ex: fixed TBO samples

Arnaud Bouchez · Arnaud Bouchez · commit 50f2ce5bd94c · 2025-11-15T11:15:51.000+01:00
diff --git a/ex/ThirdPartyDemos/tbo/02-Zip-AES-Pictures/frm_Main.pas b/ex/ThirdPartyDemos/tbo/02-Zip-AES-Pictures/frm_Main.pas
@@ -96,7 +96,7 @@ constructor TImageResourceFile.Create(const pmcFileName: TFileName; const pmcPas
 
 destructor TImageResourceFile.Destroy;
 begin
-  FillZero(FPassword);
+  FillZero(RawByteString(FPassword));
   inherited Destroy;
 end;
 
diff --git a/ex/ThirdPartyDemos/tbo/03-HttpServer-MethodServices/TestRestServer.dpr b/ex/ThirdPartyDemos/tbo/03-HttpServer-MethodServices/TestRestServer.dpr
@@ -21,6 +21,7 @@ uses
   mormot.core.search,
   mormot.core.buffers,
   mormot.core.unicode,
+  mormot.crypt.secure,
   mormot.orm.base,
   mormot.orm.core,
   mormot.rest.core,
@@ -145,8 +146,7 @@ begin
   if not FileExists(pmcFileName) then Exit; //=>
 
   json := AnyTextFileToRawUtf8(pmcFileName, {AssumeUtf8IfNoBom=} True);
-  if IsValidJson(json)
-    and (DynArrayLoadJson(customers, Pointer(json), TypeInfo(TCustomerItemArray)) <> Nil) then
+  if DynArrayLoadJson(customers, json, TypeInfo(TCustomerItemArray)) then
   begin
     var authUser: TFileAuthUser := TFileAuthUser.Create;
     try
@@ -158,7 +158,8 @@ begin
           authUser.CustomerNum := customers[i].CustomerNum;
           authUser.LogonName := customers[i].LoginUserName;
           // Never work with passwords in plain text, this also applies to saving! Therefore, this is not a good example.
-          authUser.PasswordHashHexa := TAuthUser.ComputeHashedPassword(customers[i].LoginPassword);
+          authUser.PasswordPlain := customers[i].LoginPassword;
+          // consider using SCRAM-MCF with authUser.SetPassword(..., mcfSha256Crypt) here
           authUser.DisplayName := StringToUtf8(Format('Customer number: %d', [customers[i].CustomerNum]));
           authUser.GroupRights := TAuthGroup(3);  // AuthGroup: User
           Server.Add(authUser, True);
diff --git a/ex/ThirdPartyDemos/tbo/04-HttpServer-InterfaceServices/frm_Main.pas b/ex/ThirdPartyDemos/tbo/04-HttpServer-InterfaceServices/frm_Main.pas
@@ -226,7 +226,7 @@ procedure TfrmMain.ExecuteConnectServerInternal(const pmcUserName, pmcPassword:
 begin
   if FDocumentService.Client.ServerTimeStampSynchronize then
   begin
-    if FDocumentService.Client.SetUser(pmcUserName, TAuthUser.ComputeHashedPassword(pmcPassword), True) then
+    if FDocumentService.Client.SetUser(pmcUserName, pmcPassword) then
     begin
       if FDocumentService.InitializeServices then
         scsCode := scsOk
diff --git a/ex/ThirdPartyDemos/tbo/04-HttpServer-InterfaceServices/u_ServiceServer.pas b/ex/ThirdPartyDemos/tbo/04-HttpServer-InterfaceServices/u_ServiceServer.pas
@@ -114,8 +114,7 @@ function TFileRestServer.InitAuthForAllCustomers(const pmcFileName: TFileName):
   if not FileExists(pmcFileName) then Exit; //=>
 
   json := AnyTextFileToRawUtf8(pmcFileName, {AssumeUtf8IfNoBom=} True);
-  if IsValidJson(json)
-    and (DynArrayLoadJson(customers, Pointer(json), TypeInfo(TCustomerItemArray)) <> Nil) then
+  if DynArrayLoadJson(customers, json, TypeInfo(TCustomerItemArray)) then
   begin
     var authUser: TFileAuthUser := TFileAuthUser.Create;
     try
@@ -127,7 +126,8 @@ function TFileRestServer.InitAuthForAllCustomers(const pmcFileName: TFileName):
           authUser.CustomerNum := customers[i].CustomerNum;
           authUser.LogonName := customers[i].LoginUserName;
           // Never work with passwords in plain text, this also applies to saving! Therefore, this is not a good example.
-          authUser.PasswordHashHexa := TAuthUser.ComputeHashedPassword(customers[i].LoginPassword);
+          authUser.PasswordPlain := customers[i].LoginPassword;
+          // consider using SCRAM-MCF with authUser.SetPassword(..., mcfSha256Crypt) here
           authUser.DisplayName := StringToUtf8(Format('Customer number: %d', [customers[i].CustomerNum]));
           authUser.GroupRights := TAuthGroup(3);  // AuthGroup: User
           Server.Add(authUser, True);
diff --git a/ex/ThirdPartyDemos/tbo/05-WebMustache/u_FileServer.pas b/ex/ThirdPartyDemos/tbo/05-WebMustache/u_FileServer.pas
@@ -267,7 +267,7 @@ function TFileServer.DoZipFileRequest(pmCtxt: THttpServerRequestAbstract; const
     if Length(rawFileContent) > 0 then
     begin
       pmCtxt.OutContent := rawFileContent;
-      pmCtxt.OutContentType := GetMimeContentType(Pointer(rawFileContent), Length(rawFileContent), Utf8ToString(contentFile));
+      pmCtxt.OutContentType := GetMimeContentType(rawFileContent, Utf8ToString(contentFile));
       pmCtxt.OutCustomHeaders := HEADER_CONTENT_TYPE + pmCtxt.OutContentType;
       Result := HTTP_SUCCESS;
     end;
@@ -295,7 +295,7 @@ function TFileServer.SplitUrlSchemePathAndQuery(const pmcUrl: RawUtf8; out pmoUr
   urlQuery: PUtf8Char;
   urlPathLen: Integer;
 begin
-  p := PUtf8Char(Pointer(pmcUrl));
+  p := pointer(pmcUrl);
   if (p <> Nil) and (p^ = '/') then
     Inc(p)
   else
diff --git a/src/mormot.commit.inc b/src/mormot.commit.inc
@@ -1 +1 @@
-'2.3.13055'
+'2.3.13056'
