Commit Graph

5853 Commits

Author SHA1 Message Date
Rishabh Garg
18b59d2c01
Removed archived tiers from content api (#14329)
closes https://github.com/TryGhost/Team/issues/1426

When fetching tiers using the content API, we incorrectly returned all tiers including archived ones unless the active:true filter is passed. Correct behaviour is to always hide archived tiers, so this filter should not be required.

- forces `active:true` filter for tiers content api browse
- updates test to check for archived test removal in tiers content api
2022-03-16 22:02:42 +05:30
Hannah Wolfe
70d15e077b
Refactored mapper into individual files (#14328)
refs: https://github.com/TryGhost/Toolbox/issues/245

- Ghost's API framework has a mixed up concept of what a serializer is. Mappers are true serializers! What we call serializers are little more than a small formatting step.
- This PR splits mappers into individual files and uses the endpoint's docname as the mapper name. This will help us to automate the calling of a mapper for an endpoint later.
- This is one tiny step in reworking the framework to need less code to make it work, and to have clearer concepts for how to do things.
2022-03-16 12:44:11 +00:00
Rishabh Garg
f9aa18a534
Enabled Admin integration for tiers and offers API (#14325)
As multiple tiers is now GA, we want to allow devs to be able to work with Tiers and offers via content/Admin API. This change -

- updates fixtures to add permissions to admin integration role for new sites
- adds migration to update existing sites to have correct permissions for role
- whitelists add/edit/read/browse on tiers and offers API for integrations
2022-03-16 16:46:26 +05:30
Naz
52c1aadf05 Hardcoded checked version to v4 in gscan
refs https://github.com/TryGhost/Toolbox/issues/240

- As gscan's canary is about to be aliased to upcoming v5 version current version of Ghost should be using an explicit v4 checks.
- These will change to v5 once Ghost is doing final preparations for v5 release (on the branch most likely)
2022-03-16 11:21:32 +08:00
Hannah Wolfe
8da9d4e365
Removed unused members.stats serializer
- There is no matching endpoint for this serializer
- Instead there are specialised endpoints like memberStats
2022-03-15 14:58:34 +00:00
Hannah Wolfe
b53296c4d5
Removed extraneous permission flag in identities
- This doesn't affect permissions, only permissions inside an endpoint config block does that
- Rather it creates an extra unused "endpoint" called identities.permissions
2022-03-15 14:58:29 +00:00
Naz
7becf0a2b2 Aliased canary endpoints to point to non-versioned URLs
refs https://github.com/TryGhost/Toolbox/issues/169

- Before releasing Ghost v5 we would like to move all canary-related URLs to a non-versioned format, which will become a default in v5.
- 'canary' is by definition unstable, so breaking any unprepared client explicitly using the canary is expected
- Removed the aliased /content/ and /admin/ apps from app.js because with updated configuration they become duplicates of 'canary' endpoints
2022-03-14 21:22:54 +13:00
Thibaut Patel
4ce9a5a167 Added the MemberCancelEvent model
refs https://github.com/TryGhost/Team/issues/1302

- This event stores the members' subscription cancelations.
2022-03-11 21:50:06 +01:00
Rishabh
50645e8b18 Added note for using id as slug for free tier
refs e54395eab5

- adds comment on why we used `slugify(id)` instead of `slugify(name)` for free tier to avoid future confusion
2022-03-11 18:08:47 +05:30
Simon Backx
42ac8c41e4
🐛 Fixed uppercase file extensions ignored in content import (#14268)
refs https://github.com/TryGhost/Team/issues/1363

- When uploading a zip of images in Settings > Labs > [Import], it will skip images that have an uppercase extension, citing an 'unsupported file type' error.
- Cause: Glob ignored those files when matching extensions in ImportManager
- Fix: Added nocase option where needed
- Extended tests to also test the processZip method of ImportManager with getFilesFromZip
- Added isValidZip for zip with uppercase image
- Cleaned up JSDoc in ImportManager, and replaced some older JS syntax

Fixed zipContainsMultipleDataFormats error never thrown:

When a zip combines two data formats, no error was thrown.

- The promise error was only returned in an _.each loop, but never thrown
- Previously when combining multiple data types in a zip file, no error got thrown
- Added a test for this error
- Also added a test for noContentToImport error

Other errors and fixes:

- Added missing length in getBaseDirectory check
- getContentTypes fixed (returned duplicate values). Type error came up after adding all JSDocs
- updated tests to match real types from JSDoc and pass type validations
- Rewrote some methods in the async await syntax
- Added tests for ImportManager clean up
2022-03-11 09:17:58 +01:00
Matt Hanley
7172db74b0
💡 Updated fixtures to make it easier to get started (#14299)
- Our old fixtures were designed as a guide to getting started to Ghost, but they got in the way
- The old fixtures now live as part of ghost.org/resources - a living guide to starting with Ghost
- These new fixtures mean the site is ready to go as soon as it's setup

Co-authored-by: Hannah Wolfe <github.erisds@gmail.com>
2022-03-10 17:41:46 +00:00
Daniel Lockyer
f2c074ac59 Fixed error when editing user with empty roles data
- we send the roles data array in when we're changing the role of the
  user
- if we send an empty array, we don't want to edit the user's role
- the code _thought_ that's what it was doing, but we only check the
  falsiness of the array, which is truthy for `[]`
- it also needs to check the length of the array
- this commit includes a test which would fail with a 500 error without
  the fix
2022-03-10 17:29:30 +00:00
Simon Backx
da9de95b74
🐛 Fixed duplicate tags created when slugs contain spaces (#14277)
refs https://github.com/TryGhost/Team/issues/1284

When you create a new post with a tag slug that contains spaces, those spaces will get replaced by dashes. But instead of reusing an existing tag, a new tag is always created.

- New tag slugs are cleaned up before matching with existing tags in the Post model onSaving method
- Cleaned up multiple loops in onSaving of Post model
- Cleaned up syntax when cleaning up tag slug
- Added tests for slugs with spaces
- Added test for too long tag slug causing duplication
2022-03-10 13:07:00 +01:00
Fabien "egg" O'Carroll
8229f8030e Fixed new sites using "Default Product" Tier name
https://github.com/TryGhost/Team/issues/1289

Since we added the free Tier fixture, this was attempting to fix the
free Tier, rather than the default one.
2022-03-10 11:35:03 +00:00
Sanne de Vries
3d136c964d Updated unsubscribe page
No issue
2022-03-10 10:39:20 +00:00
Naz
16e0736379 Removed Roon related importer code
no issue

- The support for the misformated roon imports was temporary anyway, based on the comments in code. It's also unecessary to keep around any code related to Roon as it's been _ages_ since anybody needed this kind of migration
2022-03-10 16:29:54 +08:00
Daniel Lockyer
9231a4c6f6 Updated probe-image-size options to reflect underlying change
refs https://github.com/nodeca/probe-image-size/blob/master/CHANGELOG.md#changed-1

- version 6 of `probe-image-size` switched from using `request` to
  `needle`
- this means we need to update our options to reflect the changes
- we still use request in this file so I've duplicated the options for now
- also adds a few extra error codes to the catches because needle
  reports different codes to request
2022-03-09 20:27:38 +00:00
Daniel Lockyer
8a7c7f08e9 Enabled fetching .ico dimension size via probe-image-size
refs https://github.com/nodeca/probe-image-size/blob/master/CHANGELOG.md#600---2020-11-04

- `probe-image-size` v6 now supports `.ico` files so we can
  allow probing of dimensions via this library rather than falling back
  to downloading the entire image via `image-size`
- also updates a test because .ico files no longer use the internal
  request lib, which simplifies things a little bit
2022-03-09 20:27:38 +00:00
Hannah Wolfe
833035d7be
Improved coverage of api serializer
- Have ensured we have 100% coverage of core/server/api/shared/serializers/handle.js
- This meant I had to swap around two validation clauses as one was unreachable
- I have done this as I want to make some changes in this area of the codebase, and want to ensure we have tests
  and a clear understanding of what this code does before I change it
2022-03-09 20:02:15 +00:00
Kevin Ansfield
51e04c75ad
Added "contains" operator support to ?filter= query params (#14286)
refs https://github.com/TryGhost/Team/issues/1408

- switched from `@nexes/nql` to `@tryghost/nql` and bumped `@tryghost/bookshelf-plugins` to get access to the latest NQL version across the app
- adds "contains" operator support
  - `:~'string'` - contains
  - `:-~'string'` - does not contain
  - `:~^'string'` - starts with
  - `:-~^'string'` - does not start with
  - `:~$'string'` - ends with
  - `:-~$'string'` - does not end with
- enables `'` escaping in strings, eg `'O\'Nolan'`
2022-03-09 13:02:17 +00:00
Naz
9c64d7af81 Centralized base API path value across server codebase
refs https://github.com/TryGhost/Team/issues/1420

- This changeset makes the "/ghost/api" base path for the APIs centralized in one place and reused by dependent modules. There are couple benefits this refactor brings: easy way to spot where the API base path is used (was hard to find it in regexp) and makes it easy to change the hardcoded path to a configurable one in the future (e.g. host all APIs under `domain.tld/custom-path/awesome-apis/posts`)
- I hear that scream from the back of your head: "But hey! This introduced coupling to url-utils!". To that my unswer is: "No. This change only makes the coupling explicit, it's been there already and now can be addressed if we need to!".
- A neat thing about his change, making the API work on a custom path is one line away, by moving the hardcoded `/ghost/api` to a config ;)
2022-03-09 17:15:51 +08:00
Naz
da9f018c70 🐛 Fixed theme activation with capitalized names
closes https://github.com/TryGhost/Team/issues/1420
refs da0dee548c
refs https://github.com/TryGhost/Toolbox/issues/169

- After introducing non-versioned API urls the "isAPI" regex failed to pass the test as it was expecting a `canary/vX` in the API URL. This caused "uncapitalization" to stop working for API requests.
- Regex visualizer for quick reference: https://jex.im/regulex/#!flags=&re=%5E(.*%5C%2Fghost%5C%2Fapi(%5C%2F(v%5B%5Cd.%5D%2B%7Ccanary))%3F%5C%2F.*%3F%5C%2F)
2022-03-09 20:07:04 +13:00
Matt Hanley
2110c65e47 Removed notification on theme install failure during setup step
refs https://github.com/TryGhost/Team/issues/1417

- we no longer want to display a notification if theme install fails
- the notification has been removed so we fail silently, but log the warning
2022-03-08 13:33:48 +00:00
Rishabh
7c43191ca7 Fixed members endpoint not ignoring unknown includes
refs https://github.com/TryGhost/Team/issues/1415

Members browse endpoint was missing allowedIncludes validation, causing unknown includes to throw 500 on API request.
2022-03-08 16:59:51 +05:30
Rishabh
32ff722028 Added tier visibility to portal tier data
refs https://github.com/TryGhost/Team/issues/1387

We are moving away from using portal products/plans settings to visibility property on the tier object.
2022-03-08 11:33:51 +05:30
Peter Zimon
e2438a008e Udpated powered by badge 2022-03-07 17:36:01 +01:00
Fabien 'egg' O'Carroll
fa1165de6a
Support tier visibility editing Allowed Tiers Admin API to set visibility
refs https://github.com/TryGhost/Team/issues/1387

This will allow us to move from the portal_products and portal_plans
settings to using the visibility property on tiers to determine whether
or not a tier should be visible in Portal.

This also fixes a bug with the Tiers Admin API read method permissions.
2022-03-07 14:46:42 +00:00
Daniel Lockyer
1a3aa69c68 Re-throw error when attempting to create webhooks
- we catch error arising from creating webhooks and check for specific codes
- if our error does not match one of those codes, we don't propagate the
  error up
- this becomes a problem if saving a webhook fails for some other reason
  because upstream code assumes we return an error or model
- this commit re-throws the error and adds a test that would have caught
  this
2022-03-07 13:54:00 +00:00
Fabien 'egg' O'Carroll
cff033bb47
Migrated visibility column from portal settings (#14253)
https://github.com/TryGhost/Team/issues/1387

This is split into two migrations, one for the portal_products setting
and one for the portal_plans setting, as dealing with both of them in a
single migration led to too many branches.
2022-03-07 11:38:39 +00:00
Rishabh Garg
3fa836690e
Updated to always invalidate cache on tier edit (#14267)
refs https://github.com/TryGhost/Team/issues/1240

We were selectively invalidating cache on tier/product edit which was consistent with pattern for other APIs, but in case of tier/product, the model changed method always returns false due to how its setup. This change updates the edit to always invalidate cache, similar to tier add, to ensure sites don't see old tier values.
2022-03-04 15:47:30 +00:00
Rishabh
a328e3e88b Fixed include option not working for fetching tiers via #get helper
refs https://github.com/TryGhost/Team/issues/1004

The output serializer for product was not handling `include` option value as comma separated string, which is passed via `#get` helper to fetch related prices for tiers. This change fixes the handling to work with both array as well as comma-separated include values.
2022-03-04 18:22:59 +05:30
Rishabh
eac732f620 Added tiers data for posts with non tiers visibility
refs https://github.com/TryGhost/Team/issues/1004

The `tiers` column for a post/page only contained data if its visibility is set to `tiers`, otherwise its empty. This is because originally the purpose of `tiers` column on `post` was to capture specific tiers with access to post.
The best way to ensure a consistent behavior for `tiers` column data on post is to update it to always contain list of all `tiers` that have access to post, and not just when the visibility is `tiers`. This means the value is set to all tiers when visibility is one of public|members, and only paid tiers when visibility is `paid`.  This change also allows on frontend to get all relevant `tiers` information for a post locally within post context instead of relying on additional information from outside.

This change -

- updates the output serializer for post/page to add all desired tiers manually in case of visibility is not `tiers`
- updates tests
2022-03-04 18:22:59 +05:30
Matt Hanley
c6617459a5
Switched products.visible for products.visibility (#14264)
- We have an existing pattern for using `visibility: public` instead of `visible: true|false`
- We no-op the existing migration and roll forward so that we don't have to manually revert db changes
2022-03-04 11:07:38 +00:00
Rishabh
c9577cec71 Removed archived tiers from portal tiers list
refs https://github.com/TryGhost/Team/issues/1404

The archived tiers are hidden in Portal normally as they are automatically not included in the `portal_products` list. This change also removes the archived tiers from being sent in list of tiers sent as part of site data to Portal. This ensures Portal doesn't use any archived tier.
2022-03-04 15:05:15 +05:30
Matt Hanley
01a6d576b3 Removed public cache-control header for member site endpoint
- Caching is causing issues with Portal preview
- Changes to tiers and Portal settings are taking too long to display on the site, causing confusion for users
- This reverts commit 5d8f491823.
2022-03-03 15:25:49 +00:00
Fabien "egg" O'Carroll
1b96ce2794 Added /tiers endpoint to Content API
refs https://github.com/TryGhost/Team/issues/1313

When adding the tiers endpoint the Content API was missed, this is
needed so that themes can access Tiers via the `{{#get}}` helper.
2022-03-03 15:15:43 +02:00
Fabien "egg" O'Carroll
c00b398abf Added visible property to Tiers API
refs https://github.com/TryGhost/Team/issues/1387

This is also added to the Products API so that the Admin can use it
without having to switch to the new Tiers API.
2022-03-03 15:15:43 +02:00
Daniel Lockyer
bf6f607f42 Switched to mysql2 library
refs https://github.com/TryGhost/Toolbox/issues/174

- this commit switches Ghost from using the `mysql` library to the
  `mysql2` one
- we've done this for several reasons:
  - `mysql2` is more actively maintained
  - `mysql2` natively supports the default auth plugin on MySQL 8
  - `mysql2` is fasterrrr
- there have been various other commits refactoring the groundwork for
  this commit but this commit should be short and sweet:
  - alias `mysql` to `mysql2` client so we maintain backwards
    compatibility with all configs who use `"client": "mysql"`
  - enabled `decimalNumbers` so we maintain the same functionality as
    `mysql`
  - replaced the dependencies and updated `knex-migrator`
  - hardcoded the newer authentication plugin in MySQL 8 CI. Before
    switching to `mysql2`, this would break because it didn't support
    this
2022-03-03 09:59:37 +01:00
Naz
da0dee548c Added alias for non-versioned API endpoints
refs https://github.com/TryGhost/Toolbox/issues/169

- Before next major version release we need to prepare for removal of API versioning.
- This change allows unversioned API requests to work under following endpoints:
- /ghost/api/admin
- /ghost/api/content
- This change should allow further preparation of the API clients (SDKs, Integrations, etc.) to non-versioned APIs in Ghost instances in ^5.0.0
- Changed default e2e test targets to non-versioned API. It's a trial, to have working examples. In the future all tests should switch to use only non-versioned endpoints.
2022-03-03 20:21:22 +13:00
Naz
cd1183c9d8 Added JWT authentication for non-versioned API
refs https://github.com/TryGhost/Toolbox/issues/169

- As Ghost prepares to drop API versioning in future major release it the authentication mechanism should take into account non-versioned token audience support. The audience for non-versioned api requests would be limited to "admin" rather than "canary/admin"
2022-03-03 20:21:22 +13:00
Thibaut Patel
c5f8853ad9
Ignore casper install on setup (#14218)
refs https://github.com/TryGhost/Team/issues/1362

- Casper is already installed, so the installation from github always fail.
- There is no need to display an error message in that case.

Added regression tests for blog setup with the default theme:
- Check whether there are no notifications after completing the setup
- Also test the setup with the default theme
2022-03-02 18:22:20 +01:00
Daniel Lockyer
2a0cc9e8d4 Aliased mysql to mysql2 in schema client
refs https://github.com/TryGhost/Toolbox/issues/174

- this just uses the same SQL queries for certain queries when using the
  `mysql2` library as when using the `mysql` one
- we can remove the `mysql` line when we fully switch to `mysql2`
2022-03-02 16:06:37 +01:00
Daniel Lockyer
47260f405a Updated DB client timezone to Z
- whilst `UTC` was working, it's technically not supported as per the
  docs for `mysql`: https://www.npmjs.com/package/mysql#connection-options
- `mysql2`, however, is a bit more strict and throws a warning for
  unsupported values, so it was flagging up when I was looking at
  switching to that library
- this commit switches over to `Z` AKA Zulu -
  https://en.wikipedia.org/wiki/Coordinated_Universal_Time so both
  libraries are happy
2022-03-02 16:06:37 +01:00
Daniel Lockyer
d0e71524ca Switched to util for retrieving DB info in migrations
refs https://github.com/TryGhost/Toolbox/issues/174

- right now, our migrations manually check the client of the knex
  instance to see whether we're running on MySQL or SQLite
- that's been working fine, but the problem is that we're due to switch
  to the mysql2 driver soon, so all these checks will be faulty
- i've altered the functionality of `@tryghost/database-info` to accept
  a knex instance, and it'll return if the DB is MySQL or SQLite in some
  helper functions
- this commit bumps the package and switches to that format
- originally I used a shared instance of the class within
  `@tryghost/database-info` but there's a chance that the knex instance
  inside migrations actually comes from knex-migrator, and not Ghost, so
  that wouldn't work
2022-03-02 15:05:55 +01:00
Thibaut Patel
91d5fa0fc5 Prevent an event-processing error if there is no timezone setting
refs https://github.com/TryGhost/Ghost/pull/14197

- We default to UTC when there is no setting timezone
2022-03-02 13:58:26 +01:00
Thibaut Patel
527ef79955 Added the last_seen_at update on member page view
refs https://github.com/TryGhost/Team/issues/1306

- This adds a `MemberPageViewEvent` event when a page is viewed by a member (post/page/tag/author/...)
- Integrates the `LastSeenAtUpdater` service that listens to the `MemberPageViewEvent` events to update `member.last_seen_at`
- Follows the latest testing recommendation (end to end test + testing for side-effects)
2022-03-02 13:58:26 +01:00
Thibaut Patel
73a049c942 Added the last_seen_at update on email open
refs https://github.com/TryGhost/Team/issues/1306

- Updates once every day (in the publication timezone)
- Also updates when the value is `NULL`
- This is implemented as a SQL query as the code is on the job and doesn't have visibility to the members code
2022-03-02 13:58:26 +01:00
Daniel Lockyer
bf45ef4a87 Cleaned up DB connection fallback in migrations commands
- throughout the migration utils we use the passed in DB connection or
  fallback to the `db.knex` instance
- this works, but it means we have places we need to make sure to
  implement `(transaction || db.knex)` everywhere
- as I'm working on refactoring the utils, this was also causing
  problems because I'd be checking the `transaction` instance but that may
  be null/undefined
- this commit pulls the fallback into the function parameters where it's
  evaluated at runtime
- this also has the added benefit that we get jsdoc typing now because
  the types are easy to figure out
- note: `transaction` should probably be renamed to `connection` because
  it's not necessary a transaction... but baby steps 🤓
2022-03-02 13:27:21 +01:00
Daniel Lockyer
11f64e91c0
Added extra handling for errors when adding foreign key
- this section of code handles the errors that arise when we add a
  foreign key to a table
- locally, I get different errors than the one listed - `ER_FK_DUP_KEY`
  and `ER_FK_DUP_NAME`
- I've been trying to find a good source for what each code is but it
  looks highly likely to be differences in DB engines
- we should probably handle these errors anyway because we don't want
  migrations to error out
2022-03-02 12:37:39 +01:00
Naz
1cc38733ba Added Media and Files APIs to API key allowlist
refs https://github.com/TryGhost/Toolbox/issues/219

- These two APIs similarly to Images API should be accessible by the Admin-API SDK. Opens up a way to write custom scripts uploading files and media
2022-03-02 16:33:56 +07:00