#1 2016-06-20 12:11:37

markus_ja
Member
Registered: 2015-11-20
Posts: 10

Authentication usage

Hello,

I feel lost with the authentication process. I tried all samples but couldn't figure out how to use authentication, with TSQlRestServerFullMemory.

My Server Code on start up (it's just a sample):

procedure TForm1.FormCreate(Sender: TObject);
begin
  _tableModel := TSQLModel.Create([],'root');
  _restServer := TMyRestServer.Create(_tableModel, true); //TSQlRestServerFullMemory

  _server := TSQLHttpServer.Create('888', [_restServer], '+', HTTP_DEFAULT_MODE);
  _server.AccessControlAllowOrigin := '*';
end;
TMyRestServer = class(TSQlRestServerFullMemory)
  published
    procedure Test(Ctxt: TSQLRestServerURIContext);
  end;

procedure TMyRestServer.Test(Ctxt: TSQLRestServerURIContext);
begin
  case Ctxt.Method of
    mGET:
      Ctxt.Returns('test');
  end;
end;

Where do I specify, which users (with password) have permissions to log in and when the session expires? Actually, I want to load all the registered users from my database.


Furthermore, for the client I use SmartMobileStudio. I invoke my rest server directly with the REST class in SMS using the URI with all required parameters. What params do I need to send to the server as well, in order my rest call is accepted?

e.g.

REST['http://localhost:888/root/', 'test']
  .OnDone(myOnDoneHandler)
  .Param('filter', myFilter)
  .Get;

Offline

#2 2016-06-21 01:15:59

igors233
Member
Registered: 2012-09-10
Posts: 241

Re: Authentication usage

If you're using SMS then let the mORMot generate appropriate client files, it will take care of authentication and calling services, methods etc.
Take a look at SMS sample that comes with mORMot.
For users, if you already have table with them you would have to manually add them to the list, by default mORMot comes with several default users and groups (take a look at docs for TSQLAuthGroup and TSQLAuthUser), you can supress their creation like this:

  FServerORM := TSQLRestServerFullMemory.Create(FModel, True);
  FServerORM.CreateMissingTables(0, [itoNoAutoCreateUsers]);
  FServerORM.AuthenticationRegister(TSQLRestServerAuthenticationDefault).Options := []; // Exclude saoUserByLogonOrID to prevent login of user with ID

And then you would have to create all users, something like this:

var
  Grp: TSQLAuthGroup;
  User: TSQLAuthUser;
begin
  Grp := TSqlAuthGroup.Create;
  FServerORM.Retrieve('Ident=User', Grp);

  User := TSQLAuthUser.Create;
  User.LogonName := UpperCase('Test'); // this is UserName in classic UserName/Pass configuration
  User.DisplayName := 'Test user';
  User.PasswordPlain := 'password123'; // Specify real password
  //User.PasswordHashHexa := APassHashed; // better way, instead of pass string, specify hashed password (which you read from database)

  User.Data := 'Some additional data if you need';
  User.GroupRights := Grp;
  FServerOrm.AddOrUpdate(User, True);
  User.Free;    
end;

Last edited by igors233 (2016-06-21 01:16:22)

Offline

#3 2016-06-21 06:50:07

markus_ja
Member
Registered: 2015-11-20
Posts: 10

Re: Authentication usage

Thanks a lot.

Offline

Board footer

Powered by FluxBB