2017-05-12 12:48:44 +02:00
|
|
|
// ***************************************************************************
|
|
|
|
|
//
|
|
|
|
|
// Delphi MVC Framework
|
|
|
|
|
//
|
|
|
|
|
// Copyright (c) 2010-2017 Daniele Teti and the DMVCFramework Team
|
|
|
|
|
//
|
|
|
|
|
// https://github.com/danieleteti/delphimvcframework
|
|
|
|
|
//
|
|
|
|
|
// ***************************************************************************
|
|
|
|
|
//
|
|
|
|
|
// Licensed under the Apache License, Version 2.0 (the "License");
|
|
|
|
|
// you may not use this file except in compliance with the License.
|
|
|
|
|
// You may obtain a copy of the License at
|
|
|
|
|
//
|
|
|
|
|
// http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
|
//
|
|
|
|
|
// Unless required by applicable law or agreed to in writing, software
|
|
|
|
|
// distributed under the License is distributed on an "AS IS" BASIS,
|
|
|
|
|
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
|
|
|
// See the License for the specific language governing permissions and
|
|
|
|
|
// limitations under the License.
|
|
|
|
|
//
|
|
|
|
|
// *************************************************************************** }
|
|
|
|
|
|
|
|
|
|
unit RoleAuthHandlerU;
|
|
|
|
|
|
|
|
|
|
interface
|
|
|
|
|
|
|
|
|
|
uses
|
|
|
|
|
MVCFramework.Commons,
|
|
|
|
|
MVCFramework,
|
|
|
|
|
System.Generics.Collections,
|
|
|
|
|
MVCFramework.Middleware.Authentication.RoleBasedAuthHandler;
|
|
|
|
|
|
|
|
|
|
type
|
2017-05-15 10:35:37 +02:00
|
|
|
TCustomRoleAuth = class(TRoleBasedAuthHandler)
|
2017-05-12 12:48:44 +02:00
|
|
|
public
|
|
|
|
|
// if authentication is required, this method must execute the user authentication
|
|
|
|
|
procedure OnAuthentication(const UserName: string; const Password: string;
|
|
|
|
|
UserRoles: TList<System.string>; var IsValid: Boolean;
|
|
|
|
|
const SessionData: System.Generics.Collections.TDictionary<System.string,
|
|
|
|
|
System.string>); override;
|
|
|
|
|
end;
|
|
|
|
|
|
|
|
|
|
implementation
|
|
|
|
|
|
2017-05-15 10:35:37 +02:00
|
|
|
{ TCustomRoleAuth }
|
2017-05-12 12:48:44 +02:00
|
|
|
|
2017-05-15 10:35:37 +02:00
|
|
|
procedure TCustomRoleAuth.OnAuthentication(const UserName, Password: string;
|
2017-05-12 12:48:44 +02:00
|
|
|
UserRoles: TList<System.string>; var IsValid: Boolean;
|
|
|
|
|
const SessionData: TDictionary<System.string, System.string>);
|
|
|
|
|
begin
|
|
|
|
|
{
|
|
|
|
|
Here you should do the actual query on database or other "users store" to
|
|
|
|
|
check if the user identified by UserName and Password is a valid user.
|
|
|
|
|
You have to fill also the UserRoles list with the roles of the user.
|
|
|
|
|
Moreover additional user properties can be added in the SessionData dictionary
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// We defined 3 statc users here: admin, user1, user2
|
|
|
|
|
IsValid := False;
|
|
|
|
|
if (UserName = 'admin') and (Password = 'adminpass') then
|
|
|
|
|
begin
|
|
|
|
|
IsValid := True;
|
|
|
|
|
UserRoles.Add('admin');
|
|
|
|
|
UserRoles.Add('role1');
|
|
|
|
|
UserRoles.Add('role2');
|
|
|
|
|
end
|
|
|
|
|
else if (UserName = 'user1') and (Password = 'user1pass') then
|
|
|
|
|
begin
|
|
|
|
|
IsValid := True;
|
|
|
|
|
UserRoles.Add('role1');
|
|
|
|
|
end
|
|
|
|
|
else if (UserName = 'user2') and (Password = 'user2pass') then
|
|
|
|
|
begin
|
|
|
|
|
IsValid := True;
|
|
|
|
|
UserRoles.Add('role2');
|
|
|
|
|
end
|
|
|
|
|
else if (UserName = 'user3') and (Password = 'user3pass') then
|
|
|
|
|
begin
|
|
|
|
|
IsValid := True;
|
|
|
|
|
UserRoles.Add('role1');
|
|
|
|
|
UserRoles.Add('role2');
|
|
|
|
|
end;
|
|
|
|
|
|
|
|
|
|
// if you dont have "roles" concept in your system, you can also avoid to use them and
|
|
|
|
|
// sets only IsValid := True;
|
|
|
|
|
end;
|
|
|
|
|
|
|
|
|
|
end.
|
