This is the legacy 4D documentation web site. Documentations are progressively being moved to developer.4d.com
- 4D Language Reference
-
- Database Methods
-
-
Database Methods
-
On Backup Shutdown database method
-
On Backup Startup database method
-
On Drop database method
-
On Exit database method
-
On Host Database Event database method
-
On Mobile App Action database method
-
On Mobile App Authentication database method
-
On REST Authentication database method
-
On Server Close Connection database method
-
On Server Open Connection database method
-
On Server Shutdown database method
-
On Server Startup database method
-
On SQL Authentication database method
-
On Startup database method
-
On System Event database method
-
On Web Authentication database method
-
On Web Connection database method
-
On Web Legacy Close Session database method
-
On REST Authentication database method
| $1, $2, $3, $4 -> On REST Authentication database method -> $0 | ||||||||
| Parameter | Type | Description | ||||||
| $1 | Text |
|
User name | |||||
| $2 | Text |
|
Password | |||||
| $3 | Boolean |
|
True = Digest mode, False = Basic mode | |||||
| $4 | Text |
|
Ip address of the caller | |||||
| $0 | Boolean |
|
True = session opening accepted, False = session opening rejected | |||||
The On REST Authentication database method provides you with a custom way of controlling the opening of REST sessions on 4D. This database method is automatically called when a new session is opened by a remote datastore (with the Open datastore command).
When a request to open a REST session is received, the connection identifiers are provided in the header of the request. The On REST Authentication database method is called so that you can evaluate these identifiers. You can use the list of users for the 4D database or you can use your own table of identifiers.
Important: When On REST Authentication database method is defined (i.e. when it contains at least a character), 4D fully delegates control of REST requests to it: any setting made using the "Read/Write" menu on the Web/REST resource page of the Database Settings is ignored.
The database method receives three parameters ($1, $2 and $4) of the Text type and a Boolean ($3), passed by 4D, and returns a Boolean, $0. You must declare these parameters as follows:
//On REST Authentication database method
C_TEXT($1;$2;$4)
C_BOOLEAN($0;$3)
... // Code for the method$1 contains the user name and $2 the password used for the connection.
The password ($2) can be received either in clear or hashed form, depending on the mode used by the request. This mode is indicated by the $3 parameter to enable you to perform the appropriate processing:
- If the password is sent in clear (Basic mode), $3 returns False.
- If it is sent in hashed form (Digest mode), $3 returns True.
When a REST connection request comes from the Open datastore command, the password is always sent in hashed form.
The IP address of the caller ($4) is useful when you want to filter certain IP addresses for example.
You must check the identifiers of the REST connection in the database method. Usually, you check the name, password and/or IP address using a custom user table. If the identifiers are valid, pass True in $0. The request is then accepted; 4D opens a session and returns the result in JSON.
Otherwise, pass False in $0; in this case, the connection is rejected and the server returns an authentication error to the sender of the request.
If the user is referenced in the list of 4D users of the database, you can check the password directly by means of the following statement:
$0:=Validate password($1;$2;$3)The Validate password command accepts a user name as first parameter as well as an optional parameter indicating whether the password is expressed in hashed form.
If you want to use your own list of users external to the 4D database list, you can save their passwords in hashed form using the same algorithm as that used by 4D when sending the connection request to the On REST Authentication database method in $2, thanks to the Generate digest command. To hash a password using this method, you can write:
$HashedPasswd:=Generate digest($ClearPasswd ;4D REST digest)This example only accepts the "admin" user with the password "123" that does not match a 4D user:
//On REST Authentication database method
C_TEXT($1;$2)
C_BOOLEAN($0;$3)
//$1: user
//$2: password
//$3: digest mode
If($1="admin")
If($3)
$0:=($2=Generate digest("123";4D REST digest))
Else
$0:=($2="123")
End if
Else
$0:=False
End ifThis example excludes an IP (passwords are hashed with 4D REST digest algorithm in Users dataclass):
// On REST Authentication database method
C_TEXT($1;$name;$2;$password)
C_TEXT($4;$ip)
C_BOOLEAN($0;$result;$3;$digest)
C_OBJECT($user)
$name:=$1
$password:=$2
$digest:=$3
$ip:=$4
$result:=False
If($ip#"123.45.67.89") //Excluded IP
$user:=ds.Users.query("name=:1";$name).first()
// Passwords are hashed with 4D REST digest algorithm in Users dataclass
If($user#Null)
If($digest &($user.password=$password))
$result:=True
End if
End if
End if
$0:=$resultIn this example, we manage also 4D users:
//On REST Authentication database method
C_TEXT($1;$name;$2;$password)
C_BOOLEAN($0;$result;$3;$digest)
C_OBJECT($user)
$name:=$1
$password:=$2
$digest:=$3
$result:=False
$user:=ds.Users.query("name=:1";$name).first()
// Passwords are hashed with 4D REST digest in Users dataclass
If($user#Null)
If($digest &($user.password=$password))
$result:=True
End if
Else // Manage 4D users
$result:=Validate password($name;$password;$digest)
End if
$0:=$result
Product: 4D
Theme: Database Methods
Number:
3367
Created: 4D v14
Renamed: 4D v14 R3 (On 4D Mobile Authentication database method)
Modified: 4D v18
Renamed: 4D v18 (On 4D Mobile Authentication database method)
4D Language Reference ( 4D v20)
4D Language Reference ( 4D v20.1)
4D Language Reference ( 4D v20.2)
4D Language Reference ( 4D v20.3)
4D Language Reference ( 4D v20.4)
4D Language Reference ( 4D v20.5)
4D Language Reference ( 4D v20.6)
