (for OkHttp3).

Due to the process of NTLM authentication (createType1Message, parseType2Message, createType3Message), I would like to be able to dynamically set followRedirects to false to OkHttp3. I see the following line in RNFetchBlobReq.java:365 where "true" is hardcoded:

clientBuilder.followRedirects(true);

I also would like to be able to set an agent keepalive for connection in order to keep the socket open. In the other script I used I had some lines like:

var http = require("http");
var keepaliveAgent = new http.Agent({ keepAlive: true });
httpreq.get(url, {
    agent: keepaliveAgent,
}, callback);

For now, I think RNFB.fetch() takes METHOD / URL / HEADERS / BODY. Is there any chance you could add these two extra-parameters? Or any suggestions on how to implement this in an other way?

Tell me if I'm not clear enough or if you need additional explanations. Thank you for your time and response.

[Meshz]

After some research, it appears that OkHttp uses a ConnectionPool that automatically reuses HTTP/1.x connections (explained here on point 2). So the agent keepalive is not needed.

I tried to manually set clientBuilder.followRedirects(false); in RNFetchBlobReq.java:365 and it's now working. Is there any possibility to set dynamically set followRedirects in RNFB.fetch() ?

[wkh237]

@Meshz , thanks so much for the investigation and assistance ! 👍 sorry for late response, I have very limited time on this project in recently. IMO we can add another option followRedirect:boolean to RNFetchBlob.config for disabling follow redirect. How do you think ?

[Meshz]

@wkh237 Add an option to RNFetchBlob.config seems like the perfect implementation to me. Maybe just name it as OkHttp names it: followRedirects. Any idea of when you can have some time for this? I can try to add it for Android if you want but I'm not familiar with PR and I didn't checked for iOS. 😔

[Meshz]

@wkh237 As I was thinking, add the followRedirects option does solve the issue #156 as it's not following the redirects which overwrite the Set-Cookie from initial GET (check issue for full explanation). BTW, all the tests I ran and the modifications I made were only for Android. I'll switch soon to the iOS version and let you know the results.

[wkh237]

@Meshz , I have added followRedirect to config, please verify if that works with 0.10.2-beta.6, thanks.

[Meshz]

@wkh237 Thank you for that implementation, I can confirm that this is working on Android. 👍

[Meshz]

@wkh237 Hello, I just moved to the iOS part and I have some trouble with RNFB.

First, just to let you know, it seems that all response headers starting by www are returned "WWW-xxx" for Android and "Www-xxx" for iOS. I had the issue with the specific header "WWW-Authenticate". This is not a big deal, I can test both, but I wonder if this could be formatted by RNFB.

Then, I think that the connection does not stay alive in iOS. When I do the NTLM authentication, the connection closes after the first request, which means that:

1. I send Type1Message
2. Response gives Type2Message
3. I send Type3Message
4. Response asks for Type1Message

For Android, OkHttp uses a ConnectionPool that automatically reuses HTTP/1.x connections, for iOS, this doesn't seem to be implemented. I found this link but I don't know if it's helpful.

Any ideas how to resolve this? Thanks for your help!

[Meshz]

@wkh237 Hello, I did some research for NTLM authentication on iOS and I found a way to do it. I added the parameter NTLMCredential in RNFB Config which must looks like: username:password.

Then, I replaced RNFetchBlobNetwork.m on line 634 with the following code:

- (void) URLSession:(NSURLSession *)session didReceiveChallenge:(NSURLAuthenticationChallenge *)challenge completionHandler:(void (^)(NSURLSessionAuthChallengeDisposition, NSURLCredential * _Nullable credential))completionHandler
{
    if([options valueForKey:@"NTLMCredential"] == nil){
        BOOL trusty = [options valueForKey:CONFIG_TRUSTY];
        if(!trusty)
        {
            completionHandler(NSURLSessionAuthChallengePerformDefaultHandling, [NSURLCredential credentialForTrust:challenge.protectionSpace.serverTrust]);
        }
        else
        {
            completionHandler(NSURLSessionAuthChallengeUseCredential, [NSURLCredential credentialForTrust:challenge.protectionSpace.serverTrust]);
        }
    }else{
        NSArray *NTLMCredential = [[options valueForKey:@"NTLMCredential"] componentsSeparatedByString:@":"];
        
        if(challenge.previousFailureCount == 0)
        {
            completionHandler(NSURLSessionAuthChallengeUseCredential, [NSURLCredential credentialWithUser:NTLMCredential[0] password:NTLMCredential[1] persistence:NSURLCredentialPersistenceNone]);
        }
        else
        {
            completionHandler(NSURLSessionAuthChallengeCancelAuthenticationChallenge, nil);
        }
    }
}

I am not sure if this is the proper way to do it as I have never used Objective-C but by doing so I am able to auth through NTLM.

The only problem I got left is that when I try to sign out and sign in with a different user, the fedAuth cookie of the previous auth is still in cookiesTable and thus sent with the new auth request which leads to the authentication of the first user where auth was successful.

Is there any way to remove cookies stored in RNFB? Because if I can remove the cookies when the user sign out then I will be able to sign in with a different user. Note that being able to remove cookies will solve #249 as well.

Thanks for your help and time!

[wkh237]

@Meshz , thanks for the information. I'll add an API for removing cookie for specific domain and also the NTLM credential option to RNFetchBlob.config 👍

[wkh237]

@Meshz , I've published 0.10.3-beta.1 to npm which has a new API for remove cookies, please try if that works 👍

[Meshz]

@wkh237 I can confirm the new API for cookies is working great on iOS. I'll let you know if there is any problem with Android. I'll close this issue as soon as NTLM authentication is implemented. Thanks for your help! 👍

[matthiasleitner]

@Meshz did you manage to make NTML work on android as well?

[Meshz]

@matthiasleitner Yes I did. To do so, I used this script to parse NTLM messages. But in order to have it working for RN, I used the library "Crypto-JS" instead of "Crypto" and make the changes necessary. Be careful that I had to use MD4, which is not present in "Crypto-JS", but I made an issue today asking him to add it.