Added CMS_RESPONSE.request_url (...)

Update a few callers of CMS_RESPONSE.url (...).
Renamed the demo files using "server" instead of "demo".

examples/demo/server.ini

@@ -5,5 +5,5 @@ socket_timeout=60
 socket_recv_timeout=45
 keep_alive_timeout=25
 ssl_enabled=false
-ssl_ca_key=demo.key
+ssl_ca_key=server.key
-ssl_ca_crt=demo.crt
+ssl_ca_crt=server.crt

examples/demo/src/demo_cms_server.e

@@ -10,9 +10,16 @@ class
 
 inherit
 	ROC_CMS_LAUNCHER [DEMO_CMS_EXECUTION]
+		redefine
+			optional_application_name
+		end
 
 create
 	make_and_launch
 
+feature -- Access	
+
+	optional_application_name: STRING_32 = "server"
+
 end
 

modules/admin/handler/cms_admin_cache_handler.e

@@ -89,7 +89,7 @@ feature -- Widget
 		local
 			but: WSF_FORM_SUBMIT_INPUT
 		do
-			create Result.make (a_response.url (a_response.location, Void), "form_clear_cache")
+			create Result.make (a_response.request_url (Void), "form_clear_cache")
 			create but.make_with_text ("op", text_clear_all_caches)
 			Result.extend (but)
 		end

modules/admin/handler/cms_admin_export_handler.e

@@ -105,7 +105,7 @@ feature -- Widget
 			f_name: WSF_FORM_TEXT_INPUT
 			but: WSF_FORM_SUBMIT_INPUT
 		do
-			create Result.make (a_response.url (a_response.location, Void), "export_all_data")
+			create Result.make (a_response.request_url (Void), "export_all_data")
 			Result.extend_raw_text ("Export CMS data to ")
 			create f_name.make_with_text ("folder", (create {DATE_TIME}.make_now_utc).formatted_out ("yyyy-[0]mm-[0]dd---hh24-[0]mi-[0]ss"))
 			f_name.set_label ("Export folder name")

modules/admin/handler/cms_admin_import_handler.e

@@ -113,7 +113,7 @@ feature -- Widget
 			f_name: WSF_FORM_TEXT_INPUT
 			but: WSF_FORM_SUBMIT_INPUT
 		do
-			create Result.make (a_response.url (a_response.location, Void), "import_all_data")
+			create Result.make (a_response.request_url (Void), "import_all_data")
 			Result.extend_raw_text ("Import CMS data from ")
 			create f_name.make_with_text ("folder", "default")
 			f_name.set_label ("Import folder name")

modules/admin/handler/cms_admin_modules_handler.e

@@ -188,7 +188,7 @@ feature -- Execution
 			l_mods_to_install: ARRAYED_LIST [CMS_MODULE]
 			l_extra: STRING
 		do
-			create Result.make (a_response.url (a_response.location, Void), "modules_collection")
+			create Result.make (a_response.request_url (Void), "modules_collection")
 			create w_tb.make
 			w_tb.add_css_class ("modules_table")
 			create w_row.make (5)
@@ -283,7 +283,7 @@ feature -- Execution
 
 			l_mods_to_install: ARRAYED_LIST [CMS_MODULE]
 		do
-			create Result.make (a_response.url (a_response.location, Void), "modules_collection")
+			create Result.make (a_response.request_url (Void), "modules_collection")
 			create l_mods_to_install.make (0)
 			across
 				api.setup.modules as ic

modules/admin/handler/role/cms_role_form_response.e

@@ -63,7 +63,7 @@ feature -- Process Edit
 			fd: detachable WSF_FORM_DATA
 		do
 			create b.make_empty
-			f := new_edit_form (a_role, url (request.percent_encoded_path_info, Void), "edit-user")
+			f := new_edit_form (a_role, request_url (Void), "edit-user")
 			api.hooks.invoke_form_alter (f, fd, Current)
 			if request.is_post_request_method then
 				f.validation_actions.extend (agent edit_form_validate(?,a_role, b))
@@ -96,7 +96,7 @@ feature -- Process Delete
 			fd: detachable WSF_FORM_DATA
 		do
 			create b.make_empty
-			f := new_delete_form (a_role, url (request.percent_encoded_path_info, Void), "edit-user")
+			f := new_delete_form (a_role, request_url (Void), "edit-user")
 			api.hooks.invoke_form_alter (f, fd, Current)
 			if request.is_post_request_method then
 				f.process (Current)
@@ -128,7 +128,7 @@ feature -- Process New
 			l_role: detachable CMS_USER_ROLE
 		do
 			create b.make_empty
-			f := new_edit_form (l_role, url (request.percent_encoded_path_info, Void), "create-role")
+			f := new_edit_form (l_role, request_url (Void), "create-role")
 			api.hooks.invoke_form_alter (f, fd, Current)
 			if request.is_post_request_method then
 				f.validation_actions.extend (agent new_form_validate(?, b))

modules/admin/handler/user/cms_user_form_response.e

@@ -64,7 +64,7 @@ feature -- Process Edit
 			fd: detachable WSF_FORM_DATA
 		do
 			create b.make_empty
-			f := new_edit_form (a_user, url (location, Void), "edit-user")
+			f := new_edit_form (a_user, request_url (Void), "edit-user")
 			api.hooks.invoke_form_alter (f, fd, Current)
 			if request.is_post_request_method then
 				f.submit_actions.extend (agent edit_form_submit (?, a_user, b))
@@ -96,7 +96,7 @@ feature -- Process Delete
 			fd: detachable WSF_FORM_DATA
 		do
 			create b.make_empty
-			f := new_delete_form (a_user, url (location, Void), "edit-user")
+			f := new_delete_form (a_user, request_url (Void), "edit-user")
 			api.hooks.invoke_form_alter (f, fd, Current)
 			if request.is_post_request_method then
 				f.process (Current)
@@ -129,7 +129,7 @@ feature -- Process New
 			l_user: detachable CMS_USER
 		do
 			create b.make_empty
-			f := new_edit_form (l_user, url (location, Void), "create-user")
+			f := new_edit_form (l_user, request_url (Void), "create-user")
 			api.hooks.invoke_form_alter (f, fd, Current)
 			if request.is_post_request_method then
 				f.validation_actions.extend (agent new_form_validate (?, b))

modules/auth/cms_authentication_module.e-BAK

@@ -0,0 +1,703 @@
+note
+	description: "Module Auth"
+	date: "$Date: 2015-05-20 06:50:50 -0300 (mi. 20 de may. de 2015) $"
+	revision: "$Revision: 97328 $"
+
+class
+	CMS_AUTHENTICATION_MODULE
+
+inherit
+	CMS_MODULE
+		redefine
+			register_hooks
+		end
+
+
+	CMS_HOOK_AUTO_REGISTER
+
+	CMS_HOOK_VALUE_TABLE_ALTER
+
+	CMS_HOOK_BLOCK
+
+	CMS_HOOK_MENU_SYSTEM_ALTER
+
+	SHARED_EXECUTION_ENVIRONMENT
+		export
+			{NONE} all
+		end
+
+	REFACTORING_HELPER
+
+	SHARED_LOGGER
+
+	CMS_REQUEST_UTIL
+
+create
+	make
+
+feature {NONE} -- Initialization
+
+	make
+			-- Create current module
+		do
+			version := "1.0"
+			description := "Authentication module"
+			package := "authentication"
+
+			create root_dir.make_current
+			cache_duration := 0
+		end
+
+feature -- Access
+
+	name: STRING = "auth"
+
+feature -- Access: docs
+
+	root_dir: PATH
+
+	cache_duration: INTEGER
+			-- Caching duration
+			--|  0: disable
+			--| -1: cache always valie
+			--| nb: cache expires after nb seconds.
+
+	cache_disabled: BOOLEAN
+		do
+			Result := cache_duration = 0
+		end
+
+feature -- Router
+
+	setup_router (a_router: WSF_ROUTER; a_api: CMS_API)
+			-- <Precursor>
+		do
+			configure_web (a_api, a_router)
+		end
+
+	configure_web (a_api: CMS_API; a_router: WSF_ROUTER)
+		do
+			a_router.handle ("/account", create {WSF_URI_AGENT_HANDLER}.make (agent handle_account (a_api, ?, ?)), a_router.methods_head_get)
+			a_router.handle ("/account/roc-login", create {WSF_URI_AGENT_HANDLER}.make (agent handle_login (a_api, ?, ?)), a_router.methods_head_get)
+			a_router.handle ("/account/roc-logout", create {WSF_URI_AGENT_HANDLER}.make (agent handle_logout (a_api, ?, ?)), a_router.methods_head_get)
+			a_router.handle ("/account/roc-register", create {WSF_URI_AGENT_HANDLER}.make (agent handle_register (a_api, ?, ?)), a_router.methods_get_post)
+			a_router.handle ("/account/activate/{token}", create {WSF_URI_TEMPLATE_AGENT_HANDLER}.make (agent handle_activation (a_api, ?, ?)), a_router.methods_head_get)
+			a_router.handle ("/account/reactivate", create {WSF_URI_AGENT_HANDLER}.make (agent handle_reactivation (a_api, ?, ?)), a_router.methods_get_post)
+			a_router.handle ("/account/new-password", create {WSF_URI_AGENT_HANDLER}.make (agent handle_new_password (a_api, ?, ?)), a_router.methods_get_post)
+			a_router.handle ("/account/reset-password", create {WSF_URI_AGENT_HANDLER}.make (agent handle_reset_password (a_api, ?, ?)), a_router.methods_get_post)
+			a_router.handle ("/account/change-password", create {WSF_URI_AGENT_HANDLER}.make (agent handle_change_password (a_api, ?, ?)), a_router.methods_get_post)
+			a_router.handle ("/account/post-change-password", create {WSF_URI_AGENT_HANDLER}.make (agent handle_post_change_password (a_api, ?, ?)), a_router.methods_get)
+		end
+
+feature -- Hooks configuration
+
+	register_hooks (a_response: CMS_RESPONSE)
+			-- Module hooks configuration.
+		do
+			auto_subscribe_to_hooks (a_response)
+			a_response.subscribe_to_block_hook (Current)
+			a_response.subscribe_to_value_table_alter_hook (Current)
+		end
+
+	value_table_alter (a_value: CMS_VALUE_TABLE; a_response: CMS_RESPONSE)
+			-- <Precursor>
+		do
+			a_value.force (a_response.user, "user")
+		end
+
+	menu_system_alter (a_menu_system: CMS_MENU_SYSTEM; a_response: CMS_RESPONSE)
+			-- Hook execution on collection of menu contained by `a_menu_system'
+			-- for related response `a_response'.
+		local
+			lnk: CMS_LOCAL_LINK
+		do
+			if attached a_response.current_user (a_response.request) as u then
+				create lnk.make (u.name +  " (Logout)", "account/roc-logout" )
+				lnk.set_weight (98)
+				a_menu_system.primary_menu.extend (lnk)
+			else
+				create lnk.make ("Login", "account/roc-login")
+				lnk.set_weight (98)
+				a_menu_system.primary_menu.extend (lnk)
+			end
+		end
+
+feature -- Handler
+
+	handle_account (api: CMS_API; req: WSF_REQUEST; res: WSF_RESPONSE)
+		local
+			r: CMS_RESPONSE
+		do
+			create {GENERIC_VIEW_CMS_RESPONSE} r.make (req, res, api)
+
+			if attached template_block ("account_info", r) as l_tpl_block then
+				if attached r.user as l_user then
+					r.set_value (api.user_api.user_roles (l_user), "roles")
+				end
+				r.add_block (l_tpl_block, "content")
+			else
+				debug ("cms")
+					r.add_warning_message ("Error with block [resources_page]")
+				end
+			end
+			r.execute
+		end
+
+
+
+	handle_login (api: CMS_API; req: WSF_REQUEST; res: WSF_RESPONSE)
+		local
+			r: CMS_RESPONSE
+		do
+			if attached api.module_by_name ("basic_auth") then
+					-- FIXME: find better solution to support a default login system.
+				create {GENERIC_VIEW_CMS_RESPONSE} r.make (req, res, api)
+				r.set_redirection (r.absolute_url ("/account/roc-basic-auth", Void))
+				r.execute
+			else
+				create {GENERIC_VIEW_CMS_RESPONSE} r.make (req, res, api)
+				r.execute
+			end
+		end
+
+	handle_logout (api: CMS_API; req: WSF_REQUEST; res: WSF_RESPONSE)
+		local
+			r: CMS_RESPONSE
+		do
+			create {GENERIC_VIEW_CMS_RESPONSE} r.make (req, res, api)
+			r.set_redirection (r.absolute_url ("", Void))
+			r.execute
+		end
+
+
+
+	handle_register (api: CMS_API; req: WSF_REQUEST; res: WSF_RESPONSE)
+		local
+			r: CMS_RESPONSE
+			l_user_api: CMS_USER_API
+			u: CMS_USER
+			l_roles: LIST [CMS_USER_ROLE]
+			l_exist: BOOLEAN
+			es: CMS_AUTHENTICATON_EMAIL_SERVICE
+			l_url: STRING
+			l_token: STRING
+		do
+			create {GENERIC_VIEW_CMS_RESPONSE} r.make (req, res, api)
+			if r.has_permission ("account register") then
+				if req.is_post_request_method then
+					if
+						attached {WSF_STRING} req.form_parameter ("name") as l_name and then
+						attached {WSF_STRING} req.form_parameter ("password") as l_password and then
+						attached {WSF_STRING} req.form_parameter ("email") as l_email
+					then
+						l_user_api := api.user_api
+
+						if attached l_user_api.user_by_name (l_name.value) then
+								-- Username already exist.
+							r.set_value ("User name already exists!", "error_name")
+							l_exist := True
+						end
+						if attached l_user_api.user_by_email (l_email.value) then
+								-- Emails already exist.
+							r.set_value ("An account is already associated with that email address!", "error_email")
+							l_exist := True
+						end
+
+						if not l_exist then
+								-- New user
+							create {ARRAYED_LIST [CMS_USER_ROLE]}l_roles.make (1)
+							l_roles.force (l_user_api.authenticated_user_role)
+
+							create u.make (l_name.value)
+							u.set_email (l_email.value)
+							u.set_password (l_password.value)
+							u.set_roles (l_roles)
+							l_user_api.new_user (u)
+
+								-- Create activation token
+							l_token := new_token
+							l_user_api.new_activation (l_token, u.id)
+							l_url := req.absolute_script_url ("/account/activate/" + l_token)
+
+								-- Send Email
+							create es.make (create {CMS_AUTHENTICATION_EMAIL_SERVICE_PARAMETERS}.make (api))
+							write_debug_log (generator + ".handle register: send_contact_email")
+							es.send_contact_email (l_email.value, l_url)
+
+						else
+							r.set_value (l_name.value, "name")
+							r.set_value (l_email.value, "email")
+							r.set_status_code ({HTTP_CONSTANTS}.bad_request)
+						end
+					end
+				end
+			else
+				create {FORBIDDEN_ERROR_CMS_RESPONSE} r.make (req, res, api)
+			end
+
+			r.execute
+		end
+
+	handle_activation (api: CMS_API; req: WSF_REQUEST; res: WSF_RESPONSE)
+		local
+			r: CMS_RESPONSE
+			l_user_api: CMS_USER_API
+			l_ir: INTERNAL_SERVER_ERROR_CMS_RESPONSE
+		do
+			l_user_api := api.user_api
+			create {GENERIC_VIEW_CMS_RESPONSE} r.make (req, res, api)
+			if attached {WSF_STRING} req.path_parameter ("token") as l_token then
+
+				if attached {CMS_USER} l_user_api.user_by_activation_token (l_token.value) as l_user then
+					-- Valid user_id
+					l_user.mark_active
+					l_user_api.update_user (l_user)
+					l_user_api.remove_activation (l_token.value)
+					r.set_main_content ("<p> Your account <i>"+ l_user.name +"</i> has been activated</p>")
+				else
+					-- the token does not exist, or it was already used.
+					r.set_status_code ({HTTP_CONSTANTS}.bad_request)
+					r.set_main_content ("<p>The token <i>" + l_token.value +"</i> is not valid " + r.link ("Reactivate Account", "account/reactivate", Void) + "</p>")
+				end
+				r.execute
+			else
+				create l_ir.make (req, res, api)
+				l_ir.execute
+			end
+		end
+
+
+	handle_reactivation (api: CMS_API; req: WSF_REQUEST; res: WSF_RESPONSE)
+		local
+			r: CMS_RESPONSE
+			es: CMS_AUTHENTICATON_EMAIL_SERVICE
+			l_user_api: CMS_USER_API
+			l_token: STRING
+			l_url: STRING
+		do
+			create {GENERIC_VIEW_CMS_RESPONSE} r.make (req, res, api)
+			if req.is_post_request_method then
+				if
+					attached {WSF_STRING} req.form_parameter ("email") as l_email
+				then
+					l_user_api := api.user_api
+					if 	attached {CMS_USER} l_user_api.user_by_email (l_email.value) as l_user then
+							-- User exist create a new token and send a new email.
+						if l_user.is_active then
+							r.set_value ("The asociated user to the given email " + l_email.value + " , is already active", "is_active")
+							r.set_status_code ({HTTP_CONSTANTS}.bad_request)
+						else
+							l_token := new_token
+							l_user_api.new_activation (l_token, l_user.id)
+							l_url := req.absolute_script_url ("/account/activate/" + l_token)
+
+								-- Send Email
+							create es.make (create {CMS_AUTHENTICATION_EMAIL_SERVICE_PARAMETERS}.make (api))
+							write_debug_log (generator + ".handle register: send_contact_activation_email")
+							es.send_contact_activation_email (l_email.value, l_url)
+						end
+					else
+						r.set_value ("The email does not exist or !", "error_email")
+						r.set_value (l_email.value, "email")
+						r.set_status_code ({HTTP_CONSTANTS}.bad_request)
+					end
+				end
+			end
+
+			r.execute
+		end
+
+	handle_new_password (api: CMS_API; req: WSF_REQUEST; res: WSF_RESPONSE)
+		local
+			r: CMS_RESPONSE
+			es: CMS_AUTHENTICATON_EMAIL_SERVICE
+			l_user_api: CMS_USER_API
+			l_token: STRING
+			l_url: STRING
+		do
+			create {GENERIC_VIEW_CMS_RESPONSE} r.make (req, res, api)
+			if req.is_post_request_method then
+				l_user_api := api.user_api
+				if attached {WSF_STRING} req.form_parameter ("email") as l_email then
+					if 	attached {CMS_USER} l_user_api.user_by_email (l_email.value) as l_user then
+								-- User exist create a new token and send a new email.
+						l_token := new_token
+						l_user_api.new_password (l_token, l_user.id)
+						l_url := req.absolute_script_url ("/account/reset-password?token=" + l_token)
+
+								-- Send Email
+						create es.make (create {CMS_AUTHENTICATION_EMAIL_SERVICE_PARAMETERS}.make (api))
+						write_debug_log (generator + ".handle register: send_contact_password_email")
+						es.send_contact_password_email (l_email.value, l_url)
+					else
+						r.set_value ("The email does not exist !", "error_email")
+						r.set_value (l_email.value, "email")
+						r.set_status_code ({HTTP_CONSTANTS}.bad_request)
+					end
+				elseif attached {WSF_STRING} req.form_parameter ("username") as l_username then
+					if 	attached {CMS_USER} l_user_api.user_by_name (l_username) as l_user and then
+						attached l_user.email as l_email
+					then
+								-- User exist create a new token and send a new email.
+						l_token := new_token
+						l_user_api.new_password (l_token, l_user.id)
+						l_url := req.absolute_script_url ("/account/reset-password?token=" + l_token)
+
+								-- Send Email
+						create es.make (create {CMS_AUTHENTICATION_EMAIL_SERVICE_PARAMETERS}.make (api))
+						write_debug_log (generator + ".handle register: send_contact_password_email")
+						es.send_contact_password_email (l_email, l_url)
+					else
+						r.set_value ("The username does not exist !", "error_username")
+						r.set_value (l_username.value, "username")
+						r.set_status_code ({HTTP_CONSTANTS}.bad_request)
+					end
+				end
+			end
+			r.execute
+		end
+
+
+	handle_reset_password (api: CMS_API; req: WSF_REQUEST; res: WSF_RESPONSE)
+		local
+			r: CMS_RESPONSE
+			l_user_api: CMS_USER_API
+		do
+			create {GENERIC_VIEW_CMS_RESPONSE} r.make (req, res, api)
+			l_user_api := api.user_api
+			if	attached {WSF_STRING} req.query_parameter ("token") as l_token then
+				r.set_value (l_token.value, "token")
+				if l_user_api.user_by_password_token (l_token.value) = Void  then
+					r.set_value ("The token " + l_token.value + " is not valid, " + r.link ("click here" , "account/new-password", Void) + " to generate a new token.", "error_token")
+					r.set_status_code ({HTTP_CONSTANTS}.bad_request)
+				end
+			end
+
+			if req.is_post_request_method then
+
+				if
+					attached {WSF_STRING} req.form_parameter ("token") as l_token and then
+					attached {WSF_STRING} req.form_parameter ("password") as l_password and then
+					attached {WSF_STRING} req.form_parameter ("confirm_password") as l_confirm_password
+				then
+						-- Does the passwords match?	
+					if l_password.value.same_string (l_confirm_password.value) then
+							-- is the token valid?	
+						if attached {CMS_USER} l_user_api.user_by_password_token (l_token.value) as l_user then
+							l_user.set_password (l_password.value)
+							l_user_api.update_user (l_user)
+							l_user_api.remove_password (l_token.value)
+						end
+					else
+						r.set_value ("Passwords Don't Match", "error_password")
+						r.set_value (l_token.value, "token")
+						r.set_status_code ({HTTP_CONSTANTS}.bad_request)
+					end
+				end
+			end
+			r.execute
+		end
+
+	handle_change_password (api: CMS_API; req: WSF_REQUEST; res: WSF_RESPONSE)
+		local
+			r: CMS_RESPONSE
+			l_user_api: CMS_USER_API
+		do
+			create {GENERIC_VIEW_CMS_RESPONSE} r.make (req, res, api)
+			l_user_api := api.user_api
+
+			if req.is_post_request_method then
+				if attached current_user (req) as l_user  then
+					r.set_value (api.user_api.user_roles (l_user), "roles")
+					if
+						attached {WSF_STRING} req.form_parameter ("password") as l_password and then
+						attached {WSF_STRING} req.form_parameter ("confirm_password") as l_confirm_password and then
+						l_password.value.same_string (l_confirm_password.value)
+					then
+							-- Does the passwords match?	
+						l_user.set_password (l_password.value)
+						l_user_api.update_user (l_user)
+						r.set_redirection (req.absolute_script_url ("/account/post-change-password"))
+					else
+						if attached template_block ("account_info", r) as l_tpl_block then
+--							r.set_value (l_user, "user")
+							r.set_value ("Passwords Don't Match", "error_password")
+							r.set_status_code ({HTTP_CONSTANTS}.bad_request)
+							r.add_block (l_tpl_block, "content")
+						end
+					end
+				end
+			end
+			r.execute
+		end
+
+	handle_post_change_password (api: CMS_API; req: WSF_REQUEST; res: WSF_RESPONSE)
+		local
+			r: CMS_RESPONSE
+		do
+			create {GENERIC_VIEW_CMS_RESPONSE} r.make (req, res, api)
+			if attached template_block ("post_change", r) as l_tpl_block then
+				r.add_block (l_tpl_block, "content")
+			end
+			r.execute
+		end
+
+	block_list: ITERABLE [like {CMS_BLOCK}.name]
+		local
+			l_string: STRING
+		do
+			Result := <<"register", "reactivate", "new_password", "reset_password">>
+			debug ("roc")
+				create l_string.make_empty
+				across
+					Result as ic
+				loop
+					l_string.append (ic.item)
+					l_string.append_character (' ')
+				end
+				write_debug_log (generator + ".block_list:" + l_string )
+			end
+		end
+
+	get_block_view (a_block_id: READABLE_STRING_8; a_response: CMS_RESPONSE)
+		do
+			if
+				a_block_id.is_case_insensitive_equal_general ("register") and then
+				a_response.location.starts_with ("account/roc-register")
+			then
+				get_block_view_register (a_block_id, a_response)
+			elseif
+				a_block_id.is_case_insensitive_equal_general ("reactivate") and then
+				a_response.location.starts_with ("account/reactivate")
+			then
+				get_block_view_reactivate (a_block_id, a_response)
+			elseif
+				a_block_id.is_case_insensitive_equal_general ("new_password") and then
+				a_response.location.starts_with ("account/new-password")
+			then
+				get_block_view_new_password (a_block_id, a_response)
+			elseif
+				a_block_id.is_case_insensitive_equal_general ("reset_password") and then
+				a_response.location.starts_with ("account/reset-password")
+			then
+				get_block_view_reset_password (a_block_id, a_response)
+			end
+		end
+
+
+feature {NONE} -- Token Generation
+
+	new_token: STRING
+			-- Generate a new token activation token
+		local
+			l_token: STRING
+			l_security: SECURITY_PROVIDER
+			l_encode: URL_ENCODER
+		do
+			create l_security
+			l_token := l_security.token
+			create l_encode
+			from until l_token.same_string (l_encode.encoded_string (l_token)) loop
+				-- Loop ensure that we have a security token that does not contain characters that need encoding.
+			    -- We cannot simply to an encode-decode because the email sent to the user will contain an encoded token
+				-- but the user will need to use an unencoded token if activation has to be done manually.
+				l_token := l_security.token
+			end
+			Result := l_token
+		end
+
+feature {NONE} -- Helpers
+
+	template_block (a_block_id: READABLE_STRING_8; a_response: CMS_RESPONSE): detachable CMS_SMARTY_TEMPLATE_BLOCK
+			-- Smarty content block for `a_block_id'
+		local
+			p: detachable PATH
+		do
+			create p.make_from_string ("templates")
+			p := p.extended ("block_").appended (a_block_id).appended_with_extension ("tpl")
+
+			p := a_response.api.module_theme_resource_location (Current, p)
+			if p /= Void then
+				if attached p.entry as e then
+					create Result.make (a_block_id, Void, p.parent, e)
+				else
+					create Result.make (a_block_id, Void, p.parent, p)
+				end
+			end
+		end
+
+feature {NONE} -- Block views
+
+	get_block_view_login (a_block_id: READABLE_STRING_8; a_response: CMS_RESPONSE)
+		local
+--			vals: CMS_VALUE_TABLE
+		do
+			if attached template_block (a_block_id, a_response) as l_tpl_block then
+--				create vals.make (1)
+--					-- add the variable to the block
+--				value_table_alter (vals, a_response)
+--				across
+--					vals as ic
+--				loop
+--					l_tpl_block.set_value (ic.item, ic.key)
+--				end
+				a_response.add_block (l_tpl_block, "content")
+			else
+				debug ("cms")
+					a_response.add_warning_message ("Error with block [" + a_block_id + "]")
+				end
+			end
+		end
+
+	get_block_view_register (a_block_id: READABLE_STRING_8; a_response: CMS_RESPONSE)
+		do
+			if a_response.request.is_get_request_method then
+				if attached template_block (a_block_id, a_response) as l_tpl_block then
+					a_response.add_block (l_tpl_block, "content")
+				else
+					debug ("cms")
+						a_response.add_warning_message ("Error with block [" + a_block_id + "]")
+					end
+				end
+			elseif a_response.request.is_post_request_method then
+				if a_response.values.has ("error_name") or else a_response.values.has ("error_email") then
+					if attached template_block (a_block_id, a_response) as l_tpl_block then
+--						l_tpl_block.set_value (a_response.values.item ("error_name"), "error_name")
+--						l_tpl_block.set_value (a_response.values.item ("error_email"), "error_email")
+--						l_tpl_block.set_value (a_response.values.item ("email"), "email")
+--						l_tpl_block.set_value (a_response.values.item ("name"), "name")
+						a_response.add_block (l_tpl_block, "content")
+					else
+						debug ("cms")
+							a_response.add_warning_message ("Error with block [" + a_block_id + "]")
+						end
+					end
+				else
+					if attached template_block ("post_register", a_response) as l_tpl_block then
+						a_response.add_block (l_tpl_block, "content")
+					else
+						debug ("cms")
+							a_response.add_warning_message ("Error with block [" + a_block_id + "]")
+						end
+					end
+				end
+			end
+		end
+
+
+	get_block_view_reactivate (a_block_id: READABLE_STRING_8; a_response: CMS_RESPONSE)
+		do
+			if a_response.request.is_get_request_method then
+				if attached template_block (a_block_id, a_response) as l_tpl_block then
+					a_response.add_block (l_tpl_block, "content")
+				else
+					debug ("cms")
+						a_response.add_warning_message ("Error with block [" + a_block_id + "]")
+					end
+				end
+			elseif a_response.request.is_post_request_method then
+				if a_response.values.has ("error_email") or else a_response.values.has ("is_active") then
+					if attached template_block (a_block_id, a_response) as l_tpl_block then
+--						l_tpl_block.set_value (a_response.values.item ("error_email"), "error_email")
+--						l_tpl_block.set_value (a_response.values.item ("email"), "email")
+--						l_tpl_block.set_value (a_response.values.item ("is_active"), "is_active")
+						a_response.add_block (l_tpl_block, "content")
+					else
+						debug ("cms")
+							a_response.add_warning_message ("Error with block [" + a_block_id + "]")
+						end
+					end
+				else
+					if attached template_block ("post_reactivate", a_response) as l_tpl_block then
+						a_response.add_block (l_tpl_block, "content")
+					else
+						debug ("cms")
+							a_response.add_warning_message ("Error with block [" + a_block_id + "]")
+						end
+					end
+				end
+			end
+		end
+
+	get_block_view_new_password (a_block_id: READABLE_STRING_8; a_response: CMS_RESPONSE)
+		do
+			if a_response.request.is_get_request_method then
+				if attached template_block (a_block_id, a_response) as l_tpl_block then
+					a_response.add_block (l_tpl_block, "content")
+				else
+					debug ("cms")
+						a_response.add_warning_message ("Error with block [" + a_block_id + "]")
+					end
+				end
+			elseif a_response.request.is_post_request_method then
+				if a_response.values.has ("error_email") or else a_response.values.has ("error_username")   then
+					if attached template_block (a_block_id, a_response) as l_tpl_block then
+--						l_tpl_block.set_value (a_response.values.item ("error_email"), "error_email")
+--						l_tpl_block.set_value (a_response.values.item ("email"), "email")
+--						l_tpl_block.set_value (a_response.values.item ("error_username"), "error_username")
+--						l_tpl_block.set_value (a_response.values.item ("username"), "username")
+						a_response.add_block (l_tpl_block, "content")
+					else
+						debug ("cms")
+							a_response.add_warning_message ("Error with block [" + a_block_id + "]")
+						end
+					end
+				else
+					if attached template_block ("post_password", a_response) as l_tpl_block then
+						a_response.add_block (l_tpl_block, "content")
+					else
+						debug ("cms")
+							a_response.add_warning_message ("Error with block [" + a_block_id + "]")
+						end
+					end
+				end
+			end
+		end
+
+	get_block_view_reset_password (a_block_id: READABLE_STRING_8; a_response: CMS_RESPONSE)
+		do
+			if a_response.request.is_get_request_method then
+				if attached template_block (a_block_id, a_response) as l_tpl_block then
+--					l_tpl_block.set_value (a_response.values.item ("token"), "token")
+--					l_tpl_block.set_value (a_response.values.item ("error_token"), "error_token")
+					a_response.add_block (l_tpl_block, "content")
+				else
+					debug ("cms")
+						a_response.add_warning_message ("Error with block [" + a_block_id + "]")
+					end
+				end
+			elseif a_response.request.is_post_request_method then
+				if a_response.values.has ("error_token") or else a_response.values.has ("error_password")   then
+					if attached template_block (a_block_id, a_response) as l_tpl_block then
+--						l_tpl_block.set_value (a_response.values.item ("error_token"), "error_token")
+--						l_tpl_block.set_value (a_response.values.item ("error_password"), "error_password")
+--						l_tpl_block.set_value (a_response.values.item ("token"), "token")
+						a_response.add_block (l_tpl_block, "content")
+					else
+						debug ("cms")
+							a_response.add_warning_message ("Error with block [" + a_block_id + "]")
+						end
+					end
+				else
+					if attached template_block ("post_reset", a_response) as l_tpl_block then
+						a_response.add_block (l_tpl_block, "content")
+					else
+						debug ("cms")
+							a_response.add_warning_message ("Error with block [" + a_block_id + "]")
+						end
+					end
+				end
+			end
+		end
+
+note
+	copyright: "Copyright (c) 1984-2013, Eiffel Software and others"
+	license: "Eiffel Forum License v2 (see http://www.eiffel.com/licensing/forum.txt)"
+	source: "[
+			Eiffel Software
+			5949 Hollister Ave., Goleta, CA 93117 USA
+			Telephone 805-685-1006, Fax 805-685-6869
+			Website http://www.eiffel.com
+			Customer support http://support.eiffel.com
+		]"
+end

modules/basic_auth/cms_basic_auth_module.e

@@ -119,7 +119,7 @@ feature {NONE} -- Implementation: routes
 				r.set_main_content (r.link ("Logout", "account/roc-logout", Void))
 			else
 				if attached smarty_template_login_block (req, Current, "login", api) as l_tpl_block then
-					r.add_javascript_url (r.url ("module/" + name + "/files/js/roc_basic_auth.js", Void))
+					r.add_javascript_url (r.module_resource_url (Current, "/files/js/roc_basic_auth.js", Void))
 
 					create vals.make (1)
 						-- add the variable to the block
@@ -159,7 +159,7 @@ feature -- Hooks
 	get_block_view (a_block_id: READABLE_STRING_8; a_response: CMS_RESPONSE)
 		do
 			if a_block_id.is_case_insensitive_equal_general ("login") then
-				a_response.add_javascript_url (a_response.url ("module/" + name + "/files/js/roc_basic_auth.js", Void))
+				a_response.add_javascript_url (a_response.module_resource_url (Current, "/files/js/roc_basic_auth.js", Void))
 				get_block_view_login (a_block_id, a_response)
 			end
 		end

modules/node/handler/node_form_response.e

@@ -101,7 +101,7 @@ feature {NONE} -- Create a new node
 		do
 			if attached a_type.new_node (Void) as l_node then
 					-- create new node
-				f := new_edit_form (l_node, url (location, Void), "edit-" + a_type.name, a_type)
+				f := new_edit_form (l_node, request_url (Void), "edit-" + a_type.name, a_type)
 				api.hooks.invoke_form_alter (f, fd, Current)
 				if request.is_post_request_method then
 					f.validation_actions.extend (agent edit_form_validate (?, b))
@@ -135,7 +135,7 @@ feature {NONE} -- Create a new node
 			f: like new_edit_form
 			fd: detachable WSF_FORM_DATA
 		do
-			f := new_edit_form (A_node, url (location, Void), "edit-" + a_type.name, a_type)
+			f := new_edit_form (a_node, request_url (Void), "edit-" + a_type.name, a_type)
 			if is_old_revision then
 				add_warning_message ("You are editing old revision #" + a_node.revision.out + " !")
 			end
@@ -169,7 +169,7 @@ feature {NONE} -- Create a new node
 			fd: detachable WSF_FORM_DATA
 		do
 			if a_node.is_trashed then
-				f := new_delete_form (a_node, url (location, Void), "delete-" + a_type.name, a_type)
+				f := new_delete_form (a_node, request_url (Void), "delete-" + a_type.name, a_type)
 				api.hooks.invoke_form_alter (f, fd, Current)
 				if request.is_post_request_method then
 					f.process (Current)
@@ -200,7 +200,7 @@ feature {NONE} -- Create a new node
 			f: like new_edit_form
 			fd: detachable WSF_FORM_DATA
 		do
-			f := new_trash_form (a_node, url (location, Void), "trash-" + a_type.name, a_type)
+			f := new_trash_form (a_node, request_url (Void), "trash-" + a_type.name, a_type)
 			api.hooks.invoke_form_alter (f, fd, Current)
 			if request.is_post_request_method then
 				f.process (Current)

modules/recent_changes/cms_recent_changes_module.e

@@ -380,7 +380,7 @@ feature -- Handler
 				if ch /= Void then
 					if l_until_date /= Void then
 						l_content.append (" <a href=%"")
-						l_content.append (r.url (r.location, Void))
+						l_content.append (r.request_url (Void))
 						l_content.append ("?size=" + l_size.out + "%">&lt;&lt;</a> ")
 					end
 
@@ -394,7 +394,7 @@ feature -- Handler
 							l_query.append (l_filter_source)
 						end
 						l_content.append ("<a href=%"")
-						l_content.append (r.url (r.location, create {CMS_API_OPTIONS}.make_from_manifest (<<["query", l_query]>>)))
+						l_content.append (r.request_url (create {CMS_API_OPTIONS}.make_from_manifest (<<["query", l_query]>>)))
 						l_content.append ("%">See more ...</a>")
 					end
 				end

src/service/response/cms_response.e

@@ -99,6 +99,12 @@ feature -- Access: query
 	location: IMMUTABLE_STRING_8
 			-- Associated cms local location.
 
+	request_url (opts: detachable CMS_API_OPTIONS): STRING_8
+			-- Current request location as a url.
+		do
+			Result := url (location, opts)
+		end
+
 feature -- API
 
 	api: CMS_API