closes#1464
- adds opt-out via updateCheck:false in config.js
- update check is done on admin index, but doesn't interfere with rendering
- adds update check module, which gets the usage data, makes the request and handles the response
- adds two new settings to default-settings, one for next check time, and one for whether to show the notification
- adds a new rejectError method to errorHandling
- adds a new helper for displaying the notification
Conflicts:
core/server/helpers/index.js
core/test/unit/server_helpers_index_spec.js
throttle list
- once a user has successfully logged into ghost
they no longer are a malicious user and as such
their IP address should be removed from the
array of login attempts
- should also reduce the memory usage of Ghost
as the loginSecurity array gets pruned upon
every successful login
- this also fixes a race condition i was experiencing
during functional tests wherein i would receive
the login throttle message during regular testing.
Seems my machine is able to run casper fast enough
that it could complete each test under an amount
of time that tripped the login throttle message.
issue #1754
- remove path (it was only used once, and not needed)
- change webroot to subdir
- add unit tests for config.paths
- various other cleanup
- renamed client-side ghostRoot to subdir
- added url helper for client
covers 90% of #755
- moved ghost.settings to api.settings
- moved ghost.notifications to api.notifications
- split up api/index.js to notifications.js, posts.js, settings.js,
tags.js and users.js
- added instance.globals as temp workaround for blogglobals (Known
issue: blog title and blog description are updated after restart only)
- added webroot to config() to remove `var root = ...`
- changed `e` and `url` helper to async
- updated tests
Move helper functions registerThemeHelper and registerAsyncThemeHelper
to the helpers module.
Also update the app proxy object to reflect this new code location,
and the tests to reflect that as well
Create ./sore/server/filters which houses all filter related behavior.
Was previously on the ghost singleton.
Also create the filters_spec file for testing
and update all code and tests to use new code location.
Create ./sore/server/helpers/template which houses all template related behavior.
Was previously on the ghost singleton.
Also create the helpers_template_spec file for testing
and update all code and tests to use new code location.
Move ghost.mail instance onto the mail module directly
and update related code and tests to use new location
Move Polyglot instance onto require module directly
Move ghost.availablePlugins to plugins module directly
- changed cookieSession to session
- added session.regenerate for login and logout
- added bookshelf session store
- added session table to database
- added import for databaseVersion 001
- added grunt task test-api
- cleanup of gruntfile to start express when needed only
- moved api tests to functional tests
Closes#1471
- add api and User model methods for generating and validating tokens
- add routes and handlers for reset password pages
- add client styles and views for reset password form
- some basic integration tests for User model methods
issue #635
- upload controller shouldn't assume fs
- filesystem module proxies all the fs work
- proxies and exposes middleware for serving images
- creating a date based path and unique filename is a base object util
- unit tests updated
issue #1365
- added /*jslint unparam:true*/ to functions where absolutely necessary
- added /*jslint unparam:true*/ to functions in which keeping parameter
list added clarity to the underlying api, even when those parameters
are not currently used
- removed unused parameters in a few places
closes#952
- moved api.js to api/index.js
- added api/db.js for import and export functions
- moved /ghost/debug/db/export to GET /api/v0.1/db
- moved /ghost/debug/db/import to POST /api/v0.1/db
- removed /ghost/debug/db/reset
- added validation for import
- added constraints object to migration
closes#705
- uses the file type passed by express/connect
- relies on the type being set correctly by the browser upload
- doesn't reread the file to check
closes#502
part of #705
- copy the files but then remove the temporary ones
- moving instead of copying was problematic due to moving across devices
- still need to convert code to using promises
Fixes#798
- Now checks the request URL against a whitelist to determine whether the settings
page exists.
**Notes**
- This works in the short term, but a better solution for enumerating the available
settings views or centralising a list of recognised views that are available
to client side code, (the router and sidebar, among others) as well as the backend
controller will be required.
closes#733
- Exporter will read meta data to determine the tables which are present and export all data from those tables
- Exporter figures out which version to export, rather than requiring that information
- deleted old exporters
* Signup now focuses on 'name' on load
* Fixed fade in on auth forms to work with `display: table`
* The 'name' field is required on Sign up forms
* The length check on the Signup form is in order of inputs
* Added check for password length
* Changed the auth form class names to better represent individual pages
* Updated CasperJS tests
closes#619
- check if uploaded image name exists in month/year path
- if unique then save
- if not unique then add -1 to the end of the name eg. image-1.jpg
- if image-1.jpg exists then increment to -2
- keep going until a unique name is found
- uses tail recursion as normal path will be to save the first filename and deep recursion will be the exception
- (the alternative of loading the names of all the files in the directory could result in a large in memory array)
closes#603, issue #395
- Changed hard-coded 'JOE BLOGGS' to use author data
- We still had api calls loading data server side before rendering pages.. which is unnecessary.
- Only thing using this was editor title, which is now populated client side
- May improve content screen load time.
closes#618
- don't send a welcome email. This appeared to be breaking tests.
- make sure we handle errors from sending emails properly
- use promises when adding notifications
Closes#288
* I use SendGrid for sending the emails, and it works fine (provided you supply the correct credentials in `config.mail` in `config.js`)
* Generates a random 12 char long alphanumeric password, replaces user's pw, and sends an email about it.
- Made fail warning and button display none to reduce DOM content.
- Made toolbar red for fail not orange
- Fixed loading-cat which was persistent in cases of low bandwidth (particularly downstream)
- introduced validation method in the post and user model
- moved signup validation onto model
- consistent use of validation & error messaging in the admin UI
- helper methods in base view moved to a utils object
Closes half of #468
* adds a 2 second limit until you can retry logging in, otherwise sends you a 401.
* bounce: 2ms, checks the pw: 254ms on my machine
* added a test to the casper suite
Closes#374
* Included node-validator as a package
* Implemented server side validation (the client side js is a mess, need a LOT of work)
* Validates email address both on signup and login screens, gives error message on malformed email addresses
* Requires at least 8 chars of password
* Tells user if password is too short
* Tells user if no such user on login
* Tells user if wrong password on login
* Tells user if server responds with a 404 (goes away, dies, etc)
* Added middleware between req and login / signup for validation
Closes#354
* Reintroduced the redirect functionality (not logged in, tries to go to `/settings/user/`, is sent to `/login/` with info notification, after login user is taken to `/settings/user/)
* Reintroduced the "Successfully logged out" message
* Added middleware to scrub passive notifications from `ghost.notifications` after one use basically mimicing client side passive notifications
* Removed flash from everywhere. Even from package.json.
* Renamed flashed.hbs to notifications.hbs, modified default.hbs accordingly
* Added function to parse GET variables on client side
Closes#340. Closes#375
* Replaced session with id of current user
* Added method to ghostlocals to always send profile picture and full name to templates (template checks if falsy)
* Modified user saving (`forge().set(new).save()` died on me, `forge().save(new)` didn't)
* If user has profile picture, that will be used
* If user has name, that will be used
* Password changing doesn't care about your email. Uses cookies. Tasty!
* User pane uses current user id. Had to set path to me, otherwise goes to `browse` instead of `read`.
* Added logic to user api to check for `id === 'me'`, and then use the cookie value
* User data saves are now correct
* There is no logout error
Closes#282
* Added a new route
* Added new methods
* Triple security!
* Passwords are actually changed
* Also added a change password button, because 'save' has too much baggage.
On security: checks whether you're logged in. Then checks whether your old password is actually the one that belongs to you (gets value from the email field for the email, see caveat no2). Checks the new passwords for === and length > 6 on client and server side as well. And THEN changes passwords.
Caveats:
* didn't add a test, as mocha fails spectacularly on my machine. SQLITE_CORRUPT: database disk image is malformed. Cute, huh?
* Because we don't have / I'm not aware of / could not find a "currentuser" variable, I need to get the email address of the user we want to change from the email field. Theoretically if they replace that with another user's email address, and supply their pw, they will change THEIR password instead of their own.
issue #40 and issue #280
- Adds uploader jquery plugin
- includes settings for enabling/disabling upload progress bar
- adds routing for image uploads
- adds directories by year and month based on upload date
- Implements plugin on settings - general pane
- Implements plugin on editor
- adjusted general tab to save uploaded image src
TODO:
- Add error handling
- Storing information on editor
- Add events
- added line to index.js to set node_env to development if it is not set
- fixed a small bug with the persistent notifications and used them on debug page from server side
- added 002 files to manage export and import for 002
- 002 import is somewhat smarter than 001, merging settings (except version), replacing user & clearing primary keys
- added reset to models and migration, which does the down operation the same way that init does the up operation
- import and reset clear session & redirect to login / signup
- additional unit tests
Should close#37. There are persistent and passive notifications.
Persistent ones:
* are stored on `ghost.notifications`.
* have an api made to add / remove them with client side ajax logic (probably not the most elegant, but works)
* uses a modified `flashes.hbs` template
* will only disappear if user closes the bar
* stack
Passive
* added with backbone view / collection combo
* stack
* disappears on navigation and when user closes it
- This is a first pass at getting a more logical structure. The focus is on moving from admin/frontend to client/server.
- The location of the databases is highly important, this isn't expected to change again
In the future
- client/assets should probably become public/
- more stuff should be shared (helpers etc)
- cleanup some confusion around tpl and views
