Commit Graph

9215 Commits

Author SHA1 Message Date
Fabien O'Carroll
1facbc5c02
Excluded dotfiles and SECURITY.md via .npmignore (#10700)
refs #9441

The grunt-contrib-copy doesn't automatically include dotfiles, which is
whats used to build the release zip. These files aren't necessary when
using ghost as a dependency. This updates to exclude them from the npm
packages, which means the output of `npm pack` and `grunt release` give
the same content.
2019-04-22 13:37:26 +02:00
Daniel Milnes
0c12b37493 Updated Twitter URL in Readme (#10698)
Update Twitter URL in help section from https://twitter.com/tryghost to https://twitter.com/Ghost
2019-04-22 10:05:55 +02:00
kirrg001
ab49d1eed6 Added comments for routing service
no issue

- jsdoc
- inline comments
2019-04-21 23:55:22 +02:00
kirrg001
e07c0ecdc4 Added comments for url service
no issue

- jsdoc
- inline comments
2019-04-21 00:14:40 +02:00
Nazar Gargol
e1dca54bf7 🎨 Made notifications dismissible per user
refs #10656

- To make sure more users see important updates or announcements
notification dismissal now works per user instead of globally
- Expanded acceptance test for notification deletion
- Expanded regression test covering multiuser dismissal of notification
- Added clarifying comment about destroyAll method use in API
2019-04-19 09:43:14 +02:00
Fabien O'Carroll
39ed3f9145
Updated members auth pages to use gateway-protocol (#10695)
no-issue

This swaps out a hand copied library with the published one on npm
2019-04-18 15:53:36 +02:00
Hannah Wolfe
b5af42a9ef Updated .travis.yml w/ simpler renovate logic
- This worked in tests!
2019-04-18 13:35:41 +01:00
Nazar Gargol
809e610842 Added notification access persmission for users of Editor role
closes #9546

- Updated permissions  fixture for Editor role
- Added migration for permissions for Editor users
- Updated tests
2019-04-18 13:02:23 +02:00
Hannah Wolfe
e4c235f603
Temporarily remove renovate handling 2019-04-18 10:09:01 +01:00
kirrg001
6dd65d7176 Corrected general comment in update check unit
no issue
2019-04-17 20:52:50 +02:00
kirrg001
22c2d0cbcb Added comments for update check service
no issue

- jsdoc
- inline comments
- clarified variable names
2019-04-17 20:03:26 +02:00
Zimo
5a0113f24c Added close event on member pages background click 2019-04-17 16:34:14 +02:00
Peter Zimon
fb8a127729
Members refine buttons (#10692)
* Members: disabled signup button during signup

* Members: disabled non-Stripe signup button during signup

* Members: added check to Log in button logged in state
2019-04-17 16:16:03 +02:00
Zimo
01fa787227 Updated mobile styles for members upgrade screen 2019-04-17 16:06:04 +02:00
Rish
c53e66d49a Version bump to 2.20.1 2019-04-17 18:31:47 +05:30
Rish
67f2b41f27 Updated Ghost-Admin to 2.20.1 2019-04-17 18:31:47 +05:30
Rish
db9c2d1eca Fixed lint issues
no issue
2019-04-17 18:26:32 +05:30
Nazar Gargol
c519ce55e3 Fixed failing integration test
refs #9875

- Moved the comment about filtering by version closer to version checks as it doesn't apply to whole `.filter(...)` block
2019-04-17 14:48:09 +02:00
Rishabh Garg
876e310aea
Updated check for members-ssr use at theme layer (#10693)
no issue

### Context

As part of updating the theme layer to use members-ssr [here](f9899cb8c4), we introduced a case where if `enableDeveloperExperiments` is not switched on, the whole theme loading will crash due to unavailability of `ssr` property on members service [here](https://github.com/TryGhost/Ghost/blob/master/core/server/services/members/index.js#L12). Since we switch on `enableDeveloperExperiments` by default on master now, the issue won't be reproducible locally until explicitly switched off. 

This PR includes a patch fix which adds dummy `ssr` object to members service `api` object and members middleware check on APIs to ensure no crash in case developer flags is not switched on. 

Longer term it will be definitely useful to upgrade the dummy `api` object to trigger on member labs than the developer flag.
2019-04-17 17:38:12 +05:30
Fabien O'Carroll
5cb8972e2c Fixed subscription issue with null coupons
no-issue

Coupons were being sent as null to the api, so we support non required fields
2019-04-17 13:41:27 +02:00
Rish
ab3b0d95a2 🐛 Fixed fetching RSS in case of posts with no content
refs #10679

- Handles `null` html values in calculation
2019-04-17 15:12:01 +05:30
Rish
4d0643fb49 🐛 Fixed crash in calculating reading time for empty posts
no issue

- Updated helpers package to fix `null` html cases in case of empty post content
2019-04-17 15:12:01 +05:30
Fabien O'Carroll
500ec826c3 Added default disabled state of false to FormInput
no-issue
2019-04-17 10:35:17 +02:00
Fabien O'Carroll
78165a9981 Removed unused onClick handler in StripeSubscribePage
no-issue
2019-04-17 10:35:17 +02:00
Fabien O'Carroll
4d9ddbf77a Added coupon support to StripeSubscribePage
no-issue

Only shows the (disabled) input when a coupon is available
2019-04-17 10:35:17 +02:00
Fabien O'Carroll
feee3dc58f Cleaned up render{Subscribe,Upgrade}Page
no-issue

- ensured promises are returned
- removed unused prop
2019-04-17 10:35:17 +02:00
Fabien O'Carroll
0970fa6a6d Added CouponInput component
no-issue

This can be used in the subscribe pages to pass coupon info through
2019-04-17 10:35:17 +02:00
Fabien O'Carroll
b28f3a02d9 Added support for disabled form elements
no-issue

This can be used for a coupon input in future
2019-04-17 10:35:17 +02:00
Fabien O'Carroll
88368d0d94 Updated members api and gateway to pass coupo
no-issue

This will allow the auth pages and members sdk to pass coupons through
to the api.
2019-04-17 10:35:17 +02:00
Fabien O'Carroll
cdc3971ed8 Passed coupon from metadata through to stripe
no-issue

This will allow us to send through coupons from the api layer and have
stripe handle the rest :)
2019-04-17 10:35:17 +02:00
Hannah Wolfe
e830e334d2 Updated .travis.yml swap renovate build to push
- currently, we only build renovate PRs
- that means we can't use automerge branch, as we wouldn't run any checks
- this swaps to running only renovate pushes, which means the branch always gets checked
2019-04-17 09:24:00 +01:00
Rish
b377549bc7 Added spinner on member signup pages
no issue
2019-04-16 23:22:15 +05:30
Rish
874fceb077 Updated member signin page to show logged in status
no issue
2019-04-16 22:42:16 +05:30
Nazar Gargol
1211c70eb3 🐛 Fixed Ghost out of date notification
closes #9875

- The solution here is a quick patch and should be cleaned up once https://github.com/TryGhost/Ghost/issues/10236 is implemented
2019-04-16 18:29:51 +02:00
Zimo
17bc79d57e Added fade in for signup complete page 2019-04-16 17:51:16 +02:00
Peter Zimon
94ac33bc97
Members refinements (#10689)
* Updated close animation speed for members pages
* Updated responsive styles for members mobile screens 
* Adding spinner CSS to members pages
* Adding members signup complete page
2019-04-16 17:36:37 +02:00
Fabien O'Carroll
9aa9b39a59 Fixed require path of members-ssr
no-issue
2019-04-16 17:19:46 +02:00
Fabien O'Carroll
f9899cb8c4
Updated theme layer to use members-ssr (#10676)
* Removed support for cookies in members auth middleware

no-issue

The members middleware will no longer be supporting cookies, the cookie
will be handled by a new middleware specific for serverside rendering,
more informations can be found here:

https://paper.dropbox.com/doc/Members-Auth-II-4WP4vF6coMqDYbSMIajo5

* Removed members auth middleware from site app

no-issue

The site app no longer needs the members auth middleware as it doesn't
support cookies, and will be replaced by ssr specific middleware.

https://paper.dropbox.com/doc/Members-Auth-II-4WP4vF6coMqDYbSMIajo5

* Added comment for session_secret setting

no-issue

We are going to have multiple concepts of sessions, so adding a comment
here to be specific that this is for the Ghost Admin client

* Added theme_session_secret setting dynamic default

no-issue

Sessions for the theme layer will be signed, so we generate a random hex
string to use as a signing key

* Added getPublicConfig method

* Replaced export of httpHandler with POJO apiInstance

no-issue

This is mainly to reduce the public api, so it's easier to document.

* Renamed memberUserObject -> members

no-issue

Simplifies the interface, and is more inline with what we would want to export as an api library.

* Removed use of require options inside members

no-issue

This was too tight of a coupling between Ghost and Members

* Simplified apiInstance definition

no-issue

* Added getMember method to members api

* Added MembersSSR instance to members service

* Wired up routes for members ssr

* Updated members auth middleware to use getPublicConfig

* Removed publicKey static export from members service

* Used real session secret

no-issue

* Added DELETE /members/ssr handler

no-issue

This allows users to log out of the theme layer

* Fixed missing code property

no-issue

Ignition uses the statusCode property to forward status codes to call sites

* Removed superfluous error middleware

no-issue

Before we used generic JWT middleware which would reject, now the
middleware catches it's own error and doesn't error, thus this
middleware is unecessary.

* Removed console.logs

no-issue

* Updated token expirty to hardcoded 20 minutes

no-issue

This returns to our previous state of using short lived tokens, both for
security and simplicity.

* Removed hardcoded default member settings

no-issue

This is no longer needed, as defaults are in default-settings.json

* Removed stripe from default payment processor

no-issue

* Exported `getSiteUrl` method from url utils

no-issue

This keeps inline with newer naming conventions

* Updated how audience access control works

no-issue

Rather than being passed a function, members api now receives an object
which describes which origins have access to which audiences, and how
long those tokens should be allowed to work for. It also allows syntax
for default tokens where audience === origin requesting it. This can be
set to undefined or null to disable this functionality.

{
    "http://site.com": {
        "http://site.com": {
            tokenLength: '5m'
        },
        "http://othersite.com": {
            tokenLength: '1h'
        }
    },
    "*": {
        tokenLength: '30m'
    }
}

* Updated members service to use access control feature

no-issue

This also cleans up a lot of unecessary variable definitions, and some
other minor cleanups.

* Added status code to auth pages html response

no-issue

This was missing, probably default but better to be explicit

* Updated gateway to have membersApiUrl from config

no-issue

Previously we were parsing the url, this was not very safe as we can
have Ghost hosted on a subdomain, and this would have failed.

* Added issuer to public config for members

no-issue

This can be used to request SSR tokens in the client

* Fixed path for gateway bundle

no-issue

* Updated settings model tests

no-issue

* Revert "Removed stripe from default payment processor"

This reverts commit 1d88d9b6d73a10091070bcc1b7f5779d071c7845.

* Revert "Removed hardcoded default member settings"

This reverts commit 9d899048ba7d4b272b9ac65a95a52af66b30914a.

* Installed @tryghost/members-ssr

* Fixed tests for settings model
2019-04-16 16:50:25 +02:00
Fabien O'Carroll
b3f66c6c91 Blacklisted private member settings for HTTP calls
no-issue

Previously it was possible to fetch the private key and session secret
for the members service, this is a security issue as we do not have
specific permissions for individual settings yet, and could have
possibly exposed secrets to admin integrations.
2019-04-16 14:39:01 +02:00
Rish
770f6afa2a Version bump to 2.20.0 2019-04-16 16:42:31 +05:30
Rish
97c7c5aaf7 Updated Ghost-Admin to 2.20.0 2019-04-16 16:42:31 +05:30
Rish
2649cf112a Updated Casper to 2.9.10 2019-04-16 16:42:31 +05:30
Tim Birkett
2b75d1f9df Exposed new logging config options (#10678)
no issue

- Exposes the new name and gelf logging options.
2019-04-16 16:34:15 +05:30
Rish
1ca3ba9a6e Updated Ignition to 3.1.0
no issue

- Bumped Ghost Ignition to 3.1.0 to support more options
2019-04-16 16:32:50 +05:30
Chris McKulka
a6fc2f1514 🐛 Removed extraneous log message for missing en.json locale file (#10662)
no issue
- content is in english (en) by default so only show the missing translation file warning when a non-english locale is configured
2019-04-16 10:32:20 +01:00
Vikas Potluri
c58236e549 🐛 Disallowed locked/suspended users from being made owner via the API (#10647)
- closes #10555
- Added a check to the user modal that the new owner is active 
- Had to refactor Owner->Author unit test (also renamed it)
  - Based on the first 2 lines, owner->editor change is attempted (hence the rename)
  - Since both stubs return a 'modal' with owner role which means owner->owner change is actually attempted
  - Now that there's a user status check, added the `status` property to the user receiving owernship
2019-04-16 10:30:29 +01:00
Fabien O'Carroll
b50cff8753 Updated import to never use {active,instsalled}_apps
no-issue

This is so that new imports will not contain old default, or invalid
values.
2019-04-16 11:19:17 +02:00
Fabien O'Carroll
7461869f13 Updated import to only show warning when apps exist
no-issue

This is so that someone with empty defaults for installed_apps and
active_apps, or someone without the defaults at all, will not see the
warning message when importing.
2019-04-16 11:19:17 +02:00
Fabien O'Carroll
a947947ebd Removed support for apps from getContentPath
no-issue

There is no longer a need for this as external apps do not work.
2019-04-16 11:05:33 +02:00
Fabien O'Carroll
37bcdb0a83 Removed filters module
no-issue

This is no longer used now, as it was for apps to extend Ghost
2019-04-16 11:05:33 +02:00