backup/ROC
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
f8715d54a8d67f8b1b2f429191526f780ab0e045
ROC/modules/auth/cms_authentication_api.e
Jocelyn Fiat f8715d54a8 Improved credential validation. 
- added `CMS_USER_API.user_with_credential (...): detachable CMS_USER` that check if credential is valid, and return associated user.
  - replaced use of `is_valid_credential` by new function `user_with_credential` .
  - revisited the session auth, to allow other credential validations (other than ROC CMS auth).
  - added CMS_USER_API.credential_validations to allow authenticating with system other than ROC CMS.
Added new permission to allow by-passing the default ROC-CMS user login/register management:
  - new permission to edit its own account.
  - new permission to edit its own password.
  - new permission to view users details (mostly for user managers).
2017-10-27 12:26:21 +02:00

114 lines
3.6 KiB
Plaintext
Raw Blame History

note
description: "Summary description for {CMS_AUTHENTICATION_API}."
author: ""
date: "$Date$"
revision: "$Revision$"
class
CMS_AUTHENTICATION_API
inherit
CMS_AUTH_API_I
create {CMS_AUTHENTICATION_MODULE}
make
feature -- Token Generation
register_user (u: CMS_TEMP_USER; a_email: READABLE_STRING_8; a_personal_information: READABLE_STRING_GENERAL)
local
l_user_api: CMS_USER_API
l_url_activate: STRING
l_url_reject: STRING
l_token: STRING
es: CMS_AUTHENTICATION_EMAIL_SERVICE
do
l_user_api := cms_api.user_api
-- New temp user
u.set_personal_information (a_personal_information)
l_user_api.new_temp_user (u)
-- Create activation token
l_token := new_token
l_user_api.new_activation (l_token, u.id)
l_url_activate := cms_api.absolute_url ("/account/activate/" + l_token, Void)
l_url_reject := cms_api.absolute_url ("/account/reject/" + l_token, Void)
-- Send Email to webmaster
cms_api.log_debug ("registration", "send_register_email", Void)
create es.make (create {CMS_AUTHENTICATION_EMAIL_SERVICE_PARAMETERS}.make (cms_api))
es.send_account_evaluation (u, a_personal_information, l_url_activate, l_url_reject, cms_api.absolute_url ("", Void))
-- Send Email to user
cms_api.log_debug ("registration", "send_contact_email", Void)
create es.make (create {CMS_AUTHENTICATION_EMAIL_SERVICE_PARAMETERS}.make (cms_api))
es.send_contact_email (a_email, u, cms_api.absolute_url ("", Void))
cms_api.log ("registration", {STRING_32} "new user %"" + u.name + "%" <" + a_email + ">", {CMS_LOG}.level_info, Void)
end
activate_user (a_temp_user: CMS_TEMP_USER; a_token: READABLE_STRING_GENERAL)
require
a_temp_user.has_id
not a_temp_user.is_active
local
l_user_api: CMS_USER_API
l_temp_id: INTEGER_64
es: CMS_AUTHENTICATION_EMAIL_SERVICE
do
l_temp_id := a_temp_user.id
-- Valid user_id
a_temp_user.set_id (0)
a_temp_user.mark_active
l_user_api := cms_api.user_api
l_user_api.new_user_from_temp_user (a_temp_user)
if
not l_user_api.has_error and then
attached l_user_api.user_by_name (a_temp_user.name) as l_new_user
then
if attached a_temp_user.personal_information as l_perso_info then
-- Keep personal information in profile item!
l_user_api.save_user_profile_item (l_new_user, "personal_information", l_perso_info)
end
-- Delete temporal User
a_temp_user.set_id (l_temp_id)
l_user_api.delete_temp_user (a_temp_user)
l_user_api.remove_activation (a_token)
-- Send Email
if attached l_new_user.email as l_email then
cms_api.log_debug ("activation", "send_contact_activation_confirmation_email", Void)
create es.make (create {CMS_AUTHENTICATION_EMAIL_SERVICE_PARAMETERS}.make (cms_api))
es.send_contact_activation_confirmation_email (l_email, l_new_user, cms_api.site_url)
end
else
error_handler.add_custom_error (-1, "activation error", "Activation failed!")
end
end
new_token: STRING
-- Generate a new token activation token
local
l_token: STRING
l_security: SECURITY_PROVIDER
l_encode: URL_ENCODER
do
create l_security
l_token := l_security.token
create l_encode
from
until
l_token.same_string (l_encode.encoded_string (l_token))
loop
-- Loop ensure that we have a security token that does not contain characters that need encoding.
-- We cannot simply to an encode-decode because the email sent to the user will contain an encoded token
-- but the user will need to use an unencoded token if activation has to be done manually.
l_token := l_security.token
end
Result := l_token
end
end
Reference in New Issue View Git Blame Copy Permalink