+ Not JWTBlackList middleware returns 204 instead of 200 when a token is blacklisted

+ Improved JWTBlackList sample
2024-11-15 15:55:54 +01:00 · 2021-08-15 15:55:18 +02:00 · 2021-08-15 15:55:18 +02:00 · b5e255ffe0
commit b5e255ffe0
parent e8334bfdb9
4 changed files with 96 additions and 68 deletions
--- a/samples/middleware_jwtblacklist/JWTBlacklistServerSample.dpr
+++ b/samples/middleware_jwtblacklist/JWTBlacklistServerSample.dpr
@ -20,13 +20,6 @@ uses

 {$R *.res}

-type
-  TWebBrokerBridgeAuthEvent = class
-  public
-    class procedure ServerParserAuthentication(AContext: TIdContext; const AAuthType, AAuthData: String; var VUsername,
-    VPassword: String; var VHandled: Boolean);
-  end;
-
 procedure RunServer(APort: Integer);
 var
  LServer: TIdHTTPWebBrokerBridge;
@ -38,22 +31,12 @@ begin
    LServer.DefaultPort := APort;
    LServer.Active := True;
    Writeln('Press RETURN to stop the server');
-    // ShellExecute(0, 'open', PChar('http://localhost:' + IntToStr(APort)), nil, nil, SW_SHOW);
    ReadLn;
  finally
    LServer.Free;
  end;
 end;

-{ TWebBrokerBridgeAuthEvent }
-
-class procedure TWebBrokerBridgeAuthEvent.ServerParserAuthentication(AContext: TIdContext; const AAuthType, AAuthData: String;
-  var VUsername, VPassword: String; var VHandled: Boolean);
-begin
-  if SameText(AAuthType, 'bearer') then
-    VHandled := True;
-end;
-
 begin
  ReportMemoryLeaksOnShutdown := True;
  try
--- a/samples/middleware_jwtblacklist/vclclient/MainClientFormU.dfm
+++ b/samples/middleware_jwtblacklist/vclclient/MainClientFormU.dfm
@ -15,7 +15,7 @@ object MainForm: TMainForm
  TextHeight = 13
  object Splitter2: TSplitter
    Left = 0
-    Top = 185
+    Top = 217
    Width = 647
    Height = 3
    Cursor = crVSplit
@ -24,39 +24,6 @@ object MainForm: TMainForm
    ExplicitTop = 302
    ExplicitWidth = 513
  end
-  object Memo1: TMemo
-    Left = 0
-    Top = 49
-    Width = 647
-    Height = 136
-    Align = alTop
-    Font.Charset = ANSI_CHARSET
-    Font.Color = clWindowText
-    Font.Height = -13
-    Font.Name = 'Courier New'
-    Font.Style = []
-    ParentFont = False
-    ReadOnly = True
-    TabOrder = 1
-    ExplicitTop = 65
-  end
-  object Memo2: TMemo
-    Left = 0
-    Top = 188
-    Width = 647
-    Height = 272
-    Align = alClient
-    Font.Charset = ANSI_CHARSET
-    Font.Color = clWindowText
-    Font.Height = -13
-    Font.Name = 'Courier New'
-    Font.Style = []
-    ParentFont = False
-    ReadOnly = True
-    TabOrder = 2
-    ExplicitTop = 166
-    ExplicitHeight = 143
-  end
  object Panel1: TPanel
    Left = 0
    Top = 0
@ -74,8 +41,6 @@ object MainForm: TMainForm
      Caption = 'Get a protected resource'
      TabOrder = 1
      OnClick = btnGetClick
-      ExplicitLeft = 111
-      ExplicitHeight = 57
    end
    object btnLOGIN: TButton
      AlignWithMargins = True
@ -87,8 +52,6 @@ object MainForm: TMainForm
      Caption = 'Login'
      TabOrder = 0
      OnClick = btnLOGINClick
-      ExplicitLeft = 4
-      ExplicitHeight = 57
    end
    object btnLogout: TButton
      AlignWithMargins = True
@ -101,8 +64,6 @@ object MainForm: TMainForm
      TabOrder = 2
      WordWrap = True
      OnClick = btnLogoutClick
-      ExplicitLeft = 271
-      ExplicitTop = 2
    end
    object btnPublicResource: TButton
      AlignWithMargins = True
@ -116,4 +77,82 @@ object MainForm: TMainForm
      OnClick = btnPublicResourceClick
    end
  end
+  object Panel2: TPanel
+    Left = 0
+    Top = 49
+    Width = 647
+    Height = 168
+    Align = alTop
+    Caption = 'Panel2'
+    TabOrder = 1
+    object Label1: TLabel
+      AlignWithMargins = True
+      Left = 4
+      Top = 4
+      Width = 639
+      Height = 13
+      Align = alTop
+      Caption = 'Current Token'
+      ExplicitWidth = 69
+    end
+    object MemoJWT: TMemo
+      Left = 1
+      Top = 20
+      Width = 645
+      Height = 147
+      Align = alClient
+      Font.Charset = ANSI_CHARSET
+      Font.Color = clWindowText
+      Font.Height = -13
+      Font.Name = 'Courier New'
+      Font.Style = []
+      ParentFont = False
+      ReadOnly = True
+      TabOrder = 0
+      ExplicitTop = -95
+      ExplicitHeight = 136
+    end
+  end
+  object Panel3: TPanel
+    Left = 0
+    Top = 220
+    Width = 647
+    Height = 240
+    Align = alClient
+    Caption = 'Panel3'
+    TabOrder = 2
+    ExplicitLeft = 240
+    ExplicitTop = 232
+    ExplicitWidth = 185
+    ExplicitHeight = 41
+    object Label2: TLabel
+      AlignWithMargins = True
+      Left = 4
+      Top = 4
+      Width = 639
+      Height = 13
+      Align = alTop
+      Caption = 'Raw Response'
+      ExplicitWidth = 71
+    end
+    object MemoRawResponse: TMemo
+      Left = 1
+      Top = 20
+      Width = 645
+      Height = 219
+      Align = alClient
+      Font.Charset = ANSI_CHARSET
+      Font.Color = clWindowText
+      Font.Height = -13
+      Font.Name = 'Courier New'
+      Font.Style = []
+      ParentFont = False
+      ReadOnly = True
+      TabOrder = 0
+      ExplicitLeft = 0
+      ExplicitTop = 220
+      ExplicitWidth = 647
+      ExplicitHeight = 240
+    end
+  end
 end
--- a/samples/middleware_jwtblacklist/vclclient/MainClientFormU.pas
+++ b/samples/middleware_jwtblacklist/vclclient/MainClientFormU.pas
@ -18,14 +18,18 @@ uses

 type
  TMainForm = class(TForm)
-    Memo1: TMemo;
-    Memo2: TMemo;
+    MemoJWT: TMemo;
+    MemoRawResponse: TMemo;
    Panel1: TPanel;
    btnGet: TButton;
    btnLOGIN: TButton;
    Splitter2: TSplitter;
    btnLogout: TButton;
    btnPublicResource: TButton;
+    Panel2: TPanel;
+    Label1: TLabel;
+    Panel3: TPanel;
+    Label2: TLabel;
    procedure btnGetClick(Sender: TObject);
    procedure btnLOGINClick(Sender: TObject);
    procedure btnLogoutClick(Sender: TObject);
@ -73,7 +77,7 @@ begin
  if not lResp.Success then
    ShowMessage(lResp.Content);

-  Memo2.Lines.Text := lResp.Content;
+  MemoRawResponse.Lines.Text := lResp.Content;
 end;

 procedure TMainForm.btnLOGINClick(Sender: TObject);
@ -86,6 +90,8 @@ begin
  lClient.ReadTimeOut(0);
  lClient.SetBasicAuthorization('user1', 'user1');
  lRest := lClient.Post('/login');
+  MemoRawResponse.Lines.Text := lRest.Content;
+
  if not lRest.Success then
  begin
    ShowMessage(
@ -117,10 +123,12 @@ begin

  lClient.SetBearerAuthorization(FJWT);
  lResp := lClient.Get('/logout');
-  if not lResp.Success then
-    ShowMessage(lResp.Content)
-  else
+  MemoRawResponse.Lines.Text := lResp.Content;
+
+  if lResp.Success then
+  begin
    ShowMessage('Now you current JWT has been blacklisted by the server. Any subsequent request with this token is forbidden');
+  end;
 end;

 procedure TMainForm.btnPublicResourceClick(Sender: TObject);
@ -133,15 +141,13 @@ begin
  lResp := lClient
    .Accept(TMVCMediaType.APPLICATION_JSON)
    .Get('/public');
-  if not lResp.Success then
-    ShowMessage(lResp.Content);
-  Memo2.Lines.Text := lResp.Content;
+  MemoRawResponse.Lines.Text := lResp.Content;
 end;

 procedure TMainForm.SetJWT(const Value: string);
 begin
  FJWT := Value;
-  Memo1.Lines.Text := Value;
+  MemoJWT.Lines.Text := Value;
 end;

 end.
--- a/sources/MVCFramework.Middleware.JWTBlacklist.pas
+++ b/sources/MVCFramework.Middleware.JWTBlacklist.pas
@ -136,7 +136,7 @@ begin
        'JWTToken required - cannot blacklist an unknown token');
    end;
    fOnNewJWTToBlackList(AContext, lAuthToken);
-    AContext.Response.StatusCode := HTTP_STATUS.OK;
+    AContext.Response.StatusCode := HTTP_STATUS.NoContent;
    AHandled := True;
  end
  else