Fixed the basic auth logout by using the ://foo@hostname... workaround.

Added support for ?destination=... so that login or logout will return to previous visited page. Revisited the sending of generic response such as access denied, unauthorized, redirection ... Fixed support of CMS_RESPONSE.header which was previously ignored. Added support for CMS_RESPONSE.redirection: detachable READABLE_STRING_8, to allow easy url redirection. Added CMS_NODE.make_empty + Cosmetic.
2015-04-09 23:54:14 +02:00
parent b235fb30a7
commit 20471923fd
12 changed files with 252 additions and 28 deletions
--- a/src/modules/basic_auth/handler/basic_auth_login_handler.e
+++ b/src/modules/basic_auth/handler/basic_auth_login_handler.e
@@ -50,11 +50,21 @@ feature -- HTTP Methods
 		do
 			api.logger.put_information (generator + ".do_get Processing basic auth login", Void)
 			if attached {STRING_32} current_user_name (req) as l_user then
-				(create {CMS_GENERIC_RESPONSE}).new_response_redirect (req, res, req.absolute_script_url("/"))
+				if attached {WSF_STRING} req.query_parameter ("destination") as l_uri then
+					 redirect_to (req.absolute_script_url (l_uri.url_encoded_value), res)
+				else
+					redirect_to (req.absolute_script_url ("/"), res)
+				end
 			else
-				(create {CMS_GENERIC_RESPONSE}).new_response_authenticate (req, res)
+				send_basic_authentication_challenge (Void, res)
 			end
 		end

+feature -- Helpers
+
+	send_basic_authentication_challenge (a_realm: detachable READABLE_STRING_8; res: WSF_RESPONSE)
+		do
+			res.send (create {CMS_UNAUTHORIZED_RESPONSE_MESSAGE}.make_with_basic_auth_challenge (a_realm))
+		end

 end