You are not logged in.
- Topics: Active | Unanswered
#1 2022-02-10 13:17:23
- tbo
- Member
- Registered: 2015-04-20
- Posts: 353
SetUser() login broken between commit 23ba8a6 and 8175d83
Delphi 10.4.2, mORMot2 commit 8175d83690e49f16ff778aa462f7baa894b895cc (14.01.2022) and newer
On the client side, the mORMot version doesn't matter (even the latest ones work). On the server side, since commit 8175d83690e49f16ff778aa462f7baa894b895cc and newer (commit b86670be44d8d9ca73f7725bfd06409ac3f60684), I can no longer log in with the SetUser() function. My source code is very simple:
function TdmDB.PrepareServerRest(const pmcServerURI: RawUtf8; pmServerPort: Integer;
const pmcAdminUsername, pmcAdminPassword: RawUtf8): TServerConnectStatus;
begin
Result := scsOk;
FServerURI := pmcServerURI;
FServerRestHttp := TVGServerRestHttp.Create(pmcServerURI, pmServerPort);
if not FServerRestHttp.ServerTimeStampSynchronize then
Exit(scsErrSynchronizeTimeStamp); //=>
// IMPORTANT: First log in and then call ServiceDefine()!
if not FServerRestHttp.SetUser(pmcAdminUsername, pmcAdminPassword, {HashedPassword} False) then
Exit(scsErrLoginAdminUser); //=>
if not InitializeServices then
Exit(scsErrInitializeServices); //=>
end;The SetUser() function returns False. In the ClientGetSessionKey() function, the CallBackGet() function returns 403 (HTTP_FORBIDDEN) as error code.
class function TRestClientAuthentication.ClientGetSessionKey()
--> Sender.CallBackGet()
----> HTTP_FORBIDDENWhen I compile the server with commit 23ba8a601953f2a128ba462f7b9edca57d410e1d everything works as usual.
With best regards
Thomas
Offline
#2 2022-02-10 14:13:06
Re: SetUser() login broken between commit 23ba8a6 and 8175d83
I am not sure of the root cause.
Please try with https://github.com/synopse/mORMot2/commit/e0759099
Offline
#3 2022-02-10 16:42:41
- tbo
- Member
- Registered: 2015-04-20
- Posts: 353
Re: SetUser() login broken between commit 23ba8a6 and 8175d83
I am not sure of the root cause.
The last commit e0759099d3d4755fa39497cb79773f7a5e8e77b2 does not solve the problem.
I insert the following lines in unit mormot.rest.http.server in the function TRestHttpServer.Request():
writeln('Ctxt.InHeaders: ' + Ctxt.InHeaders);
writeln('fHosts.Count: ' + fHosts.Count.ToString);For the current commit e0759099d3d4755fa39497cb79773f7a5e8e77b2, I get the following result:
Ctxt.InHeaders: Cache-Control: no-cache
Pragma: no-cache
Accept: */*
fHosts.Count: 0And for commit 23ba8a601953f2a128ba462f7b9edca57d410e1d, the last working version, the following result:
Ctxt.InHeaders: Cache-Control: no-cache
Pragma: no-cache
Accept: */*
Host: test.meine-domain.de
fHosts.Count: 0With best regards
Thomas
Offline
#4 2022-02-10 17:27:48
Re: SetUser() login broken between commit 23ba8a6 and 8175d83
I don't think the 'Host' header is used anywhere.
It is only used from Ctxt.Host if Hosts.Count > 0 - which is not happening in your case, I assume.
But I have put it back into the headers.
https://github.com/synopse/mORMot2/commit/e79e0426
Offline
#5 2022-02-10 18:07:12
- tbo
- Member
- Registered: 2015-04-20
- Posts: 353
Re: SetUser() login broken between commit 23ba8a6 and 8175d83
I don't think the 'Host' header is used anywhere.
It works. Thanks for the change. I need "HOST" for a multi-tenant architecture. For OnSessionCreate:
function TVGSRestAdminServer.DoSessionCreate(pmSender: TRestServer; pmSession: TAuthSession; pmCtxt: TRestServerUriContext): Boolean;
var
subdomain: RawUtf8;
begin
Result := False;
// Wrong domain name
if not EndWith(Split(pmCtxt.InHeader['HOST'], '.', subdomain, {ToUpperCase=} True), FRootDomainName) then Exit(True); //=>
if not RestServerPool.FindRestServerIDsBySubDomain(subdomain, ...) then ...
end;And the same in a TMVCApplication web app:
if not EndWith(Split(ServiceRunningContext.Request.InHeader['HOST'], '.', subdomain, True), FRootDomainName) then ...Sorry if I was not precise enough in my description.
With best regards
Thomas
Offline