Moved activation implementation into authentication api.
Improved core webapi, added registration link, support redirection. Use error webapi response, rather than `send_...` routines.
This commit is contained in:
Jocelyn Fiat
@@ -575,7 +575,7 @@ feature -- Change Temp User
|
||||
end
|
||||
end
|
||||
|
||||
remove_activation (a_token: READABLE_STRING_32)
|
||||
remove_activation (a_token: READABLE_STRING_GENERAL)
|
||||
-- Remove activation token `a_token', from the user_storage.
|
||||
do
|
||||
user_storage.remove_activation (a_token)
|
||||
|
||||
@@ -265,7 +265,7 @@ feature -- New Temp User
|
||||
deferred
|
||||
end
|
||||
|
||||
remove_activation (a_token: READABLE_STRING_32)
|
||||
remove_activation (a_token: READABLE_STRING_GENERAL)
|
||||
-- Remove activation by token `a_token'.
|
||||
deferred
|
||||
end
|
||||
|
||||
@@ -191,7 +191,7 @@ feature -- Temp Users
|
||||
end
|
||||
|
||||
|
||||
remove_activation (a_token: READABLE_STRING_32)
|
||||
remove_activation (a_token: READABLE_STRING_GENERAL)
|
||||
-- <Precursor>.
|
||||
do
|
||||
end
|
||||
|
||||
@@ -1312,7 +1312,7 @@ feature -- New Temp User
|
||||
|
||||
feature -- Remove Activation
|
||||
|
||||
remove_activation (a_token: READABLE_STRING_32)
|
||||
remove_activation (a_token: READABLE_STRING_GENERAL)
|
||||
-- <Precursor>.
|
||||
local
|
||||
l_parameters: STRING_TABLE [detachable ANY]
|
||||
|
||||
@@ -28,10 +28,10 @@ feature -- Execution
|
||||
elseif req.is_get_request_method then
|
||||
get_access_token (l_uid, req, res)
|
||||
else
|
||||
send_bad_request (Void, req, res)
|
||||
new_bad_request_error_response (Void, req, res).execute
|
||||
end
|
||||
else
|
||||
send_bad_request ("Missing {uid} parameter", req, res)
|
||||
new_bad_request_error_response ("Missing {uid} parameter", req, res).execute
|
||||
end
|
||||
end
|
||||
|
||||
@@ -52,28 +52,28 @@ feature -- Request execution
|
||||
if attached user_by_uid (a_uid) as l_user then
|
||||
if attached api.user as u then
|
||||
if u.same_as (l_user) or api.user_api.is_admin_user (u) then
|
||||
rep := new_access_token_webapi_response (l_user, user_access_token (l_user), req, res)
|
||||
rep := new_access_token_response (l_user, user_access_token (l_user), req, res)
|
||||
if attached {WSF_STRING} req.item ("destination") as dest then
|
||||
rep.set_redirection (dest.url_encoded_value)
|
||||
end
|
||||
rep.execute
|
||||
else
|
||||
-- Only admin, or current user can see its access_token!
|
||||
send_access_denied (Void, req, res)
|
||||
rep := new_access_denied_error_response (Void, req, res)
|
||||
end
|
||||
else
|
||||
send_access_denied (Void, req, res)
|
||||
rep := new_access_denied_error_response (Void, req, res)
|
||||
end
|
||||
else
|
||||
send_not_found ("User not found", req, res)
|
||||
rep := new_not_found_error_response ("User not found", req, res)
|
||||
end
|
||||
rep.execute
|
||||
end
|
||||
|
||||
post_access_token (a_uid: READABLE_STRING_GENERAL; req: WSF_REQUEST; res: WSF_RESPONSE)
|
||||
-- Execute handler for `req' and respond in `res'.
|
||||
local
|
||||
l_access_token: detachable READABLE_STRING_32
|
||||
rep: like new_webapi_response
|
||||
rep: like new_response
|
||||
do
|
||||
if attached user_by_uid (a_uid) as l_user then
|
||||
if attached api.user as u then
|
||||
@@ -91,21 +91,21 @@ feature -- Request execution
|
||||
-- end
|
||||
set_user_access_token (l_user, l_access_token)
|
||||
|
||||
rep := new_access_token_webapi_response (l_user, l_access_token, req, res)
|
||||
rep := new_access_token_response (l_user, l_access_token, req, res)
|
||||
if attached {WSF_STRING} req.item ("destination") as dest then
|
||||
rep.set_redirection (dest.url_encoded_value)
|
||||
end
|
||||
rep.execute
|
||||
else
|
||||
-- Only admin, or current user can create the user access_token!
|
||||
send_access_denied (Void, req, res)
|
||||
rep := new_access_denied_error_response (Void, req, res)
|
||||
end
|
||||
else
|
||||
send_access_denied (Void, req, res)
|
||||
rep := new_access_denied_error_response (Void, req, res)
|
||||
end
|
||||
else
|
||||
send_not_found ("User not found", req, res)
|
||||
rep := new_not_found_error_response ("User not found", req, res)
|
||||
end
|
||||
rep.execute
|
||||
end
|
||||
|
||||
feature {NONE} -- Implementation
|
||||
@@ -128,11 +128,11 @@ feature {NONE} -- Implementation
|
||||
api.user_api.save_user_profile_item (a_user, "access_token", a_access_token)
|
||||
end
|
||||
|
||||
new_access_token_webapi_response (a_user: CMS_USER; a_access_token: detachable READABLE_STRING_GENERAL; req: WSF_REQUEST; res: WSF_RESPONSE): like new_webapi_response
|
||||
new_access_token_response (a_user: CMS_USER; a_access_token: detachable READABLE_STRING_GENERAL; req: WSF_REQUEST; res: WSF_RESPONSE): like new_response
|
||||
local
|
||||
tb: STRING_TABLE [detachable ANY]
|
||||
do
|
||||
Result := new_webapi_response (req, res)
|
||||
Result := new_response (req, res)
|
||||
if a_access_token /= Void then
|
||||
Result.add_string_field ("access_token", a_access_token)
|
||||
else
|
||||
|
||||
@@ -21,10 +21,12 @@ feature -- Execution
|
||||
local
|
||||
rep: HM_WEBAPI_RESPONSE
|
||||
do
|
||||
rep := new_webapi_response (req, res)
|
||||
rep := new_response (req, res)
|
||||
rep.add_string_field ("site_name", api.setup.site_name)
|
||||
if attached api.user as u then
|
||||
add_user_links_to (u, rep)
|
||||
elseif api.has_permission ("account register") then
|
||||
rep.add_link ("register", Void, api.webapi_path ("/account/register"))
|
||||
end
|
||||
rep.add_self (req.percent_encoded_path_info)
|
||||
rep.execute
|
||||
|
||||
@@ -24,7 +24,7 @@ feature -- Execution
|
||||
-- elseif req.is_post_request_method then
|
||||
-- execute_post (req, res)
|
||||
else
|
||||
send_bad_request (Void, req, res)
|
||||
new_bad_request_error_response (Void, req, res).execute
|
||||
end
|
||||
end
|
||||
|
||||
@@ -46,7 +46,7 @@ feature -- Execution
|
||||
-- end
|
||||
if l_user /= Void then
|
||||
if l_user.same_as (u) or api.has_permissions (<<"admin users", "view users">>) then
|
||||
rep := new_webapi_response (req, res)
|
||||
rep := new_response (req, res)
|
||||
rep.add_string_field ("uid", l_user.id.out)
|
||||
rep.add_string_field ("name", l_user.name)
|
||||
if attached l_user.email as l_email then
|
||||
@@ -66,56 +66,24 @@ feature -- Execution
|
||||
end
|
||||
add_user_links_to (l_user, rep)
|
||||
else
|
||||
rep := new_wepapi_error_response ("denied", req, res)
|
||||
rep := new_error_response ("denied", req, res)
|
||||
rep.set_status_code ({HTTP_STATUS_CODE}.user_access_denied)
|
||||
end
|
||||
else
|
||||
rep := new_wepapi_error_response ("Not found", req, res)
|
||||
rep := new_error_response ("Not found", req, res)
|
||||
rep.set_status_code ({HTTP_STATUS_CODE}.not_found)
|
||||
end
|
||||
else
|
||||
rep := new_wepapi_error_response ("Bad request", req, res)
|
||||
rep := new_error_response ("Bad request", req, res)
|
||||
rep.set_status_code ({HTTP_STATUS_CODE}.bad_request)
|
||||
end
|
||||
rep.execute
|
||||
else
|
||||
-- FIXME: use specific Web API response!
|
||||
send_access_denied (Void, req, res)
|
||||
rep := new_access_denied_error_response (Void, req, res)
|
||||
end
|
||||
rep.execute
|
||||
end
|
||||
|
||||
-- execute_post (req: WSF_REQUEST; res: WSF_RESPONSE)
|
||||
-- -- Execute handler for `req' and respond in `res'.
|
||||
-- local
|
||||
-- rep: HM_WEBAPI_RESPONSE
|
||||
-- l_user: detachable CMS_USER
|
||||
-- do
|
||||
-- if attached api.user as u and then api.has_permission ("admin users") then
|
||||
-- if attached {WSF_STRING} req.path_parameter ("uid") as p_uid then
|
||||
-- if p_uid.is_integer then
|
||||
-- l_user := api.user_api.user_by_id (p_uid.integer_value)
|
||||
-- else
|
||||
-- l_user := api.user_api.user_by_name (p_uid.value)
|
||||
-- end
|
||||
---- if l_user = Void and p_uid.is_case_insensitive_equal ("me") then
|
||||
---- l_user := u
|
||||
---- end
|
||||
-- if l_user /= Void then
|
||||
-- else
|
||||
-- rep := new_wepapi_error_response ("Not found", req, res)
|
||||
-- rep.set_status_code ({HTTP_STATUS_CODE}.not_found)
|
||||
-- end
|
||||
-- else
|
||||
-- rep := new_wepapi_error_response ("Bad request", req, res)
|
||||
-- rep.set_status_code ({HTTP_STATUS_CODE}.bad_request)
|
||||
-- end
|
||||
-- rep.execute
|
||||
-- else
|
||||
-- -- FIXME: use specific Web API response!
|
||||
-- send_access_denied (Void, req, res)
|
||||
-- end
|
||||
-- end
|
||||
|
||||
|
||||
note
|
||||
copyright: "2011-2017, Jocelyn Fiat, Javier Velilla, Eiffel Software and others"
|
||||
|
||||
@@ -24,7 +24,7 @@ feature -- Execution
|
||||
elseif req.is_post_request_method then
|
||||
execute_post (req, res)
|
||||
else
|
||||
send_bad_request (Void, req, res)
|
||||
new_bad_request_error_response (Void, req, res).execute
|
||||
end
|
||||
end
|
||||
|
||||
@@ -43,7 +43,7 @@ feature -- Execution
|
||||
if attached req.query_parameter ("full") as p and then p.is_case_insensitive_equal ("yes") then
|
||||
l_full := True
|
||||
end
|
||||
rep := new_webapi_response (req, res)
|
||||
rep := new_response (req, res)
|
||||
nb := api.user_api.users_count
|
||||
rep.add_integer_64_field ("users_count", nb)
|
||||
create l_params.make (0, nb.to_natural_32)
|
||||
@@ -77,10 +77,10 @@ feature -- Execution
|
||||
end
|
||||
rep.add_iterator_field ("users", arr)
|
||||
rep.add_self (req.percent_encoded_path_info)
|
||||
rep.execute
|
||||
else
|
||||
send_access_denied (Void, req, res)
|
||||
rep := new_access_denied_error_response (Void, req, res)
|
||||
end
|
||||
rep.execute
|
||||
end
|
||||
|
||||
execute_post (req: WSF_REQUEST; res: WSF_RESPONSE)
|
||||
@@ -155,17 +155,17 @@ feature -- Execution
|
||||
end
|
||||
end
|
||||
if l_user = Void or else err /= Void then
|
||||
rep := new_wepapi_error_response (err, req, res)
|
||||
rep := new_error_response (err, req, res)
|
||||
else
|
||||
rep := new_webapi_response (req, res)
|
||||
rep := new_response (req, res)
|
||||
rep.add_string_field ("uid", l_user.id.out)
|
||||
add_user_links_to (l_user, rep)
|
||||
end
|
||||
rep.add_self (req.percent_encoded_path_info)
|
||||
rep.execute
|
||||
else
|
||||
send_access_denied (Void, req, res)
|
||||
rep := new_access_denied_error_response (Void, req, res)
|
||||
end
|
||||
rep.execute
|
||||
end
|
||||
|
||||
|
||||
|
||||
@@ -127,6 +127,11 @@ feature -- Execution
|
||||
m: WSF_PAGE_RESPONSE
|
||||
do
|
||||
create m.make_with_body (resource.representation)
|
||||
m.set_status_code (status_code)
|
||||
if attached redirection as loc then
|
||||
m.header.put_location (loc)
|
||||
m.set_status_code ({HTTP_STATUS_CODE}.temp_redirect)
|
||||
end
|
||||
m.header.put_content_type ("application/json")
|
||||
response.send (m)
|
||||
end
|
||||
|
||||
@@ -32,59 +32,52 @@ feature -- API Service
|
||||
|
||||
feature -- Factory
|
||||
|
||||
new_webapi_response (req: WSF_REQUEST; res: WSF_RESPONSE): HM_WEBAPI_RESPONSE
|
||||
new_response (req: WSF_REQUEST; res: WSF_RESPONSE): HM_WEBAPI_RESPONSE
|
||||
do
|
||||
-- create {MD_WEBAPI_RESPONSE} Result.make (req, res, api)
|
||||
create {JSON_WEBAPI_RESPONSE} Result.make (req, res, api)
|
||||
end
|
||||
|
||||
new_wepapi_error_response (msg: detachable READABLE_STRING_GENERAL; req: WSF_REQUEST; res: WSF_RESPONSE): HM_WEBAPI_RESPONSE
|
||||
new_error_response (msg: detachable READABLE_STRING_GENERAL; req: WSF_REQUEST; res: WSF_RESPONSE): like new_response
|
||||
do
|
||||
Result := new_webapi_response (req, res)
|
||||
Result := new_response (req, res)
|
||||
Result.set_status_code ({HTTP_STATUS_CODE}.bad_request)
|
||||
if msg /= Void then
|
||||
Result.add_string_field ("error", msg)
|
||||
else
|
||||
Result.add_string_field ("error", "True")
|
||||
end
|
||||
Result.add_self (req.request_uri)
|
||||
end
|
||||
|
||||
send_not_found (m: detachable READABLE_STRING_GENERAL; req: WSF_REQUEST; res: WSF_RESPONSE)
|
||||
local
|
||||
rep: HM_WEBAPI_RESPONSE
|
||||
new_not_found_error_response (m: detachable READABLE_STRING_GENERAL; req: WSF_REQUEST; res: WSF_RESPONSE): like new_response
|
||||
do
|
||||
if m /= Void then
|
||||
rep := new_wepapi_error_response (m, req, res)
|
||||
if m = Void then
|
||||
Result := new_error_response ("Not Found", req, res)
|
||||
else
|
||||
rep := new_wepapi_error_response ("Not found", req, res)
|
||||
Result := new_error_response (m, req, res)
|
||||
end
|
||||
rep.set_status_code ({HTTP_STATUS_CODE}.not_found)
|
||||
rep.execute
|
||||
Result.set_status_code ({HTTP_STATUS_CODE}.not_found)
|
||||
end
|
||||
|
||||
send_access_denied (m: detachable READABLE_STRING_GENERAL; req: WSF_REQUEST; res: WSF_RESPONSE)
|
||||
local
|
||||
rep: HM_WEBAPI_RESPONSE
|
||||
new_access_denied_error_response (m: detachable READABLE_STRING_GENERAL; req: WSF_REQUEST; res: WSF_RESPONSE): like new_response
|
||||
do
|
||||
if m /= Void then
|
||||
rep := new_wepapi_error_response (m, req, res)
|
||||
if m = Void then
|
||||
Result := new_error_response ("Access denied", req, res)
|
||||
else
|
||||
rep := new_wepapi_error_response ("Access denied", req, res)
|
||||
Result := new_error_response (m, req, res)
|
||||
end
|
||||
rep.set_status_code ({HTTP_STATUS_CODE}.user_access_denied)
|
||||
rep.execute
|
||||
Result.set_status_code ({HTTP_STATUS_CODE}.user_access_denied)
|
||||
end
|
||||
|
||||
send_bad_request (m: detachable READABLE_STRING_GENERAL; req: WSF_REQUEST; res: WSF_RESPONSE)
|
||||
local
|
||||
rep: HM_WEBAPI_RESPONSE
|
||||
new_bad_request_error_response (m: detachable READABLE_STRING_GENERAL; req: WSF_REQUEST; res: WSF_RESPONSE): like new_response
|
||||
do
|
||||
if m /= Void then
|
||||
rep := new_wepapi_error_response (m, req, res)
|
||||
if m = Void then
|
||||
Result := new_error_response ("Bad request", req, res)
|
||||
else
|
||||
rep := new_wepapi_error_response ("Bad request", req, res)
|
||||
Result := new_error_response (m, req, res)
|
||||
end
|
||||
rep.set_status_code ({HTTP_STATUS_CODE}.bad_request)
|
||||
rep.execute
|
||||
Result.set_status_code ({HTTP_STATUS_CODE}.bad_request)
|
||||
end
|
||||
|
||||
feature {NONE} -- Builder
|
||||
|
||||
Reference in New Issue
Block a user