Delphi/delphimvcframework
1
0
Fork 0
mirror of https://github.com/danieleteti/delphimvcframework.git synced 2024-11-15 15:55:54 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity

https://github.com/danieleteti/delphimvcframework/issues/63

Browse Source
This commit is contained in:
Daniele Teti 2016-12-28 10:00:07 +01:00
parent 24fa42f483
commit 3b1e19ec40
2 changed files with 38 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
sources/MVCFramework.Middleware.Authentication.pas
View File

@ -75,7 +75,7 @@ implementation
uses uses
System.SysUtils, MVCFramework.Session, ObjectsMappers, System.StrUtils System.SysUtils, MVCFramework.Session, ObjectsMappers, System.StrUtils
{$IF CompilerVersion > 24} {$IF CompilerVersion > 24}
, System.NetEncoding, System.JSON , System.NetEncoding, System.JSON, System.Classes
{$ELSE} {$ELSE}
, Soap.EncdDecd, Data.DBXJSON , Soap.EncdDecd, Data.DBXJSON
{$ENDIF}; {$ENDIF};
@ -374,7 +374,7 @@ begin
begin begin
Context.Response.ContentType := 'text/html'; Context.Response.ContentType := 'text/html';
Context.Response.RawWebResponse.Content := Context.Response.RawWebResponse.Content :=
Format(CONTENT_HTML_FORMAT, [HTTPStatus, Format(CONTENT_HTML_FORMAT, [IntToStr(HTTPStatus),
Context.Config[TMVCConfigKey.ServerName]]); Context.Config[TMVCConfigKey.ServerName]]);
end end
else else
@ -409,7 +409,7 @@ begin
LIsValid := Context.LoggedUser.IsValid; LIsValid := Context.LoggedUser.IsValid;
if not LIsValid then if not LIsValid then
begin begin
Context.SessionStop(false); Context.SessionStop(False);
SendResponse(Context, Handled); SendResponse(Context, Handled);
Exit; Exit;
end; end;

35
unittests/Several/LiveServerTestU.pas
View File

@ -82,6 +82,7 @@ type
// test authentication/authorization with CustomAuth // test authentication/authorization with CustomAuth
procedure TestCustomAuthRequestWithoutLogin; procedure TestCustomAuthRequestWithoutLogin;
procedure TestCustomAuthRequestsWithValidLogin; procedure TestCustomAuthRequestsWithValidLogin;
procedure TestCustomAuthRequestsWithValidLogin_HTML;
procedure TestCustomAuthWrongRequestBodies; procedure TestCustomAuthWrongRequestBodies;
procedure TestCustomAuthLoginLogout; procedure TestCustomAuthLoginLogout;
@ -415,6 +416,40 @@ begin
end; end;
end; end;
procedure TServerTest.TestCustomAuthRequestsWithValidLogin_HTML;
var
LRes: IRESTResponse;
lJSON: TJSONObject;
lCookieValue: string;
begin
lJSON := TJSONObject.Create;
try
lJSON.AddPair('username', 'user1');
lJSON.AddPair('password', 'user1');
LRes := RESTClient.Accept('text/html').doPOST('/system/users/logged', [], lJSON, false);
CheckEquals('application/json', LRes.ContentType);
CheckEquals(HTTP_STATUS.OK, LRes.ResponseCode);
CheckEquals('/system/users/logged', LRes.HeaderValue('X-LOGOUT-URL'));
CheckEquals('DELETE', LRes.HeaderValue('X-LOGOUT-METHOD'));
CheckEquals('{"status":"OK"}', LRes.BodyAsString);
lCookieValue := LRes.Cookies
[LRes.Cookies.GetCookieIndex(TMVCConstants.SESSION_TOKEN_NAME)].Value;
CheckNotEquals('', lCookieValue, 'Session cookie not returned after login');
CheckFalse(lCookieValue.Contains('invalid'),
'Returned an invalid session token');
LRes := RESTClient.doGET('/privatecustom/role2', []);
CheckEquals(HTTP_STATUS.Forbidden, LRes.ResponseCode,
'Authorization not respected for not allowed action');
LRes := RESTClient.doGET('/privatecustom/role1', []);
CheckEquals(HTTP_STATUS.OK, LRes.ResponseCode,
'Authorization not respected for allowed action');
finally
lJSON.Free;
end;
end;
procedure TServerTest.TestCustomAuthWrongRequestBodies; procedure TServerTest.TestCustomAuthWrongRequestBodies;
var var
LRes: IRESTResponse; LRes: IRESTResponse;