closes#5283
- due to the changes with the api call in pr #5159 the email address wasn't showing up
- modified the api call to fetch user data to pass the context object to the toJSON object
closes#4322
- removes verifying "sections" of permalinks in favor of checking the url returned with the post
- fixes unit tests to define post.url in mock post requests
issue #5259
- removes the colors dependency
- adds in chalk dependency, and migrates everything to use that
- reduces some specs now that the log calls are cleaner
refs #5286
- split cache control middleware into its own file
- split out cache control tests
- add new mochacli command for running just middleware tests
closes#4778
- If import contains an owner that does not match original owner they are downgraded to admin
- Change error message for locked users to more generic message to account for imported users
- Adds duplicated user test
- Process Roles and maps import roles to db roles
- reduces export files in test fixtures
temp commit
closes#4782
- Still achieves the same goal of stripping out reserved characters
- Changes from removal to replacement
- This helps word separators from being removed
- Apostrophes (') are unaffected
refs #5205
- Ensure that pages are treated the same as posts in meta_title, add test
- Added a private-template body class for the private context, add test
- Added a missing test to is_spec.js
refs #4993, #5073
- Removed nonexistent helpers siteDescription and bodyClass from admin templates
- Changed password.hbs to private.hbs to match the route name
- added a new input_password helper for rendering the password input with the correct properties
- removed the forward input as this can be handled via urls only
- moved 'private' to routeKeywords
- added 'private' context
- minor update to text next to the password in settings
refs #5202
- this is just a stopgap to deliver minor improvement short term,
- longer term we will do the work to refresh refresh tokens & switch this to a month
Refs #5097
- All drafts will show a preview link (this needs real css)
- Published posts will redirect
- prev/next post helpers only activate on published posts
- Powered by ~10 pints between the two of us (@ErisDS, @novaugust)
Closes#5155
- If the theme that has been set to active is missing, set
a default express-hbs instance on the express app and allow
middleware processing to continue so that the admin client can
be accessed.
- Log a warning when this happens.
- Fix issue where frontend error page was not being rendered
correctly.
closes#2559
- Added res.locals as a second parameter to the prePostsRender filter
call.
- This allows accessing the relative url and makes it possible to
react to certain urls.
fixes#5177
- this combined with a change passing options through to toJSON results in a really flukey bug with next/prev
where the name option from the helper clashes with a name option inside of toJSON
fixes#5177
- we now pass API/model options directly to toJSON, which is unsafe as these options haven't always been filtered before they are passed.
- this fix adds a filter so that toJSON only uses the options it needs
- additionally, rename the 'name' option to something more specific to prevent clashes
refs #2330
- Pass through `options` to all toJSON calls on posts, tags, and users
- Use options.context.user to determine whether it's OK to return user.email
- Remove author.email handling code from frontend.js
no issue
With the introduction of the prev/next helpers (and soon, get helper) we can no longer make any assumptions
about exactly which pages need to be cleared from the cache when a post is published/unpublished.
refs #5091, refs #2263
- Move rss handling out of the frontend controller and into its own module
- Separate the code into logical blocks
- Wrap the generation code in a in-memory cache to prevent it being regenerated on every request
Closes#4677
- Tests if page is first page or paginated
- Adds relevant structured data to index/tag/author page
- Does not add structured data on paginated pages
- For author structured data, cover image overrides image
- blog cover image is made absolute by image helper
- Tests updated to use regular expressions and new tests
refs #2263, #4888
- Adds media:content element to Ghost Rt pSS feeds containing the post cover image if one is available
- Removes the prepending of the image to the `<description>` field
- Keeps the prepending of the image in `<content:encoded>`
fixes#5104, refs #4348, #2263
- Create a centralised event module
- Hook it up for posts, pages, tags and users
- Use it in sitemaps instead of direct method calls
- Use it for xmlrpc calls
- Check events are fired in model tests
- Update sitemap tests to work with new code
- Fix a bug where invited users were appearing in sitemaps
- Move sitemaps and xmlrpc into a directory together
closes#5066
- fix a problem that user model will fail to save if mysql has option of
STRICT_TRANS_TABLES
- add a parent call in user.format override function, which should fix
dateTime format before user saved.
refs #2263
- Switch content type back to text/xml
- Use content:encode for full content
- Use meta description or first 50 words of content for description
closes#4799
- Adds a prev_next helper method called by {{prev_post}} and {{next_post}}
- Shows correct template for if and else blocks
- Adds unit tests
closes#4850
- fixed `meta_description` and `meta_title` when used within a `{{#foreach}}`
- `meta_description` and `meta_title` now depend upon the current context
to get the right string (author bio, tag description, ...).
Note: `ghost_head.js` and `ghost_head_spec.js` have been touched to add
the required context information when calling the helpers.
Closes#5033
- Added unit tests for the nav context of urlFor
- Fixed issue in the nav context of urlFor where subdomains of blog url were truncated
- Fixed issue in the nav context of urlFor where there was sometimes an extra preceding /
no issue
- We already maintain our own fork of showdown, this moves our custom extensions to our fork
- Code duplication is removed
- Tests are also moved to the other repo
- see core/client/lib/assets-delivery/index.js for how this is done
- Turn off ember-cli fingerprinting
- ember-cli 0.2.0; Update .npmignore
- Fallback to old version of ember-cli-sass due to lib-sass errors
- Keep ember-data at beta-14.1 until we find the dep that's breaking on snapshot.attr
- Fix release task to ignore blank lines in .npmignore
fixes#4364, refs #4439, refs #4799
- Update express-hbs to 0.8.5
- Use preventIndent option onCompile
- Update registerAsyncHelper to support passing through options when needed
refs #4989
- this allows users to enter mailto and output links via the navigation UI
- the navigation validation/cleanup needs a bit of a refactor to handle other kinds or URI, so leaving #4989 open for now
Closes#4888
We automatically added a trailing slash to all non-absolute paths in
RSS, including post images. This fix ensures that trailing slashes
aren’t added to absolute paths including ‘content/images/‘.
no issue
- It should not be possible to provide a different ID in the object being edited to that provided in the URL
- We now send the id to check object to ensure there is a match
Credits: Matteo Beccaro
closes#4541
- Add role="presentation" to <li>
- Clean up space if nav-current isn't present
- Changed all internal references from nav to navigation for consistency
- Deleted old nav.hbs
- Updated tests
closes#4541
creates a handlebars helper with behavior matching the spec in #4541 and
updates `frontend.js` to include the navigation data in the rendered page
context.
- checks for {{current}} against `relativeUrl`
- adds helper `getSiteNavigation()` which returns contents of
`api.settings.read('navigation')`, or an empty list
- navigation helper is responsible for filtering and consistently formatting
navigation data from settings.
- changes `frontend.js`'s `formatResponse` & `formatPageResponse` to return
a promise with page data and updates frontend controllers to use it.
- `formatPageResponse` now includes a third parameter to allow values to be
merged into the page response (rather than using `_.extend` in the
render methods directly.
- {{navigation}} will render an empty `ul` if no navigation items exist
- incorporates {{url}}/urlFor behavior for nav contexts. (see #4862)
- uses {{url absolute="true"}} in default nav template
Closes#4540
- Implements drag & drop to reorder navigation items
- Adds a `sort` property to navigation items
- Adds a tiny library to enable touch events for drag & drop. It hooks onto jQuery UI.
- Sort nav items before being saved
- Adds `settings-view-navigation` to route for body class
needed for #4852
Before this, calling `{{url}}` with a nav context from #4541 would
output `/`. This adds a check in `urlFor` that looks for keys in a
nav context object, namely `slug`, `current`, `label`, & `url`.
This change allows for a url to pass through if used in a nav context.
* adds `schema.isNav()`
* adds tests to `url_spec.js`
* handles absolute urls correctly even if `absolute=true`
Closes#4792
- Made priority be 0.8 (as it currently is) for standard posts
- Made featured posts have a priority of 0.9
- Split the current test into two to check both above scenarios
- Code was moved to core/server/middleware/middleware.js, which is the
home for unit-testable middleware.
- Functional code coverage for this code also exists at:
test/functional/routes/admin_test.js
No Issue
- Set 'status: all` when calling generateSlug from the user model
so that all user slugs are checked for duplicates instead of
only active users.
closes#4262
- implementation based on #1545
- added integration test. Modified mocked posts because code requires published_at timestamps to be different.
- fixed 2 broken tests that depended on mocked posts to have "new Date()" as their timestamps
- added checks to only query db if next/previous post requested
no issue
- We send emails from Blog Title <ghost@blog-url.com>, but it should be from "Blog Title" <ghost@blog-url.com>
- It worked fine without quotes unless you have a comma in your Blog Title in which case different mail systems get confused in different ways
closes#4691
- adds a file handler for markdown file (.md and .markdown)
- handles titles and featured images
- gets status, date, and slug from the filename
- has a test suite
closes#4770
- Check for Gravatar now allows the highest rating for images
- Defaults to silhouette in the event a user deletes their Gravatar
- Allows highest rating for Gravatars (x), since Ghost should have no opinion on image ratings.
ref #4608, #4609, #4690
- fix errors with cleaning up files
- improve handling of base directories, and introduce a simple valid format for zips (must contain importable files or folders, and may contain up to one base directory)
- vastly improve test coverage
closes#4741
- updated regexp to properly filter out footnotes without removing too much text
- happened only when a link was used before a footnote
- old regexp was too 'greedy' and removed regular link together with the footnote
- new regexp uses a more specific <a> tag
Closes#4697
- Run tag add operations in sequence instead of in parallel
since generateSlug will hand out duplicate slugs until one of
them is committed to the database.
- Add test.
- Misc cleanup of method parameter names and jshint hints.
No issue
- Tag Meta title and description override default response
- Tag Meta title present on all pages
- Tag Meta description available only on first page
- Updates tests
closes#4608, #4609
- image handler loads in any image files & figures out where they'll get stored
- image importer has a preprocessor which replaces image paths in
pertinent spots of post, tag and user models
- image importer stores images, keeping the path where it makes sense
- basic test for the preprocessor
Refs #4521
- Handle 'include' query param in tags API.
- Add post_count support when fetching a tag with findOne.
- Remove post_count from options.include after processing.
- Extra database query no longer used to fetch post_count.
No Issue
- Reorder promise chains to defer database queries until they
are needed.
- Execute database queries that are not dependent on each other in
parallel instead of sequentially.
- Reduce the number of variables used to hold state across multiple
promise blocks.
- Do not go async unless necessary.
closes#4521
- if '?include=post_count' present, query db for tag/post_count information
and append it to returned JSON
- fixed linter errors
- added integration test
- parsing to int as knex (or PostGres driver) is returning bigint as strings
- iterating through a smaller collection to avoid exception
refs #4605, #4479
- Removes versioning from the importer
- Fixes an issue with SQLITE errors not being thrown properly for posts
- Ensures that posts have a created_at date
- Makes sure that the API wrapper is properly handled
No Issue
- Switch 'pg.js' package for 'pg' as the native bindings are
now an optional add-on to pg and pg.js has been deprecated.
- pg@4.1.1
- Set the driver's parser to automatically convert integer data
returned from postgres into a javascript integer.
refs #4605
- Move as much code as possible out of the DB API
- Split the importer into 2 concepts, code which handles different
filetypes and code which takes the content of files and imports it into
Ghost in some way
- Split the import process into 4 steps, load the file into a useful
format, preprocess the data, do the import, generate a report
- Reporting is currently a no-op
- Adds a basic level of testing
closes#1756
- adds a post url link to 'post updated' and 'post published' in editor
- adds join function in ghost paths
- adds a '/' detection to makeRoute method
- adds test for join function
closes#4624
- added user_id to password reset request
- hide old password field
- updated changePassword method to check permissions
- updated changePassword method to work without oldPassword
- fixed bug for errors shown as [Object object]
fixes#4607
- moves file checks from db and upload API endpoints to api utils
- adds code to accept and then extract a zip and pull out a JSON file
- zip handling requires a lot of dependencies - this needs a good refactor
closes#4445
- post model gets permalink format
- post model queries urlPathForPost to return computed url
- url helper modified to use post url
- urlForPost method abolished and replaced where necessary
- updated tests
Closes#4611
Refactored generateXmlFromNodes to pull the urlElements itself from
sorted values in the lookup
Added some checks to existing unit tests to validate ordering.
fixes#4572
- Remove both inline and bottom footnotes from excerpt output before stripping the remaining HTML
- No more red errors, black text or bold links in codemirror, as codemirror gets confused by footnote syntax. This is a step towards the new editor which has no syntax highlighting in the editor
Refs #4578
- Match label "for" attributes with ids from the inputs they're
labeling.
- Remove extra promise generation from ghost header and footer helpers.
refs #1993
- adds ctrl/cmd+s for save
- adds config flag
- adds icon on settings page, puts items in the right order
- sorts out permissions for all settings pages with consistent configuration
fixes#4555
- There's no easy way to declare an XSL with the node xml module, so I
needed to move the declarations to both be strings
- Ideally the code to serve the XSL would also be inside the sitemap
module, but I think we need to refactor a bit to get there easily
- Added the XSL from #4559, with minor amends to make the tables and urls
display correctly
closes#4498
- remove toJSON code which returns only IDs from objects
- don't auto-include tags & fields in post responses
- don't auto-include roles in user responses
- fix #allthethings that made assumptions about the auto-includes, or otherwise were only working because of the auto-include
closes#4534
- Adds new Labs route
- Wires route in settings page
- Move and rename debug templates and logic to labs
- Redirect /debug to settings/labs
Closes#623
- Add basic init and eventing scaffold
- Add sitemap-index.xml generation
- Broke out generators to individual files, added request handler
- Add page, author and tag xml files; add index mapping
- Add SiteMapManager unit tests
- Add Generators tests
- Cache invalidation headers for sitemap-*.xml
- Redirect sitemap.xml to index and rename to sitemap-index
- Handle page convert and publish/draft changes
- Add very basic functional test for route existence
- Add cache headers to sitemap routes
closes#4485
- removes data attributes used on body in default.hbs
- introduces new way to generate configuration through meta tags
- config initializer consumes configurations from the meta tags using parser
- moves blog_title helper/value to be a property in a configuration api
No Issue
- Use Ghost version value that is already loaded instead of
reading package.json from the filesystem and parsing it on
every call into the configuration API.
- Every route can set a title token that is combined with the blog’s
title, resulting in titles like ‘Content - Test Blog’.
- Subroutes are supported (‘Settings - General - Test Blog’)
- The blog’s name is applied to and taken from the `config` object to
spare Ember a REST call via `store.find(‘settings’)`.
- Tests have been changed to test for the new titles.
- The initially proposed solution
(https://github.com/paddle8/ember-document-title) doesn’t play nice
with EAK, which is why I went with this solution
(https://gist.github.com/machty/8413411) by Ember.JS core dev @Machty.
no issue
- changes the content type for the RSS feeds from text/xml to
application/rss+xml
- changes the link rel=alternate tag to use an absolute URL for the feed
in the blog meta data
No Issue
- Fix exception being thrown when updateConfigTheme called before
settingsCache fully populated.
- Remove unnecessary check in a conditional in the migration command
builder.
Base64 encoding causes some issues when the token is URL encoded
as the = symbol is not a valid URL character. We replace any =
symbols with a - as this is valid in a URL, but is guaranteed
not to appear in a base64 string. This fix ensures that Ghost
password resets work with mail providers such as Mailgun that
add their own tracking redirects
closes#3872 (for real this time)
No Issue
- Strip sub-directory from image paths before passing to
config.createUrl. Since images are stored with the sub-directory
and createUrl builds a URL with the sub-directory the result
would be a URL that contains the sub-directory twice.
closes#4260
- Adds "tags" route inside of the settings routes.
- Adds this route to router.js
- Links the route from the settings.hbs template
- Adds demo tags html in tag.hbs template
- Adds flag for tagsUI
Refs #4277
- Switch from the built-in http module to request and set
a timeout of 2 seconds on gravatar lookup requests.
- Move request package from devDependencies to dependencies.
For example, outlook 2013 plus would not interpert the following html
(encoded via quoted-printable encoding):
<a href=3D=22http://engineering=
.como.com/ghost/signup/MTQxNTcwNzM5MTYwN3x5dXJ5QG5peC5jby5pbHx3NVBmUUN4RGZr=
cGhKc3FPOElybXNZNWtzR0FMTU9tRFI5UlNyRWQ4SGJZPQ=3D=3D/=22 style=3D=22color:
=
The workournd forces node-mailer to user base64, which outlook understands
well.
Issue #806
- Modify sanitize to check for duplicate posts and tags
- Update posts_tags when referencing removed duplicate tags
- Return both data and problems from importData
- Add tests for duplicate posts and tags with fixtures
Closes#3858
- urlPathForPost is now aware of the author’s slug, allowing for the
permalink setting to use :author
- Frontend controller only renders posts that have the specified
author, if one is given
- Extensive tests included
closes#4328
- Escapes metaTitle, metaDescription, blog url, blog title, tags
- Updates tests
- Adds test for metaTitle and metaDescription with double quotes
closes#3900
- Adds twitter cards to ghost head helper
- Adds schema json information
- Adds test with null values for post image and cover image
- Adds test for privacy flag
- Adds test for the case of no tags
- Updates test to check for twitter card and schema data
- Updates privacy.md
- Fixes issue with image urls that are linked by url rather than uploaded
no issue
- Split theme helpers into individual files for each
- Do the same for tests
- Have utils to share some things between them
- Move assetHash onto config
issue #3900
- uses isPrivacyDisabled helper to see if useStructuredData has been disabled in config.js
- adds an array of promises to deal with asynchronous data
- resolves asynchronous data then adds open graph tags after canonical link
- featured image and tags are only added if present
- open graph tags only added on post and page
- adds unit test to check correct data is returned
- updates other unit tests to reflect changes
Closes#4225
- If a theme is symlinked in the themes directory, follow
the symlink so that the theme object is populated correctly.
- Only do the fallback loading of theme data in the validations
module if it doesn't exist in config.
closes#4157
- adds cache-control header back to api routes
- moves cache rules object into testUtils
- adds cache-control header test to every existing API test
Closes#4018
* cleaned up `mail_spec.js`
* deprecated `mail.fromaddress`
* implemented 'Blog title <email@address.com>' format with fallbacks
* added tests to deprecation and from address, made existing ones more robust
* moved domain intuit into its own module: `GhostMailer.getDomain()`
Closes#4082
* reformatted code to allow for traversal
* deeper config items should be denoted like this: `object.object.object.property`.
* added tests for testing the deprecation warnings
Refs #3864
- Make sure that require() is able to resolve all dependencies
listed in package.json. If packages are missing halt the
bootstrap process and display an error and help message for user.
- Check that contentPath and its subdirectories exist with the correct
permissions.
- Check sqlite3 database file is set for read/write access.
Refs #3876
- Prevent signup page from flashing when an invalid invitation
token is used.
- Clear sensitive information from signup controller.
- Make isInvitation API behavior consistent with other auth
related APIs.
Closes#3565
- Added server API isInvitation (analog to isSetup), checking if an
invitation exists for a given email address.
- If the invitation is no longer valid (or didn’t exist in the first
place), the user is redirected and an error notification is shown.
ref #3795
- express updated to 4.9.2
- express 4.9.0 introduced res.sendStatus() to replace res.status().end()
- we no longer need express-session, connect or cookie-parser
- body-parser, busboy, compression, express-hbs, morgan, all bumped to
latest versions as well - there doesn't seem to be any breaking changes
no issue
- Whilst testing the mail PR #3915 I noticed the first run messages aren't
appearing because the dbHash is getting pre-populated, but there doesn't
appear to be a reason why this is necessary
closes#3983
- removed naive regex implementation
- added cheerio to project dependencies
- used cheerio to parse RSS content
- use attribute getter/setter to replace href/src attribute urls with the resolved version
closes#3241
- in config.js, the `privacy` attribute holds all privacy-related flags
- `privacy.userTinfoil: true` disables everything (equivalent to setting all flags to false)
- added helper function to core/server/config/index.js to checking privacy flags
- added helper function to core/server/config/index.js to show warning about deprecated items
addresses #2852
- Moves storage modules to use prototypes and to create prototypes
that inherit from the base storage ctor.
- Makes storage/base conform to an all Promise interface.
closes#3758
- new API method to delete access and refresh token
- use new ember-simple-auth config to revoke tokens on logout
- new method to delete tokens by .. token
Closes#1538
* rips out sendmail
* adds direct
* updates nodemailer to 0.7.1
* changes unit tests for mail
* changed integration tests for mail
* adds mail api tests
resolves#1789
- removes config/theme.js
- moves caching of theme variables to api/settings.js which is where the
rest of the settings cache occurs. this removes the requirement of having
to push changes to cache, now it simply occurs alongside when settings
are changed.
- updates relevant tests.
refs #827
- Moves ./index to use Ghost in a similar manner to how someone uses
Ghost as an npm module.
- Allows Ghost to be cleanly mounted on another express application
on any arbitrary endpoint, all you need to customize is the mount path.
Closes#3884
- This PR includes a reimplementation of Downsize@0.0.5 with `words: "0"`. It uses the same parsing methods, therefore guarunteeing identical behavior.
- Tests have been updated to be more extensive.
Closes#1977, Refs #3473
- Ensure that import operations are run in sequence.
Previously the operations were started in order but subsequent
ops were allowed to begin before the previous finished, which would
result in out-of-order execution.
- Fix bug in attach() where a model property was being passed in
instead of a transaction object. If the call was made when a
transaction was in process, it could cause bookshelf/knex to
hang and never finish the transaction.
Closes#3844
- Before importing, all data is checked for incorrect UUIDs. If check
fails, data is sanitized and outfitted with correct UUIDS.
- Scaffolding allows for easy implementation of additional
sanitization, should that be required in the future.
- Test included, old tests updated.
helps with #827, otherwise no issue
- This is general code clean-up and unification.
- Merges code from bootstrap.js into config module as they were both
concerned with managing the config file and as such should be in one
location.
- Updates all relevant tests.
fixes#3750
- Updated tests to create tokens for one user. This caused the tests to
fail for MySQL exposing the bug.
- Delete user's tokens along with posts
fixes#3857
- adds uncapitalise middleware which detects uppercase in req.path and
redirects to the lowercase equivalent
- change the ghost route to a regex, just so it's consistent with other
routes in the file
closes#2462
- adds conditionals for pagination for index, tags and author pages
- outputs correct meta title and description according to context
- adds further unit testing
closes#1967
- adds paged to eventually replace archive-template
- adds page-template to eventually replace page
- changes custom page template class to be page-slug instead of
page-template-slug
closes#3789
- Create a GhostServer class to manage state
- index.js now calls start on the exported server
- Alter tests to expect a GhostServer instance
closes#685
- Now that we have a ‘pagination’ meta object, we can implement
SEO-friendly `next` and `prev` ref links in `<head>`.
- This implementation works uniformly for anything that supports
pagination in the current schema (posts, tags, authors)
- Regex should make the implementation future-proof for additional
pagination
resolves#2170
- creates a models.init() function that requires all other model files
and caches them. This is opposed to the previous functionality where
when you require('./models') it would immediately require all other models.
Now it's done when you want.
- Updates all tests to reflect the new structure of the model module
refs #16, #17, #18, #19, #20, #21, #3801
- This code was a prototype system built when Ghost was still a prototype.
It was never fully implemented and hasn't actually worked for ages.
- Now that the admin is in Ember, it's likely we'll need a very different
system.
closes#3765
- Simple API check to ensure that the owner isn’t downgraded to a
different role (analog to the ’can’t change your own role’ check)
- Test added to ensure Owner can't be downgraded to a lower role
fixes#3724
- provide config.url to the ember client app via a data attribute
- create server and client side helpers to output the URL
- wire up the client side helper
- add a class for testing, and add tests for both the server and client side
fixes#3716
- change the importer to not override any user details
- only set published_by if it is not already set
- import users before anything else
- process the import and map user ids to existing users
- test fix - owner should have owner role
- test fix - catch invalid success in importer
Closes#3649
* Small refactor of the api route for email test. We no longer need to look up the email in the settings
* Added a user model lookup based on context to the test email method.
closes#3631
- Removed the 'by + setupUser.name' from authentication.js
- Removed the 'by Test User' from feed_test.js
- Added a '.' to the end of each per issue comment example
fixes#3658
- Catch any errors from user.save() events during login
- Prevent validation from happening at all when only updating status/last_login
- Fixes a problem I introduced with errors which are arrays in logError
closes#3450
- Added no-permission error handling for settings edit API.
- In Authentication API integration test, updated the initOwnerUser
function to insert the roles and user_roles for the owner user so the
owner can edit settings after adding the no-permission error handling. I
also added the mail send permission to the test since it's used after
the user edits the settings.
