From ea1e4540380a4b1391e221c52d5f49cc437e48d5 Mon Sep 17 00:00:00 2001 From: Austin Burdine Date: Fri, 18 Dec 2015 12:18:13 -0700 Subject: [PATCH] fix authentication error if setup/two is re-submitted closes #6226 - adds calls to oauth middleware on PUT /authentication/setup/ - prevent setup/two from trying to log in again if user is already logged in --- core/client/app/controllers/setup/two.js | 41 +++++++++++++++--------- core/server/routes/api.js | 2 +- 2 files changed, 26 insertions(+), 17 deletions(-) diff --git a/core/client/app/controllers/setup/two.js b/core/client/app/controllers/setup/two.js index 97ff50be5b..69873d02bb 100644 --- a/core/client/app/controllers/setup/two.js +++ b/core/client/app/controllers/setup/two.js @@ -35,7 +35,7 @@ export default Controller.extend(ValidationEngine, { return new RSVP.Promise((resolve, reject) => { image.formData = {}; image.submit() - .success(function (response) { + .success((response) => { user.image = response; ajax({ url: this.get('ghostPaths.url').api('users', user.id.toString()), @@ -68,6 +68,22 @@ export default Controller.extend(ValidationEngine, { } }, + afterAuthentication(result) { + if (this.get('image')) { + this.sendImage(result.users[0]) + .then(() => { + this.toggleProperty('submitting'); + this.transitionToRoute('setup.three'); + }).catch((resp) => { + this.toggleProperty('submitting'); + this.get('notifications').showAPIError(resp, {key: 'setup.blog-details'}); + }); + } else { + this.toggleProperty('submitting'); + this.transitionToRoute('setup.three'); + } + }, + actions: { preValidate(model) { // Only triggers validation if a value has been entered, preventing empty errors on focusOut @@ -77,9 +93,8 @@ export default Controller.extend(ValidationEngine, { }, setup() { - let setupProperties = ['blogTitle', 'name', 'email', 'password', 'image']; + let setupProperties = ['blogTitle', 'name', 'email', 'password']; let data = this.getProperties(setupProperties); - let notifications = this.get('notifications'); let config = this.get('config'); let method = this.get('blogCreated') ? 'PUT' : 'POST'; @@ -101,23 +116,17 @@ export default Controller.extend(ValidationEngine, { } }).then((result) => { config.set('blogTitle', data.blogTitle); + + // don't try to login again if we are already logged in + if (this.get('session.isAuthenticated')) { + return this.afterAuthentication(result); + } + // Don't call the success handler, otherwise we will be redirected to admin this.get('application').set('skipAuthSuccessHandler', true); this.get('session').authenticate('authenticator:oauth2', this.get('email'), this.get('password')).then(() => { this.set('blogCreated', true); - if (data.image) { - this.sendImage(result.users[0]) - .then(() => { - this.toggleProperty('submitting'); - this.transitionToRoute('setup.three'); - }).catch((resp) => { - this.toggleProperty('submitting'); - notifications.showAPIError(resp, {key: 'setup.blog-details'}); - }); - } else { - this.toggleProperty('submitting'); - this.transitionToRoute('setup.three'); - } + return this.afterAuthentication(result); }).catch((error) => { this._handleAuthenticationError(error); }); diff --git a/core/server/routes/api.js b/core/server/routes/api.js index 88e933868b..aa4f07973d 100644 --- a/core/server/routes/api.js +++ b/core/server/routes/api.js @@ -95,7 +95,7 @@ apiRoutes = function apiRoutes(middleware) { router.post('/authentication/invitation', api.http(api.authentication.acceptInvitation)); router.get('/authentication/invitation', api.http(api.authentication.isInvitation)); router.post('/authentication/setup', api.http(api.authentication.setup)); - router.put('/authentication/setup', api.http(api.authentication.updateSetup)); + router.put('/authentication/setup', authenticatePrivate, api.http(api.authentication.updateSetup)); router.get('/authentication/setup', api.http(api.authentication.isSetup)); router.post('/authentication/token', middleware.spamPrevention.signin,