Infrastructure/ghost
0
Fork 0
mirror of https://github.com/TryGhost/Ghost.git synced 2025-01-20 22:42:53 -05:00
Code Issues Activity

Reset password signs the user in

Browse source 
Closes #4196
- Clear confidential info on leaving reset route
- Remove nested password access, because gross
- Also cleaned up some .then(f, h) to .then(f).catch(h) in setup controller
This commit is contained in:
Matt Enlow 2014-10-02 09:12:54 -06:00
parent 27fe725357
commit e27dd6f7df
5 changed files with 35 additions and 20 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

36
core/client/controllers/reset.js
View file

@ -4,19 +4,32 @@ import ajax from 'ghost/utils/ajax';
import ValidationEngine from 'ghost/mixins/validation-engine'; import ValidationEngine from 'ghost/mixins/validation-engine';
var ResetController = Ember.Controller.extend(ValidationEngine, { var ResetController = Ember.Controller.extend(ValidationEngine, {
passwords: { newPassword: '',
newPassword: '', ne2Password: '',
ne2Password: ''
},
token: '', token: '',
submitButtonDisabled: false, submitButtonDisabled: false,
validationType: 'reset', validationType: 'reset',
email: Ember.computed('token', function () {
// The token base64 encodes the email (and some other stuff),
// each section is divided by a '|'. Email comes second.
return atob(this.get('token')).split('|')[1];
}),
// Used to clear sensitive information
clearData: function () {
this.setProperties({
newPassword: '',
ne2Password: '',
token: ''
});
},
actions: { actions: {
submit: function () { submit: function () {
var self = this, var credentials = this.getProperties('newPassword', 'ne2Password', 'token'),
data = self.getProperties('passwords', 'token'); self = this;
this.toggleProperty('submitting'); this.toggleProperty('submitting');
this.validate({format: false}).then(function () { this.validate({format: false}).then(function () {
@ -24,16 +37,15 @@ var ResetController = Ember.Controller.extend(ValidationEngine, {
url: self.get('ghostPaths.url').api('authentication', 'passwordreset'), url: self.get('ghostPaths.url').api('authentication', 'passwordreset'),
type: 'PUT', type: 'PUT',
data: { data: {
passwordreset: [{ passwordreset: [credentials]
newPassword: data.passwords.newPassword,
ne2Password: data.passwords.ne2Password,
token: data.token
}]
} }
}).then(function (resp) { }).then(function (resp) {
self.toggleProperty('submitting'); self.toggleProperty('submitting');
self.notifications.showSuccess(resp.passwordreset[0].message, true); self.notifications.showSuccess(resp.passwordreset[0].message, true);
self.transitionToRoute('signin'); self.get('session').authenticate('simple-auth-authenticator:oauth2-password-grant', {
identification: self.get('email'),
password: credentials.newPassword
});
}).catch(function (response) { }).catch(function (response) {
self.notifications.showAPIError(response); self.notifications.showAPIError(response);
self.toggleProperty('submitting'); self.toggleProperty('submitting');

4
core/client/controllers/setup.js
View file

@ -36,11 +36,11 @@ var SetupController = Ember.ObjectController.extend(ValidationEngine, {
identification: self.get('email'), identification: self.get('email'),
password: self.get('password') password: self.get('password')
}); });
}, function (resp) { }).catch(function (resp) {
self.toggleProperty('submitting'); self.toggleProperty('submitting');
self.notifications.showAPIError(resp); self.notifications.showAPIError(resp);
}); });
}, function (errors) { }).catch(function (errors) {
self.toggleProperty('submitting'); self.toggleProperty('submitting');
self.notifications.showErrors(errors); self.notifications.showErrors(errors);
}); });

5
core/client/routes/reset.js
View file

@ -11,6 +11,11 @@ var ResetRoute = Ember.Route.extend(styleBody, loadingIndicator, {
}, },
setupController: function (controller, params) { setupController: function (controller, params) {
controller.token = params.token; controller.token = params.token;
},
// Clear out any sensitive information
deactivate: function () {
this._super();
this.controller.clearData();
} }
}); });

4
core/client/templates/reset.hbs
View file

@ -1,10 +1,10 @@
<section class="reset-box js-reset-box fade-in"> <section class="reset-box js-reset-box fade-in">
<form id="reset" class="reset-form" method="post" novalidate="novalidate" {{action "submit" on="submit"}}> <form id="reset" class="reset-form" method="post" novalidate="novalidate" {{action "submit" on="submit"}}>
<div class="password-wrap"> <div class="password-wrap">
{{input value=passwords.newPassword class="password" type="password" placeholder="Password" name="newpassword" autofocus="autofocus" }} {{input value=newPassword class="password" type="password" placeholder="Password" name="newpassword" autofocus="autofocus" }}
</div> </div>
<div class="password-wrap"> <div class="password-wrap">
{{input value=passwords.ne2Password class="password" type="password" placeholder="Confirm Password" name="ne2password" }} {{input value=ne2Password class="password" type="password" placeholder="Confirm Password" name="ne2password" }}
</div> </div>
<button class="btn btn-blue" type="submit" {{bind-attr disabled='submitButtonDisabled'}}>Reset Password</button> <button class="btn btn-blue" type="submit" {{bind-attr disabled='submitButtonDisabled'}}>Reset Password</button>
</form> </form>

6
core/client/validators/reset.js
View file

@ -1,9 +1,7 @@
var ResetValidator = Ember.Object.create({ var ResetValidator = Ember.Object.create({
check: function (model) { check: function (model) {
var p1 = model.get('newPassword'),
var data = model.getProperties('passwords'), p2 = model.get('ne2Password'),
p1 = data.passwords.newPassword,
p2 = data.passwords.ne2Password,
validationErrors = []; validationErrors = [];
if (!validator.equals(p1, p2)) { if (!validator.equals(p1, p2)) {