Reset password signs the user in

Closes #4196
- Clear confidential info on leaving reset route
- Remove nested password access, because gross
- Also cleaned up some .then(f, h) to .then(f).catch(h) in setup controller
This commit is contained in:
Matt Enlow 2014-10-02 09:12:54 -06:00
parent 27fe725357
commit e27dd6f7df
5 changed files with 35 additions and 20 deletions

View File

@ -4,19 +4,32 @@ import ajax from 'ghost/utils/ajax';
import ValidationEngine from 'ghost/mixins/validation-engine';
var ResetController = Ember.Controller.extend(ValidationEngine, {
passwords: {
newPassword: '',
ne2Password: ''
},
ne2Password: '',
token: '',
submitButtonDisabled: false,
validationType: 'reset',
email: Ember.computed('token', function () {
// The token base64 encodes the email (and some other stuff),
// each section is divided by a '|'. Email comes second.
return atob(this.get('token')).split('|')[1];
}),
// Used to clear sensitive information
clearData: function () {
this.setProperties({
newPassword: '',
ne2Password: '',
token: ''
});
},
actions: {
submit: function () {
var self = this,
data = self.getProperties('passwords', 'token');
var credentials = this.getProperties('newPassword', 'ne2Password', 'token'),
self = this;
this.toggleProperty('submitting');
this.validate({format: false}).then(function () {
@ -24,16 +37,15 @@ var ResetController = Ember.Controller.extend(ValidationEngine, {
url: self.get('ghostPaths.url').api('authentication', 'passwordreset'),
type: 'PUT',
data: {
passwordreset: [{
newPassword: data.passwords.newPassword,
ne2Password: data.passwords.ne2Password,
token: data.token
}]
passwordreset: [credentials]
}
}).then(function (resp) {
self.toggleProperty('submitting');
self.notifications.showSuccess(resp.passwordreset[0].message, true);
self.transitionToRoute('signin');
self.get('session').authenticate('simple-auth-authenticator:oauth2-password-grant', {
identification: self.get('email'),
password: credentials.newPassword
});
}).catch(function (response) {
self.notifications.showAPIError(response);
self.toggleProperty('submitting');

View File

@ -36,11 +36,11 @@ var SetupController = Ember.ObjectController.extend(ValidationEngine, {
identification: self.get('email'),
password: self.get('password')
});
}, function (resp) {
}).catch(function (resp) {
self.toggleProperty('submitting');
self.notifications.showAPIError(resp);
});
}, function (errors) {
}).catch(function (errors) {
self.toggleProperty('submitting');
self.notifications.showErrors(errors);
});

View File

@ -11,6 +11,11 @@ var ResetRoute = Ember.Route.extend(styleBody, loadingIndicator, {
},
setupController: function (controller, params) {
controller.token = params.token;
},
// Clear out any sensitive information
deactivate: function () {
this._super();
this.controller.clearData();
}
});

View File

@ -1,10 +1,10 @@
<section class="reset-box js-reset-box fade-in">
<form id="reset" class="reset-form" method="post" novalidate="novalidate" {{action "submit" on="submit"}}>
<div class="password-wrap">
{{input value=passwords.newPassword class="password" type="password" placeholder="Password" name="newpassword" autofocus="autofocus" }}
{{input value=newPassword class="password" type="password" placeholder="Password" name="newpassword" autofocus="autofocus" }}
</div>
<div class="password-wrap">
{{input value=passwords.ne2Password class="password" type="password" placeholder="Confirm Password" name="ne2password" }}
{{input value=ne2Password class="password" type="password" placeholder="Confirm Password" name="ne2password" }}
</div>
<button class="btn btn-blue" type="submit" {{bind-attr disabled='submitButtonDisabled'}}>Reset Password</button>
</form>

View File

@ -1,9 +1,7 @@
var ResetValidator = Ember.Object.create({
check: function (model) {
var data = model.getProperties('passwords'),
p1 = data.passwords.newPassword,
p2 = data.passwords.ne2Password,
var p1 = model.get('newPassword'),
p2 = model.get('ne2Password'),
validationErrors = [];
if (!validator.equals(p1, p2)) {