backup/ROC
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Updated user.sql added tabled auth_temp_users.

Browse Source 
Added CMS_TEMP_USER as part of the core.
Moved the code from CMS_TEMP_USER_API and CMS_TEMP_USER_STORAGE_* to
CMS_USER_API and CMS_USER_STORAGE_*.
This commit is contained in:
jvelilla
2016-01-12 09:34:39 -03:00
parent 0cf6e59a76
commit f244e86f13
13 changed files with 724 additions and 914 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
examples/demo/site/scripts/user.sql
View File

@@ -46,3 +46,18 @@ CREATE TABLE `users_password_recovery` (
CONSTRAINT `token` UNIQUE (`token`) CONSTRAINT `token` UNIQUE (`token`)
); );
CREATE TABLE `auth_temp_users` (
`uid` INTEGER PRIMARY KEY AUTO_INCREMENT NOT NULL,
`name` VARCHAR(100) NOT NULL,
`password` VARCHAR(100) NOT NULL,
`salt` VARCHAR(100) NOT NULL,
`email` VARCHAR(250) NOT NULL,
`application` TEXT NOT NULL,
CONSTRAINT `name`
UNIQUE(`name`)
);

0
modules/auth/model/cms_temp_user.e → library/model/src/user/cms_temp_user.e
View File

10
library/persistence/mysql/scripts/user.sql
View File

@@ -61,6 +61,16 @@ CREATE TABLE `users_password_recovery` (
UNIQUE KEY `token` (`token`) UNIQUE KEY `token` (`token`)
); );
CREATE TABLE `auth_temp_users` (
`uid` INTEGER PRIMARY KEY AUTO_INCREMENT NOT NULL,
`name` VARCHAR(100) NOT NULL,
`password` VARCHAR(100) NOT NULL,
`salt` VARCHAR(100) NOT NULL,
`email` VARCHAR(250) NOT NULL,
`application` TEXT NOT NULL,
CONSTRAINT `name`
UNIQUE(`name`)
);
COMMIT; COMMIT;

28
modules/auth/auth-safe.ecf
View File

@@ -1,35 +1,35 @@
<?xml version="1.0" encoding="ISO-8859-1"?> <?xml version="1.0" encoding="ISO-8859-1"?>
<system xmlns="http://www.eiffel.com/developers/xml/configuration-1-13-0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.eiffel.com/developers/xml/configuration-1-13-0 http://www.eiffel.com/developers/xml/configuration-1-13-0.xsd" name="auth_module" uuid="AAB9EE7D-A671-4727-8658-D417A48B2B57" library_target="auth_module"> <system xmlns="http://www.eiffel.com/developers/xml/configuration-1-15-0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.eiffel.com/developers/xml/configuration-1-15-0 http://www.eiffel.com/developers/xml/configuration-1-15-0.xsd" name="auth_module" uuid="AAB9EE7D-A671-4727-8658-D417A48B2B57" library_target="auth_module">
<target name="auth_module"> <target name="auth_module">
<root all_classes="true"/> <root all_classes="true"/>
<file_rule> <file_rule>
<exclude>/.git$</exclude> <exclude>/.git$</exclude>
<exclude>/EIFGENs$</exclude>
<exclude>/.svn$</exclude> <exclude>/.svn$</exclude>
<exclude>/EIFGENs$</exclude>
</file_rule> </file_rule>
<option warning="true" full_class_checking="true" is_attached_by_default="true" void_safety="all" syntax="standard"> <option warning="true" full_class_checking="true" is_attached_by_default="true" is_obsolete_routine_type="true" void_safety="all" syntax="standard">
</option> </option>
<library name="apis" location="$ISE_LIBRARY\contrib\library\web\authentication\oauth\cypress\consumer\apis\apis.ecf" readonly="false"/>
<library name="base" location="$ISE_LIBRARY\library\base\base-safe.ecf"/> <library name="base" location="$ISE_LIBRARY\library\base\base-safe.ecf"/>
<library name="cms" location="..\..\cms-safe.ecf" readonly="false"/> <library name="cms" location="..\..\cms-safe.ecf" readonly="false"/>
<library name="cms_app_env" location="..\..\library\app_env\app_env-safe.ecf" readonly="false"/> <library name="cms_app_env" location="..\..\library\app_env\app_env-safe.ecf" readonly="false"/>
<library name="cms_model" location="..\..\library\model\cms_model-safe.ecf" readonly="false"/> <library name="cms_model" location="..\..\library\model\cms_model-safe.ecf" readonly="false"/>
<library name="config" location="..\..\library\configuration\config-safe.ecf"/> <library name="config" location="..\..\library\configuration\config-safe.ecf"/>
<library name="cypress_consumer" location="$ISE_LIBRARY\contrib\library\web\authentication\oauth\cypress\consumer-safe.ecf" readonly="false"/>
<library name="email_service" location="..\..\library\email\email-safe.ecf"/>
<library name="encoder" location="$ISE_LIBRARY\contrib\library\web\framework\ewf\text\encoder\encoder-safe.ecf"/> <library name="encoder" location="$ISE_LIBRARY\contrib\library\web\framework\ewf\text\encoder\encoder-safe.ecf"/>
<library name="error" location="$ISE_LIBRARY\contrib\library\utility\general\error\error-safe.ecf"/>
<library name="http" location="$ISE_LIBRARY\contrib\library\network\protocol\http\http-safe.ecf"/> <library name="http" location="$ISE_LIBRARY\contrib\library\network\protocol\http\http-safe.ecf"/>
<library name="json" location="$ISE_LIBRARY\contrib\library\text\parser\json\library\json-safe.ecf" readonly="false"/>
<library name="recaptcha" location="..\..\library\recaptcha\recaptcha-safe.ecf"/>
<library name="time" location="$ISE_LIBRARY\library\time\time-safe.ecf"/> <library name="time" location="$ISE_LIBRARY\library\time\time-safe.ecf"/>
<library name="wsf" location="$ISE_LIBRARY\contrib\library\web\framework\ewf\wsf\wsf-safe.ecf"/> <library name="wsf" location="$ISE_LIBRARY\contrib\library\web\framework\ewf\wsf\wsf-safe.ecf"/>
<library name="wsf_extension" location="$ISE_LIBRARY\contrib\library\web\framework\ewf\wsf\wsf_extension-safe.ecf" readonly="false"/> <library name="wsf_extension" location="$ISE_LIBRARY\contrib\library\web\framework\ewf\wsf\wsf_extension-safe.ecf" readonly="false"/>
<library name="wsf_html" location="$ISE_LIBRARY\contrib\library\web\framework\ewf\wsf_html\wsf_html-safe.ecf" readonly="false"/> <library name="wsf_html" location="$ISE_LIBRARY\contrib\library\web\framework\ewf\wsf_html\wsf_html-safe.ecf" readonly="false"/>
<library name="error" location="$ISE_LIBRARY\contrib\library\utility\general\error\error-safe.ecf"/> <cluster name="src" location=".\" recursive="true">
<file_rule>
<library name="email_service" location="..\..\library\email\email-safe.ecf"/> <exclude>^persistence$</exclude>
<library name="recaptcha" location="..\..\library\recaptcha\recaptcha-safe.ecf"/> </file_rule>
</cluster>
<library name="apis" location="$ISE_LIBRARY\contrib\library\web\authentication\oauth\cypress\consumer\apis\apis.ecf" readonly="false"/>
<library name="cypress_consumer" location="$ISE_LIBRARY\contrib\library\web\authentication\oauth\cypress\consumer-safe.ecf" readonly="false"/>
<library name="json" location="$ISE_LIBRARY\contrib\library\text\parser\json\library\json-safe.ecf" readonly="false"/>
<cluster name="src" location=".\" recursive="true"/>
</target> </target>
</system> </system>

105
modules/auth/cms_authentication_module.e
View File

@@ -9,14 +9,9 @@ class
inherit inherit
CMS_MODULE CMS_MODULE
rename
module_api as auth_api
redefine redefine
setup_hooks, setup_hooks,
permissions, permissions
initialize,
install,
auth_api
end end
CMS_HOOK_AUTO_REGISTER CMS_HOOK_AUTO_REGISTER
@@ -85,52 +80,6 @@ feature -- Access: docs
Result := cache_duration = 0 Result := cache_duration = 0
end end
feature {CMS_API} -- Module Initialization
initialize (a_api: CMS_API)
-- <Precursor>
local
l_auth_api: like auth_api
l_user_auth_storage: CMS_TEMP_USER_STORAGE_I
do
Precursor (a_api)
-- Storage initialization
if attached a_api.storage.as_sql_storage as l_storage_sql then
create {CMS_TEMP_USER_STORAGE_SQL} l_user_auth_storage.make (l_storage_sql)
else
-- FIXME: in case of NULL storage, should Current be disabled?
create {CMS_TEMP_USER_STORAGE_NULL} l_user_auth_storage
end
-- API initialization
create l_auth_api.make_with_storage (a_api, l_user_auth_storage)
auth_api := l_auth_api
ensure then
auth_api_set: auth_api /= Void
end
install (api: CMS_API)
do
-- Schema
if attached api.storage.as_sql_storage as l_sql_storage then
if not l_sql_storage.sql_table_exists ("auth_temp_users") then
--| Schema
l_sql_storage.sql_execute_file_script (api.module_resource_location (Current, (create {PATH}.make_from_string ("scripts")).extended ("auth_temp_users.sql")), Void)
if l_sql_storage.has_error then
api.logger.put_error ("Could not initialize database for auth_module", generating_type)
end
end
l_sql_storage.sql_finalize
Precursor {CMS_MODULE} (api)
end
end
feature {CMS_API} -- Access: API
auth_api: detachable CMS_TEMP_USER_API
-- <Precursor>
feature -- Router feature -- Router
setup_router (a_router: WSF_ROUTER; a_api: CMS_API) setup_router (a_router: WSF_ROUTER; a_api: CMS_API)
@@ -261,16 +210,16 @@ feature -- Handler
l_captcha_passed: BOOLEAN l_captcha_passed: BOOLEAN
do do
create {GENERIC_VIEW_CMS_RESPONSE} r.make (req, res, api) create {GENERIC_VIEW_CMS_RESPONSE} r.make (req, res, api)
if r.has_permission ("account register") and then attached auth_api as l_auth_api then if r.has_permission ("account register") then
if req.is_post_request_method then if req.is_post_request_method then
if attached {WSF_STRING} req.form_parameter ("name") as l_name and then attached {WSF_STRING} req.form_parameter ("password") as l_password and then attached {WSF_STRING} req.form_parameter ("email") as l_email and then attached {WSF_STRING} req.form_parameter ("personal_information") as l_personal_information then if attached {WSF_STRING} req.form_parameter ("name") as l_name and then attached {WSF_STRING} req.form_parameter ("password") as l_password and then attached {WSF_STRING} req.form_parameter ("email") as l_email and then attached {WSF_STRING} req.form_parameter ("personal_information") as l_personal_information then
l_user_api := api.user_api l_user_api := api.user_api
if attached l_user_api.user_by_name (l_name.value) or else attached l_auth_api.user_by_name (l_name.value) then if attached l_user_api.user_by_name (l_name.value) or else attached l_user_api.temp_user_by_name (l_name.value) then
-- Username already exist. -- Username already exist.
r.set_value ("User name already exists!", "error_name") r.set_value ("User name already exists!", "error_name")
l_exist := True l_exist := True
end end
if attached l_user_api.user_by_email (l_email.value) or else attached l_auth_api.user_by_email (l_email.value) then if attached l_user_api.user_by_email (l_email.value) or else attached l_user_api.temp_user_by_email (l_email.value) then
-- Emails already exist. -- Emails already exist.
r.set_value ("An account is already associated with that email address!", "error_email") r.set_value ("An account is already associated with that email address!", "error_email")
l_exist := True l_exist := True
@@ -293,7 +242,7 @@ feature -- Handler
u.set_email (l_email.value) u.set_email (l_email.value)
u.set_password (l_password.value) u.set_password (l_password.value)
u.set_personal_information (l_personal_information.value) u.set_personal_information (l_personal_information.value)
l_auth_api.new_temp_user (u) l_user_api.new_temp_user (u)
-- Create activation token -- Create activation token
l_token := new_token l_token := new_token
@@ -332,25 +281,24 @@ feature -- Handler
l_ir: INTERNAL_SERVER_ERROR_CMS_RESPONSE l_ir: INTERNAL_SERVER_ERROR_CMS_RESPONSE
es: CMS_AUTHENTICATON_EMAIL_SERVICE es: CMS_AUTHENTICATON_EMAIL_SERVICE
do do
if attached auth_api as l_auth_api then
l_user_api := api.user_api l_user_api := api.user_api
create {GENERIC_VIEW_CMS_RESPONSE} r.make (req, res, api) create {GENERIC_VIEW_CMS_RESPONSE} r.make (req, res, api)
if r.has_permission ("account activate") then if r.has_permission ("account activate") then
if attached {WSF_STRING} req.path_parameter ("token") as l_token then if attached {WSF_STRING} req.path_parameter ("token") as l_token then
if attached {CMS_TEMP_USER} l_auth_api.user_by_activation_token (l_token.value) as l_user then if attached {CMS_TEMP_USER} l_user_api.temp_user_by_activation_token (l_token.value) as l_user then
-- TODO copy the personal information -- TODO copy the personal information
--! to CMS_USER_PROFILE and persist data --! to CMS_USER_PROFILE and persist data
--! check also CMS_USER.data_items --! check also CMS_USER.data_items
-- Delete temporal User -- Delete temporal User
l_auth_api.delete_temp_user (l_user) l_user_api.delete_temp_user (l_user)
-- Valid user_id -- Valid user_id
l_user.set_id (0) l_user.set_id (0)
l_user.mark_active l_user.mark_active
l_auth_api.new_user_from_temp_user (l_user) l_user_api.new_user_from_temp_user (l_user)
l_auth_api.remove_activation (l_token.value) l_user_api.remove_activation (l_token.value)
r.set_main_content ("<p> The account <i>" + l_user.name + "</i> has been activated</p>") r.set_main_content ("<p> The account <i>" + l_user.name + "</i> has been activated</p>")
-- Send Email -- Send Email
if attached l_user.email as l_email then if attached l_user.email as l_email then
@@ -372,10 +320,6 @@ feature -- Handler
create {FORBIDDEN_ERROR_CMS_RESPONSE} r.make (req, res, api) create {FORBIDDEN_ERROR_CMS_RESPONSE} r.make (req, res, api)
r.execute r.execute
end end
else
create {INTERNAL_SERVER_ERROR_CMS_RESPONSE} r.make (req, res, api)
r.execute
end
end end
handle_reject (api: CMS_API; req: WSF_REQUEST; res: WSF_RESPONSE) handle_reject (api: CMS_API; req: WSF_REQUEST; res: WSF_RESPONSE)
@@ -383,13 +327,14 @@ feature -- Handler
r: CMS_RESPONSE r: CMS_RESPONSE
l_ir: INTERNAL_SERVER_ERROR_CMS_RESPONSE l_ir: INTERNAL_SERVER_ERROR_CMS_RESPONSE
es: CMS_AUTHENTICATON_EMAIL_SERVICE es: CMS_AUTHENTICATON_EMAIL_SERVICE
l_user_api: CMS_USER_API
do do
if attached auth_api as l_auth_api then
create {GENERIC_VIEW_CMS_RESPONSE} r.make (req, res, api) create {GENERIC_VIEW_CMS_RESPONSE} r.make (req, res, api)
if r.has_permission ("account reject") then if r.has_permission ("account reject") then
if attached {WSF_STRING} req.path_parameter ("token") as l_token then if attached {WSF_STRING} req.path_parameter ("token") as l_token then
if attached {CMS_TEMP_USER} l_auth_api.user_by_activation_token (l_token.value) as l_user then l_user_api := api.user_api
l_auth_api.delete_temp_user (l_user) if attached {CMS_TEMP_USER} l_user_api.temp_user_by_activation_token (l_token.value) as l_user then
l_user_api.delete_temp_user (l_user)
r.set_main_content ("<p> The temporal account for <i>" + l_user.name + "</i> has been removed</p>") r.set_main_content ("<p> The temporal account for <i>" + l_user.name + "</i> has been removed</p>")
-- Send Email -- Send Email
if attached l_user.email as l_email then if attached l_user.email as l_email then
@@ -411,10 +356,6 @@ feature -- Handler
create {FORBIDDEN_ERROR_CMS_RESPONSE} r.make (req, res, api) create {FORBIDDEN_ERROR_CMS_RESPONSE} r.make (req, res, api)
r.execute r.execute
end end
else
create {INTERNAL_SERVER_ERROR_CMS_RESPONSE} r.make (req, res, api)
r.execute
end
end end
handle_reactivation (api: CMS_API; req: WSF_REQUEST; res: WSF_RESPONSE) handle_reactivation (api: CMS_API; req: WSF_REQUEST; res: WSF_RESPONSE)
@@ -426,13 +367,12 @@ feature -- Handler
l_url_activate: STRING l_url_activate: STRING
l_url_reject: STRING l_url_reject: STRING
do do
if attached auth_api as l_auth_api then
create {GENERIC_VIEW_CMS_RESPONSE} r.make (req, res, api) create {GENERIC_VIEW_CMS_RESPONSE} r.make (req, res, api)
if r.has_permission ("account reactivate") then if r.has_permission ("account reactivate") then
if req.is_post_request_method then if req.is_post_request_method then
if attached {WSF_STRING} req.form_parameter ("email") as l_email then if attached {WSF_STRING} req.form_parameter ("email") as l_email then
l_user_api := api.user_api l_user_api := api.user_api
if attached {CMS_TEMP_USER} l_auth_api.user_by_email (l_email.value) as l_user then if attached {CMS_TEMP_USER} l_user_api.temp_user_by_email (l_email.value) as l_user then
-- User exist create a new token and send a new email. -- User exist create a new token and send a new email.
if l_user.is_active then if l_user.is_active then
r.set_value ("The asociated user to the given email " + l_email.value + " , is already active", "is_active") r.set_value ("The asociated user to the given email " + l_email.value + " , is already active", "is_active")
@@ -442,7 +382,6 @@ feature -- Handler
l_user_api.new_activation (l_token, l_user.id) l_user_api.new_activation (l_token, l_user.id)
l_url_activate := req.absolute_script_url ("/account/activate/" + l_token) l_url_activate := req.absolute_script_url ("/account/activate/" + l_token)
l_url_reject := req.absolute_script_url ("/account/reject/" + l_token) l_url_reject := req.absolute_script_url ("/account/reject/" + l_token)
-- Send Email to webmaster -- Send Email to webmaster
if attached l_user.personal_information as l_personal_information then if attached l_user.personal_information as l_personal_information then
create es.make (create {CMS_AUTHENTICATION_EMAIL_SERVICE_PARAMETERS}.make (api)) create es.make (create {CMS_AUTHENTICATION_EMAIL_SERVICE_PARAMETERS}.make (api))
@@ -461,9 +400,6 @@ feature -- Handler
create {FORBIDDEN_ERROR_CMS_RESPONSE} r.make (req, res, api) create {FORBIDDEN_ERROR_CMS_RESPONSE} r.make (req, res, api)
r.execute r.execute
end end
else
create {INTERNAL_SERVER_ERROR_CMS_RESPONSE} r.make (req, res, api)
end
r.execute r.execute
end end
@@ -597,6 +533,7 @@ feature -- Handler
l_page_helper: CMS_PAGINATION_GENERATOR l_page_helper: CMS_PAGINATION_GENERATOR
s_pager: STRING s_pager: STRING
l_count: INTEGER l_count: INTEGER
l_user_api: CMS_USER_API
do do
-- At the moment the template are hardcoded, but we can -- At the moment the template are hardcoded, but we can
-- get them from the configuration file and load them into -- get them from the configuration file and load them into
@@ -604,11 +541,11 @@ feature -- Handler
create {FORBIDDEN_ERROR_CMS_RESPONSE} l_response.make (req, res, api) create {FORBIDDEN_ERROR_CMS_RESPONSE} l_response.make (req, res, api)
if if
l_response.has_permission ("admin registration") and then l_response.has_permission ("admin registration")
attached auth_api as l_auth_api
then then
l_user_api := api.user_api
l_count := l_auth_api.users_count l_count := l_user_api.temp_users_count
create {GENERIC_VIEW_CMS_RESPONSE} l_response.make (req, res, api) create {GENERIC_VIEW_CMS_RESPONSE} l_response.make (req, res, api)
@@ -620,7 +557,7 @@ feature -- Handler
end end
create s_pager.make_empty create s_pager.make_empty
create l_page_helper.make ("admin/pending-registrations/?page={page}&size={size}", l_auth_api.users_count.as_natural_64, 25) -- FIXME: Make this default page size a global CMS settings create l_page_helper.make ("admin/pending-registrations/?page={page}&size={size}", l_user_api.temp_users_count.as_natural_64, 25) -- FIXME: Make this default page size a global CMS settings
l_page_helper.get_setting_from_request (req) l_page_helper.get_setting_from_request (req)
if l_page_helper.has_upper_limit and then l_page_helper.pages_count > 1 then if l_page_helper.has_upper_limit and then l_page_helper.pages_count > 1 then
l_page_helper.append_to_html (l_response, s_pager) l_page_helper.append_to_html (l_response, s_pager)
@@ -629,7 +566,7 @@ feature -- Handler
end end
end end
if attached l_auth_api.recent_users (create {CMS_DATA_QUERY_PARAMETERS}.make (l_page_helper.current_page_offset, l_page_helper.page_size)) as lst then if attached l_user_api.temp_recent_users (create {CMS_DATA_QUERY_PARAMETERS}.make (l_page_helper.current_page_offset, l_page_helper.page_size)) as lst then
s.append ("<ul class=%"cms-temp-users%">%N") s.append ("<ul class=%"cms-temp-users%">%N")
across across
lst as ic lst as ic
@@ -648,7 +585,7 @@ feature -- Handler
s.append (l_email) s.append (l_email)
s.append ("</li>%N") s.append ("</li>%N")
end end
if attached l_auth_api.token_by_user_id (u.id) as l_token then if attached l_user_api.token_by_temp_user_id (u.id) as l_token then
s.append ("<li>") s.append ("<li>")
s.append ("<a href=%"") s.append ("<a href=%"")
s.append (req.absolute_script_url ("/account/activate/" + l_token)) s.append (req.absolute_script_url ("/account/activate/" + l_token))

127
modules/auth/cms_temp_user_api.e
View File

@@ -1,127 +0,0 @@
note
description: "API to handle temporal users"
date: "$Date$"
revision: "$Revision$"
class
CMS_TEMP_USER_API
inherit
CMS_MODULE_API
REFACTORING_HELPER
create {CMS_AUTHENTICATION_MODULE}
make_with_storage
feature {NONE} -- Initialization
make_with_storage (a_api: CMS_API; a_auth_storage: CMS_TEMP_USER_STORAGE_I)
-- Create an object with api `a_api' and storage `a_auth_storage'.
do
auth_storage := a_auth_storage
make (a_api)
ensure
auth_storage_set: auth_storage = a_auth_storage
end
feature -- Access
users_count: INTEGER
-- Number of pending users.
--! to be accepted or rehected
do
Result := auth_storage.users_count
end
user_by_name (a_username: READABLE_STRING_GENERAL): detachable CMS_USER
-- User by name `a_user_name', if any.
do
Result := auth_storage.user_by_name (a_username.as_string_32)
end
user_by_email (a_email: READABLE_STRING_8): detachable CMS_USER
-- User by email `a_email', if any.
do
Result := auth_storage.user_by_email (a_email)
end
user_by_activation_token (a_token: READABLE_STRING_32): detachable CMS_USER
-- User by activation token `a_token'.
do
Result := auth_storage.user_by_activation_token (a_token)
end
recent_users (params: CMS_DATA_QUERY_PARAMETERS): ITERABLE [CMS_TEMP_USER]
-- List of the `a_rows' most recent users starting from `a_offset'.
do
Result := auth_storage.recent_users (params.offset.to_integer_32, params.size.to_integer_32)
end
token_by_user_id (a_id: like {CMS_USER}.id): detachable STRING
do
Result := auth_storage.token_by_user_id (a_id)
end
feature -- Temp User
new_user_from_temp_user (a_user: CMS_TEMP_USER)
-- Add a new user `a_user'.
require
no_id: not a_user.has_id
has_hashed_password: a_user.hashed_password /= Void
has_sal: a_user.salt /= Void
do
reset_error
if
attached a_user.hashed_password as l_password and then
attached a_user.salt as l_salt and then
attached a_user.email as l_email
then
auth_storage.new_user_from_temporal_user (a_user)
error_handler.append (storage.error_handler)
else
error_handler.add_custom_error (0, "bad new user request", "Missing password or email to create new user!")
end
end
new_temp_user (a_user: CMS_TEMP_USER)
-- Add a new user `a_user'.
require
no_id: not a_user.has_id
no_hashed_password: a_user.hashed_password = Void
do
reset_error
if
attached a_user.password as l_password and then
attached a_user.email as l_email
then
auth_storage.new_temp_user (a_user)
error_handler.append (storage.error_handler)
else
error_handler.add_custom_error (0, "bad new user request", "Missing password or email to create new user!")
end
end
remove_activation (a_token: READABLE_STRING_32)
-- Remove activation token `a_token', from the storage.
do
auth_storage.remove_activation (a_token)
end
delete_temp_user (a_user: CMS_TEMP_USER)
-- Delete user `a_user'.
require
has_id: a_user.has_id
do
reset_error
auth_storage.delete_user (a_user)
error_handler.append (storage.error_handler)
end
feature {CMS_MODULE} -- Access: User auth storage.
auth_storage: CMS_TEMP_USER_STORAGE_I
-- storage interface.
end

100
modules/auth/persistence/cms_temp_user_storage_i.e
View File

@@ -1,100 +0,0 @@
note
description: "[
API to handle temporal User storage
]"
date: "$Date$"
revision: "$Revision$"
deferred class
CMS_TEMP_USER_STORAGE_I
inherit
SHARED_LOGGER
feature -- Error Handling
error_handler: ERROR_HANDLER
-- Error handler.
deferred
end
feature -- Access: Users
users_count: INTEGER
-- Number of pending users
--! to be accepted or rejected
deferred
end
user_temp_by_id (a_uid: like {CMS_USER}.id; a_consumer_table: READABLE_STRING_GENERAL): detachable CMS_USER
-- Retrieve a temporal user by id `a_uid' for the consumer `a_consumer', if aby.
deferred
end
user_by_name (a_name: like {CMS_USER}.name): detachable CMS_USER
-- User with name `a_name', if any.
require
a_name /= Void and then not a_name.is_empty
deferred
ensure
same_name: Result /= Void implies a_name ~ Result.name
password: Result /= Void implies (Result.hashed_password /= Void and Result.password = Void)
end
user_by_email (a_email: like {CMS_USER}.email): detachable CMS_USER
-- User with name `a_email', if any.
deferred
ensure
same_email: Result /= Void implies a_email ~ Result.email
password: Result /= Void implies (Result.hashed_password /= Void and Result.password = Void)
end
user_by_activation_token (a_token: READABLE_STRING_32): detachable CMS_USER
-- User with activation token `a_token', if any.
deferred
ensure
password: Result /= Void implies (Result.hashed_password /= Void and Result.password = Void)
end
recent_users (a_lower: INTEGER; a_count: INTEGER): LIST [CMS_TEMP_USER]
-- List of recent `a_count' temporal users with an offset of `lower'.
deferred
end
token_by_user_id (a_id: like {CMS_USER}.id): detachable STRING
-- Retrieve activation token for user identified with id `a_id', if any.
deferred
end
feature -- New Temp User
new_user_from_temporal_user (a_user: CMS_TEMP_USER)
-- new user from temporal user `a_user'
require
no_id: not a_user.has_id
deferred
end
remove_activation (a_token: READABLE_STRING_32)
-- Remove activation by token `a_token'.
deferred
end
new_temp_user (a_user: CMS_TEMP_USER)
-- New temp user `a_user'.
require
no_id: not a_user.has_id
deferred
end
delete_user (a_user: CMS_TEMP_USER)
-- Delete user `a_user'.
require
has_id: a_user.has_id
deferred
end
end

84
modules/auth/persistence/cms_temp_user_storage_null.e
View File

@@ -1,84 +0,0 @@
note
description: "Summary description for {CMS_TEMP_USER_STORAGE_NULL}."
date: "$Date$"
revision: "$Revision$"
class
CMS_TEMP_USER_STORAGE_NULL
inherit
CMS_TEMP_USER_STORAGE_I
feature -- Error handler
error_handler: ERROR_HANDLER
-- Error handler.
do
create Result.make
end
feature -- Access: Users
users_count: INTEGER
-- <Precursor>
do
end
user_temp_by_id (a_uid: like {CMS_USER}.id; a_consumer_table: READABLE_STRING_GENERAL): detachable CMS_USER
-- <Precursor>
do
end
user_by_name (a_name: like {CMS_USER}.name): detachable CMS_USER
-- <Precursor>
do
end
user_by_email (a_email: like {CMS_USER}.email): detachable CMS_USER
-- <Precursor>
do
end
user_by_activation_token (a_token: READABLE_STRING_32): detachable CMS_USER
-- <Precursor>
do
end
recent_users (a_lower: INTEGER; a_count: INTEGER): LIST [CMS_TEMP_USER]
-- List of recent `a_count' temporal users with an offset of `lower'.
do
create {ARRAYED_LIST[CMS_TEMP_USER]} Result.make (0)
end
token_by_user_id (a_id: like {CMS_USER}.id): detachable STRING
-- <Precursor>
do
end
feature -- Temp Users
new_user_from_temporal_user (a_user: CMS_TEMP_USER)
-- <Precursor>
do
end
remove_activation (a_token: READABLE_STRING_32)
-- <Precursor>.
do
end
new_temp_user (a_user: CMS_TEMP_USER)
-- <Precursor>
do
end
delete_user (a_user: CMS_TEMP_USER)
-- <Precursor>
do
end
end

388
modules/auth/persistence/cms_temp_user_storage_sql.e
View File

@@ -1,388 +0,0 @@
note
description: "Summary description for {CMS_TEMP_USER_STORAGE_SQL}."
date: "$Date$"
revision: "$Revision$"
class
CMS_TEMP_USER_STORAGE_SQL
inherit
CMS_TEMP_USER_STORAGE_I
CMS_PROXY_STORAGE_SQL
CMS_STORAGE_SQL_I
REFACTORING_HELPER
create
make
feature -- Access User
users_count: INTEGER
-- Number of items users.
do
error_handler.reset
write_information_log (generator + ".user_count")
sql_query (select_temporal_users_count, Void)
if not has_error and then not sql_after then
Result := sql_read_integer_64 (1).to_integer_32
sql_forth
check one_row: sql_after end
end
sql_finalize
end
user_temp_by_id (a_uid: like {CMS_USER}.id; a_consumer: READABLE_STRING_GENERAL): detachable CMS_USER
-- <Precursor>
local
l_parameters: STRING_TABLE [detachable ANY]
l_string: STRING
do
error_handler.reset
write_information_log (generator + ".user_temp_by_id")
create l_parameters.make (1)
l_parameters.put (a_uid, "uid")
create l_string.make_from_string (select_user_auth_temp_by_id)
sql_query (l_string, l_parameters)
if not has_error and not sql_after then
Result := fetch_user
sql_forth
if not sql_after then
check no_more_than_one: False end
Result := Void
end
end
sql_finalize
end
user_by_name (a_name: like {CMS_USER}.name): detachable CMS_USER
-- User for the given name `a_name', if any.
local
l_parameters: STRING_TABLE [detachable ANY]
do
error_handler.reset
write_information_log (generator + ".user_by_name")
create l_parameters.make (1)
l_parameters.put (a_name, "name")
sql_query (select_user_by_name, l_parameters)
if not sql_after then
Result := fetch_user
sql_forth
check one_row: sql_after end
end
sql_finalize
end
user_by_email (a_email: like {CMS_USER}.email): detachable CMS_USER
-- User for the given email `a_email', if any.
local
l_parameters: STRING_TABLE [detachable ANY]
do
error_handler.reset
write_information_log (generator + ".user_by_email")
create l_parameters.make (1)
l_parameters.put (a_email, "email")
sql_query (select_user_by_email, l_parameters)
if not sql_after then
Result := fetch_user
sql_forth
check one_row: sql_after end
end
sql_finalize
end
user_by_activation_token (a_token: READABLE_STRING_32): detachable CMS_USER
-- User for the given activation token `a_token', if any.
local
l_parameters: STRING_TABLE [detachable ANY]
do
error_handler.reset
write_information_log (generator + ".user_by_activation_token")
create l_parameters.make (1)
l_parameters.put (a_token, "token")
sql_query (select_user_by_activation_token, l_parameters)
if not sql_after then
Result := fetch_user
sql_forth
check one_row: sql_after end
end
sql_finalize
end
recent_users (a_lower: INTEGER; a_count: INTEGER): LIST [CMS_TEMP_USER]
-- <Precursor>
local
l_parameters: STRING_TABLE [detachable ANY]
do
create {ARRAYED_LIST [CMS_TEMP_USER]} Result.make (0)
error_handler.reset
write_information_log (generator + ".recent_users")
from
create l_parameters.make (2)
l_parameters.put (a_count, "rows")
l_parameters.put (a_lower, "offset")
sql_query (sql_select_recent_users, l_parameters)
sql_start
until
sql_after
loop
if attached fetch_user as l_user then
Result.force (l_user)
end
sql_forth
end
sql_finalize
end
token_by_user_id (a_id: like {CMS_USER}.id): detachable STRING
-- Number of items users.
local
l_parameters: STRING_TABLE [detachable ANY]
do
error_handler.reset
write_information_log (generator + ".token_by_user_id")
create l_parameters.make (1)
l_parameters.put (a_id, "uid")
sql_query (select_token_activation_by_user_id, l_parameters)
if not has_error and then not sql_after then
Result := sql_read_string (1)
sql_forth
check one_row: sql_after end
end
sql_finalize
end
feature {NONE} -- Implementation: User
fetch_user: detachable CMS_TEMP_USER
local
l_id: INTEGER_64
l_name: detachable READABLE_STRING_32
do
if attached sql_read_integer_64 (1) as i then
l_id := i
end
if attached sql_read_string_32 (2) as s and then not s.is_whitespace then
l_name := s
end
if l_name /= Void then
create Result.make (l_name)
if l_id > 0 then
Result.set_id (l_id)
end
elseif l_id > 0 then
create Result.make_with_id (l_id)
end
if Result /= Void then
if attached sql_read_string (3) as l_password then
Result.set_hashed_password (l_password)
end
if attached sql_read_string (4) as l_salt then
Result.set_salt (l_salt)
end
if attached sql_read_string (5) as l_email then
Result.set_email (l_email)
end
if attached sql_read_string (6) as l_application then
Result.set_personal_information (l_application)
end
else
check expected_valid_user: False end
end
end
feature -- New Temp User
new_user_from_temporal_user (a_user: CMS_TEMP_USER)
-- <Precursor>
local
l_parameters: STRING_TABLE [detachable ANY]
do
error_handler.reset
if
attached a_user.hashed_password as l_password_hash and then
attached a_user.email as l_email and then
attached a_user.salt as l_password_salt
then
sql_begin_transaction
write_information_log (generator + ".new_user")
create l_parameters.make (4)
l_parameters.put (a_user.name, "name")
l_parameters.put (l_password_hash, "password")
l_parameters.put (l_password_salt, "salt")
l_parameters.put (l_email, "email")
l_parameters.put (create {DATE_TIME}.make_now_utc, "created")
l_parameters.put (a_user.status, "status")
sql_insert (sql_insert_user, l_parameters)
if not error_handler.has_error then
a_user.set_id (last_inserted_user_id)
end
if not error_handler.has_error then
sql_commit_transaction
else
sql_rollback_transaction
end
sql_finalize
else
-- set error
error_handler.add_custom_error (-1, "bad request" , "Missing password or email")
end
end
new_temp_user (a_user: CMS_TEMP_USER)
-- Add a new temp_user `a_user'.
local
l_parameters: STRING_TABLE [detachable ANY]
l_password_salt, l_password_hash: STRING
l_security: SECURITY_PROVIDER
do
error_handler.reset
if
attached a_user.password as l_password and then
attached a_user.email as l_email and then
attached a_user.personal_information as l_personal_information
then
create l_security
l_password_salt := l_security.salt
l_password_hash := l_security.password_hash (l_password, l_password_salt)
write_information_log (generator + ".new_temp_user")
create l_parameters.make (4)
l_parameters.put (a_user.name, "name")
l_parameters.put (l_password_hash, "password")
l_parameters.put (l_password_salt, "salt")
l_parameters.put (l_email, "email")
l_parameters.put (l_personal_information, "application")
sql_begin_transaction
sql_insert (sql_insert_temp_user, l_parameters)
if not error_handler.has_error then
a_user.set_id (last_inserted_temp_user_id)
sql_commit_transaction
else
sql_rollback_transaction
end
sql_finalize
else
-- set error
error_handler.add_custom_error (-1, "bad request" , "Missing password or email")
end
end
feature -- Remove Activation
remove_activation (a_token: READABLE_STRING_32)
-- <Precursor>.
local
l_parameters: STRING_TABLE [detachable ANY]
do
error_handler.reset
sql_begin_transaction
write_information_log (generator + ".remove_activation")
create l_parameters.make (1)
l_parameters.put (a_token, "token")
sql_modify (sql_remove_activation, l_parameters)
sql_commit_transaction
sql_finalize
end
delete_user (a_user: CMS_TEMP_USER)
-- Delete user `a_user'.
local
l_parameters: STRING_TABLE [detachable ANY]
do
error_handler.reset
sql_begin_transaction
write_information_log (generator + ".delete_user")
create l_parameters.make (1)
l_parameters.put (a_user.id, "uid")
sql_modify (sql_delete_temp_user, l_parameters)
sql_commit_transaction
sql_finalize
end
feature {NONE} -- Implementation
last_inserted_temp_user_id: INTEGER_64
-- Last insert user id.
do
error_handler.reset
write_information_log (generator + ".last_inserted_temp_user_id")
sql_query (sql_last_insert_temp_user_id, Void)
if not sql_after then
Result := sql_read_integer_64 (1)
sql_forth
check one_row: sql_after end
end
sql_finalize
end
last_inserted_user_id: INTEGER_64
-- Last insert user id.
do
error_handler.reset
write_information_log (generator + ".last_inserted_user_id")
sql_query (sql_last_insert_user_id, Void)
if not sql_after then
Result := sql_read_integer_64 (1)
sql_forth
check one_row: sql_after end
end
sql_finalize
end
feature {NONE} -- SQL select
sql_last_insert_temp_user_id: STRING = "SELECT MAX(uid) FROM auth_temp_users;"
Select_user_auth_temp_by_id: STRING = "SELECT uid, name, password, salt, email, application FROM auth_temp_users as u where uid=:uid;"
sql_insert_temp_user: STRING = "INSERT INTO auth_temp_users (name, password, salt, email, application) VALUES (:name, :password, :salt, :email, :application);"
-- SQL Insert to add a new user.
Select_user_by_name: STRING = "SELECT uid, name, password, salt, email, application FROM auth_temp_users WHERE name =:name;"
-- Retrieve user by name if exists.
Select_user_by_email: STRING = "SELECT uid, name, password, salt, email, application FROM auth_temp_users WHERE email =:email;"
-- Retrieve user by email if exists.
Select_user_by_activation_token: STRING = "SELECT u.uid, u.name, u.password, u.salt, u.email, u.application FROM auth_temp_users as u JOIN users_activations as ua ON ua.uid = u.uid and ua.token = :token;"
-- Retrieve user by activation token if exist.
Sql_remove_activation: STRING = "DELETE FROM users_activations WHERE token = :token;"
-- Remove activation token.
sql_delete_temp_user: STRING = "DELETE FROM auth_temp_users WHERE uid=:uid;"
Sql_last_insert_user_id: STRING = "SELECT MAX(uid) FROM users;"
sql_insert_user: STRING = "INSERT INTO users (name, password, salt, email, created, status) VALUES (:name, :password, :salt, :email, :created, :status);"
-- SQL Insert to add a new user.
Select_temporal_users_count: STRING = "SELECT count(*) FROM auth_temp_users;"
-- Number of temporal users.
Sql_select_recent_users: STRING = "SELECT uid, name, password, salt, email, application FROM auth_temp_users ORDER BY uid DESC LIMIT :rows OFFSET :offset ;"
-- Retrieve recent users
select_token_activation_by_user_id: STRING = "SELECT token FROM users_activations WHERE uid = :uid;"
end

85
src/persistence/user/cms_user_storage_i.e
View File

@@ -216,11 +216,6 @@ feature -- Change: User activation
deferred deferred
end end
remove_activation (a_token: READABLE_STRING_32)
-- <Precursor>.
deferred
end
feature -- Change: User password recovery feature -- Change: User password recovery
save_password (a_token: READABLE_STRING_32; a_id: INTEGER_64) save_password (a_token: READABLE_STRING_32; a_id: INTEGER_64)
@@ -233,6 +228,86 @@ feature -- Change: User password recovery
deferred deferred
end end
feature -- Access: Temp Users
temp_users_count: INTEGER
-- Number of pending users
--! to be accepted or rejected
deferred
end
temp_user_by_id (a_uid: like {CMS_USER}.id; a_consumer_table: READABLE_STRING_GENERAL): detachable CMS_USER
-- Retrieve a temporal user by id `a_uid' for the consumer `a_consumer', if aby.
deferred
end
temp_user_by_name (a_name: like {CMS_USER}.name): detachable CMS_USER
-- User with name `a_name', if any.
require
a_name /= Void and then not a_name.is_empty
deferred
ensure
same_name: Result /= Void implies a_name ~ Result.name
password: Result /= Void implies (Result.hashed_password /= Void and Result.password = Void)
end
temp_user_by_email (a_email: like {CMS_USER}.email): detachable CMS_USER
-- User with name `a_email', if any.
deferred
ensure
same_email: Result /= Void implies a_email ~ Result.email
password: Result /= Void implies (Result.hashed_password /= Void and Result.password = Void)
end
temp_user_by_activation_token (a_token: READABLE_STRING_32): detachable CMS_USER
-- User with activation token `a_token', if any.
deferred
ensure
password: Result /= Void implies (Result.hashed_password /= Void and Result.password = Void)
end
temp_recent_users (a_lower: INTEGER; a_count: INTEGER): LIST [CMS_TEMP_USER]
-- List of recent `a_count' temporal users with an offset of `lower'.
deferred
end
token_by_temp_user_id (a_id: like {CMS_USER}.id): detachable STRING
-- Retrieve activation token for user identified with id `a_id', if any.
deferred
end
feature -- New Temp User
new_user_from_temporal_user (a_user: CMS_TEMP_USER)
-- new user from temporal user `a_user'
require
no_id: not a_user.has_id
deferred
end
remove_activation (a_token: READABLE_STRING_32)
-- Remove activation by token `a_token'.
deferred
end
new_temp_user (a_user: CMS_TEMP_USER)
-- New temp user `a_user'.
require
no_id: not a_user.has_id
deferred
end
delete_temp_user (a_user: CMS_TEMP_USER)
-- Delete user `a_user'.
require
has_id: a_user.has_id
deferred
end
note note
copyright: "2011-2016, Jocelyn Fiat, Javier Velilla, Eiffel Software and others" copyright: "2011-2016, Jocelyn Fiat, Javier Velilla, Eiffel Software and others"
license: "Eiffel Forum License v2 (see http://www.eiffel.com/licensing/forum.txt)" license: "Eiffel Forum License v2 (see http://www.eiffel.com/licensing/forum.txt)"

69
src/persistence/user/cms_user_storage_null.e
View File

@@ -65,11 +65,6 @@ feature -- Change: user
a_user.set_id (1) a_user.set_id (1)
end end
new_user_from_temporal_user (a_user: CMS_USER)
do
a_user.set_id (1)
end
update_user (a_user: CMS_USER) update_user (a_user: CMS_USER)
-- Update user `a_user'. -- Update user `a_user'.
do do
@@ -136,10 +131,6 @@ feature -- Change: User activation
do do
end end
remove_activation (a_token: READABLE_STRING_32)
-- <Precursor>.
do
end
feature -- Change: User password recovery feature -- Change: User password recovery
@@ -153,6 +144,66 @@ feature -- Change: User password recovery
do do
end end
feature -- Access: Users
temp_users_count: INTEGER
-- <Precursor>
do
end
temp_user_by_id (a_uid: like {CMS_USER}.id; a_consumer_table: READABLE_STRING_GENERAL): detachable CMS_USER
-- <Precursor>
do
end
temp_user_by_name (a_name: like {CMS_USER}.name): detachable CMS_USER
-- <Precursor>
do
end
temp_user_by_email (a_email: like {CMS_USER}.email): detachable CMS_USER
-- <Precursor>
do
end
temp_user_by_activation_token (a_token: READABLE_STRING_32): detachable CMS_USER
-- <Precursor>
do
end
temp_recent_users (a_lower: INTEGER; a_count: INTEGER): LIST [CMS_TEMP_USER]
-- List of recent `a_count' temporal users with an offset of `lower'.
do
create {ARRAYED_LIST[CMS_TEMP_USER]} Result.make (0)
end
token_by_temp_user_id (a_id: like {CMS_USER}.id): detachable STRING
-- <Precursor>
do
end
feature -- Temp Users
new_user_from_temporal_user (a_user: CMS_TEMP_USER)
-- <Precursor>
do
end
remove_activation (a_token: READABLE_STRING_32)
-- <Precursor>.
do
end
new_temp_user (a_user: CMS_TEMP_USER)
-- <Precursor>
do
end
delete_temp_user (a_user: CMS_TEMP_USER)
-- <Precursor>
do
end
note note
copyright: "2011-2016, Jocelyn Fiat, Javier Velilla, Eiffel Software and others" copyright: "2011-2016, Jocelyn Fiat, Javier Velilla, Eiffel Software and others"
license: "Eiffel Forum License v2 (see http://www.eiffel.com/licensing/forum.txt)" license: "Eiffel Forum License v2 (see http://www.eiffel.com/licensing/forum.txt)"

393
src/persistence/user/cms_user_storage_sql_i.e
View File

@@ -196,6 +196,7 @@ feature -- Access: user
end end
sql_finalize sql_finalize
end end
feature -- Change: user feature -- Change: user
new_user (a_user: CMS_USER) new_user (a_user: CMS_USER)
@@ -755,21 +756,6 @@ feature -- Change: User activation
sql_finalize sql_finalize
end end
remove_activation (a_token: READABLE_STRING_32)
-- <Precursor>.
local
l_parameters: STRING_TABLE [detachable ANY]
do
error_handler.reset
sql_begin_transaction
write_information_log (generator + ".remove_activation")
create l_parameters.make (1)
l_parameters.put (a_token, "token")
sql_modify (sql_remove_activation, l_parameters)
sql_commit_transaction
sql_finalize
end
feature -- Change: User password recovery feature -- Change: User password recovery
save_password (a_token: READABLE_STRING_32; a_id: INTEGER_64) save_password (a_token: READABLE_STRING_32; a_id: INTEGER_64)
@@ -866,19 +852,6 @@ feature {NONE} -- Implementation: User
end end
end end
last_inserted_user_id: INTEGER_64
-- Last insert user id.
do
error_handler.reset
write_information_log (generator + ".last_inserted_user_id")
sql_query (Sql_last_insert_user_id, Void)
if not sql_after then
Result := sql_read_integer_64 (1)
sql_forth
check one_row: sql_after end
end
sql_finalize
end
feature {NONE} -- Implementation: User role feature {NONE} -- Implementation: User role
@@ -909,8 +882,6 @@ feature {NONE} -- Sql Queries: USER
Select_users_count: STRING = "SELECT count(*) FROM users;" Select_users_count: STRING = "SELECT count(*) FROM users;"
-- Number of users. -- Number of users.
Sql_last_insert_user_id: STRING = "SELECT MAX(uid) FROM users;"
Select_users: STRING = "SELECT * FROM users;" Select_users: STRING = "SELECT * FROM users;"
-- List of users. -- List of users.
@@ -941,6 +912,8 @@ feature {NONE} -- Sql Queries: USER ROLE
sql_last_insert_user_role_id: STRING = "SELECT MAX(rid) FROM roles;" sql_last_insert_user_role_id: STRING = "SELECT MAX(rid) FROM roles;"
sql_last_insert_user_id: STRING = "SELECT MAX(uid) FROM users;"
select_user_roles: STRING = "SELECT rid, name FROM roles;" select_user_roles: STRING = "SELECT rid, name FROM roles;"
-- List of user roles. -- List of user roles.
@@ -1009,6 +982,366 @@ feature {NONE} -- User Password Recovery
Select_user_by_password_token: STRING = "SELECT u.* FROM users as u JOIN users_password_recovery as ua ON ua.uid = u.uid and ua.token = :token;" Select_user_by_password_token: STRING = "SELECT u.* FROM users as u JOIN users_password_recovery as ua ON ua.uid = u.uid and ua.token = :token;"
-- Retrieve user by password token if exist. -- Retrieve user by password token if exist.
feature -- Acess: Temp users
temp_users_count: INTEGER
-- Number of items users.
do
error_handler.reset
write_information_log (generator + ".temp_users_count")
sql_query (select_temp_users_count, Void)
if not has_error and then not sql_after then
Result := sql_read_integer_64 (1).to_integer_32
sql_forth
check one_row: sql_after end
end
sql_finalize
end
temp_user_by_id (a_uid: like {CMS_USER}.id; a_consumer: READABLE_STRING_GENERAL): detachable CMS_USER
-- <Precursor>
local
l_parameters: STRING_TABLE [detachable ANY]
l_string: STRING
do
error_handler.reset
write_information_log (generator + ".temp_user_by_id")
create l_parameters.make (1)
l_parameters.put (a_uid, "uid")
create l_string.make_from_string (select_user_auth_temp_by_id)
sql_query (l_string, l_parameters)
if not has_error and not sql_after then
Result := fetch_temp_user
sql_forth
if not sql_after then
check no_more_than_one: False end
Result := Void
end
end
sql_finalize
end
temp_user_by_name (a_name: like {CMS_USER}.name): detachable CMS_USER
-- User for the given name `a_name', if any.
local
l_parameters: STRING_TABLE [detachable ANY]
do
error_handler.reset
write_information_log (generator + ".temp_user_by_name")
create l_parameters.make (1)
l_parameters.put (a_name, "name")
sql_query (select_temp_user_by_name, l_parameters)
if not sql_after then
Result := fetch_temp_user
sql_forth
check one_row: sql_after end
end
sql_finalize
end
temp_user_by_email (a_email: like {CMS_USER}.email): detachable CMS_USER
-- User for the given email `a_email', if any.
local
l_parameters: STRING_TABLE [detachable ANY]
do
error_handler.reset
write_information_log (generator + ".temp_user_by_name")
create l_parameters.make (1)
l_parameters.put (a_email, "email")
sql_query (select_temp_user_by_email, l_parameters)
if not sql_after then
Result := fetch_temp_user
sql_forth
check one_row: sql_after end
end
sql_finalize
end
temp_user_by_activation_token (a_token: READABLE_STRING_32): detachable CMS_USER
-- User for the given activation token `a_token', if any.
local
l_parameters: STRING_TABLE [detachable ANY]
do
error_handler.reset
write_information_log (generator + ".temp_user_by_activation_token")
create l_parameters.make (1)
l_parameters.put (a_token, "token")
sql_query (select_temp_user_by_activation_token, l_parameters)
if not sql_after then
Result := fetch_temp_user
sql_forth
check one_row: sql_after end
end
sql_finalize
end
temp_recent_users (a_lower: INTEGER; a_count: INTEGER): LIST [CMS_TEMP_USER]
-- <Precursor>
local
l_parameters: STRING_TABLE [detachable ANY]
do
create {ARRAYED_LIST [CMS_TEMP_USER]} Result.make (0)
error_handler.reset
write_information_log (generator + ".temp_recent_users")
from
create l_parameters.make (2)
l_parameters.put (a_count, "rows")
l_parameters.put (a_lower, "offset")
sql_query (sql_select_temp_recent_users, l_parameters)
sql_start
until
sql_after
loop
if attached fetch_temp_user as l_user then
Result.force (l_user)
end
sql_forth
end
sql_finalize
end
token_by_temp_user_id (a_id: like {CMS_USER}.id): detachable STRING
-- Number of items users.
local
l_parameters: STRING_TABLE [detachable ANY]
do
error_handler.reset
write_information_log (generator + ".token_by_temp_user_id")
create l_parameters.make (1)
l_parameters.put (a_id, "uid")
sql_query (select_token_activation_by_user_id, l_parameters)
if not has_error and then not sql_after then
Result := sql_read_string (1)
sql_forth
check one_row: sql_after end
end
sql_finalize
end
feature {NONE} -- Implementation: User
fetch_temp_user: detachable CMS_TEMP_USER
local
l_id: INTEGER_64
l_name: detachable READABLE_STRING_32
do
if attached sql_read_integer_64 (1) as i then
l_id := i
end
if attached sql_read_string_32 (2) as s and then not s.is_whitespace then
l_name := s
end
if l_name /= Void then
create Result.make (l_name)
if l_id > 0 then
Result.set_id (l_id)
end
elseif l_id > 0 then
create Result.make_with_id (l_id)
end
if Result /= Void then
if attached sql_read_string (3) as l_password then
Result.set_hashed_password (l_password)
end
if attached sql_read_string (4) as l_salt then
Result.set_salt (l_salt)
end
if attached sql_read_string (5) as l_email then
Result.set_email (l_email)
end
if attached sql_read_string (6) as l_application then
Result.set_personal_information (l_application)
end
else
check expected_valid_user: False end
end
end
feature -- New Temp User
new_user_from_temporal_user (a_user: CMS_TEMP_USER)
-- <Precursor>
local
l_parameters: STRING_TABLE [detachable ANY]
do
error_handler.reset
if
attached a_user.hashed_password as l_password_hash and then
attached a_user.email as l_email and then
attached a_user.salt as l_password_salt
then
sql_begin_transaction
write_information_log (generator + ".new_user_from_temporal_user")
create l_parameters.make (4)
l_parameters.put (a_user.name, "name")
l_parameters.put (l_password_hash, "password")
l_parameters.put (l_password_salt, "salt")
l_parameters.put (l_email, "email")
l_parameters.put (create {DATE_TIME}.make_now_utc, "created")
l_parameters.put (a_user.status, "status")
sql_insert (sql_insert_user, l_parameters)
if not error_handler.has_error then
a_user.set_id (last_inserted_user_id)
end
if not error_handler.has_error then
sql_commit_transaction
else
sql_rollback_transaction
end
sql_finalize
else
-- set error
error_handler.add_custom_error (-1, "bad request" , "Missing password or email")
end
end
new_temp_user (a_user: CMS_TEMP_USER)
-- Add a new temp_user `a_user'.
local
l_parameters: STRING_TABLE [detachable ANY]
l_password_salt, l_password_hash: STRING
l_security: SECURITY_PROVIDER
do
error_handler.reset
if
attached a_user.password as l_password and then
attached a_user.email as l_email and then
attached a_user.personal_information as l_personal_information
then
create l_security
l_password_salt := l_security.salt
l_password_hash := l_security.password_hash (l_password, l_password_salt)
write_information_log (generator + ".new_temp_user")
create l_parameters.make (4)
l_parameters.put (a_user.name, "name")
l_parameters.put (l_password_hash, "password")
l_parameters.put (l_password_salt, "salt")
l_parameters.put (l_email, "email")
l_parameters.put (l_personal_information, "application")
sql_begin_transaction
sql_insert (sql_insert_temp_user, l_parameters)
if not error_handler.has_error then
a_user.set_id (last_inserted_temp_user_id)
sql_commit_transaction
else
sql_rollback_transaction
end
sql_finalize
else
-- set error
error_handler.add_custom_error (-1, "bad request" , "Missing password or email")
end
end
feature -- Remove Activation
remove_activation (a_token: READABLE_STRING_32)
-- <Precursor>.
local
l_parameters: STRING_TABLE [detachable ANY]
do
error_handler.reset
sql_begin_transaction
write_information_log (generator + ".remove_activation")
create l_parameters.make (1)
l_parameters.put (a_token, "token")
sql_modify (sql_remove_activation, l_parameters)
sql_commit_transaction
sql_finalize
end
delete_temp_user (a_user: CMS_TEMP_USER)
-- Delete user `a_user'.
local
l_parameters: STRING_TABLE [detachable ANY]
do
error_handler.reset
sql_begin_transaction
write_information_log (generator + ".delete_temp_user")
create l_parameters.make (1)
l_parameters.put (a_user.id, "uid")
sql_modify (sql_delete_temp_user, l_parameters)
sql_commit_transaction
sql_finalize
end
feature {NONE} -- Implementation
last_inserted_temp_user_id: INTEGER_64
-- Last insert user id.
do
error_handler.reset
write_information_log (generator + ".last_inserted_temp_user_id")
sql_query (sql_last_insert_temp_user_id, Void)
if not sql_after then
Result := sql_read_integer_64 (1)
sql_forth
check one_row: sql_after end
end
sql_finalize
end
last_inserted_user_id: INTEGER_64
-- Last insert user id.
do
error_handler.reset
write_information_log (generator + ".last_inserted_user_id")
sql_query (sql_last_insert_user_id, Void)
if not sql_after then
Result := sql_read_integer_64 (1)
sql_forth
check one_row: sql_after end
end
sql_finalize
end
feature {NONE} -- SQL select
sql_last_insert_temp_user_id: STRING = "SELECT MAX(uid) FROM auth_temp_users;"
Select_user_auth_temp_by_id: STRING = "SELECT uid, name, password, salt, email, application FROM auth_temp_users as u where uid=:uid;"
sql_insert_temp_user: STRING = "INSERT INTO auth_temp_users (name, password, salt, email, application) VALUES (:name, :password, :salt, :email, :application);"
-- SQL Insert to add a new user.
select_temp_user_by_name: STRING = "SELECT uid, name, password, salt, email, application FROM auth_temp_users WHERE name =:name;"
-- Retrieve user by name if exists.
select_temp_user_by_email: STRING = "SELECT uid, name, password, salt, email, application FROM auth_temp_users WHERE email =:email;"
-- Retrieve user by email if exists.
select_temp_user_by_activation_token: STRING = "SELECT u.uid, u.name, u.password, u.salt, u.email, u.application FROM auth_temp_users as u JOIN users_activations as ua ON ua.uid = u.uid and ua.token = :token;"
-- Retrieve user by activation token if exist.
sql_delete_temp_user: STRING = "DELETE FROM auth_temp_users WHERE uid=:uid;"
select_temp_users_count: STRING = "SELECT count(*) FROM auth_temp_users;"
-- Number of temporal users.
sql_select_temp_recent_users: STRING = "SELECT uid, name, password, salt, email, application FROM auth_temp_users ORDER BY uid DESC LIMIT :rows OFFSET :offset ;"
-- Retrieve recent users
select_token_activation_by_user_id: STRING = "SELECT token FROM users_activations WHERE uid = :uid;"
note note
copyright: "2011-2016, Jocelyn Fiat, Javier Velilla, Eiffel Software and others" copyright: "2011-2016, Jocelyn Fiat, Javier Velilla, Eiffel Software and others"
license: "Eiffel Forum License v2 (see http://www.eiffel.com/licensing/forum.txt)" license: "Eiffel Forum License v2 (see http://www.eiffel.com/licensing/forum.txt)"

100
src/service/user/cms_user_api.e
View File

@@ -288,12 +288,6 @@ feature -- User Activation
storage.save_activation (a_token, a_id) storage.save_activation (a_token, a_id)
end end
remove_activation (a_token: READABLE_STRING_32)
-- Remove activation token `a_token', from the storage.
do
storage.remove_activation (a_token)
end
feature -- User Password Recovery feature -- User Password Recovery
new_password (a_token: READABLE_STRING_32; a_id: INTEGER_64) new_password (a_token: READABLE_STRING_32; a_id: INTEGER_64)
@@ -319,6 +313,100 @@ feature -- User status
Trashed: INTEGER = -1 Trashed: INTEGER = -1
-- The user is trashed (soft delete), ready to be deleted/destroyed from storage. -- The user is trashed (soft delete), ready to be deleted/destroyed from storage.
feature -- Access - Temp User
temp_users_count: INTEGER
-- Number of pending users.
--! to be accepted or rehected
do
Result := storage.temp_users_count
end
temp_user_by_name (a_username: READABLE_STRING_GENERAL): detachable CMS_USER
-- User by name `a_user_name', if any.
do
Result := storage.temp_user_by_name (a_username.as_string_32)
end
temp_user_by_email (a_email: READABLE_STRING_8): detachable CMS_USER
-- User by email `a_email', if any.
do
Result := storage.temp_user_by_email (a_email)
end
temp_user_by_activation_token (a_token: READABLE_STRING_32): detachable CMS_USER
-- User by activation token `a_token'.
do
Result := storage.temp_user_by_activation_token (a_token)
end
temp_recent_users (params: CMS_DATA_QUERY_PARAMETERS): ITERABLE [CMS_TEMP_USER]
-- List of the `a_rows' most recent users starting from `a_offset'.
do
Result := storage.temp_recent_users (params.offset.to_integer_32, params.size.to_integer_32)
end
token_by_temp_user_id (a_id: like {CMS_USER}.id): detachable STRING
do
Result := storage.token_by_temp_user_id (a_id)
end
feature -- Change Temp User
new_user_from_temp_user (a_user: CMS_TEMP_USER)
-- Add a new user `a_user'.
require
no_id: not a_user.has_id
has_hashed_password: a_user.hashed_password /= Void
has_sal: a_user.salt /= Void
do
reset_error
if
attached a_user.hashed_password as l_password and then
attached a_user.salt as l_salt and then
attached a_user.email as l_email
then
storage.new_user_from_temporal_user (a_user)
error_handler.append (storage.error_handler)
else
error_handler.add_custom_error (0, "bad new user request", "Missing password or email to create new user!")
end
end
new_temp_user (a_user: CMS_TEMP_USER)
-- Add a new user `a_user'.
require
no_id: not a_user.has_id
no_hashed_password: a_user.hashed_password = Void
do
reset_error
if
attached a_user.password as l_password and then
attached a_user.email as l_email
then
storage.new_temp_user (a_user)
error_handler.append (storage.error_handler)
else
error_handler.add_custom_error (0, "bad new user request", "Missing password or email to create new user!")
end
end
remove_activation (a_token: READABLE_STRING_32)
-- Remove activation token `a_token', from the storage.
do
storage.remove_activation (a_token)
end
delete_temp_user (a_user: CMS_TEMP_USER)
-- Delete user `a_user'.
require
has_id: a_user.has_id
do
reset_error
storage.delete_temp_user (a_user)
error_handler.append (storage.error_handler)
end
note note
copyright: "2011-2016, Jocelyn Fiat, Javier Velilla, Eiffel Software and others" copyright: "2011-2016, Jocelyn Fiat, Javier Velilla, Eiffel Software and others"
license: "Eiffel Forum License v2 (see http://www.eiffel.com/licensing/forum.txt)" license: "Eiffel Forum License v2 (see http://www.eiffel.com/licensing/forum.txt)"