Stop using kCFStreamPropertyHTTPShouldAutoredirect and handle 30x redirection ourselves

This ensures cookies presented as part of the initial response can be applied to the redirected request
sessionCookies should now hang on to all cookies, and cookies will replace old versions of the same cookie

@@ -26,7 +26,8 @@ typedef enum _ASINetworkErrorType {
     ASIUnableToCreateRequestErrorType = 5,
     ASIInternalErrorWhileBuildingRequestType  = 6,
     ASIInternalErrorWhileApplyingCredentialsType  = 7,
-	ASIFileManagementError = 8
+	ASIFileManagementError = 8,
+	ASITooMuchRedirectionErrorType = 9
 	
 } ASINetworkErrorType;
 
@@ -218,6 +219,12 @@ extern NSString* const NetworkRequestErrorDomain;
 	// When YES, requests will automatically redirect when they get a HTTP 30x header (defaults to YES)
 	BOOL shouldRedirect;
 	
+	// Used internally to tell the main loop we need to stop and retry with a new url
+	BOOL needsRedirect;
+	
+	// Incremented every time this request redirects. When it reaches 5, we give up
+	int redirectCount;
+	
 	// When NO, requests will not check the secure certificate is valid (use for self-signed cerficates during development, DO NOT USE IN PRODUCTION) Default is YES
 	BOOL validatesSecureCertificate;
 
@@ -297,7 +304,9 @@ extern NSString* const NetworkRequestErrorDomain;
 
 #pragma mark http authentication stuff
 
-// Reads the response headers to find the content length, and returns true if the request needs a username and password (or if those supplied were incorrect)
+// Reads the response headers to find the content length, encoding, cookies for the session 
+// Also initiates request redirection when shouldRedirect is true
+// Returns true if the request needs a username and password (or if those supplied were incorrect)
 - (BOOL)readResponseHeadersReturningAuthenticationFailure;
 
 // Apply credentials to this request
@@ -345,6 +354,9 @@ extern NSString* const NetworkRequestErrorDomain;
 + (void)setSessionCookies:(NSMutableArray *)newSessionCookies;
 + (NSMutableArray *)sessionCookies;
 
+// Adds a cookie to our list of cookies we've accepted, checking first for an old version of the same cookie and removing that
++ (void)addSessionCookie:(NSHTTPCookie *)newCookie;
+
 // Dump all session data (authentication and cookies)
 + (void)clearSession;
 

@@ -27,6 +27,8 @@ static CFHTTPAuthenticationRef sessionAuthentication = NULL;
 static NSMutableDictionary *sessionCredentials = nil;
 static NSMutableArray *sessionCookies = nil;
 
+// The number of times we will allow requests to redirect before we fail with a redirection error
+const int RedirectionLimit = 5;
 
 static void ReadStreamClientCallBack(CFReadStreamRef readStream, CFStreamEventType type, void *clientCallBackInfo) {
     [((ASIHTTPRequest*)clientCallBackInfo) handleNetworkEvent: type];
@@ -39,6 +41,8 @@ static NSError *ASIRequestCancelledError;
 static NSError *ASIRequestTimedOutError;
 static NSError *ASIAuthenticationError;
 static NSError *ASIUnableToCreateRequestError;
+static NSError *ASITooMuchRedirectionError;
+
 
 // Private stuff
 @interface ASIHTTPRequest ()
@@ -64,6 +68,8 @@ static NSError *ASIUnableToCreateRequestError;
 	@property (retain, nonatomic) NSOutputStream *fileDownloadOutputStream;
 	@property (assign, nonatomic) int authenticationRetryCount;
 	@property (assign, nonatomic) BOOL updatedProgress;
+	@property (assign, nonatomic) BOOL needsRedirect;
+	@property (assign, nonatomic) int redirectCount;
 @end
 
 @implementation ASIHTTPRequest
@@ -80,6 +86,8 @@ static NSError *ASIUnableToCreateRequestError;
 		ASIAuthenticationError = [[NSError errorWithDomain:NetworkRequestErrorDomain code:ASIAuthenticationErrorType userInfo:[NSDictionary dictionaryWithObjectsAndKeys:@"Authentication needed",NSLocalizedDescriptionKey,nil]] retain];
 		ASIRequestCancelledError = [[NSError errorWithDomain:NetworkRequestErrorDomain code:ASIRequestCancelledErrorType userInfo:[NSDictionary dictionaryWithObjectsAndKeys:@"The request was cancelled",NSLocalizedDescriptionKey,nil]] retain];
 		ASIUnableToCreateRequestError = [[NSError errorWithDomain:NetworkRequestErrorDomain code:ASIUnableToCreateRequestErrorType userInfo:[NSDictionary dictionaryWithObjectsAndKeys:@"Unable to create request (bad url?)",NSLocalizedDescriptionKey,nil]] retain];
+		ASITooMuchRedirectionError = [[NSError errorWithDomain:NetworkRequestErrorDomain code:ASITooMuchRedirectionErrorType userInfo:[NSDictionary dictionaryWithObjectsAndKeys:@"The request failed because it redirected too many times",NSLocalizedDescriptionKey,nil]] retain];	
+
 	}
 	[super initialize];
 }
@@ -436,10 +444,7 @@ static NSError *ASIUnableToCreateRequestError;
 		[self failWithError:[NSError errorWithDomain:NetworkRequestErrorDomain code:ASIInternalErrorWhileBuildingRequestType userInfo:[NSDictionary dictionaryWithObjectsAndKeys:@"Unable to create read stream",NSLocalizedDescriptionKey,nil]]];
         return;
     }
-	
-	// Tell CFNetwork to automatically redirect for 30x status codes
-	CFReadStreamSetProperty(readStream, kCFStreamPropertyHTTPShouldAutoredirect, [self shouldRedirect] ? kCFBooleanTrue : kCFBooleanFalse);
-    
+
 	// Tell CFNetwork not to validate SSL certificates
 	if (!validatesSecureCertificate) {
 		CFReadStreamSetProperty(readStream, kCFStreamPropertySSLSettings, [NSMutableDictionary dictionaryWithObject:(NSString *)kCFBooleanFalse forKey:(NSString *)kCFStreamSSLValidatesCertificateChain]); 
@@ -517,7 +522,7 @@ static NSError *ASIUnableToCreateRequestError;
 		// See if we need to timeout
 		if (lastActivityTime && timeOutSeconds > 0 && [now timeIntervalSinceDate:lastActivityTime] > timeOutSeconds) {
 			
-			// Prevent timeouts before 128KB has been sent when the size of data to upload is greater than 128KB
+			// Prevent timeouts before 128KB* has been sent when the size of data to upload is greater than 128KB* (*32KB on iPhone 3.0 SDK)
 			// This is to workaround the fact that kCFStreamPropertyHTTPRequestBytesWrittenCount is the amount written to the buffer, not the amount actually sent
 			// This workaround prevents erroneous timeouts in low bandwidth situations (eg iPhone)
 			if (contentLength <= uploadBufferSize || (uploadBufferSize > 0 && totalBytesSent > uploadBufferSize)) {
@@ -528,7 +533,23 @@ static NSError *ASIUnableToCreateRequestError;
 			}
 		}
 		
-		// See if our NSOperationQueue told us to cancel
+		// Do we need to redirect?
+		if ([self needsRedirect]) {
+			[self cancelLoad];
+			[self setNeedsRedirect:NO];
+			[self setRedirectCount:[self redirectCount]+1];
+			if ([self redirectCount] > RedirectionLimit) {
+				// Some naughty / badly coded website is trying to force us into a redirection loop. This is not cool.
+				[self failWithError:ASITooMuchRedirectionError];
+				[self setComplete:YES];
+			} else {
+				// Go all the way back to the beginning and build the request again, so that we can apply any new cookies
+				[self main];
+			}
+			break;
+		}
+		
+		// See if our NSOperationQueue told us to cancel or we need to redirect
 		if ([self isCancelled]) {
 			break;
 		}
@@ -944,7 +965,7 @@ static NSError *ASIUnableToCreateRequestError;
 		[self setResponseStatusCode:CFHTTPMessageGetResponseStatusCode(headers)];
 		
 		// Is the server response a challenge for credentials?
-		isAuthenticationChallenge = (responseStatusCode == 401);
+		isAuthenticationChallenge = ([self responseStatusCode] == 401);
 		
 		// We won't reset the download progress delegate if we got an authentication challenge
 		if (!isAuthenticationChallenge) {
@@ -990,18 +1011,22 @@ static NSError *ASIUnableToCreateRequestError;
 			NSArray *newCookies = [NSHTTPCookie cookiesWithResponseHeaderFields:responseHeaders forURL:url];
 			[self setResponseCookies:newCookies];
 			
-			if (useCookiePersistance) {
+			if ([self useCookiePersistance]) {
 				
 				// Store cookies in global persistent store
 				[[NSHTTPCookieStorage sharedHTTPCookieStorage] setCookies:newCookies forURL:url mainDocumentURL:nil];
 				
 				// We also keep any cookies in the sessionCookies array, so that we have a reference to them if we need to remove them later
-				if (!sessionCookies) {
-					[ASIHTTPRequest setSessionCookies:[[[NSMutableArray alloc] init] autorelease]];
-					NSHTTPCookie *cookie;
-					for (cookie in newCookies) {
-						[[ASIHTTPRequest sessionCookies] addObject:cookie];
-					}
+				NSHTTPCookie *cookie;
+				for (cookie in newCookies) {
+					[ASIHTTPRequest addSessionCookie:cookie];
+				}
+			}
+			// Do we need to redirect?
+			if ([self shouldRedirect]) {
+				if ([self responseStatusCode] > 300 && [self responseStatusCode] < 308 && [self responseStatusCode] != 304) {
+					[self setURL:[[NSURL URLWithString:[responseHeaders valueForKey:@"Location"] relativeToURL:[self url]] absoluteURL]];
+					[self setNeedsRedirect:YES];
 				}
 			}
 			
@@ -1256,6 +1281,9 @@ static NSError *ASIUnableToCreateRequestError;
 			return;
 		}
 	}
+	if ([self needsRedirect]) {
+		return;
+	}
 	int bufferSize = 2048;
 	if (contentLength > 262144) {
 		bufferSize = 65536;
@@ -1307,6 +1335,9 @@ static NSError *ASIUnableToCreateRequestError;
 			return;
 		}
 	}
+	if ([self needsRedirect]) {
+		return;
+	}
 	[progressLock lock];	
 	[self setComplete:YES];
 	[self updateProgressIndicators];
@@ -1371,8 +1402,6 @@ static NSError *ASIUnableToCreateRequestError;
 {
 	NSError *underlyingError = [(NSError *)CFReadStreamCopyError(readStream) autorelease];
 	
-	
-	
 	[self cancelLoad];
 	[self setComplete:YES];
 	
@@ -1459,19 +1488,37 @@ static NSError *ASIUnableToCreateRequestError;
 
 + (NSMutableArray *)sessionCookies
 {
+	if (!sessionCookies) {
+		[ASIHTTPRequest setSessionCookies:[[[NSMutableArray alloc] init] autorelease]];
+	}
 	return sessionCookies;
 }
 
 + (void)setSessionCookies:(NSMutableArray *)newSessionCookies
 {
 	// Remove existing cookies from the persistent store
-	for (NSHTTPCookie *cookie in [ASIHTTPRequest sessionCookies]) {
+	for (NSHTTPCookie *cookie in sessionCookies) {
 		[[NSHTTPCookieStorage sharedHTTPCookieStorage] deleteCookie:cookie];
 	}
 	[sessionCookies release];
 	sessionCookies = [newSessionCookies retain];
 }
 
++ (void)addSessionCookie:(NSHTTPCookie *)newCookie
+{
+	NSHTTPCookie *cookie;
+	int i;
+	int max = [[ASIHTTPRequest sessionCookies] count];
+	for (i=0; i<max; i++) {
+		cookie = [[ASIHTTPRequest sessionCookies] objectAtIndex:i];
+		if ([[cookie domain] isEqualToString:[newCookie domain]] && [[cookie path] isEqualToString:[newCookie path]] && [[cookie name] isEqualToString:[newCookie name]]) {
+			[[ASIHTTPRequest sessionCookies] removeObjectAtIndex:i];
+			break;
+		}
+	}
+	[[ASIHTTPRequest sessionCookies] addObject:newCookie];
+}
+
 // Dump all session data (authentication and cookies)
 + (void)clearSession
 {
@@ -1676,4 +1723,6 @@ static NSError *ASIUnableToCreateRequestError;
 @synthesize updatedProgress;
 @synthesize shouldRedirect;
 @synthesize validatesSecureCertificate;
+@synthesize needsRedirect;
+@synthesize redirectCount;
 @end

@@ -33,4 +33,6 @@
 - (void)testCompressedResponse;
 - (void)testCompressedResponseDownloadToFile;
 - (void)testSSL;
+- (void)testRedirectPreservesSession;
+- (void)testTooMuchRedirection;
 @end

@@ -639,4 +639,24 @@
 	GHAssertNil([request error],@"Failed to accept a self-signed certificate");	
 }
 
+- (void)testRedirectPreservesSession
+{
+	// Remove any old session cookies
+	[ASIHTTPRequest clearSession];
+	ASIHTTPRequest *request = [ASIHTTPRequest requestWithURL:[NSURL URLWithString:@"http://asi/ASIHTTPRequest/tests/session_redirect"]];
+	[request start];
+	BOOL success = [[request responseString] isEqualToString:@"Take me to your leader"];
+	GHAssertTrue(success,@"Failed to redirect preserving session cookies");	
+}
+
+- (void)testTooMuchRedirection
+{
+	// This url will simply send a 302 redirect back to itself
+	ASIHTTPRequest *request = [ASIHTTPRequest requestWithURL:[NSURL URLWithString:@"http://asi/ASIHTTPRequest/tests/one_infinite_loop"]];
+	[request start];
+	GHAssertNotNil([request error],@"Failed to generate an error when redirection occurs too many times");
+	BOOL success = ([[request error] code] == ASITooMuchRedirectionErrorType);
+	GHAssertTrue(success,@"Generated the wrong error for a redirection loop");		
+}
+
 @end