Commit Graph

11077 Commits

Author SHA1 Message Date
Daniel Lockyer
13986a797c Updated ghost-storage-base dependency
no issue

- ghost-storage-base uses moment which was affected by the moment update
- this commit updates the dependency so they use the same moment version
2020-06-08 19:43:55 +01:00
Daniel Lockyer
5d30af1513 Fixed wrong require in post email serializer
refs https://github.com/TryGhost/Ghost/pull/11807

- this was originally reported in the PR above, but we could not
  reproduce it on master
- presumably the user had the latest version of moment installed for
  other purposes and so they were seeing the issue
- between moment 2.24.0 and 2.26.0, something must have changed which
  stopped the previous functionality working
2020-06-08 19:43:55 +01:00
Renovate Bot
dfb1f9aeae Update dependency moment to v2.26.0 2020-06-08 19:43:55 +01:00
Rish
bca41e1877 Allowed updating from address domain for member emails
refs https://github.com/TryGhost/Ghost/issues/11414

Confirms if the fromAddress for sending member emails is valid and accessible using magic link flow, allowing owners to update full from address including domain change.

- Extends member service to handle magic link generation and validation for email update
- Updates existing setting endpoint to not directly update from address
- Adds new endpoint to send magic link to new address
- Adds new endpoint for validating the magic link when clicked and update the new email for from address
- Adds new email template for from address update email
2020-06-09 00:06:07 +05:30
Rish
4200eaf1f7 Added migration updating members from address with domain
refs https://github.com/TryGhost/Ghost/issues/11414

We want to allow adding custom domains to member's from address as long as the new email is verified using the magic link flow and not saved directly to DB. Since we currently don't store domain as part of fromAddress, this PR -

- adds migration to update all existing fromAddress by appending site domain
2020-06-08 23:47:02 +05:30
Renovate Bot
867e0306b9
Update dependency @tryghost/kg-default-cards to v2.0.2 2020-06-08 16:31:07 +00:00
Rish
bbcd32d204 🐛 Fixed "from" parameter handling for bulk email
closes https://github.com/TryGhost/Ghost/issues/11768

- Wraps from parameter in double quotes so mail clients can read it whole
- Escapes double quotes in site title to avoid clash with wrapping
2020-06-08 21:56:11 +05:30
Hannah Wolfe
d541a14826 Change theme uploads to move & delete at end
- Currently theme uploads delete the existing theme before copying the new files into place
- If something goes wrong with the delete action, you will end up in a bad state
   - Some or all of the files may be deleted, but now Ghost won't try to put the new theme in place, instead returning an error
   - This leaves you with an invalid active theme and a broken site
- Unlike delete, move is a one-hit operation that succeeds or fails, there moving a theme is safer than deleting
- This updated code moves the old theme to a folder with the name [theme-name]-[uuid] before copying the new theme into place
- Even if this fails, the files should not be gone
- There's a cleanup operation to remove the theme backup at the end, but we don't care too much if this fails
2020-06-08 16:12:17 +01:00
Renovate Bot
a97996eec1 Update dependency @sentry/node to v5.17.0 2020-06-08 16:06:33 +01:00
Kevin Ansfield
db68560b11 🐛 Improved error message output when oembed request fails
refs https://github.com/TryGhost/Ghost/issues/11212

- if a bookmark card fetch is performed (either directly or from fallback) and the page does not have an extractable title, return a more specific error message than "No provider found for supplied URL."
2020-06-08 15:06:00 +01:00
Kevin Ansfield
5aa6a3dbad Fixed no-shadow linting errors in oembed controllers 2020-06-08 12:52:41 +01:00
renovate[bot]
1d49cba426
Update dependency @tryghost/kg-mobiledoc-html-renderer to v3 (#11887)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2020-06-08 10:47:17 +01:00
Kevin Ansfield
e1fd8cc11f 🐛 Fixed original url/query params not being used in bookmark cards
refs https://github.com/TryGhost/Ghost/issues/11212
credit @devaman https://github.com/TryGhost/Ghost/pull/11542

- use `payload.url` for the `href` which is the originally entered url rather than `payload.metadata.url` which is the final url after redirects and metascraper extraction
- retains query params and redirects which are useful for things like affiliate links
2020-06-08 09:04:14 +01:00
renovate[bot]
31d0966e2d
Update dependency @tryghost/kg-markdown-html-renderer to v2 (#11886)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2020-06-08 08:17:30 +01:00
renovate[bot]
90a19ee397
Update dependency @tryghost/kg-default-atoms to v2 (#11884)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2020-06-08 08:17:16 +01:00
Kevin Ansfield
d8773dcc45 Allowed bookmark cards to be created without a description
no issue

- title+description was too limiting for some sites so we're relaxing the requirements to only require a title
2020-06-08 07:55:38 +01:00
Renovate Bot
b92f976a6a
Update dependency eslint to v7.2.0 2020-06-08 00:58:20 +00:00
Renovate Bot
e9b812e4f0
Update dependency csv-parser to v2.3.3 2020-06-05 13:28:20 +00:00
Nazar Gargol
c7648737ca Added context and help message to member linking with Stripe account error
no issue

- When the customer cannot be imported because they are missing from linked Stripe account or the linked account is incorrect one, these new messages should provide a better clue about what has caused the error and how to act on it.
2020-06-06 00:06:19 +12:00
Renovate Bot
80fa891965 Update dependency sanitize-html to v1.26.0 2020-06-05 09:59:48 +01:00
Nazar Gargol
633ba27f0e Added custom label assignment to imported members
no issue

- There is a need to be able to label certain import group of members
with custom labels. This will allow to distinguish/filter these newly
imported  members.
- Allowed `POST /members/csv/` endpoint to accept `labels`
field parameter which assigns labels to every member from imported csv.
2020-06-05 16:22:09 +12:00
Kevin Ansfield
fdeb7daf40 Added shared_views default setting
no issue

- we want custom views to be shared for all users and managed by admins rather than per-user
2020-06-04 21:29:06 +01:00
Kevin Ansfield
ff83cd0d97 🐛 Fixed location not being recorded for paid member signups
no issue

- updates `@tryghost/members-{api/ssr}` packages that move geolocation into the token->session exchange step so that the member's IP address is always available for rough geolocation
2020-06-04 13:32:09 +01:00
Nazar Gargol
12c8b63a4a Added more specific error handling when adding duplicate labels
no issue

- Similarly to other additive api methods  (e.g. members.add) returned more specific ValidationError with contex filled in with the reason why adding did not succed.
- This change is needed for more graceful label handling when adding new members through import
2020-06-05 00:23:10 +12:00
Nazar Gargol
59c773fb04 Removed cache invalidation header when adding label through Amdin API
no issue

- Adding labels doesn't cause any content to invalidate, similarly to adding members. Unlike it's caunterpart - tags, there is no dependent "frontend" content that would become invalid
2020-06-04 23:44:19 +12:00
Renovate Bot
5dcd856088
Update dependency fs-extra to v9.0.1 2020-06-04 00:26:05 +00:00
Renovate Bot
66026c57e9
Update dependency @sentry/node to v5.16.1 2020-06-03 16:59:57 +00:00
Daniel Lockyer
171f7627cd Removed unused env variables in release workflow
no issue
2020-06-03 08:12:54 +01:00
Daniel Lockyer
ff3f8b2489 Removed unused mochacli variable
no issue
2020-06-03 08:12:30 +01:00
Daniel Lockyer
3757cd936b v3.18.1 2020-06-02 18:07:38 +01:00
Daniel Lockyer
eeea5ef64d Updated Ghost-Admin to v3.18.1 2020-06-02 18:07:38 +01:00
Fabien O'Carroll
7c188ec1eb 🐛 Fixed settings controller edit method
no-issue

This was because the API was recieving a default `null` value for the
stripe_connect_integration_token setting.

This also improves the logging for this error.
2020-06-02 19:01:19 +02:00
Daniel Lockyer
0f6e23668c v3.18.0 2020-06-02 15:22:02 +01:00
Daniel Lockyer
a7ce7fcdc1 Updated Ghost-Admin to v3.18.0 2020-06-02 15:22:02 +01:00
Fabien O'Carroll
37a1947fc5 Fixed broken regression tests from #11861
no-issue

The config is now a class and the context of `this` was not bound
2020-06-02 16:20:57 +02:00
Kevin Ansfield
4e139ee5b4 Fixed linting 2020-06-02 14:33:43 +01:00
Kevin Ansfield
64ed246d03
Merge pull request from GHSA-4m2q-w26j-h268
no issue

- added an `externalRequest` lib
  - uses same underlying `got` module as our `request` lib
  - uses `got`'s `beforeRequest` and `beforeRedirect` hooks to perform it's own dns resolution for each url that's encountered and aborts with an error if it resolves to a private IP address block
  - includes a bypass for Ghost's configured url so that requests to it's own hostname+port are not blocked
- updated v2 and canary oembed controllers to use the `externalRequest` lib
2020-06-02 14:30:10 +01:00
Fabien O'Carroll
44f1c0a7b6 Updated members config to respect stripeDirect
no-issue

If the stripeDirect config value is NOT set / false, then connect token
should be used over the API keys if both are present, or else use
whichever is present.  If the stripeDirect config value is set /
true,then API keys should be used and stripe connect token should be
completely ignored.

The reason for this is that we want to use Stripe Connect as the primary
auth method going forward, but we want to keep the direct version
availiable should the Ghost Foundation ever dismantle. This will allow
people to use all the same features with no dependency on an external
service.
2020-06-02 15:28:42 +02:00
Fabien O'Carroll
a1f883edbc Refactored members config to use DI
no-issue

This makes testing it much easier
2020-06-02 15:28:42 +02:00
Fabien O'Carroll
fc0e97593b Added membersStripeConnect controller auth method
no-issue

In order to issue a redirect we need access to the "raw" req/res
objects, which is why we must return the function which gets access to
them.

The members service is used to create the auth url and to update the
users session.
2020-06-02 15:28:42 +02:00
Fabien O'Carroll
5b058d6d5b Added permission for auth:members_stripe_connect
no-issue

This permission is used to ensure that only the Owner can
authenticate/authorize the members_stripe_connect integration.
2020-06-02 15:28:42 +02:00
Fabien O'Carroll
413aa06ca5 Wired up stripe-connect module to settings API
no-issue

Uses the members service to parse a stripe_connect_integration_token
setting and set the stripe_connect_integration based on that.

This change includes ignoring the stripe_connect_integration{,_token}
settings, as the token is never saved, and the integration can only be
set by using the token.
2020-06-02 15:28:42 +02:00
Fabien O'Carroll
95acbbad93 Added stripe_connect_integration default setting
no-issue

This will be used to store the keys and other information after a
sucessful Stripe Connect OAuth flow.
2020-06-02 15:28:42 +02:00
Fabien O'Carroll
eb962d8e5c Added stripe connect module to member service
no-issue

This module handles the creation of a url used for authorization of
Stripe Connect, and also the parsing of the data eventually received
from the authorization flow.
2020-06-02 15:28:42 +02:00
Fabien O'Carroll
88b4c5571d Refactored the settings edit controller
no-issue

There was some unused code here, the variable  was never used, also we
were looping and collecting a list of errors, but only every using the
first one, so switched to the `find` method which stops iteration after
an element has matched.
2020-06-02 15:28:42 +02:00
Renovate Bot
7fe945f4dd
Update dependency @lodder/grunt-postcss to v2.0.4 2020-06-02 11:19:41 +00:00
Renovate Bot
a16e4cc5d1 Update dependency @sentry/node to v5.16.0 2020-06-02 12:18:42 +01:00
Daniel Lockyer
23cdc72d96
Updated PRIVACY.md
no issue

- a lot of the existing content was incorrect anyway
2020-06-02 12:01:48 +01:00
Justin VanWinkle
d9ea9927cd
Updated PRIVACY.md (#11873)
- Updated JQuery version. Now using jquery 3.4.1 in the default theme.
- Removed Google Plus statement. Theme no longer includes an icon for Google Plus.
2020-06-02 11:15:29 +01:00
Rish
a7ede2768b 🐛 Fixed test email permissions for non-owner roles
closes https://github.com/TryGhost/Ghost/issues/11841

- Migration adds mapping between permissions and roles for email_preview send test mail
- Only owner previously had correct permission to send test emails
- Fixture existed to allow Admin/Editor/Integrations to send test mails but had missing migration
- Adds tests for roles to send test email
2020-06-02 14:54:50 +05:30