diff --git a/core/client/models/user.js b/core/client/models/user.js index 7112b06127..42933487e0 100644 --- a/core/client/models/user.js +++ b/core/client/models/user.js @@ -3,11 +3,11 @@ "use strict"; Ghost.Models.User = Backbone.Model.extend({ - url: Ghost.settings.apiRoot + '/users/1' + url: Ghost.settings.apiRoot + '/users/me' }); // Ghost.Collections.Users = Backbone.Collection.extend({ // url: Ghost.settings.apiRoot + '/users' // }); -}()); \ No newline at end of file +}()); diff --git a/core/client/views/login.js b/core/client/views/login.js index 2c0ec30f8a..372fa4316e 100644 --- a/core/client/views/login.js +++ b/core/client/views/login.js @@ -60,7 +60,7 @@ error: function (obj, string, status) { Ghost.notifications.addItem({ type: 'error', - message: 'Invalid username or password', + message: obj.responseText, status: 'passive' }); } @@ -102,4 +102,4 @@ }); } }); -}()); \ No newline at end of file +}()); diff --git a/core/client/views/settings.js b/core/client/views/settings.js index 3a6cfd2723..ccfe99e7a5 100644 --- a/core/client/views/settings.js +++ b/core/client/views/settings.js @@ -184,6 +184,7 @@ 'click .button-change-password': 'changePassword' }, + saveUser: function () { this.model.save({ 'full_name': this.$('#user-name').val(), @@ -203,7 +204,6 @@ event.preventDefault(); var self = this, - email = this.$('#user-email').val(), oldPassword = this.$('#user-password-old').val(), newPassword = this.$('#user-password-new').val(), ne2Password = this.$('#user-new-password-verification').val(); @@ -217,7 +217,6 @@ url: '/ghost/changepw/', type: 'POST', data: { - email: email, password: oldPassword, newpassword: newPassword, ne2password: ne2Password diff --git a/core/ghost.js b/core/ghost.js index 788ffd9390..afd8315928 100644 --- a/core/ghost.js +++ b/core/ghost.js @@ -289,4 +289,4 @@ Ghost.prototype.initTheme = function (app) { // TODO: Expose the defaults for other people to see/manipulate as a static value? // Ghost.defaults = defaults; -module.exports = Ghost; \ No newline at end of file +module.exports = Ghost; diff --git a/core/server/api.js b/core/server/api.js index 795b3fe099..7dc8946309 100644 --- a/core/server/api.js +++ b/core/server/api.js @@ -75,6 +75,10 @@ users = { // **takes:** an identifier (id or slug?) read: function read(args) { // **returns:** a promise for a single user in a json object + if (args.id === 'me') { + args = {id: this.user}; + } + return dataProvider.User.read(args); }, @@ -83,6 +87,7 @@ users = { // **takes:** a json object representing a user edit: function edit(userData) { // **returns:** a promise for the resulting user in a json object + userData.id = this.user; return dataProvider.User.edit(userData); }, @@ -223,8 +228,12 @@ settings = { // takes the API method and wraps it so that it gets data from the request and returns a sensible JSON response requestHandler = function (apiMethod) { return function (req, res) { - var options = _.extend(req.body, req.query, req.params); - return apiMethod(options).then(function (result) { + var options = _.extend(req.body, req.query, req.params), + apiContext = { + user: req.session && req.session.user + }; + + return apiMethod.call(apiContext, options).then(function (result) { res.json(result || {}); }, function (error) { res.json(400, {error: error}); @@ -273,4 +282,4 @@ module.exports.users = users; module.exports.notifications = notifications; module.exports.settings = settings; module.exports.requestHandler = requestHandler; -module.exports.cachedSettingsRequestHandler = cachedSettingsRequestHandler; \ No newline at end of file +module.exports.cachedSettingsRequestHandler = cachedSettingsRequestHandler; diff --git a/core/server/controllers/admin.js b/core/server/controllers/admin.js index 4fbfc58250..098d181d73 100644 --- a/core/server/controllers/admin.js +++ b/core/server/controllers/admin.js @@ -94,15 +94,15 @@ adminControllers = { }, 'auth': function (req, res) { api.users.check({email: req.body.email, pw: req.body.password}).then(function (user) { - req.session.user = "ghostadmin"; + req.session.user = user.id; res.json(200, {redirect: req.query.r ? '/ghost/' + req.query.r : '/ghost/'}); }, function (error) { - res.send(401); + res.send(401, error.message); }); }, changepw: function (req, res) { api.users.changePassword({ - email: req.body.email, + currentUser: req.session.user, oldpw: req.body.password, newpw: req.body.newpassword, ne2pw: req.body.ne2password @@ -330,4 +330,4 @@ adminControllers = { } }; -module.exports = adminControllers; \ No newline at end of file +module.exports = adminControllers; diff --git a/core/server/models/base.js b/core/server/models/base.js index 3a0fb51086..f27d1df0a0 100644 --- a/core/server/models/base.js +++ b/core/server/models/base.js @@ -79,7 +79,7 @@ GhostBookshelf.Model = GhostBookshelf.Model.extend({ edit: function (editedObj, options) { options = options || {}; return this.forge({id: editedObj.id}).fetch(options).then(function (foundObj) { - return foundObj.set(editedObj).save(); + return foundObj.save(editedObj); }); }, @@ -117,4 +117,4 @@ GhostBookshelf.Model = GhostBookshelf.Model.extend({ }); -module.exports = GhostBookshelf; \ No newline at end of file +module.exports = GhostBookshelf; diff --git a/core/server/models/user.js b/core/server/models/user.js index b57e7b8abe..19c7ac978b 100644 --- a/core/server/models/user.js +++ b/core/server/models/user.js @@ -91,18 +91,18 @@ User = GhostBookshelf.Model.extend({ * whether there's anyone registered at all. This is due to #138 * @author javorszky */ - /** - return this.forge({email_address: userData.email_address}).fetch().then(function (user) { - if (!!user.attributes.email_address) { - return when.reject(new Error('A user with that email address already exists.')); - } - return nodefn.call(bcrypt.hash, _user.password, null, null).then(function (hash) { - userData.password = hash; - return GhostBookshelf.Model.add.call(User, userData); - }); - }); - */ + // return this.forge({email_address: userData.email_address}).fetch().then(function (user) { + // if (user !== null) { + // return when.reject(new Error('A user with that email address already exists.')); + // } + // return nodefn.call(bcrypt.hash, _user.password, null, null).then(function (hash) { + // userData.password = hash; + // GhostBookshelf.Model.add.call(UserRole, userRoles); + // return GhostBookshelf.Model.add.call(User, userData); + // }, errors.logAndThrowError); + // }, errors.logAndThrowError); + }, // Finds the user by email, and checks the password @@ -116,7 +116,9 @@ User = GhostBookshelf.Model.extend({ } return user; }, errors.logAndThrowError); - }, errors.logAndThrowError); + }, function (error) { + return when.reject(new Error('Email address or password is incorrect')); + }); }, /** @@ -125,7 +127,7 @@ User = GhostBookshelf.Model.extend({ * */ changePassword: function (_userdata) { - var email = _userdata.email, + var userid = _userdata.currentUser, oldPassword = _userdata.oldpw, newPassword = _userdata.newpw, ne2Password = _userdata.ne2pw; @@ -135,7 +137,7 @@ User = GhostBookshelf.Model.extend({ } return this.forge({ - email_address: email + id: userid }).fetch({require: true}).then(function (user) { return nodefn.call(bcrypt.compare, oldPassword, user.get('password')) .then(function (matched) { diff --git a/core/server/views/partials/navbar.hbs b/core/server/views/partials/navbar.hbs index 1737b6eabd..df73a91aac 100644 --- a/core/server/views/partials/navbar.hbs +++ b/core/server/views/partials/navbar.hbs @@ -9,8 +9,8 @@