#1 2015-09-25 11:50:27

squirrel
Member
Registered: 2015-08-13
Posts: 155

500 Internal Server Error When using custom authentication

Hi AB

When using custom authentication, I get 500 Internal Server Error when the authentication succeeds, however when it fails, it works as expected.  It looks like it happens at SessionCreate and can be because of groups, but I'm not sure what I do wrong (just tested on latest nightly build):

  TMyAuthentication = class(TSQLRestServerAuthenticationDefault)
  private
    function CheckPassword(Ctxt: TSQLRestServerURIContext; User: TSQLAuthUser; const aClientNonce, aPassWord: RawUTF8): boolean; override;
    function GetUser(Ctxt: TSQLRestServerURIContext; const aUserName: RawUTF8): TSQLAuthUser; override;
  protected
  end;

  aRestServer := TSQLRestServerFullMemory.Create(aModel, false); // authentication=false
  aRestServer.AuthenticationRegister([TMyAuthentication]);

function TMyAuthentication.CheckPassword(
  Ctxt: TSQLRestServerURIContext; User: TSQLAuthUser; const aClientNonce,
  aPassWord: RawUTF8): boolean;
begin
  result := true; //aPassword = 'abc';
end;

function TMyAuthentication.GetUser(Ctxt: TSQLRestServerURIContext; const aUserName: RawUTF8): TSQLAuthUser;
begin
  Result := TSQLAuthUser.Create;
  Result.IDValue := 10;
  Result.LogonName := 'johnny';
  Result.DisplayName := Result.LogonName;
  Result.PasswordPlain := 'abc';
  Result.GroupRights := TSQLAuthGroup.Create;
  Result.GroupRights.SessionTimeout := 20;
  Result.GroupRights.AccessRights := 'Admin';
end;

Do you have anything to point me in the right direction?

Offline

#2 2015-09-25 11:59:59

ab
Administrator
From: France
Registered: 2010-06-21
Posts: 14,663
Website

Re: 500 Internal Server Error When using custom authentication

The documentation was incorrect.

At this stage, the GroupRights property must not yet contain a real TSQLAuthGroup instance, just a TSQLAuthGroup(aGroupIP) value (as directly retrieved from the ORM).
The User.GroupRights instance will be instantiated by TAuthSession.Create.

So you may write:

function TMyAuthentication.GetUser(Ctxt: TSQLRestServerURIContext; const aUserName: RawUTF8): TSQLAuthUser;
begin
  Result := TSQLAuthUser.Create;
  Result.IDValue := 10;
  Result.LogonName := 'johnny';
  Result.DisplayName := Result.LogonName;
  Result.PasswordPlain := 'abc';
  Result.GroupRights := TSQLAuthGroup(2); // for 'Admin'
end;

I've fixed the documentation.
See http://synopse.info/fossil/info/3f1ffca63a

Sorry for the mistake.

Offline

#3 2015-09-25 12:15:57

squirrel
Member
Registered: 2015-08-13
Posts: 155

Re: 500 Internal Server Error When using custom authentication

Perfect, thanks.  I now no longer get the 500 error, but noticed something strange.  Given the example above, after logging in using any string as a password, the sesion authenticates and I get the message that I successfully logged in.  but using any functions returns 403 Forbidden.

However, using abc as a password, I still get the message that I successfully authenticated, but my functions are able to be called.  So it looks like, at some stage when checking if a function can be executed, my checkpassword function is ignored and a direct compare is done between the PasswordPlain value set and that sent to log in.  So does that mean that I need to also override another function to compute the hash, or should I expect the example above to work as-is?

Does the implimentation you provided above also mean that I can no longer set the session timeout value?  Trying to set Result.GroupRights.SessionTimeout results in an access violation.

Last edited by squirrel (2015-09-25 12:56:01)

Offline

#4 2015-09-25 22:27:55

ab
Administrator
From: France
Registered: 2010-06-21
Posts: 14,663
Website

Re: 500 Internal Server Error When using custom authentication

Try to use the debugging features of the ide to find out what happens on the server side.

Offline

#5 2015-09-28 07:05:59

Thomas-Acia
Member
From: Metz (France)
Registered: 2015-04-16
Posts: 79

Re: 500 Internal Server Error When using custom authentication

@squirrel

Personnaly, when I had a 403 Error (Forbidden), I had a Model mistake. Check if you're calling your model on the server side with the right name.


Delphi 2010 - Delphi XE5 (x64 Apps) - CodeTyphon - Typhon IDE v 5.7 - FPC 3.1.1 - mORMot 1.18
Windows 7 - VirtualBox : Linux Debian 8.5 Jessie 32 bits

Offline

#6 2015-09-28 09:02:18

squirrel
Member
Registered: 2015-08-13
Posts: 155

Re: 500 Internal Server Error When using custom authentication

The 403 issue is confusing me.  Not sure where to place breakpoints anymore.  From somewhere, mormot gets an Admin user.  When using Admin as username with whatever I set the Result.PasswordPlain in GetUser, it works and allows my function calls.  Using any other username, such as that set in Result.LogonName in GetUser, it seems to authenticate ok, but then doesn't allow my function calls.  Are there any hardcoded usernames somewhere?

The access violation happens when setting SessionTimeout in the GetUser function.  It looks like Result.GroupRights is not accessible when trying to set the value.  Nothing really that I can debug at that stage.

function TMyAuthentication.GetUser(Ctxt: TSQLRestServerURIContext; const aUserName: RawUTF8): TSQLAuthUser;
begin
  Result := TSQLAuthUser.Create;
  Result.IDValue := 10;
  Result.LogonName := 'johnny';
  Result.DisplayName := Result.LogonName;
  Result.PasswordPlain := 'abc';
  Result.GroupRights := TSQLAuthGroup(2); // for 'Admin'
  Result.GroupRights.SessionTimeout := 1;
end;

Last edited by squirrel (2015-09-28 09:03:07)

Offline

#7 2015-09-28 09:11:28

ab
Administrator
From: France
Registered: 2010-06-21
Posts: 14,663
Website

Re: 500 Internal Server Error When using custom authentication

Writing Result.GroupRights.SessionTimeout := 1 is plain wrong here.

Your Result.GroupRights does not contain an instance, but a pointer to $2.
This is why an Access Violation is raised.

SessionTimeout has to be set in the DB, for the TSQLAuthGroup item with ID=2.

Offline

#8 2015-09-28 09:12:07

squirrel
Member
Registered: 2015-08-13
Posts: 155

Re: 500 Internal Server Error When using custom authentication

Thanks, what would be the correct way of setting the session timeout?
I am not using orm, just my own services, so will have to set it manually.

Last edited by squirrel (2015-09-28 09:13:11)

Offline

#9 2015-10-01 08:27:16

squirrel
Member
Registered: 2015-08-13
Posts: 155

Re: 500 Internal Server Error When using custom authentication

I guess it can't be done.

Offline

#10 2015-10-01 09:06:38

ab
Administrator
From: France
Registered: 2010-06-21
Posts: 14,663
Website

Re: 500 Internal Server Error When using custom authentication

The session timeout could be set at Group level.

Even if you do not use the ORM, the TSQLAuthGroup internal class would be used to manager users properties.

Offline

Board footer

Powered by FluxBB