TMVCJWTAuthenticationMiddleware: Exception will prevent authentication with a json object
LucienClement opened this issue · comments
Hello,
in procedure TMVCJWTAuthenticationMiddleware.OnBeforeRouting (unit MVCFramework.Middleware.JWT) , if one tries to pass the jwtusername and jwtpassword as a json object, an exception will be raised because it will attempt first to evaluate the content as ampersand separated name=values.
On line 288 (LUsername := AContext.Request.ContentFields[FUserNameHeaderName]
) an exception will be raised because FUserNameHeaderName does not exist (obviously) in AContext.Request.ContentFields dictionnary.
Now, if you change the code:
if LUsername.IsEmpty then
begin
LUsername := AContext.Request.ContentFields[FUserNameHeaderName];
LPassword := AContext.Request.ContentFields[FPasswordHeaderName];
end;
to:
if LUsername.IsEmpty then
begin
AContext.Request.ContentFields.TryGetValue(FUserNameHeaderName,LUsername);
AContext.Request.ContentFields.TryGetValue(FPasswordHeaderName,LPassword);
end;
You might still get an exception if your json content is written on more that one line, because you will attempt to add two empty names to the ContentFields dictionnary.
One solution would be to write :
if LUsername.IsEmpty then
try
AContext.Request.ContentFields.TryGetValue(FUserNameHeaderName,LUsername);
AContext.Request.ContentFields.TryGetValue(FPasswordHeaderName,LPassword);
except
end;
I think it would be even better to check if the content-type is application/json and go directly to the json reader.
Regards,