- added `CMS_USER_API.user_with_credential (...): detachable CMS_USER` that check if credential is valid, and return associated user.
- replaced use of `is_valid_credential` by new function `user_with_credential` .
- revisited the session auth, to allow other credential validations (other than ROC CMS auth).
- added CMS_USER_API.credential_validations to allow authenticating with system other than ROC CMS.
Added new permission to allow by-passing the default ROC-CMS user login/register management:
- new permission to edit its own account.
- new permission to edit its own password.
- new permission to view users details (mostly for user managers).
Removed useless and unimplemented feature from CMS_FORM .
SCOOP is default for demo.ecf
Made blog and page module self administrable, i.e administration module is same as module.
This fixes the export hook for page and blog modules.
Improved sql instructions to ease debugging and catch missing sql_finalize... call.
Cleaned sql code.
- it allows to login as a given user by passing security check.
- it must be used only during development!
- disabled by default!
Updated the session auth module to make it easier to be reused.
- masquerade module is based on the session auth module.
Added CMS_USER.profile_name .
Improved module managements with install vs enable.
- enabled/disabled status can also be stored in database.
Install procedure do not install all available modules anymore.
- Removed CMS_REQUEST_UTIL
- centralize a few request related code into CMS_API
Added CMS_API.user, CMS_API.set_user (CMS_USER), ... and user related routines.
Refactored Auth related code
- added various abstractions to factorize implementation and harmonize solutions.
- revisited the logout strategy.
- updated the account info page, and remove info user should not care about.
- simplified the process, and encourage auth module to follow same design.
Added CMS_LINK helper routines to modify the related query string.
Removed CMS_USER.profile (and related routines)
- It was not used so far.
- it will probably a specific module later, if needed.
Update various module to avoid fetching user from sql directly, and let this task to CMS_USER_API.
Removed CMS_NODE_API.node_author (a_node: CMS_NODE): detachable CMS_USER,
- as the info is already in CMS_NODE.author
Added CMS_RESPONSE.redirection_delay, if ever one code want to redirect after a few seconds.
Added the request uri info to the not found cms response.
Improved Auth related module implementation by having a way to change settings like token, max age.
- use CMS_SETUP.site_id and related "auth.$module.token" ... configuration values.
- removed related CMS_..._CONSTANTS classes.
For auth session module, use auth_session as table name, and use VARCHAR(64).
Extracted sql from blog module, and store it under site/scripts/install.sql .
Renamed a few $modulename.sql as install.sql
