Sign upLogin

TryGhost/Ghost

View on GitHub
Star
ghost/admin/app/controllers/signin.js

Summary

Maintainability
A
0 mins
Test Coverage
// TODO: bump lint rules to be able to take advantage of https://github.com/ember-cli/eslint-plugin-ember/issues/560
/* eslint-disable ghost/ember/alias-model-in-controller */

import Controller, {inject as controller} from '@ember/controller';
import ValidationEngine from 'ghost-admin/mixins/validation-engine';
import {action} from '@ember/object';
import {htmlSafe} from '@ember/template';
import {inject} from 'ghost-admin/decorators/inject';
import {isArray as isEmberArray} from '@ember/array';
import {isVersionMismatchError} from 'ghost-admin/services/ajax';
import {inject as service} from '@ember/service';
import {task} from 'ember-concurrency';
import {tracked} from '@glimmer/tracking';

export default class SigninController extends Controller.extend(ValidationEngine) {
    @controller application;

    @service ajax;
    @service ghostPaths;
    @service notifications;
    @service session;
    @service settings;

    @inject config;

    @tracked submitting = false;
    @tracked loggingIn = false;
    @tracked flowNotification = '';
    @tracked flowErrors = '';
    @tracked passwordResetEmailSent = false;

    // ValidationEngine settings
    validationType = 'signin';

    authProperties = ['identification', 'password'];

    get signin() {
        return this.model;
    }

    @action
    handleInput(event) {
        this.signin[event.target.name] = event.target.value;
    }

    @action
    validateProperty(property) {
        return this.validate({property});
    }

    @task({drop: true})
    *authenticateTask(authStrategy, authentication) {
        try {
            return yield this.session
                .authenticate(authStrategy, ...authentication)
                .then(() => true); // ensure task button transitions to "success" state
        } catch (error) {
            if (isVersionMismatchError(error)) {
                return this.notifications.showAPIError(error);
            }

            this.signin.errors.clear();

            if (error && error.payload && error.payload.errors) {
                let [mainError] = error.payload.errors;

                mainError.message = htmlSafe(mainError.message || '');
                mainError.context = htmlSafe(mainError.context || '');

                this.flowErrors = (mainError.context.string || mainError.message.string);

                if (mainError.type === 'TooManyRequestsError') {
                    // Prefer full message in this case
                    this.flowErrors = mainError.message.string;
                }

                if (mainError.type === 'PasswordResetRequiredError') {
                    this.passwordResetEmailSent = true;
                }

                if (mainError.context.string.match(/user with that email/i)) {
                    this.signin.errors.add('identification', '');
                }

                if (mainError.context.string.match(/password is incorrect/i)) {
                    this.signin.errors.add('password', '');
                }
            } else {
                console.error(error); // eslint-disable-line no-console
                // Connection errors don't return proper status message, only req.body
                this.notifications.showAlert(
                    'There was a problem on the server.',
                    {type: 'error', key: 'session.authenticate.failed'}
                );
            }

            return false;
        }
    }

    @task({drop: true})
    *validateAndAuthenticateTask() {
        let signin = this.signin;
        let authStrategy = 'authenticator:cookie';

        this.flowErrors = '';

        // This is a bit dirty, but there's no other way to ensure the properties are set as well as 'signin'
        this.hasValidated.addObjects(this.authProperties);

        try {
            yield this.validate({property: 'signin'});
            return yield this.authenticateTask
                .perform(authStrategy, [signin.identification, signin.password]);
        } catch (error) {
            this.flowErrors = 'Please fill out the form to sign in.';
        }
    }

    @task
    *forgotPasswordTask() {
        let email = this.signin.identification;
        let forgottenUrl = this.ghostPaths.url.api('authentication', 'password_reset');
        let notifications = this.notifications;

        this.flowErrors = '';
        this.flowNotification = '';
        // This is a bit dirty, but there's no other way to ensure the properties are set as well as 'forgotPassword'
        this.hasValidated.addObject('identification');

        try {
            yield this.validate({property: 'forgotPassword'});
            yield this.ajax.post(forgottenUrl, {data: {password_reset: [{email}]}});
            this.flowNotification = 'An email with password reset instructions has been sent.';
            return true;
        } catch (error) {
            // ValidationEngine throws "undefined" for failed validation
            if (!error) {
                return this.flowErrors = 'We need your email address to reset your password.';
            }

            if (isVersionMismatchError(error)) {
                return notifications.showAPIError(error);
            }

            if (error && error.payload && error.payload.errors && isEmberArray(error.payload.errors)) {
                let [{message}] = error.payload.errors;

                this.flowErrors = message;

                if (message.match(/no user|not found/)) {
                    this.signin.errors.add('identification', '');
                }
            } else {
                notifications.showAPIError(error, {defaultErrorText: 'There was a problem with the reset, please try again.', key: 'forgot-password.send'});
            }
        }
    }
}