Reset password signs the user in

Closes #4196 - Clear confidential info on leaving reset route - Remove nested password access, because gross - Also cleaned up some .then(f, h) to .then(f).catch(h) in setup controller
2025-01-05 18:34:39 +03:00 · 2014-10-02 09:12:54 -06:00 · 2014-10-02 09:12:54 -06:00 · e27dd6f7df
commit e27dd6f7df
parent 27fe725357
5 changed files with 35 additions and 20 deletions
--- a/core/client/controllers/reset.js
+++ b/core/client/controllers/reset.js
@ -4,19 +4,32 @@ import ajax from 'ghost/utils/ajax';
 import ValidationEngine from 'ghost/mixins/validation-engine';

 var ResetController = Ember.Controller.extend(ValidationEngine, {
-    passwords: {
-        newPassword: '',
-        ne2Password: ''
-    },
+    newPassword: '',
+    ne2Password: '',
    token: '',
    submitButtonDisabled: false,

    validationType: 'reset',

+    email: Ember.computed('token', function () {
+        // The token base64 encodes the email (and some other stuff),
+        // each section is divided by a '|'. Email comes second.
+        return atob(this.get('token')).split('|')[1];
+    }),
+
+    // Used to clear sensitive information
+    clearData: function () {
+        this.setProperties({
+            newPassword: '',
+            ne2Password: '',
+            token: ''
+        });
+    },
+
    actions: {
        submit: function () {
-            var self = this,
-                data = self.getProperties('passwords', 'token');
+            var credentials = this.getProperties('newPassword', 'ne2Password', 'token'),
+                self = this;

            this.toggleProperty('submitting');
            this.validate({format: false}).then(function () {
@ -24,16 +37,15 @@ var ResetController = Ember.Controller.extend(ValidationEngine, {
                    url: self.get('ghostPaths.url').api('authentication', 'passwordreset'),
                    type: 'PUT',
                    data: {
-                        passwordreset: [{
-                            newPassword: data.passwords.newPassword,
-                            ne2Password: data.passwords.ne2Password,
-                            token: data.token
-                        }]
+                        passwordreset: [credentials]
                    }
                }).then(function (resp) {
                    self.toggleProperty('submitting');
                    self.notifications.showSuccess(resp.passwordreset[0].message, true);
-                    self.transitionToRoute('signin');
+                    self.get('session').authenticate('simple-auth-authenticator:oauth2-password-grant', {
+                        identification: self.get('email'),
+                        password: credentials.newPassword
+                    });
                }).catch(function (response) {
                    self.notifications.showAPIError(response);
                    self.toggleProperty('submitting');
--- a/core/client/controllers/setup.js
+++ b/core/client/controllers/setup.js
@ -36,11 +36,11 @@ var SetupController = Ember.ObjectController.extend(ValidationEngine, {
                        identification: self.get('email'),
                        password: self.get('password')
                    });
-                }, function (resp) {
+                }).catch(function (resp) {
                    self.toggleProperty('submitting');
                    self.notifications.showAPIError(resp);
                });
-            }, function (errors) {
+            }).catch(function (errors) {
                self.toggleProperty('submitting');
                self.notifications.showErrors(errors);
            });
--- a/core/client/routes/reset.js
+++ b/core/client/routes/reset.js
@ -11,6 +11,11 @@ var ResetRoute = Ember.Route.extend(styleBody, loadingIndicator, {
    },
    setupController: function (controller, params) {
        controller.token = params.token;
+    },
+    // Clear out any sensitive information
+    deactivate: function () {
+        this._super();
+        this.controller.clearData();
    }
 });

--- a/core/client/templates/reset.hbs
+++ b/core/client/templates/reset.hbs
@ -1,10 +1,10 @@
 <section class="reset-box js-reset-box fade-in">
    <form id="reset" class="reset-form" method="post" novalidate="novalidate" {{action "submit" on="submit"}}>
        <div class="password-wrap">
-            {{input value=passwords.newPassword class="password" type="password" placeholder="Password" name="newpassword" autofocus="autofocus" }}
+            {{input value=newPassword class="password" type="password" placeholder="Password" name="newpassword" autofocus="autofocus" }}
        </div>
        <div class="password-wrap">
-            {{input value=passwords.ne2Password class="password" type="password" placeholder="Confirm Password" name="ne2password" }}
+            {{input value=ne2Password class="password" type="password" placeholder="Confirm Password" name="ne2password" }}
        </div>
        <button class="btn btn-blue" type="submit" {{bind-attr disabled='submitButtonDisabled'}}>Reset Password</button>
    </form>
--- a/core/client/validators/reset.js
+++ b/core/client/validators/reset.js
@ -1,9 +1,7 @@
 var ResetValidator = Ember.Object.create({
    check: function (model) {
-
-        var data = model.getProperties('passwords'),
-            p1 = data.passwords.newPassword,
-            p2 = data.passwords.ne2Password,
+        var p1 = model.get('newPassword'),
+            p2 = model.get('ne2Password'),
            validationErrors = [];

        if (!validator.equals(p1, p2)) {