Added CMS_API.request: WSF_REQUEST to ease dev of ROC CMS code.
- Removed CMS_REQUEST_UTIL - centralize a few request related code into CMS_API Added CMS_API.user, CMS_API.set_user (CMS_USER), ... and user related routines. Refactored Auth related code - added various abstractions to factorize implementation and harmonize solutions. - revisited the logout strategy. - updated the account info page, and remove info user should not care about. - simplified the process, and encourage auth module to follow same design. Added CMS_LINK helper routines to modify the related query string. Removed CMS_USER.profile (and related routines) - It was not used so far. - it will probably a specific module later, if needed. Update various module to avoid fetching user from sql directly, and let this task to CMS_USER_API. Removed CMS_NODE_API.node_author (a_node: CMS_NODE): detachable CMS_USER, - as the info is already in CMS_NODE.author Added CMS_RESPONSE.redirection_delay, if ever one code want to redirect after a few seconds. Added the request uri info to the not found cms response.
This commit is contained in:
@@ -10,10 +10,11 @@ class
|
||||
CMS_SESSION_AUTH_MODULE
|
||||
|
||||
inherit
|
||||
CMS_MODULE
|
||||
CMS_AUTH_MODULE_I
|
||||
rename
|
||||
module_api as session_api
|
||||
redefine
|
||||
make,
|
||||
filters,
|
||||
setup_hooks,
|
||||
initialize,
|
||||
@@ -21,19 +22,8 @@ inherit
|
||||
session_api
|
||||
end
|
||||
|
||||
|
||||
CMS_HOOK_AUTO_REGISTER
|
||||
|
||||
CMS_HOOK_BLOCK
|
||||
|
||||
CMS_HOOK_MENU_SYSTEM_ALTER
|
||||
|
||||
CMS_HOOK_VALUE_TABLE_ALTER
|
||||
|
||||
SHARED_LOGGER
|
||||
|
||||
CMS_REQUEST_UTIL
|
||||
|
||||
create
|
||||
make
|
||||
|
||||
@@ -41,10 +31,9 @@ feature {NONE} -- Initialization
|
||||
|
||||
make
|
||||
do
|
||||
Precursor
|
||||
version := "1.0"
|
||||
description := "Service to manage cookie based authentication"
|
||||
package := "authentication"
|
||||
add_dependency ({CMS_AUTHENTICATION_MODULE})
|
||||
end
|
||||
|
||||
feature -- Access
|
||||
@@ -87,7 +76,7 @@ feature {CMS_API} -- Module management
|
||||
if l_sql_storage.has_error then
|
||||
api.logger.put_error ("Could not initialize database for module [" + name + "]", generating_type)
|
||||
else
|
||||
Precursor {CMS_MODULE} (api) -- Mark it as installed.
|
||||
Precursor {CMS_AUTH_MODULE_I} (api) -- Mark it as installed.
|
||||
end
|
||||
end
|
||||
end
|
||||
@@ -95,7 +84,28 @@ feature {CMS_API} -- Module management
|
||||
feature {CMS_API} -- Access: API
|
||||
|
||||
session_api: detachable CMS_SESSION_API
|
||||
-- <Precursor>
|
||||
-- <Precursor>
|
||||
|
||||
feature -- Access: auth strategy
|
||||
|
||||
login_title: STRING = "Session"
|
||||
-- Module specific login title.
|
||||
|
||||
login_location: STRING = "account/auth/roc-session-login"
|
||||
|
||||
logout_location: STRING = "account/auth/roc-session-logout"
|
||||
|
||||
is_authenticating (a_response: CMS_RESPONSE): BOOLEAN
|
||||
-- <Precursor>
|
||||
do
|
||||
if
|
||||
a_response.is_authenticated and then
|
||||
attached session_api as l_session_api and then
|
||||
attached a_response.request.cookie (l_session_api.session_token)
|
||||
then
|
||||
Result := True
|
||||
end
|
||||
end
|
||||
|
||||
feature -- Access: router
|
||||
|
||||
@@ -103,9 +113,9 @@ feature -- Access: router
|
||||
-- <Precursor>
|
||||
do
|
||||
if attached session_api as l_session_api then
|
||||
a_router.handle ("/account/roc-session-login", create {WSF_URI_AGENT_HANDLER}.make (agent handle_login (a_api, ?, ?)), a_router.methods_head_get)
|
||||
a_router.handle ("/account/roc-session-logout", create {WSF_URI_AGENT_HANDLER}.make (agent handle_logout (a_api, l_session_api, ?, ?)), a_router.methods_get_post)
|
||||
a_router.handle ("/account/login-with-session", create {WSF_URI_TEMPLATE_AGENT_HANDLER}.make (agent handle_login_with_session (a_api,session_api, ?, ?)), a_router.methods_get_post)
|
||||
a_router.handle ("/" + login_location, create {WSF_URI_AGENT_HANDLER}.make (agent handle_login (a_api, ?, ?)), a_router.methods_head_get)
|
||||
a_router.handle ("/" + logout_location, create {WSF_URI_AGENT_HANDLER}.make (agent handle_logout (a_api, l_session_api, ?, ?)), a_router.methods_get_post)
|
||||
a_router.handle ("/account/auth/roc-session-login", create {WSF_URI_TEMPLATE_AGENT_HANDLER}.make (agent handle_login_with_session (a_api,session_api, ?, ?)), a_router.methods_get_post)
|
||||
end
|
||||
end
|
||||
|
||||
@@ -114,8 +124,8 @@ feature -- Access: filter
|
||||
filters (a_api: CMS_API): detachable LIST [WSF_FILTER]
|
||||
-- Possibly list of Filter's module.
|
||||
do
|
||||
create {ARRAYED_LIST [WSF_FILTER]} Result.make (1)
|
||||
if attached session_api as l_session_api then
|
||||
create {ARRAYED_LIST [WSF_FILTER]} Result.make (1)
|
||||
Result.extend (create {CMS_SESSION_AUTH_FILTER}.make (a_api, l_session_api))
|
||||
end
|
||||
end
|
||||
@@ -124,9 +134,29 @@ feature {NONE} -- Implementation: routes
|
||||
|
||||
handle_login (api: CMS_API; req: WSF_REQUEST; res: WSF_RESPONSE)
|
||||
local
|
||||
vals: CMS_VALUE_TABLE
|
||||
r: CMS_RESPONSE
|
||||
do
|
||||
create {GENERIC_VIEW_CMS_RESPONSE} r.make (req, res, api)
|
||||
if api.user_is_authenticated then
|
||||
r.add_error_message ("You are already signed in!")
|
||||
else
|
||||
if attached template_block ("login", r) as l_tpl_block then
|
||||
create vals.make (1)
|
||||
-- add the variable to the block
|
||||
l_tpl_block.set_value (api.user, "user")
|
||||
l_tpl_block.set_value (r.url ("", Void), "site_url")
|
||||
api.hooks.invoke_value_table_alter (vals, r)
|
||||
across
|
||||
vals as ic
|
||||
loop
|
||||
l_tpl_block.set_value (ic.item, ic.key)
|
||||
end
|
||||
r.add_block (l_tpl_block, "content")
|
||||
else
|
||||
r.add_error_message ("Error: missing block [login]")
|
||||
end
|
||||
end
|
||||
r.execute
|
||||
end
|
||||
|
||||
@@ -139,14 +169,14 @@ feature {NONE} -- Implementation: routes
|
||||
tok := a_session_api.session_token
|
||||
if
|
||||
attached {WSF_STRING} req.cookie (tok) as l_cookie_token and then
|
||||
attached {CMS_USER} current_user (req) as l_user
|
||||
attached api.user as l_user
|
||||
then
|
||||
-- Logout Session
|
||||
create l_cookie.make (tok, l_cookie_token.value) -- FIXME: unicode issue?
|
||||
l_cookie.set_path ("/")
|
||||
l_cookie.set_max_age (-1)
|
||||
res.add_cookie (l_cookie)
|
||||
unset_current_user (req)
|
||||
api.unset_user
|
||||
|
||||
create {GENERIC_VIEW_CMS_RESPONSE} r.make (req, res, api)
|
||||
r.set_status_code ({HTTP_CONSTANTS}.found)
|
||||
@@ -166,25 +196,39 @@ feature {NONE} -- Implementation: routes
|
||||
if
|
||||
attached a_session_api as l_session_api and then
|
||||
attached {WSF_STRING} req.form_parameter ("username") as l_username and then
|
||||
attached {WSF_STRING} req.form_parameter ("password") as l_password and then
|
||||
api.user_api.is_valid_credential (l_username.value, l_password.value) and then
|
||||
attached api.user_api.user_by_name (l_username.value) as l_user
|
||||
attached {WSF_STRING} req.form_parameter ("password") as l_password
|
||||
then
|
||||
l_token := generate_token
|
||||
if
|
||||
a_session_api.has_user_token (l_user)
|
||||
api.user_api.is_valid_credential (l_username.value, l_password.value) and then
|
||||
attached api.user_api.user_by_name (l_username.value) as l_user
|
||||
then
|
||||
l_session_api.update_user_session_auth (l_token, l_user)
|
||||
l_token := generate_token
|
||||
if a_session_api.has_user_token (l_user) then
|
||||
l_session_api.update_user_session_auth (l_token, l_user)
|
||||
else
|
||||
l_session_api.new_user_session_auth (l_token, l_user)
|
||||
end
|
||||
create l_cookie.make (a_session_api.session_token, l_token)
|
||||
l_cookie.set_max_age (a_session_api.session_max_age)
|
||||
l_cookie.set_path ("/")
|
||||
res.add_cookie (l_cookie)
|
||||
api.set_user (l_user)
|
||||
api.record_user_login (l_user)
|
||||
|
||||
create {GENERIC_VIEW_CMS_RESPONSE} r.make (req, res, api)
|
||||
if attached {WSF_STRING} req.query_parameter ("destination") as p_destination then
|
||||
r.set_redirection (p_destination.url_encoded_value)
|
||||
else
|
||||
r.set_redirection ("")
|
||||
end
|
||||
else
|
||||
l_session_api.new_user_session_auth (l_token, l_user)
|
||||
create {GENERIC_VIEW_CMS_RESPONSE} r.make (req, res, api)
|
||||
if attached template_block ("login", r) as l_tpl_block then
|
||||
l_tpl_block.set_value (l_username.value, "username")
|
||||
l_tpl_block.set_value ("Wrong: Username or password ", "error")
|
||||
r.add_block (l_tpl_block, "content")
|
||||
end
|
||||
end
|
||||
create l_cookie.make (a_session_api.session_token, l_token)
|
||||
l_cookie.set_max_age (a_session_api.session_max_age)
|
||||
l_cookie.set_path ("/")
|
||||
res.add_cookie (l_cookie)
|
||||
set_current_user (req, l_user)
|
||||
create {GENERIC_VIEW_CMS_RESPONSE} r.make (req, res, api)
|
||||
r.set_redirection (req.absolute_script_url (""))
|
||||
r.execute
|
||||
else
|
||||
create {BAD_REQUEST_ERROR_CMS_RESPONSE} r.make (req, res, api)
|
||||
@@ -204,108 +248,24 @@ feature -- Hooks configuration
|
||||
setup_hooks (a_hooks: CMS_HOOK_CORE_MANAGER)
|
||||
-- Module hooks configuration.
|
||||
do
|
||||
auto_subscribe_to_hooks (a_hooks)
|
||||
Precursor (a_hooks)
|
||||
a_hooks.subscribe_to_block_hook (Current)
|
||||
a_hooks.subscribe_to_value_table_alter_hook (Current)
|
||||
end
|
||||
|
||||
feature -- Hooks
|
||||
|
||||
value_table_alter (a_value: CMS_VALUE_TABLE; a_response: CMS_RESPONSE)
|
||||
-- <Precursor>
|
||||
do
|
||||
if
|
||||
attached a_response.user as u and then
|
||||
attached session_api as l_session_api and then
|
||||
attached a_response.request.cookie (l_session_api.session_token)
|
||||
then
|
||||
a_value.force ("account/roc-session-logout", "auth_login_strategy")
|
||||
end
|
||||
end
|
||||
|
||||
menu_system_alter (a_menu_system: CMS_MENU_SYSTEM; a_response: CMS_RESPONSE)
|
||||
-- Hook execution on collection of menu contained by `a_menu_system'
|
||||
-- for related response `a_response'.
|
||||
local
|
||||
lnk: CMS_LOCAL_LINK
|
||||
lnk2: detachable CMS_LINK
|
||||
do
|
||||
if attached a_response.user as u then
|
||||
if
|
||||
attached session_api as l_session_api and then
|
||||
attached a_response.request.cookie (l_session_api.session_token)
|
||||
then
|
||||
across
|
||||
a_menu_system.primary_menu.items as ic
|
||||
until
|
||||
lnk2 /= Void
|
||||
loop
|
||||
if
|
||||
ic.item.location.same_string ("account/roc-logout")
|
||||
or else ic.item.location.same_string ("basic_auth_logoff")
|
||||
then
|
||||
lnk2 := ic.item
|
||||
end
|
||||
end
|
||||
if lnk2 /= Void then
|
||||
a_menu_system.primary_menu.remove (lnk2)
|
||||
end
|
||||
create lnk.make ("Logout", "account/roc-session-logout" )
|
||||
a_menu_system.primary_menu.extend (lnk)
|
||||
end
|
||||
elseif a_response.location.starts_with ("account/") then
|
||||
create lnk.make ("Session", "account/roc-session-login")
|
||||
a_response.add_to_primary_tabs (lnk)
|
||||
end
|
||||
end
|
||||
|
||||
block_list: ITERABLE [like {CMS_BLOCK}.name]
|
||||
local
|
||||
l_string: STRING
|
||||
do
|
||||
Result := <<"login">>
|
||||
debug ("roc")
|
||||
create l_string.make_empty
|
||||
across
|
||||
Result as ic
|
||||
loop
|
||||
l_string.append (ic.item)
|
||||
l_string.append_character (' ')
|
||||
end
|
||||
write_debug_log (generator + ".block_list:" + l_string )
|
||||
end
|
||||
Result := <<"?login">>
|
||||
end
|
||||
|
||||
get_block_view (a_block_id: READABLE_STRING_8; a_response: CMS_RESPONSE)
|
||||
do
|
||||
if
|
||||
a_block_id.is_case_insensitive_equal_general ("login") and then
|
||||
a_response.location.starts_with ("account/roc-session-login")
|
||||
then
|
||||
if a_block_id.is_case_insensitive_equal_general ("login") then
|
||||
get_block_view_login (a_block_id, a_response)
|
||||
end
|
||||
end
|
||||
|
||||
feature {NONE} -- Helpers
|
||||
|
||||
template_block (a_block_id: READABLE_STRING_8; a_response: CMS_RESPONSE): detachable CMS_SMARTY_TEMPLATE_BLOCK
|
||||
-- Smarty content block for `a_block_id'
|
||||
local
|
||||
p: detachable PATH
|
||||
do
|
||||
create p.make_from_string ("templates")
|
||||
p := p.extended ("block_").appended (a_block_id).appended_with_extension ("tpl")
|
||||
|
||||
p := a_response.api.module_theme_resource_location (Current, p)
|
||||
if p /= Void then
|
||||
if attached p.entry as e then
|
||||
create Result.make (a_block_id, Void, p.parent, e)
|
||||
else
|
||||
create Result.make (a_block_id, Void, p.parent, p)
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
feature {NONE} -- Block views
|
||||
|
||||
get_block_view_login (a_block_id: READABLE_STRING_8; a_response: CMS_RESPONSE)
|
||||
@@ -315,7 +275,7 @@ feature {NONE} -- Block views
|
||||
if attached template_block (a_block_id, a_response) as l_tpl_block then
|
||||
create vals.make (1)
|
||||
-- add the variable to the block
|
||||
value_table_alter (vals, a_response)
|
||||
a_response.api.hooks.invoke_value_table_alter (vals, a_response)
|
||||
across
|
||||
vals as ic
|
||||
loop
|
||||
@@ -347,4 +307,5 @@ feature {NONE} -- Block views
|
||||
end
|
||||
Result := l_token
|
||||
end
|
||||
|
||||
end
|
||||
|
||||
Reference in New Issue
Block a user