You are not logged in.
- Topics: Active | Unanswered
#1 2016-05-27 08:28:56
- CycleSoft
- Member
- Registered: 2013-01-18
- Posts: 34
JavaScritp authentication stopped working after a November commit
Hi Arnaud,
I'm working on a project where mORMot serves interface based requests to a JavaScript client, auth enabled.
Last autumn I noticed that updating to the latest mORMot sources, JS side of authenticatio stopped working.
I finally found the time to track down the exact commit that introduced the anomaly, and it is the
5489231f2a34fda71b22f6f8a00a8cd1d6d209d0 dated November, 2 2015
The only change introduced in this commit is from:
TSQLRestServerAuthenticationSSPI = class(TSQLRestServerAuthenticationURI)
to:
TSQLRestServerAuthenticationSSPI = class(TSQLRestServerAuthenticationSignedURI)
I'm not using integrated security, so I'm wondering how this change can stop the server authorizing my requests.
Note that the first 2 requests that authenticate the user ( auth?UserName= and auth?UserName= &Password= ) are succesfull.
Probably I can solve my problem easly and disable SSPI authentication undefining SSPIAUTH, but I'd like to learn more of this wonderful piece of code that is mORMot and master each aspect of it!
Offline
#2 2016-05-27 10:28:10
- Chaa
- Member
- Registered: 2011-03-26
- Posts: 249
Re: JavaScritp authentication stopped working after a November commit
TSQLRestServerAuthenticationURI (in contrast with TSQLRestServerAuthenticationSignedURI) does not check session signature.
And before commit http://synopse.info/fossil/info/a336f3a … 217561f31d there was a bug: session signature not checked. So you can pass invalid session_signature parameter with your JavaScript and all worked fine.
Try to remove {$define SSPIAUTH} from your old mORMot.pas source and check authentication.
P.S.
Commit that introduces bug: http://synopse.info/fossil/info/f1e7198 … 797ae83041
Last edited by Chaa (2016-05-27 10:38:06)
Offline
#3 2016-05-27 10:55:10
- CycleSoft
- Member
- Registered: 2013-01-18
- Posts: 34
Re: JavaScritp authentication stopped working after a November commit
Thank you very much Chaa, very usefull hints!
Offline
#4 2016-05-27 11:05:16
- Chaa
- Member
- Registered: 2011-03-26
- Posts: 249
Re: JavaScritp authentication stopped working after a November commit
Old topic about:
http://synopse.info/forum/viewtopic.php?id=2977
Offline