Allow to login with username or email.
Removed useless and unimplemented feature from CMS_FORM . SCOOP is default for demo.ecf Made blog and page module self administrable, i.e administration module is same as module. This fixes the export hook for page and blog modules. Improved sql instructions to ease debugging and catch missing sql_finalize... call. Cleaned sql code.
This commit is contained in:
Jocelyn Fiat
@@ -17,6 +17,8 @@ inherit
|
||||
blog_api
|
||||
end
|
||||
|
||||
CMS_WITH_MODULE_ADMINISTRATION
|
||||
|
||||
CMS_HOOK_MENU_SYSTEM_ALTER
|
||||
|
||||
CMS_HOOK_RESPONSE_ALTER
|
||||
@@ -81,13 +83,21 @@ feature {CMS_API} -- Module management
|
||||
end
|
||||
end
|
||||
|
||||
feature {CMS_API} -- Access: API
|
||||
feature {CMS_API, CMS_MODULE} -- Access: API
|
||||
|
||||
blog_api: detachable CMS_BLOG_API
|
||||
-- <Precursor>
|
||||
|
||||
node_api: detachable CMS_NODE_API
|
||||
|
||||
feature {NONE} -- Administration
|
||||
|
||||
administration: CMS_SELF_MODULE_ADMINISTRATION [CMS_BLOG_MODULE]
|
||||
-- Administration module.
|
||||
do
|
||||
create Result.make (Current)
|
||||
end
|
||||
|
||||
feature -- Access: router
|
||||
|
||||
setup_router (a_router: WSF_ROUTER; a_api: CMS_API)
|
||||
|
||||
@@ -21,6 +21,8 @@ inherit
|
||||
|
||||
CMS_HOOK_IMPORT
|
||||
|
||||
CMS_WITH_MODULE_ADMINISTRATION
|
||||
|
||||
CMS_EXPORT_NODE_UTILITIES
|
||||
|
||||
CMS_IMPORT_NODE_UTILITIES
|
||||
@@ -114,6 +116,14 @@ feature {CMS_API} -- Module management
|
||||
end
|
||||
end
|
||||
|
||||
feature {NONE} -- Administration
|
||||
|
||||
administration: CMS_SELF_MODULE_ADMINISTRATION [CMS_PAGE_MODULE]
|
||||
-- Administration module.
|
||||
do
|
||||
create Result.make (Current)
|
||||
end
|
||||
|
||||
feature {CMS_API} -- Access: API
|
||||
|
||||
page_api: detachable CMS_PAGE_API
|
||||
|
||||
@@ -187,43 +187,75 @@ feature {NONE} -- Implementation: routes
|
||||
handle_login_with_session (api: CMS_API; a_session_api: CMS_SESSION_API; req: WSF_REQUEST; res: WSF_RESPONSE)
|
||||
local
|
||||
r: CMS_RESPONSE
|
||||
l_username, l_username_or_email, l_password: detachable READABLE_STRING_GENERAL
|
||||
l_user: detachable CMS_USER
|
||||
l_tmp_user: detachable CMS_TEMP_USER
|
||||
do
|
||||
if
|
||||
attached {WSF_STRING} req.form_parameter ("username") as l_username and then
|
||||
attached {WSF_STRING} req.form_parameter ("password") as l_password
|
||||
attached {WSF_STRING} req.form_parameter ("username") as p_username and then
|
||||
attached {WSF_STRING} req.form_parameter ("password") as p_password
|
||||
then
|
||||
if
|
||||
api.user_api.is_valid_credential (l_username.value, l_password.value) and then
|
||||
attached api.user_api.user_by_name (l_username.value) as l_user
|
||||
then
|
||||
a_session_api.process_user_login (l_user, req, res)
|
||||
|
||||
create {GENERIC_VIEW_CMS_RESPONSE} r.make (req, res, api)
|
||||
l_username_or_email := p_username.value
|
||||
l_password := p_password.value
|
||||
l_user := api.user_api.user_by_name (l_username_or_email)
|
||||
if l_user = Void then
|
||||
l_user := api.user_api.user_by_email (l_username_or_email)
|
||||
end
|
||||
if l_user = Void then
|
||||
l_tmp_user := api.user_api.temp_user_by_name (l_username_or_email)
|
||||
if l_tmp_user = Void then
|
||||
l_tmp_user := api.user_api.temp_user_by_email (l_username_or_email)
|
||||
end
|
||||
if
|
||||
attached {WSF_STRING} req.item ("destination") as p_destination and then
|
||||
attached p_destination.value as v and then
|
||||
v.is_valid_as_string_8
|
||||
l_tmp_user /= Void and then
|
||||
api.user_api.is_valid_temp_user_credential (l_tmp_user.name, l_password)
|
||||
then
|
||||
r.set_redirection (v.to_string_8)
|
||||
create {GENERIC_VIEW_CMS_RESPONSE} r.make (req, res, api)
|
||||
if attached smarty_template_login_block (req, Current, "login", api) as l_tpl_block then
|
||||
l_tpl_block.set_value (l_username_or_email, "username")
|
||||
l_tpl_block.set_value ("Error: Inactive account (or not yet validated)!", "error")
|
||||
r.add_block (l_tpl_block, "content")
|
||||
end
|
||||
else
|
||||
r.set_redirection ("")
|
||||
create {GENERIC_VIEW_CMS_RESPONSE} r.make (req, res, api)
|
||||
if attached smarty_template_login_block (req, Current, "login", api) as l_tpl_block then
|
||||
l_tpl_block.set_value (l_username_or_email, "username")
|
||||
l_tpl_block.set_value ("Wrong username or password ", "error")
|
||||
r.add_block (l_tpl_block, "content")
|
||||
end
|
||||
end
|
||||
else
|
||||
create {GENERIC_VIEW_CMS_RESPONSE} r.make (req, res, api)
|
||||
if attached smarty_template_login_block (req, Current, "login", api) as l_tpl_block then
|
||||
l_tpl_block.set_value (l_username.value, "username")
|
||||
l_tpl_block.set_value ("Wrong: Username or password ", "error")
|
||||
r.add_block (l_tpl_block, "content")
|
||||
l_username := l_user.name
|
||||
if api.user_api.is_valid_credential (l_username, l_password) then
|
||||
a_session_api.process_user_login (l_user, req, res)
|
||||
|
||||
create {GENERIC_VIEW_CMS_RESPONSE} r.make (req, res, api)
|
||||
if
|
||||
attached {WSF_STRING} req.item ("destination") as p_destination and then
|
||||
attached p_destination.value as v and then
|
||||
v.is_valid_as_string_8
|
||||
then
|
||||
r.set_redirection (v.to_string_8)
|
||||
else
|
||||
r.set_redirection ("")
|
||||
end
|
||||
else
|
||||
create {GENERIC_VIEW_CMS_RESPONSE} r.make (req, res, api)
|
||||
if attached smarty_template_login_block (req, Current, "login", api) as l_tpl_block then
|
||||
l_tpl_block.set_value (l_username_or_email, "username")
|
||||
l_tpl_block.set_value ("Wrong username or password ", "error")
|
||||
r.add_block (l_tpl_block, "content")
|
||||
end
|
||||
end
|
||||
end
|
||||
r.execute
|
||||
else
|
||||
create {BAD_REQUEST_ERROR_CMS_RESPONSE} r.make (req, res, api)
|
||||
if attached smarty_template_login_block (req, Current, "login", api) as l_tpl_block then
|
||||
if attached {WSF_STRING} req.form_parameter ("username") as l_username then
|
||||
l_tpl_block.set_value (l_username.value, "username")
|
||||
if attached {WSF_STRING} req.form_parameter ("username") as p_username then
|
||||
l_tpl_block.set_value (p_username.value, "username")
|
||||
end
|
||||
l_tpl_block.set_value ("Wrong: Username or password ", "error")
|
||||
l_tpl_block.set_value ("Wrong username or password ", "error")
|
||||
r.add_block (l_tpl_block, "content")
|
||||
end
|
||||
r.execute
|
||||
|
||||
@@ -41,7 +41,7 @@ feature -- Access User
|
||||
l_uid := 0
|
||||
end
|
||||
end
|
||||
sql_finalize
|
||||
sql_finalize_query (Select_user_id_by_token)
|
||||
if l_uid > 0 and attached api as l_cms_api then
|
||||
Result := l_cms_api.user_api.user_by_id (l_uid)
|
||||
end
|
||||
@@ -64,7 +64,7 @@ feature -- Access User
|
||||
Result := False
|
||||
end
|
||||
end
|
||||
sql_finalize
|
||||
sql_finalize_query (Select_user_token)
|
||||
end
|
||||
|
||||
feature -- Change User token
|
||||
@@ -82,8 +82,8 @@ feature -- Change User token
|
||||
l_parameters.put (create {DATE_TIME}.make_now_utc, "utc_date")
|
||||
sql_begin_transaction
|
||||
sql_insert (sql_insert_session_auth, l_parameters)
|
||||
sql_finalize_insert (sql_insert_session_auth)
|
||||
sql_commit_transaction
|
||||
sql_finalize
|
||||
end
|
||||
|
||||
update_user_session_auth (a_token: READABLE_STRING_GENERAL; a_user: CMS_USER)
|
||||
@@ -99,8 +99,8 @@ feature -- Change User token
|
||||
l_parameters.put (create {DATE_TIME}.make_now_utc, "utc_date")
|
||||
sql_begin_transaction
|
||||
sql_modify (sql_update_session_auth, l_parameters)
|
||||
sql_finalize_modify (sql_update_session_auth)
|
||||
sql_commit_transaction
|
||||
sql_finalize
|
||||
end
|
||||
|
||||
feature {NONE} -- SQL statements
|
||||
|
||||
Reference in New Issue
Block a user