Infrastructure/ghost
0
Fork 0
mirror of https://github.com/TryGhost/Ghost.git synced 2025-03-11 02:12:21 -05:00
Code Issues Activity

Merge pull request #2820 from jgable/fix403

Browse source 
Fix 403 errors after signup
This commit is contained in:
Hannah Wolfe 2014-05-29 15:39:00 +01:00
commit d3c1bdb758
1 changed files with 24 additions and 12 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

36
core/server/controllers/admin.js
View file

@ -222,8 +222,13 @@ adminControllers = {
if (!denied) {
loginSecurity.push({ip: remoteAddress, time: currentTime});
api.users.check({email: req.body.email, pw: req.body.password}).then(function (user) {
// Carry over the csrf secret
var existingSecret = req.session._csrfSecret;
req.session.regenerate(function (err) {
if (!err) {
req.session._csrfSecret = existingSecret;
req.session.user = user.id;
req.session.userData = user.attributes;
@ -260,7 +265,7 @@ adminControllers = {
// Route: doSignup
// Path: /ghost/signup/
// Method: POST
'doSignup': function (req, res) {
'doSignup': function (req, res, next) {
var name = req.body.name,
email = req.body.email,
password = req.body.password,
@ -291,7 +296,8 @@ adminControllers = {
message: message,
options: {}
}]
};
},
existingSecret;
api.mail.send(payload).otherwise(function (error) {
errors.logError(
@ -301,18 +307,24 @@ adminControllers = {
);
});
// Carry over the csrf secret
existingSecret = req.session._csrfSecret;
req.session.regenerate(function (err) {
if (!err) {
if (req.session.user === undefined) {
req.session.user = user.id;
req.session.userData = user;
}
res.json(200, {
redirect: config().paths.subdir + '/ghost/',
userData: req.session.userData
});
if (err) {
return next(err);
}
req.session._csrfSecret = existingSecret;
if (req.session.user === undefined) {
req.session.user = user.id;
req.session.userData = user;
}
res.json(200, {
redirect: config().paths.subdir + '/ghost/',
userData: req.session.userData
});
});
});
}).otherwise(function (error) {