You are not logged in.
Hi AB
When using custom authentication, I get 500 Internal Server Error when the authentication succeeds, however when it fails, it works as expected. It looks like it happens at SessionCreate and can be because of groups, but I'm not sure what I do wrong (just tested on latest nightly build):
TMyAuthentication = class(TSQLRestServerAuthenticationDefault)
private
function CheckPassword(Ctxt: TSQLRestServerURIContext; User: TSQLAuthUser; const aClientNonce, aPassWord: RawUTF8): boolean; override;
function GetUser(Ctxt: TSQLRestServerURIContext; const aUserName: RawUTF8): TSQLAuthUser; override;
protected
end;
aRestServer := TSQLRestServerFullMemory.Create(aModel, false); // authentication=false
aRestServer.AuthenticationRegister([TMyAuthentication]);
function TMyAuthentication.CheckPassword(
Ctxt: TSQLRestServerURIContext; User: TSQLAuthUser; const aClientNonce,
aPassWord: RawUTF8): boolean;
begin
result := true; //aPassword = 'abc';
end;
function TMyAuthentication.GetUser(Ctxt: TSQLRestServerURIContext; const aUserName: RawUTF8): TSQLAuthUser;
begin
Result := TSQLAuthUser.Create;
Result.IDValue := 10;
Result.LogonName := 'johnny';
Result.DisplayName := Result.LogonName;
Result.PasswordPlain := 'abc';
Result.GroupRights := TSQLAuthGroup.Create;
Result.GroupRights.SessionTimeout := 20;
Result.GroupRights.AccessRights := 'Admin';
end;
Do you have anything to point me in the right direction?
Offline
The documentation was incorrect.
At this stage, the GroupRights property must not yet contain a real TSQLAuthGroup instance, just a TSQLAuthGroup(aGroupIP) value (as directly retrieved from the ORM).
The User.GroupRights instance will be instantiated by TAuthSession.Create.
So you may write:
function TMyAuthentication.GetUser(Ctxt: TSQLRestServerURIContext; const aUserName: RawUTF8): TSQLAuthUser;
begin
Result := TSQLAuthUser.Create;
Result.IDValue := 10;
Result.LogonName := 'johnny';
Result.DisplayName := Result.LogonName;
Result.PasswordPlain := 'abc';
Result.GroupRights := TSQLAuthGroup(2); // for 'Admin'
end;
I've fixed the documentation.
See http://synopse.info/fossil/info/3f1ffca63a
Sorry for the mistake.
Offline
Perfect, thanks. I now no longer get the 500 error, but noticed something strange. Given the example above, after logging in using any string as a password, the sesion authenticates and I get the message that I successfully logged in. but using any functions returns 403 Forbidden.
However, using abc as a password, I still get the message that I successfully authenticated, but my functions are able to be called. So it looks like, at some stage when checking if a function can be executed, my checkpassword function is ignored and a direct compare is done between the PasswordPlain value set and that sent to log in. So does that mean that I need to also override another function to compute the hash, or should I expect the example above to work as-is?
Does the implimentation you provided above also mean that I can no longer set the session timeout value? Trying to set Result.GroupRights.SessionTimeout results in an access violation.
Last edited by squirrel (2015-09-25 12:56:01)
Offline
@squirrel
Personnaly, when I had a 403 Error (Forbidden), I had a Model mistake. Check if you're calling your model on the server side with the right name.
Delphi 2010 - Delphi XE5 (x64 Apps) - CodeTyphon - Typhon IDE v 5.7 - FPC 3.1.1 - mORMot 1.18
Windows 7 - VirtualBox : Linux Debian 8.5 Jessie 32 bits
Offline
The 403 issue is confusing me. Not sure where to place breakpoints anymore. From somewhere, mormot gets an Admin user. When using Admin as username with whatever I set the Result.PasswordPlain in GetUser, it works and allows my function calls. Using any other username, such as that set in Result.LogonName in GetUser, it seems to authenticate ok, but then doesn't allow my function calls. Are there any hardcoded usernames somewhere?
The access violation happens when setting SessionTimeout in the GetUser function. It looks like Result.GroupRights is not accessible when trying to set the value. Nothing really that I can debug at that stage.
function TMyAuthentication.GetUser(Ctxt: TSQLRestServerURIContext; const aUserName: RawUTF8): TSQLAuthUser;
begin
Result := TSQLAuthUser.Create;
Result.IDValue := 10;
Result.LogonName := 'johnny';
Result.DisplayName := Result.LogonName;
Result.PasswordPlain := 'abc';
Result.GroupRights := TSQLAuthGroup(2); // for 'Admin'
Result.GroupRights.SessionTimeout := 1;
end;
Last edited by squirrel (2015-09-28 09:03:07)
Offline
Writing Result.GroupRights.SessionTimeout := 1 is plain wrong here.
Your Result.GroupRights does not contain an instance, but a pointer to $2.
This is why an Access Violation is raised.
SessionTimeout has to be set in the DB, for the TSQLAuthGroup item with ID=2.
Offline
Thanks, what would be the correct way of setting the session timeout?
I am not using orm, just my own services, so will have to set it manually.
Last edited by squirrel (2015-09-28 09:13:11)
Offline
I guess it can't be done.
Offline
Offline