https://github.com/danieleteti/delphimvcframework/issues/63

2024-11-15 15:55:54 +01:00 · 2016-12-28 10:00:07 +01:00 · 2016-12-28 10:00:07 +01:00 · 3b1e19ec40
commit 3b1e19ec40
parent 24fa42f483
2 changed files with 38 additions and 3 deletions
--- a/sources/MVCFramework.Middleware.Authentication.pas
+++ b/sources/MVCFramework.Middleware.Authentication.pas
@ -75,7 +75,7 @@ implementation
 uses
  System.SysUtils, MVCFramework.Session, ObjectsMappers, System.StrUtils
 {$IF CompilerVersion > 24}
-    , System.NetEncoding, System.JSON
+    , System.NetEncoding, System.JSON, System.Classes
 {$ELSE}
    , Soap.EncdDecd, Data.DBXJSON
 {$ENDIF};
@ -374,7 +374,7 @@ begin
  begin
    Context.Response.ContentType := 'text/html';
    Context.Response.RawWebResponse.Content :=
-      Format(CONTENT_HTML_FORMAT, [HTTPStatus,
+      Format(CONTENT_HTML_FORMAT, [IntToStr(HTTPStatus),
      Context.Config[TMVCConfigKey.ServerName]]);
  end
  else
@ -409,7 +409,7 @@ begin
  LIsValid := Context.LoggedUser.IsValid;
  if not LIsValid then
  begin
-    Context.SessionStop(false);
+    Context.SessionStop(False);
    SendResponse(Context, Handled);
    Exit;
  end;
--- a/unittests/Several/LiveServerTestU.pas
+++ b/unittests/Several/LiveServerTestU.pas
@ -82,6 +82,7 @@ type
    // test authentication/authorization with CustomAuth
    procedure TestCustomAuthRequestWithoutLogin;
    procedure TestCustomAuthRequestsWithValidLogin;
+    procedure TestCustomAuthRequestsWithValidLogin_HTML;
    procedure TestCustomAuthWrongRequestBodies;
    procedure TestCustomAuthLoginLogout;

@ -415,6 +416,40 @@ begin
  end;
 end;

+procedure TServerTest.TestCustomAuthRequestsWithValidLogin_HTML;
+var
+  LRes: IRESTResponse;
+  lJSON: TJSONObject;
+  lCookieValue: string;
+begin
+  lJSON := TJSONObject.Create;
+  try
+    lJSON.AddPair('username', 'user1');
+    lJSON.AddPair('password', 'user1');
+    LRes := RESTClient.Accept('text/html').doPOST('/system/users/logged', [], lJSON, false);
+    CheckEquals('application/json', LRes.ContentType);
+    CheckEquals(HTTP_STATUS.OK, LRes.ResponseCode);
+    CheckEquals('/system/users/logged', LRes.HeaderValue('X-LOGOUT-URL'));
+    CheckEquals('DELETE', LRes.HeaderValue('X-LOGOUT-METHOD'));
+    CheckEquals('{"status":"OK"}', LRes.BodyAsString);
+    lCookieValue := LRes.Cookies
+      [LRes.Cookies.GetCookieIndex(TMVCConstants.SESSION_TOKEN_NAME)].Value;
+    CheckNotEquals('', lCookieValue, 'Session cookie not returned after login');
+    CheckFalse(lCookieValue.Contains('invalid'),
+      'Returned an invalid session token');
+
+    LRes := RESTClient.doGET('/privatecustom/role2', []);
+    CheckEquals(HTTP_STATUS.Forbidden, LRes.ResponseCode,
+      'Authorization not respected for not allowed action');
+
+    LRes := RESTClient.doGET('/privatecustom/role1', []);
+    CheckEquals(HTTP_STATUS.OK, LRes.ResponseCode,
+      'Authorization not respected for allowed action');
+  finally
+    lJSON.Free;
+  end;
+end;
+
 procedure TServerTest.TestCustomAuthWrongRequestBodies;
 var
  LRes: IRESTResponse;