Improved error message for serializer. JWTMiddleware can read usernam…

…e and password also from a json body like the following: {"username":"myusername","password":"mypassword"}
danieleteti · Dec 24, 2024 · 77c09ab · 77c09ab
1 parent a5ecfb5
commit 77c09ab
Show file tree

Hide file tree

Showing 3 changed files with 18 additions and 3 deletions.
diff --git a/sources/MVCFramework.Middleware.Authentication.RoleBasedAuthHandler.pas b/sources/MVCFramework.Middleware.Authentication.RoleBasedAuthHandler.pas
@@ -139,6 +139,7 @@ function TRoleBasedAuthHandler.CheckUserRoles(const AContext: TWebContext; const
 var
   vAttribute: MVCRequiresRoleAttribute;
   vSingleRole: string;
+  lRoleToCheck: string;
 begin
   // By default we will say that you are good to go.
   Result := True;
@@ -153,16 +154,25 @@ function TRoleBasedAuthHandler.CheckUserRoles(const AContext: TWebContext; const
     if (vAttribute.RoleEval = MVCRoleEval.reAND) then
     begin
       for vSingleRole in vAttribute.GetRoles do
-        if not AUserRoles.Contains(ResolveRole(AContext, vSingleRole)) then
+      begin
+        lRoleToCheck := ResolveRole(AContext, vSingleRole);
+        if not AUserRoles.Contains(lRoleToCheck) then
+        begin
           Exit(False);
+        end;
+      end;
     end
     else // OR evaluation
     begin
       // By default we assume we have not found the role.
       Result := False;
       for vSingleRole in vAttribute.GetRoles do
+      begin
         if AUserRoles.Contains(ResolveRole(AContext, vSingleRole)) then
+        begin
           Result := True;
+        end;
+      end;
       // If one of the roles does not match we exit the check.
       if not Result then
         Exit;

diff --git a/sources/MVCFramework.Middleware.JWT.pas b/sources/MVCFramework.Middleware.JWT.pas
@@ -462,6 +462,11 @@ procedure TMVCJWTAuthenticationMiddleware.OnBeforeRouting(AContext: TWebContext;
           begin
             LUsername := lJObj.S[FUserNameHeaderName];
             LPassword := lJObj.S[FPasswordHeaderName];
+            if LUsername.IsEmpty then
+            begin
+              LUsername := lJObj.S['username'];
+              LPassword := lJObj.S['password'];
+            end;
           end;
         finally
           lJObj.Free;

diff --git a/sources/MVCFramework.Serializer.JsonDataObjects.pas b/sources/MVCFramework.Serializer.JsonDataObjects.pas
@@ -3601,7 +3601,7 @@ procedure TMVCJsonDataObjectsSerializer.DeserializeObject(const ASerializedObjec
   JSONBase: TJsonBaseObject;
 begin
   if (ASerializedObject = EmptyStr) then
-    raise EMVCException.Create(HTTP_STATUS.BadRequest, 'Invalid body');
+    raise EMVCException.Create(HTTP_STATUS.BadRequest, 'Body is not a valid JSON (the body is empty)');
 
   if not Assigned(AObject) then
     Exit;
@@ -3611,7 +3611,7 @@ procedure TMVCJsonDataObjectsSerializer.DeserializeObject(const ASerializedObjec
     try
       if not(JSONBase is TJDOJsonObject) then
       begin
-        raise EMVCSerializationException.CreateFmt('Invalid JSON. Expected %s got %s',
+        raise EMVCSerializationException.CreateFmt('Body is not a valid JSON Object - Expected %s got %s',
           [TJDOJsonObject.ClassName, JSONBase.ClassName]);
       end;
       JSONObject := TJDOJsonObject(JSONBase);