Daraja Framework: HTTP+HTML form-based authentication

A new tutorial for the Daraja Framework gives an introduction into the technique of HTTP+HTML form-based authentication. The project uses only one resource handler, which handles GET and POST requests for the resource address /index.html. Depending on whether the client is already authenticated or not, the page either contains a login form, or a logout button.

Login page

<!DOCTYPE html>
<html>
  <head>
    <title>Form based login example</title>
  </head>
  <body>
    <form method="post">
     <input type="text" name="username" required>
     <input type="password" name="password" required>
     <input type="submit" name="submit" value="Login">
    </form>
  </body>
</html>

Logout page

<!DOCTYPE html>
<html>
  <head>
    <title>Form based login example</title>
  </head>
  <body>
    <p>you are logged in</p>
    <form method="post">
     <input type="submit" name="submit" value="Logout">
    </form>
  </body>
</html>

POST request handler

The OnPost event handler performs three tasks:

  • if the request header ‘submit’ has the value ‘Logout’, the server terminates the client session and redirects the client back to the originating page
  • if the credentials are valid, the server stores the username in the session field ‘form:username’ and redirects the client back to the originating page
  • otherwise, the server returns a 401 (not authenticated) error
procedure TLoginResource.OnPost(Request: TdjRequest; Response: TdjResponse);
var
  Username: string;
  Password: string;
begin
  if Request.Params.Values['submit'] = 'Logout' then
  begin
    Request.Session.Free;
    Response.Redirect(Request.Document);
    Exit;
  end;

  // read form data
  Username := Utf8ToString(RawByteString(Request.Params.Values['username']));
  Password := Utf8ToString(RawByteString(Request.Params.Values['password']));

  if CheckPwd(Username, Password) then
  begin
    // store username in session
    Request.Session.Content.Values['form:username'] := Username;
    // success: redirect to home page
    Response.Redirect(Request.Document);
  end else begin
    // bad user/password: return authentication error
    Response.ResponseNo := 401;
  end;
end;

The full code for tutorial 5 is available on https://github.com/michaelJustin/daraja-framework/tree/master/demo/tutorial5

Daraja Framework 1.2.2

On 6 March 2018, Habarisoft released Daraja Framework 1.2.2, a maintenance release which fixes bugs in the BootstrapDemo demo code and optional units (ShutDownHelper). The new release also includes an example project for a HTTPS server, not included are the certificates and the OpenSSL libraries.

bildschirmfoto-am-2017-01-27-um-19-23-13-fullpage

Advertisements

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

w

Connecting to %s