Commit Graph

1620 Commits

Author SHA1 Message Date
Hannah Wolfe
e9035fde4e Switch frontend controller to use new filter param
refs #5943, #5091

- updated fetch-data to handle multiple api queries
- using named keys for queries so that the names of items in the result are correct (tag instead of tags etc)
- updated channel configs in frontend controller
- removed old filter code from frontend controller
- added test coverage for fetch-data and format-response
- fixes / removes tests which are broken by the refactor
2015-10-26 09:40:19 +00:00
Delgermurun
146bb01657 db api endpoint validation error refactor
No issue
- Raised ValidationError instead of PermissionError on db api validation
- Added & modified integration tests
2015-10-25 09:20:13 +08:00
Sebastian Gierlinger
0035cc2ac3 Merge pull request #5995 from ErisDS/get-helper-paths
Add path resolution to get helper
2015-10-23 14:22:48 +02:00
Sebastian Gierlinger
22034a9ce0 Merge pull request #5994 from ErisDS/get-helper-imprv
Fix data merging & add pagination block param
2015-10-23 14:20:39 +02:00
Hannah Wolfe
0be56fb5f0 Merge pull request #5983 from vdemedes/pipeline-themes
Refactor themes endpoint with pipeline utility
2015-10-23 12:37:56 +01:00
Hannah Wolfe
6ecc389370 Fix data merging & add pagination block param
refs #5993

- Don't merge the result set with the existing template data.
- If available, return `meta.pagination` as the second blockParam
2015-10-23 09:40:39 +01:00
Hannah Wolfe
994a20cf8b Add path resolution to get helper
refs #5993

- deps: jsonpath@0.2.0
- adds `resolvePaths` method
- supports handlebars style arrays with `.[]`
- supports shorthand post.tags and post.author for common usecases
- adds more tests & improves existing ones
2015-10-23 02:52:52 +01:00
Sebastian Gierlinger
64d9ce44cf Merge pull request #5985 from ErisDS/frontend-split
Further split up frontend controller & improve tests
2015-10-22 21:41:01 +02:00
Hannah Wolfe
afbcecc3f6 Merge pull request #5848 from sebgie/public-api-1
Public API
2015-10-22 20:39:41 +01:00
Hannah Wolfe
06b03bbcfe Split helper functions from frontend controller
no issue

- Split out 'getPostPage' & rename to fetchData
- Split format response methods into own files
- Split out handleError
- Split out setReqCtx and rename to setRequestIsSecure
- Split out theme paths
- Refactor tests in index_spec.js to be more robust
- Add tests to bring coverage for split file up to 100%
2015-10-22 18:46:58 +01:00
Sebastian Gierlinger
28871d3f4d Merge pull request #5978 from ErisDS/filter-param
Add the filter parameter
2015-10-22 16:42:13 +02:00
cobbspur
7a996ecbe7 Simplify fields and includes prior to fetch
No Issue

- allows comma separated include and field parameters to also have a space
- allows capitals in include and field parameters
2015-10-22 15:39:54 +01:00
Sebastian Gierlinger
f48dfb09cf Public API
refs #4180
closes #4181
- added client and user authentication
- added authenticatePublic/authenticatePrivate as workaround for
missing permissions
- added domain validation
- added CORS header for valid clients
- merged authenticate.js and client-auth.js into auth.js
- removed middleware/api-error-handlers.js
- removed authentication middleware
- added and updated tests
2015-10-22 15:28:47 +02:00
Hannah Wolfe
b5cebb9ec6 Add filter parameter using GQL
refs #5604, refs #5463

- deps: ghost-gql@0.0.2
- adds code to wire up the filtering to a paginated query
- updated pagination plugin count query to use 'distinct' so it's more robust
- rename paginationUtils.query to addLimitAndOffset to be more explicit and make the code clearer
- add a new 'advanced browsing spec' set of tests for tracking these features as they are built out
2015-10-22 11:29:05 +01:00
vdemedes
2cd7f2daca Refactor themes endpoint with pipeline
refs #5508

- use pipeline utility in themes controller
2015-10-22 12:17:16 +02:00
Hannah Wolfe
d666fba855 Merge pull request #5971 from cobbspur/fields
Remove unknown fields from fetch
2015-10-21 18:29:59 +01:00
cobbspur
372907890f Remove invalid fields prior to fetch
closes #5601

- Remove invalid fields prior to fetch
- Adds initial tests for fields
2015-10-21 18:20:09 +01:00
Delgermurun
b37c0f2e91 Apply pipeline to db api endpoint
refs #5508
- adds pipeline to export, import and delete all methods
2015-10-21 09:33:31 +08:00
Sebastian Gierlinger
b9daff6932 Merge pull request #5960 from JohnONolan/emailerror
Email error message cleanup
2015-10-19 10:30:30 +02:00
Hannah Wolfe
2c51a89b66 Refactor auth-strategies to use findOne
- Simplifies both strategy & test code
- Should have no side effects
2015-10-16 19:40:02 +01:00
John O'Nolan
cd8544858a Email error message cleanup 2015-10-16 12:07:09 +02:00
Sebastian Gierlinger
611f1e969b Merge pull request #5619 from ErisDS/issue-4439-get
The {{#get}} helper
2015-10-15 16:21:37 +02:00
Hannah Wolfe
c8bb6081ab Frontend controller refactor & test improvements
no issue

- Split context out of frontend controller
- Add 100% test coverage for context
- Add tests for preview & improve other bits of coverage
- Further refactors (WIP) will make it easier to reach 100% coverage on the frontend
2015-10-15 10:17:42 +01:00
Hannah Wolfe
932f12160a Merge pull request #5940 from vdemedes/read-themes
Add readThemes() utility to get a list of themes
2015-10-14 17:32:41 +01:00
vdemedes
05f44c4c64 Add readThemes() utility to get a list of themes
refs #5923
- add read-themes module to get a list of themes
- replace readDirectory() usage with readThemes(), where only themes are needed
- test read-themes
- test read-directory
- test validate-themes
- test parse-package-json
- add tempfile testing utility to generate temporary paths
2015-10-13 15:54:41 +02:00
Kevin Ansfield
ff73f1af92 deps: grunt-jscs@2.1.0
no issue
- update grunt-jscs dependency
- fix deprecated `validateJSDoc` configuration
- fix numerous linting errors, including:
  - use of future-reserved `public` and `private` variable names
  - use of `[]` instead of dot-notation (especially `express['static']` and `cacheRules['x']`)
  - extra spaces in `const { run } = Ember` style constructs

One issue that did become apparent is that there are conflicting rules that prevent the use of object function shorthand such that both of these:

```
{ myFunc() {} }
{ myFunc () {} }
```

are called out due to either the missing or the extra space before the `(`
2015-10-12 19:21:16 +01:00
vdemedes
20fec74c73 Refactor require-tree and split it into models
closes #5492
- remove core/server/require-tree.js and split it into modules
- add read-directory module to recursively read directories
- add validate-themes module to scan themes and return errors/warnings
- add parse-package-json module to parse json and validate requirements
- rewrite core/server/models/index.js to manually require models
2015-10-12 17:48:37 +02:00
Hannah Wolfe
7f3a9f5675 Merge pull request #5927 from olsio/fix-issue-5913
fix for page deletion not updating sitemap-page.xml
2015-10-12 15:43:53 +01:00
Sebastian Gierlinger
bfefbabfdc Merge pull request #5931 from ErisDS/issue-5905-context
Fix /author/ pages crashing & permit /tag/
2015-10-12 10:35:37 +02:00
Oliver Schneider
13adaec6e7 fix for page deletion not updating sitemap-page.xml
closes #5913

Sitemap deletion is based on the page.unpublished event. The previous
logic was always sending post.unpublished instead. If page or post
event is triggered is based on the ‘page’ attribute of the model. When
the destroyed handler all attributes are already cleared from the model
which makes this logic always fall back to post.

The fix is to move to the destroying event which still has all the
model values in place.
2015-10-12 09:26:26 +02:00
Hannah Wolfe
4e29d9e987 Simplify theme middleware + improve tests
refs #5286, #4172, #5888

- no need to pass blogApp around in middleware
- improve test coverage to 100%
2015-10-11 22:26:43 +01:00
Sebastian Gierlinger
debdfa74df Merge pull request #5934 from ErisDS/findall-partial-revert
Revert to using findAll for internal tools
2015-10-11 18:28:18 +02:00
Sebastian Gierlinger
69e93eb5cb Merge pull request #5929 from ErisDS/issue-5373-emitters
Set a higher maxListeners value
2015-10-11 18:24:23 +02:00
Hannah Wolfe
3e40637cd4 The {{#get}} helper
closes #4439

- adds basic get helper which works with the current API
- allows theme developers to make requests against the API
- supports block params and @error message
- includes 100% test coverage using posts

----

The `{{#get}}` helper is an asynchronous block helper which allows for making
requests for data from the API. This allows theme developers to customise the
data which can be shown on a particular page of a blog.

Requests can be made to the posts, tags or users API endpoints:

```
{{#get "posts" limit="3"}}
  {{#foreach posts}}
     <a href="{{url}}">{{title}}</a>
  {{/foreach}}
{{/get}}
```

The `{{#get}}` helper must be used as a block helper, it supports `{{else}}`
logic, for when no data matching the request is available or if an error has
occurred:

```
{{#get "posts" tag="photo"}}
  ...
{{else}}
  {{#if @error}}
    <p>Something went wrong: {{@error}}</p>
  {{else}}
    <p>No posts found</p>
  {{/if}}
{{/get}}
```

The helper also supports block params, meaning the data it outputs can be
given a different name:

```
{{#get "posts" featured="true" as |featured|}}
  {{#foreach featured}}
    ...
  {{/foreach}}
{{/get}}
```

Please Note: At present asynchronous helpers cannot be nested.
2015-10-11 16:51:12 +01:00
Hannah Wolfe
0764c775a7 Revert to using findAll for internal tools
refs #5909, #4577

- removes accidental '.only' which was hiding issues with the findAll changes
- deleteAllContent and importer still need to use a hard 'findAll' as findPage({limit: 'all'}) doesn't have the same behaviour
2015-10-10 17:07:10 +01:00
Hannah Wolfe
26231d5bd3 Fix /author/ pages crashing & permit /tag/
fixes #5905

- update context patterns to correctly match author & tag pages
- remove 'tag' and 'tags' from reserved slugs - we'll handle this in terms of overrides in future
2015-10-10 14:52:23 +01:00
Hannah Wolfe
b943948d24 Set a higher maxListeners value
fixes #5373

- Set Max Listeners on our Event Emitter to 100
- Stops the '11 listeners added' error on node 0.12 during tests
2015-10-09 19:27:49 +01:00
Sebastian Gierlinger
4c1828c027 Merge pull request #5877 from ErisDS/pr-5864-nav-url
Support for more URL schemes in url helpers
2015-10-09 09:46:56 +02:00
Hannah Wolfe
eed6879845 Merge pull request #5892 from yanntech/fix/pg-upgrade
Public is the default schema but if you use different name your are
2015-10-08 08:54:12 +01:00
Yann Verry
eb5a03c8d8 Ghost can now handle a different schema than the default 'public' in PostgreSQL
closes #5891
- use CURRENT_SCHEMA() instead of 'public'
- remove the WHERE condition
2015-10-06 18:19:23 +02:00
Delgermurun
a501711e71 Remove findAll from models that has findPage
closes #4577
- removed findAll from Post and User
- refactored deleteAllContent and data importer
2015-10-02 18:01:35 +08:00
Hannah Wolfe
390d5fcea2 Remove unnecessary API lookup for activeTheme
- the active theme is already managed and kept up to date as a property
of the express app
- this can be accessed via `req.app` inside of middleware
2015-09-29 22:54:55 +02:00
John O'Nolan
1add453733 Remove forum mentions 2015-09-29 13:10:04 +02:00
Hannah Wolfe
77447fc42d Merge pull request #5876 from sebgie/issue#5872
Fix client.secret for new installs
2015-09-27 13:50:36 +01:00
Hannah Wolfe
20c192557d Test support for various URL schemes
refs #5801
2015-09-27 10:31:49 +01:00
Sebastian Gierlinger
dbc53dc853 Merge pull request #5858 from ErisDS/issue-5808
Show a single 422 error for invalid values
2015-09-26 12:14:12 +02:00
Sebastian Gierlinger
67f759df33 Merge pull request #5875 from ErisDS/no-published-by-override
Don't allow published_by override
2015-09-26 12:08:53 +02:00
Kevin Ansfield
621b633079 Fix front-end URL output for more URL schemes
- allows direct pass-through of protocol-relative (`//host`), alternate-scheme (`tel:`), and anchor-only urls (`#contact`)
2015-09-25 22:58:37 +01:00
Sebastian Gierlinger
a87715f688 Fix client.secret for new installs
closes #5872
- added random secret for new databases
- added temporary fix for existing databases
- secret is still static (`not_available`) during tests
- fixed fork mechanism to keep active environment (never change
NODE_ENV!!!)
2015-09-25 21:03:33 +02:00
Hannah Wolfe
0462607296 Don't allow published_by override
- published_by should be set by business logic, rather than by users

Credits: An anonymous researcher working with Beyond Security's SecuriTeam Secure Disclosure program
2015-09-25 17:44:49 +01:00
Sebastian Gierlinger
bc25348fcc SSL redirects
closes #5873
- replaced redirectPathname with url method
- added tests
2015-09-25 12:02:14 +02:00
Hannah Wolfe
545bea0eaf Return a single 422 error for invalid values
refs #5808

- Fix the API to return a single 422 error when an invalid value is passed
- Only affects Browse, and not Read at present due to differences in how they are handled
- Frontend was changed to always 404 in #5851
- Adds tests to ensure all cases are covered
2015-09-25 10:30:49 +01:00
Sebastian Gierlinger
63f09687bb Merge pull request #5870 from ErisDS/uncapitalise-subdir
Uncapitalise respects subdirectories & no encoding
2015-09-25 10:29:36 +02:00
Hannah Wolfe
8895f41ee2 Uncapitalise respects subdirectories & no encoding
no issue

- Uncapitalise was dropping the subdirectory when redirecting - so the base url has been added where present
- Uncapitalise was also working differently in node 0.10 and 0.12 - so the path is decoded before testing for uppercase
- Adds some test coverage
2015-09-24 18:52:30 +01:00
Sebastian Gierlinger
cce1cc55ca Merge pull request #5867 from ErisDS/api-password
Don't alter password from User.edit endpoint
2015-09-24 13:37:24 +02:00
Sebastian Gierlinger
4351dfd179 Merge pull request #5866 from cobbspur/import
Fix handling of slugs on import
2015-09-24 12:46:16 +02:00
Hannah Wolfe
07e18cbdff Merge pull request #5863 from acburdine/author-edit
Add `/author/:slug/edit/` route to frontend
2015-09-24 08:42:55 +01:00
Hannah Wolfe
00656a729b Don't alter password from User.edit endpoint
- password changes should only be possible from the password change endpoint

Credits: An anonymous researcher working with Beyond Security's SecuriTeam Secure Disclosure program
2015-09-23 23:07:49 +01:00
Sebastian Gierlinger
48919a96c0 Merge pull request #5859 from ErisDS/plural
Add replacement for zero in plural helper
2015-09-23 18:42:01 +02:00
cobbspur
c0b5de6e81 Fix handling of slugs on import
closes Issue #5812

- pass importing property through to utils
- fix safeString method for imports
2015-09-23 17:41:44 +01:00
Austin Burdine
61705cf5f4 add author edit route
no issue
- adds front-end author edit route that redirects to the edit author page
- adds tests for edit route
2015-09-23 08:33:09 -05:00
Hannah Wolfe
d1c7ec0799 Add replacement for zero in plural helper
- currently, the plural helper doesn't replace % with the number when the number is zero, which is inconsistent
- this change ensures that theme developers can choose to show the number or a plain string
2015-09-22 16:00:20 +01:00
Nazar Gargol
fd7e118ed5 Returns 404 page instead of crashing a server whenever special characters are used for tag filtering
closes #5808
refs #5816
- adds additional filtering any 'slug' containing content in `renderChannel` for frontend
- adds test for invalid characters in tag slug
2015-09-20 22:47:34 +02:00
Sebastian Gierlinger
c57edd67a7 Merge pull request #5817 from ErisDS/issue-5810-sqlite
Don't eager load relations on tag update
2015-09-18 14:23:36 +02:00
Sebastian Gierlinger
ef6a99fb34 Merge pull request #5844 from ErisDS/validation-fix
Add underscores to general validation
2015-09-18 11:24:04 +02:00
Hannah Wolfe
95623e60ae Add underscores to general validation
fixes #5816

- general slugs and other fields should permit underscores as well as dashes
2015-09-17 12:24:11 +01:00
Hannah Wolfe
0aea83f7d9 Don't eager load relations on tag update
closes #5810

- switch from using bookshelf's eager loading, to loading separately
- should resolve the TOO MANY SQL VARIABLES error
2015-09-17 09:59:46 +01:00
Sebastian Gierlinger
762824690a Improve Middleware Code Coverage
refs #5286
- finished tests for check-ssl.js
2015-09-08 18:05:22 +02:00
Hannah Wolfe
449def7234 Switch to using sequence for updating tags
no issue

- makes upgrading very large numbers of posts & tags more reliable
2015-09-04 09:22:16 +01:00
Hannah Wolfe
b422d9d32c Use sequence for migrations instead of Promise.all
no issue

- ensures that all migrations complete before the next one begins
2015-09-03 12:09:58 +01:00
Hannah Wolfe
b2204f404d Insert new info post fixture for upgrades
no issue

- Inserts an extra post fixture into the DB only when upgrading
- Post fixture is a draft and will appear at the top of the list
2015-09-02 16:59:37 +01:00
Hannah Wolfe
a3f107da8e Maintain tag order for posts
refs #5727, #5602

- Add new 'order' column to posts_tags table
- Migrate all existing posts_tags to have a correct value for 'order'
- Rewrite updateTags to not remove all tags, and to correctly maintain order
- Add transaction support for tag operations
- Many tests
2015-09-02 16:39:34 +01:00
Sebastian Gierlinger
f22796ff7d Add dynamic client_id/client_secret
no issue
- added ghost-admin client_id to admin
- added ghost-admin client_secret to admin
- added client.read() api endpoint
- added random generation of client_secret to migration
- removed addClientSecret method
- updated tests
2015-09-02 16:39:34 +01:00
Hannah Wolfe
6926e20478 Fix upgrade path from really old versions
closes #5692, refs felixrieseberg/Ghost-Azure#1

- fix broken promise code
- fix incorrect handling of hash in user.add which causes 'Error: Invalid salt version 2' if owner user fixture is not present
2015-09-02 16:39:13 +01:00
Hannah Wolfe
95e6b0a59d Add migration to modify badly formatted tags
refs #5685, #5709

- cycle through all tags, removing leading commas and trim spaces
- if the string is empty, change to 'tag' - the slug base for this model
- if there is a change, save it
2015-09-02 13:39:23 +01:00
Hannah Wolfe
114696f7e2 Change type for private blog settings
refs #5614 and #5503

- update private blog type, including update to settings.edit
- switch order of populate settings & update fixtures + populate all settings

Private blog settings should not be returned by public endpoints
therefore they need a type which is not `blog` or `theme`.
`core` doesn't suit either, as those settings don't usually have UI
To resolve this, I created a new type `private` which can be used
for any setting which has a UI but should not be public data
2015-09-02 13:39:23 +01:00
Sebastian Gierlinger
d215983d53 Update client fixtures
closes 4184
- update ghost-admin client
- add ghost-frontend client
2015-09-02 13:39:23 +01:00
Joe Cannatti
6938216984 Add tour field to User
closes #5171

- adds tour field to user model
- Bump Schema version
- Update tests
2015-09-02 13:39:22 +01:00
Austin Burdine
6c5fea40ca Remove auto-inclusion of jQuery via ghost_foot
closes #5298
- remove all harcoded instances of jQuery throughout the front-end of the blog
- add migration function to add cdn link to ghost_foot code injection when migrating up from version 003
- migration version bump
2015-09-02 13:39:22 +01:00
Sebastian Gierlinger
52e35a282b Add table columns for OAuth
closes #4174
- added trusted domains
- removed unique constraint from secret
2015-09-02 13:39:22 +01:00
Samuel Goodwin
48601e6f49 Add the needed table columns for client Oauth.
closes #4174
- Added columns to client table in schema.js
- Bumped database version in default-settings.json
- Updated tests to support new schema version
2015-09-02 13:39:21 +01:00
Sebastian Gierlinger
5ce8ca5d6e Merge pull request #5518 from ErisDS/fetch-options
Field options
2015-08-29 19:49:38 +02:00
Hannah Wolfe
e9a96816ac Adding 'fields' param for browse requests
refs #5601, #5463, #5343

- adds rudimentary support for a 'fields' parameter on browse requests
2015-08-28 19:08:22 +01:00
Hannah Wolfe
0e7968c573 Merge pull request #5709 from kevinansfield/tag-name-comma-validation
Validate leading commas in tag names
2015-08-28 19:03:31 +01:00
Hannah Wolfe
5be781a0dc Remove first run alert
refs #5652
2015-08-26 15:29:26 +01:00
Hannah Wolfe
2c29ae1ad2 Don't return from sending welcome mail
closes #5675

- welcome mail is non-critical, invalid mail setups shouldn't interfere with setting up a blog
2015-08-25 09:08:11 +01:00
Kevin Ansfield
32ff18ccb0 Validate tag names don't start with commas
closes #5685
- Adds client and server-side validation for tag names starting with commas
- Trim tag names before adding in PSM (tag attributes are already trimmed before saving in TSM)
2015-08-24 16:55:30 +01:00
Hannah Wolfe
fc39bd1ed4 Merge pull request #5705 from sebgie/auth-strategies-coverage
Improve middleware coverage
2015-08-23 19:05:39 +01:00
Sebastian Gierlinger
6120d0a80f Improve middleware coverage
refs #5286
- changed auth-strategies to be testable
- added tests
2015-08-21 23:46:42 +02:00
Sebastian Gierlinger
a82e9aa3c5 Mail consolidation
refs #5489
- move mail.js -> mail/index.js
- move email-templates -> mail/templates
2015-08-20 11:36:14 +02:00
John O'Nolan
454f456adf Merge pull request #5651 from ErisDS/msg-change
Small messaging improvements
2015-08-12 06:10:43 +02:00
Hannah Wolfe
16407b41ee Merge pull request #5655 from sebgie/extract-permissions
Refactor handlePermissions
2015-08-11 19:32:20 +01:00
Hannah Wolfe
f40bff0cbb Startup message explicitly mentions production
no issue
2015-08-11 18:01:36 +01:00
Sebastian Gierlinger
44622d943d Refactor handlePermissions
no issue
- extract handlePermissions to utils
- added NoPermissionError when canThis() rejects
- omitted users.js because it uses special permission handling
2015-08-11 16:03:57 +02:00
Sebastian Gierlinger
9376bdf699 Merge pull request #5646 from ErisDS/issue-5150-nextprev
Next/Prev Post helpers include author & tags
2015-08-11 15:46:23 +02:00
Hannah Wolfe
7d8bd3d8d4 Merge pull request #5639 from acburdine/notifications-pipeline
Apply pipeline to notifications API endpoints
2015-08-10 17:41:28 +01:00
Hannah Wolfe
026e3de597 Merge pull request #5640 from cobbspur/errors
Fix server errors for signin
2015-08-10 13:20:53 +01:00
cobbspur
69d020ce44 Fix signin errors
refs #5635

- fixes format for server errors
- changes signin-api validation errors to be text rather than alerts
2015-08-10 12:26:45 +01:00
Hannah Wolfe
a00eace849 Next/Prev Post helpers include author & tags
closes #5150

- Post API understands next.author, next.tags, previous.author and previous.tags
- Post Read request filters out those properties and does the right thing with them
- Prev/Next post helpers send extra include properties
- Tests updated
2015-08-10 08:58:25 +01:00
Austin Burdine
392cb0038c apply pipeline to notifications endpoint
refs #5508
- adds pipeline to the add and destroy methods of the notifications api
2015-08-09 22:42:10 -06:00