Moved src/modules under modules cluster.

modules/basic_auth/basic_auth_module.e

@@ -0,0 +1,124 @@
+note
+	description: "[
+			This module allows the use of HTTP Basic Authentication to restrict access
+			by looking up users in the given providers.
+		]"
+	date: "$Date: 2015-02-09 22:29:56 +0100 (lun., 09 févr. 2015) $"
+	revision: "$Revision: 96596 $"
+
+class
+	BASIC_AUTH_MODULE
+
+inherit
+	CMS_MODULE
+		redefine
+			filters,
+			register_hooks
+		end
+
+	CMS_HOOK_AUTO_REGISTER
+
+	CMS_HOOK_BLOCK
+
+	CMS_HOOK_MENU_SYSTEM_ALTER
+
+create
+	make
+
+feature {NONE} -- Initialization
+
+	make
+		do
+			name := "basic auth"
+			version := "1.0"
+			description := "Service to manage basic authentication"
+			package := "core"
+		end
+
+feature -- Access: router
+
+	router (a_api: CMS_API): WSF_ROUTER
+			-- Node router.
+		do
+			create Result.make (2)
+			configure_api_login (a_api, Result)
+			configure_api_logoff (a_api, Result)
+		end
+
+feature -- Access: filter
+
+	filters (a_api: CMS_API): detachable LIST [WSF_FILTER]
+			-- Possibly list of Filter's module.
+		do
+			create {ARRAYED_LIST [WSF_FILTER]} Result.make (2)
+			Result.extend (create {CORS_FILTER})
+			Result.extend (create {BASIC_AUTH_FILTER}.make (a_api))
+		end
+
+feature {NONE} -- Implementation: routes
+
+	configure_api_login (api: CMS_API; a_router: WSF_ROUTER)
+		local
+			l_bal_handler: BASIC_AUTH_LOGIN_HANDLER
+			l_methods: WSF_REQUEST_METHODS
+		do
+			create l_bal_handler.make (api)
+			create l_methods
+			l_methods.enable_get
+			a_router.handle_with_request_methods ("/basic_auth_login", l_bal_handler, l_methods)
+		end
+
+	configure_api_logoff (api: CMS_API; a_router: WSF_ROUTER)
+		local
+			l_bal_handler: BASIC_AUTH_LOGOFF_HANDLER
+			l_methods: WSF_REQUEST_METHODS
+		do
+			create l_bal_handler.make (api)
+			create l_methods
+			l_methods.enable_get
+			a_router.handle_with_request_methods ("/basic_auth_logoff", l_bal_handler, l_methods)
+		end
+
+feature -- Hooks configuration
+
+	register_hooks (a_response: CMS_RESPONSE)
+			-- Module hooks configuration.
+		do
+--			a_response.subscribe_to_block_hook (Current)
+		end
+
+feature -- Hooks
+
+	block_list: ITERABLE [like {CMS_BLOCK}.name]
+			-- List of block names, managed by current object.
+		do
+			Result := <<"basic_auth_login_form">>
+		end
+
+	get_block_view (a_block_id: READABLE_STRING_8; a_response: CMS_RESPONSE)
+			-- Get block object identified by `a_block_id' and associate with `a_response'.
+		do
+			if a_block_id.same_string ("basic_auth_login_form") then
+
+			end
+		end
+
+	menu_system_alter (a_menu_system: CMS_MENU_SYSTEM; a_response: CMS_RESPONSE)
+			-- Hook execution on collection of menu contained by `a_menu_system'
+			-- for related response `a_response'.
+		local
+			lnk: CMS_LOCAL_LINK
+		do
+			if attached a_response.current_user (a_response.request) as u then
+				create lnk.make (u.name +  " (Logout)", "/basic_auth_logoff?destination=" + a_response.request.request_uri)
+			else
+				create lnk.make ("Login", "/basic_auth_login?destination=" + a_response.request.request_uri)
+			end
+--			if not a_menu_system.primary_menu.has (lnk) then
+				lnk.set_weight (99)
+				a_menu_system.primary_menu.extend (lnk)
+--			end
+		end
+
+
+end

modules/basic_auth/filter/basic_auth_filter.e

@@ -0,0 +1,60 @@
+note
+	description: "[
+		Processes a HTTP request's BASIC authorization headers, putting the result into the execution variable user.
+		]"
+	date: "$Date: 2015-02-13 13:08:13 +0100 (ven., 13 févr. 2015) $"
+	revision: "$Revision: 96616 $"
+
+class
+	BASIC_AUTH_FILTER
+
+inherit
+	WSF_URI_TEMPLATE_HANDLER
+	CMS_HANDLER
+	WSF_FILTER
+
+create
+	make
+
+feature -- Basic operations
+
+	execute (req: WSF_REQUEST; res: WSF_RESPONSE)
+			-- Execute the filter.
+		local
+			l_auth: HTTP_AUTHORIZATION
+		do
+			api.logger.put_debug (generator + ".execute ", Void)
+			create l_auth.make (req.http_authorization)
+			if attached req.raw_header_data as l_raw_data then
+			   api.logger.put_debug (generator + ".execute " + l_raw_data, Void)
+			end
+				-- A valid user
+			if
+				(attached l_auth.type as l_auth_type and then l_auth_type.is_case_insensitive_equal_general ("basic")) and then
+				attached l_auth.login as l_auth_login and then attached l_auth.password as l_auth_password
+			then
+				if api.user_api.is_valid_credential (l_auth_login, l_auth_password) then
+					if attached api.user_api.user_by_name (l_auth_login) as l_user then
+						debug ("refactor_fixme")
+							fixme ("Maybe we need to store in the credentials in a shared context SECURITY_CONTEXT")
+							-- req.set_execution_variable ("security_content", create SECURITY_CONTEXT.make (l_user))
+							-- other authentication filters (OpenID, etc) should implement the same approach.
+						end
+						set_current_user (req, l_user)
+						execute_next (req, res)
+					else
+						debug ("refactor_fixme")
+							to_implement ("Internal server error")
+						end
+					end
+				else
+					api.logger.put_error (generator + ".execute login_valid failed for: " + l_auth_login, Void)
+					execute_next (req, res)
+				end
+			else
+				api.logger.put_debug (generator + ".execute without authentication", Void)
+				execute_next (req, res)
+			end
+		end
+
+end

modules/basic_auth/filter/cors_filter.e

@@ -0,0 +1,28 @@
+note
+	description: "CORS filter"
+	date: "$Date: 2014-11-13 16:23:47 +0100 (jeu., 13 nov. 2014) $"
+	revision: "$Revision: 96085 $"
+
+class
+	CORS_FILTER
+
+inherit
+
+	WSF_FILTER
+
+feature -- Basic operations
+
+	execute (req: WSF_REQUEST; res: WSF_RESPONSE)
+			-- Execute the filter.
+		local
+			l_header: HTTP_HEADER
+		do
+			create l_header.make
+--			l_header.add_header_key_value ("Access-Control-Allow-Origin", "localhost")
+			l_header.add_header_key_value ("Access-Control-Allow-Headers", "*")
+			l_header.add_header_key_value ("Access-Control-Allow-Methods", "*")
+			l_header.add_header_key_value ("Access-Control-Allow-Credentials", "true")
+			res.put_header_lines (l_header)
+			execute_next (req, res)
+		end
+end

modules/basic_auth/handler/basic_auth_login_handler.e

@@ -0,0 +1,70 @@
+note
+	description: "Summary description for {BASIC_AUTH_LOGIN_HANDLER}."
+	date: "$Date: 2015-02-13 13:08:13 +0100 (ven., 13 févr. 2015) $"
+	revision: "$Revision: 96616 $"
+
+class
+	BASIC_AUTH_LOGIN_HANDLER
+
+inherit
+	CMS_HANDLER
+
+	WSF_URI_HANDLER
+		rename
+			execute as uri_execute,
+			new_mapping as new_uri_mapping
+		end
+
+	WSF_FILTER
+
+
+	WSF_RESOURCE_HANDLER_HELPER
+		redefine
+			do_get
+		end
+
+	REFACTORING_HELPER
+
+create
+	make
+
+feature -- execute
+
+	execute (req: WSF_REQUEST; res: WSF_RESPONSE)
+			-- Execute request handler.
+		do
+			execute_methods (req, res)
+			execute_next (req, res)
+		end
+
+	uri_execute (req: WSF_REQUEST; res: WSF_RESPONSE)
+			-- Execute request handler.
+		do
+			execute_methods (req, res)
+		end
+
+feature -- HTTP Methods
+
+	do_get (req: WSF_REQUEST; res: WSF_RESPONSE)
+			-- <Precursor>
+		do
+			api.logger.put_information (generator + ".do_get Processing basic auth login", Void)
+			if attached {STRING_32} current_user_name (req) as l_user then
+				if attached {WSF_STRING} req.query_parameter ("destination") as l_uri then
+					 redirect_to (req.absolute_script_url (l_uri.url_encoded_value), res)
+				else
+					redirect_to (req.absolute_script_url ("/"), res)
+				end
+			else
+				send_basic_authentication_challenge (Void, res)
+			end
+		end
+
+feature -- Helpers
+
+	send_basic_authentication_challenge (a_realm: detachable READABLE_STRING_8; res: WSF_RESPONSE)
+		do
+			res.send (create {CMS_UNAUTHORIZED_RESPONSE_MESSAGE}.make_with_basic_auth_challenge (a_realm))
+		end
+
+end

modules/basic_auth/handler/basic_auth_logoff_handler.e

@@ -0,0 +1,75 @@
+note
+	description: "Summary description for {BASIC_AUTH_LOGOFF_HANDLER}."
+	date: "$Date: 2015-02-13 13:08:13 +0100 (ven., 13 févr. 2015) $"
+	revision: "$Revision: 96616 $"
+
+class
+	BASIC_AUTH_LOGOFF_HANDLER
+
+inherit
+	CMS_HANDLER
+
+	WSF_URI_HANDLER
+		rename
+			execute as uri_execute,
+			new_mapping as new_uri_mapping
+		end
+
+	WSF_RESOURCE_HANDLER_HELPER
+		redefine
+			do_get
+		end
+
+	REFACTORING_HELPER
+
+create
+	make
+
+feature -- execute
+
+	execute (req: WSF_REQUEST; res: WSF_RESPONSE)
+			-- Execute request handler.
+		do
+			execute_methods (req, res)
+		end
+
+	uri_execute (req: WSF_REQUEST; res: WSF_RESPONSE)
+			-- Execute request handler.
+		do
+			execute_methods (req, res)
+		end
+
+feature -- HTTP Methods
+
+	do_get (req: WSF_REQUEST; res: WSF_RESPONSE)
+			-- <Precursor>
+		local
+			l_page: CMS_RESPONSE
+			l_url: STRING
+			i: INTEGER
+		do
+			api.logger.put_information (generator + ".do_get Processing basic auth logoff", Void)
+			if attached req.query_parameter ("prompt") as l_prompt then
+				unset_current_user (req)
+				send_access_denied_message (res)
+			else
+				create {GENERIC_VIEW_CMS_RESPONSE} l_page.make (req, res, api)
+				unset_current_user (req)
+				l_page.set_status_code ({HTTP_STATUS_CODE}.found) -- Note: can not use {HTTP_STATUS_CODE}.unauthorized for redirection
+				if attached {WSF_STRING} req.query_parameter ("destination") as l_uri then
+					l_url := req.absolute_script_url (l_uri.url_encoded_value)
+				else
+					l_url := req.absolute_script_url ("")
+				end
+				i := l_url.substring_index ("://", 1)
+				if i > 0 then
+						-- Note: this is a hack to have the logout effective on various browser
+						-- (firefox requires this).
+					l_url.replace_substring ("://_logout_basic_auth_@", i, i + 2)
+				end
+				l_page.set_redirection (l_url)
+				l_page.execute
+			end
+		end
+
+end