#1 2018-08-30 11:40:16

pandaben7890
Member
Registered: 2017-12-11
Posts: 12

Can't login if LogonName is NUMBER that equal to ID of table dbo.USERS

In my dbo.USERS there is 47 users with ID from 1-47 (ID is primary key with auto-inc)
I have one user with LogonName is 019 and try to login but it failed.
So I try change it to 025 047 47 it also failed
But when I change it to 048 48 it works!!!!!!

So I think, if LogonName can parse into number like 047=47 or 0000047=47
and if that number is same as ID it will failed when login.

below is just simple startService function that I use

aProps := TOleDBMSSQL2012ConnectionProperties.Create(servername, databasename, 'sa', password);
VirtualTableExternalRegister(Model, TSQLGroups, aProps, 'dbo.GROUPS');
VirtualTableExternalRegister(Model, TSQLUsers,  aProps, 'dbo.USERS');
//
ServerDB := TSQLRestServerWS.Create(Model, ':memory:', True);
ServerDB.CreateMissingTables(0);
//
ServerDB.ServiceRegister(TServiceDocument, [TypeInfo(IDocument)], sicShared);
ServerDB.ServiceRegister(TServiceDatabase, [TypeInfo(IDatabase)], sicShared);
ServerDB.ServiceRegister(TServiceKacc, [TypeInfo(IKacc)], sicShared);
ServerDB.ServiceRegister(TServiceCuisine, [TypeInfo(ICuisine)], sicShared);
//
ServerDB.ServiceMethodByPassAuthentication('Download');
//
HttpServer := TSQLHttpServer.Create(port, [ServerDB]);
HttpServer.AccessControlAllowOrigin := '*';

I'm using Mormot_610624

Offline

#2 2018-08-30 12:11:15

ab
Administrator
From: France
Registered: 2010-06-21
Posts: 14,659
Website

Re: Can't login if LogonName is NUMBER that equal to ID of table dbo.USERS

Did you enable saoUserByLogonOrID?

Could you try it debugging what seems weird in TSQLRestServerAuthentication.GetUser?

Offline

#3 2018-08-31 04:35:19

pandaben7890
Member
Registered: 2017-12-11
Posts: 12

Re: Can't login if LogonName is NUMBER that equal to ID of table dbo.USERS

ab wrote:

Did you enable saoUserByLogonOrID?

Could you try it debugging what seems weird in TSQLRestServerAuthentication.GetUser?

I never seen this saoUserByLogonOrID before so i look into code and I see that this options is set by default, so i never know.
file: mORMot

constructor TSQLRestServerAuthentication.Create(aServer: TSQLRestServer);
begin
  fServer := aServer;
  fOptions := [saoUserByLogonOrID];
end;

So then I try disable it instead by using this code, now it works!!

serverAuth := (ServerDB.AuthenticationRegister(TSQLRestServerAuthenticationDefault) as TSQLRestServerAuthenticationSignedURI);
serverAuth.Options := [];

Thank you :3

Offline

Board footer

Powered by FluxBB