diff --git a/modules/auth/cms_authentication_module.e b/modules/auth/cms_authentication_module.e index 21fc490..3e5538d 100644 --- a/modules/auth/cms_authentication_module.e +++ b/modules/auth/cms_authentication_module.e @@ -1,5 +1,5 @@ note - description: "Module Logging supporting different authentication strategies" + description: "Module Auth" date: "$Date: 2015-05-20 06:50:50 -0300 (mi. 20 de may. de 2015) $" revision: "$Revision: 97328 $" @@ -8,15 +8,9 @@ class inherit CMS_MODULE - rename - module_api as user_oauth_api + redefine - filters, - register_hooks, - initialize, - is_installed, - install, - user_oauth_api + register_hooks end @@ -57,103 +51,6 @@ feature {NONE} -- Initialization cache_duration := 0 end -feature {CMS_API} -- Module Initialization - - initialize (a_api: CMS_API) - -- - local - l_user_auth_api: like user_oauth_api - l_user_auth_storage: CMS_OAUTH_20_STORAGE_I - do - Precursor (a_api) - - -- Storage initialization - if attached {CMS_STORAGE_SQL_I} a_api.storage as l_storage_sql then - create {CMS_OAUTH_20_STORAGE_SQL} l_user_auth_storage.make (l_storage_sql) - else - -- FIXME: in case of NULL storage, should Current be disabled? - create {CMS_OAUTH_20_STORAGE_NULL} l_user_auth_storage - end - - -- Node API initialization - create l_user_auth_api.make_with_storage (a_api, l_user_auth_storage) - user_oauth_api := l_user_auth_api - ensure then - user_oauth_api_set: user_oauth_api /= Void - end - -feature {CMS_API} -- Module management - - is_installed (api: CMS_API): BOOLEAN - -- Is Current module installed? - do - Result := attached api.storage.custom_value ("is_initialized", "module-" + name) as v and then v.is_case_insensitive_equal_general ("yes") - end - - install (api: CMS_API) - local - l_setup: CMS_SETUP - l_params: detachable STRING_TABLE [detachable ANY] - l_consumers: LIST [STRING] - do - l_setup := api.setup - - -- Schema - if attached {CMS_STORAGE_SQL_I} api.storage as l_sql_storage then - if not l_sql_storage.sql_table_exists ("oauth2_consumers") then - --| Schema - l_sql_storage.sql_execute_file_script (l_setup.environment.path.extended ("scripts").extended ("oauth2_consumers.sql")) - - if l_sql_storage.has_error then - api.logger.put_error ("Could not initialize database for blog module", generating_type) - end - -- TODO workaround. - l_sql_storage.sql_execute_file_script (l_setup.environment.path.extended ("scripts").extended ("oauth2_consumers_initialize.sql")) - end - - -- TODO workaround, until we have an admin module - l_sql_storage.sql_query ("SELECT name FROM oauth2_consumers;", Void) - if l_sql_storage.has_error then - api.logger.put_error ("Could not initialize database for differnent consumerns", generating_type) - else - from - l_sql_storage.sql_start - create {ARRAYED_LIST[STRING]} l_consumers.make (2) - until - l_sql_storage.sql_after - loop - if attached l_sql_storage.sql_read_string (1) as l_name then - l_consumers.force ("oauth2_"+l_name) - end - l_sql_storage.sql_forth - end - across l_consumers as ic loop - if not l_sql_storage.sql_table_exists (ic.item) then - create l_params.make (1) - l_params.force (ic.item, "table_name") - l_sql_storage.sql_execute_file_script_with_params (l_setup.environment.path.extended ("scripts").extended ("oauth2_template.sql"), l_params) - end - end - end - api.storage.set_custom_value ("is_initialized", "module-" + name, "yes") - end - end - -feature {CMS_API} -- Access: API - - user_oauth_api: detachable CMS_OAUTH_20_API - -- - -feature -- Filters - - filters (a_api: CMS_API): detachable LIST [WSF_FILTER] - -- Possibly list of Filter's module. - do - create {ARRAYED_LIST [WSF_FILTER]} Result.make (1) - if attached user_oauth_api as l_user_oauth_api then - Result.extend (create {CMS_OAUTH_20_FILTER}.make (a_api, l_user_oauth_api)) - end - end feature -- Access: docs @@ -176,13 +73,11 @@ feature -- Router setup_router (a_router: WSF_ROUTER; a_api: CMS_API) -- do - if attached user_oauth_api as l_user_oauth_api then - configure_web (a_api, l_user_oauth_api, a_router) - end + configure_web (a_api, a_router) end - configure_web (a_api: CMS_API; a_user_oauth_api: CMS_OAUTH_20_API; a_router: WSF_ROUTER) + configure_web (a_api: CMS_API; a_router: WSF_ROUTER) do a_router.handle ("/account/roc-login", create {WSF_URI_AGENT_HANDLER}.make (agent handle_login (a_api, ?, ?)), a_router.methods_head_get) a_router.handle ("/account/roc-register", create {WSF_URI_AGENT_HANDLER}.make (agent handle_register (a_api, ?, ?)), a_router.methods_get_post) @@ -191,8 +86,6 @@ feature -- Router a_router.handle ("/account/new-password", create {WSF_URI_AGENT_HANDLER}.make (agent handle_new_password (a_api, ?, ?)), a_router.methods_get_post) a_router.handle ("/account/reset-password", create {WSF_URI_AGENT_HANDLER}.make (agent handle_reset_password (a_api, ?, ?)), a_router.methods_get_post) a_router.handle ("/account/roc-logout", create {WSF_URI_AGENT_HANDLER}.make (agent handle_logout (a_api, ?, ?)), a_router.methods_get_post) - a_router.handle ("/account/login-with-oauth/{callback}", create {WSF_URI_TEMPLATE_AGENT_HANDLER}.make (agent handle_login_with_oauth (a_api,a_user_oauth_api, ?, ?)), a_router.methods_get_post) - a_router.handle ("/account/{callback}", create {WSF_URI_TEMPLATE_AGENT_HANDLER}.make (agent handle_callback_oauth (a_api, a_user_oauth_api, ?, ?)), a_router.methods_get_post) end @@ -289,27 +182,11 @@ feature -- Hooks l_url: STRING l_cookie: WSF_COOKIE do - if - attached {WSF_STRING} req.cookie ({CMS_AUTHENTICATION_CONSTANTS}.oauth_session) as l_cookie_token and then - attached {CMS_USER} current_user (req) as l_user - then - -- Logout gmail - create l_cookie.make ({CMS_AUTHENTICATION_CONSTANTS}.oauth_session, l_cookie_token.value) - l_cookie.set_path ("/") - l_cookie.set_max_age (-1) - res.add_cookie (l_cookie) - unset_current_user (req) - create {GENERIC_VIEW_CMS_RESPONSE} r.make (req, res, api) - r.set_status_code ({HTTP_CONSTANTS}.found) - r.set_redirection (req.absolute_script_url ("")) - r.execute - else - create {GENERIC_VIEW_CMS_RESPONSE} r.make (req, res, api) - r.set_status_code ({HTTP_CONSTANTS}.found) - l_url := req.absolute_script_url ("/basic_auth_logoff") - r.set_redirection (l_url) - r.execute - end + create {GENERIC_VIEW_CMS_RESPONSE} r.make (req, res, api) + r.set_status_code ({HTTP_CONSTANTS}.found) + l_url := req.absolute_script_url ("/basic_auth_logoff") + r.set_redirection (l_url) + r.execute end handle_register (api: CMS_API; req: WSF_REQUEST; res: WSF_RESPONSE) @@ -554,13 +431,6 @@ feature {NONE} -- Block views loop l_tpl_block.set_value (ic.item, ic.key) end - if - attached user_oauth_api as l_auth_api and then - attached l_auth_api.oauth2_consumers as l_list - then - l_tpl_block.set_value (l_list, "oauth_consumers") - end - a_response.add_block (l_tpl_block, "content") else debug ("cms") @@ -708,110 +578,6 @@ feature {NONE} -- Block views end end -feature -- OAuth2 Login with google. - - handle_login_with_oauth (api: CMS_API; a_oauth_api: CMS_OAUTH_20_API; req: WSF_REQUEST; res: WSF_RESPONSE) - local - r: CMS_RESPONSE - l_oauth: CMS_OAUTH_20_WORKFLOW - do - if - attached {WSF_STRING} req.path_parameter ("callback") as p_consumer and then - attached {CMS_OAUTH_20_CONSUMER} a_oauth_api.oauth_consumer_by_name (p_consumer.value) as l_consumer - then - create l_oauth.make (req.server_url, l_consumer) - if attached l_oauth.authorization_url as l_authorization_url then - create {GENERIC_VIEW_CMS_RESPONSE} r.make (req, res, api) - r.set_redirection (l_authorization_url) - r.execute - else - create {BAD_REQUEST_ERROR_CMS_RESPONSE} r.make (req, res, api) - r.set_main_content ("Bad request") - r.execute - end - else - create {BAD_REQUEST_ERROR_CMS_RESPONSE} r.make (req, res, api) - r.set_main_content ("Bad request") - r.execute - end - end - - handle_callback_oauth (api: CMS_API; a_user_oauth_api: CMS_OAUTH_20_API; req: WSF_REQUEST; res: WSF_RESPONSE) - local - r: CMS_RESPONSE - l_auth: CMS_OAUTH_20_WORKFLOW - l_user_api: CMS_USER_API - l_user: CMS_USER - l_roles: LIST [CMS_USER_ROLE] - l_cookie: WSF_COOKIE - es: CMS_AUTHENTICATON_EMAIL_SERVICE - do - if attached {WSF_STRING} req.path_parameter ("callback") as l_callback and then - attached {CMS_OAUTH_20_CONSUMER} a_user_oauth_api.oauth_consumer_by_callback (l_callback.value) as l_consumer and then - attached {WSF_STRING} req.query_parameter ("code") as l_code - then - create l_auth.make (req.server_url, l_consumer) - l_auth.sign_request (l_code.value) - if - attached l_auth.access_token as l_access_token and then - attached l_auth.user_profile as l_user_profile - then - create {GENERIC_VIEW_CMS_RESPONSE} r.make (req, res, api) - -- extract user email - -- check if the user exist - l_user_api := api.user_api - -- 1 if the user exit put it in the context - if - attached l_auth.user_email as l_email - then - if attached l_user_api.user_by_email (l_email) as p_user then - -- User with email exist - if attached a_user_oauth_api.user_oauth2_by_id (p_user.id, l_consumer.name) then - -- Update oauth entry - a_user_oauth_api.update_user_oauth2 (l_access_token.token, l_user_profile, p_user, l_consumer.name ) - else - -- create a oauth entry - a_user_oauth_api.new_user_oauth2 (l_access_token.token, l_user_profile, p_user, l_consumer.name ) - end - create l_cookie.make ({CMS_AUTHENTICATION_CONSTANTS}.oauth_session, l_access_token.token) - l_cookie.set_max_age (l_access_token.expires_in) - l_cookie.set_path ("/") - res.add_cookie (l_cookie) - else - - create {ARRAYED_LIST [CMS_USER_ROLE]} l_roles.make (1) - l_roles.force (l_user_api.authenticated_user_role) - - -- Create a new user and oauth entry - create l_user.make (l_email) - l_user.set_email (l_email) - l_user.set_password (new_token) -- generate a random password. - l_user.set_roles (l_roles) - l_user.mark_active - l_user_api.new_user (l_user) - - -- Add oauth entry - a_user_oauth_api.new_user_oauth2 (l_access_token.token, l_user_profile, l_user, l_consumer.name ) - create l_cookie.make ({CMS_AUTHENTICATION_CONSTANTS}.oauth_session, l_access_token.token) - l_cookie.set_max_age (l_access_token.expires_in) - l_cookie.set_path ("/") - res.add_cookie (l_cookie) - set_current_user (req, l_user) - - - -- Send Email - create es.make (create {CMS_AUTHENTICATION_EMAIL_SERVICE_PARAMETERS}.make (api)) - write_debug_log (generator + ".handle register: send_contact_welcome_email") - es.send_contact_welcome_email (l_email, "") - end - end - r.set_redirection (r.front_page_url) - r.execute - end - - end - - end feature {NONE} -- Token Generation diff --git a/modules/auth/cms_oauth_20_api.e b/modules/oauth20/cms_oauth_20_api.e similarity index 98% rename from modules/auth/cms_oauth_20_api.e rename to modules/oauth20/cms_oauth_20_api.e index a1876d6..22de8a4 100644 --- a/modules/auth/cms_oauth_20_api.e +++ b/modules/oauth20/cms_oauth_20_api.e @@ -13,7 +13,7 @@ inherit REFACTORING_HELPER -create {CMS_AUTHENTICATION_MODULE} +create {CMS_OAUTH_20_MODULE} make_with_storage feature {NONE} -- Initialization diff --git a/modules/auth/cms_authentication_constants.e b/modules/oauth20/cms_oauth_20_constants.e similarity index 50% rename from modules/auth/cms_authentication_constants.e rename to modules/oauth20/cms_oauth_20_constants.e index d0debbb..eebe6f1 100644 --- a/modules/auth/cms_authentication_constants.e +++ b/modules/oauth20/cms_oauth_20_constants.e @@ -1,10 +1,10 @@ note - description: "Summary description for {CMS_AUTHENTICATION_CONSTANTS}." + description: "Summary description for {CMS_OAUTH_20_CONSTANTS}." date: "$Date$" revision: "$Revision$" class - CMS_AUTHENTICATION_CONSTANTS + CMS_OAUTH_20_CONSTANTS feature -- Access @@ -12,4 +12,10 @@ feature -- Access -- Name of Cookie used to keep the session info. -- FIXME: make this configurable. + oauth_callback: STRING = "callback" + -- Callback parameter. + + oauth_code: STRING = "code" + -- Code query parameter. + end diff --git a/modules/auth/cms_oauth_20_consumer.e b/modules/oauth20/cms_oauth_20_consumer.e similarity index 100% rename from modules/auth/cms_oauth_20_consumer.e rename to modules/oauth20/cms_oauth_20_consumer.e diff --git a/modules/oauth20/cms_oauth_20_email_service.e b/modules/oauth20/cms_oauth_20_email_service.e new file mode 100644 index 0000000..9ac7c49 --- /dev/null +++ b/modules/oauth20/cms_oauth_20_email_service.e @@ -0,0 +1,63 @@ +note + description: "Summary description for {CMS_OAUTH_20_EMAIL_SERVICE}." + date: "$Date$" + revision: "$Revision$" + +class + CMS_OAUTH_20_EMAIL_SERVICE + +inherit + EMAIL_SERVICE + redefine + initialize, + parameters + end + +create + make + +feature {NONE} -- Initialization + + initialize + do + Precursor + contact_email := parameters.contact_email + end + + parameters: CMS_OAUTH_20_EMAIL_SERVICE_PARAMETERS + -- Associated parameters. + +feature -- Access + + contact_email: IMMUTABLE_STRING_8 + -- contact email. + +feature -- Basic Operations + + send_contact_email (a_to, a_content: READABLE_STRING_8) + -- Send successful contact message `a_token' to `a_to'. + require + attached_to: a_to /= Void + local + l_message: STRING + do + create l_message.make_from_string (parameters.account_activation) + l_message.replace_substring_all ("$link", a_content) + send_message (contact_email, a_to, parameters.contact_subject_register, l_message) + end + + + send_contact_welcome_email (a_to, a_content: READABLE_STRING_8) + -- Send successful contact message `a_token' to `a_to'. + require + attached_to: a_to /= Void + local + l_message: STRING + do + create l_message.make_from_string (parameters.account_welcome) + l_message.replace_substring_all ("$link", a_content) + send_message (contact_email, a_to, parameters.contact_subject_oauth, l_message) + end + + +end diff --git a/modules/oauth20/cms_oauth_20_email_service_parameters.e b/modules/oauth20/cms_oauth_20_email_service_parameters.e new file mode 100644 index 0000000..52cb1d4 --- /dev/null +++ b/modules/oauth20/cms_oauth_20_email_service_parameters.e @@ -0,0 +1,260 @@ +note + description: "Summary description for {CMS_OAUTH_20_EMAIL_SERVICE_PARAMETERS}." + date: "$Date$" + revision: "$Revision$" + +class + CMS_OAUTH_20_EMAIL_SERVICE_PARAMETERS + +inherit + EMAIL_SERVICE_PARAMETERS + +create + make + +feature {NONE} -- Initialization + + make (a_cms_api: CMS_API) + local + utf: UTF_CONVERTER + l_site_name: READABLE_STRING_8 + s: detachable READABLE_STRING_32 + l_contact_email, l_subject_register, l_subject_activate, l_subject_password, l_subject_oauth: detachable READABLE_STRING_8 + do + setup := a_cms_api.setup + -- Use global smtp setting if any, otherwise "localhost" + smtp_server := utf.escaped_utf_32_string_to_utf_8_string_8 (a_cms_api.setup.text_item_or_default ("smtp", "localhost")) + l_site_name := utf.escaped_utf_32_string_to_utf_8_string_8 (a_cms_api.setup.site_name) + admin_email := a_cms_api.setup.site_email + + if not admin_email.has ('<') then + admin_email := l_site_name + " <" + admin_email +">" + end + + if attached {CONFIG_READER} a_cms_api.module_configuration ("login", Void) as cfg then + if attached cfg.text_item ("smtp") as l_smtp then + -- Overwrite global smtp setting if any. + smtp_server := utf.utf_32_string_to_utf_8_string_8 (l_smtp) + end + s := cfg.text_item ("email") + if s /= Void then + l_contact_email := utf.utf_32_string_to_utf_8_string_8 (s) + end + s := cfg.text_item ("subject_register") + if s /= Void then + l_subject_register := utf.utf_32_string_to_utf_8_string_8 (s) + end + s := cfg.text_item ("subject_activate") + if s /= Void then + l_subject_register := utf.utf_32_string_to_utf_8_string_8 (s) + end + s := cfg.text_item ("subject_password") + if s /= Void then + l_subject_register := utf.utf_32_string_to_utf_8_string_8 (s) + end + s := cfg.text_item ("subject_oauth") + if s /= Void then + l_subject_oauth := utf.utf_32_string_to_utf_8_string_8 (s) + end + + end + if l_contact_email /= Void then + if not l_contact_email.has ('<') then + l_contact_email := l_site_name + " <" + l_contact_email + ">" + end + contact_email := l_contact_email + else + contact_email := admin_email + end + if l_subject_register /= Void then + contact_subject_register := l_subject_register + else + contact_subject_register := "Thank you for registering with us." + end + + if l_subject_activate /= Void then + contact_subject_activate := l_subject_activate + else + contact_subject_activate := "New account activation token." + end + if l_subject_password /= Void then + contact_subject_password := l_subject_password + else + contact_subject_password := "Password Recovery." + end + if l_subject_oauth /= Void then + contact_subject_oauth := l_subject_oauth + else + contact_subject_oauth := "Welcome." + end + + end + +feature -- Access + + smtp_server: IMMUTABLE_STRING_8 + + admin_email: IMMUTABLE_STRING_8 + + contact_email: IMMUTABLE_STRING_8 + -- Contact email. + + contact_subject_register: IMMUTABLE_STRING_8 + contact_subject_activate: IMMUTABLE_STRING_8 + contact_subject_password: IMMUTABLE_STRING_8 + contact_subject_oauth: IMMUTABLE_STRING_8 + + account_activation: STRING + -- Account activation template email message. + do + Result := template_string ("account_activation.html", default_template_account_activation) + end + + account_re_activation: STRING + -- Account re_activation template email message. + do + Result := template_string ("accunt_re_activation.html", default_template_account_re_activation) + end + + account_password: STRING + -- Account password template email message. + do + Result := template_string ("account_new_password.html", default_template_account_new_password) + end + + account_welcome: STRING + -- Account welcome template email message. + do + Result := template_string ("account_welcome.html", default_template_account_welcome) + end + +feature {NONE} -- Implementation: Template + + template_path (a_name: READABLE_STRING_GENERAL): PATH + -- Location of template named `a_name'. + do + Result := setup.environment.config_path.extended ("modules").extended ("login").extended (a_name) + end + + template_string (a_name: READABLE_STRING_GENERAL; a_default: STRING): STRING + -- Content of template named `a_name', or `a_default' if template is not found. + local + p: PATH + do + p := template_path ("account_activation.html") + if attached read_template_file (p) as l_content then + Result := l_content + else + create Result.make_from_string (a_default) + end + end + +feature {NONE} -- Implementation + + setup: CMS_SETUP + + read_template_file (a_path: PATH): detachable STRING + -- Read the content of the file at path `a_path'. + local + l_file: FILE + n: INTEGER + do + create {PLAIN_TEXT_FILE} l_file.make_with_path (a_path) + if l_file.exists and then l_file.is_readable then + n := l_file.count + l_file.open_read + l_file.read_stream (n) + Result := l_file.last_string + l_file.close + else + -- Error + end + end + + +feature {NONE} -- Message email + + default_template_account_activation: STRING = "[ + + + + + Activation + + + + + +

Thank you for registering at ROC CMS

+ +

To complete your registration, please click on the following link to activate your account:

+ +

$link

+

Thank you for joining us.

+ + + ]" + + + default_template_account_re_activation: STRING = "[ + + + + + New Activation + + + + + +

You have requested a new activation token at ROC CMS

+ +

To complete your registration, please click on the following link to activate your account:

+ +

$link

+

Thank you for joining us.

+ + + ]" + + + + default_template_account_new_password: STRING = "[ + + + + + New Password + + + + + +

You have required a new password at ROC CMS

+ +

To complete your request, please click on this link to generate a new password:

+ +

$link

+ + + ]" + + + default_template_account_welcome: STRING = "[ + + + + + Welcome + + + + + +

Welcome toROC CMS

+

Thank you for joining us.

+ + + ]" + +end diff --git a/modules/auth/persistence/cms_oauth_20_generic_api.e b/modules/oauth20/cms_oauth_20_generic_api.e similarity index 100% rename from modules/auth/persistence/cms_oauth_20_generic_api.e rename to modules/oauth20/cms_oauth_20_generic_api.e diff --git a/modules/oauth20/cms_oauth_20_module.e b/modules/oauth20/cms_oauth_20_module.e new file mode 100644 index 0000000..37d1767 --- /dev/null +++ b/modules/oauth20/cms_oauth_20_module.e @@ -0,0 +1,500 @@ +note + description: "Generic OAuth Module supporting authentication using different providers." + date: "$Date: 2015-05-20 06:50:50 -0300 (mi. 20 de may. de 2015) $" + revision: "$Revision: 97328 $" + +class + CMS_OAUTH_20_MODULE + +inherit + CMS_MODULE + rename + module_api as user_oauth_api + redefine + filters, + register_hooks, + initialize, + is_installed, + install, + user_oauth_api + end + + + CMS_HOOK_BLOCK + + CMS_HOOK_AUTO_REGISTER + + CMS_HOOK_MENU_SYSTEM_ALTER + + CMS_HOOK_VALUE_TABLE_ALTER + + SHARED_EXECUTION_ENVIRONMENT + export + {NONE} all + end + + REFACTORING_HELPER + + SHARED_LOGGER + + CMS_REQUEST_UTIL + + +create + make + +feature {NONE} -- Initialization + + make + -- Create current module + do + name := "login" + version := "1.0" + description := "Authentication module" + package := "authentication" + + create root_dir.make_current + cache_duration := 0 + end + +feature {CMS_API} -- Module Initialization + + initialize (a_api: CMS_API) + -- + local + l_user_auth_api: like user_oauth_api + l_user_auth_storage: CMS_OAUTH_20_STORAGE_I + do + Precursor (a_api) + + -- Storage initialization + if attached {CMS_STORAGE_SQL_I} a_api.storage as l_storage_sql then + create {CMS_OAUTH_20_STORAGE_SQL} l_user_auth_storage.make (l_storage_sql) + else + -- FIXME: in case of NULL storage, should Current be disabled? + create {CMS_OAUTH_20_STORAGE_NULL} l_user_auth_storage + end + + -- Node API initialization + create l_user_auth_api.make_with_storage (a_api, l_user_auth_storage) + user_oauth_api := l_user_auth_api + ensure then + user_oauth_api_set: user_oauth_api /= Void + end + +feature {CMS_API} -- Module management + + is_installed (api: CMS_API): BOOLEAN + -- Is Current module installed? + do + Result := attached api.storage.custom_value ("is_initialized", "module-" + name) as v and then v.is_case_insensitive_equal_general ("yes") + end + + install (api: CMS_API) + local + l_setup: CMS_SETUP + l_params: detachable STRING_TABLE [detachable ANY] + l_consumers: LIST [STRING] + do + l_setup := api.setup + + -- Schema + if attached {CMS_STORAGE_SQL_I} api.storage as l_sql_storage then + if not l_sql_storage.sql_table_exists ("oauth2_consumers") then + --| Schema + l_sql_storage.sql_execute_file_script (l_setup.environment.path.extended ("scripts").extended ("oauth2_consumers.sql")) + + if l_sql_storage.has_error then + api.logger.put_error ("Could not initialize database for blog module", generating_type) + end + -- TODO workaround. + l_sql_storage.sql_execute_file_script (l_setup.environment.path.extended ("scripts").extended ("oauth2_consumers_initialize.sql")) + end + + -- TODO workaround, until we have an admin module + l_sql_storage.sql_query ("SELECT name FROM oauth2_consumers;", Void) + if l_sql_storage.has_error then + api.logger.put_error ("Could not initialize database for differnent consumerns", generating_type) + else + from + l_sql_storage.sql_start + create {ARRAYED_LIST[STRING]} l_consumers.make (2) + until + l_sql_storage.sql_after + loop + if attached l_sql_storage.sql_read_string (1) as l_name then + l_consumers.force ("oauth2_"+l_name) + end + l_sql_storage.sql_forth + end + across l_consumers as ic loop + if not l_sql_storage.sql_table_exists (ic.item) then + create l_params.make (1) + l_params.force (ic.item, "table_name") + l_sql_storage.sql_execute_file_script_with_params (l_setup.environment.path.extended ("scripts").extended ("oauth2_template.sql"), l_params) + end + end + end + api.storage.set_custom_value ("is_initialized", "module-" + name, "yes") + end + end + +feature {CMS_API} -- Access: API + + user_oauth_api: detachable CMS_OAUTH_20_API + -- + +feature -- Filters + + filters (a_api: CMS_API): detachable LIST [WSF_FILTER] + -- Possibly list of Filter's module. + do + create {ARRAYED_LIST [WSF_FILTER]} Result.make (1) + if attached user_oauth_api as l_user_oauth_api then + Result.extend (create {CMS_OAUTH_20_FILTER}.make (a_api, l_user_oauth_api)) + end + end + +feature -- Access: docs + + root_dir: PATH + + cache_duration: INTEGER + -- Caching duration + --| 0: disable + --| -1: cache always valie + --| nb: cache expires after nb seconds. + + cache_disabled: BOOLEAN + do + Result := cache_duration = 0 + end + +feature -- Router + + + setup_router (a_router: WSF_ROUTER; a_api: CMS_API) + -- + do + if attached user_oauth_api as l_user_oauth_api then + configure_web (a_api, l_user_oauth_api, a_router) + end + end + + + configure_web (a_api: CMS_API; a_user_oauth_api: CMS_OAUTH_20_API; a_router: WSF_ROUTER) + do + a_router.handle ("/account/roc-login", create {WSF_URI_AGENT_HANDLER}.make (agent handle_login (a_api, ?, ?)), a_router.methods_head_get) + a_router.handle ("/account/roc-logout", create {WSF_URI_AGENT_HANDLER}.make (agent handle_logout (a_api, ?, ?)), a_router.methods_get_post) + a_router.handle ("/account/login-with-oauth/{callback}", create {WSF_URI_TEMPLATE_AGENT_HANDLER}.make (agent handle_login_with_oauth (a_api,a_user_oauth_api, ?, ?)), a_router.methods_get_post) + a_router.handle ("/account/{callback}", create {WSF_URI_TEMPLATE_AGENT_HANDLER}.make (agent handle_callback_oauth (a_api, a_user_oauth_api, ?, ?)), a_router.methods_get_post) + end + + +feature -- Hooks configuration + + register_hooks (a_response: CMS_RESPONSE) + -- Module hooks configuration. + do + auto_subscribe_to_hooks (a_response) + a_response.subscribe_to_block_hook (Current) + a_response.subscribe_to_value_table_alter_hook (Current) + end + +feature -- Hooks + + value_table_alter (a_value: CMS_VALUE_TABLE; a_response: CMS_RESPONSE) + -- + do + if attached current_user (a_response.request) as l_user then + a_value.force (l_user, "user") + end + end + + menu_system_alter (a_menu_system: CMS_MENU_SYSTEM; a_response: CMS_RESPONSE) + -- Hook execution on collection of menu contained by `a_menu_system' + -- for related response `a_response'. + local + lnk: CMS_LOCAL_LINK + do + if attached a_response.current_user (a_response.request) as u then + create lnk.make (u.name + " (Logout)", "account/roc-logout" ) + else + create lnk.make ("Login", "account/roc-login") + end + a_menu_system.primary_menu.extend (lnk) + lnk.set_weight (98) + end + + block_list: ITERABLE [like {CMS_BLOCK}.name] + local + l_string: STRING + do + Result := <<"login">> + create l_string.make_empty + across Result as ic loop + l_string.append (ic.item) + l_string.append_character (' ') + end + write_debug_log (generator + ".block_list:" + l_string ) + end + + get_block_view (a_block_id: READABLE_STRING_8; a_response: CMS_RESPONSE) + do + if + a_block_id.is_case_insensitive_equal_general ("login") and then + a_response.location.starts_with ("account/roc-login") + then + get_block_view_login (a_block_id, a_response) + end + end + + handle_login (api: CMS_API; req: WSF_REQUEST; res: WSF_RESPONSE) + local + r: CMS_RESPONSE + do + create {GENERIC_VIEW_CMS_RESPONSE} r.make (req, res, api) + r.set_value ("Login", "optional_content_type") + r.execute + end + + handle_logout (api: CMS_API; req: WSF_REQUEST; res: WSF_RESPONSE) + local + r: CMS_RESPONSE + l_cookie: WSF_COOKIE + do + if + attached {WSF_STRING} req.cookie ({CMS_OAUTH_20_CONSTANTS}.oauth_session) as l_cookie_token and then + attached {CMS_USER} current_user (req) as l_user + then + -- Logout OAuth + create l_cookie.make ({CMS_OAUTH_20_CONSTANTS}.oauth_session, l_cookie_token.value) + l_cookie.set_path ("/") + l_cookie.set_max_age (-1) + res.add_cookie (l_cookie) + unset_current_user (req) + create {GENERIC_VIEW_CMS_RESPONSE} r.make (req, res, api) + r.set_status_code ({HTTP_CONSTANTS}.found) + r.set_redirection (req.absolute_script_url ("")) + r.execute + end + end + +feature {NONE} -- Helpers + + template_block (a_block_id: READABLE_STRING_8; a_response: CMS_RESPONSE): detachable CMS_SMARTY_TEMPLATE_BLOCK + -- Smarty content block for `a_block_id' + local + p: detachable PATH + do + create p.make_from_string ("templates") + p := p.extended ("block_").appended (a_block_id).appended_with_extension ("tpl") + p := a_response.module_resource_path (Current, p) + if p /= Void then + if attached p.entry as e then + create Result.make (a_block_id, Void, p.parent, e) + else + create Result.make (a_block_id, Void, p.parent, p) + end + end + end + +feature {NONE} -- Block views + + get_block_view_login (a_block_id: READABLE_STRING_8; a_response: CMS_RESPONSE) + local + vals: CMS_VALUE_TABLE + do + if attached template_block (a_block_id, a_response) as l_tpl_block then + create vals.make (1) + -- add the variable to the block + value_table_alter (vals, a_response) + across + vals as ic + loop + l_tpl_block.set_value (ic.item, ic.key) + end + if + attached user_oauth_api as l_auth_api and then + attached l_auth_api.oauth2_consumers as l_list + then + l_tpl_block.set_value (l_list, "oauth_consumers") + end + + a_response.add_block (l_tpl_block, "content") + else + debug ("cms") + a_response.add_warning_message ("Error with block [" + a_block_id + "]") + end + end + end + + +feature -- OAuth2 Login with Provider + + handle_login_with_oauth (api: CMS_API; a_oauth_api: CMS_OAUTH_20_API; req: WSF_REQUEST; res: WSF_RESPONSE) + local + r: CMS_RESPONSE + l_oauth: CMS_OAUTH_20_WORKFLOW + do + if + attached {WSF_STRING} req.path_parameter ({CMS_OAUTH_20_CONSTANTS}.oauth_callback) as p_consumer and then + attached {CMS_OAUTH_20_CONSUMER} a_oauth_api.oauth_consumer_by_name (p_consumer.value) as l_consumer + then + create l_oauth.make (req.server_url, l_consumer) + if attached l_oauth.authorization_url as l_authorization_url then + create {GENERIC_VIEW_CMS_RESPONSE} r.make (req, res, api) + r.set_redirection (l_authorization_url) + r.execute + else + create {BAD_REQUEST_ERROR_CMS_RESPONSE} r.make (req, res, api) + r.set_main_content ("Bad request") + r.execute + end + else + create {BAD_REQUEST_ERROR_CMS_RESPONSE} r.make (req, res, api) + r.set_main_content ("Bad request") + r.execute + end + end + + handle_callback_oauth (api: CMS_API; a_user_oauth_api: CMS_OAUTH_20_API; req: WSF_REQUEST; res: WSF_RESPONSE) + local + r: CMS_RESPONSE + l_auth: CMS_OAUTH_20_WORKFLOW + l_user_api: CMS_USER_API + l_user: CMS_USER + l_roles: LIST [CMS_USER_ROLE] + l_cookie: WSF_COOKIE + es: CMS_OAUTH_20_EMAIL_SERVICE + do + if attached {WSF_STRING} req.path_parameter ({CMS_OAUTH_20_CONSTANTS}.oauth_callback) as l_callback and then + attached {CMS_OAUTH_20_CONSUMER} a_user_oauth_api.oauth_consumer_by_callback (l_callback.value) as l_consumer and then + attached {WSF_STRING} req.query_parameter ({CMS_OAUTH_20_CONSTANTS}.oauth_code) as l_code + then + create l_auth.make (req.server_url, l_consumer) + l_auth.sign_request (l_code.value) + if + attached l_auth.access_token as l_access_token and then + attached l_auth.user_profile as l_user_profile + then + create {GENERIC_VIEW_CMS_RESPONSE} r.make (req, res, api) + -- extract user email + -- check if the user exist + l_user_api := api.user_api + -- 1 if the user exit put it in the context + if + attached l_auth.user_email as l_email + then + if attached l_user_api.user_by_email (l_email) as p_user then + -- User with email exist + if attached a_user_oauth_api.user_oauth2_by_id (p_user.id, l_consumer.name) then + -- Update oauth entry + a_user_oauth_api.update_user_oauth2 (l_access_token.token, l_user_profile, p_user, l_consumer.name ) + else + -- create a oauth entry + a_user_oauth_api.new_user_oauth2 (l_access_token.token, l_user_profile, p_user, l_consumer.name ) + end + create l_cookie.make ({CMS_OAUTH_20_CONSTANTS}.oauth_session, l_access_token.token) + l_cookie.set_max_age (l_access_token.expires_in) + l_cookie.set_path ("/") + res.add_cookie (l_cookie) + else + + create {ARRAYED_LIST [CMS_USER_ROLE]} l_roles.make (1) + l_roles.force (l_user_api.authenticated_user_role) + + -- Create a new user and oauth entry + create l_user.make (l_email) + l_user.set_email (l_email) + l_user.set_password (new_token) -- generate a random password. + l_user.set_roles (l_roles) + l_user.mark_active + l_user_api.new_user (l_user) + + -- Add oauth entry + a_user_oauth_api.new_user_oauth2 (l_access_token.token, l_user_profile, l_user, l_consumer.name ) + create l_cookie.make ({CMS_OAUTH_20_CONSTANTS}.oauth_session, l_access_token.token) + l_cookie.set_max_age (l_access_token.expires_in) + l_cookie.set_path ("/") + res.add_cookie (l_cookie) + set_current_user (req, l_user) + + + -- Send Email + create es.make (create {CMS_OAUTH_20_EMAIL_SERVICE_PARAMETERS}.make (api)) + write_debug_log (generator + ".handle_callback_oauth: send_contact_welcome_email") + es.send_contact_welcome_email (l_email, "") + end + end + r.set_redirection (r.front_page_url) + r.execute + end + + end + + end + +feature {NONE} -- Token Generation + + new_token: STRING + -- Generate a new token activation token + local + l_token: STRING + l_security: SECURITY_PROVIDER + l_encode: URL_ENCODER + do + create l_security + l_token := l_security.token + create l_encode + from until l_token.same_string (l_encode.encoded_string (l_token)) loop + -- Loop ensure that we have a security token that does not contain characters that need encoding. + -- We cannot simply to an encode-decode because the email sent to the user will contain an encoded token + -- but the user will need to use an unencoded token if activation has to be done manually. + l_token := l_security.token + end + Result := l_token + end + +feature {NONE} -- Implementation: date and time + + http_date_format_to_date (s: READABLE_STRING_8): detachable DATE_TIME + local + d: HTTP_DATE + do + create d.make_from_string (s) + if not d.has_error then + Result := d.date_time + end + end + + file_date (p: PATH): DATE_TIME + require + path_exists: (create {FILE_UTILITIES}).file_path_exists (p) + local + f: RAW_FILE + do + create f.make_with_path (p) + Result := timestamp_to_date (f.date) + end + + timestamp_to_date (n: INTEGER): DATE_TIME + local + d: HTTP_DATE + do + create d.make_from_timestamp (n) + Result := d.date_time + end + + +note + copyright: "Copyright (c) 1984-2013, Eiffel Software and others" + license: "Eiffel Forum License v2 (see http://www.eiffel.com/licensing/forum.txt)" + source: "[ + Eiffel Software + 5949 Hollister Ave., Goleta, CA 93117 USA + Telephone 805-685-1006, Fax 805-685-6869 + Website http://www.eiffel.com + Customer support http://support.eiffel.com + ]" +end diff --git a/modules/auth/cms_oauth_20_workflow.e b/modules/oauth20/cms_oauth_20_workflow.e similarity index 100% rename from modules/auth/cms_oauth_20_workflow.e rename to modules/oauth20/cms_oauth_20_workflow.e diff --git a/modules/auth/filter/cms_oauth_20_filter.e b/modules/oauth20/filter/cms_oauth_20_filter.e similarity index 80% rename from modules/auth/filter/cms_oauth_20_filter.e rename to modules/oauth20/filter/cms_oauth_20_filter.e index 30e2646..ead00a1 100644 --- a/modules/auth/filter/cms_oauth_20_filter.e +++ b/modules/oauth20/filter/cms_oauth_20_filter.e @@ -1,5 +1,7 @@ note - description: "Summary description for {CMS_OAUTH_20_FILTER}." + description: "[ + Extracts an OAuth2 token from the incoming request (cookie) and uses it to populate the user (or cms user context) + ]" date: "$Date$" revision: "$Revision$" @@ -36,7 +38,7 @@ feature -- Basic operations api.logger.put_debug (generator + ".execute ", Void) -- A valid user if - attached {WSF_STRING} req.cookie ({CMS_AUTHENTICATION_CONSTANTS}.oauth_session) as l_roc_auth_session_token + attached {WSF_STRING} req.cookie ({CMS_OAUTH_20_CONSTANTS}.oauth_session) as l_roc_auth_session_token then if attached user_oauth_api.user_oauth2_without_consumer_by_token (l_roc_auth_session_token.value) as l_user then set_current_user (req, l_user) diff --git a/modules/oauth20/oauth20-safe.ecf b/modules/oauth20/oauth20-safe.ecf new file mode 100644 index 0000000..470920c --- /dev/null +++ b/modules/oauth20/oauth20-safe.ecf @@ -0,0 +1,32 @@ + + + + + + /.git$ + /EIFGENs$ + /.svn$ + + + + + + + + + + + + + + + + + + + + + + + diff --git a/modules/auth/persistence/cms_oauth_20_storage_i.e b/modules/oauth20/persistence/cms_oauth_20_storage_i.e similarity index 100% rename from modules/auth/persistence/cms_oauth_20_storage_i.e rename to modules/oauth20/persistence/cms_oauth_20_storage_i.e diff --git a/modules/auth/persistence/cms_oauth_20_storage_null.e b/modules/oauth20/persistence/cms_oauth_20_storage_null.e similarity index 100% rename from modules/auth/persistence/cms_oauth_20_storage_null.e rename to modules/oauth20/persistence/cms_oauth_20_storage_null.e diff --git a/modules/auth/persistence/cms_oauth_20_storage_sql.e b/modules/oauth20/persistence/cms_oauth_20_storage_sql.e similarity index 100% rename from modules/auth/persistence/cms_oauth_20_storage_sql.e rename to modules/oauth20/persistence/cms_oauth_20_storage_sql.e