backup/ROC
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Allow to login with username or email.

Browse Source 
Removed useless and unimplemented feature from CMS_FORM .
SCOOP is default for demo.ecf
Made blog and page module self administrable, i.e administration module is same as module.
This fixes the export hook for page and blog modules.
Improved sql instructions to ease debugging and catch missing sql_finalize... call.
Cleaned sql code.
This commit is contained in:
Jocelyn Fiat
2017-10-02 15:46:40 +02:00
parent 208a35cb73
commit 3088468332
20 changed files with 403 additions and 223 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
examples/demo/demo.ecf
View File

@@ -51,9 +51,6 @@
<library name="wsf_extension" location="$ISE_LIBRARY\contrib\library\web\framework\ewf\wsf\wsf_extension.ecf" readonly="false"/> <library name="wsf_extension" location="$ISE_LIBRARY\contrib\library\web\framework\ewf\wsf\wsf_extension.ecf" readonly="false"/>
</target> </target>
<target name="demo_any" extends="common"> <target name="demo_any" extends="common">
<capability>
<concurrency support="scoop" use="scoop"/>
</capability>
<library name="any_launcher" location="..\..\launcher\any.ecf" readonly="false"/> <library name="any_launcher" location="..\..\launcher\any.ecf" readonly="false"/>
<cluster name="src" location=".\src\" recursive="true"/> <cluster name="src" location=".\src\" recursive="true"/>
</target> </target>

23
library/persistence/sqlite3/src/cms_storage_sqlite3.e
View File

@@ -73,14 +73,25 @@ feature -- Execution
sql_begin_transaction sql_begin_transaction
-- Start a database transtaction. -- Start a database transtaction.
local
retried: BOOLEAN
do do
if transaction_depth = 0 then if retried then
sqlite.begin_transaction (False) -- Issue .. db locked?
end sql_rollback_transaction
transaction_depth := transaction_depth + 1 error_handler.add_custom_error (-1, "db error", "Unable to begin transaction..")
debug ("roc_storage") else
print ("# sql_begin_transaction (depth="+ transaction_depth.out +").%N") if transaction_depth = 0 then
sqlite.begin_transaction (False)
end
transaction_depth := transaction_depth + 1
debug ("roc_storage")
print ("# sql_begin_transaction (depth="+ transaction_depth.out +").%N")
end
end end
rescue
retried := True
retry
end end
sql_rollback_transaction sql_rollback_transaction

12
modules/blog/cms_blog_module.e
View File

@@ -17,6 +17,8 @@ inherit
blog_api blog_api
end end
CMS_WITH_MODULE_ADMINISTRATION
CMS_HOOK_MENU_SYSTEM_ALTER CMS_HOOK_MENU_SYSTEM_ALTER
CMS_HOOK_RESPONSE_ALTER CMS_HOOK_RESPONSE_ALTER
@@ -81,13 +83,21 @@ feature {CMS_API} -- Module management
end end
end end
feature {CMS_API} -- Access: API feature {CMS_API, CMS_MODULE} -- Access: API
blog_api: detachable CMS_BLOG_API blog_api: detachable CMS_BLOG_API
-- <Precursor> -- <Precursor>
node_api: detachable CMS_NODE_API node_api: detachable CMS_NODE_API
feature {NONE} -- Administration
administration: CMS_SELF_MODULE_ADMINISTRATION [CMS_BLOG_MODULE]
-- Administration module.
do
create Result.make (Current)
end
feature -- Access: router feature -- Access: router
setup_router (a_router: WSF_ROUTER; a_api: CMS_API) setup_router (a_router: WSF_ROUTER; a_api: CMS_API)

10
modules/node/submodules/page/cms_page_module.e
View File

@@ -21,6 +21,8 @@ inherit
CMS_HOOK_IMPORT CMS_HOOK_IMPORT
CMS_WITH_MODULE_ADMINISTRATION
CMS_EXPORT_NODE_UTILITIES CMS_EXPORT_NODE_UTILITIES
CMS_IMPORT_NODE_UTILITIES CMS_IMPORT_NODE_UTILITIES
@@ -114,6 +116,14 @@ feature {CMS_API} -- Module management
end end
end end
feature {NONE} -- Administration
administration: CMS_SELF_MODULE_ADMINISTRATION [CMS_PAGE_MODULE]
-- Administration module.
do
create Result.make (Current)
end
feature {CMS_API} -- Access: API feature {CMS_API} -- Access: API
page_api: detachable CMS_PAGE_API page_api: detachable CMS_PAGE_API

76
modules/session_auth/cms_session_auth_module.e
View File

@@ -187,43 +187,75 @@ feature {NONE} -- Implementation: routes
handle_login_with_session (api: CMS_API; a_session_api: CMS_SESSION_API; req: WSF_REQUEST; res: WSF_RESPONSE) handle_login_with_session (api: CMS_API; a_session_api: CMS_SESSION_API; req: WSF_REQUEST; res: WSF_RESPONSE)
local local
r: CMS_RESPONSE r: CMS_RESPONSE
l_username, l_username_or_email, l_password: detachable READABLE_STRING_GENERAL
l_user: detachable CMS_USER
l_tmp_user: detachable CMS_TEMP_USER
do do
if if
attached {WSF_STRING} req.form_parameter ("username") as l_username and then attached {WSF_STRING} req.form_parameter ("username") as p_username and then
attached {WSF_STRING} req.form_parameter ("password") as l_password attached {WSF_STRING} req.form_parameter ("password") as p_password
then then
if l_username_or_email := p_username.value
api.user_api.is_valid_credential (l_username.value, l_password.value) and then l_password := p_password.value
attached api.user_api.user_by_name (l_username.value) as l_user l_user := api.user_api.user_by_name (l_username_or_email)
then if l_user = Void then
a_session_api.process_user_login (l_user, req, res) l_user := api.user_api.user_by_email (l_username_or_email)
end
create {GENERIC_VIEW_CMS_RESPONSE} r.make (req, res, api) if l_user = Void then
l_tmp_user := api.user_api.temp_user_by_name (l_username_or_email)
if l_tmp_user = Void then
l_tmp_user := api.user_api.temp_user_by_email (l_username_or_email)
end
if if
attached {WSF_STRING} req.item ("destination") as p_destination and then l_tmp_user /= Void and then
attached p_destination.value as v and then api.user_api.is_valid_temp_user_credential (l_tmp_user.name, l_password)
v.is_valid_as_string_8
then then
r.set_redirection (v.to_string_8) create {GENERIC_VIEW_CMS_RESPONSE} r.make (req, res, api)
if attached smarty_template_login_block (req, Current, "login", api) as l_tpl_block then
l_tpl_block.set_value (l_username_or_email, "username")
l_tpl_block.set_value ("Error: Inactive account (or not yet validated)!", "error")
r.add_block (l_tpl_block, "content")
end
else else
r.set_redirection ("") create {GENERIC_VIEW_CMS_RESPONSE} r.make (req, res, api)
if attached smarty_template_login_block (req, Current, "login", api) as l_tpl_block then
l_tpl_block.set_value (l_username_or_email, "username")
l_tpl_block.set_value ("Wrong username or password ", "error")
r.add_block (l_tpl_block, "content")
end
end end
else else
create {GENERIC_VIEW_CMS_RESPONSE} r.make (req, res, api) l_username := l_user.name
if attached smarty_template_login_block (req, Current, "login", api) as l_tpl_block then if api.user_api.is_valid_credential (l_username, l_password) then
l_tpl_block.set_value (l_username.value, "username") a_session_api.process_user_login (l_user, req, res)
l_tpl_block.set_value ("Wrong: Username or password ", "error")
r.add_block (l_tpl_block, "content") create {GENERIC_VIEW_CMS_RESPONSE} r.make (req, res, api)
if
attached {WSF_STRING} req.item ("destination") as p_destination and then
attached p_destination.value as v and then
v.is_valid_as_string_8
then
r.set_redirection (v.to_string_8)
else
r.set_redirection ("")
end
else
create {GENERIC_VIEW_CMS_RESPONSE} r.make (req, res, api)
if attached smarty_template_login_block (req, Current, "login", api) as l_tpl_block then
l_tpl_block.set_value (l_username_or_email, "username")
l_tpl_block.set_value ("Wrong username or password ", "error")
r.add_block (l_tpl_block, "content")
end
end end
end end
r.execute r.execute
else else
create {BAD_REQUEST_ERROR_CMS_RESPONSE} r.make (req, res, api) create {BAD_REQUEST_ERROR_CMS_RESPONSE} r.make (req, res, api)
if attached smarty_template_login_block (req, Current, "login", api) as l_tpl_block then if attached smarty_template_login_block (req, Current, "login", api) as l_tpl_block then
if attached {WSF_STRING} req.form_parameter ("username") as l_username then if attached {WSF_STRING} req.form_parameter ("username") as p_username then
l_tpl_block.set_value (l_username.value, "username") l_tpl_block.set_value (p_username.value, "username")
end end
l_tpl_block.set_value ("Wrong: Username or password ", "error") l_tpl_block.set_value ("Wrong username or password ", "error")
r.add_block (l_tpl_block, "content") r.add_block (l_tpl_block, "content")
end end
r.execute r.execute

8
modules/session_auth/persistence/cms_session_auth_storage_sql.e
View File

@@ -41,7 +41,7 @@ feature -- Access User
l_uid := 0 l_uid := 0
end end
end end
sql_finalize sql_finalize_query (Select_user_id_by_token)
if l_uid > 0 and attached api as l_cms_api then if l_uid > 0 and attached api as l_cms_api then
Result := l_cms_api.user_api.user_by_id (l_uid) Result := l_cms_api.user_api.user_by_id (l_uid)
end end
@@ -64,7 +64,7 @@ feature -- Access User
Result := False Result := False
end end
end end
sql_finalize sql_finalize_query (Select_user_token)
end end
feature -- Change User token feature -- Change User token
@@ -82,8 +82,8 @@ feature -- Change User token
l_parameters.put (create {DATE_TIME}.make_now_utc, "utc_date") l_parameters.put (create {DATE_TIME}.make_now_utc, "utc_date")
sql_begin_transaction sql_begin_transaction
sql_insert (sql_insert_session_auth, l_parameters) sql_insert (sql_insert_session_auth, l_parameters)
sql_finalize_insert (sql_insert_session_auth)
sql_commit_transaction sql_commit_transaction
sql_finalize
end end
update_user_session_auth (a_token: READABLE_STRING_GENERAL; a_user: CMS_USER) update_user_session_auth (a_token: READABLE_STRING_GENERAL; a_user: CMS_USER)
@@ -99,8 +99,8 @@ feature -- Change User token
l_parameters.put (create {DATE_TIME}.make_now_utc, "utc_date") l_parameters.put (create {DATE_TIME}.make_now_utc, "utc_date")
sql_begin_transaction sql_begin_transaction
sql_modify (sql_update_session_auth, l_parameters) sql_modify (sql_update_session_auth, l_parameters)
sql_finalize_modify (sql_update_session_auth)
sql_commit_transaction sql_commit_transaction
sql_finalize
end end
feature {NONE} -- SQL statements feature {NONE} -- SQL statements

7
src/kernel/form/cms_form.e
View File

@@ -108,13 +108,6 @@ feature -- CMS response
end end
end end
feature -- Webapi processing
process_webapi_response ()
do
end
feature -- Helpers feature -- Helpers
extend_text_field (a_name: READABLE_STRING_8; a_text: detachable READABLE_STRING_GENERAL) extend_text_field (a_name: READABLE_STRING_8; a_text: detachable READABLE_STRING_GENERAL)

16
src/modules/core/cms_user_api.e
View File

@@ -235,7 +235,7 @@ feature -- Change User
feature -- Status report feature -- Status report
is_valid_credential (a_auth_login, a_auth_password: READABLE_STRING_32): BOOLEAN is_valid_credential (a_auth_login, a_auth_password: READABLE_STRING_GENERAL): BOOLEAN
-- Is the credentials `a_auth_login' and `a_auth_password' valid? -- Is the credentials `a_auth_login' and `a_auth_password' valid?
do do
Result := user_storage.is_valid_credential (a_auth_login, a_auth_password) Result := user_storage.is_valid_credential (a_auth_login, a_auth_password)
@@ -501,6 +501,12 @@ feature -- User status
feature -- Access - Temp User feature -- Access - Temp User
is_valid_temp_user_credential (a_auth_login, a_auth_password: READABLE_STRING_GENERAL): BOOLEAN
-- Is the credentials `a_auth_login' and `a_auth_password' valid?
do
Result := user_storage.is_valid_temp_user_credential (a_auth_login, a_auth_password)
end
temp_users_count: INTEGER temp_users_count: INTEGER
-- Number of pending users. -- Number of pending users.
--! to be accepted or rehected --! to be accepted or rehected
@@ -508,19 +514,19 @@ feature -- Access - Temp User
Result := user_storage.temp_users_count Result := user_storage.temp_users_count
end end
temp_user_by_name (a_username: READABLE_STRING_GENERAL): detachable CMS_USER temp_user_by_name (a_username: READABLE_STRING_GENERAL): detachable CMS_TEMP_USER
-- User by name `a_user_name', if any. -- User by name `a_user_name', if any.
do do
Result := user_storage.temp_user_by_name (a_username.as_string_32) Result := user_storage.temp_user_by_name (a_username)
end end
temp_user_by_email (a_email: READABLE_STRING_8): detachable CMS_USER temp_user_by_email (a_email: READABLE_STRING_GENERAL): detachable CMS_TEMP_USER
-- User by email `a_email', if any. -- User by email `a_email', if any.
do do
Result := user_storage.temp_user_by_email (a_email) Result := user_storage.temp_user_by_email (a_email)
end end
temp_user_by_activation_token (a_token: READABLE_STRING_32): detachable CMS_USER temp_user_by_activation_token (a_token: READABLE_STRING_32): detachable CMS_TEMP_USER
-- User by activation token `a_token'. -- User by activation token `a_token'.
do do
Result := user_storage.temp_user_by_activation_token (a_token) Result := user_storage.temp_user_by_activation_token (a_token)

8
src/modules/core/persistence/core/cms_core_storage_i.e
View File

@@ -68,13 +68,13 @@ feature -- Logs
feature -- Misc feature -- Misc
set_custom_value (a_name: READABLE_STRING_8; a_value: attached like custom_value; a_type: detachable READABLE_STRING_8) set_custom_value (a_name: READABLE_STRING_8; a_value: attached like custom_value; a_type: READABLE_STRING_8)
-- Save data `a_name:a_value' for type `a_type' (or default if none). -- Save data `a_name:a_value' for type `a_type'.
deferred deferred
end end
unset_custom_value (a_name: READABLE_STRING_8; a_type: detachable READABLE_STRING_8) unset_custom_value (a_name: READABLE_STRING_8; a_type: READABLE_STRING_8)
-- Delete data `a_name' for type `a_type' (or default if none). -- Delete data `a_name' for type `a_type'.
deferred deferred
end end

78
src/modules/core/persistence/core/cms_core_storage_sql_i.e
View File

@@ -53,7 +53,7 @@ feature -- URL aliases
end end
if l_continue then if l_continue then
sql_insert (sql_insert_path_alias, l_parameters) sql_insert (sql_insert_path_alias, l_parameters)
sql_finalize sql_finalize_insert (sql_insert_path_alias)
end end
end end
@@ -80,7 +80,7 @@ feature -- URL aliases
l_parameters.put (a_alias, "alias") l_parameters.put (a_alias, "alias")
sql_modify (sql_update_path_alias, l_parameters) sql_modify (sql_update_path_alias, l_parameters)
sql_finalize sql_finalize_modify (sql_update_path_alias)
end end
end end
@@ -97,7 +97,7 @@ feature -- URL aliases
create l_parameters.make (1) create l_parameters.make (1)
l_parameters.put (a_alias, "alias") l_parameters.put (a_alias, "alias")
sql_modify (sql_delete_path_alias, l_parameters) sql_modify (sql_delete_path_alias, l_parameters)
sql_finalize sql_finalize_modify (sql_delete_path_alias)
else else
error_handler.add_custom_error (0, "alias mismatch", "Path alias %"" + a_alias + "%" is not related to source %"" + a_source + "%"!") error_handler.add_custom_error (0, "alias mismatch", "Path alias %"" + a_alias + "%" is not related to source %"" + a_source + "%"!")
end end
@@ -120,7 +120,7 @@ feature -- URL aliases
sql_forth sql_forth
check one_row: sql_after end check one_row: sql_after end
end end
sql_finalize sql_finalize_query (sql_select_path_source)
end end
source_of_path_alias (a_alias: READABLE_STRING_GENERAL): detachable READABLE_STRING_8 source_of_path_alias (a_alias: READABLE_STRING_GENERAL): detachable READABLE_STRING_8
@@ -139,7 +139,7 @@ feature -- URL aliases
check one_row: sql_after end check one_row: sql_after end
end end
end end
sql_finalize sql_finalize_query (sql_select_path_alias)
end end
path_aliases: STRING_TABLE [READABLE_STRING_8] path_aliases: STRING_TABLE [READABLE_STRING_8]
@@ -165,7 +165,7 @@ feature -- URL aliases
sql_forth sql_forth
end end
end end
sql_finalize sql_finalize_query (sql_select_all_path_alias)
end end
sql_select_all_path_alias: STRING = "SELECT source, alias, lang FROM path_aliases ORDER BY pid DESC;" sql_select_all_path_alias: STRING = "SELECT source, alias, lang FROM path_aliases ORDER BY pid DESC;"
@@ -218,7 +218,7 @@ feature -- Logs
end end
l_parameters.put (now, "date") l_parameters.put (now, "date")
sql_insert (sql_insert_log, l_parameters) sql_insert (sql_insert_log, l_parameters)
sql_finalize sql_finalize_insert (sql_insert_log)
end end
logs (a_category: detachable READABLE_STRING_GENERAL; a_lower: INTEGER; a_count: INTEGER): ARRAYED_LIST [CMS_LOG] logs (a_category: detachable READABLE_STRING_GENERAL; a_lower: INTEGER; a_count: INTEGER): ARRAYED_LIST [CMS_LOG]
@@ -262,7 +262,7 @@ feature -- Logs
end end
sql_forth sql_forth
end end
sql_finalize sql_finalize_query (l_sql)
end end
fetch_log: detachable CMS_LOG fetch_log: detachable CMS_LOG
@@ -311,7 +311,7 @@ feature -- Logs
feature -- Misc feature -- Misc
set_custom_value (a_name: READABLE_STRING_8; a_value: attached like custom_value; a_type: detachable READABLE_STRING_8) set_custom_value (a_name: READABLE_STRING_8; a_value: attached like custom_value; a_type: READABLE_STRING_8)
-- <Precursor> -- <Precursor>
local local
l_parameters: STRING_TABLE [detachable ANY] l_parameters: STRING_TABLE [detachable ANY]
@@ -319,45 +319,29 @@ feature -- Misc
error_handler.reset error_handler.reset
create l_parameters.make (3) create l_parameters.make (3)
if a_type /= Void then l_parameters.put (a_type, "type")
l_parameters.put (a_type, "type")
else
l_parameters.put (a_type, "default")
end
l_parameters.put (a_name, "name") l_parameters.put (a_name, "name")
l_parameters.put (a_value, "value") l_parameters.put (a_value, "value")
sql_begin_transaction
if attached custom_value (a_name, a_type) as l_value then if attached custom_value (a_name, a_type) as l_value then
if a_value.same_string (l_value) then if a_value.same_string (l_value) then
-- already up to date -- already up to date
else else
sql_modify (sql_update_custom_value, l_parameters) sql_modify (sql_update_custom_value, l_parameters)
sql_finalize sql_finalize_modify (sql_update_custom_value)
end end
else else
sql_insert (sql_insert_custom_value, l_parameters) sql_insert (sql_insert_custom_value, l_parameters)
sql_finalize sql_finalize_insert (sql_insert_custom_value)
end end
end if has_error then
sql_rollback_transaction
unset_custom_value (a_name: READABLE_STRING_8; a_type: detachable READABLE_STRING_8)
-- <Precursor>
local
l_parameters: STRING_TABLE [detachable ANY]
do
error_handler.reset
create l_parameters.make (3)
if a_type /= Void then
l_parameters.put (a_type, "type")
else else
l_parameters.put (a_type, "default") sql_commit_transaction
end end
l_parameters.put (a_name, "name")
sql_modify (sql_delete_custom_value, l_parameters)
sql_finalize
end end
custom_value (a_name: READABLE_STRING_GENERAL; a_type: detachable READABLE_STRING_8): detachable READABLE_STRING_32 unset_custom_value (a_name: READABLE_STRING_8; a_type: READABLE_STRING_8)
-- <Precursor> -- <Precursor>
local local
l_parameters: STRING_TABLE [detachable ANY] l_parameters: STRING_TABLE [detachable ANY]
@@ -365,11 +349,21 @@ feature -- Misc
error_handler.reset error_handler.reset
create l_parameters.make (2) create l_parameters.make (2)
if a_type /= Void then l_parameters.put (a_type, "type")
l_parameters.put (a_type, "type") l_parameters.put (a_name, "name")
else sql_delete (sql_delete_custom_value, l_parameters)
l_parameters.put (a_type, "default") sql_finalize_delete (sql_delete_custom_value)
end end
custom_value (a_name: READABLE_STRING_GENERAL; a_type: READABLE_STRING_8): detachable READABLE_STRING_32
-- <Precursor>
local
l_parameters: STRING_TABLE [detachable ANY]
do
error_handler.reset
create l_parameters.make (2)
l_parameters.put (a_type, "type")
l_parameters.put (a_name, "name") l_parameters.put (a_name, "name")
sql_query (sql_select_custom_value, l_parameters) sql_query (sql_select_custom_value, l_parameters)
if not has_error and not sql_after then if not has_error and not sql_after then
@@ -377,16 +371,16 @@ feature -- Misc
sql_forth sql_forth
check one_row: sql_after end check one_row: sql_after end
end end
sql_finalize sql_finalize_query (sql_select_custom_value)
end end
custom_values: detachable LIST [TUPLE [name: READABLE_STRING_GENERAL; type: detachable READABLE_STRING_8; value: detachable READABLE_STRING_32]] custom_values: detachable LIST [TUPLE [name: READABLE_STRING_GENERAL; type: READABLE_STRING_8; value: detachable READABLE_STRING_32]]
-- Values as list of [name, type, value]. -- Values as list of [name, type, value].
local local
l_type, l_name: READABLE_STRING_8 l_type, l_name: READABLE_STRING_8
do do
error_handler.reset error_handler.reset
create {ARRAYED_LIST [TUPLE [name: READABLE_STRING_GENERAL; type: detachable READABLE_STRING_8; value: detachable READABLE_STRING_32]]} Result.make (5) create {ARRAYED_LIST [TUPLE [name: READABLE_STRING_GENERAL; type: READABLE_STRING_8; value: detachable READABLE_STRING_32]]} Result.make (5)
sql_query (sql_select_all_custom_values, Void) sql_query (sql_select_all_custom_values, Void)
if not has_error then if not has_error then
from from
@@ -406,7 +400,7 @@ feature -- Misc
sql_forth sql_forth
end end
end end
sql_finalize sql_finalize_query (sql_select_all_custom_values)
end end
sql_select_all_custom_values: STRING = "SELECT type, name, value FROM custom_values;" sql_select_all_custom_values: STRING = "SELECT type, name, value FROM custom_values;"

15
src/modules/core/persistence/user/cms_user_storage_i.e
View File

@@ -70,7 +70,7 @@ feature -- Access
password: Result /= Void implies (Result.hashed_password /= Void and Result.password = Void) password: Result /= Void implies (Result.hashed_password /= Void and Result.password = Void)
end end
is_valid_credential (a_u, a_p: READABLE_STRING_32): BOOLEAN is_valid_credential (a_u, a_p: READABLE_STRING_GENERAL): BOOLEAN
-- Does account with username `a_username' and password `a_password' exist? -- Does account with username `a_username' and password `a_password' exist?
deferred deferred
end end
@@ -212,18 +212,23 @@ feature -- Change: User password recovery
feature -- Access: Temp Users feature -- Access: Temp Users
is_valid_temp_user_credential (a_u, a_p: READABLE_STRING_GENERAL): BOOLEAN
-- Does temp account with username `a_username' and password `a_password' exist?
deferred
end
temp_users_count: INTEGER temp_users_count: INTEGER
-- Number of pending users -- Number of pending users
--! to be accepted or rejected --! to be accepted or rejected
deferred deferred
end end
temp_user_by_id (a_uid: like {CMS_USER}.id; a_consumer_table: READABLE_STRING_GENERAL): detachable CMS_USER temp_user_by_id (a_uid: like {CMS_USER}.id; a_consumer_table: READABLE_STRING_GENERAL): detachable CMS_TEMP_USER
-- Retrieve a temporal user by id `a_uid' for the consumer `a_consumer', if aby. -- Retrieve a temporal user by id `a_uid' for the consumer `a_consumer', if aby.
deferred deferred
end end
temp_user_by_name (a_name: like {CMS_USER}.name): detachable CMS_USER temp_user_by_name (a_name: READABLE_STRING_GENERAL): detachable CMS_TEMP_USER
-- User with name `a_name', if any. -- User with name `a_name', if any.
require require
a_name /= Void and then not a_name.is_empty a_name /= Void and then not a_name.is_empty
@@ -233,7 +238,7 @@ feature -- Access: Temp Users
password: Result /= Void implies (Result.hashed_password /= Void and Result.password = Void) password: Result /= Void implies (Result.hashed_password /= Void and Result.password = Void)
end end
temp_user_by_email (a_email: like {CMS_USER}.email): detachable CMS_USER temp_user_by_email (a_email: READABLE_STRING_GENERAL): detachable CMS_TEMP_USER
-- User with name `a_email', if any. -- User with name `a_email', if any.
deferred deferred
ensure ensure
@@ -241,7 +246,7 @@ feature -- Access: Temp Users
password: Result /= Void implies (Result.hashed_password /= Void and Result.password = Void) password: Result /= Void implies (Result.hashed_password /= Void and Result.password = Void)
end end
temp_user_by_activation_token (a_token: READABLE_STRING_32): detachable CMS_USER temp_user_by_activation_token (a_token: READABLE_STRING_GENERAL): detachable CMS_TEMP_USER
-- User with activation token `a_token', if any. -- User with activation token `a_token', if any.
deferred deferred
ensure ensure

15
src/modules/core/persistence/user/cms_user_storage_null.e
View File

@@ -41,7 +41,7 @@ feature -- Access: user
do do
end end
is_valid_credential (l_auth_login, l_auth_password: READABLE_STRING_32): BOOLEAN is_valid_credential (l_auth_login, l_auth_password: READABLE_STRING_GENERAL): BOOLEAN
do do
end end
@@ -147,27 +147,31 @@ feature -- Change: User password recovery
feature -- Access: Users feature -- Access: Users
is_valid_temp_user_credential (l_auth_login, l_auth_password: READABLE_STRING_GENERAL): BOOLEAN
do
end
temp_users_count: INTEGER temp_users_count: INTEGER
-- <Precursor> -- <Precursor>
do do
end end
temp_user_by_id (a_uid: like {CMS_USER}.id; a_consumer_table: READABLE_STRING_GENERAL): detachable CMS_USER temp_user_by_id (a_uid: like {CMS_USER}.id; a_consumer_table: READABLE_STRING_GENERAL): detachable CMS_TEMP_USER
-- <Precursor> -- <Precursor>
do do
end end
temp_user_by_name (a_name: like {CMS_USER}.name): detachable CMS_USER temp_user_by_name (a_name: READABLE_STRING_GENERAL): detachable CMS_TEMP_USER
-- <Precursor> -- <Precursor>
do do
end end
temp_user_by_email (a_email: like {CMS_USER}.email): detachable CMS_USER temp_user_by_email (a_email: READABLE_STRING_GENERAL): detachable CMS_TEMP_USER
-- <Precursor> -- <Precursor>
do do
end end
temp_user_by_activation_token (a_token: READABLE_STRING_32): detachable CMS_USER temp_user_by_activation_token (a_token: READABLE_STRING_GENERAL): detachable CMS_TEMP_USER
-- <Precursor> -- <Precursor>
do do
end end
@@ -190,7 +194,6 @@ feature -- Temp Users
do do
end end
remove_activation (a_token: READABLE_STRING_GENERAL) remove_activation (a_token: READABLE_STRING_GENERAL)
-- <Precursor>. -- <Precursor>.
do do

219
src/modules/core/persistence/user/cms_user_storage_sql_i.e
View File

@@ -35,7 +35,7 @@ feature -- Access: user
sql_forth sql_forth
check one_row: sql_after end check one_row: sql_after end
end end
sql_finalize sql_finalize_query (select_users_count)
end end
users: LIST [CMS_USER] users: LIST [CMS_USER]
@@ -45,8 +45,8 @@ feature -- Access: user
error_handler.reset error_handler.reset
write_information_log (generator + ".all_users") write_information_log (generator + ".all_users")
sql_query (select_users, Void)
from from
sql_query (select_users, Void)
sql_start sql_start
until until
sql_after or has_error sql_after or has_error
@@ -56,7 +56,7 @@ feature -- Access: user
end end
sql_forth sql_forth
end end
sql_finalize sql_finalize_query (select_users)
end end
user_by_id (a_id: like {CMS_USER}.id): detachable CMS_USER user_by_id (a_id: like {CMS_USER}.id): detachable CMS_USER
@@ -74,7 +74,7 @@ feature -- Access: user
sql_forth sql_forth
check one_row: sql_after end check one_row: sql_after end
end end
sql_finalize sql_finalize_query (select_user_by_id)
end end
user_by_name (a_name: READABLE_STRING_GENERAL): detachable CMS_USER user_by_name (a_name: READABLE_STRING_GENERAL): detachable CMS_USER
@@ -92,7 +92,7 @@ feature -- Access: user
sql_forth sql_forth
check one_row: sql_after end check one_row: sql_after end
end end
sql_finalize sql_finalize_query (select_user_by_name)
end end
user_by_email (a_email: READABLE_STRING_GENERAL): detachable CMS_USER user_by_email (a_email: READABLE_STRING_GENERAL): detachable CMS_USER
@@ -110,7 +110,7 @@ feature -- Access: user
sql_forth sql_forth
check one_row: sql_after end check one_row: sql_after end
end end
sql_finalize sql_finalize_query (select_user_by_email)
end end
user_by_activation_token (a_token: READABLE_STRING_32): detachable CMS_USER user_by_activation_token (a_token: READABLE_STRING_32): detachable CMS_USER
@@ -128,7 +128,7 @@ feature -- Access: user
sql_forth sql_forth
check one_row: sql_after end check one_row: sql_after end
end end
sql_finalize sql_finalize_query (select_user_by_activation_token)
end end
user_by_password_token (a_token: READABLE_STRING_32): detachable CMS_USER user_by_password_token (a_token: READABLE_STRING_32): detachable CMS_USER
@@ -146,26 +146,26 @@ feature -- Access: user
sql_forth sql_forth
check one_row: sql_after end check one_row: sql_after end
end end
sql_finalize sql_finalize_query (select_user_by_password_token)
end end
is_valid_credential (l_auth_login, l_auth_password: READABLE_STRING_32): BOOLEAN is_valid_credential (a_auth_login, a_auth_password: READABLE_STRING_GENERAL): BOOLEAN
local local
l_security: SECURITY_PROVIDER l_security: SECURITY_PROVIDER
do do
if attached user_salt (l_auth_login) as l_hash then if attached user_salt (a_auth_login) as l_hash then
if attached user_by_name (l_auth_login) as l_user then if attached user_by_name (a_auth_login) as l_user then
create l_security create l_security
if if
attached l_user.hashed_password as l_hashed_password and then attached l_user.hashed_password as l_hashed_password and then
l_security.password_hash (l_auth_password, l_hash).is_case_insensitive_equal (l_hashed_password) l_security.password_hash (a_auth_password, l_hash).is_case_insensitive_equal (l_hashed_password)
then then
Result := True Result := True
else else
write_information_log (generator + ".is_valid_credential User: wrong username or password" ) write_information_log (generator + ".is_valid_credential User: wrong username or password" )
end end
else else
write_information_log (generator + ".is_valid_credential User:" + l_auth_login + "does not exist" ) write_information_log (generator + ".is_valid_credential User:" + a_auth_login + "does not exist" )
end end
end end
end end
@@ -180,11 +180,11 @@ feature -- Access: user
error_handler.reset error_handler.reset
write_information_log (generator + ".recent_users") write_information_log (generator + ".recent_users")
create l_parameters.make (2)
l_parameters.put (a_count, "rows")
l_parameters.put (a_lower, "offset")
sql_query (sql_select_recent_users, l_parameters)
from from
create l_parameters.make (2)
l_parameters.put (a_count, "rows")
l_parameters.put (a_lower, "offset")
sql_query (sql_select_recent_users, l_parameters)
sql_start sql_start
until until
sql_after sql_after
@@ -194,7 +194,7 @@ feature -- Access: user
end end
sql_forth sql_forth
end end
sql_finalize sql_finalize_query (sql_select_recent_users)
end end
feature -- Change: user feature -- Change: user
@@ -231,12 +231,12 @@ feature -- Change: user
a_user.set_id (last_inserted_user_id) a_user.set_id (last_inserted_user_id)
update_user_roles (a_user) update_user_roles (a_user)
end end
sql_finalize_insert (sql_insert_user)
if not error_handler.has_error then if not error_handler.has_error then
sql_commit_transaction sql_commit_transaction
else else
sql_rollback_transaction sql_rollback_transaction
end end
sql_finalize
else else
-- set error -- set error
error_handler.add_custom_error (-1, "bad request" , "Missing password or email") error_handler.add_custom_error (-1, "bad request" , "Missing password or email")
@@ -274,7 +274,7 @@ feature -- Change: user
l_parameters.put (l_password_salt, "salt") l_parameters.put (l_password_salt, "salt")
sql_modify (sql_update_user_name, l_parameters) sql_modify (sql_update_user_name, l_parameters)
sql_finalize sql_finalize_modify (sql_update_user_name)
if not error_handler.has_error then if not error_handler.has_error then
a_user.set_name (a_new_username) a_user.set_name (a_new_username)
update_user_roles (a_user) update_user_roles (a_user)
@@ -284,7 +284,6 @@ feature -- Change: user
else else
sql_rollback_transaction sql_rollback_transaction
end end
sql_finalize
else else
-- set error -- set error
error_handler.add_custom_error (-1, "bad request" , "Missing password or email") error_handler.add_custom_error (-1, "bad request" , "Missing password or email")
@@ -327,7 +326,7 @@ feature -- Change: user
l_parameters.put (a_user.profile_name, "profile_name") l_parameters.put (a_user.profile_name, "profile_name")
sql_modify (sql_update_user, l_parameters) sql_modify (sql_update_user, l_parameters)
sql_finalize sql_finalize_modify (sql_update_user)
if not error_handler.has_error then if not error_handler.has_error then
update_user_roles (a_user) update_user_roles (a_user)
end end
@@ -336,7 +335,6 @@ feature -- Change: user
else else
sql_rollback_transaction sql_rollback_transaction
end end
sql_finalize
else else
-- set error -- set error
error_handler.add_custom_error (-1, "bad request" , "Missing password or email") error_handler.add_custom_error (-1, "bad request" , "Missing password or email")
@@ -353,9 +351,9 @@ feature -- Change: user
write_information_log (generator + ".delete_user") write_information_log (generator + ".delete_user")
create l_parameters.make (1) create l_parameters.make (1)
l_parameters.put (a_user.id, "uid") l_parameters.put (a_user.id, "uid")
sql_modify (sql_delete_user, l_parameters) sql_delete (sql_delete_user, l_parameters)
sql_finalize_delete (sql_delete_user)
sql_commit_transaction sql_commit_transaction
sql_finalize
end end
feature -- Change: roles feature -- Change: roles
@@ -413,7 +411,6 @@ feature -- Change: roles
else else
sql_rollback_transaction sql_rollback_transaction
end end
sql_finalize
end end
assign_role_to_user (a_role: CMS_USER_ROLE; a_user: CMS_USER) assign_role_to_user (a_role: CMS_USER_ROLE; a_user: CMS_USER)
@@ -424,7 +421,7 @@ feature -- Change: roles
l_parameters.put (a_user.id, "uid") l_parameters.put (a_user.id, "uid")
l_parameters.put (a_role.id, "rid") l_parameters.put (a_role.id, "rid")
sql_insert (sql_insert_role_to_user, l_parameters) sql_insert (sql_insert_role_to_user, l_parameters)
sql_finalize sql_finalize_insert (sql_insert_role_to_user)
end end
unassign_role_from_user (a_role: CMS_USER_ROLE; a_user: CMS_USER) unassign_role_from_user (a_role: CMS_USER_ROLE; a_user: CMS_USER)
@@ -434,8 +431,8 @@ feature -- Change: roles
create l_parameters.make (2) create l_parameters.make (2)
l_parameters.put (a_user.id, "uid") l_parameters.put (a_user.id, "uid")
l_parameters.put (a_role.id, "rid") l_parameters.put (a_role.id, "rid")
sql_modify (sql_delete_role_from_user, l_parameters) sql_delete (sql_delete_role_from_user, l_parameters)
sql_finalize sql_finalize_delete (sql_delete_role_from_user)
end end
feature -- Access: roles and permissions feature -- Access: roles and permissions
@@ -453,12 +450,11 @@ feature -- Access: roles and permissions
Result := fetch_user_role Result := fetch_user_role
sql_forth sql_forth
check one_row: sql_after end check one_row: sql_after end
sql_finalize
if Result /= Void and not has_error then
fill_user_role (Result)
end
end end
sql_finalize sql_finalize_query (select_user_role_by_id)
if Result /= Void and not has_error then
fill_user_role (Result)
end
end end
user_role_by_name (a_name: READABLE_STRING_GENERAL): detachable CMS_USER_ROLE user_role_by_name (a_name: READABLE_STRING_GENERAL): detachable CMS_USER_ROLE
@@ -475,12 +471,11 @@ feature -- Access: roles and permissions
Result := fetch_user_role Result := fetch_user_role
sql_forth sql_forth
check one_row: sql_after end check one_row: sql_after end
sql_finalize
if Result /= Void and not has_error then
fill_user_role (Result)
end
end end
sql_finalize sql_finalize_query (select_user_role_by_name)
if Result /= Void and not has_error then
fill_user_role (Result)
end
end end
user_roles_for (a_user: CMS_USER): LIST [CMS_USER_ROLE] user_roles_for (a_user: CMS_USER): LIST [CMS_USER_ROLE]
@@ -491,10 +486,10 @@ feature -- Access: roles and permissions
write_information_log (generator + ".user_roles_for") write_information_log (generator + ".user_roles_for")
create {ARRAYED_LIST [CMS_USER_ROLE]} Result.make (0) create {ARRAYED_LIST [CMS_USER_ROLE]} Result.make (0)
create l_parameters.make (1)
l_parameters.put (a_user.id, "uid")
sql_query (select_user_roles_by_user_id, l_parameters)
from from
create l_parameters.make (1)
l_parameters.put (a_user.id, "uid")
sql_query (select_user_roles_by_user_id, l_parameters)
sql_start sql_start
until until
sql_after sql_after
@@ -504,7 +499,7 @@ feature -- Access: roles and permissions
end end
sql_forth sql_forth
end end
sql_finalize sql_finalize_query (select_user_roles_by_user_id)
if not has_error then if not has_error then
across Result as ic loop across Result as ic loop
fill_user_role (ic.item) fill_user_role (ic.item)
@@ -520,8 +515,8 @@ feature -- Access: roles and permissions
write_information_log (generator + ".user_roles") write_information_log (generator + ".user_roles")
create {ARRAYED_LIST [CMS_USER_ROLE]} Result.make (0) create {ARRAYED_LIST [CMS_USER_ROLE]} Result.make (0)
sql_query (select_user_roles, Void)
from from
sql_query (select_user_roles, Void)
sql_start sql_start
until until
sql_after sql_after
@@ -532,7 +527,7 @@ feature -- Access: roles and permissions
end end
sql_forth sql_forth
end end
sql_finalize sql_finalize_query (select_user_roles)
if not has_error then if not has_error then
across Result as ic loop across Result as ic loop
fill_user_role (ic.item) fill_user_role (ic.item)
@@ -561,10 +556,10 @@ feature -- Access: roles and permissions
write_information_log (generator + ".role_permissions_by_id") write_information_log (generator + ".role_permissions_by_id")
create {ARRAYED_LIST [READABLE_STRING_8]} Result.make (0) create {ARRAYED_LIST [READABLE_STRING_8]} Result.make (0)
create l_parameters.make (1)
l_parameters.put (a_role_id, "rid")
sql_query (select_role_permissions_by_role_id, l_parameters)
from from
create l_parameters.make (1)
l_parameters.put (a_role_id, "rid")
sql_query (select_role_permissions_by_role_id, l_parameters)
sql_start sql_start
until until
sql_after or has_error sql_after or has_error
@@ -576,7 +571,7 @@ feature -- Access: roles and permissions
-- end -- end
sql_forth sql_forth
end end
sql_finalize sql_finalize_query (select_role_permissions_by_role_id)
end end
role_permissions: LIST [READABLE_STRING_8] role_permissions: LIST [READABLE_STRING_8]
@@ -587,8 +582,8 @@ feature -- Access: roles and permissions
create {ARRAYED_LIST [READABLE_STRING_8]} Result.make (0) create {ARRAYED_LIST [READABLE_STRING_8]} Result.make (0)
Result.compare_objects Result.compare_objects
sql_query (select_role_permissions, Void)
from from
sql_query (select_role_permissions, Void)
sql_start sql_start
until until
sql_after or has_error sql_after or has_error
@@ -598,7 +593,7 @@ feature -- Access: roles and permissions
end end
sql_forth sql_forth
end end
sql_finalize sql_finalize_query (select_role_permissions)
end end
feature -- Change: roles and permissions feature -- Change: roles and permissions
@@ -628,7 +623,7 @@ feature -- Change: roles and permissions
l_parameters.put (a_user_role.id, "rid") l_parameters.put (a_user_role.id, "rid")
l_parameters.put (a_user_role.name, "name") l_parameters.put (a_user_role.name, "name")
sql_modify (sql_update_user_role, l_parameters) sql_modify (sql_update_user_role, l_parameters)
sql_finalize sql_finalize_modify (sql_update_user_role)
end end
if not a_user_role.permissions.is_empty then if not a_user_role.permissions.is_empty then
-- FIXME: check if this is non set permissions,or none ... -- FIXME: check if this is non set permissions,or none ...
@@ -675,7 +670,7 @@ feature -- Change: roles and permissions
create l_parameters.make (1) create l_parameters.make (1)
l_parameters.put (a_user_role.name, "name") l_parameters.put (a_user_role.name, "name")
sql_insert (sql_insert_user_role, l_parameters) sql_insert (sql_insert_user_role, l_parameters)
sql_finalize sql_finalize_insert (sql_insert_user_role)
if not error_handler.has_error then if not error_handler.has_error then
a_user_role.set_id (last_inserted_user_role_id) a_user_role.set_id (last_inserted_user_role_id)
across across
@@ -699,7 +694,7 @@ feature -- Change: roles and permissions
l_parameters.put (a_permission, "permission") l_parameters.put (a_permission, "permission")
l_parameters.put (Void, "module") -- FIXME: unsupported for now! l_parameters.put (Void, "module") -- FIXME: unsupported for now!
sql_insert (sql_insert_user_role_permission, l_parameters) sql_insert (sql_insert_user_role_permission, l_parameters)
sql_finalize sql_finalize_insert (sql_insert_user_role_permission)
end end
unset_permission_for_role_id (a_permission: READABLE_STRING_8; a_role_id: INTEGER) unset_permission_for_role_id (a_permission: READABLE_STRING_8; a_role_id: INTEGER)
@@ -713,8 +708,8 @@ feature -- Change: roles and permissions
create l_parameters.make (2) create l_parameters.make (2)
l_parameters.put (a_role_id, "rid") l_parameters.put (a_role_id, "rid")
l_parameters.put (a_permission, "permission") l_parameters.put (a_permission, "permission")
sql_modify (sql_delete_user_role_permission, l_parameters) sql_delete (sql_delete_user_role_permission, l_parameters)
sql_finalize sql_finalize_delete (sql_delete_user_role_permission)
end end
last_inserted_user_role_id: INTEGER_32 last_inserted_user_role_id: INTEGER_32
@@ -728,7 +723,7 @@ feature -- Change: roles and permissions
sql_forth sql_forth
check one_row: sql_after end check one_row: sql_after end
end end
sql_finalize sql_finalize_query (sql_last_insert_user_role_id)
end end
@@ -742,11 +737,11 @@ feature -- Change: roles and permissions
write_information_log (generator + ".delete_role") write_information_log (generator + ".delete_role")
create l_parameters.make (1) create l_parameters.make (1)
l_parameters.put (a_role.id, "rid") l_parameters.put (a_role.id, "rid")
sql_modify (sql_delete_role_permissions_by_role_id, l_parameters) sql_delete (sql_delete_role_permissions_by_role_id, l_parameters)
sql_finalize sql_finalize_delete (sql_delete_role_permissions_by_role_id)
sql_modify (sql_delete_role_by_id, l_parameters) sql_delete (sql_delete_role_by_id, l_parameters)
sql_finalize_delete (sql_delete_role_by_id)
sql_commit_transaction sql_commit_transaction
sql_finalize
end end
@@ -767,7 +762,7 @@ feature -- Access: User activation
sql_forth sql_forth
check one_row: sql_after end check one_row: sql_after end
end end
sql_finalize sql_finalize_query (sql_select_activation_expiration)
end end
user_id_by_activation (a_token: READABLE_STRING_32): INTEGER_64 user_id_by_activation (a_token: READABLE_STRING_32): INTEGER_64
@@ -785,7 +780,7 @@ feature -- Access: User activation
sql_forth sql_forth
check one_row: sql_after end check one_row: sql_after end
end end
sql_finalize sql_finalize_query (sql_select_userid_activation)
end end
feature -- Change: User activation feature -- Change: User activation
@@ -805,8 +800,8 @@ feature -- Change: User activation
l_parameters.put (a_id, "uid") l_parameters.put (a_id, "uid")
l_parameters.put (l_utc_date, "utc_date") l_parameters.put (l_utc_date, "utc_date")
sql_insert (sql_insert_activation, l_parameters) sql_insert (sql_insert_activation, l_parameters)
sql_finalize_insert (sql_insert_activation)
sql_commit_transaction sql_commit_transaction
sql_finalize
end end
feature -- Change: User password recovery feature -- Change: User password recovery
@@ -826,8 +821,8 @@ feature -- Change: User password recovery
l_parameters.put (a_id, "uid") l_parameters.put (a_id, "uid")
l_parameters.put (l_utc_date, "utc_date") l_parameters.put (l_utc_date, "utc_date")
sql_insert (sql_insert_password, l_parameters) sql_insert (sql_insert_password, l_parameters)
sql_finalize_insert (sql_insert_password)
sql_commit_transaction sql_commit_transaction
sql_finalize
end end
remove_password (a_token: READABLE_STRING_32) remove_password (a_token: READABLE_STRING_32)
@@ -841,13 +836,13 @@ feature -- Change: User password recovery
create l_parameters.make (1) create l_parameters.make (1)
l_parameters.put (a_token, "token") l_parameters.put (a_token, "token")
sql_modify (sql_remove_password, l_parameters) sql_modify (sql_remove_password, l_parameters)
sql_finalize_modify (sql_remove_password)
sql_commit_transaction sql_commit_transaction
sql_finalize
end end
feature {NONE} -- Implementation: User feature {NONE} -- Implementation: User
user_salt (a_username: READABLE_STRING_32): detachable READABLE_STRING_8 user_salt (a_username: READABLE_STRING_GENERAL): detachable READABLE_STRING_8
-- User salt for the given user `a_username', if any. -- User salt for the given user `a_username', if any.
local local
l_parameters: STRING_TABLE [detachable ANY] l_parameters: STRING_TABLE [detachable ANY]
@@ -864,7 +859,27 @@ feature {NONE} -- Implementation: User
sql_forth sql_forth
check one_row: sql_after end check one_row: sql_after end
end end
sql_finalize sql_finalize_query (select_salt_by_username)
end
temp_user_salt (a_username: READABLE_STRING_GENERAL): detachable READABLE_STRING_8
-- User salt for the given user `a_username', if any.
local
l_parameters: STRING_TABLE [detachable ANY]
do
error_handler.reset
write_information_log (generator + ".temp_user_salt")
create l_parameters.make (1)
l_parameters.put (a_username, "name")
sql_query (select_temp_user_salt_by_username, l_parameters)
if not sql_after then
if attached sql_read_string (1) as l_salt then
Result := l_salt
end
sql_forth
check one_row: sql_after end
end
sql_finalize_query (select_temp_user_salt_by_username)
end end
fetch_user: detachable CMS_USER fetch_user: detachable CMS_USER
@@ -1049,6 +1064,27 @@ feature {NONE} -- User Password Recovery
feature -- Acess: Temp users feature -- Acess: Temp users
is_valid_temp_user_credential (a_auth_login, a_auth_password: READABLE_STRING_GENERAL): BOOLEAN
local
l_security: SECURITY_PROVIDER
do
if attached temp_user_salt (a_auth_login) as l_hash then
if attached temp_user_by_name (a_auth_login) as l_user then
create l_security
if
attached l_user.hashed_password as l_hashed_password and then
l_security.password_hash (a_auth_password, l_hash).is_case_insensitive_equal (l_hashed_password)
then
Result := True
else
write_information_log (generator + ".is_valid_temp_user_credential User: wrong username or password" )
end
else
write_information_log (generator + ".is_valid_temp_user_credential User:" + a_auth_login + "does not exist" )
end
end
end
temp_users_count: INTEGER temp_users_count: INTEGER
-- Number of items users. -- Number of items users.
do do
@@ -1061,10 +1097,10 @@ feature -- Acess: Temp users
sql_forth sql_forth
check one_row: sql_after end check one_row: sql_after end
end end
sql_finalize sql_finalize_query (select_temp_users_count)
end end
temp_user_by_id (a_uid: like {CMS_USER}.id; a_consumer: READABLE_STRING_GENERAL): detachable CMS_USER temp_user_by_id (a_uid: like {CMS_USER}.id; a_consumer: READABLE_STRING_GENERAL): detachable CMS_TEMP_USER
-- <Precursor> -- <Precursor>
local local
l_parameters: STRING_TABLE [detachable ANY] l_parameters: STRING_TABLE [detachable ANY]
@@ -1084,10 +1120,10 @@ feature -- Acess: Temp users
Result := Void Result := Void
end end
end end
sql_finalize sql_finalize_query (l_string)
end end
temp_user_by_name (a_name: like {CMS_USER}.name): detachable CMS_USER temp_user_by_name (a_name: READABLE_STRING_GENERAL): detachable CMS_TEMP_USER
-- User for the given name `a_name', if any. -- User for the given name `a_name', if any.
local local
l_parameters: STRING_TABLE [detachable ANY] l_parameters: STRING_TABLE [detachable ANY]
@@ -1102,10 +1138,10 @@ feature -- Acess: Temp users
sql_forth sql_forth
check one_row: sql_after end check one_row: sql_after end
end end
sql_finalize sql_finalize_query (select_temp_user_by_name)
end end
temp_user_by_email (a_email: like {CMS_USER}.email): detachable CMS_USER temp_user_by_email (a_email: READABLE_STRING_GENERAL): detachable CMS_TEMP_USER
-- User for the given email `a_email', if any. -- User for the given email `a_email', if any.
local local
l_parameters: STRING_TABLE [detachable ANY] l_parameters: STRING_TABLE [detachable ANY]
@@ -1120,10 +1156,10 @@ feature -- Acess: Temp users
sql_forth sql_forth
check one_row: sql_after end check one_row: sql_after end
end end
sql_finalize sql_finalize_query (select_temp_user_by_email)
end end
temp_user_by_activation_token (a_token: READABLE_STRING_32): detachable CMS_USER temp_user_by_activation_token (a_token: READABLE_STRING_GENERAL): detachable CMS_TEMP_USER
-- User for the given activation token `a_token', if any. -- User for the given activation token `a_token', if any.
local local
l_parameters: STRING_TABLE [detachable ANY] l_parameters: STRING_TABLE [detachable ANY]
@@ -1138,7 +1174,7 @@ feature -- Acess: Temp users
sql_forth sql_forth
check one_row: sql_after end check one_row: sql_after end
end end
sql_finalize sql_finalize_query (select_temp_user_by_activation_token)
end end
temp_recent_users (a_lower: INTEGER; a_count: INTEGER): LIST [CMS_TEMP_USER] temp_recent_users (a_lower: INTEGER; a_count: INTEGER): LIST [CMS_TEMP_USER]
@@ -1151,11 +1187,11 @@ feature -- Acess: Temp users
error_handler.reset error_handler.reset
write_information_log (generator + ".temp_recent_users") write_information_log (generator + ".temp_recent_users")
create l_parameters.make (2)
l_parameters.put (a_count, "rows")
l_parameters.put (a_lower, "offset")
sql_query (sql_select_temp_recent_users, l_parameters)
from from
create l_parameters.make (2)
l_parameters.put (a_count, "rows")
l_parameters.put (a_lower, "offset")
sql_query (sql_select_temp_recent_users, l_parameters)
sql_start sql_start
until until
sql_after or has_error sql_after or has_error
@@ -1165,7 +1201,7 @@ feature -- Acess: Temp users
end end
sql_forth sql_forth
end end
sql_finalize sql_finalize_query (sql_select_temp_recent_users)
end end
token_by_temp_user_id (a_id: like {CMS_USER}.id): detachable STRING token_by_temp_user_id (a_id: like {CMS_USER}.id): detachable STRING
@@ -1185,7 +1221,7 @@ feature -- Acess: Temp users
sql_forth sql_forth
check one_row: sql_after end check one_row: sql_after end
end end
sql_finalize sql_finalize_query (select_token_activation_by_user_id)
end end
feature {NONE} -- Implementation: User feature {NONE} -- Implementation: User
@@ -1257,12 +1293,12 @@ feature -- New Temp User
l_parameters.put (a_temp_user.profile_name, "profile_name") l_parameters.put (a_temp_user.profile_name, "profile_name")
sql_insert (sql_insert_user, l_parameters) sql_insert (sql_insert_user, l_parameters)
sql_finalize_insert (sql_insert_user)
if not error_handler.has_error then if not error_handler.has_error then
sql_commit_transaction sql_commit_transaction
else else
sql_rollback_transaction sql_rollback_transaction
end end
sql_finalize
else else
-- set error -- set error
error_handler.add_custom_error (-1, "bad request" , "Missing password or email") error_handler.add_custom_error (-1, "bad request" , "Missing password or email")
@@ -1297,13 +1333,13 @@ feature -- New Temp User
sql_begin_transaction sql_begin_transaction
sql_insert (sql_insert_temp_user, l_parameters) sql_insert (sql_insert_temp_user, l_parameters)
sql_finalize_insert (sql_insert_temp_user)
if not error_handler.has_error then if not error_handler.has_error then
a_temp_user.set_id (last_inserted_temp_user_id) a_temp_user.set_id (last_inserted_temp_user_id)
sql_commit_transaction sql_commit_transaction
else else
sql_rollback_transaction sql_rollback_transaction
end end
sql_finalize
else else
-- set error -- set error
error_handler.add_custom_error (-1, "bad request" , "Missing password or email or personal information") error_handler.add_custom_error (-1, "bad request" , "Missing password or email or personal information")
@@ -1323,8 +1359,8 @@ feature -- Remove Activation
create l_parameters.make (1) create l_parameters.make (1)
l_parameters.put (a_token, "token") l_parameters.put (a_token, "token")
sql_modify (sql_remove_activation, l_parameters) sql_modify (sql_remove_activation, l_parameters)
sql_finalize_modify (sql_remove_activation)
sql_commit_transaction sql_commit_transaction
sql_finalize
end end
delete_temp_user (a_temp_user: CMS_TEMP_USER) delete_temp_user (a_temp_user: CMS_TEMP_USER)
@@ -1337,9 +1373,9 @@ feature -- Remove Activation
write_information_log (generator + ".delete_temp_user") write_information_log (generator + ".delete_temp_user")
create l_parameters.make (1) create l_parameters.make (1)
l_parameters.put (a_temp_user.id, "uid") l_parameters.put (a_temp_user.id, "uid")
sql_modify (sql_delete_temp_user, l_parameters) sql_delete (sql_delete_temp_user, l_parameters)
sql_finalize_delete (sql_delete_temp_user)
sql_commit_transaction sql_commit_transaction
sql_finalize
end end
feature {NONE} -- Implementation feature {NONE} -- Implementation
@@ -1355,7 +1391,7 @@ feature {NONE} -- Implementation
sql_forth sql_forth
check one_row: sql_after end check one_row: sql_after end
end end
sql_finalize sql_finalize_query (sql_last_insert_temp_user_id)
end end
last_inserted_user_id: INTEGER_64 last_inserted_user_id: INTEGER_64
@@ -1369,7 +1405,7 @@ feature {NONE} -- Implementation
sql_forth sql_forth
check one_row: sql_after end check one_row: sql_after end
end end
sql_finalize sql_finalize_query (sql_last_insert_user_id)
end end
feature {NONE} -- SQL select feature {NONE} -- SQL select
@@ -1392,6 +1428,9 @@ feature {NONE} -- SQL select
select_temp_user_by_activation_token: STRING = "SELECT u.uid, u.name, u.password, u.salt, u.email, u.application FROM auth_temp_users as u JOIN users_activations as ua ON ua.uid = u.uid and ua.token = :token;" select_temp_user_by_activation_token: STRING = "SELECT u.uid, u.name, u.password, u.salt, u.email, u.application FROM auth_temp_users as u JOIN users_activations as ua ON ua.uid = u.uid and ua.token = :token;"
-- Retrieve user by activation token if exist. -- Retrieve user by activation token if exist.
select_temp_user_salt_by_username: STRING = "SELECT salt FROM auth_temp_users WHERE name =:name;"
-- Retrieve temp user salt by username if exists.
sql_delete_temp_user: STRING = "DELETE FROM auth_temp_users WHERE uid=:uid;" sql_delete_temp_user: STRING = "DELETE FROM auth_temp_users WHERE uid=:uid;"
select_temp_users_count: STRING = "SELECT count(*) FROM auth_temp_users;" select_temp_users_count: STRING = "SELECT count(*) FROM auth_temp_users;"

15
src/modules/core/persistence/user_profile/cms_user_profile_storage_sql.e
View File

@@ -35,7 +35,7 @@ feature -- Access
if not has_error then if not has_error then
Result := sql_read_string_32 (2) Result := sql_read_string_32 (2)
end end
sql_finalize sql_finalize_query (sql_select_user_profile_item)
end end
user_profile (a_user: CMS_USER): detachable CMS_USER_PROFILE user_profile (a_user: CMS_USER): detachable CMS_USER_PROFILE
@@ -63,7 +63,7 @@ feature -- Access
sql_forth sql_forth
end end
end end
sql_finalize sql_finalize_query (sql_select_user_profile_items)
end end
users_with_profile_item (a_item_name: READABLE_STRING_GENERAL; a_value: detachable READABLE_STRING_GENERAL): detachable LIST [CMS_USER] users_with_profile_item (a_item_name: READABLE_STRING_GENERAL; a_value: detachable READABLE_STRING_GENERAL): detachable LIST [CMS_USER]
@@ -98,7 +98,7 @@ feature -- Access
sql_forth sql_forth
end end
end end
sql_finalize sql_finalize_query (sql_select_users_with_profile_item)
if if
not has_error and not has_error and
l_uids /= Void and l_uids /= Void and
@@ -132,10 +132,11 @@ feature -- Change
reset_error reset_error
if user_profile_item (a_user, a_item_name) = Void then if user_profile_item (a_user, a_item_name) = Void then
sql_insert (sql_insert_user_profile_item, l_parameters) sql_insert (sql_insert_user_profile_item, l_parameters)
sql_finalize_insert (sql_insert_user_profile_item)
else else
sql_modify (sql_update_user_profile_item, l_parameters) sql_modify (sql_update_user_profile_item, l_parameters)
sql_finalize_modify (sql_update_user_profile_item)
end end
sql_finalize
end end
save_user_profile (a_user: CMS_USER; a_profile: CMS_USER_PROFILE) save_user_profile (a_user: CMS_USER; a_profile: CMS_USER_PROFILE)
@@ -164,7 +165,8 @@ feature -- Change
l_is_new := True l_is_new := True
elseif p.has_key (ic.key) then elseif p.has_key (ic.key) then
l_is_new := False l_is_new := False
l_has_diff := attached p.item (ic.key) as l_prev_item and then not l_prev_item.same_string (l_item) l_has_diff := attached p.item (ic.key) as l_prev_item and then
not l_prev_item.same_string (l_item)
else else
l_is_new := True l_is_new := True
end end
@@ -175,13 +177,14 @@ feature -- Change
if l_is_new then if l_is_new then
sql_insert (sql_insert_user_profile_item, l_parameters) sql_insert (sql_insert_user_profile_item, l_parameters)
sql_finalize_insert (sql_insert_user_profile_item)
else else
sql_modify (sql_update_user_profile_item, l_parameters) sql_modify (sql_update_user_profile_item, l_parameters)
sql_finalize_modify (sql_update_user_profile_item)
end end
l_parameters.wipe_out l_parameters.wipe_out
end end
end end
sql_finalize
end end
feature {NONE} -- Queries feature {NONE} -- Queries

10
src/modules/core/webapi/cms_root_webapi_handler.e
View File

@@ -41,13 +41,10 @@ feature -- Execution
elseif api.has_permission ("account register") then elseif api.has_permission ("account register") then
rep.add_link ("register", Void, api.webapi_path ("/account/register")) rep.add_link ("register", Void, api.webapi_path ("/account/register"))
end end
-- If query has "router=yes", display basic information about router mapping.
-- Note: this may change in the future
if if
attached router as l_router and then
attached req.query_parameter ("router") as p_router and then attached req.query_parameter ("router") as p_router and then
p_router.same_string ("yes") p_router.same_string ("yes") and then
attached router as l_router
then then
create j.make_empty create j.make_empty
create vis create vis
@@ -78,6 +75,9 @@ feature -- Execution
end(?, j)) end(?, j))
vis.process_router (l_router) vis.process_router (l_router)
rep.add_string_field ("routing", j.representation) rep.add_string_field ("routing", j.representation)
-- vis.on_mapping_actions.extend (agent (i_mapping: WSF_ROUTER_MAPPING; i_json: JSON_OBJECT)
-- do
-- end(?, j))
end end
rep.add_self (req.percent_encoded_path_info) rep.add_self (req.percent_encoded_path_info)
rep.execute rep.execute

14
src/persistence/cms_storage_null.e
View File

@@ -103,18 +103,18 @@ feature -- Logs
feature -- Custom feature -- Custom
set_custom_value (a_name: READABLE_STRING_8; a_value: attached like custom_value; a_type: detachable READABLE_STRING_8) set_custom_value (a_name: READABLE_STRING_8; a_value: attached like custom_value; a_type: READABLE_STRING_8)
-- Save data `a_name:a_value' for type `a_type' (or default if none). -- Save data `a_name:a_value' for type `a_type'.
do do
end end
unset_custom_value (a_name: READABLE_STRING_8; a_type: detachable READABLE_STRING_8) unset_custom_value (a_name: READABLE_STRING_8; a_type: READABLE_STRING_8)
-- Delete data `a_name' for type `a_type' (or default if none). -- Delete data `a_name' for type `a_type'.
do do
end end
custom_value (a_name: READABLE_STRING_GENERAL; a_type: detachable READABLE_STRING_8): detachable READABLE_STRING_32 custom_value (a_name: READABLE_STRING_GENERAL; a_type: READABLE_STRING_8): detachable READABLE_STRING_32
-- Data for name `a_name' and type `a_type' (or default if none). -- Data for name `a_name' and type `a_type'.
local local
s: STRING_32 s: STRING_32
do do
@@ -130,7 +130,7 @@ feature -- Custom
end end
end end
custom_values: detachable LIST [TUPLE [name: READABLE_STRING_GENERAL; type: detachable READABLE_STRING_8; value: detachable READABLE_STRING_32]] custom_values: detachable LIST [TUPLE [name: READABLE_STRING_GENERAL; type: READABLE_STRING_8; value: detachable READABLE_STRING_32]]
-- Values as list of [name, type, value]. -- Values as list of [name, type, value].
do do
end end

1
src/persistence/sql/cms_proxy_storage_sql.e
View File

@@ -41,6 +41,7 @@ feature -- Execution
sql_begin_transaction sql_begin_transaction
do do
-- FIXME: may raise exception due to locked database...
sql_storage.sql_begin_transaction sql_storage.sql_begin_transaction
end end

48
src/persistence/sql/cms_storage_sql_i.e
View File

@@ -143,6 +143,31 @@ feature -- Operation
deferred deferred
end end
sql_finalize_query (a_sql_statement: STRING)
do
sql_finalize_statement (a_sql_statement)
end
sql_finalize_insert (a_sql_statement: STRING)
do
sql_finalize_statement (a_sql_statement)
end
sql_finalize_modify (a_sql_statement: STRING)
do
sql_finalize_statement (a_sql_statement)
end
sql_finalize_delete (a_sql_statement: STRING)
do
sql_finalize_statement (a_sql_statement)
end
sql_finalize_statement (a_sql_statement: STRING)
do
sql_finalize
end
feature -- Helper feature -- Helper
sql_script_content (a_path: PATH): detachable STRING sql_script_content (a_path: PATH): detachable STRING
@@ -181,6 +206,7 @@ feature -- Helper
i: INTEGER i: INTEGER
err: BOOLEAN err: BOOLEAN
cl: CELL [INTEGER] cl: CELL [INTEGER]
l_sql: STRING
do do
reset_error reset_error
sql_begin_transaction sql_begin_transaction
@@ -194,10 +220,13 @@ feature -- Helper
loop loop
if attached next_sql_statement (a_sql_script, i, cl) as s then if attached next_sql_statement (a_sql_script, i, cl) as s then
if not s.is_whitespace then if not s.is_whitespace then
l_sql := sql_statement (s)
if s.starts_with ("INSERT") then if s.starts_with ("INSERT") then
sql_insert (sql_statement (s), a_params) sql_insert (l_sql, a_params)
sql_finalize_insert (l_sql)
else else
sql_modify (sql_statement (s), a_params) sql_modify (l_sql, a_params)
sql_finalize_modify (l_sql)
end end
err := err or has_error err := err or has_error
reset_error reset_error
@@ -212,29 +241,34 @@ feature -- Helper
else else
sql_commit_transaction sql_commit_transaction
end end
sql_finalize
end end
sql_table_exists (a_table_name: READABLE_STRING_8): BOOLEAN sql_table_exists (a_table_name: READABLE_STRING_8): BOOLEAN
-- Does table `a_table_name' exists? -- Does table `a_table_name' exists?
local
l_sql: STRING
do do
reset_error reset_error
sql_query ("SELECT count(*) FROM " + a_table_name + " ;", Void) l_sql := "SELECT count(*) FROM " + a_table_name + " ;"
sql_query (l_sql, Void)
Result := not has_error Result := not has_error
-- FIXME: find better solution -- FIXME: find better solution
sql_finalize sql_finalize_query (l_sql)
reset_error reset_error
end end
sql_table_items_count (a_table_name: READABLE_STRING_8): INTEGER_64 sql_table_items_count (a_table_name: READABLE_STRING_8): INTEGER_64
-- Number of items in table `a_table_name'? -- Number of items in table `a_table_name'?
local
l_sql: STRING
do do
reset_error reset_error
sql_query ("SELECT count(*) FROM " + a_table_name + " ;", Void) l_sql := "SELECT count(*) FROM " + a_table_name + " ;"
sql_query (l_sql, Void)
if not has_error then if not has_error then
Result := sql_read_integer_64 (1) Result := sql_read_integer_64 (1)
end end
sql_finalize sql_finalize_query (l_sql)
end end
feature -- Access feature -- Access

45
src/service/cms_self_module_administration.e Normal file
View File

@@ -0,0 +1,45 @@
note
description: "Summary description for {CMS_SELF_MODULE_ADMINISTRATION}."
date: "$Date$"
revision: "$Revision$"
class
CMS_SELF_MODULE_ADMINISTRATION [G -> CMS_MODULE]
inherit
CMS_MODULE_ADMINISTRATION [G]
redefine
setup_hooks,
filters
end
create
make
feature -- Router
setup_administration_router (a_router: WSF_ROUTER; a_api: CMS_API)
do
end
feature -- Filter
filters (a_api: CMS_API): detachable LIST [WSF_FILTER]
-- Optional list of filter for Current module.
-- (from CMS_MODULE)
do
Result := module.filters (a_api)
end
feature -- Hooks configuration
setup_hooks (a_hooks: CMS_HOOK_CORE_MANAGER)
-- Module hooks configuration.
do
module.setup_hooks (a_hooks)
end
note
copyright: "2011-2017, Jocelyn Fiat, Javier Velilla, Eiffel Software and others"
license: "Eiffel Forum License v2 (see http://www.eiffel.com/licensing/forum.txt)"
end

3
tests/all-safe.ecf
View File

@@ -1,3 +0,0 @@
<?xml version="1.0" encoding="ISO-8859-1"?>
<redirection xmlns="http://www.eiffel.com/developers/xml/configuration-1-16-0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.eiffel.com/developers/xml/configuration-1-16-0 http://www.eiffel.com/developers/xml/configuration-1-16-0.xsd" uuid="C8FBADFC-FC8D-43F4-AA09-55304BC9342A" message="Obsolete: use all.ecf !" location="all.ecf">
</redirection>