Infrastructure/ghost
0
Fork 0
mirror of https://github.com/TryGhost/Ghost.git synced 2025-01-13 22:41:32 -05:00
Code Issues Activity
ghost/core/server/controllers/admin.js

409 lines
14 KiB
JavaScript
Raw Normal View History

remove ghost.settings and ghost.notifications covers 90% of #755 - moved ghost.settings to api.settings - moved ghost.notifications to api.notifications - split up api/index.js to notifications.js, posts.js, settings.js, tags.js and users.js - added instance.globals as temp workaround for blogglobals (Known issue: blog title and blog description are updated after restart only) - added webroot to config() to remove `var root = ...` - changed `e` and `url` helper to async - updated tests
2013-12-06 09:51:35 +01:00
var config = require('../config'),
Replace underscore with lodash.
2014-02-05 00:40:30 -08:00
_ = require('lodash'),
Cleanup indentation and quotes Aligns all requirements vertically for easier reading + adds single quote standard consistently throughout Ghost, except in long strings.
2013-09-24 12:46:30 +02:00
path = require('path'),
Improved Password Reset Tool Closes #1471 - add api and User model methods for generating and validating tokens - add routes and handlers for reset password pages - add client styles and views for reset password form - some basic integration tests for User model methods
2013-11-21 21:17:38 -06:00
when = require('when'),
Cleanup indentation and quotes Aligns all requirements vertically for easier reading + adds single quote standard consistently throughout Ghost, except in long strings.
2013-09-24 12:46:30 +02:00
api = require('../api'),
This commit removes a lot of code from ghost.js, including: Move helper functions registerThemeHelper and registerAsyncThemeHelper to the helpers module. Also update the app proxy object to reflect this new code location, and the tests to reflect that as well Create ./sore/server/filters which houses all filter related behavior. Was previously on the ghost singleton. Also create the filters_spec file for testing and update all code and tests to use new code location. Create ./sore/server/helpers/template which houses all template related behavior. Was previously on the ghost singleton. Also create the helpers_template_spec file for testing and update all code and tests to use new code location. Move ghost.mail instance onto the mail module directly and update related code and tests to use new location Move Polyglot instance onto require module directly Move ghost.availablePlugins to plugins module directly
2013-11-27 21:45:01 -05:00
mailer = require('../mail'),
Cleanup indentation and quotes Aligns all requirements vertically for easier reading + adds single quote standard consistently throughout Ghost, except in long strings.
2013-09-24 12:46:30 +02:00
errors = require('../errorHandling'),
image upload controller refactor issue #635 - upload controller shouldn't assume fs - filesystem module proxies all the fs work - proxies and exposes middleware for serving images - creating a date based path and unique filename is a base object util - unit tests updated
2013-11-07 16:00:39 +00:00
storage = require('../storage'),
Add update notifications closes #1464 - adds opt-out via updateCheck:false in config.js - update check is done on admin index, but doesn't interfere with rendering - adds update check module, which gets the usage data, makes the request and handles the response - adds two new settings to default-settings, one for next check time, and one for whether to show the notification - adds a new rejectError method to errorHandling - adds a new helper for displaying the notification Conflicts: core/server/helpers/index.js core/test/unit/server_helpers_index_spec.js
2014-01-03 15:50:03 +00:00
updateCheck = require('../update-check'),
Cleanup indentation and quotes Aligns all requirements vertically for easier reading + adds single quote standard consistently throughout Ghost, except in long strings.
2013-09-24 12:46:30 +02:00
issue #58 - removing the iiwf Function wrapper and use strict pragma removed from all node files
2013-06-25 12:43:15 +01:00
adminNavbar,
Added brute force protection to login Closes half of #468 * adds a 2 second limit until you can retry logging in, otherwise sends you a 401. * bounce: 2ms, checks the pw: 254ms on my machine * added a test to the casper suite
2013-08-22 20:48:36 +01:00
adminControllers,
loginSecurity = [];
Initial commit to GitHub repo
2013-05-11 17:44:25 +01:00
issue #58 - removing the iiwf Function wrapper and use strict pragma removed from all node files
2013-06-25 12:43:15 +01:00
adminNavbar = {
content: {
name: 'Content',
navClass: 'content',
key: 'admin.navbar.content',
Temporarily removed the Dashboard and all references This also updates the CasperJS to match the new changes.
2013-09-11 15:38:09 +01:00
path: '/'
issue #58 - removing the iiwf Function wrapper and use strict pragma removed from all node files
2013-06-25 12:43:15 +01:00
},
add: {
name: 'New Post',
navClass: 'editor',
key: 'admin.navbar.editor',
path: '/editor/'
},
settings: {
name: 'Settings',
navClass: 'settings',
key: 'admin.navbar.settings',
path: '/settings/'
}
};
Initial commit to GitHub repo
2013-05-11 17:44:25 +01:00
Added brute force protection to login Closes half of #468 * adds a 2 second limit until you can retry logging in, otherwise sends you a 401. * bounce: 2ms, checks the pw: 254ms on my machine * added a test to the casper suite
2013-08-22 20:48:36 +01:00
Fixing up some inconsistent TODO: items.
2013-06-25 17:58:26 +01:00
// TODO: make this a util or helper
issue #58 - removing the iiwf Function wrapper and use strict pragma removed from all node files
2013-06-25 12:43:15 +01:00
function setSelected(list, name) {
_.each(list, function (item, key) {
item.selected = key === name;
#25: admin navbar and filter
2013-05-29 01:10:39 +01:00
});
issue #58 - removing the iiwf Function wrapper and use strict pragma removed from all node files
2013-06-25 12:43:15 +01:00
return list;
}
#25: admin navbar and filter
2013-05-29 01:10:39 +01:00
issue #58 - removing the iiwf Function wrapper and use strict pragma removed from all node files
2013-06-25 12:43:15 +01:00
adminControllers = {
Cleanup naming & order in admin controller no issue There seemed to be no convention or order to the functions in the admin controller, so I have: - organised them - reordered them - added a small doc-block - reordered some routes - updated tests accordingly
2014-02-25 10:51:12 +00:00
// Route: index
// Path: /ghost/
// Method: GET
'index': function (req, res) {
/*jslint unparam:true*/
function renderIndex() {
res.render('content', {
bodyClass: 'manage',
adminNav: setSelected(adminNavbar, 'content')
});
}
when.join(
updateCheck(res),
when(renderIndex())
// an error here should just get logged
).otherwise(errors.logError);
},
'content': function (req, res) {
/*jslint unparam:true*/
res.render('content', {
bodyClass: 'manage',
adminNav: setSelected(adminNavbar, 'content')
});
},
// Route: editor
// Path: /ghost/editor(/:id)?/
// Method: GET
'editor': function (req, res) {
if (req.params.id !== undefined) {
res.render('editor', {
bodyClass: 'editor',
adminNav: setSelected(adminNavbar, 'content')
});
} else {
res.render('editor', {
bodyClass: 'editor',
adminNav: setSelected(adminNavbar, 'add')
});
}
},
// Route: settings
// path: /ghost/settings/(*/)?
// Method: GET
'settings': function (req, res, next) {
// TODO: Centralise list/enumeration of settings panes, so we don't run into trouble in future.
Fixing typo in allowedSections for allowed pages under settings
2014-03-02 12:46:03 +01:00
var allowedSections = ['', 'general', 'user', 'apps'],
Cleanup naming & order in admin controller no issue There seemed to be no convention or order to the functions in the admin controller, so I have: - organised them - reordered them - added a small doc-block - reordered some routes - updated tests accordingly
2014-02-25 10:51:12 +00:00
section = req.url.replace(/(^\/ghost\/settings[\/]*|\/$)/ig, '');
if (allowedSections.indexOf(section) < 0) {
return next();
}
res.render('settings', {
bodyClass: 'settings',
adminNav: setSelected(adminNavbar, 'settings')
});
},
// Route: debug
// path: /ghost/debug/
// Method: GET
'debug': {
index: function (req, res) {
/*jslint unparam:true*/
res.render('debug', {
bodyClass: 'settings',
adminNav: setSelected(adminNavbar, 'settings')
});
Remove res.redirect from db.exportContent closes #1654 - added frontend route /ghost/export/ - removed request handling from API
2014-02-27 16:48:38 +01:00
},
// frontend route for downloading a file
exportContent: function (req, res) {
Added user to export call fixes #2612 - added user to db.exportContent()
2014-04-18 09:21:16 +02:00
api.db.exportContent.call({user: req.session.user}).then(function (exportData) {
Remove res.redirect from db.exportContent closes #1654 - added frontend route /ghost/export/ - removed request handling from API
2014-02-27 16:48:38 +01:00
// send a file to the client
res.set('Content-Disposition', 'attachment; filename="GhostData.json"');
res.json(exportData);
}).otherwise(function (err) {
var notification = {
type: 'error',
Add permissions to API closes #2264 - added permissions check to db, users and posts - added register method to users - added doesUserExist method to users - added user from session to internal calls - changed permissible to overwrite canThis - removed action map and action type from permissable method
2014-04-08 15:40:33 +02:00
message: 'Your export file could not be generated. Error: ' + err.message,
Remove res.redirect from db.exportContent closes #1654 - added frontend route /ghost/export/ - removed request handling from API
2014-02-27 16:48:38 +01:00
status: 'persistent',
id: 'errorexport'
};
errors.logError(err, 'admin.js', "Your export file could not be generated.");
return api.notifications.add(notification).then(function () {
res.redirect(config().paths.subdir + '/ghost/debug');
});
});
Cleanup naming & order in admin controller no issue There seemed to be no convention or order to the functions in the admin controller, so I have: - organised them - reordered them - added a small doc-block - reordered some routes - updated tests accordingly
2014-02-25 10:51:12 +00:00
}
},
// Route: upload
// Path: /ghost/upload/
// Method: POST
'upload': function (req, res) {
Moving file system storage to a module issue #635 - refactored file system storage into module - convert save to return a promise - convert admin controller to use storage module
2013-09-28 14:54:26 +01:00
var type = req.files.uploadimage.type,
fixes extensions bug for image uploader - extensions set to lowercase - changed navigation images to hyphenated names and corrected references
2013-08-13 21:04:07 +01:00
ext = path.extname(req.files.uploadimage.name).toLowerCase(),
image upload controller refactor issue #635 - upload controller shouldn't assume fs - filesystem module proxies all the fs work - proxies and exposes middleware for serving images - creating a date based path and unique filename is a base object util - unit tests updated
2013-11-07 16:00:39 +00:00
store = storage.get_storage();
Moving file system storage to a module issue #635 - refactored file system storage into module - convert save to return a promise - convert admin controller to use storage module
2013-09-28 14:54:26 +01:00
Add support for SVG images
2013-11-12 11:37:54 -07:00
if ((type !== 'image/jpeg' && type !== 'image/png' && type !== 'image/gif' && type !== 'image/svg+xml')
|| (ext !== '.jpg' && ext !== '.jpeg' && ext !== '.png' && ext !== '.gif' && ext !== '.svg' && ext !== '.svgz')) {
Moving file system storage to a module issue #635 - refactored file system storage into module - convert save to return a promise - convert admin controller to use storage module
2013-09-28 14:54:26 +01:00
return res.send(415, 'Unsupported Media Type');
}
Added image upload reusable plugin issue #40 and issue #280 - Adds uploader jquery plugin - includes settings for enabling/disabling upload progress bar - adds routing for image uploads - adds directories by year and month based on upload date - Implements plugin on settings - general pane - Implements plugin on editor - adjusted general tab to save uploaded image src TODO: - Add error handling - Storing information on editor - Add events
2013-08-05 18:31:29 +01:00
image upload controller refactor issue #635 - upload controller shouldn't assume fs - filesystem module proxies all the fs work - proxies and exposes middleware for serving images - creating a date based path and unique filename is a base object util - unit tests updated
2013-11-07 16:00:39 +00:00
store
.save(req.files.uploadimage)
Moving file system storage to a module issue #635 - refactored file system storage into module - convert save to return a promise - convert admin controller to use storage module
2013-09-28 14:54:26 +01:00
.then(function (url) {
image upload controller refactor issue #635 - upload controller shouldn't assume fs - filesystem module proxies all the fs work - proxies and exposes middleware for serving images - creating a date based path and unique filename is a base object util - unit tests updated
2013-11-07 16:00:39 +00:00
return res.send(url);
Moving file system storage to a module issue #635 - refactored file system storage into module - convert save to return a promise - convert admin controller to use storage module
2013-09-28 14:54:26 +01:00
})
.otherwise(function (e) {
Improve errors on image upload
2014-01-11 13:40:21 +00:00
errors.logError(e);
return res.send(500, e.message);
Added image upload reusable plugin issue #40 and issue #280 - Adds uploader jquery plugin - includes settings for enabling/disabling upload progress bar - adds routing for image uploads - adds directories by year and month based on upload date - Implements plugin on settings - general pane - Implements plugin on editor - adjusted general tab to save uploaded image src TODO: - Add error handling - Storing information on editor - Add events
2013-08-05 18:31:29 +01:00
});
},
Cleanup naming & order in admin controller no issue There seemed to be no convention or order to the functions in the admin controller, so I have: - organised them - reordered them - added a small doc-block - reordered some routes - updated tests accordingly
2014-02-25 10:51:12 +00:00
// Route: signout
// Path: /ghost/signout/
// Method: GET
'signout': function (req, res) {
req.session.destroy();
var notification = {
type: 'success',
message: 'You were successfully signed out',
status: 'passive',
id: 'successlogout'
};
return api.notifications.add(notification).then(function () {
res.redirect(config().paths.subdir + '/ghost/signin/');
});
},
// Route: signin
// Path: /ghost/signin/
// Method: GET
'signin': function (req, res) {
Remove unparam:true from jslint config in Gruntfile.js issue #1365 - added /*jslint unparam:true*/ to functions where absolutely necessary - added /*jslint unparam:true*/ to functions in which keeping parameter list added clarity to the underlying api, even when those parameters are not currently used - removed unused parameters in a few places
2013-10-31 14:02:34 -04:00
/*jslint unparam:true*/
Improved Auth screen markup and validation checks * Signup now focuses on 'name' on load * Fixed fade in on auth forms to work with `display: table` * The 'name' field is required on Sign up forms * The length check on the Signup form is in order of inputs * Added check for password length * Changed the auth form class names to better represent individual pages * Updated CasperJS tests
2013-09-12 09:59:58 +01:00
res.render('login', {
issue #58 - removing the iiwf Function wrapper and use strict pragma removed from all node files
2013-06-25 12:43:15 +01:00
bodyClass: 'ghost-login',
hideNavbar: true,
adminNav: setSelected(adminNavbar, 'login')
Initial commit to GitHub repo
2013-05-11 17:44:25 +01:00
});
issue #58 - removing the iiwf Function wrapper and use strict pragma removed from all node files
2013-06-25 12:43:15 +01:00
},
Cleanup naming & order in admin controller no issue There seemed to be no convention or order to the functions in the admin controller, so I have: - organised them - reordered them - added a small doc-block - reordered some routes - updated tests accordingly
2014-02-25 10:51:12 +00:00
// Route: doSignin
// Path: /ghost/signin/
// Method: POST
'doSignin': function (req, res) {
remove ghost.settings and ghost.notifications covers 90% of #755 - moved ghost.settings to api.settings - moved ghost.notifications to api.notifications - split up api/index.js to notifications.js, posts.js, settings.js, tags.js and users.js - added instance.globals as temp workaround for blogglobals (Known issue: blog title and blog description are updated after restart only) - added webroot to config() to remove `var root = ...` - changed `e` and `url` helper to async - updated tests
2013-12-06 09:51:35 +01:00
var currentTime = process.hrtime()[0],
Remove successful login connections from the auth throttle list - once a user has successfully logged into ghost they no longer are a malicious user and as such their IP address should be removed from the array of login attempts - should also reduce the memory usage of Ghost as the loginSecurity array gets pruned upon every successful login - this also fixes a race condition i was experiencing during functional tests wherein i would receive the login throttle message during regular testing. Seems my machine is able to run casper fast enough that it could complete each test under an amount of time that tripped the login throttle message.
2014-01-04 21:46:15 -05:00
remoteAddress = req.connection.remoteAddress,
Added brute force protection to login Closes half of #468 * adds a 2 second limit until you can retry logging in, otherwise sends you a 401. * bounce: 2ms, checks the pw: 254ms on my machine * added a test to the casper suite
2013-08-22 20:48:36 +01:00
denied = '';
loginSecurity = _.filter(loginSecurity, function (ipTime) {
return (ipTime.time + 2 > currentTime);
});
denied = _.find(loginSecurity, function (ipTime) {
Remove successful login connections from the auth throttle list - once a user has successfully logged into ghost they no longer are a malicious user and as such their IP address should be removed from the array of login attempts - should also reduce the memory usage of Ghost as the loginSecurity array gets pruned upon every successful login - this also fixes a race condition i was experiencing during functional tests wherein i would receive the login throttle message during regular testing. Seems my machine is able to run casper fast enough that it could complete each test under an amount of time that tripped the login throttle message.
2014-01-04 21:46:15 -05:00
return (ipTime.ip === remoteAddress);
issue #58 - removing the iiwf Function wrapper and use strict pragma removed from all node files
2013-06-25 12:43:15 +01:00
});
Added brute force protection to login Closes half of #468 * adds a 2 second limit until you can retry logging in, otherwise sends you a 401. * bounce: 2ms, checks the pw: 254ms on my machine * added a test to the casper suite
2013-08-22 20:48:36 +01:00
if (!denied) {
Remove successful login connections from the auth throttle list - once a user has successfully logged into ghost they no longer are a malicious user and as such their IP address should be removed from the array of login attempts - should also reduce the memory usage of Ghost as the loginSecurity array gets pruned upon every successful login - this also fixes a race condition i was experiencing during functional tests wherein i would receive the login throttle message during regular testing. Seems my machine is able to run casper fast enough that it could complete each test under an amount of time that tripped the login throttle message.
2014-01-04 21:46:15 -05:00
loginSecurity.push({ip: remoteAddress, time: currentTime});
Added brute force protection to login Closes half of #468 * adds a 2 second limit until you can retry logging in, otherwise sends you a 401. * bounce: 2ms, checks the pw: 254ms on my machine * added a test to the casper suite
2013-08-22 20:48:36 +01:00
api.users.check({email: req.body.email, pw: req.body.password}).then(function (user) {
Replace cookieSession with session - changed cookieSession to session - added session.regenerate for login and logout - added bookshelf session store - added session table to database - added import for databaseVersion 001 - added grunt task test-api - cleanup of gruntfile to start express when needed only - moved api tests to functional tests
2013-11-24 15:29:36 +01:00
req.session.regenerate(function (err) {
if (!err) {
req.session.user = user.id;
Improve bootstrap flow of a Ghost application addresses #1789, #1364 - Moves ./core/server/loader -> ./core/bootstrap. The bootstrap file is only accessed once during startup, and it’s sole job is to ensure a config.js file exists (creating one if it doesn’t) and then validates the contents of the config file. Since this is directly related to the initializing the application is is appropriate to have it in the ./core folder, named bootstrap as that is what it does. This also improves the dependency graph, as now the bootstrap file require’s the ./core/server/config module and is responsible for passing in the validated config file. Whereas before we had ./core/server/config require’ing ./core/server/loader and running its init code and then passing that value back to itself, the flow is now more straight forward of ./core/bootstrap handling initialization and then instatiation of config module - Merges ./core/server/config/paths into ./core/server/config This flow was always confusing me to that some config options were on the config object, and some were on the paths object. This change now incorporates all of the variables previously defined in config/paths directly into the config module, and in extension, the config.js file. This means that you now have the option of deciding at startup where the content directory for ghost should reside. - broke out loader tests in config_spec to bootstrap_spec - updated all relevant files to now use config().paths - moved urlFor and urlForPost function into ./server/config/url.js
2014-01-05 01:40:53 -05:00
var redirect = config().paths.subdir + '/ghost/';
Fix several redirects in frontend and admin refs #527
2013-11-27 02:31:27 +00:00
if (req.body.redirect) {
redirect += decodeURIComponent(req.body.redirect);
}
General cleanup - Cleanup some todos, comments, and unused variables
2014-01-19 21:08:39 +00:00
// If this IP address successfully logs in we
Remove successful login connections from the auth throttle list - once a user has successfully logged into ghost they no longer are a malicious user and as such their IP address should be removed from the array of login attempts - should also reduce the memory usage of Ghost as the loginSecurity array gets pruned upon every successful login - this also fixes a race condition i was experiencing during functional tests wherein i would receive the login throttle message during regular testing. Seems my machine is able to run casper fast enough that it could complete each test under an amount of time that tripped the login throttle message.
2014-01-04 21:46:15 -05:00
// can remove it from the array of failed login attempts.
loginSecurity = _.reject(loginSecurity, function (ipTime) {
return ipTime.ip === remoteAddress;
});
Fix several redirects in frontend and admin refs #527
2013-11-27 02:31:27 +00:00
res.json(200, {redirect: redirect});
Replace cookieSession with session - changed cookieSession to session - added session.regenerate for login and logout - added bookshelf session store - added session table to database - added import for databaseVersion 001 - added grunt task test-api - cleanup of gruntfile to start express when needed only - moved api tests to functional tests
2013-11-24 15:29:36 +01:00
}
});
Added brute force protection to login Closes half of #468 * adds a 2 second limit until you can retry logging in, otherwise sends you a 401. * bounce: 2ms, checks the pw: 254ms on my machine * added a test to the casper suite
2013-08-22 20:48:36 +01:00
}, function (error) {
res.json(401, {error: error.message});
});
} else {
res.json(401, {error: 'Slow down, there are way too many login attempts!'});
}
issue #58 - removing the iiwf Function wrapper and use strict pragma removed from all node files
2013-06-25 12:43:15 +01:00
},
Cleanup naming & order in admin controller no issue There seemed to be no convention or order to the functions in the admin controller, so I have: - organised them - reordered them - added a small doc-block - reordered some routes - updated tests accordingly
2014-02-25 10:51:12 +00:00
// Route: signup
// Path: /ghost/signup/
// Method: GET
issue #58 - removing the iiwf Function wrapper and use strict pragma removed from all node files
2013-06-25 12:43:15 +01:00
'signup': function (req, res) {
Remove unparam:true from jslint config in Gruntfile.js issue #1365 - added /*jslint unparam:true*/ to functions where absolutely necessary - added /*jslint unparam:true*/ to functions in which keeping parameter list added clarity to the underlying api, even when those parameters are not currently used - removed unused parameters in a few places
2013-10-31 14:02:34 -04:00
/*jslint unparam:true*/
issue #58 - removing the iiwf Function wrapper and use strict pragma removed from all node files
2013-06-25 12:43:15 +01:00
res.render('signup', {
Improved Auth screen markup and validation checks * Signup now focuses on 'name' on load * Fixed fade in on auth forms to work with `display: table` * The 'name' field is required on Sign up forms * The length check on the Signup form is in order of inputs * Added check for password length * Changed the auth form class names to better represent individual pages * Updated CasperJS tests
2013-09-12 09:59:58 +01:00
bodyClass: 'ghost-signup',
issue #58 - removing the iiwf Function wrapper and use strict pragma removed from all node files
2013-06-25 12:43:15 +01:00
hideNavbar: true,
adminNav: setSelected(adminNavbar, 'login')
});
},
Cleanup naming & order in admin controller no issue There seemed to be no convention or order to the functions in the admin controller, so I have: - organised them - reordered them - added a small doc-block - reordered some routes - updated tests accordingly
2014-02-25 10:51:12 +00:00
// Route: doSignup
// Path: /ghost/signup/
// Method: POST
'doSignup': function (req, res) {
remove ghost.settings and ghost.notifications covers 90% of #755 - moved ghost.settings to api.settings - moved ghost.notifications to api.notifications - split up api/index.js to notifications.js, posts.js, settings.js, tags.js and users.js - added instance.globals as temp workaround for blogglobals (Known issue: blog title and blog description are updated after restart only) - added webroot to config() to remove `var root = ...` - changed `e` and `url` helper to async - updated tests
2013-12-06 09:51:35 +01:00
var name = req.body.name,
Input signup name into user profile
2013-09-08 21:16:40 +02:00
email = req.body.email,
issue #58 - removing the iiwf Function wrapper and use strict pragma removed from all node files
2013-06-25 12:43:15 +01:00
password = req.body.password;
Initial commit to GitHub repo
2013-05-11 17:44:25 +01:00
Use current user in models closes #2058 - fixed apiContext as suggested in the issue - added user to options object for models - added api.users.register() for public registration - changed models to use options.user for created_by, updated_by, author_id and published_by - added override to session model to avoid created_by and updated_by values - added user (id: 1) to tests - added user (id: 1) for registration - added user (id: 1) for import, fixtures and default settings - added user (id: 1) for user update - added user (id: 1) for settings update (dbHash, installedApps, update check) - updated bookshelf to version 0.6.8
2014-04-03 15:03:09 +02:00
api.users.register({
Mass renaming of things Conflicts: core/client/views/settings.js core/server/models/user.js
2013-09-11 23:04:49 +01:00
name: name,
email: email,
Added validation for signup and login screens Closes #374 * Included node-validator as a package * Implemented server side validation (the client side js is a mess, need a LOT of work) * Validates email address both on signup and login screens, gives error message on malformed email addresses * Requires at least 8 chars of password * Tells user if password is too short * Tells user if no such user on login * Tells user if wrong password on login * Tells user if server responds with a 404 (goes away, dies, etc) * Added middleware between req and login / signup for validation
2013-08-18 22:50:42 +01:00
password: password
}).then(function (user) {
Use current user in models closes #2058 - fixed apiContext as suggested in the issue - added user to options object for models - added api.users.register() for public registration - changed models to use options.user for created_by, updated_by, author_id and published_by - added override to session model to avoid created_by and updated_by values - added user (id: 1) to tests - added user (id: 1) for registration - added user (id: 1) for import, fixtures and default settings - added user (id: 1) for user update - added user (id: 1) for settings update (dbHash, installedApps, update check) - updated bookshelf to version 0.6.8
2014-04-03 15:03:09 +02:00
api.settings.edit.call({user: 1}, 'email', email).then(function () {
Add welcome email for new sign ups Closes #1766 - Once signed up, a quick welcome email is sent - Links to their blog url, and gives the email they used to sign up
2013-12-28 13:42:52 -08:00
var message = {
to: email,
subject: 'Your New Ghost Blog',
html: '<p><strong>Hello!</strong></p>' +
'<p>Good news! You\'ve successfully created a brand new Ghost blog over on ' + config().url + '</p>' +
'<p>You can log in to your admin account with the following details:</p>' +
'<p> Email Address: ' + email + '<br>' +
'Password: The password you chose when you signed up</p>' +
'<p>Keep this email somewhere safe for future reference, and have fun!</p>' +
'<p>xoxo</p>' +
'<p>Team Ghost<br>' +
'<a href="https://ghost.org">https://ghost.org</a></p>'
};
mailer.send(message).otherwise(function (error) {
Error message updates no issue - couple of tweaks to the messaging of non-fatal errors that can be output when running Ghost
2014-01-12 21:49:24 +00:00
errors.logError(
error.message,
"Unable to send welcome email, your blog will continue to function.",
"Please see http://docs.ghost.org/mail/ for instructions on configuring email."
);
Add welcome email for new sign ups Closes #1766 - Once signed up, a quick welcome email is sent - Links to their blog url, and gives the email they used to sign up
2013-12-28 13:42:52 -08:00
});
Replace cookieSession with session - changed cookieSession to session - added session.regenerate for login and logout - added bookshelf session store - added session table to database - added import for databaseVersion 001 - added grunt task test-api - cleanup of gruntfile to start express when needed only - moved api tests to functional tests
2013-11-24 15:29:36 +01:00
req.session.regenerate(function (err) {
if (!err) {
if (req.session.user === undefined) {
req.session.user = user.id;
}
Improve bootstrap flow of a Ghost application addresses #1789, #1364 - Moves ./core/server/loader -> ./core/bootstrap. The bootstrap file is only accessed once during startup, and it’s sole job is to ensure a config.js file exists (creating one if it doesn’t) and then validates the contents of the config file. Since this is directly related to the initializing the application is is appropriate to have it in the ./core folder, named bootstrap as that is what it does. This also improves the dependency graph, as now the bootstrap file require’s the ./core/server/config module and is responsible for passing in the validated config file. Whereas before we had ./core/server/config require’ing ./core/server/loader and running its init code and then passing that value back to itself, the flow is now more straight forward of ./core/bootstrap handling initialization and then instatiation of config module - Merges ./core/server/config/paths into ./core/server/config This flow was always confusing me to that some config options were on the config object, and some were on the paths object. This change now incorporates all of the variables previously defined in config/paths directly into the config module, and in extension, the config.js file. This means that you now have the option of deciding at startup where the content directory for ghost should reside. - broke out loader tests in config_spec to bootstrap_spec - updated all relevant files to now use config().paths - moved urlFor and urlForPost function into ./server/config/url.js
2014-01-05 01:40:53 -05:00
res.json(200, {redirect: config().paths.subdir + '/ghost/'});
Replace cookieSession with session - changed cookieSession to session - added session.regenerate for login and logout - added bookshelf session store - added session table to database - added import for databaseVersion 001 - added grunt task test-api - cleanup of gruntfile to start express when needed only - moved api tests to functional tests
2013-11-24 15:29:36 +01:00
}
});
Populating admin email with user signup email closes #775
2013-09-17 03:08:36 +01:00
});
}).otherwise(function (error) {
Added validation for signup and login screens Closes #374 * Included node-validator as a package * Implemented server side validation (the client side js is a mess, need a LOT of work) * Validates email address both on signup and login screens, gives error message on malformed email addresses * Requires at least 8 chars of password * Tells user if password is too short * Tells user if no such user on login * Tells user if wrong password on login * Tells user if server responds with a 404 (goes away, dies, etc) * Added middleware between req and login / signup for validation
2013-08-18 22:50:42 +01:00
res.json(401, {error: error.message});
});
issue #58 - removing the iiwf Function wrapper and use strict pragma removed from all node files
2013-06-25 12:43:15 +01:00
},
Cleanup naming & order in admin controller no issue There seemed to be no convention or order to the functions in the admin controller, so I have: - organised them - reordered them - added a small doc-block - reordered some routes - updated tests accordingly
2014-02-25 10:51:12 +00:00
// Route: forgotten
// Path: /ghost/forgotten/
// Method: GET
Repaired email sending, implement password reset Closes #288 * I use SendGrid for sending the emails, and it works fine (provided you supply the correct credentials in `config.mail` in `config.js`) * Generates a random 12 char long alphanumeric password, replaces user's pw, and sends an email about it.
2013-09-01 00:20:12 +02:00
'forgotten': function (req, res) {
Remove unparam:true from jslint config in Gruntfile.js issue #1365 - added /*jslint unparam:true*/ to functions where absolutely necessary - added /*jslint unparam:true*/ to functions in which keeping parameter list added clarity to the underlying api, even when those parameters are not currently used - removed unused parameters in a few places
2013-10-31 14:02:34 -04:00
/*jslint unparam:true*/
Improved Auth screen markup and validation checks * Signup now focuses on 'name' on load * Fixed fade in on auth forms to work with `display: table` * The 'name' field is required on Sign up forms * The length check on the Signup form is in order of inputs * Added check for password length * Changed the auth form class names to better represent individual pages * Updated CasperJS tests
2013-09-12 09:59:58 +01:00
res.render('forgotten', {
Repaired email sending, implement password reset Closes #288 * I use SendGrid for sending the emails, and it works fine (provided you supply the correct credentials in `config.mail` in `config.js`) * Generates a random 12 char long alphanumeric password, replaces user's pw, and sends an email about it.
2013-09-01 00:20:12 +02:00
bodyClass: 'ghost-forgotten',
hideNavbar: true,
adminNav: setSelected(adminNavbar, 'login')
});
},
Cleanup naming & order in admin controller no issue There seemed to be no convention or order to the functions in the admin controller, so I have: - organised them - reordered them - added a small doc-block - reordered some routes - updated tests accordingly
2014-02-25 10:51:12 +00:00
// Route: doForgotten
// Path: /ghost/forgotten/
// Method: POST
'doForgotten': function (req, res) {
remove ghost.settings and ghost.notifications covers 90% of #755 - moved ghost.settings to api.settings - moved ghost.notifications to api.notifications - split up api/index.js to notifications.js, posts.js, settings.js, tags.js and users.js - added instance.globals as temp workaround for blogglobals (Known issue: blog title and blog description are updated after restart only) - added webroot to config() to remove `var root = ...` - changed `e` and `url` helper to async - updated tests
2013-12-06 09:51:35 +01:00
var email = req.body.email;
Repaired email sending, implement password reset Closes #288 * I use SendGrid for sending the emails, and it works fine (provided you supply the correct credentials in `config.mail` in `config.js`) * Generates a random 12 char long alphanumeric password, replaces user's pw, and sends an email about it.
2013-09-01 00:20:12 +02:00
Improved Password Reset Tool Closes #1471 - add api and User model methods for generating and validating tokens - add routes and handlers for reset password pages - add client styles and views for reset password form - some basic integration tests for User model methods
2013-11-21 21:17:38 -06:00
api.users.generateResetToken(email).then(function (token) {
Create the config module, initially used to standardise getting paths and absolute URLs. Easy to extend for other configurations we may need.
2013-11-20 08:58:52 -05:00
var siteLink = '<a href="' + config().url + '">' + config().url + '</a>',
Swap url.resolve for slash handling
2013-12-04 20:58:59 +00:00
resetUrl = config().url.replace(/\/$/, '') + '/ghost/reset/' + token + '/',
Improved Password Reset Tool Closes #1471 - add api and User model methods for generating and validating tokens - add routes and handlers for reset password pages - add client styles and views for reset password form - some basic integration tests for User model methods
2013-11-21 21:17:38 -06:00
resetLink = '<a href="' + resetUrl + '">' + resetUrl + '</a>',
message = {
Repaired email sending, implement password reset Closes #288 * I use SendGrid for sending the emails, and it works fine (provided you supply the correct credentials in `config.mail` in `config.js`) * Generates a random 12 char long alphanumeric password, replaces user's pw, and sends an email about it.
2013-09-01 00:20:12 +02:00
to: email,
Improved Password Reset Tool Closes #1471 - add api and User model methods for generating and validating tokens - add routes and handlers for reset password pages - add client styles and views for reset password form - some basic integration tests for User model methods
2013-11-21 21:17:38 -06:00
subject: 'Reset Password',
html: '<p><strong>Hello!</strong></p>' +
'<p>A request has been made to reset the password on the site ' + siteLink + '.</p>' +
'<p>Please follow the link below to reset your password:<br><br>' + resetLink + '</p>' +
'<p>Ghost</p>'
Repaired email sending, implement password reset Closes #288 * I use SendGrid for sending the emails, and it works fine (provided you supply the correct credentials in `config.mail` in `config.js`) * Generates a random 12 char long alphanumeric password, replaces user's pw, and sends an email about it.
2013-09-01 00:20:12 +02:00
};
This commit removes a lot of code from ghost.js, including: Move helper functions registerThemeHelper and registerAsyncThemeHelper to the helpers module. Also update the app proxy object to reflect this new code location, and the tests to reflect that as well Create ./sore/server/filters which houses all filter related behavior. Was previously on the ghost singleton. Also create the filters_spec file for testing and update all code and tests to use new code location. Create ./sore/server/helpers/template which houses all template related behavior. Was previously on the ghost singleton. Also create the helpers_template_spec file for testing and update all code and tests to use new code location. Move ghost.mail instance onto the mail module directly and update related code and tests to use new location Move Polyglot instance onto require module directly Move ghost.availablePlugins to plugins module directly
2013-11-27 21:45:01 -05:00
return mailer.send(message);
Email errors & cleanup closes #618 - don't send a welcome email. This appeared to be breaking tests. - make sure we handle errors from sending emails properly - use promises when adding notifications
2013-09-04 14:57:41 +01:00
}).then(function success() {
var notification = {
type: 'success',
Improved Password Reset Tool Closes #1471 - add api and User model methods for generating and validating tokens - add routes and handlers for reset password pages - add client styles and views for reset password form - some basic integration tests for User model methods
2013-11-21 21:17:38 -06:00
message: 'Check your email for further instructions',
Email errors & cleanup closes #618 - don't send a welcome email. This appeared to be breaking tests. - make sure we handle errors from sending emails properly - use promises when adding notifications
2013-09-04 14:57:41 +01:00
status: 'passive',
id: 'successresetpw'
};
return api.notifications.add(notification).then(function () {
Improve bootstrap flow of a Ghost application addresses #1789, #1364 - Moves ./core/server/loader -> ./core/bootstrap. The bootstrap file is only accessed once during startup, and it’s sole job is to ensure a config.js file exists (creating one if it doesn’t) and then validates the contents of the config file. Since this is directly related to the initializing the application is is appropriate to have it in the ./core folder, named bootstrap as that is what it does. This also improves the dependency graph, as now the bootstrap file require’s the ./core/server/config module and is responsible for passing in the validated config file. Whereas before we had ./core/server/config require’ing ./core/server/loader and running its init code and then passing that value back to itself, the flow is now more straight forward of ./core/bootstrap handling initialization and then instatiation of config module - Merges ./core/server/config/paths into ./core/server/config This flow was always confusing me to that some config options were on the config object, and some were on the paths object. This change now incorporates all of the variables previously defined in config/paths directly into the config module, and in extension, the config.js file. This means that you now have the option of deciding at startup where the content directory for ghost should reside. - broke out loader tests in config_spec to bootstrap_spec - updated all relevant files to now use config().paths - moved urlFor and urlForPost function into ./server/config/url.js
2014-01-05 01:40:53 -05:00
res.json(200, {redirect: config().paths.subdir + '/ghost/signin/'});
Email errors & cleanup closes #618 - don't send a welcome email. This appeared to be breaking tests. - make sure we handle errors from sending emails properly - use promises when adding notifications
2013-09-04 14:57:41 +01:00
});
Repaired email sending, implement password reset Closes #288 * I use SendGrid for sending the emails, and it works fine (provided you supply the correct credentials in `config.mail` in `config.js`) * Generates a random 12 char long alphanumeric password, replaces user's pw, and sends an email about it.
2013-09-01 00:20:12 +02:00
Email errors & cleanup closes #618 - don't send a welcome email. This appeared to be breaking tests. - make sure we handle errors from sending emails properly - use promises when adding notifications
2013-09-04 14:57:41 +01:00
}, function failure(error) {
Improved Password Reset Tool Closes #1471 - add api and User model methods for generating and validating tokens - add routes and handlers for reset password pages - add client styles and views for reset password form - some basic integration tests for User model methods
2013-11-21 21:17:38 -06:00
// TODO: This is kind of sketchy, depends on magic string error.message from Bookshelf.
if (error && error.message === 'EmptyResponse') {
error.message = "Invalid email address";
}
Repaired email sending, implement password reset Closes #288 * I use SendGrid for sending the emails, and it works fine (provided you supply the correct credentials in `config.mail` in `config.js`) * Generates a random 12 char long alphanumeric password, replaces user's pw, and sends an email about it.
2013-09-01 00:20:12 +02:00
res.json(401, {error: error.message});
Improved Password Reset Tool Closes #1471 - add api and User model methods for generating and validating tokens - add routes and handlers for reset password pages - add client styles and views for reset password form - some basic integration tests for User model methods
2013-11-21 21:17:38 -06:00
});
},
Cleanup naming & order in admin controller no issue There seemed to be no convention or order to the functions in the admin controller, so I have: - organised them - reordered them - added a small doc-block - reordered some routes - updated tests accordingly
2014-02-25 10:51:12 +00:00
// Route: reset
// Path: /ghost/reset/:token
// Method: GET
Improved Password Reset Tool Closes #1471 - add api and User model methods for generating and validating tokens - add routes and handlers for reset password pages - add client styles and views for reset password form - some basic integration tests for User model methods
2013-11-21 21:17:38 -06:00
'reset': function (req, res) {
remove ghost.settings and ghost.notifications covers 90% of #755 - moved ghost.settings to api.settings - moved ghost.notifications to api.notifications - split up api/index.js to notifications.js, posts.js, settings.js, tags.js and users.js - added instance.globals as temp workaround for blogglobals (Known issue: blog title and blog description are updated after restart only) - added webroot to config() to remove `var root = ...` - changed `e` and `url` helper to async - updated tests
2013-12-06 09:51:35 +01:00
// Validate the request token
var token = req.params.token;
Improved Password Reset Tool Closes #1471 - add api and User model methods for generating and validating tokens - add routes and handlers for reset password pages - add client styles and views for reset password form - some basic integration tests for User model methods
2013-11-21 21:17:38 -06:00
api.users.validateToken(token).then(function () {
// Render the reset form
res.render('reset', {
bodyClass: 'ghost-reset',
hideNavbar: true,
adminNav: setSelected(adminNavbar, 'reset')
});
}).otherwise(function (err) {
// Redirect to forgotten if invalid token
var notification = {
type: 'error',
message: 'Invalid or expired token',
status: 'persistent',
id: 'errorinvalidtoken'
};
errors.logError(err, 'admin.js', "Please check the provided token for validity and expiration.");
return api.notifications.add(notification).then(function () {
Improve bootstrap flow of a Ghost application addresses #1789, #1364 - Moves ./core/server/loader -> ./core/bootstrap. The bootstrap file is only accessed once during startup, and it’s sole job is to ensure a config.js file exists (creating one if it doesn’t) and then validates the contents of the config file. Since this is directly related to the initializing the application is is appropriate to have it in the ./core folder, named bootstrap as that is what it does. This also improves the dependency graph, as now the bootstrap file require’s the ./core/server/config module and is responsible for passing in the validated config file. Whereas before we had ./core/server/config require’ing ./core/server/loader and running its init code and then passing that value back to itself, the flow is now more straight forward of ./core/bootstrap handling initialization and then instatiation of config module - Merges ./core/server/config/paths into ./core/server/config This flow was always confusing me to that some config options were on the config object, and some were on the paths object. This change now incorporates all of the variables previously defined in config/paths directly into the config module, and in extension, the config.js file. This means that you now have the option of deciding at startup where the content directory for ghost should reside. - broke out loader tests in config_spec to bootstrap_spec - updated all relevant files to now use config().paths - moved urlFor and urlForPost function into ./server/config/url.js
2014-01-05 01:40:53 -05:00
res.redirect(config().paths.subdir + '/ghost/forgotten');
Improved Password Reset Tool Closes #1471 - add api and User model methods for generating and validating tokens - add routes and handlers for reset password pages - add client styles and views for reset password form - some basic integration tests for User model methods
2013-11-21 21:17:38 -06:00
});
});
},
Cleanup naming & order in admin controller no issue There seemed to be no convention or order to the functions in the admin controller, so I have: - organised them - reordered them - added a small doc-block - reordered some routes - updated tests accordingly
2014-02-25 10:51:12 +00:00
// Route: doReset
// Path: /ghost/reset/:token
// Method: POST
'doReset': function (req, res) {
remove ghost.settings and ghost.notifications covers 90% of #755 - moved ghost.settings to api.settings - moved ghost.notifications to api.notifications - split up api/index.js to notifications.js, posts.js, settings.js, tags.js and users.js - added instance.globals as temp workaround for blogglobals (Known issue: blog title and blog description are updated after restart only) - added webroot to config() to remove `var root = ...` - changed `e` and `url` helper to async - updated tests
2013-12-06 09:51:35 +01:00
var token = req.params.token,
Improved Password Reset Tool Closes #1471 - add api and User model methods for generating and validating tokens - add routes and handlers for reset password pages - add client styles and views for reset password form - some basic integration tests for User model methods
2013-11-21 21:17:38 -06:00
newPassword = req.param('newpassword'),
ne2Password = req.param('ne2password');
api.users.resetPassword(token, newPassword, ne2Password).then(function () {
var notification = {
type: 'success',
message: 'Password changed successfully.',
status: 'passive',
id: 'successresetpw'
};
return api.notifications.add(notification).then(function () {
Improve bootstrap flow of a Ghost application addresses #1789, #1364 - Moves ./core/server/loader -> ./core/bootstrap. The bootstrap file is only accessed once during startup, and it’s sole job is to ensure a config.js file exists (creating one if it doesn’t) and then validates the contents of the config file. Since this is directly related to the initializing the application is is appropriate to have it in the ./core folder, named bootstrap as that is what it does. This also improves the dependency graph, as now the bootstrap file require’s the ./core/server/config module and is responsible for passing in the validated config file. Whereas before we had ./core/server/config require’ing ./core/server/loader and running its init code and then passing that value back to itself, the flow is now more straight forward of ./core/bootstrap handling initialization and then instatiation of config module - Merges ./core/server/config/paths into ./core/server/config This flow was always confusing me to that some config options were on the config object, and some were on the paths object. This change now incorporates all of the variables previously defined in config/paths directly into the config module, and in extension, the config.js file. This means that you now have the option of deciding at startup where the content directory for ghost should reside. - broke out loader tests in config_spec to bootstrap_spec - updated all relevant files to now use config().paths - moved urlFor and urlForPost function into ./server/config/url.js
2014-01-05 01:40:53 -05:00
res.json(200, {redirect: config().paths.subdir + '/ghost/signin/'});
Improved Password Reset Tool Closes #1471 - add api and User model methods for generating and validating tokens - add routes and handlers for reset password pages - add client styles and views for reset password form - some basic integration tests for User model methods
2013-11-21 21:17:38 -06:00
});
}).otherwise(function (err) {
res.json(401, {error: err.message});
});
Repaired email sending, implement password reset Closes #288 * I use SendGrid for sending the emails, and it works fine (provided you supply the correct credentials in `config.mail` in `config.js`) * Generates a random 12 char long alphanumeric password, replaces user's pw, and sends an email about it.
2013-09-01 00:20:12 +02:00
},
Cleanup naming & order in admin controller no issue There seemed to be no convention or order to the functions in the admin controller, so I have: - organised them - reordered them - added a small doc-block - reordered some routes - updated tests accordingly
2014-02-25 10:51:12 +00:00
// Route: doChangePassword
// Path: /ghost/changepw/
// Method: POST
'doChangePassword': function (req, res) {
return api.users.changePassword({
currentUser: req.session.user,
oldpw: req.body.password,
newpw: req.body.newpassword,
ne2pw: req.body.ne2password
}).then(function () {
res.json(200, {msg: 'Password changed successfully'});
}, function (error) {
res.send(401, {error: error.message});
Removing api calls from server side closes #603, issue #395 - Changed hard-coded 'JOE BLOGGS' to use author data - We still had api calls loading data server side before rendering pages.. which is unnecessary. - Only thing using this was editor title, which is now populated client side - May improve content screen load time.
2013-09-04 21:05:36 +01:00
});
issue #58 - removing the iiwf Function wrapper and use strict pragma removed from all node files
2013-06-25 12:43:15 +01:00
}
};
Initial commit to GitHub repo
2013-05-11 17:44:25 +01:00
Current user added Closes #340. Closes #375 * Replaced session with id of current user * Added method to ghostlocals to always send profile picture and full name to templates (template checks if falsy) * Modified user saving (`forge().set(new).save()` died on me, `forge().save(new)` didn't) * If user has profile picture, that will be used * If user has name, that will be used * Password changing doesn't care about your email. Uses cookies. Tasty! * User pane uses current user id. Had to set path to me, otherwise goes to `browse` instead of `read`. * Added logic to user api to check for `id === 'me'`, and then use the cookie value * User data saves are now correct * There is no logout error
2013-08-09 02:22:49 +01:00
module.exports = adminControllers;
Reference in a new issue Copy permalink