Merge branch 'pr/3876'

* pr/3876: Redirect user if signup invitation isn't valid
2024-11-30 21:40:39 +03:00 · 2014-09-18 19:22:39 -06:00 · 2014-09-18 19:22:39 -06:00 · 9fb038f8d3
commit 9fb038f8d3
parent a4de40abc6 b1c1b03015
3 changed files with 51 additions and 1 deletions
--- a/core/client/routes/signup.js
+++ b/core/client/routes/signup.js
@ -1,3 +1,4 @@
+import ajax from 'ghost/utils/ajax';
 import styleBody from 'ghost/mixins/style-body';
 import loadingIndicator from 'ghost/mixins/loading-indicator';

@ -10,7 +11,8 @@ var SignupRoute = Ember.Route.extend(styleBody, loadingIndicator, {
        }
    },
    setupController: function (controller, params) {
-        var tokenText,
+        var self = this,
+            tokenText,
            email,
            re = /^(?:[A-Za-z0-9+\/]{4})*(?:[A-Za-z0-9+\/]{2}==|[A-Za-z0-9+\/]{3}=)?$/;
        if (re.test(params.token)) {
@ -23,6 +25,23 @@ var SignupRoute = Ember.Route.extend(styleBody, loadingIndicator, {
                this.transitionTo('signin');
                this.notifications.showError('Invalid token.', {delayed: true});
            }
+
+            ajax({
+                url: this.get('ghostPaths.url').api('authentication', 'invitation'),
+                type: 'GET',
+                dataType: 'json',
+                data: {
+                    email: email
+                }
+            }).then(function (response) {
+                if (response && response.invitation && response.invitation[0].valid === false) {
+                    self.transitionTo('signin');
+                    self.notifications.showError('The invitation does not exist or is no longer valid.', {delayed: true});
+                }
+            }).catch(function (error) {
+                self.notifications.showAPIError(error);
+            });
+
        } else {
            this.transitionTo('signin');
            this.notifications.showError('Invalid token.', {delayed: true});
--- a/core/server/api/authentication.js
+++ b/core/server/api/authentication.js
@ -148,6 +148,36 @@ authentication = {
        });
    },

+    /**
+     * ### Check for invitation
+     * @param {Object} options
+     * @param {string} options.email The email to check for an invitation on
+     * @returns {Promise(Invitation}} An invitation status
+     */
+    isInvitation: function (options) {
+        if (!options.email) {
+            return Promise.reject(new errors.NoPermissionError('The server did not receive a valid email'));
+        }
+
+        return authentication.isSetup().then(function (result) {
+            var setup = result.setup[0].status;
+
+            if (!setup) {
+                return Promise.reject(new errors.NoPermissionError('Setup must be completed before making this request.'));
+            }
+
+            if (options.email) {
+                return dataProvider.User.findOne({email: options.email, status: 'invited'}).then(function (response) {
+                    if (response) {
+                        return {invitation: [{valid: true}]};
+                    } else {
+                        return {invitation: [{valid: false}]};
+                    }
+                });
+            }
+        });
+    },
+
    isSetup: function () {
        return dataProvider.User.query(function (qb) {
            qb.whereIn('status', ['active', 'warn-1', 'warn-2', 'warn-3', 'warn-4', 'locked']);
--- a/core/server/routes/api.js
+++ b/core/server/routes/api.js
@ -72,6 +72,7 @@ apiRoutes = function (middleware) {
    );
    router.put('/authentication/passwordreset', api.http(api.authentication.resetPassword));
    router.post('/authentication/invitation', api.http(api.authentication.acceptInvitation));
+    router.get('/authentication/invitation', api.http(api.authentication.isInvitation));
    router.post('/authentication/setup', api.http(api.authentication.setup));
    router.get('/authentication/setup', api.http(api.authentication.isSetup));
    router.post('/authentication/token',