fix authentication error if setup/two is re-submitted

closes #6226 - adds calls to oauth middleware on PUT /authentication/setup/ - prevent setup/two from trying to log in again if user is already logged in
2024-11-23 22:11:09 +03:00 · 2015-12-18 12:18:13 -07:00 · 2015-12-18 12:18:13 -07:00 · cff44366a8
commit cff44366a8
parent 89b872ab1a
1 changed files with 25 additions and 16 deletions
--- a/ghost/admin/app/controllers/setup/two.js
+++ b/ghost/admin/app/controllers/setup/two.js
@ -35,7 +35,7 @@ export default Controller.extend(ValidationEngine, {
        return new RSVP.Promise((resolve, reject) => {
            image.formData = {};
            image.submit()
-                .success(function (response) {
+                .success((response) => {
                    user.image = response;
                    ajax({
                        url: this.get('ghostPaths.url').api('users', user.id.toString()),
@ -68,6 +68,22 @@ export default Controller.extend(ValidationEngine, {
        }
    },

+    afterAuthentication(result) {
+        if (this.get('image')) {
+            this.sendImage(result.users[0])
+            .then(() => {
+                this.toggleProperty('submitting');
+                this.transitionToRoute('setup.three');
+            }).catch((resp) => {
+                this.toggleProperty('submitting');
+                this.get('notifications').showAPIError(resp, {key: 'setup.blog-details'});
+            });
+        } else {
+            this.toggleProperty('submitting');
+            this.transitionToRoute('setup.three');
+        }
+    },
+
    actions: {
        preValidate(model) {
            // Only triggers validation if a value has been entered, preventing empty errors on focusOut
@ -77,9 +93,8 @@ export default Controller.extend(ValidationEngine, {
        },

        setup() {
-            let setupProperties = ['blogTitle', 'name', 'email', 'password', 'image'];
+            let setupProperties = ['blogTitle', 'name', 'email', 'password'];
            let data = this.getProperties(setupProperties);
-            let notifications = this.get('notifications');
            let config = this.get('config');
            let method = this.get('blogCreated') ? 'PUT' : 'POST';

@ -101,23 +116,17 @@ export default Controller.extend(ValidationEngine, {
                    }
                }).then((result) => {
                    config.set('blogTitle', data.blogTitle);
+
+                    // don't try to login again if we are already logged in
+                    if (this.get('session.isAuthenticated')) {
+                        return this.afterAuthentication(result);
+                    }
+
                    // Don't call the success handler, otherwise we will be redirected to admin
                    this.get('application').set('skipAuthSuccessHandler', true);
                    this.get('session').authenticate('authenticator:oauth2', this.get('email'), this.get('password')).then(() => {
                        this.set('blogCreated', true);
-                        if (data.image) {
-                            this.sendImage(result.users[0])
-                            .then(() => {
-                                this.toggleProperty('submitting');
-                                this.transitionToRoute('setup.three');
-                            }).catch((resp) => {
-                                this.toggleProperty('submitting');
-                                notifications.showAPIError(resp, {key: 'setup.blog-details'});
-                            });
-                        } else {
-                            this.toggleProperty('submitting');
-                            this.transitionToRoute('setup.three');
-                        }
+                        return this.afterAuthentication(result);
                    }).catch((error) => {
                        this._handleAuthenticationError(error);
                    });