mORMot and Open Source friends
Check-in [9363cb2e4d]
Check-in [9363cb2e4d]
Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
| Comment: | {1709} fixed TSQLRestServerAuthenticationHttpBasic.RetrieveSession when a custom TSQLAuthUser class type is used |
|---|---|
| Timelines: | family | ancestors | descendants | both | trunk |
| Files: | files | file ages | folders |
| SHA1: |
9363cb2e4d0f76abdb450da5409476f2 |
| User & Date: | ab 2015-07-28 15:27:10 |
|
2015-07-28
| ||
| 15:39 | {1710} fixed compilation issue of DDD administration tool units on newer versions of the VCL check-in: ca53f0d53c user: ab tags: trunk | |
| 15:27 | {1709} fixed TSQLRestServerAuthenticationHttpBasic.RetrieveSession when a custom TSQLAuthUser class type is used check-in: 9363cb2e4d user: ab tags: trunk | |
| 15:13 | {1708} introducing DDD services remote administration tool check-in: d552092c92 user: ab tags: trunk | |
Changes to SQLite3/mORMot.pas.
13279 13280 13281 13282 13283 13284 13285 13286 13287 13288 13289 13290 13291 13292 13293 13294 13295 13296 13297 13298 13299 13300 13301 13302 13303 13304 ..... 13832 13833 13834 13835 13836 13837 13838 13839 13840 13841 13842 13843 13844 13845 13846 ..... 45353 45354 45355 45356 45357 45358 45359 45360 45361 45362 45363 45364 45365 45366 45367 |
TSQLAuthUser = class(TSQLRecord)
protected
fLogonName: RawUTF8;
fPasswordHashHexa: RawUTF8;
fDisplayName: RawUTF8;
fGroup: TSQLAuthGroup;
fData: TSQLRawBlob;
procedure SetPasswordPlain(const Value: RawUTF8);
/// check if the user can authenticate in its current state
// - called by TSQLRestServerAuthentication.GetUser() method
// - this default implementation will return TRUE, i.e. allow the user
// to log on
// - override this method to disable user authentication, e.g. if the
// user is disabled via a custom ORM boolean and date/time field
function CanUserLog(Ctxt: TSQLRestServerURIContext): boolean; virtual;
public
/// static function allowing to compute a hashed password
// - as expected by this class
class function ComputeHashedPassword(const aPasswordPlain: RawUTF8): RawUTF8;
/// able to set the PasswordHashHexa field from a plain password content
// - in fact, PasswordHashHexa := SHA256('salt'+PasswordPlain) in UTF-8
property PasswordPlain: RawUTF8 write SetPasswordPlain;
published
/// the User identification Name, as entered at log-in
// - the same identifier can be used only once (this column is marked as
// unique via a "stored AS_UNIQUE" - i.e. "stored false" - attribute), and
................................................................................
public
/// initialize the authentication scheme
// - you can optionally set the groups allowing to use SynDBRemote - if none
// is specify, username/password is enough
constructor Create(aServer: TSQLRestServer; const aAllowedGroups: array of integer); reintroduce;
/// add some new groups to validate an user authentication
procedure RegisterAllowedGroups(const aAllowedGroups: array of integer);
/// to be used to compute a Hash on the client, for a given Token
// - the password will be hashed as expected by the GetPassword() method
class function ComputeHash(Token: Int64; const UserName,PassWord: RawUTF8): cardinal; override;
end;
/// common ancestor for tracking TSQLRecord modifications
// - e.g. TSQLRecordHistory and TSQLRecordVersion will inherit from this class
// to track TSQLRecord changes
................................................................................
if result=nil then
exit; // not a valid 'Cookie: mORMot_session_signature=...' header
if GetUserPassFromInHead(Ctxt,userPass,user,pass) then begin
if (result.fExpectedHttpAuthentication<>'') and // fast validation
(result.fExpectedHttpAuthentication=userPass) then
exit; // already previously authenticated
if user=Result.User.LogonName then
with TSQLAuthUser.Create do
try
PasswordPlain := pass; // compute SHA-256 hash of the supplied password
if PasswordHashHexa=result.User.PasswordHashHexa then begin
// match -> store header in result (locked by fSessions.fSafe.Lock)
result.fExpectedHttpAuthentication := userPass;
exit;
end;
|
| > | | | |
13279 13280 13281 13282 13283 13284 13285 13286 13287 13288 13289 13290 13291 13292 13293 13294 13295 13296 13297 13298 13299 13300 13301 13302 13303 13304 13305 ..... 13833 13834 13835 13836 13837 13838 13839 13840 13841 13842 13843 13844 13845 13846 13847 ..... 45354 45355 45356 45357 45358 45359 45360 45361 45362 45363 45364 45365 45366 45367 45368 |
TSQLAuthUser = class(TSQLRecord)
protected
fLogonName: RawUTF8;
fPasswordHashHexa: RawUTF8;
fDisplayName: RawUTF8;
fGroup: TSQLAuthGroup;
fData: TSQLRawBlob;
procedure SetPasswordPlain(const Value: RawUTF8);
/// check if the user can authenticate in its current state
// - called by TSQLRestServerAuthentication.GetUser() method
// - this default implementation will return TRUE, i.e. allow the user
// to log on
// - override this method to disable user authentication, e.g. if the
// user is disabled via a custom ORM boolean and date/time field
function CanUserLog(Ctxt: TSQLRestServerURIContext): boolean; virtual;
public
/// static function allowing to compute a hashed password
// - as expected by this class
// - defined as virtual so that you may use your own hashing class
class function ComputeHashedPassword(const aPasswordPlain: RawUTF8): RawUTF8; virtual;
/// able to set the PasswordHashHexa field from a plain password content
// - in fact, PasswordHashHexa := SHA256('salt'+PasswordPlain) in UTF-8
property PasswordPlain: RawUTF8 write SetPasswordPlain;
published
/// the User identification Name, as entered at log-in
// - the same identifier can be used only once (this column is marked as
// unique via a "stored AS_UNIQUE" - i.e. "stored false" - attribute), and
................................................................................
public
/// initialize the authentication scheme
// - you can optionally set the groups allowing to use SynDBRemote - if none
// is specify, username/password is enough
constructor Create(aServer: TSQLRestServer; const aAllowedGroups: array of integer); reintroduce;
/// add some new groups to validate an user authentication
procedure RegisterAllowedGroups(const aAllowedGroups: array of integer);
/// to be used to compute a Hash on the client side, for a given Token
// - the password will be hashed as expected by the GetPassword() method
class function ComputeHash(Token: Int64; const UserName,PassWord: RawUTF8): cardinal; override;
end;
/// common ancestor for tracking TSQLRecord modifications
// - e.g. TSQLRecordHistory and TSQLRecordVersion will inherit from this class
// to track TSQLRecord changes
................................................................................
if result=nil then
exit; // not a valid 'Cookie: mORMot_session_signature=...' header
if GetUserPassFromInHead(Ctxt,userPass,user,pass) then begin
if (result.fExpectedHttpAuthentication<>'') and // fast validation
(result.fExpectedHttpAuthentication=userPass) then
exit; // already previously authenticated
if user=Result.User.LogonName then
with Ctxt.Server.SQLAuthUserClass.Create do
try
PasswordPlain := pass; // compute SHA-256 hash of the supplied password
if PasswordHashHexa=result.User.PasswordHashHexa then begin
// match -> store header in result (locked by fSessions.fSafe.Lock)
result.fExpectedHttpAuthentication := userPass;
exit;
end;
|
Changes to SynopseCommit.inc.
1 |
'1.18.1708'
|
| |
1 |
'1.18.1709'
|