mirror of
https://github.com/TryGhost/Ghost.git
synced 2025-01-20 22:42:53 -05:00
Prevent transition to signup on invalid invitation
Refs #3876 - Prevent signup page from flashing when an invalid invitation token is used. - Clear sensitive information from signup controller. - Make isInvitation API behavior consistent with other auth related APIs.
This commit is contained in:
Jason Williams
parent
9fb038f8d3
commit
63546be1eb
3 changed files with 35 additions and 31 deletions
|
|
@ -2,10 +2,6 @@ import ajax from 'ghost/utils/ajax';
|
||||||
import ValidationEngine from 'ghost/mixins/validation-engine';
|
import ValidationEngine from 'ghost/mixins/validation-engine';
|
||||||
|
|
||||||
var SignupController = Ember.ObjectController.extend(ValidationEngine, {
|
var SignupController = Ember.ObjectController.extend(ValidationEngine, {
|
||||||
name: null,
|
|
||||||
email: null,
|
|
||||||
password: null,
|
|
||||||
token: null,
|
|
||||||
submitting: false,
|
submitting: false,
|
||||||
|
|
||||||
// ValidationEngine settings
|
// ValidationEngine settings
|
||||||
|
|
|
||||||
|
|
@ -1,4 +1,3 @@
|
||||||
import ajax from 'ghost/utils/ajax';
|
|
||||||
import styleBody from 'ghost/mixins/style-body';
|
import styleBody from 'ghost/mixins/style-body';
|
||||||
import loadingIndicator from 'ghost/mixins/loading-indicator';
|
import loadingIndicator from 'ghost/mixins/loading-indicator';
|
||||||
|
|
||||||
|
|
@ -10,24 +9,29 @@ var SignupRoute = Ember.Route.extend(styleBody, loadingIndicator, {
|
||||||
this.transitionTo(SimpleAuth.Configuration.routeAfterAuthentication);
|
this.transitionTo(SimpleAuth.Configuration.routeAfterAuthentication);
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
setupController: function (controller, params) {
|
|
||||||
|
model: function (params) {
|
||||||
var self = this,
|
var self = this,
|
||||||
tokenText,
|
tokenText,
|
||||||
email,
|
email,
|
||||||
|
model = {},
|
||||||
re = /^(?:[A-Za-z0-9+\/]{4})*(?:[A-Za-z0-9+\/]{2}==|[A-Za-z0-9+\/]{3}=)?$/;
|
re = /^(?:[A-Za-z0-9+\/]{4})*(?:[A-Za-z0-9+\/]{2}==|[A-Za-z0-9+\/]{3}=)?$/;
|
||||||
if (re.test(params.token)) {
|
|
||||||
try {
|
return new Ember.RSVP.Promise(function (resolve) {
|
||||||
tokenText = atob(params.token);
|
if (!re.test(params.token)) {
|
||||||
email = tokenText.split('|')[1];
|
self.notifications.showError('Invalid token.', { delayed: true });
|
||||||
controller.token = params.token;
|
|
||||||
controller.email = email;
|
return resolve(self.transitionTo('signin'));
|
||||||
} catch (e) {
|
|
||||||
this.transitionTo('signin');
|
|
||||||
this.notifications.showError('Invalid token.', {delayed: true});
|
|
||||||
}
|
}
|
||||||
|
|
||||||
ajax({
|
tokenText = atob(params.token);
|
||||||
url: this.get('ghostPaths.url').api('authentication', 'invitation'),
|
email = tokenText.split('|')[1];
|
||||||
|
|
||||||
|
model.email = email;
|
||||||
|
model.token = params.token;
|
||||||
|
|
||||||
|
return ic.ajax.request({
|
||||||
|
url: self.get('ghostPaths.url').api('authentication', 'invitation'),
|
||||||
type: 'GET',
|
type: 'GET',
|
||||||
dataType: 'json',
|
dataType: 'json',
|
||||||
data: {
|
data: {
|
||||||
|
|
@ -35,17 +39,23 @@ var SignupRoute = Ember.Route.extend(styleBody, loadingIndicator, {
|
||||||
}
|
}
|
||||||
}).then(function (response) {
|
}).then(function (response) {
|
||||||
if (response && response.invitation && response.invitation[0].valid === false) {
|
if (response && response.invitation && response.invitation[0].valid === false) {
|
||||||
self.transitionTo('signin');
|
self.notifications.showError('The invitation does not exist or is no longer valid.', { delayed: true });
|
||||||
self.notifications.showError('The invitation does not exist or is no longer valid.', {delayed: true});
|
|
||||||
}
|
|
||||||
}).catch(function (error) {
|
|
||||||
self.notifications.showAPIError(error);
|
|
||||||
});
|
|
||||||
|
|
||||||
} else {
|
return resolve(self.transitionTo('signin'));
|
||||||
this.transitionTo('signin');
|
}
|
||||||
this.notifications.showError('Invalid token.', {delayed: true});
|
|
||||||
}
|
resolve(model);
|
||||||
|
}).catch(function () {
|
||||||
|
resolve(model);
|
||||||
|
});
|
||||||
|
});
|
||||||
|
},
|
||||||
|
|
||||||
|
deactivate: function () {
|
||||||
|
this._super();
|
||||||
|
|
||||||
|
// clear the properties that hold the sensitive data from the controller
|
||||||
|
this.controllerFor('signup').setProperties({ email: '', password: '', token: '' });
|
||||||
}
|
}
|
||||||
});
|
});
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -155,10 +155,6 @@ authentication = {
|
||||||
* @returns {Promise(Invitation}} An invitation status
|
* @returns {Promise(Invitation}} An invitation status
|
||||||
*/
|
*/
|
||||||
isInvitation: function (options) {
|
isInvitation: function (options) {
|
||||||
if (!options.email) {
|
|
||||||
return Promise.reject(new errors.NoPermissionError('The server did not receive a valid email'));
|
|
||||||
}
|
|
||||||
|
|
||||||
return authentication.isSetup().then(function (result) {
|
return authentication.isSetup().then(function (result) {
|
||||||
var setup = result.setup[0].status;
|
var setup = result.setup[0].status;
|
||||||
|
|
||||||
|
|
@ -174,6 +170,8 @@ authentication = {
|
||||||
return {invitation: [{valid: false}]};
|
return {invitation: [{valid: false}]};
|
||||||
}
|
}
|
||||||
});
|
});
|
||||||
|
} else {
|
||||||
|
return Promise.reject(new errors.BadRequestError('The server did not receive a valid email'));
|
||||||
}
|
}
|
||||||
});
|
});
|
||||||
},
|
},
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue