Ghost/ghost/admin/app/session-stores/application.js

26 lines
1.0 KiB
JavaScript
Raw Normal View History

import EphemeralStore from 'ember-simple-auth/session-stores/ephemeral';
import RSVP from 'rsvp';
import {inject as service} from '@ember/service';
// Ghost already uses a cookie to store it's session so we don't need to keep
// track of any other peristent login state separately in Ember Simple Auth
export default EphemeralStore.extend({
session: service(),
// when loading the app we want ESA to try fetching the currently logged
// in user. This will succeed/fail depending on whether we have a valid
// session cookie or not so we can use that as an indication of the session
// being authenticated
restore() {
Made `session.user` a synchronous property rather than a promise no issue Having `session.user` return a promise made dealing with it in components difficult because you always had to remember it returned a promise rather than a model and had to handle the async behaviour. It also meant that you couldn't use any current user properties directly inside getters which made refactors to Glimmer/Octane idioms harder to reason about. `session.user` was a cached computed property so it really made no sense for it to be a promise - it was loaded on first access and then always returned instantly but with a fulfilled promise rather than the underlying model. Refactoring to a synchronous property that is loaded as part of the authentication flows (we load the current user to check that we're logged in - we may as well make use of that!) means one less thing to be aware of/remember and provides a nicer migration process to Glimmer components. As part of the refactor, the auth flows and pre-load of required data across other services was also simplified to make it easier to find and follow. - refactored app setup and `session.user` - added `session.populateUser()` that fetches a user model from the current user endpoint and sets it on `session.user` - removed knowledge of app setup from the `cookie` authenticator and moved it into = `session.postAuthPreparation()`, this means we have the same post-authentication setup no matter which authenticator is used so we have more consistent behaviour in tests which don't use the `cookie` authenticator - switched `session` service to native class syntax to get the expected `super()` behaviour - updated `handleAuthentication()` so it populate's `session.user` and performs post-auth setup before transitioning (handles sign-in after app load) - updated `application` route to remove duplicated knowledge of app preload behaviour that now lives in `session.postAuthPreparation()` (handles already-authed app load) - removed out-of-date attempt at pre-loading data from setup controller as that's now handled automatically via `session.handleAuthentication` - updated app code to not treat `session.user` as a promise - predominant usage was router `beforeModel` hooks that transitioned users without valid permissions, this sets us up for an easier removal of the `current-user-settings` mixin in the future
2021-07-08 16:37:31 +03:00
return this.session.populateUser().then(() => {
// provide the necessary data for internal-session to mark the
// session as authenticated
let data = {authenticated: {authenticator: 'authenticator:cookie'}};
this.persist(data);
return data;
}).catch(() => {
return RSVP.reject();
});
}
});