Commit Graph

20416 Commits

Author SHA1 Message Date
Sag
54449ac98e
Fixed members list when scrolled down too quickly (#20654)
ref https://linear.app/tryghost/issue/SLO-160

- in the Members list, we were using VerticalCollection with
`@bufferSize` set to 20, which means that 20 additional items before and
after the visible items in the viewport were pre-loaded
- however, scrolling down too quickly (e.g. dragging the scrollbar thumb
to the bottom) breaks the list
- with this fix, we adjust `@estimateHeight` parameter to the correct
item size, and reduce the `@bufferSize`
2024-07-24 15:09:53 +02:00
Sanne de Vries
18c5c3bba8
Improved one-time payment notification email design (#20653)
REF MOM-317
2024-07-24 09:57:34 +00:00
Ronald Langeveld
4dc503e9e5
🐛 Fixed broken link to subscription settings (#20651)
no issue

- Fixed a broken link when navigating from Members list to subscription
access settings.
2024-07-24 09:28:32 +00:00
renovate[bot]
b7fd885a08 Update dependency semver to v7.6.3 2024-07-24 10:37:08 +02:00
Sanne de Vries
806fce191d
Updated Tips & Donations settings design (#20649)
REF MOM-315
- Changed to column layout
- Fixed broken currency dropdown
- Included a link to Stripe terms & conditions
- Renamed from "Tips or donations" to "Tips & donations"
2024-07-24 08:26:29 +00:00
Fabien O'Carroll
b3b9c89544 Added role to identity token
Right now identity tokens can only be fetched by the Owner, which means they
implicitly have the Owner role, but we want to expand that. The first step is
adding the role to the token, and then we need to update each place which uses
the token and add an assertion that the role is correct.
2024-07-24 13:49:10 +07:00
Sag
fb71b03c28
Updated dependency koenig-lexical to v1.3.12 (#20645)
ref https://linear.app/tryghost/issue/SLO-181

- this version fixes copy/pasting images from Slack to the editor
2024-07-23 16:03:21 +00:00
Daniel Lockyer
00d2cc9f44 Improved speed of monobundle script
- right now, it loops through all packages serially, which isn't
  effectively using multi-core machines
- by using `concurrently`, we can rely on it to use all the cores it
  can, so this should dramatically speed up the bundling step
2024-07-22 15:45:46 +02:00
Sag
e740cef863
Fixed regex to ignore AbortError in Sentry (#20639)
fixes https://linear.app/tryghost/issue/SLO-175
2024-07-22 07:55:37 +00:00
renovate[bot]
ec019f6a70 Update dependency cssnano to v7.0.4 2024-07-22 09:11:24 +02:00
Ghost CI
f55d1e90c3 v5.88.1 2024-07-20 21:18:14 +00:00
Kevin Ansfield
8ea1dfb957
🐛 Fixed listing pages in Admin (#20633)
closes https://github.com/TryGhost/Ghost/issues/20632

- Revert " Improved performance loading the posts list in admin (#20618)"
2024-07-20 20:49:21 +00:00
Ghost CI
d0db527b8d v5.88.0 2024-07-19 16:04:20 +00:00
Ghost CI
db9bf51091 🎨 Updated Source to v1.3.2 2024-07-19 16:04:20 +00:00
Michael Barrett
4a59e30050
Published new versions of apps to support BS locale (#20629)
refs
[ONC-150](https://linear.app/tryghost/issue/ONC-150/support-escalation-re-trouble-with-new-languages)

Published new versions of apps to support BS locale
- comments-ui@0.17.3
- signup-form@0.1.5
- portal@2.37.10
2024-07-19 09:26:59 +01:00
Sodbileg Gansukh
87c12b5113
Fixed blockquote horizontal spacing on Outlook (#20625)
ref DES-571

- padding does not work well with paragraph inside blockquote as
horizontal spacing on Outlook
- using margin instead of padding makes sure the spacing is consistent
across Outlook versions
2024-07-18 21:01:43 +08:00
Kevin Ansfield
170fba0962 Enforced nested <p> when rendering <blockquote> for Aside nodes in email
closes https://linear.app/tryghost/issue/ENG-1432

- bumps `kg-lexical-html-render` package with required rendering change
2024-07-18 13:30:10 +01:00
Sodbileg Gansukh
7d2787aa32
Fixed blockquote spacing on iOS Mail app (#20621)
ref DES-571

- iOS Mail app ignores spacing on the \<blockquote\> element, but will
respect spacing on the \<p\> element inside it
- for that reason, we started to enforce always rendering \<p\> inside
\<blockquote\> for emails
- these changes move the spacing related styles from blockquote to p
inside
2024-07-18 20:10:29 +08:00
Kevin Ansfield
7488e2e7b2 Enforced nested <p> when rendering <blockquote> in email
closes https://linear.app/tryghost/issue/ENG-1432

- bumps `kg-lexical-html-render` package with required rendering change
- bumps `koenig-lexical` with TypeError fix and improved handling of failed image uploads
- bumps other packages that were missed from previous bumps, fixes split versions of underlying lexical packages
2024-07-18 12:10:58 +01:00
renovate[bot]
7de7d33266 Update dependency mailgun.js to v10.2.3 2024-07-18 10:27:29 +00:00
Sag
c5bb2e5dc7
🐛 Fixed member subscription details in Admin (#20619)
fixes https://linear.app/tryghost/issue/ONC-189

- commit 4084a3d introduced a regression that caused member subscription
details to not be rendered for active/canceled subscriptions
- with this fix, the rendering logic in Admin for member subscription
details has been fully moved to a helper and is now covered by
additional unit tests
2024-07-18 12:14:38 +02:00
Steve Larson
cd17b94e9c
Improved performance loading the posts list in admin (#20618)
ref https://github.com/TryGhost/Ghost/pull/20503
- undid the reversion for the performance improvements
- built upon new tests for the posts list functionality in admin,
including right click actions

This was originally reverted because the changes to improve loading
response times broke right click (bulk) actions in the posts list. This
was not caught because it turned out we had near-zero test coverage of
that part of the codebase. Test coverage has been expanded for the posts
list, and while not comprehensive, is a much better place for us to be
in.
2024-07-17 16:55:47 -05:00
Steve Larson
809e987f32
Extended timeouts on image size test (#20616)
ref e626dd9

There has been some flakiness in Github CI with the new tests for the
probe library. We'll start with extending timeouts in case CI is running
particularly slowly.
2024-07-17 12:07:23 +00:00
Ghost CI
7d8c76d82e Merged v5.87.3 into main 2024-07-17 11:51:32 +00:00
Ghost CI
a7e1d57c4a v5.87.3 2024-07-17 11:51:30 +00:00
Michael Barrett
316a87e7c9
Reverted "Added custom redirects ReDoS validation" (#20614)
Reverts TryGhost/Ghost#20515

This is being reverted due to the validation being run on boot causing custom
redirects to not be loaded
2024-07-17 12:37:19 +01:00
Michael Barrett
63e64686ef
Reverted "Added custom redirects ReDoS validation" (#20614)
Reverts TryGhost/Ghost#20515

This is being reverted due to the validation being run on boot causing custom
redirects to not be loaded
2024-07-17 12:29:05 +01:00
Princi Vershwal
b04452fdb3
Added 90 days filter to Top Sources Admin Dashboard query (#20609)
ref:
https://linear.app/tryghost/issue/SLO-184/add-90-days-filter-to-top-sources-admin-dashboard-query
2024-07-17 07:16:39 +05:30
Steve Larson
2e3eb1da71
Added posts bulk action Admin tests (#20610)
ref https://linear.app/tryghost/issue/ENG-1360

Not *all* functionality has been covered by these tests. There's a few
missing pieces from our mirage build and use that likely doesn't need
full coverage within the admin package. Regardless, this view has
dramatically more coverage at this point.
2024-07-16 12:56:15 -05:00
Daniël van der Winden
bb18e6571e
Updated Lexical version (#20608)
A change was needed to Lexical, for admin-only release.
2024-07-16 10:18:54 +00:00
renovate[bot]
b31e196368 Update dependency mysql2 to v3.10.3 2024-07-15 23:08:04 +00:00
Daniël van der Winden
593e8eabaa
Updated Koenig Lexical version in package.json (#20604)
To do a patch release with fixes to the editor.
2024-07-15 15:51:41 +00:00
Sag
e476eebd2d
🎨 Added staff notification when a sub is canceled due to failed payments (#20534)
ref https://linear.app/tryghost/issue/ENG-1254

- when a subscription is canceled automatically by Stripe (e.g. due to
multiple failed payments), we now send a staff notification
- logic before: if a member cancels a sub in Portal, then send a staff
notification
- logic now: if a subscription was active, but is now set to cancel
immediately or at the end of the billing period, then send a staff
notification.
- with that logic change, we now send a cancellation staff notification
when:
    1. A member cancels their sub in Portal (existing)
    2. A staff member cancels a member sub in Stripe (new)
    3. A staff member cancels a member sub in Admin (new)
    4. A sub is canceled automatically by Stripe because of multiple failed
payments (new)
- the copy of the staff notification email has also been updated to take
into account 1) manual vs automatic cancellations, and 2) immediate vs
end of billing period cancellations
2024-07-15 08:07:18 +02:00
renovate[bot]
16ce66f74e Update dependency i18next to v23.12.1 2024-07-15 00:13:10 +00:00
Ghost CI
8971128046 v5.87.2 2024-07-12 16:04:42 +00:00
Ghost CI
d5b8095066 🎨 Updated Source to v1.3.1 2024-07-12 16:04:42 +00:00
Ghost CI
3d29fecfb7 🎨 Updated Casper to v5.7.4 2024-07-12 16:04:42 +00:00
Steve Larson
3cfdcfb15f
🐛 Removed method="post" on sign in/up forms in Admin (#20598)
ref https://linear.app/tryghost/issue/ONC-160
- POST is incorrect as the form itself doesn't post to any path; all we
want are the authentication flows to kick off on submit

We've had reports of users experiencing a 404 error on attempting to
sign in to Ghost Admin (at /ghost/), where the login form seems to
submit a POST request to the /ghost/ path (we don't have a route for
that method, hence the 404; only GET). While I haven't been able to
reproduce the issue, there's very few places in Ghost that actually
issue a POST request.

Removing this method here has no impact to Ghost auth and may prevent
some unexpected default behavior from the browser.
2024-07-11 17:03:50 -05:00
renovate[bot]
cd15cb8c30 Update dependency webpack to v5.93.0 2024-07-11 20:32:47 +00:00
Steve Larson
e626dd9353
🐛 Fixed image dimension retrieval causing Ghost requests to hang (#20589)
ref https://linear.app/tryghost/issue/ENG-1408/
- added additional safeguards to the image size dimensions probing

For some reason that requires further investigation, the
probe-image-size package was silently failing (neither resolving nor
rejecting) for a particular URL. This was causing Ghost to hang on to
serving the request, and after a few of these came in, ultimately caused
Ghost to stop being responsive.

Rather than trying to patch a dependency, we'll wrap the call to this
package and use the same timeout we pass into the package (which is
ignored in this particular case) as an additional safeguard.
2024-07-11 09:37:44 -05:00
Daniël van der Winden
1d21612ceb
Improved text-wrapping for Resource headers (#20590)
Adds text-wrap: pretty to Resource H3 on Post Analytics page, to avoid
orphans in typography.
2024-07-11 09:50:06 +00:00
Daniël van der Winden
c6717a4ebd
Fixes Resource articles overflowing on Post Analytics (#20584)
Fixes
https://linear.app/tryghost/issue/DES-546/resource-articles-on-post-analytics-overflowing-window

The articles in the Resources box on the Post Analytics page were
previously overflowing their container. These changes fix that, and
allow them to scale up/down more gracefully for different screen sizes.
2024-07-10 15:01:41 +00:00
Daniël van der Winden
22824b9685
Fixed paywall button border radius (#20582)
Fixes
https://linear.app/tryghost/issue/DES-544/upgrade-email-paywall-button-doesnt-match-normal-buttons-in-newsletter

In emails, the button for the paywall wasn't getting the border-radius,
as [Gmail strips out font styling applied to the `td` element in the
HTML](https://stackoverflow.com/a/38041282). Those styles are now moved
out of that element, and look to apply correctly.
2024-07-10 12:45:49 +00:00
Sag
f8966e26c8
Cleaned up "Recommendations" GA feature flag (#20580)
no issue

- "Recommendations" feature was released in Ghost
[v5.71.0](https://github.com/TryGhost/Ghost/releases/tag/v5.71.0)
(commit: 1b82efe5d2)
- [Project
details](https://www.notion.so/ghost/Recommentions-5be89ec0d02a4c9b9310a964f9b22901?pvs=4)
2024-07-10 12:24:27 +00:00
Sag
a8533c9dc9
Cleaned up "Embeddable signup form" GA feature flag (#20577)
no issue

- "Embeddable signup form" feature was released in Ghost
[v5.51.0](https://github.com/TryGhost/Ghost/releases/tag/v5.51.0)
(commit: 5e7edb9)
- [Project
details](https://www.notion.so/ghost/Embeddable-signup-forms-1632735f1f894d01be491aeffb48bd45?pvs=4)
2024-07-10 10:46:04 +00:00
Sodbileg Gansukh
7266ca869f
Set explicit text color to the bookmark card content (#20578)
ref DES-263

- we've recently started forcing white background color to the bookmark
card by default
- the reason was making it look good regardless of the site background
color
- it caused an issue to some sites, mostly in dark mode, because the
text color was inherited from the theme
- this sets explicit color to the bookmark content which is consistent
with the nft card
2024-07-10 10:27:45 +00:00
Sag
83b1603202
Cleaned up "List Unsubscribe Header" GA feature flag (#20573)
no issue

- "List Unsubscribe Header" feature was added in Ghost release
[v5.74.0](https://github.com/TryGhost/Ghost/releases/tag/v5.74.0)
(commit: 69ee4a5)
- [Project
details](https://www.notion.so/ghost/One-click-unsubscribe-from-gmail-2b5cdc81e49f462287e9894c9c368aad?pvs=4)
2024-07-10 09:52:13 +00:00
Michael Barrett
6bfba13937
🐛 Fixed data importer allowing invalid free product to be imported (#20572)
refs
[ENG-1355](https://linear.app/tryghost/issue/ENG-1355/site-boot-cycling-due-to-free-tier-having-a-currency)

Fixed data importer allowing invalid free product to be imported which
could cause Ghost to not start due to the error:

`ValidationError: Free Tiers cannot have a currency`

It should not be possible to import a free product with pricing data (as
that means its not free 😄)
2024-07-10 10:49:56 +01:00
Chris Raible
bf895e6e99
🐛 Fixed offer redemptions for free members redeeming an offer (#20571)
ref
https://linear.app/tryghost/issue/ENG-1251/support-escalation-re-offers-not-tracking

- Offer Redemptions were not being persisted in the database for
existing free members who upgrade to a paid plan with an offer, which
resulted in inaccurate offer redemption counts. This made it difficult
to assess the performance of an offer.
- Previously, Ghost recorded an offer redemption in the DB in response
to the `SubscriptionCreatedEvent`, under the assumption that the offer
details would be included in this event. This assumption was valid for
brand new members starting a subscription with an offer, but not for
existing free members upgrading to a paid plan with an offer.
- For existing free members, the subscription is first stored in Ghost
in response to the `customer.subscription.created` Stripe webhook. At
this point, the offer/discount is not attached to the subscription, so
the `SubscriptionCreatedEvent` triggers without the offer information,
and the offer redemption is not recorded. After the
`checkout.session.completed` webhook is received (which _does_ include
the offer details), the subscription is updated in Ghost, but the Offer
Redemption is not stored.
- For brand new members, the `customer.subscription.created` webhook
no-ops, because the member and Stripe Customer don't exist yet.
Therefore, the subscription is first created in Ghost in response to the
`checkout.session.completed` webhook, which _does_ include the offer
information, so the offer information is included in the
`SubscriptionCreatedEvent` and the offer redemption is recorded as
expected.
- This change adds a new `OfferRedemptionEvent`, which triggers
either: (1) when a new subscription is created with an offer (as in the
case of a brand new member), or (2) when an existing subscription is
first updated to include an offer (as in the case of an existing free
member upgrading with an offer). The Offer Redemption is then persisted
in the DB in response to the `OfferRedemptionEvent` rather than the
`SubscriptionCreatedEvent`.
2024-07-09 16:05:26 -07:00
Steve Larson
9d15aef243
Updated timezone dependency (#20570)
ref https://linear.app/tryghost/issue/ENG-1266
- Mexico changed tz to not participate in DST
- our package was a couple years behind, so we likely have fixes for
other countries/regions, too
2024-07-09 16:31:36 -05:00
Princi Vershwal
81df7ca05b
Added tests for fix - URLs sent in emails containing a % can not be updated (#20569)
ref ENG-1372 ENG-447
2024-07-10 02:04:45 +05:30
Princi Vershwal
81ba4c7f4f
Added tests for dashboard stats service (#20567)
ref: https://linear.app/tryghost/issue/ENG-1374/add-tests-analytics-sources-shouldnt-be-case-sensitive
2024-07-10 00:50:41 +05:30
Sag
d0d0783837
🐛 Fixed pasting product URLs into the editor (#20565)
fixes https://linear.app/tryghost/issue/ENG-1215

- when pasting URLs that return `type: link` from the oembed service, we
now fallback to using a Bookmark card
- previously, this would render a plain link in the editor
- example product URL with `type: link`:
https://indiebeer.co.uk/products/terra-tempo-vinicius-red-wine-ba-wild-ale-with-mango-pineapple-honeydew-melon-and-banana-750ml-7
2024-07-09 18:28:56 +02:00
Steve Larson
00230314db
🐛 Fixed member source attribution for sign-up (Portal) links (#20566)
ref https://linear.app/tryghost/issue/ONC-154
- the query params did not carry through on portal sign up links because
of the hash creating an ignored fragment
(/#/portal/signup?ref=something)

Now when we check link attribution, we'll attempt to run the same logic
for the referrer source after stripping out `#/portal` from the URL.
Otherwise we should continue to treat these fragments as fragments to be
ignored by the client.

NOTE: We do not have e2e tests that cover member signup on the front end
and the data entered in the back end. The tests we have mock only the
server side of things. The test added here only covers the data that is
generated from the front end request (at this time), *not* the front end
request itself, meaning it's fragile.
2024-07-09 16:14:33 +00:00
Sag
8b45af3458
Cleaned up 'Filter by email disabled' GA feature flag (#20554)
no issue

- "Filter by email disabled" feature has been released to GA in [Ghost
v5.74.0](https://github.com/TryGhost/Ghost/releases/tag/v5.74.0)
(commit: 32d0d2b293)
- cf. [Project
details](https://www.notion.so/ghost/Filter-by-email-disabled-2a73f5da5e8b46bcaacb944bd98e0674?pvs=4)
2024-07-09 10:11:26 +00:00
Daniël van der Winden
4084a3d00f
Fixes complimentary subscription display issues (#20563)
Fixes
https://linear.app/tryghost/issue/DES-324/complimentary-plan-issues

We were showing renewal copy for subscriptions that are forever
complimentary. We also had a trailing en-dash in the Member detail
screen when their subscription was complimentary and had no end date.

Those things are solved now. We don't show dates or renewal copy when we
don't need to.
2024-07-09 11:53:02 +02:00
Sag
480f192f75
Updated Ghost Admin README with updated test instructions (#20561)
no issue
2024-07-08 16:57:52 +00:00
Sag
6e884b1a95
🐛 Fixed selection bugs in editor (#20557)
ref https://ghost.slack.com/archives/CTH5NDJMS/p1720422460943619

- bumping 'lexical' from 0.13.1 to 0.14.2 created a few selection bugs
in the editor
- this commit reverts 'lexical' back to 0.13.1 and any related changes
in the editor codebase
2024-07-08 13:34:51 +01:00
Ronald Langeveld
3818445a18
🐛 Fixed bad redirects yaml overriding backed up working yaml file (#20555)
ref ENG-945

- Fixed an issue where upload a broken redirects yaml will override the
last working yaml.
- Instead it will now do the validation before saving and overriding the
yaml.
2024-07-08 16:45:20 +07:00
Ghost CI
bd15ce5c03 v5.87.1 2024-07-05 16:04:15 +00:00
Ghost CI
d260d81348 🎨 Updated Source to v1.3.0 2024-07-05 16:04:15 +00:00
Ghost CI
dc1f9492de 🎨 Updated Casper to v5.7.3 2024-07-05 16:04:15 +00:00
Kevin Ansfield
191a301242
Cleaned up hasPortalImprovements GA feature flag (#20548)
no issue

- the feature has been GA for a long time now so the conditionals are no longer required
2024-07-04 16:21:48 +00:00
Kevin Ansfield
3b87c9be53
Cleaned up websockets experiment (#20547)
no issue

- we're no longer making use of the websockets experiment so it's just bloat
- this is the whole feature in a single commit in case we need to revive it at some point
2024-07-04 16:08:06 +00:00
Michael Barrett
e58fd86b96
🐛 Fixed image editing not saving changes (#20543)
refs
[ENG-1363](https://linear.app/tryghost/issue/ENG-1363/bug-with-image-editing-not-saving-changes)

Bumped `@tryghost/koenig-lexical` to `1.3.3` to fix image editing not
saving changes
2024-07-04 11:48:48 +01:00
Daniel Lockyer
98d171cfc6 Bumped @tryghost/metrics package
- this change contains the removal of the `promise.allsettled` package,
  as this is not needed on Node 12+, which removes 75 further dependencies
  in production mode
2024-07-04 11:40:56 +02:00
renovate[bot]
6fadf45f4a Update dependency ws to v8.18.0 2024-07-03 17:36:56 +00:00
Kevin Ansfield
e6df014f84 Cleaned up newsletterExcerpt flag
no issue

- feature is GA so the flag and related conditionals are no longer required
2024-07-03 18:22:39 +01:00
Daniel Lockyer
33c9786025 Removed unused dependency
- this dependency is also present in `dependencies`, so it's not needed
  here
2024-07-03 14:35:31 +02:00
Sanne de Vries
e393676e8d
Removed duplicate email template and styles files (#20528)
Refs https://ghost.slack.com/archives/C02G9E68C/p1720003723371169
- These duplicate files have been lingering since working on an email
customisation feature that was never released.
2024-07-03 14:35:17 +02:00
Sag
6e0b009034
🎨 Added 'Payment failed' subscription cancellation reason (#20527)
ref https://linear.app/tryghost/issue/ENG-1254

- we currently only store a cancellation reason when a member cancels
manually in Portal
- we now also store "Payment failed" when the cancellation is automatic
due to several payment failures
2024-07-03 13:12:01 +02:00
Sanne de Vries
be77080f39
Updated typography and spacing for callout cards and blockquotes (#20525)
REF DES-542
2024-07-03 09:43:51 +00:00
renovate[bot]
6c6d3b6ce4 Update dependency jose to v4.15.9 2024-07-03 09:16:44 +00:00
Daniel Lockyer
895e3719bd Revert "🐛 Fixed unexpected leave confirmation after Cmd+S on member profile"
This reverts commit 186c6f3c42.
2024-07-02 21:49:08 +02:00
renovate[bot]
8d33c9d64f Update dependency lib0 to v0.2.94 2024-07-02 18:27:02 +02:00
renovate[bot]
31ea0ba6a3 Update metascraper 2024-07-02 15:57:06 +00:00
Princi Vershwal
bec647412f
🐛 Fixed url decoding issue - URLs sent in emails containing a % can now be updated(#20518)
fixes https://linear.app/tryghost/issue/ENG-447/🐛-urls-sent-in-emails-containing-a-percent-can-not-be-updated

URLs were decoded before making a search query to the db. This is the reason the `%2F` character gets converted to  `/`. This decoding is not required.
2024-07-02 21:13:32 +05:30
Michael Barrett
b36c2356fc
Added custom redirects ReDoS validation (#20515)
refs
[ENG-709](https://linear.app/tryghost/issue/ENG-709/%F0%9F%90%9B-bad-redirects-causing-container-tear-down)

Added validation to prevent RegEx's susceptible to ReDoS from being used
with custom redirects. Also moved error details out of `context` and
into `errorDetails` to be consistent with error logging elsewhere as
well as fix issue in admin-x where blank screen would be shown when an
error occurred during redirects upload (due to logic not accounting for
`context` being an object)
2024-07-02 16:00:19 +01:00
Steve Larson
fe31ee34e8
Revert "Improved performance in Admin Posts view (#20503)" (#20514)
ref https://linear.app/tryghost/issue/ONC-111

This reverts commit 3d9d552271.

This commit broke bulk post actions which we do not have tests for, so
we will need to address that as well as add tests.
2024-07-02 14:27:44 +00:00
Sanne de Vries
3618632129
Updated password updated successfully notification copy (#20512)
REF DES-540
2024-07-02 16:26:12 +02:00
Sag
92a84f77fd
Removed leftover .only on Admin unit tests (#20513)
no issue
2024-07-02 14:10:23 +00:00
Fabien 'egg' O'Carroll
a4107b8202
🐛 Fixed incorrect member subscription details in Admin (#20476)
fixes https://linear.app/tryghost/issue/ENG-642

- When a subscription is in the `canceled` state the corresponding
Member has no access to the Ghost site. The only time a Member will
continue to have access if their subscription is due to cancel at the
period end is if it is still in an active state, which is one of
`active` `trialing` `unpaid` or `past_due`
- When a subscription is canceled immediately (i.e. before the end of
the current billing period), we now render "Ended" without a date,
because we don't store the cancellation date in the subscription object.
We previously used "Ended {current_period_end}" which would sometimes
lead to dates in the future
- Bonus: refactored code and added unit tests

---------

Co-authored-by: Sag <guptazy@gmail.com>
2024-07-02 13:58:20 +00:00
Sanne de Vries
18719e2168
Updated password reset notification (#20510)
REF DES-540
2024-07-02 15:24:14 +02:00
Daniel Lockyer
23075b7bf8 Optimized aggregating member attribution statistics
- the existing code creates a new moment instance, takes away some days
  and then formats the result
- this is run for every entry of the member attribution stats, which
  means dashboards for big sites with a lot of attribution data become
  slow
- this value doesn't change across each iteration of the filter, so we
  can just extract it out and calculate it once
- this commit removes this code block from the flamegraph completely
2024-07-02 11:44:22 +02:00
Princi Vershwal
62aad6fd84
🐛 Fixed analytics sources to not be case sensitive (#20506)
fixes https://linear.app/tryghost/issue/ENG-925/analytics-sources-shouldnt-be-case-sensitive
2024-07-02 08:41:32 +00:00
Princi Vershwal
e6b1f8a8bf
Fixed analytics sources to not be case sensitive (#20506)
fixes
https://linear.app/tryghost/issue/ENG-925/analytics-sources-shouldnt-be-case-sensitive
2024-07-02 12:17:13 +05:30
renovate[bot]
9522ef8ca8 Update nest monorepo to v10.3.10 2024-07-02 08:31:07 +02:00
Daniel Lockyer
186c6f3c42 🐛 Fixed unexpected leave confirmation after Cmd+S on member profile
fix https://linear.app/tryghost/issue/ENG-779/%F0%9F%90%9B-cmds-does-not-save-member-profile-changes

- previously, pressing Cmd+S on a member profile would save the profile,
  but the dirty attributes weren't being cleaned, so the application
  would trigger the leave confirmation when exiting
- now, we've fixed the code to keep a dynamic scratch member,
- long term, we should get rid of the scratch model, but this still
  allows us to fix the bug for now
2024-07-02 08:30:53 +02:00
renovate[bot]
90033eff2d Update dependency @tryghost/kg-html-to-lexical to v1.1.6 2024-07-02 08:26:16 +02:00
Kevin Ansfield
2fd9116499
🐛 Fixed unwanted extra blank paragraphs when copy/pasting from Google Docs (#20505)
closes https://linear.app/tryghost/issue/ENG-1255

- updated Koenig packages including:
  - addition of `/preview` for public preview card
  - fix for HTML import from Google Docs
  - fix for embed thumbnails being cut off in email
  - fix for wide image card width on medium screens
- multiple fixes for unhandled (but non user-visible) errors causing noise in console and error logging
2024-07-01 21:14:07 +01:00
Steve Larson
3d9d552271
Improved performance in Admin Posts view (#20503)
ref https://linear.app/tryghost/issue/ONC-111
- changed posts fetching/display behavior to be client-side instead of server-side
- admin will issue (potentially multiple) requests based on the desired status(es)
- updated admin acceptance test for missing coverage

I've pulled the sort from the database query as this triple sort
performs very poorly at scale (taking ~4s+ past ~20k posts sometimes).
Instead, we now split up the fetch to grab only one status at a time and
use the front-end logic to handle displaying scheduled, then drafts,
then published. This should result in a much more responsive view.

We will separately change the default sort on the Admin API as that was the ultimate intent for this change.
2024-07-01 19:43:41 +00:00
Sag
7f963e9c2a
🎨 Added 'Changed email address' event to Member Activity (#20493)
fixes https://linear.app/tryghost/issue/ENG-1256

- when a member changes their email address, surface it in Member
Activity
2024-07-01 15:33:33 +00:00
Michael Barrett
c285b0a0f1
🔒 Added timestamp to webhook signature hash (#20500)
refs
[ENG-1238](https://linear.app/tryghost/issue/ENG-1238/🔒-webhook-signatures-dont-include-timestamp-in-the-signature)

Added timestamp to the webhook signature hash to prevent replay attacks.
This is
a breaking change for webhook consumers as signature verification logic
will need to be updated to account for the timestamp in the hash, for
example:

```js
const crypto = require('crypto');

// Webhook secret from Ghost Admin
const WEBHOOK_SECRET = 'FOOBARBAZ'

// Sample incoming webhook request object
const req = {
    headers: {
        'x-ghost-signature': 'sha256=fc9749d5b3333109bd779f65d4b1b891576bc5c92febea3b1d186a7f946d0745, t=1719842984367'
    },
    body: {
        tag: {
            current: {
                id: '6682b8a8e10cc04306284330',
                name: 'test',
                slug: 'test',
                description: null,
                feature_image: null,
                visibility: 'public',
                og_image: null,
                og_title: null,
                og_description: null,
                twitter_image: null,
                twitter_title: null,
                twitter_description: null,
                meta_title: null,
                meta_description: null,
                codeinjection_head: null,
                codeinjection_foot: null,
                canonical_url: null,
                accent_color: null,
                created_at: '2024-07-01T14:09:44.000Z',
                updated_at: '2024-07-01T14:09:44.000Z',
                url: 'http://localhost:2368/404/'
            },
            previous: {}
        }
    }
};

// Get the request body as a JSON string
const reqBodyJSON = JSON.stringify(req.body);

// Extract the hash and timestamp from the x-ghost-signature header
const {sha256: hash, t: timestamp} = req.headers['x-ghost-signature']
    .split(', ')
    .map((x) => x.split('='))
    .reduce((acc, [key, value]) => ({ ...acc, [key]: value }), {})

// Recreate the hash using the secret, request body, and timestamp and compare it to the hash from the header
const isValid = crypto.createHmac('sha256', WEBHOOK_SECRET).update(`${reqBodyJSON}${timestamp}`).digest('hex') === hash

if (isValid) {
    console.log('Valid signature!')
}
```
2024-07-01 15:59:04 +01:00
Daniel Lockyer
fcb95ecc1a Switched faker to @faker-js/faker
- `faker` was the original dependency but the maintainer ended up
  deleting the repo, so development continued in `@faker-js/faker`
- we're already using that dependency, so we can make a few simple
  changes and remove the old dependency from our repo
2024-07-01 14:49:42 +02:00
Daniel Lockyer
60f37ed118 Fixed browser tests
refs 6378d7d66f

- the buttons have been renamed and split apart into separate ones
2024-07-01 14:49:20 +02:00
Daniel Lockyer
a146709c16 Cleaned up unused core dependencies
- analytics-node usage was removed a while back
- juice is used by a different package now
2024-07-01 13:56:31 +02:00
Sanne de Vries
95a4895e8f
Center aligned feature image in email template (#20491)
REF DES-380
- Center aligned feature image in email template
- Updated feature image css in editor to better display image overlay
and improve caption spacing
2024-07-01 08:43:26 +00:00
Daniel Lockyer
5f36bef451 Changed "commented" link in member feed to redirect to post
fix https://linear.app/tryghost/issue/ENG-1217/activity-log-link-for-comments-goes-to-wrong-place

- the post analytics page does not contain any comments, so it's not the
  most intuitive location to point the user. Instead, we can send them
  to the frontend of the post, where they can view comments
2024-07-01 10:15:46 +02:00
renovate[bot]
f561f362f4 Update dependency postcss to v8.4.39 2024-07-01 07:28:24 +02:00
renovate[bot]
41d8240d50 Update dependency mysql2 to v3.10.2 2024-07-01 02:07:18 +00:00
Ghost CI
0d60c74957 v5.87.0 2024-06-28 16:27:27 +00:00
Daniel Lockyer
34b903a12b Added browser autoplay error to Sentry ignore list
fix https://linear.app/tryghost/issue/SLO-179/notallowederror-the-request-is-not-allowed-by-the-user-agent-or-the

- this adds another browser error to the Sentry ignore list, as we don't
  have control over it, and it doesn't affect the user
2024-06-27 15:33:35 +02:00
renovate[bot]
430a2ca383 Update dependency testem to v3.15.0 2024-06-27 14:06:48 +02:00
Princi Vershwal
7bffe5b79a
Added option param to skip distinct from count query for members API
ref https://linear.app/tryghost/issue/SLO-173/removed-distinct-from-member-count-query

Performance of GET /members API can be improved by dropping the distinct from the total members count query.

select count(distinct members.id) as aggregate from `members`; // 275ms
select count(*) as aggregate from `members`; // 30ms

In this case we know that the result set will always be unique.
2024-06-27 17:35:19 +05:30
Daniel Lockyer
f9a6610823 Added AbortError to list of excluded errors
fix https://linear.app/tryghost/issue/SLO-175/error-aborterror-the-operation-was-aborted

- this error can occur when a user's browser navigates away mid-request,
  which causes the request to be aborted. However, we don't control
  this, nor do we particularly care, so we can just ignore it
2024-06-27 11:58:02 +02:00
Michael Barrett
ecf52d4685
Removed request queue enablement flag (#20466)
refs
[CFR-26](https://linear.app/tryghost/issue/CFR-26/remove-request-queue-config-flag)

Removed request queue enablement flag and updated the logic so that the
request queue is enabled when there is explicit configuration for it.
2024-06-27 09:30:07 +01:00
Daniel Lockyer
aa0110c842 Adjusted Sentry ignore list to cover more browser play errors
fix https://linear.app/tryghost/issue/SLO-172/error-aborterror-the-play-request-was-interrupted-because-the-media

- there are a few error messages we can ignore here, as browsers output
  slightly different messages for various types of these errors, which
  don't affect the user
2024-06-27 08:59:58 +02:00
Steve Larson
2e593ebcee
Improved performance fetching posts (#20460)
ref https://linear.app/tryghost/issue/ONC-111
- added composite index to posts_tags for post_id,tag_id for faster
lookup
- added composite index to posts for updated_at; this is commonly used
by get helpers on the front end to display data like the latest posts

In testing, this provided a very dramatic improvement for simple get
helper requests like 'filter="id:-{{post.id}}+tag:sampleTag" limit="3"'
which are by default sorted by updated_at desc. I'm not entirely clear
why when sorting by published_at we do not need a composite index - so
far it doesn't seem to be necessary. This should cover the primary cases
for get helpers - the latest posts with a given tag or set of tags.
2024-06-26 16:29:02 -05:00
renovate[bot]
dfc27b02c8
Update Koenig packages (#20453)
closes https://linear.app/tryghost/issue/MOM-247

- includes a few fixes for errors we've seen in our reporting
2024-06-26 14:48:17 +01:00
Daniel Lockyer
f250898a3b Optimized stats aggregation code for Admin dashboard
fix https://linear.app/tryghost/issue/SLO-168/rangeerror-maximum-call-stack-size-exceeded

- this code takes the API output and reduces it down to collect together
  stats per date
- the current code is recursive, and we've seen errors with the
  recursion hitting a `RangeError: Maximum call stack size exceeded`
  error
- as well as that, we're doing a lot of array concat'ing and cloning,
  which burns memory and CPU time
- instead, we can just use `.reduce`
- the new implementation is much faster than the existing one (1ms vs
  85ms) and uses no recursion, so those errors should go away
- I've also verified that the output is the same between the two
  functions
2024-06-26 15:46:39 +02:00
Daniel Lockyer
43bb83f7bb Extracted stats aggregation function to util
ref https://linear.app/tryghost/issue/SLO-168/rangeerror-maximum-call-stack-size-exceeded

- this extracts a function to a util so we can unit test it
- this function is about to be optimized but having unit tests allows us
  to make the change with confidence
2024-06-26 15:46:39 +02:00
Daniel Lockyer
019f417c7d Moved error exclusion to correct place
- adding it to ignoreErrors is better than beforeSend because it's built
  for this purpose and we've just looking at the error message
2024-06-26 12:43:55 +02:00
Daniel Lockyer
dd39576de0 Added more errors to Sentry exclusion list
fix https://linear.app/tryghost/issue/SLO-165/add-more-errors-to-allowlist

- we don't want to capture Sentry errors for these because they are out
  of our control (like the user's internet connection dropping out)
2024-06-26 12:43:55 +02:00
Sanne de Vries
e34c36007e
Updated frontend styles for bookmark card (#20468)
REF DES-263
- Added default white background color and sans-serif font to bookmark
card
2024-06-26 12:02:25 +02:00
Daniel Lockyer
5f5293cf6d Excluded errors caused by browser power-saving settings
fix https://linear.app/tryghost/issue/SLO-164/error-aborterror-the-play-request-was-interrupted-because-video-only

- in the case that the browser has power-saving settings enabled, we get
  an error in Sentry
- this error does not affect the user experience, so it should be safe
  to ignore
- this adds an exclusion to Sentry to ignore these errors
2024-06-26 11:49:42 +02:00
Daniel Lockyer
6c07b1cff9 Fixed TypeError when editor is focussed when not loaded
fix https://linear.app/tryghost/issue/SLO-162/typeerror-thiseditorapi-is-null

- if the editor does not load for some reason (network issue), and the
  editor area is clicked, we throw an error because we don't protect
  against a null `editorAPI`
- this adds that check
2024-06-26 11:49:42 +02:00
Ronald Langeveld
6099a14082
Fixed flaky admin test in Publish+Send Flow (#20463)
ref ONC-109

- Attempt to fix flaky Admin test, "Publish flow members enabled can
schedule publish+send"
- Adjusted the time calculation to the nearest minute to avoid
off-by-one minute errors
- Added `waitFor` to ensure elements are present and stable before
making assertions.
- Rounded the new scheduled date and time to the nearest minute to
maintain consistency
- Included extra `waitFor` and `settled` calls to allow time for UI
elements to fully load and reflect changes before assertions.
2024-06-26 16:05:51 +07:00
Sanne de Vries
df16fe1cf4
Added contentVisibility feature flag to FeatureService (#20465)
REF MOM-221
2024-06-26 08:37:01 +00:00
Sanne de Vries
03113313ce
🎨 Updated editor toolbar and action button designs (#20405)
REF https://linear.app/tryghost/issue/MOM-238

- Updated feature image action button styles
- Aligned button and tooltip styles with the rest of the editor
- Updated `koenig-lexical` version to pull in new toolbar design
2024-06-25 10:26:30 +00:00
renovate[bot]
68dcec143e Update dependency ember-auto-import to v2.7.4 2024-06-25 11:39:52 +02:00
Sag
516a2e1ff6
Reduced Sentry replays sample rate to 50% (#20458)
fixes https://linear.app/tryghost/issue/SLO-156
- we have reached our 10k replays per month quota in 20 days, by using a
100% error sampling rate
- we would need a sampling rate < 0.64% to stay under the quota
- from now on, we will be using a 50% error sampling rate to have a bit
of margin, and have a rounder number that is easier to reason about (1
out of 2 error sessions are recorded in Sentry)
2024-06-25 10:52:34 +02:00
Kevin Ansfield
21a2a8236e Added analytic events to internal linking feature
closes https://linear.app/tryghost/issue/MOM-77
closes https://linear.app/tryghost/issue/MOM-78

- bumps Koenig to support events
- adds `siteUrl` pass-through to Koenig to allow differentiation between internal and external URLs
2024-06-24 21:46:15 +01:00
Sag
725ebc3e9f
Fixed invalid tierId handling during member paid checkout (#20455)
- fixes https://linear.app/tryghost/issue/SLO-90
2024-06-24 15:33:39 +00:00
Steve Larson
b10b81b7d7
Prevented pages content api queries from returning mobiledoc or lexical fields (#20454)
ref https://linear.app/tryghost/issue/CFR-43/
ref 9d9a421

We recently stopped `select *` from posts when making Content API
requests. This is now being applied to the pages endpoint to help
improve performance. These fields were already being stripped out in the
output serializer, and they will now no longer be returned from the db
at all, reducing the amount of data transferred.
2024-06-24 15:17:45 +00:00
Sag
b9240271fe
Added config to hide labels from the signup card for contributors (#20429)
ref https://linear.app/tryghost/issue/SLO-127

- problem: contributors see an empty list of labels in the Signup card,
even if some exist
- cause: contributors do not have permission to browse labels
- solution: hide the label input entirely for contributors in the Signup
card, based on the new `renderLabels` config parameter
2024-06-24 14:14:09 +00:00
Steve Larson
4f6842b99a
Added composite index to posts table for type,status (#20437)
ref https://linear.app/tryghost/issue/CFR-35
- performance improvement intended for the content api/get helpers

The posts table is shared by posts and pages and seldom is queried for
both. It makes sense to add an index on type, and from the perspective
of the content API, also on status as you're almost only ever querying
for published posts or published pages.
2024-06-24 09:13:20 -05:00
Michael Barrett
897481b3b4
Added time field to slow get helper logging (#20427)
refs
[CFR-36](https://linear.app/tryghost/issue/CFR-36/pull-out-response-time-from-ghost-logs-message-field-for-get-helper)

Added time field to slow get helper logging to make it easier to query
and filter on this value in elastic without having to parse the message
field
2024-06-24 14:28:42 +01:00
Daniel Lockyer
d5013199b3 Fixed handling objects as API input parameters
fix https://linear.app/tryghost/issue/SLO-155/paramsmap-is-not-a-function-an-unexpected-error-occurred-please-try

- in the case you provide an object to the API, this code will throw an
  error because it can't map over an object
- we can just assert that params should be an array and throw an error
  otherwise
2024-06-24 10:14:43 +02:00
renovate[bot]
c1df0c9d3d Update dependency @types/node to v20.14.8 2024-06-24 10:07:19 +02:00
Ghost CI
bfd7a26370 v5.86.2 2024-06-23 20:39:22 +00:00
Kevin Ansfield
1593fd87d2 🐛 Fixed YouTube bookmark creation
https://github.com/TryGhost/Ghost/issues/20445

- after switching to a browser-like user-agent, YouTube started responding with a "supported browsers" message rather than the actual video meaning bookmark creation failed
- when trying other user-agents it was discovered that nytimes.com (why the user-agent was originally changed) had a problem with the github.com address in the user-agent. By switching to using https://ghost.org instead the request was allowed through fixing both YouTube and NYTimes embeds
2024-06-23 21:09:25 +01:00
Ghost CI
7dcc82b951 v5.86.1 2024-06-21 21:27:33 +00:00
Kevin Ansfield
5b2eaec982 🐛 Fixed 500 errors when viewing posts in development mode
closes https://linear.app/tryghost/issue/ONC-115

- OpenTelemetry was throwing errors when viewing posts
- disabled the instrumentation in development mode so it requires explicit config to enable
2024-06-21 21:59:03 +01:00
Ghost CI
a837cf0247 v5.86.0 2024-06-21 16:04:16 +00:00
renovate[bot]
ccf2d22f4b Update sentry-javascript monorepo to v7.118.0 2024-06-21 13:07:47 +01:00
Daniel Lockyer
12cbb22b85 Lazyloaded OpenTelemetry packages to avoid boot time regression
- we don't want to load the Otel packages unless the instrumentation is
  enabled, because they dramatically increase the boot time (2x locally!)
2024-06-21 11:26:37 +01:00
renovate[bot]
bec000567d Update dependency @opentelemetry/auto-instrumentations-node to v0.47.1 2024-06-21 11:23:14 +01:00
renovate[bot]
4609b43ad7 Update dependency @opentelemetry/instrumentation-runtime-node to v0.5.0 2024-06-21 11:22:50 +01:00
renovate[bot]
63a215700b Update dependency @types/node to v20.14.7 2024-06-21 10:55:13 +01:00
renovate[bot]
478ac0460b Update opentelemetry-js monorepo 2024-06-21 10:55:03 +01:00
renovate[bot]
360088603f Update dependency @opentelemetry/instrumentation-knex to v0.37.0 2024-06-21 10:00:10 +01:00
renovate[bot]
4fd28d4947 Update dependency cssnano to v7.0.3 2024-06-21 09:43:36 +01:00
renovate[bot]
4c8a780e2e Pin dependencies 2024-06-21 09:35:29 +01:00
Kevin Ansfield
0b4e249037 🐛 Fixed bookmark creation for sites that block some user agents
closes https://linear.app/tryghost/issue/ENG-762

- nytimes.com and other sites return 403 responses when requests do not match typical browser user-agents
- our bookmark fetching requests were using `Ghost(https://github.com/TryGhost/Ghost)` meaning bookmark creation failed for these user-agent-blocking sites
- switched to using a standard browser user-agent string to avoid such blocks
2024-06-20 22:15:38 +01:00
Kevin Ansfield
3bc5eb8cf9
🐛 Fixed Bluesky URLs creating bookmarks rather than embeds (#20435)
closes https://github.com/TryGhost/Ghost/issues/20028

It's fairly common practice for oembed providers to skip some of the "required" fields from the oembed spec such as `height` when it doesn't make sense for the embeddable content, this was the case with Bluesky embeds which return `height: null`

- removed validation for `height` being present in the response for it to be recognised as an embed because we don't use it anywhere and the validation is blocking otherwise valid embeds
2024-06-20 20:41:24 +00:00
Kevin Ansfield
5248fbd98e 🐛 Fixed inability to override accent color variable via code injection
closes https://linear.app/tryghost/issue/ONC-72

- moved output of the accent color style element before the site and post/page/tag code injection output
2024-06-20 20:47:11 +01:00
Kevin Ansfield
414b2ff514 Moved internal linking feature out of beta
no issue

Full details coming soon to https://ghost.org/changelog

- Link toolbar and bookmark cards now let you search your existing posts/pages/tags/authors in addition to manually entering the URL
- Typing "@" inside your content lets you quickly search and add a text link
- Typing "@" on a blank paragraph provides a quick way to search and add a bookmark
2024-06-20 17:50:11 +01:00
Sag
1c972c7dd1
🐛 Fixed button URL suggestions not loading for contributors, editors and authors (#20416)
ref https://linear.app/tryghost/issue/SLO-127

- problem: when using a card with a button (Button, Email CTA, Header,
Product), the Button URL suggestions fail to load for Contributors,
Authors, and Editors
- cause: Contributors, Authors and Editors don’t have permission to
fetch offers, and this causes the entire list of button url suggestions
to break
- solution: if offers fail to fetch for any reason, the rest of the url
suggestions for cards with a button is now still populated (i.e. offers
URLs are ignored)
2024-06-20 14:22:41 +02:00
Kevin Ansfield
524fe6ee19 Cleaned up onboardingChecklist GA labs flag
no issue

- removed labs flag
- removed labs flag conditionals
- removed code related to old setup/done screen
- fixed tests that weren't correctly running against the GA flag code
2024-06-20 11:42:42 +01:00
Kevin Ansfield
643b80ad4c 🐛 Fixed dashboard appearing blank if members disabled before completing onboarding
closes https://linear.app/tryghost/issue/ONC-106

- moved onboarding display outside of the `isMembersEnabled` conditional block
2024-06-20 10:43:58 +01:00