backup/ROC
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Integrate Authentication modules.

Browse Source 
Updated code for sql that should not use parameters
   to expand :table_name in table name usage,
   since Eiffel Store will use quote,
   and MySQL does not like them.

Merge remote-tracking branch 'jvelilla/roc_auth_v1' into ewf_v1_mod_env

Conflicts:
	examples/demo/demo-safe.ecf
	modules/auth/cms_authentication_module.e
This commit is contained in:
Jocelyn FIAT
2015-06-25 23:20:51 +02:00
parent ba7ef17d34 268f53e53f
commit ae9eea99dd
29 changed files with 992 additions and 300 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
examples/demo/demo-safe.ecf
View File

@@ -15,6 +15,7 @@
<library name="cms" location="..\..\cms-safe.ecf" readonly="false"/> <library name="cms" location="..\..\cms-safe.ecf" readonly="false"/>
<library name="cms_app_env" location="..\..\library\app_env\app_env-safe.ecf" readonly="false"/> <library name="cms_app_env" location="..\..\library\app_env\app_env-safe.ecf" readonly="false"/>
<library name="cms_auth_module" location="..\..\modules\auth\auth-safe.ecf" readonly="false"/> <library name="cms_auth_module" location="..\..\modules\auth\auth-safe.ecf" readonly="false"/>
<library name="cms_oauth_20_module" location="..\..\modules\oauth20\oauth20-safe.ecf" readonly="false"/>
<library name="cms_basic_auth_module" location="..\..\modules\basic_auth\basic_auth-safe.ecf" readonly="false"/> <library name="cms_basic_auth_module" location="..\..\modules\basic_auth\basic_auth-safe.ecf" readonly="false"/>
<library name="cms_blog_module" location="modules\blog\cms_blog_module-safe.ecf" readonly="false"/> <library name="cms_blog_module" location="modules\blog\cms_blog_module-safe.ecf" readonly="false"/>
<library name="cms_demo_module" location="modules\demo\cms_demo_module-safe.ecf" readonly="false"/> <library name="cms_demo_module" location="modules\demo\cms_demo_module-safe.ecf" readonly="false"/>

2
examples/demo/modules/blog/cms_blog_module.e
View File

@@ -74,7 +74,7 @@ CREATE TABLE blog_post_nodes(
`tags` VARCHAR(255) `tags` VARCHAR(255)
); );
]" ]"
l_sql_storage.sql_execute_script (sql) l_sql_storage.sql_execute_script (sql, Void)
if l_sql_storage.has_error then if l_sql_storage.has_error then
api.logger.put_error ("Could not initialize database for blog module", generating_type) api.logger.put_error ("Could not initialize database for blog module", generating_type)
end end

2
examples/demo/modules/demo/cms_demo_module.e
View File

@@ -69,7 +69,7 @@ CREATE TABLE tb_demo(
`value` TEXT `value` TEXT
); );
]" ]"
l_sql_storage.sql_execute_script (sql) l_sql_storage.sql_execute_script (sql, Void)
if l_sql_storage.has_error then if l_sql_storage.has_error then
api.logger.put_error ("Could not initialize database for demo module", generating_type) api.logger.put_error ("Could not initialize database for demo module", generating_type)
end end

39
examples/demo/site/config/demo.json Normal file
View File

@@ -0,0 +1,39 @@
{
"database": {
"datasource": {
"driver": "odbc",
"environment": "odbc-sqlite"
},
"environments": {
"odbc-sqlite": {
"connection_string":"Driver=SQLite3 ODBC Driver;Database=./site/database.sqlite;LongNames=0;Timeout=1000;NoTXN=0;SyncPragma=NORMAL;StepAPI=0;"
},
"odbc-mysql": {
"connection_string":"Driver=mysql ODBC Driver;Server=localhost;Port=3306;Database=roc;Uid=roc;Pwd=roc;"
},
"mysql": {
"connection_string":"Driver=mysql;Server=localhost;Port=3306;Database=roc;Uid=roc;Pwd=roc;"
},
"development": {
"connection_string":"Server=localhost;Port=3306;Database=cms_dev;Uid=root;Pwd=;"
},
"production": {
"connection_string":""
}
}
},
"smtp": {
"server": "localhost"
},
"logger": {
"level":"error",
"type":"stderr",
"backup_count":"4"
},
"server": {
"mode":"html"
}
}

0
examples/demo/site/scripts/node.sql → examples/demo/site/modules/node/scripts/node.sql
View File

2
examples/demo/site/modules/login/scripts/oauth2_consumers.sql → examples/demo/site/modules/oauth20/scripts/oauth2_consumers.sql
View File

@@ -1,5 +1,5 @@
CREATE TABLE `oauth2_consumers`( CREATE TABLE oauth2_consumers(
`cid` INTEGER PRIMARY KEY NOT NULL CHECK(`cid`>=0), `cid` INTEGER PRIMARY KEY NOT NULL CHECK(`cid`>=0),
`name` VARCHAR(255) NOT NULL, `name` VARCHAR(255) NOT NULL,
`api_secret` TEXT NOT NULL, `api_secret` TEXT NOT NULL,

0
examples/demo/site/modules/login/scripts/oauth2_consumers_initialize.sql → examples/demo/site/modules/oauth20/scripts/oauth2_consumers_initialize.sql
View File

2
examples/demo/site/modules/login/scripts/oauth2_template.sql → examples/demo/site/modules/oauth20/scripts/oauth2_table.sql.tpl
View File

@@ -1,5 +1,5 @@
CREATE TABLE :table_name ( CREATE TABLE $table_name (
`uid` INTEGER PRIMARY KEY NOT NULL CHECK(`uid`>=0), `uid` INTEGER PRIMARY KEY NOT NULL CHECK(`uid`>=0),
`access_token` TEXT NOT NULL, `access_token` TEXT NOT NULL,
`created` DATETIME NOT NULL, `created` DATETIME NOT NULL,

7
examples/demo/site/modules/oauth20/templates/block_login.tpl Normal file
View File

@@ -0,0 +1,7 @@
<div class="primary-tabs">
<div>
{foreach item="item" from="$oauth_consumers"}
<a href="{$site_url/}account/login-with-oauth/{$item/}">Login with {$item/}</a><br>
{/foreach}
</div>
</div>

4
examples/demo/src/ewf_roc_server_execution.e
View File

@@ -69,6 +69,10 @@ feature -- CMS setup
a_setup.register_module (m) a_setup.register_module (m)
end end
create {CMS_OAUTH_20_MODULE} m.make
m.enable
a_setup.register_module (m)
create {CMS_DEBUG_MODULE} m.make create {CMS_DEBUG_MODULE} m.make
m.enable m.enable
a_setup.register_module (m) a_setup.register_module (m)

2
modules/auth/auth-safe.ecf
View File

@@ -18,6 +18,8 @@
<library name="http" location="$ISE_LIBRARY\contrib\library\network\protocol\http\http-safe.ecf"/> <library name="http" location="$ISE_LIBRARY\contrib\library\network\protocol\http\http-safe.ecf"/>
<library name="time" location="$ISE_LIBRARY\library\time\time-safe.ecf"/> <library name="time" location="$ISE_LIBRARY\library\time\time-safe.ecf"/>
<library name="wsf" location="$ISE_LIBRARY\contrib\library\web\framework\ewf\wsf\wsf-safe.ecf"/> <library name="wsf" location="$ISE_LIBRARY\contrib\library\web\framework\ewf\wsf\wsf-safe.ecf"/>
<library name="wsf_extension" location="$ISE_LIBRARY\contrib\library\web\framework\ewf\wsf\wsf_extension-safe.ecf" readonly="false"/>
<library name="wsf_html" location="$ISE_LIBRARY\contrib\library\web\framework\ewf\wsf_html\wsf_html-safe.ecf" readonly="false"/>
<library name="error" location="$ISE_LIBRARY\contrib\library\utility\general\error\error-safe.ecf"/> <library name="error" location="$ISE_LIBRARY\contrib\library\utility\general\error\error-safe.ecf"/>
<library name="email_service" location="..\..\library\email\email-safe.ecf"/> <library name="email_service" location="..\..\library\email\email-safe.ecf"/>

288
modules/auth/cms_authentication_module.e
View File

@@ -1,5 +1,5 @@
note note
description: "Module Logging supporting different authentication strategies" description: "Module Auth"
date: "$Date: 2015-05-20 06:50:50 -0300 (mi. 20 de may. de 2015) $" date: "$Date: 2015-05-20 06:50:50 -0300 (mi. 20 de may. de 2015) $"
revision: "$Revision: 97328 $" revision: "$Revision: 97328 $"
@@ -8,15 +8,9 @@ class
inherit inherit
CMS_MODULE CMS_MODULE
rename
module_api as user_oauth_api
redefine redefine
filters, register_hooks
register_hooks,
initialize,
is_installed,
install,
user_oauth_api
end end
@@ -57,104 +51,6 @@ feature {NONE} -- Initialization
cache_duration := 0 cache_duration := 0
end end
feature {CMS_API} -- Module Initialization
initialize (a_api: CMS_API)
-- <Precursor>
local
l_user_auth_api: like user_oauth_api
l_user_auth_storage: CMS_OAUTH_20_STORAGE_I
do
Precursor (a_api)
-- Storage initialization
if attached {CMS_STORAGE_SQL_I} a_api.storage as l_storage_sql then
create {CMS_OAUTH_20_STORAGE_SQL} l_user_auth_storage.make (l_storage_sql)
else
-- FIXME: in case of NULL storage, should Current be disabled?
create {CMS_OAUTH_20_STORAGE_NULL} l_user_auth_storage
end
-- Node API initialization
create l_user_auth_api.make_with_storage (a_api, l_user_auth_storage)
user_oauth_api := l_user_auth_api
ensure then
user_oauth_api_set: user_oauth_api /= Void
end
feature {CMS_API} -- Module management
is_installed (api: CMS_API): BOOLEAN
-- Is Current module installed?
do
Result := attached api.storage.custom_value ("is_initialized", "module-" + name) as v and then v.is_case_insensitive_equal_general ("yes")
end
install (api: CMS_API)
local
l_setup: CMS_SETUP
l_params: detachable STRING_TABLE [detachable ANY]
l_consumers: LIST [STRING]
do
l_setup := api.setup
-- Schema
if attached {CMS_STORAGE_SQL_I} api.storage as l_sql_storage then
if not l_sql_storage.sql_table_exists ("oauth2_consumers") then
--| Schema
l_sql_storage.sql_execute_file_script (api.modules_location.extended ("scripts").extended ("oauth2_consumers.sql"))
if l_sql_storage.has_error then
api.logger.put_error ("Could not initialize database for blog module", generating_type)
end
-- TODO workaround.
l_sql_storage.sql_execute_file_script (api.modules_location.extended ("scripts").extended ("oauth2_consumers_initialize.sql"))
end
-- TODO workaround, until we have an admin module
l_sql_storage.sql_query ("SELECT name FROM oauth2_consumers;", Void)
if l_sql_storage.has_error then
api.logger.put_error ("Could not initialize database for differnent consumerns", generating_type)
else
from
l_sql_storage.sql_start
create {ARRAYED_LIST[STRING]} l_consumers.make (2)
until
l_sql_storage.sql_after
loop
if attached l_sql_storage.sql_read_string (1) as l_name then
l_consumers.force ("oauth2_"+l_name)
end
l_sql_storage.sql_forth
end
across l_consumers as ic loop
if not l_sql_storage.sql_table_exists (ic.item) then
create l_params.make (1)
l_params.force (ic.item, "table_name")
l_sql_storage.sql_execute_file_script_with_params (api.modules_location.extended ("scripts").extended ("oauth2_template.sql"), l_params)
end
end
end
api.storage.set_custom_value ("is_initialized", "module-" + name, "yes")
end
end
feature {CMS_API} -- Access: API
user_oauth_api: detachable CMS_OAUTH_20_API
-- <Precursor>
feature -- Filters
filters (a_api: CMS_API): detachable LIST [WSF_FILTER]
-- Possibly list of Filter's module.
do
create {ARRAYED_LIST [WSF_FILTER]} Result.make (1)
if attached user_oauth_api as l_user_oauth_api then
Result.extend (create {CMS_OAUTH_20_FILTER}.make (a_api, l_user_oauth_api))
end
end
feature -- Access: docs feature -- Access: docs
root_dir: PATH root_dir: PATH
@@ -172,30 +68,24 @@ feature -- Access: docs
feature -- Router feature -- Router
setup_router (a_router: WSF_ROUTER; a_api: CMS_API) setup_router (a_router: WSF_ROUTER; a_api: CMS_API)
-- <Precursor> -- <Precursor>
do do
if attached user_oauth_api as l_user_oauth_api then configure_web (a_api, a_router)
configure_web (a_api, l_user_oauth_api, a_router)
end
end end
configure_web (a_api: CMS_API; a_router: WSF_ROUTER)
configure_web (a_api: CMS_API; a_user_oauth_api: CMS_OAUTH_20_API; a_router: WSF_ROUTER)
do do
a_router.handle ("/account/roc-login", create {WSF_URI_AGENT_HANDLER}.make (agent handle_login (a_api, ?, ?)), a_router.methods_head_get) a_router.handle ("/account/roc-login", create {WSF_URI_AGENT_HANDLER}.make (agent handle_login (a_api, ?, ?)), a_router.methods_head_get)
a_router.handle ("/account/roc-basic-auth", create {WSF_URI_AGENT_HANDLER}.make (agent handle_login_basic_auth (a_api, ?, ?)), a_router.methods_head_get)
a_router.handle ("/account/roc-register", create {WSF_URI_AGENT_HANDLER}.make (agent handle_register (a_api, ?, ?)), a_router.methods_get_post) a_router.handle ("/account/roc-register", create {WSF_URI_AGENT_HANDLER}.make (agent handle_register (a_api, ?, ?)), a_router.methods_get_post)
a_router.handle ("/account/activate/{token}", create {WSF_URI_TEMPLATE_AGENT_HANDLER}.make (agent handle_activation (a_api, ?, ?)), a_router.methods_head_get) a_router.handle ("/account/activate/{token}", create {WSF_URI_TEMPLATE_AGENT_HANDLER}.make (agent handle_activation (a_api, ?, ?)), a_router.methods_head_get)
a_router.handle ("/account/reactivate", create {WSF_URI_AGENT_HANDLER}.make (agent handle_reactivation (a_api, ?, ?)), a_router.methods_get_post) a_router.handle ("/account/reactivate", create {WSF_URI_AGENT_HANDLER}.make (agent handle_reactivation (a_api, ?, ?)), a_router.methods_get_post)
a_router.handle ("/account/new-password", create {WSF_URI_AGENT_HANDLER}.make (agent handle_new_password (a_api, ?, ?)), a_router.methods_get_post) a_router.handle ("/account/new-password", create {WSF_URI_AGENT_HANDLER}.make (agent handle_new_password (a_api, ?, ?)), a_router.methods_get_post)
a_router.handle ("/account/reset-password", create {WSF_URI_AGENT_HANDLER}.make (agent handle_reset_password (a_api, ?, ?)), a_router.methods_get_post) a_router.handle ("/account/reset-password", create {WSF_URI_AGENT_HANDLER}.make (agent handle_reset_password (a_api, ?, ?)), a_router.methods_get_post)
a_router.handle ("/account/roc-logout", create {WSF_URI_AGENT_HANDLER}.make (agent handle_logout (a_api, ?, ?)), a_router.methods_get_post) a_router.handle ("/account/roc-logout", create {WSF_URI_AGENT_HANDLER}.make (agent handle_logout (a_api, ?, ?)), a_router.methods_get_post)
a_router.handle ("/account/login-with-oauth/{callback}", create {WSF_URI_TEMPLATE_AGENT_HANDLER}.make (agent handle_login_with_oauth (a_api,a_user_oauth_api, ?, ?)), a_router.methods_get_post)
a_router.handle ("/account/{callback}", create {WSF_URI_TEMPLATE_AGENT_HANDLER}.make (agent handle_callback_oauth (a_api, a_user_oauth_api, ?, ?)), a_router.methods_get_post)
end end
feature -- Hooks configuration feature -- Hooks configuration
register_hooks (a_response: CMS_RESPONSE) register_hooks (a_response: CMS_RESPONSE)
@@ -229,6 +119,11 @@ feature -- Hooks
end end
a_menu_system.primary_menu.extend (lnk) a_menu_system.primary_menu.extend (lnk)
lnk.set_weight (98) lnk.set_weight (98)
if a_response.location.starts_with ("account/roc-login") then
create lnk.make ("Basic Auth", "account/roc-basic-auth")
lnk.set_expandable (True)
a_response.add_to_primary_tabs (lnk)
end
end end
block_list: ITERABLE [like {CMS_BLOCK}.name] block_list: ITERABLE [like {CMS_BLOCK}.name]
@@ -236,19 +131,23 @@ feature -- Hooks
l_string: STRING l_string: STRING
do do
Result := <<"login", "register", "reactivate", "new_password", "reset_password">> Result := <<"login", "register", "reactivate", "new_password", "reset_password">>
create l_string.make_empty debug ("roc")
across Result as ic loop create l_string.make_empty
across
Result as ic
loop
l_string.append (ic.item) l_string.append (ic.item)
l_string.append_character (' ') l_string.append_character (' ')
end end
write_debug_log (generator + ".block_list:" + l_string ) write_debug_log (generator + ".block_list:" + l_string )
end
end end
get_block_view (a_block_id: READABLE_STRING_8; a_response: CMS_RESPONSE) get_block_view (a_block_id: READABLE_STRING_8; a_response: CMS_RESPONSE)
do do
if if
a_block_id.is_case_insensitive_equal_general ("login") and then a_block_id.is_case_insensitive_equal_general ("login") and then
a_response.location.starts_with ("account/roc-login") a_response.location.starts_with ("account/roc-basic-auth")
then then
get_block_view_login (a_block_id, a_response) get_block_view_login (a_block_id, a_response)
elseif elseif
@@ -277,39 +176,34 @@ feature -- Hooks
handle_login (api: CMS_API; req: WSF_REQUEST; res: WSF_RESPONSE) handle_login (api: CMS_API; req: WSF_REQUEST; res: WSF_RESPONSE)
local local
r: CMS_RESPONSE r: CMS_RESPONSE
link: CMS_LINK
do do
create {GENERIC_VIEW_CMS_RESPONSE} r.make (req, res, api) create {GENERIC_VIEW_CMS_RESPONSE} r.make (req, res, api)
r.set_value ("Login", "optional_content_type") r.set_value ("Login", "optional_content_type")
r.execute r.execute
end end
handle_login_basic_auth (api: CMS_API; req: WSF_REQUEST; res: WSF_RESPONSE)
local
r: CMS_RESPONSE
link: CMS_LINK
do
create {GENERIC_VIEW_CMS_RESPONSE} r.make (req, res, api)
r.set_value ("Basic Auth", "optional_content_type")
r.execute
end
handle_logout (api: CMS_API; req: WSF_REQUEST; res: WSF_RESPONSE) handle_logout (api: CMS_API; req: WSF_REQUEST; res: WSF_RESPONSE)
local local
r: CMS_RESPONSE r: CMS_RESPONSE
l_url: STRING l_url: STRING
l_cookie: WSF_COOKIE l_cookie: WSF_COOKIE
do do
if create {GENERIC_VIEW_CMS_RESPONSE} r.make (req, res, api)
attached {WSF_STRING} req.cookie ({CMS_AUTHENTICATION_CONSTANTS}.oauth_session) as l_cookie_token and then r.set_status_code ({HTTP_CONSTANTS}.found)
attached {CMS_USER} current_user (req) as l_user l_url := req.absolute_script_url ("/basic_auth_logoff")
then r.set_redirection (l_url)
-- Logout gmail r.execute
create l_cookie.make ({CMS_AUTHENTICATION_CONSTANTS}.oauth_session, l_cookie_token.value)
l_cookie.set_path ("/")
l_cookie.set_max_age (-1)
res.add_cookie (l_cookie)
unset_current_user (req)
create {GENERIC_VIEW_CMS_RESPONSE} r.make (req, res, api)
r.set_status_code ({HTTP_CONSTANTS}.found)
r.set_redirection (req.absolute_script_url (""))
r.execute
else
create {GENERIC_VIEW_CMS_RESPONSE} r.make (req, res, api)
r.set_status_code ({HTTP_CONSTANTS}.found)
l_url := req.absolute_script_url ("/basic_auth_logoff")
r.set_redirection (l_url)
r.execute
end
end end
handle_register (api: CMS_API; req: WSF_REQUEST; res: WSF_RESPONSE) handle_register (api: CMS_API; req: WSF_REQUEST; res: WSF_RESPONSE)
@@ -555,13 +449,6 @@ feature {NONE} -- Block views
loop loop
l_tpl_block.set_value (ic.item, ic.key) l_tpl_block.set_value (ic.item, ic.key)
end end
if
attached user_oauth_api as l_auth_api and then
attached l_auth_api.oauth2_consumers as l_list
then
l_tpl_block.set_value (l_list, "oauth_consumers")
end
a_response.add_block (l_tpl_block, "content") a_response.add_block (l_tpl_block, "content")
else else
debug ("cms") debug ("cms")
@@ -709,110 +596,6 @@ feature {NONE} -- Block views
end end
end end
feature -- OAuth2 Login with google.
handle_login_with_oauth (api: CMS_API; a_oauth_api: CMS_OAUTH_20_API; req: WSF_REQUEST; res: WSF_RESPONSE)
local
r: CMS_RESPONSE
l_oauth: CMS_OAUTH_20_WORKFLOW
do
if
attached {WSF_STRING} req.path_parameter ("callback") as p_consumer and then
attached {CMS_OAUTH_20_CONSUMER} a_oauth_api.oauth_consumer_by_name (p_consumer.value) as l_consumer
then
create l_oauth.make (req.server_url, l_consumer)
if attached l_oauth.authorization_url as l_authorization_url then
create {GENERIC_VIEW_CMS_RESPONSE} r.make (req, res, api)
r.set_redirection (l_authorization_url)
r.execute
else
create {BAD_REQUEST_ERROR_CMS_RESPONSE} r.make (req, res, api)
r.set_main_content ("Bad request")
r.execute
end
else
create {BAD_REQUEST_ERROR_CMS_RESPONSE} r.make (req, res, api)
r.set_main_content ("Bad request")
r.execute
end
end
handle_callback_oauth (api: CMS_API; a_user_oauth_api: CMS_OAUTH_20_API; req: WSF_REQUEST; res: WSF_RESPONSE)
local
r: CMS_RESPONSE
l_auth: CMS_OAUTH_20_WORKFLOW
l_user_api: CMS_USER_API
l_user: CMS_USER
l_roles: LIST [CMS_USER_ROLE]
l_cookie: WSF_COOKIE
es: CMS_AUTHENTICATON_EMAIL_SERVICE
do
if attached {WSF_STRING} req.path_parameter ("callback") as l_callback and then
attached {CMS_OAUTH_20_CONSUMER} a_user_oauth_api.oauth_consumer_by_callback (l_callback.value) as l_consumer and then
attached {WSF_STRING} req.query_parameter ("code") as l_code
then
create l_auth.make (req.server_url, l_consumer)
l_auth.sign_request (l_code.value)
if
attached l_auth.access_token as l_access_token and then
attached l_auth.user_profile as l_user_profile
then
create {GENERIC_VIEW_CMS_RESPONSE} r.make (req, res, api)
-- extract user email
-- check if the user exist
l_user_api := api.user_api
-- 1 if the user exit put it in the context
if
attached l_auth.user_email as l_email
then
if attached l_user_api.user_by_email (l_email) as p_user then
-- User with email exist
if attached a_user_oauth_api.user_oauth2_by_id (p_user.id, l_consumer.name) then
-- Update oauth entry
a_user_oauth_api.update_user_oauth2 (l_access_token.token, l_user_profile, p_user, l_consumer.name )
else
-- create a oauth entry
a_user_oauth_api.new_user_oauth2 (l_access_token.token, l_user_profile, p_user, l_consumer.name )
end
create l_cookie.make ({CMS_AUTHENTICATION_CONSTANTS}.oauth_session, l_access_token.token)
l_cookie.set_max_age (l_access_token.expires_in)
l_cookie.set_path ("/")
res.add_cookie (l_cookie)
else
create {ARRAYED_LIST [CMS_USER_ROLE]} l_roles.make (1)
l_roles.force (l_user_api.authenticated_user_role)
-- Create a new user and oauth entry
create l_user.make (l_email)
l_user.set_email (l_email)
l_user.set_password (new_token) -- generate a random password.
l_user.set_roles (l_roles)
l_user.mark_active
l_user_api.new_user (l_user)
-- Add oauth entry
a_user_oauth_api.new_user_oauth2 (l_access_token.token, l_user_profile, l_user, l_consumer.name )
create l_cookie.make ({CMS_AUTHENTICATION_CONSTANTS}.oauth_session, l_access_token.token)
l_cookie.set_max_age (l_access_token.expires_in)
l_cookie.set_path ("/")
res.add_cookie (l_cookie)
set_current_user (req, l_user)
-- Send Email
create es.make (create {CMS_AUTHENTICATION_EMAIL_SERVICE_PARAMETERS}.make (api))
write_debug_log (generator + ".handle register: send_contact_welcome_email")
es.send_contact_welcome_email (l_email, "")
end
end
r.set_redirection (r.front_page_url)
r.execute
end
end
end
feature {NONE} -- Token Generation feature {NONE} -- Token Generation
@@ -835,6 +618,7 @@ feature {NONE} -- Token Generation
Result := l_token Result := l_token
end end
feature {NONE} -- Implementation: date and time feature {NONE} -- Implementation: date and time
http_date_format_to_date (s: READABLE_STRING_8): detachable DATE_TIME http_date_format_to_date (s: READABLE_STRING_8): detachable DATE_TIME

10
modules/auth/cms_login_form.e Normal file
View File

@@ -0,0 +1,10 @@
note
description: "Summary description for {CMS_LOGIN_FORM}."
author: ""
date: "$Date$"
revision: "$Revision$"
class
CMS_LOGIN_FORM
end

6
modules/node/node_module.e
View File

@@ -99,7 +99,8 @@ feature {CMS_API} -- Module management
is_installed (a_api: CMS_API): BOOLEAN is_installed (a_api: CMS_API): BOOLEAN
-- Is Current module installed? -- Is Current module installed?
do do
if attached {CMS_STORAGE_SQL_I} a_api.storage as l_sql_storage then Result := Precursor (a_api)
if Result and attached {CMS_STORAGE_SQL_I} a_api.storage as l_sql_storage then
Result := l_sql_storage.sql_table_exists ("nodes") and Result := l_sql_storage.sql_table_exists ("nodes") and
l_sql_storage.sql_table_exists ("page_nodes") l_sql_storage.sql_table_exists ("page_nodes")
end end
@@ -109,8 +110,9 @@ feature {CMS_API} -- Module management
do do
-- Schema -- Schema
if attached {CMS_STORAGE_SQL_I} a_api.storage as l_sql_storage then if attached {CMS_STORAGE_SQL_I} a_api.storage as l_sql_storage then
l_sql_storage.sql_execute_file_script (a_api.setup.environment.path.extended ("scripts").extended (name).appended_with_extension ("sql")) l_sql_storage.sql_execute_file_script (a_api.module_resource_location (Current, (create {PATH}.make_from_string ("scripts")).extended (name).appended_with_extension ("sql")), Void)
end end
Precursor {CMS_MODULE}(a_api)
end end
feature {CMS_API} -- Access: API feature {CMS_API} -- Access: API

2
modules/auth/cms_oauth_20_api.e → modules/oauth20/cms_oauth_20_api.e
View File

@@ -13,7 +13,7 @@ inherit
REFACTORING_HELPER REFACTORING_HELPER
create {CMS_AUTHENTICATION_MODULE} create {CMS_OAUTH_20_MODULE}
make_with_storage make_with_storage
feature {NONE} -- Initialization feature {NONE} -- Initialization

10
modules/auth/cms_authentication_constants.e → modules/oauth20/cms_oauth_20_constants.e
View File

@@ -1,10 +1,10 @@
note note
description: "Summary description for {CMS_AUTHENTICATION_CONSTANTS}." description: "Summary description for {CMS_OAUTH_20_CONSTANTS}."
date: "$Date$" date: "$Date$"
revision: "$Revision$" revision: "$Revision$"
class class
CMS_AUTHENTICATION_CONSTANTS CMS_OAUTH_20_CONSTANTS
feature -- Access feature -- Access
@@ -12,4 +12,10 @@ feature -- Access
-- Name of Cookie used to keep the session info. -- Name of Cookie used to keep the session info.
-- FIXME: make this configurable. -- FIXME: make this configurable.
oauth_callback: STRING = "callback"
-- Callback parameter.
oauth_code: STRING = "code"
-- Code query parameter.
end end

0
modules/auth/cms_oauth_20_consumer.e → modules/oauth20/cms_oauth_20_consumer.e
View File

63
modules/oauth20/cms_oauth_20_email_service.e Normal file
View File

@@ -0,0 +1,63 @@
note
description: "Summary description for {CMS_OAUTH_20_EMAIL_SERVICE}."
date: "$Date$"
revision: "$Revision$"
class
CMS_OAUTH_20_EMAIL_SERVICE
inherit
EMAIL_SERVICE
redefine
initialize,
parameters
end
create
make
feature {NONE} -- Initialization
initialize
do
Precursor
contact_email := parameters.contact_email
end
parameters: CMS_OAUTH_20_EMAIL_SERVICE_PARAMETERS
-- Associated parameters.
feature -- Access
contact_email: IMMUTABLE_STRING_8
-- contact email.
feature -- Basic Operations
send_contact_email (a_to, a_content: READABLE_STRING_8)
-- Send successful contact message `a_token' to `a_to'.
require
attached_to: a_to /= Void
local
l_message: STRING
do
create l_message.make_from_string (parameters.account_activation)
l_message.replace_substring_all ("$link", a_content)
send_message (contact_email, a_to, parameters.contact_subject_register, l_message)
end
send_contact_welcome_email (a_to, a_content: READABLE_STRING_8)
-- Send successful contact message `a_token' to `a_to'.
require
attached_to: a_to /= Void
local
l_message: STRING
do
create l_message.make_from_string (parameters.account_welcome)
l_message.replace_substring_all ("$link", a_content)
send_message (contact_email, a_to, parameters.contact_subject_oauth, l_message)
end
end

260
modules/oauth20/cms_oauth_20_email_service_parameters.e Normal file
View File

@@ -0,0 +1,260 @@
note
description: "Summary description for {CMS_OAUTH_20_EMAIL_SERVICE_PARAMETERS}."
date: "$Date$"
revision: "$Revision$"
class
CMS_OAUTH_20_EMAIL_SERVICE_PARAMETERS
inherit
EMAIL_SERVICE_PARAMETERS
create
make
feature {NONE} -- Initialization
make (a_cms_api: CMS_API)
local
utf: UTF_CONVERTER
l_site_name: READABLE_STRING_8
s: detachable READABLE_STRING_32
l_contact_email, l_subject_register, l_subject_activate, l_subject_password, l_subject_oauth: detachable READABLE_STRING_8
do
setup := a_cms_api.setup
-- Use global smtp setting if any, otherwise "localhost"
smtp_server := utf.escaped_utf_32_string_to_utf_8_string_8 (a_cms_api.setup.text_item_or_default ("smtp", "localhost"))
l_site_name := utf.escaped_utf_32_string_to_utf_8_string_8 (a_cms_api.setup.site_name)
admin_email := a_cms_api.setup.site_email
if not admin_email.has ('<') then
admin_email := l_site_name + " <" + admin_email +">"
end
if attached {CONFIG_READER} a_cms_api.module_configuration_by_name ("login", Void) as cfg then
if attached cfg.text_item ("smtp") as l_smtp then
-- Overwrite global smtp setting if any.
smtp_server := utf.utf_32_string_to_utf_8_string_8 (l_smtp)
end
s := cfg.text_item ("email")
if s /= Void then
l_contact_email := utf.utf_32_string_to_utf_8_string_8 (s)
end
s := cfg.text_item ("subject_register")
if s /= Void then
l_subject_register := utf.utf_32_string_to_utf_8_string_8 (s)
end
s := cfg.text_item ("subject_activate")
if s /= Void then
l_subject_register := utf.utf_32_string_to_utf_8_string_8 (s)
end
s := cfg.text_item ("subject_password")
if s /= Void then
l_subject_register := utf.utf_32_string_to_utf_8_string_8 (s)
end
s := cfg.text_item ("subject_oauth")
if s /= Void then
l_subject_oauth := utf.utf_32_string_to_utf_8_string_8 (s)
end
end
if l_contact_email /= Void then
if not l_contact_email.has ('<') then
l_contact_email := l_site_name + " <" + l_contact_email + ">"
end
contact_email := l_contact_email
else
contact_email := admin_email
end
if l_subject_register /= Void then
contact_subject_register := l_subject_register
else
contact_subject_register := "Thank you for registering with us."
end
if l_subject_activate /= Void then
contact_subject_activate := l_subject_activate
else
contact_subject_activate := "New account activation token."
end
if l_subject_password /= Void then
contact_subject_password := l_subject_password
else
contact_subject_password := "Password Recovery."
end
if l_subject_oauth /= Void then
contact_subject_oauth := l_subject_oauth
else
contact_subject_oauth := "Welcome."
end
end
feature -- Access
smtp_server: IMMUTABLE_STRING_8
admin_email: IMMUTABLE_STRING_8
contact_email: IMMUTABLE_STRING_8
-- Contact email.
contact_subject_register: IMMUTABLE_STRING_8
contact_subject_activate: IMMUTABLE_STRING_8
contact_subject_password: IMMUTABLE_STRING_8
contact_subject_oauth: IMMUTABLE_STRING_8
account_activation: STRING
-- Account activation template email message.
do
Result := template_string ("account_activation.html", default_template_account_activation)
end
account_re_activation: STRING
-- Account re_activation template email message.
do
Result := template_string ("accunt_re_activation.html", default_template_account_re_activation)
end
account_password: STRING
-- Account password template email message.
do
Result := template_string ("account_new_password.html", default_template_account_new_password)
end
account_welcome: STRING
-- Account welcome template email message.
do
Result := template_string ("account_welcome.html", default_template_account_welcome)
end
feature {NONE} -- Implementation: Template
template_path (a_name: READABLE_STRING_GENERAL): PATH
-- Location of template named `a_name'.
do
Result := setup.environment.config_path.extended ("modules").extended ("login").extended (a_name)
end
template_string (a_name: READABLE_STRING_GENERAL; a_default: STRING): STRING
-- Content of template named `a_name', or `a_default' if template is not found.
local
p: PATH
do
p := template_path ("account_activation.html")
if attached read_template_file (p) as l_content then
Result := l_content
else
create Result.make_from_string (a_default)
end
end
feature {NONE} -- Implementation
setup: CMS_SETUP
read_template_file (a_path: PATH): detachable STRING
-- Read the content of the file at path `a_path'.
local
l_file: FILE
n: INTEGER
do
create {PLAIN_TEXT_FILE} l_file.make_with_path (a_path)
if l_file.exists and then l_file.is_readable then
n := l_file.count
l_file.open_read
l_file.read_stream (n)
Result := l_file.last_string
l_file.close
else
-- Error
end
end
feature {NONE} -- Message email
default_template_account_activation: STRING = "[
<!doctype html>
<html lang="en">
<head>
<meta charset="utf-8">
<title>Activation</title>
<meta name="description" content="Activation">
<meta name="author" content="ROC CMS">
</head>
<body>
<p>Thank you for registering at <a href="...">ROC CMS</a></p>
<p>To complete your registration, please click on the following link to activate your account:<p>
<p><a href="$link">$link</a></p>
<p>Thank you for joining us.</p>
</body>
</html>
]"
default_template_account_re_activation: STRING = "[
<!doctype html>
<html lang="en">
<head>
<meta charset="utf-8">
<title>New Activation</title>
<meta name="description" content="New Activation token">
<meta name="author" content="ROC CMS">
</head>
<body>
<p>You have requested a new activation token at <a href="...">ROC CMS</a></p>
<p>To complete your registration, please click on the following link to activate your account:<p>
<p><a href="$link">$link</a></p>
<p>Thank you for joining us.</p>
</body>
</html>
]"
default_template_account_new_password: STRING = "[
<!doctype html>
<html lang="en">
<head>
<meta charset="utf-8">
<title>New Password</title>
<meta name="description" content="New Password">
<meta name="author" content="ROC CMS">
</head>
<body>
<p>You have required a new password at <a href="...">ROC CMS</a></p>
<p>To complete your request, please click on this link to generate a new password:<p>
<p><a href="$link">$link</a></p>
</body>
</html>
]"
default_template_account_welcome: STRING = "[
<!doctype html>
<html lang="en">
<head>
<meta charset="utf-8">
<title>Welcome</title>
<meta name="description" content="Welcome">
<meta name="author" content="ROC CMS">
</head>
<body>
<p>Welcome to<a href="...">ROC CMS</a></p>
<p>Thank you for joining us.</p>
</body>
</html>
]"
end

0
modules/auth/persistence/cms_oauth_20_generic_api.e → modules/oauth20/cms_oauth_20_generic_api.e
View File

509
modules/oauth20/cms_oauth_20_module.e Normal file
View File

@@ -0,0 +1,509 @@
note
description: "Generic OAuth Module supporting authentication using different providers."
date: "$Date: 2015-05-20 06:50:50 -0300 (mi. 20 de may. de 2015) $"
revision: "$Revision: 97328 $"
class
CMS_OAUTH_20_MODULE
inherit
CMS_MODULE
rename
module_api as user_oauth_api
redefine
filters,
register_hooks,
initialize,
install,
user_oauth_api
end
CMS_HOOK_BLOCK
CMS_HOOK_AUTO_REGISTER
CMS_HOOK_MENU_SYSTEM_ALTER
CMS_HOOK_VALUE_TABLE_ALTER
SHARED_EXECUTION_ENVIRONMENT
export
{NONE} all
end
REFACTORING_HELPER
SHARED_LOGGER
CMS_REQUEST_UTIL
create
make
feature {NONE} -- Initialization
make
-- Create current module
do
name := "oauth20"
version := "1.0"
description := "OAuth20 module"
package := "Oauth20"
create root_dir.make_current
cache_duration := 0
end
feature {CMS_API} -- Module Initialization
initialize (a_api: CMS_API)
-- <Precursor>
local
l_user_auth_api: like user_oauth_api
l_user_auth_storage: CMS_OAUTH_20_STORAGE_I
do
Precursor (a_api)
-- Storage initialization
if attached {CMS_STORAGE_SQL_I} a_api.storage as l_storage_sql then
create {CMS_OAUTH_20_STORAGE_SQL} l_user_auth_storage.make (l_storage_sql)
else
-- FIXME: in case of NULL storage, should Current be disabled?
create {CMS_OAUTH_20_STORAGE_NULL} l_user_auth_storage
end
-- API initialization
create l_user_auth_api.make_with_storage (a_api, l_user_auth_storage)
user_oauth_api := l_user_auth_api
ensure then
user_oauth_api_set: user_oauth_api /= Void
end
feature {CMS_API} -- Module management
install (api: CMS_API)
local
l_consumers: LIST [STRING]
do
-- Schema
if attached {CMS_STORAGE_SQL_I} api.storage as l_sql_storage then
if not l_sql_storage.sql_table_exists ("oauth2_consumers") then
--| Schema
l_sql_storage.sql_execute_file_script (api.module_resource_location (Current, (create {PATH}.make_from_string ("scripts")).extended ("oauth2_consumers.sql")), Void)
if l_sql_storage.has_error then
api.logger.put_error ("Could not initialize database for blog module", generating_type)
end
-- TODO workaround.
l_sql_storage.sql_execute_file_script (api.module_resource_location (Current, (create {PATH}.make_from_string ("scripts")).extended ("oauth2_consumers_initialize.sql")), Void)
end
-- TODO workaround, until we have an admin module
l_sql_storage.sql_query ("SELECT name FROM oauth2_consumers;", Void)
if l_sql_storage.has_error then
api.logger.put_error ("Could not initialize database for differnent consumerns", generating_type)
else
from
l_sql_storage.sql_start
create {ARRAYED_LIST[STRING]} l_consumers.make (2)
until
l_sql_storage.sql_after
loop
if attached l_sql_storage.sql_read_string (1) as l_name then
l_consumers.force ("oauth2_" + l_name)
end
l_sql_storage.sql_forth
end
across l_consumers as ic loop
if not l_sql_storage.sql_table_exists (ic.item) then
if attached l_sql_storage.sql_script_content (api.module_resource_location (Current, (create {PATH}.make_from_string ("scripts")).extended ("oauth2_table.sql.tpl"))) as sql then
-- FIXME: shouldn't we use a unique table for all oauth providers? or as it is .. one table per oauth provider?
sql.replace_substring_all ("$table_name", ic.item)
l_sql_storage.sql_execute_script (sql, Void)
end
end
end
end
Precursor {CMS_MODULE}(api)
end
end
feature {CMS_API} -- Access: API
user_oauth_api: detachable CMS_OAUTH_20_API
-- <Precursor>
feature -- Filters
filters (a_api: CMS_API): detachable LIST [WSF_FILTER]
-- Possibly list of Filter's module.
do
create {ARRAYED_LIST [WSF_FILTER]} Result.make (1)
if attached user_oauth_api as l_user_oauth_api then
Result.extend (create {CMS_OAUTH_20_FILTER}.make (a_api, l_user_oauth_api))
end
end
feature -- Access: docs
root_dir: PATH
cache_duration: INTEGER
-- Caching duration
--| 0: disable
--| -1: cache always valie
--| nb: cache expires after nb seconds.
cache_disabled: BOOLEAN
do
Result := cache_duration = 0
end
feature -- Router
setup_router (a_router: WSF_ROUTER; a_api: CMS_API)
-- <Precursor>
do
if attached user_oauth_api as l_user_oauth_api then
configure_web (a_api, l_user_oauth_api, a_router)
end
end
configure_web (a_api: CMS_API; a_user_oauth_api: CMS_OAUTH_20_API; a_router: WSF_ROUTER)
do
a_router.handle ("/account/roc-oauth-login", create {WSF_URI_AGENT_HANDLER}.make (agent handle_login (a_api, ?, ?)), a_router.methods_head_get)
a_router.handle ("/account/roc-oauth-logout", create {WSF_URI_AGENT_HANDLER}.make (agent handle_logout (a_api, ?, ?)), a_router.methods_get_post)
a_router.handle ("/account/login-with-oauth/{callback}", create {WSF_URI_TEMPLATE_AGENT_HANDLER}.make (agent handle_login_with_oauth (a_api,a_user_oauth_api, ?, ?)), a_router.methods_get_post)
a_router.handle ("/account/{callback}", create {WSF_URI_TEMPLATE_AGENT_HANDLER}.make (agent handle_callback_oauth (a_api, a_user_oauth_api, ?, ?)), a_router.methods_get_post)
end
feature -- Hooks configuration
register_hooks (a_response: CMS_RESPONSE)
-- Module hooks configuration.
do
auto_subscribe_to_hooks (a_response)
a_response.subscribe_to_block_hook (Current)
a_response.subscribe_to_value_table_alter_hook (Current)
end
feature -- Hooks
value_table_alter (a_value: CMS_VALUE_TABLE; a_response: CMS_RESPONSE)
-- <Precursor>
do
if attached current_user (a_response.request) as l_user then
a_value.force (l_user, "user")
end
end
menu_system_alter (a_menu_system: CMS_MENU_SYSTEM; a_response: CMS_RESPONSE)
-- Hook execution on collection of menu contained by `a_menu_system'
-- for related response `a_response'.
local
lnk: CMS_LOCAL_LINK
lnk2: detachable CMS_LINK
do
if
attached a_response.current_user (a_response.request) as u and then
attached {WSF_STRING} a_response.request.cookie ({CMS_OAUTH_20_CONSTANTS}.oauth_session) as l_roc_auth_session_token
then
across
a_menu_system.primary_menu.items as ic
until
lnk2 /= Void
loop
if ic.item.title.has_substring ("(Logout)") then
lnk2 := ic.item
end
end
if lnk2 /= Void then
a_menu_system.primary_menu.remove (lnk2)
end
create lnk.make (u.name + " (Logout)", "account/roc-oauth-logout" )
a_menu_system.primary_menu.extend (lnk)
end
if a_response.location.starts_with ("account/roc-login") then
create lnk.make ("OAuth", "account/roc-oauth-login")
a_response.add_to_primary_tabs (lnk)
end
end
block_list: ITERABLE [like {CMS_BLOCK}.name]
local
l_string: STRING
do
Result := <<"login">>
debug ("roc")
create l_string.make_empty
across
Result as ic
loop
l_string.append (ic.item)
l_string.append_character (' ')
end
write_debug_log (generator + ".block_list:" + l_string )
end
end
get_block_view (a_block_id: READABLE_STRING_8; a_response: CMS_RESPONSE)
do
if
a_block_id.is_case_insensitive_equal_general ("login") and then
a_response.location.starts_with ("account/roc-oauth-login")
then
get_block_view_login (a_block_id, a_response)
end
end
handle_login (api: CMS_API; req: WSF_REQUEST; res: WSF_RESPONSE)
local
r: CMS_RESPONSE
do
create {GENERIC_VIEW_CMS_RESPONSE} r.make (req, res, api)
r.set_value ("Login", "optional_content_type")
r.execute
end
handle_logout (api: CMS_API; req: WSF_REQUEST; res: WSF_RESPONSE)
local
r: CMS_RESPONSE
l_cookie: WSF_COOKIE
do
if
attached {WSF_STRING} req.cookie ({CMS_OAUTH_20_CONSTANTS}.oauth_session) as l_cookie_token and then
attached {CMS_USER} current_user (req) as l_user
then
-- Logout OAuth
create l_cookie.make ({CMS_OAUTH_20_CONSTANTS}.oauth_session, l_cookie_token.value)
l_cookie.set_path ("/")
l_cookie.set_max_age (-1)
res.add_cookie (l_cookie)
unset_current_user (req)
create {GENERIC_VIEW_CMS_RESPONSE} r.make (req, res, api)
r.set_status_code ({HTTP_CONSTANTS}.found)
r.set_redirection (req.absolute_script_url (""))
r.execute
end
end
feature {NONE} -- Helpers
template_block (a_block_id: READABLE_STRING_8; a_response: CMS_RESPONSE): detachable CMS_SMARTY_TEMPLATE_BLOCK
-- Smarty content block for `a_block_id'
local
p: detachable PATH
do
create p.make_from_string ("templates")
p := p.extended ("block_").appended (a_block_id).appended_with_extension ("tpl")
p := a_response.api.module_theme_resource_location (Current, p)
if p /= Void then
if attached p.entry as e then
create Result.make (a_block_id, Void, p.parent, e)
else
create Result.make (a_block_id, Void, p.parent, p)
end
end
end
feature {NONE} -- Block views
get_block_view_login (a_block_id: READABLE_STRING_8; a_response: CMS_RESPONSE)
local
vals: CMS_VALUE_TABLE
do
if attached template_block (a_block_id, a_response) as l_tpl_block then
create vals.make (1)
-- add the variable to the block
value_table_alter (vals, a_response)
across
vals as ic
loop
l_tpl_block.set_value (ic.item, ic.key)
end
if
attached user_oauth_api as l_auth_api and then
attached l_auth_api.oauth2_consumers as l_list
then
l_tpl_block.set_value (l_list, "oauth_consumers")
end
a_response.add_block (l_tpl_block, "content")
else
debug ("cms")
a_response.add_warning_message ("Error with block [" + a_block_id + "]")
end
end
end
feature -- OAuth2 Login with Provider
handle_login_with_oauth (api: CMS_API; a_oauth_api: CMS_OAUTH_20_API; req: WSF_REQUEST; res: WSF_RESPONSE)
local
r: CMS_RESPONSE
l_oauth: CMS_OAUTH_20_WORKFLOW
do
if
attached {WSF_STRING} req.path_parameter ({CMS_OAUTH_20_CONSTANTS}.oauth_callback) as p_consumer and then
attached {CMS_OAUTH_20_CONSUMER} a_oauth_api.oauth_consumer_by_name (p_consumer.value) as l_consumer
then
create l_oauth.make (req.server_url, l_consumer)
if attached l_oauth.authorization_url as l_authorization_url then
create {GENERIC_VIEW_CMS_RESPONSE} r.make (req, res, api)
r.set_redirection (l_authorization_url)
r.execute
else
create {BAD_REQUEST_ERROR_CMS_RESPONSE} r.make (req, res, api)
r.set_main_content ("Bad request")
r.execute
end
else
create {BAD_REQUEST_ERROR_CMS_RESPONSE} r.make (req, res, api)
r.set_main_content ("Bad request")
r.execute
end
end
handle_callback_oauth (api: CMS_API; a_user_oauth_api: CMS_OAUTH_20_API; req: WSF_REQUEST; res: WSF_RESPONSE)
local
r: CMS_RESPONSE
l_auth: CMS_OAUTH_20_WORKFLOW
l_user_api: CMS_USER_API
l_user: CMS_USER
l_roles: LIST [CMS_USER_ROLE]
l_cookie: WSF_COOKIE
es: CMS_OAUTH_20_EMAIL_SERVICE
do
if attached {WSF_STRING} req.path_parameter ({CMS_OAUTH_20_CONSTANTS}.oauth_callback) as l_callback and then
attached {CMS_OAUTH_20_CONSUMER} a_user_oauth_api.oauth_consumer_by_callback (l_callback.value) as l_consumer and then
attached {WSF_STRING} req.query_parameter ({CMS_OAUTH_20_CONSTANTS}.oauth_code) as l_code
then
create l_auth.make (req.server_url, l_consumer)
l_auth.sign_request (l_code.value)
if
attached l_auth.access_token as l_access_token and then
attached l_auth.user_profile as l_user_profile
then
create {GENERIC_VIEW_CMS_RESPONSE} r.make (req, res, api)
-- extract user email
-- check if the user exist
l_user_api := api.user_api
-- 1 if the user exit put it in the context
if
attached l_auth.user_email as l_email
then
if attached l_user_api.user_by_email (l_email) as p_user then
-- User with email exist
if attached a_user_oauth_api.user_oauth2_by_id (p_user.id, l_consumer.name) then
-- Update oauth entry
a_user_oauth_api.update_user_oauth2 (l_access_token.token, l_user_profile, p_user, l_consumer.name )
else
-- create a oauth entry
a_user_oauth_api.new_user_oauth2 (l_access_token.token, l_user_profile, p_user, l_consumer.name )
end
create l_cookie.make ({CMS_OAUTH_20_CONSTANTS}.oauth_session, l_access_token.token)
l_cookie.set_max_age (l_access_token.expires_in)
l_cookie.set_path ("/")
res.add_cookie (l_cookie)
else
create {ARRAYED_LIST [CMS_USER_ROLE]} l_roles.make (1)
l_roles.force (l_user_api.authenticated_user_role)
-- Create a new user and oauth entry
create l_user.make (l_email)
l_user.set_email (l_email)
l_user.set_password (new_token) -- generate a random password.
l_user.set_roles (l_roles)
l_user.mark_active
l_user_api.new_user (l_user)
-- Add oauth entry
a_user_oauth_api.new_user_oauth2 (l_access_token.token, l_user_profile, l_user, l_consumer.name )
create l_cookie.make ({CMS_OAUTH_20_CONSTANTS}.oauth_session, l_access_token.token)
l_cookie.set_max_age (l_access_token.expires_in)
l_cookie.set_path ("/")
res.add_cookie (l_cookie)
set_current_user (req, l_user)
-- Send Email
create es.make (create {CMS_OAUTH_20_EMAIL_SERVICE_PARAMETERS}.make (api))
write_debug_log (generator + ".handle_callback_oauth: send_contact_welcome_email")
es.send_contact_welcome_email (l_email, "")
end
end
r.set_redirection (r.front_page_url)
r.execute
end
end
end
feature {NONE} -- Token Generation
new_token: STRING
-- Generate a new token activation token
local
l_token: STRING
l_security: SECURITY_PROVIDER
l_encode: URL_ENCODER
do
create l_security
l_token := l_security.token
create l_encode
from until l_token.same_string (l_encode.encoded_string (l_token)) loop
-- Loop ensure that we have a security token that does not contain characters that need encoding.
-- We cannot simply to an encode-decode because the email sent to the user will contain an encoded token
-- but the user will need to use an unencoded token if activation has to be done manually.
l_token := l_security.token
end
Result := l_token
end
feature {NONE} -- Implementation: date and time
http_date_format_to_date (s: READABLE_STRING_8): detachable DATE_TIME
local
d: HTTP_DATE
do
create d.make_from_string (s)
if not d.has_error then
Result := d.date_time
end
end
file_date (p: PATH): DATE_TIME
require
path_exists: (create {FILE_UTILITIES}).file_path_exists (p)
local
f: RAW_FILE
do
create f.make_with_path (p)
Result := timestamp_to_date (f.date)
end
timestamp_to_date (n: INTEGER): DATE_TIME
local
d: HTTP_DATE
do
create d.make_from_timestamp (n)
Result := d.date_time
end
note
copyright: "Copyright (c) 1984-2013, Eiffel Software and others"
license: "Eiffel Forum License v2 (see http://www.eiffel.com/licensing/forum.txt)"
source: "[
Eiffel Software
5949 Hollister Ave., Goleta, CA 93117 USA
Telephone 805-685-1006, Fax 805-685-6869
Website http://www.eiffel.com
Customer support http://support.eiffel.com
]"
end

0
modules/auth/cms_oauth_20_workflow.e → modules/oauth20/cms_oauth_20_workflow.e
View File

6
modules/auth/filter/cms_oauth_20_filter.e → modules/oauth20/filter/cms_oauth_20_filter.e
View File

@@ -1,5 +1,7 @@
note note
description: "Summary description for {CMS_OAUTH_20_FILTER}." description: "[
Extracts an OAuth2 token from the incoming request (cookie) and uses it to populate the user (or cms user context)
]"
date: "$Date$" date: "$Date$"
revision: "$Revision$" revision: "$Revision$"
@@ -36,7 +38,7 @@ feature -- Basic operations
api.logger.put_debug (generator + ".execute ", Void) api.logger.put_debug (generator + ".execute ", Void)
-- A valid user -- A valid user
if if
attached {WSF_STRING} req.cookie ({CMS_AUTHENTICATION_CONSTANTS}.oauth_session) as l_roc_auth_session_token attached {WSF_STRING} req.cookie ({CMS_OAUTH_20_CONSTANTS}.oauth_session) as l_roc_auth_session_token
then then
if attached user_oauth_api.user_oauth2_without_consumer_by_token (l_roc_auth_session_token.value) as l_user then if attached user_oauth_api.user_oauth2_without_consumer_by_token (l_roc_auth_session_token.value) as l_user then
set_current_user (req, l_user) set_current_user (req, l_user)

28
modules/oauth20/oauth20-safe.ecf Normal file
View File

@@ -0,0 +1,28 @@
<?xml version="1.0" encoding="ISO-8859-1"?>
<system xmlns="http://www.eiffel.com/developers/xml/configuration-1-13-0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.eiffel.com/developers/xml/configuration-1-13-0 http://www.eiffel.com/developers/xml/configuration-1-13-0.xsd" name="oauth_module" uuid="D64B990F-B51F-4E0D-AB2E-4AA5DDB783CE" library_target="oauth_module">
<target name="oauth_module">
<root all_classes="true"/>
<file_rule>
<exclude>/.git$</exclude>
<exclude>/EIFGENs$</exclude>
<exclude>/.svn$</exclude>
</file_rule>
<option warning="true" full_class_checking="true" is_attached_by_default="true" void_safety="all" syntax="standard">
</option>
<library name="apis" location="$ISE_LIBRARY\contrib\library\web\authentication\oauth\cypress\consumer\apis\apis.ecf" readonly="false"/>
<library name="base" location="$ISE_LIBRARY\library\base\base-safe.ecf"/>
<library name="cms" location="$ISE_LIBRARY\unstable\library\web\cms\cms-safe.ecf" readonly="false"/>
<library name="cms_app_env" location="$ISE_LIBRARY\unstable\library\web\cms\library\app_env\app_env-safe.ecf" readonly="false"/>
<library name="cms_model" location="$ISE_LIBRARY\unstable\library\web\cms\library\model\cms_model-safe.ecf" readonly="false"/>
<library name="config" location="$ISE_LIBRARY\unstable\library\web\cms\library\configuration\config-safe.ecf"/>
<library name="cypress_consumer" location="$ISE_LIBRARY\contrib\library\web\authentication\oauth\cypress\consumer-safe.ecf" readonly="false"/>
<library name="email_service" location="..\..\library\email\email-safe.ecf"/>
<library name="encoder" location="$ISE_LIBRARY\contrib\library\web\framework\ewf\text\encoder\encoder-safe.ecf"/>
<library name="error" location="$ISE_LIBRARY\contrib\library\utility\general\error\error-safe.ecf"/>
<library name="http" location="$ISE_LIBRARY\contrib\library\network\protocol\http\http-safe.ecf"/>
<library name="json" location="$ISE_LIBRARY\contrib\library\text\parser\json\library\json-safe.ecf" readonly="false"/>
<library name="time" location="$ISE_LIBRARY\library\time\time-safe.ecf"/>
<library name="wsf" location="$ISE_LIBRARY\contrib\library\web\framework\ewf\wsf\wsf-safe.ecf"/>
<cluster name="src" location=".\" recursive="true"/>
</target>
</system>

0
modules/auth/persistence/cms_oauth_20_storage_i.e → modules/oauth20/persistence/cms_oauth_20_storage_i.e
View File

0
modules/auth/persistence/cms_oauth_20_storage_null.e → modules/oauth20/persistence/cms_oauth_20_storage_null.e
View File

0
modules/auth/persistence/cms_oauth_20_storage_sql.e → modules/oauth20/persistence/cms_oauth_20_storage_sql.e
View File

4
src/persistence/sql/cms_storage_sql_builder.e
View File

@@ -22,8 +22,8 @@ feature -- Initialization
l_roles: LIST [CMS_USER_ROLE] l_roles: LIST [CMS_USER_ROLE]
do do
--| Schema --| Schema
a_storage.sql_execute_file_script (a_setup.environment.path.extended ("scripts").extended ("core.sql")) a_storage.sql_execute_file_script (a_setup.environment.site_path.extended ("scripts").extended ("core.sql"), Void)
a_storage.sql_execute_file_script (a_setup.environment.path.extended ("scripts").extended ("user.sql")) a_storage.sql_execute_file_script (a_setup.environment.site_path.extended ("scripts").extended ("user.sql"), Void)
--| Roles --| Roles
create l_anonymous_role.make ("anonymous") create l_anonymous_role.make ("anonymous")

45
src/persistence/sql/cms_storage_sql_i.e
View File

@@ -130,15 +130,15 @@ feature -- Operation
feature -- Helper feature -- Helper
sql_execute_file_script_with_params (a_path: PATH; a_params: detachable STRING_TABLE [detachable ANY]) sql_script_content (a_path: PATH): detachable STRING
-- Execute SQL script from `a_path' and with params `a_params'. -- Content of sql script located at `a_path'.
local local
f: PLAIN_TEXT_FILE f: PLAIN_TEXT_FILE
sql: STRING sql: STRING
do do
create f.make_with_path (a_path) create f.make_with_path (a_path)
if f.exists and then f.is_access_readable then if f.exists and then f.is_access_readable then
create sql.make (f.count) create Result.make (f.count)
f.open_read f.open_read
from from
f.start f.start
@@ -146,38 +146,21 @@ feature -- Helper
f.exhausted or f.end_of_file f.exhausted or f.end_of_file
loop loop
f.read_stream_thread_aware (1_024) f.read_stream_thread_aware (1_024)
sql.append (f.last_string) Result.append (f.last_string)
end end
f.close f.close
sql_execute_script_with_params (sql, a_params)
end end
end end
sql_execute_file_script (a_path: PATH; a_params: detachable STRING_TABLE [detachable ANY])
sql_execute_file_script (a_path: PATH) -- Execute SQL script from `a_path' and with optional parameters `a_params'.
-- Execute SQL script from `a_path'.
local
f: PLAIN_TEXT_FILE
sql: STRING
do do
create f.make_with_path (a_path) if attached sql_script_content (a_path) as sql then
if f.exists and then f.is_access_readable then sql_execute_script (sql, a_params)
create sql.make (f.count)
f.open_read
from
f.start
until
f.exhausted or f.end_of_file
loop
f.read_stream_thread_aware (1_024)
sql.append (f.last_string)
end
f.close
sql_execute_script (sql)
end end
end end
sql_execute_script (a_sql_script: STRING) sql_execute_script (a_sql_script: STRING; a_params: detachable STRING_TABLE [detachable ANY])
-- Execute SQL script. -- Execute SQL script.
-- i.e: multiple SQL statements. -- i.e: multiple SQL statements.
local local
@@ -197,7 +180,7 @@ feature -- Helper
loop loop
if attached next_sql_statement (a_sql_script, i, cl) as s then if attached next_sql_statement (a_sql_script, i, cl) as s then
if not s.is_whitespace then if not s.is_whitespace then
sql_change (sql_statement (s), Void) sql_change (sql_statement (s), a_params)
err := err or has_error err := err or has_error
reset_error reset_error
end end
@@ -213,14 +196,6 @@ feature -- Helper
end end
end end
sql_execute_script_with_params (a_sql_script: STRING; a_params: detachable STRING_TABLE [detachable ANY])
-- Execute SQL script.
-- i.e: multiple SQL statements.
do
reset_error
sql_change (a_sql_script, a_params)
end
sql_table_exists (a_table_name: READABLE_STRING_8): BOOLEAN sql_table_exists (a_table_name: READABLE_STRING_8): BOOLEAN
-- Does table `a_table_name' exists? -- Does table `a_table_name' exists?
do do