mirror of
https://github.com/TryGhost/Ghost.git
synced 2024-11-29 15:12:58 +03:00
a258e3d881
issue TryGhost/Ghost#7452, requires TryGhost/Ghost#7451 - use a `ghostOAuth` config flag to switch between the old-style per-install auth and centralized OAuth auth based on config provided by the server - add OAuth flows for: - setup - sign-in - sign-up - re-authenticate - add custom `oauth-ghost` authenticator to support our custom data structure - add test helpers to stub successful/failed oauth authentication - hide change password form if using OAuth (temporary - a way to change password via oauth provider will be added later)
144 lines
5.6 KiB
JavaScript
144 lines
5.6 KiB
JavaScript
import Route from 'ember-route';
|
|
import RSVP from 'rsvp';
|
|
import injectService from 'ember-service/inject';
|
|
import EmberObject from 'ember-object';
|
|
import {assign} from 'ember-platform';
|
|
import {
|
|
VersionMismatchError,
|
|
isVersionMismatchError
|
|
} from 'ghost-admin/services/ajax';
|
|
|
|
import DS from 'ember-data';
|
|
import Configuration from 'ember-simple-auth/configuration';
|
|
import styleBody from 'ghost-admin/mixins/style-body';
|
|
|
|
const {Promise} = RSVP;
|
|
const {Errors} = DS;
|
|
|
|
export default Route.extend(styleBody, {
|
|
classNames: ['ghost-signup'],
|
|
|
|
ghostPaths: injectService(),
|
|
notifications: injectService(),
|
|
session: injectService(),
|
|
ajax: injectService(),
|
|
|
|
beforeModel() {
|
|
this._super(...arguments);
|
|
|
|
if (this.get('session.isAuthenticated')) {
|
|
this.get('notifications').showAlert('You need to sign out to register as a new user.', {type: 'warn', delayed: true, key: 'signup.create.already-authenticated'});
|
|
this.transitionTo(Configuration.routeIfAlreadyAuthenticated);
|
|
}
|
|
},
|
|
|
|
model(params) {
|
|
let model = EmberObject.create();
|
|
let re = /^(?:[A-Za-z0-9_\-]{4})*(?:[A-Za-z0-9_\-]{2}|[A-Za-z0-9_\-]{3})?$/;
|
|
let email,
|
|
tokenText;
|
|
|
|
return new Promise((resolve) => {
|
|
if (!re.test(params.token)) {
|
|
this.get('notifications').showAlert('Invalid token.', {type: 'error', delayed: true, key: 'signup.create.invalid-token'});
|
|
|
|
return resolve(this.transitionTo('signin'));
|
|
}
|
|
|
|
tokenText = atob(params.token);
|
|
email = tokenText.split('|')[1];
|
|
|
|
model.set('email', email);
|
|
model.set('token', params.token);
|
|
model.set('errors', Errors.create());
|
|
|
|
let authUrl = this.get('ghostPaths.url').api('authentication', 'invitation');
|
|
|
|
return this.get('ajax').request(authUrl, {
|
|
dataType: 'json',
|
|
data: {
|
|
email
|
|
}
|
|
}).then((response) => {
|
|
if (response && response.invitation && response.invitation[0].valid === false) {
|
|
this.get('notifications').showAlert('The invitation does not exist or is no longer valid.', {type: 'warn', delayed: true, key: 'signup.create.invalid-invitation'});
|
|
|
|
return resolve(this.transitionTo('signin'));
|
|
}
|
|
|
|
model.set('invitedBy', response.invitation[0].invitedBy);
|
|
|
|
resolve(model);
|
|
}).catch(() => {
|
|
resolve(model);
|
|
});
|
|
});
|
|
},
|
|
|
|
deactivate() {
|
|
this._super(...arguments);
|
|
|
|
// clear the properties that hold the sensitive data from the controller
|
|
this.controllerFor('signup').setProperties({email: '', password: '', token: ''});
|
|
},
|
|
|
|
actions: {
|
|
authenticateWithGhostOrg() {
|
|
let authStrategy = 'authenticator:oauth2-ghost';
|
|
let inviteToken = this.get('controller.model.token');
|
|
let email = this.get('controller.model.email');
|
|
|
|
this.toggleProperty('controller.loggingIn');
|
|
this.set('controller.flowErrors', '');
|
|
|
|
this.get('torii')
|
|
.open('ghost-oauth2', {email, type: 'invite'})
|
|
.then((authentication) => {
|
|
let _authentication = assign({}, authentication, {inviteToken});
|
|
this.send('authenticate', authStrategy, [_authentication]);
|
|
})
|
|
.catch(() => {
|
|
this.toggleProperty('controller.loggingIn');
|
|
this.set('controller.flowErrors', 'Authentication with Ghost.org denied or failed');
|
|
});
|
|
},
|
|
|
|
// TODO: this is duplicated with the signin route - maybe extract into a mixin?
|
|
authenticate(strategy, authentication) {
|
|
// Authentication transitions to posts.index, we can leave spinner running unless there is an error
|
|
this.get('session')
|
|
.authenticate(strategy, ...authentication)
|
|
.catch((error) => {
|
|
this.toggleProperty('controller.loggingIn');
|
|
|
|
if (error && error.errors) {
|
|
// we don't get back an ember-data/ember-ajax error object
|
|
// back so we need to pass in a null status in order to
|
|
// test against the payload
|
|
if (isVersionMismatchError(null, error)) {
|
|
let versionMismatchError = new VersionMismatchError(error);
|
|
return this.get('notifications').showAPIError(versionMismatchError);
|
|
}
|
|
|
|
error.errors.forEach((err) => {
|
|
err.message = err.message.htmlSafe();
|
|
});
|
|
|
|
this.set('controller.flowErrors', error.errors[0].message.string);
|
|
|
|
if (error.errors[0].message.string.match(/user with that email/)) {
|
|
this.get('controller.model.errors').add('identification', '');
|
|
}
|
|
|
|
if (error.errors[0].message.string.match(/password is incorrect/)) {
|
|
this.get('controller.model.errors').add('password', '');
|
|
}
|
|
} else {
|
|
// Connection errors don't return proper status message, only req.body
|
|
this.get('notifications').showAlert('There was a problem on the server.', {type: 'error', key: 'session.authenticate.failed'});
|
|
}
|
|
});
|
|
}
|
|
}
|
|
});
|