From 7c205c1a55e58c23dc4177ce3e749f3d7cfa4ab7 Mon Sep 17 00:00:00 2001
From: Kevin Ansfield <kevin@lookingsideways.co.uk>
Date: Mon, 3 Feb 2020 12:27:18 +0000
Subject: [PATCH] Fixed "Authorization failed" errors during setup and signin

no issue

- the `custom-views` and `navigation` services would trigger their observers immediately when `this.session.user` changed but that would occur before authentication had fully finished which was resulting in the `this.session.user` access triggering a request with no cookie/an old cookie set and causing a 403 error that interrupted the setup and authentication flows
---
 ghost/admin/app/services/custom-views.js | 8 +++++++-
 ghost/admin/app/services/navigation.js   | 8 +++++++-
 2 files changed, 14 insertions(+), 2 deletions(-)

diff --git a/ghost/admin/app/services/custom-views.js b/ghost/admin/app/services/custom-views.js
index 99d5e25644..2c4a03eca9 100644
--- a/ghost/admin/app/services/custom-views.js
+++ b/ghost/admin/app/services/custom-views.js
@@ -115,8 +115,14 @@ export default class CustomViewsService extends Service {
     }
 
     // eslint-disable-next-line ghost/ember/no-observers
-    @observes('session.user.accessibility')
+    @observes('session.isAuthenticated', 'session.user.accessibility')
     async updateViewList() {
+        // avoid fetching user before authenticated otherwise the 403 can fire
+        // during authentication and cause errors during setup/signin
+        if (!this.session.isAuthenticated) {
+            return;
+        }
+
         let user = await this.session.user;
         let userSettings = user.get('accessibility');
 
diff --git a/ghost/admin/app/services/navigation.js b/ghost/admin/app/services/navigation.js
index cf059630b0..9cf0c7cd87 100644
--- a/ghost/admin/app/services/navigation.js
+++ b/ghost/admin/app/services/navigation.js
@@ -22,8 +22,14 @@ export default class NavigationService extends Service {
     }
 
     // eslint-disable-next-line ghost/ember/no-observers
-    @observes('session.user.accessibility')
+    @observes('session.isAuthenticated', 'session.user.accessibility')
     async updateSettings() {
+        // avoid fetching user before authenticated otherwise the 403 can fire
+        // during authentication and cause errors during setup/signin
+        if (!this.session.isAuthenticated) {
+            return;
+        }
+
         let user = await this.session.user;
         let userSettings = JSON.parse(user.get('accessibility')) || {};
         this.settings = userSettings.navigation || Object.assign({}, DEFAULT_SETTINGS);