Commit Graph

9430 Commits

Author SHA1 Message Date
Naz
74280cfbea Added "email post" frontend routing
refs https://github.com/TryGhost/Team/issues/953

- Emails posts should be not explorable by the rest of the frontend similarly to the draft or scheduled posts. Email posts should also keep the content gating, so that specific parts of content can still be gated based on the post's visibility setup
- A separate frontend router was chosen to implement this part of the system instead of a moutable express app due to increased complexity to introduce the latter approach.
- All "sent" email-only posts will be accessible through the `/email/:slug/` route
2021-08-13 12:09:11 +04:00
Naz
2cae064575 Swapped to American English spellings
refs 16728a3ef1
2021-08-13 10:26:33 +04:00
Naz
0d7f253582 Added an internal API for email-only posts
refs https://github.com/TryGhost/Team/issues/899

- The internal API is needed to be able to fetch email-only posts through email router. The concept is similar to Preview API with a difference that only posts with `sent` status are accessible and there is content-gating present.
2021-08-13 10:12:54 +04:00
Naz
59a60d77b9 Fixed JSDoc apiType in the frame pipeline
no issue

- The apiType parameter is optional and was causing type checking to fail in many palces
2021-08-13 10:08:50 +04:00
Naz
9bc5a279ca Added a 'sent' status to post model
refs https://github.com/TryGhost/Team/issues/953

- We need to track email-only posts that have been sent out. New status was chosen as a way to differenciate such posts.
- Introducing a new "email post" type, conceptually like "page", was considered. Because there is no clear roadmap for "email post" becoming a bigger part of the product yet and a lot of uncertainty around this concept, overhead needed to introduce a new type was just too much to do at this moment. It's still a possibility in the future
2021-08-13 10:06:15 +04:00
Fabien 'egg' O'Carroll
235597a5e4
Refactored Members controller bulkDestroy (#13221)
no-issue

This moves the logic out of the controller and into the members-api
member repository. Removing complexity from the controllers and
out into services is desirable to reduce code in the Ghost codebase
and move logic into modules which can be tested easier.
2021-08-12 15:26:25 +01:00
Naz
cf14b5f433 Fixed function complexity linting warning
no issue

- Touched this file while looking into use of config.user_name/user_email and it was almost criminal to not do a tiny improvement
2021-08-12 15:38:58 +04:00
Naz
cb16675e29 Added "from" parameter to email verification
refs https://github.com/TryGhost/Team/issues/961

- More specific "from" address should improve handling when escalated. See refed issue for details.
2021-08-12 14:07:16 +04:00
Naz
41c70dfc96 Improved GhostMailer JSDocs
refs https://github.com/TryGhost/Team/issues/961

- The "from" parameter was not documented, so made it vary clear that it exists and is optional
2021-08-12 14:07:16 +04:00
Naz
fa13ff2798 Updated use of "blog" in variable to "site"
no issue

- The coding standard/preference in variable naming is to go with "site" where possible when referring to current instance instead of "blog".
2021-08-12 14:07:16 +04:00
Fabien 'egg' O'Carroll
6dba643ef9
Added ability to filter members on subscription data (#13214)
refs https://github.com/TryGhost/Team/issues/944

This will allow us to filter for members which have a canceled
subscription or for members which are currently on trial.
2021-08-12 10:10:51 +01:00
Naz
01f8737d39 Added /email/ route to robots.txt
closes https://github.com/TryGhost/Team/issues/952

- The `/email/` route will be a home for email only posts. We are adding the route preemptively to have the crowlers update their caches before the feature sees the light of The Internet
2021-08-10 13:45:53 +04:00
Naz
c9821a123a Swapped to American English spellings
refs 16728a3ef1
2021-08-09 13:35:01 +04:00
Naz
06a6dcb2d1 Added an /email/ root route for email-only posts
refs https://github.com/TryGhost/Team/issues/948

- The  frontend route `/email/:uuid` is aliased to the preview as a temporary solution. It fulfills the premise of the email-only post anyway - not being accessible publicly and only shared through email.
- The tests for the new route are missing as adding them was way more problematic than I envisoned. They are in the works and will be added as a follow up commit next.
2021-08-06 18:10:19 +04:00
Naz
db9e3a01ab Fixed invalid variable naming
refs ccab6117b4

- The change was meant to go with refed commit but was missed
2021-08-06 13:21:28 +04:00
Naz
ccab6117b4 Removed i18n dependency from psots service
refs https://github.com/TryGhost/Team/issues/949

- Use of i18n module is deprecated in favour of `tpl`/'messages` pattern
2021-08-06 12:21:23 +04:00
Naz
3c822e0457 Added ability to send newsletter and not publish the post
refs https://github.com/TryGhost/Team/issues/949

- When post is marked as "email-only" we can send it out to the selected audience when publishing without making the post publicly available
- The feature is available for experimentation behind "email only" alpha flag available in labs
2021-08-06 11:57:54 +04:00
Naz
a7503b9c0f Refactored posts service instantiation logic
refs https://github.com/TryGhost/Team/issues/949

- Initializing PostsService with almost identical parameters is burdensome, having a single factory method in create instances is far more maintainable
2021-08-06 11:57:54 +04:00
Naz
3a7bc1349d Reformatted big if statement
refs https://github.com/TryGhost/Team/issues/949

- It's relly hard to grasp what's going on in ifs with multiple conditions that are written down in a signle, gazzilion-line format. Having a nice column as way more readable
2021-08-06 11:57:54 +04:00
Naz
bd8a45d094 Extracted post edit logic to posts service
refs https://github.com/TryGhost/Team/issues/949

- The post model handling related to newsletter sending and email recipient filter logic were duplicating across v3/v4(canary) APIs and it made sense to extract it into a posts service.
- This will allow for a central place to handle about to land logic for email_only newsletter handling.
2021-08-05 15:18:29 +04:00
Naz
15073bad29 Extracted post/page cache invalidation logic to service
refs https://github.com/TryGhost/Team/issues/949

- The code is exactly the same in six (!) places. It's beyond unmaintainable to add another line to any of these place, which will be needed for `email_only` handling.
- The newly created posts service is a temporary, slightly better solution that complies with codebase's best practice of extracting new services using class with DI pattern
2021-08-05 14:51:47 +04:00
Naz
accf0c645a Refactored Pages API v3/canary controllers
refs https://github.com/TryGhost/Team/issues/949
refs e64274bb45

- This refactor is needed to bring the code in line with the rest of pages API controllers
- Next step will extract shared code patterns into a separate module
2021-08-05 14:42:16 +04:00
Naz
87ad210624 Refactored Pages API v2 controller
refs https://github.com/TryGhost/Team/issues/949
refs e64274bb45

- This refactor is needed to bring the code in line with the rest of pages API controllers
- Next step will extract shared code patterns into a separate module
2021-08-05 14:21:05 +04:00
Naz
ec19b01088 Fixed missing semicolon after the refactor
refs https://github.com/TryGhost/Team/issues/949

-  See previous commit
2021-08-05 14:14:58 +04:00
Naz
e64274bb45 Refactored Posts API v2 controller
refs https://github.com/TryGhost/Team/issues/949

- This refactor is needed to bring the code in line with the rest of post API controllers
- Next step will extract shared code patterns into a separate module
2021-08-05 14:13:02 +04:00
Naz
8b5d0f559d Added clarifying comment to the email_only mapping
https://github.com/TryGhost/Team/issues/893

- The assignment is not that obvious and might be confusing without wider context, which is why it warrants to have a clarifying comment. This became apparent during code review
2021-08-05 19:44:35 +12:00
Naz
838e94e535 Added email_only property in Posts Admin API v4
https://github.com/TryGhost/Team/issues/893

- The property is only added to Admin API v4 and is invisible in all Content APIs as well as v2/v3 Posts APIs
2021-08-05 19:44:35 +12:00
Naz
755a3a320e Added email_only column to posts_meta table
closes https://github.com/TryGhost/Team/issues/893

- We need a place to store email-only flag and posts_meta is the best place for it
2021-08-05 19:44:35 +12:00
Fabien 'egg' O'Carroll
424f621414
Moved NQL relations and expansions into the models (#13204)
refs https://github.com/TryGhost/framework/pull/19

The @tryghost/bookshelf-filter plugin no longer bundles hardcoded
relations and expansion definitions, instead leaving it up to the
library consumer to implement.

This PR adds the preexisting relations and expansions to the relevant
models, in order to preserve our existing filtering functionality.
2021-08-04 15:30:53 +01:00
Kevin Ansfield
482a93ac7a Added dashboardTwo to allowed labs flags
no issue

- flag for Admin to switch to a more comprehensive dashboard
- may be used in Ghost for changes to stats endpoints
2021-08-04 11:09:13 +01:00
Sanne de Vries
2be601d25e Fixed hr element and button overlapping in cta card in email template 2021-08-03 18:43:29 +02:00
Daniel Lockyer
5cce9818eb v4.11.0
-----BEGIN PGP SIGNATURE-----
 
 iHUEABYIAB0WIQTqYa7kNs8D7Oo9dgLSEYbwtHKVrQUCYQk0mQAKCRDSEYbwtHKV
 raAxAQCWNrrS6ixKZlzFkjv8opyMQ1b0HV25NBjg8rAkD8YRVQEAsvUM2Vu/G0+Y
 mbb7qeWAzK1L8tNP686Khc84TbeSBQY=
 =NBs1
 -----END PGP SIGNATURE-----
gpgsig -----BEGIN PGP SIGNATURE-----
 
 iHUEABYIAB0WIQTqYa7kNs8D7Oo9dgLSEYbwtHKVrQUCYQk1CAAKCRDSEYbwtHKV
 rcPcAP9eW3OIVa5eO05BTVt7Dgi6sqLkry7AKU1KA6yWANJS4wEAi+EygDpPjxXu
 HTIkCXAJRV8VAKPHbO6ESUcqtMTEOAc=
 =PoHi
 -----END PGP SIGNATURE-----

Merged v4.11.0 into main

v4.11.0
2021-08-03 13:22:26 +01:00
Daniel Lockyer
e32ad5ea6d
Updated Admin to v4.11.0 2021-08-03 13:20:40 +01:00
Naz
7471c98df2 Updated email sending error copy
refs https://github.com/TryGhost/Team/issues/912
2021-08-03 10:13:14 +04:00
Naz
5868fff1b9 Added emailOnlyPosts alpha labs flag
refs https://github.com/TryGhost/Team/issues/902

- The flag will be controlling upcoming feature with the same name enabling exactly how it reads - ability to create posts available through the newsletter only
2021-08-02 13:11:07 +04:00
Rishabh
12f5e03f61 Handled member session API response in Portal
refs 24b2a82461

Updates Portal to handle updated 204 response for member session API in case of logged out member
2021-07-30 10:57:24 +05:30
Rishabh
24b2a82461 Updated session API status code for logged out member
refs https://github.com/TryGhost/Team/issues/560
refs 69b773d112

The endpoint `/members/api/session/` is used by Portal for fetching member session while setting up and redirecting to Stripe Checkout flow. The status code returned by API for logged out member is changed from 4xx Unauthorized to 204 No Content, which is consistent with the status code returned while fetching member data when logged out. This API is made just before initiating the checkout session, and is not noticable in most cases due to redirect to Stripe Checkout and got missed.
2021-07-30 10:34:51 +05:30
Kevin Ansfield
10b7b31e6b Adjusted .btn-accent colors in emails for a white background
refs https://github.com/TryGhost/Team/issues/928

- applied same darkening of accent color in emails as we use in editor when there's insufficient contrast of accent color against a white background
2021-07-29 15:39:04 +01:00
Kevin Ansfield
eb92610df2 Added accent color button styles to labs email template
refs https://github.com/TryGhost/Team/issues/928

- duplicated email template so email-cta changes can go into the labs version
- added `accentContrastColor` to template settings for using white/black depending on the accent color
- added `.gh-btn-accent` styles to the email template (email-cta card already uses those for the button)
2021-07-29 15:25:09 +01:00
Naz
5fd1ed5bcb Added an escalation email when import triggers a limit
refs https://github.com/TryGhost/Team/issues/912

- When the improt acceedes the threshold for the first time we need a way to notify configured escalationAddress to verify the instance owner's email address.
2021-07-29 20:30:30 +12:00
Naz
fa33235fd9 Moved email verification logic into separate method
refs https://github.com/TryGhost/Team/issues/912

- The processImport method was becoming to big and unreadable
- Having small methods is easier to extract if needed later
2021-07-29 20:30:30 +12:00
Naz
93e8814589 Moved sending email error into MEGA
closes https://github.com/TryGhost/Team/issues/913

- Having a limit service rule triggered was a temporary hack to get a basic email blocking version working
- As the freeze value is now persisted in the DB it's possible to read and rely on it to throw an error straight from MEGA.
2021-07-29 20:30:30 +12:00
Naz
086840873e Moved verified email check closer to freeze logic
refs https://github.com/TryGhost/Team/issues/912

- Previous logic was a bit misleading because it prevented from reading the real threshold configured with an instance once the verified flag was present in the config.
- The reshuffle made here allows to check the freeze logic based on the threshold and then process the returned result accordingly instead of having hidden logic behind "importThreshold" config value
2021-07-29 20:30:30 +12:00
Naz
8bc4d00fe6 Added email unfreeze for verified email config
refs https://github.com/TryGhost/Team/issues/912

- When instance has "verified" email configuration it should remove email freeze and disallow future feezes
2021-07-29 20:30:30 +12:00
Naz
06788f0b6a Persisted email freeze in settings table
refs https://github.com/TryGhost/Team/issues/912

- The email freeze state has to be stored somewhere to make it through the instance restart and settings table is the best place for it.
2021-07-29 20:30:30 +12:00
Naz
2fbc1af165 Added email disabling flag to settings records
refs https://github.com/TryGhost/Team/issues/912

- We need a place to persist the email freeze state between instance restarts - settings table record is the best place for it
2021-07-29 20:30:30 +12:00
Thibaut Patel
ba4f8cc857 Added OAuth user data
issue https://github.com/TryGhost/Team/issues/614

- This allows keeping each user oauth data, to compare on future logins
2021-07-27 17:56:07 +02:00
Kevin Ansfield
dfca0abc93 Added support for segmented email content in previews and test emails
refs https://github.com/TryGhost/Team/issues/927

- the `email-cta` card can be segmented so only free or paid members can see the content, it should be possible for authors to preview what that will look like in either case
2021-07-27 16:31:41 +01:00
Naz
633d4f4771 Fixed typo 2021-07-27 14:07:57 +04:00
Naz
1a64af103a Fixed MemberCSVImporter initialization
refs https://github.com/TryGhost/Team/issues/912

- The membersApi variable can be in uninitialized state. It should be accessed through membersService getter to make sure it's always correctly referenced
2021-07-27 13:09:04 +04:00
Naz
8fbbd524df Swapped to American English spellings
refs 16728a3ef1
2021-07-27 12:15:19 +04:00
Daniel Lockyer
04b5a1c6c5 v4.10.2
-----BEGIN PGP SIGNATURE-----
 
 iHUEABYIAB0WIQTqYa7kNs8D7Oo9dgLSEYbwtHKVrQUCYP6iagAKCRDSEYbwtHKV
 rR/dAPsGjY89fheicUdZfWbVUGunIQAKCYWj4sNMR5ZJbFQ8IAD8Dbx5XLR1IYmX
 7uzjx7ayuHt+o9jJkaRFGpETIRln4w0=
 =JY+u
 -----END PGP SIGNATURE-----
gpgsig -----BEGIN PGP SIGNATURE-----
 
 iHUEABYIAB0WIQTqYa7kNs8D7Oo9dgLSEYbwtHKVrQUCYP6kDQAKCRDSEYbwtHKV
 rVJ1AQCDiGWEJNVItQbPoAURACUtQPtg8GH1O62We+LUNdKQ5gEA2+snzZAi9fag
 60k5eyYxcB4JOwSVLIS19FcybgnhuAg=
 =1a74
 -----END PGP SIGNATURE-----

Merged v4.10.2 into main

v4.10.2
2021-07-26 13:01:12 +01:00
Daniel Lockyer
469a2f32ad
Updated Admin to v4.10.2 2021-07-26 12:54:17 +01:00
Kevin Ansfield
8d5e7ed695
🐛 Fixed unsubscribed members receiving email when a post is sent to all members (#13181)
refs https://github.com/TryGhost/Team/issues/935

The problem was incorrect operator precedence when multiple statements existed in the filter original filter when we transform it to enforce `subscribed:true` before sending.

- free only - subscribed:true+status:free - no issue
- paid only - subscribed:true+status:-free - no issue
- all - subscribed:true+status:-free,status:free - the ,status:free part is treated as a separate OR statement meaning the subscribed:true is not applied to it and free members that are unsubscribed will receive the email

- extracted the filter transform into a separate function so it can be unit tested
- updated the transform to use `()` for operator precedence, eg: `subscribed:true+(status:-free,status:free)`
- used transform function in `addEmail()` and `getEmailMemberRows()`
- fixed `sent/send` typo in error message
2021-07-26 12:47:03 +01:00
Naz
ac3602cced Fixed empty response when import triggers a job
refs d60d348c88

- When the import triggers a background job the meta response should contain no data otherwise the client can mistake it for completed import
2021-07-23 21:14:06 +04:00
Naz
d60d348c88 Fixed error when hostLimits are undefined
refs a7dd7bb64b

- The error was introduced in the refed commit. Object.assign method only works when the first parameter is an object otherwise it fails.
2021-07-23 20:46:52 +04:00
Naz
a7dd7bb64b Added email verification limit check
refs https://github.com/TryGhost/Team/issues/912

- When the import threshold is reached we want to trigger an "email" limit. See details in the refed issue
2021-07-23 20:37:29 +04:00
Naz
ec8b49ea42 Moved member importer declaration for readability
refs https://github.com/TryGhost/Team/issues/912

- Exposing a single method out of the service makes the API surface smaller - more readable.
- Additionlally having a wrapping method in service will be helpful for other triggers that are going to be executed in later iterations
2021-07-23 16:58:46 +04:00
Daniel Lockyer
dcca28a45b v4.10.1
-----BEGIN PGP SIGNATURE-----
 
 iHUEABYIAB0WIQTqYa7kNs8D7Oo9dgLSEYbwtHKVrQUCYPmn5QAKCRDSEYbwtHKV
 rZ7GAP44uQbWr4HFW7cAdEBG3YRDA5EC7S0uy2fdizzxuvPr2AEAqpU51eOpUPgm
 SY43m3su6G2QUoMMUJEt6HJ0xzH4FQU=
 =Qvoa
 -----END PGP SIGNATURE-----
gpgsig -----BEGIN PGP SIGNATURE-----
 
 iHUEABYIAB0WIQTqYa7kNs8D7Oo9dgLSEYbwtHKVrQUCYPmoNQAKCRDSEYbwtHKV
 rY8SAQDDoVnCn5KBFk7F4pMBEsH9CV5olF1URJf5wShFdVZrpwD/bNOf/kN/xn1R
 X2SMUaG4uZav969eRRU36h3Ky64Hdw4=
 =2WgO
 -----END PGP SIGNATURE-----

Merged v4.10.1 into main

v4.10.1
2021-07-22 18:17:34 +01:00
Daniel Lockyer
51ae9f1900
Updated Ghost-Admin to v4.10.1 2021-07-22 18:16:20 +01:00
Rishabh
a110cdd34a Added membersFiltering alpha labs flag
closes https://github.com/TryGhost/Team/issues/925

- used by Admin for working on members filtering features
2021-07-21 21:16:15 +05:30
Naz
57c4afdea2 Integrated @tryghost/members-importer
closes https://github.com/TryGhost/Team/issues/916

- The members importer module was extracted into an ouside module as per project structuring standards
2021-07-21 19:34:30 +04:00
Fabien O'Carroll
49f48c0f09 Made a single request for products in theme middleware
refs https://github.com/TryGhost/Team/issues/907

The logic to populate the `@price` data and the `@products` data both
rely on the same product data, but were each making their own request to
the API. This refactor removes the request from the legacy `@price`
data, which should cut the database queries in half.
2021-07-21 12:50:21 +01:00
Fabien O'Carroll
f900b4ee78 Moved theme middleware after static middleware
refs https://github.com/TryGhost/Team/issues/907

The theme middleware makes several calls to the content api in order to
populate global theme data for use in templates. By adding this
middleware after the static theme files, we remove redundant calls.
2021-07-21 11:25:02 +01:00
Naz
170617feb3 Fixed this context for methods passed into importer
refs https://github.com/TryGhost/Team/issues/916

- Without `.bind`, `this` context was lost when used inside of the CSVImporter calss
2021-07-21 21:00:16 +12:00
Naz
25dcfde368 Refactored ghostMailer parameter
refs https://github.com/TryGhost/Team/issues/916

-  The constructor API should have as small of a surface as possible, there's no need to pass around whole ghostMailer instance
2021-07-21 21:00:16 +12:00
Naz
83c75a3fb4 Refactored settingsCache parameter
refs https://github.com/TryGhost/Team/issues/916

-  The constructor API should have as small of a surface as possible, there's no need to pass around whole settingsCache instance
2021-07-21 21:00:16 +12:00
Naz
19c5c0b05a Refactored storagePath parameter
refs https://github.com/TryGhost/Team/issues/916

-  The refactor was done follow the DI Constructor pattern with single options Object parameter
- It didn't make sense to have a "config" object inside of options object containing just one property
2021-07-21 21:00:16 +12:00
Naz
2472695535 Refactored constructure signature to be a n object
refs https://github.com/TryGhost/Team/issues/916

-  The refactor was done follow the DI Constructor pattern with single options Object parameter
2021-07-21 21:00:16 +12:00
Naz
da3620ca8e Refactored url-uitls out of MembersCSVImporter
refs https://github.com/TryGhost/Team/issues/916

-  The refactor was done follow the DI Constructor pattern and prepare module for extraction
2021-07-21 21:00:16 +12:00
Naz
66a6a522e0 Refactored db dependency out of MembersCSVImporter
refs https://github.com/TryGhost/Team/issues/916

-  The refactor was done follow the DI Constructor pattern and prepare module for extraction
2021-07-21 21:00:16 +12:00
Naz
b96a8f4f6b Refactored jobs service out of MembersCSVImporter
refs https://github.com/TryGhost/Team/issues/916

-  The refactor was done follow the DI Constructor pattern and prepare module for extraction
2021-07-21 21:00:16 +12:00
Thibaut Patel
489e470d7b Added a feature flag to the oauth login feature
issue https://github.com/TryGhost/Team/issues/614

- The feature flag was called `oauthLogin` instead of simply `oauth` to avoid clashes in the frontend `feature` service as it is merging the config and labs properties.
2021-07-20 23:16:49 +02:00
Naz
1eef1e9781 Refactored labs dependency out of MembersCSVImporter
refs https://github.com/TryGhost/Team/issues/916

-  The refactor was done follow the DI Constructor pattern and prepare module for extraction
2021-07-20 18:42:57 +04:00
Naz
c7edf256f6 Refactored Ghost mailer dependency out of MembersCSVImporter
refs https://github.com/TryGhost/Team/issues/916

-  The refactor was done follow the DI Constructor pattern and prepare module for extraction
2021-07-20 18:42:26 +04:00
Naz
a2fc3dde7d Removed dead code - batch-import module
refs https://github.com/TryGhost/Team/issues/916

- While investigating members importer related codebase this legacy module was spotted. It's not used anywhere and doesn't serve any particular purpose.
2021-07-20 17:44:25 +04:00
Naz
ce1711735f Swapped to American English spellings
refs 16728a3ef1

- Same reason as in refed commit, ltdc:
 - Traditionally all of Ghost's public-facing text was written in British English
 - We're changing that to US English because that's more common
 - US English should also be used in code e.g. properties are called color not colour
2021-07-20 17:27:24 +04:00
Fabien 'egg' O'Carroll
fc754c980f
Added missing comment to members .well-known mount
refs https://github.com/TryGhost/Team/issues/664

This was missed as part of PR review, as it is a non-standard mount location a comment
should be included to help our future selves!

PR: https://github.com/TryGhost/Ghost/pull/13163#discussion_r673066080
2021-07-20 13:58:29 +01:00
Daniel Lockyer
3ea9a6dff1
Updated Ghost-Admin to v4.10.0 2021-07-20 13:45:53 +01:00
Fabien O'Carroll
1962591c2e 🔒 Fixed permissible method for Integration Model
refs https://github.com/TryGhost/Ghost/security/advisories/GHSA-j5c2-hm46-wp5c

The permissible method of models overrides all permission logic, which
means we must manually check the user & api key permissions before
continuing.
2021-07-20 13:43:29 +01:00
Fabien 'egg' O'Carroll
264fb51a87
Exposed Members pub keys on /members/.well-known/ (#13163)
refs https://github.com/TryGhost/Team/issues/664

The new WellKnownController and middleware handles exposing a JSON Web
Key Set for us.

In order to serve the keys on /members/.well-known/jwks.json without a
trailing slash, we must mount the wellKnown middleware before the
frontend.
2021-07-20 13:19:31 +01:00
Naz
9a26ee9125 Added checkEmailList alpha labs flag
closes https://github.com/TryGhost/Team/issues/911

- See refed issue
2021-07-20 13:59:36 +04:00
Peter Zimon
94234e1505 Updated copy for tiers CTA
- Updated "product" copy to "tier" in the default content CTA  when members need to be on a different plan to have access to a post.
2021-07-19 13:14:37 +02:00
Fabien 'egg' O'Carroll
c0f32b7746
Replaced usage of Error with @tryghost/errors (#13161)
refs 2f1123d6ca

Usage of the raw Error class has been deprecated in favour of our own
errors, which are more descriptive and have built in HTTP status codes.

This also updates the same errors to use @tryghost/tpl for the error
messages, which is the new pattern we are following in order for us to
deprecate the i18n module.
2021-07-19 11:46:38 +01:00
Kevin Ansfield
e5db28db00 Removed use of i18n in snippets controllers
no issue

- i18n is deprecated in favour of `tpl`
- normalized method syntax so `add` matches the rest of the controller's methods (fixed a complexity warning but was not the primary intention)
2021-07-19 11:08:55 +01:00
Naz
810b052e01 Removed use of deprecated new Error() syntax
refs 2f1123d6ca
refs 6f1a3e1774

- As per refed commits, we are removing deprecated use of `new Error()` in the codebase
- Exposed few internal from commands module methods for easier testing, otherwise it was turning into neverending mocking show
2021-07-19 21:31:31 +12:00
Naz
4c4af001e6 Removed use of deprecated new Error() syntax
refs 2f1123d6ca
refs 6f1a3e1774

- As per refed commits, we are removing deprecated use of `new Error()` in the codebase
2021-07-19 21:31:31 +12:00
Naz
a266c64130 Removed use of deprecated new Error() syntax
refs 2f1123d6ca
refs 6f1a3e1774

- As per refed commits, we are removing deprecated use of `new Error()` in the codebase
2021-07-19 21:31:31 +12:00
Fabien 'egg' O'Carroll
1af2b50dcf
Added userAuth brute middleware to members auth endpoint (#13152)
refs https://github.com/TryGhost/Team/issues/696

The userAuth spam prevention logic is reused, but a new piece of
middleware has to be created so that we can use a custom lookup key to
conatin the member email.

We must also add json parsing middleware to the route so that the brute
middleware can read the email.

The express body-parser middleware handles multiple instances on the
same route, so this doesn't cause problems upstream.

https://github.com/expressjs/body-parser/blob/1.19.0/lib/types/json.js#L99-L103
2021-07-19 09:40:38 +01:00
Naz
d1b569075f Decreased coupling of frontend routing to server api
refs https://github.com/TryGhost/Team/issues/527
refs https://github.com/TryGhost/Ghost/issues/10790

- Frontent has to have as few as possible coupling points with the Ghost Server API. By design that point has been a "proxy.api" property that will become more and more constraint in the future based to limit the surface of frontend interaction with servers's API
- Removing `.../server/api` requires in favor of using a proxy decreases direct coupling
2021-07-19 19:45:54 +12:00
Rishabh
07dd783a40 🐛 Fixed error on saving member with existing label
closes https://github.com/TryGhost/Team/issues/743

Unlike tags, a label has a unique constraint on its `name`. So saving a new label on member with the same name as existing label fails with error due to unique constraint error.

- adds id for new label to match existing label if they are the same name, which avoids creating a new label
2021-07-16 14:01:47 +05:30
Kevin Ansfield
9b963cef63 Added featureImgDragDrop alpha labs flag
refs https://github.com/TryGhost/Team/issues/884

- used by Admin whilst working on drag/drop support and design
2021-07-15 16:01:34 +01:00
Fabien 'egg' O'Carroll
71ba9f3d17
Readded support for comped status in event aggregate (#13142)
refs https://github.com/TryGhost/Team/issues/880

The aggregate for `paid_delta` was incorrect as it did not handle the
case where an event went from paid->comped or from comped->paid. This
resulted in an overcount for paid members.
2021-07-15 15:17:51 +01:00
Naz
9870aff8f0 Fixed slow-running scheduling default test
refs https://github.com/TryGhost/Team/issues/860

- Slow unit tests cause longer waiting time to deliver code to main. Before this fix the test was taking a whooping 6s on average
- The main cause of the delay was a downstream's package (got) default retry logic that was taking up a lot of time bypassing the retry logic present in the default scheduler itself
2021-07-15 13:50:59 +04:00
Kevin Ansfield
9c5a25b060 🐛 Fixed alt="null" for feature image in emails
no issue

- when no alt text was set for feature images we were incorrectly rendering `alt="null"` in emails
2021-07-15 09:44:34 +01:00
Fabien O'Carroll
62ee693310 Lazily instantiated express-session middleware
refs https://github.com/TryGhost/Team/issues/756

When running the tests it was possible for this middleware to be
instantiated before the settings cache, resulting in an undefined
'session_secret' setting being passed. This would cause tests to fail.

Tracking this down proved difficult, so the fix was made here, by
instantiating the express-session middleware only once a request needs
to use it, we can be confident that Ghost has completely started.
2021-07-14 17:19:53 +01:00
Naz
5ea8e9b926 Removed use of deprecated new Error() syntax
refs 2f1123d6ca
refs 6f1a3e1774

- As per refed commits, we are removing deprecated use of `new Error()` in the codebase
- This bit cleans up the rest of `new Error()` usage in MEGA service
2021-07-14 19:17:35 +04:00
Naz
b045112950 Renamed exposed _getEmailMemberRows in mega
no issue

- Exposing internal methods out of the module is a non-standard practice. Adding `_` prefix allows to signal that this method is not for general use.
- When mega is refactored into a proper class this method will become exposed anyways
2021-07-14 18:56:57 +04:00
Naz
f343e73c92 Removed use of deprecated new Error() syntax
refs 2f1123d6ca
refs 6f1a3e1774

- As per refed commits, we are removing deprecated use of `new Error()` in the codebase
- This bit cleans up `new Error()` usage in MEGA service
2021-07-14 18:44:25 +04:00
Naz
8f5d6ebf8c Removed use of deprecated new Error() syntax
refs 2f1123d6ca
refs 6f1a3e1774

- The use of new Error() has been deprecated. Refactoring the migration  to use `createIrreversibleMigration` made most sense to have central error handling for migration which are not meant to be reverted.
2021-07-14 12:16:44 +04:00
Naz
bfb899b293 Removed stray code
refs 77a5ea5659

- This part was misscommited, wasn't meant for main
2021-07-14 11:51:14 +04:00
Naz
77a5ea5659 Added JSDoc to addTable method
no issue

- This mehod has an important `tableSpec` parameter which MUST be present when creating a new table migration. Having a description in form of the JSDoc somewhat helps this cause
- Next best improvement would be throwing an error if the parameter wasn't present, but that would require a bigger refactor backporting all usages of `addTable` method
2021-07-14 11:39:23 +04:00
Daniel Lockyer
17f0aae97e v4.9.4
-----BEGIN PGP SIGNATURE-----
 
 iHUEABYIAB0WIQTqYa7kNs8D7Oo9dgLSEYbwtHKVrQUCYOyBkgAKCRDSEYbwtHKV
 rUwwAQCxNVIluZNQaQFq1mXsXK99oJUh62TcfaRVpLln4OIW2gEA9P74NRNzAdM+
 RC3C0CeEnGEU0ggmfa4Snp6NNT47BAU=
 =wETf
 -----END PGP SIGNATURE-----
gpgsig -----BEGIN PGP SIGNATURE-----
 
 iHUEABYIAB0WIQTqYa7kNs8D7Oo9dgLSEYbwtHKVrQUCYOyCCgAKCRDSEYbwtHKV
 rTK6AQC+F1TV6FvH/JOrjyR0pdxgr3SzAubG22a4imwQenLjEwEA0nC2wFzsyRJd
 QZxi1khdgSXKe68ZpOMhqYPvC9maCA8=
 =RAf0
 -----END PGP SIGNATURE-----

Merged v4.9.4 into main

v4.9.4
2021-07-12 18:55:16 +01:00
Daniel Lockyer
5185ebf4ac
Updated Ghost-Admin to v4.9.4 2021-07-12 18:53:22 +01:00
Vikas Potluri
27e618e60c updated theme validation error copy to match other messages 2021-07-12 18:51:08 +01:00
Vikas Potluri
803a9e11b7 🐛 fixed name is not defined error when uploading invalid theme 2021-07-12 18:51:08 +01:00
Fabien O'Carroll
caf01544c8 Updated WEBHOOK_SECRET check to output a warning
refs https://github.com/TryGhost/Team/issues/841

When using our development tooling Ghost should always start, instead of
exiting with an error. This check for the WEBHOOK_SECRET env var was the
primary cause of Ghost erroring in development, so it's been switched
with a warning.
2021-07-12 11:23:46 +01:00
Hannah Wolfe
6726246697
Fixed test for overriding active theme
refs: f9a3f7d955

- The test for overriding a theme (uploading a theme with the same name as the currently active theme) doesn't test the right codepath
- It incorrectly assumes uploading the same theme twice results in an override, but this is only true for the active theme
- This change splits the override test out into it's own test, and only tests overriding by changing the active theme first
- Also fixed a minor comment type whilst here
2021-07-11 20:02:32 +01:00
Sam Lord
cd86724731 Merged 4.9.3 into main 2021-07-09 20:56:55 +01:00
Sam Lord
fcf3667c04 Updated Ghost-Admin to v4.9.3 2021-07-09 20:41:27 +01:00
Kevin Ansfield
f9a3f7d955 🐛 Fixed "Cannot destructure property" error when overwriting active theme
refs https://github.com/TryGhost/action-deploy-theme/issues/45

- added missing `throw error` in the `setFromZip()` catch which was hiding the underlying error when a theme uploaded and saved successfully but other code had failed
- fixed incorrect method name `activator.activateFromOverride` -> `activator.activateFromAPIOverride`
2021-07-09 20:40:01 +01:00
Kevin Ansfield
4235753e95 🐛 Fixed "Cannot destructure property" error when overwriting active theme
refs https://github.com/TryGhost/action-deploy-theme/issues/45

- added missing `throw error` in the `setFromZip()` catch which was hiding the underlying error when a theme uploaded and saved successfully but other code had failed
- fixed incorrect method name `activator.activateFromOverride` -> `activator.activateFromAPIOverride`
2021-07-09 19:27:49 +01:00
Sam Lord
cbd163d921 Updated Ghost-Admin to v4.9.2 2021-07-09 10:23:26 +01:00
Thibaut Patel
b0762e623f Enabled removing all segmented email cards when the memberSegment is null
no issue

- In the current iteration of the gated email project, we are returning a null segment instead of returning the correct list of segmented users as a temporary measure. The expectation was to clear all segmented cards and it's now the case.
2021-07-08 18:34:30 +02:00
Sam Lord
ceb3d05c09 Updated Ghost-Admin to v4.9.1 2021-07-08 11:13:20 +01:00
Hannah Wolfe
9e2b21578a
Moved labs middleware into labs utility
- this middleware isn't used anywhere at the moment
- including it in our labs utility should help to make it moe discoverable
2021-07-08 09:05:41 +01:00
Hannah Wolfe
c29c118fcf
Moved labs utlity to shared
- This isn't really a "service" - it's a set of utilities for working with labs flags
- It's also required all over the place, and doesn't require anything that isn't shared
- Therefore, it should live in shared
2021-07-08 09:05:41 +01:00
Hannah Wolfe
2072361022
Fixed frontend require in labs
- Replaced requiring SafeString all the way from the theme engine, with using express-hbs directly
- This is quite a big require, just for the safe string function, but without this we have to tie labs to our theme layer
- Also removed i18n and updated the jsdoc for enabledHelper
- The labs service can be moved to shared now!
2021-07-08 09:05:40 +01:00
Hannah Wolfe
72a1c0b898
Revert "Moved vhost mounts into boot file"
This reverts commit 7e61f73b8c.
2021-07-08 07:10:18 +01:00
Hannah Wolfe
4481b51992
Revert "Fixed frontend require in labs"
This reverts commit 6fb8736560.
2021-07-08 07:10:11 +01:00
Hannah Wolfe
8d38957bd7
Revert "Moved labs utlity to shared"
This reverts commit 782de52678.
2021-07-08 07:09:13 +01:00
Hannah Wolfe
145762485e
Revert "Moved labs middleware into labs utility"
This reverts commit 161ba51d2b.
2021-07-08 07:09:06 +01:00
Hannah Wolfe
161ba51d2b
Moved labs middleware into labs utility
- this middleware isn't used anywhere at the moment
- including it in our labs utility should help to make it moe discoverable
2021-07-07 21:47:19 +01:00
Hannah Wolfe
782de52678
Moved labs utlity to shared
- This isn't really a "service" - it's a set of utilities for working with labs flags
- It's also required all over the place, and doesn't require anything that isn't shared
- Therefore, it should live in shared
2021-07-07 21:41:34 +01:00
Hannah Wolfe
6fb8736560
Fixed frontend require in labs
- Replaced requiring SafeString all the way from the theme engine, with using express-hbs directly
- This is quite a big require, just for the safe string function, but without this we have to tie labs to our theme layer
- Also removed i18n and updated the jsdoc for enabledHelper
- The labs service can be moved to shared now!
2021-07-07 21:33:15 +01:00
Hannah Wolfe
7e61f73b8c
Moved vhost mounts into boot file
- This stops the mounting of the admin and frontend from being buried deep in express initialisation
- Instead it's explicit, which makes two things almost possible:
   1. we can potentially boot the frontend or backend independently
   2. we can pass services and settings loaded during boot into the frontend
- This needs more work, but we can start to group all the frontend code together
- Meanwhile we also need to rip apart the routing and url services to decouple the frontend from the backend fully
- BABY STEPS!
2021-07-07 21:29:14 +01:00
Kevin Ansfield
3c9f5da39d 🐛 Fixed small text in Gmail on Android for newsletters containing images
closes https://github.com/TryGhost/Team/issues/737

- without an explicit `width: auto` on images Gmail on Android will make not make the image responsive, instead it was keeping the 1200px intrinsic width of the image and shrinking other content around it to match
2021-07-07 21:11:42 +01:00
Kevin Ansfield
69bc5a9dfd Fixed error when requesting resize of a blank image
closes https://github.com/TryGhost/Team/issues/819

- adds guard for an empty buffer when reading file from storage for resizing, if a blank image is loaded then redirect to the original file
2021-07-07 19:11:24 +01:00
Kevin Ansfield
b12589ce6d Added savedIndicator alpha labs flag
refs https://github.com/TryGhost/Team/issues/779

- used by Admin whilst working on editor saved/unsaved status indicator
2021-07-07 19:11:24 +01:00
Thibaut Patel
605b042a33 Update cache invalidation on several routes
issue https://github.com/TryGhost/Team/issues/859

- Added invalidation to PUT /authentication/setup
- Added invalidation to POST /db
- Added invalidation to DELETE /db
- Added invalidation to GET /slugs/:type/:name
- Removed invalidation from PUT /users/:id/token
2021-07-07 18:12:51 +02:00
Naz
360e8d08d4 Fixed failing tests
refs https://github.com/TryGhost/Team/issues/856
refs dfe1089ee2

- Module export order matters
2021-07-07 19:18:54 +04:00
Hannah Wolfe
61e1b19d46
Added comments to all usages of lib/common/events
- This is a precursor to trying to split apart into:
   - model events + webhooks system which makes sense
   - frontend events which should be independent or removed
   - maybe some concept of a settings manager that we can use in various places to bind logic 🤔
   - other usages of events that should be refactored to not use events
2021-07-07 16:02:44 +01:00
Naz
dfe1089ee2 Bumped default API version export to be canary/v4
refs https://github.com/TryGhost/Team/issues/856

- The default internal version of the API is expected to be the latest one available which is v4/canary at the moment.
- There will be more information posted in the referenced issue later around how to approach the "default version", for now it's just a change to make a small step into a right direction.
2021-07-07 18:44:21 +04:00
Naz
11f37a9363 Refactor imports in API's routes files
refs https://github.com/TryGhost/Team/issues/856

- There were two problems with routes.js files defining API routes:
- First, the module requires wen too deep into the "api" module and used specific api modules directly. We have an "index.js" file which defines an API for whole API, it should be used as an entry point to anything to do with the API.
- Second, The naming was inconsistent between the routes.js files for "api", "apiV2", "apiCanary" - it is an extra maintenance burden to go on and change each "api" name when the new version is introduced. The only thing that should be changed within these files is a single line on very top that "requires" a specific API version like so: "const api = require('../../../../api').canary;" - way less maintenance to change that canary to v5 instead of doing an extra rename for all "apiCanary" to "apiV5"
2021-07-07 18:33:25 +04:00
Hannah Wolfe
4da7e7f0cb
Rework the themeService public API
refs: https://github.com/TryGhost/Team/issues/831

- This ultimately fixes the index.js file
- It also makes it super clear what methods in the themeService are used by the API, and which are part of the service loading logic
- It also moves the activate and init function into a single file in a way that highlights they are very similar
- They are also very similar to what happens in storage.setFromZip but that code is mixed up with storage code at the moment
2021-07-07 15:02:02 +01:00
Hannah Wolfe
c3774a3fab
Moved bridge.activateTheme calls into one place
- This is a slightly weird thing, but the intention is to highlight that there are 3 different code paths that can activate a theme
- Ideally we want to unify all the codepaths more, but for now this at least helps us see what is happening where
2021-07-07 15:02:02 +01:00
Hannah Wolfe
496b2bf47b
Refactored theme index to use async/await
refs: 82ef700d81

- the index file got missed in the earlier changes to async/await
2021-07-07 15:02:01 +01:00
Hannah Wolfe
6a39d0a011
Unified ThemeValidationError generation code
- All the code for creating these errors is now replaced with a single function
- This is useful DRY as it helps make code more readable
- This gets rid of the override of the error type to ThemeWorksButHasErrors - which is both weird and afaict not used anywhere
2021-07-07 14:45:08 +01:00
Hannah Wolfe
362140b31e
Removed passing of error to active theme
refs:  076ad99593

- as of 076ad99593 we no longer use the error property of the active theme anywhere
- cleaning up and removing this usage reduces the code pathways and makes the init fn a bit clearer
2021-07-07 14:38:08 +01:00
Naz
9987bdbe17 Refactored proxy imports in frontend helpers
refs https://github.com/TryGhost/Team/issues/856

- This syntax gives easier understanding of modules dependencies and improves searchability. For exampke, I was looking for all "api" uses exposed by the server proxy and didn't have a clear picture into which modules used it.
- The change was made during a short-lived try to limit the use of "api" in the server proxy :) I thought it would be helpful when bumping the defult server API exposed internally. Next time!
2021-07-07 17:02:58 +04:00
Hannah Wolfe
82ef700d81
Refactored theme service to use async/await
refs: https://github.com/TryGhost/Team/issues/831

- We prefer async/await over promise chains because it makes the code much more readable
- the Theme Service needs further work and this should make that work much easier
   - e.g. https://github.com/TryGhost/Team/issues/831
   - e.g. fixing up the index.js file
2021-07-07 12:28:55 +01:00
Hannah Wolfe
ee5962bd5d
Removed i18n from backend theme code
- slowly slowly removing the @deprecated i18n code from everywhere in favour of tpl
2021-07-07 11:32:53 +01:00
Hannah Wolfe
dda884ee4f
Removed i18n from frontend theme code
- slowly slowly removing the @deprecated i18n code from everywhere in favour of tpl
2021-07-07 11:32:02 +01:00
Hannah Wolfe
10aad8db7e
Removed Bluebird catch predicate
- We use bluebird inconsistently throughout the codebase now
- The original reason why we needed to use it so heavily was so that all promises returned had the bluebird behaviour, including catch predicates
- Most other usage is explicit, but this is really hard to detect and hasn't made it to standard promises, so we should get rid of this pattern
2021-07-07 11:26:36 +01:00
Hannah Wolfe
e7b80e50dc
Refactored bootstrap.init to require route settings
- The router bootstrap is no longer allowed to fetch it's own settings, but rather is passed them
- This moves the call to the site routes.js file, which isn't much better but it's a start
- The goal is to always pass these in from the boot process, or from the bridge reloader
2021-07-07 10:25:45 +01:00
Hannah Wolfe
bab5764179
Simplified + unified debug naming conventions
- Reduced the number of levels in our debug naming in the frontend
- Unified components like "themes" and "routing" under one name
- Should help to make debug slightly more useful again
2021-07-07 09:57:14 +01:00
Daniel Lockyer
1d83bdf0e1
Updated Ghost-Admin to v4.9.0 2021-07-07 09:39:57 +01:00
Naz
4f73d9ae9d Fixed critical alerts sending to admin users
refs https://github.com/TryGhost/Team/issues/726

- The refed feature got broken during the refactors. Even though this area is covered by unit tests the "this context" testing should probably done on an integration test level, which we don't have a clear pattern for just yet
2021-07-07 11:29:18 +04:00
Hannah Wolfe
b1b09efd75
Moved loadAllThemes out of test util
- this was skipped on boot, but then called in the test utilities, but only on restart 🙈
- this means that yarn test:acceptance (i.e. running all tests) works, but if you try to run just test/api-acceptance/themes_spec.js it would fail because that uses a fresh boot not a restart/reload
- I've changed this as keeping the test using the real boot, rather than the made-up acceptance-utils tasks as much as possible is way better
2021-07-06 20:24:48 +01:00
Rishabh
5a1d3b0e95 Added cache control headers to members api
closes https://github.com/TryGhost/Team/issues/846

- members api was missing cacheControl middleware to declare its cache control headers
2021-07-06 20:33:14 +05:30
Fabien O'Carroll
fa137ed16e Added support for the 'comped' status for members
refs https://github.com/TryGhost/Team/issues/790

The schema validations are used at the model layer to validate inputs
and need to be updated in order for us to reintroduce the 'comped'
status.
2021-07-06 12:00:25 +01:00
Fabien O'Carroll
8a87eb9e36 Migrated members_status_events for comped members
refs https://github.com/TryGhost/Team/issues/790

Since version 4.6 the 'comped' status has not been used. Any members
which were given complimentary plans since then will have had a `status`
of 'paid', and therefore the corresponding members_status_events row
would have a `to_status` of 'paid'.

This migration is designed to fix these members_status_events rows by
ensuring that the last (chronologically) members_status_event row for a
comped member has a to status of 'comped'.

Unfortuantely this migration loses information which makes writing a
perfect inverse migraion impossible. Alternative down migrations were
considered, but these would lose further information.
2021-07-06 12:00:03 +01:00
Fabien O'Carroll
47cf21514e Migrated comped members to 'comped' status
refs https://github.com/TryGhost/Team/issues/790

In order to track when a member was comped, as well as to differentiate
paid members from comped, we are reintroducing the 'comped' status. This
migration will updated members with a Complimentary Stripe Subscription
to a status of 'comped'. It is essentially a reversal of the 4.6
migration.
2021-07-06 12:00:03 +01:00
Kevin Ansfield
541fb4d2db
🐛 Fixed potential for partial content re-generation in 4.0 migrations (#13120)
no issue

- incorrect syntax was used in the error handlers inside of the `for` loop, by using `return` when logging the whole for-loop was aborted whereas we want to log and continue processing the rest of the items
2021-07-06 10:15:32 +01:00
Kevin Ansfield
05b317af9d
🐛 Fixed incorrectly stored URLs after migration from 3.x to 4.6.1-4.8.4 (#13109)
refs https://github.com/TryGhost/Team/issues/853

A refactor of `urlUtils` usage in 4.6.1 left a buggy 4.0 migration that did not transform URLs inside of mobiledoc cards. Anyone upgrading from 3.x to 4.6.1-4.8.4 would end up with inconsistent URL formats and potentially broken images.

- fixed 4.0 migration by passing our mobiledoc cards list in when transforming mobiledoc urls
- added a new migration that re-applies the missed URL transforms and content re-generation for any site that did a 3.x upgrade to a buggy 4.x version
2021-07-06 10:15:00 +01:00
Naz
2c1ae2e9af 🐛 Fixed a 500 error for incorrect fields parameter in API
refs 8a1fd1f57f
refs 5584430ddc

- The change to async/await in the original commit 558443 was causing problems in downstream dependencies (create-error package) where it was loosing a context of "this". It's not a direct dependency so I didn't go yak shaving into where exacly the context is lost.
- The fix to keep a correct context of "this" was sticking to an existing pattern using regular function returning promises. Once we need to redo them into async/await we can investigate if there's a way around create-error's context prolbem
2021-07-06 11:58:37 +04:00
Daniel Lockyer
8a1fd1f57f
Revert "🐛 Fixed a 500 error for incorrect fields parameter in API"
- this reverts commit 5584430ddc until we
  can investigate why tests are failing
2021-07-05 17:36:44 +01:00
Naz
5584430ddc 🐛 Fixed a 500 error for incorrect fields parameter in API
closes https://github.com/TryGhost/Team/issues/817
refs 6d083ee00e/packages/bookshelf-pagination/lib/bookshelf-pagination.js (L256)

- The 500 error is not the best we can do in this situation and throwing a 400 just like we doo in a referenced commit would keep the convention
- The underlying problem of the bug is bigger - we allow the fields named the same way as relations to leak into the db query and that causes an incorrect SQL syntax. It's a bigger problem which would need a separate, holistic approach
2021-07-05 18:46:02 +04:00
Thibaut Patel
9c2cfb5d00 Added cache invalidation to the POST authentication/setup route
issue https://github.com/TryGhost/Team/issues/859
2021-07-05 16:01:25 +02:00
Rishabh
50eddaa208 Updated default content cta for restricted post/page access to custom filters
refs https://github.com/TryGhost/Team/issues/849

With multiple products, we have re-enabled segmentation by product for posts behind alpha feature flag. This change handles the default content cta to show custom message if the post's access is restricted to specific products when behind the flag.
2021-07-05 17:10:45 +05:30
Rishabh
3e9a23355f Handled visibility filter in post/page API
refs https://github.com/TryGhost/Team/issues/849

As part of work for segmented post access with multiple products, the custom filter for post access is stored in `visibility` field on posts but passed with `visibility_filter` property on API. This change -

- updates input serializer of posts to transform `visibility` and `visibility_filter` properties correctly
- updates output serializer for canary to transform and send `visibility_filter` attribute with filter value
- updates output serializer for v3 to ignore any custom filter on visibility and return `paid` instead as v3 didn't have a concept of custom filter
2021-07-05 17:10:45 +05:30
Rishabh
d413b3d654 Updated visibility validator for page/posts
refs https://github.com/TryGhost/Team/issues/849

Custom post visibility (behind alpha flag) is added to the API using new `visibility_filter` attribute that stores the custom filter. This change -

- updates validator for visibility to check new `visibility_filter` property
- cleans usage of i18n in favor of tpl
2021-07-05 17:10:45 +05:30
Kevin Ansfield
c756cf5feb Removed psmRedesign from allows labs flags
refs https://github.com/TryGhost/Team/issues/840

- redesign in Admin is now in `main` without flag
2021-07-02 19:06:42 +01:00
Naz
0f49e19127 Removed unneded i18n and logging parametes from update check
refs https://github.com/TryGhost/Team/issues/727

- @tryghost/update-check-service v0.2.0 does not require either i18n or logging parameters - makes things less tangled up!
2021-07-02 19:07:13 +04:00
Naz
703827b4c2 Changed update check's API version to use default one
refs https://github.com/TryGhost/Team/issues/727

- The version was forgotten to get a bump durin g 4.0 release. The API version used by update check should be the same as internal default.
- Because the current internal default is mistakenly set to v3 API it's still not optimal but will need a holistic solution in the future
2021-07-02 19:07:13 +04:00
Naz
076ad99593 Removed 500 error during production boot \w a theme error
refs https://github.com/TryGhost/Team/issues/781
refs 813d288eb2#

- The 500 error was introduced through a refed commit long time ago when (probably?) there were no other safeguards preventing from serving content through a theme with errors. Since than we have multiple safeguards when aploading/activating the theme with errors and the default handling when such error occurs is more graceful - a 400 with specific error details is shown
- We need this change to land before bumping gscan that introduces more suphisticated error detaction in theme templates. Otherwise, people upgrading to new version and having an error on an unused template or somewhere undetected previously woul end up with a bricked site showing a generic 500 - not a great experience!
2021-07-02 14:31:45 +04:00
Thibaut Patel
3ca4cd99f1 Moved the gated email card feature behing an alpha flag
issue https://github.com/TryGhost/Team/issues/842
2021-07-02 12:15:03 +02:00
Naz
607623211a Corrected deprecation comment
no issue

- Ghost 4.0 didn't contain any breaking changes. Breaks like this one will be introduced in 5.0
2021-07-02 13:50:11 +04:00
Hannah Wolfe
84c2154cbe
Fixed missing renames getExcerpt -> generateExcerpt
refs: fbf0636936

- I renamed this pattern in a bunch of places, but missed a few, leaving the code messy and confusing
- This makes the naming consistent
2021-07-02 09:44:18 +01:00
Matt Hanley
4ac89c0176
Added webp image support (#13105)
refs https://github.com/TryGhost/Ghost/issues/9448
refs https://github.com/TryGhost/Ghost/issues/2591

Added API support for webp image files.
2021-07-02 09:37:54 +01:00
Rishabh
86fbb14033 Added subscription price data for logged-in member
no refs

- adds `price` data on subscription from related `stripe_price` on updating a member via frontend
- removes inconsistency between `GET` and `PUT` data for logged in member on a site
2021-07-01 23:30:14 +05:30
Naz
380c0dad2c Fixed email batch partitioning when only one card used
refs https://github.com/TryGhost/Team/issues/828

- Previous method had a bug where it didn't take into account cases when onlya single card with a segment filter has been used leaving the members not covered by that filter without an email
2021-07-01 20:58:24 +04:00
Naz
986a7526f5 Added member partitioner based on segment
refs https://github.com/TryGhost/Team/issues/828

- Before sending out batches with members we need to partition all members based on the segment they belong to. Special segment "unsegmented" is used in case none of the segments used in the emal cards cover part of the members set (for example only free members card used when emailing all members)
2021-07-01 20:58:24 +04:00
Kevin Ansfield
1b0aa0abd8
Fixed feature_image_caption needing triple-curlies in themes (#13107)
refs https://github.com/TryGhost/Team/issues/845
refs 517d2abc5c

- updated router response formatting functions and `{{#get}}` helper response handling to make any `feature_image_caption` properties in the response a `SafeString` instance so triple-curlies are not needed when using the property in themes
2021-07-01 17:55:44 +01:00
Thibaut Patel
2d95c1b8d7 Reverted a bad change from a previous commit
commit b94c8bcfd4
2021-07-01 16:39:36 +02:00
Hannah Wolfe
6f1a3e1774
Removed usages of new Error & i18n in legacy code
- cleaning up a handful of usages of i18n and new Error in some really old codepaths
- pushing our new patterns forward wherever we can
2021-07-01 12:53:06 +01:00
Thibaut Patel
b94c8bcfd4 Render an email correctly according to the associated member segment
issue https://github.com/TryGhost/Team/issues/829
2021-07-01 13:36:42 +02:00
Hannah Wolfe
af4bfb8862
Changed meta filenames to correct casing
- purely for cleanliness!
- we use kebabcase by default
- tests should be kebab-case-file_spec.js (one day we want this to be .test.js)
2021-07-01 12:30:25 +01:00
Hannah Wolfe
1785611db9
Refactored meta index
- The main aim here is to end up with a simple and clear public API for the meta module
- Secondarily, we want to make it a bit clearer which bits don't really belong here so we can see what to do with them
- To achieve this, the main logic has been moved into get-meta (although there's still some logic here which needs moving further)
- The index.js now has a small clear public API, and the proxy, which is the only way this is consumed, is able to use the public API directly
2021-07-01 11:58:40 +01:00
Hannah Wolfe
9fbc0b7f2b
Moved post excerpt logic to an excerpt file
- This is content negotiation logic and shouldn't be inline
- TODO: this needs tests
2021-07-01 11:47:30 +01:00
Hannah Wolfe
fbf0636936
Renamed meta/excerpt meta/generate-excerpt
- This function is quite different to the others, as it generates an excerpt from HTML (truncating)
- Most functions in the meta data folder just contain content negotiation logic, like if post then feature_image else cover_image type things
- This function is more like a library and shouldn't live in Ghost, it should probably be in @tryghost/helpers
- It's definitely something we'd love to rewrite to work better tooooo
2021-07-01 11:47:29 +01:00
Kevin Ansfield
29af4b93a0 Fixed linter errors
refs 517d2abc5c

- forgot to remove now-unused labs requires
2021-07-01 10:59:40 +01:00
Kevin Ansfield
517d2abc5c Added feature_image_{alt/caption} to the v4 posts API
refs https://github.com/TryGhost/Team/issues/839

It's now possible to set alt and caption for post feature images using `feature_image_alt` and `feature_image_caption` fields on a post resource.

- `feature_image_alt` - plain text, limited to 191 chars (alt text is not recommended to be longer than 125 chars, screen readers may cut the description off at that point)
- `feature_image_caption` - basic HTML, limited to 65535 chars

Alt and caption will be automatically used inside of newsletter content, for your website content make sure your theme is updated to use the v4 API and make use of the new properties.

---

- removed `featureImageMeta` labs flag
2021-07-01 10:53:55 +01:00
Hannah Wolfe
ac07703f17
Changed app/loader to use @tryghost/errors
- getting rid of instances of new Error as we should always use @tryghost/errors
- Whilst here, got rid of i18n but discovered the messages were missing!
- This is my fault, they disappeared when I removed external apps and clearly removed too much: 8c1a0b8d0c (diff-0f5cc40aa8906a1be1bad2002a35361bbf9e766e46b3b29be10f4f479265426a)
- Therefore, I have restored these messages in the places where they were used, except amp_content, where I have written a new message, as the message that was there was not relevant
2021-06-30 16:05:54 +01:00
Hannah Wolfe
bd597db829
Moved settings/cache to shared/settings-cache
- This is part of the quest to separate the frontend and server & get rid of all the places where there are cross-requires
- At the moment the settings cache is one big shared cache used by the frontend and server liberally
- This change doesn't really solve the fundamental problems, as we still depend on events, and requires from inside frontend
- However it allows us to control the misuse slightly better by getting rid of restricted requires and turning on that eslint ruleset
2021-06-30 15:49:10 +01:00
Hannah Wolfe
3ea6df819c
Refactored SettingsCache to get events through DI
- requiring lib/common/events makes the settings cache tightly coupled to the server
- moving this up to settings index means the cache itself can be moved to a shared component/moved out of Ghost
- the index then becomes the settings manager
- questionable whether the event listeners & updater part of this shouldn't be part of a manager, independent of the actual cache 🤔
2021-06-30 15:40:41 +01:00
Naz
d33baf9ba4 Added member_segment persistance to email_batches
refs https://github.com/TryGhost/Team/issues/828

- We need a way to recreate a filter that was used to create an email content for specific email_recipient. By saving member_segment value for each email_batch we can traverse back to the filter that was applied during email creation.
2021-06-30 18:32:31 +04:00
Hannah Wolfe
0b333765d4
Refactored shutdown and reset for settings
- shutdown removed listeners, which should really be done before adding them anyway!
- reset sets the cache back to an empty object, which was already done by init
- merge these into one reset function that fully resets the cache
- all instances of shutdown were called before an init call, and now called during init, therefore these can be removed
- acceptance utils had an instance of calling shutdown and reset together as part of stopping Ghost, reworked that to be clearer
2021-06-30 15:18:15 +01:00
Naz
a62ab18b9f Added segmeted email batch creation
refs https://github.com/TryGhost/Team/issues/828

- When sending email batches out they need to be created without mixing different member segments. This allows for easier reasoning about what data has been sent out to each specific email recipient
- Modified email batches to chunk based on segments defined in the HTML content of the post
2021-06-30 17:43:28 +04:00
Naz
bb8cf6001e Added unique filtering for segment parser
refs https://github.com/TryGhost/Team/issues/828

- When detecting email segments and later creating a member filter out of this data we only care about unique segments otherwise we'd be creating multiple batches with the same segment filter
2021-06-30 17:43:28 +04:00
Naz
e04af28efe Added segment parser logic
refs https://github.com/TryGhost/Team/issues/828

- This is experimental segment extraction logic, more to follow. Alllows to extract arrays of email segments used in the email's HTML content
2021-06-30 17:43:28 +04:00
Thibaut Patel
a792b92e94 Added member segment to email batches
issue https://github.com/TryGhost/Team/issues/826
2021-06-30 14:56:20 +02:00
Hannah Wolfe
b33b837c39
Removed unused reinit function
refs: https://github.com/TryGhost/Ghost/pull/11987
refs: 7e28802b1c
refs: 0b79abf5b2
refs: https://github.com/TryGhost/Ghost/issues/12003

- renit was added in https://github.com/TryGhost/Ghost/pull/11987
- it was then refactored out in 7e28802b1c (I think inadvertently)
- but we no longer call settings.init() before the DB is ready with the new boot proces 0b79abf5b2s
- original bugs, such as https://github.com/TryGhost/Ghost/issues/12003 could have regressed as a result of this being removed, but it is hard to reproduce
- by not initising settings before migrations, we reduce the complexity of needing to reinit them
- this commit actually just removes dead code, but I've left all the context I've found today here in this message so that it can be easily reconstructed if needed
2021-06-30 12:44:32 +01:00
Hannah Wolfe
e410e16a5b
Refactored routing to be passed routes config
- At the moment the bootstrap.start method asks the settings service for its settings
- This couples the routing and settings services together - when maybe we want to use a different method to generate settings
- By passing the settings to the routing service at the right time, we open up possibilities for refactoring
2021-06-30 12:28:33 +01:00
Hannah Wolfe
441b12d62c
Fixed route settings ref in api v3
refs: 8612f3aaeb

- this change was missing a git commit --amend 🙈
- note to self: our acceptance tests all use the v3 API...
2021-06-30 11:49:32 +01:00
Hannah Wolfe
8612f3aaeb
Moved route settings to new server service
- The main goal here is getting this settings related code out of the routing service as it really doesn't belong there
- This settings file is used purely by the API to get and set files - its not really anything to do with actual routing
- This file calls out to the bridge to do a reload, which helps decouple slightly
- More refactoring is needed to get rid of the urlService dependency
- Note this file is really similar to the redirects one, it would be good to merge them
2021-06-30 10:58:33 +01:00
Naz
32a09dc9c6 Updated createEmailBatches JSDoc
refs https://github.com/TryGhost/Team/issues/828

- Updated to follow latest code standards
2021-06-30 13:56:35 +04:00
Hannah Wolfe
ed46f31c71
Revert "Moved route settings to server"
This reverts commit 3c36af63cf.
2021-06-30 10:52:19 +01:00
Hannah Wolfe
4ef2ae4436
Revert "Refactored routing to be passed routes config"
This reverts commit 8d754a592e.
2021-06-30 10:52:11 +01:00
Rishabh
d196d9b525 Added benefits to product data in portal settings
refs https://github.com/TryGhost/Team/issues/838

- adds benefits data to product for portal UI
2021-06-30 14:51:42 +05:30
Hannah Wolfe
8d754a592e
Refactored routing to be passed routes config
- At the moment the bootstrap.start method asks the settings service for its settings
- This couples the routing and settings services together - when maybe we want to use a different method to generate settings
- By passing the settings to the routing service at the right time, we open up possibilities for refactoring
2021-06-30 09:43:54 +01:00
Hannah Wolfe
3c36af63cf
Moved route settings to server 2021-06-30 09:31:15 +01:00
Hannah Wolfe
c909a6caa1
Refactored route settings file
- broken down large function into smaller functions to reduce repeated code
- try to make this and the redirects equivalent look similar
- this code is the getter and setter for the API
- TODO: I think this can be further refactored into a settings file class
2021-06-30 09:18:00 +01:00
Hannah Wolfe
2c729e99f9
Added reload frontend wrapper to bridge
- Allows for slight decoupling of API and frontend with route settings being updated
- Activate theme now calls the same codepath to reload the frontend
- Yet another step on the path to make it possible to init/reload/run the frontend independently from the server
2021-06-29 18:45:03 +01:00
Daniel Lockyer
81cde2bbf9 v4.8.4
-----BEGIN PGP SIGNATURE-----
 
 iHUEABYIAB0WIQTqYa7kNs8D7Oo9dgLSEYbwtHKVrQUCYNtS/AAKCRDSEYbwtHKV
 rWB9AP4oax10sV0tyQ5tUEHjKjEFme09Fnen0+YqBDipNE4gIgEAjNeuw+kggf/B
 cu5TdAiP3nHOyzaEIt0S28M6m9nnaAI=
 =Q+xD
 -----END PGP SIGNATURE-----
gpgsig -----BEGIN PGP SIGNATURE-----
 
 iHUEABYIAB0WIQTqYa7kNs8D7Oo9dgLSEYbwtHKVrQUCYNtTfwAKCRDSEYbwtHKV
 rbn0AQDMtjID6NQk0zjQkjpNbOBf/BGbZWy4kC0+DAdo8AoAEwEAiZmbKAeRT3gv
 fxpSUKTVQHwdXTiJlvcHue0p9xyLKQ8=
 =VSw3
 -----END PGP SIGNATURE-----

Merged v4.8.4 into main

v4.8.4
2021-06-29 18:08:08 +01:00
Daniel Lockyer
6116036d46
Updated Ghost-Admin to v4.8.4 2021-06-29 18:06:03 +01:00
Rishabh
ae70b2b5ce Refined multiple product flows in Portal
no refs

- updates UI flows for signup/upgrade/change plan in Portal to be more consistent
- adds specific flag handling for multiple products feature
2021-06-29 21:50:08 +05:30
Fabien O'Carroll
a6592566bb Added support for benefits to Admin Products API
refs https://github.com/TryGhost/Team/issues/806
2021-06-29 16:53:15 +01:00
Fabien O'Carroll
c57e612286 Added benefits relation to Product model
refs https://github.com/TryGhost/Team/issues/806

This relation sets up the ability to both read and write relations via
the Product model, allowing us to expose benefits via the Admin Product
API.
2021-06-29 16:53:15 +01:00
Fabien O'Carroll
cbac3d1eb0 Added Benefit model
refs https://github.com/TryGhost/Team/issues/806

This is the model to represent the Benefit resource stored in the
`benefits` table. The `onSaving` method has been copied from the Tag
model and ensures that we have a unique slug.
2021-06-29 16:53:15 +01:00
Daniel Lockyer
1ff4f6ce7d
Added guards against parentPort being null
fixes https://github.com/TryGhost/Team/issues/834

- see referenced issue for context
- there are times when `parentPort` can be null and the job crashes
  because `parentPort.postMessage` won't work
- this commit adds guards around `parentPort`, or moves code inside
  existing guards, to protect against this
2021-06-29 12:14:48 +01:00
Naz
7e9c182dc5 Added protective code to update-check job
refs https://github.com/TryGhost/Ghost/pull/13091

- When the job is run under Node v14 with SQLite DB the parentPort is `null` in some of the environments. The guarding code protects from the job crashing in such situation.
- The most probable cause is running btrheds with `BTHREADS_BACKEND = 'child_process';` configuration for SQLite. Should be fixed once https://github.com/mapbox/node-sqlite3/issues/1386 is properly resolved
2021-06-29 14:02:16 +04:00
Naz
c6c720634c Removed unused email analytics job
no issue

- The 'fetch-all' job was only used during development and has never been useful since. It's a dead code x_x
2021-06-29 13:47:55 +04:00
Hannah Wolfe
77996d1ee4
Moved vhost arg logic out of the parent app
- Makes the logic for determining the admin and frontend vhost args independent and easier to test
- Moved the tests to specifically test the vhost utils & removed proxyquire as a dependency
- We want to breakdown the current parent app into the existing core/app.js and boot code, allowing us to decouple the backend and frontend further
- This is all part of the refactoring to separate server and frontend completely
2021-06-28 19:38:42 +01:00
Hannah Wolfe
fcce649600
🔥 Removed netjet support
refs: https://github.com/cloudflare/netjet/issues/46

- HTTP2/Push never made it, this module is therefore defunct
2021-06-28 16:13:46 +01:00
Daniel Lockyer
1fc56ff1e8
🐛 Fixed validation on theme install API parameters
fixes https://github.com/TryGhost/Team/issues/818

- validation on query parameters should be wrapped in `options` within
  `validation`
- this is missing from the theme install API endpoint so we don't force
  the parameters to be passed in
- Ghost throws a 500 if `ref` is not supplied because following code
  assumes we've checked the existence
- this commit wraps the two query parameter validation statements in
  an `options` object to ensure they exist - Ghost returns a 422 if
  missing
2021-06-28 14:03:28 +01:00
Naz
58b3c47781 Fixed broken notifications/setting acceptance tests
refs d9ddc2db6a
refs https://github.com/TryGhost/Team/issues/754

- The tests were written with falsy assumptions and validation added in refed commit have uncovered it!
-  A secondary issue touched here is additional JSON object serialization that is used in the  "input serializer" -d9ddc2db6a/core/server/api/v2/utils/serializers/input/settings.js (L107-L110)
- The additional stringification should not be there at all. It covers for a mistaken internal use of Settings API where raw objects are passed around instead of serialized JSON Objects (see commets left with this changeset for details)
2021-06-28 16:48:00 +04:00
Naz
d9ddc2db6a Added extra validation for some settings of array type
refs https://github.com/TryGhost/Team/issues/754
refs a7dec233ba

- Additional validation protects from problems like the ones in refed commit from even getting through to the database.
- At the moment only used notificatons and couple more settings to ensure they are arrays when passed into the API. This is to avoid making big change in settings straight away - this is a problematic area which needs cautious approach.
- Ideally in the future the list of settings to check the "array" type (and other types) should be automatically generated based on the default-settings.json (or whatever way we define settings in the db a that moment)
- There's an ugly code-tripplication going on in this change. This is a separate topic that will be addressed once we work on API cleanup.
2021-06-28 14:26:18 +04:00
Hannah Wolfe
d9e8d9c148
Switched to using config-url-utils in boot.js
- config now exposes a few helpful methods: getSubdir, getSiteUrl, and getAdminUrl
- we can use these directly, instead of needing url-utils
- switching this inside of the boot process allows us to move the loading of url-utils into `initCore` which happens after the server has started and the database is ready
- this moves 100ms of loading time to later in the process
- also simplifies the initial loading
2021-06-28 10:50:41 +01:00
Hannah Wolfe
081d3b3a38
Cleaned comments in boot.js
- Cleaned up some of the comments
- Added proper method signatures where appropriate
- Split initDynamicRouting out from initServices, to make that clearer to read
2021-06-28 10:43:56 +01:00
Hannah Wolfe
218df4b5a4
Removed i18n.js from the bridge
- part of our work to deprecate our broken i18n implementation
2021-06-28 09:51:39 +01:00
Naz
3f2327c4d1 🐛 Fixed update notification showing after upgrade
refs https://github.com/TryGhost/Team/issues/754
refs https://github.com/TryGhost/Team/issues/204
refs https://forum.ghost.org/t/critical-security-notification-keeps-displaying-even-after-updating-to-the-latest-version/23673

- After Ghost instance upgrade higher than v4.3.3 the security notification should not be shown any more, as the instance is now patched and fixes the issue.
- There was no way to derive the targetted Ghost version of the notification message so had to include matching based on other unique id of the message.
- Future improvements to update check/notifications should take this inconvenience into account (e.g. introduce a special field in notifications that tracks targetted Ghost instance version)
2021-06-28 11:25:04 +04:00
Naz
c328ab781b Fixed broken boot sequence
refs 0d0e09f173
refs https://github.com/TryGhost/Team/issues/754

- As per comment on the top of boot.js:

// IMPORTANT: The only global requires here should be overrides + debug so we can monitor timings with DEBUG=ghost:boot* node ghost

- Referenced change broke the rule above and would have caused all sorts of boot problems.
2021-06-28 10:02:51 +04:00
Fabien O'Carroll
b894b2a913 Added products_benefits table
refs https://github.com/TryGhost/Team/issues/804

The associative table is used to implement the many-to-many relationship
between Products and Benefits. The `sort_order` column is needed because
a product's benefits should be orderable by an admin.
2021-06-24 17:21:01 +01:00
Fabien O'Carroll
65b2e8a0a5 Added benefits table
refs https://github.com/TryGhost/Team/issues/804

Benefits are tag-like resources which will be associated with Products.
The first iteration just requires a name for the benefit, which will be
stored as plaintext.
2021-06-24 17:21:01 +01:00
Daniel Lockyer
53b7eb227b v4.8.3
-----BEGIN PGP SIGNATURE-----
 
 iHUEABYIAB0WIQTqYa7kNs8D7Oo9dgLSEYbwtHKVrQUCYNSBfAAKCRDSEYbwtHKV
 rdNyAP9sT2e/01PE1p8l0PoTbq6nOL08BIA8ZKDiX/tFDeJ7owD9EikupgI6snND
 VrvRyA3AIZf3+hooAfjxIogX7NhUrQU=
 =Aqm+
 -----END PGP SIGNATURE-----
gpgsig -----BEGIN PGP SIGNATURE-----
 
 iHUEABYIAB0WIQTqYa7kNs8D7Oo9dgLSEYbwtHKVrQUCYNSCAwAKCRDSEYbwtHKV
 rWOLAQDCheD486UqjssUUaEAjNxjoSzwvqnHSpnfRJB809eOmAEAv0UzVYM+vcJ6
 7vJdRXK2ke/dIc50n0mgRR8ktue6XAs=
 =TQTw
 -----END PGP SIGNATURE-----

Merged v4.8.3 into main

v4.8.3
2021-06-24 14:00:41 +01:00
Daniel Lockyer
3729dbf17c
Updated Ghost-Admin to v4.8.3 2021-06-24 13:58:36 +01:00
Daniel Lockyer
f2ab12bb91
🐛 Fixed incorrect data returned when using API fields
refs 188de00489

- this fix was incorrect - the function should have been on the
  prototype but I'd moved it over incorrectly into the static class functions
- this commit moves `defaultColumnsToFetch` to the prototype functions
  and reverts the referenced commit back to `this.prototype` as expected
- this wasn't including the custom columns from the `post` model, which
  was causing tests to fail
- pro tip: run tests!
2021-06-24 13:47:15 +01:00
Naz
07f7a7a158 Added JSDoc to notifications service's destroy
refs https://github.com/TryGhost/Team/issues/754

- Extra type intellisense is good!
2021-06-24 16:34:29 +04:00
Naz
b5fb439ae7 🐛 Fixed version update indicator on about page
refs https://github.com/TryGhost/Team/issues/754
closes https://github.com/TryGhost/Ghost/issues/13088
refs a7dec233ba

- The corrupted data recovery mechanism for notifications is needed to be able to fix the data stored in `settings` table under `notifications` key. There was no validation in place, which has caused some instances to store data in unreadable/writable state
- The recovery mechanism is in place to avoid adding migrations every time we spot a broken notifications data (will be fixed by validation soon).
- The notification data is also NOT critical but valuable for system functioning properly, that's the reason why the data "healing" happens in less secure  "fire-and-forget" way
- The referenced commit is where the "bigger" problem that was causing the data corruption was at. This change is a "cleanup" after what has happened there - storing Ghost error object in `value` for `notifications` key
2021-06-24 16:33:01 +04:00
Daniel Lockyer
e389a6d991 v4.8.2
-----BEGIN PGP SIGNATURE-----
 
 iHUEABYIAB0WIQTqYa7kNs8D7Oo9dgLSEYbwtHKVrQUCYNR3tAAKCRDSEYbwtHKV
 rXcMAQDQd7EcEmIx3sHlA5wjMz9SMZaybaOqLMzgCdUft2KOagD/dFtZBYpK4DLB
 Kr42XrNMVvORHNPso5lL35s9KNbTlwM=
 =OqBv
 -----END PGP SIGNATURE-----
gpgsig -----BEGIN PGP SIGNATURE-----
 
 iHUEABYIAB0WIQTqYa7kNs8D7Oo9dgLSEYbwtHKVrQUCYNR4ygAKCRDSEYbwtHKV
 rXtsAQDNUqm3qK0b8/hET9h7cIG5J5RpAo0WYJWxv01DwcTscAEAjlfK3vgUo3wD
 uHeeXH+DXOIhAqSxsXoJr7X+N/s+WQw=
 =BJTH
 -----END PGP SIGNATURE-----

Merged v4.8.2 into main

v4.8.2
2021-06-24 13:21:23 +01:00
Daniel Lockyer
1c1f41d0e2
Updated Ghost-Admin to v4.8.2 2021-06-24 13:16:52 +01:00
Daniel Lockyer
188de00489
🐛 Fixed error when using API to search for tags
refs a457631a20

- `defaultColumnsToFetch` was moved to the CRUD plugin in the referenced
  commit, which makes it a function on `this` instead of `this.prototype`
- this means the function doesn't exist and Admin throws an error when
  you start typing in the search bar because the API 500s
- this commit switches it to `this.defaultColumnsToFetch()`
2021-06-24 13:08:05 +01:00
Daniel Lockyer
ac8029680c v4.8.1
-----BEGIN PGP SIGNATURE-----
 
 iHUEABYIAB0WIQTqYa7kNs8D7Oo9dgLSEYbwtHKVrQUCYNRcHQAKCRDSEYbwtHKV
 rQJeAP9ufmgIztn1oj8kF7tZMZk4xaVCakqIgyQBlPvFKc+aawD8Dv44mmZ4Ntar
 7FQ52i07TCwk/b8lCUwxD4maYBuZNAE=
 =fgVN
 -----END PGP SIGNATURE-----
gpgsig -----BEGIN PGP SIGNATURE-----
 
 iHUEABYIAB0WIQTqYa7kNs8D7Oo9dgLSEYbwtHKVrQUCYNRciwAKCRDSEYbwtHKV
 rRatAQCJ27vyVeGYlnXVWF0XSgj3+QEwl2eEgh4GoVp4BPzHAwD/WrGvKRvddDtA
 kiqv93vRTda3GV1R4FGYVl34MwbGFAA=
 =+Yci
 -----END PGP SIGNATURE-----

Merged v4.8.1 into main

v4.8.1
2021-06-24 11:20:53 +01:00
Daniel Lockyer
a91a790d0d
Updated Ghost-Admin to v4.8.1 2021-06-24 11:19:09 +01:00
Daniel Lockyer
ce68b2e4a9
Reverted destroy function of CRUD plugin to chained promises
refs https://github.com/TryGhost/Team/issues/808

- see referenced issue for context, but turning this function into
  async-await seems to have broken error handling when deleting things
  that don't exist
- i'm really not sure why - but my running theory is that it's something
  to do with Bluebird Promises vs native Promises
- this should keep the same functionality until I can investigate what
  is going on
2021-06-24 10:17:40 +01:00
Daniel Lockyer
323074f106
🐛 Fixed error when deleting non-existent snippet
fixes https://github.com/TryGhost/Team/issues/809

- Bookshelf won't throw a `NotFoundError` unless `require=true` in the
  options
- this is present in most other API endpoints, so it's just simply
  missing from the snippet one
- without this, Ghost will crash with a 500 saying `Cannot read property
  'destroy' of null`
- this commit adds `require=true` to the destroy options for both the canary +
  v3 endpoints
2021-06-24 09:58:35 +01:00
Matthew Schmoyer
7bac21d591
🐛 Fix test email member uuid (#12809)
refs: #12808

- we need to use the uuid, not the id, so that e.g. unsubscribe urls are set correctly
- this is only for test emails, but it's still important to be able to test things fully!
2021-06-24 09:42:15 +01:00
Thibaut Patel
dc91eabe3c Moved the "Reset all passwords" permission migration to Ghost 4.9
commit f12f64e87b
2021-06-23 17:08:44 +02:00
Naz
42e11ca859 Fixed update check logging when run within a job
refs https://github.com/TryGhost/Team/issues/754

- The logging wasn't working for the update check when run from the scheduled job. Fixed package method signature to allow for "logging" parameter. The sideeffect of this change was such that we need to instantiate a new instance of the UpdateCheckService on every method call to differentiate the call from within the code (controller) or from the job level
- Also added an await before returning the check method call as it didn't execute properly on the job level - the `await` wasn't waiting for the update check to actually do it's job!
2021-06-23 18:38:05 +04:00
Hannah Wolfe
c12edf4bbd
Removed unnecessary return with typo
refs: https://github.com/TryGhost/Ghost/pull/12735

- this property doesn't exist - it should be this.resourcesConfig
- but we don't use the return value, so simply removed it
2021-06-23 14:20:00 +01:00
Thibaut Patel
f12f64e87b
🔒 Added a "reset all passwords" feature (#13005)
issue https://github.com/TryGhost/Team/issues/750

- Only accessible by admins
- Resets all staff users' passwords and prevents them to log-in
- Sends them a reset email password to give them back access to their account
- Closes all existing staff user sessions
2021-06-23 14:54:28 +02:00
Fabien O'Carroll
c46542532d Added support for importing products column
refs https://github.com/TryGhost/Team/issues/765

This supercedes the `complimentary_plan` flag, as it is more precise
because it determines _which_ product(s) a member has access to. Because
of this, if the `products` column is present the `complimentary_plan`
column is not used.
2021-06-23 13:53:34 +01:00
Fabien O'Carroll
1de88f7397 Included products when exporting member csv
refs https://github.com/TryGhost/Team/issues/765

Since Members can be given complimentary access to one of many products,
we must include which products a member has access to when exporting
from Ghost. This will allow us to reimport without losing information.
2021-06-23 13:53:34 +01:00
Fabien O'Carroll
b197d71c4e Linked comped members to default product for imports
refs https://github.com/TryGhost/Team/issues/765

As part of the multiple products feature, we're not longer using Stripe
subscriptions to denote Complimentary access, instead we're linking
members directly to products. Here we update the importer to follow
suit, so long as the flag is enabled.
2021-06-23 13:53:34 +01:00
Fabien O'Carroll
9fc69d8f07 Moved MembersCSVImporter out of index.js file
no-issue

This cleans up the importer to match the standards of the rest of our
codebase.
2021-06-23 13:53:34 +01:00
Naz
0d0e09f173 Moved update check scheduling logic out of boot.js
refs https://github.com/TryGhost/Team/issues/754

- This is a minor cleanup. There should be no logic in the boot.js file other than calling services to "initialize themselves"
2021-06-23 15:01:43 +04:00
Naz
90cc801394 Added JSDoc and unit tests for email replacement parser
refs 474e6c4c45

- The method was not easy to understand after skimming through it.
- As we are working on developing a similar pattern for upcoming similar featured created a basic test suited to see input/output relation clearly
2021-06-23 12:00:03 +04:00
Naz
5edd056a61 Renamed bulk-email index to bulk email processor
no issue

- idex.js files are meant to expose the API of the module and not contain code
- Next step would be reworking the code to use class/injection pattern
2021-06-22 20:19:57 +04:00
Ikko Ashimine
cb9ca30f72 Fix typo in image-size.js
withing -> within
2021-06-22 15:47:41 +01:00