mirror of
https://github.com/TryGhost/Ghost.git
synced 2024-12-03 03:55:26 +03:00
Merge branch 'pr/3876'
* pr/3876: Redirect user if signup invitation isn't valid
This commit is contained in:
commit
9fb038f8d3
@ -1,3 +1,4 @@
|
|||||||
|
import ajax from 'ghost/utils/ajax';
|
||||||
import styleBody from 'ghost/mixins/style-body';
|
import styleBody from 'ghost/mixins/style-body';
|
||||||
import loadingIndicator from 'ghost/mixins/loading-indicator';
|
import loadingIndicator from 'ghost/mixins/loading-indicator';
|
||||||
|
|
||||||
@ -10,7 +11,8 @@ var SignupRoute = Ember.Route.extend(styleBody, loadingIndicator, {
|
|||||||
}
|
}
|
||||||
},
|
},
|
||||||
setupController: function (controller, params) {
|
setupController: function (controller, params) {
|
||||||
var tokenText,
|
var self = this,
|
||||||
|
tokenText,
|
||||||
email,
|
email,
|
||||||
re = /^(?:[A-Za-z0-9+\/]{4})*(?:[A-Za-z0-9+\/]{2}==|[A-Za-z0-9+\/]{3}=)?$/;
|
re = /^(?:[A-Za-z0-9+\/]{4})*(?:[A-Za-z0-9+\/]{2}==|[A-Za-z0-9+\/]{3}=)?$/;
|
||||||
if (re.test(params.token)) {
|
if (re.test(params.token)) {
|
||||||
@ -23,6 +25,23 @@ var SignupRoute = Ember.Route.extend(styleBody, loadingIndicator, {
|
|||||||
this.transitionTo('signin');
|
this.transitionTo('signin');
|
||||||
this.notifications.showError('Invalid token.', {delayed: true});
|
this.notifications.showError('Invalid token.', {delayed: true});
|
||||||
}
|
}
|
||||||
|
|
||||||
|
ajax({
|
||||||
|
url: this.get('ghostPaths.url').api('authentication', 'invitation'),
|
||||||
|
type: 'GET',
|
||||||
|
dataType: 'json',
|
||||||
|
data: {
|
||||||
|
email: email
|
||||||
|
}
|
||||||
|
}).then(function (response) {
|
||||||
|
if (response && response.invitation && response.invitation[0].valid === false) {
|
||||||
|
self.transitionTo('signin');
|
||||||
|
self.notifications.showError('The invitation does not exist or is no longer valid.', {delayed: true});
|
||||||
|
}
|
||||||
|
}).catch(function (error) {
|
||||||
|
self.notifications.showAPIError(error);
|
||||||
|
});
|
||||||
|
|
||||||
} else {
|
} else {
|
||||||
this.transitionTo('signin');
|
this.transitionTo('signin');
|
||||||
this.notifications.showError('Invalid token.', {delayed: true});
|
this.notifications.showError('Invalid token.', {delayed: true});
|
||||||
|
@ -148,6 +148,36 @@ authentication = {
|
|||||||
});
|
});
|
||||||
},
|
},
|
||||||
|
|
||||||
|
/**
|
||||||
|
* ### Check for invitation
|
||||||
|
* @param {Object} options
|
||||||
|
* @param {string} options.email The email to check for an invitation on
|
||||||
|
* @returns {Promise(Invitation}} An invitation status
|
||||||
|
*/
|
||||||
|
isInvitation: function (options) {
|
||||||
|
if (!options.email) {
|
||||||
|
return Promise.reject(new errors.NoPermissionError('The server did not receive a valid email'));
|
||||||
|
}
|
||||||
|
|
||||||
|
return authentication.isSetup().then(function (result) {
|
||||||
|
var setup = result.setup[0].status;
|
||||||
|
|
||||||
|
if (!setup) {
|
||||||
|
return Promise.reject(new errors.NoPermissionError('Setup must be completed before making this request.'));
|
||||||
|
}
|
||||||
|
|
||||||
|
if (options.email) {
|
||||||
|
return dataProvider.User.findOne({email: options.email, status: 'invited'}).then(function (response) {
|
||||||
|
if (response) {
|
||||||
|
return {invitation: [{valid: true}]};
|
||||||
|
} else {
|
||||||
|
return {invitation: [{valid: false}]};
|
||||||
|
}
|
||||||
|
});
|
||||||
|
}
|
||||||
|
});
|
||||||
|
},
|
||||||
|
|
||||||
isSetup: function () {
|
isSetup: function () {
|
||||||
return dataProvider.User.query(function (qb) {
|
return dataProvider.User.query(function (qb) {
|
||||||
qb.whereIn('status', ['active', 'warn-1', 'warn-2', 'warn-3', 'warn-4', 'locked']);
|
qb.whereIn('status', ['active', 'warn-1', 'warn-2', 'warn-3', 'warn-4', 'locked']);
|
||||||
|
@ -72,6 +72,7 @@ apiRoutes = function (middleware) {
|
|||||||
);
|
);
|
||||||
router.put('/authentication/passwordreset', api.http(api.authentication.resetPassword));
|
router.put('/authentication/passwordreset', api.http(api.authentication.resetPassword));
|
||||||
router.post('/authentication/invitation', api.http(api.authentication.acceptInvitation));
|
router.post('/authentication/invitation', api.http(api.authentication.acceptInvitation));
|
||||||
|
router.get('/authentication/invitation', api.http(api.authentication.isInvitation));
|
||||||
router.post('/authentication/setup', api.http(api.authentication.setup));
|
router.post('/authentication/setup', api.http(api.authentication.setup));
|
||||||
router.get('/authentication/setup', api.http(api.authentication.isSetup));
|
router.get('/authentication/setup', api.http(api.authentication.isSetup));
|
||||||
router.post('/authentication/token',
|
router.post('/authentication/token',
|
||||||
|
Loading…
Reference in New Issue
Block a user