Updated Account Info

Add Link and Unlink account with OAuth.

examples/demo/site/modules/auth/templates/block_account_info.tpl

@@ -24,6 +24,39 @@
     	</div>
     	<hr>
     	{include file="block_change_password.tpl" /}
+    	<hr>
+    	<h4>Un-Associate Account with Oauth Consumer</h4>
+    	<div>
+    		{foreach item="consumer" from="$oauth_associated"}
+    			<div>
+    				<form method="post" action="{$site_url/}account/oauth-un-associate">
+    					<div>
+                		  	 <input type="hidden" name="consumer" value="{$consumer/}"/>
+              			</div>
+          				<div>
+                			<button type="submit">Unlink {$consumer/}</button>
+              			</div>
+          			</form>	
+			   	</div>
+    		{/foreach}
+    	</div>
+    	<h4>Associate Account with Oauth Consumer</h4>
+    	<div>
+    		{foreach item="consumer" from="$oauth_not_associated"}
+    			<div>
+    				<form method="post" action="{$site_url/}account/oauth-associate">
+    					<div>
+                		  <input type="hidden" name="consumer" value="{$consumer/}"/>
+              			</div>
+          				<div>
+          				  <input type="email" id="email" name="email"  value="{$email/}"  required/>	
+                		  <button type="submit">Link with {$consumer/}</button>
+              			</div>  
+					</form>	
+			   	</div>
+    		{/foreach}
+    	</div>		
+
     	<hr>
     	<h4>Roles</h4>
     	<div>

examples/demo/site/modules/oauth20/scripts/oauth2_table.sql.tpl

@@ -4,7 +4,10 @@ CREATE TABLE $table_name (
    `access_token` TEXT  NOT NULL,
    `created` DATETIME NOT NULL,
    `details` TEXT NOT NULL,
+   `email` TEXT NOT NULL,
    CONSTRAINT `uid`
-    UNIQUE(`uid`)
+    UNIQUE(`uid`),
+   CONSTRAINT `email`
+    UNIQUE(`email`) 
    );
 

modules/auth/cms_authentication_module.e

@@ -104,7 +104,6 @@ feature -- Hooks configuration
 		do
 		end
 
-
 	menu_system_alter (a_menu_system: CMS_MENU_SYSTEM; a_response: CMS_RESPONSE)
 			-- Hook execution on collection of menu contained by `a_menu_system'
 			-- for related response `a_response'.
@@ -145,8 +144,6 @@ feature -- Handler
 			r.execute
 		end
 
-
-
 	handle_login (api: CMS_API; req: WSF_REQUEST; res: WSF_RESPONSE)
 		local
 			r: CMS_RESPONSE
@@ -172,8 +169,6 @@ feature -- Handler
 			r.execute
 		end
 
-
-
 	handle_register (api: CMS_API; req: WSF_REQUEST; res: WSF_RESPONSE)
 		local
 			r: CMS_RESPONSE
@@ -490,7 +485,6 @@ feature -- Handler
 			end
 		end
 
-
 feature {NONE} -- Token Generation
 
 	new_token: STRING

modules/auth/site/templates/block_account_info.tpl

@@ -24,6 +24,39 @@
     	</div>
     	<hr>
     	{include file="block_change_password.tpl" /}
+    	<hr>
+    	<h4>Un-Associate Account with Oauth Consumer</h4>
+    	<div>
+    		{foreach item="consumer" from="$oauth_associated"}
+    			<div>
+    				<form method="post" action="{$site_url/}account/oauth-un-associate">
+    					<div>
+                		  	 <input type="hidden" name="consumer" value="{$consumer/}"/>
+              			</div>
+          				<div>
+                			<button type="submit">Unlink {$consumer/}</button>
+              			</div>
+          			</form>	
+			   	</div>
+    		{/foreach}
+    	</div>
+    	<h4>Associate Account with Oauth Consumer</h4>
+    	<div>
+    		{foreach item="consumer" from="$oauth_not_associated"}
+    			<div>
+    				<form method="post" action="{$site_url/}account/oauth-associate">
+    					<div>
+                		  <input type="hidden" name="consumer" value="{$consumer/}"/>
+              			</div>
+          				<div>
+          				  <input type="email" id="email" name="email"  value="{$email/}"  required/>	
+                		  <button type="submit">Link with {$consumer/}</button>
+              			</div>  
+					</form>	
+			   	</div>
+    		{/foreach}
+    	</div>		
+
     	<hr>
     	<h4>Roles</h4>
     	<div>

modules/oauth20/cms_oauth_20_api.e

@@ -40,6 +40,12 @@ feature -- Access: User Oauth20
 			Result := oauth_20_storage.user_oauth2_by_id (a_uid, a_consumer)
 		end
 
+	user_oauth2_by_email (a_email: like {CMS_USER}.email; a_consumer: READABLE_STRING_GENERAL): detachable CMS_USER
+			-- Retrieve a user by email `a_email' for the consumer `a_consumer', if any.
+		do
+			Result := oauth_20_storage.user_oauth2_by_email (a_email, a_consumer)
+		end
+
 	user_oauth2_by_token (a_token: READABLE_STRING_GENERAL; a_consumer: READABLE_STRING_GENERAL): detachable CMS_USER
 			-- Retrieve a user by token `a_token' for the consumer `a_consumer'.
 		do
@@ -85,11 +91,22 @@ feature	-- Change: User OAuth20
 
 
 	update_user_oauth2 (a_token: READABLE_STRING_GENERAL; a_user_profile: READABLE_STRING_32; a_user: CMS_USER; a_consumer_table: READABLE_STRING_GENERAL)
-			-- Updaate user `a_user' with oauth2 for the consumer `a_consumer'.
+			-- Update user `a_user' with oauth2 for the consumer `a_consumer'.
 		require
 			has_id: a_user.has_id
 		do
 			oauth_20_storage.update_user_oauth2 (a_token, a_user_profile, a_user, a_consumer_table)
 		end
 
+
+	remove_user_oauth2 (a_user: CMS_USER; a_consumer_table: READABLE_STRING_GENERAL)
+			-- Remove user `a_user' with oauth2 for the consumer `a_consumer'.
+		require
+			has_id: a_user.has_id
+		do
+			oauth_20_storage.remove_user_oauth2 (a_user, a_consumer_table)
+		end
+
+
+
 end

modules/oauth20/cms_oauth_20_module.e

@@ -182,6 +182,8 @@ feature -- Router
 			a_router.handle ("/account/roc-oauth-logout", create {WSF_URI_AGENT_HANDLER}.make (agent handle_logout (a_api, ?, ?)), a_router.methods_get_post)
 			a_router.handle ("/account/login-with-oauth/{callback}", create {WSF_URI_TEMPLATE_AGENT_HANDLER}.make (agent handle_login_with_oauth (a_api,a_user_oauth_api, ?, ?)), a_router.methods_get_post)
 			a_router.handle ("/account/oauth-callback/{callback}", create {WSF_URI_TEMPLATE_AGENT_HANDLER}.make (agent handle_callback_oauth (a_api, a_user_oauth_api, ?, ?)), a_router.methods_get_post)
+			a_router.handle ("/account/oauth-associate", create {WSF_URI_TEMPLATE_AGENT_HANDLER}.make (agent handle_associate (a_api, a_user_oauth_api, ?, ?)), a_router.methods_post)
+			a_router.handle ("/account/oauth-un-associate", create {WSF_URI_TEMPLATE_AGENT_HANDLER}.make (agent handle_un_associate (a_api, a_user_oauth_api, ?, ?)), a_router.methods_post)
 		end
 
 feature -- Hooks configuration
@@ -205,6 +207,10 @@ feature -- Hooks
 			then
 				a_value.force ("account/roc-oauth-logout", "auth_login_strategy")
 			end
+
+			if attached a_response.current_user (a_response.request) as u  then
+				associate_account (u, a_value)
+			end
 		end
 
 	menu_system_alter (a_menu_system: CMS_MENU_SYSTEM; a_response: CMS_RESPONSE)
@@ -298,6 +304,28 @@ feature -- Hooks
 			end
 		end
 
+feature {NONE} -- Associate
+
+	associate_account (a_user: CMS_USER; a_value: CMS_VALUE_TABLE)
+		local
+			l_associated: LIST [STRING]
+			l_not_associated: LIST [STRING]
+		do
+			if attached user_oauth_api as l_oauth_api then
+				create {ARRAYED_LIST [STRING]}l_associated.make (1)
+				create {ARRAYED_LIST [STRING]}l_not_associated.make (1)
+				across l_oauth_api.oauth2_consumers as ic loop
+					if attached l_oauth_api.user_oauth2_by_id (a_user.id, ic.item) then
+						l_associated.force (ic.item)
+					else
+						l_not_associated.force (ic.item)
+					end
+				end
+				a_value.force (l_associated, "oauth_associated")
+				a_value.force (l_not_associated, "oauth_not_associated")
+			end
+		end
+
 feature {NONE} -- Helpers
 
 	template_block (a_block_id: READABLE_STRING_8; a_response: CMS_RESPONSE): detachable CMS_SMARTY_TEMPLATE_BLOCK
@@ -406,7 +434,7 @@ feature -- OAuth2 Login with Provider
 					then
 						if attached l_user_api.user_by_email (l_email) as p_user then
 								-- User with email exist
-							if	attached a_user_oauth_api.user_oauth2_by_id (p_user.id, l_consumer.name)	then
+							if	attached a_user_oauth_api.user_oauth2_by_id (p_user.id, l_consumer.name) then
 									-- Update oauth entry
 								a_user_oauth_api.update_user_oauth2 (l_access_token.token, l_user_profile, p_user, l_consumer.name )
 							else
@@ -417,8 +445,13 @@ feature -- OAuth2 Login with Provider
 							l_cookie.set_max_age (l_access_token.expires_in)
 							l_cookie.set_path ("/")
 							res.add_cookie (l_cookie)
+						elseif attached a_user_oauth_api.user_oauth2_by_email (l_email, l_consumer.name) as p_user then
+							a_user_oauth_api.update_user_oauth2 (l_access_token.token, l_user_profile, p_user, l_consumer.name )
+							create l_cookie.make ({CMS_OAUTH_20_CONSTANTS}.oauth_session, l_access_token.token)
+							l_cookie.set_max_age (l_access_token.expires_in)
+							l_cookie.set_path ("/")
+							res.add_cookie (l_cookie)
 						else
-
 							create {ARRAYED_LIST [CMS_USER_ROLE]} l_roles.make (1)
 							l_roles.force (l_user_api.authenticated_user_role)
 
@@ -453,6 +486,47 @@ feature -- OAuth2 Login with Provider
 
 		end
 
+	handle_associate (api: CMS_API; a_oauth_api: CMS_OAUTH_20_API; req: WSF_REQUEST; res: WSF_RESPONSE)
+		local
+			r: CMS_RESPONSE
+		do
+			create {GENERIC_VIEW_CMS_RESPONSE} r.make (req, res, api)
+			if req.is_post_request_method then
+				if
+					attached {WSF_STRING} req.form_parameter ("consumer") as l_consumer and then
+					attached {WSF_STRING} req.form_parameter ("email") as l_email and then
+					attached current_user (req) as l_user
+				then
+					l_user.set_email (l_email.value)
+					a_oauth_api.new_user_oauth2 ("none", "none", l_user, l_consumer.value )
+					-- TODO send email?
+				end
+			end
+			r.set_redirection (req.absolute_script_url ("/account"))
+			r.execute
+		end
+
+
+	handle_un_associate (api: CMS_API; a_oauth_api: CMS_OAUTH_20_API; req: WSF_REQUEST; res: WSF_RESPONSE)
+		local
+			r: CMS_RESPONSE
+		do
+			create {GENERIC_VIEW_CMS_RESPONSE} r.make (req, res, api)
+			if req.is_post_request_method then
+				if
+					attached {WSF_STRING} req.form_parameter ("consumer") as l_consumer and then
+					attached current_user (req) as l_user
+				then
+					a_oauth_api.remove_user_oauth2 (l_user, l_consumer.value)
+					-- TODO send email?
+				end
+			end
+			r.set_redirection (req.absolute_script_url ("/account"))
+			r.execute
+		end
+
+
+
 feature {NONE} -- Token Generation
 
 	new_token: STRING

modules/oauth20/persistence/cms_oauth_20_storage_i.e

@@ -25,6 +25,11 @@ feature -- Access: Users
 		deferred
 		end
 
+	user_oauth2_by_email (a_email: like {CMS_USER}.email; a_consumer_table: READABLE_STRING_GENERAL): detachable CMS_USER
+			-- Retrieve a user by email `a_email' for the consumer `a_consumer', if any.
+		deferred
+		end
+
 	user_oauth2_by_token (a_token: READABLE_STRING_GENERAL; a_consumer_table: READABLE_STRING_GENERAL): detachable CMS_USER
 			-- Retrieve a user by token `a_token' for the consumer `a_consumer'.
 		deferred
@@ -63,4 +68,11 @@ feature -- Change: User Oauth2
 		deferred
 		end
 
+	remove_user_oauth2 (a_user: CMS_USER; a_consumer_table: READABLE_STRING_GENERAL)
+			-- Remove user `a_user' with oauth2 for the consumer `a_consumer'.
+		require
+			has_id: a_user.has_id
+		deferred
+		end
+
 end

modules/oauth20/persistence/cms_oauth_20_storage_null.e

@@ -27,6 +27,11 @@ feature -- Access: Users
 		do
 		end
 
+	user_oauth2_by_email (a_email: like {CMS_USER}.email; a_consumer_table: READABLE_STRING_GENERAL): detachable CMS_USER
+			-- <Precursor>
+		do
+		end
+
 	user_oauth2_by_token (a_token: READABLE_STRING_GENERAL; a_consumer_table: READABLE_STRING_GENERAL): detachable CMS_USER
 			-- -- CMS User with Oauth credential by access token `a_token' if any.
 		do
@@ -65,5 +70,11 @@ feature -- Change: User Oauth2
 		do
 		end
 
+	remove_user_oauth2 (a_user: CMS_USER; a_consumer_table: READABLE_STRING_GENERAL)
+			-- Remove user `a_user' with oauth2 for the consumer `a_consumer'.
+		do
+		end
+
+
 
 end

modules/oauth20/persistence/cms_oauth_20_storage_sql.e

@@ -60,6 +60,26 @@ feature -- Access User Outh
 			end
 		end
 
+	user_oauth2_by_email (a_email: like {CMS_USER}.email; a_consumer: READABLE_STRING_GENERAL): detachable CMS_USER
+			-- <Precursor>
+		local
+			l_parameters: STRING_TABLE [detachable ANY]
+			l_string: STRING
+		do
+			error_handler.reset
+			write_information_log (generator + ".user_oauth2_by_email")
+			create l_parameters.make (1)
+			l_parameters.put (a_email, "email")
+			create l_string.make_from_string (select_user_oauth2_template_by_email)
+			l_string.replace_substring_all ("$table_name", oauth2_sql_table_name (a_consumer))
+			sql_query (l_string, l_parameters)
+			if sql_rows_count = 1 then
+				Result := fetch_user
+			else
+				check no_more_than_one: sql_rows_count = 0 end
+			end
+		end
+
 	user_oauth2_by_token (a_token: READABLE_STRING_GENERAL; a_consumer: READABLE_STRING_GENERAL): detachable CMS_USER
 			-- <Precursor>
 		local
@@ -156,6 +176,8 @@ feature -- Change: User OAuth
 			l_parameters.put (a_token, "token")
 			l_parameters.put (a_user_profile, "profile")
 			l_parameters.put (create {DATE_TIME}.make_now_utc, "utc_date")
+			l_parameters.put (a_user.email, "email")
+
 
 			create l_string.make_from_string (sql_insert_oauth2_template)
 			l_string.replace_substring_all ("$table_name", oauth2_sql_table_name (a_consumer))
@@ -164,7 +186,6 @@ feature -- Change: User OAuth
 		end
 
 	update_user_oauth2 (a_token: READABLE_STRING_GENERAL; a_user_profile: READABLE_STRING_32; a_user: CMS_USER; a_consumer: READABLE_STRING_GENERAL )
-			-- Update user `a_user' with oauth2 authentication.
 			-- <Precursor>
 		local
 			l_parameters: STRING_TABLE [detachable ANY]
@@ -185,6 +206,25 @@ feature -- Change: User OAuth
 			sql_commit_transaction
 		end
 
+	remove_user_oauth2 (a_user: CMS_USER; a_consumer: READABLE_STRING_GENERAL)
+			-- <Precursor>
+		local
+			l_parameters: STRING_TABLE [detachable ANY]
+			l_string: STRING
+		do
+			error_handler.reset
+			sql_begin_transaction
+
+			write_information_log (generator + ".remove_user_oauth2")
+			create l_parameters.make (1)
+			l_parameters.put (a_user.id, "uid")
+
+			create l_string.make_from_string (sql_remove_oauth2_template)
+			l_string.replace_substring_all ("$table_name", oauth2_sql_table_name (a_consumer))
+			sql_change (l_string, l_parameters)
+			sql_commit_transaction
+		end
+
 feature {NONE} -- Implementation OAuth Consumer
 
 	fetch_consumer: detachable CMS_OAUTH_20_CONSUMER
@@ -294,10 +334,14 @@ feature {NONE} -- User OAuth2
 
 	Select_user_oauth2_template_by_id: STRING = "SELECT u.* FROM users as u JOIN $table_name as og ON og.uid = u.uid and og.uid = :uid;"
 
-	Sql_insert_oauth2_template: STRING = "INSERT INTO $table_name (uid, access_token, details, created) VALUES (:uid, :token, :profile, :utc_date);"
+	Select_user_oauth2_template_by_email: STRING = "SELECT u.* FROM users as u JOIN $table_name as og ON og.uid = u.uid and og.email = :email;"
+
+	Sql_insert_oauth2_template: STRING = "INSERT INTO $table_name (uid, access_token, details, created, email) VALUES (:uid, :token, :profile, :utc_date, :email);"
 
 	Sql_update_oauth2_template: STRING = "UPDATE $table_name SET access_token = :token, details = :profile WHERE uid =:uid;"
 
+	Sql_remove_oauth2_template: STRING = "DELETE FROM $table_name WHERE uid =:uid;"
+
 	Sql_oauth_consumers: STRING = "SELECT name FROM oauth2_consumers";
 
 	Sql_oauth2_table_prefix: STRING = "oauth2_"

modules/oauth20/site/scripts/oauth2_table.sql.tpl

@@ -4,7 +4,10 @@ CREATE TABLE $table_name (
    `access_token` TEXT  NOT NULL,
    `created` DATETIME NOT NULL,
    `details` TEXT NOT NULL,
+   `email` TEXT NOT NULL,
    CONSTRAINT `uid`
-    UNIQUE(`uid`)
+    UNIQUE(`uid`),
+   CONSTRAINT `email`
+    UNIQUE(`email`) 
    );