Ghost/ghost/admin/app/authenticators/cookie.js

import Authenticator from 'ember-simple-auth/authenticators/base';
import RSVP from 'rsvp';
import {computed} from '@ember/object';
import {inject as service} from '@ember/service';

export default Authenticator.extend({
    ajax: service(),
    config: service(),
    feature: service(),
    ghostPaths: service(),
    settings: service(),
    tour: service(),

    sessionEndpoint: computed('ghostPaths.apiRoot', function () {
        return `${this.ghostPaths.apiRoot}/session`;
    }),

    restore: function () {
        return RSVP.resolve();
    },

    authenticate(identification, password) {
        const data = {username: identification, password};
        const options = {
            data,
            contentType: 'application/json;charset=utf-8',
            // ember-ajax will try and parse the response as JSON if not explicitly set
            dataType: 'text'
        };

        return this.ajax.post(this.sessionEndpoint, options).then((authResult) => {
            // TODO: remove duplication with application.afterModel
            let preloadPromises = [
                this.config.fetchAuthenticated(),
                this.feature.fetch(),
                this.settings.fetch(),
                this.tour.fetchViewed()
            ];

            return RSVP.all(preloadPromises).then(() => {
                return authResult;
            });
        });
    },

    invalidate() {
        // if we're invalidating because of a 401 we can end up in an infinite
        // loop if we then try to perform a DELETE /session/ request
        // TODO: find a more elegant way to handle this
        if (this.ajax.skipSessionDeletion) {
            this.ajax.skipSessionDeletion = false;
            return RSVP.resolve();
        }

        return this.ajax.del(this.sessionEndpoint);
    }
});
Use Admin API v2 with session auth (#1046) refs #9865 - removed all `oauth2` and token-based ESA auth - added new `cookie` authenticator which handles session creation - updated the session store to extend from the `ephemeral` in-memory store and to restore by fetching the currently logged in user and using the success/failure state to indicate authentication state - ESA automatically calls this `.restore()` method on app boot - the `session` service caches the current-user query so there's no unnecessary requests being made for the "logged in" state - removed the now-unnecessary token refresh and logout routines from the `application` route - removed the now-unnecessary token refresh routines from the `ajax` service - removed `access_token` query param from iframe file downloaders - changed Ember Data adapters and `ghost-paths` to use the `/ghost/api/v2/admin/` namespace 2018-10-05 21:46:33 +03:00			`import Authenticator from 'ember-simple-auth/authenticators/base';`
			`import RSVP from 'rsvp';`
			`import {computed} from '@ember/object';`
			`import {inject as service} from '@ember/service';`

			`export default Authenticator.extend({`
			`ajax: service(),`
🎨 Added auto-login to private site when viewing site preview in admin (#1286) closes https://github.com/TryGhost/Ghost/issues/10995 - when first loading the site preview, if private mode is enabled submit the login form in the background to get the cookie before loading the iframe - refactors post-authentication preloading to ensure it occurs before post-authentication route hooks are called - adds `showSuccess` attribute to `<GhTaskButton>` so that when set to `false` it can stay in the running state after "success" to avoid state change flashes whilst waiting for a transition 2019-08-12 11:11:10 +03:00			`config: service(),`
			`feature: service(),`
Use Admin API v2 with session auth (#1046) refs #9865 - removed all `oauth2` and token-based ESA auth - added new `cookie` authenticator which handles session creation - updated the session store to extend from the `ephemeral` in-memory store and to restore by fetching the currently logged in user and using the success/failure state to indicate authentication state - ESA automatically calls this `.restore()` method on app boot - the `session` service caches the current-user query so there's no unnecessary requests being made for the "logged in" state - removed the now-unnecessary token refresh and logout routines from the `application` route - removed the now-unnecessary token refresh routines from the `ajax` service - removed `access_token` query param from iframe file downloaders - changed Ember Data adapters and `ghost-paths` to use the `/ghost/api/v2/admin/` namespace 2018-10-05 21:46:33 +03:00			`ghostPaths: service(),`
🎨 Added auto-login to private site when viewing site preview in admin (#1286) closes https://github.com/TryGhost/Ghost/issues/10995 - when first loading the site preview, if private mode is enabled submit the login form in the background to get the cookie before loading the iframe - refactors post-authentication preloading to ensure it occurs before post-authentication route hooks are called - adds `showSuccess` attribute to `<GhTaskButton>` so that when set to `false` it can stay in the running state after "success" to avoid state change flashes whilst waiting for a transition 2019-08-12 11:11:10 +03:00			`settings: service(),`
			`tour: service(),`
Use Admin API v2 with session auth (#1046) refs #9865 - removed all `oauth2` and token-based ESA auth - added new `cookie` authenticator which handles session creation - updated the session store to extend from the `ephemeral` in-memory store and to restore by fetching the currently logged in user and using the success/failure state to indicate authentication state - ESA automatically calls this `.restore()` method on app boot - the `session` service caches the current-user query so there's no unnecessary requests being made for the "logged in" state - removed the now-unnecessary token refresh and logout routines from the `application` route - removed the now-unnecessary token refresh routines from the `ajax` service - removed `access_token` query param from iframe file downloaders - changed Ember Data adapters and `ghost-paths` to use the `/ghost/api/v2/admin/` namespace 2018-10-05 21:46:33 +03:00
			`sessionEndpoint: computed('ghostPaths.apiRoot', function () {`
			return `${this.ghostPaths.apiRoot}/session`;
			`}),`

			`restore: function () {`
			`return RSVP.resolve();`
			`},`

			`authenticate(identification, password) {`
			`const data = {username: identification, password};`
			`const options = {`
			`data,`
			`contentType: 'application/json;charset=utf-8',`
			`// ember-ajax will try and parse the response as JSON if not explicitly set`
			`dataType: 'text'`
			`};`

🎨 Added auto-login to private site when viewing site preview in admin (#1286) closes https://github.com/TryGhost/Ghost/issues/10995 - when first loading the site preview, if private mode is enabled submit the login form in the background to get the cookie before loading the iframe - refactors post-authentication preloading to ensure it occurs before post-authentication route hooks are called - adds `showSuccess` attribute to `<GhTaskButton>` so that when set to `false` it can stay in the running state after "success" to avoid state change flashes whilst waiting for a transition 2019-08-12 11:11:10 +03:00			`return this.ajax.post(this.sessionEndpoint, options).then((authResult) => {`
			`// TODO: remove duplication with application.afterModel`
			`let preloadPromises = [`
			`this.config.fetchAuthenticated(),`
			`this.feature.fetch(),`
			`this.settings.fetch(),`
			`this.tour.fetchViewed()`
			`];`

			`return RSVP.all(preloadPromises).then(() => {`
			`return authResult;`
			`});`
			`});`
Use Admin API v2 with session auth (#1046) refs #9865 - removed all `oauth2` and token-based ESA auth - added new `cookie` authenticator which handles session creation - updated the session store to extend from the `ephemeral` in-memory store and to restore by fetching the currently logged in user and using the success/failure state to indicate authentication state - ESA automatically calls this `.restore()` method on app boot - the `session` service caches the current-user query so there's no unnecessary requests being made for the "logged in" state - removed the now-unnecessary token refresh and logout routines from the `application` route - removed the now-unnecessary token refresh routines from the `ajax` service - removed `access_token` query param from iframe file downloaders - changed Ember Data adapters and `ghost-paths` to use the `/ghost/api/v2/admin/` namespace 2018-10-05 21:46:33 +03:00			`},`

			`invalidate() {`
			`// if we're invalidating because of a 401 we can end up in an infinite`
			`// loop if we then try to perform a DELETE /session/ request`
			`// TODO: find a more elegant way to handle this`
			`if (this.ajax.skipSessionDeletion) {`
			`this.ajax.skipSessionDeletion = false;`
			`return RSVP.resolve();`
			`}`

			`return this.ajax.del(this.sessionEndpoint);`
			`}`
			`});`