Fixed the basic auth logout by using the ://foo@hostname... workaround.

Added support for ?destination=... so that login or logout will return to previous visited page. Revisited the sending of generic response such as access denied, unauthorized, redirection ... Fixed support of CMS_RESPONSE.header which was previously ignored. Added support for CMS_RESPONSE.redirection: detachable READABLE_STRING_8, to allow easy url redirection. Added CMS_NODE.make_empty + Cosmetic.
2015-04-09 23:54:14 +02:00
parent b235fb30a7
commit 20471923fd
12 changed files with 252 additions and 28 deletions
--- a/library/model/src/content/cms_node.e
+++ b/library/model/src/content/cms_node.e
@@ -14,10 +14,17 @@ inherit
 	REFACTORING_HELPER
 create
-	make
+	make,
 	make_empty
 feature{NONE} -- Initialization
 	make_empty
 			-- Create empty node.
 		do
 			make ({STRING_32} "", {STRING_32} "", {STRING_32} "")
 		end
 	make (a_content: READABLE_STRING_32; a_summary: READABLE_STRING_32; a_title: READABLE_STRING_32)
 			-- Create current node with `a_content', `a_summary' and `a_title'.
 		local
@@ -83,9 +90,6 @@ feature -- Access
 	author: detachable CMS_USER
 			-- Author of current node.
 --	collaborators: detachable LIST[CMS_USER]
 --			-- Users contributed to current Node.
 feature -- status report
 	has_id: BOOLEAN
@@ -191,6 +195,6 @@ feature -- Element change
 --		end
 note
-	copyright: "2011-2014, Javier Velilla, Jocelyn Fiat, Eiffel Software and others"
+	copyright: "2011-2015, Javier Velilla, Jocelyn Fiat, Eiffel Software and others"
 	license: "Eiffel Forum License v2 (see http://www.eiffel.com/licensing/forum.txt)"
 end
--- a/src/modules/basic_auth/basic_auth_module.e
+++ b/src/modules/basic_auth/basic_auth_module.e
@@ -1,5 +1,8 @@
 note
-	description: "This module allows the use of HTTP Basic Authentication to restrict access by looking up users in the given providers."
+	description: "[
 			This module allows the use of HTTP Basic Authentication to restrict access
 			by looking up users in the given providers.
 		]"
 	date: "$Date: 2015-02-09 22:29:56 +0100 (lun., 09 févr. 2015) $"
 	revision: "$Revision: 96596 $"
@@ -107,9 +110,9 @@ feature -- Hooks
 			lnk: CMS_LOCAL_LINK
 		do
 			if attached a_response.current_user (a_response.request) as u then
-				create lnk.make ("Logout", "/basic_auth_logoff")
+				create lnk.make (u.name +  " (Logout)", "/basic_auth_logoff?destination=" + a_response.request.request_uri)
 			else
-				create lnk.make ("Login", "/basic_auth_login")
+				create lnk.make ("Login", "/basic_auth_login?destination=" + a_response.request.request_uri)
 			end
 --			if not a_menu_system.primary_menu.has (lnk) then
 				lnk.set_weight (99)
--- a/src/modules/basic_auth/handler/basic_auth_login_handler.e
+++ b/src/modules/basic_auth/handler/basic_auth_login_handler.e
@@ -50,11 +50,21 @@ feature -- HTTP Methods
 		do
 			api.logger.put_information (generator + ".do_get Processing basic auth login", Void)
 			if attached {STRING_32} current_user_name (req) as l_user then
-				(create {CMS_GENERIC_RESPONSE}).new_response_redirect (req, res, req.absolute_script_url("/"))
+				if attached {WSF_STRING} req.query_parameter ("destination") as l_uri then
 					 redirect_to (req.absolute_script_url (l_uri.url_encoded_value), res)
 				else
-				(create {CMS_GENERIC_RESPONSE}).new_response_authenticate (req, res)
+					redirect_to (req.absolute_script_url ("/"), res)
 				end
 			else
 				send_basic_authentication_challenge (Void, res)
 			end
 		end
 feature -- Helpers
 	send_basic_authentication_challenge (a_realm: detachable READABLE_STRING_8; res: WSF_RESPONSE)
 		do
 			res.send (create {CMS_UNAUTHORIZED_RESPONSE_MESSAGE}.make_with_basic_auth_challenge (a_realm))
 		end
 end
--- a/src/modules/basic_auth/handler/basic_auth_logoff_handler.e
+++ b/src/modules/basic_auth/handler/basic_auth_logoff_handler.e
@@ -45,13 +45,29 @@ feature -- HTTP Methods
 			-- <Precursor>
 		local
 			l_page: CMS_RESPONSE
 			l_url: STRING
 			i: INTEGER
 		do
 			api.logger.put_information (generator + ".do_get Processing basic auth logoff", Void)
 			if attached req.query_parameter ("prompt") as l_prompt then
-				(create {CMS_GENERIC_RESPONSE}).new_response_unauthorized (req, res)
+				unset_current_user (req)
 				send_access_denied (res)
 			else
 				create {GENERIC_VIEW_CMS_RESPONSE} l_page.make (req, res, api)
-				l_page.set_status_code ({HTTP_STATUS_CODE}.unauthorized)
+				unset_current_user (req)
 				l_page.set_status_code ({HTTP_STATUS_CODE}.found) -- Note: can not use {HTTP_STATUS_CODE}.unauthorized for redirection
 				if attached {WSF_STRING} req.query_parameter ("destination") as l_uri then
 					l_url := req.absolute_script_url (l_uri.url_encoded_value)
 				else
 					l_url := req.absolute_script_url ("")
 				end
 				i := l_url.substring_index ("://", 1)
 				if i > 0 then
 						-- Note: this is a hack to have the logout effective on various browser
 						-- (firefox requires this).
 					l_url.replace_substring ("://_logout_basic_auth_@", i, i + 2)
 				end
 				l_page.set_redirection (l_url)
 				l_page.execute
 			end
 		end
--- a/src/service/cms_api.e
+++ b/src/service/cms_api.e
@@ -50,7 +50,7 @@ feature -- Access
 			-- Logger
 	storage: CMS_STORAGE
-			-- Persistence storage.				
+			-- Default persistence storage.				
 feature -- Status Report
--- a/src/service/handler/cms_handler.e
+++ b/src/service/handler/cms_handler.e
@@ -1,6 +1,7 @@
 note
-	description: "Summary description for {CMS_HANDLER}."
+	description: "[
-	author: ""
+			Common interface for request handler specific to the CMS component.
 		]"
 	date: "$Date: 2015-02-13 13:08:13 +0100 (ven., 13 févr. 2015) $"
 	revision: "$Revision: 96616 $"
@@ -26,4 +27,19 @@ feature -- API Service
 	api: CMS_API
 feature -- Response helpers
 	redirect_to (a_location: READABLE_STRING_8; res: WSF_RESPONSE)
 			-- Send via `res' a redirection message for location `a_location'.			
 		do
 			res.redirect_now (a_location)
 --			res.send (create {CMS_REDIRECTION_RESPONSE_MESSAGE}.make (a_location))
 		end
 	send_access_denied (res: WSF_RESPONSE)
 			-- Send via `res' an access denied response.
 		do
 			res.send (create {CMS_FORBIDDEN_RESPONSE_MESSAGE}.make)
 		end
 end
--- a/src/service/misc/cms_request_util.e
+++ b/src/service/misc/cms_request_util.e
@@ -1,6 +1,5 @@
 note
-	description: "Summary description for {CMS_REQUEST_UTIL}."
+	description: "Set of helper features related to CMS Request needs."
 	author: ""
 	date: "$Date: 2015-02-13 13:08:13 +0100 (ven., 13 févr. 2015) $"
 	revision: "$Revision: 96616 $"
@@ -29,7 +28,7 @@ feature -- User
 		note
 			EIS: "eiffel:?class=AUTHENTICATION_FILTER&feature=execute"
 		do
-			if attached {CMS_USER} req.execution_variable ("_cms_active_user_") as l_user then
+			if attached {CMS_USER} req.execution_variable (current_user_execution_variable_name) as l_user then
 				Result := l_user
 			end
 		end
@@ -40,14 +39,27 @@ feature -- Change
 			-- Set `a_user' as `current_user'.
 		do
 			if a_user = Void then
-				req.unset_execution_variable ("_cms_active_user_")
+				req.unset_execution_variable (current_user_execution_variable_name)
 			else
-				req.set_execution_variable ("_cms_active_user_", a_user)
+				req.set_execution_variable (current_user_execution_variable_name, a_user)
 			end
 		ensure
 			user_set: current_user (req) ~ a_user
 		end
 	unset_current_user (req: WSF_REQUEST)
 			-- Unset current user.
 		do
 			req.unset_execution_variable (current_user_execution_variable_name)
 		ensure
 			user_unset: current_user (req) = Void
 		end
 feature {NONE} -- Implementation: current user
 	current_user_execution_variable_name: STRING = "_cms_active_user_"
 			-- Execution variable name used to keep current user data.
 feature -- Media Type
 	current_media_type (req: WSF_REQUEST): detachable READABLE_STRING_32
--- a/src/service/response/cms_forbidden_response_message.e
+++ b/src/service/response/cms_forbidden_response_message.e
@@ -0,0 +1,25 @@
 note
 	description: "[
 			Message response to notify a forbidden access.
 		]"
 	date: "$Date$"
 	revision: "$Revision$"
 class
 	CMS_FORBIDDEN_RESPONSE_MESSAGE
 inherit
 	CMS_RESPONSE_MESSAGE
 create
 	make
 feature {NONE} -- Initialization
 	make
 		do
 			initialize
 			status_code := {HTTP_STATUS_CODE}.forbidden
 		end
 end
--- a/src/service/response/cms_redirection_response_message.e
+++ b/src/service/response/cms_redirection_response_message.e
@@ -0,0 +1,26 @@
 note
 	description: "[
 			Message response to redirect client to new location.
 		]"
 	date: "$Date$"
 	revision: "$Revision$"
 class
 	CMS_REDIRECTION_RESPONSE_MESSAGE
 inherit
 	CMS_RESPONSE_MESSAGE
 create
 	make
 feature {NONE} -- Initialization
 	make (a_location: READABLE_STRING_8)
 		do
 			initialize
 			status_code := {HTTP_STATUS_CODE}.see_other
 			header.put_location (a_location)
 		end
 end
--- a/src/service/response/cms_response.e
+++ b/src/service/response/cms_response.e
@@ -1,5 +1,8 @@
 note
-	description: "Generic CMS Response.It builds the content to get process to render the output"
+	description: "[
 			Generic CMS Response.
 			It builds the content to get process to render the output.
 		]"
 	date: "$Date: 2015-02-16 20:14:19 +0100 (lun., 16 févr. 2015) $"
 	revision: "$Revision: 96643 $"
@@ -79,6 +82,9 @@ feature -- Access
 	additional_page_head_lines: detachable LIST [READABLE_STRING_8]
 			-- HTML>head>...extra lines
 	redirection: detachable READABLE_STRING_8
 			-- Location for eventual redirection.
 feature -- Module
 	module_resource_path (a_module: CMS_MODULE; a_resource: PATH): detachable PATH
@@ -239,6 +245,11 @@ feature -- Element change
 			values.remove (k)
 		end
 	set_redirection (a_location: READABLE_STRING_8)
 			-- Set `redirection' to `a_location'.
 		do
 			redirection := a_location
 		end
 feature -- Logging
@@ -247,7 +258,7 @@ feature -- Logging
 --			l_log: CMS_LOG
 		do
 			debug
-				to_implement ("Add implemenatation")
+				to_implement ("Add implementation")
 			end
 --			create l_log.make (a_category, a_message, a_level, Void)
 --			if a_link /= Void then
@@ -966,7 +977,6 @@ feature -- Custom Variables
 	variables: detachable STRING_TABLE[ANY]
 			-- Custom variables to feed the templates.
 feature -- Element change: Add custom variables.
 	add_variable (a_element: ANY; a_key:READABLE_STRING_32)
@@ -981,7 +991,6 @@ feature -- Element change: Add custom variables.
 			l_variables.force (a_element, a_key)
 		end
 feature -- Execution
 	execute
@@ -1006,6 +1015,7 @@ feature {NONE} -- Execution
 			cms_page: CMS_HTML_PAGE
 			page: CMS_HTML_PAGE_RESPONSE
 			utf: UTF_CONVERTER
 			h: HTTP_HEADER
 		do
 			if attached {READABLE_STRING_GENERAL} values.item ("optional_content_type") as l_type then
 				create cms_page.make_typed (utf.utf_32_string_to_utf_8_string_8 (l_type))
@@ -1015,8 +1025,13 @@ feature {NONE} -- Execution
 			prepare (cms_page)
 			create page.make (theme.page_html (cms_page))
 			page.set_status_code (status_code)
-			page.header.put_content_length (page.html.count)
+			h := page.header
-			page.header.put_current_date
+			h.put_content_length (page.html.count)
 			h.put_current_date
 			h.put_header_object (header)
 			if attached redirection as l_location then
 				h.put_location (l_location)
 			end
 			response.send (page)
 			on_terminated
 		end
--- a/src/service/response/cms_response_message.e
+++ b/src/service/response/cms_response_message.e
@@ -0,0 +1,54 @@
 note
 	description: "Summary description for {CMS_RESPONSE_MESSAGE}."
 	author: ""
 	date: "$Date$"
 	revision: "$Revision$"
 deferred class
 	CMS_RESPONSE_MESSAGE
 inherit
 	WSF_RESPONSE_MESSAGE
 feature {NONE} -- Initialization
 	initialize
 		do
 			status_code := {HTTP_STATUS_CODE}.ok
 			create header.make_with_count (2)
 			header.put_current_date
 			header.put_content_type_text_html
 		end
 feature -- Access
 	status_code: INTEGER
 			-- Status code for the response.
 	header: HTTP_HEADER
 			-- Header associated with the response.
 feature {WSF_RESPONSE} -- Output
 	send_to (res: WSF_RESPONSE)
 			-- <Precursor>
 		do
 			res.set_status_code (status_code)
 			send_header_to (res)
 			send_payload_to (res)
 		end
 	send_header_to (res: WSF_RESPONSE)
 			-- Send header to response `res'.
 		do
 			res.put_header_lines (header)
 		end
 	send_payload_to (res: WSF_RESPONSE)
 			-- Send payload data to response `res'.
 		do
 			-- Nothing by default
 		end
 end
--- a/src/service/response/cms_unauthorized_response_message.e
+++ b/src/service/response/cms_unauthorized_response_message.e
@@ -0,0 +1,43 @@
 note
 	description: "[
 			Message response to notify an unauthorized access.
 		]"
 	date: "$Date$"
 	revision: "$Revision$"
 class
 	CMS_UNAUTHORIZED_RESPONSE_MESSAGE
 inherit
 	CMS_RESPONSE_MESSAGE
 create
 	make,
 	make_with_basic_auth_challenge
 feature {NONE} -- Initialization
 	make
 		do
 			initialize
 			status_code := {HTTP_STATUS_CODE}.unauthorized
 		end
 	make_with_basic_auth_challenge (a_realm: detachable READABLE_STRING_8)
 		local
 			l_realm: READABLE_STRING_8
 		do
 			make
 			if a_realm /= Void then
 				l_realm := a_realm
 			else
 				l_realm := default_realm
 			end
 			header.put_header_key_value ({HTTP_HEADER_NAMES}.header_www_authenticate, "Basic realm=%""+ l_realm +"%"")
 		end
 feature -- Access		
 	default_realm: STRING = "CMS-User credential"
 end