Commit Graph

24 Commits

Author SHA1 Message Date
Kevin Ansfield
12729bb469 Improved authentication timing in setup flow
https://github.com/TryGhost/Admin/pull/2286

- `session.authenticate()` returns from it's promise as soon as the authenticate request is completed but it was assumed that it returned after the `session.handleAuthentication()` promise was also completed. A side-effect of that was that depending on network timing, the setup flow could transition to the dashboard before we had loaded all of the necessary user, config, and settings requests
  - normally that's not a problem because `handleAuthentication()` kicks off a transition once authentication is fully complete, in the setup flow we're handling the transition manually so need a way to manage the full async flow from outside of the session service
  - it didn't show up as a problem previously because the setup flow transitioned to a third setup screen that didn't require all of the post-auth data to exist
- moved the async parts of `session.handleAuthentication()` into a task and updated to return the currently running task instance if one was already running
  - lets code that is relying on the full authentication flow to have completed call `await this.session.handleAuthentication()` without causing a double-load of the post-auth API requests
- updated setup flow
  - removed manual `session.populateUser()` call as that was a workaround for the async timing issue and caused a double-fetch of the current user API endpoint
  - added an `await this.session.handleAuthentication()` call to the manual post-auth handler so we don't transition until the full auth flow is complete
2022-03-10 11:53:37 +00:00
Kevin Ansfield
8b007802d4 🐛 Fixed login problems in Safari on private sites that have front-end/admin on different domains
no issue

- if the automatic private site login fails during post-auth setup, don't fully error because that will block Admin from loading properly
- the automatic login is a nice-to-have and making it look like it worked won't break anything that wouldn't already be broken when the browser is blocking x-domain requests
2021-11-09 15:38:58 +00:00
Rishabh Garg
65495b528f 🐛 Fixed settings previews not working in private site mode (#2128)
closes https://github.com/TryGhost/Team/issues/1161

- when a site is in private mode, design previews, the portal previews on membership, customize portal and offer pages were unable to load. 
- For design and theme previews, the request to fetch preview data was failing due to cors and cookie not attached when admin and frontend have split urls. 
- For portal and offer previews, there was no authentication done on private site before load, so if user opened the pages directly on them it failed to load the site.
- this change adds a new service that authenticates private site from admin as soon as user session is loaded, so previews on settings will always find the authenticated session for private sites and load correctly.
- it also updates fetch method for previews to include credentials so they are always able to fetch the site data after login
- removes authentication from site route since that was done as its now centrally taken care of by the frontend service
2021-10-28 18:29:41 +05:30
Kevin Ansfield
06e63d371c 🎨 Added ability to upload a feature image by drag and dropping an image file
refs https://github.com/TryGhost/Team/issues/884

Drop-to-upload functionality was lost in the first version of the new feature image uploader inside the main editor area, this adds it back in.

- fixed dropzone flickering issue by switching the event listeners to the capture rather than bubble phase so we can indicate a drag is occurring on the body without each individual drag/drop handler needing to know about it
- moved the event handler init/cleanup to the `ui` service
- moved the event handler init call to the application service as it no longer requires auth to have occurred for access to the labs flag setting
- removed the `featureImgDragDrop` labs flag
2021-08-31 14:21:25 +01:00
Kevin Ansfield
876c2b6cdd Added first pass at feature image drag+drop uploading
refs https://github.com/TryGhost/Team/issues/884

- add `[data-user-is-dragging]` to `body` element when any drag is occurring so that we can make drop zones active
- added dropzone and drop handling to feature image component
2021-07-16 15:01:00 +01:00
Kevin Ansfield
9bc799258d Fixed more tests
refs 8630be5a87

- referenced commit skipped current user and proxy service population when `skipAuthSuccessHandler` was set but the population is needed during setup
- `skipAuthSuccessHandler` is used for skipping the post-authentication transition rather than skipping all post-auth behaviour so the the post-auth behaviour was reintroduced but put in a guard so we don't try to do it again when it's already been run
2021-07-14 13:15:59 +01:00
Kevin Ansfield
8630be5a87 🐛 Fixed re-authenticate modal not showing when saving in editor
closes https://github.com/TryGhost/Team/issues/865

Ghost now returns a forbidden error rather than an unauthorized error when saving whilst logged out so the session invalidation was not being triggered.

- added forbidden check to ajax service to trigger session invalidation
- added automatic retry of save in editor when re-authenticating
- fixed re-population of user and proxy services when re-authenticating, it's not needed at that point because nothing has been cleared
2021-07-14 12:28:09 +01:00
Kevin Ansfield
c646e78fff Made session.user a synchronous property rather than a promise
no issue

Having `session.user` return a promise made dealing with it in components difficult because you always had to remember it returned a promise rather than a model and had to handle the async behaviour. It also meant that you couldn't use any current user properties directly inside getters which made refactors to Glimmer/Octane idioms harder to reason about.

`session.user` was a cached computed property so it really made no sense for it to be a promise - it was loaded on first access and then always returned instantly but with a fulfilled promise rather than the  underlying model.

Refactoring to a synchronous property that is loaded as part of the authentication flows (we load the current user to check that we're logged in - we may as well make use of that!) means one less thing to be aware of/remember and provides a nicer migration process to Glimmer components. As part of the refactor, the auth flows and pre-load of required data across other services was also simplified to make it easier to find and follow.

- refactored app setup and `session.user`
  - added `session.populateUser()` that fetches a user model from the current user endpoint and sets it on `session.user`
  - removed knowledge of app setup from the `cookie` authenticator and moved it into = `session.postAuthPreparation()`, this means we have the same post-authentication setup no matter which authenticator is used so we have more consistent behaviour in tests which don't use the `cookie` authenticator
  - switched `session` service to native class syntax to get the expected `super()` behaviour
  - updated `handleAuthentication()` so it populate's `session.user` and performs post-auth setup before transitioning (handles sign-in after app load)
  - updated `application` route to remove duplicated knowledge of app preload behaviour that now lives in `session.postAuthPreparation()` (handles already-authed app load)
  - removed out-of-date attempt at pre-loading data from setup controller as that's now handled automatically via `session.handleAuthentication`
- updated app code to not treat `session.user` as a promise
  - predominant usage was router `beforeModel` hooks that transitioned users without valid permissions, this sets us up for an easier removal of the `current-user-settings` mixin in the future
2021-07-08 14:54:31 +01:00
Kevin Ansfield
cf7a763199 Removed usage of deprecated EmberSimpleAuth mixins (#1910)
refs https://github.com/TryGhost/Admin/pull/1901

Ember has deprecated mixins in preparation for 4.0 and `ember-simple-auth` has now done the same in 3.1.0.

- removed all imports of Ember Simple Auth mixins
- moved authenticated and invalidated handling from application route to session service
- moved server-notification loading from application route to session service
- updated `AuthenticatedRoute` to use the session service directly rather than authenticated route mixin
- added `UnauthenticatedRoute` that incorporates the behaviour from our overridden `UnauthenticatedRouteMixin` and switches to using the session service directly
2021-04-12 13:21:57 +01:00
Kevin Ansfield
457a8e2955 🎨 Added auto-login to private site when viewing site preview in admin (#1286)
closes https://github.com/TryGhost/Ghost/issues/10995

- when first loading the site preview, if private mode is enabled submit the login form in the background to get the cookie before loading the iframe
- refactors post-authentication preloading to ensure it occurs before post-authentication route hooks are called
- adds `showSuccess` attribute to `<GhTaskButton>` so that when set to `false` it can stay in the running state after "success" to avoid state change flashes whilst waiting for a transition
2019-08-12 09:11:10 +01:00
Kevin Ansfield
dbbc4f5fa4 🐛 Fixed error after logging in from a nested admin URL
closes https://github.com/TryGhost/Ghost/issues/10629
- the error was occurring due to `session.user` CP being populated with a rejected promise when attempting to access the first route. The CP has no dependent key so any further attempts to access `session.user` would be rejected
- marking the CP as "changed" immediately after logging in means that the next request will create a new promise and successfully fetch the user
2019-03-25 13:01:58 +00:00
Kevin Ansfield
352c4af1d7 Refactored usage of .get('property') with es5 getters
no issue
- ran [es5-getter-ember-codemod](https://github.com/rondale-sc/es5-getter-ember-codemod)
- [es5 getters RFC](https://github.com/emberjs/rfcs/blob/master/text/0281-es5-getters.md)
- updates the majority of `object.get('property')` with `object.property` with exceptions:
  - `.get('nested.property')` - it's not possible to determine if this is relying on "safe" path chaining for when `nested` doesn't exist
  - `.get('config.x')` and `.get('settings.x')` - both our `config` and `settings` services are proxy objects which do not support es5 getters
- this PR is not exhaustive, there are still a number of places where `.get('service.foo')` and similar could be replaced but it gets us a long way there in a quick and automated fashion
2019-03-06 13:54:14 +00:00
Kevin Ansfield
73daa80b7f Migrate to latest ember, ember-mocha and modern ember testing (#1044)
no issue
- upgrade to latest `ember-source` and related dependencies including `ember-cli`
- upgrade to latest `ember-mocha` and modern ember testing setup
    - https://github.com/emberjs/rfcs/blob/master/text/0268-acceptance-testing-refactor.md
    - switch from using global acceptance test helpers and `native-dom-helpers` to using the new `ember-test-helpers` methods
    - use [`chai-dom`](https://github.com/nathanboktae/chai-dom) assertions where in some places (still a lot of places in the tests that could use these)
- pin `ember-in-viewport` to 3.0.x to work around incompatibilities between different versions used in `ember-light-table`, `ember-infinity`, and `ember-sticky-element`
    - incompatibilities manifested as "Invalid value used as weak map key" errors thrown when using `ember-light-table` (subscribers screen)
- pin `ember-power-datepicker` to unreleased version that contains a move from global acceptance test helpers to modern test helpers
2019-01-02 09:58:55 +00:00
Kevin Ansfield
a85f5fae35 Switch to eslint-plugin-ghost extending plugin:ghost/ember
no issue
- fix lint errors in lib/gh-koenig
- fix ghost:base eslint errors
- update ember plugin refs, remove ember-suave plugin refs
- remove old jshint refs
- add `lint:js` script
- switch to `eslint-plugin-ghost` extending `plugin:ghost/ember`
2018-01-12 12:17:56 +00:00
Kevin Ansfield
9adbcd1fd0 Match service/controller import to ember-modules-codemod style for consistency
no issue

Automated tools, code generators, and editor integrations are increasingly standardising on the import style used in `ember-modules-codemod`. Our import style differed a little with regards to service/controller injection imports which meant we were starting to see inconsistent naming.
2017-10-30 09:38:01 +00:00
Kevin Ansfield
983110d931 Switched from ember-cli-shims to new module imports (#779)
no issue

- add eslint-plugin-ember, configure no-old-shims rule
- run `eslint --fix` on `app`, `lib`, `mirage`, and `tests` to move imports to the new module imports
- further cleanup of Ember globals usage
- remove event-dispatcher initializer now that `canDispatchToEventManager` is deprecated
2017-08-22 14:53:26 +07:00
Kevin Ansfield
05a3a11855 welcome tour (#527)
refs https://github.com/TryGhost/Ghost/issues/5168
- adds a `tour` service that handles syncing and management of tour throbbers & content
- adds a `gh-tour-item` component that handles the display of a throbber and it's associated popover when clicked
- uses settings API endpoint to populate viewed tour items on app boot/signin
- adds `liquid-tether@2.0.3` dependency for attaching throbbers and popups
- adds initial tour contents
2017-06-08 22:00:10 +07:00
Kevin Ansfield
cb59388c5b 💄🐷 sort-imports eslint rule (#712)
no issue

- adds `eslint-plugin-sort-imports-es6-autofix` dependency
  - implements ESLint's base `sort-imports` rule but has a distinction in that `import {foo} from 'bar';` is considered `multiple` rather than `single`
  - fixes ESLint's autofix behaviour so `eslint --fix` will actually fix the sort order
- updates all unordered import rules by using `eslint --fix`

With the increased number of `import` statements since Ember+ecosystem started moving towards es6 modules I've found it frustrating at times trying to search through randomly ordered import statements. Recently I've been sorting imports manually when I've added new code or touched old code so I thought I'd add an ESLint rule to codify it.
2017-05-29 20:50:03 +02:00
Austin Burdine
dfd6d444c3 fix test warnings (#492)
- fix ember-data complex default value returning in post model
- fix mirage returning a user of id 'me' from /user/me
2017-01-13 21:14:54 +00:00
Austin Burdine
f53c7dfc88 convert ember imports to ember-cli-shim imports where possible (#95) 2016-06-30 11:21:47 +01:00
Kevin Ansfield
2da6673197 Synchronous feature service
supersedes #6773
- update `feature` service and `gh-feature-flag` component to work synchronously rather than async
- use the application route's `afterModel` hook so that settings are loaded before first load
- override `session` service's `authenticate` method to load the settings after successful authentication before any other routes are processed
2016-05-07 15:00:06 +02:00
Austin Burdine
3154dfe988 cleanup usage of Ember.inject 2016-01-19 07:03:27 -06:00
Kevin Ansfield
2f4f6db133 Use es6 across client and add ember-suave to enforce rules
no issue
- add ember-suave dependency
- upgrade grunt-jscs dependency
- add a new .jscsrc for the client's tests directory that extends from client's base .jscsrc
- separate client tests in Gruntfile jscs task so they pick up the test's .jscsrc
- standardize es6 usage across client
2015-11-30 10:41:01 +00:00
Austin Burdine
511d5d9b4c deps: ember-simple-auth@1.0.0
closes #5951
- update to esa 1.0
2015-10-18 13:17:02 -05:00