Move generic code for activation, password, reset password, re-activation to

auth module.
Updated Basic Auth module to handle specific content.

modules/basic_auth/basic_auth_module.e

@@ -52,12 +52,6 @@ feature -- Access: router
 			configure_api_login (a_api, a_router)
 			configure_api_logoff (a_api, a_router)
 			a_router.handle ("/account/roc-basic-auth", create {WSF_URI_AGENT_HANDLER}.make (agent handle_login_basic_auth (a_api, ?, ?)), a_router.methods_head_get)
-			a_router.handle ("/account/roc-register", create {WSF_URI_AGENT_HANDLER}.make (agent handle_register (a_api, ?, ?)), a_router.methods_get_post)
-			a_router.handle ("/account/activate/{token}", create {WSF_URI_TEMPLATE_AGENT_HANDLER}.make (agent handle_activation (a_api, ?, ?)), a_router.methods_head_get)
-			a_router.handle ("/account/reactivate", create {WSF_URI_AGENT_HANDLER}.make (agent handle_reactivation (a_api, ?, ?)), a_router.methods_get_post)
-			a_router.handle ("/account/new-password", create {WSF_URI_AGENT_HANDLER}.make (agent handle_new_password (a_api, ?, ?)), a_router.methods_get_post)
-			a_router.handle ("/account/reset-password", create {WSF_URI_AGENT_HANDLER}.make (agent handle_reset_password (a_api, ?, ?)), a_router.methods_get_post)
-
 		end
 
 feature -- Access: filter
@@ -104,215 +98,6 @@ feature {NONE} -- Implementation: routes
 			r.execute
 		end
 
-
-	handle_register (api: CMS_API; req: WSF_REQUEST; res: WSF_RESPONSE)
-		local
-			r: CMS_RESPONSE
-			l_user_api: CMS_USER_API
-			u: CMS_USER
-			l_roles: LIST [CMS_USER_ROLE]
-			l_exist: BOOLEAN
-			es: CMS_AUTHENTICATON_EMAIL_SERVICE
-			l_url: STRING
-			l_token: STRING
-		do
-			create {GENERIC_VIEW_CMS_RESPONSE} r.make (req, res, api)
-			r.set_value ("Register", "optional_content_type")
-			if req.is_post_request_method then
-				if
-					attached {WSF_STRING} req.form_parameter ("name") as l_name and then
-					attached {WSF_STRING} req.form_parameter ("password") as l_password and then
-					attached {WSF_STRING} req.form_parameter ("email") as l_email
-				then
-					l_user_api := api.user_api
-
-					if attached l_user_api.user_by_name (l_name.value) then
-							-- Username already exist.
-						r.values.force ("The user name exist!", "error_name")
-						l_exist := True
-					end
-					if attached l_user_api.user_by_email (l_email.value) then
-							-- Emails already exist.
-						r.values.force ("The email exist!", "error_email")
-						l_exist := True
-					end
-
-					if not l_exist then
-							-- New user
-						create {ARRAYED_LIST [CMS_USER_ROLE]}l_roles.make (1)
-						l_roles.force (l_user_api.authenticated_user_role)
-
-						create u.make (l_name.value)
-						u.set_email (l_email.value)
-						u.set_password (l_password.value)
-						u.set_roles (l_roles)
-						l_user_api.new_user (u)
-
-							-- Create activation token
-						l_token := new_token
-						l_user_api.new_activation (l_token, u.id)
-						l_url := req.absolute_script_url ("/account/activate/" + l_token)
-
-							-- Send Email
-						create es.make (create {CMS_AUTHENTICATION_EMAIL_SERVICE_PARAMETERS}.make (api))
-						write_debug_log (generator + ".handle register: send_contact_email")
-						es.send_contact_email (l_email.value, l_url)
-
-					else
-						r.values.force (l_name.value, "name")
-						r.values.force (l_email.value, "email")
-						r.set_status_code ({HTTP_CONSTANTS}.bad_request)
-					end
-				end
-			end
-
-			r.execute
-		end
-
-	handle_activation (api: CMS_API; req: WSF_REQUEST; res: WSF_RESPONSE)
-		local
-			r: CMS_RESPONSE
-			l_user_api: CMS_USER_API
-			l_ir: INTERNAL_SERVER_ERROR_CMS_RESPONSE
-		do
-			l_user_api := api.user_api
-			create {GENERIC_VIEW_CMS_RESPONSE} r.make (req, res, api)
-			if attached {WSF_STRING} req.path_parameter ("token") as l_token then
-
-				if attached {CMS_USER} l_user_api.user_by_activation_token (l_token.value) as l_user then
-					-- Valid user_id
-					l_user.mark_active
-					l_user_api.update_user (l_user)
-					l_user_api.remove_activation (l_token.value)
-					r.set_value ("Account activated", "optional_content_type")
-					r.set_main_content ("<p> Your account <i>"+ l_user.name +"</i> has been activated</p>")
-				else
-					-- the token does not exist, or it was already used.
-					r.set_status_code ({HTTP_CONSTANTS}.bad_request)
-					r.set_value ("Account not activated", "optional_content_type")
-					r.set_main_content ("<p>The token <i>" + l_token.value +"</i> is not valid " + r.link ("Reactivate Account", "account/reactivate", Void) + "</p>")
-				end
-				r.execute
-			else
-				create l_ir.make (req, res, api)
-				l_ir.execute
-			end
-		end
-
-
-	handle_reactivation (api: CMS_API; req: WSF_REQUEST; res: WSF_RESPONSE)
-		local
-			r: CMS_RESPONSE
-			es: CMS_AUTHENTICATON_EMAIL_SERVICE
-			l_user_api: CMS_USER_API
-			l_token: STRING
-			l_url: STRING
-		do
-			create {GENERIC_VIEW_CMS_RESPONSE} r.make (req, res, api)
-			if req.is_post_request_method then
-				if
-					attached {WSF_STRING} req.form_parameter ("email") as l_email
-				then
-					l_user_api := api.user_api
-					if 	attached {CMS_USER} l_user_api.user_by_email (l_email.value) as l_user then
-							-- User exist create a new token and send a new email.
-						if l_user.is_active then
-							r.values.force ("The asociated user to the given email " + l_email.value + " , is already active", "is_active")
-							r.set_status_code ({HTTP_CONSTANTS}.bad_request)
-						else
-							l_token := new_token
-							l_user_api.new_activation (l_token, l_user.id)
-							l_url := req.absolute_script_url ("/account/activate/" + l_token)
-
-								-- Send Email
-							create es.make (create {CMS_AUTHENTICATION_EMAIL_SERVICE_PARAMETERS}.make (api))
-							write_debug_log (generator + ".handle register: send_contact_activation_email")
-							es.send_contact_activation_email (l_email.value, l_url)
-						end
-					else
-						r.values.force ("The email does not exist or !", "error_email")
-						r.values.force (l_email.value, "email")
-						r.set_status_code ({HTTP_CONSTANTS}.bad_request)
-					end
-				end
-			end
-
-			r.execute
-		end
-
-	handle_new_password (api: CMS_API; req: WSF_REQUEST; res: WSF_RESPONSE)
-		local
-			r: CMS_RESPONSE
-			es: CMS_AUTHENTICATON_EMAIL_SERVICE
-			l_user_api: CMS_USER_API
-			l_token: STRING
-			l_url: STRING
-		do
-			create {GENERIC_VIEW_CMS_RESPONSE} r.make (req, res, api)
-			if req.is_post_request_method then
-				l_user_api := api.user_api
-				if attached {WSF_STRING} req.form_parameter ("email") as l_email then
-					if 	attached {CMS_USER} l_user_api.user_by_email (l_email.value) as l_user then
-								-- User exist create a new token and send a new email.
-						l_token := new_token
-						l_user_api.new_password (l_token, l_user.id)
-						l_url := req.absolute_script_url ("/account/reset-password?token=" + l_token)
-
-								-- Send Email
-						create es.make (create {CMS_AUTHENTICATION_EMAIL_SERVICE_PARAMETERS}.make (api))
-						write_debug_log (generator + ".handle register: send_contact_password_email")
-						es.send_contact_password_email (l_email.value, l_url)
-					else
-						r.values.force ("The email does not exist !", "error_email")
-						r.values.force (l_email.value, "email")
-						r.set_status_code ({HTTP_CONSTANTS}.bad_request)
-					end
-				end
-			end
-			r.execute
-		end
-
-
-	handle_reset_password (api: CMS_API; req: WSF_REQUEST; res: WSF_RESPONSE)
-		local
-			r: CMS_RESPONSE
-			l_user_api: CMS_USER_API
-		do
-			create {GENERIC_VIEW_CMS_RESPONSE} r.make (req, res, api)
-			l_user_api := api.user_api
-			if	attached {WSF_STRING} req.query_parameter ("token") as l_token then
-				r.values.force (l_token.value, "token")
-				if l_user_api.user_by_password_token (l_token.value) = Void  then
-					r.values.force ("The token " + l_token.value + " is not valid, " + r.link ("click here" , "account/new-password", Void) + " to generate a new token.", "error_token")
-					r.set_status_code ({HTTP_CONSTANTS}.bad_request)
-				end
-			end
-
-			if req.is_post_request_method then
-
-				if
-					attached {WSF_STRING} req.form_parameter ("token") as l_token and then
-					attached {WSF_STRING} req.form_parameter ("password") as l_password and then
-					attached {WSF_STRING} req.form_parameter ("confirm_password") as l_confirm_password
-				then
-						-- Does the passwords match?	
-					if l_password.value.same_string (l_confirm_password.value) then
-							-- is the token valid?	
-						if attached {CMS_USER} l_user_api.user_by_password_token (l_token.value) as l_user then
-							l_user.set_password (l_password.value)
-							l_user_api.update_user (l_user)
-							l_user_api.remove_password (l_token.value)
-						end
-					else
-						r.values.force ("Passwords Don't Match", "error_password")
-						r.values.force (l_token.value, "token")
-						r.set_status_code ({HTTP_CONSTANTS}.bad_request)
-					end
-				end
-			end
-			r.execute
-		end
-
 feature -- Hooks configuration
 
 	register_hooks (a_response: CMS_RESPONSE)
@@ -371,7 +156,7 @@ feature -- Hooks
 		local
 			l_string: STRING
 		do
-			Result := <<"login", "register", "reactivate", "new_password", "reset_password">>
+			Result := <<"login">>
 			debug ("roc")
 				create l_string.make_empty
 				across
@@ -392,51 +177,9 @@ feature -- Hooks
 			then
 				a_response.add_javascript_url (a_response.url ("module/" + name + "/files/js/roc_auth.js", Void))
 				get_block_view_login (a_block_id, a_response)
-			elseif
-				a_block_id.is_case_insensitive_equal_general ("register") and then
-				a_response.location.starts_with ("account/roc-register")
-			then
-				get_block_view_register (a_block_id, a_response)
-			elseif
-				a_block_id.is_case_insensitive_equal_general ("reactivate") and then
-				a_response.location.starts_with ("account/reactivate")
-			then
-				get_block_view_reactivate (a_block_id, a_response)
-			elseif
-				a_block_id.is_case_insensitive_equal_general ("new_password") and then
-				a_response.location.starts_with ("account/new-password")
-			then
-				get_block_view_new_password (a_block_id, a_response)
-			elseif
-				a_block_id.is_case_insensitive_equal_general ("reset_password") and then
-				a_response.location.starts_with ("account/reset-password")
-			then
-				get_block_view_reset_password (a_block_id, a_response)
 			end
 		end
 
-
-feature {NONE} -- Token Generation
-
-	new_token: STRING
-			-- Generate a new token activation token
-		local
-			l_token: STRING
-			l_security: SECURITY_PROVIDER
-			l_encode: URL_ENCODER
-		do
-			create l_security
-			l_token := l_security.token
-			create l_encode
-			from until l_token.same_string (l_encode.encoded_string (l_token)) loop
-				-- Loop ensure that we have a security token that does not contain characters that need encoding.
-			    -- We cannot simply to an encode-decode because the email sent to the user will contain an encoded token
-				-- but the user will need to use an unencoded token if activation has to be done manually.
-				l_token := l_security.token
-			end
-			Result := l_token
-		end
-
 feature {NONE} -- Helpers
 
 	template_block (a_block_id: READABLE_STRING_8; a_response: CMS_RESPONSE): detachable CMS_SMARTY_TEMPLATE_BLOCK
@@ -480,142 +223,4 @@ feature {NONE} -- Block views
 			end
 		end
 
-	get_block_view_register (a_block_id: READABLE_STRING_8; a_response: CMS_RESPONSE)
-		do
-			if a_response.request.is_get_request_method then
-				if attached template_block (a_block_id, a_response) as l_tpl_block then
-					a_response.add_block (l_tpl_block, "content")
-				else
-					debug ("cms")
-						a_response.add_warning_message ("Error with block [" + a_block_id + "]")
-					end
-				end
-			elseif a_response.request.is_post_request_method then
-				if a_response.values.has ("error_name") or else a_response.values.has ("error_email") then
-					if attached template_block (a_block_id, a_response) as l_tpl_block then
-						l_tpl_block.set_value (a_response.values.item ("error_name"), "error_name")
-						l_tpl_block.set_value (a_response.values.item ("error_email"), "error_email")
-						l_tpl_block.set_value (a_response.values.item ("email"), "email")
-						l_tpl_block.set_value (a_response.values.item ("name"), "name")
-						a_response.add_block (l_tpl_block, "content")
-					else
-						debug ("cms")
-							a_response.add_warning_message ("Error with block [" + a_block_id + "]")
-						end
-					end
-				else
-					if attached template_block ("post_register", a_response) as l_tpl_block then
-						a_response.add_block (l_tpl_block, "content")
-					else
-						debug ("cms")
-							a_response.add_warning_message ("Error with block [" + a_block_id + "]")
-						end
-					end
-				end
-			end
-		end
-
-
-	get_block_view_reactivate (a_block_id: READABLE_STRING_8; a_response: CMS_RESPONSE)
-		do
-			if a_response.request.is_get_request_method then
-				if attached template_block (a_block_id, a_response) as l_tpl_block then
-					a_response.add_block (l_tpl_block, "content")
-				else
-					debug ("cms")
-						a_response.add_warning_message ("Error with block [" + a_block_id + "]")
-					end
-				end
-			elseif a_response.request.is_post_request_method then
-				if a_response.values.has ("error_email") or else a_response.values.has ("is_active") then
-					if attached template_block (a_block_id, a_response) as l_tpl_block then
-						l_tpl_block.set_value (a_response.values.item ("error_email"), "error_email")
-						l_tpl_block.set_value (a_response.values.item ("email"), "email")
-						l_tpl_block.set_value (a_response.values.item ("is_active"), "is_active")
-						a_response.add_block (l_tpl_block, "content")
-					else
-						debug ("cms")
-							a_response.add_warning_message ("Error with block [" + a_block_id + "]")
-						end
-					end
-				else
-					if attached template_block ("post_reactivate", a_response) as l_tpl_block then
-						a_response.add_block (l_tpl_block, "content")
-					else
-						debug ("cms")
-							a_response.add_warning_message ("Error with block [" + a_block_id + "]")
-						end
-					end
-				end
-			end
-		end
-
-	get_block_view_new_password (a_block_id: READABLE_STRING_8; a_response: CMS_RESPONSE)
-		do
-			if a_response.request.is_get_request_method then
-				if attached template_block (a_block_id, a_response) as l_tpl_block then
-					a_response.add_block (l_tpl_block, "content")
-				else
-					debug ("cms")
-						a_response.add_warning_message ("Error with block [" + a_block_id + "]")
-					end
-				end
-			elseif a_response.request.is_post_request_method then
-				if a_response.values.has ("error_email")  then
-					if attached template_block (a_block_id, a_response) as l_tpl_block then
-						l_tpl_block.set_value (a_response.values.item ("error_email"), "error_email")
-						l_tpl_block.set_value (a_response.values.item ("email"), "email")
-						a_response.add_block (l_tpl_block, "content")
-					else
-						debug ("cms")
-							a_response.add_warning_message ("Error with block [" + a_block_id + "]")
-						end
-					end
-				else
-					if attached template_block ("post_password", a_response) as l_tpl_block then
-						a_response.add_block (l_tpl_block, "content")
-					else
-						debug ("cms")
-							a_response.add_warning_message ("Error with block [" + a_block_id + "]")
-						end
-					end
-				end
-			end
-		end
-
-	get_block_view_reset_password (a_block_id: READABLE_STRING_8; a_response: CMS_RESPONSE)
-		do
-			if a_response.request.is_get_request_method then
-				if attached template_block (a_block_id, a_response) as l_tpl_block then
-					l_tpl_block.set_value (a_response.values.item ("token"), "token")
-					l_tpl_block.set_value (a_response.values.item ("error_token"), "error_token")
-					a_response.add_block (l_tpl_block, "content")
-				else
-					debug ("cms")
-						a_response.add_warning_message ("Error with block [" + a_block_id + "]")
-					end
-				end
-			elseif a_response.request.is_post_request_method then
-				if a_response.values.has ("error_token") or else a_response.values.has ("error_password")   then
-					if attached template_block (a_block_id, a_response) as l_tpl_block then
-						l_tpl_block.set_value (a_response.values.item ("error_token"), "error_token")
-						l_tpl_block.set_value (a_response.values.item ("error_password"), "error_password")
-						l_tpl_block.set_value (a_response.values.item ("token"), "token")
-						a_response.add_block (l_tpl_block, "content")
-					else
-						debug ("cms")
-							a_response.add_warning_message ("Error with block [" + a_block_id + "]")
-						end
-					end
-				else
-					if attached template_block ("post_reset", a_response) as l_tpl_block then
-						a_response.add_block (l_tpl_block, "content")
-					else
-						debug ("cms")
-							a_response.add_warning_message ("Error with block [" + a_block_id + "]")
-						end
-					end
-				end
-			end
-		end
 end

modules/basic_auth/site/templates/block_new_password.tpl

@@ -1,16 +0,0 @@
- <div>
-    <form action="/account/new-password" method="post">
-        <fieldset>
-            <legend>Require new password</legend>
-            <div>
-                <input type="email" id="email" name="email"  value="{$email/}"  required/>
-                <label for="email">Email</label>
-                {if isset="$error_email"}
-                    <span><i>{$error_email/}</i></span> <br>
-                {/if}
-                <br>
-            </div>
-            <button type="submit">Send</button>
-        </fieldset>    
-    </form>
-</div>

modules/basic_auth/site/templates/block_post_password.tpl

@@ -1,3 +0,0 @@
-<div>
-    <p>We have send you a new token code, check your email to generate a new password</p>
-</div>

modules/basic_auth/site/templates/block_post_reactivate.tpl

@@ -1,3 +0,0 @@
-<div>
-    <p>We have send you a new activation code, check your email to activate your account.</p>
-</div>

modules/basic_auth/site/templates/block_post_register.tpl

@@ -1,3 +0,0 @@
-<div>
-    <p>Thanks for register, check your email to activate your account.</p>
-</div>

modules/basic_auth/site/templates/block_post_reset.tpl

@@ -1,3 +0,0 @@
-<div>
-    <p>You new password has been saved!</p>
-</div>

modules/basic_auth/site/templates/block_reactivate.tpl

@@ -1,19 +0,0 @@
- <div>
-    <form action="/account/reactivate" method="post">
-        <fieldset>
-            <legend>Reactivate Form</legend>
-            <div>
-                <input type="email" id="email" name="email"  value="{$email/}"  required/>
-                <label for="email">Email</label>
-                {if isset="$error_email"}
-                    <span><i>{$error_email/}</i></span> <br>
-                {/if}
-                <br>
-                {if isset="$is_active"}
-                    <span><i>{$is_active/}</i></span> <br>
-                {/if}
-            </div>
-            <button type="submit">Reactivate</button>
-        </fieldset>    
-    </form>
-</div>

modules/basic_auth/site/templates/block_register.tpl

@@ -1,28 +0,0 @@
- <div>
-    <form action="/account/roc-register" method="post">
-        <fieldset>
-            <legend>Register Form</legend>
-            <div>
-                <input type="text" id="name" name="name"  value="{$name/}" required  autofocus />
-                <label for="name">Name</label>
-                {if isset="$error_name"}
-                    <span><i>{$error_name/}</i></span> <br>
-                {/if}
-            </div>
-            <div>
-                <input type="password" id="password" name="password" value="" required/>
-                <label for="password">Password</label>
-            </div>
-            <div>
-                <input type="email" id="email" name="email"  value="{$email/}"  required/>
-                <label for="email">Email</label>
-                {if isset="$error_email"}
-                    <span><i>{$error_email/}</i></span> <br>
-                {/if}
-            </div>
-            
-            
-            <button type="submit">Register</button>
-        </fieldset>    
-    </form>
-</div>

modules/basic_auth/site/templates/block_reset_password.tpl

@@ -1,28 +0,0 @@
- <div>
-    <form action="/account/reset-password" method="post">
-        <fieldset>
-            <legend>Generate New Password Form</legend>
-            <div>
-                <input type="text" id="token" name="token"  value="{$token/}" required />
-                <label for="token">Token</label>
-                {if isset="$error_token"}
-                    <span><i>{$error_token/}</i></span> <br>
-                {/if}
-            </div>
-            <div>
-                <input type="password" id="password" name="password" value="" required/>
-                <label for="password">Password</label>
-            </div>
-            <div>
-                <input type="password" id="confirm_password" name="confirm_password" value="" required/>
-                <label for="password">Confirm Password</label>
-            </div>
-            
-            <button type="submit">Confirm</button>
-            {if isset="$error_password"}
-              <span><i>{$error_password/}</i></span> <br>
-            {/if}
- 
-        </fieldset>    
-    </form>
-</div>