Infrastructure/ghost
0
Fork 0
mirror of https://github.com/TryGhost/Ghost.git synced 2025-02-10 23:36:14 -05:00
Code Issues Activity

Current user added

Browse source 
Closes #340. Closes #375
* Replaced session with id of current user
* Added method to ghostlocals to always send profile picture and full name to templates (template checks if falsy)
* Modified user saving (`forge().set(new).save()` died on me, `forge().save(new)` didn't)
* If user has profile picture, that will be used
* If user has name, that will be used
* Password changing doesn't care about your email. Uses cookies. Tasty!
* User pane uses current user id. Had to set path to me, otherwise goes to `browse` instead of `read`.
* Added logic to user api to check for `id === 'me'`, and then use the cookie value
* User data saves are now correct
* There is no logout error
This commit is contained in:
Gabor Javorszky 2013-08-09 02:22:49 +01:00
parent ab90e3601a
commit f6d164b5d8
10 changed files with 65 additions and 43 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
core/client/models/user.js
View file

@ -3,7 +3,7 @@
"use strict";
Ghost.Models.User = Backbone.Model.extend({
url: Ghost.settings.apiRoot + '/users/1'
url: Ghost.settings.apiRoot + '/users/me'
});
// Ghost.Collections.Users = Backbone.Collection.extend({

2
core/client/views/login.js
View file

@ -60,7 +60,7 @@
error: function (obj, string, status) {
Ghost.notifications.addItem({
type: 'error',
message: 'Invalid username or password',
message: obj.responseText,
status: 'passive'
});
}

3
core/client/views/settings.js
View file

@ -184,6 +184,7 @@
'click .button-change-password': 'changePassword'
},
saveUser: function () {
this.model.save({
'full_name': this.$('#user-name').val(),
@ -203,7 +204,6 @@
event.preventDefault();
var self = this,
email = this.$('#user-email').val(),
oldPassword = this.$('#user-password-old').val(),
newPassword = this.$('#user-password-new').val(),
ne2Password = this.$('#user-new-password-verification').val();
@ -217,7 +217,6 @@
url: '/ghost/changepw/',
type: 'POST',
data: {
email: email,
password: oldPassword,
newpassword: newPassword,
ne2password: ne2Password

13
core/server/api.js
View file

@ -75,6 +75,10 @@ users = {
// **takes:** an identifier (id or slug?)
read: function read(args) {
// **returns:** a promise for a single user in a json object
if (args.id === 'me') {
args = {id: this.user};
}
return dataProvider.User.read(args);
},
@ -83,6 +87,7 @@ users = {
// **takes:** a json object representing a user
edit: function edit(userData) {
// **returns:** a promise for the resulting user in a json object
userData.id = this.user;
return dataProvider.User.edit(userData);
},
@ -223,8 +228,12 @@ settings = {
// takes the API method and wraps it so that it gets data from the request and returns a sensible JSON response
requestHandler = function (apiMethod) {
return function (req, res) {
var options = _.extend(req.body, req.query, req.params);
return apiMethod(options).then(function (result) {
var options = _.extend(req.body, req.query, req.params),
apiContext = {
user: req.session && req.session.user
};
return apiMethod.call(apiContext, options).then(function (result) {
res.json(result || {});
}, function (error) {
res.json(400, {error: error});

6
core/server/controllers/admin.js
View file

@ -94,15 +94,15 @@ adminControllers = {
},
'auth': function (req, res) {
api.users.check({email: req.body.email, pw: req.body.password}).then(function (user) {
req.session.user = "ghostadmin";
req.session.user = user.id;
res.json(200, {redirect: req.query.r ? '/ghost/' + req.query.r : '/ghost/'});
}, function (error) {
res.send(401);
res.send(401, error.message);
});
},
changepw: function (req, res) {
api.users.changePassword({
email: req.body.email,
currentUser: req.session.user,
oldpw: req.body.password,
newpw: req.body.newpassword,
ne2pw: req.body.ne2password

2
core/server/models/base.js
View file

@ -79,7 +79,7 @@ GhostBookshelf.Model = GhostBookshelf.Model.extend({
edit: function (editedObj, options) {
options = options || {};
return this.forge({id: editedObj.id}).fetch(options).then(function (foundObj) {
return foundObj.set(editedObj).save();
return foundObj.save(editedObj);
});
},

30
core/server/models/user.js
View file

@ -91,18 +91,18 @@ User = GhostBookshelf.Model.extend({
* whether there's anyone registered at all. This is due to #138
* @author javorszky
*/
/**
return this.forge({email_address: userData.email_address}).fetch().then(function (user) {
if (!!user.attributes.email_address) {
return when.reject(new Error('A user with that email address already exists.'));
}
return nodefn.call(bcrypt.hash, _user.password, null, null).then(function (hash) {
userData.password = hash;
return GhostBookshelf.Model.add.call(User, userData);
});
});
*/
// return this.forge({email_address: userData.email_address}).fetch().then(function (user) {
// if (user !== null) {
// return when.reject(new Error('A user with that email address already exists.'));
// }
// return nodefn.call(bcrypt.hash, _user.password, null, null).then(function (hash) {
// userData.password = hash;
// GhostBookshelf.Model.add.call(UserRole, userRoles);
// return GhostBookshelf.Model.add.call(User, userData);
// }, errors.logAndThrowError);
// }, errors.logAndThrowError);
},
// Finds the user by email, and checks the password
@ -116,7 +116,9 @@ User = GhostBookshelf.Model.extend({
}
return user;
}, errors.logAndThrowError);
}, errors.logAndThrowError);
}, function (error) {
return when.reject(new Error('Email address or password is incorrect'));
});
},
/**
@ -125,7 +127,7 @@ User = GhostBookshelf.Model.extend({
*
*/
changePassword: function (_userdata) {
var email = _userdata.email,
var userid = _userdata.currentUser,
oldPassword = _userdata.oldpw,
newPassword = _userdata.newpw,
ne2Password = _userdata.ne2pw;
@ -135,7 +137,7 @@ User = GhostBookshelf.Model.extend({
}
return this.forge({
email_address: email
id: userid
}).fetch({require: true}).then(function (user) {
return nodefn.call(bcrypt.compare, oldPassword, user.get('password'))
.then(function (matched) {

4
core/server/views/partials/navbar.hbs
View file

@ -9,8 +9,8 @@
<li id="usermenu" class="subnav">
<a href="#" data-toggle="ul" class="dropdown">
<img class="avatar" src="/public/img/user.jpg" alt="Avatar" />
<span class="name">Ghost v{{version}}</span>
<img class="avatar" src="{{#if currentUser.profile}}{{currentUser.profile}}{{else}}/public/img/user.jpg{{/if}}" alt="Avatar" />
<span class="name">{{#if currentUser.name}}{{currentUser.name}}{{else}}Ghost{{/if}} v{{version}}</span>
</a>
<ul class="overlay">
<li class="usermenu-profile"><a href="#">Your Profile</a></li>

32
index.js
View file

@ -40,10 +40,8 @@ function auth(req, res, next) {
req.flash('warn', "Please login");
redirect = '?r=' + encodeURIComponent(path);
}
return res.redirect('/ghost/login/' + redirect);
}
next();
}
@ -88,15 +86,29 @@ function ghostLocals(req, res, next) {
next();
});
} else {
_.extend(res.locals, {
// pass the admin flash messages, settings and paths
messages: ghost.notifications,
settings: ghost.settings(),
availableThemes: ghost.paths().availableThemes,
availablePlugins: ghost.paths().availablePlugins
api.users.read({id: req.session.user}).then(function (currentUser) {
_.extend(res.locals, {
// pass the admin flash messages, settings and paths
messages: ghost.notifications,
settings: ghost.settings(),
availableThemes: ghost.paths().availableThemes,
availablePlugins: ghost.paths().availablePlugins,
currentUser: {
name: currentUser.attributes.full_name,
profile: currentUser.attributes.profile_picture
}
});
next();
}).otherwise(function () {
_.extend(res.locals, {
// pass the admin flash messages, settings and paths
messages: ghost.notifications,
settings: ghost.settings(),
availableThemes: ghost.paths().availableThemes,
availablePlugins: ghost.paths().availablePlugins
});
next();
});
next();
}
}