Commit Graph

7524 Commits

Author SHA1 Message Date
Daniel Lockyer
28071a242a Fixed error reporting to Sentry
no issue

- some errors weren't being reported because they were being passed to
  Sentry before our middleware could populate the error information
- this commit inserts the Sentry middleware into these steps
2020-02-17 13:52:01 +00:00
Kevin Ansfield
02c034068c Fixed error when serving public images from servePublicFile middleware
no issue

- when `servePublicFile` middleware serves an image it resulted in a "Cannot set headers after they are sent to the client" error because `next()` was erroneously called for successful requests which then tripped the `prettyUrls` middleware which tries to perform a redirect
- only calling `next()` when an error is present allows errors to be picked up by later middleware but successful requests end in the `servePublicFile` middleware
2020-02-17 09:24:15 +00:00
Daniel Lockyer
669987eaf6 Updated Ghost-Admin to 3.6.0 2020-02-14 11:50:36 +00:00
Rish
fede3d05f5 Fixed members tests
no issue
2020-02-14 16:06:25 +05:30
Rish
c5833aa1d9 Fixed tests
no issue
2020-02-14 15:50:49 +05:30
Rish
7f337743e9 Fixed tests
no issue
2020-02-14 15:44:47 +05:30
Rishabh Garg
001db05075
Added labels for Members (#11538)
no issue

* Updated sendEmailWithMagicLink syntax

* Updated label name selection from theme

* Updated migration version for labels

* Added labels to export/import of members

* Added member labels sanitization for case-insensitive duplicates

* Fixed tests

* Fixed label serialization bug on import

* Bumped @tryghost/members-api to 0.15.0

* Fixed lint

* Cleanup
2020-02-14 15:03:10 +05:30
Naz
aff289bfee
Added 'visibility' property check to {{#has}} helper (#11596)
no issue

- Allows for syntax like `{{#has visibility="paid"}}` to be used on Content API resources (posts, pages, etc.)|
- The need for this change cropped out from being able to distinguish paid/member-only/public posts in member-enabled themes.
2020-02-14 17:28:26 +08:00
Rishabh Garg
9c1aa07ea8
Added host limit check for members email publish (#11534)
no issue
2020-02-13 10:43:36 +05:30
Nazar Gargol
25721828d9 Fixed failure when upgrading to version 3.5.x
no issue

- Initialy reported here: https://forum.ghost.org/t/unable-to-upgrade-ghost-from-v3-0-2-to-v3-5-1/11925
- The issue was caused by the refactor in 52635f1aa8 where the backup module signature changed and it wasn't updated in migrations
2020-02-13 12:53:44 +08:00
Rish
4eeed0d32a 🐛 Fixed "undefined" values in member csv export
no issue

We missed handling `undefined` values for fields during csv export for memebrs, which causes csv entries as `undefined` for fields that don't exist. It also added need for extra handling of `undefined` entries during csv import. This PR fixes the bug by properly handling empty/undefined values in export
2020-02-12 11:03:16 +05:30
Nazar Gargol
2c52282662 Added future cleanup note
no issue

- This method was created as a shortcut and the real issue of 'undefined' values being present in CSV should be fiexed instead
2020-02-11 18:17:46 +08:00
Daniel Lockyer
1dc0a70bee Updated Ghost-Admin to 3.5.2 2020-02-11 09:37:50 +00:00
Nazar Gargol
51c2b22e9f 🐛 Fixed order for "Complimentary" plan creation
no issue

- When new Ghost instance is initialized "Complimentary" plan doesn't have to wait for the rest of plans to be configured.
- Without configured plans the admin would still be able  to assign "Complimentary" plan to members or import same kind of members.
- There is no error handling at the moment when plan initialization fails, that's why it was very confusing when all of the sudden it wasn't possible to create a member record
2020-02-11 17:14:41 +08:00
Nazar Gargol
5caf924013 Fixed member delete method to use correct options
closes #11589

- `findOne` method in destroy method was usinng wrong options object (unlinke read method id comes from frame.options not frame.data) thus this was causing 404 errors
2020-02-11 16:35:18 +08:00
Daniel Lockyer
8f161880cb Updated Ghost-Admin to 3.5.1 2020-02-10 12:55:55 +00:00
Nazar Gargol
7e24b727e1 Added new test case to db regression suite
- Checks for correctly returned 404 when file is not there
- Renames make more sense to correspond to what it actually going on in
the suite
2020-02-10 12:41:39 +00:00
Nazar Gargol
70cf2b2c86 Added input sanitization for backup path
- We need to limit the allowed filename accepted by the method to avoid opening up path traversal attack
2020-02-10 12:41:39 +00:00
Nazar Gargol
d5c61c7eea Updated acceptance test to include db export request check 2020-02-10 12:41:39 +00:00
Nazar Gargol
4a79a0e753 Corrected 404 handling 2020-02-10 12:41:39 +00:00
Nazar Gargol
52635f1aa8 Basic implementation of backup retreival from file 2020-02-10 12:41:39 +00:00
Nazar Gargol
49983e799c Changed backup service signature to be able to expand it
- Will need to add a new method allowing to read an export file, so the module signature has to become an object rather than a function
2020-02-10 12:41:39 +00:00
Nazar Gargol
afe11c2b06 Added basic backup implementation for users DELETE endpoint
- The filename is returned to be able to fetch the backup on demand
- Wasn't able to limit exported tables as exporter doesn't support such functionality
2020-02-10 12:41:39 +00:00
Kevin Ansfield
830610d243 Fixed serving of binary public files
no issue

- serving of our public asset images was broken
  - we were reading the binary file in as a string so we could do url transforms, this meant data was lost/corrupted and browsers could not display the served data
  - we were using the wrong mime-type for pngs which meant browsers were triggering downloads rather than displaying images (at least when accessed directly)
- updates uses of `servePublicFile` to have the correct png mimetype
- adjusts `servePublicFile` to treat any mime type starting with `image` as a binary file, passing the file directly through express using `res.sendFile` and skipping the in-memory content caching which is mostly only useful for text files with URL transforms
2020-02-10 09:51:32 +00:00
Nazar Gargol
42f4518a63 Improved error logging for member CSV import
no issue

- Error object can be an array in case of database constrain validation errors, for this reason need to distinguish between singular objects and an array. This handling resemles the one in common error-handler - https://github.com/TryGhost/Ghost/blob/3.5.0/core/server/web/shared/middlewares/error-handler.js#L31-L33
2020-02-10 16:25:56 +08:00
Nazar Gargol
019605e9e0 Added concurency limit for member creation when importing
no issue

- When importing large batches of members we should not allow for unlimited amount of parallel requests created as this might lead to connection pool problems and reaching API rate limits (for example Stripe API is limited to 100 req/s)
2020-02-10 16:03:08 +08:00
Nazar Gargol
e57f7219e5 Added error logging for errors occuring during CSV import
no issue

- CSV import uses direct API calls which skips through logging error. This additional code should catch and record any internal errors
2020-02-07 14:33:30 +08:00
Daniel Lockyer
b3973801df Updated Ghost-Admin to 3.5.0 2020-02-05 11:42:31 +00:00
Nazar Gargol
68a36dd799 Changed members CSV export to match import format
refs c295435b41

- The import format changed the `subscribed` to `subscribed_to_emails`. Export should have the same format as import for consistency
2020-02-05 15:34:55 +08:00
Daniel Lockyer
a510e075b6 Handled missing file extensions for resized image requests
no issue

- if a request was sent for an resized image URL that didn't contain a
  file extension, the code would eventually end up throwing a 500
- this commit checks for this case and returns a 404
2020-02-04 08:04:22 +00:00
Naz Gargol
c295435b41
Added new fields to members CSV import (#11539)
no issue

- New fields that are accepted through members CSV import endpoint are:
  - `subscribed_to_emails` - corresponds to `subscribed` flag in API
  - `stripe_customer_id` - links existing Stripe customer to created member
  - `complimentary_plan` - flag controlling "Complimentary" plan subscription creation for imported member

- Noteworthy exception in field naming - `subscribed_to_emails` that corresponds to `subscribed` API flag present on members resources. It's a special case of CSV format, where users can be less technical it's more explicit to what the flag does (also the same naming is applied in the Admin UI)

- Failing to either link Stripe customer or assign "Complimentary" subscription to imported member behaves in a transaction-like manner - imported record is not created in the database. This is needed to be able to retry imports when it fails for reasons like connectivity failure with Stripe or Stripe miss-configuration.

- To avoid conflicts with linking same Stripe customer to multiple members there is a special handling for duplicate `stripe_customer_id` fields. Records with duplicates are removed from imported set.
2020-02-04 13:51:24 +08:00
Daniel Lockyer
d76e76e1ef Fixed code linting issues
no issue

- just extraneous whitespace
2020-02-03 17:49:41 +00:00
Daniel Lockyer
7751e78c98 Integrated Sentry error tracking
no issue

- this allows tracking of application errors within Sentry
- only enabled for HTTP 500 errors for now
- it is disabled by default
2020-02-03 13:43:43 +00:00
Daniel Lockyer
94d9536b62 Fixed select failures in regressions tests
no issue

- a couple of regressions tests would repeatedly fail on CI. They would
  always follow tests that closed the Ghost server beforehand.
- this commit doesn't close the server after those tests have completed,
  which is similar functionality to all other tests
- the actual cause is unknown at this point, but I suspect it's some
  sort of race condition
2020-01-30 11:14:26 +00:00
Daniel Lockyer
1c6583ae03 Set journal_mode to truncate for SQLite in tests
no issue

- we would regularly see IO errors coming from SQLite, which caused
  random regression tests to fail
- the default journal_mode is `delete`, but this is slow and can cause
  issues when multiple tests try to remove the journal file
- `truncate` is faster and shouldn't cause these issues
2020-01-30 11:14:26 +00:00
Kevin Ansfield
4e54691310 Updated Ghost-Admin to 3.4.0 2020-01-28 17:23:42 +00:00
Kevin Ansfield
68e2274d6d Reverted "Integrated Sentry error tracking"
This reverts commit 6e024331eb.

Temporarily reverting whilst we investigate an issue with Sentry and running Ghost via Ghost-CLI.

Ghost-CLI initiated boot was failing when Sentry was installed due to what appears to be `process.cwd()` returning `undefined` here https://github.com/TryGhost/Ignition/blob/master/lib/config/index.js#L26
2020-01-28 17:21:37 +00:00
Naz Gargol
25f11bbf1c
Added complimentary member subscription (#11537)
no issue

- We need a way to simulate "premium" membership without any payment from members' side. For this new "Complimentary" plan is introduced
- Allows `comped` flag as an input only on `PUT /members/:id` endpoint which sets  free subscriptions based on "complimentary" plan on the member
- Added `comped` flag to members endpoint responses
- Bumped members-api to 0.12.0. This version supports new set/cancel complimentary subscription methods
2020-01-28 11:25:00 +07:00
Naz Gargol
07e1a2406b Added {{price}} helper for formatting stripe amounts (ie. "1935" to "19.35") (#11473)
no issue

- This helper allows to format currencies that use decimal normalization. For example 19.35 USD is served as 1935 from the API which always needs to be divided by 100 to get a dollar ammount.
2020-01-27 11:41:12 +00:00
Kevin Ansfield
8b787ac803 🐛 Fixed unnecessary "unsaved changes" modal when using HR cards
no issue

- the `hr` mobiledoc card does not specify an `absoluteToRelative` or `relativeToAbsolute` transformer function so falls back to the default transformer
- the default transformer function's arguments were not correct which meant that the UrlUtils object was replacing the card's typical empty-object payload
- the card's payload changing when saving mobiledoc was triggering the editor's unsaved changes warning because the API response no longer matched what was in the editor
2020-01-22 11:59:13 +00:00
Daniel Lockyer
6e024331eb Integrated Sentry error tracking
no issue

- this allows tracking of application errors within Sentry
- only enabled for HTTP 500 errors for now
- it is disabled by default
2020-01-22 12:15:10 +07:00
Peter Zimon
a8b272cbd8 🐛 Fixed small image alignment for newsletters
no refs.
- fixed image alignment to be center for images smaller than newsletter content width
2020-01-21 13:21:45 +01:00
Daniel Lockyer
dbcffe9245 🐛 Handled trailing slashes in resized image URLs
no issue

- requests for resized images with a trailing slash would end up
  throwing a EISDIR error because it got through to writing an
  image buffer to a directory
- we want to cut this off early and disallow trailing slashes
2020-01-18 13:45:22 +07:00
Nazar Gargol
f5bcf77a16 Fixed typo in the post fixture
closes https://github.com/TryGhost/Ghost/issues/11520
refs

- The typo was introduced in https://github.com/TryGhost/Ghost/pull/11247
2020-01-17 13:00:38 +07:00
Nazar Gargol
4b57ad33b0 Removed unused isPaymentConfigured method
refs https://github.com/TryGhost/Ghost/pull/11499

- Removed unused and confusin isPaymentConfigured because it was basing it's logic on old `isPaid` flag. Having it in the codebase was adding confusion.
- `isPaid` config flag still needs a proper cleanup with a migration etc.
- Added little post PR merge cleanup
2020-01-17 12:08:30 +07:00
Sven Ewers
0030acf5a6 🎨 Optimized loading stripe scripts only when it is needed (#11499)
closes #11463

- Ghost used to always load stripe.js into the frontend of all pages when memberships are enabled, even when Stripe isn't configured / memberships to a page are free. This changes Ghost's behaviour to only load stripe.js when both stripe API tokens are present & not empty (the quickest way to verify that Stripe is fully configured & operational on a blog).
- Needs a follow-up cleanup removing confusing/not functional `isPaymentConfigured` method from members service
2020-01-17 11:57:29 +07:00
Daniel Lockyer
a671ad4707 Handle content requests with overly long filenames
no issue

- a request for a filename longer than those allowed by the filesystem produced a ENAMETOOLONG error, which would end up becoming a 500 error from Ghost
- this catches the error and returns a HTTP 400 Bad Request response
2020-01-16 14:18:09 +07:00
Nazar Gargol
e9e3f58792 Refactored member controller to use model layer
refs https://github.com/TryGhost/Members/pull/105

- As members module has become a core part it makes sense to follow the same principles as in all other controllers and use the model directly instead of calling external services.
- Bumped @tryghost/members-api to 0.11.1 . New stripe-specific methods used in controllers are available starting with this version
- Exposing these new methods is a little hacky because there are no relationships setup on members_* tables. Left notes for future improvements once relations are introduced.
- We don't allow for chaging member's emails at the moment. For this reason had to modify JSON schema a little. It doesn't support OO inheritence: "This shortcoming is perhaps one of the biggest surprises of the combining operations in JSON schema: it does not behave like inheritance in an object-oriented language. " (ref. https://json-schema.org/understanding-json-schema/reference/combining.html#allof)
2020-01-15 17:52:47 +07:00
Fabien O'Carroll
b31921ba7b Updated Ghost-Admin to 3.3.0 2020-01-13 14:08:24 +02:00
Nazar Gargol
72ae194fbc Refactored member metadata logic into @tryghost/members-api package
refs c059e8e32e

- Reason why the refactor was needed can be found in refed commit
- The logic was extracted into members-api through passing models
directly as member-api module constructor parameters
- Bumped @tryghost/members-api to 0.11.0. Needed to work after the
refactor
2020-01-13 16:42:15 +07:00