Jocelyn Fiat
41ac45d07b
Improved Auth related module implementation by having a way to change settings like token, max age. - use CMS_SETUP.site_id and related "auth.$module.token" ... configuration values. - removed related CMS_..._CONSTANTS classes. For auth session module, use auth_session as table name, and use VARCHAR(64). Extracted sql from blog module, and store it under site/scripts/install.sql . Renamed a few $modulename.sql as install.sql
90 lines
2.3 KiB
Plaintext
90 lines
2.3 KiB
Plaintext
note
|
|
description: "API to manage CMS User session authentication"
|
|
date: "$Date$"
|
|
revision: "$Revision$"
|
|
|
|
class
|
|
CMS_SESSION_API
|
|
|
|
inherit
|
|
CMS_MODULE_API
|
|
|
|
REFACTORING_HELPER
|
|
|
|
create {CMS_SESSION_AUTH_MODULE}
|
|
make_with_storage
|
|
|
|
feature {NONE} -- Initialization
|
|
|
|
make_with_storage (a_api: CMS_API; a_session_auth_storage: CMS_SESSION_AUTH_STORAGE_I)
|
|
-- Create an object with api `a_api' and storage `a_session_auth_storage'.
|
|
local
|
|
s: detachable READABLE_STRING_8
|
|
do
|
|
session_auth_storage := a_session_auth_storage
|
|
make (a_api)
|
|
|
|
-- Initialize session related settings.
|
|
s := a_api.setup.string_8_item ("auth.session.token")
|
|
if s = Void then
|
|
s := a_api.setup.site_id + default_session_token_suffix
|
|
end
|
|
create session_token.make_from_string (s)
|
|
|
|
s := a_api.setup.string_8_item ("auth.session.max_age")
|
|
if s /= Void and then s.is_integer then
|
|
session_max_age := s.to_integer
|
|
else
|
|
session_max_age := 86400 --| one day: 24(h) *60(min) *60(sec)
|
|
end
|
|
ensure
|
|
session_auth_storage_set: session_auth_storage = a_session_auth_storage
|
|
end
|
|
|
|
feature {CMS_MODULE} -- Access: User session storage.
|
|
|
|
session_auth_storage: CMS_SESSION_AUTH_STORAGE_I
|
|
-- storage interface.
|
|
|
|
feature -- Settings
|
|
|
|
default_session_token_suffix: STRING = "_SESSION_TOKEN_"
|
|
-- Default value for `session_token'.
|
|
|
|
session_token: IMMUTABLE_STRING_8
|
|
-- Token used for the session related cookies.
|
|
|
|
session_max_age: INTEGER
|
|
-- Value of the Max-Age, before the cookie expires.
|
|
|
|
feature -- Access
|
|
|
|
user_by_session_token (a_token: READABLE_STRING_32): detachable CMS_USER
|
|
-- Retrieve user by token `a_token', if any.
|
|
do
|
|
Result := session_auth_storage.user_by_session_token (a_token)
|
|
end
|
|
|
|
has_user_token (a_user: CMS_USER): BOOLEAN
|
|
-- Has the user `a_user' and associated session token?
|
|
do
|
|
Result := session_auth_storage.has_user_token (a_user)
|
|
end
|
|
|
|
feature -- Change User session
|
|
|
|
new_user_session_auth (a_token: READABLE_STRING_GENERAL; a_user: CMS_USER;)
|
|
-- New user session for user `a_user' with token `a_token'.
|
|
do
|
|
session_auth_storage.new_user_session_auth (a_token, a_user)
|
|
end
|
|
|
|
|
|
update_user_session_auth (a_token: READABLE_STRING_GENERAL; a_user: CMS_USER )
|
|
-- Update user session for user `a_user' with token `a_token'.
|
|
do
|
|
session_auth_storage.update_user_session_auth (a_token, a_user)
|
|
end
|
|
|
|
end
|