Infrastructure/ghost
0
Fork 0
mirror of https://github.com/TryGhost/Ghost.git synced 2025-01-20 22:42:53 -05:00
Code Issues Activity

🐛 Fixed "Access Denied" error when accepting staff invite

Browse source 
ref https://app.incident.io/ghost/incidents/117

- the authenticate call made as part of signup was missed as part of the update when we adjusted the params for `cookie` authenticator's `authenticate` method in Admin so it could switch behaviour for 2fa
- fixed the authenticate call params and updated our mocked `/session` endpoint to check for expected POST data which would have let tests catch this error
This commit is contained in:
Kevin Ansfield 2024-10-29 17:46:35 +00:00
parent 28a9a431db
commit 856dd1fc2b
2 changed files with 7 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
ghost/admin/app/controllers/signup.js
View file

@ -104,6 +104,6 @@ export default class SignupController extends Controller {
const {email, password} = this.signupDetails;
return this.session
.authenticate('authenticator:cookie', email, password);
.authenticate('authenticator:cookie', {identification: email, password});
}
}

7
ghost/admin/mirage/config/authentication.js
View file

@ -5,7 +5,12 @@ import {isBlank} from '@ember/utils';
export default function mockAuthentication(server) {
// Password sign-in
server.post('/session', function () {
server.post('/session', function (schema, request) {
const data = JSON.parse(request.requestBody);
if (!data.username || !data.password) {
return new Response(401);
}
return new Response(201);
});