OpenSourceArk/Ghost
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
2627dd6aa0
Ghost/ghost/admin/app/services/session.js

175 lines
5.4 KiB
JavaScript
Raw Normal View History

Made `session.user` a synchronous property rather than a promise no issue Having `session.user` return a promise made dealing with it in components difficult because you always had to remember it returned a promise rather than a model and had to handle the async behaviour. It also meant that you couldn't use any current user properties directly inside getters which made refactors to Glimmer/Octane idioms harder to reason about. `session.user` was a cached computed property so it really made no sense for it to be a promise - it was loaded on first access and then always returned instantly but with a fulfilled promise rather than the underlying model. Refactoring to a synchronous property that is loaded as part of the authentication flows (we load the current user to check that we're logged in - we may as well make use of that!) means one less thing to be aware of/remember and provides a nicer migration process to Glimmer components. As part of the refactor, the auth flows and pre-load of required data across other services was also simplified to make it easier to find and follow. - refactored app setup and `session.user` - added `session.populateUser()` that fetches a user model from the current user endpoint and sets it on `session.user` - removed knowledge of app setup from the `cookie` authenticator and moved it into = `session.postAuthPreparation()`, this means we have the same post-authentication setup no matter which authenticator is used so we have more consistent behaviour in tests which don't use the `cookie` authenticator - switched `session` service to native class syntax to get the expected `super()` behaviour - updated `handleAuthentication()` so it populate's `session.user` and performs post-auth setup before transitioning (handles sign-in after app load) - updated `application` route to remove duplicated knowledge of app preload behaviour that now lives in `session.postAuthPreparation()` (handles already-authed app load) - removed out-of-date attempt at pre-loading data from setup controller as that's now handled automatically via `session.handleAuthentication` - updated app code to not treat `session.user` as a promise - predominant usage was router `beforeModel` hooks that transitioned users without valid permissions, this sets us up for an easier removal of the `current-user-settings` mixin in the future
2021-07-08 16:37:31 +03:00
import ESASessionService from 'ember-simple-auth/services/session';
import RSVP from 'rsvp';
Fixed @sentry/browser imports no issue - needed for embroider compatibility - the package we have installed is `@sentry/ember` not `@sentry/browser` so the imports fail when built by webpack
2022-09-24 14:25:00 +03:00
import {configureScope} from '@sentry/ember';
Removed usage of deprecated EmberSimpleAuth mixins (#1910) refs https://github.com/TryGhost/Admin/pull/1901 Ember has deprecated mixins in preparation for 4.0 and `ember-simple-auth` has now done the same in 3.1.0. - removed all imports of Ember Simple Auth mixins - moved authenticated and invalidated handling from application route to session service - moved server-notification loading from application route to session service - updated `AuthenticatedRoute` to use the session service directly rather than authenticated route mixin - added `UnauthenticatedRoute` that incorporates the behaviour from our overridden `UnauthenticatedRouteMixin` and switches to using the session service directly
2021-04-12 15:21:57 +03:00
import {getOwner} from '@ember/application';
Added PostHog identify calls in admin using hashed email address of user (#19685) refs PA-24 - Added PostHog identify() calls using the user's hashed email address when a user is logged into admin - Added PostHog reset() calls to reset PostHog's distinct_id when a user logs out of admin - These events will only be sent in Admin running on Ghost(Pro), and won't impact self-hosted instances.
2024-02-14 00:23:03 +03:00
import {identifyUser, resetUser} from '../utils/analytics';
Fixed hosting management screen not loading after sign-in process (#15763) refs https://github.com/TryGhost/Team/issues/2110 - dynamically defined properties on the config service did not have autotracking set up properly if they were accessed in any way before the property was defined, this caused problems in a number of areas because we have both "unauthed" and "authed" sets of config and when not logged in we had parts of the app checking for authed config properties that don't exist until after sign-in and subsequent config re-fetch - renamed `config` service to `configManager` and updated to only contain methods for fetching config data - added a `config` instance initializer that sets up a `TrackedObject` instance with some custom properties/methods and registers it on `config:main` - uses application instance initializer rather than a standard initializer because standard initializers are only called once when setting up the test suite so we'd end up with config leaking across tests - added an `@inject` decorator that when used takes the property name and injects whatever is registered at `${propertyName}:main`, this allows us to use dependency injection for any object rather than just services or controllers - using `application.inject()` in the initializer was initially used but that only works for objects that extend from `EmberObject`, the injections weren't available in native-class glimmer components so this decorator keeps the injection syntax consistent - swapped all `@service config` uses to `@inject config`
2022-11-03 14:14:36 +03:00
import {inject} from 'ghost-admin/decorators/inject';
Removed usage of deprecated EmberSimpleAuth mixins (#1910) refs https://github.com/TryGhost/Admin/pull/1901 Ember has deprecated mixins in preparation for 4.0 and `ember-simple-auth` has now done the same in 3.1.0. - removed all imports of Ember Simple Auth mixins - moved authenticated and invalidated handling from application route to session service - moved server-notification loading from application route to session service - updated `AuthenticatedRoute` to use the session service directly rather than authenticated route mixin - added `UnauthenticatedRoute` that incorporates the behaviour from our overridden `UnauthenticatedRouteMixin` and switches to using the session service directly
2021-04-12 15:21:57 +03:00
import {run} from '@ember/runloop';
Match service/controller import to ember-modules-codemod style for consistency no issue Automated tools, code generators, and editor integrations are increasingly standardising on the import style used in `ember-modules-codemod`. Our import style differed a little with regards to service/controller injection imports which meant we were starting to see inconsistent naming.
2017-10-30 12:38:01 +03:00
import {inject as service} from '@ember/service';
Improved authentication timing in setup flow https://github.com/TryGhost/Admin/pull/2286 - `session.authenticate()` returns from it's promise as soon as the authenticate request is completed but it was assumed that it returned after the `session.handleAuthentication()` promise was also completed. A side-effect of that was that depending on network timing, the setup flow could transition to the dashboard before we had loaded all of the necessary user, config, and settings requests - normally that's not a problem because `handleAuthentication()` kicks off a transition once authentication is fully complete, in the setup flow we're handling the transition manually so need a way to manage the full async flow from outside of the session service - it didn't show up as a problem previously because the setup flow transitioned to a third setup screen that didn't require all of the post-auth data to exist - moved the async parts of `session.handleAuthentication()` into a task and updated to return the currently running task instance if one was already running - lets code that is relying on the full authentication flow to have completed call `await this.session.handleAuthentication()` without causing a double-load of the post-auth API requests - updated setup flow - removed manual `session.populateUser()` call as that was a workaround for the async timing issue and caused a double-fetch of the current user API endpoint - added an `await this.session.handleAuthentication()` call to the manual post-auth handler so we don't transition until the full auth flow is complete
2022-03-10 14:53:30 +03:00
import {task} from 'ember-concurrency';
Made `session.user` a synchronous property rather than a promise no issue Having `session.user` return a promise made dealing with it in components difficult because you always had to remember it returned a promise rather than a model and had to handle the async behaviour. It also meant that you couldn't use any current user properties directly inside getters which made refactors to Glimmer/Octane idioms harder to reason about. `session.user` was a cached computed property so it really made no sense for it to be a promise - it was loaded on first access and then always returned instantly but with a fulfilled promise rather than the underlying model. Refactoring to a synchronous property that is loaded as part of the authentication flows (we load the current user to check that we're logged in - we may as well make use of that!) means one less thing to be aware of/remember and provides a nicer migration process to Glimmer components. As part of the refactor, the auth flows and pre-load of required data across other services was also simplified to make it easier to find and follow. - refactored app setup and `session.user` - added `session.populateUser()` that fetches a user model from the current user endpoint and sets it on `session.user` - removed knowledge of app setup from the `cookie` authenticator and moved it into = `session.postAuthPreparation()`, this means we have the same post-authentication setup no matter which authenticator is used so we have more consistent behaviour in tests which don't use the `cookie` authenticator - switched `session` service to native class syntax to get the expected `super()` behaviour - updated `handleAuthentication()` so it populate's `session.user` and performs post-auth setup before transitioning (handles sign-in after app load) - updated `application` route to remove duplicated knowledge of app preload behaviour that now lives in `session.postAuthPreparation()` (handles already-authed app load) - removed out-of-date attempt at pre-loading data from setup controller as that's now handled automatically via `session.handleAuthentication` - updated app code to not treat `session.user` as a promise - predominant usage was router `beforeModel` hooks that transitioned users without valid permissions, this sets us up for an easier removal of the `current-user-settings` mixin in the future
2021-07-08 16:37:31 +03:00
import {tracked} from '@glimmer/tracking';
deps: ember-simple-auth@1.0.0 closes #5951 - update to esa 1.0
2015-10-18 21:17:02 +03:00
Made `session.user` a synchronous property rather than a promise no issue Having `session.user` return a promise made dealing with it in components difficult because you always had to remember it returned a promise rather than a model and had to handle the async behaviour. It also meant that you couldn't use any current user properties directly inside getters which made refactors to Glimmer/Octane idioms harder to reason about. `session.user` was a cached computed property so it really made no sense for it to be a promise - it was loaded on first access and then always returned instantly but with a fulfilled promise rather than the underlying model. Refactoring to a synchronous property that is loaded as part of the authentication flows (we load the current user to check that we're logged in - we may as well make use of that!) means one less thing to be aware of/remember and provides a nicer migration process to Glimmer components. As part of the refactor, the auth flows and pre-load of required data across other services was also simplified to make it easier to find and follow. - refactored app setup and `session.user` - added `session.populateUser()` that fetches a user model from the current user endpoint and sets it on `session.user` - removed knowledge of app setup from the `cookie` authenticator and moved it into = `session.postAuthPreparation()`, this means we have the same post-authentication setup no matter which authenticator is used so we have more consistent behaviour in tests which don't use the `cookie` authenticator - switched `session` service to native class syntax to get the expected `super()` behaviour - updated `handleAuthentication()` so it populate's `session.user` and performs post-auth setup before transitioning (handles sign-in after app load) - updated `application` route to remove duplicated knowledge of app preload behaviour that now lives in `session.postAuthPreparation()` (handles already-authed app load) - removed out-of-date attempt at pre-loading data from setup controller as that's now handled automatically via `session.handleAuthentication` - updated app code to not treat `session.user` as a promise - predominant usage was router `beforeModel` hooks that transitioned users without valid permissions, this sets us up for an easier removal of the `current-user-settings` mixin in the future
2021-07-08 16:37:31 +03:00
export default class SessionService extends ESASessionService {
Fixed hosting management screen not loading after sign-in process (#15763) refs https://github.com/TryGhost/Team/issues/2110 - dynamically defined properties on the config service did not have autotracking set up properly if they were accessed in any way before the property was defined, this caused problems in a number of areas because we have both "unauthed" and "authed" sets of config and when not logged in we had parts of the app checking for authed config properties that don't exist until after sign-in and subsequent config re-fetch - renamed `config` service to `configManager` and updated to only contain methods for fetching config data - added a `config` instance initializer that sets up a `TrackedObject` instance with some custom properties/methods and registers it on `config:main` - uses application instance initializer rather than a standard initializer because standard initializers are only called once when setting up the test suite so we'd end up with config leaking across tests - added an `@inject` decorator that when used takes the property name and injects whatever is registered at `${propertyName}:main`, this allows us to use dependency injection for any object rather than just services or controllers - using `application.inject()` in the initializer was initially used but that only works for objects that extend from `EmberObject`, the injections weren't available in native-class glimmer components so this decorator keeps the injection syntax consistent - swapped all `@service config` uses to `@inject config`
2022-11-03 14:14:36 +03:00
@service configManager;
Made `session.user` a synchronous property rather than a promise no issue Having `session.user` return a promise made dealing with it in components difficult because you always had to remember it returned a promise rather than a model and had to handle the async behaviour. It also meant that you couldn't use any current user properties directly inside getters which made refactors to Glimmer/Octane idioms harder to reason about. `session.user` was a cached computed property so it really made no sense for it to be a promise - it was loaded on first access and then always returned instantly but with a fulfilled promise rather than the underlying model. Refactoring to a synchronous property that is loaded as part of the authentication flows (we load the current user to check that we're logged in - we may as well make use of that!) means one less thing to be aware of/remember and provides a nicer migration process to Glimmer components. As part of the refactor, the auth flows and pre-load of required data across other services was also simplified to make it easier to find and follow. - refactored app setup and `session.user` - added `session.populateUser()` that fetches a user model from the current user endpoint and sets it on `session.user` - removed knowledge of app setup from the `cookie` authenticator and moved it into = `session.postAuthPreparation()`, this means we have the same post-authentication setup no matter which authenticator is used so we have more consistent behaviour in tests which don't use the `cookie` authenticator - switched `session` service to native class syntax to get the expected `super()` behaviour - updated `handleAuthentication()` so it populate's `session.user` and performs post-auth setup before transitioning (handles sign-in after app load) - updated `application` route to remove duplicated knowledge of app preload behaviour that now lives in `session.postAuthPreparation()` (handles already-authed app load) - removed out-of-date attempt at pre-loading data from setup controller as that's now handled automatically via `session.handleAuthentication` - updated app code to not treat `session.user` as a promise - predominant usage was router `beforeModel` hooks that transitioned users without valid permissions, this sets us up for an easier removal of the `current-user-settings` mixin in the future
2021-07-08 16:37:31 +03:00
@service('store') dataStore;
@service feature;
Added pre-emptive fetch of editor module after logging in to Admin no issue Reduces likelihood of seeing the "Loading editor..." state when accessing the editor by fetching the editor module in the background after login. - added `koenig` service - `.resource` getter for returning a React suspense resource object to reduce duplication across main editor and HTML input components - `.fetch()` method that fetches the Koenig module, avoids concurrent or repeated fetches by utilising an internal `._fetchTask` ember-concurrency task - updated Koenig components to use the `koenig` service and associated resource for fetching the module - required setting up `editorResource` inside the component's class and passing it in as a prop to the suspense-aware components as we need access to Ember's dependency injection available in the class - added `koenig.fetch()` call to our post-login code in the `session` service so the fetch is started before the editor is accessed
2023-10-04 19:36:24 +03:00
@service koenig;
Made `session.user` a synchronous property rather than a promise no issue Having `session.user` return a promise made dealing with it in components difficult because you always had to remember it returned a promise rather than a model and had to handle the async behaviour. It also meant that you couldn't use any current user properties directly inside getters which made refactors to Glimmer/Octane idioms harder to reason about. `session.user` was a cached computed property so it really made no sense for it to be a promise - it was loaded on first access and then always returned instantly but with a fulfilled promise rather than the underlying model. Refactoring to a synchronous property that is loaded as part of the authentication flows (we load the current user to check that we're logged in - we may as well make use of that!) means one less thing to be aware of/remember and provides a nicer migration process to Glimmer components. As part of the refactor, the auth flows and pre-load of required data across other services was also simplified to make it easier to find and follow. - refactored app setup and `session.user` - added `session.populateUser()` that fetches a user model from the current user endpoint and sets it on `session.user` - removed knowledge of app setup from the `cookie` authenticator and moved it into = `session.postAuthPreparation()`, this means we have the same post-authentication setup no matter which authenticator is used so we have more consistent behaviour in tests which don't use the `cookie` authenticator - switched `session` service to native class syntax to get the expected `super()` behaviour - updated `handleAuthentication()` so it populate's `session.user` and performs post-auth setup before transitioning (handles sign-in after app load) - updated `application` route to remove duplicated knowledge of app preload behaviour that now lives in `session.postAuthPreparation()` (handles already-authed app load) - removed out-of-date attempt at pre-loading data from setup controller as that's now handled automatically via `session.handleAuthentication` - updated app code to not treat `session.user` as a promise - predominant usage was router `beforeModel` hooks that transitioned users without valid permissions, this sets us up for an easier removal of the `current-user-settings` mixin in the future
2021-07-08 16:37:31 +03:00
@service notifications;
@service router;
🐛 Fixed settings previews not working in private site mode (#2128) closes https://github.com/TryGhost/Team/issues/1161 - when a site is in private mode, design previews, the portal previews on membership, customize portal and offer pages were unable to load. - For design and theme previews, the request to fetch preview data was failing due to cors and cookie not attached when admin and frontend have split urls. - For portal and offer previews, there was no authentication done on private site before load, so if user opened the pages directly on them it failed to load the site. - this change adds a new service that authenticates private site from admin as soon as user session is loaded, so previews on settings will always find the authenticated session for private sites and load correctly. - it also updates fetch method for previews to include credentials so they are always able to fetch the site data after login - removes authentication from site route since that was done as its now centrally taken care of by the frontend service
2021-10-28 15:59:41 +03:00
@service frontend;
Made `session.user` a synchronous property rather than a promise no issue Having `session.user` return a promise made dealing with it in components difficult because you always had to remember it returned a promise rather than a model and had to handle the async behaviour. It also meant that you couldn't use any current user properties directly inside getters which made refactors to Glimmer/Octane idioms harder to reason about. `session.user` was a cached computed property so it really made no sense for it to be a promise - it was loaded on first access and then always returned instantly but with a fulfilled promise rather than the underlying model. Refactoring to a synchronous property that is loaded as part of the authentication flows (we load the current user to check that we're logged in - we may as well make use of that!) means one less thing to be aware of/remember and provides a nicer migration process to Glimmer components. As part of the refactor, the auth flows and pre-load of required data across other services was also simplified to make it easier to find and follow. - refactored app setup and `session.user` - added `session.populateUser()` that fetches a user model from the current user endpoint and sets it on `session.user` - removed knowledge of app setup from the `cookie` authenticator and moved it into = `session.postAuthPreparation()`, this means we have the same post-authentication setup no matter which authenticator is used so we have more consistent behaviour in tests which don't use the `cookie` authenticator - switched `session` service to native class syntax to get the expected `super()` behaviour - updated `handleAuthentication()` so it populate's `session.user` and performs post-auth setup before transitioning (handles sign-in after app load) - updated `application` route to remove duplicated knowledge of app preload behaviour that now lives in `session.postAuthPreparation()` (handles already-authed app load) - removed out-of-date attempt at pre-loading data from setup controller as that's now handled automatically via `session.handleAuthentication` - updated app code to not treat `session.user` as a promise - predominant usage was router `beforeModel` hooks that transitioned users without valid permissions, this sets us up for an easier removal of the `current-user-settings` mixin in the future
2021-07-08 16:37:31 +03:00
@service settings;
🎨 Added ability to upload a feature image by drag and dropping an image file refs https://github.com/TryGhost/Team/issues/884 Drop-to-upload functionality was lost in the first version of the new feature image uploader inside the main editor area, this adds it back in. - fixed dropzone flickering issue by switching the event listeners to the capture rather than bubble phase so we can indicate a drag is occurring on the body without each individual drag/drop handler needing to know about it - moved the event handler init/cleanup to the `ui` service - moved the event handler init call to the application service as it no longer requires auth to have occurred for access to the labs flag setting - removed the `featureImgDragDrop` labs flag
2021-08-31 16:21:00 +03:00
@service ui;
Made `session.user` a synchronous property rather than a promise no issue Having `session.user` return a promise made dealing with it in components difficult because you always had to remember it returned a promise rather than a model and had to handle the async behaviour. It also meant that you couldn't use any current user properties directly inside getters which made refactors to Glimmer/Octane idioms harder to reason about. `session.user` was a cached computed property so it really made no sense for it to be a promise - it was loaded on first access and then always returned instantly but with a fulfilled promise rather than the underlying model. Refactoring to a synchronous property that is loaded as part of the authentication flows (we load the current user to check that we're logged in - we may as well make use of that!) means one less thing to be aware of/remember and provides a nicer migration process to Glimmer components. As part of the refactor, the auth flows and pre-load of required data across other services was also simplified to make it easier to find and follow. - refactored app setup and `session.user` - added `session.populateUser()` that fetches a user model from the current user endpoint and sets it on `session.user` - removed knowledge of app setup from the `cookie` authenticator and moved it into = `session.postAuthPreparation()`, this means we have the same post-authentication setup no matter which authenticator is used so we have more consistent behaviour in tests which don't use the `cookie` authenticator - switched `session` service to native class syntax to get the expected `super()` behaviour - updated `handleAuthentication()` so it populate's `session.user` and performs post-auth setup before transitioning (handles sign-in after app load) - updated `application` route to remove duplicated knowledge of app preload behaviour that now lives in `session.postAuthPreparation()` (handles already-authed app load) - removed out-of-date attempt at pre-loading data from setup controller as that's now handled automatically via `session.handleAuthentication` - updated app code to not treat `session.user` as a promise - predominant usage was router `beforeModel` hooks that transitioned users without valid permissions, this sets us up for an easier removal of the `current-user-settings` mixin in the future
2021-07-08 16:37:31 +03:00
@service upgradeStatus;
@service whatsNew;
Added linking between member and subscription created events (#15693) fixes https://github.com/TryGhost/Team/issues/2160 - Adds a `batch_id` to both events that contain the same ID if they were created at the same time. - Removes duplicate signup/conversion events using the batch_id - Requires an update in mongo-knex to work (refs https://ghost.slack.com/archives/C02G9E68C/p1666773313272409?thread_ts=1666767872.375009&cid=C02G9E68C) - Some dependencies needed an update to load the latest mongo-knex - Added tiers to membersUtils, loaded on startup (we can start to use this instead of fetching it every time)
2022-10-27 12:44:19 +03:00
@service membersUtils;
Added visible theme errors in admin (#16081) refs https://github.com/TryGhost/Team/issues/2393 - During boot and loading the active theme, we now cache the result of the gscan validation. Cache configuration can happen in `adapters.cache.gscan` - We now also return non-fatal errors when activating or adding a theme. - When the `themeErrorsNotification` feature flag is on, we fetch the active theme (which includes the validation information) when loading admin - If the currently active theme has errors, we show an error notification that can open the error modal - Added a new endpoint: `/ghost/api/admin/themes/active/` that returns the result of the last gscan validation of the active theme. If no cache is available, it will run a new gscan validation. - Added new permissions for the active action/endpoint (author, editor, administrator)
2023-01-06 15:44:27 +03:00
@service themeManagement;
deps: ember-simple-auth@1.0.0 closes #5951 - update to esa 1.0
2015-10-18 21:17:02 +03:00
Fixed hosting management screen not loading after sign-in process (#15763) refs https://github.com/TryGhost/Team/issues/2110 - dynamically defined properties on the config service did not have autotracking set up properly if they were accessed in any way before the property was defined, this caused problems in a number of areas because we have both "unauthed" and "authed" sets of config and when not logged in we had parts of the app checking for authed config properties that don't exist until after sign-in and subsequent config re-fetch - renamed `config` service to `configManager` and updated to only contain methods for fetching config data - added a `config` instance initializer that sets up a `TrackedObject` instance with some custom properties/methods and registers it on `config:main` - uses application instance initializer rather than a standard initializer because standard initializers are only called once when setting up the test suite so we'd end up with config leaking across tests - added an `@inject` decorator that when used takes the property name and injects whatever is registered at `${propertyName}:main`, this allows us to use dependency injection for any object rather than just services or controllers - using `application.inject()` in the initializer was initially used but that only works for objects that extend from `EmberObject`, the injections weren't available in native-class glimmer components so this decorator keeps the injection syntax consistent - swapped all `@service config` uses to `@inject config`
2022-11-03 14:14:36 +03:00
@inject config;
Made `session.user` a synchronous property rather than a promise no issue Having `session.user` return a promise made dealing with it in components difficult because you always had to remember it returned a promise rather than a model and had to handle the async behaviour. It also meant that you couldn't use any current user properties directly inside getters which made refactors to Glimmer/Octane idioms harder to reason about. `session.user` was a cached computed property so it really made no sense for it to be a promise - it was loaded on first access and then always returned instantly but with a fulfilled promise rather than the underlying model. Refactoring to a synchronous property that is loaded as part of the authentication flows (we load the current user to check that we're logged in - we may as well make use of that!) means one less thing to be aware of/remember and provides a nicer migration process to Glimmer components. As part of the refactor, the auth flows and pre-load of required data across other services was also simplified to make it easier to find and follow. - refactored app setup and `session.user` - added `session.populateUser()` that fetches a user model from the current user endpoint and sets it on `session.user` - removed knowledge of app setup from the `cookie` authenticator and moved it into = `session.postAuthPreparation()`, this means we have the same post-authentication setup no matter which authenticator is used so we have more consistent behaviour in tests which don't use the `cookie` authenticator - switched `session` service to native class syntax to get the expected `super()` behaviour - updated `handleAuthentication()` so it populate's `session.user` and performs post-auth setup before transitioning (handles sign-in after app load) - updated `application` route to remove duplicated knowledge of app preload behaviour that now lives in `session.postAuthPreparation()` (handles already-authed app load) - removed out-of-date attempt at pre-loading data from setup controller as that's now handled automatically via `session.handleAuthentication` - updated app code to not treat `session.user` as a promise - predominant usage was router `beforeModel` hooks that transitioned users without valid permissions, this sets us up for an easier removal of the `current-user-settings` mixin in the future
2021-07-08 16:37:31 +03:00
@tracked user = null;
Synchronous feature service supersedes #6773 - update `feature` service and `gh-feature-flag` component to work synchronously rather than async - use the application route's `afterModel` hook so that settings are loaded before first load - override `session` service's `authenticate` method to load the settings after successful authentication before any other routes are processed
2016-05-05 17:03:09 +03:00
Made `session.user` a synchronous property rather than a promise no issue Having `session.user` return a promise made dealing with it in components difficult because you always had to remember it returned a promise rather than a model and had to handle the async behaviour. It also meant that you couldn't use any current user properties directly inside getters which made refactors to Glimmer/Octane idioms harder to reason about. `session.user` was a cached computed property so it really made no sense for it to be a promise - it was loaded on first access and then always returned instantly but with a fulfilled promise rather than the underlying model. Refactoring to a synchronous property that is loaded as part of the authentication flows (we load the current user to check that we're logged in - we may as well make use of that!) means one less thing to be aware of/remember and provides a nicer migration process to Glimmer components. As part of the refactor, the auth flows and pre-load of required data across other services was also simplified to make it easier to find and follow. - refactored app setup and `session.user` - added `session.populateUser()` that fetches a user model from the current user endpoint and sets it on `session.user` - removed knowledge of app setup from the `cookie` authenticator and moved it into = `session.postAuthPreparation()`, this means we have the same post-authentication setup no matter which authenticator is used so we have more consistent behaviour in tests which don't use the `cookie` authenticator - switched `session` service to native class syntax to get the expected `super()` behaviour - updated `handleAuthentication()` so it populate's `session.user` and performs post-auth setup before transitioning (handles sign-in after app load) - updated `application` route to remove duplicated knowledge of app preload behaviour that now lives in `session.postAuthPreparation()` (handles already-authed app load) - removed out-of-date attempt at pre-loading data from setup controller as that's now handled automatically via `session.handleAuthentication` - updated app code to not treat `session.user` as a promise - predominant usage was router `beforeModel` hooks that transitioned users without valid permissions, this sets us up for an easier removal of the `current-user-settings` mixin in the future
2021-07-08 16:37:31 +03:00
skipAuthSuccessHandler = false;
🐛 Fixed error after logging in from a nested admin URL closes https://github.com/TryGhost/Ghost/issues/10629 - the error was occurring due to `session.user` CP being populated with a rejected promise when attempting to access the first route. The CP has no dependent key so any further attempts to access `session.user` would be rejected - marking the CP as "changed" immediately after logging in means that the next request will create a new promise and successfully fetch the user
2019-03-25 15:58:14 +03:00
Made `session.user` a synchronous property rather than a promise no issue Having `session.user` return a promise made dealing with it in components difficult because you always had to remember it returned a promise rather than a model and had to handle the async behaviour. It also meant that you couldn't use any current user properties directly inside getters which made refactors to Glimmer/Octane idioms harder to reason about. `session.user` was a cached computed property so it really made no sense for it to be a promise - it was loaded on first access and then always returned instantly but with a fulfilled promise rather than the underlying model. Refactoring to a synchronous property that is loaded as part of the authentication flows (we load the current user to check that we're logged in - we may as well make use of that!) means one less thing to be aware of/remember and provides a nicer migration process to Glimmer components. As part of the refactor, the auth flows and pre-load of required data across other services was also simplified to make it easier to find and follow. - refactored app setup and `session.user` - added `session.populateUser()` that fetches a user model from the current user endpoint and sets it on `session.user` - removed knowledge of app setup from the `cookie` authenticator and moved it into = `session.postAuthPreparation()`, this means we have the same post-authentication setup no matter which authenticator is used so we have more consistent behaviour in tests which don't use the `cookie` authenticator - switched `session` service to native class syntax to get the expected `super()` behaviour - updated `handleAuthentication()` so it populate's `session.user` and performs post-auth setup before transitioning (handles sign-in after app load) - updated `application` route to remove duplicated knowledge of app preload behaviour that now lives in `session.postAuthPreparation()` (handles already-authed app load) - removed out-of-date attempt at pre-loading data from setup controller as that's now handled automatically via `session.handleAuthentication` - updated app code to not treat `session.user` as a promise - predominant usage was router `beforeModel` hooks that transitioned users without valid permissions, this sets us up for an easier removal of the `current-user-settings` mixin in the future
2021-07-08 16:37:31 +03:00
async populateUser(options = {}) {
if (this.user) {
return;
}
const id = options.id || 'me';
const user = await this.dataStore.queryRecord('user', {id});
this.user = user;
}
async postAuthPreparation() {
await RSVP.all([
Fixed hosting management screen not loading after sign-in process (#15763) refs https://github.com/TryGhost/Team/issues/2110 - dynamically defined properties on the config service did not have autotracking set up properly if they were accessed in any way before the property was defined, this caused problems in a number of areas because we have both "unauthed" and "authed" sets of config and when not logged in we had parts of the app checking for authed config properties that don't exist until after sign-in and subsequent config re-fetch - renamed `config` service to `configManager` and updated to only contain methods for fetching config data - added a `config` instance initializer that sets up a `TrackedObject` instance with some custom properties/methods and registers it on `config:main` - uses application instance initializer rather than a standard initializer because standard initializers are only called once when setting up the test suite so we'd end up with config leaking across tests - added an `@inject` decorator that when used takes the property name and injects whatever is registered at `${propertyName}:main`, this allows us to use dependency injection for any object rather than just services or controllers - using `application.inject()` in the initializer was initially used but that only works for objects that extend from `EmberObject`, the injections weren't available in native-class glimmer components so this decorator keeps the injection syntax consistent - swapped all `@service config` uses to `@inject config`
2022-11-03 14:14:36 +03:00
this.configManager.fetchAuthenticated(),
Made `session.user` a synchronous property rather than a promise no issue Having `session.user` return a promise made dealing with it in components difficult because you always had to remember it returned a promise rather than a model and had to handle the async behaviour. It also meant that you couldn't use any current user properties directly inside getters which made refactors to Glimmer/Octane idioms harder to reason about. `session.user` was a cached computed property so it really made no sense for it to be a promise - it was loaded on first access and then always returned instantly but with a fulfilled promise rather than the underlying model. Refactoring to a synchronous property that is loaded as part of the authentication flows (we load the current user to check that we're logged in - we may as well make use of that!) means one less thing to be aware of/remember and provides a nicer migration process to Glimmer components. As part of the refactor, the auth flows and pre-load of required data across other services was also simplified to make it easier to find and follow. - refactored app setup and `session.user` - added `session.populateUser()` that fetches a user model from the current user endpoint and sets it on `session.user` - removed knowledge of app setup from the `cookie` authenticator and moved it into = `session.postAuthPreparation()`, this means we have the same post-authentication setup no matter which authenticator is used so we have more consistent behaviour in tests which don't use the `cookie` authenticator - switched `session` service to native class syntax to get the expected `super()` behaviour - updated `handleAuthentication()` so it populate's `session.user` and performs post-auth setup before transitioning (handles sign-in after app load) - updated `application` route to remove duplicated knowledge of app preload behaviour that now lives in `session.postAuthPreparation()` (handles already-authed app load) - removed out-of-date attempt at pre-loading data from setup controller as that's now handled automatically via `session.handleAuthentication` - updated app code to not treat `session.user` as a promise - predominant usage was router `beforeModel` hooks that transitioned users without valid permissions, this sets us up for an easier removal of the `current-user-settings` mixin in the future
2021-07-08 16:37:31 +03:00
this.feature.fetch(),
Added linking between member and subscription created events (#15693) fixes https://github.com/TryGhost/Team/issues/2160 - Adds a `batch_id` to both events that contain the same ID if they were created at the same time. - Removes duplicate signup/conversion events using the batch_id - Requires an update in mongo-knex to work (refs https://ghost.slack.com/archives/C02G9E68C/p1666773313272409?thread_ts=1666767872.375009&cid=C02G9E68C) - Some dependencies needed an update to load the latest mongo-knex - Added tiers to membersUtils, loaded on startup (we can start to use this instead of fetching it every time)
2022-10-27 12:44:19 +03:00
this.settings.fetch(),
this.membersUtils.fetch()
Made `session.user` a synchronous property rather than a promise no issue Having `session.user` return a promise made dealing with it in components difficult because you always had to remember it returned a promise rather than a model and had to handle the async behaviour. It also meant that you couldn't use any current user properties directly inside getters which made refactors to Glimmer/Octane idioms harder to reason about. `session.user` was a cached computed property so it really made no sense for it to be a promise - it was loaded on first access and then always returned instantly but with a fulfilled promise rather than the underlying model. Refactoring to a synchronous property that is loaded as part of the authentication flows (we load the current user to check that we're logged in - we may as well make use of that!) means one less thing to be aware of/remember and provides a nicer migration process to Glimmer components. As part of the refactor, the auth flows and pre-load of required data across other services was also simplified to make it easier to find and follow. - refactored app setup and `session.user` - added `session.populateUser()` that fetches a user model from the current user endpoint and sets it on `session.user` - removed knowledge of app setup from the `cookie` authenticator and moved it into = `session.postAuthPreparation()`, this means we have the same post-authentication setup no matter which authenticator is used so we have more consistent behaviour in tests which don't use the `cookie` authenticator - switched `session` service to native class syntax to get the expected `super()` behaviour - updated `handleAuthentication()` so it populate's `session.user` and performs post-auth setup before transitioning (handles sign-in after app load) - updated `application` route to remove duplicated knowledge of app preload behaviour that now lives in `session.postAuthPreparation()` (handles already-authed app load) - removed out-of-date attempt at pre-loading data from setup controller as that's now handled automatically via `session.handleAuthentication` - updated app code to not treat `session.user` as a promise - predominant usage was router `beforeModel` hooks that transitioned users without valid permissions, this sets us up for an easier removal of the `current-user-settings` mixin in the future
2021-07-08 16:37:31 +03:00
]);
🐛 Fixed login problems in Safari on private sites that have front-end/admin on different domains no issue - if the automatic private site login fails during post-auth setup, don't fully error because that will block Admin from loading properly - the automatic login is a nice-to-have and making it look like it worked won't break anything that wouldn't already be broken when the browser is blocking x-domain requests
2021-11-09 18:38:48 +03:00
Added PostHog identify calls in admin using hashed email address of user (#19685) refs PA-24 - Added PostHog identify() calls using the user's hashed email address when a user is logged into admin - Added PostHog reset() calls to reset PostHog's distinct_id when a user logs out of admin - These events will only be sent in Admin running on Ghost(Pro), and won't impact self-hosted instances.
2024-02-14 00:23:03 +03:00
// Identify the user to our analytics service upon successful login
await identifyUser(this.user);
Added visible theme errors in admin (#16081) refs https://github.com/TryGhost/Team/issues/2393 - During boot and loading the active theme, we now cache the result of the gscan validation. Cache configuration can happen in `adapters.cache.gscan` - We now also return non-fatal errors when activating or adding a theme. - When the `themeErrorsNotification` feature flag is on, we fetch the active theme (which includes the validation information) when loading admin - If the currently active theme has errors, we show an error notification that can open the error modal - Added a new endpoint: `/ghost/api/admin/themes/active/` that returns the result of the last gscan validation of the active theme. If no cache is available, it will run a new gscan validation. - Added new permissions for the active action/endpoint (author, editor, administrator)
2023-01-06 15:44:27 +03:00
// Theme management requires features to be loaded
this.themeManagement.fetch().catch(console.error); // eslint-disable-line no-console
🐛 Fixed settings previews not working in private site mode (#2128) closes https://github.com/TryGhost/Team/issues/1161 - when a site is in private mode, design previews, the portal previews on membership, customize portal and offer pages were unable to load. - For design and theme previews, the request to fetch preview data was failing due to cors and cookie not attached when admin and frontend have split urls. - For portal and offer previews, there was no authentication done on private site before load, so if user opened the pages directly on them it failed to load the site. - this change adds a new service that authenticates private site from admin as soon as user session is loaded, so previews on settings will always find the authenticated session for private sites and load correctly. - it also updates fetch method for previews to include credentials so they are always able to fetch the site data after login - removes authentication from site route since that was done as its now centrally taken care of by the frontend service
2021-10-28 15:59:41 +03:00
await this.frontend.loginIfNeeded();
🐛 Fixed login problems in Safari on private sites that have front-end/admin on different domains no issue - if the automatic private site login fails during post-auth setup, don't fully error because that will block Admin from loading properly - the automatic login is a nice-to-have and making it look like it worked won't break anything that wouldn't already be broken when the browser is blocking x-domain requests
2021-11-09 18:38:48 +03:00
Made `session.user` a synchronous property rather than a promise no issue Having `session.user` return a promise made dealing with it in components difficult because you always had to remember it returned a promise rather than a model and had to handle the async behaviour. It also meant that you couldn't use any current user properties directly inside getters which made refactors to Glimmer/Octane idioms harder to reason about. `session.user` was a cached computed property so it really made no sense for it to be a promise - it was loaded on first access and then always returned instantly but with a fulfilled promise rather than the underlying model. Refactoring to a synchronous property that is loaded as part of the authentication flows (we load the current user to check that we're logged in - we may as well make use of that!) means one less thing to be aware of/remember and provides a nicer migration process to Glimmer components. As part of the refactor, the auth flows and pre-load of required data across other services was also simplified to make it easier to find and follow. - refactored app setup and `session.user` - added `session.populateUser()` that fetches a user model from the current user endpoint and sets it on `session.user` - removed knowledge of app setup from the `cookie` authenticator and moved it into = `session.postAuthPreparation()`, this means we have the same post-authentication setup no matter which authenticator is used so we have more consistent behaviour in tests which don't use the `cookie` authenticator - switched `session` service to native class syntax to get the expected `super()` behaviour - updated `handleAuthentication()` so it populate's `session.user` and performs post-auth setup before transitioning (handles sign-in after app load) - updated `application` route to remove duplicated knowledge of app preload behaviour that now lives in `session.postAuthPreparation()` (handles already-authed app load) - removed out-of-date attempt at pre-loading data from setup controller as that's now handled automatically via `session.handleAuthentication` - updated app code to not treat `session.user` as a promise - predominant usage was router `beforeModel` hooks that transitioned users without valid permissions, this sets us up for an easier removal of the `current-user-settings` mixin in the future
2021-07-08 16:37:31 +03:00
// update Sentry with the full Ghost version which we only get after authentication
Removed need for `.get()` with config service no issue The `config` service has been a source of confusion when writing with modern Ember patterns because it's use of the deprecated `ProxyMixin` forced all property access/setting to go via `.get()` and `.set()` whereas the rest of the system has mostly (there are a few other uses of ProxyObjects remaining) eliminated the use of the non-native get/set methods. - removed use of `ProxyMixin` in the `config` service by grabbing the API response after fetching and using `Object.defineProperty()` to add native getters/setters that pass through to a tracked object holding the API response data. Ember's autotracking automatically works across the native getters/setters so we can then use the service as if it was any other native object - updated all code to use `config.{attrName}` directly for getting/setting instead of `.get()` and `.set()` - removed unnecessary async around `config.availableTimezones` which wasn't making any async calls
2022-10-07 17:24:03 +03:00
if (this.config.sentry_dsn) {
Made `session.user` a synchronous property rather than a promise no issue Having `session.user` return a promise made dealing with it in components difficult because you always had to remember it returned a promise rather than a model and had to handle the async behaviour. It also meant that you couldn't use any current user properties directly inside getters which made refactors to Glimmer/Octane idioms harder to reason about. `session.user` was a cached computed property so it really made no sense for it to be a promise - it was loaded on first access and then always returned instantly but with a fulfilled promise rather than the underlying model. Refactoring to a synchronous property that is loaded as part of the authentication flows (we load the current user to check that we're logged in - we may as well make use of that!) means one less thing to be aware of/remember and provides a nicer migration process to Glimmer components. As part of the refactor, the auth flows and pre-load of required data across other services was also simplified to make it easier to find and follow. - refactored app setup and `session.user` - added `session.populateUser()` that fetches a user model from the current user endpoint and sets it on `session.user` - removed knowledge of app setup from the `cookie` authenticator and moved it into = `session.postAuthPreparation()`, this means we have the same post-authentication setup no matter which authenticator is used so we have more consistent behaviour in tests which don't use the `cookie` authenticator - switched `session` service to native class syntax to get the expected `super()` behaviour - updated `handleAuthentication()` so it populate's `session.user` and performs post-auth setup before transitioning (handles sign-in after app load) - updated `application` route to remove duplicated knowledge of app preload behaviour that now lives in `session.postAuthPreparation()` (handles already-authed app load) - removed out-of-date attempt at pre-loading data from setup controller as that's now handled automatically via `session.handleAuthentication` - updated app code to not treat `session.user` as a promise - predominant usage was router `beforeModel` hooks that transitioned users without valid permissions, this sets us up for an easier removal of the `current-user-settings` mixin in the future
2021-07-08 16:37:31 +03:00
configureScope((scope) => {
scope.addEventProcessor((event) => {
return new Promise((resolve) => {
resolve({
...event,
Added user role to captured Sentry data closes https://github.com/TryGhost/Team/issues/2241 - as part of the authenticated application setup, update the captured Sentry data with the user role - helps narrow things down when we see permission errors pop up due to requests being made for endpoints that the current user doesn't have permission to access
2022-12-05 20:15:49 +03:00
release: `ghost@${this.config.version}`,
Fixed reporting a user's role to Sentry from Admin (#18747) refs TryGhost/Product#4064 - In Sentry we were seeing the error "Discarded unknown attribute 'user.role'" for most events sent from admin - This small change removes this error in Sentry and restores the user.role tag for error events in admin
2023-10-25 06:32:05 +03:00
user: {
role: this.user.role.name
}
Made `session.user` a synchronous property rather than a promise no issue Having `session.user` return a promise made dealing with it in components difficult because you always had to remember it returned a promise rather than a model and had to handle the async behaviour. It also meant that you couldn't use any current user properties directly inside getters which made refactors to Glimmer/Octane idioms harder to reason about. `session.user` was a cached computed property so it really made no sense for it to be a promise - it was loaded on first access and then always returned instantly but with a fulfilled promise rather than the underlying model. Refactoring to a synchronous property that is loaded as part of the authentication flows (we load the current user to check that we're logged in - we may as well make use of that!) means one less thing to be aware of/remember and provides a nicer migration process to Glimmer components. As part of the refactor, the auth flows and pre-load of required data across other services was also simplified to make it easier to find and follow. - refactored app setup and `session.user` - added `session.populateUser()` that fetches a user model from the current user endpoint and sets it on `session.user` - removed knowledge of app setup from the `cookie` authenticator and moved it into = `session.postAuthPreparation()`, this means we have the same post-authentication setup no matter which authenticator is used so we have more consistent behaviour in tests which don't use the `cookie` authenticator - switched `session` service to native class syntax to get the expected `super()` behaviour - updated `handleAuthentication()` so it populate's `session.user` and performs post-auth setup before transitioning (handles sign-in after app load) - updated `application` route to remove duplicated knowledge of app preload behaviour that now lives in `session.postAuthPreparation()` (handles already-authed app load) - removed out-of-date attempt at pre-loading data from setup controller as that's now handled automatically via `session.handleAuthentication` - updated app code to not treat `session.user` as a promise - predominant usage was router `beforeModel` hooks that transitioned users without valid permissions, this sets us up for an easier removal of the `current-user-settings` mixin in the future
2021-07-08 16:37:31 +03:00
});
});
});
});
}
this.loadServerNotifications();
this.whatsNew.fetchLatest.perform();
Added pre-emptive fetch of editor module after logging in to Admin no issue Reduces likelihood of seeing the "Loading editor..." state when accessing the editor by fetching the editor module in the background after login. - added `koenig` service - `.resource` getter for returning a React suspense resource object to reduce duplication across main editor and HTML input components - `.fetch()` method that fetches the Koenig module, avoids concurrent or repeated fetches by utilising an internal `._fetchTask` ember-concurrency task - updated Koenig components to use the `koenig` service and associated resource for fetching the module - required setting up `editorResource` inside the component's class and passing it in as a prop to the suspense-aware components as we need access to Ember's dependency injection available in the class - added `koenig.fetch()` call to our post-login code in the `session` service so the fetch is started before the editor is accessed
2023-10-04 19:36:24 +03:00
// pre-emptively load editor code in the background to avoid loading state when opening editor
this.koenig.fetch();
Made `session.user` a synchronous property rather than a promise no issue Having `session.user` return a promise made dealing with it in components difficult because you always had to remember it returned a promise rather than a model and had to handle the async behaviour. It also meant that you couldn't use any current user properties directly inside getters which made refactors to Glimmer/Octane idioms harder to reason about. `session.user` was a cached computed property so it really made no sense for it to be a promise - it was loaded on first access and then always returned instantly but with a fulfilled promise rather than the underlying model. Refactoring to a synchronous property that is loaded as part of the authentication flows (we load the current user to check that we're logged in - we may as well make use of that!) means one less thing to be aware of/remember and provides a nicer migration process to Glimmer components. As part of the refactor, the auth flows and pre-load of required data across other services was also simplified to make it easier to find and follow. - refactored app setup and `session.user` - added `session.populateUser()` that fetches a user model from the current user endpoint and sets it on `session.user` - removed knowledge of app setup from the `cookie` authenticator and moved it into = `session.postAuthPreparation()`, this means we have the same post-authentication setup no matter which authenticator is used so we have more consistent behaviour in tests which don't use the `cookie` authenticator - switched `session` service to native class syntax to get the expected `super()` behaviour - updated `handleAuthentication()` so it populate's `session.user` and performs post-auth setup before transitioning (handles sign-in after app load) - updated `application` route to remove duplicated knowledge of app preload behaviour that now lives in `session.postAuthPreparation()` (handles already-authed app load) - removed out-of-date attempt at pre-loading data from setup controller as that's now handled automatically via `session.handleAuthentication` - updated app code to not treat `session.user` as a promise - predominant usage was router `beforeModel` hooks that transitioned users without valid permissions, this sets us up for an easier removal of the `current-user-settings` mixin in the future
2021-07-08 16:37:31 +03:00
}
async handleAuthentication() {
Improved authentication timing in setup flow https://github.com/TryGhost/Admin/pull/2286 - `session.authenticate()` returns from it's promise as soon as the authenticate request is completed but it was assumed that it returned after the `session.handleAuthentication()` promise was also completed. A side-effect of that was that depending on network timing, the setup flow could transition to the dashboard before we had loaded all of the necessary user, config, and settings requests - normally that's not a problem because `handleAuthentication()` kicks off a transition once authentication is fully complete, in the setup flow we're handling the transition manually so need a way to manage the full async flow from outside of the session service - it didn't show up as a problem previously because the setup flow transitioned to a third setup screen that didn't require all of the post-auth data to exist - moved the async parts of `session.handleAuthentication()` into a task and updated to return the currently running task instance if one was already running - lets code that is relying on the full authentication flow to have completed call `await this.session.handleAuthentication()` without causing a double-load of the post-auth API requests - updated setup flow - removed manual `session.populateUser()` call as that was a workaround for the async timing issue and caused a double-fetch of the current user API endpoint - added an `await this.session.handleAuthentication()` call to the manual post-auth handler so we don't transition until the full auth flow is complete
2022-03-10 14:53:30 +03:00
if (this.handleAuthenticationTask.isRunning) {
return this.handleAuthenticationTask.last;
Fixed more tests refs https://github.com/TryGhost/Admin/commit/8630be5a8775177b815bbc68becb760b36fafcac - referenced commit skipped current user and proxy service population when `skipAuthSuccessHandler` was set but the population is needed during setup - `skipAuthSuccessHandler` is used for skipping the post-authentication transition rather than skipping all post-auth behaviour so the the post-auth behaviour was reintroduced but put in a guard so we don't try to do it again when it's already been run
2021-07-14 15:15:59 +03:00
}
Improved authentication timing in setup flow https://github.com/TryGhost/Admin/pull/2286 - `session.authenticate()` returns from it's promise as soon as the authenticate request is completed but it was assumed that it returned after the `session.handleAuthentication()` promise was also completed. A side-effect of that was that depending on network timing, the setup flow could transition to the dashboard before we had loaded all of the necessary user, config, and settings requests - normally that's not a problem because `handleAuthentication()` kicks off a transition once authentication is fully complete, in the setup flow we're handling the transition manually so need a way to manage the full async flow from outside of the session service - it didn't show up as a problem previously because the setup flow transitioned to a third setup screen that didn't require all of the post-auth data to exist - moved the async parts of `session.handleAuthentication()` into a task and updated to return the currently running task instance if one was already running - lets code that is relying on the full authentication flow to have completed call `await this.session.handleAuthentication()` without causing a double-load of the post-auth API requests - updated setup flow - removed manual `session.populateUser()` call as that was a workaround for the async timing issue and caused a double-fetch of the current user API endpoint - added an `await this.session.handleAuthentication()` call to the manual post-auth handler so we don't transition until the full auth flow is complete
2022-03-10 14:53:30 +03:00
return this.handleAuthenticationTask.perform(() => {
if (this.skipAuthSuccessHandler) {
this.skipAuthSuccessHandler = false;
return;
}
🐛 Fixed re-authenticate modal not showing when saving in editor closes https://github.com/TryGhost/Team/issues/865 Ghost now returns a forbidden error rather than an unauthorized error when saving whilst logged out so the session invalidation was not being triggered. - added forbidden check to ajax service to trigger session invalidation - added automatic retry of save in editor when re-authenticating - fixed re-population of user and proxy services when re-authenticating, it's not needed at that point because nothing has been cleared
2021-07-14 14:27:51 +03:00
Improved authentication timing in setup flow https://github.com/TryGhost/Admin/pull/2286 - `session.authenticate()` returns from it's promise as soon as the authenticate request is completed but it was assumed that it returned after the `session.handleAuthentication()` promise was also completed. A side-effect of that was that depending on network timing, the setup flow could transition to the dashboard before we had loaded all of the necessary user, config, and settings requests - normally that's not a problem because `handleAuthentication()` kicks off a transition once authentication is fully complete, in the setup flow we're handling the transition manually so need a way to manage the full async flow from outside of the session service - it didn't show up as a problem previously because the setup flow transitioned to a third setup screen that didn't require all of the post-auth data to exist - moved the async parts of `session.handleAuthentication()` into a task and updated to return the currently running task instance if one was already running - lets code that is relying on the full authentication flow to have completed call `await this.session.handleAuthentication()` without causing a double-load of the post-auth API requests - updated setup flow - removed manual `session.populateUser()` call as that was a workaround for the async timing issue and caused a double-fetch of the current user API endpoint - added an `await this.session.handleAuthentication()` call to the manual post-auth handler so we don't transition until the full auth flow is complete
2022-03-10 14:53:30 +03:00
super.handleAuthentication('home');
});
Made `session.user` a synchronous property rather than a promise no issue Having `session.user` return a promise made dealing with it in components difficult because you always had to remember it returned a promise rather than a model and had to handle the async behaviour. It also meant that you couldn't use any current user properties directly inside getters which made refactors to Glimmer/Octane idioms harder to reason about. `session.user` was a cached computed property so it really made no sense for it to be a promise - it was loaded on first access and then always returned instantly but with a fulfilled promise rather than the underlying model. Refactoring to a synchronous property that is loaded as part of the authentication flows (we load the current user to check that we're logged in - we may as well make use of that!) means one less thing to be aware of/remember and provides a nicer migration process to Glimmer components. As part of the refactor, the auth flows and pre-load of required data across other services was also simplified to make it easier to find and follow. - refactored app setup and `session.user` - added `session.populateUser()` that fetches a user model from the current user endpoint and sets it on `session.user` - removed knowledge of app setup from the `cookie` authenticator and moved it into = `session.postAuthPreparation()`, this means we have the same post-authentication setup no matter which authenticator is used so we have more consistent behaviour in tests which don't use the `cookie` authenticator - switched `session` service to native class syntax to get the expected `super()` behaviour - updated `handleAuthentication()` so it populate's `session.user` and performs post-auth setup before transitioning (handles sign-in after app load) - updated `application` route to remove duplicated knowledge of app preload behaviour that now lives in `session.postAuthPreparation()` (handles already-authed app load) - removed out-of-date attempt at pre-loading data from setup controller as that's now handled automatically via `session.handleAuthentication` - updated app code to not treat `session.user` as a promise - predominant usage was router `beforeModel` hooks that transitioned users without valid permissions, this sets us up for an easier removal of the `current-user-settings` mixin in the future
2021-07-08 16:37:31 +03:00
}
Removed usage of deprecated EmberSimpleAuth mixins (#1910) refs https://github.com/TryGhost/Admin/pull/1901 Ember has deprecated mixins in preparation for 4.0 and `ember-simple-auth` has now done the same in 3.1.0. - removed all imports of Ember Simple Auth mixins - moved authenticated and invalidated handling from application route to session service - moved server-notification loading from application route to session service - updated `AuthenticatedRoute` to use the session service directly rather than authenticated route mixin - added `UnauthenticatedRoute` that incorporates the behaviour from our overridden `UnauthenticatedRouteMixin` and switches to using the session service directly
2021-04-12 15:21:57 +03:00
🐛 Fixed redirect to signin modal not shown when logged out (#15522) fixes: https://github.com/TryGhost/Ghost/issues/15291 - An attempt to improve re-authenticate modal toggle - show re-authenticate modal every time user save (ctrl/cmd + s) - An attempt to fix redirection when user re-login on different tab. Prevent redirection to sign-in page since the user already logged in on another tab. - Re-enable `editor` test on `authentication-test.js`
2022-10-21 23:03:12 +03:00
/**
* Always try to re-setup session & retry the original transition
* if user data is still available in session store although the
* ember-session is unauthenticated.
*
* If success, it will retry the original transition.
* If failed, it will be handled by the redirect to sign in.
*/
async requireAuthentication(transition, route) {
Added PostHog identify calls in admin using hashed email address of user (#19685) refs PA-24 - Added PostHog identify() calls using the user's hashed email address when a user is logged into admin - Added PostHog reset() calls to reset PostHog's distinct_id when a user logs out of admin - These events will only be sent in Admin running on Ghost(Pro), and won't impact self-hosted instances.
2024-02-14 00:23:03 +03:00
if (this.isAuthenticated && this.user) {
identifyUser(this.user);
}
🐛 Fixed redirect to signin modal not shown when logged out (#15522) fixes: https://github.com/TryGhost/Ghost/issues/15291 - An attempt to improve re-authenticate modal toggle - show re-authenticate modal every time user save (ctrl/cmd + s) - An attempt to fix redirection when user re-login on different tab. Prevent redirection to sign-in page since the user already logged in on another tab. - Re-enable `editor` test on `authentication-test.js`
2022-10-21 23:03:12 +03:00
// Only when ember session invalidated
if (!this.isAuthenticated) {
transition.abort();
if (this.user) {
await this.setup();
Added PostHog identify calls in admin using hashed email address of user (#19685) refs PA-24 - Added PostHog identify() calls using the user's hashed email address when a user is logged into admin - Added PostHog reset() calls to reset PostHog's distinct_id when a user logs out of admin - These events will only be sent in Admin running on Ghost(Pro), and won't impact self-hosted instances.
2024-02-14 00:23:03 +03:00
identifyUser(this.user);
🐛 Fixed redirect to signin modal not shown when logged out (#15522) fixes: https://github.com/TryGhost/Ghost/issues/15291 - An attempt to improve re-authenticate modal toggle - show re-authenticate modal every time user save (ctrl/cmd + s) - An attempt to fix redirection when user re-login on different tab. Prevent redirection to sign-in page since the user already logged in on another tab. - Re-enable `editor` test on `authentication-test.js`
2022-10-21 23:03:12 +03:00
this.notifications.clearAll();
transition.retry();
}
}
super.requireAuthentication(transition, route);
}
Removed usage of deprecated EmberSimpleAuth mixins (#1910) refs https://github.com/TryGhost/Admin/pull/1901 Ember has deprecated mixins in preparation for 4.0 and `ember-simple-auth` has now done the same in 3.1.0. - removed all imports of Ember Simple Auth mixins - moved authenticated and invalidated handling from application route to session service - moved server-notification loading from application route to session service - updated `AuthenticatedRoute` to use the session service directly rather than authenticated route mixin - added `UnauthenticatedRoute` that incorporates the behaviour from our overridden `UnauthenticatedRouteMixin` and switches to using the session service directly
2021-04-12 15:21:57 +03:00
handleInvalidation() {
let transition = this.appLoadTransition;
Added PostHog identify calls in admin using hashed email address of user (#19685) refs PA-24 - Added PostHog identify() calls using the user's hashed email address when a user is logged into admin - Added PostHog reset() calls to reset PostHog's distinct_id when a user logs out of admin - These events will only be sent in Admin running on Ghost(Pro), and won't impact self-hosted instances.
2024-02-14 00:23:03 +03:00
// Reset the PostHog user when the session is invalidated (e.g. signout, token expiry, etc.)
resetUser();
Removed usage of deprecated EmberSimpleAuth mixins (#1910) refs https://github.com/TryGhost/Admin/pull/1901 Ember has deprecated mixins in preparation for 4.0 and `ember-simple-auth` has now done the same in 3.1.0. - removed all imports of Ember Simple Auth mixins - moved authenticated and invalidated handling from application route to session service - moved server-notification loading from application route to session service - updated `AuthenticatedRoute` to use the session service directly rather than authenticated route mixin - added `UnauthenticatedRoute` that incorporates the behaviour from our overridden `UnauthenticatedRouteMixin` and switches to using the session service directly
2021-04-12 15:21:57 +03:00
if (transition) {
transition.send('authorizationFailed');
} else {
run.scheduleOnce('routerTransitions', this, 'triggerAuthorizationFailed');
}
Made `session.user` a synchronous property rather than a promise no issue Having `session.user` return a promise made dealing with it in components difficult because you always had to remember it returned a promise rather than a model and had to handle the async behaviour. It also meant that you couldn't use any current user properties directly inside getters which made refactors to Glimmer/Octane idioms harder to reason about. `session.user` was a cached computed property so it really made no sense for it to be a promise - it was loaded on first access and then always returned instantly but with a fulfilled promise rather than the underlying model. Refactoring to a synchronous property that is loaded as part of the authentication flows (we load the current user to check that we're logged in - we may as well make use of that!) means one less thing to be aware of/remember and provides a nicer migration process to Glimmer components. As part of the refactor, the auth flows and pre-load of required data across other services was also simplified to make it easier to find and follow. - refactored app setup and `session.user` - added `session.populateUser()` that fetches a user model from the current user endpoint and sets it on `session.user` - removed knowledge of app setup from the `cookie` authenticator and moved it into = `session.postAuthPreparation()`, this means we have the same post-authentication setup no matter which authenticator is used so we have more consistent behaviour in tests which don't use the `cookie` authenticator - switched `session` service to native class syntax to get the expected `super()` behaviour - updated `handleAuthentication()` so it populate's `session.user` and performs post-auth setup before transitioning (handles sign-in after app load) - updated `application` route to remove duplicated knowledge of app preload behaviour that now lives in `session.postAuthPreparation()` (handles already-authed app load) - removed out-of-date attempt at pre-loading data from setup controller as that's now handled automatically via `session.handleAuthentication` - updated app code to not treat `session.user` as a promise - predominant usage was router `beforeModel` hooks that transitioned users without valid permissions, this sets us up for an easier removal of the `current-user-settings` mixin in the future
2021-07-08 16:37:31 +03:00
}
Removed usage of deprecated EmberSimpleAuth mixins (#1910) refs https://github.com/TryGhost/Admin/pull/1901 Ember has deprecated mixins in preparation for 4.0 and `ember-simple-auth` has now done the same in 3.1.0. - removed all imports of Ember Simple Auth mixins - moved authenticated and invalidated handling from application route to session service - moved server-notification loading from application route to session service - updated `AuthenticatedRoute` to use the session service directly rather than authenticated route mixin - added `UnauthenticatedRoute` that incorporates the behaviour from our overridden `UnauthenticatedRouteMixin` and switches to using the session service directly
2021-04-12 15:21:57 +03:00
// TODO: this feels hacky, find a better way than using .send
triggerAuthorizationFailed() {
Fixed hosting management screen not loading after sign-in process (#15763) refs https://github.com/TryGhost/Team/issues/2110 - dynamically defined properties on the config service did not have autotracking set up properly if they were accessed in any way before the property was defined, this caused problems in a number of areas because we have both "unauthed" and "authed" sets of config and when not logged in we had parts of the app checking for authed config properties that don't exist until after sign-in and subsequent config re-fetch - renamed `config` service to `configManager` and updated to only contain methods for fetching config data - added a `config` instance initializer that sets up a `TrackedObject` instance with some custom properties/methods and registers it on `config:main` - uses application instance initializer rather than a standard initializer because standard initializers are only called once when setting up the test suite so we'd end up with config leaking across tests - added an `@inject` decorator that when used takes the property name and injects whatever is registered at `${propertyName}:main`, this allows us to use dependency injection for any object rather than just services or controllers - using `application.inject()` in the initializer was initially used but that only works for objects that extend from `EmberObject`, the injections weren't available in native-class glimmer components so this decorator keeps the injection syntax consistent - swapped all `@service config` uses to `@inject config`
2022-11-03 14:14:36 +03:00
getOwner(this).lookup(`route:${this.router.currentRouteName}`)?.send('authorizationFailed');
Made `session.user` a synchronous property rather than a promise no issue Having `session.user` return a promise made dealing with it in components difficult because you always had to remember it returned a promise rather than a model and had to handle the async behaviour. It also meant that you couldn't use any current user properties directly inside getters which made refactors to Glimmer/Octane idioms harder to reason about. `session.user` was a cached computed property so it really made no sense for it to be a promise - it was loaded on first access and then always returned instantly but with a fulfilled promise rather than the underlying model. Refactoring to a synchronous property that is loaded as part of the authentication flows (we load the current user to check that we're logged in - we may as well make use of that!) means one less thing to be aware of/remember and provides a nicer migration process to Glimmer components. As part of the refactor, the auth flows and pre-load of required data across other services was also simplified to make it easier to find and follow. - refactored app setup and `session.user` - added `session.populateUser()` that fetches a user model from the current user endpoint and sets it on `session.user` - removed knowledge of app setup from the `cookie` authenticator and moved it into = `session.postAuthPreparation()`, this means we have the same post-authentication setup no matter which authenticator is used so we have more consistent behaviour in tests which don't use the `cookie` authenticator - switched `session` service to native class syntax to get the expected `super()` behaviour - updated `handleAuthentication()` so it populate's `session.user` and performs post-auth setup before transitioning (handles sign-in after app load) - updated `application` route to remove duplicated knowledge of app preload behaviour that now lives in `session.postAuthPreparation()` (handles already-authed app load) - removed out-of-date attempt at pre-loading data from setup controller as that's now handled automatically via `session.handleAuthentication` - updated app code to not treat `session.user` as a promise - predominant usage was router `beforeModel` hooks that transitioned users without valid permissions, this sets us up for an easier removal of the `current-user-settings` mixin in the future
2021-07-08 16:37:31 +03:00
}
Removed usage of deprecated EmberSimpleAuth mixins (#1910) refs https://github.com/TryGhost/Admin/pull/1901 Ember has deprecated mixins in preparation for 4.0 and `ember-simple-auth` has now done the same in 3.1.0. - removed all imports of Ember Simple Auth mixins - moved authenticated and invalidated handling from application route to session service - moved server-notification loading from application route to session service - updated `AuthenticatedRoute` to use the session service directly rather than authenticated route mixin - added `UnauthenticatedRoute` that incorporates the behaviour from our overridden `UnauthenticatedRouteMixin` and switches to using the session service directly
2021-04-12 15:21:57 +03:00
loadServerNotifications() {
if (this.isAuthenticated) {
Made `session.user` a synchronous property rather than a promise no issue Having `session.user` return a promise made dealing with it in components difficult because you always had to remember it returned a promise rather than a model and had to handle the async behaviour. It also meant that you couldn't use any current user properties directly inside getters which made refactors to Glimmer/Octane idioms harder to reason about. `session.user` was a cached computed property so it really made no sense for it to be a promise - it was loaded on first access and then always returned instantly but with a fulfilled promise rather than the underlying model. Refactoring to a synchronous property that is loaded as part of the authentication flows (we load the current user to check that we're logged in - we may as well make use of that!) means one less thing to be aware of/remember and provides a nicer migration process to Glimmer components. As part of the refactor, the auth flows and pre-load of required data across other services was also simplified to make it easier to find and follow. - refactored app setup and `session.user` - added `session.populateUser()` that fetches a user model from the current user endpoint and sets it on `session.user` - removed knowledge of app setup from the `cookie` authenticator and moved it into = `session.postAuthPreparation()`, this means we have the same post-authentication setup no matter which authenticator is used so we have more consistent behaviour in tests which don't use the `cookie` authenticator - switched `session` service to native class syntax to get the expected `super()` behaviour - updated `handleAuthentication()` so it populate's `session.user` and performs post-auth setup before transitioning (handles sign-in after app load) - updated `application` route to remove duplicated knowledge of app preload behaviour that now lives in `session.postAuthPreparation()` (handles already-authed app load) - removed out-of-date attempt at pre-loading data from setup controller as that's now handled automatically via `session.handleAuthentication` - updated app code to not treat `session.user` as a promise - predominant usage was router `beforeModel` hooks that transitioned users without valid permissions, this sets us up for an easier removal of the `current-user-settings` mixin in the future
2021-07-08 16:37:31 +03:00
if (!this.user.isAuthorOrContributor) {
this.dataStore.findAll('notification', {reload: true}).then((serverNotifications) => {
serverNotifications.forEach((notification) => {
if (notification.top || notification.custom) {
this.notifications.handleNotification(notification);
} else {
this.upgradeStatus.handleUpgradeNotification(notification);
}
Removed usage of deprecated EmberSimpleAuth mixins (#1910) refs https://github.com/TryGhost/Admin/pull/1901 Ember has deprecated mixins in preparation for 4.0 and `ember-simple-auth` has now done the same in 3.1.0. - removed all imports of Ember Simple Auth mixins - moved authenticated and invalidated handling from application route to session service - moved server-notification loading from application route to session service - updated `AuthenticatedRoute` to use the session service directly rather than authenticated route mixin - added `UnauthenticatedRoute` that incorporates the behaviour from our overridden `UnauthenticatedRouteMixin` and switches to using the session service directly
2021-04-12 15:21:57 +03:00
});
Made `session.user` a synchronous property rather than a promise no issue Having `session.user` return a promise made dealing with it in components difficult because you always had to remember it returned a promise rather than a model and had to handle the async behaviour. It also meant that you couldn't use any current user properties directly inside getters which made refactors to Glimmer/Octane idioms harder to reason about. `session.user` was a cached computed property so it really made no sense for it to be a promise - it was loaded on first access and then always returned instantly but with a fulfilled promise rather than the underlying model. Refactoring to a synchronous property that is loaded as part of the authentication flows (we load the current user to check that we're logged in - we may as well make use of that!) means one less thing to be aware of/remember and provides a nicer migration process to Glimmer components. As part of the refactor, the auth flows and pre-load of required data across other services was also simplified to make it easier to find and follow. - refactored app setup and `session.user` - added `session.populateUser()` that fetches a user model from the current user endpoint and sets it on `session.user` - removed knowledge of app setup from the `cookie` authenticator and moved it into = `session.postAuthPreparation()`, this means we have the same post-authentication setup no matter which authenticator is used so we have more consistent behaviour in tests which don't use the `cookie` authenticator - switched `session` service to native class syntax to get the expected `super()` behaviour - updated `handleAuthentication()` so it populate's `session.user` and performs post-auth setup before transitioning (handles sign-in after app load) - updated `application` route to remove duplicated knowledge of app preload behaviour that now lives in `session.postAuthPreparation()` (handles already-authed app load) - removed out-of-date attempt at pre-loading data from setup controller as that's now handled automatically via `session.handleAuthentication` - updated app code to not treat `session.user` as a promise - predominant usage was router `beforeModel` hooks that transitioned users without valid permissions, this sets us up for an easier removal of the `current-user-settings` mixin in the future
2021-07-08 16:37:31 +03:00
});
}
Removed usage of deprecated EmberSimpleAuth mixins (#1910) refs https://github.com/TryGhost/Admin/pull/1901 Ember has deprecated mixins in preparation for 4.0 and `ember-simple-auth` has now done the same in 3.1.0. - removed all imports of Ember Simple Auth mixins - moved authenticated and invalidated handling from application route to session service - moved server-notification loading from application route to session service - updated `AuthenticatedRoute` to use the session service directly rather than authenticated route mixin - added `UnauthenticatedRoute` that incorporates the behaviour from our overridden `UnauthenticatedRouteMixin` and switches to using the session service directly
2021-04-12 15:21:57 +03:00
}
Synchronous feature service supersedes #6773 - update `feature` service and `gh-feature-flag` component to work synchronously rather than async - use the application route's `afterModel` hook so that settings are loaded before first load - override `session` service's `authenticate` method to load the settings after successful authentication before any other routes are processed
2016-05-05 17:03:09 +03:00
}
Improved authentication timing in setup flow https://github.com/TryGhost/Admin/pull/2286 - `session.authenticate()` returns from it's promise as soon as the authenticate request is completed but it was assumed that it returned after the `session.handleAuthentication()` promise was also completed. A side-effect of that was that depending on network timing, the setup flow could transition to the dashboard before we had loaded all of the necessary user, config, and settings requests - normally that's not a problem because `handleAuthentication()` kicks off a transition once authentication is fully complete, in the setup flow we're handling the transition manually so need a way to manage the full async flow from outside of the session service - it didn't show up as a problem previously because the setup flow transitioned to a third setup screen that didn't require all of the post-auth data to exist - moved the async parts of `session.handleAuthentication()` into a task and updated to return the currently running task instance if one was already running - lets code that is relying on the full authentication flow to have completed call `await this.session.handleAuthentication()` without causing a double-load of the post-auth API requests - updated setup flow - removed manual `session.populateUser()` call as that was a workaround for the async timing issue and caused a double-fetch of the current user API endpoint - added an `await this.session.handleAuthentication()` call to the manual post-auth handler so we don't transition until the full auth flow is complete
2022-03-10 14:53:30 +03:00
@task({drop: true})
*handleAuthenticationTask(callback) {
if (!this.user) {
try {
yield this.populateUser();
} catch (err) {
yield this.invalidate();
}
yield this.postAuthPreparation();
}
callback();
}
Made `session.user` a synchronous property rather than a promise no issue Having `session.user` return a promise made dealing with it in components difficult because you always had to remember it returned a promise rather than a model and had to handle the async behaviour. It also meant that you couldn't use any current user properties directly inside getters which made refactors to Glimmer/Octane idioms harder to reason about. `session.user` was a cached computed property so it really made no sense for it to be a promise - it was loaded on first access and then always returned instantly but with a fulfilled promise rather than the underlying model. Refactoring to a synchronous property that is loaded as part of the authentication flows (we load the current user to check that we're logged in - we may as well make use of that!) means one less thing to be aware of/remember and provides a nicer migration process to Glimmer components. As part of the refactor, the auth flows and pre-load of required data across other services was also simplified to make it easier to find and follow. - refactored app setup and `session.user` - added `session.populateUser()` that fetches a user model from the current user endpoint and sets it on `session.user` - removed knowledge of app setup from the `cookie` authenticator and moved it into = `session.postAuthPreparation()`, this means we have the same post-authentication setup no matter which authenticator is used so we have more consistent behaviour in tests which don't use the `cookie` authenticator - switched `session` service to native class syntax to get the expected `super()` behaviour - updated `handleAuthentication()` so it populate's `session.user` and performs post-auth setup before transitioning (handles sign-in after app load) - updated `application` route to remove duplicated knowledge of app preload behaviour that now lives in `session.postAuthPreparation()` (handles already-authed app load) - removed out-of-date attempt at pre-loading data from setup controller as that's now handled automatically via `session.handleAuthentication` - updated app code to not treat `session.user` as a promise - predominant usage was router `beforeModel` hooks that transitioned users without valid permissions, this sets us up for an easier removal of the `current-user-settings` mixin in the future
2021-07-08 16:37:31 +03:00
}
Reference in New Issue Copy Permalink