Commit Graph

3735 Commits

Author SHA1 Message Date
Rish
9ab754a0c7 Added canary endpoint to parent app
no issue

Mounts new canary api endpoint on parent app
2019-08-09 20:46:49 +05:30
Rish
13a77363de Updated uncapitalise check to work with canary
no issue

Previously uncapitalise check was based on fixed api endpoint format - v[NUMBER], this updates it to work with canary endpoint
2019-08-09 20:46:49 +05:30
Rish
6ce9a5fc0e Updated token verification to use dynamic audience check
no issue

Admin key token verification was using hardcoded audience check with v2 admin endpoint, this updates it to check against api version and api type of the request url
2019-08-09 20:46:49 +05:30
Rish
7b761a8751 💡 Added canary api endpoint
no issue

Adds new canary api endpoint, currently replicating v2 endpoint but paving way for future updates to new version
2019-08-09 20:46:49 +05:30
Fabien O'Carroll
acd1a7fd69 Fixed naming of backup cotent perm migration
no-issue

This file got accidentally renamed in 532fdb0806
2019-08-09 15:00:26 +08:00
Fabien O'Carroll
b6f2bc33b7 Moved page/type column migrations to correct version
refs #10922
2019-08-09 14:53:40 +08:00
Fabien O'Carroll
44a02c7d36 Updated xmlrpc and slack service to use type column
refs #10922
2019-08-09 14:39:01 +08:00
Fabien O'Carroll
b45e955dea Ensured that the page column can be rolled back
refs #10922

When rolling back the removal of the page column, we must re-add it, but
the definition for it has been removed from the schema, so we must
hardcode the definition.
2019-08-09 14:39:01 +08:00
Fabien O'Carroll
1096dc2085 Added ability to pass columnSpec to addTableColumn
refs #10922

This gives us the ability to add columns that have since been removed
from the schema, for example in a down migration.
2019-08-09 14:39:01 +08:00
Fabien O'Carroll
2c81d7c914 Updated v0.1 posts api to work with type column
refs #10922
2019-08-09 14:39:01 +08:00
Fabien O'Carroll
08d83c1f53 Removed updates to v0.1 specific code
refs #10922

v0.1 can just be left alone and not updated to use type - we can deal with that in a transform
2019-08-09 14:39:01 +08:00
Fabien O'Carroll
cd45ab4f54 Added missing context from ValidationError
refs #10922

This is necessary to keep existing functionality in v0.1
2019-08-09 14:39:01 +08:00
Fabien O'Carroll
df99e724e3 Renamed page->type in the page&posts serializers
refs #10922
2019-08-09 14:39:01 +08:00
Fabien O'Carroll
fb8eadb4a8 Added mongo helper to input serializers
refs #10922

This helper assits in replaces keys and values as defined by the mapping object
2019-08-09 14:39:01 +08:00
Fabien O'Carroll
0ae3f0fdfc Passed mongoTransformer through to NQL
refs #10922
2019-08-09 14:39:01 +08:00
Fabien O'Carroll
a89376bf26 Permitted mongoTransformer option for read methods
refs #10922

This will allow us to pass through a customer transformer to replace
references to removed columns in the mongo query generated inside of NQL
2019-08-09 14:39:01 +08:00
Fabien O'Carroll
51fb0815b4 Created migrations for page -> type column
refs #10822
2019-08-09 14:39:01 +08:00
Fabien O'Carroll
a52f15d3d3 Updated the count plugin to reference the type column
refs #10922
2019-08-09 14:39:01 +08:00
Fabien O'Carroll
9d7190d692 Remove page column and remaining references
refs #10922
2019-08-09 14:39:01 +08:00
Fabien O'Carroll
1189bc823a Updated the post model to use the type column
refs #10922

This replaces references to the `page` column with the `type` column
2019-08-09 14:39:01 +08:00
Fabien O'Carroll
57afb2de2b Updated the v2 api to deal with type column
refs #10922

This replaces references to the `page` column with references to the
`type` column.
2019-08-09 14:39:01 +08:00
Fabien O'Carroll
dc3345b1c5 Added type property to post model defaults
refs #10922
2019-08-09 14:39:01 +08:00
Fabien O'Carroll
82d8c38033 Added type property to the default post fixtures
refs #10922
2019-08-09 14:39:01 +08:00
Fabien O'Carroll
9b85fc6a69 Added type column to posts table
refs #10922

This column is limited to the two values 'post' and 'page'
2019-08-09 14:39:01 +08:00
Nazar Gargol
bae19fbdb6 Allowed access to POST /db/backup endpoint
no-issue
2019-08-09 10:57:49 +08:00
Nazar Gargol
6779732cd0 Fixed regression tests for v2/admin/db
no-issue
2019-08-09 10:57:49 +08:00
Nazar Gargol
532fdb0806 Added migrations for scheduler integration, permission and role
refs #10060

- Modification of https://github.com/TryGhost/Ghost/pull/10974/files
- Added publish permission migrations for all roles having "post": "all" permission
2019-08-07 14:56:51 +02:00
Nazar Gargol
00f95e7328 Migrated schedules controller to v2
closes #10060

- Implemented scheduling for posts and pages
- Added cache invalidation when scheduling
- Refactored admin token eneration function to accept existing key as parameter in tests
- Added Ghost Scheduler Integration fixture
- Added fixture for permissions for post publish action
- Migrated getScheduled method to v2
- Did not add support for 'from' and 'to' parameters as they were not used by DefaultScheduler
- This method needs rethinking in a long run as it's an ugly hack and should rather become proper endpoint that returns JSON data instead of models
- Removed unused auth middleware from v2 routes
- Added internal scheduler role
- Implemetnted transactions in v2 frame
- This takes into account scenario mentioned in c93f03b87e
- Specifically:
>if two queries happening in a transaction we have to signalise
  knex/mysql that we select for an update
  otherwise the following case happens:
  you fetch posts for an update
  a user requests comes in and updates the post (e.g. sets title to "X")
  you update the fetched posts, title would get overriden to the old one
2019-08-07 14:51:36 +02:00
Fabien O'Carroll
42c9904a8f Added migrations for backupContent permission
no-issue
2019-08-07 17:57:26 +08:00
Fabien O'Carroll
f31e535041 Removed authenticateClient usage from v2 api
no-issue

We do not support this authentication mechanism for api v2
2019-08-07 17:57:26 +08:00
Fabien O'Carroll
910e15e643 Added backupContent permission fixture
no-issue

This permission was overlooked during the creation of the ghost-backup
integration.
2019-08-07 17:57:26 +08:00
Sumedh Nimkarde
167e1ead2e 🐛 Ignored node_modules dir when archiving (#10969)
fixes #10929
2019-08-06 16:17:41 +08:00
Fabien O'Carroll
373627223c
🐛 Ensured import does not override private setting (#10882)
closes #10788

This adds an extra filter to the preImport method of the settings
importer to removes settings with the key `is_private`

This message is specifically only for when an import has privacy mode ON
and the current site has privacy mode OFF.
2019-08-06 16:15:40 +08:00
Kevin Ansfield
d96be4907e
Fixed relative canonical_url values not being stored as root-relative (#10989)
no issue

- we try to store all urls as relative paths where possible in Ghost so that the `config.url` value can be changed
- all relative paths are stored as root-relative except for the `post.canonical_url` field which was storing subdirectory-relative paths
- adds a migration to put the subdirectory prefix onto any relative canonical_url paths
- updates the canonical_url input serialiser to keep the subdirectory rather than stripping it to match all other url fields
2019-08-05 13:56:28 +01:00
Hannah Wolfe
b48fdaf1be Added {{link_class}} helper
- moved dynamic class logic out of {{link}} helper into shared utils
- both {{link}} and {{link_class}} use these utils
2019-08-05 12:12:05 +01:00
Fabien O'Carroll
21427ad73f
Created DB Backup integration (#10974)
* Simplified db controller permissions options

The existing objects were confusing because they did the same thing as
setting permissions to true, but gave the impressions that something
special was happening/required.

* Added DB Backup Integration Role

This will allow us to assign certain api_keys this role, in order to
automate db backups

* Allowed admin api_keys to have configurable roles

This will allow keys for the admin api to do customised things such as db export

* Added ghost-backup integration to fixtures

* Added migrations for DB Backup Integration and role
2019-08-02 17:28:02 +08:00
Rish
5f9f5ea0d5 Refactored oembed controller data validation
refs #10060

- Uses validation layer for checking url data on oembed requests
- Fixes typo in comment
2019-08-01 17:13:12 +05:30
Naz Gargol
27bf453792
Migrated authentication controller to v2 (#10950)
refs #10060

- Migrated authentication.resetPassword method to v2
- Migrated authentication.acceptInvitation method to v2
- Migrated authentication.setup method to v2
- Added missing test coverage for "setupUpdate" method
- Migrated authentication.updateSetup method to v2
- Migrated authentication.isInvitation method to v2
- Migrated authentication.isSetup method to v2
- Removed unused 'setup.completed' event as it wasn's used anywhere in the system and has been complicating the logic unnecessarily
- Without the event, it's possible to simplify sendNotification method to just use email address of the user
- Added email sending check to v0.1 test suite
- Refactored sendNotification method to just use email address as parameter
- Renamed sendNotification to sendWelcomeMail
- The only thing the method does now is sending welcome mail, so new naming seems natural :)
2019-08-01 13:18:24 +02:00
Nazar Gargol
db9eed6288 Switched to use v2 http module instead of ovelooked v1
- Small adjustments in controller that came along with the switch
2019-08-01 13:06:15 +02:00
Nazar Gargol
956da204f2 Expanded authentication test suite with cases for password reset flow
- Added missing endpoint coverage
- Minor fixes with formatting and validations uncovered by the test
- Added same test to v0.1 coverage
2019-07-30 22:48:59 +02:00
Nazar Gargol
3945e8a5ee Added missing doSettings call in updateSetup 2019-07-30 16:52:37 +02:00
Nazar Gargol
589b78d575 Added missing validator to updateSetup method
- This is the code corresponding to processArgs function in v1 authentication.updateSetup method
2019-07-30 16:37:32 +02:00
Nazar Gargol
c7a836b926 Renamed sendNotification to sendWelcomeMail
- The only thing the method does now is sending welcome mail, so new naming seems natural :)
2019-07-30 16:15:53 +02:00
Nazar Gargol
8503bdceb8 Refactored sendNotification method to just use email address as parameter 2019-07-30 16:13:53 +02:00
Nazar Gargol
dae69072f6 Removed unused 'setup.completed' event
- Without the event it's possible to simplify sendNotification method to just use email address of the user
2019-07-30 15:45:07 +02:00
Nazar Gargol
7b97c1ada1 Added missing notification email when setting up a site 2019-07-30 15:42:16 +02:00
Fabien O'Carroll
7cc90a3f62 Removed noise from members-ssr error logging
no-issue

Previously we were using the error logger, which is probably a bit
extreme for these errors. This also removes the stacktrace from the logs
so we don't enter fresh hell whilst developing/looking through logs.
2019-07-29 15:45:04 +08:00
Nazar Gargol
8b651bff9d Migrated authentication.updateSetup method to v2 2019-07-25 17:12:39 +02:00
Nazar Gargol
4441ee15a0 Migrated authentication.isSetup method to v2 2019-07-25 17:13:05 +02:00
Nazar Gargol
ddabd5e808 Migrated setup method 2019-07-25 17:12:39 +02:00
Nazar Gargol
a5990e555b Fixed lint error 2019-07-25 17:12:39 +02:00
Nazar Gargol
132e278a22 Migrated authentication.isInvitation method to v2 2019-07-25 17:12:47 +02:00
Nazar Gargol
f4b97d3bc8 Migrated authentication.acceptInvitation method to v2 2019-07-25 17:12:39 +02:00
Nazar Gargol
4da03a38b6 Corrected debug namespace 2019-07-25 17:12:39 +02:00
Nazar Gargol
8135d4d188 Added validation layer to password reset
- Adding a new method in all.js seems a little dirty, but that seems like the best place for now as similar method was added for changePassword method
2019-07-25 17:12:39 +02:00
Nazar Gargol
b3ed11719e Migrated authentication.resetPassword method to v2 2019-07-25 17:12:20 +02:00
Aileen Nowak
d11fd4210b Updated docs api links to be version-less 2019-07-25 15:17:23 +08:00
Kevin Ansfield
1aa7e368a2
🎨 Added url value to the Content API /settings/ endpoint (#10946)
closes https://github.com/TryGhost/Ghost/issues/10945

- adds the `url` property to the returned output manually because it's a config value rather than a settings value
2019-07-24 11:12:07 +01:00
Fabien O'Carroll
805f3c7250 Added logging for members-ssr errors
no-issue

This will help us debug issues with members-ssr functionality going forward
2019-07-24 18:11:48 +08:00
Kevin Ansfield
2b6830b747 Ensured Admin API cannot fetch internal integrations (#10501)
no issue

- Forced a filter on read and browse requests to the integrations endpoint to limit fetches to only "custom" and "builtin" integration types
- Expanded test coverage for "internal" integrations
2019-07-24 11:52:55 +02:00
Nazar Gargol
bf5824a7ba Fixed ability for the owner to change password of other users
closes #10927

-  Previous fix 2823c0b342
- It didn't work because the validation layer in "frame" doesn't take into account the value under `required` property of the controller, so to prevent validation on the field whole `required` key/value have to be removed
- Removed unused variables
- Extended regression suite to prevent similar problems in the future
2019-07-22 19:00:21 +02:00
Aileen Nowak
496f873ac4
Updated links to docs (#10941)
no issue
2019-07-22 18:17:50 +08:00
Fabien O'Carroll
97983baed6 🐛 Fixed CORS for errors from Admin API
refs #10932

Previously we were only applying the cors middleware to the options
preflight request, which meant that if the request errored, the cors
headers would not be applied, resulting in the client being unable to
read response data. This applies the cors middleware to _all_ requests
to the Admin API.
2019-07-22 12:57:41 +08:00
Fabien O'Carroll
2cb41dd8cd 🐛 Fixed CORS for errors from Content API
closes #10932

Previously we were only applying the cors middleware to the options
preflight request, which meant that if the request errored, the cors
headers would not be applied, resulting in the client being unable to
read response data. This applies the cors middleware to _all_ requests
to the Content API.
2019-07-22 12:57:41 +08:00
Fabien O'Carroll
5da8da1879
Deleted unused pg.js module (#10928)
no-issue

This module was first created (AFAICT) in c09c20ad8d (diff-20a31f345ca2643b2602224678bb8d5b) and
has since undergone some filename renames and eslint refactors - we don't support
PostgreSQL and have no immediate plans to do so.
2019-07-22 12:11:19 +08:00
Naz Gargol
c3a80f112a
Exposed site SEO data through Conent API & {{@site.*}} helper (#10925)
refs #10921

- Site SEO data will now be available as part of `GET /settings` response in Content API as well as part of {{@site.*}} helper
2019-07-19 10:40:47 +02:00
Naz Gargol
b89b57b6fb
Added global site SEO fields in Admin API (#10923)
refs #10921

- New SEO related fields will now be available as a part of Admin API /settings endpoint
- The ordering of fields is taken from post's schema
- Extended settings test suite with new SEO fields
- Adjusted settings model unit test
2019-07-18 16:24:34 +02:00
Fabien O'Carroll
078060abdc
Refactored members service logging and errors (#10919)
* Installed @tryghost/members-ssr@0.2.1

refs https://github.com/TryGhost/Members/issues/38

This updates allows for dynamic access of the membersApi, which will be
used in future when replacing the membersApi instance with a newly
configured one.

* Set the membersApiInstance logger to use common.logging

refs https://github.com/TryGhost/Members/issues/38

Passes the Ghost logger to the members api, so that we can keep an eye
on errors produced by the api.

* Refactored memberService use to always use getter

refs https://github.com/TryGhost/Members/issues/38

This will allow us to switch out the membersApi and the consumers of it
to have the updated reference by going through a getter.

* Installed @tryghost/members-api@0.3.0

refs https://github.com/TryGhost/Members/issues/38

Adds support for setting the logger

* Uninstalled stripe@7.0.0

refs https://github.com/TryGhost/Members/issues/38

The stripe module is now a dep of members-api, as it should be

* Updated members service to reconfigure settings

refs https://github.com/TryGhost/Members/issues/38

Previously we were unable to stop an invalidly configured members api
instance, now that we create a new instance, we can wait for the ready
or error event and only switch it out then.
2019-07-18 15:37:11 +08:00
Rish
01ea872af2 🐛 Fixed cache invalidation header on theme override
closes #10920

- Fixed incorrect property name to correctly set cache invalidation header on theme override
2019-07-17 18:41:25 +05:30
Naz Gargol
46706646e3
Refactored authentication controller v0.1 (#10893)
refs #10060

- Modules extractions done here are meant to make upcoming migration of authentication controller to v2 more manageable and reduce code repetition
- There were couple modules extracted for different areas that controller touches: passwordrest, accept (for invitation), setup 
- The aim was to keep changes to the minimum while making small readability improvements to new functions through async/await syntax
- The biggest barrier to make more encapsulated functions was the fact that we mutate options parameter on multiple levels in the controller. e.g mutations of options.data during validation on the password reset ties it up to the implementation of doReset function
2019-07-17 12:28:16 +02:00
Naz Gargol
9dcc17a017
🐛 Fixed import for tag without slugs that belongs to a post (#10917)
closes #10785

- The behavior for tags will now be similar to posts' one described in the docs
- "The only strictly required field when importing posts is the title. Ghost will automatically generate slugs and set every other field to the default or empty."
- The breaking change was introduced with: 68d8154d4f (diff-e712df50c0dc7cf33746eeff0564003cR97) (assumed there's always slug in the imported object which is not true)
- Added originalIdMap to the importer base class to track id
substitution so it can be used when dealing with relational resource
updates
- Removed explicit use of 'this.stripProperties(['id']);' in
beforeImport of base class because we need to assign and remove the id
property in the same place to track this change
- Only calling 'this.stripProperties(['id']);' in
settings/trusted_domain imports as the method won't be called otherwise
- Expanded regression tests with new supported import case
2019-07-16 12:01:44 +02:00
Peter Zimon
a482c547ae Update default 404 page
refs. https://github.com/TryGhost/Ghost/issues/10899
- removed broken ghost "illustration" from default frontend 404 page
- refined style of 404 page to be more theme agnostic
2019-07-15 14:47:01 +02:00
Vikas Potluri
2823c0b342 🐛 Allowed administrators to change other users' passwords (#10891)
closes #10427

- Administrators don't know other users' passwords, but they should be able to change other users' password
- Don't require oldPassword to be provided
2019-07-15 14:19:31 +08:00
Vikas Potluri
b431dc56cb 🐛 Fixed error message when get helper doesn't have API access (#10892)
closes #10875
2019-07-15 14:18:58 +08:00
Christoph Tavan
834a5a0521 Replaced v1 for v4 uuids (#10871)
* Swapped v1 with v4 UUID as requestId when logging

no issue

v1 UUID are based on current time and the hardware MAC address of the
machine where they are being generated. As such they have much more
complex semantics than v4 UUIDs which are simply randomly generated.

Unless there's a specific requirement for the special semantics of v1
UUIDs it is simpler and less error prone to simply go for v4 UUIDs
whenever just a unique identifier is needed.

* Swapped v1 with v4 UUID when creating a temporary contentFolder

no issue

v1 UUID are based on current time and the hardware MAC address of the
machine where they are being generated. As such they have much more
complex semantics than v4 UUIDs which are simply randomly generated.

Unless there's a specific requirement for the special semantics of v1
UUIDs it is simpler and less error prone to simply go for v4 UUIDs
whenever just a unique identifier is needed.

* Swapped v1 with v4 UUID when creating a temporary exportFolder

no issue

v1 UUID are based on current time and the hardware MAC address of the
machine where they are being generated. As such they have much more
complex semantics than v4 UUIDs which are simply randomly generated.

Unless there's a specific requirement for the special semantics of v1
UUIDs it is simpler and less error prone to simply go for v4 UUIDs
whenever just a unique identifier is needed.
2019-07-15 14:01:02 +08:00
David Darnes
b293b25128
Update each to foreach loop 2019-07-12 10:08:45 +01:00
Rish
e26635620e 🐛 Fixed theme upload error when overriding existing
no issue

- Cache invalidation header was set wrongly in frontend theme service
- This moves cache invalidation out of theme service to themes controller by passing `themeOverriden` flag along with theme
2019-07-11 15:34:15 +05:30
Naz Gargol
f3ec2fb2f7
Cleaned up theme service (#10884)
refs #10790

- Following TODO in theme index file was waiting for 2 years, and today is the day to cross it out:
- "Reduced the amount of things we expose to the outside world"
- "Made this a nice clean sensible API we can all understand!" - by @ErisDS
- Cleaned exposed methods from themes module
- Removed unused storage getter
- Removed list method
- Removed validate method
- Renamed Storage to ThemeStorage
  - Named the file the same way the class defined inside of it is named
  - Naming was conflicting with coming rename of  `settings` -> `storage`
- Renamed theme settings to storage
2019-07-09 16:35:18 +02:00
Fabien O'Carroll
d9d8d91b6a
Fixed members auth pages flashing on open (#10889)
closes #10888

The real work for this was done in:
https://github.com/TryGhost/Members/pull/37

Installed @tryghost/members-auth-pages@1.1.0
Installed @tryghost/members-theme-bindings@0.2.3
2019-07-09 19:05:47 +08:00
Fabien O'Carroll
177411045a
Moved members static pages to members api URL (#10887)
* Installed @tryghost/members-api@0.2.0

refs #10886

This will allow us to mount one router rather than having a static and
api router.

* Added members v2 api directory

refs #10886

This brings the members api more inline with how the rest of the apis
work within Ghost.

* Mounted the members api app to the api route

closes #10886

This successfully mounts the api and the static pages to the
/api/v2/members/ URL.

* Installed @tryghost/members-auth-pages@1.0.0

refs #10886

This updates the auth pages to work correctly with the new mount point.

* Changed membersUrl in members.js to use members api

refs #10886

This keeps the membersUrl lined up with the path for the static
members pages.

* Removed old members static mount point

refs #10886

These are no longer used, nor desired.

* Remove superfluous code from members service

refs #10886

This remove the gateway getter which is no longer used, and the fallback
for members not enabled - which is handled within the members app.

* Updated ssoOrigin to use admin url

refs #10886

This ensures that sites running on a separate admin domain have the
correct ssoOrigin, which is used to ensure only the designated auth
pages are used to hit the authentication endpoints.

Since the auth pages are now hosted under the `/ghost` url, they will be
on the admin origin and not the site origin
2019-07-09 19:02:44 +08:00
Nazar Gargol
bc8f8979c1 Removed stray use of urlService.utils
refs #10773

- All instances of `urlService.utils` were previously migrated to use standalone SDK module `url-utils`
2019-07-08 17:53:29 +02:00
renovate[bot]
db53ac0721 Update Test & linting packages (major) (#10858)
no issue 

- Updated Test & linting packages
- Updated use of hasOwnProperty
- Using Object.prototype.hasOwnProperty instead (ref. eslint.org/docs/rules/no-prototype-builtins)
- Removed already defined built-in global variable Intl
- Applied `--fix` with lint command on `core/test` folder
- The rules were broken because some of them were made stricter for `eslint: recommended` ruleset (ref. https://eslint.org/docs/user-guide/migrating-to-6.0.0#eslint-recommended-changes)
- Removed redundant global variable declarations to pass linting
2019-07-05 13:40:43 +02:00
Fabien O'Carroll
90bb40ed80
Improved dynamic default options performance (#10816)
closes #10789

* Updated keypair generation to use a memoised fn

This allows us to embed the members dynamic defaults in the object at
definition, and will allow us to only create the keypair when we need
it, in future.

* Added getDefaultValue fn to default setting obj

This will allow us to generate the default values when they're needed
rather than at boot time.

* Ensured dynamic defaults only generated when used

This replaces all the dynamic default values with functions to return
the values, and then calls (if required) that function inside the
getDefaultValue method of the setting object.
2019-07-05 15:30:29 +08:00
renovate[bot]
1f32a1372f Update dependency got to v9 (#10861)
no issue 

- The underlying issue is the change in retry behavior in 'got' (a3e77de287)
- Now 500 responses trigger 2 default retries
- Renamed retries -> retry. As mentioned in https://github.com/sindresorhus/got/releases/v9.0.0
- Added response body error check
2019-07-04 10:36:51 +02:00
Fabien O'Carroll
683e37c764
Fixed generation of api urls for members service (#10869)
no-issue

Previously we used urlFor which wasn't setup to correctly support
members. This changes members service to use the admin URL directly
2019-07-04 12:05:56 +07:00
Naz Gargol
4529ab514c
Themes controllers code extraction (#10818)
refs #10790

- Extracted 'setFromZip' method into themes services
- Extracted 'activate' method
- Extracted 'destroy' method
- Extracted 'download' method
- The method name here tries to follow 'setFrom...` convention we've agreed upon. So, in this case, we have get() which returns JSON response and getZip() which returns a file
2019-07-01 16:56:23 +02:00
Hannah Wolfe
6f507b8608 Updated theme activation API to experimental
- allow both uploading and activating themes as experiemental API features
- previously only uploading was allowed, I believe purely due to an oversight
2019-07-01 10:14:03 +01:00
Jeffrey Fisher
6ca34a29fd 🐛 Allowed .ico files to be uploaded for icons. (#10820)
closes #10641

There is already an "icons" section in this json file, but it appears
that that is only used for v0.1 in which there was a "/uploads/icon"
route that passed in a "type" of "icons" to the validation middleware.
However, in v2, there is only a generic "/images/upload" route that is
used for both icons and images, which passes a "type" of "images"
so the .ico information needs to be added to the "images" section
of the json file.
2019-07-01 13:29:24 +07:00
Rish
15a3dacf26 Fixed invalid method usage in members authentication
no issue

- `getPublicConfig` in members authentication was not called correctly
2019-06-27 15:21:21 +05:30
Kevin Ansfield
3229de75f8 Revert "Replaced keypair with rsa-keypair module (#10758)"
This reverts commit 64735693be.

- `rsa-keypair` is a binary dependency that was failing to install for a lot of users, reverting for now so we can look at alternative options for speeding up boot time
2019-06-26 14:00:25 +01:00
Fabien O'Carroll
dd727a44df
Fixed issuer when site and api are diff domains (#10806)
no-issue

The issuer value is used through the members code base as the identifier
for the members api. The existing code did not take into account that
the domain/url for the site could be different than for the admin (and
the apis).
2019-06-26 16:02:08 +07:00
Naz Gargol
0bf1542bc6
Extracted settings service part manipulating routes.yaml (#10800)
refs #10790
refs #9528

- The settings service was designed to handle more settings then just routing, but till this day there wasn't anything else added. As routes.yaml is only being used by frontend router so conceptually it fits better to have this code in frontend, so that it doesn't have to reach out to server
- The code left in server settings is the one that interacts with the database `settings` table and only partially provides information to frontend. That part is known as 'settings cache' and will be accessed through API controllers.
2019-06-25 18:33:56 +02:00
Fabien O'Carroll
0e2ce29468 Moved members static mount point to /ghost/members
no-issue

This alleviates the CORS requests failing for members when the admin is
hosted on a different domain than the site
2019-06-25 15:13:52 +07:00
Fabien O'Carroll
bb1ee3c265 Updated members-theme-bindings & public/members.js
no-issue

This updates Ghost to inject the exact urls we want to use for both the
static members pages and the ssr endpoints we've configured for the
frontend. This allows us to changes these without having to update the
members repository, and gives a cleaner split between the two.
2019-06-25 15:13:52 +07:00
Nazar Gargol
22f56c95a8 Fixed redirects.json file validation
refs #10790

- Reference to method previously used to validate wasn't updated during refactoring done in be27db46eb
2019-06-24 10:56:30 +02:00
Naz Gargol
8ae5db9922
Extracted frontend code from settings API controllers (#10797)
* Moved settings#upload method out of settings controller

* Moved out code from download to serve method

* Moved API v0.1 settings upload/downalod routes.yaml methods to use setting handler service

* Reverted unintended change

* Moved RoutesHandler into settings module

- To keep in convention with settings described in - https://github.com/TryGhost/Ghost/issues/9528 , extracted routes handler into separate settings folder

* Frontend settings for API v0.1

* Renamed 'routes' to 'dynamic-routing'

* Renamved activate/serve methods as suggested in discussions

* Moved settings dynamicRouting to routing.settings
2019-06-21 16:52:07 +02:00
Naz Gargol
be27db46eb
Extracted frontend code from redirects API controllers (#10798)
refs #10790

- The code was moved out of controllers to reduce the number of coupling points between the API controllers and "frontend" services
- A nice side effect of this move is a decreased amount of code that will need to be maintained and reusability between existing controllers
- Calling just a few methods from frontend services on API level makes it easier to abstract fronted away from API
2019-06-21 16:50:16 +02:00
Nazar Gargol
c7522f896b Moved settings dynamicRouting to routing.settings 2019-06-21 16:34:17 +02:00
Nazar Gargol
a84c15689e Renamved activate/serve methods as suggested in discussions 2019-06-21 13:58:26 +02:00
Nazar Gargol
f3b4e2e39a Renamed 'routes' to 'dynamic-routing' 2019-06-21 13:12:23 +02:00
Daniel Lockyer
64735693be Replaced keypair with rsa-keypair module (#10758)
refs #10789 

Speed up Ghost boot time by replacing the JS-only RSA key generator
library with a native alternative.
2019-06-21 16:51:44 +07:00
Nazar Gargol
19d3c4bc5c Frontend settings for API v0.1 2019-06-20 17:20:44 +02:00
Nazar Gargol
61dc9e8c24 Moved RoutesHandler into settings module
- To keep in convention with settings described in - https://github.com/TryGhost/Ghost/issues/9528 , extracted routes handler into separate settings folder
2019-06-20 16:58:26 +02:00
Nazar Gargol
06a6dc835d Moved API v0.1 settings upload/downalod routes.yaml methods to use setting handler service 2019-06-20 13:34:22 +02:00
Nazar Gargol
8709f5cc55 Moved out code from download to serve method 2019-06-20 13:23:58 +02:00
Nazar Gargol
c3b14f82fd Moved settings#upload method out of settings controller 2019-06-20 13:19:22 +02:00
Nazar Gargol
58a077564f Fixed stray rename after frontend extraction
refs #10790

- The name should be themeService as everywhere else in the codebase
2019-06-19 17:58:07 +02:00
Naz Gargol
df7e64fafa
Extracted frontend folder (#10780)
refs #10790

- Moved /core/apps into core/frontend
- Moved /core/server/helpers to /core/frontend/helpers along with /core/server/services/themes
- Changed helper location in overrides
- Moved /core/server/services/routing to /core/frontend/services
- Moved /core/server/services/url to /core/frontend/services
- Moved /core/server/data/meta to /core/frontend/meta
- Moved /core/server/services/rss to /core/frontend/services
- Moved /core/server/data/xml to /core/frontend/services
2019-06-19 11:30:28 +02:00
Naz Gargol
abda6e6338
Migrated to use url-utils from Ghost-SDK (#10787)
closes #10773

- The refactoring is a substitute for `urlService.utils` used previously throughout the codebase and now extracted into the separate module in Ghost-SDK
- Added url-utils stubbing utility for test suites
- Some tests had to be refactored to avoid double mocks (when url's are being reset inside of rested 'describe' groups)
2019-06-18 15:13:55 +02:00
Hannah Wolfe
d1e3205569 Add url as context to oembed unknownProvider error
- This is so that we can use logs to see urls that turn up with this error
2019-06-13 12:57:02 +01:00
Kevin Ansfield
bbae006eb5
Speed up image-size utility functions (#10784)
no issue

- add `probe-image-size` dependency
- use `probe-image-size` to fetch partial image data over the network where possible
2019-06-11 16:25:15 +01:00
Nazar Gargol
a936362051 Removed logging for validation error in frontend routing
refs #10525

- The logging in this place only introduced confusion and provided no usefull information
2019-06-11 12:35:16 +02:00
Timothy Stapleton
f2e60806da 🐛 Fixed redirects to absolute URLs (#10777)
closes #10776

When the "to" property of the redirect includes a host (implying an external or fully qualified url) we skip replacing any paths and redirect straight to it, rather than modifying the URL with the sites sub-directory.
2019-06-10 12:48:37 +07:00
Rish
a4f119cb7f Moved visibility utility from static model fn to Ghost-SDK
refs #10618

- Visibility methods don't belong on model, but are generic utils
- Used directly from ghost helper's visibility methods, cleans up core
- Removes direct model dependency of theme helper
- Updated `foreach_spec` to correct test data as per schema - visibility property cannot be empty
2019-06-09 13:12:04 +05:30
Kevin Ansfield
ea37b78456
Added logging of slow {{#get}} helper uses (#10779)
no issue

- `{{#get}}` can slow down requests a lot if not used carefully, typically by using `limit="all"` or similar which can force a lot of data to be fetched and processed
- adds a warning log if we detect any `{{#get}}` helper call which takes longer than a certain threshold (default 200ms)
- allow log level and threshold to be configured via config to allow for different environments behaviours and requirements

New config options:
```
{
    "logging": {
        "slowHelper": {
            "level": "warn",
            "threshold": 200
        }
    }
}
```

Example output for `{{#get "tags" limit="all" order="name asc"}}` with a lot of tags:

```
[2019-06-07 10:35:52] WARN {{#get}} helper took 453ms to complete

{{#get}} helper took 453ms to complete

Error ID:
    062daed0-8910-11e9-8185-3b615ad8677d

Error Code:
    SLOW_GET_HELPER

Details:
    api:          v2.tagsPublic.browse
    apiOptions:
      order: name asc
      limit: all
    returnedRows: 1698
```
2019-06-07 14:54:55 +01:00
Nazar Gargol
f5544e7831 Migrated to use @tryghost/social-urls package
refs #10618

- /lib/social/urls was extracted into SDK to move more modules out of the core and reduce coupling of the theme layer
2019-06-06 17:10:13 +02:00
Naz Gargol
cb199b17b8
Decoupled asset hash calculation from package.json (#10774)
refs https://github.com/TryGhost/Ghost/issues/9414
refs c9b95b4bbd

- Removed package version from asset hash calculation
- Package version doesn't introduce any value when calculating a hash because Date.now() provides enough randomization on its own
2019-06-05 10:06:25 +02:00
Naz Gargol
acdcadc396
🔥 Dropped Node v6 support (#10771)
no issue
    
- Node v6 has come to EOL as of 2019-04-30 (ref. https://github.com/nodejs/Release#end-of-life-releases)
- Removed Node v6 specific tests and code
2019-06-03 14:20:23 +02:00
Kevin Ansfield
f88adb9180
Added x-frame-options header to /ghost/ route (#10760)
no issue
- by default the `/ghost/` route will add an `x-frame-options: sameorigin` header to the response to help protect the admin area against clickjacking
- the header can be disabled by adding `"adminFrameProtection": false` to the `config.{env}.json` configuration file

Credits: Muhammad Fawwad Obaida
2019-05-28 09:04:48 +01:00
Aileen Nowak
d086841f36
Updated link to Marketplace (#10754)
no issue

- Marketplace moved to https://ghost.org/marketplace
2019-05-22 16:55:28 +08:00
Fabien O'Carroll
53b884ec2b
Refactored json-schema to use one instance of ajv (#10746)
refs https://github.com/TryGhost/Team/issues/211

Previous code was creating a new ajv instance for each call, as well as
loading the schemas, which are cached. This was causing a memory leak as
ajv caches all schemas.

We've replaced it with one instance of ajv, and conditionally
loading/compiling the schemas if they haven't been seen before.
2019-05-15 13:28:10 +02:00
Fabien O'Carroll
c101fd90d7
Removed lib/members in favour of packages (#10739)
* Installed `@tryghost/members-{api,auth-pages}`

no-issue

* Used @tryghost/members-auth-pages in member service

no-issue

* Used @tryghost/members-api in members service

no-issue

* Deleted core/server/lib/members

no-issue

* Fixed parent app tests

no-issue

Requiring the members api (via the `gateway` getter) was throwing an
error, so we stub out the members service getters
2019-05-08 14:08:25 +02:00
Rish
a4f4a00cc4 Updated to use slugify method from SDK for safe string
refs #10618

- Updated lib safe string security method
2019-05-07 15:33:07 +05:30
Rish
65ee0f95c4 Updated reading time helper to use SDK
refs #10618

- Removed duplicate calculation for reading time by using SDK method
2019-05-07 15:33:07 +05:30
Aileen Nowak
b2ed906773 🎨 Allowed protocol overwrite for canonical URLs (#10729)
closes #10709

- Only transform a canonical URL that is identical with the Blog URL to a relative URL when the protocol matches as well
- Leave the canonical URL absolute for all other cases
- Use case for this is e. g. when users want to port over their Facebook comments/shares/likes after a move from `http` to `https`
2019-05-06 15:27:54 +02:00
kirrg001
a31ed7c71d Added comments for Ghost API
no issue

- jsdoc
- added more information & context
2019-05-06 14:49:25 +02:00
Aileen Nowak
79345f9030 🐛 Fixed Twittercard having wrong property when no feature image provided
closes #10706

- Fixed a bug where we weren't assigning `summary_large_image` as Twitter card property when no feature image is provided, but a dedicated Twitter image
- Updated test to reflect this case to be tested better
2019-05-06 12:51:43 +02:00
Nazar Gargol
b69f1e9e21 Added comment about future scheduler migration
refs #10060
2019-05-06 12:26:08 +02:00
Katharina Irrgang
2447335ab1 🐛 Fixed post scheduling on restart (#10726)
no issue

- case: restart Ghost and while having a scheduled post 
- caused by 4acc375fb6 (diff-4726ce3c4d18d41afad4b46cb0aa7dd3)
  - the bug exists since 2.12
  - Bookshelf added support (or better said fixed a bug) for accessing previous attributes
  - `object.updated('published_at')` always returned "undefined", because the self-implementation < 2.12 only remembered previous attributes after update (see https://github.com/TryGhost/Ghost/blob/2.11.0/core/server/models/base/index.js#L234)
  - but `object.previous('published_at')` returns the current value (object.get('published_at') === object.previous('published_at') -> and that's why rescheduling on bootstrap never worked
- might fix https://forum.ghost.org/t/scheduled-posts-never-publish/6873/10
- reduced timeouts on scheduling unit tests
2019-05-06 11:11:43 +02:00
Nazar Gargol
f21e713a83 Added temp file cleanup for invalid themes
refs #10174

- When theme check fails with validation error there was no cleanup of files left from zip extraction
2019-05-02 17:59:29 +02:00
Fabien O'Carroll
a77190a312 Removed 2.16 member permission migration
no-issue

It turned out that due to the mismatch between `"members"` and
`"member"`, that not a single row was added to the database via this
migration. Clearing the file for simplicity.
2019-05-02 17:31:38 +02:00
Fabien O'Carroll
c70f5a0567 Copied member permission migration from 2.16->2.22
no-issue

The original migration read data from the fixtures, and ensured the
relations were made. Now the fixtures have been corrected, we can use
the same migration for 2.22
2019-05-02 17:31:38 +02:00
Fabien O'Carroll
0a67a25dbc Fixed member permission/role relations in fixtures
no-issue

The previous relations were setup to match against "members", which is
plural, but the object_type on the permission is "member". This was
causing the permissions to not be added as a relation to the role.
2019-05-02 17:31:38 +02:00
kirrg001
8f76827464 Added comments for post scheduling
no issue

- jsdoc
- inline comments
2019-05-01 22:05:42 +02:00
Kevin Ansfield
990ecec873
Added caption support to code card renderer (#10719)
* Added caption support to code card renderer

refs https://github.com/TryGhost/Ghost-Admin/pull/1181

- when a caption for a code card is provided, render the contents inside a `<figure>` element with a `<figcaption class="kg-card kg-code-card">` to match other caption-enabled cards
2019-05-01 17:10:24 +02:00
Nazar Gargol
d0970ad309 Removed lts update check flag
no issue

- `lts` parameter support was discontinued as of today. Returned data completely relies on `ghost_version` sent with the update check request
2019-05-01 16:00:53 +02:00
Nazar Gargol
27dae4022c 🐛 Fixed meta schema for 'page' context in dynamic routing
refs #10082

- When specifying an existing page as an allias for collection, e.g: `data: page.it-is-a-page` it was failing to generate metadata
2019-04-30 18:20:20 +02:00
Nazar Gargol
f5c1ed8fcb 🐛 Fixed 404 in collection index page if using data.slug
closes #10542

- Fixed error that was causing collection index to not be rendered: relations connected to alliased resource were not fetched
2019-04-30 18:20:20 +02:00
Florian Schlittenbauer
8eb4d4c888 replace deprecated del() with delete() call 2019-04-29 09:09:55 +02:00
Zimo
a6d7c46f2c Updated members payment failed copy and style
no-issue
2019-04-25 15:54:30 +02:00
Fabien O'Carroll
bf90733ce1 Updated token generation to use plans on member
no-issue

This is to remove duplication of logic, that now lives solely in the
getMember method
2019-04-25 13:38:26 +02:00
Fabien O'Carroll
70343f7923 Updated getMember to return plans
no-issue

Plans are distinct from subscriptions, as in theory a subscription could
have many plans. These moves the construction of the plans array into
the getMember function so that every consumer has access to the same
data.
2019-04-25 13:38:26 +02:00
Rish
b207ea35ec Updated signup flow to handle invalid payments
no issue
2019-04-24 13:23:00 +02:00
Fabien O'Carroll
7574d9af68 Added members-theme-bindings library to public
no-issue

This file is copied across on install, making it easy to update via
package.json, tbh we could not commit it to the repo - but it makes
sense to be able to see it when browing the file explorer. Any bumps in
package.json will update the file, so that it is prompted to be
commited.
2019-04-24 12:46:00 +02:00
Fabien O'Carroll
18ba613e45 Added member.js file to initialise theme bindings 2019-04-24 12:46:00 +02:00
Fabien O'Carroll
8689493cf5 Updated ghost_head to include the members scripts
no-issue

This conditionally adds the members scripts based on the labs setting
for members, and the context of the rendering to NOT be for AMP
2019-04-24 12:46:00 +02:00
Fabien O'Carroll
d638d6e979 Added middleware for serving members.js from core
no-issue
2019-04-24 12:46:00 +02:00
Fabien O'Carroll
ed1a42f7f3 Exported raw middleware from serve-public-file
no-issue

The current public file middleware handles route matching itself, which
means it is applied to express via the use method. Due to use being a
"global" application of middleware, this means it is not possible to
apply a labs middleware before the public file serving middleware
without it affecting the entire route stack.

This commit exports a piece of raw middleware that can be used with the
get method of express, so that we can attach middleware beforehand.

This will be used to conditionally serve the members specific public
files, based on the labs flag for members.
2019-04-24 12:46:00 +02:00
Fabien O'Carroll
d7fadfeff7 Fixed bug with deleting members after config change 2019-04-24 12:46:00 +02:00
Fabien O'Carroll
235d6a0366 Refactored labs middleware to remove duplication
no-issue

Also exposes a generic interface now.
2019-04-24 12:46:00 +02:00
Nazar Gargol
cb322fc1be Improved error context usage
refs #10571

- Change was done to avoid usage of hardcoded value and provide more context. Additionally errorDetails are formatted in a readable way
2019-04-23 09:45:11 +02:00
Nazar Gargol
63337dd823 Changed context used in error to help
refs #10571

- The context should provide the context in which the error has happened instead current value was more suited to purposes of help
2019-04-23 09:31:24 +02:00
Nazar Gargol
cea598597b Restructured theme check logic
refs #10571

- Removes dependency on 'context' property being set in error when
checking a theme
- Refactoring was needed to be able to avoid passing checked theme as a
part of thrown error (logic was relying on error having this specific
data in context property). This created a problem where we controlled
the logic flow with data in error object.
- Introduced 2 different types of theme check handling, one behaves the
same way as before, the other gives more granulac control to the caller
to decide what to do with returned errors.
2019-04-22 22:34:12 +02:00
Vikas Potluri
d989d62c10 Migrated encode, facebook_url and foreach helpers to es6 (#10655)
refs #9589 

* updated encode helper to use newer code standards
* updated facebook_url helper to use newer code standards
* updated foreach helper to use newer code standards
2019-04-22 17:54:42 +02:00
ml4den
8732d40967 Fixed a typo for non-verb "setup" (#10680)
no-issue
2019-04-22 17:47:28 +02:00
Rishabh Garg
8191513a86 Updated members site config keys (#10702)
no issue
2019-04-22 17:23:58 +02:00
Nazar Gargol
2253b2d18c 🐛 Fixed redirect for pages causing 404
closes #10649

- `resourceType` in API v0.1 is only of 'post' type. Because in admin we now distinguish between 2 types of editable resources: 'posts' and 'page' the redirect has to be based on 'entry.page' flag
2019-04-22 15:08:09 +02:00
kirrg001
ab49d1eed6 Added comments for routing service
no issue

- jsdoc
- inline comments
2019-04-21 23:55:22 +02:00
kirrg001
e07c0ecdc4 Added comments for url service
no issue

- jsdoc
- inline comments
2019-04-21 00:14:40 +02:00
Nazar Gargol
e1dca54bf7 🎨 Made notifications dismissible per user
refs #10656

- To make sure more users see important updates or announcements
notification dismissal now works per user instead of globally
- Expanded acceptance test for notification deletion
- Expanded regression test covering multiuser dismissal of notification
- Added clarifying comment about destroyAll method use in API
2019-04-19 09:43:14 +02:00
Fabien O'Carroll
39ed3f9145
Updated members auth pages to use gateway-protocol (#10695)
no-issue

This swaps out a hand copied library with the published one on npm
2019-04-18 15:53:36 +02:00
Nazar Gargol
809e610842 Added notification access persmission for users of Editor role
closes #9546

- Updated permissions  fixture for Editor role
- Added migration for permissions for Editor users
- Updated tests
2019-04-18 13:02:23 +02:00
kirrg001
6dd65d7176 Corrected general comment in update check unit
no issue
2019-04-17 20:52:50 +02:00
kirrg001
22c2d0cbcb Added comments for update check service
no issue

- jsdoc
- inline comments
- clarified variable names
2019-04-17 20:03:26 +02:00
Zimo
5a0113f24c Added close event on member pages background click 2019-04-17 16:34:14 +02:00
Peter Zimon
fb8a127729
Members refine buttons (#10692)
* Members: disabled signup button during signup

* Members: disabled non-Stripe signup button during signup

* Members: added check to Log in button logged in state
2019-04-17 16:16:03 +02:00
Zimo
01fa787227 Updated mobile styles for members upgrade screen 2019-04-17 16:06:04 +02:00
Rish
db9c2d1eca Fixed lint issues
no issue
2019-04-17 18:26:32 +05:30
Nazar Gargol
c519ce55e3 Fixed failing integration test
refs #9875

- Moved the comment about filtering by version closer to version checks as it doesn't apply to whole `.filter(...)` block
2019-04-17 14:48:09 +02:00
Rishabh Garg
876e310aea
Updated check for members-ssr use at theme layer (#10693)
no issue

### Context

As part of updating the theme layer to use members-ssr [here](f9899cb8c4), we introduced a case where if `enableDeveloperExperiments` is not switched on, the whole theme loading will crash due to unavailability of `ssr` property on members service [here](https://github.com/TryGhost/Ghost/blob/master/core/server/services/members/index.js#L12). Since we switch on `enableDeveloperExperiments` by default on master now, the issue won't be reproducible locally until explicitly switched off. 

This PR includes a patch fix which adds dummy `ssr` object to members service `api` object and members middleware check on APIs to ensure no crash in case developer flags is not switched on. 

Longer term it will be definitely useful to upgrade the dummy `api` object to trigger on member labs than the developer flag.
2019-04-17 17:38:12 +05:30
Fabien O'Carroll
5cb8972e2c Fixed subscription issue with null coupons
no-issue

Coupons were being sent as null to the api, so we support non required fields
2019-04-17 13:41:27 +02:00
Rish
ab3b0d95a2 🐛 Fixed fetching RSS in case of posts with no content
refs #10679

- Handles `null` html values in calculation
2019-04-17 15:12:01 +05:30
Fabien O'Carroll
500ec826c3 Added default disabled state of false to FormInput
no-issue
2019-04-17 10:35:17 +02:00
Fabien O'Carroll
78165a9981 Removed unused onClick handler in StripeSubscribePage
no-issue
2019-04-17 10:35:17 +02:00
Fabien O'Carroll
4d9ddbf77a Added coupon support to StripeSubscribePage
no-issue

Only shows the (disabled) input when a coupon is available
2019-04-17 10:35:17 +02:00
Fabien O'Carroll
feee3dc58f Cleaned up render{Subscribe,Upgrade}Page
no-issue

- ensured promises are returned
- removed unused prop
2019-04-17 10:35:17 +02:00
Fabien O'Carroll
0970fa6a6d Added CouponInput component
no-issue

This can be used in the subscribe pages to pass coupon info through
2019-04-17 10:35:17 +02:00
Fabien O'Carroll
b28f3a02d9 Added support for disabled form elements
no-issue

This can be used for a coupon input in future
2019-04-17 10:35:17 +02:00
Fabien O'Carroll
88368d0d94 Updated members api and gateway to pass coupo
no-issue

This will allow the auth pages and members sdk to pass coupons through
to the api.
2019-04-17 10:35:17 +02:00
Fabien O'Carroll
cdc3971ed8 Passed coupon from metadata through to stripe
no-issue

This will allow us to send through coupons from the api layer and have
stripe handle the rest :)
2019-04-17 10:35:17 +02:00
Rish
b377549bc7 Added spinner on member signup pages
no issue
2019-04-16 23:22:15 +05:30
Rish
874fceb077 Updated member signin page to show logged in status
no issue
2019-04-16 22:42:16 +05:30
Nazar Gargol
1211c70eb3 🐛 Fixed Ghost out of date notification
closes #9875

- The solution here is a quick patch and should be cleaned up once https://github.com/TryGhost/Ghost/issues/10236 is implemented
2019-04-16 18:29:51 +02:00
Zimo
17bc79d57e Added fade in for signup complete page 2019-04-16 17:51:16 +02:00
Peter Zimon
94ac33bc97
Members refinements (#10689)
* Updated close animation speed for members pages
* Updated responsive styles for members mobile screens 
* Adding spinner CSS to members pages
* Adding members signup complete page
2019-04-16 17:36:37 +02:00
Fabien O'Carroll
9aa9b39a59 Fixed require path of members-ssr
no-issue
2019-04-16 17:19:46 +02:00
Fabien O'Carroll
f9899cb8c4
Updated theme layer to use members-ssr (#10676)
* Removed support for cookies in members auth middleware

no-issue

The members middleware will no longer be supporting cookies, the cookie
will be handled by a new middleware specific for serverside rendering,
more informations can be found here:

https://paper.dropbox.com/doc/Members-Auth-II-4WP4vF6coMqDYbSMIajo5

* Removed members auth middleware from site app

no-issue

The site app no longer needs the members auth middleware as it doesn't
support cookies, and will be replaced by ssr specific middleware.

https://paper.dropbox.com/doc/Members-Auth-II-4WP4vF6coMqDYbSMIajo5

* Added comment for session_secret setting

no-issue

We are going to have multiple concepts of sessions, so adding a comment
here to be specific that this is for the Ghost Admin client

* Added theme_session_secret setting dynamic default

no-issue

Sessions for the theme layer will be signed, so we generate a random hex
string to use as a signing key

* Added getPublicConfig method

* Replaced export of httpHandler with POJO apiInstance

no-issue

This is mainly to reduce the public api, so it's easier to document.

* Renamed memberUserObject -> members

no-issue

Simplifies the interface, and is more inline with what we would want to export as an api library.

* Removed use of require options inside members

no-issue

This was too tight of a coupling between Ghost and Members

* Simplified apiInstance definition

no-issue

* Added getMember method to members api

* Added MembersSSR instance to members service

* Wired up routes for members ssr

* Updated members auth middleware to use getPublicConfig

* Removed publicKey static export from members service

* Used real session secret

no-issue

* Added DELETE /members/ssr handler

no-issue

This allows users to log out of the theme layer

* Fixed missing code property

no-issue

Ignition uses the statusCode property to forward status codes to call sites

* Removed superfluous error middleware

no-issue

Before we used generic JWT middleware which would reject, now the
middleware catches it's own error and doesn't error, thus this
middleware is unecessary.

* Removed console.logs

no-issue

* Updated token expirty to hardcoded 20 minutes

no-issue

This returns to our previous state of using short lived tokens, both for
security and simplicity.

* Removed hardcoded default member settings

no-issue

This is no longer needed, as defaults are in default-settings.json

* Removed stripe from default payment processor

no-issue

* Exported `getSiteUrl` method from url utils

no-issue

This keeps inline with newer naming conventions

* Updated how audience access control works

no-issue

Rather than being passed a function, members api now receives an object
which describes which origins have access to which audiences, and how
long those tokens should be allowed to work for. It also allows syntax
for default tokens where audience === origin requesting it. This can be
set to undefined or null to disable this functionality.

{
    "http://site.com": {
        "http://site.com": {
            tokenLength: '5m'
        },
        "http://othersite.com": {
            tokenLength: '1h'
        }
    },
    "*": {
        tokenLength: '30m'
    }
}

* Updated members service to use access control feature

no-issue

This also cleans up a lot of unecessary variable definitions, and some
other minor cleanups.

* Added status code to auth pages html response

no-issue

This was missing, probably default but better to be explicit

* Updated gateway to have membersApiUrl from config

no-issue

Previously we were parsing the url, this was not very safe as we can
have Ghost hosted on a subdomain, and this would have failed.

* Added issuer to public config for members

no-issue

This can be used to request SSR tokens in the client

* Fixed path for gateway bundle

no-issue

* Updated settings model tests

no-issue

* Revert "Removed stripe from default payment processor"

This reverts commit 1d88d9b6d73a10091070bcc1b7f5779d071c7845.

* Revert "Removed hardcoded default member settings"

This reverts commit 9d899048ba7d4b272b9ac65a95a52af66b30914a.

* Installed @tryghost/members-ssr

* Fixed tests for settings model
2019-04-16 16:50:25 +02:00
Fabien O'Carroll
b3f66c6c91 Blacklisted private member settings for HTTP calls
no-issue

Previously it was possible to fetch the private key and session secret
for the members service, this is a security issue as we do not have
specific permissions for individual settings yet, and could have
possibly exposed secrets to admin integrations.
2019-04-16 14:39:01 +02:00
Tim Birkett
2b75d1f9df Exposed new logging config options (#10678)
no issue

- Exposes the new name and gelf logging options.
2019-04-16 16:34:15 +05:30
Chris McKulka
a6fc2f1514 🐛 Removed extraneous log message for missing en.json locale file (#10662)
no issue
- content is in english (en) by default so only show the missing translation file warning when a non-english locale is configured
2019-04-16 10:32:20 +01:00
Vikas Potluri
c58236e549 🐛 Disallowed locked/suspended users from being made owner via the API (#10647)
- closes #10555
- Added a check to the user modal that the new owner is active 
- Had to refactor Owner->Author unit test (also renamed it)
  - Based on the first 2 lines, owner->editor change is attempted (hence the rename)
  - Since both stubs return a 'modal' with owner role which means owner->owner change is actually attempted
  - Now that there's a user status check, added the `status` property to the user receiving owernship
2019-04-16 10:30:29 +01:00
Fabien O'Carroll
b50cff8753 Updated import to never use {active,instsalled}_apps
no-issue

This is so that new imports will not contain old default, or invalid
values.
2019-04-16 11:19:17 +02:00
Fabien O'Carroll
7461869f13 Updated import to only show warning when apps exist
no-issue

This is so that someone with empty defaults for installed_apps and
active_apps, or someone without the defaults at all, will not see the
warning message when importing.
2019-04-16 11:19:17 +02:00
Fabien O'Carroll
a947947ebd Removed support for apps from getContentPath
no-issue

There is no longer a need for this as external apps do not work.
2019-04-16 11:05:33 +02:00
Fabien O'Carroll
37bcdb0a83 Removed filters module
no-issue

This is no longer used now, as it was for apps to extend Ghost
2019-04-16 11:05:33 +02:00
Fabien O'Carroll
90c2dbcd6b Removed use of filters module
no-issue

As we're deprecating apps, filters are no longer used.

- Removed use of filters in helpers
- Removed use of filters from routing service
- Removed use of filters from rss service
- Removed use of filters in base model
2019-04-16 11:05:33 +02:00
Fabien O'Carroll
54ac98037b Refactored proxy to not take name param
no-issue

This was only used as context to api methods, but those have been removed.
2019-04-16 11:05:33 +02:00
Fabien O'Carroll
ca2dc1889a Removed unused filters object from apps proxy
no-issue

This is not used by any current apps, and apps are considered
deprecated.
2019-04-16 11:05:33 +02:00
Fabien O'Carroll
65f16f77a7 Removed unused api object from apps proxy
no-issue

This is not used by any current apps, and apps are considered deprecated.
2019-04-16 11:05:33 +02:00
Fabien O'Carroll
0d40952232 Removed apps from update-check
no-issue

This only read external apps, so can be removed now we don't support them
2019-04-16 11:05:33 +02:00
Fabien O'Carroll
f74d459dad Removed active and installed apps default settings
no-issue
2019-04-16 11:05:33 +02:00
Fabien O'Carroll
4a22fcf73a Removed unused translations for apps service
no-issue
2019-04-16 11:05:33 +02:00
Fabien O'Carroll
29948da3bc Refactored app service init to load config
no-issue
2019-04-16 11:05:33 +02:00
Fabien O'Carroll
d31395412b Removed sandbox from apps service
no-issue

The instansiation of a Module object was only used so that we could
override the require method inside external apps, now we have no support
for them, we are free to require the internal apps directly. This has no
functionality change.
2019-04-16 11:05:33 +02:00
Fabien O'Carroll
4696d70de0 Refactored app proxy module to not use Constructor
no-issue

Rather than creating a whole instance, we can replace it with a helper
method - his is less memory intensive and a little easier to parse for
something this small.
2019-04-16 11:05:33 +02:00
Fabien O'Carroll
ca8c5c4907 Removed app permissions module and updated loader
no-issue

The permissions module is no longer necessary as we only suppot internal
apps, which have all permissions. This allowed us to delete the module,
but required that we update the loader to remove references to it.
2019-04-16 11:05:33 +02:00
Fabien O'Carroll
e4db1eed81 Removed support for external apps from Proxy
no-issue

This also removes the need for permissions, as internal apps have all permissions
2019-04-16 11:05:33 +02:00
Fabien O'Carroll
4b74c11abb Removed installAppByName method
no-issue

Only external apps needed the install step, we can safely remove this now.
2019-04-16 11:05:33 +02:00
Fabien O'Carroll
ad9d142174 Refactored Sandbox to be singleton
no-issue
2019-04-16 11:05:33 +02:00
Fabien O'Carroll
fd9fc92dd5 Removed external app support in Sandbox
no-issue
2019-04-16 11:05:33 +02:00
Fabien O'Carroll
fc1aa58dc0 Removed external app support from app service loader
no-issue
2019-04-16 11:05:33 +02:00
Fabien O'Carroll
d63d3f77eb Removed external app support from app service init
no-issue
2019-04-16 11:05:33 +02:00
Rishabh Garg
62f5bdac4c
Updated to use count words/images helpers from SDK (#10686)
refs #10618

- Added @tryghost/helpers dependency to use Ghost-SDK helpers
- Updated countWords, countImages helpers and removed local copy
2019-04-16 08:00:01 +05:30
Fabien O'Carroll
32a4798d76 Added skip of active/installed apps settings during import (#10681)
no issue
- the `{active,installed}_apps` settings related to a very old, minimally implemented, unreleased, and problematic approach to custom apps
- this is the first step towards full removal of the old "apps" concept

Credits: Kacper Szurek
2019-04-15 11:10:10 +01:00
Rish
9e6733ecab Updated subscription data in member request
no issue

- Added subscription amount to member subscription data
2019-04-13 10:44:43 +05:30
Rishabh Garg
c03ca79c66
Added Admin API for deleting members (#10673)
no issue

- Added new API to delete members
- Added methods to handle e2e member deletion
- Deleting member via Admin leads to
  - Removal of member from payment processor and cancelling all active subscriptions immediately
  - Removal of member information from DB
2019-04-13 10:38:56 +05:30
Rishabh Garg
35c4da710a
🐛 Fixed sitemap generation with correct date and images value (#10668)
closes #10640

- Updated sitemap resources data to include certain fields
- Fixes sitemap date and images value
- Updated date handling for sitemap nodes
2019-04-09 12:43:07 +05:30
Naz Gargol
87b37556c8
Improved error context usage (#10669)
refs #10571

- Reduced the amount of log output for collision errors
- Improved data passed into `errorDetails` during theme check
- After discovering https://github.com/TryGhost/Ghost/blob/9810834/core/server/services/themes/index.js#L56-L57 wasn't able to remove `checkedTheme` from `context`. Left a note to be refactored later
2019-04-09 13:00:56 +08:00
Kevin Ansfield
47692b1081 🐛 Fixed last paragraph not rendering on front-end when it's styled
no issue
- the conditional for removal of trailing blank paragraphs was not sufficient to handle paragraphs where the first child element was not a text node such as when the content of the last paragraph is italic
- switched to a method that fully walks the DOM of the last paragraph node to extract its equivalent `.textContent` value for use in the "last para is blank?" check
2019-04-08 16:25:20 +01:00
Fabien O'Carroll
cebcf27b6b 🐛 Fixed 500 template error occurring in place of a 404 for missing pages/assets (#10660)
no issue

- when the page is missing the context can be undefined, this defaults it to an empty array so that later `context.includes()` calls don't error
2019-04-04 14:41:56 +01:00
Fabien O'Carroll
35725f9537 Added members data to local template options
no-issue

- Splits updateTemplateData into three functions with clear naming
- Adds req.member to local template options, to be used as {{@member}}
2019-04-04 10:44:43 +02:00
Fabien O'Carroll
b38fb32c3f Refactored theme middleware module
no-issue

- Replaces var -> const
- Removed use of object to hold functions
2019-04-04 10:44:43 +02:00
Fabien O'Carroll
d0c1853797 Used getter instead of looking up internal property
no-issue

Since express-hbs@1.10 we have a method to get the template options,
which should be used rather than reading internal "private" properties
2019-04-04 10:44:43 +02:00
Vikas Potluri
bd77c1e2e0 Migrated body_class, content and date helpers to ES6 (#10644)
refs #9589 

* updated body_class helper to use newer code standards
* updated content helper to use newer code standards
* updated date helper to use newer code standards
2019-04-02 08:36:13 +02:00
Nazar Gargol
b9eaf27e56 🐛 Fixed admin error page on startup
closes #10616

- The check should be on empty object because that's the default state of expresses 'engines' property - 3ed5090ca9/lib/application.js (L59)
- The bug was introduced with 5e963935f9 (diff-04cc23b216e11161ab7267d69f13d004R142)
2019-04-01 15:06:00 +08:00
Nazar Gargol
0d89acd910 🐛 Fixed redirects to external URL
closes #10623

- The ability to redirect to external URLs was broken with 7e211a307c
- Added test coverage for external URL case
2019-04-01 12:33:29 +08:00
Vikas Potluri
960993b257 Migrated asset and author helpers to es6 (#10611)
refs #9589

* update asset helper to use newer code standards

* update authors helper to use newer code standards
2019-03-26 10:06:41 +05:30
kirrg001
1e6f4ba340 🐛 Fixed Admin API v2 wasn't returning preview url
no issue

- Admin API v2 returned /404/, see comment in code base:

/**
* CASE: admin api should serve preview urls
*
* @NOTE
* The url service has no clue of the draft/scheduled concept. It only generates urls for published resources.
* Adding a hardcoded fallback into the url service feels wrong IMO.
*
* Imagine the site won't be part of core and core does not serve urls anymore.
* Core needs to offer a preview API, which returns draft posts.
* That means the url is no longer /p/:uuid, it's e.g. GET /api/v2/content/preview/:uuid/.
* /p/ is a concept of the site, not of core.
*
* The site is not aware of existing drafts. It won't be able to get the uuid.
*
* Needs further discussion.
*/
2019-03-21 19:08:38 +01:00
Rish
394c8b7650 Removed hard-coded members lab flag for theme
no issue

- Removed hard-coded setting to switch on members flag in labs based on developer flag
2019-03-21 13:56:46 +05:30
Grant
51151e9e9e Removed obsolete comment about api keys not being supported (#10622)
no issue

I noticed an outdated comment in the codebase ([confirmed by Kevin](https://forum.ghost.org/t/code-comment-says-we-dont-support-admin-api-keys-yet-is-this-true/6344/4?u=grant)). This PR removes it.
2019-03-19 20:05:37 +01:00
Nazar Gargol
2517e9dc65 Added consistent handling to empty mobiledoc
closes #10612

- Added handling for 'blank' mobiledoc structure which should be converted to '""' instead of '<p></p>'
2019-03-18 20:06:53 +08:00
kirrg001
56deccb74d Added missing translation key: admin api kid
no issue

- found this by coincidence
2019-03-18 12:48:39 +01:00
Eol
9a21bea2c7 🐛 Fixed null displayed on empty post content (#10617)
refs #10612

- Added `null` value handling to {{content}} helper, which is same to how {{exerpt}} helper handles `null` values at the moment
2019-03-18 19:46:59 +08:00
Katharina Irrgang
a2f7160499
Enhanced 2.18 detection (#10610)
no issue

- discovered another case
2019-03-13 23:40:50 +01:00
Fabien O'Carroll
ca16b197a2
Checked null & undefined in settings migration (#10609)
no-issue

This is to make sure we catch all falsy cases of values.
2019-03-13 23:35:23 +01:00
Fabien O'Carroll
406e7c04d2
Improved error messages/handling for 2.18 migrations (#10608)
no-issue

We do not want to throw errors for edgecases, so we lot a message
telling the user to double check their settings.
2019-03-13 22:03:54 +01:00
Fabien O'Carroll
a8debd8980
🐛 Fixed private blogging getting disabled after 2.17 migration (#10606)
no-issue

The 2.17 migration included a bug which set the `is_private`, `amp` and `force_i18n` setting values to `'false'` when they should have been `'true'`

We've reverted these changes by reading the most recent backup file, and setting the value to `'true'` if the backup has it set to `'true'` AND the current db has it set to false.

We've also amended the broken migration, so that it does not cause this issue for future installs
2019-03-13 21:35:19 +01:00
Fabien O'Carroll
56b6c633f6
Updated backup file names to include timestamp (#10607)
no-issue

Currently if you run two migrations on the same day, the backup is overwritten. This change adds the `HH-mm-ss` to the file name, meaning that you get a unique backup for each migration.
2019-03-13 21:06:05 +01:00
Katharina Irrgang
f64af762ef 🐛 Fixed "Cannot read property 'feature_image' of undefined" (#10602)
no issue

- refs https://forum.ghost.org/t/default-hbs-cannot-read-property-feature-image-of-undefined/6194
-
2019-03-13 18:13:52 +08:00
Kevin Ansfield
507d8b32db
Fixed previews not reflecting changes to scheduled posts on Ghost(Pro) (#10601)
closes https://github.com/TryGhost/Ghost/issues/10600
- modifies conditions for when to send a cache invalidation header for preview URLs to include changes to scheduled posts
2019-03-12 18:35:54 +00:00
kirrg001
811ba83b19 🐛 Fixed {{body_class}} helper when using data: page.{slug} in routes
refs #10082

- throwed a 500 because this.page was not handled
- v2 differentiates between page and post
2019-03-12 12:34:16 +01:00
kirrg001
555dc2f180 🐛 Fixed {{meta_title}} output when using data: page.{slug} in routes
refs #10082

- meta_title output wrong meta title

Only solves meta_title outout for this use case:

```
routes:
  /:
    data: page.{slug}
    template: t
```
2019-03-12 12:34:16 +01:00
kirrg001
3b4edccf62 🐛 Fixed {{meta_description}} output when using data: page.{slug} in routes
refs #10599

- meta_description output wrong meta description

Only solves meta_description for this use case:

```
routes:
  /:
    data: page.{slug}
    template: t
```
2019-03-12 12:34:16 +01:00
kirrg001
fef0aa44d3 🐛 Fixed meta twitter_image output when using data: post.{slug} for routes
refs #10082

```
routes:
  /news/:
    data: post.news
```

The twitter_image was not available, because the context is [news, post] and the data is in `data.post`.
The context helper was incorrect. I think it is still not fully correct, but only focused on this use case.
The meta layer needs a full refactoring.
2019-03-12 12:13:47 +01:00
Naz Gargol
34fad7eaaf
Added Canonical URL support to posts&pages in Admin & Content API v2 (#10594)
refs #10593

- Added `canonical_url` field to post&pages resources in Admin & Content APIs
- Support for canonical URL on metadata layer (used in {{ghost_head}} helper)
- Made sure the new field is not accessible from API v0.1 
- Added handling same domain relative and absolute URLs
2019-03-12 17:51:29 +08:00
kirrg001
0c8373afb7 Removed 'null' parsing in settings model
refs #10582

- I don't think this is a good idea
- If a user passses "null", we should treat it as a string
- I am not aware of a use case why people have "null" in their database
- If people send "null" via the API, we should respect this and accept a string
2019-03-11 20:07:48 +01:00
kirrg001
0c583135ba Added TODO to settings input serializers
no issue

- we need these rules globally
2019-03-11 20:07:48 +01:00
kirrg001
255b55cab5 Added proper importer regression tests
refs #10582
2019-03-11 20:07:48 +01:00
kirrg001
145a9456a2 Updated settings validations
refs #10582

- the db input formatter ensures we always forward "true" or "false" for boolean fields
2019-03-11 20:07:48 +01:00
kirrg001
20ab9651dc Removed force_i18n in API v2 settings serializer
refs #10582

- deprecated
- won't serve
- won't save
2019-03-11 20:07:48 +01:00
kirrg001
bfccaa8d2e Added db formatter for settings model
refs #10582

- ensure we won't forward booleans to database
- type TEXT will transform booleans to "0"/"1!
2019-03-11 20:07:48 +01:00
kirrg001
037ac4d748 Added input serialization for settings API v2 to transform "0"/"1" booleans
refs #10582

- otherwise we will forward string booleans to model layer
- causes trouble if we trigger events
- causes trouble if we want to add conditions to the model e.g. setting.get('value') ?
2019-03-11 20:07:48 +01:00
kirrg001
f80a9429b9 Added migration to normalize booleans
refs #10582
2019-03-11 20:07:48 +01:00
kirrg001
fca05453fe 🐛 Fixed site requests showing 422 if path is not a valid slug
no issue

- e.g. /feed.xml/ was showing a 422
- any other none slug site requests showed a 422
- should be a 404
- context: site is talking to Content API
  - it can happen that the API returns a 422
  - the routing layer needs to handle this and always show a 404
- catched error in routing error handling
- need to see if there are more cases
2019-03-11 19:40:51 +01:00
Aileen Nowak
23215e7d74 Added event to integrations when created (#10588)
no issue

- There was no model event being sent yet when a new integration is being created
- Added this event type to our analytics listener
2019-03-11 15:28:17 +01:00
kirrg001
160d50a258 🐛 Fixed /edit url redirecting to wrong admin client url
no issue

- admin client has fixed showing a 500
- we now show a 404 if the url is wrong
- server side has corrected the editor url
2019-03-11 15:26:13 +01:00
Kevin Ansfield
0a846002f8 Renamed blog->site in error messages and welcome e-mail (#10586)
no issue

- general `blog` -> `site` wording switch
2019-03-11 15:25:21 +01:00
Fabien O'Carroll
a2aa66ca73
🐛 Fixed img-url to output relative url by default (#10596)
closes #10595

* Added breaking test for img-url helper

Input from the content API was absolute, adding this test to verify my fix

* Updated existing test to breaking test for img-url

Had made a dumb assumption when building images sizes, this updates the
test to fail so we can verify the fix

* Refactored img-url to return as early as possible

This makes it a little easier to parse what's going on, and it also
allows us to remove the check for existence of the image url in the
getImageSizes function

* Refactored img-url config parsing to clean up core logic

Superficial refactor to make future changes able to focus on what rather
than how.

* Refactored internal image detection into helper

We're gonna need to know if the image is internal or not, when we force
the path to relative, if we pull this out now, we have access in the top
level logic

* Removed duplicate checks for internal image

Cleaning up and moving "higher-level" logic into the main function of
the module

* Renamed attr -> requestedImageUrl

Superficial refactor, trying to be more explicit about identifiers

* 🐛 Fixed img-url to output relative url by default

Includes a check to isInternalImage as we never want to make external
images relative.

* Returned early if img-url recieves external url

After realising we never want to deal with external urls, we can
continue to return as early as possible, letting us remove checks and
simplify the more complex logic for internal images.

* Cleaned up the internal image logic

Defining the three functions in order helps to see what operations are
going to happen and in which order, we can then return the result of
each operation applied to the next operation.
2019-03-11 15:20:05 +01:00
David Sánchez
49cf18fe33 🐛 Changed subscribed page title from hardcoded to site title (#10589)
no issue

- The subscribed title was being hardcoded as "Ghost" instead of using the title of the site.
2019-03-11 14:07:37 +08:00
Nazar Gargol
9a831d1306 Fixed url for settings images saved in the db
closes #10590

- All images stored in the db should be relative urls and should only be served as absolute
2019-03-11 11:59:06 +08:00
Hannah Wolfe
d2b1e0d4b7 Attr pass-thru & full context in partial helpers
refs #5162

- allow pagination and navigation partial helpers to have attributes passed through to them
    - e.g. {{navigation header=true}} -> {{#if header}} will now work
    - allows styling navigation to be done differently for different sections of the page
- properly create a data frame, and pass through "this" context
    - means {{navigation header=true}} is the same as {{> navigation header=true navigation=@site.navigation}}
    - our partial helpers, have the same behaviour exactly as if the partial was called directly
- this is additive, and improves behaviour
2019-03-09 21:21:01 +00:00
Nazar Gargol
942324b60e 🐛 Fixed private blogging getting enabled after import
refs #10582

- Importer should do similar conversion introduced in 04c60b4ce1
2019-03-07 18:44:47 +08:00
Nazar Gargol
3124d23ccf 🐛 Fixed force_i18n import validation error
closes #10580

- The validation was failing because boolean values in settings can also be "0" and "1". 04c60b4ce1 explains the reason why these 2 new values are allowed
2019-03-07 16:42:11 +08:00
Naz Gargol
9810834f7b
Removed redundant errorDetail and context stringification in errors (#10572)
no issue

- Additional JSON.stringify call is redundant because it is already happening internally in Ignition (https://github.com/TryGhost/Ignition/blob/master/lib/logging/GhostLogger.js#L241)
- Left stringification in importer as is, because the use case there is also
putting errors into 'problems' array and seems like those values have to
be stringified
2019-03-07 12:58:44 +08:00
Katharina Irrgang
04c60b4ce1
🐛 Fixed private blogging getting enabled when saving any setting (#10576)
no issue

- Reported here: https://forum.ghost.org/t/in-version-2-16-3-found-bug/6065/3

---

Admin Client sends false or true booleans for `is_private` key.

The settings table has two columns "key" and "value". And "value" is always type TEXT.

If you pass value=false, the db will transform this value into "0".
`settingsCache.get('is_private')` is then always true, even though the value is meant to be false.

We should add a migration in v3 and normalize all setting values to ensure consistent database values. Furthermore, we should improve the handling around settings values in general.

For now, we protect parsing values from DB, which we anyway need to transform the values into the correct data type, because we always save strings. This will protect values being stored as "false" or "1" or whatever.
2019-03-06 12:56:26 +01:00
kirrg001
ac26436c10 🐛 Fixed v0.1 username/password authentication
no issue

- refs 39edb7646e
2019-03-06 10:48:21 +01:00
kirrg001
5b73e8238e 🐛 Fixed email address not being returned with admin api key authentication
no issue

- bug in model layer
- we have to drop these context checks when dropping v0.1
2019-03-06 10:48:21 +01:00
Dan Sloan
fba277ce1d 🐛 Fixed custom certificate usage for MySQL (#10573)
closes #10570

Added a conditional to only run makePathsAbsolute when database:client
is sqlite3, which keeps expected behaviour (make the
"database:connection:filename" path absolute when running SQLite) while
not breaking MySQL behaviour.
2019-03-06 10:28:10 +01:00
Kevin Ansfield
39edb7646e
Improved error message when attempting to use disabled v0.1 Public API (#10562)
no issue
- trying to use the v0.1 Public API when it was disabled led to a confusing error message, see https://forum.ghost.org/t/403-forbidden-error-on-postman-api-call/6017
- adds an explicit check for the Public API being enabled in the client authentication step and throws a useful error message if client auth is attempted when it's disabled
2019-03-05 10:41:07 +00:00
kirrg001
e79fc9a9be Fixed incorrect codeinjection_* assignment
no issue

- discovered while testing
2019-03-05 11:00:16 +01:00
Nazar Gargol
e109c54245 🐛 Fixed 500 error when wrong field data was passed
closes #10564

- Added similar filtering logic to models/base in `findOne` as in `findPage` to prevent fetching unexistent columns
2019-03-05 17:26:34 +08:00
Nazar Gargol
30c005f848 🐛 Fixed field filtering for /authors/:id endpoints
closes #10512

- Removed field filtering in blog owner fetching because it didn't work before (fields weren't reduced) and now broke generated sql queries (ambiguous id field)
2019-03-05 15:18:32 +08:00
Nazar Gargol
62c4ae119d 🐛 Fixed field filtering for /tags/:id endpoints
refs #10512

- Fixed ability to fetch specific fields when fetching tag resource by id
- Also only returning `url` field when specified in `fields` parameter
2019-03-05 13:17:38 +08:00
kirrg001
97cf337907 🐛 Fixed 404 when trying to update codeinjection_* settings in Admin API v2
refs #10560
2019-03-04 22:59:13 +01:00
kirrg001
449bae9a48 🐛 Fixed missing "value" property for settings Admin API v2
closes #10518

- we had a very generic logic to remove "unwanted" null values
  - copied from v0.1
  - originally added in 7d4107fec4
- this logic transformed: settings = [{key: 'key', value: null}] to [{key: 'key'}], which is wrong
- i've removed this generic logic completely, because i don't know which purpose it serves
- if there a specific case where we want to remove null values, we should either use the JSON schema or use a specific serializer for the target resource
- added tests to proof that settings API behaves as it should
- one test failed because we removed the isNull logic -> if you send published_at = null on a published post
  - the model layer has a piece of logic to force a date if you set published_at to null if the status is published
  - protected
2019-03-04 20:06:53 +01:00
Fabien O'Carroll
98b4940f70
🐛 Allowed data in collections to use specified key (#10559)
closes #10434

This adds the list of objects to the specified key,
finishing off the work started in the PR here:
https://github.com/TryGhost/Ghost/pull/10449
2019-03-04 17:53:58 +01:00
Kevin Ansfield
5a7356de5b 🐛 Fixed excerpt property being missing if plaintext is NULL or ""
closes https://github.com/TryGhost/Ghost/issues/10558
- added conditional to explicitly set `excerpt` to `null` in the API output serializer when a post has no `plaintext` or `custom_excerpt` value
2019-03-04 14:30:26 +00:00
Kevin Ansfield
2b34327544 🐛 Fixed plaintext field not being cleared when post body is removed
closes https://github.com/TryGhost/Ghost/issues/10557
- add conditional for plaintext changing rather than only being present for when to set a new plaintext value
2019-03-04 14:03:44 +00:00
Fabien O'Carroll
d7238e94c2
🐛 Supported "false" as absolute attribute value (#10556)
no-issue

* Added breaking test
* 🐛 Supported "false" as absolute attribute value

refs https://github.com/TryGhost/docs-api/pull/29
2019-03-04 11:23:42 +01:00
Vikas Potluri
42c472feff Removed superagent dependency (#10535)
no issue

- Migrated default scheduling adapter to use Got via the request proxy
- SchedulingDefault is the only module that was using superagent so removed it as a dependency
2019-03-04 15:59:38 +08:00
Nazar Gargol
01b03f7a1a 🐛 Fixed returning 'null' text for exerpt helper
refs #10554

- Fixes a flow described in https://github.com/TryGhost/Ghost/issues/10554#issuecomment-469127056
2019-03-04 14:39:20 +08:00
kirrg001
a180d4e103 Updated TODO's
no issue
2019-02-27 18:08:36 +01:00
kirrg001
f8d1e38290 🐛 Fixed empty amp page
closes #10547

- TODO: raise issue
2019-02-27 17:56:09 +01:00
kirrg001
f33dacaf64 🐛 Fixed {{url}} output when using {{#next_post}}/{{#prev_post}}
closes #10546

- TODO: raise issue
2019-02-27 17:50:51 +01:00
Rish
d62feca270 Added members permission migrations
no issue

- Added new fixtures for member permissions for Admin
2019-02-26 15:43:36 +07:00
Rish
20a898a986 Refactored members auth flow with dynamic settings
no issue

- Updated members auth flow UI
- Updated members settings and routing to be dynamic
2019-02-26 15:43:36 +07:00
kirrg001
90aef4f6c9 Stripped "excerpt" and "plaintext" from API v2 schema
no issue

- exceprt -> virtual field
- plaintext -> generated field
2019-02-26 09:07:14 +01:00
kirrg001
5a52336791 Used correct posts controller name for Content API v2
no issue
2019-02-26 08:33:10 +01:00
kirrg001
38e93c19b5 Reverted & Solved apiType differently
no issue

- was unable to revert 9dd7aff9c6, because it contains members changes
- functional calls did not work correctly, because the content and admin ctrl differentiation happend in the web layer
- `isContentAPI` returned true for `api.v2.settings.edit(data, {context: {internal:true{})`
- content & admin API are using different controllers
- we can just tell which ctrl is content API and which is not
- the direction fits for the content & admin API split
2019-02-26 08:33:10 +01:00
kirrg001
46d7a5666e Renamed authors ctrl to authors-public
no issue

- consistency
2019-02-26 08:33:10 +01:00
kirrg001
7a2398b7f2 Fixed error handling for API frame
no issue

- throwing an object from a catch handler is not a good idea
- unexpected and broke functional call to API (always returned a 500, because API returned {err: err, method: ...}
2019-02-26 08:33:10 +01:00
Nazar Gargol
3baf52fba9 Added 'property' field to errors returned from API
refs #10438
2019-02-26 13:41:13 +07:00
Hannah Wolfe
bd904cd8e1
Tags endpoint is experimental
- hasn't been tested yet, soooooooon
2019-02-26 12:52:58 +07:00
Rish
392bb412d2 Fixed broken static routes with members serverside rendering
no issue

refs cc1f62438d
2019-02-26 12:19:31 +07:00
Rish
b010c1be7e Fixed broken routes with members serverside rendering
no issue

refs cc1f62438d
2019-02-26 11:59:50 +07:00
Fabien O'Carroll
4e6a6a24ac Updated Admin API key auth to require kid in header (#10538)
* Required kid be a header claim as according to spec

https://tools.ietf.org/html/rfc7515#section-4.1.4 (JWT is an extension of JWS)

* Updated error message for missing kid

* Fixed admin-api key unit tests

* Fixed regression and acceptance tests
2019-02-26 11:03:47 +07:00
kirrg001
71951eabea Fixed webhook resource name for page events
no issue

- posts & pages live in the same table, need to use the event name
2019-02-25 23:51:23 +01:00
kirrg001
6c50dadb90 Fixed serialized webhook payload for deleted resources
no issue

- serializer did not kick in correctly
2019-02-25 23:35:52 +01:00
kirrg001
370f3bbcc0 Removed single author serializer from v2
no issue
2019-02-25 23:35:09 +01:00
kirrg001
2fd5964089 Fixed emitEvent in base model
no issue

- the options were not correctly remembered
2019-02-25 22:53:47 +01:00