backup/ROC
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Added CMS_API.request: WSF_REQUEST to ease dev of ROC CMS code.

Browse Source 
- Removed CMS_REQUEST_UTIL
  - centralize a few request related code into CMS_API
Added CMS_API.user, CMS_API.set_user (CMS_USER), ... and user related routines.

Refactored Auth related code
  - added various abstractions to factorize implementation and harmonize solutions.
  - revisited the logout strategy.
  - updated the account info page, and remove info user should not care about.
  - simplified the process, and encourage auth module to follow same design.

Added CMS_LINK helper routines to modify the related query string.
Removed CMS_USER.profile (and related routines)
   - It was not used so far.
   - it will probably a specific module later, if needed.

Update various module to avoid fetching user from sql directly, and let this task to CMS_USER_API.

Removed CMS_NODE_API.node_author (a_node: CMS_NODE): detachable CMS_USER,
   - as the info is already in CMS_NODE.author

Added CMS_RESPONSE.redirection_delay, if ever one code want to redirect after a few seconds.
Added the request uri info to the not found cms response.
This commit is contained in:
Jocelyn FIAT
2016-01-29 21:58:49 +01:00
parent 41ac45d07b
commit 3496536751
67 changed files with 1742 additions and 1820 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
modules/session_auth/cms_session_api.e
View File

@@ -7,7 +7,7 @@ class
CMS_SESSION_API
inherit
CMS_MODULE_API
CMS_AUTH_API_I
REFACTORING_HELPER

209
modules/session_auth/cms_session_auth_module.e
View File

@@ -10,10 +10,11 @@ class
CMS_SESSION_AUTH_MODULE
inherit
CMS_MODULE
CMS_AUTH_MODULE_I
rename
module_api as session_api
redefine
make,
filters,
setup_hooks,
initialize,
@@ -21,19 +22,8 @@ inherit
session_api
end
CMS_HOOK_AUTO_REGISTER
CMS_HOOK_BLOCK
CMS_HOOK_MENU_SYSTEM_ALTER
CMS_HOOK_VALUE_TABLE_ALTER
SHARED_LOGGER
CMS_REQUEST_UTIL
create
make
@@ -41,10 +31,9 @@ feature {NONE} -- Initialization
make
do
Precursor
version := "1.0"
description := "Service to manage cookie based authentication"
package := "authentication"
add_dependency ({CMS_AUTHENTICATION_MODULE})
end
feature -- Access
@@ -87,7 +76,7 @@ feature {CMS_API} -- Module management
if l_sql_storage.has_error then
api.logger.put_error ("Could not initialize database for module [" + name + "]", generating_type)
else
Precursor {CMS_MODULE} (api) -- Mark it as installed.
Precursor {CMS_AUTH_MODULE_I} (api) -- Mark it as installed.
end
end
end
@@ -95,7 +84,28 @@ feature {CMS_API} -- Module management
feature {CMS_API} -- Access: API
session_api: detachable CMS_SESSION_API
-- <Precursor>
-- <Precursor>
feature -- Access: auth strategy
login_title: STRING = "Session"
-- Module specific login title.
login_location: STRING = "account/auth/roc-session-login"
logout_location: STRING = "account/auth/roc-session-logout"
is_authenticating (a_response: CMS_RESPONSE): BOOLEAN
-- <Precursor>
do
if
a_response.is_authenticated and then
attached session_api as l_session_api and then
attached a_response.request.cookie (l_session_api.session_token)
then
Result := True
end
end
feature -- Access: router
@@ -103,9 +113,9 @@ feature -- Access: router
-- <Precursor>
do
if attached session_api as l_session_api then
a_router.handle ("/account/roc-session-login", create {WSF_URI_AGENT_HANDLER}.make (agent handle_login (a_api, ?, ?)), a_router.methods_head_get)
a_router.handle ("/account/roc-session-logout", create {WSF_URI_AGENT_HANDLER}.make (agent handle_logout (a_api, l_session_api, ?, ?)), a_router.methods_get_post)
a_router.handle ("/account/login-with-session", create {WSF_URI_TEMPLATE_AGENT_HANDLER}.make (agent handle_login_with_session (a_api,session_api, ?, ?)), a_router.methods_get_post)
a_router.handle ("/" + login_location, create {WSF_URI_AGENT_HANDLER}.make (agent handle_login (a_api, ?, ?)), a_router.methods_head_get)
a_router.handle ("/" + logout_location, create {WSF_URI_AGENT_HANDLER}.make (agent handle_logout (a_api, l_session_api, ?, ?)), a_router.methods_get_post)
a_router.handle ("/account/auth/roc-session-login", create {WSF_URI_TEMPLATE_AGENT_HANDLER}.make (agent handle_login_with_session (a_api,session_api, ?, ?)), a_router.methods_get_post)
end
end
@@ -114,8 +124,8 @@ feature -- Access: filter
filters (a_api: CMS_API): detachable LIST [WSF_FILTER]
-- Possibly list of Filter's module.
do
create {ARRAYED_LIST [WSF_FILTER]} Result.make (1)
if attached session_api as l_session_api then
create {ARRAYED_LIST [WSF_FILTER]} Result.make (1)
Result.extend (create {CMS_SESSION_AUTH_FILTER}.make (a_api, l_session_api))
end
end
@@ -124,9 +134,29 @@ feature {NONE} -- Implementation: routes
handle_login (api: CMS_API; req: WSF_REQUEST; res: WSF_RESPONSE)
local
vals: CMS_VALUE_TABLE
r: CMS_RESPONSE
do
create {GENERIC_VIEW_CMS_RESPONSE} r.make (req, res, api)
if api.user_is_authenticated then
r.add_error_message ("You are already signed in!")
else
if attached template_block ("login", r) as l_tpl_block then
create vals.make (1)
-- add the variable to the block
l_tpl_block.set_value (api.user, "user")
l_tpl_block.set_value (r.url ("", Void), "site_url")
api.hooks.invoke_value_table_alter (vals, r)
across
vals as ic
loop
l_tpl_block.set_value (ic.item, ic.key)
end
r.add_block (l_tpl_block, "content")
else
r.add_error_message ("Error: missing block [login]")
end
end
r.execute
end
@@ -139,14 +169,14 @@ feature {NONE} -- Implementation: routes
tok := a_session_api.session_token
if
attached {WSF_STRING} req.cookie (tok) as l_cookie_token and then
attached {CMS_USER} current_user (req) as l_user
attached api.user as l_user
then
-- Logout Session
create l_cookie.make (tok, l_cookie_token.value) -- FIXME: unicode issue?
l_cookie.set_path ("/")
l_cookie.set_max_age (-1)
res.add_cookie (l_cookie)
unset_current_user (req)
api.unset_user
create {GENERIC_VIEW_CMS_RESPONSE} r.make (req, res, api)
r.set_status_code ({HTTP_CONSTANTS}.found)
@@ -166,25 +196,39 @@ feature {NONE} -- Implementation: routes
if
attached a_session_api as l_session_api and then
attached {WSF_STRING} req.form_parameter ("username") as l_username and then
attached {WSF_STRING} req.form_parameter ("password") as l_password and then
api.user_api.is_valid_credential (l_username.value, l_password.value) and then
attached api.user_api.user_by_name (l_username.value) as l_user
attached {WSF_STRING} req.form_parameter ("password") as l_password
then
l_token := generate_token
if
a_session_api.has_user_token (l_user)
api.user_api.is_valid_credential (l_username.value, l_password.value) and then
attached api.user_api.user_by_name (l_username.value) as l_user
then
l_session_api.update_user_session_auth (l_token, l_user)
l_token := generate_token
if a_session_api.has_user_token (l_user) then
l_session_api.update_user_session_auth (l_token, l_user)
else
l_session_api.new_user_session_auth (l_token, l_user)
end
create l_cookie.make (a_session_api.session_token, l_token)
l_cookie.set_max_age (a_session_api.session_max_age)
l_cookie.set_path ("/")
res.add_cookie (l_cookie)
api.set_user (l_user)
api.record_user_login (l_user)
create {GENERIC_VIEW_CMS_RESPONSE} r.make (req, res, api)
if attached {WSF_STRING} req.query_parameter ("destination") as p_destination then
r.set_redirection (p_destination.url_encoded_value)
else
r.set_redirection ("")
end
else
l_session_api.new_user_session_auth (l_token, l_user)
create {GENERIC_VIEW_CMS_RESPONSE} r.make (req, res, api)
if attached template_block ("login", r) as l_tpl_block then
l_tpl_block.set_value (l_username.value, "username")
l_tpl_block.set_value ("Wrong: Username or password ", "error")
r.add_block (l_tpl_block, "content")
end
end
create l_cookie.make (a_session_api.session_token, l_token)
l_cookie.set_max_age (a_session_api.session_max_age)
l_cookie.set_path ("/")
res.add_cookie (l_cookie)
set_current_user (req, l_user)
create {GENERIC_VIEW_CMS_RESPONSE} r.make (req, res, api)
r.set_redirection (req.absolute_script_url (""))
r.execute
else
create {BAD_REQUEST_ERROR_CMS_RESPONSE} r.make (req, res, api)
@@ -204,108 +248,24 @@ feature -- Hooks configuration
setup_hooks (a_hooks: CMS_HOOK_CORE_MANAGER)
-- Module hooks configuration.
do
auto_subscribe_to_hooks (a_hooks)
Precursor (a_hooks)
a_hooks.subscribe_to_block_hook (Current)
a_hooks.subscribe_to_value_table_alter_hook (Current)
end
feature -- Hooks
value_table_alter (a_value: CMS_VALUE_TABLE; a_response: CMS_RESPONSE)
-- <Precursor>
do
if
attached a_response.user as u and then
attached session_api as l_session_api and then
attached a_response.request.cookie (l_session_api.session_token)
then
a_value.force ("account/roc-session-logout", "auth_login_strategy")
end
end
menu_system_alter (a_menu_system: CMS_MENU_SYSTEM; a_response: CMS_RESPONSE)
-- Hook execution on collection of menu contained by `a_menu_system'
-- for related response `a_response'.
local
lnk: CMS_LOCAL_LINK
lnk2: detachable CMS_LINK
do
if attached a_response.user as u then
if
attached session_api as l_session_api and then
attached a_response.request.cookie (l_session_api.session_token)
then
across
a_menu_system.primary_menu.items as ic
until
lnk2 /= Void
loop
if
ic.item.location.same_string ("account/roc-logout")
or else ic.item.location.same_string ("basic_auth_logoff")
then
lnk2 := ic.item
end
end
if lnk2 /= Void then
a_menu_system.primary_menu.remove (lnk2)
end
create lnk.make ("Logout", "account/roc-session-logout" )
a_menu_system.primary_menu.extend (lnk)
end
elseif a_response.location.starts_with ("account/") then
create lnk.make ("Session", "account/roc-session-login")
a_response.add_to_primary_tabs (lnk)
end
end
block_list: ITERABLE [like {CMS_BLOCK}.name]
local
l_string: STRING
do
Result := <<"login">>
debug ("roc")
create l_string.make_empty
across
Result as ic
loop
l_string.append (ic.item)
l_string.append_character (' ')
end
write_debug_log (generator + ".block_list:" + l_string )
end
Result := <<"?login">>
end
get_block_view (a_block_id: READABLE_STRING_8; a_response: CMS_RESPONSE)
do
if
a_block_id.is_case_insensitive_equal_general ("login") and then
a_response.location.starts_with ("account/roc-session-login")
then
if a_block_id.is_case_insensitive_equal_general ("login") then
get_block_view_login (a_block_id, a_response)
end
end
feature {NONE} -- Helpers
template_block (a_block_id: READABLE_STRING_8; a_response: CMS_RESPONSE): detachable CMS_SMARTY_TEMPLATE_BLOCK
-- Smarty content block for `a_block_id'
local
p: detachable PATH
do
create p.make_from_string ("templates")
p := p.extended ("block_").appended (a_block_id).appended_with_extension ("tpl")
p := a_response.api.module_theme_resource_location (Current, p)
if p /= Void then
if attached p.entry as e then
create Result.make (a_block_id, Void, p.parent, e)
else
create Result.make (a_block_id, Void, p.parent, p)
end
end
end
feature {NONE} -- Block views
get_block_view_login (a_block_id: READABLE_STRING_8; a_response: CMS_RESPONSE)
@@ -315,7 +275,7 @@ feature {NONE} -- Block views
if attached template_block (a_block_id, a_response) as l_tpl_block then
create vals.make (1)
-- add the variable to the block
value_table_alter (vals, a_response)
a_response.api.hooks.invoke_value_table_alter (vals, a_response)
across
vals as ic
loop
@@ -347,4 +307,5 @@ feature {NONE} -- Block views
end
Result := l_token
end
end

22
modules/session_auth/filter/cms_session_auth_filter.e
View File

@@ -9,15 +9,11 @@ class
CMS_SESSION_AUTH_FILTER
inherit
WSF_URI_TEMPLATE_HANDLER
CMS_HANDLER
CMS_AUTH_FILTER_I
rename
make as make_handler
make as make_filter
end
WSF_FILTER
create
make
@@ -25,7 +21,7 @@ feature {NONE} -- Initialization
make (a_api: CMS_API; a_session_api: CMS_SESSION_API)
do
make_handler (a_api)
make_filter (a_api)
session_api := a_session_api
end
@@ -33,15 +29,19 @@ feature {NONE} -- Initialization
feature -- Basic operations
execute (req: WSF_REQUEST; res: WSF_RESPONSE)
-- Execute the filter.
auth_strategy: STRING
do
Result := {CMS_SESSION_AUTH_MODULE}.logout_location
end
execute (req: WSF_REQUEST; res: WSF_RESPONSE)
-- <Precursor>.
do
-- A valid user
if
attached {WSF_STRING} req.cookie (session_api.session_token) as l_roc_auth_session_token
then
if attached session_api.user_by_session_token (l_roc_auth_session_token.value) as l_user then
set_current_user (req, l_user)
set_current_user (l_user)
else
api.logger.put_error (generator + ".execute login_valid failed for: " + l_roc_auth_session_token.value , Void)
end

2
modules/session_auth/persistence/cms_session_auth_storage_sql.e
View File

@@ -107,7 +107,7 @@ feature -- Change User token
feature {NONE} -- SQL statements
Select_user_id_by_token: STRING = "SELECT u.uid FROM users as u JOIN auth_session as og ON og.uid = u.uid AND og.access_token = :token;"
Select_user_id_by_token: STRING = "SELECT uid FROM auth_session WHERE access_token = :token;"
sql_insert_session_auth: STRING = "INSERT INTO auth_session (uid, access_token, created) VALUES (:uid, :token, :utc_date);"

50
modules/session_auth/site/templates/block_login.tpl
View File

@@ -1,37 +1,23 @@
<div class="primary-tabs">
{unless isset="$user"}
<h3>Login or <a href="{$site_url/}account/roc-register">Register</a></h3>
<div>
<div>
<form name="cms_session_auth" action="{$site_url/}account/login-with-session" method="POST">
<div>
<input type="text" name="username" id="username" required value="{$username/}">
<label>Username</label>
</div>
<div>
<input type="password" name="password" id="password" required >
<label>Password</label>
</div>
<button type="submit">Login</button>
</form>
</div>
</div>
<div>
{unless isset="$user"}
<div class="login-box">
<div class="description">The "Session" is the standard authentication system. (based on cookie)</div>
<h3>Login or <a href="{$site_url/}account/roc-register">Register</a></h3>
<div>
<form name="cms_session_auth" action="{$site_url/}account/auth/roc-session-login" method="POST">
<div>
<p>
<a href="{$site_url/}account/new-password">Forgot password?</a>
</p>
<input type="text" name="username" id="username" required value="{$username/}">
<label>Username</label>
</div>
</div>
{/unless}
{if isset=$error}
<div>
<div>
<p>
<strong>{$error/}
</p>
<input type="password" name="password" id="password" required >
<label>Password</label>
</div>
</div>
{/if}
<button type="submit">Login</button>
</form>
</div>
<div>
<a href="{$site_url/}account/new-password">Forgot password?</a>
</div>
{if isset="$error"}<div class="error">{$error/}</div>{/if}
</div>
{/unless}