TryGhost/Ghost
1
0
Fork 0
mirror of https://github.com/TryGhost/Ghost.git synced 2024-11-24 06:35:49 +03:00
Code Issues Projects Releases Wiki Activity
16c33ac732
Ghost/core/server/controllers/admin.js

320 lines
11 KiB
JavaScript
Raw Normal View History

Cleanup indentation and quotes Aligns all requirements vertically for easier reading + adds single quote standard consistently throughout Ghost, except in long strings.
2013-09-24 14:46:30 +04:00
var Ghost = require('../../ghost'),
Create the config module, initially used to standardise getting paths and absolute URLs. Easy to extend for other configurations we may need.
2013-11-20 17:58:52 +04:00
config = require('../config'),
Cleanup indentation and quotes Aligns all requirements vertically for easier reading + adds single quote standard consistently throughout Ghost, except in long strings.
2013-09-24 14:46:30 +04:00
_ = require('underscore'),
path = require('path'),
Improved Password Reset Tool Closes #1471 - add api and User model methods for generating and validating tokens - add routes and handlers for reset password pages - add client styles and views for reset password form - some basic integration tests for User model methods
2013-11-22 07:17:38 +04:00
when = require('when'),
Cleanup indentation and quotes Aligns all requirements vertically for easier reading + adds single quote standard consistently throughout Ghost, except in long strings.
2013-09-24 14:46:30 +04:00
api = require('../api'),
errors = require('../errorHandling'),
image upload controller refactor issue #635 - upload controller shouldn't assume fs - filesystem module proxies all the fs work - proxies and exposes middleware for serving images - creating a date based path and unique filename is a base object util - unit tests updated
2013-11-07 20:00:39 +04:00
storage = require('../storage'),
Cleanup indentation and quotes Aligns all requirements vertically for easier reading + adds single quote standard consistently throughout Ghost, except in long strings.
2013-09-24 14:46:30 +04:00
ghost = new Ghost(),
dataProvider = ghost.dataProvider,
issue #58 - removing the iiwf Function wrapper and use strict pragma removed from all node files
2013-06-25 15:43:15 +04:00
adminNavbar,
Added brute force protection to login Closes half of #468 * adds a 2 second limit until you can retry logging in, otherwise sends you a 401. * bounce: 2ms, checks the pw: 254ms on my machine * added a test to the casper suite
2013-08-22 23:48:36 +04:00
adminControllers,
loginSecurity = [];
Initial commit to GitHub repo
2013-05-11 20:44:25 +04:00
issue #58 - removing the iiwf Function wrapper and use strict pragma removed from all node files
2013-06-25 15:43:15 +04:00
// TODO: combine path/navClass to single "slug(?)" variable with no prefix
adminNavbar = {
content: {
name: 'Content',
navClass: 'content',
key: 'admin.navbar.content',
Temporarily removed the Dashboard and all references This also updates the CasperJS to match the new changes.
2013-09-11 18:38:09 +04:00
path: '/'
issue #58 - removing the iiwf Function wrapper and use strict pragma removed from all node files
2013-06-25 15:43:15 +04:00
},
add: {
name: 'New Post',
navClass: 'editor',
key: 'admin.navbar.editor',
path: '/editor/'
},
settings: {
name: 'Settings',
navClass: 'settings',
key: 'admin.navbar.settings',
path: '/settings/'
}
};
Initial commit to GitHub repo
2013-05-11 20:44:25 +04:00
Added brute force protection to login Closes half of #468 * adds a 2 second limit until you can retry logging in, otherwise sends you a 401. * bounce: 2ms, checks the pw: 254ms on my machine * added a test to the casper suite
2013-08-22 23:48:36 +04:00
Fixing up some inconsistent TODO: items.
2013-06-25 20:58:26 +04:00
// TODO: make this a util or helper
issue #58 - removing the iiwf Function wrapper and use strict pragma removed from all node files
2013-06-25 15:43:15 +04:00
function setSelected(list, name) {
_.each(list, function (item, key) {
item.selected = key === name;
#25: admin navbar and filter
2013-05-29 04:10:39 +04:00
});
issue #58 - removing the iiwf Function wrapper and use strict pragma removed from all node files
2013-06-25 15:43:15 +04:00
return list;
}
#25: admin navbar and filter
2013-05-29 04:10:39 +04:00
issue #58 - removing the iiwf Function wrapper and use strict pragma removed from all node files
2013-06-25 15:43:15 +04:00
adminControllers = {
Added image upload reusable plugin issue #40 and issue #280 - Adds uploader jquery plugin - includes settings for enabling/disabling upload progress bar - adds routing for image uploads - adds directories by year and month based on upload date - Implements plugin on settings - general pane - Implements plugin on editor - adjusted general tab to save uploaded image src TODO: - Add error handling - Storing information on editor - Add events
2013-08-05 21:31:29 +04:00
'uploader': function (req, res) {
Moving file system storage to a module issue #635 - refactored file system storage into module - convert save to return a promise - convert admin controller to use storage module
2013-09-28 17:54:26 +04:00
var type = req.files.uploadimage.type,
fixes extensions bug for image uploader - extensions set to lowercase - changed navigation images to hyphenated names and corrected references
2013-08-14 00:04:07 +04:00
ext = path.extname(req.files.uploadimage.name).toLowerCase(),
image upload controller refactor issue #635 - upload controller shouldn't assume fs - filesystem module proxies all the fs work - proxies and exposes middleware for serving images - creating a date based path and unique filename is a base object util - unit tests updated
2013-11-07 20:00:39 +04:00
store = storage.get_storage();
Moving file system storage to a module issue #635 - refactored file system storage into module - convert save to return a promise - convert admin controller to use storage module
2013-09-28 17:54:26 +04:00
Add support for SVG images
2013-11-12 22:37:54 +04:00
if ((type !== 'image/jpeg' && type !== 'image/png' && type !== 'image/gif' && type !== 'image/svg+xml')
|| (ext !== '.jpg' && ext !== '.jpeg' && ext !== '.png' && ext !== '.gif' && ext !== '.svg' && ext !== '.svgz')) {
Moving file system storage to a module issue #635 - refactored file system storage into module - convert save to return a promise - convert admin controller to use storage module
2013-09-28 17:54:26 +04:00
return res.send(415, 'Unsupported Media Type');
}
Added image upload reusable plugin issue #40 and issue #280 - Adds uploader jquery plugin - includes settings for enabling/disabling upload progress bar - adds routing for image uploads - adds directories by year and month based on upload date - Implements plugin on settings - general pane - Implements plugin on editor - adjusted general tab to save uploaded image src TODO: - Add error handling - Storing information on editor - Add events
2013-08-05 21:31:29 +04:00
image upload controller refactor issue #635 - upload controller shouldn't assume fs - filesystem module proxies all the fs work - proxies and exposes middleware for serving images - creating a date based path and unique filename is a base object util - unit tests updated
2013-11-07 20:00:39 +04:00
store
.save(req.files.uploadimage)
Moving file system storage to a module issue #635 - refactored file system storage into module - convert save to return a promise - convert admin controller to use storage module
2013-09-28 17:54:26 +04:00
.then(function (url) {
image upload controller refactor issue #635 - upload controller shouldn't assume fs - filesystem module proxies all the fs work - proxies and exposes middleware for serving images - creating a date based path and unique filename is a base object util - unit tests updated
2013-11-07 20:00:39 +04:00
return res.send(url);
Moving file system storage to a module issue #635 - refactored file system storage into module - convert save to return a promise - convert admin controller to use storage module
2013-09-28 17:54:26 +04:00
})
.otherwise(function (e) {
return errors.logError(e);
Added image upload reusable plugin issue #40 and issue #280 - Adds uploader jquery plugin - includes settings for enabling/disabling upload progress bar - adds routing for image uploads - adds directories by year and month based on upload date - Implements plugin on settings - general pane - Implements plugin on editor - adjusted general tab to save uploaded image src TODO: - Add error handling - Storing information on editor - Add events
2013-08-05 21:31:29 +04:00
});
},
issue #58 - removing the iiwf Function wrapper and use strict pragma removed from all node files
2013-06-25 15:43:15 +04:00
'login': function (req, res) {
Remove unparam:true from jslint config in Gruntfile.js issue #1365 - added /*jslint unparam:true*/ to functions where absolutely necessary - added /*jslint unparam:true*/ to functions in which keeping parameter list added clarity to the underlying api, even when those parameters are not currently used - removed unused parameters in a few places
2013-10-31 22:02:34 +04:00
/*jslint unparam:true*/
Improved Auth screen markup and validation checks * Signup now focuses on 'name' on load * Fixed fade in on auth forms to work with `display: table` * The 'name' field is required on Sign up forms * The length check on the Signup form is in order of inputs * Added check for password length * Changed the auth form class names to better represent individual pages * Updated CasperJS tests
2013-09-12 12:59:58 +04:00
res.render('login', {
issue #58 - removing the iiwf Function wrapper and use strict pragma removed from all node files
2013-06-25 15:43:15 +04:00
bodyClass: 'ghost-login',
hideNavbar: true,
adminNav: setSelected(adminNavbar, 'login')
Initial commit to GitHub repo
2013-05-11 20:44:25 +04:00
});
issue #58 - removing the iiwf Function wrapper and use strict pragma removed from all node files
2013-06-25 15:43:15 +04:00
},
'auth': function (req, res) {
Fix several redirects in frontend and admin refs #527
2013-11-27 06:31:27 +04:00
var root = ghost.blogGlobals().path === '/' ? '' : ghost.blogGlobals().path,
currentTime = process.hrtime()[0],
Added brute force protection to login Closes half of #468 * adds a 2 second limit until you can retry logging in, otherwise sends you a 401. * bounce: 2ms, checks the pw: 254ms on my machine * added a test to the casper suite
2013-08-22 23:48:36 +04:00
denied = '';
loginSecurity = _.filter(loginSecurity, function (ipTime) {
return (ipTime.time + 2 > currentTime);
});
denied = _.find(loginSecurity, function (ipTime) {
return (ipTime.ip === req.connection.remoteAddress);
issue #58 - removing the iiwf Function wrapper and use strict pragma removed from all node files
2013-06-25 15:43:15 +04:00
});
Added brute force protection to login Closes half of #468 * adds a 2 second limit until you can retry logging in, otherwise sends you a 401. * bounce: 2ms, checks the pw: 254ms on my machine * added a test to the casper suite
2013-08-22 23:48:36 +04:00
if (!denied) {
loginSecurity.push({ip: req.connection.remoteAddress, time: process.hrtime()[0]});
api.users.check({email: req.body.email, pw: req.body.password}).then(function (user) {
Replace cookieSession with session - changed cookieSession to session - added session.regenerate for login and logout - added bookshelf session store - added session table to database - added import for databaseVersion 001 - added grunt task test-api - cleanup of gruntfile to start express when needed only - moved api tests to functional tests
2013-11-24 18:29:36 +04:00
req.session.regenerate(function (err) {
if (!err) {
req.session.user = user.id;
Fix several redirects in frontend and admin refs #527
2013-11-27 06:31:27 +04:00
var redirect = root + '/ghost/';
if (req.body.redirect) {
redirect += decodeURIComponent(req.body.redirect);
}
res.json(200, {redirect: redirect});
Replace cookieSession with session - changed cookieSession to session - added session.regenerate for login and logout - added bookshelf session store - added session table to database - added import for databaseVersion 001 - added grunt task test-api - cleanup of gruntfile to start express when needed only - moved api tests to functional tests
2013-11-24 18:29:36 +04:00
}
});
Added brute force protection to login Closes half of #468 * adds a 2 second limit until you can retry logging in, otherwise sends you a 401. * bounce: 2ms, checks the pw: 254ms on my machine * added a test to the casper suite
2013-08-22 23:48:36 +04:00
}, function (error) {
res.json(401, {error: error.message});
});
} else {
res.json(401, {error: 'Slow down, there are way too many login attempts!'});
}
issue #58 - removing the iiwf Function wrapper and use strict pragma removed from all node files
2013-06-25 15:43:15 +04:00
},
Added quotes to changepw admin controller
2013-10-25 22:11:33 +04:00
'changepw': function (req, res) {
Improved Password Reset Tool Closes #1471 - add api and User model methods for generating and validating tokens - add routes and handlers for reset password pages - add client styles and views for reset password form - some basic integration tests for User model methods
2013-11-22 07:17:38 +04:00
return api.users.changePassword({
Current user added Closes #340. Closes #375 * Replaced session with id of current user * Added method to ghostlocals to always send profile picture and full name to templates (template checks if falsy) * Modified user saving (`forge().set(new).save()` died on me, `forge().save(new)` didn't) * If user has profile picture, that will be used * If user has name, that will be used * Password changing doesn't care about your email. Uses cookies. Tasty! * User pane uses current user id. Had to set path to me, otherwise goes to `browse` instead of `read`. * Added logic to user api to check for `id === 'me'`, and then use the cookie value * User data saves are now correct * There is no logout error
2013-08-09 05:22:49 +04:00
currentUser: req.session.user,
Users can change password Closes #282 * Added a new route * Added new methods * Triple security! * Passwords are actually changed * Also added a change password button, because 'save' has too much baggage. On security: checks whether you're logged in. Then checks whether your old password is actually the one that belongs to you (gets value from the email field for the email, see caveat no2). Checks the new passwords for === and length > 6 on client and server side as well. And THEN changes passwords. Caveats: * didn't add a test, as mocha fails spectacularly on my machine. SQLITE_CORRUPT: database disk image is malformed. Cute, huh? * Because we don't have / I'm not aware of / could not find a "currentuser" variable, I need to get the email address of the user we want to change from the email field. Theoretically if they replace that with another user's email address, and supply their pw, they will change THEIR password instead of their own.
2013-08-06 03:49:06 +04:00
oldpw: req.body.password,
newpw: req.body.newpassword,
ne2pw: req.body.ne2password
Validation consistency - introduced validation method in the post and user model - moved signup validation onto model - consistent use of validation & error messaging in the admin UI - helper methods in base view moved to a utils object
2013-08-20 22:52:44 +04:00
}).then(function () {
Users can change password Closes #282 * Added a new route * Added new methods * Triple security! * Passwords are actually changed * Also added a change password button, because 'save' has too much baggage. On security: checks whether you're logged in. Then checks whether your old password is actually the one that belongs to you (gets value from the email field for the email, see caveat no2). Checks the new passwords for === and length > 6 on client and server side as well. And THEN changes passwords. Caveats: * didn't add a test, as mocha fails spectacularly on my machine. SQLITE_CORRUPT: database disk image is malformed. Cute, huh? * Because we don't have / I'm not aware of / could not find a "currentuser" variable, I need to get the email address of the user we want to change from the email field. Theoretically if they replace that with another user's email address, and supply their pw, they will change THEIR password instead of their own.
2013-08-06 03:49:06 +04:00
res.json(200, {msg: 'Password changed successfully'});
}, function (error) {
Validation consistency - introduced validation method in the post and user model - moved signup validation onto model - consistent use of validation & error messaging in the admin UI - helper methods in base view moved to a utils object
2013-08-20 22:52:44 +04:00
res.send(401, {error: error.message});
Users can change password Closes #282 * Added a new route * Added new methods * Triple security! * Passwords are actually changed * Also added a change password button, because 'save' has too much baggage. On security: checks whether you're logged in. Then checks whether your old password is actually the one that belongs to you (gets value from the email field for the email, see caveat no2). Checks the new passwords for === and length > 6 on client and server side as well. And THEN changes passwords. Caveats: * didn't add a test, as mocha fails spectacularly on my machine. SQLITE_CORRUPT: database disk image is malformed. Cute, huh? * Because we don't have / I'm not aware of / could not find a "currentuser" variable, I need to get the email address of the user we want to change from the email field. Theoretically if they replace that with another user's email address, and supply their pw, they will change THEIR password instead of their own.
2013-08-06 03:49:06 +04:00
});
},
issue #58 - removing the iiwf Function wrapper and use strict pragma removed from all node files
2013-06-25 15:43:15 +04:00
'signup': function (req, res) {
Remove unparam:true from jslint config in Gruntfile.js issue #1365 - added /*jslint unparam:true*/ to functions where absolutely necessary - added /*jslint unparam:true*/ to functions in which keeping parameter list added clarity to the underlying api, even when those parameters are not currently used - removed unused parameters in a few places
2013-10-31 22:02:34 +04:00
/*jslint unparam:true*/
issue #58 - removing the iiwf Function wrapper and use strict pragma removed from all node files
2013-06-25 15:43:15 +04:00
res.render('signup', {
Improved Auth screen markup and validation checks * Signup now focuses on 'name' on load * Fixed fade in on auth forms to work with `display: table` * The 'name' field is required on Sign up forms * The length check on the Signup form is in order of inputs * Added check for password length * Changed the auth form class names to better represent individual pages * Updated CasperJS tests
2013-09-12 12:59:58 +04:00
bodyClass: 'ghost-signup',
issue #58 - removing the iiwf Function wrapper and use strict pragma removed from all node files
2013-06-25 15:43:15 +04:00
hideNavbar: true,
adminNav: setSelected(adminNavbar, 'login')
});
},
'doRegister': function (req, res) {
Fix several redirects in frontend and admin refs #527
2013-11-27 06:31:27 +04:00
var root = ghost.blogGlobals().path === '/' ? '' : ghost.blogGlobals().path,
name = req.body.name,
Input signup name into user profile
2013-09-08 23:16:40 +04:00
email = req.body.email,
issue #58 - removing the iiwf Function wrapper and use strict pragma removed from all node files
2013-06-25 15:43:15 +04:00
password = req.body.password;
Initial commit to GitHub repo
2013-05-11 20:44:25 +04:00
Added validation for signup and login screens Closes #374 * Included node-validator as a package * Implemented server side validation (the client side js is a mess, need a LOT of work) * Validates email address both on signup and login screens, gives error message on malformed email addresses * Requires at least 8 chars of password * Tells user if password is too short * Tells user if no such user on login * Tells user if wrong password on login * Tells user if server responds with a 404 (goes away, dies, etc) * Added middleware between req and login / signup for validation
2013-08-19 01:50:42 +04:00
api.users.add({
Mass renaming of things Conflicts: core/client/views/settings.js core/server/models/user.js
2013-09-12 02:04:49 +04:00
name: name,
email: email,
Added validation for signup and login screens Closes #374 * Included node-validator as a package * Implemented server side validation (the client side js is a mess, need a LOT of work) * Validates email address both on signup and login screens, gives error message on malformed email addresses * Requires at least 8 chars of password * Tells user if password is too short * Tells user if no such user on login * Tells user if wrong password on login * Tells user if server responds with a 404 (goes away, dies, etc) * Added middleware between req and login / signup for validation
2013-08-19 01:50:42 +04:00
password: password
}).then(function (user) {
Populating admin email with user signup email closes #775
2013-09-17 06:08:36 +04:00
api.settings.edit('email', email).then(function () {
Replace cookieSession with session - changed cookieSession to session - added session.regenerate for login and logout - added bookshelf session store - added session table to database - added import for databaseVersion 001 - added grunt task test-api - cleanup of gruntfile to start express when needed only - moved api tests to functional tests
2013-11-24 18:29:36 +04:00
req.session.regenerate(function (err) {
if (!err) {
if (req.session.user === undefined) {
req.session.user = user.id;
}
Fix several redirects in frontend and admin refs #527
2013-11-27 06:31:27 +04:00
res.json(200, {redirect: root + '/ghost/'});
Replace cookieSession with session - changed cookieSession to session - added session.regenerate for login and logout - added bookshelf session store - added session table to database - added import for databaseVersion 001 - added grunt task test-api - cleanup of gruntfile to start express when needed only - moved api tests to functional tests
2013-11-24 18:29:36 +04:00
}
});
Populating admin email with user signup email closes #775
2013-09-17 06:08:36 +04:00
});
}).otherwise(function (error) {
Added validation for signup and login screens Closes #374 * Included node-validator as a package * Implemented server side validation (the client side js is a mess, need a LOT of work) * Validates email address both on signup and login screens, gives error message on malformed email addresses * Requires at least 8 chars of password * Tells user if password is too short * Tells user if no such user on login * Tells user if wrong password on login * Tells user if server responds with a 404 (goes away, dies, etc) * Added middleware between req and login / signup for validation
2013-08-19 01:50:42 +04:00
res.json(401, {error: error.message});
});
issue #58 - removing the iiwf Function wrapper and use strict pragma removed from all node files
2013-06-25 15:43:15 +04:00
},
Repaired email sending, implement password reset Closes #288 * I use SendGrid for sending the emails, and it works fine (provided you supply the correct credentials in `config.mail` in `config.js`) * Generates a random 12 char long alphanumeric password, replaces user's pw, and sends an email about it.
2013-09-01 02:20:12 +04:00
'forgotten': function (req, res) {
Remove unparam:true from jslint config in Gruntfile.js issue #1365 - added /*jslint unparam:true*/ to functions where absolutely necessary - added /*jslint unparam:true*/ to functions in which keeping parameter list added clarity to the underlying api, even when those parameters are not currently used - removed unused parameters in a few places
2013-10-31 22:02:34 +04:00
/*jslint unparam:true*/
Improved Auth screen markup and validation checks * Signup now focuses on 'name' on load * Fixed fade in on auth forms to work with `display: table` * The 'name' field is required on Sign up forms * The length check on the Signup form is in order of inputs * Added check for password length * Changed the auth form class names to better represent individual pages * Updated CasperJS tests
2013-09-12 12:59:58 +04:00
res.render('forgotten', {
Repaired email sending, implement password reset Closes #288 * I use SendGrid for sending the emails, and it works fine (provided you supply the correct credentials in `config.mail` in `config.js`) * Generates a random 12 char long alphanumeric password, replaces user's pw, and sends an email about it.
2013-09-01 02:20:12 +04:00
bodyClass: 'ghost-forgotten',
hideNavbar: true,
adminNav: setSelected(adminNavbar, 'login')
});
},
Improved Password Reset Tool Closes #1471 - add api and User model methods for generating and validating tokens - add routes and handlers for reset password pages - add client styles and views for reset password form - some basic integration tests for User model methods
2013-11-22 07:17:38 +04:00
'generateResetToken': function (req, res) {
Fix several redirects in frontend and admin refs #527
2013-11-27 06:31:27 +04:00
var root = ghost.blogGlobals().path === '/' ? '' : ghost.blogGlobals().path,
email = req.body.email;
Repaired email sending, implement password reset Closes #288 * I use SendGrid for sending the emails, and it works fine (provided you supply the correct credentials in `config.mail` in `config.js`) * Generates a random 12 char long alphanumeric password, replaces user's pw, and sends an email about it.
2013-09-01 02:20:12 +04:00
Improved Password Reset Tool Closes #1471 - add api and User model methods for generating and validating tokens - add routes and handlers for reset password pages - add client styles and views for reset password form - some basic integration tests for User model methods
2013-11-22 07:17:38 +04:00
api.users.generateResetToken(email).then(function (token) {
Create the config module, initially used to standardise getting paths and absolute URLs. Easy to extend for other configurations we may need.
2013-11-20 17:58:52 +04:00
var siteLink = '<a href="' + config().url + '">' + config().url + '</a>',
resetUrl = config().url + '/ghost/reset/' + token + '/',
Improved Password Reset Tool Closes #1471 - add api and User model methods for generating and validating tokens - add routes and handlers for reset password pages - add client styles and views for reset password form - some basic integration tests for User model methods
2013-11-22 07:17:38 +04:00
resetLink = '<a href="' + resetUrl + '">' + resetUrl + '</a>',
message = {
Repaired email sending, implement password reset Closes #288 * I use SendGrid for sending the emails, and it works fine (provided you supply the correct credentials in `config.mail` in `config.js`) * Generates a random 12 char long alphanumeric password, replaces user's pw, and sends an email about it.
2013-09-01 02:20:12 +04:00
to: email,
Improved Password Reset Tool Closes #1471 - add api and User model methods for generating and validating tokens - add routes and handlers for reset password pages - add client styles and views for reset password form - some basic integration tests for User model methods
2013-11-22 07:17:38 +04:00
subject: 'Reset Password',
html: '<p><strong>Hello!</strong></p>' +
'<p>A request has been made to reset the password on the site ' + siteLink + '.</p>' +
'<p>Please follow the link below to reset your password:<br><br>' + resetLink + '</p>' +
'<p>Ghost</p>'
Repaired email sending, implement password reset Closes #288 * I use SendGrid for sending the emails, and it works fine (provided you supply the correct credentials in `config.mail` in `config.js`) * Generates a random 12 char long alphanumeric password, replaces user's pw, and sends an email about it.
2013-09-01 02:20:12 +04:00
};
Email errors & cleanup closes #618 - don't send a welcome email. This appeared to be breaking tests. - make sure we handle errors from sending emails properly - use promises when adding notifications
2013-09-04 17:57:41 +04:00
return ghost.mail.send(message);
}).then(function success() {
var notification = {
type: 'success',
Improved Password Reset Tool Closes #1471 - add api and User model methods for generating and validating tokens - add routes and handlers for reset password pages - add client styles and views for reset password form - some basic integration tests for User model methods
2013-11-22 07:17:38 +04:00
message: 'Check your email for further instructions',
Email errors & cleanup closes #618 - don't send a welcome email. This appeared to be breaking tests. - make sure we handle errors from sending emails properly - use promises when adding notifications
2013-09-04 17:57:41 +04:00
status: 'passive',
id: 'successresetpw'
};
return api.notifications.add(notification).then(function () {
Fix several redirects in frontend and admin refs #527
2013-11-27 06:31:27 +04:00
res.json(200, {redirect: root + '/ghost/signin/'});
Email errors & cleanup closes #618 - don't send a welcome email. This appeared to be breaking tests. - make sure we handle errors from sending emails properly - use promises when adding notifications
2013-09-04 17:57:41 +04:00
});
Repaired email sending, implement password reset Closes #288 * I use SendGrid for sending the emails, and it works fine (provided you supply the correct credentials in `config.mail` in `config.js`) * Generates a random 12 char long alphanumeric password, replaces user's pw, and sends an email about it.
2013-09-01 02:20:12 +04:00
Email errors & cleanup closes #618 - don't send a welcome email. This appeared to be breaking tests. - make sure we handle errors from sending emails properly - use promises when adding notifications
2013-09-04 17:57:41 +04:00
}, function failure(error) {
Improved Password Reset Tool Closes #1471 - add api and User model methods for generating and validating tokens - add routes and handlers for reset password pages - add client styles and views for reset password form - some basic integration tests for User model methods
2013-11-22 07:17:38 +04:00
// TODO: This is kind of sketchy, depends on magic string error.message from Bookshelf.
// TODO: It's debatable whether we want to just tell the user we sent the email in this case or not, we are giving away sensitive info here.
if (error && error.message === 'EmptyResponse') {
error.message = "Invalid email address";
}
Repaired email sending, implement password reset Closes #288 * I use SendGrid for sending the emails, and it works fine (provided you supply the correct credentials in `config.mail` in `config.js`) * Generates a random 12 char long alphanumeric password, replaces user's pw, and sends an email about it.
2013-09-01 02:20:12 +04:00
res.json(401, {error: error.message});
Improved Password Reset Tool Closes #1471 - add api and User model methods for generating and validating tokens - add routes and handlers for reset password pages - add client styles and views for reset password form - some basic integration tests for User model methods
2013-11-22 07:17:38 +04:00
});
},
'reset': function (req, res) {
Fix several redirects in frontend and admin refs #527
2013-11-27 06:31:27 +04:00
var root = ghost.blogGlobals().path === '/' ? '' : ghost.blogGlobals().path,
// Validate the request token
token = req.params.token;
Improved Password Reset Tool Closes #1471 - add api and User model methods for generating and validating tokens - add routes and handlers for reset password pages - add client styles and views for reset password form - some basic integration tests for User model methods
2013-11-22 07:17:38 +04:00
api.users.validateToken(token).then(function () {
// Render the reset form
res.render('reset', {
bodyClass: 'ghost-reset',
hideNavbar: true,
adminNav: setSelected(adminNavbar, 'reset')
});
}).otherwise(function (err) {
// Redirect to forgotten if invalid token
var notification = {
type: 'error',
message: 'Invalid or expired token',
status: 'persistent',
id: 'errorinvalidtoken'
};
errors.logError(err, 'admin.js', "Please check the provided token for validity and expiration.");
return api.notifications.add(notification).then(function () {
Fix several redirects in frontend and admin refs #527
2013-11-27 06:31:27 +04:00
res.redirect(root + '/ghost/forgotten');
Improved Password Reset Tool Closes #1471 - add api and User model methods for generating and validating tokens - add routes and handlers for reset password pages - add client styles and views for reset password form - some basic integration tests for User model methods
2013-11-22 07:17:38 +04:00
});
});
},
'resetPassword': function (req, res) {
Fix several redirects in frontend and admin refs #527
2013-11-27 06:31:27 +04:00
var root = ghost.blogGlobals().path === '/' ? '' : ghost.blogGlobals().path,
token = req.params.token,
Improved Password Reset Tool Closes #1471 - add api and User model methods for generating and validating tokens - add routes and handlers for reset password pages - add client styles and views for reset password form - some basic integration tests for User model methods
2013-11-22 07:17:38 +04:00
newPassword = req.param('newpassword'),
ne2Password = req.param('ne2password');
api.users.resetPassword(token, newPassword, ne2Password).then(function () {
var notification = {
type: 'success',
message: 'Password changed successfully.',
status: 'passive',
id: 'successresetpw'
};
return api.notifications.add(notification).then(function () {
Fix several redirects in frontend and admin refs #527
2013-11-27 06:31:27 +04:00
res.json(200, {redirect: root + '/ghost/signin/'});
Improved Password Reset Tool Closes #1471 - add api and User model methods for generating and validating tokens - add routes and handlers for reset password pages - add client styles and views for reset password form - some basic integration tests for User model methods
2013-11-22 07:17:38 +04:00
});
}).otherwise(function (err) {
// TODO: Better error message if we can tell whether the passwords didn't match or something
res.json(401, {error: err.message});
});
Repaired email sending, implement password reset Closes #288 * I use SendGrid for sending the emails, and it works fine (provided you supply the correct credentials in `config.mail` in `config.js`) * Generates a random 12 char long alphanumeric password, replaces user's pw, and sends an email about it.
2013-09-01 02:20:12 +04:00
},
issue #58 - removing the iiwf Function wrapper and use strict pragma removed from all node files
2013-06-25 15:43:15 +04:00
'logout': function (req, res) {
Replace cookieSession with session - changed cookieSession to session - added session.regenerate for login and logout - added bookshelf session store - added session table to database - added import for databaseVersion 001 - added grunt task test-api - cleanup of gruntfile to start express when needed only - moved api tests to functional tests
2013-11-24 18:29:36 +04:00
req.session.destroy();
Fix several redirects in frontend and admin refs #527
2013-11-27 06:31:27 +04:00
var root = ghost.blogGlobals().path === '/' ? '' : ghost.blogGlobals().path,
notification = {
type: 'success',
message: 'You were successfully signed out',
status: 'passive',
id: 'successlogout'
};
Removed flash, renamed file, unbroken logout / login request notifications Closes #354 * Reintroduced the redirect functionality (not logged in, tries to go to `/settings/user/`, is sent to `/login/` with info notification, after login user is taken to `/settings/user/) * Reintroduced the "Successfully logged out" message * Added middleware to scrub passive notifications from `ghost.notifications` after one use basically mimicing client side passive notifications * Removed flash from everywhere. Even from package.json. * Renamed flashed.hbs to notifications.hbs, modified default.hbs accordingly * Added function to parse GET variables on client side
2013-08-20 03:40:09 +04:00
Email errors & cleanup closes #618 - don't send a welcome email. This appeared to be breaking tests. - make sure we handle errors from sending emails properly - use promises when adding notifications
2013-09-04 17:57:41 +04:00
return api.notifications.add(notification).then(function () {
Fix several redirects in frontend and admin refs #527
2013-11-27 06:31:27 +04:00
res.redirect(root + '/ghost/signin/');
Email errors & cleanup closes #618 - don't send a welcome email. This appeared to be breaking tests. - make sure we handle errors from sending emails properly - use promises when adding notifications
2013-09-04 17:57:41 +04:00
});
issue #58 - removing the iiwf Function wrapper and use strict pragma removed from all node files
2013-06-25 15:43:15 +04:00
},
'index': function (req, res) {
Remove unparam:true from jslint config in Gruntfile.js issue #1365 - added /*jslint unparam:true*/ to functions where absolutely necessary - added /*jslint unparam:true*/ to functions in which keeping parameter list added clarity to the underlying api, even when those parameters are not currently used - removed unused parameters in a few places
2013-10-31 22:02:34 +04:00
/*jslint unparam:true*/
Temporarily removed the Dashboard and all references This also updates the CasperJS to match the new changes.
2013-09-11 18:38:09 +04:00
res.render('content', {
bodyClass: 'manage',
adminNav: setSelected(adminNavbar, 'content')
issue #58 - removing the iiwf Function wrapper and use strict pragma removed from all node files
2013-06-25 15:43:15 +04:00
});
},
'editor': function (req, res) {
if (req.params.id !== undefined) {
Removing api calls from server side closes #603, issue #395 - Changed hard-coded 'JOE BLOGGS' to use author data - We still had api calls loading data server side before rendering pages.. which is unnecessary. - Only thing using this was editor title, which is now populated client side - May improve content screen load time.
2013-09-05 00:05:36 +04:00
res.render('editor', {
bodyClass: 'editor',
adminNav: setSelected(adminNavbar, 'content')
});
issue #58 - removing the iiwf Function wrapper and use strict pragma removed from all node files
2013-06-25 15:43:15 +04:00
} else {
res.render('editor', {
bodyClass: 'editor',
adminNav: setSelected(adminNavbar, 'add')
});
}
},
'content': function (req, res) {
Remove unparam:true from jslint config in Gruntfile.js issue #1365 - added /*jslint unparam:true*/ to functions where absolutely necessary - added /*jslint unparam:true*/ to functions in which keeping parameter list added clarity to the underlying api, even when those parameters are not currently used - removed unused parameters in a few places
2013-10-31 22:02:34 +04:00
/*jslint unparam:true*/
Removing api calls from server side closes #603, issue #395 - Changed hard-coded 'JOE BLOGGS' to use author data - We still had api calls loading data server side before rendering pages.. which is unnecessary. - Only thing using this was editor title, which is now populated client side - May improve content screen load time.
2013-09-05 00:05:36 +04:00
res.render('content', {
bodyClass: 'manage',
adminNav: setSelected(adminNavbar, 'content')
});
issue #58 - removing the iiwf Function wrapper and use strict pragma removed from all node files
2013-06-25 15:43:15 +04:00
},
Settings: Return 404 for unrecognised pages Fixes #798 - Now checks the request URL against a whitelist to determine whether the settings page exists. **Notes** - This works in the short term, but a better solution for enumerating the available settings views or centralising a list of recognised views that are available to client side code, (the router and sidebar, among others) as well as the backend controller will be required.
2013-09-18 06:31:43 +04:00
'settings': function (req, res, next) {
// TODO: Centralise list/enumeration of settings panes, so we don't
// run into trouble in future.
Cleanup indentation and quotes Aligns all requirements vertically for easier reading + adds single quote standard consistently throughout Ghost, except in long strings.
2013-09-24 14:46:30 +04:00
var allowedSections = ['', 'general', 'user'],
section = req.url.replace(/(^\/ghost\/settings[\/]*|\/$)/ig, '');
Settings: Return 404 for unrecognised pages Fixes #798 - Now checks the request URL against a whitelist to determine whether the settings page exists. **Notes** - This works in the short term, but a better solution for enumerating the available settings views or centralising a list of recognised views that are available to client side code, (the router and sidebar, among others) as well as the backend controller will be required.
2013-09-18 06:31:43 +04:00
if (allowedSections.indexOf(section) < 0) {
return next();
}
Removing api calls from server side closes #603, issue #395 - Changed hard-coded 'JOE BLOGGS' to use author data - We still had api calls loading data server side before rendering pages.. which is unnecessary. - Only thing using this was editor title, which is now populated client side - May improve content screen load time.
2013-09-05 00:05:36 +04:00
res.render('settings', {
bodyClass: 'settings',
adminNav: setSelected(adminNavbar, 'settings')
});
issue #58 - removing the iiwf Function wrapper and use strict pragma removed from all node files
2013-06-25 15:43:15 +04:00
},
'debug': { /* ugly temporary stuff for managing the app before it's properly finished */
index: function (req, res) {
Remove unparam:true from jslint config in Gruntfile.js issue #1365 - added /*jslint unparam:true*/ to functions where absolutely necessary - added /*jslint unparam:true*/ to functions in which keeping parameter list added clarity to the underlying api, even when those parameters are not currently used - removed unused parameters in a few places
2013-10-31 22:02:34 +04:00
/*jslint unparam:true*/
issue #58 - removing the iiwf Function wrapper and use strict pragma removed from all node files
2013-06-25 15:43:15 +04:00
res.render('debug', {
bodyClass: 'settings',
adminNav: setSelected(adminNavbar, 'settings')
});
Initial commit to GitHub repo
2013-05-11 20:44:25 +04:00
}
issue #58 - removing the iiwf Function wrapper and use strict pragma removed from all node files
2013-06-25 15:43:15 +04:00
}
};
Initial commit to GitHub repo
2013-05-11 20:44:25 +04:00
Current user added Closes #340. Closes #375 * Replaced session with id of current user * Added method to ghostlocals to always send profile picture and full name to templates (template checks if falsy) * Modified user saving (`forge().set(new).save()` died on me, `forge().save(new)` didn't) * If user has profile picture, that will be used * If user has name, that will be used * Password changing doesn't care about your email. Uses cookies. Tasty! * User pane uses current user id. Had to set path to me, otherwise goes to `browse` instead of `read`. * Added logic to user api to check for `id === 'me'`, and then use the cookie value * User data saves are now correct * There is no logout error
2013-08-09 05:22:49 +04:00
module.exports = adminControllers;
Reference in New Issue Copy Permalink