I have to login with my to a web-server.All works fine, but not generated passwords like |%<">{}¥^~ . How I have to encode passwords like this?
I create a User with password=|%<">{}¥^~
doset work
( for example a password like "user1234" works fine)
NSString *userName = self.usernameOutlet.text;
NSString *userPassword = self.passwordOutlet.text;
NSString *escapedString = [self.passwordOutlet.text stringByAddingPercentEncodingWithAllowedCharacters:[NSCharacterSet URLHostAllowedCharacterSet]];
userPassword = escapedString;
NSString *post = [NSString stringWithFormat:@"login=%@&password=%@",userName,userPassword];
NSData *postData = [post dataUsingEncoding:NSASCIIStringEncoding allowLossyConversion:YES];
NSString *postLength = [NSString stringWithFormat:@"%lu",(unsigned long)[postData length]];
NSMutableURLRequest *request = [[NSMutableURLRequest alloc] init];
[request setURL:[NSURL URLWithString:@"http://XXXXXXXX/login"]];
[request setHTTPMethod:@"POST"];
[request setValue:postLength forHTTPHeaderField:@"Content-Length"];
[request setValue:@"application/x-www-form-urlencoded" forHTTPHeaderField:@"Content-Type"];
[request setHTTPBody:postData];
NSURLConnection *conn = [[NSURLConnection alloc] initWithRequest:request delegate:self];
with passwords like "user1234" I get a cookie
with passwords like "|%<">{}¥^~" I get no cookie
what am I doing wrong?
It’s tempting to want to use URLQueryAllowedCharacterSet, but that won’t work for all strings. Notably & and + will pass unescaped.
If you’re wondering why we must percent escape & and +, too, it’s because these two characters have a special meaning in x-www-form-urlencoded requests. The & is used to delimit key-value pairs in a x-www-form-urlencoded request, so it will truncate your password. And most web services translate a + to a space, so you’ll want to percent escape that, too.
So, let’s first define a character set that will work:
// NSCharacterSet+URLQueryValueAllowed.h
@interface NSCharacterSet (URLQueryValueAllowed)
@property (class, readonly, copy) NSCharacterSet *URLQueryValueAllowedCharacterSet;
@end
and
// NSCharacterSet+URLQueryValueAllowed.m
@implementation NSCharacterSet (URLQueryValueAllowed)
+ (NSCharacterSet *)URLQueryValueAllowedCharacterSet {
static dispatch_once_t onceToken;
static NSCharacterSet *queryValueAllowed;
dispatch_once(&onceToken, ^{
NSMutableCharacterSet *allowed = [[NSCharacterSet URLQueryAllowedCharacterSet] mutableCopy];
NSString *generalDelimitersToEncode = @":#[]@"; // does not include "?" or "/" due to RFC 3986 - Section 3.4
NSString *subDelimitersToEncode = @"!$&'()*+,;=";
[allowed removeCharactersInString:generalDelimitersToEncode];
[allowed removeCharactersInString:subDelimitersToEncode];
queryValueAllowed = [allowed copy];
});
return queryValueAllowed;
}
@end
Then, to make life easier for us, let’s define NSDictionary category for percent encoding a dictionary:
// NSDictionary+PercentEncoded.h
@interface NSDictionary (PercentEncoded)
- (NSString *)percentEncodedString;
- (NSData *)percentEncodedData;
@end
and
// NSDictionary+PercentEncoded.m
@implementation NSDictionary (PercentEncoded)
- (NSString *)percentEncodedString {
NSMutableArray<NSString *> *results = [NSMutableArray array];
NSCharacterSet *allowed = [NSCharacterSet URLQueryValueAllowedCharacterSet];
for (NSString *key in self.allKeys) {
NSString *encodedKey = [key stringByAddingPercentEncodingWithAllowedCharacters:allowed];
NSString *value = [[self objectForKey:key] description];
NSString *encodedValue = [value stringByAddingPercentEncodingWithAllowedCharacters:allowed];
[results addObject:[NSString stringWithFormat:@"%@=%@", encodedKey, encodedValue]];
}
return [results componentsJoinedByString:@"&"];
}
- (NSData *)percentEncodedData {
return [[self percentEncodedString] dataUsingEncoding:NSUTF8StringEncoding];
}
@end
Then, your application code can do:
NSDictionary *dictionary = @{@"login": userName, @"password": userPassword};
NSData *body = [dictionary percentEncodedData];
