mirror of
https://github.com/TryGhost/Ghost.git
synced 2024-12-12 16:14:25 +03:00
c84866dda7
- Fixed session invalidation for "locked" user - Currently Ghost API was returning 404 for users having status set to "locked". This lead the user to be stuck in Ghost-Admin with "Rousource Not Found" error message. - By returning 401 for non-"active" users it allows for the Ghost-Admin to redirect the user to "signin" screen where they would be instructed to reset their password - Fixed error message returned by session API - Instead of returning generic 'access' denied message when error happens during `User.check` we want to return more specific error thrown inside of the method, e.g.: 'accountLocked' or 'accountSuspended' - Fixed messaging for 'accountLocked' i18n, which not corresponds to the actual UI available to the end user - Added automatic password reset email to locked users on sign-in - uses alternative email for required password reset so it's clear that this is a security related reset and not a user-requested reset - Backported the auto sending of required password reset email to v2 sign-in route - used by 3rd party clients where the email is necessary for users to know why login is failing Co-authored-by: Kevin Ansfield <kevin@lookingsideways.co.uk> |
||
|---|---|---|
| .. | ||
| utils | ||
| actions.js | ||
| authentication.js | ||
| authors-public.js | ||
| config.js | ||
| db.js | ||
| images.js | ||
| index.js | ||
| integrations.js | ||
| invites.js | ||
| mail.js | ||
| notifications.js | ||
| oembed.js | ||
| pages-public.js | ||
| pages.js | ||
| posts-public.js | ||
| posts.js | ||
| preview.js | ||
| redirects.js | ||
| roles.js | ||
| schedules.js | ||
| session.js | ||
| settings-public.js | ||
| settings.js | ||
| site.js | ||
| slack.js | ||
| slugs.js | ||
| tags-public.js | ||
| tags.js | ||
| themes.js | ||
| users.js | ||
| webhooks.js | ||