You are not logged in.
- Topics: Active | Unanswered
#1 2015-09-25 11:50:27
- squirrel
- Member
- Registered: 2015-08-13
- Posts: 146
500 Internal Server Error When using custom authentication
Hi AB
When using custom authentication, I get 500 Internal Server Error when the authentication succeeds, however when it fails, it works as expected. It looks like it happens at SessionCreate and can be because of groups, but I'm not sure what I do wrong (just tested on latest nightly build):
TMyAuthentication = class(TSQLRestServerAuthenticationDefault)
private
function CheckPassword(Ctxt: TSQLRestServerURIContext; User: TSQLAuthUser; const aClientNonce, aPassWord: RawUTF8): boolean; override;
function GetUser(Ctxt: TSQLRestServerURIContext; const aUserName: RawUTF8): TSQLAuthUser; override;
protected
end;
aRestServer := TSQLRestServerFullMemory.Create(aModel, false); // authentication=false
aRestServer.AuthenticationRegister([TMyAuthentication]);
function TMyAuthentication.CheckPassword(
Ctxt: TSQLRestServerURIContext; User: TSQLAuthUser; const aClientNonce,
aPassWord: RawUTF8): boolean;
begin
result := true; //aPassword = 'abc';
end;
function TMyAuthentication.GetUser(Ctxt: TSQLRestServerURIContext; const aUserName: RawUTF8): TSQLAuthUser;
begin
Result := TSQLAuthUser.Create;
Result.IDValue := 10;
Result.LogonName := 'johnny';
Result.DisplayName := Result.LogonName;
Result.PasswordPlain := 'abc';
Result.GroupRights := TSQLAuthGroup.Create;
Result.GroupRights.SessionTimeout := 20;
Result.GroupRights.AccessRights := 'Admin';
end;Do you have anything to point me in the right direction?
Offline
#2 2015-09-25 11:59:59
Re: 500 Internal Server Error When using custom authentication
The documentation was incorrect.
At this stage, the GroupRights property must not yet contain a real TSQLAuthGroup instance, just a TSQLAuthGroup(aGroupIP) value (as directly retrieved from the ORM).
The User.GroupRights instance will be instantiated by TAuthSession.Create.
So you may write:
function TMyAuthentication.GetUser(Ctxt: TSQLRestServerURIContext; const aUserName: RawUTF8): TSQLAuthUser;
begin
Result := TSQLAuthUser.Create;
Result.IDValue := 10;
Result.LogonName := 'johnny';
Result.DisplayName := Result.LogonName;
Result.PasswordPlain := 'abc';
Result.GroupRights := TSQLAuthGroup(2); // for 'Admin'
end;I've fixed the documentation.
See http://synopse.info/fossil/info/3f1ffca63a
Sorry for the mistake.
Offline
#3 2015-09-25 12:15:57
- squirrel
- Member
- Registered: 2015-08-13
- Posts: 146
Re: 500 Internal Server Error When using custom authentication
Perfect, thanks. I now no longer get the 500 error, but noticed something strange. Given the example above, after logging in using any string as a password, the sesion authenticates and I get the message that I successfully logged in. but using any functions returns 403 Forbidden.
However, using abc as a password, I still get the message that I successfully authenticated, but my functions are able to be called. So it looks like, at some stage when checking if a function can be executed, my checkpassword function is ignored and a direct compare is done between the PasswordPlain value set and that sent to log in. So does that mean that I need to also override another function to compute the hash, or should I expect the example above to work as-is?
Does the implimentation you provided above also mean that I can no longer set the session timeout value? Trying to set Result.GroupRights.SessionTimeout results in an access violation.
Last edited by squirrel (2015-09-25 12:56:01)
Offline
#5 2015-09-28 07:05:59
- Thomas-Acia
- Member
- From: Metz (France)
- Registered: 2015-04-16
- Posts: 79
Re: 500 Internal Server Error When using custom authentication
@squirrel
Personnaly, when I had a 403 Error (Forbidden), I had a Model mistake. Check if you're calling your model on the server side with the right name.
Delphi 2010 - Delphi XE5 (x64 Apps) - CodeTyphon - Typhon IDE v 5.7 - FPC 3.1.1 - mORMot 1.18
Windows 7 - VirtualBox : Linux Debian 8.5 Jessie 32 bits
Offline
#6 2015-09-28 09:02:18
- squirrel
- Member
- Registered: 2015-08-13
- Posts: 146
Re: 500 Internal Server Error When using custom authentication
The 403 issue is confusing me. Not sure where to place breakpoints anymore. From somewhere, mormot gets an Admin user. When using Admin as username with whatever I set the Result.PasswordPlain in GetUser, it works and allows my function calls. Using any other username, such as that set in Result.LogonName in GetUser, it seems to authenticate ok, but then doesn't allow my function calls. Are there any hardcoded usernames somewhere?
The access violation happens when setting SessionTimeout in the GetUser function. It looks like Result.GroupRights is not accessible when trying to set the value. Nothing really that I can debug at that stage.
function TMyAuthentication.GetUser(Ctxt: TSQLRestServerURIContext; const aUserName: RawUTF8): TSQLAuthUser;
begin
Result := TSQLAuthUser.Create;
Result.IDValue := 10;
Result.LogonName := 'johnny';
Result.DisplayName := Result.LogonName;
Result.PasswordPlain := 'abc';
Result.GroupRights := TSQLAuthGroup(2); // for 'Admin'
Result.GroupRights.SessionTimeout := 1;
end;Last edited by squirrel (2015-09-28 09:03:07)
Offline
#7 2015-09-28 09:11:28
Re: 500 Internal Server Error When using custom authentication
Writing Result.GroupRights.SessionTimeout := 1 is plain wrong here.
Your Result.GroupRights does not contain an instance, but a pointer to $2.
This is why an Access Violation is raised.
SessionTimeout has to be set in the DB, for the TSQLAuthGroup item with ID=2.
Offline
#8 2015-09-28 09:12:07
- squirrel
- Member
- Registered: 2015-08-13
- Posts: 146
Re: 500 Internal Server Error When using custom authentication
Thanks, what would be the correct way of setting the session timeout?
I am not using orm, just my own services, so will have to set it manually.
Last edited by squirrel (2015-09-28 09:13:11)
Offline
#9 2015-10-01 08:27:16
- squirrel
- Member
- Registered: 2015-08-13
- Posts: 146
Re: 500 Internal Server Error When using custom authentication
I guess it can't be done.
Offline
#10 2015-10-01 09:06:38
Offline