Fixed session logout by setting expiration date in the past and empty content.

(i.e when visitor click on signin from page A, one he is signed, he will be redirected to the initial page A.)

modules/admin/handler/user/cms_admin_users_handler.e

@@ -108,6 +108,16 @@ feature -- HTTP Methods
 						s.append ("%">")
 						s.append (html_encoded (u.name))
 						s.append ("</a>")
+						if attached user_api.user_roles (u) as l_roles and then not l_roles.is_empty then
+							s.append (" <span class=%"cms_roles%">(")
+							across
+								l_roles as ic_roles
+							loop
+								s.append (html_encoded (ic_roles.item.name))
+								s.append (" ")
+							end
+							s.append (")</span>")
+						end
 						s.append ("</li>%N")
 					end
 					s.append ("</ul>%N")

modules/admin/handler/user/cms_user_form_response.e

@@ -386,6 +386,9 @@ feature -- Form
 			-- Update node `a_node' with form_data `a_form_data' for the given content type `a_content_type'.
 		local
 			l_uroles: LIST [CMS_USER_ROLE]
+			l_new_roles: detachable ARRAYED_LIST [CMS_USER_ROLE]
+			r: detachable CMS_USER_ROLE
+			rid: INTEGER
 		do
 			if attached a_form_data.string_item ("op") as f_op then
 				if f_op.is_case_insensitive_equal_general ("Update user role") then
@@ -394,23 +397,53 @@ feature -- Form
 					then
 						l_uroles := api.user_api.user_roles (l_user)
 						l_uroles.compare_objects
-						if attached {WSF_STRING} a_form_data.item ("cms_roles") as l_role then
+
-							if attached api.user_api.user_role_by_id (l_role.integer_value) as role then
+						if attached {WSF_STRING} a_form_data.item ("cms_roles") as p_role_id then
-								if not l_uroles.has (role) then
+							rid := p_role_id.integer_value
-									api.user_api.assign_role_to_user (role, a_user)
+							r := api.user_api.user_role_by_id (rid)
+							if r /= Void then
+								create l_new_roles.make (0)
+								l_new_roles.force (r)
+							end
+						elseif attached {WSF_MULTIPLE_STRING} a_form_data.item ("cms_roles") as p_roles_ids then
+							create l_new_roles.make (p_roles_ids.values.count)
+							across
+								p_roles_ids as ic
+							loop
+								rid := ic.item.integer_value
+								r := api.user_api.user_role_by_id (rid)
+								if r /= Void then
+									l_new_roles.force (r)
 								end
 							end
-						elseif attached {WSF_MULTIPLE_STRING} a_form_data.item ("cms_roles") as l_roles then
-							across l_roles as ic loop
-								if attached api.user_api.user_role_by_id (ic.item.integer_value) as role then
-									if not l_uroles.has (role) then
-										api.user_api.assign_role_to_user (role, a_user)
-									end
 						end
+						if l_new_roles = Void or else l_new_roles.is_empty then
+							across
+								l_uroles as ic
+							loop
+								r := ic.item
+								api.user_api.unassign_role_from_user (r, a_user)
 							end
 						else
-							across api.user_api.roles as ic  loop
+							across
-								api.user_api.unassign_role_from_user (ic.item, a_user)
+								l_new_roles as ic
+							loop
+								r := ic.item
+								if l_uroles.has (r) then
+										-- Already assigned to that role.
+								else
+									api.user_api.assign_role_to_user (ic.item, a_user)
+								end
+							end
+								-- Remove other roles for `a_user'.
+							l_new_roles.compare_objects
+							across
+								l_uroles as ic
+							loop
+								r := ic.item
+								if not l_new_roles.has (r) then
+									api.user_api.unassign_role_from_user (r, a_user)
+								end
 							end
 						end
 						add_success_message ("Roles updated")

modules/auth/cms_auth_module_i.e

@@ -69,8 +69,8 @@ feature -- Hooks
 			lnk: CMS_LOCAL_LINK
 			l_destination: READABLE_STRING_8
 		do
-			if attached {WSF_STRING} a_response.request.query_parameter ("destination") as p_destination then
+			if attached {WSF_STRING} a_response.request.item ("destination") as p_destination then
-				l_destination := p_destination.value
+				l_destination := p_destination.url_encoded_value
 			else
 				l_destination := a_response.location
 			end
@@ -88,4 +88,23 @@ feature -- Hooks
 			end
 		end
 
+feature {NONE} -- Template		
+
+	smarty_template_login_block (a_request: WSF_REQUEST; a_module: CMS_MODULE; a_block_id: READABLE_STRING_8; a_cms_api: CMS_API): like smarty_template_block
+		local
+			l_destination: detachable READABLE_STRING_32
+		do
+			Result := smarty_template_block (a_module, a_block_id, a_cms_api)
+			if Result /= Void then
+				if attached {WSF_STRING} a_request.query_parameter ("destination") as p_destination then
+					l_destination := p_destination.value
+				elseif attached {WSF_STRING} a_request.form_parameter ("destination") as p_destination then
+					l_destination := p_destination.value
+				end
+				if l_destination /= Void then
+					Result.set_value (l_destination, "site_destination")
+				end
+			end
+		end
+
 end

modules/auth/cms_authentication_module.e

@@ -1,7 +1,7 @@
 note
 	description: "Module Auth"
-	date: "$Date$"
+	date: "$Date: 2016-04-13 10:59:18 +0200 (mer., 13 avr. 2016) $"
-	revision: "$Revision$"
+	revision: "$Revision: 98616 $"
 
 class
 	CMS_AUTHENTICATION_MODULE
@@ -139,7 +139,7 @@ feature -- Hooks configuration
 			l_url: STRING
 			l_url_name: READABLE_STRING_GENERAL
 		do
-			if attached {WSF_STRING} a_response.request.query_parameter ("destination") as p_destination then
+			if attached {WSF_STRING} a_response.request.item ("destination") as p_destination then
 				l_destination := p_destination.value
 			else
 				l_destination := a_response.location
@@ -159,7 +159,7 @@ feature -- Hooks configuration
 				l_url_name := "site_sign_in_url"
 				l_url := a_response.url (roc_login_location, Void)
 			end
-			if l_destination /= Void then
+			if l_destination /= Void and then not l_url.has_substring ("?destination") then
 				l_url.append ("?destination=" + percent_encoded (l_destination))
 			end
 			a_value.force (l_url, l_url_name)
@@ -289,7 +289,7 @@ feature -- Handler
 			elseif attached api.module_by_name ("session_auth") then
 					-- FIXME: find better solution to support a default login system.
 				create {GENERIC_VIEW_CMS_RESPONSE} r.make (req, res, api)
-				if attached {WSF_STRING} req.query_parameter ("destination") as l_destination then
+				if attached {WSF_STRING} req.item ("destination") as l_destination then
 					r.set_redirection ("account/auth/roc-session-login?destination=" + l_destination.url_encoded_value)
 				else
 					r.set_redirection ("account/auth/roc-session-login")
@@ -300,7 +300,7 @@ feature -- Handler
 			elseif attached api.module_by_name ("basic_auth") then
 					-- FIXME: find better solution to support a default login system.
 				create {GENERIC_VIEW_CMS_RESPONSE} r.make (req, res, api)
-				if attached {WSF_STRING} req.query_parameter ("destination") as l_destination then
+				if attached {WSF_STRING} req.item ("destination") as l_destination then
 					r.set_redirection ("account/auth/roc-basic-login?destination=" + l_destination.url_encoded_value)
 				else
 					r.set_redirection ("account/auth/roc-basic-login")
@@ -324,10 +324,10 @@ feature -- Handler
 			else
 				loc := ""
 			end
-
+				-- Do not try to redirect to previous page or destination!
-			if attached {WSF_STRING} req.query_parameter ("destination") as l_destination then
+--			if attached {WSF_STRING} req.query_parameter ("destination") as l_destination then
-				loc.append ("?destination=" + l_destination.url_encoded_value)
+--				loc.append ("?destination=" + l_destination.url_encoded_value)
-			end
+--			end
 			r.set_redirection (loc)
 			r.execute
 		end

modules/basic_auth/cms_basic_auth_module.e

@@ -118,7 +118,7 @@ feature {NONE} -- Implementation: routes
 				r.add_error_message ("You are already signed in!")
 				r.set_main_content (r.link ("Logout", "account/roc-logout", Void))
 			else
-				if attached smarty_template_block (Current, "login", api) as l_tpl_block then
+				if attached smarty_template_login_block (req, Current, "login", api) as l_tpl_block then
 					r.add_javascript_url (r.url ("module/" + name + "/files/js/roc_basic_auth.js", Void))
 
 					create vals.make (1)
@@ -170,7 +170,7 @@ feature {NONE} -- Block views
 		local
 			vals: CMS_VALUE_TABLE
 		do
-			if attached smarty_template_block (Current, a_block_id, a_response.api) as l_tpl_block then
+			if attached smarty_template_login_block (a_response.request, Current, a_block_id, a_response.api) as l_tpl_block then
 				create vals.make (1)
 					-- add the variable to the block
 				a_response.api.hooks.invoke_value_table_alter (vals, a_response)

modules/basic_auth/site/templates/block_login.tpl

@@ -4,6 +4,7 @@
 		<h3>Login or <a href="{$site_url/}account/roc-register">Register</a></h3>
 		<div>
 			<form name="cms_basic_auth" action="{$site_url/}roc-basic-login" method="POST">
+				{unless isempty="$site_destination"}<input type="hidden" name="destination" value="{$site_destination/}">{/unless}
 				<input type="hidden" name="host" id="host" value="{$site_url/}">
 				<div>
 					<input type="text" name="username" id="username" required>

modules/custom_block/cms_custom_block_module.e

@@ -136,18 +136,23 @@ feature -- Hooks
 		local
 			l_region: detachable READABLE_STRING_8
 			l_cond: CMS_BLOCK_EXPRESSION_CONDITION
+			l_block_pref: STRING
 		do
 			if attached smarty_template_block (Current, a_block_id, a_response.api) as bk then
 				if attached a_response.api.module_configuration (Current, name) as cfg then
+					l_block_pref := "blocks." + a_block_id
 					if
-						attached cfg.text_item ("blocks." + a_block_id + ".region") as s and then
+						attached cfg.text_item (l_block_pref + ".region") as s and then
 						s.is_valid_as_string_8
 					then
 						l_region := s.to_string_8
 					end
-					bk.set_weight (cfg.integer_item ("blocks." + a_block_id + ".weight"))
+					bk.set_weight (cfg.integer_item (l_block_pref + ".weight"))
-					bk.set_title (cfg.text_item ("blocks." + a_block_id + ".title"))
+					bk.set_title (cfg.text_item (l_block_pref + ".title"))
-					if attached cfg.text_list_item ("blocks." + a_block_id + ".conditions") as l_cond_exp_list then
+					if attached cfg.text_item (l_block_pref + ".is_raw") as l_is_raw then
+						bk.set_is_raw (l_is_raw.is_case_insensitive_equal ("yes"))
+					end
+					if attached cfg.text_list_item (l_block_pref + ".conditions") as l_cond_exp_list then
 						across
 							l_cond_exp_list as ic
 						loop

modules/custom_block/site/config/custom_block.json.example

@@ -2,6 +2,7 @@
 	"blocks": {
 		"test":	{
 			"title": "Custom block test",
+			"is_raw": "yes",
 			"region": "footer",
 			"weight": 100,
 			"conditions": ["path:demo/*"]

modules/session_auth/cms_session_auth_module.e

@@ -3,8 +3,8 @@ note
 			This module allows the use Session Based Authentication using Cookies to restrict access
 			by looking up users in the given providers.
 		]"
-	date: "$Date$"
+	date: "$Date: 2016-04-27 16:04:18 +0200 (mer., 27 avr. 2016) $"
-	revision: "$Revision$"
+	revision: "$Revision: 98643 $"
 
 class
 	CMS_SESSION_AUTH_MODULE
@@ -115,7 +115,7 @@ feature -- Access: router
 			if attached session_api as l_session_api then
 				a_router.handle ("/" + login_location, create {WSF_URI_AGENT_HANDLER}.make (agent handle_login (a_api, ?, ?)), a_router.methods_head_get)
 				a_router.handle ("/" + logout_location, create {WSF_URI_AGENT_HANDLER}.make (agent handle_logout (a_api, l_session_api, ?, ?)), a_router.methods_get_post)
-				a_router.handle ("/account/auth/roc-session-login", create {WSF_URI_TEMPLATE_AGENT_HANDLER}.make (agent handle_login_with_session (a_api,session_api, ?, ?)), a_router.methods_get_post)
+				a_router.handle ("/" + login_location, create {WSF_URI_AGENT_HANDLER}.make (agent handle_login_with_session (a_api,session_api, ?, ?)), a_router.methods_post)
 			end
 		end
 
@@ -141,7 +141,7 @@ feature {NONE} -- Implementation: routes
 			if api.user_is_authenticated then
 				r.add_error_message ("You are already signed in!")
 			else
-				if attached smarty_template_block (Current, "login", api) as l_tpl_block then
+				if attached smarty_template_login_block (req, Current, "login", api) as l_tpl_block then
 					create vals.make (1)
 						-- add the variable to the block
 					l_tpl_block.set_value (api.user, "user")
@@ -172,9 +172,10 @@ feature {NONE} -- Implementation: routes
 				attached api.user as l_user
 			then
 					-- Logout Session
-				create l_cookie.make (tok, l_cookie_token.value) -- FIXME: unicode issue?
+				create l_cookie.make (tok, "") -- l_cookie_token.value) -- FIXME: unicode issue?
 				l_cookie.set_path ("/")
-				l_cookie.set_max_age (-1)
+				l_cookie.unset_max_age
+				l_cookie.set_expiration_date (create {DATE_TIME}.make_from_epoch (0))
 				res.add_cookie (l_cookie)
 				api.unset_user
 
@@ -216,14 +217,18 @@ feature {NONE} -- Implementation: routes
 					api.record_user_login (l_user)
 
 					create {GENERIC_VIEW_CMS_RESPONSE} r.make (req, res, api)
-					if attached {WSF_STRING} req.query_parameter ("destination") as p_destination then
+					if
-						r.set_redirection (p_destination.url_encoded_value)
+						attached {WSF_STRING} req.item ("destination") as p_destination and then
+						attached p_destination.value as v and then
+						v.is_valid_as_string_8
+					then
+						r.set_redirection (v.to_string_8)
 					else
 						r.set_redirection ("")
 					end
 				else
 					create {GENERIC_VIEW_CMS_RESPONSE} r.make (req, res, api)
-					if attached smarty_template_block (Current, "login", api) as l_tpl_block then
+					if attached smarty_template_login_block (req, Current, "login", api) as l_tpl_block then
 						l_tpl_block.set_value (l_username.value, "username")
 						l_tpl_block.set_value ("Wrong: Username or password ", "error")
 						r.add_block (l_tpl_block, "content")
@@ -232,7 +237,7 @@ feature {NONE} -- Implementation: routes
 				r.execute
 			else
 				create {BAD_REQUEST_ERROR_CMS_RESPONSE} r.make (req, res, api)
-				if attached smarty_template_block (Current, "login", api) as l_tpl_block then
+				if attached smarty_template_login_block (req, Current, "login", api) as l_tpl_block then
 					if attached {WSF_STRING} req.form_parameter ("username") as l_username then
 						l_tpl_block.set_value (l_username.value, "username")
 					end
@@ -272,7 +277,7 @@ feature {NONE} -- Block views
 		local
 			vals: CMS_VALUE_TABLE
 		do
-			if attached smarty_template_block (Current, a_block_id, a_response.api) as l_tpl_block then
+			if attached smarty_template_login_block (a_response.request, Current, a_block_id, a_response.api) as l_tpl_block then
 				create vals.make (1)
 					-- add the variable to the block
 				a_response.api.hooks.invoke_value_table_alter (vals, a_response)

modules/session_auth/site/templates/block_login.tpl

@@ -4,6 +4,7 @@
 	<h3>Login or <a href="{$site_url/}account/roc-register">Register</a></h3>
 	<div>
 		<form name="cms_session_auth" action="{$site_url/}account/auth/roc-session-login" method="POST">
+			{unless isempty="$site_destination"}<input type="hidden" name="destination" value="{$site_destination/}">{/unless}
 			<div>
 				<input type="text" name="username" id="username" required value="{$username/}">
 				<label>Username</label>