Skip to content

Commit

Permalink
Error when passing authentication type other than bearer
Browse files Browse the repository at this point in the history
  • Loading branch information
@viniciussanchez
viniciussanchez authored Jul 16, 2019
1 parent 8537b8c commit 1cff649
Showing 1 changed file with 14 additions and 17 deletions.
31 changes: 14 additions & 17 deletions src/Horse.JWT.pas
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,15 +2,12 @@

interface

uses
Horse, System.Classes, System.JSON, Web.HTTPApp, System.SysUtils,
JOSE.Core.JWT, JOSE.Core.JWK, JOSE.Core.Builder, JOSE.Consumer.Validators,
JOSE.Consumer, JOSE.Context, REST.JSON;
uses Horse, System.Classes, System.JSON, Web.HTTPApp, System.SysUtils, JOSE.Core.JWT, JOSE.Core.JWK, JOSE.Core.Builder,
JOSE.Consumer.Validators, JOSE.Consumer, JOSE.Context, REST.JSON;

procedure Middleware(Req: THorseRequest; Res: THorseResponse; Next: TProc);
function HorseJWT(ASecretJWT: string; AHeader: string = 'authorization'): THorseCallback; overload;
function HorseJWT(ASecretJWT: string; ASessionClass: TClass; AHeader: string = 'authorization')
: THorseCallback; overload;
function HorseJWT(ASecretJWT: string; ASessionClass: TClass; AHeader: string = 'authorization'): THorseCallback; overload;

implementation

Expand All @@ -23,15 +20,13 @@ function HorseJWT(ASecretJWT: string; AHeader: string = 'authorization'): THorse
begin
SecretJWT := ASecretJWT;
Header := AHeader;
Result := Middleware
Result := Middleware;
end;

function HorseJWT(ASecretJWT: string; ASessionClass: TClass; AHeader: string = 'authorization')
: THorseCallback; overload;
function HorseJWT(ASecretJWT: string; ASessionClass: TClass; AHeader: string = 'authorization'): THorseCallback; overload;
begin
Result := HorseJWT(ASecretJWT);
Result := HorseJWT(ASecretJWT, AHeader);
SessionClass := ASessionClass;
Header := AHeader;
end;

procedure Middleware(Req: THorseRequest; Res: THorseResponse; Next: TProc);
Expand All @@ -48,16 +43,20 @@ procedure Middleware(Req: THorseRequest; Res: THorseResponse; Next: TProc);
raise EHorseCallbackInterrupted.Create;
end;

if Pos('bearer', LowerCase(LToken)) = 0 then
begin
Res.Send('Invalid authorization type').Status(401);
raise EHorseCallbackInterrupted.Create;
end;

LToken := LToken.Replace('bearer ', '', [rfIgnoreCase]);
LValidations := TJOSEConsumerBuilder.NewConsumer.SetVerificationKey(SecretJWT).SetSkipVerificationKeyValidation
.SetRequireExpirationTime.Build;

LValidations := TJOSEConsumerBuilder.NewConsumer.SetVerificationKey(SecretJWT)
.SetSkipVerificationKeyValidation.SetRequireExpirationTime.Build;
try

LJWT := TJOSEContext.Create(LToken, TJWTClaims);
try
try

LValidations.ProcessContext(LJWT);
LJSON := LJWT.GetClaims.JSON;

Expand All @@ -67,9 +66,7 @@ procedure Middleware(Req: THorseRequest; Res: THorseResponse; Next: TProc);
LSession := TJSONValue.Create;

TJson.JsonToObject(LSession, LJSON);

THorseHackRequest(Req).SetSession(LSession);

except
on E: exception do
begin
Expand Down

0 comments on commit 1cff649

Please sign in to comment.