OpenSourceArk/Ghost
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
97553181ce
Ghost/ghost/admin/app/services/session.js
Kevin Ansfield 12729bb469 Improved authentication timing in setup flow 
https://github.com/TryGhost/Admin/pull/2286

- `session.authenticate()` returns from it's promise as soon as the authenticate request is completed but it was assumed that it returned after the `session.handleAuthentication()` promise was also completed. A side-effect of that was that depending on network timing, the setup flow could transition to the dashboard before we had loaded all of the necessary user, config, and settings requests
  - normally that's not a problem because `handleAuthentication()` kicks off a transition once authentication is fully complete, in the setup flow we're handling the transition manually so need a way to manage the full async flow from outside of the session service
  - it didn't show up as a problem previously because the setup flow transitioned to a third setup screen that didn't require all of the post-auth data to exist
- moved the async parts of `session.handleAuthentication()` into a task and updated to return the currently running task instance if one was already running
  - lets code that is relying on the full authentication flow to have completed call `await this.session.handleAuthentication()` without causing a double-load of the post-auth API requests
- updated setup flow
  - removed manual `session.populateUser()` call as that was a workaround for the async timing issue and caused a double-fetch of the current user API endpoint
  - added an `await this.session.handleAuthentication()` call to the manual post-auth handler so we don't transition until the full auth flow is complete
2022-03-10 11:53:37 +00:00

124 lines
3.6 KiB
JavaScript
Raw Blame History

import ESASessionService from 'ember-simple-auth/services/session';
import RSVP from 'rsvp';
import {configureScope} from '@sentry/browser';
import {getOwner} from '@ember/application';
import {run} from '@ember/runloop';
import {inject as service} from '@ember/service';
import {task} from 'ember-concurrency';
import {tracked} from '@glimmer/tracking';
export default class SessionService extends ESASessionService {
@service config;
@service('store') dataStore;
@service feature;
@service notifications;
@service router;
@service frontend;
@service settings;
@service ui;
@service upgradeStatus;
@service whatsNew;
@tracked user = null;
skipAuthSuccessHandler = false;
async populateUser(options = {}) {
if (this.user) {
return;
}
const id = options.id || 'me';
const user = await this.dataStore.queryRecord('user', {id});
this.user = user;
}
async postAuthPreparation() {
await RSVP.all([
this.config.fetchAuthenticated(),
this.feature.fetch(),
this.settings.fetch()
]);
await this.frontend.loginIfNeeded();
// update Sentry with the full Ghost version which we only get after authentication
if (this.config.get('sentry_dsn')) {
configureScope((scope) => {
scope.addEventProcessor((event) => {
return new Promise((resolve) => {
resolve({
...event,
release: `ghost@${this.config.get('version')}`
});
});
});
});
}
this.loadServerNotifications();
this.whatsNew.fetchLatest.perform();
}
async handleAuthentication() {
if (this.handleAuthenticationTask.isRunning) {
return this.handleAuthenticationTask.last;
}
return this.handleAuthenticationTask.perform(() => {
if (this.skipAuthSuccessHandler) {
this.skipAuthSuccessHandler = false;
return;
}
super.handleAuthentication('home');
});
}
handleInvalidation() {
let transition = this.appLoadTransition;
if (transition) {
transition.send('authorizationFailed');
} else {
run.scheduleOnce('routerTransitions', this, 'triggerAuthorizationFailed');
}
}
// TODO: this feels hacky, find a better way than using .send
triggerAuthorizationFailed() {
getOwner(this).lookup(`route:${this.router.currentRouteName}`).send('authorizationFailed');
}
loadServerNotifications() {
if (this.isAuthenticated) {
if (!this.user.isAuthorOrContributor) {
this.dataStore.findAll('notification', {reload: true}).then((serverNotifications) => {
serverNotifications.forEach((notification) => {
if (notification.top || notification.custom) {
this.notifications.handleNotification(notification);
} else {
this.upgradeStatus.handleUpgradeNotification(notification);
}
});
});
}
}
}
@task({drop: true})
*handleAuthenticationTask(callback) {
if (!this.user) {
try {
yield this.populateUser();
} catch (err) {
yield this.invalidate();
}
yield this.postAuthPreparation();
}
callback();
}
}
Reference in New Issue View Git Blame Copy Permalink