Commit Graph

10920 Commits

Author SHA1 Message Date
Daniel Lockyer
1f5b031bfa v3.16.1 2020-05-20 07:30:35 +01:00
Daniel Lockyer
d4f06e07cb Updated Ghost-Admin to v3.16.1 2020-05-20 07:30:34 +01:00
Aileen Nowak
86ab62704b
🐛 Fixed structured data issue for publisher logo (#11826)
closes #11304

- Google requires an `ImageObject` to be always returned for `publisher.logo` (https://developers.google.com/search/docs/data-types/article)
- The previous fix 3f5daa60c8 added a second nested `url` error and got therefore reverted with 7ac614030d
- This commit updates the image object generation fn to **always** return an `ImageObject` with minimum of `url` and `@type` properties. If dimensions are available, we'll pass those in there as well
2020-05-20 18:16:20 +12:00
Nazar Gargol
2d41e5cc88 🐛 Fixed permission for "Administrator" to be able to edit post visibility
closes #11825

- The initial implementation had a typo in a role name which didn't allow "Administrator" to edit post's "visibility" attribute
- Added unit tests to check administrator specific role and visibility attribute permission
2020-05-20 17:47:27 +12:00
Renovate Bot
efdc230c7d
Update dependency @tryghost/members-ssr to v0.7.8 2020-05-19 16:44:05 +00:00
Rish
96b26d22f2 Bumped @tryghost/members-api to 0.18.4
refs https://github.com/TryGhost/members.js/issues/20 , https://github.com/TryGhost/members.js/issues/29

- Adds metadata option to stripe checkout session for passing member info like name
- Updates subscription api to allow updating plan by nickname
- Refactored update member method to pick passed fields only and return with subscriptions
2020-05-19 22:12:50 +05:30
Renovate Bot
3fc5cc021d
Update dependency @tryghost/session-service to v0.1.3 2020-05-18 20:19:28 +00:00
Renovate Bot
48a63dd99e
Update dependency @tryghost/mw-session-from-token to v0.1.3 2020-05-18 18:17:39 +00:00
Hannah Wolfe
2876178dcf 🐛 Fixed logic error in navigation for isSecondary
closes #11772

- Ensures that isSecondary is a boolean true or false
- Added tests that cover the bug, switching to using compile because the helpers have to be run together
- TODO: all tests for helpers should be switched to compile, it's SO MUCH easier
2020-05-18 19:15:28 +01:00
Renovate Bot
d15dce9086
Update dependency @tryghost/image-transform to v0.2.3 2020-05-18 15:16:57 +00:00
Renovate Bot
0cda4de484
Update dependency @tryghost/adapter-manager to v0.1.5 2020-05-18 13:48:01 +00:00
Daniel Lockyer
1da51ea8dc v3.16.0 2020-05-18 14:43:53 +01:00
Daniel Lockyer
fb146a7e75 Updated Ghost-Admin to v3.16.0 2020-05-18 14:43:53 +01:00
Renovate Bot
17ee76c013
Update dependency mock-knex to v0.4.9 2020-05-13 17:15:11 +00:00
Renovate Bot
419ffea5cf
Update dependency @lodder/grunt-postcss to v2.0.3 2020-05-12 16:15:37 +00:00
Renovate Bot
399c0e4773
Update dependency eslint-plugin-ghost to v1.4.1 2020-05-11 09:16:31 +00:00
Renovate Bot
f2defba264
Update dependency @tryghost/vhost-middleware to v1.0.4 2020-05-08 23:14:16 +00:00
Renovate Bot
ddaa289338
Update dependency @tryghost/session-service to v0.1.2 2020-05-08 21:13:24 +00:00
Renovate Bot
803a0b697a
Update dependency @tryghost/mw-session-from-token to v0.1.2 2020-05-08 19:13:26 +00:00
Renovate Bot
9a0aaaa34f
Update dependency @tryghost/image-transform to v0.2.2 2020-05-08 17:15:18 +00:00
Renovate Bot
fbad5b199f
Update dependency @tryghost/adapter-manager to v0.1.4 2020-05-08 15:58:44 +00:00
Hannah Wolfe
4af0a127cd Update dependency @tryghost/zip to v1.1.0
closes #11794

- Update to use the latest version of zip, which has dotfile support
2020-05-08 16:46:15 +01:00
Hannah Wolfe
998eb62e22 Added success indicator for members magic links
- Add a query param that indicates whether signin/up succeeded or failed
- Add unit tests for all 3 possible cases for the createSessionFromMagicLink middleware
- Added an acceptance test to show the behaviour works in principle
2020-05-08 13:17:51 +01:00
Daniel Lockyer
11f7834800 v3.15.3 2020-05-08 12:17:18 +01:00
Daniel Lockyer
5b03f0bf0f Updated Ghost-Admin to v3.15.3 2020-05-08 12:17:18 +01:00
Hannah Wolfe
fce596970f
Update config.yml
- Add docs and emoki
2020-05-08 11:44:34 +01:00
Hannah Wolfe
0d05f5abdf
Delete --anything-else.md
- Remove old issue template in favour of new links in config.yml file
2020-05-08 11:37:32 +01:00
Hannah Wolfe
758e67ea5f
Update config.yml
- Remove security as this is already added to the list via SECURITY.md
2020-05-08 11:36:36 +01:00
Hannah Wolfe
b5a7921707
Create config.yml
- Disable blank issues
- Provide important links for support, security and ideas
2020-05-08 11:35:29 +01:00
Daniel Lockyer
d9bc5e0c16 Reverted oembed-parser dependency to 1.3.7
no issue

- oember-parser 1.3.8/1.3.9 specify a minimum Node version of `>= 10.14.2`
- a problem with CI allowed this package to be updated, despite not
  matching our allowed minimum supported Node version
- this commit reverts back to the previous version, and this package
  will be bumped when we increase our minimum versions
2020-05-08 11:28:14 +01:00
Daniel Lockyer
3c5839fa8d Reverted metascraper packages to 5.11.9
no issue

- metascraper packages >= 5.11.10 have a dependency on got >= 11.0
- this has the minimum node version requirement set to `">=10.19.0"`
- our current minimum required node version is `10.13.0`, breaking installs for versions in between
- this reverts back metascraper packages to `5.11.9` to fix the minimum node version requirement
2020-05-08 11:28:14 +01:00
Daniel Lockyer
0e1170593c Enforced proper Node versions in CI
no issue

- a recent regression was not caught by CI because we only specify major
  versions
- this change will temporarily fail in CI until the fix for the
  regression is implemented
2020-05-08 07:44:34 +01:00
Daniel Lockyer
89a56b9fd8 v3.15.2 2020-05-07 21:59:02 +01:00
Daniel Lockyer
d1b71f463c Updated Ghost-Admin to v3.15.2 2020-05-07 21:59:02 +01:00
Hannah Wolfe
7ee2e56bb4
Redirect members on token error (#11796)
- This restores the functionality from 3.14 as follows:

/members/ -> (with no route) rendered 404 error
/members/ -> (with route) renders members template
/members/?token=invalidtoken&foo=bar -> redirects to /?foo=bar
/members/?token=validtoken&foo=bar -> redirects to /?foo=bar
2020-05-07 21:55:50 +01:00
Fabien O'Carroll
27a5887696
Increased route specificity for API error handling (#11795)
no-issue

This ensures that errors that are not part of the members frontend API will be handled by the theme and not with JSON
2020-05-07 22:38:58 +02:00
Daniel Lockyer
bcfde580c7 v3.15.1 2020-05-07 10:52:18 +01:00
Daniel Lockyer
d35598a8b3 Updated Ghost-Admin to v3.15.1 2020-05-07 10:52:18 +01:00
Renovate Bot
02dd0df371
Update dependency oembed-parser to v1.3.9 2020-05-07 08:14:41 +00:00
Renovate Bot
e5cc0cb130
Update dependency eslint-plugin-ghost to v1.4.0 2020-05-06 17:15:42 +00:00
Daniel Lockyer
f0348014d7 v3.15.0 2020-05-06 13:43:38 +01:00
Daniel Lockyer
6c90db3a90 Updated Ghost-Admin to v3.15.0 2020-05-06 13:43:38 +01:00
Kevin Ansfield
0eec876cb1 Removed separate reset/forced-reset emails and updated email copy
refs https://github.com/TryGhost/Ghost/pull/11790

- reduced complexity by sticking to one email for both normal reset and forced reset (locked staff accounts)
- exposed `siteTitle` for use in any email templates
- updated email copy to be suitable for both types of password reset
2020-05-06 13:20:11 +01:00
Renovate Bot
7b0efa34a4
Update dependency oembed-parser to v1.3.8 2020-05-06 11:16:05 +00:00
Naz
c84866dda7
Improved password reset and session invalidation for "locked" users (#11790)
- Fixed session invalidation for "locked" user
  - Currently Ghost API was returning 404 for users having status set to "locked". This lead the user to be stuck in Ghost-Admin with "Rousource Not Found" error message.
  - By returning 401 for non-"active" users it allows for the Ghost-Admin to redirect the user to "signin" screen where they would be instructed to reset their password

- Fixed error message returned by session API
  - Instead of returning generic 'access' denied message when error happens during `User.check` we want to return more specific error thrown inside of the method, e.g.: 'accountLocked' or 'accountSuspended'
  - Fixed messaging for 'accountLocked' i18n, which not corresponds to the
actual UI available to the end user

- Added automatic password reset email to locked users on sign-in
  - uses alternative email for required password reset so it's clear that this is a security related reset and not a user-requested reset

- Backported the auto sending of required password reset email to v2 sign-in route
  - used by 3rd party clients where the email is necessary for users to know why login is failing

Co-authored-by: Kevin Ansfield <kevin@lookingsideways.co.uk>
2020-05-05 19:37:53 +01:00
Rishabh Garg
a01bcdd2d0
Added new endpoint for refreshing api key secret (#11791)
no issue

- Adds new endpoint on integration to refresh admin/content api key secret
- Allows owner/admin to refresh their content or admin API keys for an integration via Ghost Admin
- Adds a new `refreshed` event to actions table for anytime an api_key secret is refreshed
2020-05-05 23:36:21 +05:30
Renovate Bot
21f5912c2d
Update dependency metascraper-logo-favicon to v5.11.12 2020-05-04 15:15:40 +00:00
Fabien O'Carroll
7e72f44d6b
Fixed indentation in config.development.json
no-issue
2020-05-04 16:41:02 +02:00
Hannah Wolfe
53d14fd8e3 Added Router etc to shared/express + use everywhere
- Added a wrapper around express.Router to our shared/express util
- Also export static and _express
- Use this shared util everywhre, meaning express is only used directly in this one file
- ATM this file is mostly an experiment / debug helper, it might be removed again later
- The aim is to have a minimal framework wrapping express that allows us to:
     - reduce our usage of express() in favour of Router()
     - unify some of our duplicated logic
     - fix some structural issues e.g. Sentry
     - make it easier to understand the codebase
2020-05-01 19:32:57 +01:00
Hannah Wolfe
515d6936f0 Updated watch to cover all server JS files
- watch wasn't restarting the dev env if you edit the index.js or core/index.js
- these files aren't changed often, but it's still important that Ghost restarts when they do!
2020-05-01 18:00:57 +01:00