Authentication: Adding new user

wai-kit · 2013-05-27 11:24:56

Hi all,

I am looking into the authentication mechanism of mORMot. Just checking if I am on the right track.
For this purpose I have modified Sample 4.
I have put 2 Tedit and a Tbutton component to the form of the server. When the button is clicked a new user is added
to the database. Below is the code snippet in the onclick eventhandler of the button.

procedure TForm1.Button2Click(Sender: TObject);
var
  aNewUser:TSQLAuthUser;
begin
  aNewUser := TSQLAuthUser.Create;

  aNewUser.PasswordPlain := edit2.Text;
  aNewUser.LogonName := edit1.Text;
  aNewUser.GroupRights := TSQLAuthGroup.Create(DB, 'Ident=?', ['User']);

  if DB.Add(aNewUser, true)<>0 then
    showmessage('User '+ aNewUser.LogonName + ' added.');
end;

When checking project04server.db3 with SqliteMan, I see that a corresponding record has been created in table AuthUser.

Unfortunately, when starting the client (in Delphi XE) an EOSException is raised with message 'System Error. Code 12002' at

  TSQLHttpClient(Form1.Database).SetUser('wai','test');

When I try to delete the new record in table AuthUser with SqliteMan I get a notification that I cannot commit because a pending
transaction is in progress.

What am I missing? Remarks and tips much appreciated.

Thanks,
Wai

ab · 2013-05-28 10:05:03

Main problem with your code is that the GroupRights property should not contain a class instance, but an integer ID.
See the SAD pdf about how TSQLRecord properties are handled.

You should set GroupRights with the ID.
Something like this:

aNewUser.Grouprights := pointer(DB.MainFieldID(TSQLAuthGroup,'User'));

Then do not forget to call aNewUser.Free.

wai-kit · 2013-05-28 11:33:26

ahaa, so that is why the field Grouprights in table authuser has such a big number instead of the value 3. (Learned something new again, usage of MainFieldID)
allright, so now i have made the suggested changes and now I see the value 3 in the grouprights field.
The new code looks like:

procedure TForm1.Button2Click(Sender: TObject);
var
  aNewUser:TSQLAuthUser;
begin
  aNewUser := TSQLAuthUser.Create;

  try
    aNewUser.PasswordPlain := edit2.Text;
    aNewUser.LogonName := edit1.Text;
    aNewUser.DisplayName := edit1.Text;

    aNewUser.Grouprights := pointer(DB.MainFieldID(TSQLAuthGroup,'User'));

    if DB.Add(aNewUser, true)<>0 then begin
      showmessage('User '+ aNewUser.LogonName + ' added.');
    end;
  finally
    aNewUser.Free;
  end;

end;

Now the issue is that when I add a new user to the database and in the client I use SetUser('User', 'synopse') everything works according to plan. But, when
I use SetUser('wai', 'test') I cannot add any data with the client. When running the client in Delphi I see that an EOSError (message 'System error. Code 12002') occurs.
Tracing the call I see that this happens at

lineno 21572.        aNonce := CallBackGetResult('auth',['UserName',U.LogonName]);

in unit mORMot.

ab · 2013-05-28 15:17:04

... and on the serve side?

wai-kit · 2013-05-28 18:53:15

Ah, sorry. I was not clear on which side it is. This is on the server side.

ab · 2013-05-29 09:00:12

Impossible to reproduce the issue here.

Did you try to debug by yourself what is the exact error on server side (run the server in the IDE, and check the returned status code)?

wai-kit · 2013-05-30 14:04:08

When running only the executables, everything is fine. When running the client in IDE, the EOSError (Systemerror, Code 12002) appears.

Last edited by wai-kit (2013-05-30 15:31:56)

ab · 2013-05-30 21:08:42

Are you sure you registered the URI for http.sys properly?
See the SAD pdf about this point.

wai-kit · 2013-06-02 16:16:26

The URI is registerer in :

procedure TForm1.FormCreate(Sender: TObject);
begin
Model := CreateSampleModel;
DB := TSQLRestServerDB.Create(Model,ChangeFileExt(paramstr(0),'.db3'),true);
DB.CreateMissingTables(0);
Server := TSQLHttpServer.Create('8080',[DB],'+',useHttpApiRegisteringURI);
Server.AccessControlAllowOrigin := '*'; // allow cross-site AJAX queries
end;

Right?

mpv · 2013-06-02 20:38:12

By regisrer url AB mean call to THttpApiServer.AddUrlAuthorize under windows administrator user. See here http://synopse.info/forum/viewtopic.php?id=989 and in SAD by keyword AddUrlAuthorize

ab · 2013-06-03 08:48:03

RTFM!

wai-kit · 2013-06-03 09:17:44

hi MPV, thanks for clarifying.

I have noticed that the EOSError only occurs when running 'this' Project04client in Delphi and not when running the executable. When I run a Project04client from
a different sample then also no problem.
I then decided to remove Project04Client from the project group, delete all files generated by Delphi (.dproj, .res) and added the project back to the project group.
And then no problem ...

wai-kit · 2013-06-04 09:33:16

ab wrote:

RTFM!

Indeed RTFM (or RTFF ), if i knew what to look for. I search in the SAD for 'http.sys', 'authorize', but not AddUrlAuthorize. Unfortunately,
my pdf reader cannot do partial searches.

This brings me to these questions:
- when using mORMot authentication scheme, do I have to use sqlite3 for persistence?
- is it also possible to use an external database for user/pw persistence?

It might be that these questions has already been answered, so feel free to RTFM me .

ab · 2013-06-04 15:04:59

Some answers:
- you can use fast in-memory TObjectList storage - some samples do it that way - you are not tied to use SQLite3 for persistence;
- you can use external database access (e.g. FireBird, Oracle, MSSQL, Access...) for persistence (but SQLite3 engine is needed as core).

It is of course already answered in the f.... SAD pdf.

mORMot Open Source

#1 2013-05-27 11:24:56

Authentication: Adding new user

#2 2013-05-28 10:05:03

Re: Authentication: Adding new user

#3 2013-05-28 11:33:26

Re: Authentication: Adding new user

#4 2013-05-28 15:17:04

Re: Authentication: Adding new user

#5 2013-05-28 18:53:15

Re: Authentication: Adding new user

#6 2013-05-29 09:00:12

Re: Authentication: Adding new user

#7 2013-05-30 14:04:08

Re: Authentication: Adding new user

#8 2013-05-30 21:08:42

Re: Authentication: Adding new user

#9 2013-06-02 16:16:26

Re: Authentication: Adding new user

#10 2013-06-02 20:38:12

Re: Authentication: Adding new user

#11 2013-06-03 08:48:03

Re: Authentication: Adding new user

#12 2013-06-03 09:17:44

Re: Authentication: Adding new user

#13 2013-06-04 09:33:16

Re: Authentication: Adding new user

#14 2013-06-04 15:04:59

Re: Authentication: Adding new user

Board footer