Commit Graph

11669 Commits

Author SHA1 Message Date
Rish
03968219a7 🐛 Fixed email verification mails not sent
no issue

- Email ownership verification emails for support/from address was not using the updated magic link service syntax
2020-09-24 23:39:25 +05:30
Kevin Ansfield
1dfaf8c5f8
Added migration to store from/reply-to values in email table (#12204)
no issue

The email table should be a reference for all data that was used when sending an email. From and Reply-to addresses can change over time and we don't have any other reference for their value at the time of sending an email so we should store them alongside the email content.

- schema updated with `from` and `reply_to` columns
- both are set to `nullable` because we don't have historic data (can be populated and changed in later migrations if needed)
- neither `from` or `reply_to` have `isEmail` validations because they can have name+email in an email-specific format
- will help keep concerns separated in the future. `mega` service can deal with all of the email contents/properties, and the `bulk-email` service's concerns are then only email sending and any provider-specific needs
2020-09-24 08:20:10 +01:00
Rish
78379e76c1 Renamed membersjs script name to portal
no issue

- The members.js package was renamed as `@tryghost/portal`, which also updated the unpkg link for the script
- Updates the unpkg script for portal to use the new package name and path
2020-09-24 12:08:51 +05:30
Naz
43153ba31e Disabled changing webhook's integration_id through PUT API
refs #12033

- Allowing to change parent integration opens up possible security holes and has no clear usecase at the moment. After a webhook record is created it should not be possible to change parent integration.
- Had do partially duplicate JSON schema definition from webhooks definition as there is no proper composition technique available in current version of JSON Schema.
2020-09-24 16:24:02 +12:00
Naz
af516e130c Fixed error message checks in members regression test
refs 6f1abc610a

- Additional period `.` was introduced in referenced commit which broke these tests
- The period was added to follow general convention of ending error messages with a perio (in some situations validation message didn't make sense without proper punctuation)
2020-09-24 15:31:19 +12:00
Naz
6f1abc610a Added check for parent integration_id when creating a webhook
refs https://github.com/TryGhost/Ghost/issues/12033
refs https://github.com/TryGhost/Ghost/issues/10567

- Creating a webhook without valid parent integration leads to orphaned webhook records, which shoult not ever happen
- This scenario is only possible for non-integration authentication,
because in case of integration being authenticated it's id is
automatically assigned to creatd webhook
2020-09-24 15:09:51 +12:00
naz
bbcc83dadb
Added support for ordering Post API resources by fields coming form posts_meta table (#12226)
refs #11729

- When ordering is done by fields from a relation (like post's `meta_title` that comes form `posts_meta` table), Bookshelf does not include those relations in the original query which caused errors. To support this usecase added a mechanism to detect fields from a relation and load those relations into query. 
- Extended ordering to include table name in ordered field name.  The information about the table name is needed to avoid using `tableName` within pagination plugin and gives path to having other than original table ordering fields (e.g. order by posts_meta table fields)
- Added test case to check ordering on posts_meta fields
- Added support for "eager loading" relations. Allows to extend query builder object with joins to related tables,
which could be used in ordering (possibly in filtering later). Bookshelf does not support ordering/filtering by proprieties coming from relations, that's why this kind of plugin and query expansion is needed
- Added note about lack of support for child relations with same property names.
2020-09-24 13:32:40 +12:00
Renovate Bot
2cbba94663 Pin dependency papaparse to 5.3.0 2020-09-23 16:25:55 +01:00
Kukhyeon Heo
635d26469f
Fixed settings reinit to only emit changed settings events (#12184)
closes #12038

Previously we were emitting changed events for _all_ settings which would
cause any listeners for those to be triggered, this ensures that listeners are
only triggered if the corresponding setting, _did_ in fact change.
2020-09-23 14:35:03 +01:00
Fabien O'Carroll
171908cefa Added support for filtering Members CSV exports
no-issue

Adding these options to the endpoint will pass them to the model layer,
allowing us to filter members CSV exports
2020-09-23 14:29:15 +01:00
Fabien O'Carroll
800ffc2e8f Improved Members CSV export acceptance tests
no-issue

This updates the test to check the parsed CSV contains all the expected rows
2020-09-23 14:29:15 +01:00
Fabien O'Carroll
e236507deb Installed papaparse as dev dependency
no-issue

This will be used to test the output of members CSV exports
2020-09-23 14:29:15 +01:00
Léo Bourrel
87855075c0
Added support for data-members-name in themes (#12191)
no-issue

This change allows themes to collect member names on signup with use of the
`data-members-name` attribute on an input element in the `data-members-form`
2020-09-23 13:59:26 +01:00
Naz
bff2fd5f3b Corrected comment describing redirect behavior
no issue

- The redirect is done from `/feed` to `/rss`
2020-09-23 00:37:55 +12:00
Daniel Lockyer
fdb41143c7 v3.34.0 2020-09-22 11:25:13 +01:00
Daniel Lockyer
40cb03d9d1 Updated Ghost-Admin to v3.34.0 2020-09-22 11:25:12 +01:00
Daniel Lockyer
f99a89bea1 Updated @tryghost/zip dependency 2020-09-22 11:01:28 +01:00
Daniel Lockyer
ea6a4b7c2e Updated @tryghost/vhost-middleware dependency 2020-09-22 11:01:28 +01:00
Daniel Lockyer
dd6a493866 Updated @tryghost/session-service dependency 2020-09-22 11:01:28 +01:00
Daniel Lockyer
7123f7f65f Updated @tryghost/promise dependency 2020-09-22 11:01:28 +01:00
Daniel Lockyer
e671423999 Updated @tryghost/mw-session-from-token dependency 2020-09-22 11:01:28 +01:00
Daniel Lockyer
4064bb2e7e Updated @tryghost/job-manager dependency 2020-09-22 11:01:28 +01:00
Daniel Lockyer
34be59805d Updated @tryghost/errors dependency 2020-09-22 11:01:28 +01:00
Renovate Bot
56b9ab28aa
Update dependency @tryghost/constants to v0.1.1 2020-09-22 08:43:06 +00:00
Renovate Bot
322f7c9aa9
Update dependency @tryghost/bootstrap-socket to v0.2.2 2020-09-22 07:03:12 +00:00
Renovate Bot
71e0a5ae7a
Update dependency @tryghost/adapter-manager to v0.1.11 2020-09-22 05:06:37 +00:00
Nazar Gargol
84c8bcc457 Extracted ordering into separate bookshelf plugin
refs #11729

- Having a plugin allows to reason about ordering better and gives way
to further extraction away form the core.
- Just like with filtering, ordering falls into similar category of having effect on knex'es query builder object extension through additional statements - ORDER BY in this case.
- Because there were bugs associated with use of permittedAttributes inside of `parseOrderOption` method, introduced separate `orderAttributes` function which returns only those fields which are orderable (https://github.com/TryGhost/Ghost/issues/11729#issuecomment-685740836)
2020-09-22 16:27:12 +12:00
Nazar Gargol
5766b39be6 Fixed failing regression tests
refs 32b37d7ba8

- Some of the regression tests were broken after changes in referenced commit
2020-09-22 16:13:57 +12:00
Nazar Gargol
32b37d7ba8 Improved error messaging for password reset process
refs #11878

- When password reset link is invalid previous messaging left the user
without clear information about why the reset failed and what they could do about it.
- Updated messaging around password reset tokens including detection of
when password token has invalid structure, has expired or has already
been used
2020-09-22 15:45:19 +12:00
Kevin Ansfield
6dc8d91ace Revert "Store email batch and recipient records when sending newsletters (#12195)"
This reverts commit 80af56b530.

- reverting temporarily so that all associated functionality can be merged in a single release
- creating email batch/recipient records without using them would cause inconsistent data
2020-09-21 17:02:59 +01:00
Fabien 'egg' O'Carroll
39dd492927
Updated magic link expiry information to 4 hours (#12224)
no-issue

Since TryGhost/Ghost#12218 magic links now have
an expiry of 4 hours.
2020-09-21 16:08:21 +01:00
Kristian Freeman
aca94e65c3
Added support for Stripe promo codes in config (#12149)
closes #12111 

* Added default value in defaults.json
* Passed config to members-api module

refs: https://github.com/TryGhost/Members/pull/194
2020-09-21 13:15:41 +01:00
Renovate Bot
fa4b5638f1
Update dependency @tryghost/members-api to v0.31.0 2020-09-21 10:56:46 +00:00
Renovate Bot
cabe11d3a2 Update dependency node-jose to v2 2020-09-21 07:58:36 +01:00
Nikolay A. G
e5f2fa650b
Removed unmatched closing span tag on AMP pages (#12183)
no issue

- The unmatched closing </span> tag is ignored by the browser anyway and is not semantically correct
- Checked the history if there was any possible purpose behind it in the past but doesn't seem like it
2020-09-21 12:53:27 +12:00
Renovate Bot
f8a918395d
Update dependency @tryghost/members-csv to v0.3.1 2020-09-18 16:48:12 +00:00
Fabien O'Carroll
e8f530db6c Updated @tryghost/members-api@0.30.1
no-issue

This includes a fix to the usage of getMagicLink which affected
impersonation of members via the memberSigninUrl controller.
2020-09-18 17:46:30 +01:00
Fabien 'egg' O'Carroll
7c5a3bb537
Updated magic links to use shorter, single us, longer lived tokens (#12218)
no-issue

* Added SingleUseTokenProvider to members service

This implements the TokenProvider interface required by members-api to
generate magic links. It handles checking if the token is expired and
pulls out any associated data.

Future improvments may include the email in the error for expired
tokens, which would make resending a token simpler.

* Passed SingleUseTokenProvider to members-api

This sets up the members-api module to use the new single use tokens

* Installed @tryghost/members-api@0.30.0

This includes the change to allow us to pass a token provider to the members-api
2020-09-18 17:32:18 +01:00
Renovate Bot
3c0f2d1595
Update dependency @sentry/node to v5.24.2 2020-09-18 14:12:08 +00:00
Fabien 'egg' O'Carroll
812e4b682f
Added SingleUseToken model (#12215)
no-issue

This is a model for the tokens table, which handles the single use
aspect by customising the `findOne` method to automatically destroy the
model after reading from it
2020-09-18 15:05:56 +01:00
Renovate Bot
f01f088066
Update dependency @tryghost/magic-link to v0.6.0 2020-09-18 12:26:10 +00:00
Renovate Bot
e0f2fa76ec
Update dependency @tryghost/magic-link to v0.5.0 2020-09-18 11:46:09 +00:00
Renovate Bot
eb0163bde6
Update dependency @sentry/node to v5.24.1 2020-09-18 10:35:51 +00:00
Fabien O'Carroll
fe1e480e2e Updated getMagicLink call to handle Promise return
no-issue

refs: https://github.com/TryGhost/Members/commit/63942f03

The above commit updated all magic-link methods to be async, this change
ensures that we will handle a Promise return when it's updated in Ghost.
`await` has no effect on non Promise return values so it's safe to add
this now.
2020-09-18 10:49:18 +01:00
Renovate Bot
d0844ee853
Update dependency @sentry/node to v5.24.0 2020-09-18 08:42:57 +00:00
Fabien O'Carroll
a862a58b5f Updated the tokens table to have 32 char tokens
no-issue

After discussion with Matt, we decided that 192 bits for the token is a
good number, as it has no padding when base64 encoded and is more secure
than 128 bits, whilst still a managable size.
2020-09-17 17:33:43 +01:00
Fabien O'Carroll
01e62e3d79 Added tokens table to the database
no-issue

This is a table to store single use tokens for use in magic links, the
columns are as simple as possible at the moment and are designed as:
id - standard ObjectID like all of our tables
token - 128bit base64 encoded string
data - arbitrary data to store against the token
created_at - timestamp to allow for expiry to be implemented for tokens
2020-09-17 16:08:35 +01:00
Fabien O'Carroll
ed7adf16a2 Added migration util for adding new tables
no-issue

This pulls out some commonly used logic into a util for future use
2020-09-17 16:08:35 +01:00
Rish
ac146f1e3b Updated ownership verification email flow to use different From address
no issue

- In a recent change to ownership verification email flow, we changed the FROM address of ownership verification mails to use the same email as the one we are verifying, aka TO address.
- Email clients like Gmail flags off such emails as possible spam
- Fix updates the `FROM` address to `noreply@domain.com` where domain.com is domain for TO address
-  In case the TO is already noreply@domain.com, we use no-reply@domain.com to bypass the same address restriction.
2020-09-17 19:52:51 +05:30
Rish
7a3839fb14 Added new portal config flag
no issue

- The new Portal config flag allows switching on Portal conditionally with config
- The dev experiment flag still works for enabling Portal
- The flag currently defaults to `false` as Portal is still a beta feature and switched off by default
- We expose it on the admin api config endpoint so that the Ghost-Admin client can use it to conditionally render Portal settings
2020-09-17 19:40:34 +05:30