Ghost/ghost/admin/app/routes/signup.js

90 lines
3.2 KiB
JavaScript
Raw Normal View History

import DS from 'ember-data';
import EmberObject from '@ember/object';
import RSVP from 'rsvp';
import Route from '@ember/routing/route';
🎨 remove usage of ghost's {{asset}} helper in index.html (#574) refs #8140 🎨 remove usage of ghost's {{asset}} helper in built index.html files requires https://github.com/TryGhost/Ghost/pull/8142 - switch to hash-location rather than history-location - remove usage of Ghost's `{{asset}}` helper in index.html - add `content-for` helpers to `asset-delivery` addon that switch asset urls in index.html to `.min` files in production - update the `asset-delivery` addon to copy the production `index.min.html` to `default-prod.hbs` so Ghost can serve production assets when in production mode - change template output path to `core/server/admin/views/` - enable asset fingerprinting - remove `ember-cli-sri` dependency - we weren't using it but now that ember is handling assets it was used automatically and could potentially create issues if users have proxy servers that attempt to compress or otherwise modify asset files ✨ redirect to setup if server says setup isn't finished refs https://github.com/TryGhost/Ghost/issues/8140 - now we're using hash-location the server no longer knows if we're hitting the /setup route so it's not able to redirect for us - extends the default ESA `UnauthenticatedRouteMixin` to add a check against the `/authentication/setup` API endpoint and redirects to `/#/setup/one` if setup isn't complete - this works for all routes because the default behaviour when hitting an authenticated route without the right credentials is to force a logout and redirect to `/#/signin` which utilises the `UnauthenticatedRouteMixin` deps: ember-cli-inject-live-reload@1.6.1
2017-03-14 19:04:46 +03:00
import UnauthenticatedRouteMixin from 'ghost-admin/mixins/unauthenticated-route-mixin';
import ValidationEngine from 'ghost-admin/mixins/validation-engine';
import {inject as service} from '@ember/service';
const {Promise} = RSVP;
const {Errors} = DS;
export default Route.extend(UnauthenticatedRouteMixin, {
ghostPaths: service(),
notifications: service(),
session: service(),
ajax: service(),
config: service(),
beforeModel() {
if (this.get('session.isAuthenticated')) {
this.notifications.showAlert('You need to sign out to register as a new user.', {type: 'warn', delayed: true, key: 'signup.create.already-authenticated'});
}
this._super(...arguments);
},
model(params) {
let SignupDetails = EmberObject.extend(ValidationEngine, {
validationType: 'signup'
});
let signupDetails = SignupDetails.create();
let re = /^(?:[A-Za-z0-9_-]{4})*(?:[A-Za-z0-9_-]{2}|[A-Za-z0-9_-]{3})?$/;
let email,
tokenText;
2016-01-19 16:03:27 +03:00
return new Promise((resolve) => {
if (!re.test(params.token)) {
this.notifications.showAlert('Invalid token.', {type: 'error', delayed: true, key: 'signup.create.invalid-token'});
return resolve(this.transitionTo('signin'));
}
tokenText = atob(params.token);
email = tokenText.split('|')[1];
// leave e-mail blank even though we get it from the token because
// we need the user to type it in for Chrome to remember the
// email/password combo properly
signupDetails.set('email', '');
signupDetails.set('token', params.token);
signupDetails.set('errors', Errors.create());
2016-01-18 18:37:14 +03:00
let authUrl = this.get('ghostPaths.url').api('authentication', 'invitation');
return this.ajax.request(authUrl, {
dataType: 'json',
data: {
email
}
}).then((response) => {
if (response && response.invitation && response.invitation[0].valid === false) {
this.notifications.showAlert('The invitation does not exist or is no longer valid.', {type: 'warn', delayed: true, key: 'signup.create.invalid-invitation'});
return resolve(this.transitionTo('signin'));
}
// set blogTitle, so password validation has access to it
signupDetails.set('blogTitle', this.get('config.blogTitle'));
resolve(signupDetails);
}).catch(() => {
resolve(signupDetails);
});
});
},
deactivate() {
this._super(...arguments);
// clear the properties that hold the sensitive data from the controller
this.controllerFor('signup').get('signupDetails').setProperties({email: '', password: '', token: ''});
},
buildRouteInfoMetadata() {
return {
bodyClasses: ['unauthenticated-route']
};
}
});