backup/ROC
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Moved activation implementation into authentication api.

Browse Source 
Improved core webapi, added registration link, support redirection.
Use error webapi response, rather than `send_...` routines.
This commit is contained in:
Jocelyn Fiat
2017-09-19 21:21:30 +02:00
parent e04138c89e
commit 9d7d43073d
13 changed files with 117 additions and 137 deletions
Download Patch File Download Diff File Expand all files Collapse all files

43
modules/auth/cms_authentication_api.e
View File

@@ -28,7 +28,7 @@ feature -- Token Generation
-- Create activation token
l_token := new_token
l_user_api.new_activation (l_token, u.id)
l_url_activate := cms_api.absolute_url ("/account/activate/" + l_token, void)
l_url_activate := cms_api.absolute_url ("/account/activate/" + l_token, Void)
l_url_reject := cms_api.absolute_url ("/account/reject/" + l_token, Void)
-- Send Email to webmaster
cms_api.log_debug ("registration", "send_register_email", Void)
@@ -43,6 +43,47 @@ feature -- Token Generation
cms_api.log ("registration", {STRING_32} "new user %"" + u.name + "%" <" + a_email + ">", {CMS_LOG}.level_info, Void)
end
activate_user (a_temp_user: CMS_TEMP_USER; a_token: READABLE_STRING_GENERAL)
require
a_temp_user.has_id
not a_temp_user.is_active
local
l_user_api: CMS_USER_API
l_temp_id: INTEGER_64
es: CMS_AUTHENTICATION_EMAIL_SERVICE
do
l_temp_id := a_temp_user.id
-- Valid user_id
a_temp_user.set_id (0)
a_temp_user.mark_active
l_user_api := cms_api.user_api
l_user_api.new_user_from_temp_user (a_temp_user)
if
not l_user_api.has_error and then
attached l_user_api.user_by_name (a_temp_user.name) as l_new_user
then
if attached a_temp_user.personal_information as l_perso_info then
-- Keep personal information in profile item!
l_user_api.save_user_profile_item (l_new_user, "personal_information", l_perso_info)
end
-- Delete temporal User
a_temp_user.set_id (l_temp_id)
l_user_api.delete_temp_user (a_temp_user)
l_user_api.remove_activation (a_token)
-- Send Email
if attached l_new_user.email as l_email then
cms_api.log_debug ("activation", "send_contact_activation_confirmation_email", Void)
create es.make (create {CMS_AUTHENTICATION_EMAIL_SERVICE_PARAMETERS}.make (cms_api))
es.send_contact_activation_confirmation_email (l_email, l_new_user, cms_api.site_url)
end
else
error_handler.add_custom_error (-1, "activation error", "Activation failed!")
end
end
new_token: STRING
-- Generate a new token activation token
local

37
modules/auth/cms_authentication_module.e
View File

@@ -520,48 +520,18 @@ feature -- Handler
local
r: CMS_RESPONSE
l_user_api: CMS_USER_API
l_ir: INTERNAL_SERVER_ERROR_CMS_RESPONSE
es: CMS_AUTHENTICATION_EMAIL_SERVICE
l_temp_id: INTEGER_64
do
if a_auth_api.cms_api.has_permission ("account activate") then
l_user_api := a_auth_api.cms_api.user_api
if attached {WSF_STRING} req.path_parameter ("token") as l_token then
if attached {CMS_TEMP_USER} l_user_api.temp_user_by_activation_token (l_token.value) as l_temp_user then
-- TODO copy the personal information
--! to CMS_USER_PROFILE and persist data
--! check also CMS_USER.data_items
l_temp_id := l_temp_user.id
-- Valid user_id
l_temp_user.set_id (0)
l_temp_user.mark_active
l_user_api.new_user_from_temp_user (l_temp_user)
create {GENERIC_VIEW_CMS_RESPONSE} r.make (req, res, a_auth_api.cms_api)
a_auth_api.activate_user (l_temp_user, l_token.value)
if
not l_user_api.has_error and then
not a_auth_api.has_error and then
attached l_user_api.user_by_name (l_temp_user.name) as l_new_user
then
if attached l_temp_user.personal_information as l_perso_info then
-- Keep personal information in profile item!
a_auth_api.cms_api.user_api.save_user_profile_item (l_new_user, "personal_information", l_perso_info)
end
-- Delete temporal User
l_temp_user.set_id (l_temp_id)
l_user_api.delete_temp_user (l_temp_user)
l_user_api.remove_activation (l_token.value)
r.set_main_content ("<p> The account <i>" + a_auth_api.cms_api.user_html_link (l_new_user) + "</i> has been activated</p>")
-- Send Email
if attached l_new_user.email as l_email then
create es.make (create {CMS_AUTHENTICATION_EMAIL_SERVICE_PARAMETERS}.make (a_auth_api.cms_api))
write_debug_log (generator + ".handle register: send_contact_activation_confirmation_email")
es.send_contact_activation_confirmation_email (l_email, l_new_user, req.absolute_script_url (""))
end
else
-- Failure!!!
r.set_status_code ({HTTP_CONSTANTS}.internal_server_error)
@@ -578,8 +548,7 @@ feature -- Handler
end
r.execute
else
create l_ir.make (req, res, a_auth_api.cms_api)
l_ir.execute
(create {INTERNAL_SERVER_ERROR_CMS_RESPONSE}.make (req, res, a_auth_api.cms_api)).execute
end
else
a_auth_api.cms_api.response_api.send_access_denied (Void, req, res)

18
modules/auth/cms_user_register_webapi_handler.e
View File

@@ -32,14 +32,14 @@ feature -- Execution
if req.is_post_request_method then
register_user (req, res)
else
send_bad_request (Void, req, res)
new_bad_request_error_response (Void, req, res).execute
end
end
register_user (req: WSF_REQUEST; res: WSF_RESPONSE)
local
f: CMS_FORM
rep: like new_webapi_response
rep: like new_response
l_user_api: CMS_USER_API
u: CMS_TEMP_USER
l_exist: BOOLEAN
@@ -60,7 +60,7 @@ feature -- Execution
f.extend_text_field ("email", Void)
f.extend_text_field ("personal_information", Void)
rep := new_webapi_response (req, res)
rep := new_response (req, res)
f.process (rep)
if
attached f.last_data as fd and then not fd.has_error and then
@@ -83,7 +83,7 @@ feature -- Execution
l_exist := True
end
if fd.has_error or l_exist then
send_bad_request ("User name or email is already taken!", req, res)
rep := new_bad_request_error_response ("User name or email is already taken!", req, res)
else
-- New temp user
create u.make (l_name)
@@ -92,20 +92,22 @@ feature -- Execution
u.set_personal_information (l_personal_information)
auth_api.register_user (u, l_email, l_personal_information)
-- Until it is activated, this is not a real user.
-- add_user_links_to (u, rep)
rep.add_string_field ("status", "succeed")
rep.add_string_field ("information", "Waiting for activation")
rep.add_self (req.percent_encoded_path_info)
rep.execute
end
else
send_bad_request ("Invalid email", req, res)
rep := new_access_denied_error_response ("Invalid email", req, res)
end
else
send_bad_request ("There were issue with your application, invalid or missing values.", req, res)
rep := new_access_denied_error_response ("There were issue with your application, invalid or missing values.", req, res)
end
else
send_access_denied ("You can also contact the webmaster to ask for an account.", req, res)
rep := new_access_denied_error_response ("You can also contact the webmaster to ask for an account.", req, res)
end
rep.execute
end

2
src/modules/core/cms_user_api.e
View File

@@ -575,7 +575,7 @@ feature -- Change Temp User
end
end
remove_activation (a_token: READABLE_STRING_32)
remove_activation (a_token: READABLE_STRING_GENERAL)
-- Remove activation token `a_token', from the user_storage.
do
user_storage.remove_activation (a_token)

2
src/modules/core/persistence/user/cms_user_storage_i.e
View File

@@ -265,7 +265,7 @@ feature -- New Temp User
deferred
end
remove_activation (a_token: READABLE_STRING_32)
remove_activation (a_token: READABLE_STRING_GENERAL)
-- Remove activation by token `a_token'.
deferred
end

2
src/modules/core/persistence/user/cms_user_storage_null.e
View File

@@ -191,7 +191,7 @@ feature -- Temp Users
end
remove_activation (a_token: READABLE_STRING_32)
remove_activation (a_token: READABLE_STRING_GENERAL)
-- <Precursor>.
do
end

2
src/modules/core/persistence/user/cms_user_storage_sql_i.e
View File

@@ -1312,7 +1312,7 @@ feature -- New Temp User
feature -- Remove Activation
remove_activation (a_token: READABLE_STRING_32)
remove_activation (a_token: READABLE_STRING_GENERAL)
-- <Precursor>.
local
l_parameters: STRING_TABLE [detachable ANY]

30
src/modules/core/webapi/cms_access_token_webapi_handler.e
View File

@@ -28,10 +28,10 @@ feature -- Execution
elseif req.is_get_request_method then
get_access_token (l_uid, req, res)
else
send_bad_request (Void, req, res)
new_bad_request_error_response (Void, req, res).execute
end
else
send_bad_request ("Missing {uid} parameter", req, res)
new_bad_request_error_response ("Missing {uid} parameter", req, res).execute
end
end
@@ -52,28 +52,28 @@ feature -- Request execution
if attached user_by_uid (a_uid) as l_user then
if attached api.user as u then
if u.same_as (l_user) or api.user_api.is_admin_user (u) then
rep := new_access_token_webapi_response (l_user, user_access_token (l_user), req, res)
rep := new_access_token_response (l_user, user_access_token (l_user), req, res)
if attached {WSF_STRING} req.item ("destination") as dest then
rep.set_redirection (dest.url_encoded_value)
end
rep.execute
else
-- Only admin, or current user can see its access_token!
send_access_denied (Void, req, res)
rep := new_access_denied_error_response (Void, req, res)
end
else
send_access_denied (Void, req, res)
rep := new_access_denied_error_response (Void, req, res)
end
else
send_not_found ("User not found", req, res)
rep := new_not_found_error_response ("User not found", req, res)
end
rep.execute
end
post_access_token (a_uid: READABLE_STRING_GENERAL; req: WSF_REQUEST; res: WSF_RESPONSE)
-- Execute handler for `req' and respond in `res'.
local
l_access_token: detachable READABLE_STRING_32
rep: like new_webapi_response
rep: like new_response
do
if attached user_by_uid (a_uid) as l_user then
if attached api.user as u then
@@ -91,21 +91,21 @@ feature -- Request execution
-- end
set_user_access_token (l_user, l_access_token)
rep := new_access_token_webapi_response (l_user, l_access_token, req, res)
rep := new_access_token_response (l_user, l_access_token, req, res)
if attached {WSF_STRING} req.item ("destination") as dest then
rep.set_redirection (dest.url_encoded_value)
end
rep.execute
else
-- Only admin, or current user can create the user access_token!
send_access_denied (Void, req, res)
rep := new_access_denied_error_response (Void, req, res)
end
else
send_access_denied (Void, req, res)
rep := new_access_denied_error_response (Void, req, res)
end
else
send_not_found ("User not found", req, res)
rep := new_not_found_error_response ("User not found", req, res)
end
rep.execute
end
feature {NONE} -- Implementation
@@ -128,11 +128,11 @@ feature {NONE} -- Implementation
api.user_api.save_user_profile_item (a_user, "access_token", a_access_token)
end
new_access_token_webapi_response (a_user: CMS_USER; a_access_token: detachable READABLE_STRING_GENERAL; req: WSF_REQUEST; res: WSF_RESPONSE): like new_webapi_response
new_access_token_response (a_user: CMS_USER; a_access_token: detachable READABLE_STRING_GENERAL; req: WSF_REQUEST; res: WSF_RESPONSE): like new_response
local
tb: STRING_TABLE [detachable ANY]
do
Result := new_webapi_response (req, res)
Result := new_response (req, res)
if a_access_token /= Void then
Result.add_string_field ("access_token", a_access_token)
else

4
src/modules/core/webapi/cms_root_webapi_handler.e
View File

@@ -21,10 +21,12 @@ feature -- Execution
local
rep: HM_WEBAPI_RESPONSE
do
rep := new_webapi_response (req, res)
rep := new_response (req, res)
rep.add_string_field ("site_name", api.setup.site_name)
if attached api.user as u then
add_user_links_to (u, rep)
elseif api.has_permission ("account register") then
rep.add_link ("register", Void, api.webapi_path ("/account/register"))
end
rep.add_self (req.percent_encoded_path_info)
rep.execute

46
src/modules/core/webapi/cms_user_webapi_handler.e
View File

@@ -24,7 +24,7 @@ feature -- Execution
-- elseif req.is_post_request_method then
-- execute_post (req, res)
else
send_bad_request (Void, req, res)
new_bad_request_error_response (Void, req, res).execute
end
end
@@ -46,7 +46,7 @@ feature -- Execution
-- end
if l_user /= Void then
if l_user.same_as (u) or api.has_permissions (<<"admin users", "view users">>) then
rep := new_webapi_response (req, res)
rep := new_response (req, res)
rep.add_string_field ("uid", l_user.id.out)
rep.add_string_field ("name", l_user.name)
if attached l_user.email as l_email then
@@ -66,56 +66,24 @@ feature -- Execution
end
add_user_links_to (l_user, rep)
else
rep := new_wepapi_error_response ("denied", req, res)
rep := new_error_response ("denied", req, res)
rep.set_status_code ({HTTP_STATUS_CODE}.user_access_denied)
end
else
rep := new_wepapi_error_response ("Not found", req, res)
rep := new_error_response ("Not found", req, res)
rep.set_status_code ({HTTP_STATUS_CODE}.not_found)
end
else
rep := new_wepapi_error_response ("Bad request", req, res)
rep := new_error_response ("Bad request", req, res)
rep.set_status_code ({HTTP_STATUS_CODE}.bad_request)
end
rep.execute
else
-- FIXME: use specific Web API response!
send_access_denied (Void, req, res)
rep := new_access_denied_error_response (Void, req, res)
end
rep.execute
end
-- execute_post (req: WSF_REQUEST; res: WSF_RESPONSE)
-- -- Execute handler for `req' and respond in `res'.
-- local
-- rep: HM_WEBAPI_RESPONSE
-- l_user: detachable CMS_USER
-- do
-- if attached api.user as u and then api.has_permission ("admin users") then
-- if attached {WSF_STRING} req.path_parameter ("uid") as p_uid then
-- if p_uid.is_integer then
-- l_user := api.user_api.user_by_id (p_uid.integer_value)
-- else
-- l_user := api.user_api.user_by_name (p_uid.value)
-- end
---- if l_user = Void and p_uid.is_case_insensitive_equal ("me") then
---- l_user := u
---- end
-- if l_user /= Void then
-- else
-- rep := new_wepapi_error_response ("Not found", req, res)
-- rep.set_status_code ({HTTP_STATUS_CODE}.not_found)
-- end
-- else
-- rep := new_wepapi_error_response ("Bad request", req, res)
-- rep.set_status_code ({HTTP_STATUS_CODE}.bad_request)
-- end
-- rep.execute
-- else
-- -- FIXME: use specific Web API response!
-- send_access_denied (Void, req, res)
-- end
-- end
note
copyright: "2011-2017, Jocelyn Fiat, Javier Velilla, Eiffel Software and others"

16
src/modules/core/webapi/cms_users_webapi_handler.e
View File

@@ -24,7 +24,7 @@ feature -- Execution
elseif req.is_post_request_method then
execute_post (req, res)
else
send_bad_request (Void, req, res)
new_bad_request_error_response (Void, req, res).execute
end
end
@@ -43,7 +43,7 @@ feature -- Execution
if attached req.query_parameter ("full") as p and then p.is_case_insensitive_equal ("yes") then
l_full := True
end
rep := new_webapi_response (req, res)
rep := new_response (req, res)
nb := api.user_api.users_count
rep.add_integer_64_field ("users_count", nb)
create l_params.make (0, nb.to_natural_32)
@@ -77,10 +77,10 @@ feature -- Execution
end
rep.add_iterator_field ("users", arr)
rep.add_self (req.percent_encoded_path_info)
rep.execute
else
send_access_denied (Void, req, res)
rep := new_access_denied_error_response (Void, req, res)
end
rep.execute
end
execute_post (req: WSF_REQUEST; res: WSF_RESPONSE)
@@ -155,17 +155,17 @@ feature -- Execution
end
end
if l_user = Void or else err /= Void then
rep := new_wepapi_error_response (err, req, res)
rep := new_error_response (err, req, res)
else
rep := new_webapi_response (req, res)
rep := new_response (req, res)
rep.add_string_field ("uid", l_user.id.out)
add_user_links_to (l_user, rep)
end
rep.add_self (req.percent_encoded_path_info)
rep.execute
else
send_access_denied (Void, req, res)
rep := new_access_denied_error_response (Void, req, res)
end
rep.execute
end

5
src/service/response/json_webapi_response.e
View File

@@ -127,6 +127,11 @@ feature -- Execution
m: WSF_PAGE_RESPONSE
do
create m.make_with_body (resource.representation)
m.set_status_code (status_code)
if attached redirection as loc then
m.header.put_location (loc)
m.set_status_code ({HTTP_STATUS_CODE}.temp_redirect)
end
m.header.put_content_type ("application/json")
response.send (m)
end

47
src/service/webapi/cms_webapi_handler.e
View File

@@ -32,59 +32,52 @@ feature -- API Service
feature -- Factory
new_webapi_response (req: WSF_REQUEST; res: WSF_RESPONSE): HM_WEBAPI_RESPONSE
new_response (req: WSF_REQUEST; res: WSF_RESPONSE): HM_WEBAPI_RESPONSE
do
-- create {MD_WEBAPI_RESPONSE} Result.make (req, res, api)
create {JSON_WEBAPI_RESPONSE} Result.make (req, res, api)
end
new_wepapi_error_response (msg: detachable READABLE_STRING_GENERAL; req: WSF_REQUEST; res: WSF_RESPONSE): HM_WEBAPI_RESPONSE
new_error_response (msg: detachable READABLE_STRING_GENERAL; req: WSF_REQUEST; res: WSF_RESPONSE): like new_response
do
Result := new_webapi_response (req, res)
Result := new_response (req, res)
Result.set_status_code ({HTTP_STATUS_CODE}.bad_request)
if msg /= Void then
Result.add_string_field ("error", msg)
else
Result.add_string_field ("error", "True")
end
Result.add_self (req.request_uri)
end
send_not_found (m: detachable READABLE_STRING_GENERAL; req: WSF_REQUEST; res: WSF_RESPONSE)
local
rep: HM_WEBAPI_RESPONSE
new_not_found_error_response (m: detachable READABLE_STRING_GENERAL; req: WSF_REQUEST; res: WSF_RESPONSE): like new_response
do
if m /= Void then
rep := new_wepapi_error_response (m, req, res)
if m = Void then
Result := new_error_response ("Not Found", req, res)
else
rep := new_wepapi_error_response ("Not found", req, res)
Result := new_error_response (m, req, res)
end
rep.set_status_code ({HTTP_STATUS_CODE}.not_found)
rep.execute
Result.set_status_code ({HTTP_STATUS_CODE}.not_found)
end
send_access_denied (m: detachable READABLE_STRING_GENERAL; req: WSF_REQUEST; res: WSF_RESPONSE)
local
rep: HM_WEBAPI_RESPONSE
new_access_denied_error_response (m: detachable READABLE_STRING_GENERAL; req: WSF_REQUEST; res: WSF_RESPONSE): like new_response
do
if m /= Void then
rep := new_wepapi_error_response (m, req, res)
if m = Void then
Result := new_error_response ("Access denied", req, res)
else
rep := new_wepapi_error_response ("Access denied", req, res)
Result := new_error_response (m, req, res)
end
rep.set_status_code ({HTTP_STATUS_CODE}.user_access_denied)
rep.execute
Result.set_status_code ({HTTP_STATUS_CODE}.user_access_denied)
end
send_bad_request (m: detachable READABLE_STRING_GENERAL; req: WSF_REQUEST; res: WSF_RESPONSE)
local
rep: HM_WEBAPI_RESPONSE
new_bad_request_error_response (m: detachable READABLE_STRING_GENERAL; req: WSF_REQUEST; res: WSF_RESPONSE): like new_response
do
if m /= Void then
rep := new_wepapi_error_response (m, req, res)
if m = Void then
Result := new_error_response ("Bad request", req, res)
else
rep := new_wepapi_error_response ("Bad request", req, res)
Result := new_error_response (m, req, res)
end
rep.set_status_code ({HTTP_STATUS_CODE}.bad_request)
rep.execute
Result.set_status_code ({HTTP_STATUS_CODE}.bad_request)
end
feature {NONE} -- Builder