From 1cff649a922494f08adc4857e66e52b02b162967 Mon Sep 17 00:00:00 2001 From: Vinicius Sanchez Date: Tue, 16 Jul 2019 10:59:04 -0300 Subject: [PATCH] Error when passing authentication type other than bearer --- src/Horse.JWT.pas | 31 ++++++++++++++----------------- 1 file changed, 14 insertions(+), 17 deletions(-) diff --git a/src/Horse.JWT.pas b/src/Horse.JWT.pas index 09d56d7..c3ba0fe 100644 --- a/src/Horse.JWT.pas +++ b/src/Horse.JWT.pas @@ -2,15 +2,12 @@ interface -uses - Horse, System.Classes, System.JSON, Web.HTTPApp, System.SysUtils, - JOSE.Core.JWT, JOSE.Core.JWK, JOSE.Core.Builder, JOSE.Consumer.Validators, - JOSE.Consumer, JOSE.Context, REST.JSON; +uses Horse, System.Classes, System.JSON, Web.HTTPApp, System.SysUtils, JOSE.Core.JWT, JOSE.Core.JWK, JOSE.Core.Builder, + JOSE.Consumer.Validators, JOSE.Consumer, JOSE.Context, REST.JSON; procedure Middleware(Req: THorseRequest; Res: THorseResponse; Next: TProc); function HorseJWT(ASecretJWT: string; AHeader: string = 'authorization'): THorseCallback; overload; -function HorseJWT(ASecretJWT: string; ASessionClass: TClass; AHeader: string = 'authorization') - : THorseCallback; overload; +function HorseJWT(ASecretJWT: string; ASessionClass: TClass; AHeader: string = 'authorization'): THorseCallback; overload; implementation @@ -23,15 +20,13 @@ function HorseJWT(ASecretJWT: string; AHeader: string = 'authorization'): THorse begin SecretJWT := ASecretJWT; Header := AHeader; - Result := Middleware + Result := Middleware; end; -function HorseJWT(ASecretJWT: string; ASessionClass: TClass; AHeader: string = 'authorization') - : THorseCallback; overload; +function HorseJWT(ASecretJWT: string; ASessionClass: TClass; AHeader: string = 'authorization'): THorseCallback; overload; begin - Result := HorseJWT(ASecretJWT); + Result := HorseJWT(ASecretJWT, AHeader); SessionClass := ASessionClass; - Header := AHeader; end; procedure Middleware(Req: THorseRequest; Res: THorseResponse; Next: TProc); @@ -48,16 +43,20 @@ procedure Middleware(Req: THorseRequest; Res: THorseResponse; Next: TProc); raise EHorseCallbackInterrupted.Create; end; + if Pos('bearer', LowerCase(LToken)) = 0 then + begin + Res.Send('Invalid authorization type').Status(401); + raise EHorseCallbackInterrupted.Create; + end; + LToken := LToken.Replace('bearer ', '', [rfIgnoreCase]); + LValidations := TJOSEConsumerBuilder.NewConsumer.SetVerificationKey(SecretJWT).SetSkipVerificationKeyValidation + .SetRequireExpirationTime.Build; - LValidations := TJOSEConsumerBuilder.NewConsumer.SetVerificationKey(SecretJWT) - .SetSkipVerificationKeyValidation.SetRequireExpirationTime.Build; try - LJWT := TJOSEContext.Create(LToken, TJWTClaims); try try - LValidations.ProcessContext(LJWT); LJSON := LJWT.GetClaims.JSON; @@ -67,9 +66,7 @@ procedure Middleware(Req: THorseRequest; Res: THorseResponse; Next: TProc); LSession := TJSONValue.Create; TJson.JsonToObject(LSession, LJSON); - THorseHackRequest(Req).SetSession(LSession); - except on E: exception do begin