From c6b7c7358854f1aefa4798fd6c01220e31b5ab53 Mon Sep 17 00:00:00 2001
From: Jocelyn Fiat <github@djoce.net>
Date: Fri, 25 Aug 2017 10:13:13 +0200
Subject: [PATCH] Added basic auth for webapi. Fixed filter setup when a module
 has more than one filter.

---
 cms-safe.ecf                                  | 12 ++--
 cms.ecf                                       |  1 +
 .../cms_core_basic_webapi_auth_filter.e       | 56 +++++++++++++++++++
 .../core/webapi/cms_core_module_webapi.e      |  3 +-
 src/service/cms_execution.e                   |  7 ++-
 5 files changed, 71 insertions(+), 8 deletions(-)
 create mode 100644 src/modules/core/webapi/cms_core_basic_webapi_auth_filter.e

diff --git a/cms-safe.ecf b/cms-safe.ecf
index cebacd6..9d82c88 100644
--- a/cms-safe.ecf
+++ b/cms-safe.ecf
@@ -1,5 +1,5 @@
 <?xml version="1.0" encoding="ISO-8859-1"?>
-<system xmlns="http://www.eiffel.com/developers/xml/configuration-1-15-0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.eiffel.com/developers/xml/configuration-1-15-0 http://www.eiffel.com/developers/xml/configuration-1-15-0.xsd" name="cms" uuid="8CC0D052-57D1-4CAA-AFF1-448FA290734B" library_target="cms">
+<system xmlns="http://www.eiffel.com/developers/xml/configuration-1-17-0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.eiffel.com/developers/xml/configuration-1-17-0 http://www.eiffel.com/developers/xml/configuration-1-17-0.xsd" name="cms" uuid="8CC0D052-57D1-4CAA-AFF1-448FA290734B" library_target="cms">
 	<target name="cms">
 		<root all_classes="true"/>
 		<file_rule>
@@ -7,9 +7,12 @@
 			<exclude>/CVS$</exclude>
 			<exclude>/EIFGENs$</exclude>
 		</file_rule>
-		<option warning="true" void_safety="all">
+		<option warning="true">
 		</option>
-		<setting name="concurrency" value="scoop"/>
+		<capability>
+			<concurrency support="scoop" use="scoop"/>
+			<void_safety support="all" use="all"/>
+		</capability>
 		<mapping old_name="CMS_LAYOUT" new_name="CMS_ENVIRONMENT"/>
 		<library name="base" location="$ISE_LIBRARY\library\base\base-safe.ecf"/>
 		<library name="base_extension" location="$ISE_LIBRARY\library\base_extension\base_extension-safe.ecf"/>
@@ -19,7 +22,8 @@
 		<library name="crypto" location="$ISE_LIBRARY\unstable\library\text\encryption\crypto\crypto-safe.ecf"/>
 		<library name="encoder" location="$ISE_LIBRARY\contrib\library\web\framework\ewf\text\encoder\encoder-safe.ecf" readonly="false"/>
 		<library name="error" location="$ISE_LIBRARY\contrib\library\utility\general\error\error-safe.ecf"/>
-		<library name="http" location="$ISE_LIBRARY\contrib\library\network\protocol\http\http-safe.ecf"/>		
+		<library name="http" location="$ISE_LIBRARY\contrib\library\network\protocol\http\http-safe.ecf"/>
+		<library name="http_authorization" location="$ISE_LIBRARY\contrib\library\web\authentication\http_authorization\http_authorization-safe.ecf"/>
 		<library name="i18n" location="$ISE_LIBRARY\library\i18n\i18n-safe.ecf"/>
 		<library name="json" location="$ISE_LIBRARY\contrib\library\text\parser\json\library\json-safe.ecf" readonly="false"/>
 		<library name="kmp_matcher" location="$ISE_LIBRARY\library\text\regexp\kmp_matcher\kmp_matcher-safe.ecf"/>
diff --git a/cms.ecf b/cms.ecf
index 446990a..80e88e4 100644
--- a/cms.ecf
+++ b/cms.ecf
@@ -20,6 +20,7 @@
 		<library name="encoder" location="$ISE_LIBRARY\contrib\library\web\framework\ewf\text\encoder\encoder.ecf" readonly="false"/>
 		<library name="error" location="$ISE_LIBRARY\contrib\library\utility\general\error\error.ecf"/>
 		<library name="http" location="$ISE_LIBRARY\contrib\library\network\protocol\http\http.ecf"/>
+		<library name="http_authorization" location="$ISE_LIBRARY\contrib\library\web\authentication\http_authorization\http_authorization.ecf"/>
 		<library name="i18n" location="$ISE_LIBRARY\library\i18n\i18n.ecf"/>
 		<library name="json" location="$ISE_LIBRARY\contrib\library\text\parser\json\library\json.ecf" readonly="false"/>
 		<library name="kmp_matcher" location="$ISE_LIBRARY\library\text\regexp\kmp_matcher\kmp_matcher.ecf"/>
diff --git a/src/modules/core/webapi/cms_core_basic_webapi_auth_filter.e b/src/modules/core/webapi/cms_core_basic_webapi_auth_filter.e
new file mode 100644
index 0000000..37f2b1c
--- /dev/null
+++ b/src/modules/core/webapi/cms_core_basic_webapi_auth_filter.e
@@ -0,0 +1,56 @@
+note
+	description: "Summary description for {CMS_CORE_BASIC_WEBAPI_AUTH_FILTER}."
+	author: ""
+	date: "$Date$"
+	revision: "$Revision$"
+
+class
+	CMS_CORE_BASIC_WEBAPI_AUTH_FILTER
+
+inherit
+	WSF_FILTER
+
+create
+	make
+
+feature {NONE} -- Initialization
+
+	make (a_api: CMS_API)
+			-- Initialize Current handler with `a_api'.
+		do
+			api := a_api
+		end
+
+feature -- API Service
+
+	api: CMS_API
+
+feature -- Basic operations
+
+	execute (req: WSF_REQUEST; res: WSF_RESPONSE)
+			-- Execute the filter.
+		local
+			l_auth: HTTP_AUTHORIZATION
+		do
+			create l_auth.make (req.http_authorization)
+			if
+				l_auth.is_basic and then
+				attached l_auth.login as l_auth_login and then
+				attached l_auth.password as l_auth_password
+			then
+				if
+					api.user_api.is_valid_credential (l_auth_login, l_auth_password) and then
+					attached api.user_api.user_by_name (l_auth_login) as l_user
+				then
+					api.set_user (l_user)
+				else
+					-- not authenticated due to bad login or password.
+				end
+			end
+			execute_next (req, res)
+		end
+
+note
+	copyright: "2011-2017, Jocelyn Fiat, Javier Velilla, Eiffel Software and others"
+	license: "Eiffel Forum License v2 (see http://www.eiffel.com/licensing/forum.txt)"
+end
diff --git a/src/modules/core/webapi/cms_core_module_webapi.e b/src/modules/core/webapi/cms_core_module_webapi.e
index 4504a16..c11183a 100644
--- a/src/modules/core/webapi/cms_core_module_webapi.e
+++ b/src/modules/core/webapi/cms_core_module_webapi.e
@@ -46,8 +46,9 @@ feature -- Access: filter
 	filters (a_api: CMS_API): detachable LIST [WSF_FILTER]
 			-- Possibly list of Filter's module.
 		do
-			create {ARRAYED_LIST [WSF_FILTER]} Result.make (1)
+			create {ARRAYED_LIST [WSF_FILTER]} Result.make (2)
 			Result.extend (create {CMS_CORE_ACCESS_TOKEN_WEBAPI_AUTH_FILTER}.make (a_api))
+			Result.extend (create {CMS_CORE_BASIC_WEBAPI_AUTH_FILTER}.make (a_api))
 		end
 
 --feature -- Helpers
diff --git a/src/service/cms_execution.e b/src/service/cms_execution.e
index cbe6ec3..f6ad529 100644
--- a/src/service/cms_execution.e
+++ b/src/service/cms_execution.e
@@ -202,6 +202,7 @@ feature -- Settings: router
 							f := f_ic.item
 							l_filter.set_next (f)
 							f.set_next (l_last_filter)
+							l_filter := f
 						end
 					end
 				end
@@ -261,6 +262,7 @@ feature -- Settings: router
 								f := f_ic.item
 								l_filter.set_next (f)
 								f.set_next (l_last_filter)
+								l_filter := f
 							end
 						end
 --					elseif
@@ -439,13 +441,12 @@ feature -- Filters
 						f := f_ic.item
 						l_filter.set_next (f)
 						f.set_next (l_last_filter)
-
 --						f.set_next (l_filter)
---						l_filter := f
+						l_filter := f
 					end
 				end
 			end
-			filter := l_filter
+--			filter := l_filter
 		end
 
 feature -- Execution