Moved activation implementation into authentication api.
Improved core webapi, added registration link, support redirection. Use error webapi response, rather than `send_...` routines.
This commit is contained in:
Jocelyn Fiat
@@ -28,7 +28,7 @@ feature -- Token Generation
|
||||
-- Create activation token
|
||||
l_token := new_token
|
||||
l_user_api.new_activation (l_token, u.id)
|
||||
l_url_activate := cms_api.absolute_url ("/account/activate/" + l_token, void)
|
||||
l_url_activate := cms_api.absolute_url ("/account/activate/" + l_token, Void)
|
||||
l_url_reject := cms_api.absolute_url ("/account/reject/" + l_token, Void)
|
||||
-- Send Email to webmaster
|
||||
cms_api.log_debug ("registration", "send_register_email", Void)
|
||||
@@ -43,6 +43,47 @@ feature -- Token Generation
|
||||
cms_api.log ("registration", {STRING_32} "new user %"" + u.name + "%" <" + a_email + ">", {CMS_LOG}.level_info, Void)
|
||||
end
|
||||
|
||||
activate_user (a_temp_user: CMS_TEMP_USER; a_token: READABLE_STRING_GENERAL)
|
||||
require
|
||||
a_temp_user.has_id
|
||||
not a_temp_user.is_active
|
||||
local
|
||||
l_user_api: CMS_USER_API
|
||||
l_temp_id: INTEGER_64
|
||||
es: CMS_AUTHENTICATION_EMAIL_SERVICE
|
||||
do
|
||||
l_temp_id := a_temp_user.id
|
||||
|
||||
-- Valid user_id
|
||||
a_temp_user.set_id (0)
|
||||
a_temp_user.mark_active
|
||||
l_user_api := cms_api.user_api
|
||||
l_user_api.new_user_from_temp_user (a_temp_user)
|
||||
|
||||
if
|
||||
not l_user_api.has_error and then
|
||||
attached l_user_api.user_by_name (a_temp_user.name) as l_new_user
|
||||
then
|
||||
if attached a_temp_user.personal_information as l_perso_info then
|
||||
-- Keep personal information in profile item!
|
||||
l_user_api.save_user_profile_item (l_new_user, "personal_information", l_perso_info)
|
||||
end
|
||||
-- Delete temporal User
|
||||
a_temp_user.set_id (l_temp_id)
|
||||
l_user_api.delete_temp_user (a_temp_user)
|
||||
l_user_api.remove_activation (a_token)
|
||||
|
||||
-- Send Email
|
||||
if attached l_new_user.email as l_email then
|
||||
cms_api.log_debug ("activation", "send_contact_activation_confirmation_email", Void)
|
||||
create es.make (create {CMS_AUTHENTICATION_EMAIL_SERVICE_PARAMETERS}.make (cms_api))
|
||||
es.send_contact_activation_confirmation_email (l_email, l_new_user, cms_api.site_url)
|
||||
end
|
||||
else
|
||||
error_handler.add_custom_error (-1, "activation error", "Activation failed!")
|
||||
end
|
||||
end
|
||||
|
||||
new_token: STRING
|
||||
-- Generate a new token activation token
|
||||
local
|
||||
|
||||
@@ -520,48 +520,18 @@ feature -- Handler
|
||||
local
|
||||
r: CMS_RESPONSE
|
||||
l_user_api: CMS_USER_API
|
||||
l_ir: INTERNAL_SERVER_ERROR_CMS_RESPONSE
|
||||
es: CMS_AUTHENTICATION_EMAIL_SERVICE
|
||||
l_temp_id: INTEGER_64
|
||||
do
|
||||
if a_auth_api.cms_api.has_permission ("account activate") then
|
||||
l_user_api := a_auth_api.cms_api.user_api
|
||||
if attached {WSF_STRING} req.path_parameter ("token") as l_token then
|
||||
if attached {CMS_TEMP_USER} l_user_api.temp_user_by_activation_token (l_token.value) as l_temp_user then
|
||||
|
||||
-- TODO copy the personal information
|
||||
--! to CMS_USER_PROFILE and persist data
|
||||
--! check also CMS_USER.data_items
|
||||
|
||||
l_temp_id := l_temp_user.id
|
||||
|
||||
-- Valid user_id
|
||||
l_temp_user.set_id (0)
|
||||
l_temp_user.mark_active
|
||||
l_user_api.new_user_from_temp_user (l_temp_user)
|
||||
|
||||
|
||||
create {GENERIC_VIEW_CMS_RESPONSE} r.make (req, res, a_auth_api.cms_api)
|
||||
a_auth_api.activate_user (l_temp_user, l_token.value)
|
||||
if
|
||||
not l_user_api.has_error and then
|
||||
not a_auth_api.has_error and then
|
||||
attached l_user_api.user_by_name (l_temp_user.name) as l_new_user
|
||||
then
|
||||
if attached l_temp_user.personal_information as l_perso_info then
|
||||
-- Keep personal information in profile item!
|
||||
a_auth_api.cms_api.user_api.save_user_profile_item (l_new_user, "personal_information", l_perso_info)
|
||||
end
|
||||
-- Delete temporal User
|
||||
l_temp_user.set_id (l_temp_id)
|
||||
l_user_api.delete_temp_user (l_temp_user)
|
||||
l_user_api.remove_activation (l_token.value)
|
||||
|
||||
r.set_main_content ("<p> The account <i>" + a_auth_api.cms_api.user_html_link (l_new_user) + "</i> has been activated</p>")
|
||||
-- Send Email
|
||||
if attached l_new_user.email as l_email then
|
||||
create es.make (create {CMS_AUTHENTICATION_EMAIL_SERVICE_PARAMETERS}.make (a_auth_api.cms_api))
|
||||
write_debug_log (generator + ".handle register: send_contact_activation_confirmation_email")
|
||||
es.send_contact_activation_confirmation_email (l_email, l_new_user, req.absolute_script_url (""))
|
||||
end
|
||||
else
|
||||
-- Failure!!!
|
||||
r.set_status_code ({HTTP_CONSTANTS}.internal_server_error)
|
||||
@@ -578,8 +548,7 @@ feature -- Handler
|
||||
end
|
||||
r.execute
|
||||
else
|
||||
create l_ir.make (req, res, a_auth_api.cms_api)
|
||||
l_ir.execute
|
||||
(create {INTERNAL_SERVER_ERROR_CMS_RESPONSE}.make (req, res, a_auth_api.cms_api)).execute
|
||||
end
|
||||
else
|
||||
a_auth_api.cms_api.response_api.send_access_denied (Void, req, res)
|
||||
|
||||
@@ -32,14 +32,14 @@ feature -- Execution
|
||||
if req.is_post_request_method then
|
||||
register_user (req, res)
|
||||
else
|
||||
send_bad_request (Void, req, res)
|
||||
new_bad_request_error_response (Void, req, res).execute
|
||||
end
|
||||
end
|
||||
|
||||
register_user (req: WSF_REQUEST; res: WSF_RESPONSE)
|
||||
local
|
||||
f: CMS_FORM
|
||||
rep: like new_webapi_response
|
||||
rep: like new_response
|
||||
l_user_api: CMS_USER_API
|
||||
u: CMS_TEMP_USER
|
||||
l_exist: BOOLEAN
|
||||
@@ -60,7 +60,7 @@ feature -- Execution
|
||||
f.extend_text_field ("email", Void)
|
||||
f.extend_text_field ("personal_information", Void)
|
||||
|
||||
rep := new_webapi_response (req, res)
|
||||
rep := new_response (req, res)
|
||||
f.process (rep)
|
||||
if
|
||||
attached f.last_data as fd and then not fd.has_error and then
|
||||
@@ -83,7 +83,7 @@ feature -- Execution
|
||||
l_exist := True
|
||||
end
|
||||
if fd.has_error or l_exist then
|
||||
send_bad_request ("User name or email is already taken!", req, res)
|
||||
rep := new_bad_request_error_response ("User name or email is already taken!", req, res)
|
||||
else
|
||||
-- New temp user
|
||||
create u.make (l_name)
|
||||
@@ -92,20 +92,22 @@ feature -- Execution
|
||||
u.set_personal_information (l_personal_information)
|
||||
|
||||
auth_api.register_user (u, l_email, l_personal_information)
|
||||
-- Until it is activated, this is not a real user.
|
||||
-- add_user_links_to (u, rep)
|
||||
rep.add_string_field ("status", "succeed")
|
||||
rep.add_string_field ("information", "Waiting for activation")
|
||||
rep.add_self (req.percent_encoded_path_info)
|
||||
rep.execute
|
||||
end
|
||||
else
|
||||
send_bad_request ("Invalid email", req, res)
|
||||
rep := new_access_denied_error_response ("Invalid email", req, res)
|
||||
end
|
||||
else
|
||||
send_bad_request ("There were issue with your application, invalid or missing values.", req, res)
|
||||
rep := new_access_denied_error_response ("There were issue with your application, invalid or missing values.", req, res)
|
||||
end
|
||||
else
|
||||
send_access_denied ("You can also contact the webmaster to ask for an account.", req, res)
|
||||
rep := new_access_denied_error_response ("You can also contact the webmaster to ask for an account.", req, res)
|
||||
end
|
||||
rep.execute
|
||||
end
|
||||
|
||||
|
||||
|
||||
Reference in New Issue
Block a user