deps: [email protected]

closes TryGhost#5951
- update to esa 1.0

core/client/app/authenticators/oauth2.js

@@ -1,8 +1,18 @@
 import Ember from 'ember';
-import Authenticator from 'simple-auth-oauth2/authenticators/oauth2';
+import Authenticator from 'ember-simple-auth/authenticators/oauth2-password-grant';
 
 export default Authenticator.extend({
     config: Ember.inject.service(),
+    ghostPaths: Ember.inject.service('ghost-paths'),
+
+    serverTokenEndpoint: Ember.computed('ghostPaths.apiRoot', function () {
+        return this.get('ghostPaths.apiRoot') + '/authentication/token';
+    }),
+
+    serverTokenRevocationEndpoint: Ember.computed('ghostPaths.apiRoot', function () {
+        return this.get('ghostPaths.apiRoot') + '/authentication/revoke';
+    }),
+
     makeRequest: function (url, data) {
         data.client_id = this.get('config.clientId');
         data.client_secret = this.get('config.clientSecret');

core/client/app/authorizers/oauth2.js

@@ -0,0 +1,3 @@
+import Oauth2Bearer from 'ember-simple-auth/authorizers/oauth2-bearer';
+
+export default Oauth2Bearer;

core/client/app/components/gh-nav-menu.js

@@ -6,6 +6,7 @@ export default Ember.Component.extend({
     classNameBindings: ['open'],
 
     config: Ember.inject.service(),
+    session: Ember.inject.service(),
 
     open: false,
 

core/client/app/controllers/modals/signin.js

@@ -7,6 +7,7 @@ export default Ember.Controller.extend(ValidationEngine, {
 
     application: Ember.inject.controller(),
     notifications: Ember.inject.service(),
+    session: Ember.inject.service(),
 
     identification: Ember.computed('session.user.email', function () {
         return this.get('session.user.email');
@@ -15,13 +16,12 @@ export default Ember.Controller.extend(ValidationEngine, {
     actions: {
         authenticate: function () {
             var appController = this.get('application'),
-                authStrategy = 'ghost-authenticator:oauth2-password-grant',
-                data = this.getProperties('identification', 'password'),
+                authStrategy = 'authenticator:oauth2',
                 self = this;
 
             appController.set('skipAuthSuccessHandler', true);
 
-            this.get('session').authenticate(authStrategy, data).then(function () {
+            this.get('session').authenticate(authStrategy, this.get('identification'), this.get('password')).then(function () {
                 self.send('closeModal');
                 self.set('password', '');
             }).catch(function () {

core/client/app/controllers/post-settings-menu.js

@@ -15,6 +15,7 @@ export default Ember.Controller.extend(SettingsMenuMixin, {
     config: Ember.inject.service(),
     ghostPaths: Ember.inject.service('ghost-paths'),
     notifications: Ember.inject.service(),
+    session: Ember.inject.service(),
 
     initializeSelectedAuthor: Ember.observer('model', function () {
         var self = this;

core/client/app/controllers/reset.js

@@ -13,6 +13,7 @@ export default Ember.Controller.extend(ValidationEngine, {
 
     ghostPaths: Ember.inject.service('ghost-paths'),
     notifications: Ember.inject.service(),
+    session: Ember.inject.service(),
 
     email: Ember.computed('token', function () {
         // The token base64 encodes the email (and some other stuff),
@@ -46,10 +47,7 @@ export default Ember.Controller.extend(ValidationEngine, {
                 }).then(function (resp) {
                     self.toggleProperty('submitting');
                     self.get('notifications').showAlert(resp.passwordreset[0].message, {type: 'warn', delayed: true, key: 'password.reset'});
-                    self.get('session').authenticate('ghost-authenticator:oauth2-password-grant', {
-                        identification: self.get('email'),
-                        password: credentials.newPassword
-                    });
+                    self.get('session').authenticate('authenticator:oauth2', self.get('email'), credentials.newPassword);
                 }).catch(function (response) {
                     self.get('notifications').showAPIError(response, {key: 'password.reset'});
                     self.toggleProperty('submitting');

core/client/app/controllers/settings/labs.js

@@ -8,6 +8,7 @@ export default Ember.Controller.extend({
 
     ghostPaths: Ember.inject.service('ghost-paths'),
     notifications: Ember.inject.service(),
+    session: Ember.inject.service(),
 
     labsJSON: Ember.computed('model.labs', function () {
         return JSON.parse(this.get('model.labs') || {});

core/client/app/controllers/setup/two.js

@@ -18,6 +18,7 @@ export default Ember.Controller.extend(ValidationEngine, {
     notifications: Ember.inject.service(),
     application: Ember.inject.controller(),
     config: Ember.inject.service(),
+    session: Ember.inject.service(),
 
     // ValidationEngine settings
     validationType: 'setup',
@@ -87,10 +88,7 @@ export default Ember.Controller.extend(ValidationEngine, {
                     config.set('blogTitle', data.blogTitle);
                     // Don't call the success handler, otherwise we will be redirected to admin
                     self.get('application').set('skipAuthSuccessHandler', true);
-                    self.get('session').authenticate('ghost-authenticator:oauth2-password-grant', {
-                        identification: self.get('email'),
-                        password: self.get('password')
-                    }).then(function () {
+                    self.get('session').authenticate('authenticator:oauth2', self.get('email'), self.get('password')).then(function () {
                         self.set('blogCreated', true);
                         if (data.image) {
                             self.sendImage(result.users[0])

core/client/app/controllers/signin.js

@@ -9,6 +9,8 @@ export default Ember.Controller.extend(ValidationEngine, {
 
     ghostPaths: Ember.inject.service('ghost-paths'),
     notifications: Ember.inject.service(),
+    session: Ember.inject.service(),
+    application: Ember.inject.controller(),
     flowErrors: '',
 
     // ValidationEngine settings
@@ -18,29 +20,30 @@ export default Ember.Controller.extend(ValidationEngine, {
         authenticate: function () {
             var self = this,
                 model = this.get('model'),
-                authStrategy = 'ghost-authenticator:oauth2-password-grant',
-                data = model.getProperties(this.authProperties);
+                authStrategy = 'authenticator:oauth2';
 
             // Authentication transitions to posts.index, we can leave spinner running unless there is an error
-            this.get('session').authenticate(authStrategy, data).catch(function (err) {
+            this.get('session').authenticate(authStrategy, model.get('identification'), model.get('password')).catch(function (error) {
                 self.toggleProperty('loggingIn');
 
-                if (err.errors) {
-                    self.set('flowErrors', err.errors[0].message.string);
+                if (error.errors) {
+                    error.errors.forEach(function (err) {
+                        err.message = err.message.htmlSafe();
+                    });
 
-                    // this catches both 'no user' and 'user inactive' errors
-                    // long term, we probably need to introduce error codes from the server
-                    if (err.errors[0].message.string.match(/user with that email/)) {
+                    self.set('flowErrors', error.errors[0].message.string);
+
+                    if (error.errors[0].message.string.match(/user with that email/)) {
                         self.get('model.errors').add('identification', '');
                     }
 
-                    if (err.errors[0].message.string.match(/password is incorrect/)) {
+                    if (error.errors[0].message.string.match(/password is incorrect/)) {
                         self.get('model.errors').add('password', '');
                     }
+                } else {
+                    // Connection errors don't return proper status message, only req.body
+                    self.get('notifications').showAlert('There was a problem on the server.', {type: 'error', key: 'session.authenticate.failed'});
                 }
-                // if authentication fails a rejected promise will be returned.
-                // it needs to be caught so it doesn't generate an exception in the console,
-                // but it's actually "handled" by the sessionAuthenticationFailed action handler.
             });
         },
 

core/client/app/controllers/signup.js

@@ -14,6 +14,7 @@ export default Ember.Controller.extend(ValidationEngine, {
     ghostPaths: Ember.inject.service('ghost-paths'),
     config: Ember.inject.service(),
     notifications: Ember.inject.service(),
+    session: Ember.inject.service(),
 
     sendImage: function () {
         var self = this,
@@ -66,10 +67,7 @@ export default Ember.Controller.extend(ValidationEngine, {
                         }]
                     }
                 }).then(function () {
-                    self.get('session').authenticate('ghost-authenticator:oauth2-password-grant', {
-                        identification: self.get('model.email'),
-                        password: self.get('model.password')
-                    }).then(function () {
+                    self.get('session').authenticate('authenticator:oauth2', self.get('model.email'), self.get('model.password')).then(function () {
                         if (image) {
                             self.sendImage();
                         }

core/client/app/controllers/team/index.js

@@ -2,6 +2,8 @@ import Ember from 'ember';
 
 export default Ember.Controller.extend({
 
+    session: Ember.inject.service(),
+
     users: Ember.computed.alias('model'),
 
     activeUsers: Ember.computed.filter('users', function (user) {

core/client/app/controllers/team/user.js

@@ -11,6 +11,7 @@ export default Ember.Controller.extend(ValidationEngine, {
 
     ghostPaths: Ember.inject.service('ghost-paths'),
     notifications: Ember.inject.service(),
+    session: Ember.inject.service(),
 
     currentUser: Ember.computed.alias('session.user'),
 

core/client/app/initializers/ember-simple-auth.js

@@ -0,0 +1,17 @@
+import ENV from '../config/environment';
+import ghostPaths from '../utils/ghost-paths';
+import Configuration from 'ember-simple-auth/configuration';
+import setupSession from 'ember-simple-auth/initializers/setup-session';
+import setupSessionService from 'ember-simple-auth/initializers/setup-session-service';
+
+export default {
+    name: 'ember-simple-auth',
+    initialize: function (registry) {
+        const config   = ENV['ember-simple-auth'] || {};
+        config.baseURL = ghostPaths().adminRoot;
+        Configuration.load(config);
+
+        setupSession(registry);
+        setupSessionService(registry);
+    }
+};

core/client/app/instance-initializers/oauth-prefilter.js

@@ -0,0 +1,19 @@
+import Ember from 'ember';
+
+export default {
+    name: 'oauth-prefilter',
+    after: 'ember-simple-auth',
+
+    initialize: function (application) {
+        var session = application.container.lookup('service:session');
+
+        Ember.$.ajaxPrefilter(function (options) {
+            session.authorize('authorizer:oauth2', function (headerName, headerValue) {
+                var headerObject = {};
+
+                headerObject[headerName] = headerValue;
+                options.headers = Ember.merge(options.headers || {}, headerObject);
+            });
+        });
+    }
+};