TryGhost · kevinansfield · Nov 4, 2015 · Nov 5, 2015 · Nov 6, 2015 · Nov 6, 2015
diff --git a/core/client/app/controllers/settings/tags/tag.js b/core/client/app/controllers/settings/tags/tag.js
@@ -9,6 +9,7 @@ export default Ember.Controller.extend({
     isMobile: alias('tagsController.isMobile'),
 
     tagsController: inject.controller('settings.tags'),
+    notifications: inject.service(),
 
     saveTagProperty: function (propKey, newValue) {
         const tag = this.get('tag'),
@@ -30,7 +31,7 @@ export default Ember.Controller.extend({
             this.replaceWith('settings.tags.tag', savedTag);
         }).catch((error) => {
             if (error) {
-                this.notifications.showAPIError(error, {key: 'tag.save'});
+                this.get('notifications').showAPIError(error, {key: 'tag.save'});
             }
         });
     },

diff --git a/core/client/app/mirage/config.js b/core/client/app/mirage/config.js
@@ -52,6 +52,23 @@ export default function () {
 
     this.get('/notifications/', 'notifications');
 
+    /* Posts ---------------------------------------------------------------- */
+
+    this.post('/posts/', function (db, request) {
+        const [attrs] = JSON.parse(request.requestBody).posts;
+        let post;
+
+        if (isBlank(attrs.slug) && !isBlank(attrs.title)) {
+            attrs.slug = attrs.title.dasherize();
+        }
+
+        post = db.posts.insert(attrs);
+
+        return {
+            posts: [post]
+        }
+    });
+
     /* Settings ------------------------------------------------------------- */
 
     this.get('/settings/', function (db, request) {
@@ -84,6 +101,16 @@ export default function () {
         };
     });
 
+    /* Slugs ---------------------------------------------------------------- */
+
+    this.get('/slugs/post/:slug/', function (db, request) {
+        return {
+            slugs: [
+                { slug: request.params.slug.dasherize }
+            ]
+        };
+    });
+
     /* Tags ----------------------------------------------------------------- */
 
     this.post('/tags/', function (db, request) {
@@ -132,11 +159,13 @@ export default function () {
     /* Users ---------------------------------------------------------------- */
 
     // /users/me = Always return the user with ID=1
-    this.get('/users/me', function (db) {
+    this.get('/users/me', function (db, request) {
         return {
             users: [db.users.find(1)]
         };
     });
+
+    this.get('/users/', 'users');
 }
 
 /*

diff --git a/core/client/app/mirage/factories/post.js b/core/client/app/mirage/factories/post.js
@@ -0,0 +1,6 @@
+/* jscs:disable */
+import Mirage from 'ember-cli-mirage';
+
+export default Mirage.Factory.extend({
+    // TODO: fill in with actual factory data
+});
diff --git a/core/client/app/routes/application.js b/core/client/app/routes/application.js
@@ -134,6 +134,18 @@ export default Ember.Route.extend(ApplicationRouteMixin, ShortcutsRoute, {
         },
 
         // noop default for unhandled save (used from shortcuts)
-        save: Ember.K
+        save: Ember.K,
+
+        error: function (error) {
+            const [_error] = error.errors;
+
+            // sign-out and redirect to sign-in if our session is invalid
+            if (_error.status === '401' || _error.errorType === 'UnauthorizedError') {
+                this.get('session').invalidate();
+                return;
+            }
+
+            return true;
+        }
     }
 });
diff --git a/core/client/app/templates/editor/edit.hbs b/core/client/app/templates/editor/edit.hbs
@@ -1,8 +1,7 @@
 {{#gh-editor editorScrollInfo=editorScrollInfo as |ghEditor|}}
     <header class="view-header">
         {{#gh-view-title classNames="gh-editor-title" openMobileMenu="openMobileMenu"}}
-            {{gh-trim-focus-input type="text" id="entry-title"placeholder="Your Post Title" value=model.titleScratch
-        tabindex="1" focus=shouldFocusTitle}}
+            {{gh-trim-focus-input type="text" id="entry-title" placeholder="Your Post Title" value=model.titleScratch tabindex="1" focus=shouldFocusTitle}}
         {{/gh-view-title}}
         <section class="view-actions">
             <button type="button" class="post-settings" title="Post Settings" {{action "openSettingsMenu"}}>

diff --git a/core/client/tests/acceptance/authentication-test.js b/core/client/tests/acceptance/authentication-test.js
@@ -0,0 +1,187 @@
+/* jshint expr:true */
+import {
+    describe,
+    it,
+    beforeEach,
+    afterEach
+} from 'mocha';
+import { expect } from 'chai';
+import Ember from 'ember';
+import startApp from '../helpers/start-app';
+import { authenticateSession, currentSession, invalidateSession } from 'ghost/tests/helpers/ember-simple-auth';
+import Mirage from 'ember-cli-mirage';
+
+const {run} = Ember;
+
+/* jshint ignore:start */
+/* global onerrorDefault */
+/* jscs:disable */
+// ember packages aren't directly importable so this is copied from:
+// https://github.com/emberjs/ember.js/blob/v1.13.10/packages/ember-runtime/lib/ext/rsvp.js
+function onerrorDefault(e) {
+    var error;
+
+    if (e && e.errorThrown) {
+        // jqXHR provides this
+        error = e.errorThrown;
+        if (typeof error === 'string') {
+            error = new Error(error);
+        }
+        error.__reason_with_error_thrown__ = e;
+    } else {
+        error = e;
+    }
+
+    if (error && error.name !== 'TransitionAborted') {
+        if (Ember.testing) {
+            // ES6TODO: remove when possible
+            if (!Test && Ember.__loader.registry[testModuleName]) {
+                Test = requireModule(testModuleName)['default'];
+            }
+
+            if (Test && Test.adapter) {
+                Test.adapter.exception(error);
+                Logger.error(error.stack);
+            } else {
+                throw error;
+            }
+        } else if (Ember.onerror) {
+            Ember.onerror(error);
+        } else {
+            Logger.error(error.stack);
+        }
+    }
+}
+/* jshint ignore:end */
+/* jscs:enable */
+
+describe('Acceptance: Authentication', function () {
+    let application;
+
+    beforeEach(function () {
+        application = startApp();
+    });
+
+    afterEach(function () {
+        run(application, 'destroy');
+    });
+
+    describe('tag settings screen', function () {
+        beforeEach(function () {
+            server.loadFixtures();
+            server.createList('tag', 5);
+
+            // HACK:
+            // https://github.com/emberjs/ember.js/blob/v1.13.10/packages/ember-runtime/lib/ext/rsvp.js#L54:L65
+            // logs the error before it gets to our app route error handler and breaks the test.
+            // Different behaviour only in testing, why not? ¯\_(ツ)_/¯
+            // Workaround is to disable RSVP's error handling for this test
+            // TODO: Remove if the bug is fixed, issue has been raised at https://github.com/emberjs/ember.js/issues/12567
+            Ember.RSVP.off('error');
+        });
+
+        afterEach(function () {
+            // Turn RSVP's error handling back on
+            Ember.RSVP.on('error', onerrorDefault);
+        });
+
+        it('redirects to sign-in with no session', function () {
+            invalidateSession(application);
+            visit('/settings/tags');
+
+            andThen(() => {
+                expect(currentURL()).to.equal('/signin');
+            });
+        });
+
+        it('invalidates session on 401 API response', function () {
+            // On a clean load /users/me is the first-hit endpoint that
+            // returns a 401 when the session is invalid
+            server.get('/users/me', (db, request) => {
+                return new Mirage.Response(401, {}, {
+                    errors: [
+                        {message: 'Access denied.', errorType: 'UnauthorizedError'}
+                    ]
+                });
+            });
+
+            authenticateSession(application);
+            visit('/settings/tags');
+
+            // we can't test the actual redirect as ESA doesn't hit
+            // window.location.reload whilst in testing but we can check that
+            // the session was invalidated successfully
+            wait().then(() => {
+                let session = currentSession(application);
+                expect(session.get('isDestroyed'), 'session.isDestroyed after 401')
+                    .to.be.true;
+            });
+        });
+    });
+
+    describe('editor', function () {
+        let origDebounce = Ember.run.debounce;
+        let origThrottle = Ember.run.throttle;
+
+        // we don't want the autosave interfering in this test
+        beforeEach(function () {
+            Ember.run.debounce = function () { };
+            Ember.run.throttle = function () { };
+        });
+
+        it('displays re-auth modal attempting to save with invalid session', function () {
+            const role = server.create('role', {name: 'Administrator'}),
+                  user = server.create('user', {roles: [role]});
+
+            // simulate an invalid session when saving the edited post
+            server.put('/posts/:id/', (db, request) => {
+                let post = db.posts.find(request.params.id),
+                    [attrs] = JSON.parse(request.requestBody).posts;
+
+                if (attrs.markdown === 'Edited post body') {
+                    return new Mirage.Response(401, {}, {
+                        errors: [
+                            {message: 'Access denied.', errorType: 'UnauthorizedError'}
+                        ]
+                    });
+                } else {
+                    return {
+                        posts: [post]
+                    };
+                }
+            });
+
+            server.loadFixtures();
+            authenticateSession(application);
+
+            visit('/editor');
+
+            // create the post
+            fillIn('#entry-title', 'Test Post');
+            fillIn('textarea.markdown-editor', 'Test post body');
+            click('.js-publish-button');
+
+            andThen(() => {
+                // we shouldn't have a modal at this point
+                expect(find('.modal-container #login').length, 'modal exists').to.equal(0);
+                // we also shouldn't have any alerts
+                expect(find('.gh-alert').length, 'no of alerts').to.equal(0);
+            });
+
+            // update the post
+            fillIn('textarea.markdown-editor', 'Edited post body');
+            click('.js-publish-button');
+
+            andThen(() => {
+                // we should see a re-auth modal
+                expect(find('.modal-container #login').length, 'modal exists').to.equal(1);
+            });
+        });
+
+        // don't clobber debounce/throttle for future tests
+        afterEach(function () {
+            Ember.run.debounce = origDebounce;
+            Ember.run.throttle = origThrottle;
+        });
+    });
+});
diff --git a/core/client/tests/fixtures/settings.js b/core/client/tests/fixtures/settings.js