Add manual web-login fallback update logout and username-based auth using…

Add manual web-login fallback update logout and username-based auth using dedicated 000000/WEB_LOGIN rows

emT3Web/Auth.Service.pas

@@ -23,10 +23,8 @@ type
   public
     constructor Create; reintroduce;
     destructor Destroy; override;
-    procedure Login(AUser, APassword, AClientVersion: string; ASuccess: TOnLoginSuccess;
-      AError: TOnLoginError);
-    procedure WebLogin(AUser, APassword, ATaskId: string; ASuccess: TOnLoginSuccess;
-      AError: TOnLoginError);
+    procedure Login(AUser, APassword, AClientVersion: string; ASuccess: TOnLoginSuccess; AError: TOnLoginError);
+    procedure WebLogin(AUser, ATaskId, APassword: string; ASuccess: TOnLoginSuccess; AError: TOnLoginError);
     procedure Logout;
     function GetToken: string;
     function Authenticated: Boolean;
@@ -124,7 +122,7 @@ begin
 end;
 
 
-procedure TAuthService.WebLogin(AUser, APassword, ATaskId: string; ASuccess: TOnLoginSuccess;
+procedure TAuthService.WebLogin(AUser, ATaskId, APassword: string; ASuccess: TOnLoginSuccess;
   AError: TOnLoginError);
 
   procedure OnLoad(Response: TXDataClientResponse);
@@ -142,14 +140,14 @@ procedure TAuthService.WebLogin(AUser, APassword, ATaskId: string; ASuccess: TOn
   end;
 
 begin
-  if (AUser = '') or (APassword = '') then
+  if (AUser = '') or (ATaskId = '') or (APassword = '') then
   begin
-    AError('Invalid or expired code, please try again.');
+    AError('Please enter user id, task id, and password.');
     Exit;
   end;
 
   FClient.RawInvoke(
-    'IAuthService.WebLogin', [AUser, APassword, ATaskId],
+    'IAuthService.WebLogin', [AUser, ATaskId, APassword],
     @OnLoad, @OnError
   );
 end;

emT3Web/View.Login.pas

@@ -5,7 +5,7 @@ interface
 uses
   System.SysUtils, System.Classes, WEBLib.Graphics, WEBLib.Controls, WEBLib.Forms, WEBLib.Dialogs,
   Vcl.Controls, Vcl.StdCtrls, WEBLib.StdCtrls, WEBLib.JSON,
-  JS, XData.Web.Connection, WEBLib.ExtCtrls,
+  JS, XData.Web.Connection, WEBLib.ExtCtrls, Web,
   App.Types, ConnectionModule, XData.Web.Client;
 
 type
@@ -25,11 +25,14 @@ type
   private
     FLoginProc: TSuccessProc;
     FMessage: string;
+    FUserId: string;
+    FTaskId: string;
     procedure ShowNotification(Notification: string);
     procedure HideNotification;
   public
     class procedure Display(LoginProc: TSuccessProc); overload;
     class procedure Display(LoginProc: TSuccessProc; AMsg: string); overload;
+    class procedure Display(LoginProc: TSuccessProc; AUserId, ATaskId, AMsg: string); overload;
   end;
 
 var
@@ -46,7 +49,18 @@ uses
 procedure TFViewLogin.btnLoginClick(Sender: TObject);
 
   procedure LoginSuccess;
+  var
+    newUrl: string;
   begin
+    newUrl := window.location.pathname +
+      '?user_id=' + edtUsername.Text +
+      '&task_id=' + edtTaskId.Text +
+      '&url_code=000000';
+
+    asm
+      window.history.replaceState({}, '', newUrl);
+    end;
+
     FLoginProc;
   end;
 
@@ -57,7 +71,7 @@ procedure TFViewLogin.btnLoginClick(Sender: TObject);
 
 begin
   AuthService.WebLogin(
-    edtUsername.Text, edtPassword.Text, edtTaskId.Text,
+    edtUsername.Text, edtTaskId.Text, edtPassword.Text,
     @LoginSuccess,
     @LoginError
   );
@@ -65,13 +79,20 @@ end;
 
 class procedure TFViewLogin.Display(LoginProc: TSuccessProc);
 begin
-  TFViewLogin.Display(LoginProc, '');
+  TFViewLogin.Display(LoginProc, '', '', '');
 end;
 
 class procedure TFViewLogin.Display(LoginProc: TSuccessProc; AMsg: string);
+begin
+  TFViewLogin.Display(LoginProc, '', '', AMsg);
+end;
+
+class procedure TFViewLogin.Display(LoginProc: TSuccessProc; AUserId, ATaskId, AMsg: string);
 
   procedure FormCreate(AForm: TObject);
   begin
+    TFViewLogin(AForm).FUserId := AUserId;
+    TFViewLogin(AForm).FTaskId := ATaskId;
     TFViewLogin(AForm).FMessage := AMsg;
   end;
 
@@ -103,7 +124,9 @@ end;
 
 procedure TFViewLogin.WebFormCreate(Sender: TObject);
 begin
-//  lblAppTitle.Caption := 'EM Systems - webCharms App ver 0.9.2.22';
+  edtUsername.Text := FUserId;
+  edtTaskId.Text := FTaskId;
+
   if FMessage <> '' then
     ShowNotification(FMessage)
   else

emT3Web/emT3web.dpr

@@ -19,7 +19,7 @@ uses
 
 {$R *.res}
 
-procedure DisplayLoginView(AMessage: string = ''); forward;
+procedure DisplayLoginView(AUserId: string = ''; ATaskId: string = ''; AMessage: string = ''); forward;
 procedure DoLogout(AMsg: string = ''); forward;
 
 procedure DisplayMainView;
@@ -45,24 +45,29 @@ procedure Login(userId: string; taskId: string; urlCode: string);
 
   procedure LoginError(AMsg: string);
   begin
-    ShowAppDialog('' + AMsg);
+    if (Pos('401:', AMsg) = 1) or
+       (Pos('Invalid url parameters', AMsg) > 0) or
+       (Pos('Expired link', AMsg) > 0) then
+      DisplayLoginView(userId, taskId)
+    else
+      ShowAppDialog('' + AMsg);
   end;
 
 begin
-  AuthService.Login( userId, taskId, urlCode,
+  AuthService.Login(userId, taskId, urlCode,
     @LoginSuccess,
     @LoginError
   );
 end;
 
 
-procedure DisplayLoginView(AMessage: string);
+procedure DisplayLoginView(AUserId: string; ATaskId: string; AMessage: string);
 begin
   AuthService.Logout;
   DMConnection.ApiConnection.Connected := False;
   if Assigned(FViewMain) then
     FViewMain.Free;
-  TFViewLogin.Display(@DisplayMainView, AMessage);
+  TFViewLogin.Display(@DisplayMainView, AUserId, ATaskId, AMessage);
 end;
 
 
@@ -77,24 +82,29 @@ begin
   codeParam := Application.Parameters.Values['url_code'];
 
   if (userIdParam = '') or (taskIdParam = '') or (codeParam = '') then
-  begin
-    DisplayLoginView();
-  end
+    DisplayLoginView(userIdParam, taskIdParam)
   else
   begin
     AuthService.Logout;
     DMConnection.ApiConnection.Connected := False;
     if Assigned(FViewMain) then
       FViewMain.Free;
-    Login( userIdParam, taskIdParam, codeParam );
+    Login(userIdParam, taskIdParam, codeParam);
   end;
 end;
 
 
 procedure DoLogout(AMsg: string);
+var
+  userIdParam: string;
+  taskIdParam: string;
 begin
   AuthService.Logout;
-   ShowAppDialog('Logout successful ' + AMsg);
+
+  userIdParam := Application.Parameters.Values['user_id'];
+  taskIdParam := Application.Parameters.Values['task_id'];
+
+  DisplayLoginView(userIdParam, taskIdParam);
 end;
 
 

emT3XDataServer/Source/Auth.Database.dfm

@@ -104,6 +104,7 @@ object AuthDatabase: TAuthDatabase
     Database = 'eTask'
     Username = 'root'
     Server = '192.168.102.131'
+    Connected = True
     LoginPrompt = False
     Left = 71
     Top = 133
@@ -130,15 +131,16 @@ object AuthDatabase: TAuthDatabase
       '  w.WEB_LOGIN'
       'from web_tasks_url w'
       'join users u on u.USER_ID = w.USER_ID'
-      'where w.USER_ID = :USER_ID'
+      'where u.USER_NAME = :USER_NAME'
       '  and w.TASK_ID = :TASK_ID'
-      '  and u.PASSWORD = :PASSWORD')
-    Left = 192
+      '  and u.PASSWORD = :PASSWORD'
+      '  and w.URL_CODE = :URL_CODE')
+    Left = 194
     Top = 44
     ParamData = <
       item
         DataType = ftUnknown
-        Name = 'USER_ID'
+        Name = 'USER_NAME'
         Value = nil
       end
       item
@@ -150,6 +152,11 @@ object AuthDatabase: TAuthDatabase
         DataType = ftUnknown
         Name = 'PASSWORD'
         Value = nil
+      end
+      item
+        DataType = ftUnknown
+        Name = 'URL_CODE'
+        Value = nil
       end>
     object uqWebLoginUSER_ID: TStringField
       FieldName = 'USER_ID'

emT3XDataServer/Source/Auth.Service.pas

@@ -18,9 +18,9 @@ type
   [ServiceContract, Model(AUTH_MODEL)]
   IAuthService = interface(IInvokable)
   ['{9CFD59B2-A832-4F82-82BB-9A25FC93F305}']
-    function Login(const userId, taskId, urlCode: string): string;
+    function Login(userId, taskId, urlCode: string): string;
     function VerifyVersion(ClientVersion: string): TJSONObject;
-    function WebLogin(const userId, taskId, password: string): string;
+    function WebLogin(userName, taskId, password: string): string;
   end;
 
 implementation

emT3XDataServer/Source/Auth.ServiceImpl.pas

@@ -29,14 +29,14 @@ type
     procedure AfterConstruction; override;
     procedure BeforeDestruction; override;
 
-    function CheckUrlLogin(const userId, taskId, urlCode: string): Integer;
-    function CheckUserLogin(const userId, taskId, password: string): Integer;
+    function CheckUrlLogin(userId, taskId, urlCode: string): Integer;
+    function CheckUserLogin(userName, taskId, password: string): Integer;
     procedure LoadUserFromUrlLoginQuery;
     procedure LoadUserFromWebLoginQuery;
   public
-    function Login(const userId, taskId, urlCode: string): string;
+    function Login(userId, taskId, urlCode: string): string;
     function VerifyVersion(ClientVersion: string): TJSONObject;
-    function WebLogin(const userId, password, taskId: string): string;
+    function WebLogin(userName, taskId, password: string): string;
   end;
 
 implementation
@@ -105,7 +105,7 @@ begin
 end;
 
 
-function TAuthService.CheckUrlLogin(const userId, taskId, urlCode: string): Integer;
+function TAuthService.CheckUrlLogin(userId, taskId, urlCode: string): Integer;
 var
   sql: string;
   timeNow: TDateTime;
@@ -180,7 +180,7 @@ begin
 end;
 
 
-function TAuthService.Login(const userId, taskId, urlCode: string): string;
+function TAuthService.Login(userId, taskId, urlCode: string): string;
 var
   userState: Integer;
   jwt: TJWT;
@@ -239,39 +239,39 @@ begin
 end;
 
 
-function TAuthService.WebLogin(const userId, password, taskID: string): string;
+function TAuthService.WebLogin(userName, taskId, password: string): string;
 var
   userState: Integer;
   jwt: TJWT;
 begin
-  Logger.Log(3, Format('AuthService.WebLogin - UserID: %s, TaskID: %s, password: %s', [userId, taskId, password]));
+  Logger.Log(3, Format('AuthService.WebLogin - UserName: %s, TaskID: %s', [userName, taskId]));
 
   try
-    userState := CheckUserLogin(userId, taskId, password);
+    userState := CheckUserLogin(userName, taskId, password);
   except
     on E: Exception do
     begin
-      Logger.Log(1, 'URL Login failed due to database error: ' + E.Message);
+      Logger.Log(1, 'Web Login failed due to database error: ' + E.Message);
       raise EXDataHttpException.Create(500, 'Login failed: Unable to connect to the database.');
     end;
   end;
 
   if userState = 0 then
   begin
-    Logger.Log(2, 'Login Error: Invalid url parameters');
-    raise EXDataHttpUnauthorized.Create('Invalid url parameters');
+    Logger.Log(2, 'Web Login Error: Invalid username, task id, or password');
+    raise EXDataHttpUnauthorized.Create('Invalid user name, task id, or password');
   end;
 
   if userState = 1 then
   begin
-    Logger.Log(2, 'Login Error: User not active!');
+    Logger.Log(2, 'Web Login Error: User not active!');
     raise EXDataHttpUnauthorized.Create('User not active!');
   end;
 
   if userState = 2 then
   begin
-    Logger.Log(2, 'Login Error: Expired link');
-    raise EXDataHttpUnauthorized.Create('Expired link');
+    Logger.Log(2, 'Web Login Error: Web login is not enabled for this task');
+    raise EXDataHttpUnauthorized.Create('Web login is not enabled for this task');
   end;
 
   jwt := TJWT.Create;
@@ -298,26 +298,17 @@ begin
 end;
 
 
-function TAuthService.CheckUserLogin(const userId, taskId, password: string): Integer;
+function TAuthService.CheckUserLogin(userName, taskId, password: string): Integer;
 var
-  sql: string;
   webLogin: string;
 begin
-  Logger.Log(3, 'TAuthService.CheckUserLogin(const userId, taskId, password: string): Integer' );
-
-  sql := 'select u.USER_ID, u.USER_NAME, u.NAME, u.STATUS, u.EMAIL, u.ACCESS_LEVEL, ';
-  sql := sql + 'u.TASK_RIGHTS, u.PERSPECTIVE_ID, u.LAST_NAME, u.FIRST_NAME, ';
-  sql := sql + 'w.URL_TIME, w.URL_TIME_EXP, w.WEB_LOGIN ';
-  sql := sql + 'from web_tasks_url w ';
-  sql := sql + 'join users u on u.USER_ID = w.USER_ID ';
-  sql := sql + 'where w.USER_ID = :USER_ID and w.TASK_ID = :TASK_ID and u.PASSWORD = :PASSWORD and w.URL_CODE = :URL_CODE';
+  Logger.Log(3, 'TAuthService.CheckUserLogin(const userId, taskId, password: string): Integer');
 
   authDB.uqWebLogin.Close;
-  authDB.uqWebLogin.SQL.Text := sql;
-  authDB.uqWebLogin.ParamByName('USER_ID').AsString := userId;
+  authDB.uqWebLogin.ParamByName('USER_NAME').AsString := userName;
   authDB.uqWebLogin.ParamByName('TASK_ID').AsString := taskId;
   authDB.uqWebLogin.ParamByName('PASSWORD').AsString := password;
-  authDB.uqWebLogin.ParamByName('URL_CODE').AsString := 'WebLogin';
+  authDB.uqWebLogin.ParamByName('URL_CODE').AsString := '000000';
   authDB.uqWebLogin.Open;
 
   if authDB.uqWebLogin.IsEmpty then
@@ -337,7 +328,7 @@ begin
   webLogin := authDB.uqWebLoginWEB_LOGIN.AsString;
   if webLogin <> 'T' then
   begin
-    Logger.Log( 3, '--Web Login failed 2: WEB_LOGIN <> "T"' );
+    Logger.Log(3, '--Web Login failed 2: WEB_LOGIN <> "T"');
     Result := 2;
     Exit;
   end;

emT3XDataServer/bin/emT3XDataServer.ini

@@ -2,11 +2,11 @@
 MemoLogLevel=4
 FileLogLevel=4
 webClientVersion=0.8.8
-LogFileNum=169
+LogFileNum=174
 
 [Database]
---Server=192.168.102.131
-Server=192.168.116.131
+Server=192.168.102.131
+--Server=192.168.116.131
 --Server=192.168.159.10
 Database=eTask
 Username=root