Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

TMVCJWTAuthenticationMiddleware: Exception will prevent authentication with a json object #337

Closed
LucienClement opened this issue Mar 5, 2020 · 0 comments
Closed

TMVCJWTAuthenticationMiddleware: Exception will prevent authentication with a json object #337

LucienClement opened this issue Mar 5, 2020 · 0 comments
Labels
accepted Issue has been accepted and inserted in a future milestone
Milestone
3.2.0-boron

Comments

@LucienClement
Copy link

Hello,
in procedure TMVCJWTAuthenticationMiddleware.OnBeforeRouting (unit MVCFramework.Middleware.JWT) , if one tries to pass the jwtusername and jwtpassword as a json object, an exception will be raised because it will attempt first to evaluate the content as ampersand separated name=values.
On line 288 (LUsername := AContext.Request.ContentFields[FUserNameHeaderName]) an exception will be raised because FUserNameHeaderName does not exist (obviously) in AContext.Request.ContentFields dictionnary.
Now, if you change the code:

      if LUsername.IsEmpty then
      begin
        LUsername := AContext.Request.ContentFields[FUserNameHeaderName];
        LPassword := AContext.Request.ContentFields[FPasswordHeaderName];
      end;

to:

      if LUsername.IsEmpty then
      begin
        AContext.Request.ContentFields.TryGetValue(FUserNameHeaderName,LUsername);
        AContext.Request.ContentFields.TryGetValue(FPasswordHeaderName,LPassword);
      end;

You might still get an exception if your json content is written on more that one line, because you will attempt to add two empty names to the ContentFields dictionnary.
One solution would be to write :

      if LUsername.IsEmpty then
      try
        AContext.Request.ContentFields.TryGetValue(FUserNameHeaderName,LUsername);
        AContext.Request.ContentFields.TryGetValue(FPasswordHeaderName,LPassword);
     except   
     end;

I think it would be even better to check if the content-type is application/json and go directly to the json reader.

Regards,
@danieleteti danieleteti added the accepted Issue has been accepted and inserted in a future milestone label Mar 5, 2020
@danieleteti danieleteti added this to the 3.2.0-boron milestone Mar 5, 2020
danieleteti added a commit that referenced this issue Apr 3, 2020
@danieleteti
https://github.com/danieleteti/delphimvcframework/issues/337
36ca9d4
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
accepted Issue has been accepted and inserted in a future milestone
Projects
None yet
Milestone
3.2.0-boron
Development

No branches or pull requests
2 participants
@danieleteti @LucienClement