Improved credential validation.

- added `CMS_USER_API.user_with_credential (...): detachable CMS_USER` that check if credential is valid, and return associated user. - replaced use of `is_valid_credential` by new function `user_with_credential` . - revisited the session auth, to allow other credential validations (other than ROC CMS auth). - added CMS_USER_API.credential_validations to allow authenticating with system other than ROC CMS. Added new permission to allow by-passing the default ROC-CMS user login/register management: - new permission to edit its own account. - new permission to edit its own password. - new permission to view users details (mostly for user managers).
2017-10-27 12:26:21 +02:00
parent 49b9ba3f86
commit f8715d54a8
15 changed files with 256 additions and 134 deletions
--- a/modules/basic_auth/filter/cms_basic_auth_filter.e
+++ b/modules/basic_auth/filter/cms_basic_auth_filter.e
@@ -35,8 +35,7 @@ feature -- Basic operations
 				attached l_auth.password as l_auth_password
 			then
 				if
-					api.user_api.is_valid_credential (l_auth_login, l_auth_password) and then
-					attached api.user_api.user_by_name (l_auth_login) as l_user
+					attached api.user_api.user_with_credential (l_auth_login, l_auth_password) as l_user
 				then
 					if api.user_has_permission (l_user, {CMS_BASIC_AUTH_MODULE}.perm_use_basic_auth) then
 						debug ("refactor_fixme")
--- a/modules/basic_auth/filter/cms_basic_webapi_auth_filter.e
+++ b/modules/basic_auth/filter/cms_basic_webapi_auth_filter.e
@@ -26,8 +26,7 @@ feature -- Basic operations
 				attached l_auth.password as l_auth_password
 			then
 				if
-					api.user_api.is_valid_credential (l_auth_login, l_auth_password) and then
-					attached api.user_api.user_by_name (l_auth_login) as l_user
+					attached api.user_api.user_with_credential (l_auth_login, l_auth_password) as l_user
 				then
 					if api.user_has_permission (l_user, {CMS_BASIC_AUTH_MODULE}.perm_use_basic_auth) then
 						api.set_user (l_user)