Fixed the basic auth logout by using the ://foo@hostname... workaround.

Added support for ?destination=... so that login or logout will return to previous visited page. Revisited the sending of generic response such as access denied, unauthorized, redirection ... Fixed support of CMS_RESPONSE.header which was previously ignored. Added support for CMS_RESPONSE.redirection: detachable READABLE_STRING_8, to allow easy url redirection. Added CMS_NODE.make_empty + Cosmetic.
2015-04-09 23:54:14 +02:00
parent b235fb30a7
commit 20471923fd
12 changed files with 252 additions and 28 deletions
--- a/library/model/src/content/cms_node.e
+++ b/library/model/src/content/cms_node.e
@@ -14,10 +14,17 @@ inherit
 	REFACTORING_HELPER

 create
-	make
+	make,
+	make_empty

 feature{NONE} -- Initialization

+	make_empty
+			-- Create empty node.
+		do
+			make ({STRING_32} "", {STRING_32} "", {STRING_32} "")
+		end
+
 	make (a_content: READABLE_STRING_32; a_summary: READABLE_STRING_32; a_title: READABLE_STRING_32)
 			-- Create current node with `a_content', `a_summary' and `a_title'.
 		local
@@ -83,9 +90,6 @@ feature -- Access
 	author: detachable CMS_USER
 			-- Author of current node.

--	collaborators: detachable LIST[CMS_USER]
--			-- Users contributed to current Node.
-
 feature -- status report

 	has_id: BOOLEAN
@@ -191,6 +195,6 @@ feature -- Element change
 --		end

 note
-	copyright: "2011-2014, Javier Velilla, Jocelyn Fiat, Eiffel Software and others"
+	copyright: "2011-2015, Javier Velilla, Jocelyn Fiat, Eiffel Software and others"
 	license: "Eiffel Forum License v2 (see http://www.eiffel.com/licensing/forum.txt)"
 end
--- a/src/modules/basic_auth/basic_auth_module.e
+++ b/src/modules/basic_auth/basic_auth_module.e
@@ -1,5 +1,8 @@
 note
-	description: "This module allows the use of HTTP Basic Authentication to restrict access by looking up users in the given providers."
+	description: "[
+			This module allows the use of HTTP Basic Authentication to restrict access
+			by looking up users in the given providers.
+		]"
 	date: "$Date: 2015-02-09 22:29:56 +0100 (lun., 09 févr. 2015) $"
 	revision: "$Revision: 96596 $"

@@ -82,7 +85,7 @@ feature -- Hooks configuration
 			-- Module hooks configuration.
 		do
 --			a_response.subscribe_to_block_hook (Current)
-		end 
+		end

 feature -- Hooks

@@ -107,9 +110,9 @@ feature -- Hooks
 			lnk: CMS_LOCAL_LINK
 		do
 			if attached a_response.current_user (a_response.request) as u then
-				create lnk.make ("Logout", "/basic_auth_logoff")
+				create lnk.make (u.name +  " (Logout)", "/basic_auth_logoff?destination=" + a_response.request.request_uri)
 			else
-				create lnk.make ("Login", "/basic_auth_login")
+				create lnk.make ("Login", "/basic_auth_login?destination=" + a_response.request.request_uri)
 			end
 --			if not a_menu_system.primary_menu.has (lnk) then
 				lnk.set_weight (99)
--- a/src/modules/basic_auth/handler/basic_auth_login_handler.e
+++ b/src/modules/basic_auth/handler/basic_auth_login_handler.e
@@ -50,11 +50,21 @@ feature -- HTTP Methods
 		do
 			api.logger.put_information (generator + ".do_get Processing basic auth login", Void)
 			if attached {STRING_32} current_user_name (req) as l_user then
-				(create {CMS_GENERIC_RESPONSE}).new_response_redirect (req, res, req.absolute_script_url("/"))
+				if attached {WSF_STRING} req.query_parameter ("destination") as l_uri then
+					 redirect_to (req.absolute_script_url (l_uri.url_encoded_value), res)
+				else
+					redirect_to (req.absolute_script_url ("/"), res)
+				end
 			else
-				(create {CMS_GENERIC_RESPONSE}).new_response_authenticate (req, res)
+				send_basic_authentication_challenge (Void, res)
 			end
 		end

+feature -- Helpers
+
+	send_basic_authentication_challenge (a_realm: detachable READABLE_STRING_8; res: WSF_RESPONSE)
+		do
+			res.send (create {CMS_UNAUTHORIZED_RESPONSE_MESSAGE}.make_with_basic_auth_challenge (a_realm))
+		end

 end
--- a/src/modules/basic_auth/handler/basic_auth_logoff_handler.e
+++ b/src/modules/basic_auth/handler/basic_auth_logoff_handler.e
@@ -45,13 +45,29 @@ feature -- HTTP Methods
 			-- <Precursor>
 		local
 			l_page: CMS_RESPONSE
+			l_url: STRING
+			i: INTEGER
 		do
 			api.logger.put_information (generator + ".do_get Processing basic auth logoff", Void)
 			if attached req.query_parameter ("prompt") as l_prompt then
-				(create {CMS_GENERIC_RESPONSE}).new_response_unauthorized (req, res)
+				unset_current_user (req)
+				send_access_denied (res)
 			else
 				create {GENERIC_VIEW_CMS_RESPONSE} l_page.make (req, res, api)
-				l_page.set_status_code ({HTTP_STATUS_CODE}.unauthorized)
+				unset_current_user (req)
+				l_page.set_status_code ({HTTP_STATUS_CODE}.found) -- Note: can not use {HTTP_STATUS_CODE}.unauthorized for redirection
+				if attached {WSF_STRING} req.query_parameter ("destination") as l_uri then
+					l_url := req.absolute_script_url (l_uri.url_encoded_value)
+				else
+					l_url := req.absolute_script_url ("")
+				end
+				i := l_url.substring_index ("://", 1)
+				if i > 0 then
+						-- Note: this is a hack to have the logout effective on various browser
+						-- (firefox requires this).
+					l_url.replace_substring ("://_logout_basic_auth_@", i, i + 2)
+				end
+				l_page.set_redirection (l_url)
 				l_page.execute
 			end
 		end
--- a/src/service/cms_api.e
+++ b/src/service/cms_api.e
@@ -50,7 +50,7 @@ feature -- Access
 			-- Logger

 	storage: CMS_STORAGE
-			-- Persistence storage.				
+			-- Default persistence storage.				

 feature -- Status Report

--- a/src/service/handler/cms_handler.e
+++ b/src/service/handler/cms_handler.e
@@ -1,6 +1,7 @@
 note
-	description: "Summary description for {CMS_HANDLER}."
-	author: ""
+	description: "[
+			Common interface for request handler specific to the CMS component.
+		]"
 	date: "$Date: 2015-02-13 13:08:13 +0100 (ven., 13 févr. 2015) $"
 	revision: "$Revision: 96616 $"

@@ -26,4 +27,19 @@ feature -- API Service

 	api: CMS_API

+feature -- Response helpers
+
+	redirect_to (a_location: READABLE_STRING_8; res: WSF_RESPONSE)
+			-- Send via `res' a redirection message for location `a_location'.			
+		do
+			res.redirect_now (a_location)
+--			res.send (create {CMS_REDIRECTION_RESPONSE_MESSAGE}.make (a_location))
+		end
+
+	send_access_denied (res: WSF_RESPONSE)
+			-- Send via `res' an access denied response.
+		do
+			res.send (create {CMS_FORBIDDEN_RESPONSE_MESSAGE}.make)
+		end
+
 end
--- a/src/service/misc/cms_request_util.e
+++ b/src/service/misc/cms_request_util.e
@@ -1,6 +1,5 @@
 note
-	description: "Summary description for {CMS_REQUEST_UTIL}."
-	author: ""
+	description: "Set of helper features related to CMS Request needs."
 	date: "$Date: 2015-02-13 13:08:13 +0100 (ven., 13 févr. 2015) $"
 	revision: "$Revision: 96616 $"

@@ -29,7 +28,7 @@ feature -- User
 		note
 			EIS: "eiffel:?class=AUTHENTICATION_FILTER&feature=execute"
 		do
-			if attached {CMS_USER} req.execution_variable ("_cms_active_user_") as l_user then
+			if attached {CMS_USER} req.execution_variable (current_user_execution_variable_name) as l_user then
 				Result := l_user
 			end
 		end
@@ -40,14 +39,27 @@ feature -- Change
 			-- Set `a_user' as `current_user'.
 		do
 			if a_user = Void then
-				req.unset_execution_variable ("_cms_active_user_")
+				req.unset_execution_variable (current_user_execution_variable_name)
 			else
-				req.set_execution_variable ("_cms_active_user_", a_user)
+				req.set_execution_variable (current_user_execution_variable_name, a_user)
 			end
 		ensure
 			user_set: current_user (req) ~ a_user
 		end

+	unset_current_user (req: WSF_REQUEST)
+			-- Unset current user.
+		do
+			req.unset_execution_variable (current_user_execution_variable_name)
+		ensure
+			user_unset: current_user (req) = Void
+		end
+
+feature {NONE} -- Implementation: current user
+
+	current_user_execution_variable_name: STRING = "_cms_active_user_"
+			-- Execution variable name used to keep current user data.
+
 feature -- Media Type

 	current_media_type (req: WSF_REQUEST): detachable READABLE_STRING_32
--- a/src/service/response/cms_forbidden_response_message.e
+++ b/src/service/response/cms_forbidden_response_message.e
@@ -0,0 +1,25 @@
+note
+	description: "[
+			Message response to notify a forbidden access.
+		]"
+	date: "$Date$"
+	revision: "$Revision$"
+
+class
+	CMS_FORBIDDEN_RESPONSE_MESSAGE
+
+inherit
+	CMS_RESPONSE_MESSAGE
+
+create
+	make
+
+feature {NONE} -- Initialization
+
+	make
+		do
+			initialize
+			status_code := {HTTP_STATUS_CODE}.forbidden
+		end
+
+end
--- a/src/service/response/cms_redirection_response_message.e
+++ b/src/service/response/cms_redirection_response_message.e
@@ -0,0 +1,26 @@
+note
+	description: "[
+			Message response to redirect client to new location.
+		]"
+	date: "$Date$"
+	revision: "$Revision$"
+
+class
+	CMS_REDIRECTION_RESPONSE_MESSAGE
+
+inherit
+	CMS_RESPONSE_MESSAGE
+
+create
+	make
+
+feature {NONE} -- Initialization
+
+	make (a_location: READABLE_STRING_8)
+		do
+			initialize
+			status_code := {HTTP_STATUS_CODE}.see_other
+			header.put_location (a_location)
+		end
+
+end
--- a/src/service/response/cms_response.e
+++ b/src/service/response/cms_response.e
@@ -1,5 +1,8 @@
 note
-	description: "Generic CMS Response.It builds the content to get process to render the output"
+	description: "[
+			Generic CMS Response.
+			It builds the content to get process to render the output.
+		]"
 	date: "$Date: 2015-02-16 20:14:19 +0100 (lun., 16 févr. 2015) $"
 	revision: "$Revision: 96643 $"

@@ -79,6 +82,9 @@ feature -- Access
 	additional_page_head_lines: detachable LIST [READABLE_STRING_8]
 			-- HTML>head>...extra lines

+	redirection: detachable READABLE_STRING_8
+			-- Location for eventual redirection.
+
 feature -- Module

 	module_resource_path (a_module: CMS_MODULE; a_resource: PATH): detachable PATH
@@ -239,6 +245,11 @@ feature -- Element change
 			values.remove (k)
 		end

+	set_redirection (a_location: READABLE_STRING_8)
+			-- Set `redirection' to `a_location'.
+		do
+			redirection := a_location
+		end

 feature -- Logging

@@ -247,7 +258,7 @@ feature -- Logging
 --			l_log: CMS_LOG
 		do
 			debug
-				to_implement ("Add implemenatation")
+				to_implement ("Add implementation")
 			end
 --			create l_log.make (a_category, a_message, a_level, Void)
 --			if a_link /= Void then
@@ -964,8 +975,7 @@ feature -- Generation
 feature -- Custom Variables

 	variables: detachable STRING_TABLE[ANY]
-		-- Custom variables to feed the templates.
-
+			-- Custom variables to feed the templates.

 feature -- Element change: Add custom variables.

@@ -981,7 +991,6 @@ feature -- Element change: Add custom variables.
 			l_variables.force (a_element, a_key)
 		end

-
 feature -- Execution

 	execute
@@ -1006,6 +1015,7 @@ feature {NONE} -- Execution
 			cms_page: CMS_HTML_PAGE
 			page: CMS_HTML_PAGE_RESPONSE
 			utf: UTF_CONVERTER
+			h: HTTP_HEADER
 		do
 			if attached {READABLE_STRING_GENERAL} values.item ("optional_content_type") as l_type then
 				create cms_page.make_typed (utf.utf_32_string_to_utf_8_string_8 (l_type))
@@ -1015,8 +1025,13 @@ feature {NONE} -- Execution
 			prepare (cms_page)
 			create page.make (theme.page_html (cms_page))
 			page.set_status_code (status_code)
-			page.header.put_content_length (page.html.count)
-			page.header.put_current_date
+			h := page.header
+			h.put_content_length (page.html.count)
+			h.put_current_date
+			h.put_header_object (header)
+			if attached redirection as l_location then
+				h.put_location (l_location)
+			end
 			response.send (page)
 			on_terminated
 		end
--- a/src/service/response/cms_response_message.e
+++ b/src/service/response/cms_response_message.e
@@ -0,0 +1,54 @@
+note
+	description: "Summary description for {CMS_RESPONSE_MESSAGE}."
+	author: ""
+	date: "$Date$"
+	revision: "$Revision$"
+
+deferred class
+	CMS_RESPONSE_MESSAGE
+
+inherit
+	WSF_RESPONSE_MESSAGE
+
+feature {NONE} -- Initialization
+
+	initialize
+		do
+			status_code := {HTTP_STATUS_CODE}.ok
+			create header.make_with_count (2)
+			header.put_current_date
+			header.put_content_type_text_html
+		end
+
+feature -- Access
+
+	status_code: INTEGER
+			-- Status code for the response.
+
+	header: HTTP_HEADER
+			-- Header associated with the response.
+
+feature {WSF_RESPONSE} -- Output
+
+	send_to (res: WSF_RESPONSE)
+			-- <Precursor>
+		do
+			res.set_status_code (status_code)
+
+			send_header_to (res)
+			send_payload_to (res)
+		end
+
+	send_header_to (res: WSF_RESPONSE)
+			-- Send header to response `res'.
+		do
+			res.put_header_lines (header)
+		end
+
+	send_payload_to (res: WSF_RESPONSE)
+			-- Send payload data to response `res'.
+		do
+			-- Nothing by default
+		end
+
+end
--- a/src/service/response/cms_unauthorized_response_message.e
+++ b/src/service/response/cms_unauthorized_response_message.e
@@ -0,0 +1,43 @@
+note
+	description: "[
+			Message response to notify an unauthorized access.
+		]"
+	date: "$Date$"
+	revision: "$Revision$"
+
+class
+	CMS_UNAUTHORIZED_RESPONSE_MESSAGE
+
+inherit
+	CMS_RESPONSE_MESSAGE
+
+create
+	make,
+	make_with_basic_auth_challenge
+
+feature {NONE} -- Initialization
+
+	make
+		do
+			initialize
+			status_code := {HTTP_STATUS_CODE}.unauthorized
+		end
+
+	make_with_basic_auth_challenge (a_realm: detachable READABLE_STRING_8)
+		local
+			l_realm: READABLE_STRING_8
+		do
+			make
+			if a_realm /= Void then
+				l_realm := a_realm
+			else
+				l_realm := default_realm
+			end
+			header.put_header_key_value ({HTTP_HEADER_NAMES}.header_www_authenticate, "Basic realm=%""+ l_realm +"%"")
+		end
+
+feature -- Access		
+
+	default_realm: STRING = "CMS-User credential"
+
+end