delphimvcframework/samples/middleware_basicauthentication/AuthenticationU.pas

81 lines
2.5 KiB
ObjectPascal

unit AuthenticationU;
interface
uses
System.SysUtils, MVCFramework.Commons, System.Generics.Collections,
MVCFramework;
type
TAuthenticationSample = class(TInterfacedObject, IMVCAuthenticationHandler)
protected
procedure OnRequest(const AContext: TWebContext; const ControllerQualifiedClassName: string;
const ActionName: string; var AuthenticationRequired: Boolean);
procedure OnAuthentication(const AContext: TWebContext; const UserName: string; const Password: string;
UserRoles: System.Generics.Collections.TList<System.string>;
var IsValid: Boolean; const SessionData: TSessionData);
procedure OnAuthorization(const AContext: TWebContext; UserRoles
: System.Generics.Collections.TList<System.string>;
const ControllerQualifiedClassName: string; const ActionName: string;
var IsAuthorized: Boolean);
end;
implementation
{ TMVCAuthorization }
procedure TAuthenticationSample.OnAuthentication(const AContext: TWebContext; const UserName: string;
const Password: string;
UserRoles: System.Generics.Collections.TList<System.string>;
var IsValid: Boolean; const SessionData: TSessionData);
begin
IsValid := UserName.Equals(Password); // hey!, this is just a demo!!!
if IsValid then
begin
if UserName = 'user1' then
begin
UserRoles.Add('role1');
end;
if UserName = 'user2' then
begin
UserRoles.Add('role2');
end;
if UserName = 'user3' then // all the roles
begin
UserRoles.Add('role1');
UserRoles.Add('role2');
end;
end
else
begin
UserRoles.Clear;
end;
end;
procedure TAuthenticationSample.OnAuthorization
(const AContext: TWebContext; UserRoles
: System.Generics.Collections.TList<System.string>;
const ControllerQualifiedClassName: string; const ActionName: string;
var IsAuthorized: Boolean);
begin
IsAuthorized := False;
if ActionName = 'Logout' then
IsAuthorized := True; // you can always call logout
if ActionName = 'OnlyRole2' then
IsAuthorized := UserRoles.Contains('role2');
if ActionName = 'OnlyRole1' then
IsAuthorized := UserRoles.Contains('role1');
if ActionName = 'OnlyRole1EmittingJSON' then
IsAuthorized := UserRoles.Contains('role1');
end;
procedure TAuthenticationSample.OnRequest(const AContext: TWebContext; const ControllerQualifiedClassName: string;
const ActionName: string; var AuthenticationRequired: Boolean);
begin
AuthenticationRequired := ControllerQualifiedClassName =
'AppControllerU.TAdminController';
end;
end.