backup/ROC
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merged branch 'master' into es17.05

Browse Source
This commit is contained in:
Jocelyn Fiat
2017-06-09 10:41:10 +02:00
parent 3389fb8809 78ef7af5f8
commit e93af8da39
87 changed files with 1174 additions and 566 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
modules/admin/cms_admin_module_administration.e
View File

@@ -51,7 +51,7 @@ feature {NONE} -- Router/administration
l_roles_handler: CMS_ADMIN_ROLES_HANDLER
l_formats_handler: CMS_ADMIN_FORMATS_HANDLER
l_user_handler: CMS_USER_HANDLER
l_user_handler: CMS_ADMIN_USER_HANDLER
l_role_handler: CMS_ROLE_HANDLER
l_admin_logs_handler: CMS_LOGS_HANDLER

8
modules/admin/handler/cms_admin_cache_handler.e
View File

@@ -47,10 +47,10 @@ feature -- Execution
create s.make_empty
f.append_to_html (l_response.wsf_theme, s)
l_response.set_main_content (s)
l_response.execute
else
create {FORBIDDEN_ERROR_CMS_RESPONSE} l_response.make (req, res, api)
send_custom_access_denied (Void, <<"admin cache">>, req, res)
end
l_response.execute
end
do_post (req: WSF_REQUEST; res: WSF_RESPONSE)
@@ -77,10 +77,10 @@ feature -- Execution
create s.make_empty
f.append_to_html (l_response.wsf_theme, s)
l_response.set_main_content (s)
l_response.execute
else
create {FORBIDDEN_ERROR_CMS_RESPONSE} l_response.make (req, res, api)
send_custom_access_denied (Void, <<"admin cache">>, req, res)
end
l_response.execute
end
feature -- Widget

8
modules/admin/handler/cms_admin_export_handler.e
View File

@@ -47,10 +47,10 @@ feature -- Execution
create s.make_empty
f.append_to_html (l_response.wsf_theme, s)
l_response.set_main_content (s)
l_response.execute
else
create {FORBIDDEN_ERROR_CMS_RESPONSE} l_response.make (req, res, api)
send_access_denied (req, res)
end
l_response.execute
end
do_post (req: WSF_REQUEST; res: WSF_RESPONSE)
@@ -92,10 +92,10 @@ feature -- Execution
create s.make_empty
f.append_to_html (l_response.wsf_theme, s)
l_response.set_main_content (s)
l_response.execute
else
create {FORBIDDEN_ERROR_CMS_RESPONSE} l_response.make (req, res, api)
send_access_denied (req, res)
end
l_response.execute
end
feature -- Widget

12
modules/admin/handler/cms_admin_handler.e
View File

@@ -3,7 +3,7 @@ note
handler for CMS admin in the CMS interface.
TODO: implement REST API.
]"
]"
date: "$Date$"
revision: "$Revision$"
@@ -64,12 +64,11 @@ feature -- HTTP Methods
local
r: CMS_RESPONSE
do
create {FORBIDDEN_ERROR_CMS_RESPONSE} r.make (req, res, api)
if r.has_permission ("manage " + {CMS_ADMIN_MODULE}.name) then
if api.has_permission ("manage " + {CMS_ADMIN_MODULE}.name) then
create {CMS_ADMIN_RESPONSE} r.make (req, res, api)
r.execute
else
r.execute
send_access_denied (req, res)
end
end
@@ -77,12 +76,11 @@ feature -- HTTP Methods
local
r: CMS_RESPONSE
do
create {FORBIDDEN_ERROR_CMS_RESPONSE} r.make (req, res, api)
if r.has_permission ("manage " + {CMS_ADMIN_MODULE}.name) then
if api.has_permission ("manage " + {CMS_ADMIN_MODULE}.name) then
create {CMS_ADMIN_RESPONSE} r.make (req, res, api)
r.execute
else
r.execute
send_access_denied (req, res)
end
end

9
modules/admin/handler/cms_admin_import_handler.e
View File

@@ -47,10 +47,10 @@ feature -- Execution
create s.make_empty
f.append_to_html (l_response.wsf_theme, s)
l_response.set_main_content (s)
l_response.execute
else
create {FORBIDDEN_ERROR_CMS_RESPONSE} l_response.make (req, res, api)
send_access_denied (req, res)
end
l_response.execute
end
do_post (req: WSF_REQUEST; res: WSF_RESPONSE)
@@ -99,11 +99,10 @@ feature -- Execution
create s.make_empty
f.append_to_html (l_response.wsf_theme, s)
l_response.set_main_content (s)
l_response.execute
else
create {FORBIDDEN_ERROR_CMS_RESPONSE} l_response.make (req, res, api)
send_access_denied (req, res)
end
l_response.execute
end
feature -- Widget

19
modules/admin/handler/cms_admin_modules_handler.e
View File

@@ -60,8 +60,7 @@ feature -- Execution
l_denied := True
end
if l_denied then
create {FORBIDDEN_ERROR_CMS_RESPONSE} r.make (req, res, api)
r.set_main_content ("You do not have permission to access CMS module uninstallation procedure!")
send_custom_access_denied ("You do not have permission to access CMS module uninstallation procedure!", Void, req, res)
else
create s.make_empty
across
@@ -82,8 +81,8 @@ feature -- Execution
end
s.append (r.link ("Back to modules management", r.location, Void))
r.set_main_content (s)
r.execute
end
r.execute
else
create {GENERIC_VIEW_CMS_RESPONSE} r.make (req, res, api)
create s.make_empty
@@ -119,8 +118,7 @@ feature -- Execution
l_denied := True
end
if l_denied then
create {FORBIDDEN_ERROR_CMS_RESPONSE} r.make (req, res, api)
r.set_main_content ("You do not have permission to access CMS module installation procedure!")
send_custom_access_denied ("You do not have permission to access CMS module installation procedure!", Void, req, res)
else
f := modules_to_install_collection_web_form (r)
f.submit_actions.extend (agent on_installation_submit)
@@ -138,8 +136,8 @@ feature -- Execution
r.add_notice_message ("Operation on module(s) succeeded.")
r.set_redirection (r.location)
end
r.execute
end
r.execute
elseif l_op.same_string ("Update status") then
create {GENERIC_VIEW_CMS_RESPONSE} r.make (req, res, api)
if api.has_permission ("admin module") then
@@ -159,15 +157,12 @@ feature -- Execution
r.add_notice_message ("Operation on module(s) succeeded.")
r.set_redirection (r.location)
end
r.execute
else
create {FORBIDDEN_ERROR_CMS_RESPONSE} r.make (req, res, api)
r.set_main_content ("You do not have permission to administrate CMS modules!")
send_custom_access_denied ("You do not have permission to administrate CMS modules!", Void, req, res)
end
r.execute
else
create {BAD_REQUEST_ERROR_CMS_RESPONSE} r.make (req, res, api)
r.execute
send_bad_request (req, res)
end
else
do_get (req, res)

10
modules/admin/handler/cms_admin_path_alias_handler.e
View File

@@ -81,10 +81,10 @@ feature -- Execution
s.append ("</ul>")
end
l_response.set_main_content (s)
l_response.execute
else
create {FORBIDDEN_ERROR_CMS_RESPONSE} l_response.make (req, res, api)
send_access_denied (req, res)
end
l_response.execute
end
do_post (req: WSF_REQUEST; res: WSF_RESPONSE)
@@ -114,11 +114,11 @@ feature -- Execution
l_response.set_redirection (l_response.location)
l_response.set_redirection_delay (3)
l_response.execute
else
create {FORBIDDEN_ERROR_CMS_RESPONSE} l_response.make (req, res, api)
l_response.set_redirection (l_response.location)
send_access_denied (req, res)
-- CHECK: set redirection?
end
l_response.execute
end
end

12
modules/admin/handler/format/cms_admin_formats_handler.e
View File

@@ -152,8 +152,8 @@ feature -- View/edit Format
i := i + 1
l_name := f_ic.item.name
l_all_filters.force (f_ic.item, l_name)
create cb.make_with_value ("filters[" + l_name + "]", l_name)
cb.set_title (f_ic.item.title)
create cb.make_with_value ("filters[" + l_name + "]", l_name.to_string_32)
cb.set_title (f_ic.item.title.to_string_32)
cb.set_checked (True)
create hf.make_with_text ("filter_weight[" + l_name + "]", i.out)
@@ -178,8 +178,8 @@ feature -- View/edit Format
l_name := f_ic.item.name
if l_all_filters.has (l_name) then
else
create cb.make_with_value ("filters[" + l_name + "]", l_name)
cb.set_title (f_ic.item.title)
create cb.make_with_value ("filters[" + l_name + "]", l_name.to_string_32)
cb.set_title (f_ic.item.title.to_string_32)
create ftb_row.make (2)
ftb.add_row (ftb_row)
ftb_row.add_widget (cb)
@@ -195,8 +195,8 @@ feature -- View/edit Format
api.content_types as ct_ic
loop
l_name := ct_ic.item.name
create cb.make_with_value ("content_types[]", l_name)
cb.set_title (l_name)
create cb.make_with_value ("content_types[]", l_name.to_string_32)
cb.set_title (l_name.to_string_32)
if f /= Void and then ct_ic.item.has_format (f.name) then
cb.set_checked (True)
end

7
modules/admin/handler/logs/cms_logs_handler.e
View File

@@ -63,7 +63,7 @@ feature -- HTTP Methods
l_logs: LIST [CMS_LOG]
l_log: CMS_LOG
r: CMS_RESPONSE
l_cat: detachable READABLE_STRING_8
l_cat: detachable READABLE_STRING_32
l_lower: INTEGER
l_count: INTEGER
b: STRING
@@ -104,11 +104,10 @@ feature -- HTTP Methods
r.set_main_content (b)
r.set_page_title ("Logs ...")
r.set_title ("Logs")
r.execute
else
create {FORBIDDEN_ERROR_CMS_RESPONSE} r.make (req, res, api)
send_access_denied (req, res)
end
r.execute
end
end

16
modules/admin/handler/role/cms_role_form_response.e
View File

@@ -348,9 +348,9 @@ feature -- Form
fs.extend (lab)
string_sorter.sort (l_permissions)
across l_permissions as ic loop
create cb.make_with_value ("cms_permissions", ic.item)
create cb.make_with_value ("cms_permissions", ic.item.to_string_32)
cb.set_checked (across l_role_permissions as rp_ic some rp_ic.item.is_case_insensitive_equal (ic.item) end)
cb.set_title (ic.item)
cb.set_title (ic.item.to_string_32)
fs.extend (cb)
end
end
@@ -389,7 +389,7 @@ feature -- Form
update_role (a_form_data: WSF_FORM_DATA; a_role: CMS_USER_ROLE)
-- Update node `a_node' with form_data `a_form_data' for the given content type `a_content_type'.
local
l_perm: READABLE_STRING_8
l_perm: READABLE_STRING_GENERAL
do
if attached a_form_data.string_item ("op") as f_op then
if f_op.is_case_insensitive_equal_general ("Update role") then
@@ -400,16 +400,16 @@ feature -- Form
then
if attached {WSF_STRING} a_form_data.item ("cms_permissions") as u_role then
a_role.permissions.wipe_out
a_role.add_permission (u_role.value)
a_role.add_permission (api.utf_8_encoded (u_role.value)) -- TODO: utf-8 or require valid string 8?
elseif attached {WSF_MULTIPLE_STRING} a_form_data.item ("cms_permissions") as u_permissions then
a_role.permissions.wipe_out
-- Enable checked permissions.
across
u_permissions as ic
loop
l_perm := ic.item.value.as_string_8
l_perm := ic.item.value
if not l_perm.is_whitespace then
a_role.add_permission (l_perm)
a_role.add_permission (api.utf_8_encoded (l_perm)) -- TODO: utf-8 or require valid string 8?
end
end
else
@@ -421,9 +421,9 @@ feature -- Form
l_cms_perms.values as ic
loop
if attached {WSF_STRING} ic.item as p then
l_perm := p.value.as_string_8
l_perm := p.value
if not l_perm.is_whitespace then
a_role.add_permission (l_perm)
a_role.add_permission (api.utf_8_encoded (l_perm))
end
end
end

13
modules/admin/handler/role/cms_role_handler.e
View File

@@ -81,10 +81,8 @@ feature -- HTTP Methods
l_uid: INTEGER_64
edit_response: CMS_ROLE_FORM_RESPONSE
view_response: CMS_ROLE_VIEW_RESPONSE
r: CMS_RESPONSE
do
create {FORBIDDEN_ERROR_CMS_RESPONSE} r.make (req, res, api)
if r.has_permission ("admin roles") then
if api.has_permission ("admin roles") then
if req.percent_encoded_path_info.ends_with_general ("/edit") then
check valid_url: req.percent_encoded_path_info.starts_with_general (api.administration_path ("/role/")) end
create edit_response.make (req, res, api)
@@ -111,18 +109,15 @@ feature -- HTTP Methods
end
end
else
r.execute
send_access_denied (req, res)
end
end
do_post (req: WSF_REQUEST; res: WSF_RESPONSE)
local
edit_response: CMS_ROLE_FORM_RESPONSE
r: CMS_RESPONSE
do
create {FORBIDDEN_ERROR_CMS_RESPONSE} r.make (req, res, api)
if r.has_permission ("admin roles") then
if api.has_permission ("admin roles") then
if req.percent_encoded_path_info.ends_with_general ("/edit") then
create edit_response.make (req, res, api)
edit_response.execute
@@ -138,7 +133,7 @@ feature -- HTTP Methods
edit_response.execute
end
else
r.execute
send_access_denied (req, res)
end
end

2
modules/admin/handler/role/cms_role_view_response.e
View File

@@ -71,7 +71,7 @@ feature -- Execution
s.append ("<div class=%"info%"> ")
s.append ("<h4>Role Information</h4>")
s.append ("<p>Role:")
s.append (a_role.name)
s.append (html_encoded (a_role.name))
s.append ("</p>")
s.append ("<h4>Permissions:</h4>")

10
modules/admin/handler/user/cms_user_form_response.e → modules/admin/handler/user/cms_admin_user_form_response.e
View File

@@ -1,10 +1,10 @@
note
description: "Summary description for {CMS_USER_FORM_RESPONSE}."
description: "Summary description for {CMS_ADMIN_USER_FORM_RESPONSE}."
date: "$Date$"
revision: "$Revision$"
class
CMS_USER_FORM_RESPONSE
CMS_ADMIN_USER_FORM_RESPONSE
inherit
CMS_RESPONSE
@@ -324,10 +324,10 @@ feature -- Form
create fs.make
fs.set_legend ("Basic User Account Information")
fs.extend_html_text ("<div><string><label>User name </label></strong><br></div>")
fs.extend_html_text (a_user.name)
fs.extend_raw_text (a_user.name)
if attached a_user.email as l_email then
create fe.make_with_text ("email", l_email)
create fe.make_with_text ("email", l_email.to_string_32)
else
create fe.make_with_text ("email", "")
end
@@ -477,7 +477,7 @@ feature -- Form
api.user_api.user_by_email (l_email) = Void
then
-- Valid email
a_user.set_email (l_email)
a_user.set_email (api.utf_8_encoded (l_email))
else
if attached l_user.email as u_email and then not u_email.is_case_insensitive_equal_general (l_email) then
a_form_data.report_invalid_field ("email", "Email already exist!")

24
modules/admin/handler/user/cms_user_handler.e → modules/admin/handler/user/cms_admin_user_handler.e
View File

@@ -1,12 +1,12 @@
note
description: "[
Handler for a CMS user in the CMS interface
Administration handler for a CMS user in the CMS interface
]"
date: "$Date$"
revision: "$Revision$"
class
CMS_USER_HANDLER
CMS_ADMIN_USER_HANDLER
inherit
CMS_HANDLER
@@ -79,12 +79,10 @@ feature -- HTTP Methods
local
l_user: detachable CMS_USER
l_uid: INTEGER_64
edit_response: CMS_USER_FORM_RESPONSE
view_response: CMS_USER_VIEW_RESPONSE
r: CMS_RESPONSE
edit_response: CMS_ADMIN_USER_FORM_RESPONSE
view_response: CMS_ADMIN_USER_VIEW_RESPONSE
do
create {FORBIDDEN_ERROR_CMS_RESPONSE} r.make (req, res, api)
if r.has_permission ("admin users") then
if api.has_permission ("admin users") then
if req.percent_encoded_path_info.ends_with_general ("/edit") then
check valid_url: req.percent_encoded_path_info.starts_with_general (api.administration_path ("/user/")) end
create edit_response.make (req, res, api)
@@ -111,18 +109,16 @@ feature -- HTTP Methods
end
end
else
r.execute
send_access_denied (req, res)
end
end
do_post (req: WSF_REQUEST; res: WSF_RESPONSE)
local
edit_response: CMS_USER_FORM_RESPONSE
r: CMS_RESPONSE
edit_response: CMS_ADMIN_USER_FORM_RESPONSE
do
create {FORBIDDEN_ERROR_CMS_RESPONSE} r.make (req, res, api)
if r.has_permission ("admin users") then
if api.has_permission ("admin users") then
if req.percent_encoded_path_info.ends_with_general ("/edit") then
create edit_response.make (req, res, api)
edit_response.execute
@@ -138,7 +134,7 @@ feature -- HTTP Methods
edit_response.execute
end
else
r.execute
send_access_denied (req, res)
end
end
@@ -190,7 +186,7 @@ feature {NONE} -- New User
create_new_user (req: WSF_REQUEST; res: WSF_RESPONSE)
local
edit_response: CMS_USER_FORM_RESPONSE
edit_response: CMS_ADMIN_USER_FORM_RESPONSE
do
if req.percent_encoded_path_info.starts_with (api.administration_path ("/add/user")) then
create edit_response.make (req, res, api)

5
modules/admin/handler/user/cms_user_view_response.e → modules/admin/handler/user/cms_admin_user_view_response.e
View File

@@ -1,10 +1,10 @@
note
description: "Summary description for {CMS_USER_VIEW_RESPONSE}."
description: "Summary description for {CMS_ADMIN_USER_VIEW_RESPONSE}."
date: "$Date$"
revision: "$Revision$"
class
CMS_USER_VIEW_RESPONSE
CMS_ADMIN_USER_VIEW_RESPONSE
inherit
CMS_RESPONSE
@@ -27,7 +27,6 @@ feature -- Query
end
end
feature -- Execution
process

5
modules/admin/handler/user/cms_admin_users_handler.e
View File

@@ -73,8 +73,7 @@ feature -- HTTP Methods
-- get them from the configuration file and load them into
-- the setup class.
create {FORBIDDEN_ERROR_CMS_RESPONSE} l_response.make (req, res, api)
if l_response.has_permission ("admin users") then
if api.has_permission ("admin users") then
user_api := api.user_api
l_count := user_api.users_count
@@ -157,7 +156,7 @@ feature -- HTTP Methods
l_response.set_main_content (s)
l_response.execute
else
l_response.execute
send_access_denied (req, res)
end
end
end

4
modules/auth/cms_authentication_email_service.e
View File

@@ -81,7 +81,7 @@ feature -- Basic Operations / Internal
feature -- Basic Operations / Contact
send_account_evaluation (a_user: CMS_USER; a_application, a_url_activate, a_url_reject, a_host: READABLE_STRING_8)
send_account_evaluation (a_user: CMS_USER; a_application: READABLE_STRING_GENERAL; a_url_activate, a_url_reject, a_host: READABLE_STRING_8)
-- Send new user register to webmaster to confirm or reject itt.
local
l_message: STRING
@@ -95,7 +95,7 @@ feature -- Basic Operations / Contact
else
l_message.replace_substring_all ("$email", "unknown email")
end
l_message.replace_substring_all ("$application", a_application)
l_message.replace_substring_all ("$application", cms_api.utf_8_encoded (a_application))
l_message.replace_substring_all ("$activation_url", a_url_activate)
l_message.replace_substring_all ("$rejection_url", a_url_reject)
send_message (contact_email_address, contact_email_address, parameters.contact_subject_account_evaluation, l_message)

11
modules/auth/cms_authentication_email_service_parameters.e
View File

@@ -13,7 +13,6 @@ feature {NONE} -- Initialization
make (a_cms_api: CMS_API)
local
utf: UTF_CONVERTER
s: detachable READABLE_STRING_32
l_utf8_site_name: IMMUTABLE_STRING_8
l_contact_email, l_subject_register, l_subject_activate, l_subject_password, l_subject_oauth: detachable READABLE_STRING_8
@@ -31,23 +30,23 @@ feature {NONE} -- Initialization
if attached a_cms_api.module_configuration_by_name ({CMS_AUTHENTICATION_MODULE}.name, Void) as cfg then
s := cfg.text_item ("email")
if s /= Void then
l_contact_email := utf.utf_32_string_to_utf_8_string_8 (s)
l_contact_email := cms_api.utf_8_encoded (s)
end
s := cfg.text_item ("subject_register")
if s /= Void then
l_subject_register := utf.utf_32_string_to_utf_8_string_8 (s)
l_subject_register := cms_api.utf_8_encoded (s)
end
s := cfg.text_item ("subject_activate")
if s /= Void then
l_subject_register := utf.utf_32_string_to_utf_8_string_8 (s)
l_subject_register := cms_api.utf_8_encoded (s)
end
s := cfg.text_item ("subject_password")
if s /= Void then
l_subject_register := utf.utf_32_string_to_utf_8_string_8 (s)
l_subject_register := cms_api.utf_8_encoded (s)
end
s := cfg.text_item ("subject_oauth")
if s /= Void then
l_subject_oauth := utf.utf_32_string_to_utf_8_string_8 (s)
l_subject_oauth := cms_api.utf_8_encoded (s)
end
end
if l_contact_email = Void then

44
modules/auth/cms_authentication_module.e
View File

@@ -65,6 +65,7 @@ feature -- Access
Result.force ("account reject")
Result.force ("account reactivate")
Result.force ("change own username")
Result.force ("view user")
end
feature {CMS_EXECUTION} -- Administration
@@ -123,6 +124,8 @@ feature -- Router
a_router.handle ("/account/new-password", create {WSF_URI_AGENT_HANDLER}.make (agent handle_new_password(a_api, ?, ?)), a_router.methods_get_post)
a_router.handle ("/account/reset-password", create {WSF_URI_AGENT_HANDLER}.make (agent handle_reset_password(a_api, ?, ?)), a_router.methods_get_post)
a_router.handle ("/account/change/{field}", create {WSF_URI_TEMPLATE_AGENT_HANDLER}.make (agent handle_change_field (a_api, ?, ?)), a_router.methods_get_post)
a_router.handle ("/user/{uid}", create {CMS_USER_HANDLER}.make (a_api), a_router.methods_get)
end
feature -- Hooks configuration
@@ -382,7 +385,7 @@ feature -- Handler
l_exist := True
end
if attached recaptcha_secret_key (api) as l_recaptcha_key then
if attached {WSF_STRING} req.form_parameter ("g-recaptcha-response") as l_recaptcha_response and then is_captcha_verified (l_recaptcha_key, l_recaptcha_response.value) then
if attached {WSF_STRING} req.form_parameter ("g-recaptcha-response") as l_recaptcha_response and then is_captcha_verified (l_recaptcha_key, l_recaptcha_response.url_encoded_value) then
l_captcha_passed := True
else
--| Bad or missing captcha
@@ -428,15 +431,13 @@ feature -- Handler
r.set_status_code ({HTTP_CONSTANTS}.bad_request)
end
else
create {BAD_REQUEST_ERROR_CMS_RESPONSE} r.make (req, res, api)
r.set_main_content ("There were issue with your application, invalid or missing values.")
api.response_api.send_bad_request ("There were issue with your application, invalid or missing values.", req, res)
end
end
r.execute
else
create {FORBIDDEN_ERROR_CMS_RESPONSE} r.make (req, res, api)
r.set_main_content ("You can also contact the webmaster to ask for an account.")
api.response_api.send_permissions_access_denied ("You can also contact the webmaster to ask for an account.", Void, req, res)
end
r.execute
end
handle_activation (api: CMS_API; req: WSF_REQUEST; res: WSF_RESPONSE)
@@ -500,8 +501,7 @@ feature -- Handler
l_ir.execute
end
else
create {FORBIDDEN_ERROR_CMS_RESPONSE} r.make (req, res, api)
r.execute
api.response_api.send_access_denied (Void, req, res)
end
end
@@ -536,8 +536,7 @@ feature -- Handler
l_ir.execute
end
else
create {FORBIDDEN_ERROR_CMS_RESPONSE} r.make (req, res, api)
r.execute
api.response_api.send_access_denied (Void, req, res)
end
end
@@ -551,8 +550,8 @@ feature -- Handler
l_url_reject: STRING
l_email: READABLE_STRING_8
do
create {GENERIC_VIEW_CMS_RESPONSE} r.make (req, res, api)
if r.has_permission ("account reactivate") then
if api.has_permission ("account reactivate") then
create {GENERIC_VIEW_CMS_RESPONSE} r.make (req, res, api)
if req.is_post_request_method then
if attached {WSF_STRING} req.form_parameter ("email") as p_email then
if p_email.value.is_valid_as_string_8 then
@@ -587,11 +586,10 @@ feature -- Handler
end
end
end
else
create {FORBIDDEN_ERROR_CMS_RESPONSE} r.make (req, res, api)
r.execute
else
api.response_api.send_access_denied (Void, req, res)
end
r.execute
end
handle_new_password (api: CMS_API; req: WSF_REQUEST; res: WSF_RESPONSE)
@@ -700,7 +698,7 @@ feature -- Handler
l_fieldname := p_field.url_encoded_value
end
if l_fieldname = Void then
create {BAD_REQUEST_ERROR_CMS_RESPONSE} r.make (req, res, api)
api.response_api.send_bad_request (Void, req, res)
else
create {GENERIC_VIEW_CMS_RESPONSE} r.make (req, res, api)
@@ -814,8 +812,8 @@ feature -- Handler
end
r.set_main_content (b)
end
r.execute
end
r.execute
end
block_list: ITERABLE [like {CMS_BLOCK}.name]
@@ -1118,36 +1116,30 @@ feature -- Access: configuration
form_registration_application_description (api: CMS_API): detachable READABLE_STRING_8
-- Get recaptcha security key.
local
utf: UTF_CONVERTER
do
if attached api.module_configuration (Current, Void) as cfg then
if attached cfg.text_item ("forms.registration.application_description") as l_desc and then not l_desc.is_whitespace then
Result := utf.utf_32_string_to_utf_8_string_8 (l_desc)
Result := api.utf_8_encoded (l_desc)
end
end
end
recaptcha_secret_key (api: CMS_API): detachable READABLE_STRING_8
-- Get recaptcha security key.
local
utf: UTF_CONVERTER
do
if attached api.module_configuration (Current, Void) as cfg then
if attached cfg.text_item ("recaptcha.secret_key") as l_recaptcha_key and then not l_recaptcha_key.is_empty then
Result := utf.utf_32_string_to_utf_8_string_8 (l_recaptcha_key)
Result := api.utf_8_encoded (l_recaptcha_key)
end
end
end
recaptcha_site_key (api: CMS_API): detachable READABLE_STRING_8
-- Get recaptcha security key.
local
utf: UTF_CONVERTER
do
if attached api.module_configuration (Current, Void) as cfg then
if attached cfg.text_item ("recaptcha.site_key") as l_recaptcha_key and then not l_recaptcha_key.is_empty then
Result := utf.utf_32_string_to_utf_8_string_8 (l_recaptcha_key)
Result := api.utf_8_encoded (l_recaptcha_key)
end
end
end

5
modules/auth/cms_authentication_module_administration.e
View File

@@ -54,9 +54,8 @@ feature -- Request handling
-- get them from the configuration file and load them into
-- the setup class.
create {FORBIDDEN_ERROR_CMS_RESPONSE} l_response.make (req, res, api)
if
l_response.has_permission ("admin registration")
api.has_permission ("admin registration")
then
l_user_api := api.user_api
@@ -127,7 +126,7 @@ feature -- Request handling
l_response.set_main_content (s)
l_response.execute
else
l_response.execute
api.response_api.send_access_denied (Void, req, res)
end
end

103
modules/auth/cms_user_handler.e Normal file
View File

@@ -0,0 +1,103 @@
note
description: "[
Handler for a CMS user in the CMS interface
]"
date: "$Date$"
revision: "$Revision$"
class
CMS_USER_HANDLER
inherit
CMS_HANDLER
WSF_URI_HANDLER
rename
execute as uri_execute,
new_mapping as new_uri_mapping
end
WSF_URI_TEMPLATE_HANDLER
rename
execute as uri_template_execute,
new_mapping as new_uri_template_mapping
select
new_uri_template_mapping
end
WSF_RESOURCE_HANDLER_HELPER
redefine
do_get
end
REFACTORING_HELPER
create
make
feature -- execute
execute (req: WSF_REQUEST; res: WSF_RESPONSE)
-- Execute request handler
do
execute_methods (req, res)
end
uri_execute (req: WSF_REQUEST; res: WSF_RESPONSE)
-- Execute request handler
do
execute (req, res)
end
uri_template_execute (req: WSF_REQUEST; res: WSF_RESPONSE)
-- Execute request handler
do
execute (req, res)
end
feature -- Query
user_id_path_parameter (req: WSF_REQUEST): INTEGER_64
-- User id passed as path parameter for request `req'.
local
s: STRING
do
if attached {WSF_STRING} req.path_parameter ("uid") as p_nid then
s := p_nid.value
if s.is_integer_64 then
Result := s.to_integer_64
end
end
end
feature -- HTTP Methods
do_get (req: WSF_REQUEST; res: WSF_RESPONSE)
-- <Precursor>
local
l_user: detachable CMS_USER
l_uid: INTEGER_64
view_response: CMS_USER_VIEW_RESPONSE
do
if api.has_permission ("view user") then
-- Display existing node
l_uid := user_id_path_parameter (req)
if l_uid > 0 then
l_user := api.user_api.user_by_id (l_uid)
if
l_user /= Void
then
create view_response.make (req, res, api)
view_response.execute
else
send_not_found (req, res)
end
else
send_bad_request (req, res)
end
else
send_access_denied (req, res)
end
end
end

103
modules/auth/cms_user_view_response.e Normal file
View File

@@ -0,0 +1,103 @@
note
description: "Summary description for {CMS_USER_VIEW_RESPONSE}."
date: "$Date$"
revision: "$Revision$"
class
CMS_USER_VIEW_RESPONSE
inherit
CMS_RESPONSE
create
make
feature -- Query
user_id_path_parameter (req: WSF_REQUEST): INTEGER_64
-- User id passed as path parameter for request `req'.
local
s: STRING
do
if attached {WSF_STRING} req.path_parameter ("uid") as p_nid then
s := p_nid.value
if s.is_integer_64 then
Result := s.to_integer_64
end
end
end
feature -- Process
process
-- Computed response message.
local
b: STRING_8
uid: INTEGER_64
user_api: CMS_USER_API
f: CMS_FORM
do
user_api := api.user_api
create b.make_empty
uid := user_id_path_parameter (request)
if
uid > 0 and then
attached user_api.user_by_id (uid) as l_user
then
if
api.has_permission ("view user")
or l_user.same_as (user) -- Same user
then
f := new_view_form (l_user, request.request_uri, "view-user")
f.append_to_html (wsf_theme, b)
else
b.append ("You don't have the permission to view this user!")
end
else
b.append ("User not found!")
end
set_main_content (b)
end
feature -- Process Edit
new_view_form (a_user: detachable CMS_USER; a_url: READABLE_STRING_8; a_name: STRING): CMS_FORM
-- Create a web form named `a_name' for user `a_user' (if set), using form action url `a_url'.
local
th: WSF_FORM_HIDDEN_INPUT
do
create Result.make (a_url, a_name)
create th.make ("user-id")
if a_user /= Void then
th.set_text_value (a_user.id.out)
else
th.set_text_value ("0")
end
Result.extend (th)
populate_form (Result, a_user)
end
populate_form (a_form: WSF_FORM; a_user: detachable CMS_USER)
-- Fill the web form `a_form' with data from `a_node' if set,
-- and apply this to content type `a_content_type'.
local
ti: WSF_FORM_TEXT_INPUT
fs: WSF_FORM_FIELD_SET
do
if a_user /= Void then
create fs.make
fs.set_legend ("User Information")
create ti.make_with_text ("profile_name", a_user.name)
if attached a_user.profile_name as l_profile_name then
ti.set_text_value (l_profile_name)
end
ti.set_label ("Profile name")
ti.set_is_readonly (True)
fs.extend (ti)
a_form.extend (fs)
end
end
end

8
modules/blog/handler/blog_user_handler.e
View File

@@ -37,8 +37,6 @@ feature -- HTTP Methods
do_get (req: WSF_REQUEST; res: WSF_RESPONSE)
-- <Precursor>
local
l_error: NOT_FOUND_ERROR_CMS_RESPONSE
do
check user_void: user = Void end
if attached user_from_request (req) as l_user then
@@ -47,13 +45,11 @@ feature -- HTTP Methods
Precursor (req, res)
else
-- Throw a bad request error because the user is not valid
create l_error.make (req, res, api)
if attached user_parameter (req) as l_user_id then
l_error.set_main_content ("<h1>Error</h1>User with id " + api.html_encoded (l_user_id) + " not found!</h1>")
api.response_api.send_not_found ("<h1>Error</h1>User with id " + api.html_encoded (l_user_id) + " not found!</h1>", req, res)
else
l_error.set_main_content ("<h1>Error</h1>User not found!</h1>")
api.response_api.send_not_found ("<h1>Error</h1>User not found!</h1>", req, res)
end
l_error.execute
end
user := Void
end

8
modules/contact/src/cms_contact_module.e
View File

@@ -123,30 +123,26 @@ feature -- Recaptcha
recaptcha_secret_key (api: CMS_API): detachable READABLE_STRING_8
-- Get recaptcha security key.
local
utf: UTF_CONVERTER
do
if attached api.module_configuration (Current, Void) as cfg then
if
attached cfg.text_item ("recaptcha.secret_key") as l_recaptcha_key and then
not l_recaptcha_key.is_empty
then
Result := utf.utf_32_string_to_utf_8_string_8 (l_recaptcha_key)
Result := api.utf_8_encoded (l_recaptcha_key)
end
end
end
recaptcha_site_key (api: CMS_API): detachable READABLE_STRING_8
-- Get recaptcha security key.
local
utf: UTF_CONVERTER
do
if attached api.module_configuration (Current, Void) as cfg then
if
attached cfg.text_item ("recaptcha.site_key") as l_recaptcha_key and then
not l_recaptcha_key.is_empty
then
Result := utf.utf_32_string_to_utf_8_string_8 (l_recaptcha_key)
Result := api.utf_8_encoded (l_recaptcha_key)
end
end
end

7
modules/contact/src/contact_email_service_parameters.e
View File

@@ -13,13 +13,12 @@ feature {NONE} -- Initialization
make (a_cms_api: CMS_API; a_contact_module: CMS_CONTACT_MODULE)
local
utf: UTF_CONVERTER
l_site_name: READABLE_STRING_8
s: detachable READABLE_STRING_32
l_contact_email, l_contact_subject: detachable READABLE_STRING_8
do
-- Use global smtp setting if any, otherwise "localhost"
l_site_name := utf.escaped_utf_32_string_to_utf_8_string_8 (a_cms_api.setup.site_name)
l_site_name := a_cms_api.utf_8_encoded (a_cms_api.setup.site_name)
admin_email := a_cms_api.setup.site_email
if not admin_email.has ('<') then
@@ -29,11 +28,11 @@ feature {NONE} -- Initialization
if attached {CONFIG_READER} a_cms_api.module_configuration (a_contact_module, Void) as cfg then
s := cfg.text_item ("email")
if s /= Void then
l_contact_email := utf.utf_32_string_to_utf_8_string_8 (s)
l_contact_email := a_cms_api.utf_8_encoded (s)
end
s := cfg.text_item ("subject")
if s /= Void then
l_contact_subject := utf.utf_32_string_to_utf_8_string_8 (s)
l_contact_subject := a_cms_api.utf_8_encoded (s)
end
end
if l_contact_email /= Void then

5
modules/contact/src/persistence/contact_storage_fs.e
View File

@@ -25,7 +25,6 @@ feature -- Change
save_contact_message (m: CONTACT_MESSAGE)
local
s: STRING
utf: UTF_CONVERTER
now: DATE_TIME
do
error_handler.reset
@@ -38,7 +37,7 @@ feature -- Change
s.append (m.date.out)
s.append_character ('%N')
s.append ("name=")
s.append (utf.utf_32_string_to_utf_8_string_8 (m.username))
s.append (api.utf_8_encoded (m.username))
s.append_character ('%N')
if attached m.email as l_email then
@@ -47,7 +46,7 @@ feature -- Change
s.append_character ('%N')
end
s.append ("message=%N")
s.append (utf.utf_32_string_to_utf_8_string_8 (m.message))
s.append (api.utf_8_encoded (m.message))
s.append_character ('%N')
save_to_file (s, date_to_yyyymmdd_hhmmss_string (now))

12
modules/embedded_video/src/video_content_filter.e
View File

@@ -253,11 +253,19 @@ feature {NONE} -- Implementation
end
replace_substring_all (s: STRING_GENERAL; a_old: READABLE_STRING_8; a_new: STRING_GENERAL)
local
utf: UTF_CONVERTER
do
if attached {STRING_8} s as s8 then
s8.replace_substring_all (a_old, a_new.to_string_8)
if a_new.is_valid_as_string_8 then
s8.replace_substring_all (a_old, a_new.to_string_8)
else
check a_new_is_string_8: False end
-- Use UTF-8 for now.
s8.replace_substring_all (a_old, utf.utf_32_string_to_utf_8_string_8 (a_new))
end
elseif attached {STRING_32} s as s32 then
s32.replace_substring_all (a_old, a_new)
s32.replace_substring_all (a_old.to_string_32, a_new)
end
end

9
modules/feed_aggregator/feed_aggregator_api.e
View File

@@ -35,7 +35,6 @@ feature -- Access
l_feed_id: READABLE_STRING_32
l_title: detachable READABLE_STRING_GENERAL
l_locations: detachable STRING_TABLE [READABLE_STRING_8]
utf: UTF_CONVERTER
l_table: like internal_aggregations
do
l_table := internal_aggregations
@@ -56,20 +55,20 @@ feature -- Access
across
l_location_list as loc_ic
loop
l_locations.force (utf.utf_32_string_to_utf_8_string_8 (loc_ic.item), loc_ic.item)
l_locations.force (cms_api.utf_8_encoded (loc_ic.item), loc_ic.item)
end
end
if attached cfg.text_table_item ({STRING_32} "feeds." + l_feed_id + ".locations") as l_location_table then
across
l_location_table as loc_tb_ic
loop
l_locations.force (utf.utf_32_string_to_utf_8_string_8 (loc_tb_ic.item), loc_tb_ic.key)
l_locations.force (cms_api.utf_8_encoded (loc_tb_ic.item), loc_tb_ic.key)
end
end
if
attached cfg.text_item ({STRING_32} "feeds." + l_feed_id + ".location") as l_location
then
l_locations.force (utf.utf_32_string_to_utf_8_string_8 (l_location), l_location)
l_locations.force (cms_api.utf_8_encoded (l_location), l_location)
end
if l_locations /= Void and then not l_locations.is_empty then
l_title := cfg.text_item ({STRING_32} "feeds." + l_feed_id + ".title")
@@ -93,7 +92,7 @@ feature -- Access
across
l_locations as loc_ic
loop
agg.locations.force (utf.utf_32_string_to_utf_8_string_8 (loc_ic.item))
agg.locations.force (cms_api.utf_8_encoded (loc_ic.item))
end
Result.force (agg, l_feed_id)
if attached cfg.text_list_item ({STRING_32} "feeds." + l_feed_id + ".categories") as l_cats then

9
modules/feed_aggregator/feed_aggregator_module.e
View File

@@ -98,8 +98,7 @@ feature -- Handle
m.header.put_content_type_text_html
res.send (m)
else
create {NOT_FOUND_ERROR_CMS_RESPONSE} r.make (req, res, a_api)
r.execute
a_api.response_api.send_not_found (Void, req, res)
end
else
create {GENERIC_VIEW_CMS_RESPONSE} r.make (req, res, a_api)
@@ -143,8 +142,7 @@ feature -- Handle
r.execute
end
else
create {NOT_FOUND_ERROR_CMS_RESPONSE} r.make (req, res, a_api)
r.execute
a_api.response_api.send_not_found (Void, req, res)
end
else
create {GENERIC_VIEW_CMS_RESPONSE} r.make (req, res, a_api)
@@ -199,7 +197,6 @@ feature -- Hook
-- List of block names, managed by current object.
local
res: ARRAYED_LIST [like {CMS_BLOCK}.name]
utf_conv: UTF_CONVERTER
do
if
attached feed_aggregator_api as l_feed_api and then
@@ -209,7 +206,7 @@ feature -- Hook
across
l_aggs as ic
loop
res.force ("?feed." + utf_conv.utf_32_string_to_utf_8_string_8 (ic.item))
res.force ("?feed." + utf_8_encoded (ic.item))
end
else
create res.make (0)

19
modules/files/cms_files_module.e
View File

@@ -140,8 +140,8 @@ feature -- Handler
do
check req.is_get_request_method end
if not api.has_permission (browse_files_permission) then
create {FORBIDDEN_ERROR_CMS_RESPONSE} r.make (req, res, api)
r.add_error_message ("You are not allowed to browse CMS files!")
create {FORBIDDEN_ERROR_CMS_RESPONSE} r.make_with_permissions (req, res, api, <<browse_files_permission>>)
r.add_error_message ("You are not allowed to browse files!")
elseif attached {WSF_STRING} req.path_parameter ("filename") as p_filename then
create {GENERIC_VIEW_CMS_RESPONSE} r.make (req, res, api)
@@ -276,7 +276,7 @@ feature -- Handler
body.append ("<form action=%"" + r.url (uploads_location, Void) + "%" class=%"dropzone%">")
body.append ("</form>%N")
body.append ("<a href=%""+ r.url (uploads_location, Void) +"?basic_upload=yes%">Use basic file uploading.</a>%N")
body.append ("<a href=%""+ r.url (uploads_location, Void) + "?basic_upload=yes%">Use basic file uploading.</a>%N")
end
body.append ("</div>")
end
@@ -284,15 +284,15 @@ feature -- Handler
if req.is_get_head_request_method then
-- Build the response.
if r.has_permission (browse_files_permission) then
body.append ("<br/><div class=%"center%"><a class=%"button%" href=%""+ r.url (uploads_location, Void) +"%">Refresh uploaded</a></div>")
body.append ("<br/><div class=%"center%"><a class=%"button%" href=%"" + r.url (uploads_location, Void) + "%">Refresh uploaded</a></div>")
append_uploaded_file_album_to (req, api, body)
else
r.add_warning_message ("You are not allowed to browse files!")
end
end
r.set_main_content (body)
r.execute
elseif req.is_post_request_method then
if api.has_permission (upload_files_permission) then
create {GENERIC_VIEW_CMS_RESPONSE} r.make (req, res, api)
@@ -305,14 +305,13 @@ feature -- Handler
r.set_redirection (r.url (uploads_location, Void))
end
r.set_main_content (body)
r.execute
else
create {FORBIDDEN_ERROR_CMS_RESPONSE} r.make (req, res, api)
r.set_main_content ("You are not allowed to upload file!")
api.response_api.send_permissions_access_denied ("You are not allowed to upload file!", <<upload_files_permission>>, req, res)
end
else
create {BAD_REQUEST_ERROR_CMS_RESPONSE} r.make (req, res, api)
api.response_api.send_bad_request (Void, req, res)
end
r.execute
end
process_uploaded_files (req: WSF_REQUEST; api: CMS_API; a_output: STRING)
@@ -472,7 +471,7 @@ feature -- Handler
do
if attached files_api as l_files_api then
if not api.has_permission (admin_files_permission) then
create {FORBIDDEN_ERROR_CMS_RESPONSE} r.make (req, res, api)
create {FORBIDDEN_ERROR_CMS_RESPONSE} r.make_with_permissions (req, res, api, <<admin_files_permission>>)
r.add_error_message ("You are not allowed to remove file!")
elseif attached {WSF_STRING} req.path_parameter ("filename") as p_filename then
create {GENERIC_VIEW_CMS_RESPONSE} r.make (req, res, api)

12
modules/files/cms_uploaded_file.e
View File

@@ -83,14 +83,16 @@ feature -- Element change
-- sets `a_number' after the name. This is done when the file was already uploaded
local
position: INTEGER_32
new_name: STRING_8
new_name: STRING_32
l_uploaded_file_string_representation: READABLE_STRING_32
do
position := uploaded_file.string_representation.index_of ('.', 1)
l_uploaded_file_string_representation := uploaded_file.string_representation
position := l_uploaded_file_string_representation.index_of ('.', 1)
create new_name.make_empty
new_name := uploaded_file.string_representation.head (position-1)
new_name.append ("_(" + a_number.out + ")")
new_name.append (uploaded_file.string_representation.substring (position, uploaded_file.string_representation.count))
new_name := l_uploaded_file_string_representation.head (position-1)
new_name.append_string_general ("_(" + a_number.out + ")")
new_name.append (l_uploaded_file_string_representation.substring (position, l_uploaded_file_string_representation.count))
location := uploads_directory.extended (new_name)
end

4
modules/google_search_20/src/google_custom_search_module_20.e
View File

@@ -57,15 +57,13 @@ feature -- GCSE Keys
gcse_cx_key (api: CMS_API): detachable READABLE_STRING_8
-- Get google custom search engine id.
local
utf: UTF_CONVERTER
do
if attached api.module_configuration (Current, Void) as cfg then
if
attached cfg.text_item ("gcse.search_engine_id") as l_gcse_cx_key and then
not l_gcse_cx_key.is_empty
then
Result := utf.utf_32_string_to_utf_8_string_8 (l_gcse_cx_key)
Result := api.utf_8_encoded (l_gcse_cx_key)
end
end
end

9
modules/messaging/src/cms_messaging_module.e
View File

@@ -223,12 +223,12 @@ $(document).ready(function() {
local
r: CMS_RESPONSE
do
if api.has_permission ("use messaging") or api.has_permission ("message any user") then
if api.has_permissions (<<"use messaging", "message any user">>) then
create {GENERIC_VIEW_CMS_RESPONSE} r.make (req, res, api)
r.values.force ("messaging", "messaging")
r.set_main_content (new_html_messaging_form (r, api))
else
create {FORBIDDEN_ERROR_CMS_RESPONSE} r.make (req, res, api)
create {FORBIDDEN_ERROR_CMS_RESPONSE} r.make_with_permissions (req, res, api, <<"use messaging", "message any user">>)
end
r.execute
end
@@ -314,7 +314,7 @@ $(document).ready(function() {
end
r.set_main_content (s)
else
create {FORBIDDEN_ERROR_CMS_RESPONSE} r.make (req, res, api)
create {FORBIDDEN_ERROR_CMS_RESPONSE} r.make_with_permissions (req, res, api, <<"message any user">>)
end
r.execute
end
@@ -337,9 +337,8 @@ feature {NONE} -- Contact Message
resolved_template_text (api: CMS_API; a_text: READABLE_STRING_GENERAL; a_target_user: detachable CMS_USER): STRING_8
local
smt: CMS_SMARTY_TEMPLATE_TEXT
utf: UTF_CONVERTER
do
create smt.make (utf.utf_32_string_to_utf_8_string_8 (a_text))
create smt.make (api.utf_8_encoded (a_text))
across
api.builtin_variables as vars_ic
loop

2
modules/node/cms_node_module.e
View File

@@ -372,7 +372,7 @@ feature -- Hooks
loop
if
attached ic.item.typename as l_typename and then
across l_node_typenames as t_ic some t_ic.item.same_string (l_typename) end
across l_node_typenames as t_ic some t_ic.item.same_string_general (l_typename) end
then
if ic.item.entity.is_integer then
nid := ic.item.entity.to_integer_64

6
modules/node/handler/cms_node_type_webform_manager.e
View File

@@ -142,8 +142,8 @@ feature -- Forms ...
ti.set_description ("Optionally specify an alternative URL path by which this content can be accessed.<br/>%NFor example, type 'about' when writing an about page. Use a relative path or the URL alias won't work.")
end
ti.set_text_value (l_uri)
ti.set_placeholder (l_auto_path_alias)
ti.set_text_value (l_uri.to_string_32)
ti.set_placeholder (l_auto_path_alias.to_string_32)
ti.set_validation_action (agent (fd: WSF_FORM_DATA; ia_response: NODE_RESPONSE; ia_node: detachable CMS_NODE)
do
if
@@ -204,7 +204,7 @@ feature -- Forms ...
end
-- Auto path alias / suggestion
create thi.make ("auto_path_alias")
thi.set_text_value (l_auto_path_alias)
thi.set_text_value (l_auto_path_alias.to_string_32)
thi.set_is_readonly (True)
f.insert_before (thi, w)
end

6
modules/node/handler/node_form_response.e
View File

@@ -241,7 +241,11 @@ feature -- Form
if attached fd.string_item ("content") as l_content then
b.append ("<strong>Content:</strong><div class=%"content%">")
if l_format /= Void then
b.append (l_format.formatted_output (l_content))
if l_content.is_valid_as_string_8 then
b.append (l_format.formatted_output (l_content.to_string_8))
else
b.append (l_format.formatted_output (api.utf_8_encoded (l_content)))
end
else
b.append (html_encoded (l_content))
end

17
modules/node/handler/node_handler.e
View File

@@ -75,6 +75,14 @@ feature -- Query
end
end
feature -- Permissions
view_unpublished_permissions (a_node: CMS_NODE): ITERABLE [READABLE_STRING_8]
-- Permissions to view unpublished node `a_node`.
do
Result := <<"view unpublished " + a_node.content_type>>
end
feature -- HTTP Methods
do_get (req: WSF_REQUEST; res: WSF_RESPONSE)
@@ -148,7 +156,7 @@ feature -- HTTP Methods
attached api.user as l_user and then
( node_api.is_author_of_node (l_user, l_node)
or else (
api.user_has_permission (l_user, "view unpublished " + l_node.content_type)
api.user_has_permissions (l_user, view_unpublished_permissions (l_node))
)
)
then
@@ -403,15 +411,10 @@ feature -- Error
send_access_denied_to_unpublished_node (req: WSF_REQUEST; res: WSF_RESPONSE; a_node: CMS_NODE)
-- Forbidden response.
local
r: CMS_RESPONSE
do
create {FORBIDDEN_ERROR_CMS_RESPONSE} r.make (req, res, api)
r.set_main_content ("This content is NOT published!")
r.execute
send_custom_access_denied ("This content is NOT published!", view_unpublished_permissions (a_node), req, res)
end
feature {NONE} -- Node
create_new_node (req: WSF_REQUEST; res: WSF_RESPONSE)

3
modules/node/handler/trash_handler.e
View File

@@ -86,8 +86,7 @@ feature -- HTTP Methods
-- l_page.add_block (create {CMS_CONTENT_BLOCK}.make ("nodes_warning", Void, "/nodes/ is not yet fully implemented<br/>", Void), "highlighted")
l_page.execute
else
create {FORBIDDEN_ERROR_CMS_RESPONSE} l_page.make (req, res, api)
l_page.execute
send_custom_access_denied (Void, <<"view trash", "view any trash", "view own trash">>, req, res)
end
end

15
modules/oauth20/cms_oauth_20_api.e
View File

@@ -83,13 +83,13 @@ feature -- Access: Consumers OAuth20
Result := oauth_20_storage.oauth2_consumers
end
oauth_consumer_by_name (a_name: READABLE_STRING_8): detachable CMS_OAUTH_20_CONSUMER
oauth_consumer_by_name (a_name: READABLE_STRING_GENERAL): detachable CMS_OAUTH_20_CONSUMER
-- Retrieve a consumer by name `a_name', if any.
do
Result := oauth_20_storage.oauth_consumer_by_name (a_name)
end
oauth_consumer_by_callback (a_callback: READABLE_STRING_8): detachable CMS_OAUTH_20_CONSUMER
oauth_consumer_by_callback (a_callback: READABLE_STRING_GENERAL): detachable CMS_OAUTH_20_CONSUMER
-- Retrieve a consumer by callback `a_callback', if any.
do
Result := oauth_20_storage.oauth_consumer_by_callback (a_callback)
@@ -97,7 +97,12 @@ feature -- Access: Consumers OAuth20
feature -- Change: User OAuth20
new_user_oauth2 (a_token: READABLE_STRING_GENERAL; a_user_profile: READABLE_STRING_32; a_user: CMS_USER; a_consumer: READABLE_STRING_GENERAL)
save_oauth_consumer (a_cons: CMS_OAUTH_20_CONSUMER)
do
oauth_20_storage.save_oauth_consumer (a_cons)
end
new_user_oauth2 (a_token: READABLE_STRING_GENERAL; a_user_profile: READABLE_STRING_GENERAL; a_user: CMS_USER; a_consumer: READABLE_STRING_GENERAL)
-- Add a new user with oauth20 using the consumer `a_consumer'.
require
has_id: a_user.has_id
@@ -105,8 +110,7 @@ feature -- Change: User OAuth20
oauth_20_storage.new_user_oauth2 (a_token, a_user_profile, a_user, a_consumer)
end
update_user_oauth2 (a_token: READABLE_STRING_GENERAL; a_user_profile: READABLE_STRING_32; a_user: CMS_USER; a_consumer_table: READABLE_STRING_GENERAL)
update_user_oauth2 (a_token: READABLE_STRING_GENERAL; a_user_profile: READABLE_STRING_GENERAL; a_user: CMS_USER; a_consumer_table: READABLE_STRING_GENERAL)
-- Update user `a_user' with oauth2 for the consumer `a_consumer'.
require
has_id: a_user.has_id
@@ -114,7 +118,6 @@ feature -- Change: User OAuth20
oauth_20_storage.update_user_oauth2 (a_token, a_user_profile, a_user, a_consumer_table)
end
remove_user_oauth2 (a_user: CMS_USER; a_consumer_table: READABLE_STRING_GENERAL)
-- Remove user `a_user' with oauth2 for the consumer `a_consumer'.
require

13
modules/oauth20/cms_oauth_20_consumer.e
View File

@@ -38,8 +38,18 @@ feature {NONE} -- Initialization
set_name ("")
end
feature -- Status report
has_id: BOOLEAN
do
Result := id > 0
end
feature -- Access
id: INTEGER_64
-- unique identifier.
endpoint: READABLE_STRING_8
-- Url that receives the access token request.
@@ -68,9 +78,6 @@ feature -- Access
name: READABLE_STRING_32
-- consumer name.
id: INTEGER_64
-- unique identifier.
feature -- Element change
set_extractor (a_extractor: like extractor)

20
modules/oauth20/cms_oauth_20_module.e
View File

@@ -21,6 +21,8 @@ inherit
oauth20_api
end
CMS_ADMINISTRABLE
CMS_HOOK_BLOCK
SHARED_EXECUTION_ENVIRONMENT
@@ -50,6 +52,13 @@ feature -- Access
name: STRING = "oauth20"
feature {CMS_EXECUTION} -- Administration
administration: CMS_OAUTH_20_MODULE_ADMINISTRATION
do
create Result.make (Current)
end
feature {CMS_API} -- Module Initialization
initialize (a_api: CMS_API)
@@ -130,7 +139,7 @@ feature {CMS_API} -- Module management
end
end
feature {CMS_API} -- Access: API
feature {CMS_API, CMS_MODULE_ADMINISTRATION} -- Access: API
oauth20_api: detachable CMS_OAUTH_20_API
-- <Precursor>
@@ -280,7 +289,7 @@ feature -- Hooks
attached {WSF_STRING} req.cookie (a_oauth20_api.session_token) as l_cookie_token
then
-- Logout OAuth
create l_cookie.make (a_oauth20_api.session_token, l_cookie_token.value)
create l_cookie.make (a_oauth20_api.session_token, l_cookie_token.url_encoded_value)
l_cookie.set_path ("/")
l_cookie.set_max_age (-1)
res.add_cookie (l_cookie)
@@ -386,7 +395,8 @@ feature -- OAuth2 Login with Provider
l_cookie: WSF_COOKIE
es: CMS_AUTHENTICATION_EMAIL_SERVICE
do
if attached {WSF_STRING} req.path_parameter (oauth_callback_path_parameter) as l_callback and then
if
attached {WSF_STRING} req.path_parameter (oauth_callback_path_parameter) as l_callback and then
attached {CMS_OAUTH_20_CONSUMER} a_oauth_api.oauth_consumer_by_callback (l_callback.value) as l_consumer and then
attached {WSF_STRING} req.query_parameter (oauth_code_query_parameter) as l_code
then
@@ -411,7 +421,7 @@ feature -- OAuth2 Login with Provider
a_oauth_api.update_user_oauth2 (l_access_token.token, l_user_profile, p_user, l_consumer.name )
else
-- create a oauth entry
a_oauth_api.new_user_oauth2 (l_access_token.token, l_user_profile, p_user, l_consumer.name )
a_oauth_api.new_user_oauth2 (l_access_token.token, l_user_profile.to_string_32, p_user, l_consumer.name )
end
create l_cookie.make (a_oauth_api.session_token, l_access_token.token)
l_cookie.set_max_age (l_access_token.expires_in)
@@ -468,7 +478,7 @@ feature -- OAuth2 Login with Provider
attached {WSF_STRING} req.form_parameter ("email") as l_email and then
attached r.user as l_user
then
l_user.set_email (l_email.value)
l_user.set_email (api.utf_8_encoded (l_email.value))
a_oauth_api.new_user_oauth2 ("none", "none", l_user, l_consumer.value )
-- TODO send email?
end

178
modules/oauth20/cms_oauth_20_module_administration.e Normal file
View File

@@ -0,0 +1,178 @@
note
description: "Summary description for {CMS_OAUTH_20_MODULE_ADMINISTRATION}."
author: ""
date: "$Date$"
revision: "$Revision$"
class
CMS_OAUTH_20_MODULE_ADMINISTRATION
inherit
CMS_MODULE_ADMINISTRATION [CMS_OAUTH_20_MODULE]
redefine
setup_hooks,
permissions
end
CMS_HOOK_MENU_SYSTEM_ALTER
create
make
feature -- Access
permissions: LIST [READABLE_STRING_8]
-- List of permission ids, used by this module, and declared.
do
Result := Precursor
end
feature {NONE} -- Router/administration
setup_administration_router (a_router: WSF_ROUTER; a_api: CMS_API)
do
a_router.handle ("/oauth20/", create {WSF_URI_AGENT_HANDLER}.make (agent handle_admin_consumers (a_api, ?, ?)), a_router.methods_head_get_post)
a_router.handle ("/oauth20/{consumer}", create {WSF_URI_TEMPLATE_AGENT_HANDLER}.make (agent handle_admin_consumer (a_api, ?, ?)), a_router.methods_head_get_post)
end
feature -- Handle
handle_admin_consumers (a_api: CMS_API; req: WSF_REQUEST; res: WSF_RESPONSE)
local
r: CMS_RESPONSE
s: STRING
do
create {GENERIC_VIEW_CMS_RESPONSE} r.make (req, res, a_api)
create s.make_empty
s.append ("<h1>Consumers</h1>")
if attached module.oauth20_api as l_oauth20_api then
s.append ("<ul>")
across
l_oauth20_api.oauth2_consumers as ic
loop
s.append ("<li>")
s.append ("<a href=%"" + a_api.url (a_api.administration_path ("oauth20/" + ic.item), Void) + "%">")
s.append (ic.item)
s.append ("</a>")
s.append ("</li>")
end
s.append ("</ul>")
end
r.set_main_content (s)
r.execute
end
handle_admin_consumer (a_api: CMS_API; req: WSF_REQUEST; res: WSF_RESPONSE)
local
r: CMS_RESPONSE
s: STRING
f: CMS_FORM
fset: WSF_FORM_FIELD_SET
tf: WSF_FORM_TEXT_INPUT
l_is_protect_predefined_fields: BOOLEAN
do
if attached {WSF_STRING} req.path_parameter ("consumer") as p_consumer then
if
attached module.oauth20_api as l_oauth20_api and then
attached l_oauth20_api.oauth_consumer_by_name (p_consumer.value) as cons
then
l_is_protect_predefined_fields := cons.has_id
create {GENERIC_VIEW_CMS_RESPONSE} r.make (req, res, a_api)
r.add_to_primary_tabs (a_api.administration_link ("Consumers", "oauth20/"))
create s.make_empty
s.append ("<h1>Consumer %"" + a_api.html_encoded (cons.name) + "%"</h1>")
create f.make (req.percent_encoded_path_info, "consumer")
f.set_method_post
create tf.make_with_text ("name", cons.name)
tf.set_label ("Name"); tf.set_is_readonly (l_is_protect_predefined_fields); tf.set_size (70)
f.extend (tf)
create fset.make
fset.set_legend ("Enter expected data")
f.extend (fset)
create tf.make_with_text ("api_key", cons.api_key)
tf.set_label ("API key"); tf.set_size (70)
fset.extend (tf)
create tf.make_with_text ("api_secret", cons.api_secret)
tf.set_label ("API secret")
fset.extend (tf); tf.set_size (70)
fset.extend (create {WSF_FORM_SUBMIT_INPUT}.make_with_text ("op", "Submit"))
create fset.make
fset.set_legend ("Predefine settings (change with care)")
f.extend (fset)
create tf.make_with_text ("authorize_url", cons.authorize_url)
tf.set_label ("Authorize URL"); tf.set_is_readonly (l_is_protect_predefined_fields); tf.set_size (70)
fset.extend (tf)
create tf.make_with_text ("callback_name", cons.callback_name)
tf.set_label ("Callback Name"); tf.set_is_readonly (l_is_protect_predefined_fields); tf.set_size (70)
fset.extend (tf)
create tf.make_with_text ("endpoint", cons.endpoint)
tf.set_label ("Endpoint"); tf.set_is_readonly (l_is_protect_predefined_fields); tf.set_size (70)
fset.extend (tf)
create tf.make_with_text ("extractor", cons.extractor)
tf.set_label ("Extractor"); tf.set_is_readonly (l_is_protect_predefined_fields); tf.set_size (70)
fset.extend (tf)
create tf.make_with_text ("protected_resource_url", cons.protected_resource_url)
tf.set_label ("Protected Resource URL"); tf.set_is_readonly (l_is_protect_predefined_fields); tf.set_size (70)
fset.extend (tf)
create tf.make_with_text ("scope", cons.scope)
tf.set_label ("Scope"); tf.set_is_readonly (l_is_protect_predefined_fields); tf.set_size (70)
fset.extend (tf)
if req.is_get_head_request_method then
f.append_to_html (r.wsf_theme, s)
else
f.submit_actions.extend (agent (fd: WSF_FORM_DATA; i_cons: CMS_OAUTH_20_CONSUMER; i_oauth20_api: CMS_OAUTH_20_API; l_output: STRING)
do
if
attached fd.string_item ("api_key") as l_api_key and then
attached fd.string_item ("api_secret") as l_api_secret
then
i_cons.set_api_key (l_api_key)
i_cons.set_api_secret (l_api_secret)
i_oauth20_api.save_oauth_consumer (i_cons)
l_output.append ("<p>Consumer saved...</p>")
end
end(?, cons, l_oauth20_api, s)
);
f.process (r)
f.append_to_html (r.wsf_theme, s)
end
r.set_main_content (s)
else
create {NOT_FOUND_ERROR_CMS_RESPONSE} r.make (req, res, a_api)
end
else
create {BAD_REQUEST_ERROR_CMS_RESPONSE} r.make (req, res, a_api)
end
r.execute
end
feature -- Hook
setup_hooks (a_hooks: CMS_HOOK_CORE_MANAGER)
-- Module hooks configuration.
do
a_hooks.subscribe_to_menu_system_alter_hook (Current)
end
menu_system_alter (a_menu_system: CMS_MENU_SYSTEM; a_response: CMS_RESPONSE)
-- Hook execution on collection of menu contained by `a_menu_system'
-- for related response `a_response'.
do
if a_response.is_authenticated then
a_menu_system.navigation_menu.extend (create {CMS_LOCAL_LINK}.make ("OAuth20", a_response.api.administration_path_location ("oauth20/")))
-- if a_response.has_permission (permission__manage_feed_aggregator) then
-- a_menu_system.management_menu.extend_into (a_response.api.administration_link ("Feeds (admin)", "feed_aggregator/"), "Admin", "admin")
-- end
end
end
end

13
modules/oauth20/cms_oauth_20_workflow.e
View File

@@ -38,15 +38,14 @@ feature {NONE} -- Initialization
feature -- Access
authorization_url: detachable READABLE_STRING_32
authorization_url: detachable READABLE_STRING_8
-- Obtain the Authorization URL.
do
-- Obtain the Authorization URL
write_debug_log (generator + ".authorization_url Fetching the Authorization URL..!")
if attached api_service.authorization_url (empty_token) as l_authorization_url then
write_debug_log (generator + ".authorization_url: Got the Authorization URL!")
write_debug_log (generator + ".authorization_url:" + l_authorization_url)
Result := l_authorization_url.as_string_32
Result := l_authorization_url
end
end
@@ -77,8 +76,8 @@ feature -- Access
end
end
user_email: detachable READABLE_STRING_32
-- Retrieve user email if any.
user_email: detachable READABLE_STRING_8
-- User email if any.
local
l_json: JSON_CONFIG
do
@@ -91,7 +90,7 @@ feature -- Access
then
Result := l_email.item
elseif attached {JSON_STRING} l_json.item ("email") as l_email then
Result := l_email.unescaped_string_32
Result := l_email.unescaped_string_8
end
end
end
@@ -101,7 +100,7 @@ feature -- Access
access_token: detachable OAUTH_TOKEN
-- JSON representing the access token.
user_profile: detachable READABLE_STRING_32
user_profile: detachable READABLE_STRING_8
-- JSON representing the user profiles.
feature {NONE} -- Implementation

13
modules/oauth20/persistence/cms_oauth_20_storage_i.e
View File

@@ -46,24 +46,29 @@ feature -- Access: Consumers
deferred
end
oauth_consumer_by_name (a_name: READABLE_STRING_8): detachable CMS_OAUTH_20_CONSUMER
oauth_consumer_by_name (a_name: READABLE_STRING_GENERAL): detachable CMS_OAUTH_20_CONSUMER
-- Retrieve a consumer by name `a_name', if any.
deferred
end
oauth_consumer_by_callback (a_callback: READABLE_STRING_8): detachable CMS_OAUTH_20_CONSUMER
oauth_consumer_by_callback (a_callback: READABLE_STRING_GENERAL): detachable CMS_OAUTH_20_CONSUMER
-- Retrieve a consumer by callback `a_callback', if any.
deferred
end
feature -- Change: User Oauth2
new_user_oauth2 (a_token: READABLE_STRING_GENERAL; a_user_profile: READABLE_STRING_32; a_user: CMS_USER; a_consumer_table: READABLE_STRING_GENERAL)
save_oauth_consumer (a_cons: CMS_OAUTH_20_CONSUMER)
-- Save consumer `a_cons`.
deferred
end
new_user_oauth2 (a_token: READABLE_STRING_GENERAL; a_user_profile: READABLE_STRING_GENERAL; a_user: CMS_USER; a_consumer_table: READABLE_STRING_GENERAL)
-- Add a new user with oauth2 authentication.
deferred
end
update_user_oauth2 (a_token: READABLE_STRING_GENERAL; a_user_profile: READABLE_STRING_32; a_user: CMS_USER; a_consumer_table: READABLE_STRING_GENERAL )
update_user_oauth2 (a_token: READABLE_STRING_GENERAL; a_user_profile: READABLE_STRING_GENERAL; a_user: CMS_USER; a_consumer_table: READABLE_STRING_GENERAL )
-- Update user `a_user' with oauth2 authentication.
deferred
end

14
modules/oauth20/persistence/cms_oauth_20_storage_null.e
View File

@@ -37,7 +37,7 @@ feature -- Access: Users
do
end
user_oauth2_without_consumer_by_token (a_token: READABLE_STRING_GENERAL ): detachable CMS_USER
user_oauth2_without_consumer_by_token (a_token: READABLE_STRING_GENERAL): detachable CMS_USER
do
end
@@ -48,24 +48,28 @@ feature -- Access: Consumers
create {ARRAYED_LIST [STRING]} Result.make (0)
end
oauth_consumer_by_name (a_name: READABLE_STRING_8): detachable CMS_OAUTH_20_CONSUMER
oauth_consumer_by_name (a_name: READABLE_STRING_GENERAL): detachable CMS_OAUTH_20_CONSUMER
-- Retrieve a consumer by name `a_name', if any.
do
end
oauth_consumer_by_callback (a_callback: READABLE_STRING_8): detachable CMS_OAUTH_20_CONSUMER
oauth_consumer_by_callback (a_callback: READABLE_STRING_GENERAL): detachable CMS_OAUTH_20_CONSUMER
-- Retrieve a consumer by callback `a_callback', if any.
do
end
feature -- Change: User Oauth2
new_user_oauth2 (a_token: READABLE_STRING_GENERAL; a_user_profile: READABLE_STRING_32; a_user: CMS_USER; a_consumer_table: READABLE_STRING_GENERAL)
save_oauth_consumer (a_cons: CMS_OAUTH_20_CONSUMER)
do
end
new_user_oauth2 (a_token: READABLE_STRING_GENERAL; a_user_profile: READABLE_STRING_GENERAL; a_user: CMS_USER; a_consumer_table: READABLE_STRING_GENERAL)
-- Add a new user with oauth2 authentication.
do
end
update_user_oauth2 (a_token: READABLE_STRING_GENERAL; a_user_profile: READABLE_STRING_32; a_user: CMS_USER; a_consumer_table: READABLE_STRING_GENERAL )
update_user_oauth2 (a_token: READABLE_STRING_GENERAL; a_user_profile: READABLE_STRING_GENERAL; a_user: CMS_USER; a_consumer_table: READABLE_STRING_GENERAL )
-- Update user `a_user' with oauth2 authentication.
do
end

41
modules/oauth20/persistence/cms_oauth_20_storage_sql.e
View File

@@ -148,7 +148,7 @@ feature --Access: Consumers
sql_finalize
end
oauth_consumer_by_name (a_name: READABLE_STRING_8): detachable CMS_OAUTH_20_CONSUMER
oauth_consumer_by_name (a_name: READABLE_STRING_GENERAL): detachable CMS_OAUTH_20_CONSUMER
-- Retrieve a consumer by name `a_name', if any.
local
l_parameters: STRING_TABLE [detachable ANY]
@@ -169,7 +169,7 @@ feature --Access: Consumers
sql_finalize
end
oauth_consumer_by_callback (a_callback: READABLE_STRING_8): detachable CMS_OAUTH_20_CONSUMER
oauth_consumer_by_callback (a_callback: READABLE_STRING_GENERAL): detachable CMS_OAUTH_20_CONSUMER
-- Retrieve a consumer by callback `a_callback', if any.
local
l_parameters: STRING_TABLE [detachable ANY]
@@ -192,7 +192,37 @@ feature --Access: Consumers
feature -- Change: User OAuth
new_user_oauth2 (a_token: READABLE_STRING_GENERAL; a_user_profile: READABLE_STRING_32; a_user: CMS_USER; a_consumer: READABLE_STRING_GENERAL)
save_oauth_consumer (a_cons: CMS_OAUTH_20_CONSUMER)
-- Save consumer `a_cons`.
local
l_parameters: STRING_TABLE [detachable ANY]
do
error_handler.reset
if a_cons.has_id then
create l_parameters.make (10)
l_parameters.put (a_cons.id, "cid")
else
create l_parameters.make (9)
end
l_parameters.put (a_cons.name, "name")
l_parameters.put (a_cons.api_secret, "api_secret")
l_parameters.put (a_cons.api_key, "api_key")
l_parameters.put (a_cons.scope, "scope")
l_parameters.put (a_cons.protected_resource_url, "protected_resource_url")
l_parameters.put (a_cons.callback_name, "callback_name")
l_parameters.put (a_cons.extractor, "extractor")
l_parameters.put (a_cons.authorize_url, "authorize_url")
l_parameters.put (a_cons.endpoint, "endpoint")
if a_cons.has_id then
sql_modify (sql_update_oauth2_consumers, l_parameters)
else
sql_insert (sql_insert_oauth2_consumers, l_parameters)
end
sql_finalize
end
new_user_oauth2 (a_token: READABLE_STRING_GENERAL; a_user_profile: READABLE_STRING_GENERAL; a_user: CMS_USER; a_consumer: READABLE_STRING_GENERAL)
-- Add a new user with oauth2 authentication.
-- <Precursor>.
local
@@ -210,7 +240,6 @@ feature -- Change: User OAuth
l_parameters.put (create {DATE_TIME}.make_now_utc, "utc_date")
l_parameters.put (a_user.email, "email")
create l_string.make_from_string (sql_insert_oauth2_template)
l_string.replace_substring_all ("$table_name", oauth2_sql_table_name (a_consumer))
sql_insert (l_string, l_parameters)
@@ -356,4 +385,8 @@ feature {NONE} -- Consumer
Sql_oauth_consumer_name: STRING = "SELECT * FROM oauth2_consumers where name =:name;"
sql_insert_oauth2_consumers: STRING = "INSERT INTO oauth2_consumers (name, api_secret, api_key, scope, protected_resource_url, callback_name, extractor, authorize_url, endpoint) VALUES (:name, :api_secret, :api_key, :scope, :protected_resource_url, :callback_name, :extractor, :authorize_url, :endpoint);"
sql_update_oauth2_consumers: STRING = "UPDATE oauth2_consumers SET name = :name, api_secret = :api_secret, api_key = :api_key, scope = :scope, protected_resource_url = :protected_resource_url, callback_name = :callback_name, extractor = :extractor, authorize_url = :authorize_url, endpoint = :endpoint WHERE cid = :cid;"
end

2
modules/oauth20/site/templates/block_login.tpl
View File

@@ -1,7 +1,7 @@
<div class="primary-tabs">
<div>
{foreach item="item" from="$oauth_consumers"}
<a href="{$site_url/}account/login-with-oauth/{$item/}">Login with {$item/}</a><br>
<a href="{$site_url/}account/auth/login-with-oauth/{$item/}">Login with {$item/}</a><br>
{/foreach}
</div>
</div>

2
modules/openid/cms_openid_api.e
View File

@@ -79,7 +79,7 @@ feature -- Access: Consumers OAuth20
Result := openid_storage.openid_consumers
end
openid_consumer_by_name (a_name: READABLE_STRING_8): detachable CMS_OPENID_CONSUMER
openid_consumer_by_name (a_name: READABLE_STRING_GENERAL): detachable CMS_OPENID_CONSUMER
-- Retrieve a consumer by name `a_name', if any.
do
Result := openid_storage.openid_consumer_by_name (a_name)

12
modules/openid/cms_openid_module.e
View File

@@ -226,7 +226,7 @@ feature -- Hooks
create o.make (req.absolute_script_url ("/account/auth/login-with-openid"))
o.ask_email (True)
o.ask_all_info (False)
if attached o.auth_url (p_openid) as l_url then
if p_openid.is_valid_as_string_8 and then attached o.auth_url (p_openid.to_string_8) as l_url then
r.set_redirection (l_url)
else
s.append (" Failure")
@@ -248,7 +248,7 @@ feature -- Hooks
attached {WSF_STRING} req.cookie (a_openid_api.session_token) as l_cookie_token
then
-- Logout OAuth
create l_cookie.make (a_openid_api.session_token, l_cookie_token.value)
create l_cookie.make (a_openid_api.session_token, l_cookie_token.url_encoded_value)
l_cookie.set_path ("/")
l_cookie.set_max_age (-1)
res.add_cookie (l_cookie)
@@ -335,6 +335,7 @@ feature -- Openid Login
b: STRING
o: OPENID_CONSUMER
v: OPENID_CONSUMER_VALIDATION
l_email: STRING_8
do
create {GENERIC_VIEW_CMS_RESPONSE} r.make (req, res, api)
create b.make_empty
@@ -346,8 +347,9 @@ feature -- Openid Login
v.validate
if v.is_valid then
if attached v.identity as l_identity and then
attached v.email_attribute as l_email
attached v.email_attribute as l_email_attrib
then
l_email := api.utf_8_encoded (l_email_attrib)
l_user_api := api.user_api
if attached l_user_api.user_by_email (l_email) as p_user then
-- User with email exist
@@ -355,7 +357,7 @@ feature -- Openid Login
-- Update openid entry?
else
-- create a oauth entry
a_openid_api.new_user_openid (l_identity,p_user)
a_openid_api.new_user_openid (l_identity, p_user)
end
create l_cookie.make (a_openid_api.session_token, l_identity)
l_cookie.set_max_age (a_openid_api.session_max_age)
@@ -368,7 +370,7 @@ feature -- Openid Login
l_roles.force (l_user_api.authenticated_user_role)
-- Create a new user and oauth entry
create l_user.make (l_email)
create l_user.make (l_email_attrib)
l_user.set_email (l_email)
l_user.set_password (new_token) -- generate a random password.
l_user.set_roles (l_roles)

4
modules/openid/persitence/cms_openid_storage_i.e
View File

@@ -37,7 +37,7 @@ feature -- Access: Consumers
deferred
end
openid_consumer_by_name (a_name: READABLE_STRING_8): detachable CMS_OPENID_CONSUMER
openid_consumer_by_name (a_name: READABLE_STRING_GENERAL): detachable CMS_OPENID_CONSUMER
-- Retrieve a consumer by name `a_name', if any.
deferred
end
@@ -49,6 +49,6 @@ feature -- Change: User Oauth2
deferred
end
end

2
modules/openid/persitence/cms_openid_storage_null.e
View File

@@ -39,7 +39,7 @@ feature -- Access: Consumers
create {ARRAYED_LIST[STRING]}Result.make(0)
end
openid_consumer_by_name (a_name: READABLE_STRING_8): detachable CMS_OPENID_CONSUMER
openid_consumer_by_name (a_name: READABLE_STRING_GENERAL): detachable CMS_OPENID_CONSUMER
-- <Precursor>
do
end

2
modules/openid/persitence/cms_openid_storage_sql.e
View File

@@ -99,7 +99,7 @@ feature --Access: Consumers
sql_finalize
end
openid_consumer_by_name (a_name: READABLE_STRING_8): detachable CMS_OPENID_CONSUMER
openid_consumer_by_name (a_name: READABLE_STRING_GENERAL): detachable CMS_OPENID_CONSUMER
-- Retrieve a consumer by name `a_name', if any.
local
l_parameters: STRING_TABLE [detachable ANY]

13
modules/recent_changes/cms_recent_changes_module.e
View File

@@ -141,7 +141,7 @@ feature -- Hook
create s.make_empty
if attached ch.information as l_information then
s.append (l_information)
s.append_string_general (l_information)
end
if attached ch.summary as sum then
if not s.is_empty then
@@ -248,9 +248,9 @@ feature -- Handler
l_size := 25
end
create {GENERIC_VIEW_CMS_RESPONSE} r.make (req, res, api)
if r.has_permission ("view recent changes") then
l_user := r.user
if api.has_permission ("view recent changes") then
create {GENERIC_VIEW_CMS_RESPONSE} r.make (req, res, api)
l_user := api.user
create l_changes.make (l_size, l_until_date, l_filter_source)
create l_content.make (1024)
@@ -406,11 +406,10 @@ feature -- Handler
create htdate.make_from_date_time (l_until_date)
r.set_title ("Recent changes before " + htdate.string)
end
r.execute
else
create {FORBIDDEN_ERROR_CMS_RESPONSE} r.make (req, res, api)
api.response_api.send_permissions_access_denied (Void, <<"view recent changes">>, req, res)
end
r.execute
end
feature -- Hooks configuration

3
modules/sitemap/cms_sitemap_module.e
View File

@@ -123,8 +123,7 @@ feature -- Handler
mesg.set_payload (l_sitemap_xml)
res.send (mesg)
else
create {NOT_FOUND_ERROR_CMS_RESPONSE} r.make (req, res, api)
r.execute
api.response_api.send_not_found (Void, req, res)
end
end
end

4
modules/taxonomy/handler/taxonomy_handler.e
View File

@@ -143,11 +143,11 @@ feature -- HTTP Methods
s.append ("No entity found.")
end
l_page.set_main_content (s)
l_page.execute
else
-- Responding with `main_content_html (l_page)'.
create {NOT_FOUND_ERROR_CMS_RESPONSE} l_page.make (req, res, api)
send_not_found (req, res)
end
l_page.execute
else
-- Responding with `main_content_html (l_page)'.
create {BAD_REQUEST_ERROR_CMS_RESPONSE} l_page.make (req, res, api)

8
modules/taxonomy/handler/taxonomy_vocabulary_admin_handler.e
View File

@@ -277,13 +277,13 @@ feature -- HTTP Methods
l_typename := ic.item.name
create w_cb.make_with_value ("typenames[]", api.html_encoded (l_typename))
w_cb.set_title (ic.item.name)
w_cb.set_title (ic.item.name.to_string_32)
wtb_row.set_item (create {WSF_WIDGET_TABLE_ITEM}.make_with_content (w_cb), 1)
v := Void
if
l_typenames /= Void and then
across l_typenames as tn_ic some l_typename.is_case_insensitive_equal (tn_ic.item) end
across l_typenames as tn_ic some l_typename.is_case_insensitive_equal_general (tn_ic.item) end
then
w_cb.set_checked (True)
if attached taxonomy_api.vocabularies_for_type (l_typename) as v_list then
@@ -319,11 +319,11 @@ feature -- HTTP Methods
create s.make_empty
f.append_to_html (l_page.wsf_theme, s)
l_page.set_main_content (s)
l_page.execute
else
-- Responding with `main_content_html (l_page)'.
create {NOT_FOUND_ERROR_CMS_RESPONSE} l_page.make (req, res, api)
send_not_found (req, res)
end
l_page.execute
end
do_get_vocabularies (req: WSF_REQUEST; res: WSF_RESPONSE)

4
modules/taxonomy/handler/taxonomy_vocabulary_handler.e
View File

@@ -99,11 +99,11 @@ feature -- HTTP Methods
end
s.append ("</ul>")
l_page.set_main_content (s)
l_page.execute
else
-- Responding with `main_content_html (l_page)'.
create {NOT_FOUND_ERROR_CMS_RESPONSE} l_page.make (req, res, api)
send_not_found (req, res)
end
l_page.execute
else
-- Responding with `main_content_html (l_page)'.
create {GENERIC_VIEW_CMS_RESPONSE} l_page.make (req, res, api)