mirror of
https://github.com/TryGhost/Ghost.git
synced 2025-01-07 03:22:21 +03:00
8630be5a87
closes https://github.com/TryGhost/Team/issues/865 Ghost now returns a forbidden error rather than an unauthorized error when saving whilst logged out so the session invalidation was not being triggered. - added forbidden check to ajax service to trigger session invalidation - added automatic retry of save in editor when re-authenticating - fixed re-population of user and proxy services when re-authenticating, it's not needed at that point because nothing has been cleared
77 lines
2.6 KiB
JavaScript
77 lines
2.6 KiB
JavaScript
import ModalComponent from 'ghost-admin/components/modal-base';
|
|
import ValidationEngine from 'ghost-admin/mixins/validation-engine';
|
|
import {htmlSafe} from '@ember/template';
|
|
import {isVersionMismatchError} from 'ghost-admin/services/ajax';
|
|
import {reads} from '@ember/object/computed';
|
|
import {inject as service} from '@ember/service';
|
|
import {task} from 'ember-concurrency';
|
|
|
|
export default ModalComponent.extend(ValidationEngine, {
|
|
config: service(),
|
|
notifications: service(),
|
|
session: service(),
|
|
|
|
validationType: 'signin',
|
|
|
|
authenticationError: null,
|
|
|
|
identification: reads('session.user.email'),
|
|
|
|
actions: {
|
|
confirm() {
|
|
this.reauthenticate.perform();
|
|
}
|
|
},
|
|
|
|
_authenticate() {
|
|
let session = this.session;
|
|
let authStrategy = 'authenticator:cookie';
|
|
let identification = this.identification;
|
|
let password = this.password;
|
|
|
|
session.set('skipAuthSuccessHandler', true);
|
|
|
|
this.toggleProperty('submitting');
|
|
|
|
return session.authenticate(authStrategy, identification, password).finally(() => {
|
|
this.toggleProperty('submitting');
|
|
session.set('skipAuthSuccessHandler', undefined);
|
|
});
|
|
},
|
|
|
|
_passwordConfirm() {
|
|
// Manually trigger events for input fields, ensuring legacy compatibility with
|
|
// browsers and password managers that don't send proper events on autofill
|
|
const inputs = document.querySelectorAll('#login input');
|
|
inputs.forEach(input => input.dispatchEvent(new Event('change')));
|
|
|
|
this.set('authenticationError', null);
|
|
|
|
return this.validate({property: 'signin'}).then(() => this._authenticate().then(() => {
|
|
this.notifications.closeAlerts();
|
|
this.send('closeModal');
|
|
return true;
|
|
}).catch((error) => {
|
|
if (error && error.payload && error.payload.errors) {
|
|
error.payload.errors.forEach((err) => {
|
|
if (isVersionMismatchError(err)) {
|
|
return this.notifications.showAPIError(error);
|
|
}
|
|
err.message = htmlSafe(err.context || err.message);
|
|
});
|
|
|
|
this.errors.add('password', 'Incorrect password');
|
|
this.hasValidated.pushObject('password');
|
|
this.set('authenticationError', error.payload.errors[0].message);
|
|
}
|
|
}), () => {
|
|
this.hasValidated.pushObject('password');
|
|
return false;
|
|
});
|
|
},
|
|
|
|
reauthenticate: task(function* () {
|
|
return yield this._passwordConfirm();
|
|
}).drop()
|
|
});
|