Allow to login with username or email.

Removed useless and unimplemented feature from CMS_FORM .
SCOOP is default for demo.ecf
Made blog and page module self administrable, i.e administration module is same as module.
This fixes the export hook for page and blog modules.
Improved sql instructions to ease debugging and catch missing sql_finalize... call.
Cleaned sql code.

examples/demo/demo.ecf

@@ -51,9 +51,6 @@
 		<library name="wsf_extension" location="$ISE_LIBRARY\contrib\library\web\framework\ewf\wsf\wsf_extension.ecf" readonly="false"/>
 	</target>
 	<target name="demo_any" extends="common">
-		<capability>
-			<concurrency support="scoop" use="scoop"/>
-		</capability>
 		<library name="any_launcher" location="..\..\launcher\any.ecf" readonly="false"/>
 		<cluster name="src" location=".\src\" recursive="true"/>
 	</target>

library/persistence/sqlite3/src/cms_storage_sqlite3.e

@@ -73,14 +73,25 @@ feature -- Execution
 
 	sql_begin_transaction
 			-- Start a database transtaction.
+		local
+			retried: BOOLEAN
 		do
-			if transaction_depth = 0 then
-				sqlite.begin_transaction (False)
-			end
-			transaction_depth := transaction_depth + 1
-			debug ("roc_storage")
-				print ("# sql_begin_transaction (depth="+ transaction_depth.out +").%N")
+			if retried then
+					-- Issue .. db locked?
+				sql_rollback_transaction
+				error_handler.add_custom_error (-1, "db error", "Unable to begin transaction..")
+			else
+				if transaction_depth = 0 then
+					sqlite.begin_transaction (False)
+				end
+				transaction_depth := transaction_depth + 1
+				debug ("roc_storage")
+					print ("# sql_begin_transaction (depth="+ transaction_depth.out +").%N")
+				end
 			end
+		rescue
+			retried := True
+			retry
 		end
 
 	sql_rollback_transaction

modules/blog/cms_blog_module.e

@@ -17,6 +17,8 @@ inherit
 			blog_api
 		end
 
+	CMS_WITH_MODULE_ADMINISTRATION
+
 	CMS_HOOK_MENU_SYSTEM_ALTER
 
 	CMS_HOOK_RESPONSE_ALTER
@@ -81,13 +83,21 @@ feature {CMS_API} -- Module management
 			end
 		end
 
-feature {CMS_API} -- Access: API
+feature {CMS_API, CMS_MODULE} -- Access: API
 
 	blog_api: detachable CMS_BLOG_API
 			-- <Precursor>
 
 	node_api: detachable CMS_NODE_API
 
+feature {NONE} -- Administration
+
+	administration: CMS_SELF_MODULE_ADMINISTRATION [CMS_BLOG_MODULE]
+			-- Administration module.
+		do
+			create Result.make (Current)
+		end
+
 feature -- Access: router
 
 	setup_router (a_router: WSF_ROUTER; a_api: CMS_API)

modules/node/submodules/page/cms_page_module.e

@@ -21,6 +21,8 @@ inherit
 
 	CMS_HOOK_IMPORT
 
+	CMS_WITH_MODULE_ADMINISTRATION
+
 	CMS_EXPORT_NODE_UTILITIES
 
 	CMS_IMPORT_NODE_UTILITIES
@@ -114,6 +116,14 @@ feature {CMS_API} -- Module management
 			end
 		end
 
+feature {NONE} -- Administration
+
+	administration: CMS_SELF_MODULE_ADMINISTRATION [CMS_PAGE_MODULE]
+			-- Administration module.
+		do
+			create Result.make (Current)
+		end
+
 feature {CMS_API} -- Access: API
 
 	page_api: detachable CMS_PAGE_API

modules/session_auth/cms_session_auth_module.e

@@ -187,43 +187,75 @@ feature {NONE} -- Implementation: routes
 	handle_login_with_session (api: CMS_API; a_session_api: CMS_SESSION_API; req: WSF_REQUEST; res: WSF_RESPONSE)
 		local
 			r: CMS_RESPONSE
+			l_username, l_username_or_email, l_password: detachable READABLE_STRING_GENERAL
+			l_user: detachable CMS_USER
+			l_tmp_user: detachable CMS_TEMP_USER
 		do
 			if
-				attached {WSF_STRING} req.form_parameter ("username") as l_username and then
-				attached {WSF_STRING} req.form_parameter ("password") as l_password
+				attached {WSF_STRING} req.form_parameter ("username") as p_username and then
+				attached {WSF_STRING} req.form_parameter ("password") as p_password
 			then
-				if
-					api.user_api.is_valid_credential (l_username.value, l_password.value) and then
-					attached api.user_api.user_by_name (l_username.value) as l_user
-				then
-					a_session_api.process_user_login (l_user, req, res)
-
-					create {GENERIC_VIEW_CMS_RESPONSE} r.make (req, res, api)
+				l_username_or_email := p_username.value
+				l_password := p_password.value
+				l_user := api.user_api.user_by_name (l_username_or_email)
+				if l_user = Void then
+					l_user := api.user_api.user_by_email (l_username_or_email)
+				end
+				if l_user = Void then
+					l_tmp_user := api.user_api.temp_user_by_name (l_username_or_email)
+					if l_tmp_user = Void then
+						l_tmp_user := api.user_api.temp_user_by_email (l_username_or_email)
+					end
 					if
-						attached {WSF_STRING} req.item ("destination") as p_destination and then
-						attached p_destination.value as v and then
-						v.is_valid_as_string_8
+						l_tmp_user /= Void and then
+						api.user_api.is_valid_temp_user_credential (l_tmp_user.name, l_password)
 					then
-						r.set_redirection (v.to_string_8)
+						create {GENERIC_VIEW_CMS_RESPONSE} r.make (req, res, api)
+						if attached smarty_template_login_block (req, Current, "login", api) as l_tpl_block then
+							l_tpl_block.set_value (l_username_or_email, "username")
+							l_tpl_block.set_value ("Error: Inactive account (or not yet validated)!", "error")
+							r.add_block (l_tpl_block, "content")
+						end
 					else
-						r.set_redirection ("")
+						create {GENERIC_VIEW_CMS_RESPONSE} r.make (req, res, api)
+						if attached smarty_template_login_block (req, Current, "login", api) as l_tpl_block then
+							l_tpl_block.set_value (l_username_or_email, "username")
+							l_tpl_block.set_value ("Wrong username or password ", "error")
+							r.add_block (l_tpl_block, "content")
+						end
 					end
 				else
-					create {GENERIC_VIEW_CMS_RESPONSE} r.make (req, res, api)
-					if attached smarty_template_login_block (req, Current, "login", api) as l_tpl_block then
-						l_tpl_block.set_value (l_username.value, "username")
-						l_tpl_block.set_value ("Wrong: Username or password ", "error")
-						r.add_block (l_tpl_block, "content")
+					l_username := l_user.name
+					if api.user_api.is_valid_credential (l_username, l_password) then
+						a_session_api.process_user_login (l_user, req, res)
+
+						create {GENERIC_VIEW_CMS_RESPONSE} r.make (req, res, api)
+						if
+							attached {WSF_STRING} req.item ("destination") as p_destination and then
+							attached p_destination.value as v and then
+							v.is_valid_as_string_8
+						then
+							r.set_redirection (v.to_string_8)
+						else
+							r.set_redirection ("")
+						end
+					else
+						create {GENERIC_VIEW_CMS_RESPONSE} r.make (req, res, api)
+						if attached smarty_template_login_block (req, Current, "login", api) as l_tpl_block then
+							l_tpl_block.set_value (l_username_or_email, "username")
+							l_tpl_block.set_value ("Wrong username or password ", "error")
+							r.add_block (l_tpl_block, "content")
+						end
 					end
 				end
 				r.execute
 			else
 				create {BAD_REQUEST_ERROR_CMS_RESPONSE} r.make (req, res, api)
 				if attached smarty_template_login_block (req, Current, "login", api) as l_tpl_block then
-					if attached {WSF_STRING} req.form_parameter ("username") as l_username then
-						l_tpl_block.set_value (l_username.value, "username")
+					if attached {WSF_STRING} req.form_parameter ("username") as p_username then
+						l_tpl_block.set_value (p_username.value, "username")
 					end
-					l_tpl_block.set_value ("Wrong: Username or password ", "error")
+					l_tpl_block.set_value ("Wrong username or password ", "error")
 					r.add_block (l_tpl_block, "content")
 				end
 				r.execute

modules/session_auth/persistence/cms_session_auth_storage_sql.e

@@ -41,7 +41,7 @@ feature -- Access User
 					l_uid := 0
 				end
 			end
-			sql_finalize
+			sql_finalize_query (Select_user_id_by_token)
 			if l_uid > 0 and attached api as l_cms_api then
 				Result := l_cms_api.user_api.user_by_id (l_uid)
 			end
@@ -64,7 +64,7 @@ feature -- Access User
 					Result := False
 				end
 			end
-			sql_finalize
+			sql_finalize_query (Select_user_token)
 		end
 
 feature -- Change User token
@@ -82,8 +82,8 @@ feature -- Change User token
 			l_parameters.put (create {DATE_TIME}.make_now_utc, "utc_date")
 			sql_begin_transaction
 			sql_insert (sql_insert_session_auth, l_parameters)
+			sql_finalize_insert (sql_insert_session_auth)
 			sql_commit_transaction
-			sql_finalize
 		end
 
 	update_user_session_auth (a_token: READABLE_STRING_GENERAL; a_user: CMS_USER)
@@ -99,8 +99,8 @@ feature -- Change User token
 			l_parameters.put (create {DATE_TIME}.make_now_utc, "utc_date")
 			sql_begin_transaction
 			sql_modify (sql_update_session_auth, l_parameters)
+			sql_finalize_modify (sql_update_session_auth)
 			sql_commit_transaction
-			sql_finalize
 		end
 
 feature {NONE} -- SQL statements

src/kernel/form/cms_form.e

@@ -108,13 +108,6 @@ feature -- CMS response
 			end
 		end
 
-feature -- Webapi processing
-
-	process_webapi_response ()
-		do
-
-		end
-
 feature -- Helpers
 
 	extend_text_field (a_name: READABLE_STRING_8; a_text: detachable READABLE_STRING_GENERAL)

src/modules/core/cms_user_api.e

@@ -235,7 +235,7 @@ feature -- Change User
 
 feature -- Status report
 
-	is_valid_credential (a_auth_login, a_auth_password: READABLE_STRING_32): BOOLEAN
+	is_valid_credential (a_auth_login, a_auth_password: READABLE_STRING_GENERAL): BOOLEAN
 				-- Is the credentials `a_auth_login' and `a_auth_password' valid?
 		do
 			Result := user_storage.is_valid_credential (a_auth_login, a_auth_password)
@@ -501,6 +501,12 @@ feature -- User status
 
 feature -- Access - Temp User
 
+	is_valid_temp_user_credential (a_auth_login, a_auth_password: READABLE_STRING_GENERAL): BOOLEAN
+				-- Is the credentials `a_auth_login' and `a_auth_password' valid?
+		do
+			Result := user_storage.is_valid_temp_user_credential (a_auth_login, a_auth_password)
+		end
+
 	temp_users_count: INTEGER
 			-- Number of pending users.
 			--! to be accepted or rehected
@@ -508,19 +514,19 @@ feature -- Access - Temp User
 			Result := user_storage.temp_users_count
 		end
 
-	temp_user_by_name (a_username: READABLE_STRING_GENERAL): detachable CMS_USER
+	temp_user_by_name (a_username: READABLE_STRING_GENERAL): detachable CMS_TEMP_USER
 			-- User by name `a_user_name', if any.
 		do
-			Result := user_storage.temp_user_by_name (a_username.as_string_32)
+			Result := user_storage.temp_user_by_name (a_username)
 		end
 
-	temp_user_by_email (a_email: READABLE_STRING_8): detachable CMS_USER
+	temp_user_by_email (a_email: READABLE_STRING_GENERAL): detachable CMS_TEMP_USER
 			-- User by email `a_email', if any.
 		do
 			Result := user_storage.temp_user_by_email (a_email)
 		end
 
-	temp_user_by_activation_token (a_token: READABLE_STRING_32): detachable CMS_USER
+	temp_user_by_activation_token (a_token: READABLE_STRING_32): detachable CMS_TEMP_USER
 			-- User by activation token `a_token'.
 		do
 			Result := user_storage.temp_user_by_activation_token (a_token)

src/modules/core/persistence/core/cms_core_storage_i.e

@@ -68,13 +68,13 @@ feature -- Logs
 
 feature -- Misc
 
-	set_custom_value (a_name: READABLE_STRING_8; a_value: attached like custom_value; a_type: detachable READABLE_STRING_8)
-			-- Save data `a_name:a_value' for type `a_type' (or default if none).
+	set_custom_value (a_name: READABLE_STRING_8; a_value: attached like custom_value; a_type: READABLE_STRING_8)
+			-- Save data `a_name:a_value' for type `a_type'.
 		deferred
 		end
 
-	unset_custom_value (a_name: READABLE_STRING_8; a_type: detachable READABLE_STRING_8)
-			-- Delete data `a_name' for type `a_type' (or default if none).
+	unset_custom_value (a_name: READABLE_STRING_8; a_type: READABLE_STRING_8)
+			-- Delete data `a_name' for type `a_type'.
 		deferred
 		end
 

src/modules/core/persistence/core/cms_core_storage_sql_i.e

@@ -53,7 +53,7 @@ feature -- URL aliases
 			end
 			if l_continue then
 				sql_insert (sql_insert_path_alias, l_parameters)
-				sql_finalize
+				sql_finalize_insert (sql_insert_path_alias)
 			end
 		end
 
@@ -80,7 +80,7 @@ feature -- URL aliases
 				l_parameters.put (a_alias, "alias")
 
 				sql_modify (sql_update_path_alias, l_parameters)
-				sql_finalize
+				sql_finalize_modify (sql_update_path_alias)
 			end
 		end
 
@@ -97,7 +97,7 @@ feature -- URL aliases
 					create l_parameters.make (1)
 					l_parameters.put (a_alias, "alias")
 					sql_modify (sql_delete_path_alias, l_parameters)
-					sql_finalize
+					sql_finalize_modify (sql_delete_path_alias)
 				else
 					error_handler.add_custom_error (0, "alias mismatch", "Path alias %"" + a_alias + "%" is not related to source %"" + a_source + "%"!")
 				end
@@ -120,7 +120,7 @@ feature -- URL aliases
 				sql_forth
 				check one_row: sql_after end
 			end
-			sql_finalize
+			sql_finalize_query (sql_select_path_source)
 		end
 
 	source_of_path_alias (a_alias: READABLE_STRING_GENERAL): detachable READABLE_STRING_8
@@ -139,7 +139,7 @@ feature -- URL aliases
 					check one_row: sql_after end
 				end
 			end
-			sql_finalize
+			sql_finalize_query (sql_select_path_alias)
 		end
 
 	path_aliases: STRING_TABLE [READABLE_STRING_8]
@@ -165,7 +165,7 @@ feature -- URL aliases
 					sql_forth
 				end
 			end
-			sql_finalize
+			sql_finalize_query (sql_select_all_path_alias)
 		end
 
 	sql_select_all_path_alias: STRING = "SELECT source, alias, lang FROM path_aliases ORDER BY pid DESC;"
@@ -218,7 +218,7 @@ feature -- Logs
 			end
 			l_parameters.put (now, "date")
 			sql_insert (sql_insert_log, l_parameters)
-			sql_finalize
+			sql_finalize_insert (sql_insert_log)
 		end
 
 	logs (a_category: detachable READABLE_STRING_GENERAL; a_lower: INTEGER; a_count: INTEGER): ARRAYED_LIST [CMS_LOG]
@@ -262,7 +262,7 @@ feature -- Logs
 				end
 				sql_forth
 			end
-			sql_finalize
+			sql_finalize_query (l_sql)
 		end
 
 	fetch_log: detachable CMS_LOG
@@ -311,7 +311,7 @@ feature -- Logs
 
 feature -- Misc
 
-	set_custom_value (a_name: READABLE_STRING_8; a_value: attached like custom_value; a_type: detachable READABLE_STRING_8)
+	set_custom_value (a_name: READABLE_STRING_8; a_value: attached like custom_value; a_type: READABLE_STRING_8)
 			-- <Precursor>
 		local
 			l_parameters: STRING_TABLE [detachable ANY]
@@ -319,45 +319,29 @@ feature -- Misc
 			error_handler.reset
 
 			create l_parameters.make (3)
-			if a_type /= Void then
-				l_parameters.put (a_type, "type")
-			else
-				l_parameters.put (a_type, "default")
-			end
+			l_parameters.put (a_type, "type")
 			l_parameters.put (a_name, "name")
 			l_parameters.put (a_value, "value")
+			sql_begin_transaction
 			if attached custom_value (a_name, a_type) as l_value then
 				if a_value.same_string (l_value) then
 						-- already up to date
 				else
 					sql_modify (sql_update_custom_value, l_parameters)
-					sql_finalize
+					sql_finalize_modify (sql_update_custom_value)
 				end
 			else
 				sql_insert (sql_insert_custom_value, l_parameters)
-				sql_finalize
+				sql_finalize_insert (sql_insert_custom_value)
 			end
-		end
-
-	unset_custom_value (a_name: READABLE_STRING_8; a_type: detachable READABLE_STRING_8)
-			-- <Precursor>
-		local
-			l_parameters: STRING_TABLE [detachable ANY]
-		do
-			error_handler.reset
-
-			create l_parameters.make (3)
-			if a_type /= Void then
-				l_parameters.put (a_type, "type")
+			if has_error then
+				sql_rollback_transaction
 			else
-				l_parameters.put (a_type, "default")
+				sql_commit_transaction
 			end
-			l_parameters.put (a_name, "name")
-			sql_modify (sql_delete_custom_value, l_parameters)
-			sql_finalize
 		end
 
-	custom_value (a_name: READABLE_STRING_GENERAL; a_type: detachable READABLE_STRING_8): detachable READABLE_STRING_32
+	unset_custom_value (a_name: READABLE_STRING_8; a_type: READABLE_STRING_8)
 			-- <Precursor>
 		local
 			l_parameters: STRING_TABLE [detachable ANY]
@@ -365,11 +349,21 @@ feature -- Misc
 			error_handler.reset
 
 			create l_parameters.make (2)
-			if a_type /= Void then
-				l_parameters.put (a_type, "type")
-			else
-				l_parameters.put (a_type, "default")
-			end
+			l_parameters.put (a_type, "type")
+			l_parameters.put (a_name, "name")
+			sql_delete (sql_delete_custom_value, l_parameters)
+			sql_finalize_delete (sql_delete_custom_value)
+		end
+
+	custom_value (a_name: READABLE_STRING_GENERAL; a_type: READABLE_STRING_8): detachable READABLE_STRING_32
+			-- <Precursor>
+		local
+			l_parameters: STRING_TABLE [detachable ANY]
+		do
+			error_handler.reset
+
+			create l_parameters.make (2)
+			l_parameters.put (a_type, "type")
 			l_parameters.put (a_name, "name")
 			sql_query (sql_select_custom_value, l_parameters)
 			if not has_error and not sql_after then
@@ -377,16 +371,16 @@ feature -- Misc
 				sql_forth
 				check one_row: sql_after end
 			end
-			sql_finalize
+			sql_finalize_query (sql_select_custom_value)
 		end
 
-	custom_values: detachable LIST [TUPLE [name: READABLE_STRING_GENERAL; type: detachable READABLE_STRING_8; value: detachable READABLE_STRING_32]]
+	custom_values: detachable LIST [TUPLE [name: READABLE_STRING_GENERAL; type: READABLE_STRING_8; value: detachable READABLE_STRING_32]]
 			-- Values as list of [name, type, value].
 		local
 			l_type, l_name: READABLE_STRING_8
 		do
 			error_handler.reset
-			create {ARRAYED_LIST [TUPLE [name: READABLE_STRING_GENERAL; type: detachable READABLE_STRING_8; value: detachable READABLE_STRING_32]]} Result.make (5)
+			create {ARRAYED_LIST [TUPLE [name: READABLE_STRING_GENERAL; type: READABLE_STRING_8; value: detachable READABLE_STRING_32]]} Result.make (5)
 			sql_query (sql_select_all_custom_values, Void)
 			if not has_error then
 				from
@@ -406,7 +400,7 @@ feature -- Misc
 					sql_forth
 				end
 			end
-			sql_finalize
+			sql_finalize_query (sql_select_all_custom_values)
 		end
 
 	sql_select_all_custom_values: STRING = "SELECT type, name, value FROM custom_values;"

src/modules/core/persistence/user/cms_user_storage_i.e

@@ -70,7 +70,7 @@ feature -- Access
 			password: Result /= Void implies (Result.hashed_password /= Void and Result.password = Void)
 		end
 
-	is_valid_credential (a_u, a_p: READABLE_STRING_32): BOOLEAN
+	is_valid_credential (a_u, a_p: READABLE_STRING_GENERAL): BOOLEAN
 			-- Does account with username `a_username' and password `a_password' exist?
 		deferred
 		end
@@ -212,18 +212,23 @@ feature -- Change: User password recovery
 
 feature -- Access: Temp Users
 
+	is_valid_temp_user_credential (a_u, a_p: READABLE_STRING_GENERAL): BOOLEAN
+			-- Does temp account with username `a_username' and password `a_password' exist?
+		deferred
+		end
+
 	temp_users_count: INTEGER
 			-- Number of pending users
 			--! to be accepted or rejected
 		deferred
 		end
 
-	temp_user_by_id (a_uid: like {CMS_USER}.id; a_consumer_table: READABLE_STRING_GENERAL): detachable CMS_USER
+	temp_user_by_id (a_uid: like {CMS_USER}.id; a_consumer_table: READABLE_STRING_GENERAL): detachable CMS_TEMP_USER
 			-- Retrieve a temporal user by id `a_uid' for the consumer `a_consumer', if aby.
 		deferred
 		end
 
-	temp_user_by_name (a_name: like {CMS_USER}.name): detachable CMS_USER
+	temp_user_by_name (a_name: READABLE_STRING_GENERAL): detachable CMS_TEMP_USER
 			-- User with name `a_name', if any.
 		require
 			 a_name /= Void and then not a_name.is_empty
@@ -233,7 +238,7 @@ feature -- Access: Temp Users
 			password: Result /= Void implies (Result.hashed_password /= Void and Result.password = Void)
 		end
 
-	temp_user_by_email (a_email: like {CMS_USER}.email): detachable CMS_USER
+	temp_user_by_email (a_email: READABLE_STRING_GENERAL): detachable CMS_TEMP_USER
 			-- User with name `a_email', if any.
 		deferred
 		ensure
@@ -241,7 +246,7 @@ feature -- Access: Temp Users
 			password: Result /= Void implies (Result.hashed_password /= Void and Result.password = Void)
 		end
 
-	temp_user_by_activation_token (a_token: READABLE_STRING_32): detachable CMS_USER
+	temp_user_by_activation_token (a_token: READABLE_STRING_GENERAL): detachable CMS_TEMP_USER
 			-- User with activation token `a_token', if any.
 		deferred
 		ensure

src/modules/core/persistence/user/cms_user_storage_null.e

@@ -41,7 +41,7 @@ feature -- Access: user
 		do
 		end
 
-	is_valid_credential (l_auth_login, l_auth_password: READABLE_STRING_32): BOOLEAN
+	is_valid_credential (l_auth_login, l_auth_password: READABLE_STRING_GENERAL): BOOLEAN
 		do
 		end
 
@@ -147,27 +147,31 @@ feature -- Change: User password recovery
 
 feature -- Access: Users
 
+	is_valid_temp_user_credential (l_auth_login, l_auth_password: READABLE_STRING_GENERAL): BOOLEAN
+		do
+		end
+
 	temp_users_count: INTEGER
 			-- <Precursor>
 		do
 		end
 
-	temp_user_by_id (a_uid: like {CMS_USER}.id; a_consumer_table: READABLE_STRING_GENERAL): detachable CMS_USER
+	temp_user_by_id (a_uid: like {CMS_USER}.id; a_consumer_table: READABLE_STRING_GENERAL): detachable CMS_TEMP_USER
 			-- <Precursor>
 		do
 		end
 
-	temp_user_by_name (a_name: like {CMS_USER}.name): detachable CMS_USER
+	temp_user_by_name (a_name: READABLE_STRING_GENERAL): detachable CMS_TEMP_USER
 			-- <Precursor>
 		do
 		end
 
-	temp_user_by_email (a_email: like {CMS_USER}.email): detachable CMS_USER
+	temp_user_by_email (a_email: READABLE_STRING_GENERAL): detachable CMS_TEMP_USER
 			-- <Precursor>
 		do
 		end
 
-	temp_user_by_activation_token (a_token: READABLE_STRING_32): detachable CMS_USER
+	temp_user_by_activation_token (a_token: READABLE_STRING_GENERAL): detachable CMS_TEMP_USER
 			-- <Precursor>
 		do
 		end
@@ -190,7 +194,6 @@ feature -- Temp Users
 		do
   		end
 
-
 	remove_activation (a_token: READABLE_STRING_GENERAL)
 			-- <Precursor>.
 		do

src/modules/core/persistence/user/cms_user_storage_sql_i.e

@@ -35,7 +35,7 @@ feature -- Access: user
 				sql_forth
 				check one_row: sql_after end
 			end
-			sql_finalize
+			sql_finalize_query (select_users_count)
 		end
 
 	users: LIST [CMS_USER]
@@ -45,8 +45,8 @@ feature -- Access: user
 			error_handler.reset
 			write_information_log (generator + ".all_users")
 
+			sql_query (select_users, Void)
 			from
-				sql_query (select_users, Void)
 				sql_start
 			until
 				sql_after or has_error
@@ -56,7 +56,7 @@ feature -- Access: user
 				end
 				sql_forth
 			end
-			sql_finalize
+			sql_finalize_query (select_users)
 		end
 
 	user_by_id (a_id: like {CMS_USER}.id): detachable CMS_USER
@@ -74,7 +74,7 @@ feature -- Access: user
 				sql_forth
 				check one_row: sql_after end
 			end
-			sql_finalize
+			sql_finalize_query (select_user_by_id)
 		end
 
 	user_by_name (a_name: READABLE_STRING_GENERAL): detachable CMS_USER
@@ -92,7 +92,7 @@ feature -- Access: user
 				sql_forth
 				check one_row: sql_after end
 			end
-			sql_finalize
+			sql_finalize_query (select_user_by_name)
 		end
 
 	user_by_email (a_email: READABLE_STRING_GENERAL): detachable CMS_USER
@@ -110,7 +110,7 @@ feature -- Access: user
 				sql_forth
 				check one_row: sql_after end
 			end
-			sql_finalize
+			sql_finalize_query (select_user_by_email)
 		end
 
 	user_by_activation_token (a_token: READABLE_STRING_32): detachable CMS_USER
@@ -128,7 +128,7 @@ feature -- Access: user
 				sql_forth
 				check one_row: sql_after end
 			end
-			sql_finalize
+			sql_finalize_query (select_user_by_activation_token)
 		end
 
 	user_by_password_token (a_token: READABLE_STRING_32): detachable CMS_USER
@@ -146,26 +146,26 @@ feature -- Access: user
 				sql_forth
 				check one_row: sql_after end
 			end
-			sql_finalize
+			sql_finalize_query (select_user_by_password_token)
 		end
 
-	is_valid_credential (l_auth_login, l_auth_password: READABLE_STRING_32): BOOLEAN
+	is_valid_credential (a_auth_login, a_auth_password: READABLE_STRING_GENERAL): BOOLEAN
 		local
 			l_security: SECURITY_PROVIDER
 		do
-			if attached user_salt (l_auth_login) as l_hash then
-				if attached user_by_name (l_auth_login) as l_user then
+			if attached user_salt (a_auth_login) as l_hash then
+				if attached user_by_name (a_auth_login) as l_user then
 					create l_security
 					if
 						attached l_user.hashed_password as l_hashed_password and then
-					   	l_security.password_hash (l_auth_password, l_hash).is_case_insensitive_equal (l_hashed_password)
+					   	l_security.password_hash (a_auth_password, l_hash).is_case_insensitive_equal (l_hashed_password)
 					then
 						Result := True
 					else
 						write_information_log (generator + ".is_valid_credential User: wrong username or password" )
 					end
 				else
-					write_information_log (generator + ".is_valid_credential User:" + l_auth_login + "does not exist" )
+					write_information_log (generator + ".is_valid_credential User:" + a_auth_login + "does not exist" )
 				end
 			end
 		end
@@ -180,11 +180,11 @@ feature -- Access: user
 			error_handler.reset
 			write_information_log (generator + ".recent_users")
 
+			create l_parameters.make (2)
+			l_parameters.put (a_count, "rows")
+			l_parameters.put (a_lower, "offset")
+			sql_query (sql_select_recent_users, l_parameters)
 			from
-				create l_parameters.make (2)
-				l_parameters.put (a_count, "rows")
-				l_parameters.put (a_lower, "offset")
-				sql_query (sql_select_recent_users, l_parameters)
 				sql_start
 			until
 				sql_after
@@ -194,7 +194,7 @@ feature -- Access: user
 				end
 				sql_forth
 			end
-			sql_finalize
+			sql_finalize_query (sql_select_recent_users)
 		end
 
 feature -- Change: user
@@ -231,12 +231,12 @@ feature -- Change: user
 					a_user.set_id (last_inserted_user_id)
 					update_user_roles (a_user)
 				end
+				sql_finalize_insert (sql_insert_user)
 				if not error_handler.has_error then
 					sql_commit_transaction
 				else
 					sql_rollback_transaction
 				end
-				sql_finalize
 			else
 				-- set error
 				error_handler.add_custom_error (-1, "bad request" , "Missing password or email")
@@ -274,7 +274,7 @@ feature -- Change: user
 				l_parameters.put (l_password_salt, "salt")
 
 				sql_modify (sql_update_user_name, l_parameters)
-				sql_finalize
+				sql_finalize_modify (sql_update_user_name)
 				if not error_handler.has_error then
 					a_user.set_name (a_new_username)
 					update_user_roles (a_user)
@@ -284,7 +284,6 @@ feature -- Change: user
 				else
 					sql_rollback_transaction
 				end
-				sql_finalize
 			else
 					-- set error
 				error_handler.add_custom_error (-1, "bad request" , "Missing password or email")
@@ -327,7 +326,7 @@ feature -- Change: user
 				l_parameters.put (a_user.profile_name, "profile_name")
 
 				sql_modify (sql_update_user, l_parameters)
-				sql_finalize
+				sql_finalize_modify (sql_update_user)
 				if not error_handler.has_error then
 					update_user_roles (a_user)
 				end
@@ -336,7 +335,6 @@ feature -- Change: user
 				else
 					sql_rollback_transaction
 				end
-				sql_finalize
 			else
 					-- set error
 				error_handler.add_custom_error (-1, "bad request" , "Missing password or email")
@@ -353,9 +351,9 @@ feature -- Change: user
 			write_information_log (generator + ".delete_user")
 			create l_parameters.make (1)
 			l_parameters.put (a_user.id, "uid")
-			sql_modify (sql_delete_user, l_parameters)
+			sql_delete (sql_delete_user, l_parameters)
+			sql_finalize_delete (sql_delete_user)
 			sql_commit_transaction
-			sql_finalize
 		end
 
 feature -- Change: roles
@@ -413,7 +411,6 @@ feature -- Change: roles
 			else
 				sql_rollback_transaction
 			end
-			sql_finalize
 		end
 
 	assign_role_to_user (a_role: CMS_USER_ROLE; a_user: CMS_USER)
@@ -424,7 +421,7 @@ feature -- Change: roles
 			l_parameters.put (a_user.id, "uid")
 			l_parameters.put (a_role.id, "rid")
 			sql_insert (sql_insert_role_to_user, l_parameters)
-			sql_finalize
+			sql_finalize_insert (sql_insert_role_to_user)
 		end
 
 	unassign_role_from_user (a_role: CMS_USER_ROLE; a_user: CMS_USER)
@@ -434,8 +431,8 @@ feature -- Change: roles
 			create l_parameters.make (2)
 			l_parameters.put (a_user.id, "uid")
 			l_parameters.put (a_role.id, "rid")
-			sql_modify (sql_delete_role_from_user, l_parameters)
-			sql_finalize
+			sql_delete (sql_delete_role_from_user, l_parameters)
+			sql_finalize_delete (sql_delete_role_from_user)
 		end
 
 feature -- Access: roles and permissions
@@ -453,12 +450,11 @@ feature -- Access: roles and permissions
 				Result := fetch_user_role
 				sql_forth
 				check one_row: sql_after end
-				sql_finalize
-				if Result /= Void and not has_error then
-					fill_user_role (Result)
-				end
 			end
-			sql_finalize
+			sql_finalize_query (select_user_role_by_id)
+			if Result /= Void and not has_error then
+				fill_user_role (Result)
+			end
 		end
 
 	user_role_by_name (a_name: READABLE_STRING_GENERAL): detachable CMS_USER_ROLE
@@ -475,12 +471,11 @@ feature -- Access: roles and permissions
 				Result := fetch_user_role
 				sql_forth
 				check one_row: sql_after end
-				sql_finalize
-				if Result /= Void and not has_error then
-					fill_user_role (Result)
-				end
 			end
-			sql_finalize
+			sql_finalize_query (select_user_role_by_name)
+			if Result /= Void and not has_error then
+				fill_user_role (Result)
+			end
 		end
 
 	user_roles_for (a_user: CMS_USER): LIST [CMS_USER_ROLE]
@@ -491,10 +486,10 @@ feature -- Access: roles and permissions
 			write_information_log (generator + ".user_roles_for")
 
 			create {ARRAYED_LIST [CMS_USER_ROLE]} Result.make (0)
+			create l_parameters.make (1)
+			l_parameters.put (a_user.id, "uid")
+			sql_query (select_user_roles_by_user_id, l_parameters)
 			from
-				create l_parameters.make (1)
-				l_parameters.put (a_user.id, "uid")
-				sql_query (select_user_roles_by_user_id, l_parameters)
 				sql_start
 			until
 				sql_after
@@ -504,7 +499,7 @@ feature -- Access: roles and permissions
 				end
 				sql_forth
 			end
-			sql_finalize
+			sql_finalize_query (select_user_roles_by_user_id)
 			if not has_error then
 				across Result as ic loop
 					fill_user_role (ic.item)
@@ -520,8 +515,8 @@ feature -- Access: roles and permissions
 			write_information_log (generator + ".user_roles")
 
 			create {ARRAYED_LIST [CMS_USER_ROLE]} Result.make (0)
+			sql_query (select_user_roles, Void)
 			from
-				sql_query (select_user_roles, Void)
 				sql_start
 			until
 				sql_after
@@ -532,7 +527,7 @@ feature -- Access: roles and permissions
 				end
 				sql_forth
 			end
-			sql_finalize
+			sql_finalize_query (select_user_roles)
 			if not has_error then
 				across Result as ic loop
 					fill_user_role (ic.item)
@@ -561,10 +556,10 @@ feature -- Access: roles and permissions
 			write_information_log (generator + ".role_permissions_by_id")
 
 			create {ARRAYED_LIST [READABLE_STRING_8]} Result.make (0)
+			create l_parameters.make (1)
+			l_parameters.put (a_role_id, "rid")
+			sql_query (select_role_permissions_by_role_id, l_parameters)
 			from
-				create l_parameters.make (1)
-				l_parameters.put (a_role_id, "rid")
-				sql_query (select_role_permissions_by_role_id, l_parameters)
 				sql_start
 			until
 				sql_after or has_error
@@ -576,7 +571,7 @@ feature -- Access: roles and permissions
 --				end
 				sql_forth
 			end
-			sql_finalize
+			sql_finalize_query (select_role_permissions_by_role_id)
 		end
 
 	role_permissions: LIST [READABLE_STRING_8]
@@ -587,8 +582,8 @@ feature -- Access: roles and permissions
 
 			create {ARRAYED_LIST [READABLE_STRING_8]} Result.make (0)
 			Result.compare_objects
+			sql_query (select_role_permissions, Void)
 			from
-				sql_query (select_role_permissions, Void)
 				sql_start
 			until
 				sql_after or has_error
@@ -598,7 +593,7 @@ feature -- Access: roles and permissions
 				end
 				sql_forth
 			end
-			sql_finalize
+			sql_finalize_query (select_role_permissions)
 		end
 
 feature -- Change: roles and permissions		
@@ -628,7 +623,7 @@ feature -- Change: roles and permissions
 					l_parameters.put (a_user_role.id, "rid")
 					l_parameters.put (a_user_role.name, "name")
 					sql_modify (sql_update_user_role, l_parameters)
-					sql_finalize
+					sql_finalize_modify (sql_update_user_role)
 				end
 				if not a_user_role.permissions.is_empty then
 					-- FIXME: check if this is non set permissions,or none ...
@@ -675,7 +670,7 @@ feature -- Change: roles and permissions
 				create l_parameters.make (1)
 				l_parameters.put (a_user_role.name, "name")
 				sql_insert (sql_insert_user_role, l_parameters)
-				sql_finalize
+				sql_finalize_insert (sql_insert_user_role)
 				if not error_handler.has_error then
 					a_user_role.set_id (last_inserted_user_role_id)
 					across
@@ -699,7 +694,7 @@ feature -- Change: roles and permissions
 			l_parameters.put (a_permission, "permission")
 			l_parameters.put (Void, "module") -- FIXME: unsupported for now!
 			sql_insert (sql_insert_user_role_permission, l_parameters)
-			sql_finalize
+			sql_finalize_insert (sql_insert_user_role_permission)
 		end
 
 	unset_permission_for_role_id (a_permission: READABLE_STRING_8; a_role_id: INTEGER)
@@ -713,8 +708,8 @@ feature -- Change: roles and permissions
 			create l_parameters.make (2)
 			l_parameters.put (a_role_id, "rid")
 			l_parameters.put (a_permission, "permission")
-			sql_modify (sql_delete_user_role_permission, l_parameters)
-			sql_finalize
+			sql_delete (sql_delete_user_role_permission, l_parameters)
+			sql_finalize_delete (sql_delete_user_role_permission)
 		end
 
 	last_inserted_user_role_id: INTEGER_32
@@ -728,7 +723,7 @@ feature -- Change: roles and permissions
 				sql_forth
 				check one_row: sql_after end
 			end
-			sql_finalize
+			sql_finalize_query (sql_last_insert_user_role_id)
 		end
 
 
@@ -742,11 +737,11 @@ feature -- Change: roles and permissions
 			write_information_log (generator + ".delete_role")
 			create l_parameters.make (1)
 			l_parameters.put (a_role.id, "rid")
-			sql_modify (sql_delete_role_permissions_by_role_id, l_parameters)
-			sql_finalize
-			sql_modify (sql_delete_role_by_id, l_parameters)
+			sql_delete (sql_delete_role_permissions_by_role_id, l_parameters)
+			sql_finalize_delete (sql_delete_role_permissions_by_role_id)
+			sql_delete (sql_delete_role_by_id, l_parameters)
+			sql_finalize_delete (sql_delete_role_by_id)
 			sql_commit_transaction
-			sql_finalize
 		end
 
 
@@ -767,7 +762,7 @@ feature -- Access: User activation
 				sql_forth
 				check one_row: sql_after end
 			end
-			sql_finalize
+			sql_finalize_query (sql_select_activation_expiration)
 		end
 
 	user_id_by_activation (a_token: READABLE_STRING_32): INTEGER_64
@@ -785,7 +780,7 @@ feature -- Access: User activation
 				sql_forth
 				check one_row: sql_after end
 			end
-			sql_finalize
+			sql_finalize_query (sql_select_userid_activation)
 		end
 
 feature -- Change: User activation
@@ -805,8 +800,8 @@ feature -- Change: User activation
 			l_parameters.put (a_id, "uid")
 			l_parameters.put (l_utc_date, "utc_date")
 			sql_insert (sql_insert_activation, l_parameters)
+			sql_finalize_insert (sql_insert_activation)
 			sql_commit_transaction
-			sql_finalize
 		end
 
 feature -- Change: User password recovery
@@ -826,8 +821,8 @@ feature -- Change: User password recovery
 			l_parameters.put (a_id, "uid")
 			l_parameters.put (l_utc_date, "utc_date")
 			sql_insert (sql_insert_password, l_parameters)
+			sql_finalize_insert (sql_insert_password)
 			sql_commit_transaction
-			sql_finalize
 		end
 
 	remove_password (a_token: READABLE_STRING_32)
@@ -841,13 +836,13 @@ feature -- Change: User password recovery
 			create l_parameters.make (1)
 			l_parameters.put (a_token, "token")
 			sql_modify (sql_remove_password, l_parameters)
+			sql_finalize_modify (sql_remove_password)
 			sql_commit_transaction
-			sql_finalize
 		end
 
 feature {NONE} -- Implementation: User
 
-	user_salt (a_username: READABLE_STRING_32): detachable READABLE_STRING_8
+	user_salt (a_username: READABLE_STRING_GENERAL): detachable READABLE_STRING_8
 			-- User salt for the given user `a_username', if any.
 		local
 			l_parameters: STRING_TABLE [detachable ANY]
@@ -864,7 +859,27 @@ feature {NONE} -- Implementation: User
 				sql_forth
 				check one_row: sql_after end
 			end
-			sql_finalize
+			sql_finalize_query (select_salt_by_username)
+		end
+
+	temp_user_salt (a_username: READABLE_STRING_GENERAL): detachable READABLE_STRING_8
+			-- User salt for the given user `a_username', if any.
+		local
+			l_parameters: STRING_TABLE [detachable ANY]
+		do
+			error_handler.reset
+			write_information_log (generator + ".temp_user_salt")
+			create l_parameters.make (1)
+			l_parameters.put (a_username, "name")
+			sql_query (select_temp_user_salt_by_username, l_parameters)
+			if not sql_after then
+				if attached sql_read_string (1) as l_salt then
+					Result := l_salt
+				end
+				sql_forth
+				check one_row: sql_after end
+			end
+			sql_finalize_query (select_temp_user_salt_by_username)
 		end
 
 	fetch_user: detachable CMS_USER
@@ -1049,6 +1064,27 @@ feature {NONE} -- User Password Recovery
 
 feature -- Acess: Temp users
 
+	is_valid_temp_user_credential (a_auth_login, a_auth_password: READABLE_STRING_GENERAL): BOOLEAN
+		local
+			l_security: SECURITY_PROVIDER
+		do
+			if attached temp_user_salt (a_auth_login) as l_hash then
+				if attached temp_user_by_name (a_auth_login) as l_user then
+					create l_security
+					if
+						attached l_user.hashed_password as l_hashed_password and then
+					   	l_security.password_hash (a_auth_password, l_hash).is_case_insensitive_equal (l_hashed_password)
+					then
+						Result := True
+					else
+						write_information_log (generator + ".is_valid_temp_user_credential User: wrong username or password" )
+					end
+				else
+					write_information_log (generator + ".is_valid_temp_user_credential User:" + a_auth_login + "does not exist" )
+				end
+			end
+		end
+
 	temp_users_count: INTEGER
 			-- Number of items users.
 		do
@@ -1061,10 +1097,10 @@ feature -- Acess: Temp users
 				sql_forth
 				check one_row: sql_after end
 			end
-			sql_finalize
+			sql_finalize_query (select_temp_users_count)
 		end
 
-	temp_user_by_id (a_uid: like {CMS_USER}.id; a_consumer: READABLE_STRING_GENERAL): detachable CMS_USER
+	temp_user_by_id (a_uid: like {CMS_USER}.id; a_consumer: READABLE_STRING_GENERAL): detachable CMS_TEMP_USER
 			-- <Precursor>
 		local
 			l_parameters: STRING_TABLE [detachable ANY]
@@ -1084,10 +1120,10 @@ feature -- Acess: Temp users
 					Result := Void
 				end
 			end
-			sql_finalize
+			sql_finalize_query (l_string)
 		end
 
-	temp_user_by_name (a_name: like {CMS_USER}.name): detachable CMS_USER
+	temp_user_by_name (a_name: READABLE_STRING_GENERAL): detachable CMS_TEMP_USER
 			-- User for the given name `a_name', if any.
 		local
 			l_parameters: STRING_TABLE [detachable ANY]
@@ -1102,10 +1138,10 @@ feature -- Acess: Temp users
 				sql_forth
 				check one_row: sql_after end
 			end
-			sql_finalize
+			sql_finalize_query (select_temp_user_by_name)
 		end
 
-	temp_user_by_email (a_email: like {CMS_USER}.email): detachable CMS_USER
+	temp_user_by_email (a_email: READABLE_STRING_GENERAL): detachable CMS_TEMP_USER
 			-- User for the given email `a_email', if any.
 		local
 			l_parameters: STRING_TABLE [detachable ANY]
@@ -1120,10 +1156,10 @@ feature -- Acess: Temp users
 				sql_forth
 				check one_row: sql_after end
 			end
-			sql_finalize
+			sql_finalize_query (select_temp_user_by_email)
 		end
 
-	temp_user_by_activation_token (a_token: READABLE_STRING_32): detachable CMS_USER
+	temp_user_by_activation_token (a_token: READABLE_STRING_GENERAL): detachable CMS_TEMP_USER
 			-- User for the given activation token `a_token', if any.
 		local
 			l_parameters: STRING_TABLE [detachable ANY]
@@ -1138,7 +1174,7 @@ feature -- Acess: Temp users
 				sql_forth
 				check one_row: sql_after end
 			end
-			sql_finalize
+			sql_finalize_query (select_temp_user_by_activation_token)
 		end
 
 	temp_recent_users (a_lower: INTEGER; a_count: INTEGER): LIST [CMS_TEMP_USER]
@@ -1151,11 +1187,11 @@ feature -- Acess: Temp users
 			error_handler.reset
 			write_information_log (generator + ".temp_recent_users")
 
+			create l_parameters.make (2)
+			l_parameters.put (a_count, "rows")
+			l_parameters.put (a_lower, "offset")
+			sql_query (sql_select_temp_recent_users, l_parameters)
 			from
-				create l_parameters.make (2)
-				l_parameters.put (a_count, "rows")
-				l_parameters.put (a_lower, "offset")
-				sql_query (sql_select_temp_recent_users, l_parameters)
 				sql_start
 			until
 				sql_after or has_error
@@ -1165,7 +1201,7 @@ feature -- Acess: Temp users
 				end
 				sql_forth
 			end
-			sql_finalize
+			sql_finalize_query (sql_select_temp_recent_users)
 		end
 
 	token_by_temp_user_id (a_id: like {CMS_USER}.id): detachable STRING
@@ -1185,7 +1221,7 @@ feature -- Acess: Temp users
 				sql_forth
 				check one_row: sql_after end
 			end
-			sql_finalize
+			sql_finalize_query (select_token_activation_by_user_id)
 		end
 
 feature {NONE} -- Implementation: User
@@ -1257,12 +1293,12 @@ feature -- New Temp User
   				l_parameters.put (a_temp_user.profile_name, "profile_name")
 
   				sql_insert (sql_insert_user, l_parameters)
+  				sql_finalize_insert (sql_insert_user)
   				if not error_handler.has_error then
   					sql_commit_transaction
   				else
   					sql_rollback_transaction
   				end
-  				sql_finalize
   			else
   				-- set error
   				error_handler.add_custom_error (-1, "bad request" , "Missing password or email")
@@ -1297,13 +1333,13 @@ feature -- New Temp User
 
 				sql_begin_transaction
 				sql_insert (sql_insert_temp_user, l_parameters)
+				sql_finalize_insert (sql_insert_temp_user)
 				if not error_handler.has_error then
 					a_temp_user.set_id (last_inserted_temp_user_id)
 					sql_commit_transaction
 				else
 					sql_rollback_transaction
 				end
-				sql_finalize
 			else
 					-- set error
 				error_handler.add_custom_error (-1, "bad request" , "Missing password or email or personal information")
@@ -1323,8 +1359,8 @@ feature -- Remove Activation
 			create l_parameters.make (1)
 			l_parameters.put (a_token, "token")
 			sql_modify (sql_remove_activation, l_parameters)
+			sql_finalize_modify (sql_remove_activation)
 			sql_commit_transaction
-			sql_finalize
 		end
 
 	delete_temp_user (a_temp_user: CMS_TEMP_USER)
@@ -1337,9 +1373,9 @@ feature -- Remove Activation
 			write_information_log (generator + ".delete_temp_user")
 			create l_parameters.make (1)
 			l_parameters.put (a_temp_user.id, "uid")
-			sql_modify (sql_delete_temp_user, l_parameters)
+			sql_delete (sql_delete_temp_user, l_parameters)
+			sql_finalize_delete (sql_delete_temp_user)
 			sql_commit_transaction
-			sql_finalize
 		end
 
 feature {NONE} -- Implementation
@@ -1355,7 +1391,7 @@ feature {NONE} -- Implementation
 				sql_forth
 				check one_row: sql_after end
 			end
-			sql_finalize
+			sql_finalize_query (sql_last_insert_temp_user_id)
 		end
 
 	last_inserted_user_id: INTEGER_64
@@ -1369,7 +1405,7 @@ feature {NONE} -- Implementation
 				sql_forth
 				check one_row: sql_after end
 			end
-			sql_finalize
+			sql_finalize_query (sql_last_insert_user_id)
 		end
 
 feature {NONE} -- SQL select
@@ -1392,6 +1428,9 @@ feature {NONE} -- SQL select
 	select_temp_user_by_activation_token: STRING = "SELECT u.uid, u.name, u.password, u.salt, u.email, u.application FROM auth_temp_users as u JOIN users_activations as ua ON ua.uid = u.uid and ua.token = :token;"
 			-- Retrieve user by activation token if exist.
 
+	select_temp_user_salt_by_username: STRING = "SELECT salt FROM auth_temp_users WHERE name =:name;"
+			-- Retrieve temp user salt by username if exists.			
+
 	sql_delete_temp_user: STRING = "DELETE FROM auth_temp_users WHERE uid=:uid;"
 
 	select_temp_users_count: STRING = "SELECT count(*) FROM auth_temp_users;"

src/modules/core/persistence/user_profile/cms_user_profile_storage_sql.e

@@ -35,7 +35,7 @@ feature -- Access
 			if not has_error then
 				Result := sql_read_string_32 (2)
 			end
-			sql_finalize
+			sql_finalize_query (sql_select_user_profile_item)
 		end
 
 	user_profile (a_user: CMS_USER): detachable CMS_USER_PROFILE
@@ -63,7 +63,7 @@ feature -- Access
 					sql_forth
 				end
 			end
-			sql_finalize
+			sql_finalize_query (sql_select_user_profile_items)
 		end
 
 	users_with_profile_item (a_item_name: READABLE_STRING_GENERAL; a_value: detachable READABLE_STRING_GENERAL): detachable LIST [CMS_USER]
@@ -98,7 +98,7 @@ feature -- Access
 					sql_forth
 				end
 			end
-			sql_finalize
+			sql_finalize_query (sql_select_users_with_profile_item)
 			if
 				not has_error and
 				l_uids /= Void and
@@ -132,10 +132,11 @@ feature -- Change
 			reset_error
 			if user_profile_item (a_user, a_item_name) = Void then
 				sql_insert (sql_insert_user_profile_item, l_parameters)
+				sql_finalize_insert (sql_insert_user_profile_item)
 			else
 				sql_modify (sql_update_user_profile_item, l_parameters)
+				sql_finalize_modify (sql_update_user_profile_item)
 			end
-			sql_finalize
 		end
 
 	save_user_profile (a_user: CMS_USER; a_profile: CMS_USER_PROFILE)
@@ -164,7 +165,8 @@ feature -- Change
 					l_is_new := True
 				elseif p.has_key (ic.key) then
 					l_is_new := False
-					l_has_diff := attached p.item (ic.key) as l_prev_item and then not l_prev_item.same_string (l_item)
+					l_has_diff := attached p.item (ic.key) as l_prev_item and then 
+									not l_prev_item.same_string (l_item)
 				else
 					l_is_new := True
 				end
@@ -175,13 +177,14 @@ feature -- Change
 
 					if l_is_new then
 						sql_insert (sql_insert_user_profile_item, l_parameters)
+						sql_finalize_insert (sql_insert_user_profile_item)
 					else
 						sql_modify (sql_update_user_profile_item, l_parameters)
+						sql_finalize_modify (sql_update_user_profile_item)
 					end
 					l_parameters.wipe_out
 				end
 			end
-			sql_finalize
 		end
 
 feature {NONE} -- Queries

src/modules/core/webapi/cms_root_webapi_handler.e

@@ -41,13 +41,10 @@ feature -- Execution
 			elseif api.has_permission ("account register") then
 				rep.add_link ("register", Void, api.webapi_path ("/account/register"))
 			end
-
-				-- If query has "router=yes", display basic information about router mapping.
-				-- Note: this may change in the future
 			if
-				attached router as l_router and then
 				attached req.query_parameter ("router") as p_router and then
-				p_router.same_string ("yes")
+				p_router.same_string ("yes") and then
+				attached router as l_router
 			then
 				create j.make_empty
 				create vis
@@ -78,6 +75,9 @@ feature -- Execution
 					end(?, j))
 				vis.process_router (l_router)
 				rep.add_string_field ("routing", j.representation)
+--				vis.on_mapping_actions.extend (agent (i_mapping: WSF_ROUTER_MAPPING; i_json: JSON_OBJECT)
+--					do
+--					end(?, j))
 			end
 			rep.add_self (req.percent_encoded_path_info)
 			rep.execute

src/persistence/cms_storage_null.e

@@ -103,18 +103,18 @@ feature -- Logs
 
 feature -- Custom		
 
-	set_custom_value (a_name: READABLE_STRING_8; a_value: attached like custom_value; a_type: detachable READABLE_STRING_8)
-			-- Save data `a_name:a_value' for type `a_type' (or default if none).
+	set_custom_value (a_name: READABLE_STRING_8; a_value: attached like custom_value; a_type: READABLE_STRING_8)
+			-- Save data `a_name:a_value' for type `a_type'.
 		do
 		end
 
-	unset_custom_value (a_name: READABLE_STRING_8; a_type: detachable READABLE_STRING_8)
-			-- Delete data `a_name' for type `a_type' (or default if none).
+	unset_custom_value (a_name: READABLE_STRING_8; a_type: READABLE_STRING_8)
+			-- Delete data `a_name' for type `a_type'.
 		do
 		end
 
-	custom_value (a_name: READABLE_STRING_GENERAL; a_type: detachable READABLE_STRING_8): detachable READABLE_STRING_32
-			-- Data for name `a_name' and type `a_type' (or default if none).
+	custom_value (a_name: READABLE_STRING_GENERAL; a_type: READABLE_STRING_8): detachable READABLE_STRING_32
+			-- Data for name `a_name' and type `a_type'.
 		local
 			s: STRING_32
 		do
@@ -130,7 +130,7 @@ feature -- Custom
 			end
 		end
 
-	custom_values: detachable LIST [TUPLE [name: READABLE_STRING_GENERAL; type: detachable READABLE_STRING_8; value: detachable READABLE_STRING_32]]
+	custom_values: detachable LIST [TUPLE [name: READABLE_STRING_GENERAL; type: READABLE_STRING_8; value: detachable READABLE_STRING_32]]
 			-- Values as list of [name, type, value].
 		do
 		end

src/persistence/sql/cms_proxy_storage_sql.e

@@ -41,6 +41,7 @@ feature -- Execution
 
 	sql_begin_transaction
 		do
+				-- FIXME: may raise exception due to locked database...
 			sql_storage.sql_begin_transaction
 		end
 

src/persistence/sql/cms_storage_sql_i.e

@@ -143,6 +143,31 @@ feature -- Operation
 		deferred
 		end
 
+	sql_finalize_query (a_sql_statement: STRING)
+		do
+			sql_finalize_statement (a_sql_statement)
+		end
+
+	sql_finalize_insert (a_sql_statement: STRING)
+		do
+			sql_finalize_statement (a_sql_statement)
+		end
+
+	sql_finalize_modify (a_sql_statement: STRING)
+		do
+			sql_finalize_statement (a_sql_statement)
+		end
+
+	sql_finalize_delete (a_sql_statement: STRING)
+		do
+			sql_finalize_statement (a_sql_statement)
+		end
+
+	sql_finalize_statement (a_sql_statement: STRING)
+		do
+			sql_finalize
+		end
+
 feature -- Helper
 
 	sql_script_content (a_path: PATH): detachable STRING
@@ -181,6 +206,7 @@ feature -- Helper
 			i: INTEGER
 			err: BOOLEAN
 			cl: CELL [INTEGER]
+			l_sql: STRING
 		do
 			reset_error
 			sql_begin_transaction
@@ -194,10 +220,13 @@ feature -- Helper
 			loop
 				if attached next_sql_statement (a_sql_script, i, cl) as s then
 					if not s.is_whitespace then
+						l_sql := sql_statement (s)
 						if s.starts_with ("INSERT") then
-							sql_insert (sql_statement (s), a_params)
+							sql_insert (l_sql, a_params)
+							sql_finalize_insert (l_sql)
 						else
-							sql_modify (sql_statement (s), a_params)
+							sql_modify (l_sql, a_params)
+							sql_finalize_modify (l_sql)
 						end
 						err := err or has_error
 						reset_error
@@ -212,29 +241,34 @@ feature -- Helper
 			else
 				sql_commit_transaction
 			end
-			sql_finalize
 		end
 
 	sql_table_exists (a_table_name: READABLE_STRING_8): BOOLEAN
 			-- Does table `a_table_name' exists?
+		local
+			l_sql: STRING
 		do
 			reset_error
-			sql_query ("SELECT count(*) FROM " + a_table_name + " ;", Void)
+			l_sql := "SELECT count(*) FROM " + a_table_name + " ;"
+			sql_query (l_sql, Void)
 			Result := not has_error
 				-- FIXME: find better solution
-			sql_finalize
+			sql_finalize_query (l_sql)
 			reset_error
 		end
 
 	sql_table_items_count (a_table_name: READABLE_STRING_8): INTEGER_64
 			-- Number of items in table `a_table_name'?
+		local
+			l_sql: STRING
 		do
 			reset_error
-			sql_query ("SELECT count(*) FROM " + a_table_name + " ;", Void)
+			l_sql := "SELECT count(*) FROM " + a_table_name + " ;"
+			sql_query (l_sql, Void)
 			if not has_error then
 				Result := sql_read_integer_64 (1)
 			end
-			sql_finalize
+			sql_finalize_query (l_sql)
 		end
 
 feature -- Access		

src/service/cms_self_module_administration.e

@@ -0,0 +1,45 @@
+note
+	description: "Summary description for {CMS_SELF_MODULE_ADMINISTRATION}."
+	date: "$Date$"
+	revision: "$Revision$"
+
+class
+	CMS_SELF_MODULE_ADMINISTRATION [G -> CMS_MODULE]
+
+inherit
+	CMS_MODULE_ADMINISTRATION [G]
+		redefine
+			setup_hooks,
+			filters
+		end
+
+create
+	make
+
+feature -- Router
+
+	setup_administration_router (a_router: WSF_ROUTER; a_api: CMS_API)
+		do
+		end
+
+feature -- Filter
+
+	filters (a_api: CMS_API): detachable LIST [WSF_FILTER]
+			-- Optional list of filter for Current module.
+			-- (from CMS_MODULE)
+		do
+			Result := module.filters (a_api)
+		end
+
+feature -- Hooks configuration
+
+	setup_hooks (a_hooks: CMS_HOOK_CORE_MANAGER)
+			-- Module hooks configuration.
+		do
+			module.setup_hooks (a_hooks)
+		end
+
+note
+	copyright: "2011-2017, Jocelyn Fiat, Javier Velilla, Eiffel Software and others"
+	license: "Eiffel Forum License v2 (see http://www.eiffel.com/licensing/forum.txt)"
+end

tests/all-safe.ecf

@@ -1,3 +0,0 @@
-<?xml version="1.0" encoding="ISO-8859-1"?>
-<redirection xmlns="http://www.eiffel.com/developers/xml/configuration-1-16-0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.eiffel.com/developers/xml/configuration-1-16-0 http://www.eiffel.com/developers/xml/configuration-1-16-0.xsd" uuid="C8FBADFC-FC8D-43F4-AA09-55304BC9342A" message="Obsolete: use all.ecf !" location="all.ecf">
-</redirection>