OpenSourceArk/Ghost
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
3653cfbfbf
Ghost/ghost/admin/app/authenticators/cookie.js
Fabien O'Carroll 3e5a62309f Use Admin API v2 with session auth (#1046) 
refs #9865
- removed all `oauth2` and token-based ESA auth
- added new `cookie` authenticator which handles session creation
- updated the session store to extend from the `ephemeral` in-memory store and to restore by fetching the currently logged in user and using the success/failure state to indicate authentication state
  - ESA automatically calls this `.restore()` method on app boot
  - the `session` service caches the current-user query so there's no unnecessary requests being made for the "logged in" state
- removed the now-unnecessary token refresh and logout routines from the `application` route
- removed the now-unnecessary token refresh routines from the `ajax` service
- removed `access_token` query param from iframe file downloaders
- changed Ember Data adapters and `ghost-paths` to use the `/ghost/api/v2/admin/` namespace
2018-10-05 19:46:33 +01:00

42 lines
1.3 KiB
JavaScript
Raw Blame History

import Authenticator from 'ember-simple-auth/authenticators/base';
import RSVP from 'rsvp';
import {computed} from '@ember/object';
import {inject as service} from '@ember/service';
export default Authenticator.extend({
ajax: service(),
ghostPaths: service(),
sessionEndpoint: computed('ghostPaths.apiRoot', function () {
return `${this.ghostPaths.apiRoot}/session`;
}),
restore: function () {
return RSVP.resolve();
},
authenticate(identification, password) {
const data = {username: identification, password};
const options = {
data,
contentType: 'application/json;charset=utf-8',
// ember-ajax will try and parse the response as JSON if not explicitly set
dataType: 'text'
};
return this.ajax.post(this.sessionEndpoint, options);
},
invalidate() {
// if we're invalidating because of a 401 we can end up in an infinite
// loop if we then try to perform a DELETE /session/ request
// TODO: find a more elegant way to handle this
if (this.ajax.skipSessionDeletion) {
this.ajax.skipSessionDeletion = false;
return RSVP.resolve();
}
return this.ajax.del(this.sessionEndpoint);
}
});
Reference in New Issue View Git Blame Copy Permalink