Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Problem with URL Encoding in Login #667

Closed
BssdTS opened this issue Jun 14, 2023 · 0 comments
Closed

Problem with URL Encoding in Login #667

BssdTS opened this issue Jun 14, 2023 · 0 comments
Assignees
Labels
accepted Issue has been accepted and inserted in a future milestone
Milestone

Comments

@BssdTS
Copy link

BssdTS commented Jun 14, 2023

Hi,

when providing credentials as a body, e.g.
{
"jwtusername": "[email protected]",
"jwtpassword": "te6,w~JcYxWsO%SH281R9G~N@*AQv&,W"
}
TMVCJWTAuthenticationMiddleware.OnBeforeRouting tries to parse the username and password by calling

LUsername := AContext.Request.ContentParam(FUserNameHeaderName);
LPassword := AContext.Request.ContentParam(FPasswordHeaderName);

before actually parsing the request body as a JSON. The ContentParam function attempts to URL Decode the params, which will fail with the given example (password). You would have to URL Encode the content of this JSON, to not have the conversion error be raised, which is inconsistent with other routes that have a JSON body.

We propose changing the above code to

LUsername := AContext.Request.QueryStringParam(FUserNameHeaderName);
LPassword := AContext.Request.QueryStringParam(FPasswordHeaderName)

which will correctly parse the credentials exclusively from query parameters.
Parsing the JSON content at this point is not necessary, because this code is followed by a dedicated JSON body parsing routine.

Hope you find this useful :)

@danieleteti danieleteti added this to the 3.4.0-neon milestone Jun 21, 2023
@danieleteti danieleteti self-assigned this Jun 21, 2023
@danieleteti danieleteti added the accepted Issue has been accepted and inserted in a future milestone label Jun 21, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
accepted Issue has been accepted and inserted in a future milestone
Projects
None yet
Development

No branches or pull requests

2 participants