From 7a3303da0686d1dd39d2029cfacc90e2ac687cdf Mon Sep 17 00:00:00 2001
From: James Magahern <james@magahern.com>
Date: Tue, 6 Jul 2021 23:41:51 -0700
Subject: [PATCH] Auth: Use Set-Cookie for auth token

---
 kordophone/Bridge/Operations/MBIMAuthenticateOperation.m  | 7 ++++++-
 kordophone/Bridge/Operations/Utilities/MBIMDataResponse.h | 1 +
 kordophone/Bridge/Operations/Utilities/MBIMDataResponse.m | 8 +++++---
 3 files changed, 12 insertions(+), 4 deletions(-)

diff --git a/kordophone/Bridge/Operations/MBIMAuthenticateOperation.m b/kordophone/Bridge/Operations/MBIMAuthenticateOperation.m
index 0988a4f..b8ccd7d 100644
--- a/kordophone/Bridge/Operations/MBIMAuthenticateOperation.m
+++ b/kordophone/Bridge/Operations/MBIMAuthenticateOperation.m
@@ -60,9 +60,14 @@
             MBIMAuthToken *token = [[MBIMAuthToken alloc] initWithUsername:username];
             
             // All systems go 
-            response = [MBIMJSONDataResponse responseWithJSONObject:@{
+            MBIMJSONDataResponse *dataResponse = [MBIMJSONDataResponse responseWithJSONObject:@{
                 @"jwt" : token.jwtToken
             }];
+
+            // Send a cookie down so we can use httpOnly cookies
+            dataResponse.httpHeaders[@"Set-Cookie"] = [NSString stringWithFormat:@"auth_token=%@", token.jwtToken];
+            
+            response = dataResponse;
         } while (NO);
     }
     
diff --git a/kordophone/Bridge/Operations/Utilities/MBIMDataResponse.h b/kordophone/Bridge/Operations/Utilities/MBIMDataResponse.h
index 2dce971..b47d77d 100644
--- a/kordophone/Bridge/Operations/Utilities/MBIMDataResponse.h
+++ b/kordophone/Bridge/Operations/Utilities/MBIMDataResponse.h
@@ -12,6 +12,7 @@
 NS_ASSUME_NONNULL_BEGIN
 
 @interface MBIMDataResponse : HTTPDataResponse
+@property (nonatomic, readonly) NSMutableDictionary *httpHeaders;
 - (instancetype)initWithData:(NSData *)data contentType:(NSString *)contentType;
 @end
 
diff --git a/kordophone/Bridge/Operations/Utilities/MBIMDataResponse.m b/kordophone/Bridge/Operations/Utilities/MBIMDataResponse.m
index 8758de0..cbf7d4f 100644
--- a/kordophone/Bridge/Operations/Utilities/MBIMDataResponse.m
+++ b/kordophone/Bridge/Operations/Utilities/MBIMDataResponse.m
@@ -10,6 +10,7 @@
 
 @implementation MBIMDataResponse {
     NSString *_contentType;
+    NSMutableDictionary *_httpHeaders;
 }
 
 - (instancetype)initWithData:(NSData *)data contentType:(NSString *)contentType
@@ -17,6 +18,9 @@
     self = [super initWithData:data];
     if (self) {
         _contentType = contentType;
+        _httpHeaders = [@{
+            @"Content-Type" : _contentType ?: @"application/octet-stream"
+        } mutableCopy];
     }
     
     return self;
@@ -24,9 +28,7 @@
 
 - (NSDictionary *)httpHeaders
 {
-    return @{
-        @"Content-Type" : _contentType ?: @"application/octet-stream"
-    };
+    return _httpHeaders;
 }
 
 @end