Commit Graph

1493 Commits

Author SHA1 Message Date
Daniel Lockyer
1dd83e1a0f Added Ghost Explore endpoint
- this new endpoint returns a special set of data for use in Ghost Explore
2022-07-11 16:48:40 +01:00
Kevin Ansfield
fc381b7626 Added comment CRUD+Moderate permissions
refs: https://github.com/TryGhost/Team/issues/1664

- added permissions for comments, including updating test fixtures

Co-authored-by: Simon Backx <simon@ghost.org>
2022-07-08 15:46:11 +02:00
Kevin Ansfield
b88212b603 Added comments_enabled setting
refs https://github.com/TryGhost/Team/issues/1664

- comments are disabled by default, but can be enabled on any site
2022-07-08 15:46:11 +02:00
Kevin Ansfield
301ae61aa9 Added users.comment_notifications field
refs: https://github.com/TryGhost/Team/issues/1668

- temporary solution until `user_settings` table is in place
2022-07-08 15:46:11 +02:00
Kevin Ansfield
fa59286eff Added comment related fields to members table
refs https://github.com/TryGhost/Team/issues/1664

- `last_commented_at` - to be used for filtering members list in Admin
- `bio` - short field used to show a "title" or similar context alongside name when commenting
- `enable_comment_notifications` - setting for turning on/off email notification of comment replies
2022-07-08 15:46:11 +02:00
Kevin Ansfield
a78eed1799 Added comment_reports table creation migration
refs https://github.com/TryGhost/Team/issues/1664

- new table to handle moderation reports on comments. This is not a join table, so it is comment_reports, rather than comments_reports
2022-07-08 15:46:11 +02:00
Kevin Ansfield
959786b71f Added comment_likes table creation migration
refs https://github.com/TryGhost/Team/issues/1664

- new table to handle likes on comments. This is not a join table, so it is comment_likes, rather than comments_likes
2022-07-08 15:46:11 +02:00
Kevin Ansfield
799a42062c Added comments table creation migration (#14998)
refs https://github.com/TryGhost/Team/issues/1664

Field notes:

- `parent_id` - used for nested comments but will be limited to 1 level in app-level validation
- `member_id` - when a member is deleted for now the member id is kept but in the future may be removed, hence `nullable: true`
- `status` - "hidden" status will be used when a staff user hides a comment, "deleted" is used when a comment author deletes
- `html` - will store pre-sanitised html
- `edited_at` - used to show an "X edited at Y" note when displaying comments, separate to `updated_at` because changing the status would also change `updated_at` but shouldn't show the "edited at" UI
2022-07-08 15:46:11 +02:00
Daniel Lockyer
6d521cc14c Added migration for Ghost Explore permissions
- this adds permissions so the Ghost Explore integration has permission
  to access the `/explore/` endpoint
2022-07-08 11:54:31 +02:00
Daniel Lockyer
3747df1bc8
Added migrations for Ghost Explore integration and API key (#15011) 2022-07-08 09:55:58 +02:00
Rishabh
ecce576bc8 Updated sodo search script to include admin url
refs https://github.com/TryGhost/Team/issues/1665

- sodo search script only needs the admin url for fetching data from content api
- removes site url and updates the main url to use admin domain
2022-07-07 11:01:21 +02:00
Ronald Langeveld
2bf4344a63
🐛 Fixed API excerpt field issue (#15005)
* 🐛 Fixed API excerpt field issue
ref https://github.com/TryGhost/Ghost/issues/10396

This fix now allows the API user to add field `excerpt` without the need for `plaintext` as format.
Also added new tests for these functions.
* Added new logic that takes `custom_excerpt` into account if all posts gets queried.
* Removed limits in excerpt & plaintext post.
* Updated snapshot.
2022-07-06 17:57:04 +02:00
Ronald Langeveld
9e8bbc028d Revert "migrated excerpt fix"
This reverts commit 35ab123499.
2022-07-06 12:42:22 +02:00
Ronald Langeveld
f20618679a Revert "fixed linting"
This reverts commit bb509ee02c.
2022-07-06 12:42:13 +02:00
Ronald Langeveld
e8306ffa29 Revert "Revert "Updated sodo search test script with version data""
This reverts commit 7c1ef4ecd0.
2022-07-06 12:41:42 +02:00
Ronald Langeveld
7c1ef4ecd0 Revert "Updated sodo search test script with version data"
This reverts commit 7cb37d9091.
2022-07-06 12:28:10 +02:00
Ronald Langeveld
569e16ee1d Revert "updated snapshots"
This reverts commit 4f43c52637.
2022-07-06 12:24:41 +02:00
Ronald Langeveld
4f43c52637 updated snapshots 2022-07-06 11:07:06 +02:00
Ronald Langeveld
bb509ee02c fixed linting 2022-07-06 11:07:06 +02:00
Ronald Langeveld
35ab123499 migrated excerpt fix 2022-07-06 11:07:06 +02:00
Rishabh
7cb37d9091 Updated sodo search test script with version data
refs https://github.com/TryGhost/Team/issues/1665

- sodo search now includes version data in config to allow fetching css directly
2022-07-06 10:47:07 +02:00
Naz
b996eadbd4 Renamed sodo search identification attribute
refs https://github.com/TryGhost/Team/issues/1665

- The search script should be uniquiely identifiable in DOM. Previously element for portal scipt element and search element both had `data-ghost` attributes` for identification. Having `data-sodo-search` makes naming unique
2022-07-04 16:44:01 +02:00
Naz
f6b2a83761 Added sodoSearch script output from ghost_head helper
no issue

- The sodoSearch needs to be injected into rendered HTML the same way portal scripts are.
- The feature is behind a `sodoSearch` alpha flag, so the scripts are injected conditionally
2022-07-04 16:44:01 +02:00
Hannah Wolfe
ab0dc4769c
Removed straggling canary naming from comments
- we no longer have a versioned API, just an API :)
2022-07-04 15:44:58 +02:00
Kevin Ansfield
3da839e80e Fixed unit tests failing on unknown helper
refs dc49871837

- added the `comments` helper to the experimental helpers list
2022-07-04 15:42:18 +02:00
Kevin Ansfield
8b2ba86909 Updated labs API snapshot
refs 46669c7036

- API output changes when labs flags are changed so snapshot needs updating to match
2022-07-04 14:13:43 +02:00
Naz
4e539137be Fixed broket test
refs 911ce4f29e

- Fixed the settings snapshot for a news labs flag
- Long term we should look into making the labs property match dynamically as it is updated quite often. We'll forget to update this snapshot!
2022-07-04 17:23:27 +08:00
Daniel Lockyer
c50658953c Renamed API canary/ folder to endpoints/
- now we only have one API version, it doesn't make sense to keep
  "canary" around
- renaming it to `endpoints/` makes more sense for this
- this commit renames the `core/server/api/canary/` folder to
  `core/server/api/endpoints/`
- it also fixes the naming in test titles and the various other places
  we relied on this
2022-07-04 11:14:37 +02:00
Fabien "egg" O'Carroll
b82dc7ae7c 🔒 Fixed RCE exploit with date helper & locale setting
refs https://github.com/TryGhost/Ghost/security/advisories/GHSA-7v28-g2pq-ggg8

A vulnerability in an upstream library means an attacker can abuse locale input
to execute arbitrary commands from a file that has previously been uploaded
using the file upload functionality in the post editor.
2022-06-14 22:50:22 -04:00
Matt Hanley
859d49626c
Updated mapping for stripe_products when product import is skipped (#14965)
refs d63e9256ea

- Following the ref'd commit, when migrating a site the default and free tiers would be skipped because they exist by default in the new site
- As the product is skipped, we don't have the ID available in the imported data to map the stripe_product to
- If the stripe_product isn't mapped, imported members won't be mapped to the correct tier
- This commit adds a lookup for the product by name and slug to restore the correct stripe_product mapping

Co-authored-by: Simon Backx <simon@ghost.org>
2022-06-03 17:31:53 +01:00
Matt Hanley
d63e9256ea
🐛 Fixed duplicate tiers being created on import (#14964)
- When importing tiers, duplicate tiers were being created with different slugs
2022-06-03 15:02:44 +01:00
Naz
b536cf5d9c Added e2e test coverage for post.added event
refs https://github.com/TryGhost/Toolbox/issues/320

- Wanted to verify if multiple webhook snapshot tests would play nicely together. They did!
- Also having few tests of the same type allows to detect patterns that could be extracted and reused later :)
2022-06-03 14:56:55 +08:00
Naz
9c3ed1a1f5 Added a hacky matcher to overcome 404 URL problem
refs https://github.com/TryGhost/Toolbox/issues/341
refs https://github.com/TryGhost/Toolbox/issues/320

- The snapshot for post's url property is causing test flakyness. The reason is due to the async nature of url processing in the URL Service (https://github.com/TryGhost/Ghost/issues/10360). Once the underlying issue is solved this hack could be removed.
- Having a snapshot tes even in this form is better than having none!
2022-06-03 11:57:39 +08:00
Naz
3c7271ab76 Fixed post.published event test suite
refs https://github.com/TryGhost/Toolbox/issues/320

- Updated the test suite to use updated webhookMockReceiver.mock method and corrected previously incorrect snapshot
2022-06-03 11:57:39 +08:00
Naz
041a32934a Added webhook fixute utils
refs https://github.com/TryGhost/Toolbox/issues/320

- There will be more webhook e2e tests coming which require easy webhook fixture creation
2022-06-03 11:57:39 +08:00
Naz
c7e833545b Extracted webhook mock receiver into a package
refs https://github.com/TryGhost/Toolbox/issues/320

- Following the rule of having minimum code changes in the Ghost core codebase. This module belongs to "framework" along with other testing tools anyway.
- The bump includes a noteworthy changes - the "snapshotManager" was extracted into a separate exposed property of express-test API (maybe should be even it's own separate concept eventually, for now exposing it was enough). "snapshotManager" had to be exposed to be able to pass it to the webhook mock receiver - to use same instance configured with mocha hooks. snapshotManager has to be a singleton in the system to configure snapshots correctly through mochaHooks.
2022-06-03 11:57:39 +08:00
Naz
0f4aeaaa80 Added basic framework for webhook e2e tests
refs https://github.com/TryGhost/Toolbox/issues/320

- This is an **MVP** to be able to intercept and match webhook request
snapshots. The concept is similar to the one used in API E2E tests using
same "matchBodySnapshot" and other "match*" methods to test the webhook
**request** data
- Next up here would be:
1. Header matcher
2. Mocking more than one webhook (and doing something nicer with the way
the fixture data is inserted, does this logic belong to the mock-receiver?
2022-06-03 11:57:39 +08:00
Naz
c9758112b3 🐛 Fixed an error when updating a user
closes https://github.com/TryGhost/Team/issues/1655
refs https://github.com/TryGhost/Ghost/commit/4bc14d2c4

- The API should always accept the input it returns. In this case it did not accept the input when it contained an unchanged roles property
- The problem here came from the referenced commit where we can now end up in the situation when the `roleToAssign` is just empty. It was an optimization to prevent a need to do ANY DB operation when none was needed.
2022-06-02 12:13:27 +01:00
Fabien 'egg' O'Carroll
6c455dc1f2
🐛 Fixed Stripe Checkout for Members w/ existing subscriptions (#14953)
refs https://github.com/TryGhost/Team/issues/1526

This adds a check for existing subscriptions for a member associated with the
email addressed used for Stripe Checkout, if any are found the Checkout Session
creation fails and responds with a 403.

We've also updated the error handling for the create-stripe-checkout-session
endpoint so that it follows the existing Ghost API patterns.
2022-06-01 15:53:05 +01:00
Simon Backx
c32b1baa9b
Added support for publishing email only posts by setting status to sent (#14950)
no issue

If you try to publish a draft email only post by setting the status to sent, you won't receive an error but the email won't get sent. This is because we don't support this behaviour. This is very counter-intuitive when writing the documentation, so I've patched this behaviour and added some more tests.
- When setting the status to `sent` for not email only posts, the post status will be set to `published` without warning
- Also published_by was not set correctly in the past. This is also fixed and has new tests.
2022-06-01 14:53:55 +02:00
Naz
4bc14d2c4b 🐛 Fixed invalid user role assignment
closes https://github.com/TryGhost/Toolbox/issues/351

- When an invalid value was passed in `roles` parameter when editing a user it resulted in incorrect database state (all roles appeared to be unassigned from the user).
- The fix includes ability to set user role by an allowed name, one of:  'Administrator', 'Editor', 'Author', 'Contributor'.
- Also added a validation in case a non-ObjectID value is passed in roles to the users edit method.
2022-06-01 17:48:08 +08:00
Naz
29e5d08210 Refactored Admin API test agent to use async/await
no issue

- Improves readability of what's going on in the code.
2022-06-01 17:48:08 +08:00
Simon Backx
a30e42404b
Added getLazyRelation model helper method (#14943)
closes https://github.com/TryGhost/Team/issues/1626

- getLazyRelation is a safer shorthand for `model.related('relationName').fetch()`
- prevents doing a `fetch` operation on a relation that is already loaded, which can cause issues when `formatOnWrite` has a custom implementation
- uses the already loaded relation if it exists, or loads the relation
- doesn't reload if already loaded
- reload is forceable using the forceRefresh option
2022-05-31 13:21:53 +02:00
Simon Backx
9d21a14b4b
Added integration test for MEGA.sendEmailJob (#14944)
closes https://github.com/TryGhost/Team/issues/1632
2022-05-30 15:41:02 +02:00
Simon Backx
da8cb5c078
Added possible fix for random test timeouts
no issue

Some tests timeout for an unknown reason. This commit adds some missing awaits for async test methods (that don't perform any async operation, but are marked as async).
2022-05-30 15:00:55 +02:00
Simon Backx
a051ab3b69
🎨 Reduced favicon requirements and added image formatting (#14918)
fixes https://github.com/TryGhost/Team/issues/1652
fixes https://github.com/TryGhost/Ghost/issues/13319

**Image formatting**
Added support for changing the format of images via the `handle-image-sizes` middleware (e.g. format SVG to png, jpeg, webp)

This change was required:
- Not all browsers support SVG favicons, so we need to convert them to PNGs
- We can't fit image resizing and formatting in the `serve-favicon` middleware: we need to store the resized image to avoid resizing on every request. This system was already present in the `handle-image-sizes` middleware.

To format an uploaded image:
- Original URL: https://localhost/blog/content/images/2022/05/giphy.gif
- To resize: https://localhost/blog/content/images/size/w256h256/2022/05/giphy.gif (already supported)
- To resize and format to webp: https://localhost/blog/content/images/size/w256h256/format/webp/2022/05/giphy.gif
- Animations are preserved when converting Gifs to Webp and in reverse, and also when only resizing (https://github.com/TryGhost/Ghost/issues/13319)

**Favicons**
- Custom favicons are no longer served via `/favicon.png` or `/favicon.ico` (only for default favicon), but use their full path
- Added support for uploading more image extensions in Ghost as a favicon: .jpg, .jpeg, .gif, .webp and .svg are now supported (already supported .png and .ico).
- File extensions other than jpg/jpeg, png, or ico will always get transformed to the image/png format to guarantee browser support (webp and svg images are not yet supported as favicons by all browsers).

For all image formats, other than .ico files:
- Allowed to upload images larger than 1000px in width and height, they will get cropped to 256x256px.
- Allowed uploading favicons that are not square. They will get cropped automatically.
- Allowed to upload larger files, up to 20MB (will get served at a lower file size after being resized)

For .svg files:
- The minimum size of 60x60px is no longer required.

For .ico files:
- The file size limit is increased to 200kb (coming from 100kb)
2022-05-27 16:36:53 +02:00
Hannah Wolfe
8177e36242
Cleaned snap files (#14921)
- This PR was created by deleting all .snap files & running the tests
- The result is that all tests that have been removed or renamed have had their now-unused snaps deleted
2022-05-26 17:11:32 +01:00
Simon Backx
ad349bb3a5
Removed GA feature flags (#14915)
refs https://github.com/TryGhost/Team/issues/1616

- Removed all GA feature flags
- Removed `tweetGridCard` alpha flag
- Changes to `members-api` and `members-importer` packages: https://github.com/TryGhost/Members/compare/%40tryghost/members-api%408.1.1...%40tryghost/members-api%408.1.2
2022-05-26 09:54:30 +02:00
Naz
939496487d Removed subscriber-related webhook fixtures
refs https://github.com/TryGhost/Toolbox/issues/308
refs 0f5c22a38d

- There is no concept of "subscriber" in the codebase any longer. Keeping removed webhooks around does not make sense
2022-05-26 14:45:36 +08:00
Fabien 'egg' O'Carroll
4217e2571f
Included monthly_price,yearly_price&benefits defaults for Content API (#14912)
We have to update the output serializer to only clean includes for the
Admin API, so that these includes aren't stripped for not being in the
original include query param.

This also rejigs the other Content API only logic to sit together in
the input serializer.
2022-05-24 16:38:25 +01:00