From cc94c59eed8480e5f80e235cf3ae8b6db09d0cb1 Mon Sep 17 00:00:00 2001 From: Jocelyn Fiat Date: Tue, 7 Jul 2015 17:25:56 +0200 Subject: [PATCH] Added CMS_USER.utf_8_name: STRING_8 for convenience. Added a permission check for registering (TODO: by default allow visitor to register). Cosmetic. --- library/model/src/user/cms_user.e | 10 +++ modules/auth/cms_authentication_module.e | 82 +++++++++++++----------- src/service/cms_module_api.e | 7 +- 3 files changed, 58 insertions(+), 41 deletions(-) diff --git a/library/model/src/user/cms_user.e b/library/model/src/user/cms_user.e index 713ca65..b0dfbec 100644 --- a/library/model/src/user/cms_user.e +++ b/library/model/src/user/cms_user.e @@ -81,6 +81,16 @@ feature -- Access -- trashed +feature -- Access: helper + + utf_8_name: STRING_8 + -- UTF-8 version of `name'. + local + utf: UTF_CONVERTER + do + Result := utf.utf_32_string_to_utf_8_string_8 (name) + end + feature -- Roles roles: detachable LIST [CMS_USER_ROLE] diff --git a/modules/auth/cms_authentication_module.e b/modules/auth/cms_authentication_module.e index a809371..5e4ef96 100644 --- a/modules/auth/cms_authentication_module.e +++ b/modules/auth/cms_authentication_module.e @@ -164,53 +164,57 @@ feature -- Handler l_token: STRING do create {GENERIC_VIEW_CMS_RESPONSE} r.make (req, res, api) - r.set_value ("Register", "optional_content_type") - if req.is_post_request_method then - if - attached {WSF_STRING} req.form_parameter ("name") as l_name and then - attached {WSF_STRING} req.form_parameter ("password") as l_password and then - attached {WSF_STRING} req.form_parameter ("email") as l_email - then - l_user_api := api.user_api + if r.has_permission ("account register") then + r.set_value ("Register", "optional_content_type") + if req.is_post_request_method then + if + attached {WSF_STRING} req.form_parameter ("name") as l_name and then + attached {WSF_STRING} req.form_parameter ("password") as l_password and then + attached {WSF_STRING} req.form_parameter ("email") as l_email + then + l_user_api := api.user_api - if attached l_user_api.user_by_name (l_name.value) then - -- Username already exist. - r.values.force ("The user name exist!", "error_name") - l_exist := True - end - if attached l_user_api.user_by_email (l_email.value) then - -- Emails already exist. - r.values.force ("The email exist!", "error_email") - l_exist := True - end + if attached l_user_api.user_by_name (l_name.value) then + -- Username already exist. + r.values.force ("User name already exists!", "error_name") + l_exist := True + end + if attached l_user_api.user_by_email (l_email.value) then + -- Emails already exist. + r.values.force ("An account is already associated with that email address!", "error_email") + l_exist := True + end - if not l_exist then - -- New user - create {ARRAYED_LIST [CMS_USER_ROLE]}l_roles.make (1) - l_roles.force (l_user_api.authenticated_user_role) + if not l_exist then + -- New user + create {ARRAYED_LIST [CMS_USER_ROLE]}l_roles.make (1) + l_roles.force (l_user_api.authenticated_user_role) - create u.make (l_name.value) - u.set_email (l_email.value) - u.set_password (l_password.value) - u.set_roles (l_roles) - l_user_api.new_user (u) + create u.make (l_name.value) + u.set_email (l_email.value) + u.set_password (l_password.value) + u.set_roles (l_roles) + l_user_api.new_user (u) - -- Create activation token - l_token := new_token - l_user_api.new_activation (l_token, u.id) - l_url := req.absolute_script_url ("/account/activate/" + l_token) + -- Create activation token + l_token := new_token + l_user_api.new_activation (l_token, u.id) + l_url := req.absolute_script_url ("/account/activate/" + l_token) - -- Send Email - create es.make (create {CMS_AUTHENTICATION_EMAIL_SERVICE_PARAMETERS}.make (api)) - write_debug_log (generator + ".handle register: send_contact_email") - es.send_contact_email (l_email.value, l_url) + -- Send Email + create es.make (create {CMS_AUTHENTICATION_EMAIL_SERVICE_PARAMETERS}.make (api)) + write_debug_log (generator + ".handle register: send_contact_email") + es.send_contact_email (l_email.value, l_url) - else - r.values.force (l_name.value, "name") - r.values.force (l_email.value, "email") - r.set_status_code ({HTTP_CONSTANTS}.bad_request) + else + r.values.force (l_name.value, "name") + r.values.force (l_email.value, "email") + r.set_status_code ({HTTP_CONSTANTS}.bad_request) + end end end + else + create {FORBIDDEN_ERROR_CMS_RESPONSE} r.make (req, res, api) end r.execute diff --git a/src/service/cms_module_api.e b/src/service/cms_module_api.e index bd97ce9..88a4d86 100644 --- a/src/service/cms_module_api.e +++ b/src/service/cms_module_api.e @@ -1,12 +1,12 @@ note - description: "Summary description for {CMS_MODULE_API}." + description: "Common ancestor for all module apis." date: "$Date: 2015-02-13 14:54:27 +0100 (ven., 13 févr. 2015) $" revision: "$Revision: 96620 $" deferred class CMS_MODULE_API -feature {NONE} -- Implementation +feature {NONE} -- Initialization make (a_api: CMS_API) do @@ -28,4 +28,7 @@ feature {CMS_API_ACCESS, CMS_MODULE, CMS_API} -- Restricted access Result := cms_api.storage end +note + copyright: "2011-2015, Jocelyn Fiat, Javier Velilla, Eiffel Software and others" + license: "Eiffel Forum License v2 (see http://www.eiffel.com/licensing/forum.txt)" end