Commit Graph

29324 Commits

Author SHA1 Message Date
Daniel Lockyer
1a955dceb4
Fixed showing default image for staff users
refs https://github.com/TryGhost/Toolbox/issues/356

- without this, users who have an account but no profile image will just
  show an empty background
2022-09-01 16:58:07 +01:00
Daniel Lockyer
df99e1aec3
Merged v5.12.3 into main
v5.12.3
2022-09-01 15:36:46 +01:00
Ghost CI
7650ecafeb v5.12.3 2022-09-01 15:36:17 +01:00
Rishabh Garg
c4041e46c8
🐛 Fixed email alerts for paid members on import (#15347)
closes https://github.com/TryGhost/Team/issues/1868

- email alerts should not be sent out when paid subscriptions are created via our importer
2022-09-01 20:00:37 +05:30
James Morris
245229e7b8 Little fix to stop weird positioning when showing help on members
no issue
2022-09-01 14:53:08 +01:00
Fabien 'egg' O'Carroll
e4cbb3d24d
Reset magic link rate limiting upon successful login (#15345)
refs https://github.com/TryGhost/Team/issues/1771

We don't have access to `req.brute.reset` due to the way the flow
works, we have one endpoint which sends an email with a magic link,
and another route which handles the login. We don't want to apply
brute force protection to both because our rate limiting is designed
for API requests not web page visits (which is how login is handled).

Because of this we require access to the underlying ExpressBrute
instance exposed by the spam-protection module, so that we can
perform the reset.
2022-09-01 08:54:14 -04:00
Fabien 'egg' O'Carroll
c9f782a3fc
🔒 Fixed rate limiting for user login (#15336)
refs https://github.com/TryGhost/Team/issues/1074

Rather than relying on the global block to stop malicious actors from
enumerating email addresses to determine who is and isn't a user, we
want our user login brute force protection to be on an IP basis,
rather than tied to the username.
2022-09-01 13:29:59 +01:00
James Morris
4f8526fd77 Improving the members page on mobile
no issue
2022-09-01 13:09:23 +01:00
Peter Zimon
8b831a68e8 Improved Audit log filter dropdown design
refs. https://github.com/TryGhost/Toolbox/issues/356

- the event filter list was a bit harder to parse without icons
2022-09-01 13:56:54 +02:00
Kevin Ansfield
04c3de8ffc Fixed tests that compared .textContent instead of .innerText with inline SVGs
refs 038600c350

- SVGs have titles now and title text content will be included in `element.textContent`
- updated tests that failed to use `.innerText` instead
  - via chai-dom's `.rendered.text()`
  - via direct access `find('.elem').innerText).to...`
2022-09-01 10:01:30 +01:00
renovate[bot]
d0103a6b31 Update sentry-javascript monorepo to v7.12.0 2022-09-01 08:48:54 +01:00
Daniel Lockyer
4505b2f3f5
Cleaned up npmignore entries for Casper
- we ignore some files within Casper via the Core .npmignore, but this
  was outdated
- `.csscomb.json` and `.yarnrc` do not exist in the repo anymore
- `yarn.lock` should be added because this is the bundled theme files
  and we don't expect to be editing them again
2022-09-01 08:22:01 +01:00
Naz
945ebd4806
Fixed ERR_NOCK_NO_MATCH warning during test runs
refs https://github.com/TryGhost/Toolbox/issues/389

- The e2e test suite log was full of ERR_NOCK_NO_MATCH warnings when the logging level was set to "warn". The cause of this warning was legit duplicated webhook trigger processing on test environment. Gah!
- The source of duplicate webhook processing was duplication of event handlers. Event handlers were registered multiple times for same event because of the singleton nature of the "common/events" module - it remains the same instance and is not cleaned up between reboots. The deeper issue of events module initialization should be solved separately, this slightly hacky approach fixes the problem now and highlights it to be tackled in the future.
2022-09-01 12:25:47 +08:00
Naz
88e0ae892c
Fixed typo 2022-09-01 11:01:15 +08:00
Kevin Ansfield
41313f6993 Replaced emberx-file-input addon with in-app implementation
refs https://github.com/TryGhost/Team/issues/1734

- resolves some deprecations raised by the addon which has fallen out of regular maintenance
- we were largely overriding much of the addon so the additional code was minimal, most of the changes were from updating to modern patterns
2022-08-31 22:21:31 +01:00
renovate[bot]
36ac8ccb41
Update dependency knex to v2.3.0 2022-08-31 20:32:37 +00:00
renovate[bot]
87a97726c6
Update dependency human-number to v2.0.1 2022-08-31 19:21:36 +00:00
Daniel Lockyer
b376b0c4c9 Removed icon files from packaged tarball
refs 6290fd6deb

- following the referenced commit, all SVG icons should only be used
  with svg-jar and not externally loaded
- this means we are now shipping all the icon files in the packaged tarball, but
  they're unused once Admin is built
- this commit prevents the icons from being copied and bundled
2022-08-31 18:06:42 +01:00
Sanne de Vries
989c3ddd77 Fixed linting error 2022-08-31 16:57:13 +01:00
Sanne de Vries
6290fd6deb Cleaned up non-inlined usage of svg icons
No issue
2022-08-31 16:49:11 +01:00
renovate[bot]
405d1acec5 Update dependency @tryghost/express-test to v0.11.3 2022-08-31 16:42:28 +01:00
Sanne de Vries
bef49576ba Fixed svg titles appearing in tests
Refs 038600c350

- In the reference commit I update config so that svg titles are only removed in production. This causes them to show in tests which causes tests to fail. Config has now been updated to only include svg titles in development.
2022-08-31 16:10:23 +01:00
James Morris
2a198c367e Reverting back some changes to try and fix failed tests
no issue
2022-08-31 16:07:12 +01:00
Kevin Ansfield
5985316b01 Only show failed tests in Admin CI output 2022-08-31 15:53:27 +01:00
Sanne de Vries
e7c25f84df Deleted unused image files
No issue
2022-08-31 15:48:17 +01:00
Fabien 'egg' O'Carroll
2ff81cc5d3
🔒 Fixed rate limiting for user login (#15336)
refs https://github.com/TryGhost/Team/issues/1074

Rather than relying on the global block to stop malicious actors from
enumerating email addresses to determine who is and isn't a user, we
want our user login brute force protection to be on an IP basis,
rather than tied to the username.
2022-08-31 10:33:42 -04:00
James Morris
ae28cdffbb Fixed the test for new member page based on changes
no issue
2022-08-31 15:16:32 +01:00
Sanne de Vries
038600c350 Prettified markup and added titles to all SVGs 2022-08-31 15:02:12 +01:00
Daniel Lockyer
874c696893
Fixed showing actor icons for deleted actors
refs https://github.com/TryGhost/Toolbox/issues/356

- if an actor has been deleted, their icon would just be blank
- we want to show the default user icon
- to accommodate this, and to improve some code along the way, I've also
  added `include=actor` to the API request so we get the actor inline in
  the response instead of sending off another request
- I should really switch to using models + the store at some point to
  cleanup parsing all the API responses manually
2022-08-31 14:57:41 +01:00
James Morris
d5bf2027dc Improved the members table on mobile
no issue
2022-08-31 14:48:06 +01:00
Daniel Lockyer
c2b399fc2c Fixed warning about aborted connection in tests
refs https://github.com/TryGhost/Toolbox/issues/389

- if we enable warning logs in E2E tests, we get a bunch of error
  messages saying `ERROR Unhandled rejection: aborted` coming from the
  SQLite DB reset code
- specifically, it's coming from the line that resets the DB by copying
  the file
- this line was initially added because we would see random SQLite
  "malformed database" errors
- I have a feeling that was due to something else, but I can't be sure
- I'm also not sure how else we should shut the DB connection, as this
  is the recommended way but it throws an unhandled rejection
- this commit is a bit of a gamble because I'm not actually sure what
  was causing the problem, but it gets rid of the errors locally and
  doesn't regress on the random failures
2022-08-31 12:15:30 +01:00
Daniel Lockyer
f04666ef52
Removed Admin production build test
- this was originally added because we had an issue with a production
  build of Admin during a release
- since then, we've got a canary build that runs for every commit on
  `main`
- I think this test is superfluous now, so this commit removes it and
  saves ~6 mins of CI time per commit
2022-08-31 11:21:22 +01:00
Peter Zimon
6483a068d4 Fixed responsive bug for What's new page
refs. https://github.com/TryGhost/Toolbox/issues/356

- The updated What's new page contained unnecessary buttons with external links on smaller size screens
2022-08-31 11:58:29 +02:00
Daniel Lockyer
7a2f766668
Added logging configuration option for timestamps to use the local timezone
fixes https://github.com/TryGhost/Ghost/issues/15190
refs https://github.com/TryGhost/framework/pull/76

- log output always uses UTC timestamps, but it may be desirable to
  configure logs to use the local machine timezone
- a new config option has been added to `@tryghost/logging` so you can
  switch the logs to the local timezone
- this commit bumps the package and sets the default config option to
  `false`, so it doesn't suddenly change the timezone of the logs
- docs will be updated soon but if you'd like to use the
  timezone-altered timestamps, you can set `logging.useLocalTime` to
  `true`
- credits to https://github.com/levee223 for the implementation and PR
2022-08-31 10:29:55 +01:00
Daniel Lockyer
e897efe842
Moved bundling to the end of prepack steps
- in its current form, bundling will happen before we build Admin
- Admin complains because the version in its package.json for
  `@tryghost/members-csv` is different to the one linked in the monorepo
- by putting bundling at the end, we write the new package versions
  after we've already built Admin, so this issue should go away
2022-08-31 08:48:47 +01:00
renovate[bot]
5a359be582 Update dependency knex-migrator to v5.0.4 2022-08-31 07:36:17 +00:00
David Kolosowski
0c28fc2286
Removed BB dep from url service (#14939)
refs: #14882

- Usage of bluebird is deprecated in favour of using native promises
2022-08-30 17:23:47 +01:00
Daniel Lockyer
d7500e0ad1
Merged v5.12.2 into main
v5.12.2
2022-08-30 16:58:46 +01:00
Ghost CI
a2edc7ea1b v5.12.2 2022-08-30 16:58:26 +01:00
Simon Backx
8cd2b3182a
🐛 Fixed commenting on tier-only posts (#15333)
fixes https://github.com/TryGhost/Team/issues/1860

**Problem:**
Members were not able to comment on a post that was only visible for members with a specific tier.

**Causes:**
Content gating was done on models with missing relations.
- The products relation was not loaded on the member when doing content gating
- The tiers relation was not loaded on the post when doing content gating

**Tests:**
- Added for tier-only posts
- Added for paid-only commenting
2022-08-30 16:48:47 +01:00
Simon Backx
aec2badc6c
🐛 Fixed removing comped subscriptions for members with active subs (#15332)
fixes https://github.com/TryGhost/Team/issues/1859

**Problem:**
When for some reason a member has an active subscription (or legacy comped subscription) for product A, and a comped subscription for product B. You cannot remove comped subscription B.

**Fixed by:**
Updating the API to allow more flexible product changes on members.
- Allow the removal of (comped) products on a member, as long as that product doesn't have a related subscription
- (still) allow the addition of comped products to a member, as long as that member doesn't have other active subscriptions. This matches the existing behaviour, but now this is only checked for added products.
- Includes tests for these edge cases
2022-08-30 16:48:44 +01:00
Kevin Ansfield
80400fd303 Fixed linter error
no issue

- removal of unused import was missed after removing it's usage
2022-08-30 16:48:37 +01:00
Kevin Ansfield
bc185665a4 Removed use of ember-route-action-helper
refs https://github.com/TryGhost/Ghost/issues/14101
refs https://github.com/TryGhost/Team/issues/1734

- use of the helper was generating deprecation warnings when building Admin
- removed the single usage in favor of using `{{perform}}` directly on a controller task property as there was no need to go via the route
- changed naming of task properties to include a `...Task` suffix so it's clear when dealing with a task object
2022-08-30 16:44:50 +01:00
Kevin Ansfield
5bd66fd8b7 Migrated users.index controller to Octane patterns
refs https://github.com/TryGhost/Ghost/issues/14101

- dropped use of `{{action}}`
- dropped use of computed properties in favor of getters
2022-08-30 16:44:50 +01:00
Kevin Ansfield
5eec9c8ce2 Migrated <GhUserInvited> to Glimmer component
refs https://github.com/TryGhost/Ghost/issues/14101
2022-08-30 16:44:50 +01:00
Simon Backx
4282ead3a7
🐛 Fixed commenting on tier-only posts (#15333)
fixes https://github.com/TryGhost/Team/issues/1860

**Problem:**
Members were not able to comment on a post that was only visible for members with a specific tier.

**Causes:**
Content gating was done on models with missing relations.
- The products relation was not loaded on the member when doing content gating
- The tiers relation was not loaded on the post when doing content gating

**Tests:**
- Added for tier-only posts
- Added for paid-only commenting
2022-08-30 17:38:58 +02:00
Simon Backx
e7786ca482
🐛 Fixed removing comped subscriptions for members with active subs (#15332)
fixes https://github.com/TryGhost/Team/issues/1859

**Problem:**
When for some reason a member has an active subscription (or legacy comped subscription) for product A, and a comped subscription for product B. You cannot remove comped subscription B.

**Fixed by:**
Updating the API to allow more flexible product changes on members.
- Allow the removal of (comped) products on a member, as long as that product doesn't have a related subscription
- (still) allow the addition of comped products to a member, as long as that member doesn't have other active subscriptions. This matches the existing behaviour, but now this is only checked for added products.
- Includes tests for these edge cases
2022-08-30 17:36:52 +02:00
Sanne de Vries
dbfcc5a733 Deleted all unused svg icons 2022-08-30 15:36:46 +01:00
Daniel Lockyer
0b0401d593 v5.12.1 2022-08-30 11:56:45 +01:00
Fabien 'egg' O'Carroll
21e473ff78
🐛 Fixed newsletters not rendering with non-HTML safe chars (#15331)
Co-authored-by: Kevin Ansfield <kevin@lookingsideways.co.uk>
2022-08-30 11:26:01 +01:00