TryGhost/Ghost
1
0
Fork 0
mirror of https://github.com/TryGhost/Ghost.git synced 2024-11-28 05:37:34 +03:00
Code Issues Projects Releases Wiki Activity
40c1271c08
Ghost/core/server/controllers/admin.js

293 lines
9.4 KiB
JavaScript
Raw Normal View History

Cleanup indentation and quotes Aligns all requirements vertically for easier reading + adds single quote standard consistently throughout Ghost, except in long strings.
2013-09-24 14:46:30 +04:00
var Ghost = require('../../ghost'),
_ = require('underscore'),
fs = require('fs-extra'),
path = require('path'),
api = require('../api'),
moment = require('moment'),
errors = require('../errorHandling'),
ghost = new Ghost(),
dataProvider = ghost.dataProvider,
issue #58 - removing the iiwf Function wrapper and use strict pragma removed from all node files
2013-06-25 15:43:15 +04:00
adminNavbar,
Added brute force protection to login Closes half of #468 * adds a 2 second limit until you can retry logging in, otherwise sends you a 401. * bounce: 2ms, checks the pw: 254ms on my machine * added a test to the casper suite
2013-08-22 23:48:36 +04:00
adminControllers,
loginSecurity = [];
Initial commit to GitHub repo
2013-05-11 20:44:25 +04:00
issue #58 - removing the iiwf Function wrapper and use strict pragma removed from all node files
2013-06-25 15:43:15 +04:00
// TODO: combine path/navClass to single "slug(?)" variable with no prefix
adminNavbar = {
content: {
name: 'Content',
navClass: 'content',
key: 'admin.navbar.content',
Temporarily removed the Dashboard and all references This also updates the CasperJS to match the new changes.
2013-09-11 18:38:09 +04:00
path: '/'
issue #58 - removing the iiwf Function wrapper and use strict pragma removed from all node files
2013-06-25 15:43:15 +04:00
},
add: {
name: 'New Post',
navClass: 'editor',
key: 'admin.navbar.editor',
path: '/editor/'
},
settings: {
name: 'Settings',
navClass: 'settings',
key: 'admin.navbar.settings',
path: '/settings/'
}
};
Initial commit to GitHub repo
2013-05-11 20:44:25 +04:00
Added brute force protection to login Closes half of #468 * adds a 2 second limit until you can retry logging in, otherwise sends you a 401. * bounce: 2ms, checks the pw: 254ms on my machine * added a test to the casper suite
2013-08-22 23:48:36 +04:00
Fixing up some inconsistent TODO: items.
2013-06-25 20:58:26 +04:00
// TODO: make this a util or helper
issue #58 - removing the iiwf Function wrapper and use strict pragma removed from all node files
2013-06-25 15:43:15 +04:00
function setSelected(list, name) {
_.each(list, function (item, key) {
item.selected = key === name;
#25: admin navbar and filter
2013-05-29 04:10:39 +04:00
});
issue #58 - removing the iiwf Function wrapper and use strict pragma removed from all node files
2013-06-25 15:43:15 +04:00
return list;
}
#25: admin navbar and filter
2013-05-29 04:10:39 +04:00
Ensure image uploads do not overwrite if they have the same name closes #619 - check if uploaded image name exists in month/year path - if unique then save - if not unique then add -1 to the end of the name eg. image-1.jpg - if image-1.jpg exists then increment to -2 - keep going until a unique name is found - uses tail recursion as normal path will be to save the first filename and deep recursion will be the exception - (the alternative of loading the names of all the files in the directory could result in a large in memory array)
2013-09-08 00:55:01 +04:00
// TODO: this could be a separate module
function getUniqueFileName(dir, name, ext, i, done) {
var filename,
append = '';
if (i) {
append = '-' + i;
}
filename = path.join(dir, name + append + ext);
fs.exists(filename, function (exists) {
if (exists) {
setImmediate(function () {
i = i + 1;
return getUniqueFileName(dir, name, ext, i, done);
});
} else {
return done(filename);
}
});
}
issue #58 - removing the iiwf Function wrapper and use strict pragma removed from all node files
2013-06-25 15:43:15 +04:00
adminControllers = {
Added image upload reusable plugin issue #40 and issue #280 - Adds uploader jquery plugin - includes settings for enabling/disabling upload progress bar - adds routing for image uploads - adds directories by year and month based on upload date - Implements plugin on settings - general pane - Implements plugin on editor - adjusted general tab to save uploaded image src TODO: - Add error handling - Storing information on editor - Add events
2013-08-05 21:31:29 +04:00
'uploader': function (req, res) {
Ensure image uploads do not overwrite if they have the same name closes #619 - check if uploaded image name exists in month/year path - if unique then save - if not unique then add -1 to the end of the name eg. image-1.jpg - if image-1.jpg exists then increment to -2 - keep going until a unique name is found - uses tail recursion as normal path will be to save the first filename and deep recursion will be the exception - (the alternative of loading the names of all the files in the directory could result in a large in memory array)
2013-09-08 00:55:01 +04:00
Added image upload reusable plugin issue #40 and issue #280 - Adds uploader jquery plugin - includes settings for enabling/disabling upload progress bar - adds routing for image uploads - adds directories by year and month based on upload date - Implements plugin on settings - general pane - Implements plugin on editor - adjusted general tab to save uploaded image src TODO: - Add error handling - Storing information on editor - Add events
2013-08-05 21:31:29 +04:00
var currentDate = moment(),
Use file mime type rather than extension to check server side if image upload is a valid file closes #705 - uses the file type passed by express/connect - relies on the type being set correctly by the browser upload - doesn't reread the file to check
2013-09-19 10:26:26 +04:00
month = currentDate.format('MMM'),
year = currentDate.format('YYYY'),
Added image upload reusable plugin issue #40 and issue #280 - Adds uploader jquery plugin - includes settings for enabling/disabling upload progress bar - adds routing for image uploads - adds directories by year and month based on upload date - Implements plugin on settings - general pane - Implements plugin on editor - adjusted general tab to save uploaded image src TODO: - Add error handling - Storing information on editor - Add events
2013-08-05 21:31:29 +04:00
tmp_path = req.files.uploadimage.path,
Fix filepaths for config and upload no issue - added appRoot to config-loader.js - modified uploader to use correct path - modified tests
2013-10-10 14:44:31 +04:00
imagespath = path.join(ghost.paths().appRoot, 'content/images'),
dir = path.join(imagespath, year, month),
fixes extensions bug for image uploader - extensions set to lowercase - changed navigation images to hyphenated names and corrected references
2013-08-14 00:04:07 +04:00
ext = path.extname(req.files.uploadimage.name).toLowerCase(),
Fix for image uploads - express 3.4.0 uses connect 2.9.0 which had a sizable change to how multipart woks - this change resulting in req.files.uploadimage.type going away
2013-10-11 23:26:09 +04:00
type = req.files.uploadimage.type || req.files.uploadimage.headers['content-type'],
Fix for images with special chars closes #780 - added replacing of special chars with '_'
2013-09-18 00:11:22 +04:00
basename = path.basename(req.files.uploadimage.name, ext).replace(/[\W]/gi, '_');
Added image upload reusable plugin issue #40 and issue #280 - Adds uploader jquery plugin - includes settings for enabling/disabling upload progress bar - adds routing for image uploads - adds directories by year and month based on upload date - Implements plugin on settings - general pane - Implements plugin on editor - adjusted general tab to save uploaded image src TODO: - Add error handling - Storing information on editor - Add events
2013-08-05 21:31:29 +04:00
Ensure image uploads do not overwrite if they have the same name closes #619 - check if uploaded image name exists in month/year path - if unique then save - if not unique then add -1 to the end of the name eg. image-1.jpg - if image-1.jpg exists then increment to -2 - keep going until a unique name is found - uses tail recursion as normal path will be to save the first filename and deep recursion will be the exception - (the alternative of loading the names of all the files in the directory could result in a large in memory array)
2013-09-08 00:55:01 +04:00
function renameFile(target_path) {
Added image upload reusable plugin issue #40 and issue #280 - Adds uploader jquery plugin - includes settings for enabling/disabling upload progress bar - adds routing for image uploads - adds directories by year and month based on upload date - Implements plugin on settings - general pane - Implements plugin on editor - adjusted general tab to save uploaded image src TODO: - Add error handling - Storing information on editor - Add events
2013-08-05 21:31:29 +04:00
// adds directories recursively
fs.mkdirs(dir, function (err) {
if (err) {
Remove temporary files when uploading images closes #502 part of #705 - copy the files but then remove the temporary ones - moving instead of copying was problematic due to moving across devices - still need to convert code to using promises
2013-09-18 12:59:42 +04:00
return errors.logError(err);
}
fs.copy(tmp_path, target_path, function (err) {
if (err) {
return errors.logError(err);
}
fs.unlink(tmp_path, function (e) {
Added image upload reusable plugin issue #40 and issue #280 - Adds uploader jquery plugin - includes settings for enabling/disabling upload progress bar - adds routing for image uploads - adds directories by year and month based on upload date - Implements plugin on settings - general pane - Implements plugin on editor - adjusted general tab to save uploaded image src TODO: - Add error handling - Storing information on editor - Add events
2013-08-05 21:31:29 +04:00
if (err) {
Remove temporary files when uploading images closes #502 part of #705 - copy the files but then remove the temporary ones - moving instead of copying was problematic due to moving across devices - still need to convert code to using promises
2013-09-18 12:59:42 +04:00
return errors.logError(err);
Added image upload reusable plugin issue #40 and issue #280 - Adds uploader jquery plugin - includes settings for enabling/disabling upload progress bar - adds routing for image uploads - adds directories by year and month based on upload date - Implements plugin on settings - general pane - Implements plugin on editor - adjusted general tab to save uploaded image src TODO: - Add error handling - Storing information on editor - Add events
2013-08-05 21:31:29 +04:00
}
Remove temporary files when uploading images closes #502 part of #705 - copy the files but then remove the temporary ones - moving instead of copying was problematic due to moving across devices - still need to convert code to using promises
2013-09-18 12:59:42 +04:00
// the src for the image must be in URI format, not a file system path, which in Windows uses \
Fix filepaths for config and upload no issue - added appRoot to config-loader.js - modified uploader to use correct path - modified tests
2013-10-10 14:44:31 +04:00
var src = path.join('/', target_path.replace(ghost.paths().appRoot, "")).replace(new RegExp('\\' + path.sep, 'g'), '/');
Remove temporary files when uploading images closes #502 part of #705 - copy the files but then remove the temporary ones - moving instead of copying was problematic due to moving across devices - still need to convert code to using promises
2013-09-18 12:59:42 +04:00
return res.send(src);
Added image upload reusable plugin issue #40 and issue #280 - Adds uploader jquery plugin - includes settings for enabling/disabling upload progress bar - adds routing for image uploads - adds directories by year and month based on upload date - Implements plugin on settings - general pane - Implements plugin on editor - adjusted general tab to save uploaded image src TODO: - Add error handling - Storing information on editor - Add events
2013-08-05 21:31:29 +04:00
});
Remove temporary files when uploading images closes #502 part of #705 - copy the files but then remove the temporary ones - moving instead of copying was problematic due to moving across devices - still need to convert code to using promises
2013-09-18 12:59:42 +04:00
});
Added image upload reusable plugin issue #40 and issue #280 - Adds uploader jquery plugin - includes settings for enabling/disabling upload progress bar - adds routing for image uploads - adds directories by year and month based on upload date - Implements plugin on settings - general pane - Implements plugin on editor - adjusted general tab to save uploaded image src TODO: - Add error handling - Storing information on editor - Add events
2013-08-05 21:31:29 +04:00
});
}
Security improvements no issue - added CSRF protection - changed session handling to express.session - changed session handling to change session id - added config property useCookieSession - added file extension check for /ghost/upload - removed /ghost/debug/db/reset
2013-10-17 17:28:28 +04:00
//limit uploads to type && extension
if ((type === 'image/jpeg' || type === 'image/png' || type === 'image/gif')
&& (ext === '.jpg' || ext === '.jpeg' || ext === '.png' || ext === '.gif')) {
Ensure image uploads do not overwrite if they have the same name closes #619 - check if uploaded image name exists in month/year path - if unique then save - if not unique then add -1 to the end of the name eg. image-1.jpg - if image-1.jpg exists then increment to -2 - keep going until a unique name is found - uses tail recursion as normal path will be to save the first filename and deep recursion will be the exception - (the alternative of loading the names of all the files in the directory could result in a large in memory array)
2013-09-08 00:55:01 +04:00
getUniqueFileName(dir, basename, ext, null, function (filename) {
renameFile(filename);
});
Added image upload reusable plugin issue #40 and issue #280 - Adds uploader jquery plugin - includes settings for enabling/disabling upload progress bar - adds routing for image uploads - adds directories by year and month based on upload date - Implements plugin on settings - general pane - Implements plugin on editor - adjusted general tab to save uploaded image src TODO: - Add error handling - Storing information on editor - Add events
2013-08-05 21:31:29 +04:00
} else {
Show proper error message when image upload fails fixes #994
2013-10-21 00:25:00 +04:00
res.send(415, 'Unsupported Media Type');
Added image upload reusable plugin issue #40 and issue #280 - Adds uploader jquery plugin - includes settings for enabling/disabling upload progress bar - adds routing for image uploads - adds directories by year and month based on upload date - Implements plugin on settings - general pane - Implements plugin on editor - adjusted general tab to save uploaded image src TODO: - Add error handling - Storing information on editor - Add events
2013-08-05 21:31:29 +04:00
}
},
issue #58 - removing the iiwf Function wrapper and use strict pragma removed from all node files
2013-06-25 15:43:15 +04:00
'login': function (req, res) {
Improved Auth screen markup and validation checks * Signup now focuses on 'name' on load * Fixed fade in on auth forms to work with `display: table` * The 'name' field is required on Sign up forms * The length check on the Signup form is in order of inputs * Added check for password length * Changed the auth form class names to better represent individual pages * Updated CasperJS tests
2013-09-12 12:59:58 +04:00
res.render('login', {
issue #58 - removing the iiwf Function wrapper and use strict pragma removed from all node files
2013-06-25 15:43:15 +04:00
bodyClass: 'ghost-login',
hideNavbar: true,
adminNav: setSelected(adminNavbar, 'login')
Initial commit to GitHub repo
2013-05-11 20:44:25 +04:00
});
issue #58 - removing the iiwf Function wrapper and use strict pragma removed from all node files
2013-06-25 15:43:15 +04:00
},
'auth': function (req, res) {
Added brute force protection to login Closes half of #468 * adds a 2 second limit until you can retry logging in, otherwise sends you a 401. * bounce: 2ms, checks the pw: 254ms on my machine * added a test to the casper suite
2013-08-22 23:48:36 +04:00
var currentTime = process.hrtime()[0],
denied = '';
loginSecurity = _.filter(loginSecurity, function (ipTime) {
return (ipTime.time + 2 > currentTime);
});
denied = _.find(loginSecurity, function (ipTime) {
return (ipTime.ip === req.connection.remoteAddress);
issue #58 - removing the iiwf Function wrapper and use strict pragma removed from all node files
2013-06-25 15:43:15 +04:00
});
Added brute force protection to login Closes half of #468 * adds a 2 second limit until you can retry logging in, otherwise sends you a 401. * bounce: 2ms, checks the pw: 254ms on my machine * added a test to the casper suite
2013-08-22 23:48:36 +04:00
if (!denied) {
loginSecurity.push({ip: req.connection.remoteAddress, time: process.hrtime()[0]});
api.users.check({email: req.body.email, pw: req.body.password}).then(function (user) {
req.session.user = user.id;
res.json(200, {redirect: req.body.redirect ? '/ghost/'
+ decodeURIComponent(req.body.redirect) : '/ghost/'});
}, function (error) {
res.json(401, {error: error.message});
});
} else {
res.json(401, {error: 'Slow down, there are way too many login attempts!'});
}
issue #58 - removing the iiwf Function wrapper and use strict pragma removed from all node files
2013-06-25 15:43:15 +04:00
},
Users can change password Closes #282 * Added a new route * Added new methods * Triple security! * Passwords are actually changed * Also added a change password button, because 'save' has too much baggage. On security: checks whether you're logged in. Then checks whether your old password is actually the one that belongs to you (gets value from the email field for the email, see caveat no2). Checks the new passwords for === and length > 6 on client and server side as well. And THEN changes passwords. Caveats: * didn't add a test, as mocha fails spectacularly on my machine. SQLITE_CORRUPT: database disk image is malformed. Cute, huh? * Because we don't have / I'm not aware of / could not find a "currentuser" variable, I need to get the email address of the user we want to change from the email field. Theoretically if they replace that with another user's email address, and supply their pw, they will change THEIR password instead of their own.
2013-08-06 03:49:06 +04:00
changepw: function (req, res) {
api.users.changePassword({
Current user added Closes #340. Closes #375 * Replaced session with id of current user * Added method to ghostlocals to always send profile picture and full name to templates (template checks if falsy) * Modified user saving (`forge().set(new).save()` died on me, `forge().save(new)` didn't) * If user has profile picture, that will be used * If user has name, that will be used * Password changing doesn't care about your email. Uses cookies. Tasty! * User pane uses current user id. Had to set path to me, otherwise goes to `browse` instead of `read`. * Added logic to user api to check for `id === 'me'`, and then use the cookie value * User data saves are now correct * There is no logout error
2013-08-09 05:22:49 +04:00
currentUser: req.session.user,
Users can change password Closes #282 * Added a new route * Added new methods * Triple security! * Passwords are actually changed * Also added a change password button, because 'save' has too much baggage. On security: checks whether you're logged in. Then checks whether your old password is actually the one that belongs to you (gets value from the email field for the email, see caveat no2). Checks the new passwords for === and length > 6 on client and server side as well. And THEN changes passwords. Caveats: * didn't add a test, as mocha fails spectacularly on my machine. SQLITE_CORRUPT: database disk image is malformed. Cute, huh? * Because we don't have / I'm not aware of / could not find a "currentuser" variable, I need to get the email address of the user we want to change from the email field. Theoretically if they replace that with another user's email address, and supply their pw, they will change THEIR password instead of their own.
2013-08-06 03:49:06 +04:00
oldpw: req.body.password,
newpw: req.body.newpassword,
ne2pw: req.body.ne2password
Validation consistency - introduced validation method in the post and user model - moved signup validation onto model - consistent use of validation & error messaging in the admin UI - helper methods in base view moved to a utils object
2013-08-20 22:52:44 +04:00
}).then(function () {
Users can change password Closes #282 * Added a new route * Added new methods * Triple security! * Passwords are actually changed * Also added a change password button, because 'save' has too much baggage. On security: checks whether you're logged in. Then checks whether your old password is actually the one that belongs to you (gets value from the email field for the email, see caveat no2). Checks the new passwords for === and length > 6 on client and server side as well. And THEN changes passwords. Caveats: * didn't add a test, as mocha fails spectacularly on my machine. SQLITE_CORRUPT: database disk image is malformed. Cute, huh? * Because we don't have / I'm not aware of / could not find a "currentuser" variable, I need to get the email address of the user we want to change from the email field. Theoretically if they replace that with another user's email address, and supply their pw, they will change THEIR password instead of their own.
2013-08-06 03:49:06 +04:00
res.json(200, {msg: 'Password changed successfully'});
}, function (error) {
Validation consistency - introduced validation method in the post and user model - moved signup validation onto model - consistent use of validation & error messaging in the admin UI - helper methods in base view moved to a utils object
2013-08-20 22:52:44 +04:00
res.send(401, {error: error.message});
Users can change password Closes #282 * Added a new route * Added new methods * Triple security! * Passwords are actually changed * Also added a change password button, because 'save' has too much baggage. On security: checks whether you're logged in. Then checks whether your old password is actually the one that belongs to you (gets value from the email field for the email, see caveat no2). Checks the new passwords for === and length > 6 on client and server side as well. And THEN changes passwords. Caveats: * didn't add a test, as mocha fails spectacularly on my machine. SQLITE_CORRUPT: database disk image is malformed. Cute, huh? * Because we don't have / I'm not aware of / could not find a "currentuser" variable, I need to get the email address of the user we want to change from the email field. Theoretically if they replace that with another user's email address, and supply their pw, they will change THEIR password instead of their own.
2013-08-06 03:49:06 +04:00
});
},
issue #58 - removing the iiwf Function wrapper and use strict pragma removed from all node files
2013-06-25 15:43:15 +04:00
'signup': function (req, res) {
res.render('signup', {
Improved Auth screen markup and validation checks * Signup now focuses on 'name' on load * Fixed fade in on auth forms to work with `display: table` * The 'name' field is required on Sign up forms * The length check on the Signup form is in order of inputs * Added check for password length * Changed the auth form class names to better represent individual pages * Updated CasperJS tests
2013-09-12 12:59:58 +04:00
bodyClass: 'ghost-signup',
issue #58 - removing the iiwf Function wrapper and use strict pragma removed from all node files
2013-06-25 15:43:15 +04:00
hideNavbar: true,
adminNav: setSelected(adminNavbar, 'login')
});
},
Repaired email sending, implement password reset Closes #288 * I use SendGrid for sending the emails, and it works fine (provided you supply the correct credentials in `config.mail` in `config.js`) * Generates a random 12 char long alphanumeric password, replaces user's pw, and sends an email about it.
2013-09-01 02:20:12 +04:00
issue #58 - removing the iiwf Function wrapper and use strict pragma removed from all node files
2013-06-25 15:43:15 +04:00
'doRegister': function (req, res) {
Input signup name into user profile
2013-09-08 23:16:40 +04:00
var name = req.body.name,
email = req.body.email,
issue #58 - removing the iiwf Function wrapper and use strict pragma removed from all node files
2013-06-25 15:43:15 +04:00
password = req.body.password;
Initial commit to GitHub repo
2013-05-11 20:44:25 +04:00
Added validation for signup and login screens Closes #374 * Included node-validator as a package * Implemented server side validation (the client side js is a mess, need a LOT of work) * Validates email address both on signup and login screens, gives error message on malformed email addresses * Requires at least 8 chars of password * Tells user if password is too short * Tells user if no such user on login * Tells user if wrong password on login * Tells user if server responds with a 404 (goes away, dies, etc) * Added middleware between req and login / signup for validation
2013-08-19 01:50:42 +04:00
api.users.add({
Mass renaming of things Conflicts: core/client/views/settings.js core/server/models/user.js
2013-09-12 02:04:49 +04:00
name: name,
email: email,
Added validation for signup and login screens Closes #374 * Included node-validator as a package * Implemented server side validation (the client side js is a mess, need a LOT of work) * Validates email address both on signup and login screens, gives error message on malformed email addresses * Requires at least 8 chars of password * Tells user if password is too short * Tells user if no such user on login * Tells user if wrong password on login * Tells user if server responds with a 404 (goes away, dies, etc) * Added middleware between req and login / signup for validation
2013-08-19 01:50:42 +04:00
password: password
}).then(function (user) {
Populating admin email with user signup email closes #775
2013-09-17 06:08:36 +04:00
api.settings.edit('email', email).then(function () {
if (req.session.user === undefined) {
req.session.user = user.id;
}
res.json(200, {redirect: '/ghost/'});
});
}).otherwise(function (error) {
Added validation for signup and login screens Closes #374 * Included node-validator as a package * Implemented server side validation (the client side js is a mess, need a LOT of work) * Validates email address both on signup and login screens, gives error message on malformed email addresses * Requires at least 8 chars of password * Tells user if password is too short * Tells user if no such user on login * Tells user if wrong password on login * Tells user if server responds with a 404 (goes away, dies, etc) * Added middleware between req and login / signup for validation
2013-08-19 01:50:42 +04:00
res.json(401, {error: error.message});
});
issue #58 - removing the iiwf Function wrapper and use strict pragma removed from all node files
2013-06-25 15:43:15 +04:00
},
Repaired email sending, implement password reset Closes #288 * I use SendGrid for sending the emails, and it works fine (provided you supply the correct credentials in `config.mail` in `config.js`) * Generates a random 12 char long alphanumeric password, replaces user's pw, and sends an email about it.
2013-09-01 02:20:12 +04:00
'forgotten': function (req, res) {
Improved Auth screen markup and validation checks * Signup now focuses on 'name' on load * Fixed fade in on auth forms to work with `display: table` * The 'name' field is required on Sign up forms * The length check on the Signup form is in order of inputs * Added check for password length * Changed the auth form class names to better represent individual pages * Updated CasperJS tests
2013-09-12 12:59:58 +04:00
res.render('forgotten', {
Repaired email sending, implement password reset Closes #288 * I use SendGrid for sending the emails, and it works fine (provided you supply the correct credentials in `config.mail` in `config.js`) * Generates a random 12 char long alphanumeric password, replaces user's pw, and sends an email about it.
2013-09-01 02:20:12 +04:00
bodyClass: 'ghost-forgotten',
hideNavbar: true,
adminNav: setSelected(adminNavbar, 'login')
});
},
'resetPassword': function (req, res) {
var email = req.body.email;
api.users.forgottenPassword(email).then(function (user) {
var message = {
to: email,
subject: 'Your new password',
html: "<p><strong>Hello!</strong></p>" +
Updating forgotten password email template closes #288 - added sign off using url from config
2013-09-09 14:51:12 +04:00
"<p>You've reset your password. Here's the new one: " + user.newPassword + "</p>" +
"<p>Ghost <br/>" +
Clean up config (drop 'env') closes #628 - removed .env from config.js - ghost.config() returns correct config for NODE_ENV - removed .env[process.env.NODE_ENV] - updated tests - deleted users.hbs, plugins.hbs, appearance.hbs (forgot to delete in PR #649)
2013-09-11 19:23:07 +04:00
'<a href="' + ghost.config().url + '">' +
ghost.config().url + '</a></p>'
Repaired email sending, implement password reset Closes #288 * I use SendGrid for sending the emails, and it works fine (provided you supply the correct credentials in `config.mail` in `config.js`) * Generates a random 12 char long alphanumeric password, replaces user's pw, and sends an email about it.
2013-09-01 02:20:12 +04:00
};
Email errors & cleanup closes #618 - don't send a welcome email. This appeared to be breaking tests. - make sure we handle errors from sending emails properly - use promises when adding notifications
2013-09-04 17:57:41 +04:00
return ghost.mail.send(message);
}).then(function success() {
var notification = {
type: 'success',
message: 'Your password was changed successfully. Check your email for details.',
status: 'passive',
id: 'successresetpw'
};
return api.notifications.add(notification).then(function () {
res.json(200, {redirect: '/ghost/signin/'});
});
Repaired email sending, implement password reset Closes #288 * I use SendGrid for sending the emails, and it works fine (provided you supply the correct credentials in `config.mail` in `config.js`) * Generates a random 12 char long alphanumeric password, replaces user's pw, and sends an email about it.
2013-09-01 02:20:12 +04:00
Email errors & cleanup closes #618 - don't send a welcome email. This appeared to be breaking tests. - make sure we handle errors from sending emails properly - use promises when adding notifications
2013-09-04 17:57:41 +04:00
}, function failure(error) {
Repaired email sending, implement password reset Closes #288 * I use SendGrid for sending the emails, and it works fine (provided you supply the correct credentials in `config.mail` in `config.js`) * Generates a random 12 char long alphanumeric password, replaces user's pw, and sends an email about it.
2013-09-01 02:20:12 +04:00
res.json(401, {error: error.message});
Email errors & cleanup closes #618 - don't send a welcome email. This appeared to be breaking tests. - make sure we handle errors from sending emails properly - use promises when adding notifications
2013-09-04 17:57:41 +04:00
}).otherwise(errors.logAndThrowError);
Repaired email sending, implement password reset Closes #288 * I use SendGrid for sending the emails, and it works fine (provided you supply the correct credentials in `config.mail` in `config.js`) * Generates a random 12 char long alphanumeric password, replaces user's pw, and sends an email about it.
2013-09-01 02:20:12 +04:00
},
issue #58 - removing the iiwf Function wrapper and use strict pragma removed from all node files
2013-06-25 15:43:15 +04:00
'logout': function (req, res) {
Revert sessions to cookieSessions no issue - modified sessions to use cookieSession - set max-age to 12 hrs - modified logout to delete cookie completely
2013-10-18 15:24:01 +04:00
req.session = null;
Email errors & cleanup closes #618 - don't send a welcome email. This appeared to be breaking tests. - make sure we handle errors from sending emails properly - use promises when adding notifications
2013-09-04 17:57:41 +04:00
var notification = {
Removed flash, renamed file, unbroken logout / login request notifications Closes #354 * Reintroduced the redirect functionality (not logged in, tries to go to `/settings/user/`, is sent to `/login/` with info notification, after login user is taken to `/settings/user/) * Reintroduced the "Successfully logged out" message * Added middleware to scrub passive notifications from `ghost.notifications` after one use basically mimicing client side passive notifications * Removed flash from everywhere. Even from package.json. * Renamed flashed.hbs to notifications.hbs, modified default.hbs accordingly * Added function to parse GET variables on client side
2013-08-20 03:40:09 +04:00
type: 'success',
Rename /logout/ to /signout/ and /login/ to /signin/ Closes #443 - Renamed routes - Added redirects for old routes - Added unit test for redirect - Updated references to old routes in templates, html
2013-08-24 21:35:31 +04:00
message: 'You were successfully signed out',
Removed flash, renamed file, unbroken logout / login request notifications Closes #354 * Reintroduced the redirect functionality (not logged in, tries to go to `/settings/user/`, is sent to `/login/` with info notification, after login user is taken to `/settings/user/) * Reintroduced the "Successfully logged out" message * Added middleware to scrub passive notifications from `ghost.notifications` after one use basically mimicing client side passive notifications * Removed flash from everywhere. Even from package.json. * Renamed flashed.hbs to notifications.hbs, modified default.hbs accordingly * Added function to parse GET variables on client side
2013-08-20 03:40:09 +04:00
status: 'passive',
id: 'successlogout'
};
Email errors & cleanup closes #618 - don't send a welcome email. This appeared to be breaking tests. - make sure we handle errors from sending emails properly - use promises when adding notifications
2013-09-04 17:57:41 +04:00
return api.notifications.add(notification).then(function () {
res.redirect('/ghost/signin/');
});
issue #58 - removing the iiwf Function wrapper and use strict pragma removed from all node files
2013-06-25 15:43:15 +04:00
},
'index': function (req, res) {
Temporarily removed the Dashboard and all references This also updates the CasperJS to match the new changes.
2013-09-11 18:38:09 +04:00
res.render('content', {
bodyClass: 'manage',
adminNav: setSelected(adminNavbar, 'content')
issue #58 - removing the iiwf Function wrapper and use strict pragma removed from all node files
2013-06-25 15:43:15 +04:00
});
},
'editor': function (req, res) {
if (req.params.id !== undefined) {
Removing api calls from server side closes #603, issue #395 - Changed hard-coded 'JOE BLOGGS' to use author data - We still had api calls loading data server side before rendering pages.. which is unnecessary. - Only thing using this was editor title, which is now populated client side - May improve content screen load time.
2013-09-05 00:05:36 +04:00
res.render('editor', {
bodyClass: 'editor',
adminNav: setSelected(adminNavbar, 'content')
});
issue #58 - removing the iiwf Function wrapper and use strict pragma removed from all node files
2013-06-25 15:43:15 +04:00
} else {
res.render('editor', {
bodyClass: 'editor',
adminNav: setSelected(adminNavbar, 'add')
});
}
},
'content': function (req, res) {
Removing api calls from server side closes #603, issue #395 - Changed hard-coded 'JOE BLOGGS' to use author data - We still had api calls loading data server side before rendering pages.. which is unnecessary. - Only thing using this was editor title, which is now populated client side - May improve content screen load time.
2013-09-05 00:05:36 +04:00
res.render('content', {
bodyClass: 'manage',
adminNav: setSelected(adminNavbar, 'content')
});
issue #58 - removing the iiwf Function wrapper and use strict pragma removed from all node files
2013-06-25 15:43:15 +04:00
},
Settings: Return 404 for unrecognised pages Fixes #798 - Now checks the request URL against a whitelist to determine whether the settings page exists. **Notes** - This works in the short term, but a better solution for enumerating the available settings views or centralising a list of recognised views that are available to client side code, (the router and sidebar, among others) as well as the backend controller will be required.
2013-09-18 06:31:43 +04:00
'settings': function (req, res, next) {
// TODO: Centralise list/enumeration of settings panes, so we don't
// run into trouble in future.
Cleanup indentation and quotes Aligns all requirements vertically for easier reading + adds single quote standard consistently throughout Ghost, except in long strings.
2013-09-24 14:46:30 +04:00
var allowedSections = ['', 'general', 'user'],
section = req.url.replace(/(^\/ghost\/settings[\/]*|\/$)/ig, '');
Settings: Return 404 for unrecognised pages Fixes #798 - Now checks the request URL against a whitelist to determine whether the settings page exists. **Notes** - This works in the short term, but a better solution for enumerating the available settings views or centralising a list of recognised views that are available to client side code, (the router and sidebar, among others) as well as the backend controller will be required.
2013-09-18 06:31:43 +04:00
if (allowedSections.indexOf(section) < 0) {
return next();
}
Removing api calls from server side closes #603, issue #395 - Changed hard-coded 'JOE BLOGGS' to use author data - We still had api calls loading data server side before rendering pages.. which is unnecessary. - Only thing using this was editor title, which is now populated client side - May improve content screen load time.
2013-09-05 00:05:36 +04:00
res.render('settings', {
bodyClass: 'settings',
adminNav: setSelected(adminNavbar, 'settings')
});
issue #58 - removing the iiwf Function wrapper and use strict pragma removed from all node files
2013-06-25 15:43:15 +04:00
},
'debug': { /* ugly temporary stuff for managing the app before it's properly finished */
index: function (req, res) {
res.render('debug', {
bodyClass: 'settings',
adminNav: setSelected(adminNavbar, 'settings')
});
Initial commit to GitHub repo
2013-05-11 20:44:25 +04:00
}
issue #58 - removing the iiwf Function wrapper and use strict pragma removed from all node files
2013-06-25 15:43:15 +04:00
}
};
Initial commit to GitHub repo
2013-05-11 20:44:25 +04:00
Current user added Closes #340. Closes #375 * Replaced session with id of current user * Added method to ghostlocals to always send profile picture and full name to templates (template checks if falsy) * Modified user saving (`forge().set(new).save()` died on me, `forge().save(new)` didn't) * If user has profile picture, that will be used * If user has name, that will be used * Password changing doesn't care about your email. Uses cookies. Tasty! * User pane uses current user id. Had to set path to me, otherwise goes to `browse` instead of `read`. * Added logic to user api to check for `id === 'me'`, and then use the cookie value * User data saves are now correct * There is no logout error
2013-08-09 05:22:49 +04:00
module.exports = adminControllers;
Reference in New Issue Copy Permalink