Commit Graph

20 Commits

Author SHA1 Message Date
Hannah Wolfe
cfaa6f058a Wire permmissions for notifications, mail and tags
closes #2739

- wraps the api endpoints for mail, notifications, and tags in a canThis
  check
- add internal context to internal calls
- updates tests
2014-07-17 16:44:09 +01:00
Hannah Wolfe
f70f99b5cf Replace the old admin with the ember admin
closes #3056

- Remove clientold
- Remove clientold tests
- Cleanup old admin helpers
- Remove old routes from admin and controllers from admin controller
- Comment out / remove old and broken tests
- Cleanup Gruntfile.js, bower.js, package.json etc

Still TODO:

- cleanup / add removed tests
- do we still need countable?
2014-07-01 08:33:17 +01:00
Sebastian Gierlinger
c8e8da4780 oAuth
closes #2759
closes #3027

- added oauth2orize library for server side oAuth handling
- added ember-simple-auth library for admin oAuth handling
- added tables for client, accesstoken and refreshtoken
- implemented RFC6749 4.3 Ressouce Owner Password Credentials Grant
- updated api tests with oAuth
- removed session, authentication is now token based

Known issues:
- Restore spam prevention #3128
- Signin after Signup #3125
- Signin validation #3125

**Attention**
- oldClient doesn't work with this PR anymore, session authentication
was
removed
2014-06-30 14:58:10 +02:00
Fabian Becker
72156c7f89 New setup screen for blog installation.
fixes #3072
- Change router to handle /ember/setup/
- Adjust doSignup to also handle setup
- Adjust tests and add new where necessary
- Add setup controller, setup validation, setup route
- Adjust casper emberSetup to handle new setup
2014-06-26 15:31:44 +02:00
Hannah Wolfe
0a319e48c5 Cleaning up the unit tests 2014-06-18 00:11:35 +01:00
Fabian Becker
2bff35bcc2 Complete moveover to new Notification API format
fixes #2775
- Fix all occurences of notifications.add to use proper API format
2014-06-16 08:07:29 +00:00
Jason Williams
a3c2fe5496 Fix up unit tests. Check config url with isURL.
No issue
-validate url in config.js using validator.isURL
-fix up async flow in bootstrap unit tests
-make sure done handler is called on async tests
2014-05-29 21:06:40 +00:00
Fabian Becker
2a803aecdd Proper endpoints for persistent notifications
closes #2637
- Add new get API route for all notifications
- Wrap API responses to comply with JSON-API
- Add new tests / adjust fixtures
- Adjust all occurences of passive notifications
2014-05-06 00:05:14 +02:00
cobbspur
b201b06e56 updated error handling on all mocha tests
- switch to using catch
- added error handling where missing
2014-05-05 21:58:58 +01:00
John-David Dalton
6eab7b3f92 Replace underscore with lodash. 2014-02-06 14:08:34 +00:00
Hannah Wolfe
1925fa0196 Cache control headers & query string asset management
closes #1470
issue #1405

- added cache control middleware
- added defaults for all routes, assets, etc
- updated asset helper to add a query string with a timestamp hash to all assets
- added unit tests for asset and ghostScriptTags helpers
- added cache-control checks to route tests
2014-01-02 12:14:33 +00:00
Harry Wolff
c8c02a65fa Remove ghost.js
fixes #1575
- Moves most code that was in ghost.js into ./core/server/index.js
- Creates ./core/server/config/theme.js to hold all theme configurations 
(which previously lived on ghost.blogGlobals())
- Removed ghost.server, passing it in as an argument where needed 
and allowing middleware to hold onto a reference for lazy use.
2013-12-07 10:10:02 -05:00
Sebastian Gierlinger
078f464197 remove ghost.settings and ghost.notifications
covers 90% of #755
- moved ghost.settings to api.settings
- moved ghost.notifications to api.notifications
- split up api/index.js to notifications.js, posts.js, settings.js,
tags.js and users.js
- added instance.globals as temp workaround for blogglobals (Known
issue: blog title and blog description are updated after restart only)
- added webroot to config() to remove `var root = ...`
- changed `e` and `url` helper to async
- updated tests
2013-12-06 09:51:35 +01:00
Harry Wolff
b920662790 Create the config module, initially used
to standardise getting paths and absolute URLs.  Easy
to extend for other configurations we may need.
2013-11-25 16:35:16 -05:00
Fabian Becker
e210e75e97 Install in sub-directory support.
refs #527
2013-11-24 21:11:34 +00:00
Harry Wolff
985a23f446 Move server middleware configuration to related file 2013-11-19 21:05:57 -05:00
Hannah Wolfe
b0c61720d9 Test file cleanup on accoutn of OCD 2013-11-11 10:37:09 +00:00
Harry Wolff
901d189bf0 Move middleware functions into middleware module and create associated tests
Note: this only moves middleware functions that have associated tests.
2013-11-07 23:05:51 -05:00
Fabian Becker
0997eae716 Remove .txt from blacklist.
fixes #1263
2013-10-25 00:15:39 +00:00
jamesbloomer
9d114c7fa6 Lock down theme static directory to not serve templates, markdown and text files.
closes #942
- insert custom middleware to check for blacklisted files
- redirect to express.static if file accepted
- if not valid return next() to do nothing
- currently black listing .hbs, .txt, .md and .json
- debatable which is best, black list or white list, either one will probably need tweaks but erred on side of letting
a theme serve unknown types
2013-10-11 18:05:31 +01:00