Moved activation implementation into authentication api.

Improved core webapi, added registration link, support redirection.
Use error webapi response, rather than `send_...` routines.

modules/auth/cms_authentication_api.e

@@ -28,7 +28,7 @@ feature -- Token Generation
 				-- Create activation token
 			l_token := new_token
 			l_user_api.new_activation (l_token, u.id)
-			l_url_activate := cms_api.absolute_url ("/account/activate/" + l_token, void)
+			l_url_activate := cms_api.absolute_url ("/account/activate/" + l_token, Void)
 			l_url_reject := cms_api.absolute_url ("/account/reject/" + l_token, Void)
 				-- Send Email to webmaster
 			cms_api.log_debug ("registration", "send_register_email", Void)
@@ -43,6 +43,47 @@ feature -- Token Generation
 			cms_api.log ("registration", {STRING_32} "new user %"" + u.name + "%" <" + a_email + ">", {CMS_LOG}.level_info, Void)
 		end
 
+	activate_user (a_temp_user: CMS_TEMP_USER; a_token: READABLE_STRING_GENERAL)
+		require
+			a_temp_user.has_id
+			not a_temp_user.is_active
+		local
+			l_user_api: CMS_USER_API
+			l_temp_id: INTEGER_64
+			es: CMS_AUTHENTICATION_EMAIL_SERVICE
+		do
+			l_temp_id := a_temp_user.id
+
+					-- Valid user_id			
+			a_temp_user.set_id (0)
+			a_temp_user.mark_active
+			l_user_api := cms_api.user_api
+			l_user_api.new_user_from_temp_user (a_temp_user)
+
+			if
+				not l_user_api.has_error and then
+				attached l_user_api.user_by_name (a_temp_user.name) as l_new_user
+			then
+				if attached a_temp_user.personal_information as l_perso_info then
+						-- Keep personal information in profile item!
+					l_user_api.save_user_profile_item (l_new_user, "personal_information", l_perso_info)
+				end
+					-- Delete temporal User
+				a_temp_user.set_id (l_temp_id)
+				l_user_api.delete_temp_user (a_temp_user)
+				l_user_api.remove_activation (a_token)
+
+					-- Send Email
+				if attached l_new_user.email as l_email then
+					cms_api.log_debug ("activation", "send_contact_activation_confirmation_email", Void)
+					create es.make (create {CMS_AUTHENTICATION_EMAIL_SERVICE_PARAMETERS}.make (cms_api))
+					es.send_contact_activation_confirmation_email (l_email, l_new_user, cms_api.site_url)
+				end
+			else
+				error_handler.add_custom_error (-1, "activation error", "Activation failed!")
+			end
+		end
+
 	new_token: STRING
 			-- Generate a new token activation token
 		local

modules/auth/cms_authentication_module.e

@@ -520,48 +520,18 @@ feature -- Handler
 		local
 			r: CMS_RESPONSE
 			l_user_api: CMS_USER_API
-			l_ir: INTERNAL_SERVER_ERROR_CMS_RESPONSE
-			es: CMS_AUTHENTICATION_EMAIL_SERVICE
-			l_temp_id: INTEGER_64
 		do
 			if a_auth_api.cms_api.has_permission ("account activate") then
 				l_user_api := a_auth_api.cms_api.user_api
 				if attached {WSF_STRING} req.path_parameter ("token") as l_token then
 					if attached {CMS_TEMP_USER} l_user_api.temp_user_by_activation_token (l_token.value) as l_temp_user then
-
-						-- TODO copy the personal information
-						--! to CMS_USER_PROFILE and persist data
-						--! check also CMS_USER.data_items
-
-						l_temp_id := l_temp_user.id
-
-							-- Valid user_id
-						l_temp_user.set_id (0)
-						l_temp_user.mark_active
-						l_user_api.new_user_from_temp_user (l_temp_user)
-
-
 						create {GENERIC_VIEW_CMS_RESPONSE} r.make (req, res, a_auth_api.cms_api)
+						a_auth_api.activate_user (l_temp_user, l_token.value)
 						if
-							not l_user_api.has_error and then
+							not a_auth_api.has_error and then
 							attached l_user_api.user_by_name (l_temp_user.name) as l_new_user
 						then
-							if attached l_temp_user.personal_information as l_perso_info then
-									-- Keep personal information in profile item!
-								a_auth_api.cms_api.user_api.save_user_profile_item (l_new_user, "personal_information", l_perso_info)
-							end
-								-- Delete temporal User
-							l_temp_user.set_id (l_temp_id)
-							l_user_api.delete_temp_user (l_temp_user)
-							l_user_api.remove_activation (l_token.value)
-
 							r.set_main_content ("<p> The account <i>" + a_auth_api.cms_api.user_html_link (l_new_user) + "</i> has been activated</p>")
-								-- Send Email
-							if attached l_new_user.email as l_email then
-								create es.make (create {CMS_AUTHENTICATION_EMAIL_SERVICE_PARAMETERS}.make (a_auth_api.cms_api))
-								write_debug_log (generator + ".handle register: send_contact_activation_confirmation_email")
-								es.send_contact_activation_confirmation_email (l_email, l_new_user, req.absolute_script_url (""))
-							end
 						else
 								-- Failure!!!
 							r.set_status_code ({HTTP_CONSTANTS}.internal_server_error)
@@ -578,8 +548,7 @@ feature -- Handler
 					end
 					r.execute
 				else
-					create l_ir.make (req, res, a_auth_api.cms_api)
+					(create {INTERNAL_SERVER_ERROR_CMS_RESPONSE}.make (req, res, a_auth_api.cms_api)).execute
-					l_ir.execute
 				end
 			else
 				a_auth_api.cms_api.response_api.send_access_denied (Void, req, res)

modules/auth/cms_user_register_webapi_handler.e

@@ -32,14 +32,14 @@ feature -- Execution
 			if req.is_post_request_method then
 				register_user (req, res)
 			else
-				send_bad_request (Void, req, res)
+				new_bad_request_error_response (Void, req, res).execute
 			end
 		end
 
 	register_user (req: WSF_REQUEST; res: WSF_RESPONSE)
 		local
 			f: CMS_FORM
-			rep: like new_webapi_response
+			rep: like new_response
 			l_user_api: CMS_USER_API
 			u: CMS_TEMP_USER
 			l_exist: BOOLEAN
@@ -60,7 +60,7 @@ feature -- Execution
 				f.extend_text_field ("email", Void)
 				f.extend_text_field ("personal_information", Void)
 
-				rep := new_webapi_response (req, res)
+				rep := new_response (req, res)
 				f.process (rep)
 				if
 					attached f.last_data as fd and then not fd.has_error and then
@@ -83,7 +83,7 @@ feature -- Execution
 							l_exist := True
 						end
 						if fd.has_error or l_exist then
-							send_bad_request ("User name or email is already taken!", req, res)
+							rep := new_bad_request_error_response ("User name or email is already taken!", req, res)
 						else
 								-- New temp user
 							create u.make (l_name)
@@ -92,20 +92,22 @@ feature -- Execution
 							u.set_personal_information (l_personal_information)
 
 							auth_api.register_user (u, l_email, l_personal_information)
+								-- Until it is activated, this is not a real user.
 --							add_user_links_to (u, rep)
 							rep.add_string_field ("status", "succeed")
+							rep.add_string_field ("information", "Waiting for activation")
 							rep.add_self (req.percent_encoded_path_info)
-							rep.execute
 						end
 					else
-						send_bad_request ("Invalid email", req, res)
+						rep := new_access_denied_error_response ("Invalid email", req, res)
 					end
 				else
-					send_bad_request ("There were issue with your application, invalid or missing values.", req, res)
+					rep := new_access_denied_error_response ("There were issue with your application, invalid or missing values.", req, res)
 				end
 			else
-				send_access_denied ("You can also contact the webmaster to ask for an account.", req, res)
+				rep := new_access_denied_error_response ("You can also contact the webmaster to ask for an account.", req, res)
 			end
+			rep.execute
 		end
 
 

src/modules/core/cms_user_api.e

@@ -575,7 +575,7 @@ feature -- Change Temp User
 			end
 		end
 
-	remove_activation (a_token: READABLE_STRING_32)
+	remove_activation (a_token: READABLE_STRING_GENERAL)
 			-- Remove activation token `a_token', from the user_storage.
 		do
 			user_storage.remove_activation (a_token)

src/modules/core/persistence/user/cms_user_storage_i.e

@@ -265,7 +265,7 @@ feature -- New Temp User
   		deferred
   		end
 
-	remove_activation (a_token: READABLE_STRING_32)
+	remove_activation (a_token: READABLE_STRING_GENERAL)
 			-- Remove activation by token `a_token'.
 		deferred
 		end

src/modules/core/persistence/user/cms_user_storage_null.e

@@ -191,7 +191,7 @@ feature -- Temp Users
   		end
 
 
-	remove_activation (a_token: READABLE_STRING_32)
+	remove_activation (a_token: READABLE_STRING_GENERAL)
 			-- <Precursor>.
 		do
 		end

src/modules/core/persistence/user/cms_user_storage_sql_i.e

@@ -1312,7 +1312,7 @@ feature -- New Temp User
 
 feature -- Remove Activation
 
-	remove_activation (a_token: READABLE_STRING_32)
+	remove_activation (a_token: READABLE_STRING_GENERAL)
 			-- <Precursor>.
 		local
 			l_parameters: STRING_TABLE [detachable ANY]

src/modules/core/webapi/cms_access_token_webapi_handler.e

@@ -28,10 +28,10 @@ feature -- Execution
 				elseif req.is_get_request_method then
 					get_access_token (l_uid, req, res)
 				else
-					send_bad_request (Void, req, res)
+					new_bad_request_error_response (Void, req, res).execute
 				end
 			else
-				send_bad_request ("Missing {uid} parameter", req, res)
+				new_bad_request_error_response ("Missing {uid} parameter", req, res).execute
 			end
 		end
 
@@ -52,28 +52,28 @@ feature -- Request execution
 			if attached user_by_uid (a_uid) as l_user then
 				if attached api.user as u then
 					if u.same_as (l_user) or api.user_api.is_admin_user (u) then
-						rep := new_access_token_webapi_response (l_user, user_access_token (l_user), req, res)
+						rep := new_access_token_response (l_user, user_access_token (l_user), req, res)
 						if attached {WSF_STRING} req.item ("destination") as dest then
 							rep.set_redirection (dest.url_encoded_value)
 						end
-						rep.execute
 					else
 							-- Only admin, or current user can see its access_token!
-						send_access_denied (Void, req, res)
+						rep := new_access_denied_error_response (Void, req, res)
 					end
 				else
-					send_access_denied (Void, req, res)
+					rep := new_access_denied_error_response (Void, req, res)
 				end
 			else
-				send_not_found ("User not found", req, res)
+				rep := new_not_found_error_response ("User not found", req, res)
 			end
+			rep.execute
 		end
 
 	post_access_token (a_uid: READABLE_STRING_GENERAL; req: WSF_REQUEST; res: WSF_RESPONSE)
 			-- Execute handler for `req' and respond in `res'.
 		local
 			l_access_token: detachable READABLE_STRING_32
-			rep: like new_webapi_response
+			rep: like new_response
 		do
 			if attached user_by_uid (a_uid) as l_user then
 				if attached api.user as u then
@@ -91,21 +91,21 @@ feature -- Request execution
 		--				end
 						set_user_access_token (l_user, l_access_token)
 
-						rep := new_access_token_webapi_response (l_user, l_access_token, req, res)
+						rep := new_access_token_response (l_user, l_access_token, req, res)
 						if attached {WSF_STRING} req.item ("destination") as dest then
 							rep.set_redirection (dest.url_encoded_value)
 						end
-						rep.execute
 					else
 							-- Only admin, or current user can create the user access_token!
-						send_access_denied (Void, req, res)
+						rep := new_access_denied_error_response (Void, req, res)
 					end
 				else
-					send_access_denied (Void, req, res)
+					rep := new_access_denied_error_response (Void, req, res)
 				end
 			else
-				send_not_found ("User not found", req, res)
+				rep := new_not_found_error_response ("User not found", req, res)
 			end
+			rep.execute
 		end
 
 feature {NONE} -- Implementation
@@ -128,11 +128,11 @@ feature {NONE} -- Implementation
 			api.user_api.save_user_profile_item (a_user, "access_token", a_access_token)
 		end
 
-	new_access_token_webapi_response (a_user: CMS_USER; a_access_token: detachable READABLE_STRING_GENERAL; req: WSF_REQUEST; res: WSF_RESPONSE): like new_webapi_response
+	new_access_token_response (a_user: CMS_USER; a_access_token: detachable READABLE_STRING_GENERAL; req: WSF_REQUEST; res: WSF_RESPONSE): like new_response
 		local
 			tb: STRING_TABLE [detachable ANY]
 		do
-			Result := new_webapi_response (req, res)
+			Result := new_response (req, res)
 			if a_access_token /= Void then
 				Result.add_string_field ("access_token", a_access_token)
 			else

src/modules/core/webapi/cms_root_webapi_handler.e

@@ -21,10 +21,12 @@ feature -- Execution
 		local
 			rep: HM_WEBAPI_RESPONSE
 		do
-			rep := new_webapi_response (req, res)
+			rep := new_response (req, res)
 			rep.add_string_field ("site_name", api.setup.site_name)
 			if attached api.user as u then
 				add_user_links_to (u, rep)
+			elseif api.has_permission ("account register") then
+				rep.add_link ("register", Void, api.webapi_path ("/account/register"))
 			end
 			rep.add_self (req.percent_encoded_path_info)
 			rep.execute

src/modules/core/webapi/cms_user_webapi_handler.e

@@ -24,7 +24,7 @@ feature -- Execution
 --			elseif req.is_post_request_method then
 --				execute_post (req, res)
 			else
-				send_bad_request (Void, req, res)
+				new_bad_request_error_response (Void, req, res).execute
 			end
 		end
 
@@ -46,7 +46,7 @@ feature -- Execution
 --					end
 					if l_user /= Void then
 						if l_user.same_as (u) or api.has_permissions (<<"admin users", "view users">>) then
-							rep := new_webapi_response (req, res)
+							rep := new_response (req, res)
 							rep.add_string_field ("uid", l_user.id.out)
 							rep.add_string_field ("name", l_user.name)
 							if attached l_user.email as l_email then
@@ -66,56 +66,24 @@ feature -- Execution
 							end
 							add_user_links_to (l_user, rep)
 						else
-							rep := new_wepapi_error_response ("denied", req, res)
+							rep := new_error_response ("denied", req, res)
 							rep.set_status_code ({HTTP_STATUS_CODE}.user_access_denied)
 						end
 					else
-						rep := new_wepapi_error_response ("Not found", req, res)
+						rep := new_error_response ("Not found", req, res)
 						rep.set_status_code ({HTTP_STATUS_CODE}.not_found)
 					end
 				else
-					rep := new_wepapi_error_response ("Bad request", req, res)
+					rep := new_error_response ("Bad request", req, res)
 					rep.set_status_code ({HTTP_STATUS_CODE}.bad_request)
 				end
-				rep.execute
 			else
 					-- FIXME: use specific Web API response!
-				send_access_denied (Void, req, res)
+				rep := new_access_denied_error_response (Void, req, res)
 			end
+			rep.execute
 		end
 
---	execute_post (req: WSF_REQUEST; res: WSF_RESPONSE)
---			-- Execute handler for `req' and respond in `res'.
---		local
---			rep: HM_WEBAPI_RESPONSE
---			l_user: detachable CMS_USER
---		do
---			if attached api.user as u and then api.has_permission ("admin users") then
---				if attached {WSF_STRING} req.path_parameter ("uid") as p_uid then
---					if p_uid.is_integer then
---						l_user := api.user_api.user_by_id (p_uid.integer_value)
---					else
---						l_user := api.user_api.user_by_name (p_uid.value)
---					end
-----					if l_user = Void and p_uid.is_case_insensitive_equal ("me") then
-----						l_user := u
-----					end
---					if l_user /= Void then
---					else
---						rep := new_wepapi_error_response ("Not found", req, res)
---						rep.set_status_code ({HTTP_STATUS_CODE}.not_found)
---					end
---				else
---					rep := new_wepapi_error_response ("Bad request", req, res)
---					rep.set_status_code ({HTTP_STATUS_CODE}.bad_request)
---				end
---				rep.execute
---			else
---					-- FIXME: use specific Web API response!
---				send_access_denied (Void, req, res)
---			end
---		end
-
 
 note
 	copyright: "2011-2017, Jocelyn Fiat, Javier Velilla, Eiffel Software and others"

src/modules/core/webapi/cms_users_webapi_handler.e

@@ -24,7 +24,7 @@ feature -- Execution
 			elseif req.is_post_request_method then
 				execute_post (req, res)
 			else
-				send_bad_request (Void, req, res)
+				new_bad_request_error_response (Void, req, res).execute
 			end
 		end
 
@@ -43,7 +43,7 @@ feature -- Execution
 				if attached req.query_parameter ("full") as p and then p.is_case_insensitive_equal ("yes") then
 					l_full := True
 				end
-				rep := new_webapi_response (req, res)
+				rep := new_response (req, res)
 				nb := api.user_api.users_count
 				rep.add_integer_64_field ("users_count", nb)
 				create l_params.make (0, nb.to_natural_32)
@@ -77,10 +77,10 @@ feature -- Execution
 				end
 				rep.add_iterator_field ("users", arr)
 				rep.add_self (req.percent_encoded_path_info)
-				rep.execute
 			else
-				send_access_denied (Void, req, res)
+				rep := new_access_denied_error_response (Void, req, res)
 			end
+			rep.execute
 		end
 
 	execute_post (req: WSF_REQUEST; res: WSF_RESPONSE)
@@ -155,17 +155,17 @@ feature -- Execution
 					end
 				end
 				if l_user = Void or else err /= Void then
-					rep := new_wepapi_error_response (err, req, res)
+					rep := new_error_response (err, req, res)
 				else
-					rep := new_webapi_response (req, res)
+					rep := new_response (req, res)
 					rep.add_string_field ("uid", l_user.id.out)
 					add_user_links_to (l_user, rep)
 				end
 				rep.add_self (req.percent_encoded_path_info)
-				rep.execute
 			else
-				send_access_denied (Void, req, res)
+				rep := new_access_denied_error_response (Void, req, res)
 			end
+			rep.execute
 		end
 
 

src/service/response/json_webapi_response.e

@@ -127,6 +127,11 @@ feature -- Execution
 			m: WSF_PAGE_RESPONSE
 		do
 			create m.make_with_body (resource.representation)
+			m.set_status_code (status_code)
+			if attached redirection as loc then
+				m.header.put_location (loc)
+				m.set_status_code ({HTTP_STATUS_CODE}.temp_redirect)
+			end
 			m.header.put_content_type ("application/json")
 			response.send (m)
 		end

src/service/webapi/cms_webapi_handler.e

@@ -32,59 +32,52 @@ feature -- API Service
 
 feature -- Factory
 
-	new_webapi_response (req: WSF_REQUEST; res: WSF_RESPONSE): HM_WEBAPI_RESPONSE
+	new_response (req: WSF_REQUEST; res: WSF_RESPONSE): HM_WEBAPI_RESPONSE
 		do
 --			create {MD_WEBAPI_RESPONSE} Result.make (req, res, api)
 			create {JSON_WEBAPI_RESPONSE} Result.make (req, res, api)
 		end
 
-	new_wepapi_error_response (msg: detachable READABLE_STRING_GENERAL; req: WSF_REQUEST; res: WSF_RESPONSE): HM_WEBAPI_RESPONSE
+	new_error_response (msg: detachable READABLE_STRING_GENERAL; req: WSF_REQUEST; res: WSF_RESPONSE): like new_response
 		do
-			Result := new_webapi_response (req, res)
+			Result := new_response (req, res)
+			Result.set_status_code ({HTTP_STATUS_CODE}.bad_request)
 			if msg /= Void then
 				Result.add_string_field ("error", msg)
 			else
 				Result.add_string_field ("error", "True")
 			end
+			Result.add_self (req.request_uri)
 		end
 
-	send_not_found (m: detachable READABLE_STRING_GENERAL; req: WSF_REQUEST; res: WSF_RESPONSE)
+	new_not_found_error_response (m: detachable READABLE_STRING_GENERAL; req: WSF_REQUEST; res: WSF_RESPONSE): like new_response
-		local
-			rep: HM_WEBAPI_RESPONSE
 		do
-			if m /= Void then
+			if m = Void then
-				rep := new_wepapi_error_response (m, req, res)
+				Result := new_error_response ("Not Found", req, res)
 			else
-				rep := new_wepapi_error_response ("Not found", req, res)
+				Result := new_error_response (m, req, res)
 			end
-			rep.set_status_code ({HTTP_STATUS_CODE}.not_found)
+			Result.set_status_code ({HTTP_STATUS_CODE}.not_found)
-			rep.execute
 		end
 
-	send_access_denied (m: detachable READABLE_STRING_GENERAL; req: WSF_REQUEST; res: WSF_RESPONSE)
+	new_access_denied_error_response (m: detachable READABLE_STRING_GENERAL; req: WSF_REQUEST; res: WSF_RESPONSE): like new_response
-		local
-			rep: HM_WEBAPI_RESPONSE
 		do
-			if m /= Void then
+			if m = Void then
-				rep := new_wepapi_error_response (m, req, res)
+				Result := new_error_response ("Access denied", req, res)
 			else
-				rep := new_wepapi_error_response ("Access denied", req, res)
+				Result := new_error_response (m, req, res)
 			end
-			rep.set_status_code ({HTTP_STATUS_CODE}.user_access_denied)
+			Result.set_status_code ({HTTP_STATUS_CODE}.user_access_denied)
-			rep.execute
 		end
 
-	send_bad_request (m: detachable READABLE_STRING_GENERAL; req: WSF_REQUEST; res: WSF_RESPONSE)
+	new_bad_request_error_response (m: detachable READABLE_STRING_GENERAL; req: WSF_REQUEST; res: WSF_RESPONSE): like new_response
-		local
-			rep: HM_WEBAPI_RESPONSE
 		do
-			if m /= Void then
+			if m = Void then
-				rep := new_wepapi_error_response (m, req, res)
+				Result := new_error_response ("Bad request", req, res)
 			else
-				rep := new_wepapi_error_response ("Bad request", req, res)
+				Result := new_error_response (m, req, res)
 			end
-			rep.set_status_code ({HTTP_STATUS_CODE}.bad_request)
+			Result.set_status_code ({HTTP_STATUS_CODE}.bad_request)
-			rep.execute
 		end
 
 feature {NONE} -- Builder