Commit Graph

10639 Commits

Author SHA1 Message Date
Daniel Lockyer
c7dc393719 Updated Ghost-Admin to 3.11.0 2020-03-10 13:02:54 +00:00
Naz
df056416bd
Cleaned up broken complimentary plan (#11650)
refs https://github.com/TryGhost/Ghost/issues/11648

- Removes Stripe plan entries from settings that are not formatted correctly.
- Incorrect formatting was caused by a bug in 3.10.0 Admin-Client where it wasn't able to find complimentary plan. Related fix for this here - 9e7a6b801a
2020-03-10 20:39:34 +08:00
John O'Nolan
70076f8c19
Update FUNDING.yml 2020-03-09 20:23:07 +07:00
Nazar Gargol
53b6ad16d8 Fixed handling of empty created_at dates in member CSV imorts
no issue

- When created_at value is not provided it should be treated as an empty one instead of trying to import empty string.
- This scenario happens when the column is defined in CSV but no values are present (default parsed value is empty string '')
2020-03-09 20:12:02 +08:00
Daniel Lockyer
52ccd4648f Version bump to 3.10.0 2020-03-09 10:49:09 +00:00
Daniel Lockyer
7694f5e786 Updated Ghost-Admin to 3.10.0 2020-03-09 10:49:09 +00:00
Daniel Lockyer
06a2371bd7 Updated Casper to 3.0.9 2020-03-09 10:49:09 +00:00
Kevin Ansfield
4773939670 🔒 Improved validation of fetched urls and responses in oembed endpoint
no issue

- prevent oembed fetching from accessing IP addresses or localhost domains
- prevent oembed endpoint from passing through fetched responses as-is
  - reject any fetched data that does not validate against the oembed spec
  - strip any unknown properties from the oembed response before returning

Credits: Nick Mykhailyshyn
2020-03-09 10:42:25 +00:00
Daniel Lockyer
afb3177e5e Added site URL to Update Check body
no issue
2020-03-09 09:48:04 +00:00
Renovate Bot
4215cee395 Update dependency sharp to v0.25.1 2020-03-09 07:53:07 +00:00
Renovate Bot
7fcb6c8e8f Update dependency uuid to v7.0.2 2020-03-09 07:33:53 +00:00
Renovate Bot
478a0668e4 Update dependency @sentry/node to v5.13.2 2020-03-09 07:33:32 +00:00
Renovate Bot
403f7990e8 Update dependency express-hbs to v2.3.1 2020-03-09 07:33:18 +00:00
Renovate Bot
2d20778bcb Update metascraper to v5.11.6 2020-03-09 07:32:59 +00:00
Nazar Gargol
895b3d98e7 Refactored members csv export for bettere readability
no issue
2020-03-06 13:55:11 +08:00
Daniel Lockyer
357671549a Added feature label to stalebot exemption list
no issue
2020-03-05 12:40:59 +00:00
Fabien O'Carroll
801608e077
Fixed permission to only fetch for active users (#11641)
no-issue

Essentially only active users should have their permissions loaded, this
means that suspended or inactive users are stripped of all permissions
until their status is changed.
2020-03-05 12:22:50 +02:00
Fabien O'Carroll
58187175c3
Deleted all but active sessions on password change (#11639)
closes #10323 

* Fixed usage of hasMany for user->session
* Refactored changePassword to async function
* Deleted all user sessions when password changed
* Tested for session retained after password changed
* Added the session to the frame
* Skipped the current session when changing password
2020-03-05 12:22:32 +02:00
Daniel Lockyer
7e1c7ef9d2
Updated README with GitHub Actions badge
no issue
2020-03-05 10:03:13 +00:00
Daniel Lockyer
7b32bf9ca5 Switched tests to GitHub Actions
no issue
2020-03-05 09:50:14 +00:00
Daniel Lockyer
edfc07b9c8 Captured bulk-email errors in Sentry
no issue
2020-03-04 13:44:23 +00:00
Daniel Lockyer
4fda464103 Added captureException helper to Sentry integration
no issue

- this allows us to custom capture exceptions
2020-03-04 13:42:30 +00:00
Nazar Gargol
8f789523e3 Fixed date formatting in members CSV export
no issue

- Made date formatting coherent with the one used in API and the exporter
- Using JSON.stringify() here because that's exactly how API is getting it's formattting done atm
2020-03-04 17:41:02 +08:00
Nazar Gargol
c0512e30bb Added custom currency support for Memer's plans
no issue

- Multiple currencies for membe plans were supported under the hood but never had a clear interface to manage them. This change allows to reference currently used currency and it's symbol from the theme layer with following syntax: `{{@price.currency}}` and `{{@price.currency_symbol}}
2020-03-04 13:15:21 +08:00
Eric Morgan
3f5daa60c8 🐛 Fixed publisher logo meta schema
refs #11304

- Previously the schema publisher logo attribute was incorrectly given the logo url
- schema.org and Google's docs show the logo needing it's own type and url attributes
- I added the correct @type and moved the metaData.site.logo to the new url attribute
- This change now clears the error in Google's Structured Data tester
- A future improvement would be to size the site logo to 60px in height per Google's recommendation
2020-03-03 12:18:23 +00:00
Daniel Lockyer
e31ba0dea3 Updated ghost-storage-base dependency
no issue
2020-03-03 09:56:40 +00:00
Renovate Bot
92c85f1485 Update dependency mocha to v7 2020-03-03 08:35:39 +00:00
Renovate Bot
095ed2a892 Update dependency uuid to v7 2020-03-03 08:32:58 +00:00
Daniel Lockyer
a851cdfc7b Handled bad URLs in oembed bookmark API
fixes #11636

- malformed URLs passed to oembed API would cause `got` or `metascraper`
  to throw an error and this would result in a 500 error from Ghost
- this commit catches the errors and returns a reasonable response
2020-03-02 14:24:26 +00:00
Daniel Lockyer
f7bc233f4c Version bump to 3.9.0 2020-03-02 12:02:24 +00:00
Daniel Lockyer
ad15457c05 Updated Ghost-Admin to 3.9.0 2020-03-02 12:02:24 +00:00
Daniel Lockyer
49ee2cf30f Updated Casper to 3.0.8 2020-03-02 12:02:24 +00:00
Fabien O'Carroll
c1bd6f35cb Exposed member uuid to themes as @member.uuid
no-issue

Ronseal. Exposes's uuid for use in third party tracking/linking of
members, e.g. google tag manager

refs: https://forum.ghost.org/t/ghost-and-member-id-for-google-tag-manager/12317
2020-03-02 13:39:13 +02:00
Daniel Lockyer
65d258972b Handled bad redirect URLs for private sites
no issue

- Sentry flagged up a redirect URL for the POST action of accessing a
  private site which would throw a 500
- `decodeURIComponent` would throw an error if it was passed bad data
- this commit moves the `decodeURIComponent` inside the try-catch to
  handle the error
2020-03-02 08:23:23 +00:00
Renovate Bot
c9af8844ba Update dependency @sentry/node to v5.13.1 2020-03-02 08:16:11 +00:00
Renovate Bot
394305ad0c Update dependency amperize to v0.6.1 2020-03-02 02:20:01 +00:00
Renovate Bot
35b9511c3e Update dependency @sentry/node to v5.12.5 2020-03-02 01:20:52 +00:00
Kevin Ansfield
7bf5b7d4e0 Deleted unused models/base/token.js file
no issue

- tokens usage was removed in 3.0
2020-02-27 11:32:17 +00:00
Kevin Ansfield
8218f490cd Added capture of geolocation during member signup/signin
no issue

- updated `@tryghost/members-api` which now includes geolocation lookup from IP address during member signup and signin when geolocation data doesn't already exist
2020-02-27 10:46:37 +00:00
Daniel Lockyer
93dd8b3dc3 Updated Travis configuration to remove cron references
no issue

- the cron is no longer used as regression tests run on master
2020-02-27 09:36:06 +00:00
Nazar Gargol
6cca5b45c5 Fixed regression test
refs b0ff1e7ca

- Regression test didn't get updated after migration was added
2020-02-27 12:57:53 +08:00
Naz
b0ff1e7cac
Added member login resource to Admin API (#11607)
no issue

- Adds 'GET /members/:id/signin_urls' endpoint to Admin API allowing to fetch login URL for member. This URL allows to log in as a member which is useful in situations when you need to impersonate a member (for example to debug some issue they are having)
- Added member_signin_urls permission with migrations. Only the "Owner" user can read "signin_urls" resource. Admin and other users will be denied access
2020-02-27 11:48:02 +08:00
Nazar Gargol
258bcc71bf Added minified members.js file handling
refs 91984b54ca

- For request effieciency we should be using a minified file just like we did previously with `ghost-sdk.js`
- Modified 'max-age' caching header to 1 year  for both minified and non-minified files as thay won't affect dev environment and should be beneficial for self-hosting instances that don't use minification
- Along the way corrected an extra 301 redirect because `/public/member.js` path wasn't using a bakslach in the end.
2020-02-26 14:08:10 +08:00
Naz
3af621ea9a
Added handling allowing members to edit their billing info (#11571)
no issue

- This functionality allows member to update their billing information, like credit card information.
- Adds handler to update Stripe billing when element with `data-members-edit-billing` attribute is present on the page. Additional `data-members-success` and `data-members-cancel` attributes could be used to control the redirects on billing update success or failure. They work in the same fission as for 'members-plan' (https://ghost.org/docs/members/checkout-buttons/#redirects)
2020-02-26 12:42:41 +08:00
Daniel Lockyer
2b9e494dfc Updated ignored dependencies in Renovate
no issue

- `got` 10.x has a Node 10 bug that makes it pretty much unusable for
  now
- `intl-messageformat` 6.0.0 introduced a breaking change in terms of
  escaping that would be pretty difficult to fix for now
2020-02-25 16:43:04 +00:00
Daniel Lockyer
92a0e6abec Renamed test function to fix eslint warning
no issue

- teardown is an internal Mocha hook, and eslint would complain about it
  being used outside a test
- our use of teardown is actually a custom function, so it's better to
  rename the function across the board
2020-02-24 20:51:09 +00:00
Daniel Lockyer
119c5359ec Updated test dependencies
no issue
2020-02-24 19:16:38 +00:00
Daniel Lockyer
474f0a2184 Updated semver dependency
no issue

- required code change for new API
2020-02-24 18:01:53 +00:00
Renovate Bot
c3125dd19f Update dependency sanitize-html to v1.22.0 2020-02-24 12:49:37 +00:00
Renovate Bot
fc0042087d Update dependency ajv to v6.12.0 2020-02-24 12:45:22 +00:00