Transition to signin with error message on invalid token not 500 error screen

closes #3548 - Add error to hidenav, removes menubar from error screen. - Wrap atob() in a try/catch - Added regex to try and validate if params.token at least looks like base64
2025-02-24 23:48:13 -05:00 · 2014-08-06 08:08:02 -07:00 · 2014-08-06 08:08:02 -07:00 · 5d7630607b
commit 5d7630607b
parent 0a9bde7702
2 changed files with 18 additions and 5 deletions
--- a/ghost/admin/controllers/application.js
+++ b/ghost/admin/controllers/application.js
@ -1,5 +1,5 @@
 var ApplicationController = Ember.Controller.extend({
-    hideNav: Ember.computed.match('currentPath', /(signin|signup|setup|forgotten|reset)/),
+    hideNav: Ember.computed.match('currentPath', /(error|signin|signup|setup|forgotten|reset)/),
    topNotificationCount: 0,
--- a/ghost/admin/routes/signup.js
+++ b/ghost/admin/routes/signup.js
@ -10,10 +10,23 @@ var SignupRoute = Ember.Route.extend(styleBody, loadingIndicator, {
        }
    },
    setupController: function (controller, params) {
-        var tokenText = atob(params.token),
+        var tokenText,
-            email = tokenText.split('|')[1];
+            email,
-        controller.token = params.token;
+            re = /^(?:[A-Za-z0-9+\/]{4})*(?:[A-Za-z0-9+\/]{2}==|[A-Za-z0-9+\/]{3}=)?$/;
-        controller.email = email;
+        if (re.test(params.token)) {
            try {
                tokenText = atob(params.token);
                email = tokenText.split('|')[1];
                controller.token = params.token;
                controller.email = email;
            } catch (e) {
                this.transitionTo('signin');
                this.notifications.showError('Invalid token.', {delayed: true});
            }
        } else {
            this.transitionTo('signin');
            this.notifications.showError('Invalid token.', {delayed: true});
        }
    }
 });