search

fabriciocolombo / delphi-rest-client-api

A Delphi REST client API to consume REST services written in any programming language.
Apache License 2.0
380 stars 182 forks source link

Credentials not properly encoded in XE2 #49

Closed esasse closed 9 years ago

esasse commented 9 years ago

The problem is in this call to Base64EncodeStr function. In Delphi XE2 the encoded string is wrong so the authentication fails.

To test I replaced this call with EncdDecd.EncodeString and the problem was gone. I'm not sure this is the best way to fix the problem because EncdDecd unit is not part of the standard RTL and may not be available in all Delphi versions.

I tried to find a newer version of DCPcrypt, but looks like we already have the newest version: https://bitbucket.org/wpostma/dcpcrypt2010

patrick-heuer commented 9 years ago

This brings me to an idea: Maybe this is the reason I cannot connect to my own C#/.NET webservice via SSL/HTTP(S) and HTTP Basic authentication with Delphi XE ! I always got HTTP error “403 / Forbidden”… I ´ll try your idea…

Regards, Patrick

Von: Erick Sasse [mailto:notifications@github.com] Gesendet: Dienstag, 14. Juli 2015 04:53 An: fabriciocolombo/delphi-rest-client-api Betreff: [delphi-rest-client-api] Credentials not properly encoded in XE2 (#49)

The problem is in this callhttps://github.com/fabriciocolombo/delphi-rest-client-api/blob/master/src/RestClient.pas#L285 to Base64EncodeStr function. In Delphi XE2 the encoded string is wrong so the authentication fails.

To test I replaced this call with EncdDecd.EncodeString and the problem was gone. I'm not sure this is the best way to fix the problem because EncdDecd unit is not part of the standard RTL and may not be available in all Delphi versions.

I tried to find a newer version of DCPcrypt, but looks like we already have the newest version: https://bitbucket.org/wpostma/dcpcrypt2010

— Reply to this email directly or view it on GitHubhttps://github.com/fabriciocolombo/delphi-rest-client-api/issues/49.

patrick-heuer commented 9 years ago

confirmed: after exclude the Delphi XE "Base64EncodeStr" function and its replacement with the correct hardcoded string (for testing), it works fine - 403 error was gone!

fabriciocolombo commented 9 years ago

Good catch @esasse. The Base64EncodeStr is overloaded with an ansistring and unicode version, then the unicode version was called and cause the problem. I replace DCPcrypt in favor to EncdDecd.

esasse commented 9 years ago

@fabriciocolombo was fast, thanks! :smile:

I was writing a comment with a workaround, so I'm going to post anyway, just in case it could be useful to someone.

You can encode the credentials and add it to the header instead of using the SetCredentials:

RestClient.Resource('http://example.com')
                   .Header('Authorization', EncodedCredentials)
                   .Get<TPerson>()
fabriciocolombo commented 9 years ago

Yes, the authorization header is included only if not present. https://github.com/fabriciocolombo/delphi-rest-client-api/blob/master/src/RestClient.pas#L283

Please let me know if it's working now @esasse and @PKrause79

esasse commented 9 years ago

It's working now, thanks @fabriciocolombo!