Rubymotion: Problem with the GET & POST to a Web App
New here? Learn about Bountify and follow @bountify to get notified of new bounties! x

I am new to iOS programming and using Rubymotion to build my first application. In my Rubymotion app I POST to a webserver (an app built using RoR) to authenticate a user wanting to Login and am using the BubbleWrap gem for RubyMotion

        def login(sender)
          payload = {email: @email, password: @password}
"", {payload:   payload}) do |response|
          @authCookie = response.headers['Set-Cookie']

Now once I receive successful authentication I move onto to receive JSON data from the web application using the following code:

        BubbleWrap::HTTP.get("", {cookie: @authCookie, :headers=>{"Content-Type"=>'json'} }) do |response|
         puts response.body #testing the response

For some reason, the authentication token received from the POST request is not correct. I know this because when I query the response after the POST request it returns the HTML content of the Login page. This only happens in the web app if authentication fails.

Authentication check on the Web App.

   def session_check
            if session[:bizid].nil?
             redirect_to login_url
             flash[:notice] = "Please login to view your account!"

Additionally, on the web app this authentication token is set by the following method.

           def create
            current_biz = Bizname.find_by_email(params[:email])
                if current_biz && current_biz.authenticate(params[:password])
                    session[:bizid] =
                    flash[:notice] = 'Login Successful!'

                        redirect_to getsetup_url
                        redirect_to  account_summary_url

                   flash[:notice] = 'Incorrect Email or Password.'
                    redirect_to login_url   
awarded to Wikimedia

Crowdsource coding tasks.

2 Solutions

I believe the issue is that you are currently not passing an authenticity token along with your POST request. With all non-GET requests you need to pass in an authenticity token.

You can quickly validate if this is indeed the problem by temporarily turning off protect_from_forgery for your controller by using the following code snippet

class SessionsController
skip_before_filter :verify_authenticity_token

See and for more details.

If you do not wish to turn off the authentication token, you'd have to make a GET request to your application wherein you'd notice a meta tag named csrf-token in the response which contains the token which needs to be passed in the POST payload as authenticity_token.

I just finished wrestling with this problem myself, and registered just to help anyone who might stumble across this problem in the future.

While the answer given by 'nil' might solve part of the problem, there is another issue at play here: vaibpuri's syntax seems to be incorrect!

In BubbleWrap, when you want to specify a specific cookie, you do the following:
BubbleWrap::HTTP.get("", headers: {"Cookie" => @authCookie})

That is, the cookie is specified as part of the headers hash, not outside of it.

View Timeline