diff --git a/library/model/src/content/cms_node.e b/library/model/src/content/cms_node.e index 8735e72..072d9c1 100644 --- a/library/model/src/content/cms_node.e +++ b/library/model/src/content/cms_node.e @@ -14,10 +14,17 @@ inherit REFACTORING_HELPER create - make + make, + make_empty feature{NONE} -- Initialization + make_empty + -- Create empty node. + do + make ({STRING_32} "", {STRING_32} "", {STRING_32} "") + end + make (a_content: READABLE_STRING_32; a_summary: READABLE_STRING_32; a_title: READABLE_STRING_32) -- Create current node with `a_content', `a_summary' and `a_title'. local @@ -83,9 +90,6 @@ feature -- Access author: detachable CMS_USER -- Author of current node. --- collaborators: detachable LIST[CMS_USER] --- -- Users contributed to current Node. - feature -- status report has_id: BOOLEAN @@ -191,6 +195,6 @@ feature -- Element change -- end note - copyright: "2011-2014, Javier Velilla, Jocelyn Fiat, Eiffel Software and others" + copyright: "2011-2015, Javier Velilla, Jocelyn Fiat, Eiffel Software and others" license: "Eiffel Forum License v2 (see http://www.eiffel.com/licensing/forum.txt)" end diff --git a/src/modules/basic_auth/basic_auth_module.e b/src/modules/basic_auth/basic_auth_module.e index 33967cd..1cb025c 100644 --- a/src/modules/basic_auth/basic_auth_module.e +++ b/src/modules/basic_auth/basic_auth_module.e @@ -1,5 +1,8 @@ note - description: "This module allows the use of HTTP Basic Authentication to restrict access by looking up users in the given providers." + description: "[ + This module allows the use of HTTP Basic Authentication to restrict access + by looking up users in the given providers. + ]" date: "$Date: 2015-02-09 22:29:56 +0100 (lun., 09 févr. 2015) $" revision: "$Revision: 96596 $" @@ -82,7 +85,7 @@ feature -- Hooks configuration -- Module hooks configuration. do -- a_response.subscribe_to_block_hook (Current) - end + end feature -- Hooks @@ -107,9 +110,9 @@ feature -- Hooks lnk: CMS_LOCAL_LINK do if attached a_response.current_user (a_response.request) as u then - create lnk.make ("Logout", "/basic_auth_logoff") + create lnk.make (u.name + " (Logout)", "/basic_auth_logoff?destination=" + a_response.request.request_uri) else - create lnk.make ("Login", "/basic_auth_login") + create lnk.make ("Login", "/basic_auth_login?destination=" + a_response.request.request_uri) end -- if not a_menu_system.primary_menu.has (lnk) then lnk.set_weight (99) diff --git a/src/modules/basic_auth/handler/basic_auth_login_handler.e b/src/modules/basic_auth/handler/basic_auth_login_handler.e index fe738c2..c92b024 100644 --- a/src/modules/basic_auth/handler/basic_auth_login_handler.e +++ b/src/modules/basic_auth/handler/basic_auth_login_handler.e @@ -50,11 +50,21 @@ feature -- HTTP Methods do api.logger.put_information (generator + ".do_get Processing basic auth login", Void) if attached {STRING_32} current_user_name (req) as l_user then - (create {CMS_GENERIC_RESPONSE}).new_response_redirect (req, res, req.absolute_script_url("/")) + if attached {WSF_STRING} req.query_parameter ("destination") as l_uri then + redirect_to (req.absolute_script_url (l_uri.url_encoded_value), res) + else + redirect_to (req.absolute_script_url ("/"), res) + end else - (create {CMS_GENERIC_RESPONSE}).new_response_authenticate (req, res) + send_basic_authentication_challenge (Void, res) end end +feature -- Helpers + + send_basic_authentication_challenge (a_realm: detachable READABLE_STRING_8; res: WSF_RESPONSE) + do + res.send (create {CMS_UNAUTHORIZED_RESPONSE_MESSAGE}.make_with_basic_auth_challenge (a_realm)) + end end diff --git a/src/modules/basic_auth/handler/basic_auth_logoff_handler.e b/src/modules/basic_auth/handler/basic_auth_logoff_handler.e index 329a707..432376e 100644 --- a/src/modules/basic_auth/handler/basic_auth_logoff_handler.e +++ b/src/modules/basic_auth/handler/basic_auth_logoff_handler.e @@ -45,13 +45,29 @@ feature -- HTTP Methods -- local l_page: CMS_RESPONSE + l_url: STRING + i: INTEGER do api.logger.put_information (generator + ".do_get Processing basic auth logoff", Void) if attached req.query_parameter ("prompt") as l_prompt then - (create {CMS_GENERIC_RESPONSE}).new_response_unauthorized (req, res) + unset_current_user (req) + send_access_denied (res) else create {GENERIC_VIEW_CMS_RESPONSE} l_page.make (req, res, api) - l_page.set_status_code ({HTTP_STATUS_CODE}.unauthorized) + unset_current_user (req) + l_page.set_status_code ({HTTP_STATUS_CODE}.found) -- Note: can not use {HTTP_STATUS_CODE}.unauthorized for redirection + if attached {WSF_STRING} req.query_parameter ("destination") as l_uri then + l_url := req.absolute_script_url (l_uri.url_encoded_value) + else + l_url := req.absolute_script_url ("") + end + i := l_url.substring_index ("://", 1) + if i > 0 then + -- Note: this is a hack to have the logout effective on various browser + -- (firefox requires this). + l_url.replace_substring ("://_logout_basic_auth_@", i, i + 2) + end + l_page.set_redirection (l_url) l_page.execute end end diff --git a/src/service/cms_api.e b/src/service/cms_api.e index 6b640aa..8eb8e78 100644 --- a/src/service/cms_api.e +++ b/src/service/cms_api.e @@ -50,7 +50,7 @@ feature -- Access -- Logger storage: CMS_STORAGE - -- Persistence storage. + -- Default persistence storage. feature -- Status Report diff --git a/src/service/handler/cms_handler.e b/src/service/handler/cms_handler.e index 03869bf..e90c572 100644 --- a/src/service/handler/cms_handler.e +++ b/src/service/handler/cms_handler.e @@ -1,6 +1,7 @@ note - description: "Summary description for {CMS_HANDLER}." - author: "" + description: "[ + Common interface for request handler specific to the CMS component. + ]" date: "$Date: 2015-02-13 13:08:13 +0100 (ven., 13 févr. 2015) $" revision: "$Revision: 96616 $" @@ -26,4 +27,19 @@ feature -- API Service api: CMS_API +feature -- Response helpers + + redirect_to (a_location: READABLE_STRING_8; res: WSF_RESPONSE) + -- Send via `res' a redirection message for location `a_location'. + do + res.redirect_now (a_location) +-- res.send (create {CMS_REDIRECTION_RESPONSE_MESSAGE}.make (a_location)) + end + + send_access_denied (res: WSF_RESPONSE) + -- Send via `res' an access denied response. + do + res.send (create {CMS_FORBIDDEN_RESPONSE_MESSAGE}.make) + end + end diff --git a/src/service/misc/cms_request_util.e b/src/service/misc/cms_request_util.e index 90df0b2..e29bc61 100644 --- a/src/service/misc/cms_request_util.e +++ b/src/service/misc/cms_request_util.e @@ -1,6 +1,5 @@ note - description: "Summary description for {CMS_REQUEST_UTIL}." - author: "" + description: "Set of helper features related to CMS Request needs." date: "$Date: 2015-02-13 13:08:13 +0100 (ven., 13 févr. 2015) $" revision: "$Revision: 96616 $" @@ -29,7 +28,7 @@ feature -- User note EIS: "eiffel:?class=AUTHENTICATION_FILTER&feature=execute" do - if attached {CMS_USER} req.execution_variable ("_cms_active_user_") as l_user then + if attached {CMS_USER} req.execution_variable (current_user_execution_variable_name) as l_user then Result := l_user end end @@ -40,14 +39,27 @@ feature -- Change -- Set `a_user' as `current_user'. do if a_user = Void then - req.unset_execution_variable ("_cms_active_user_") + req.unset_execution_variable (current_user_execution_variable_name) else - req.set_execution_variable ("_cms_active_user_", a_user) + req.set_execution_variable (current_user_execution_variable_name, a_user) end ensure user_set: current_user (req) ~ a_user end + unset_current_user (req: WSF_REQUEST) + -- Unset current user. + do + req.unset_execution_variable (current_user_execution_variable_name) + ensure + user_unset: current_user (req) = Void + end + +feature {NONE} -- Implementation: current user + + current_user_execution_variable_name: STRING = "_cms_active_user_" + -- Execution variable name used to keep current user data. + feature -- Media Type current_media_type (req: WSF_REQUEST): detachable READABLE_STRING_32 diff --git a/src/service/response/cms_forbidden_response_message.e b/src/service/response/cms_forbidden_response_message.e new file mode 100644 index 0000000..b8ec2d4 --- /dev/null +++ b/src/service/response/cms_forbidden_response_message.e @@ -0,0 +1,25 @@ +note + description: "[ + Message response to notify a forbidden access. + ]" + date: "$Date$" + revision: "$Revision$" + +class + CMS_FORBIDDEN_RESPONSE_MESSAGE + +inherit + CMS_RESPONSE_MESSAGE + +create + make + +feature {NONE} -- Initialization + + make + do + initialize + status_code := {HTTP_STATUS_CODE}.forbidden + end + +end diff --git a/src/service/response/cms_redirection_response_message.e b/src/service/response/cms_redirection_response_message.e new file mode 100644 index 0000000..6b074e9 --- /dev/null +++ b/src/service/response/cms_redirection_response_message.e @@ -0,0 +1,26 @@ +note + description: "[ + Message response to redirect client to new location. + ]" + date: "$Date$" + revision: "$Revision$" + +class + CMS_REDIRECTION_RESPONSE_MESSAGE + +inherit + CMS_RESPONSE_MESSAGE + +create + make + +feature {NONE} -- Initialization + + make (a_location: READABLE_STRING_8) + do + initialize + status_code := {HTTP_STATUS_CODE}.see_other + header.put_location (a_location) + end + +end diff --git a/src/service/response/cms_response.e b/src/service/response/cms_response.e index 68bf833..bd679b1 100644 --- a/src/service/response/cms_response.e +++ b/src/service/response/cms_response.e @@ -1,5 +1,8 @@ note - description: "Generic CMS Response.It builds the content to get process to render the output" + description: "[ + Generic CMS Response. + It builds the content to get process to render the output. + ]" date: "$Date: 2015-02-16 20:14:19 +0100 (lun., 16 févr. 2015) $" revision: "$Revision: 96643 $" @@ -79,6 +82,9 @@ feature -- Access additional_page_head_lines: detachable LIST [READABLE_STRING_8] -- HTML>head>...extra lines + redirection: detachable READABLE_STRING_8 + -- Location for eventual redirection. + feature -- Module module_resource_path (a_module: CMS_MODULE; a_resource: PATH): detachable PATH @@ -239,6 +245,11 @@ feature -- Element change values.remove (k) end + set_redirection (a_location: READABLE_STRING_8) + -- Set `redirection' to `a_location'. + do + redirection := a_location + end feature -- Logging @@ -247,7 +258,7 @@ feature -- Logging -- l_log: CMS_LOG do debug - to_implement ("Add implemenatation") + to_implement ("Add implementation") end -- create l_log.make (a_category, a_message, a_level, Void) -- if a_link /= Void then @@ -964,8 +975,7 @@ feature -- Generation feature -- Custom Variables variables: detachable STRING_TABLE[ANY] - -- Custom variables to feed the templates. - + -- Custom variables to feed the templates. feature -- Element change: Add custom variables. @@ -981,7 +991,6 @@ feature -- Element change: Add custom variables. l_variables.force (a_element, a_key) end - feature -- Execution execute @@ -1006,6 +1015,7 @@ feature {NONE} -- Execution cms_page: CMS_HTML_PAGE page: CMS_HTML_PAGE_RESPONSE utf: UTF_CONVERTER + h: HTTP_HEADER do if attached {READABLE_STRING_GENERAL} values.item ("optional_content_type") as l_type then create cms_page.make_typed (utf.utf_32_string_to_utf_8_string_8 (l_type)) @@ -1015,8 +1025,13 @@ feature {NONE} -- Execution prepare (cms_page) create page.make (theme.page_html (cms_page)) page.set_status_code (status_code) - page.header.put_content_length (page.html.count) - page.header.put_current_date + h := page.header + h.put_content_length (page.html.count) + h.put_current_date + h.put_header_object (header) + if attached redirection as l_location then + h.put_location (l_location) + end response.send (page) on_terminated end diff --git a/src/service/response/cms_response_message.e b/src/service/response/cms_response_message.e new file mode 100644 index 0000000..d98e368 --- /dev/null +++ b/src/service/response/cms_response_message.e @@ -0,0 +1,54 @@ +note + description: "Summary description for {CMS_RESPONSE_MESSAGE}." + author: "" + date: "$Date$" + revision: "$Revision$" + +deferred class + CMS_RESPONSE_MESSAGE + +inherit + WSF_RESPONSE_MESSAGE + +feature {NONE} -- Initialization + + initialize + do + status_code := {HTTP_STATUS_CODE}.ok + create header.make_with_count (2) + header.put_current_date + header.put_content_type_text_html + end + +feature -- Access + + status_code: INTEGER + -- Status code for the response. + + header: HTTP_HEADER + -- Header associated with the response. + +feature {WSF_RESPONSE} -- Output + + send_to (res: WSF_RESPONSE) + -- + do + res.set_status_code (status_code) + + send_header_to (res) + send_payload_to (res) + end + + send_header_to (res: WSF_RESPONSE) + -- Send header to response `res'. + do + res.put_header_lines (header) + end + + send_payload_to (res: WSF_RESPONSE) + -- Send payload data to response `res'. + do + -- Nothing by default + end + +end diff --git a/src/service/response/cms_unauthorized_response_message.e b/src/service/response/cms_unauthorized_response_message.e new file mode 100644 index 0000000..d8d26a3 --- /dev/null +++ b/src/service/response/cms_unauthorized_response_message.e @@ -0,0 +1,43 @@ +note + description: "[ + Message response to notify an unauthorized access. + ]" + date: "$Date$" + revision: "$Revision$" + +class + CMS_UNAUTHORIZED_RESPONSE_MESSAGE + +inherit + CMS_RESPONSE_MESSAGE + +create + make, + make_with_basic_auth_challenge + +feature {NONE} -- Initialization + + make + do + initialize + status_code := {HTTP_STATUS_CODE}.unauthorized + end + + make_with_basic_auth_challenge (a_realm: detachable READABLE_STRING_8) + local + l_realm: READABLE_STRING_8 + do + make + if a_realm /= Void then + l_realm := a_realm + else + l_realm := default_realm + end + header.put_header_key_value ({HTTP_HEADER_NAMES}.header_www_authenticate, "Basic realm=%""+ l_realm +"%"") + end + +feature -- Access + + default_realm: STRING = "CMS-User credential" + +end