TryGhost/Ghost
1
0
Fork 0
mirror of https://github.com/TryGhost/Ghost.git synced 2024-12-15 11:34:24 +03:00
Code Issues Projects Releases Wiki Activity
40d4cc7e55
Ghost/core/server/controllers/admin.js

443 lines
16 KiB
JavaScript
Raw Normal View History

remove ghost.settings and ghost.notifications covers 90% of #755 - moved ghost.settings to api.settings - moved ghost.notifications to api.notifications - split up api/index.js to notifications.js, posts.js, settings.js, tags.js and users.js - added instance.globals as temp workaround for blogglobals (Known issue: blog title and blog description are updated after restart only) - added webroot to config() to remove `var root = ...` - changed `e` and `url` helper to async - updated tests
2013-12-06 12:51:35 +04:00
var config = require('../config'),
Replace underscore with lodash.
2014-02-05 12:40:30 +04:00
_ = require('lodash'),
Cleanup indentation and quotes Aligns all requirements vertically for easier reading + adds single quote standard consistently throughout Ghost, except in long strings.
2013-09-24 14:46:30 +04:00
path = require('path'),
Improved Password Reset Tool Closes #1471 - add api and User model methods for generating and validating tokens - add routes and handlers for reset password pages - add client styles and views for reset password form - some basic integration tests for User model methods
2013-11-22 07:17:38 +04:00
when = require('when'),
Cleanup indentation and quotes Aligns all requirements vertically for easier reading + adds single quote standard consistently throughout Ghost, except in long strings.
2013-09-24 14:46:30 +04:00
api = require('../api'),
Add distinct error classes closes #2690 - added new error classes - moved errorhandling.js to /errors/index.js - changed API errors to use new classes - updated tests
2014-05-09 14:11:29 +04:00
errors = require('../errors'),
image upload controller refactor issue #635 - upload controller shouldn't assume fs - filesystem module proxies all the fs work - proxies and exposes middleware for serving images - creating a date based path and unique filename is a base object util - unit tests updated
2013-11-07 20:00:39 +04:00
storage = require('../storage'),
Add update notifications closes #1464 - adds opt-out via updateCheck:false in config.js - update check is done on admin index, but doesn't interfere with rendering - adds update check module, which gets the usage data, makes the request and handles the response - adds two new settings to default-settings, one for next check time, and one for whether to show the notification - adds a new rejectError method to errorHandling - adds a new helper for displaying the notification Conflicts: core/server/helpers/index.js core/test/unit/server_helpers_index_spec.js
2014-01-03 19:50:03 +04:00
updateCheck = require('../update-check'),
issue #58 - removing the iiwf Function wrapper and use strict pragma removed from all node files
2013-06-25 15:43:15 +04:00
adminNavbar,
Added brute force protection to login Closes half of #468 * adds a 2 second limit until you can retry logging in, otherwise sends you a 401. * bounce: 2ms, checks the pw: 254ms on my machine * added a test to the casper suite
2013-08-22 23:48:36 +04:00
adminControllers,
loginSecurity = [];
Initial commit to GitHub repo
2013-05-11 20:44:25 +04:00
issue #58 - removing the iiwf Function wrapper and use strict pragma removed from all node files
2013-06-25 15:43:15 +04:00
adminNavbar = {
content: {
name: 'Content',
navClass: 'content',
key: 'admin.navbar.content',
Temporarily removed the Dashboard and all references This also updates the CasperJS to match the new changes.
2013-09-11 18:38:09 +04:00
path: '/'
issue #58 - removing the iiwf Function wrapper and use strict pragma removed from all node files
2013-06-25 15:43:15 +04:00
},
add: {
name: 'New Post',
navClass: 'editor',
key: 'admin.navbar.editor',
path: '/editor/'
},
settings: {
name: 'Settings',
navClass: 'settings',
key: 'admin.navbar.settings',
path: '/settings/'
}
};
Initial commit to GitHub repo
2013-05-11 20:44:25 +04:00
Added brute force protection to login Closes half of #468 * adds a 2 second limit until you can retry logging in, otherwise sends you a 401. * bounce: 2ms, checks the pw: 254ms on my machine * added a test to the casper suite
2013-08-22 23:48:36 +04:00
Fixing up some inconsistent TODO: items.
2013-06-25 20:58:26 +04:00
// TODO: make this a util or helper
issue #58 - removing the iiwf Function wrapper and use strict pragma removed from all node files
2013-06-25 15:43:15 +04:00
function setSelected(list, name) {
_.each(list, function (item, key) {
item.selected = key === name;
#25: admin navbar and filter
2013-05-29 04:10:39 +04:00
});
issue #58 - removing the iiwf Function wrapper and use strict pragma removed from all node files
2013-06-25 15:43:15 +04:00
return list;
}
#25: admin navbar and filter
2013-05-29 04:10:39 +04:00
issue #58 - removing the iiwf Function wrapper and use strict pragma removed from all node files
2013-06-25 15:43:15 +04:00
adminControllers = {
Rename client -> clientold issue #2271 - should allow development of new admin UI whilst still having access to the old ui
2014-02-27 03:15:31 +04:00
'index': function (req, res) {
/*jslint unparam:true*/
Improve signin Ref #2413 - Remove fixture and use actual API - Store and send down actual logged in user data - Refactor isLoggedIn to use computed property on application - After signin, update user data in dependency container - Add CSRF to all routes and controllers via initializer - Update authenticated route to check for user.isLoggedIn - Add notifications for signin error - Add notifications.showAPIError helper - Add plumbing for refreshless signup to doSignUp in admin controller
2014-05-15 03:36:13 +04:00
res.render('default-ember', {
user: JSON.stringify(req.session.userData)
});
Rename client -> clientold issue #2271 - should allow development of new admin UI whilst still having access to the old ui
2014-02-27 03:15:31 +04:00
},
Cleanup naming & order in admin controller no issue There seemed to be no convention or order to the functions in the admin controller, so I have: - organised them - reordered them - added a small doc-block - reordered some routes - updated tests accordingly
2014-02-25 14:51:12 +04:00
// Route: index
// Path: /ghost/
// Method: GET
Rename client -> clientold issue #2271 - should allow development of new admin UI whilst still having access to the old ui
2014-02-27 03:15:31 +04:00
'indexold': function (req, res) {
Cleanup naming & order in admin controller no issue There seemed to be no convention or order to the functions in the admin controller, so I have: - organised them - reordered them - added a small doc-block - reordered some routes - updated tests accordingly
2014-02-25 14:51:12 +04:00
/*jslint unparam:true*/
function renderIndex() {
res.render('content', {
bodyClass: 'manage',
adminNav: setSelected(adminNavbar, 'content')
});
}
when.join(
updateCheck(res),
when(renderIndex())
// an error here should just get logged
).otherwise(errors.logError);
},
'content': function (req, res) {
/*jslint unparam:true*/
res.render('content', {
bodyClass: 'manage',
adminNav: setSelected(adminNavbar, 'content')
});
},
// Route: editor
Redirect from admin editor to frontend post view closes #2628 - added /view/ route to the editor. if /view/ is appended to the url of a post being edited a redirect to the frontend will occur - updated controller to check for /view/ and built the correct url for the post - added test for the new route
2014-05-01 05:50:24 +04:00
// Path: /ghost/editor(/:id)?(/:action)?/
Cleanup naming & order in admin controller no issue There seemed to be no convention or order to the functions in the admin controller, so I have: - organised them - reordered them - added a small doc-block - reordered some routes - updated tests accordingly
2014-02-25 14:51:12 +04:00
// Method: GET
'editor': function (req, res) {
Redirect from admin editor to frontend post view closes #2628 - added /view/ route to the editor. if /view/ is appended to the url of a post being edited a redirect to the frontend will occur - updated controller to check for /view/ and built the correct url for the post - added test for the new route
2014-05-01 05:50:24 +04:00
if (req.params.id && req.params.action) {
if (req.params.action !== 'view') {
return errors.error404(req, res);
}
api.posts.read({ id: req.params.id }).then(function (result) {
return config.urlForPost(api.settings, result.posts[0]).then(function (url) {
return res.redirect(url);
});
}, function () {
return errors.error404(req, res);
});
} else if (req.params.id !== undefined) {
Cleanup naming & order in admin controller no issue There seemed to be no convention or order to the functions in the admin controller, so I have: - organised them - reordered them - added a small doc-block - reordered some routes - updated tests accordingly
2014-02-25 14:51:12 +04:00
res.render('editor', {
bodyClass: 'editor',
adminNav: setSelected(adminNavbar, 'content')
});
} else {
res.render('editor', {
bodyClass: 'editor',
adminNav: setSelected(adminNavbar, 'add')
});
}
},
// Route: settings
// path: /ghost/settings/(*/)?
// Method: GET
'settings': function (req, res, next) {
// TODO: Centralise list/enumeration of settings panes, so we don't run into trouble in future.
Fixing typo in allowedSections for allowed pages under settings
2014-03-02 15:46:03 +04:00
var allowedSections = ['', 'general', 'user', 'apps'],
Cleanup naming & order in admin controller no issue There seemed to be no convention or order to the functions in the admin controller, so I have: - organised them - reordered them - added a small doc-block - reordered some routes - updated tests accordingly
2014-02-25 14:51:12 +04:00
section = req.url.replace(/(^\/ghost\/settings[\/]*|\/$)/ig, '');
if (allowedSections.indexOf(section) < 0) {
return next();
}
res.render('settings', {
bodyClass: 'settings',
adminNav: setSelected(adminNavbar, 'settings')
});
},
// Route: debug
// path: /ghost/debug/
// Method: GET
'debug': {
index: function (req, res) {
/*jslint unparam:true*/
res.render('debug', {
bodyClass: 'settings',
adminNav: setSelected(adminNavbar, 'settings')
});
Remove res.redirect from db.exportContent closes #1654 - added frontend route /ghost/export/ - removed request handling from API
2014-02-27 19:48:38 +04:00
},
// frontend route for downloading a file
exportContent: function (req, res) {
Refactor API arguments closes #2610, refs #2697 - cleanup API index.js, and add docs - all API methods take consistent arguments: object & options - browse, read, destroy take options, edit and add take object and options - the context is passed as part of options, meaning no more .call everywhere - destroy expects an object, rather than an id all the way down to the model layer - route params such as :id, :slug, and :key are passed as an option & used to perform reads, updates and deletes where possible - settings / themes may need work here still - HTTP posts api can find a post by slug - Add API utils for checkData
2014-05-08 16:41:19 +04:00
api.db.exportContent({context: {user: req.session.user}}).then(function (exportData) {
Remove res.redirect from db.exportContent closes #1654 - added frontend route /ghost/export/ - removed request handling from API
2014-02-27 19:48:38 +04:00
// send a file to the client
res.set('Content-Disposition', 'attachment; filename="GhostData.json"');
res.json(exportData);
}).otherwise(function (err) {
var notification = {
type: 'error',
Proper endpoints for persistent notifications closes #2637 - Add new get API route for all notifications - Wrap API responses to comply with JSON-API - Add new tests / adjust fixtures - Adjust all occurences of passive notifications
2014-04-29 00:58:18 +04:00
message: 'Your export file could not be generated. Error: ' + err.message
Remove res.redirect from db.exportContent closes #1654 - added frontend route /ghost/export/ - removed request handling from API
2014-02-27 19:48:38 +04:00
};
errors.logError(err, 'admin.js', "Your export file could not be generated.");
return api.notifications.add(notification).then(function () {
res.redirect(config().paths.subdir + '/ghost/debug');
});
});
Cleanup naming & order in admin controller no issue There seemed to be no convention or order to the functions in the admin controller, so I have: - organised them - reordered them - added a small doc-block - reordered some routes - updated tests accordingly
2014-02-25 14:51:12 +04:00
}
},
// Route: upload
// Path: /ghost/upload/
// Method: POST
'upload': function (req, res) {
Moving file system storage to a module issue #635 - refactored file system storage into module - convert save to return a promise - convert admin controller to use storage module
2013-09-28 17:54:26 +04:00
var type = req.files.uploadimage.type,
fixes extensions bug for image uploader - extensions set to lowercase - changed navigation images to hyphenated names and corrected references
2013-08-14 00:04:07 +04:00
ext = path.extname(req.files.uploadimage.name).toLowerCase(),
image upload controller refactor issue #635 - upload controller shouldn't assume fs - filesystem module proxies all the fs work - proxies and exposes middleware for serving images - creating a date based path and unique filename is a base object util - unit tests updated
2013-11-07 20:00:39 +04:00
store = storage.get_storage();
Moving file system storage to a module issue #635 - refactored file system storage into module - convert save to return a promise - convert admin controller to use storage module
2013-09-28 17:54:26 +04:00
Add support for SVG images
2013-11-12 22:37:54 +04:00
if ((type !== 'image/jpeg' && type !== 'image/png' && type !== 'image/gif' && type !== 'image/svg+xml')
|| (ext !== '.jpg' && ext !== '.jpeg' && ext !== '.png' && ext !== '.gif' && ext !== '.svg' && ext !== '.svgz')) {
Moving file system storage to a module issue #635 - refactored file system storage into module - convert save to return a promise - convert admin controller to use storage module
2013-09-28 17:54:26 +04:00
return res.send(415, 'Unsupported Media Type');
}
Added image upload reusable plugin issue #40 and issue #280 - Adds uploader jquery plugin - includes settings for enabling/disabling upload progress bar - adds routing for image uploads - adds directories by year and month based on upload date - Implements plugin on settings - general pane - Implements plugin on editor - adjusted general tab to save uploaded image src TODO: - Add error handling - Storing information on editor - Add events
2013-08-05 21:31:29 +04:00
image upload controller refactor issue #635 - upload controller shouldn't assume fs - filesystem module proxies all the fs work - proxies and exposes middleware for serving images - creating a date based path and unique filename is a base object util - unit tests updated
2013-11-07 20:00:39 +04:00
store
.save(req.files.uploadimage)
Moving file system storage to a module issue #635 - refactored file system storage into module - convert save to return a promise - convert admin controller to use storage module
2013-09-28 17:54:26 +04:00
.then(function (url) {
image upload controller refactor issue #635 - upload controller shouldn't assume fs - filesystem module proxies all the fs work - proxies and exposes middleware for serving images - creating a date based path and unique filename is a base object util - unit tests updated
2013-11-07 20:00:39 +04:00
return res.send(url);
Moving file system storage to a module issue #635 - refactored file system storage into module - convert save to return a promise - convert admin controller to use storage module
2013-09-28 17:54:26 +04:00
})
.otherwise(function (e) {
Improve errors on image upload
2014-01-11 17:40:21 +04:00
errors.logError(e);
return res.send(500, e.message);
Added image upload reusable plugin issue #40 and issue #280 - Adds uploader jquery plugin - includes settings for enabling/disabling upload progress bar - adds routing for image uploads - adds directories by year and month based on upload date - Implements plugin on settings - general pane - Implements plugin on editor - adjusted general tab to save uploaded image src TODO: - Add error handling - Storing information on editor - Add events
2013-08-05 21:31:29 +04:00
});
},
Cleanup naming & order in admin controller no issue There seemed to be no convention or order to the functions in the admin controller, so I have: - organised them - reordered them - added a small doc-block - reordered some routes - updated tests accordingly
2014-02-25 14:51:12 +04:00
// Route: signout
// Path: /ghost/signout/
// Method: GET
'signout': function (req, res) {
req.session.destroy();
var notification = {
type: 'success',
message: 'You were successfully signed out',
Proper endpoints for persistent notifications closes #2637 - Add new get API route for all notifications - Wrap API responses to comply with JSON-API - Add new tests / adjust fixtures - Adjust all occurences of passive notifications
2014-04-29 00:58:18 +04:00
status: 'passive'
Cleanup naming & order in admin controller no issue There seemed to be no convention or order to the functions in the admin controller, so I have: - organised them - reordered them - added a small doc-block - reordered some routes - updated tests accordingly
2014-02-25 14:51:12 +04:00
};
return api.notifications.add(notification).then(function () {
res.redirect(config().paths.subdir + '/ghost/signin/');
});
},
// Route: signin
// Path: /ghost/signin/
// Method: GET
'signin': function (req, res) {
Remove unparam:true from jslint config in Gruntfile.js issue #1365 - added /*jslint unparam:true*/ to functions where absolutely necessary - added /*jslint unparam:true*/ to functions in which keeping parameter list added clarity to the underlying api, even when those parameters are not currently used - removed unused parameters in a few places
2013-10-31 22:02:34 +04:00
/*jslint unparam:true*/
Improved Auth screen markup and validation checks * Signup now focuses on 'name' on load * Fixed fade in on auth forms to work with `display: table` * The 'name' field is required on Sign up forms * The length check on the Signup form is in order of inputs * Added check for password length * Changed the auth form class names to better represent individual pages * Updated CasperJS tests
2013-09-12 12:59:58 +04:00
res.render('login', {
issue #58 - removing the iiwf Function wrapper and use strict pragma removed from all node files
2013-06-25 15:43:15 +04:00
bodyClass: 'ghost-login',
hideNavbar: true,
adminNav: setSelected(adminNavbar, 'login')
Initial commit to GitHub repo
2013-05-11 20:44:25 +04:00
});
issue #58 - removing the iiwf Function wrapper and use strict pragma removed from all node files
2013-06-25 15:43:15 +04:00
},
Cleanup naming & order in admin controller no issue There seemed to be no convention or order to the functions in the admin controller, so I have: - organised them - reordered them - added a small doc-block - reordered some routes - updated tests accordingly
2014-02-25 14:51:12 +04:00
// Route: doSignin
// Path: /ghost/signin/
// Method: POST
'doSignin': function (req, res) {
remove ghost.settings and ghost.notifications covers 90% of #755 - moved ghost.settings to api.settings - moved ghost.notifications to api.notifications - split up api/index.js to notifications.js, posts.js, settings.js, tags.js and users.js - added instance.globals as temp workaround for blogglobals (Known issue: blog title and blog description are updated after restart only) - added webroot to config() to remove `var root = ...` - changed `e` and `url` helper to async - updated tests
2013-12-06 12:51:35 +04:00
var currentTime = process.hrtime()[0],
Remove successful login connections from the auth throttle list - once a user has successfully logged into ghost they no longer are a malicious user and as such their IP address should be removed from the array of login attempts - should also reduce the memory usage of Ghost as the loginSecurity array gets pruned upon every successful login - this also fixes a race condition i was experiencing during functional tests wherein i would receive the login throttle message during regular testing. Seems my machine is able to run casper fast enough that it could complete each test under an amount of time that tripped the login throttle message.
2014-01-05 06:46:15 +04:00
remoteAddress = req.connection.remoteAddress,
Added brute force protection to login Closes half of #468 * adds a 2 second limit until you can retry logging in, otherwise sends you a 401. * bounce: 2ms, checks the pw: 254ms on my machine * added a test to the casper suite
2013-08-22 23:48:36 +04:00
denied = '';
loginSecurity = _.filter(loginSecurity, function (ipTime) {
return (ipTime.time + 2 > currentTime);
});
denied = _.find(loginSecurity, function (ipTime) {
Remove successful login connections from the auth throttle list - once a user has successfully logged into ghost they no longer are a malicious user and as such their IP address should be removed from the array of login attempts - should also reduce the memory usage of Ghost as the loginSecurity array gets pruned upon every successful login - this also fixes a race condition i was experiencing during functional tests wherein i would receive the login throttle message during regular testing. Seems my machine is able to run casper fast enough that it could complete each test under an amount of time that tripped the login throttle message.
2014-01-05 06:46:15 +04:00
return (ipTime.ip === remoteAddress);
issue #58 - removing the iiwf Function wrapper and use strict pragma removed from all node files
2013-06-25 15:43:15 +04:00
});
Added brute force protection to login Closes half of #468 * adds a 2 second limit until you can retry logging in, otherwise sends you a 401. * bounce: 2ms, checks the pw: 254ms on my machine * added a test to the casper suite
2013-08-22 23:48:36 +04:00
if (!denied) {
Remove successful login connections from the auth throttle list - once a user has successfully logged into ghost they no longer are a malicious user and as such their IP address should be removed from the array of login attempts - should also reduce the memory usage of Ghost as the loginSecurity array gets pruned upon every successful login - this also fixes a race condition i was experiencing during functional tests wherein i would receive the login throttle message during regular testing. Seems my machine is able to run casper fast enough that it could complete each test under an amount of time that tripped the login throttle message.
2014-01-05 06:46:15 +04:00
loginSecurity.push({ip: remoteAddress, time: currentTime});
Added brute force protection to login Closes half of #468 * adds a 2 second limit until you can retry logging in, otherwise sends you a 401. * bounce: 2ms, checks the pw: 254ms on my machine * added a test to the casper suite
2013-08-22 23:48:36 +04:00
api.users.check({email: req.body.email, pw: req.body.password}).then(function (user) {
Replace cookieSession with session - changed cookieSession to session - added session.regenerate for login and logout - added bookshelf session store - added session table to database - added import for databaseVersion 001 - added grunt task test-api - cleanup of gruntfile to start express when needed only - moved api tests to functional tests
2013-11-24 18:29:36 +04:00
req.session.regenerate(function (err) {
if (!err) {
req.session.user = user.id;
Improve signin Ref #2413 - Remove fixture and use actual API - Store and send down actual logged in user data - Refactor isLoggedIn to use computed property on application - After signin, update user data in dependency container - Add CSRF to all routes and controllers via initializer - Update authenticated route to check for user.isLoggedIn - Add notifications for signin error - Add notifications.showAPIError helper - Add plumbing for refreshless signup to doSignUp in admin controller
2014-05-15 03:36:13 +04:00
req.session.userData = user.attributes;
Improve bootstrap flow of a Ghost application addresses #1789, #1364 - Moves ./core/server/loader -> ./core/bootstrap. The bootstrap file is only accessed once during startup, and it’s sole job is to ensure a config.js file exists (creating one if it doesn’t) and then validates the contents of the config file. Since this is directly related to the initializing the application is is appropriate to have it in the ./core folder, named bootstrap as that is what it does. This also improves the dependency graph, as now the bootstrap file require’s the ./core/server/config module and is responsible for passing in the validated config file. Whereas before we had ./core/server/config require’ing ./core/server/loader and running its init code and then passing that value back to itself, the flow is now more straight forward of ./core/bootstrap handling initialization and then instatiation of config module - Merges ./core/server/config/paths into ./core/server/config This flow was always confusing me to that some config options were on the config object, and some were on the paths object. This change now incorporates all of the variables previously defined in config/paths directly into the config module, and in extension, the config.js file. This means that you now have the option of deciding at startup where the content directory for ghost should reside. - broke out loader tests in config_spec to bootstrap_spec - updated all relevant files to now use config().paths - moved urlFor and urlForPost function into ./server/config/url.js
2014-01-05 10:40:53 +04:00
var redirect = config().paths.subdir + '/ghost/';
Fix several redirects in frontend and admin refs #527
2013-11-27 06:31:27 +04:00
if (req.body.redirect) {
redirect += decodeURIComponent(req.body.redirect);
}
General cleanup - Cleanup some todos, comments, and unused variables
2014-01-20 01:08:39 +04:00
// If this IP address successfully logs in we
Remove successful login connections from the auth throttle list - once a user has successfully logged into ghost they no longer are a malicious user and as such their IP address should be removed from the array of login attempts - should also reduce the memory usage of Ghost as the loginSecurity array gets pruned upon every successful login - this also fixes a race condition i was experiencing during functional tests wherein i would receive the login throttle message during regular testing. Seems my machine is able to run casper fast enough that it could complete each test under an amount of time that tripped the login throttle message.
2014-01-05 06:46:15 +04:00
// can remove it from the array of failed login attempts.
loginSecurity = _.reject(loginSecurity, function (ipTime) {
return ipTime.ip === remoteAddress;
});
Improve signin Ref #2413 - Remove fixture and use actual API - Store and send down actual logged in user data - Refactor isLoggedIn to use computed property on application - After signin, update user data in dependency container - Add CSRF to all routes and controllers via initializer - Update authenticated route to check for user.isLoggedIn - Add notifications for signin error - Add notifications.showAPIError helper - Add plumbing for refreshless signup to doSignUp in admin controller
2014-05-15 03:36:13 +04:00
res.json(200, {redirect: redirect, userData: req.session.userData});
Replace cookieSession with session - changed cookieSession to session - added session.regenerate for login and logout - added bookshelf session store - added session table to database - added import for databaseVersion 001 - added grunt task test-api - cleanup of gruntfile to start express when needed only - moved api tests to functional tests
2013-11-24 18:29:36 +04:00
}
});
Added brute force protection to login Closes half of #468 * adds a 2 second limit until you can retry logging in, otherwise sends you a 401. * bounce: 2ms, checks the pw: 254ms on my machine * added a test to the casper suite
2013-08-22 23:48:36 +04:00
}, function (error) {
res.json(401, {error: error.message});
});
} else {
res.json(401, {error: 'Slow down, there are way too many login attempts!'});
}
issue #58 - removing the iiwf Function wrapper and use strict pragma removed from all node files
2013-06-25 15:43:15 +04:00
},
Cleanup naming & order in admin controller no issue There seemed to be no convention or order to the functions in the admin controller, so I have: - organised them - reordered them - added a small doc-block - reordered some routes - updated tests accordingly
2014-02-25 14:51:12 +04:00
// Route: signup
// Path: /ghost/signup/
// Method: GET
issue #58 - removing the iiwf Function wrapper and use strict pragma removed from all node files
2013-06-25 15:43:15 +04:00
'signup': function (req, res) {
Remove unparam:true from jslint config in Gruntfile.js issue #1365 - added /*jslint unparam:true*/ to functions where absolutely necessary - added /*jslint unparam:true*/ to functions in which keeping parameter list added clarity to the underlying api, even when those parameters are not currently used - removed unused parameters in a few places
2013-10-31 22:02:34 +04:00
/*jslint unparam:true*/
issue #58 - removing the iiwf Function wrapper and use strict pragma removed from all node files
2013-06-25 15:43:15 +04:00
res.render('signup', {
Improved Auth screen markup and validation checks * Signup now focuses on 'name' on load * Fixed fade in on auth forms to work with `display: table` * The 'name' field is required on Sign up forms * The length check on the Signup form is in order of inputs * Added check for password length * Changed the auth form class names to better represent individual pages * Updated CasperJS tests
2013-09-12 12:59:58 +04:00
bodyClass: 'ghost-signup',
issue #58 - removing the iiwf Function wrapper and use strict pragma removed from all node files
2013-06-25 15:43:15 +04:00
hideNavbar: true,
adminNav: setSelected(adminNavbar, 'login')
});
},
Cleanup naming & order in admin controller no issue There seemed to be no convention or order to the functions in the admin controller, so I have: - organised them - reordered them - added a small doc-block - reordered some routes - updated tests accordingly
2014-02-25 14:51:12 +04:00
// Route: doSignup
// Path: /ghost/signup/
// Method: POST
'doSignup': function (req, res) {
remove ghost.settings and ghost.notifications covers 90% of #755 - moved ghost.settings to api.settings - moved ghost.notifications to api.notifications - split up api/index.js to notifications.js, posts.js, settings.js, tags.js and users.js - added instance.globals as temp workaround for blogglobals (Known issue: blog title and blog description are updated after restart only) - added webroot to config() to remove `var root = ...` - changed `e` and `url` helper to async - updated tests
2013-12-06 12:51:35 +04:00
var name = req.body.name,
Input signup name into user profile
2013-09-08 23:16:40 +04:00
email = req.body.email,
Move user API to primary document format closes #2593 - added new format to user API methods - changed all places where the user api was used - updated tests and added more coverage - little bit of cleanup in utils/api
2014-04-29 00:42:38 +04:00
password = req.body.password,
users = [{
name: name,
email: email,
password: password
}];
Initial commit to GitHub repo
2013-05-11 20:44:25 +04:00
Refactor API arguments closes #2610, refs #2697 - cleanup API index.js, and add docs - all API methods take consistent arguments: object & options - browse, read, destroy take options, edit and add take object and options - the context is passed as part of options, meaning no more .call everywhere - destroy expects an object, rather than an id all the way down to the model layer - route params such as :id, :slug, and :key are passed as an option & used to perform reads, updates and deletes where possible - settings / themes may need work here still - HTTP posts api can find a post by slug - Add API utils for checkData
2014-05-08 16:41:19 +04:00
api.users.register({users: users}).then(function (response) {
var user = response.users[0];
api.settings.edit({settings: [{key: 'email', value: email}]}, {context: {user: 1}}).then(function () {
Add welcome email for new sign ups Closes #1766 - Once signed up, a quick welcome email is sent - Links to their blog url, and gives the email they used to sign up
2013-12-29 01:42:52 +04:00
var message = {
Move mail api to json/api format Fixes #2650 * rerouted all mail sending to api/mail * changed request and response formats to json/api-like structure * tested with forgotten password and new blog email
2014-05-09 03:12:18 +04:00
to: email,
subject: 'Your New Ghost Blog',
html: '<p><strong>Hello!</strong></p>' +
'<p>Good news! You\'ve successfully created a brand new Ghost blog over on ' + config().url + '</p>' +
'<p>You can log in to your admin account with the following details:</p>' +
'<p> Email Address: ' + email + '<br>' +
'Password: The password you chose when you signed up</p>' +
'<p>Keep this email somewhere safe for future reference, and have fun!</p>' +
'<p>xoxo</p>' +
'<p>Team Ghost<br>' +
'<a href="https://ghost.org">https://ghost.org</a></p>'
},
payload = {
mail: [{
message: message,
options: {}
}]
};
api.mail.send(payload).otherwise(function (error) {
Error message updates no issue - couple of tweaks to the messaging of non-fatal errors that can be output when running Ghost
2014-01-13 01:49:24 +04:00
errors.logError(
error.message,
"Unable to send welcome email, your blog will continue to function.",
"Please see http://docs.ghost.org/mail/ for instructions on configuring email."
);
Add welcome email for new sign ups Closes #1766 - Once signed up, a quick welcome email is sent - Links to their blog url, and gives the email they used to sign up
2013-12-29 01:42:52 +04:00
});
Replace cookieSession with session - changed cookieSession to session - added session.regenerate for login and logout - added bookshelf session store - added session table to database - added import for databaseVersion 001 - added grunt task test-api - cleanup of gruntfile to start express when needed only - moved api tests to functional tests
2013-11-24 18:29:36 +04:00
req.session.regenerate(function (err) {
if (!err) {
if (req.session.user === undefined) {
req.session.user = user.id;
Improve signin Ref #2413 - Remove fixture and use actual API - Store and send down actual logged in user data - Refactor isLoggedIn to use computed property on application - After signin, update user data in dependency container - Add CSRF to all routes and controllers via initializer - Update authenticated route to check for user.isLoggedIn - Add notifications for signin error - Add notifications.showAPIError helper - Add plumbing for refreshless signup to doSignUp in admin controller
2014-05-15 03:36:13 +04:00
req.session.userData = user;
Replace cookieSession with session - changed cookieSession to session - added session.regenerate for login and logout - added bookshelf session store - added session table to database - added import for databaseVersion 001 - added grunt task test-api - cleanup of gruntfile to start express when needed only - moved api tests to functional tests
2013-11-24 18:29:36 +04:00
}
Improve signin Ref #2413 - Remove fixture and use actual API - Store and send down actual logged in user data - Refactor isLoggedIn to use computed property on application - After signin, update user data in dependency container - Add CSRF to all routes and controllers via initializer - Update authenticated route to check for user.isLoggedIn - Add notifications for signin error - Add notifications.showAPIError helper - Add plumbing for refreshless signup to doSignUp in admin controller
2014-05-15 03:36:13 +04:00
res.json(200, {
redirect: config().paths.subdir + '/ghost/',
userData: req.session.userData
});
Replace cookieSession with session - changed cookieSession to session - added session.regenerate for login and logout - added bookshelf session store - added session table to database - added import for databaseVersion 001 - added grunt task test-api - cleanup of gruntfile to start express when needed only - moved api tests to functional tests
2013-11-24 18:29:36 +04:00
}
});
Populating admin email with user signup email closes #775
2013-09-17 06:08:36 +04:00
});
}).otherwise(function (error) {
Added validation for signup and login screens Closes #374 * Included node-validator as a package * Implemented server side validation (the client side js is a mess, need a LOT of work) * Validates email address both on signup and login screens, gives error message on malformed email addresses * Requires at least 8 chars of password * Tells user if password is too short * Tells user if no such user on login * Tells user if wrong password on login * Tells user if server responds with a 404 (goes away, dies, etc) * Added middleware between req and login / signup for validation
2013-08-19 01:50:42 +04:00
res.json(401, {error: error.message});
});
issue #58 - removing the iiwf Function wrapper and use strict pragma removed from all node files
2013-06-25 15:43:15 +04:00
},
Cleanup naming & order in admin controller no issue There seemed to be no convention or order to the functions in the admin controller, so I have: - organised them - reordered them - added a small doc-block - reordered some routes - updated tests accordingly
2014-02-25 14:51:12 +04:00
// Route: forgotten
// Path: /ghost/forgotten/
// Method: GET
Repaired email sending, implement password reset Closes #288 * I use SendGrid for sending the emails, and it works fine (provided you supply the correct credentials in `config.mail` in `config.js`) * Generates a random 12 char long alphanumeric password, replaces user's pw, and sends an email about it.
2013-09-01 02:20:12 +04:00
'forgotten': function (req, res) {
Remove unparam:true from jslint config in Gruntfile.js issue #1365 - added /*jslint unparam:true*/ to functions where absolutely necessary - added /*jslint unparam:true*/ to functions in which keeping parameter list added clarity to the underlying api, even when those parameters are not currently used - removed unused parameters in a few places
2013-10-31 22:02:34 +04:00
/*jslint unparam:true*/
Improved Auth screen markup and validation checks * Signup now focuses on 'name' on load * Fixed fade in on auth forms to work with `display: table` * The 'name' field is required on Sign up forms * The length check on the Signup form is in order of inputs * Added check for password length * Changed the auth form class names to better represent individual pages * Updated CasperJS tests
2013-09-12 12:59:58 +04:00
res.render('forgotten', {
Repaired email sending, implement password reset Closes #288 * I use SendGrid for sending the emails, and it works fine (provided you supply the correct credentials in `config.mail` in `config.js`) * Generates a random 12 char long alphanumeric password, replaces user's pw, and sends an email about it.
2013-09-01 02:20:12 +04:00
bodyClass: 'ghost-forgotten',
hideNavbar: true,
adminNav: setSelected(adminNavbar, 'login')
});
},
Cleanup naming & order in admin controller no issue There seemed to be no convention or order to the functions in the admin controller, so I have: - organised them - reordered them - added a small doc-block - reordered some routes - updated tests accordingly
2014-02-25 14:51:12 +04:00
// Route: doForgotten
// Path: /ghost/forgotten/
// Method: POST
'doForgotten': function (req, res) {
remove ghost.settings and ghost.notifications covers 90% of #755 - moved ghost.settings to api.settings - moved ghost.notifications to api.notifications - split up api/index.js to notifications.js, posts.js, settings.js, tags.js and users.js - added instance.globals as temp workaround for blogglobals (Known issue: blog title and blog description are updated after restart only) - added webroot to config() to remove `var root = ...` - changed `e` and `url` helper to async - updated tests
2013-12-06 12:51:35 +04:00
var email = req.body.email;
Repaired email sending, implement password reset Closes #288 * I use SendGrid for sending the emails, and it works fine (provided you supply the correct credentials in `config.mail` in `config.js`) * Generates a random 12 char long alphanumeric password, replaces user's pw, and sends an email about it.
2013-09-01 02:20:12 +04:00
Improved Password Reset Tool Closes #1471 - add api and User model methods for generating and validating tokens - add routes and handlers for reset password pages - add client styles and views for reset password form - some basic integration tests for User model methods
2013-11-22 07:17:38 +04:00
api.users.generateResetToken(email).then(function (token) {
Support for urlSSL config option and forceAdminSSL 403 response closes #1838 - adding `forceAdminSSL: {redirect: true/false}` option to allow 403 over non-SSL rather than redirect - adding `urlSSL` option to specify SSL variant of `url` - using `urlSSL` when redirecting to SSL (forceAdminSSL), if specified - dynamically patching `.url` property for view engine templates to use SSL variant over HTTPS connections (pass `.secure` property as view engine data) - using `urlSSL` in a "reset password" email, if specified - adding unit tests to test `forceAdminSSL` and `urlSSL` options - created a unit test utility function to dynamically fork a new instance of Ghost during the test, with different configuration options
2014-02-22 05:25:31 +04:00
var baseUrl = config().forceAdminSSL ? (config().urlSSL || config().url) : config().url,
siteLink = '<a href="' + baseUrl + '">' + baseUrl + '</a>',
resetUrl = baseUrl.replace(/\/$/, '') + '/ghost/reset/' + token + '/',
Improved Password Reset Tool Closes #1471 - add api and User model methods for generating and validating tokens - add routes and handlers for reset password pages - add client styles and views for reset password form - some basic integration tests for User model methods
2013-11-22 07:17:38 +04:00
resetLink = '<a href="' + resetUrl + '">' + resetUrl + '</a>',
Move mail api to json/api format Fixes #2650 * rerouted all mail sending to api/mail * changed request and response formats to json/api-like structure * tested with forgotten password and new blog email
2014-05-09 03:12:18 +04:00
payload = {
mail: [{
message: {
to: email,
subject: 'Reset Password',
html: '<p><strong>Hello!</strong></p>' +
'<p>A request has been made to reset the password on the site ' + siteLink + '.</p>' +
'<p>Please follow the link below to reset your password:<br><br>' + resetLink + '</p>' +
'<p>Ghost</p>'
},
options: {}
}]
Repaired email sending, implement password reset Closes #288 * I use SendGrid for sending the emails, and it works fine (provided you supply the correct credentials in `config.mail` in `config.js`) * Generates a random 12 char long alphanumeric password, replaces user's pw, and sends an email about it.
2013-09-01 02:20:12 +04:00
};
Move mail api to json/api format Fixes #2650 * rerouted all mail sending to api/mail * changed request and response formats to json/api-like structure * tested with forgotten password and new blog email
2014-05-09 03:12:18 +04:00
return api.mail.send(payload);
Email errors & cleanup closes #618 - don't send a welcome email. This appeared to be breaking tests. - make sure we handle errors from sending emails properly - use promises when adding notifications
2013-09-04 17:57:41 +04:00
}).then(function success() {
Move mail api to json/api format Fixes #2650 * rerouted all mail sending to api/mail * changed request and response formats to json/api-like structure * tested with forgotten password and new blog email
2014-05-09 03:12:18 +04:00
// TODO: note that this function takes a response as an
// argument but jshint complains of it not being used
Email errors & cleanup closes #618 - don't send a welcome email. This appeared to be breaking tests. - make sure we handle errors from sending emails properly - use promises when adding notifications
2013-09-04 17:57:41 +04:00
var notification = {
type: 'success',
Improved Password Reset Tool Closes #1471 - add api and User model methods for generating and validating tokens - add routes and handlers for reset password pages - add client styles and views for reset password form - some basic integration tests for User model methods
2013-11-22 07:17:38 +04:00
message: 'Check your email for further instructions',
Proper endpoints for persistent notifications closes #2637 - Add new get API route for all notifications - Wrap API responses to comply with JSON-API - Add new tests / adjust fixtures - Adjust all occurences of passive notifications
2014-04-29 00:58:18 +04:00
status: 'passive'
Email errors & cleanup closes #618 - don't send a welcome email. This appeared to be breaking tests. - make sure we handle errors from sending emails properly - use promises when adding notifications
2013-09-04 17:57:41 +04:00
};
return api.notifications.add(notification).then(function () {
Improve bootstrap flow of a Ghost application addresses #1789, #1364 - Moves ./core/server/loader -> ./core/bootstrap. The bootstrap file is only accessed once during startup, and it’s sole job is to ensure a config.js file exists (creating one if it doesn’t) and then validates the contents of the config file. Since this is directly related to the initializing the application is is appropriate to have it in the ./core folder, named bootstrap as that is what it does. This also improves the dependency graph, as now the bootstrap file require’s the ./core/server/config module and is responsible for passing in the validated config file. Whereas before we had ./core/server/config require’ing ./core/server/loader and running its init code and then passing that value back to itself, the flow is now more straight forward of ./core/bootstrap handling initialization and then instatiation of config module - Merges ./core/server/config/paths into ./core/server/config This flow was always confusing me to that some config options were on the config object, and some were on the paths object. This change now incorporates all of the variables previously defined in config/paths directly into the config module, and in extension, the config.js file. This means that you now have the option of deciding at startup where the content directory for ghost should reside. - broke out loader tests in config_spec to bootstrap_spec - updated all relevant files to now use config().paths - moved urlFor and urlForPost function into ./server/config/url.js
2014-01-05 10:40:53 +04:00
res.json(200, {redirect: config().paths.subdir + '/ghost/signin/'});
Email errors & cleanup closes #618 - don't send a welcome email. This appeared to be breaking tests. - make sure we handle errors from sending emails properly - use promises when adding notifications
2013-09-04 17:57:41 +04:00
});
Repaired email sending, implement password reset Closes #288 * I use SendGrid for sending the emails, and it works fine (provided you supply the correct credentials in `config.mail` in `config.js`) * Generates a random 12 char long alphanumeric password, replaces user's pw, and sends an email about it.
2013-09-01 02:20:12 +04:00
Email errors & cleanup closes #618 - don't send a welcome email. This appeared to be breaking tests. - make sure we handle errors from sending emails properly - use promises when adding notifications
2013-09-04 17:57:41 +04:00
}, function failure(error) {
Improved Password Reset Tool Closes #1471 - add api and User model methods for generating and validating tokens - add routes and handlers for reset password pages - add client styles and views for reset password form - some basic integration tests for User model methods
2013-11-22 07:17:38 +04:00
// TODO: This is kind of sketchy, depends on magic string error.message from Bookshelf.
if (error && error.message === 'EmptyResponse') {
error.message = "Invalid email address";
}
Repaired email sending, implement password reset Closes #288 * I use SendGrid for sending the emails, and it works fine (provided you supply the correct credentials in `config.mail` in `config.js`) * Generates a random 12 char long alphanumeric password, replaces user's pw, and sends an email about it.
2013-09-01 02:20:12 +04:00
res.json(401, {error: error.message});
Improved Password Reset Tool Closes #1471 - add api and User model methods for generating and validating tokens - add routes and handlers for reset password pages - add client styles and views for reset password form - some basic integration tests for User model methods
2013-11-22 07:17:38 +04:00
});
},
Cleanup naming & order in admin controller no issue There seemed to be no convention or order to the functions in the admin controller, so I have: - organised them - reordered them - added a small doc-block - reordered some routes - updated tests accordingly
2014-02-25 14:51:12 +04:00
// Route: reset
// Path: /ghost/reset/:token
// Method: GET
Improved Password Reset Tool Closes #1471 - add api and User model methods for generating and validating tokens - add routes and handlers for reset password pages - add client styles and views for reset password form - some basic integration tests for User model methods
2013-11-22 07:17:38 +04:00
'reset': function (req, res) {
remove ghost.settings and ghost.notifications covers 90% of #755 - moved ghost.settings to api.settings - moved ghost.notifications to api.notifications - split up api/index.js to notifications.js, posts.js, settings.js, tags.js and users.js - added instance.globals as temp workaround for blogglobals (Known issue: blog title and blog description are updated after restart only) - added webroot to config() to remove `var root = ...` - changed `e` and `url` helper to async - updated tests
2013-12-06 12:51:35 +04:00
// Validate the request token
var token = req.params.token;
Improved Password Reset Tool Closes #1471 - add api and User model methods for generating and validating tokens - add routes and handlers for reset password pages - add client styles and views for reset password form - some basic integration tests for User model methods
2013-11-22 07:17:38 +04:00
api.users.validateToken(token).then(function () {
// Render the reset form
res.render('reset', {
bodyClass: 'ghost-reset',
hideNavbar: true,
adminNav: setSelected(adminNavbar, 'reset')
});
}).otherwise(function (err) {
// Redirect to forgotten if invalid token
var notification = {
type: 'error',
Proper endpoints for persistent notifications closes #2637 - Add new get API route for all notifications - Wrap API responses to comply with JSON-API - Add new tests / adjust fixtures - Adjust all occurences of passive notifications
2014-04-29 00:58:18 +04:00
message: 'Invalid or expired token'
Improved Password Reset Tool Closes #1471 - add api and User model methods for generating and validating tokens - add routes and handlers for reset password pages - add client styles and views for reset password form - some basic integration tests for User model methods
2013-11-22 07:17:38 +04:00
};
errors.logError(err, 'admin.js', "Please check the provided token for validity and expiration.");
return api.notifications.add(notification).then(function () {
Improve bootstrap flow of a Ghost application addresses #1789, #1364 - Moves ./core/server/loader -> ./core/bootstrap. The bootstrap file is only accessed once during startup, and it’s sole job is to ensure a config.js file exists (creating one if it doesn’t) and then validates the contents of the config file. Since this is directly related to the initializing the application is is appropriate to have it in the ./core folder, named bootstrap as that is what it does. This also improves the dependency graph, as now the bootstrap file require’s the ./core/server/config module and is responsible for passing in the validated config file. Whereas before we had ./core/server/config require’ing ./core/server/loader and running its init code and then passing that value back to itself, the flow is now more straight forward of ./core/bootstrap handling initialization and then instatiation of config module - Merges ./core/server/config/paths into ./core/server/config This flow was always confusing me to that some config options were on the config object, and some were on the paths object. This change now incorporates all of the variables previously defined in config/paths directly into the config module, and in extension, the config.js file. This means that you now have the option of deciding at startup where the content directory for ghost should reside. - broke out loader tests in config_spec to bootstrap_spec - updated all relevant files to now use config().paths - moved urlFor and urlForPost function into ./server/config/url.js
2014-01-05 10:40:53 +04:00
res.redirect(config().paths.subdir + '/ghost/forgotten');
Improved Password Reset Tool Closes #1471 - add api and User model methods for generating and validating tokens - add routes and handlers for reset password pages - add client styles and views for reset password form - some basic integration tests for User model methods
2013-11-22 07:17:38 +04:00
});
});
},
Cleanup naming & order in admin controller no issue There seemed to be no convention or order to the functions in the admin controller, so I have: - organised them - reordered them - added a small doc-block - reordered some routes - updated tests accordingly
2014-02-25 14:51:12 +04:00
// Route: doReset
// Path: /ghost/reset/:token
// Method: POST
'doReset': function (req, res) {
remove ghost.settings and ghost.notifications covers 90% of #755 - moved ghost.settings to api.settings - moved ghost.notifications to api.notifications - split up api/index.js to notifications.js, posts.js, settings.js, tags.js and users.js - added instance.globals as temp workaround for blogglobals (Known issue: blog title and blog description are updated after restart only) - added webroot to config() to remove `var root = ...` - changed `e` and `url` helper to async - updated tests
2013-12-06 12:51:35 +04:00
var token = req.params.token,
Improved Password Reset Tool Closes #1471 - add api and User model methods for generating and validating tokens - add routes and handlers for reset password pages - add client styles and views for reset password form - some basic integration tests for User model methods
2013-11-22 07:17:38 +04:00
newPassword = req.param('newpassword'),
ne2Password = req.param('ne2password');
api.users.resetPassword(token, newPassword, ne2Password).then(function () {
var notification = {
type: 'success',
message: 'Password changed successfully.',
Proper endpoints for persistent notifications closes #2637 - Add new get API route for all notifications - Wrap API responses to comply with JSON-API - Add new tests / adjust fixtures - Adjust all occurences of passive notifications
2014-04-29 00:58:18 +04:00
status: 'passive'
Improved Password Reset Tool Closes #1471 - add api and User model methods for generating and validating tokens - add routes and handlers for reset password pages - add client styles and views for reset password form - some basic integration tests for User model methods
2013-11-22 07:17:38 +04:00
};
return api.notifications.add(notification).then(function () {
Improve bootstrap flow of a Ghost application addresses #1789, #1364 - Moves ./core/server/loader -> ./core/bootstrap. The bootstrap file is only accessed once during startup, and it’s sole job is to ensure a config.js file exists (creating one if it doesn’t) and then validates the contents of the config file. Since this is directly related to the initializing the application is is appropriate to have it in the ./core folder, named bootstrap as that is what it does. This also improves the dependency graph, as now the bootstrap file require’s the ./core/server/config module and is responsible for passing in the validated config file. Whereas before we had ./core/server/config require’ing ./core/server/loader and running its init code and then passing that value back to itself, the flow is now more straight forward of ./core/bootstrap handling initialization and then instatiation of config module - Merges ./core/server/config/paths into ./core/server/config This flow was always confusing me to that some config options were on the config object, and some were on the paths object. This change now incorporates all of the variables previously defined in config/paths directly into the config module, and in extension, the config.js file. This means that you now have the option of deciding at startup where the content directory for ghost should reside. - broke out loader tests in config_spec to bootstrap_spec - updated all relevant files to now use config().paths - moved urlFor and urlForPost function into ./server/config/url.js
2014-01-05 10:40:53 +04:00
res.json(200, {redirect: config().paths.subdir + '/ghost/signin/'});
Improved Password Reset Tool Closes #1471 - add api and User model methods for generating and validating tokens - add routes and handlers for reset password pages - add client styles and views for reset password form - some basic integration tests for User model methods
2013-11-22 07:17:38 +04:00
});
}).otherwise(function (err) {
res.json(401, {error: err.message});
});
Repaired email sending, implement password reset Closes #288 * I use SendGrid for sending the emails, and it works fine (provided you supply the correct credentials in `config.mail` in `config.js`) * Generates a random 12 char long alphanumeric password, replaces user's pw, and sends an email about it.
2013-09-01 02:20:12 +04:00
},
Cleanup naming & order in admin controller no issue There seemed to be no convention or order to the functions in the admin controller, so I have: - organised them - reordered them - added a small doc-block - reordered some routes - updated tests accordingly
2014-02-25 14:51:12 +04:00
// Route: doChangePassword
// Path: /ghost/changepw/
// Method: POST
'doChangePassword': function (req, res) {
return api.users.changePassword({
currentUser: req.session.user,
oldpw: req.body.password,
newpw: req.body.newpassword,
ne2pw: req.body.ne2password
}).then(function () {
res.json(200, {msg: 'Password changed successfully'});
}, function (error) {
res.send(401, {error: error.message});
Removing api calls from server side closes #603, issue #395 - Changed hard-coded 'JOE BLOGGS' to use author data - We still had api calls loading data server side before rendering pages.. which is unnecessary. - Only thing using this was editor title, which is now populated client side - May improve content screen load time.
2013-09-05 00:05:36 +04:00
});
issue #58 - removing the iiwf Function wrapper and use strict pragma removed from all node files
2013-06-25 15:43:15 +04:00
}
};
Initial commit to GitHub repo
2013-05-11 20:44:25 +04:00
Current user added Closes #340. Closes #375 * Replaced session with id of current user * Added method to ghostlocals to always send profile picture and full name to templates (template checks if falsy) * Modified user saving (`forge().set(new).save()` died on me, `forge().save(new)` didn't) * If user has profile picture, that will be used * If user has name, that will be used * Password changing doesn't care about your email. Uses cookies. Tasty! * User pane uses current user id. Had to set path to me, otherwise goes to `browse` instead of `read`. * Added logic to user api to check for `id === 'me'`, and then use the cookie value * User data saves are now correct * There is no logout error
2013-08-09 05:22:49 +04:00
module.exports = adminControllers;
Reference in New Issue Copy Permalink