Usuários e sessões
Sessões
When scalable sessions are enabled (recommended), REST requests can create and use web user sessions, providing extra features such as multiple requests handling, data sharing between web client processes, and control of user privileges.
Cuando se abre una sesión de usuario web, puede manejarla a través del objeto Session
y la Session API. Subsequent REST requests reuse the same session cookie.
Uma sessão é aberta depois que o usuário é autenticado com sucesso (veja abaixo).
- On 4D Server, opening a REST session requires that a free 4D client license is available.
- Em 4D single-user, pode abrir até três sessões REST para fins de teste.
Force login mode
O modo de login legado baseado no método de banco de dados On REST Authentication
é obsoleto a partir de 4D 20 R6. It is now recommended to use the force login mode (automatically enabled in new projects) and to implement the ds.authentify()
function. In converted projects, a button in the Settings dialog box will help you upgrade your configuration. In Qodly Studio for 4D, the mode can be set using the Force login option in the Privileges panel.
A sequência de login do usuário é a seguinte:
-
At the first REST call (for a Qodly page call for example), a "guest" web user session is created. It has no privileges, no rights to execute requests other than descriptive REST requests, no license consumption.
Descriptive REST requests are always processed by the server, even if no web user session using a license is opened. In this case, they are processed through "guest" sessions. -
You call your
authentify()
function (created beforehand), in which you check the user credentials and callSession.setPrivileges()
with appropriate privileges.authentify()
must be an exposed datastore class function. -
La petición
/rest/$catalog/authentify
se envía al servidor junto con las credenciales del usuario. This step only requires a basic login form that do not access data; it can be a Qodly page (called via the/rest/$getWebForm
request). -
If the user is successfully authentified, a 4D license is consumed on the server and all REST requests are accepted.
In the user login phase, license usage is disconnected from web user sessions. A license is required only when the Session.setPrivileges()
is executed, allowing you to control the number of used licenses.
All other REST requests (handling data or executing a function) will only be processed if they are executed within a web session with appropriate privileges, otherwise they return an error. To assign privileges to a web session, you need to execute the Session.setPrivileges()
function for the session. A execução dessa função aciona o consumo da licença 4D.
Solicitações REST descritivas
Descriptive REST requests can be processed in web user sessions that do not require licenses ("guest" sessions). Essas solicitações são:
/rest/$catalog
requests (e.g./rest/$catalog/$all
) - access to available dataclasses/rest/$catalog/authentify
- la función del almacén de datos utilizada para iniciar sesión del usuario/rest/$getWebForm
- Renderização de uma página Qodly
Function authentify
Sintaxe
exposed Function authentify({params : type}) {-> result : type}
// code
The authentify()
function must be implemented in the DataStore class of the project and must be called through a REST request.
This function is the only available entry point from REST guest sessions when the "force login" mode is enabled: any other function call or data access is rejected until the session acquires appropriate privileges.
The authentify()
function can always be executed by a REST guest session, whatever the roles.json
file configuration.
The function can receive any authentication or contextual information as parameter(s) and can return any value. Since this function can only be called from a REST request, parameters must be passed through the body of the POST request.
Esta função deve conter duas partes:
- some code to identify and authenticate the REST request sender,
- if the authentication is successful, a call to
Session.setPrivileges()
that assigns appropriate privileges to the session.
If the function does not call Session.setPrivileges()
, no privileges are assigned, no license is consumed and subsequent non-descriptive REST requests are rejected.
Exemplo
You only want to know users to open a web session on the server. Ha creado la siguiente función authentify()
en la clase datastore:
exposed Function authentify($credentials : Object) : Text
var $users : cs.UsersSelection
var $user : cs.UsersEntity
$users:=ds.Users.query("name = :1"; $credentials.name)
$user:=$users.first()
If ($user#Null) //the user is known
If (Verify password hash($credentials.password; $user.password))
Session.setPrivileges("vip")
Else
return "Wrong password"
End if
Else
return "Wrong user"
End if
Para llamar a la función authentify()
:
POST 127.0.0.1:8111/rest/$catalog/authentify
Corpo do pedido:
[{"name":"Henry",
"password":"123"}]