From 5d7630607b810916498845c5042f65c4ce4268b2 Mon Sep 17 00:00:00 2001 From: shindakun Date: Wed, 6 Aug 2014 08:08:02 -0700 Subject: [PATCH] Transition to signin with error message on invalid token not 500 error screen closes #3548 - Add error to hidenav, removes menubar from error screen. - Wrap atob() in a try/catch - Added regex to try and validate if params.token at least looks like base64 --- ghost/admin/controllers/application.js | 2 +- ghost/admin/routes/signup.js | 21 +++++++++++++++++---- 2 files changed, 18 insertions(+), 5 deletions(-) diff --git a/ghost/admin/controllers/application.js b/ghost/admin/controllers/application.js index d81587ba98..c8c1881922 100644 --- a/ghost/admin/controllers/application.js +++ b/ghost/admin/controllers/application.js @@ -1,5 +1,5 @@ var ApplicationController = Ember.Controller.extend({ - hideNav: Ember.computed.match('currentPath', /(signin|signup|setup|forgotten|reset)/), + hideNav: Ember.computed.match('currentPath', /(error|signin|signup|setup|forgotten|reset)/), topNotificationCount: 0, diff --git a/ghost/admin/routes/signup.js b/ghost/admin/routes/signup.js index 54a7196717..eb88079974 100644 --- a/ghost/admin/routes/signup.js +++ b/ghost/admin/routes/signup.js @@ -10,10 +10,23 @@ var SignupRoute = Ember.Route.extend(styleBody, loadingIndicator, { } }, setupController: function (controller, params) { - var tokenText = atob(params.token), - email = tokenText.split('|')[1]; - controller.token = params.token; - controller.email = email; + var tokenText, + email, + re = /^(?:[A-Za-z0-9+\/]{4})*(?:[A-Za-z0-9+\/]{2}==|[A-Za-z0-9+\/]{3}=)?$/; + if (re.test(params.token)) { + try { + tokenText = atob(params.token); + email = tokenText.split('|')[1]; + controller.token = params.token; + controller.email = email; + } catch (e) { + this.transitionTo('signin'); + this.notifications.showError('Invalid token.', {delayed: true}); + } + } else { + this.transitionTo('signin'); + this.notifications.showError('Invalid token.', {delayed: true}); + } } });