Merge remote-tracking branch 'jvelilla/roc_email' into ewf_v1

Conflicts:
	cms.ecf
	examples/demo/demo-safe.ecf
	examples/demo/site/scripts/user.sql
	examples/demo/src/ewf_roc_server.e

src/persistence/sql/cms_storage_sql_builder.e

@@ -36,6 +36,7 @@ feature -- Initialization
 			create u.make ("admin")
 			u.set_password ("istrator#")
 			u.set_email (a_setup.site_email)
+			u.set_status ({CMS_USER}.active)
 			a_storage.new_user (u)
 
 				--| Node			
@@ -74,16 +75,19 @@ feature -- Initialization
 			create u.make ("auth")
 			u.set_password ("enticated#")
 			u.set_email (a_setup.site_email)
+			u.set_status ({CMS_USER}.active)
 			a_storage.new_user (u)
 
 			create u.make ("test")
 			u.set_password ("test#")
 			u.set_email (a_setup.site_email)
+			u.set_status ({CMS_USER}.active)
 			a_storage.new_user (u)
 
 			create u.make ("view")
 			u.set_password ("only#")
 			u.set_email (a_setup.site_email)
+			u.set_status ({CMS_USER}.active)
 			u.set_roles (l_roles)
 			a_storage.new_user (u)
 		end

src/persistence/sql/cms_storage_sql_i.e

@@ -76,7 +76,7 @@ feature -- Operation
 				i := a_sql_statement.index_of (':', i)
 				if i = 0 then
 					i := n -- exit
-				else
+				elseif a_sql_statement.at (i-1).is_equal ('%'') or else  a_sql_statement.at (i-1).is_equal ('%"') or else a_sql_statement.at (i-1).is_equal (' ') or else a_sql_statement.at (i-1).is_equal ('=') then
 					from
 						j := i + 1
 					until
@@ -124,6 +124,30 @@ feature -- Operation
 
 feature -- Helper
 
+	sql_execute_file_script_with_params (a_path: PATH; a_params: detachable STRING_TABLE [detachable ANY])
+			-- Execute SQL script from `a_path' and with params `a_params'.
+		local
+			f: PLAIN_TEXT_FILE
+			sql: STRING
+		do
+			create f.make_with_path (a_path)
+			if f.exists and then f.is_access_readable then
+				create sql.make (f.count)
+				f.open_read
+				from
+					f.start
+				until
+					f.exhausted or f.end_of_file
+				loop
+					f.read_stream_thread_aware (1_024)
+					sql.append (f.last_string)
+				end
+				f.close
+				sql_execute_script_with_params (sql, a_params)
+			end
+		end
+
+
 	sql_execute_file_script (a_path: PATH)
 			-- Execute SQL script from `a_path'.
 		local
@@ -181,6 +205,14 @@ feature -- Helper
 			end
 		end
 
+	sql_execute_script_with_params (a_sql_script: STRING; a_params: detachable STRING_TABLE [detachable ANY])
+			-- Execute SQL script.
+			-- i.e: multiple SQL statements.
+		do
+			reset_error
+			sql_change (a_sql_script, a_params)
+		end
+
 	sql_table_exists (a_table_name: READABLE_STRING_8): BOOLEAN
 			-- Does table `a_table_name' exists?
 		do
@@ -364,6 +396,26 @@ feature {NONE} -- Implementation
 			loop
 				c := a_script[i]
 				inspect c
+				when '-' then
+					if i < n and then a_script[i + 1] = '-' then
+							-- Commented line "--" until New Line
+						j := a_script.index_of ('%N', i)
+						if j > 0 then
+							i := j
+						else
+							i := n
+						end
+					end
+				when '/' then
+					if i < n and then a_script[i + 1] = '*' then
+							-- Commented text "/*" until closing "*/"
+						j := a_script.substring_index ("*/", i)
+						if j > 0 then
+							i := j
+						else
+							i := n
+						end
+					end
 				when '`', '"', '%'' then
 					from
 						j := i

src/persistence/user/cms_user_storage_i.e

@@ -56,6 +56,20 @@ feature -- Access
 			password: Result /= Void implies (Result.hashed_password /= Void and Result.password = Void)
 		end
 
+	user_by_activation_token (a_token: READABLE_STRING_32): detachable CMS_USER
+			-- User with activation token `a_token', if any.
+		deferred
+		ensure
+			password: Result /= Void implies (Result.hashed_password /= Void and Result.password = Void)
+		end
+
+	user_by_password_token (a_token: READABLE_STRING_32): detachable CMS_USER
+			-- User with password token `a_token', if any.
+		deferred
+		ensure
+			password: Result /= Void implies (Result.hashed_password /= Void and Result.password = Void)
+		end
+
 	is_valid_credential (a_u, a_p: READABLE_STRING_32): BOOLEAN
 			-- Does account with username `a_username' and password `a_password' exist?
 		deferred
@@ -141,4 +155,28 @@ feature -- Change: roles and permissions
 		deferred
 		end
 
+feature -- Change: User activation
+
+	save_activation (a_token: READABLE_STRING_32; a_id: INTEGER_64)
+			-- <Precursor>.
+		deferred
+		end
+
+	remove_activation (a_token: READABLE_STRING_32)
+			-- <Precursor>.
+		deferred
+		end
+
+feature -- Change: User password recovery
+
+	save_password (a_token: READABLE_STRING_32; a_id: INTEGER_64)
+			-- <Precursor>.
+		deferred
+		end
+
+	remove_password (a_token: READABLE_STRING_32)
+			-- <Precursor>.
+		deferred
+		end
+
 end

src/persistence/user/cms_user_storage_null.e

@@ -34,6 +34,14 @@ feature -- Access: user
 		do
 		end
 
+	user_by_activation_token (a_token: READABLE_STRING_32): detachable CMS_USER
+		do
+		end
+
+	user_by_password_token (a_token: READABLE_STRING_32): detachable CMS_USER
+		do
+		end
+
 	is_valid_credential (l_auth_login, l_auth_password: READABLE_STRING_32): BOOLEAN
 		do
 		end
@@ -76,4 +84,28 @@ feature -- Change: roles and permissions
 		do
 		end
 
+feature -- Change: User activation
+
+	save_activation (a_token: READABLE_STRING_32; a_id: INTEGER_64)
+			-- <Precursor>.
+		do
+		end
+
+	remove_activation (a_token: READABLE_STRING_32)
+			-- <Precursor>.
+		do
+		end
+
+feature -- Change: User password recovery
+
+	save_password (a_token: READABLE_STRING_32; a_id: INTEGER_64)
+			-- <Precursor>.
+		do
+		end
+
+	remove_password (a_token: READABLE_STRING_32)
+			-- <Precursor>.
+		do
+		end
+
 end

src/persistence/user/cms_user_storage_sql_i.e

@@ -62,7 +62,7 @@ feature -- Access: user
 			l_parameters: STRING_TABLE [detachable ANY]
 		do
 			error_handler.reset
-			write_information_log (generator + ".user")
+			write_information_log (generator + ".user_by_id")
 			create l_parameters.make (1)
 			l_parameters.put (a_id, "uid")
 			sql_query (select_user_by_id, l_parameters)
@@ -107,6 +107,40 @@ feature -- Access: user
 			end
 		end
 
+	user_by_activation_token (a_token: READABLE_STRING_32): detachable CMS_USER
+			-- User for the given activation token `a_token', if any.
+		local
+			l_parameters: STRING_TABLE [detachable ANY]
+		do
+			error_handler.reset
+			write_information_log (generator + ".user_by_activation_token")
+			create l_parameters.make (1)
+			l_parameters.put (a_token, "token")
+			sql_query (select_user_by_activation_token, l_parameters)
+			if sql_rows_count = 1 then
+				Result := fetch_user
+			else
+				check no_more_than_one: sql_rows_count = 0 end
+			end
+		end
+
+	user_by_password_token (a_token: READABLE_STRING_32): detachable CMS_USER
+			-- User for the given password token `a_token', if any.
+		local
+			l_parameters: STRING_TABLE [detachable ANY]
+		do
+			error_handler.reset
+			write_information_log (generator + ".user_by_password_token")
+			create l_parameters.make (1)
+			l_parameters.put (a_token, "token")
+			sql_query (select_user_by_password_token, l_parameters)
+			if sql_rows_count = 1 then
+				Result := fetch_user
+			else
+				check no_more_than_one: sql_rows_count = 0 end
+			end
+		end
+
 	is_valid_credential (l_auth_login, l_auth_password: READABLE_STRING_32): BOOLEAN
 		local
 			l_security: SECURITY_PROVIDER
@@ -155,6 +189,7 @@ feature -- Change: user
 				l_parameters.put (l_password_salt, "salt")
 				l_parameters.put (l_email, "email")
 				l_parameters.put (create {DATE_TIME}.make_now_utc, "created")
+				l_parameters.put (a_user.status, "status")
 
 				sql_change (sql_insert_user, l_parameters)
 				if not error_handler.has_error then
@@ -197,6 +232,7 @@ feature -- Change: user
 				l_parameters.put (l_password_salt, "salt")
 				l_parameters.put (l_email, "email")
 				l_parameters.put (create {DATE_TIME}.make_now_utc, "changed")
+				l_parameters.put (a_user.status, "status")
 
 				sql_change (sql_update_user, l_parameters)
 			else
@@ -441,6 +477,107 @@ feature -- Change: roles and permissions
 			end
 		end
 
+
+feature -- Access: User activation
+
+	activation_elapsed_time (a_token: READABLE_STRING_32): INTEGER_32
+			-- amount of time that has passed in days since the token `a_token' was saved.
+		local
+			l_parameters: STRING_TABLE [detachable ANY]
+		do
+			error_handler.reset
+			write_information_log (generator + ".activation_elapsed_time")
+			create l_parameters.make (1)
+			l_parameters.put (a_token, "token")
+			sql_query (sql_select_activation_expiration, l_parameters)
+			if sql_rows_count = 1 then
+				Result := sql_read_integer_32 (1)
+			end
+		end
+
+	user_id_by_activation (a_token: READABLE_STRING_32): INTEGER_64
+			-- User id associatied with a token `a_token', if any.
+		local
+			l_parameters: STRING_TABLE [detachable ANY]
+		do
+			error_handler.reset
+			write_information_log (generator + ".user_id_by_actication")
+			create l_parameters.make (1)
+			l_parameters.put (a_token, "token")
+			sql_query (sql_select_userid_activation, l_parameters)
+			if sql_rows_count = 1 then
+				Result := sql_read_integer_32 (1)
+			end
+		end
+
+feature -- Change: User activation
+
+	save_activation (a_token: READABLE_STRING_32; a_id: INTEGER_64)
+			-- <Precursor>
+		local
+			l_parameters: STRING_TABLE [detachable ANY]
+			l_utc_date: DATE_TIME
+		do
+			error_handler.reset
+			sql_begin_transaction
+			write_information_log (generator + ".save_activation")
+			create l_utc_date.make_now_utc
+			create l_parameters.make (2)
+			l_parameters.put (a_token, "token")
+			l_parameters.put (a_id, "uid")
+			l_parameters.put (l_utc_date, "utc_date")
+			sql_change (sql_insert_activation, l_parameters)
+			sql_commit_transaction
+		end
+
+	remove_activation (a_token: READABLE_STRING_32)
+			-- <Precursor>.
+		local
+			l_parameters: STRING_TABLE [detachable ANY]
+		do
+			error_handler.reset
+			sql_begin_transaction
+			write_information_log (generator + ".remove_activation")
+			create l_parameters.make (1)
+			l_parameters.put (a_token, "token")
+			sql_change (sql_remove_activation, l_parameters)
+			sql_commit_transaction
+		end
+
+feature -- Change: User password recovery
+
+	save_password (a_token: READABLE_STRING_32; a_id: INTEGER_64)
+			-- <Precursor>
+		local
+			l_parameters: STRING_TABLE [detachable ANY]
+			l_utc_date: DATE_TIME
+		do
+			error_handler.reset
+			sql_begin_transaction
+			write_information_log (generator + ".save_password")
+			create l_utc_date.make_now_utc
+			create l_parameters.make (2)
+			l_parameters.put (a_token, "token")
+			l_parameters.put (a_id, "uid")
+			l_parameters.put (l_utc_date, "utc_date")
+			sql_change (sql_insert_password, l_parameters)
+			sql_commit_transaction
+		end
+
+	remove_password (a_token: READABLE_STRING_32)
+			-- <Precursor>.
+		local
+			l_parameters: STRING_TABLE [detachable ANY]
+		do
+			error_handler.reset
+			sql_begin_transaction
+			write_information_log (generator + ".remove_password")
+			create l_parameters.make (1)
+			l_parameters.put (a_token, "token")
+			sql_change (sql_remove_password, l_parameters)
+			sql_commit_transaction
+		end
+
 feature {NONE} -- Implementation: User
 
 	user_salt (a_username: READABLE_STRING_32): detachable READABLE_STRING_8
@@ -489,6 +626,9 @@ feature {NONE} -- Implementation: User
 				if attached sql_read_string (5) as l_email then
 					Result.set_email (l_email)
 				end
+				if attached sql_read_integer_32 (6) as l_status then
+					Result.set_status (l_status)
+				end
 			else
 				check expected_valid_user: False end
 			end
@@ -551,10 +691,11 @@ feature {NONE} -- Sql Queries: USER
 	Select_salt_by_username: STRING = "SELECT salt FROM Users WHERE name =:name;"
 			-- Retrieve salt by username if exists.
 
-	sql_insert_user: STRING = "INSERT INTO users (name, password, salt, email, created) VALUES (:name, :password, :salt, :email, :created);"
-			-- SQL Insert to add a new node.
+	sql_insert_user: STRING = "INSERT INTO users (name, password, salt, email, created, status) VALUES (:name, :password, :salt, :email, :created, :status);"
+			-- SQL Insert to add a new user.
 
-	sql_update_user: STRING = "UPDATE users SET name=:name, password=:password, salt=:salt, email=:email WHERE uid=:uid;"
+	sql_update_user: STRING = "UPDATE users SET name=:name, password=:password, salt=:salt, email=:email, status=:status WHERE uid=:uid;"
+			-- SQL update to update an existing user.
 
 feature {NONE} -- Sql Queries: USER ROLE
 
@@ -584,4 +725,32 @@ feature {NONE} -- Sql Queries: USER ROLE
 	select_role_permissions_by_role_id: STRING = "SELECT permission, module FROM role_permissions WHERE rid=:rid;"
 			-- User role permissions for role id :rid;
 
+feature {NONE} -- Sql Queries: USER ACTIVATION
+
+	sql_insert_activation: STRING = "INSERT INTO users_activations (token, uid, created) VALUES (:token, :uid, :utc_date);"
+			-- SQL insert a new activation :token.
+
+	sql_select_activation_expiration: STRING = "SELECT DATEDIFF(day,created,UTC_DATE()) FROM users_activations where token = :token;"
+			-- elapsed time that has passed in days since the token `a_token' was saved.
+
+	sql_select_userid_activation: STRING = "SELECT uid FROM users_activations where token = :token;"
+			-- Retrieve userid given the activation token.
+
+	Select_user_by_activation_token: STRING = "SELECT u.* FROM users as u JOIN users_activations as ua ON ua.uid = u.uid and ua.token = :token;"
+			-- Retrieve user by activation token if exist.
+
+	Sql_remove_activation: STRING = "DELETE FROM users_activations WHERE token = :token;"
+			-- Remove activation token.
+
+feature {NONE} -- User Password Recovery
+
+	sql_insert_password: STRING = "INSERT INTO users_password_recovery (token, uid, created) VALUES (:token, :uid, :utc_date);"
+			-- SQL insert a new password recovery :token.
+
+	Sql_remove_password: STRING = "DELETE FROM users_password_recovery WHERE token = :token;"
+			-- Retrieve password if exist.
+
+	Select_user_by_password_token: STRING = "SELECT u.* FROM users as u JOIN users_password_recovery as ua ON ua.uid = u.uid and ua.token = :token;"
+			-- Retrieve user by password token if exist.
+
 end