Commit Graph

7972 Commits

Author SHA1 Message Date
Katharina Irrgang
217bc6914d 🐛 Fixed returning roles for the public user resource (#9039)
no issue

- this bug fix affects all endpoints for the public user access
- we allowed fetching `roles` via the public api by accident
- see our docs: https://api.ghost.org/docs/users)
  - we only allow `count.posts`
- returning roles via the public api exposes too many details
- this was never attentional
2017-09-25 11:18:23 +01:00
Hannah Wolfe
9da7b956d5 Permissions: code cleanup & basic unit tests (#9037)
refs #9043

- Split public-related and context code into logical components
- Split tests up to match
- Ensure we have 100% unit test coverage
- General cleanup
2017-09-25 11:17:06 +02:00
Vikas
e8f85fd3da 🐛 Fixed redirects upload for various browsers/systems (#9042)
closes #9036
2017-09-22 21:57:43 +02:00
kirrg001
436856f2ad Version bump to 1.9.0 2017-09-21 17:03:59 +02:00
kirrg001
cf409eb5c0 Updated Ghost-Admin to 1.9.0 2017-09-21 17:03:59 +02:00
Katharina Irrgang
d943fc7cc9 Allow Upload/Download of redirects.json (#9029)
refs #9028

- add two new endpoints for uploading/downloading the redirects (file based)
- reload/re-register redirects on runtime
- migration for 1.9 to add permissions for redirects download/upload
2017-09-21 16:01:03 +01:00
Katharina Irrgang
0fbf5e12b8 Tests: Sort out usage of content folder in tests (#9034)
no issue

- use latest casper in test fixtures
- never ever use the root content folder for tests
- if we start/fork Ghost for the tests, we use a tmp folder
- this change is required to for an upcoming PR (#9029)
- i've added a TODO to create a helper fn for stopping the ghost server, so we can cleanup the tmp folder

* Care about TODO's in our channels spec

- add the 1.4 compatible casper theme to fixtures
- so as soon as you start Ghost, the test env will provide the content folder in /tmp something with the activated latest default casper and the 1.4 compatible old casper
- there are tests which tests different logici e.g. pagination
- therefor we need a different theme, we are simply using our 1.4 casper
2017-09-21 15:05:35 +01:00
kirrg001
e3fb5b84c1 Updated Ghost-Admin: Enabled Unsplash integration by default 2017-09-20 12:46:50 +02:00
kirrg001
f478e4f9c8 🎨 Enabled Unsplash by default
refs https://github.com/TryGhost/Ghost/issues/8859

There are four cases:

- unsplash setting is empty (default), admin can enable the app by default (hardcoded isActive:true)
- unsplash settings are set, unsplash is disabled, admin detects that app was disabled on purpose
- unsplash setting is set, unsplash is enabled and has a key, app is enabled, old key get's ignored and overridden on the next save
- unsplash setting is set, unsplash is enabled and has no key, app is enabled
2017-09-20 11:44:47 +01:00
kirrg001
79fead5516 Removed private configuration endpoint
refs https://github.com/TryGhost/Ghost/issues/8859

- We don't need the config option for Unsplash anymore
- The private endpoint (/configuration/private) was introduced for Unsplash
2017-09-20 11:44:47 +01:00
Katharina Irrgang
edf2348394 Improved log output for welcome email error (#9016)
* Improved log output for welcome email error

no issue

- if Ghost is unable to send a welcome email, the server log printe a huge error log
- the reason was that each component wrapped the original error into a new error instance
  - so the stack grows and grows
- the golden rule should always be: the smallest/lowest component should instanitate a specifc error
  - the caller can expect to receive a custom Ghost error

* Tidy up error messages for mail failures and fix tests

- We never use "Error:" notation in our translations
- Make the error messages consistent and show a reason if possible
2017-09-19 14:24:20 +01:00
kirrg001
ca53a83569 Version bump to 1.8.7 2017-09-19 14:20:32 +02:00
kirrg001
d79fd0ea12 Updated Ghost-Admin to 1.8.7 2017-09-19 14:20:32 +02:00
Aileen Nowak
0ce24b48bd Moved published_at creation to fixtures/utils (#8595)
no issue

- follow-up from #8573
- bove the hack that creates published_at values from the migration fn to our fixture util
2017-09-19 12:54:01 +02:00
Katharina Irrgang
4ac34a7f33 🐛 Fixed api url for the ghost sdk (#9013)
no issue

- mirror LTS behaviour to master
- if your blog or admin url is configured to http, it's still possible that e.g. nginx allows both https/http
- that's why we should generate the api url without protocol in this case
- so it depends how you serve your blog, example:
  - blog url is http://example.com
  - generated api url for the sdk is //example.com (dynamic protocol allowed)
  - you serve your blog via https://example.com, protocol is https
  - you serve your blog via http://example.com, protocol is http
2017-09-18 16:28:22 +01:00
Katharina Irrgang
abb84d065e Improved debug logs for auth utils (#9015)
no issue

- reduce the debug logs
- it's okay to log the old token to delete, because this token is getting removed anyway
2017-09-18 16:23:47 +01:00
Katharina Irrgang
7b4c3fc085 Removed defunct Ghost OAuth code (#9014)
closes #8342

- no need to add a migration, because when we'released 1.0, OAuth was never an option
- it was disabled in April, 1.0-beta was released in June
- remove all remote authentication code
2017-09-18 13:01:58 +01:00
Aileen Nowak
1868285bed Version bump to 1.8.6 2017-09-14 18:43:20 +07:00
Aileen Nowak
9e8b46a6fa Updated Ghost-Admin to 1.8.6 2017-09-14 18:43:19 +07:00
kirrg001
18abb425fc 🐛 Fixed doubled query params for url/admin-url redirection
no issue

- express adds the query parameters to the `originalUrl`
- we have to ensure that we don't add the query params twice
2017-09-14 07:55:14 +07:00
kirrg001
79959d9581 🐛 Fixed public api access on custom domain
no issue

- if you blog runs on a custom domain, but your admin panel is configured using a different domain
  -> Ghost losts the origin header
- we had this situation once with pretty urls (your request get's redirected from /posts to /posts/, see https://github.com/TryGhost/Ghost/pull/8094)
- we've moved all our redirect logic to Ghost and ran into the same situation
- i've added proper test to ensure it won't happen again
2017-09-14 07:55:14 +07:00
Katharina Irrgang
85f8498bd6 🎨 Changed showing update notifications for minor/major only (#9009)
closes #9006

- this is a temporary fix to only show update notifications for minor/major releases
- the notification refactoring is in the pipeline, but not yet merged into 1.X/LTS, see https://github.com/TryGhost/Ghost/pull/8871
2017-09-13 18:12:41 +07:00
Katharina Irrgang
aef3d7f3f3 Tests: Fix one more random failure (#9004)
refs #7470

- this should fix https://github.com/TryGhost/Ghost/issues/7470#issuecomment-321016771
- the importer adds posts in parallel, but the tests read directly from the db without any order
- use findPage (findAll does not support order yet)
2017-09-12 16:51:40 +01:00
Hannah Wolfe
4237446277 Misc cleanup & consistency amends (#9002)
no issue

- Consistent naming for postLookup
   - makes it easier to search and inspect the various usages
- Cleanup unneeded code
- Make res.render calls more consistent
- add some consistency to the calls to res.render
- Remove ancient reference to dataProvider
- Let's call it models everywhere now...
- Use consistent formatting across the API
- we're no longer using alignment in vars
- Misc other consistency changes in API
- always refer to local utils as apiUtils
- logical grouping of requires - dependencies, utils, "lib common" etc
- use xAPI to refer to API endpoints, e.g. mailAPI, settingsAPI for clarity
2017-09-12 17:31:14 +02:00
kirrg001
2647b754d1 Tests: Improve random failures and optimise comment id tests
refs #7470

- the importer test causes problems with the order of posts
- the importer is greedy and tries to add data in parallel, but the tests simply fetch the raw data from knex without any order
- while i was improving the order problem, i found this amp/disqus edge case

Order Random Failure Example:

1) Import (new test structure) 1.0: basic import test keeps the value of the amp field:
      AssertionError: expected '59a952be7d79ed06b0d21128' to equal '1'
         + expected - actual
           -59a952be7d79ed06b0d21128
           +1
2017-09-12 16:29:59 +01:00
kirrg001
c99557d9a3 🐛 Fixed disqus comment id when exporting/importing 1.x content
no issue

- while i was testing random failures, i discovered an edge case for disqus
- you start a new 1.0 blog, you add disqus, the unique identifer is the post id (object id)
- now you export your content and import it on a new instance
- the importer detects that the amp field is null and imports the old object id as comment id
- but the post model is not prepared for this case
- see next commit for tests

**NOTE**: The comment id had two different data types (Number or String). Disqus expects a string. So this should not change any behaviour, now that the comment_id is always a string.
2017-09-12 16:29:59 +01:00
Aileen Nowak
4a1f1f5a9f Version bump to 1.8.5 2017-09-12 20:30:11 +07:00
Aileen Nowak
90f3cf9eaf Updated Ghost-Admin to 1.8.5 2017-09-12 20:30:11 +07:00
Aileen Nowak
a45a91c906 🐛 Fix invalid image URLs not being cached and causing timeouts (#8986)
refs #8868

* 📐  Use request util in image-size
- swapped the usage of `got` for requests with the request util

* 💄  Use catch predicates
- Uses catch predicates instead of conditionals in `getImageSizeFromUrl`
- Return `NotFoundError` if applicable in `getImageSizeFromFilePath` as the caller function `cachedImageSizeFromUrl` is differentiating those between this error and others.

* 🐛  Fixed ImageObject URL & simplify no protocol URL logic

- Using `ImageObject` as a global var resulted in having the `url` property being the same for all requests coming in.
- The logic that checked for an existing protocol (e. g. gravatar URLs) was overly complicated. Refactored it to be more simple.
- Passing the correct value to `fetchDimensionsFromBuffer` as the population of `imageObject.url` happens there. These are used in our structured data and need to be full URLs (in case of locally stored files) or the original URL (in case of URLs missing the protocol)
- Added two more debug logs in `getCachedImageSizeFromUrl` so it's logged when an image is added to the cache even tho it was returned as error.

* 👀  Differentiate error codes between request and storage

* 🔥  Remove not needed `Promise.resolve()`

We're always resolving the result in `getCachedImageSizeFromUrl`, so there's no need to return the values with a `Promise.resolve()`. The caller fn uses waits for the Promises to be fulfilled.

* ☂️  Wrap already rejected predicate errors in catch all

* Use errorDetails instead of context

* ☂️  Support /assets/ image paths

- adds a guard that checks the image URL for `/assets/` in the beginning and passes a completed URL to the request util to try and fetch the image size
- adds tests
2017-09-12 12:53:18 +01:00
Aileen Nowak
40a66f650a Upgrading Casper to 2.1.2 2017-09-12 18:48:27 +07:00
Katharina Irrgang
add9e541c2 🐛 Fixed private blogging leaking post information (#8999)
* 🐛  Fixed private blogging leaking post information

closes #8990

- a condition in the private blogging app redirected rss && sitemap to 404, which can possibly leak content
- remove this condition and ensure we always redirect to /private

* lint 😋
2017-09-11 14:09:19 +01:00
Katharina Irrgang
7e211a307c 🐛 Fixed custom redirects with query/search params (#8998)
closes #8997

- improved the logic for custom redirects
- added more tests
2017-09-11 13:20:29 +01:00
Hannah Wolfe
45fd2d437f Properly return a bluebird promise (#8988)
refs #8980

- ☹️ apparently this is actually the only way
2017-09-07 20:48:20 +07:00
kirrg001
f320af4534 Version bump to 1.8.4 2017-09-07 14:45:56 +02:00
kirrg001
a0e4edae89 Updated Ghost-Admin to 1.8.4 2017-09-07 14:45:56 +02:00
kirrg001
86300f605e Upgrading Casper to 2.1.1 2017-09-07 14:36:40 +02:00
Aileen Nowak
6c216b81be Request util to wrap got library (#8980)
no issue

This PR includes a new util which wraps the `got` library. It is not used in the codebase yet, but tested with `image-size` util:
- wraps `got` request library in its own `request.js` util that returns bluebird promises and validates URL before starting a request
- adds tests
2017-09-07 12:17:24 +01:00
Hannah Wolfe
cdf6a10490 ghost_head improvements (#8983)
no issue

- Added debug statements to ghost_head
  - useful for determining how much render time is spent in ghost head
- Make promises more readable
- Used join instead of props for less code
2017-09-07 12:59:02 +02:00
Aileen Nowak
c64c56f1dc Add redirect test back for image-size test 🙈 (#8984)
no issue

Adds redirect test back, which was accidentially removed with PR #8900
2017-09-07 10:36:29 +01:00
Aileen Nowak
56d64e53bf Logging for image size (#8978)
no issue

- added debug logs to image size util and related fn:
    - when fetched via network request
    - when fetched from storage
    - when added to cache
    - when read from cache
2017-09-07 10:34:10 +01:00
Hannah Wolfe
6c47285bba Added error handling for ghost_head (#8982)
refs #8945

- Ensure that errors in ghost_head are logged
- Render some content despite the error!
2017-09-07 09:29:44 +02:00
John O'Nolan
d04e0f3a0c Remove wishlist links (#8981)
No issue

The uservoice wishlist has been pretty inactive and neglected for quite a long time now. Removing links to it from Ghost is the first step toward retiring it. We're still listening to user feedback in order to determine the Ghost roadmap, but simplifying the process around it.
2017-09-07 09:04:33 +02:00
kirrg001
37ad4004f2 Version bump to 1.8.3 2017-09-05 20:36:02 +02:00
kirrg001
16a4440c92 Updated Ghost-Admin to 1.8.3 2017-09-05 20:36:02 +02:00
Katharina Irrgang
d460cf1291 🐛 Fixed post scheduling (#8976)
closes #8975

- recursive logic was broken
- caused via bf47397ac2
2017-09-05 19:23:11 +01:00
Hannah Wolfe
69657a1ac6 Keep the original error in registerAsyncTheme (#8977)
refs #8945

- pass the original error as part of the errorDetails
- improves logging, so we know what really went wrong
- for debug purposes - can be removed at some point
2017-09-05 20:11:59 +02:00
Katharina Irrgang
71cee504c2 Added default logging rotation config (#8974)
no issue

- define `period` and `count` in our defaults.json config
- advantage: easier access and better overview how logging is configured by default
- period is 1d and count is 10
2017-09-05 17:25:20 +02:00
Katharina Irrgang
1fe87a6110 Tests: Stub image request for dimensions (#8973)
no issue
- test cases were trying to fetch image sizes for `localhost:port/favicon.ico` but no server is running so they time out
- stub the `getImageSizeFromUrl` method so it resolves instantly
2017-09-05 16:24:04 +01:00
kirrg001
5c2e1161f6 Version bump to 1.8.2 2017-09-05 14:17:34 +02:00
kirrg001
6cb6bba285 Updated Ghost-Admin to 1.8.2 2017-09-05 14:17:34 +02:00