forked from framework-one/fw1
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge branch 'develop' into qBallExample
- Loading branch information
Showing
29 changed files
with
635 additions
and
1,166 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Binary file not shown.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,11 +1,11 @@ | ||
component accessors="true" { | ||
|
||
property framework; | ||
property framework; // alternative way to depend on FW/1" | ||
property mainService; | ||
|
||
public void function default( rc ) { | ||
param name="rc.name" default="anonymous"; | ||
rc.data = variables.mainService.default( rc.name ); | ||
rc.captured = variables.framework.view( "main/capture" ); | ||
} | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
115 changes: 48 additions & 67 deletions
115
examples/userManagerAccessControl/controllers/login.cfc
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,67 +1,48 @@ | ||
<cfcomponent> | ||
<cfset variables.fw = '' /> | ||
<cffunction name="init" access="public" returntype="void"> | ||
<cfargument name="fw" type="any" required="yes" /> | ||
<cfset variables.fw = arguments.fw /> | ||
</cffunction> | ||
|
||
<cffunction name="setUserService" access="public" output="false" returntype="void"> | ||
<cfargument name="userService" type="any" required="true" /> | ||
<cfset variables.userService = arguments.userService /> | ||
</cffunction> | ||
<cffunction name="getUserService" access="public" output="false" returntype="any"> | ||
<cfreturn variables.userService /> | ||
</cffunction> | ||
|
||
<cffunction name="before" access="public" output="no" returntype="void"> | ||
<cfargument name="rc" type="struct" required="yes" /> | ||
<cfif session.auth.isLoggedIn and variables.fw.getItem() is not 'logout'> | ||
<cfset variables.fw.redirect('main') /> | ||
</cfif> | ||
</cffunction> | ||
|
||
<cffunction name="login" access="public" returntype="void"> | ||
<cfargument name="rc" type="struct" required="yes" /> | ||
|
||
<cfset var userValid = 0 /> | ||
<cfset var userService = getUserService() /> | ||
<cfset var user = '' /> | ||
|
||
<!--- if the form variables do not exist, redirect to the login form ---> | ||
<cfif not structkeyexists(rc,'email') or not structkeyexists(rc,'password')> | ||
<cfset variables.fw.redirect('login') /> | ||
</cfif> | ||
|
||
<!--- look up the user's record by the email address ---> | ||
<cfset user = userService.getByEmail(rc.email) /> | ||
|
||
<!--- if the user object contains a record then the username was legit, lets look at the passwords ---> | ||
<cfif user.getId()> | ||
<cfset userValid = userService.validatePassword(user,rc.password) /> | ||
</cfif> | ||
|
||
<!--- if the login credentials failed the test, set a message and redirect to the login form ---> | ||
<cfif not userValid> | ||
<cfset rc.message = ['Invalid Username or Password'] /> | ||
<cfset variables.fw.redirect('login','message') /> | ||
</cfif> | ||
|
||
<!--- since the user is valid, set session variables ---> | ||
<cfset session.auth.isLoggedIn = true /> | ||
<cfset session.auth.fullname = user.getFirstName() & ' ' & user.getLastName() /> | ||
<cfset session.auth.user = user /> | ||
|
||
<cfset variables.fw.redirect('main') /> | ||
</cffunction> | ||
|
||
<cffunction name="logout" access="public" returntype="void"> | ||
<cfargument name="rc" type="struct" required="yes" /> | ||
<!--- reset the session variables ---> | ||
<cfset session.auth.isLoggedIn = false /> | ||
<cfset session.auth.fullname = 'Guest' /> | ||
<cfset structdelete(session.auth,'user') /> | ||
<cfset rc.message = ['You have safely logged out'] /> | ||
<cfset variables.fw.redirect('login','message') /> | ||
</cffunction> | ||
|
||
</cfcomponent> | ||
component accessors=true { | ||
|
||
property userService; | ||
|
||
function init( fw ) { | ||
variables.fw = fw; | ||
return this; | ||
} | ||
|
||
function before( rc ) { | ||
if ( structKeyExists( session, "auth" ) && session.auth.isLoggedIn && | ||
variables.fw.getItem() != "logout" ) { | ||
variables.fw.redirect( "main" ); | ||
} | ||
} | ||
|
||
function login( rc ) { | ||
// if the form variables do not exist, redirect to the login form | ||
if ( !structKeyExists( rc, "email" ) || !structKeyExists( rc, "password" ) ) { | ||
variables.fw.redirect( "login" ); | ||
} | ||
// look up the user's record by the email address | ||
var user = variables.userService.getByEmail( rc.email ); | ||
// if that's a real user, verify their password is also correct | ||
var userValid = user.getId() ? variables.userService.validatePassword( user, rc.password ) : false; | ||
// on invalid credentials, redisplay the login form | ||
if ( !userValid ) { | ||
rc.message = ["Invalid Username or Password"]; | ||
variables.fw.redirect( "login", "message" ); | ||
} | ||
// set session variables from valid user | ||
session.auth.isLoggedIn = true; | ||
session.auth.fullname = user.getFirstName() & " " & user.getLastName(); | ||
session.auth.user = user; | ||
|
||
variables.fw.redirect( "main" ); | ||
} | ||
|
||
function logout( rc ) { | ||
// reset session variables | ||
session.auth.isLoggedIn = false; | ||
session.auth.fullname = "Guest"; | ||
structdelete( session.auth, "user" ); | ||
rc.message = ["You have safely logged out"]; | ||
variables.fw.redirect( "login", "message" ); | ||
} | ||
|
||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,48 +1,30 @@ | ||
<cfcomponent> | ||
<cfset variables.fw = '' /> | ||
<cffunction name="init" access="public" returntype="void"> | ||
<cfargument name="fw" type="any" required="yes" /> | ||
<cfset variables.fw = arguments.fw /> | ||
</cffunction> | ||
|
||
<cffunction name="setUserService" access="public" output="false" returntype="void"> | ||
<cfargument name="userService" type="any" required="true" /> | ||
<cfset variables.userService = arguments.userService /> | ||
</cffunction> | ||
<cffunction name="getUserService" access="public" output="false" returntype="any"> | ||
<cfreturn variables.userService /> | ||
</cffunction> | ||
|
||
<cffunction name="password" access="public" returntype="void"> | ||
<cfargument name="rc" type="struct" required="yes" /> | ||
<cfset rc.id = session.auth.user.getId() /> | ||
<cfset rc.user = getUserService().get(rc.id) /> | ||
</cffunction> | ||
|
||
<cffunction name="change" access="public" output="false" returntype="void"> | ||
<cfargument name="rc" type="struct" required="true"> | ||
<cfset var userService = getUserService() /> | ||
<cfset var newPasswordHash = '' /> | ||
|
||
<!--- validate new password ---> | ||
<cfset rc.user = userService.get(argumentCollection=rc) /> | ||
<cfset rc.message = userService.checkPassword(argumentCollection=rc) /> | ||
|
||
<!--- if the new password failed, redirect to the form ---> | ||
<cfif not arrayIsEmpty(rc.message)> | ||
<cfset variables.fw.redirect('main.password','message') /> | ||
</cfif> | ||
|
||
<!--- hash the new password and populate the user object ---> | ||
<cfset newPasswordHash = userService.hashPassword(rc.newPassword) /> | ||
<cfset rc.passwordHash = newPasswordHash.hash /> | ||
<cfset rc.passwordSalt = newPasswordHash.salt /> | ||
<cfset variables.fw.populate( cfc = rc.user, trim = true )> | ||
|
||
<!--- save the user and redirect ---> | ||
<cfset userService.save(rc.user) /> | ||
<cfset rc.message = ['Your password was changed'] /> | ||
<cfset variables.fw.redirect('main','message') /> | ||
</cffunction> | ||
|
||
</cfcomponent> | ||
component accessors=true { | ||
|
||
property userService; | ||
|
||
function init( fw ) { | ||
variables.fw = fw; | ||
} | ||
|
||
function password( rc ) { | ||
rc.id = session.auth.user.getId(); | ||
} | ||
|
||
function change( rc ) { | ||
rc.user = variables.userService.get( rc.id ); | ||
rc.message = variables.userService.checkPassword( argumentCollection = rc ); | ||
if ( !arrayIsEmpty( rc.message ) ) { | ||
variables.fw.redirect( "main.password", "message" ); | ||
} | ||
var newPasswordHash = variables.userService.hashPassword( rc.newPassword ); | ||
rc.passwordHash = newPasswordHash.hash; | ||
rc.passwordSalt = newPasswordHash.salt; | ||
// this will update any user fields from RC so it's a bit overkill here | ||
variables.fw.populate( cfc = rc.user, trim = true ); | ||
|
||
variables.userService.save( rc.user ); | ||
rc.message = ["Your password was changed"]; | ||
variables.fw.redirect( "main", "message" ); | ||
} | ||
|
||
} |
40 changes: 20 additions & 20 deletions
40
examples/userManagerAccessControl/controllers/security.cfc
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,23 +1,23 @@ | ||
<cfcomponent><cfscript> | ||
component { | ||
|
||
function init( fw ) { | ||
variables.fw = fw; | ||
} | ||
function init( fw ) { | ||
variables.fw = fw; | ||
} | ||
|
||
function session( rc ) { | ||
// set up the user's session | ||
session.auth = {}; | ||
session.auth.isLoggedIn = false; | ||
session.auth.fullname = 'Guest'; | ||
} | ||
|
||
function authorize( rc ) { | ||
// check to make sure the user is logged on | ||
if ( not session.auth.isLoggedIn and | ||
not listfindnocase( 'login', variables.fw.getSection() ) and | ||
not listfindnocase( 'main.error', variables.fw.getFullyQualifiedAction() ) ) { | ||
variables.fw.redirect('login'); | ||
} | ||
} | ||
function session( rc ) { | ||
// set up the user's session | ||
session.auth = {}; | ||
session.auth.isLoggedIn = false; | ||
session.auth.fullname = 'Guest'; | ||
} | ||
|
||
</cfscript></cfcomponent> | ||
function authorize( rc ) { | ||
// check to make sure the user is logged on | ||
if ( not ( structKeyExists( session, "auth" ) && session.auth.isLoggedIn ) && | ||
!listfindnocase( 'login', variables.fw.getSection() ) && | ||
!listfindnocase( 'main.error', variables.fw.getFullyQualifiedAction() ) ) { | ||
variables.fw.redirect('login'); | ||
} | ||
} | ||
|
||
} |
Oops, something went wrong.