Commit Graph

15190 Commits

Author SHA1 Message Date
Ghost CI
2a28fa411b v5.24.1 2022-11-28 11:51:02 +00:00
Naz
60d066b243
🔒 Disabled editable relations by default
refs https://github.com/TryGhost/Ghost/security/advisories/GHSA-9gh8-wp53-ccc6
refs https://github.com/TryGhost/Toolbox/issues/465

- Bookshelf relations allows us to edit relational records by default, which was used liberally in the codebase.
- Not having a clear track record of editable relations left the model layer prone to triggering unwanted nested saves and created a vulnerability where members were able to edit newsletter settings.
- With explicit editable relations it's easier to keep track of relations having editable access to related records. Makes the relational data modification pattern safer to use too.
- Anyone running 5.x should update to 5.24.1

Credits: Dave McDaniel and other members of [Cisco Talos](https://talosintelligence.com/vulnerability_reports)
2022-11-28 18:40:26 +07:00
Ghost CI
e1279c74b4 v5.24.0 2022-11-25 15:00:47 +00:00
Kevin Ansfield
d4ea9c877d Fixed editor key commands throwing errors when range has no section
closes Sentry ADMIN-CC8
closes Sentry ADMIN-DDM
closes Sentry ADMIN-C9F

- there are situations where the editor range when key commands are triggered does not have a head section which then throws errors due to the commands assuming there will always be a section present
- added a guard to key commands that use the head section to abort early and fall back to default Mobiledoc behaviour when the section is missing
2022-11-25 08:56:38 +00:00
Gabriel Ribeiro
64329d716e
Fixed missing amp-youtube properties (#15880)
fixes: https://github.com/TryGhost/Ghost/issues/15878

- Fix `amp-youtube` component, add mandatory `width` and `height`
properties. Also change the `layout` property to `responsive`, so that
the width adapts to mobile devices.

---

Error log:
`The mandatory attribute 'height' is missing in tag 'amp-youtube'.`

Documentation `amp-youtube`:
https://amp.dev/documentation/components/amp-youtube
2022-11-25 07:26:33 +00:00
renovate[bot]
68d3faf77c
Update dependency terser to v5.16.0 2022-11-24 19:01:01 +00:00
Sam Lord
7e02568cec Fixed PlayWright config
no issue

Using multiple workers could cause Stripe to be removed from one test while another test was using it.
2022-11-24 18:16:43 +00:00
Sam Lord
8b80233ae6 Added sample Portal test to PlayWright suite
refs: https://github.com/TryGhost/Toolbox/issues/479
2022-11-24 17:47:04 +00:00
Elena Baidakova
0bdccb6497
Update member activity dropdown (#15875)
closes TryGhost/Team#2250
2022-11-24 20:21:43 +04:00
Sam Lord
6fe5023e91 Added working Playwright tests
refs: https://github.com/TryGhost/Toolbox/issues/479
2022-11-24 15:11:40 +00:00
Kevin Ansfield
ef71d52ec0 Fixed Cannot read properties of null (reading 'offsetHeight') errors in markdown card
closes sentry ADMIN-CAV

- the mobile nav element is not always displayed so we should assume we can read it's `offsetHeight` property
2022-11-24 12:52:16 +00:00
Kevin Ansfield
37d9e8bb8b Fixed Cannot set properties of null (setting 'scrollTop') errors in <GhHtmlIframe>
closes sentry ADMIN-C7S

- we can't guarantee that the iframe being swapped to has rendered yet at the time we swap iframes so we need a guard around the `contentDocument.body` property existing before setting it's `scrollTop` value
2022-11-24 12:52:16 +00:00
Rishabh
c5abef057c Stored new source data for emails
refs https://github.com/TryGhost/Team/issues/2280
refs 9b0c21e0a2

As part of the email stability work, we added new `source` and `source_type` columns to `email` table, which allows us to store the email source information. The source for all existing emails before the stability work was always `html`, while newer emails will store `mobiledoc` or `lexical` directly.

While the `source` for all existing emails was populated with the `html` as part of above migration, we also need to store the right `source` for all new emails created till the feature is under a flag.

This change updates the current email flow to also store `source` with html data, so it can be used in future with new email service and allows removing old `html` column.
2022-11-24 16:08:02 +05:30
e.baidakova
f5e1e6296c Add suppression modal to Portal
closes TryGhost/Team#2256
- Users can remove themselves from the suppression list from the profile in Portal.
2022-11-24 13:58:27 +04:00
e.baidakova
69c2af1ffe Split AccountHomePage file on separate files
closes TryGhost/Team#2256
- Moved components to separate file for better navigation.
2022-11-24 13:58:27 +04:00
e.baidakova
991e628022 Add ability to use absolute paths for import
closes TryGhost/Team#2264
- Instead of relative paths, we can use absolute. It helps to keep code cleaner and don't worry about import when doing refactoring.
Relative paths require rewriting them in case a file is moved to another directory.
2022-11-24 13:58:27 +04:00
e.baidakova
f151d223c3 Add ability to import css files
closes TryGhost/Team#2256
- Now we can write css in separate files and then import them as string.
2022-11-24 13:58:27 +04:00
Fabien "egg" O'Carroll
a88201089e Updated dev dependency to use pinned version
This is the standard for our deps in packages.
2022-11-24 13:58:12 +07:00
Fabien "egg" O'Carroll
90c9a03319 Added @tryghost/email-events package
refs https://github.com/TryGhost/Team/issues/2253
refs https://github.com/TryGhost/Team/issues/2254

This package is analogous to the @tryghost/member-events package. The
events here will be consumed by the EmailSuppressionList
implementation and used to add emails to said list. They'll be
dispatched by the code which handles events received from Mailgun.
2022-11-24 13:56:35 +07:00
Elena Baidakova
54f075b330
Update the suppression notice front-end (#15869)
closes TryGhost/Team#2288
2022-11-24 10:02:57 +04:00
renovate[bot]
e48072e471 Update dependency bson-objectid to v2.0.4 2022-11-24 11:24:07 +07:00
renovate[bot]
a26cbacfd6 Update dependency @playwright/test to v1.28.1 2022-11-24 10:03:08 +07:00
Hannah Wolfe
e4dbf9b0fd Updated error fallbacks to generic error message
refs: https://github.com/TryGhost/Team/issues/1121

- We've decided on one  preferred message for unexpected errors
- We want to use this everywhere where we don't know what to display
- We now have a GENERIC_ERROR_MESSAGE constant that we should use
2022-11-23 21:49:40 +00:00
Hannah Wolfe
907319a507 Renamed mw-error-handler test file to match lib
- minor inconsistency in naming was tripping me up
2022-11-23 21:49:40 +00:00
Elena Baidakova
e1ba0f6a2d
Fixed member avatar size (#15871)
closes TryGhost/Team#2279
2022-11-23 20:01:23 +04:00
Hannah Wolfe
32353f2920 Removed detail rule from showAPIError
refs: https://github.com/TryGhost/Team/issues/1121

- showAPIError is a method intended for formatting errors from the Ghost API
- Ghost API Errors do not have a detail field, therefore this code was redundant
- there are also no related tests
- removing now because I'm trying to cleanup and streamline all our error handling code
2022-11-23 15:56:58 +00:00
Hannah Wolfe
c740eecaec Fixed duplicate error messages from API
refs: https://github.com/TryGhost/Team/issues/1121

- In certain cases our API sends the same data for message and context.
- We will also fix this server-side, but we should also be smart in the UI and not show duplicate info
2022-11-23 15:56:58 +00:00
Silvan Hagen
4ed245a405 fix: missing "the" in sentence regarding trial 2022-11-23 15:38:48 +00:00
renovate[bot]
0ca3031df1 Update sentry-javascript monorepo to v7.21.1 2022-11-23 15:15:14 +00:00
Kevin Ansfield
9ceecba5fd Added TransitionAborted errors to Sentry's ignore list
no issue

- "unhandled" `TransitionAborted` errors almost always occur as part of expected application behaviour and were causing a lot of noise in Sentry making it harder to track down real errors
- when a `TransitionAborted` error occurs outside of expected behaviour it will usually be accompanied by other errors that do get logged
- there's a long-standing Ember issue about how aborted transition errors should be handled at https://github.com/emberjs/ember.js/issues/12505
2022-11-23 13:23:47 +00:00
Hannah Wolfe
62cd52ff98 Improved Sentry server side error reporting
refs: https://github.com/TryGhost/Team/issues/1121
refs: 54574025e0

- The previous change to fall back to a generic error on the server side is resulting in lots of much less useful Sentry reports
- For unexpected errors, change what's sent to Sentry back to context
- This is done by adding a specific code, so we don't have to match on a string that might change
- Also add the error type, id, code & statusCode as tags to the events - these are searchable structured data
- Adding code as a tag also makes it possible to find all errors that showed the generic message
2022-11-23 12:37:24 +00:00
Hannah Wolfe
36b80f2dda Updated sentry to use @tryghost/version
- As demonstrated by my comments in the boot file, I thought sentry was already depending on the version package
- IMO it's undesirable to require package.json directly esp when we have a tool setup and ready for tis
- Added a bunch of tests to show that Sentry does roughly what we think
2022-11-23 12:37:24 +00:00
Kevin Ansfield
d15f740a3f Fixed TaskCancelation errors
sentry issue: ADMIN-AY5

- added guards for cancelation errors where we're casting tasks to promises
- see http://ember-concurrency.com/docs/task-cancelation-help for full details
2022-11-23 10:42:40 +00:00
Elena Baidakova
8d9d22e5a7
Added member API for removing email from suppression list (#15867)
closes TryGhost/Team#2306
2022-11-23 14:41:00 +04:00
Simon Backx
4b4592630f
Added new email batch sending service (#15865)
fixes https://github.com/TryGhost/Team/issues/2284

New batch sending flow (still WIP). Logs the sent emails instead of actually sending them. Unit tests are coming in later commits.
2022-11-23 11:33:44 +01:00
Rishabh
9b0c21e0a2 Populated email table source with existing html data
refs https://github.com/TryGhost/Team/issues/2280

- updates `source` value for all existing rows to contain `html` data for future compatibility with new columns
2022-11-23 15:04:11 +05:30
Rishabh
5780fc2a93 Added new source and source type columns to emails table
refs https://github.com/TryGhost/Team/issues/2280

We are moving away from storing html and plaintext on email and instead will store the email data in source and source_type columns which allows us to store the email in other formats like mobiledoc and lexical. Storing in those formats allows greater flexibility for later html generation

- adds new `source` column that stores `mobiledoc`/`lexical`/`html` data for a newsletter
- adds new `source_type` column that stores one of `mobiledoc`/`lexical`/`html` to identify type of source
2022-11-23 15:04:11 +05:30
Rishabh Garg
d3267dd5b0
Added columns to store error information for email batches (#15859)
closes https://github.com/TryGhost/Team/issues/2290

Currently, if the whole batch of email fails to send we don’t capture
any errors directly tied to the batch. This makes it hard to debug which
and why a batch failed when debugging email errors. Going forward we'll
store the error information for a failing email batch directly that
allows easier debugging for batch.

- `error_status_code` : Captures statusCode returned by Mailgun,
available in error.status from the example batch error
- `error_message` : Captures short error message from Mailgun and
status, available in context object of batch error
- `error_data` : Captures while whole error json for a batch. As
mentioned in pitch, this will be huge data and we’ll figure out long
term how to best use this.
2022-11-23 13:13:49 +05:30
renovate[bot]
e4e8df44dd Update sentry-javascript monorepo to v7.21.0 2022-11-23 12:29:15 +07:00
Hannah Wolfe
682f3a2014 Downgraded express-hbs errors to 400
refs: https://github.com/TryGhost/Team/issues/2289
refs: https://github.com/TryGhost/express-hbs/issues/161

- Themes that resuse layouts as templates trigger horrible errors, which are thrown as 500s
- But there's nothing the server is doing wrong, it's a theme user, so we downgrade these to 400s
- There is more to do here to improve the errors shown, but this is just a first step to ensure that theme issues don't look like server failures
2022-11-22 18:20:33 +00:00
Sam Lord
f6870fa846 Added browser-based testing framework
refs: https://github.com/TryGhost/Toolbox/issues/479

Framework includes:
* command to run tests
* command to record tests
* mechanism for starting and stopping Ghost before and after each suite of tests
* mechanism for loading fixtures into Ghost before starting tests
* sample test for controlling Ghost Admin
2022-11-22 14:12:34 +00:00
Kevin Ansfield
3a9209b6a8 Fixed some minor formatting issues
no issue

- indented conditional template code
- grouped tracked properties together
2022-11-22 13:15:08 +00:00
Kevin Ansfield
f25cc00236 Fixed product card throwing "Cannot read properties of undefined (reading 'url')" errors
closes https://github.com/TryGhost/Team/issues/2295

Problem:
- `<GhUploader>` is not yet converted to an Octane component so it's arguments are not read-only
- when a file is selected it sets it's `files` property which in turn updates the tracked `files` property that was passed in, and then again updates it to an empty file list when the input field is cleared
- that tracked property was never cleared once the product image was uploaded resulting in a "re-upload" attempt with an empty file list every time the product card was put back into edit mode

Fix:
- added a guard in `<GhUploader>` so it doesn't try to upload an empty file list if one is passed in as an attribute
- added a reset of the tracked `files` property in the product card once the image upload is complete
2022-11-22 13:13:42 +00:00
renovate[bot]
955605572e Update dependency testem to v3.10.0 2022-11-22 17:38:30 +07:00
Fabien "egg" O'Carroll
f056614b45 Wired up EmailSuppressionList to MEGA
refs https://github.com/TryGhost/Team/issues/2269

This ensures that we do not send emails to members who's email is on
the email suppression list
2022-11-22 13:26:28 +07:00
Naz
1b526800f0
Added note on package/class naming
no issue

- The name of the "StaffService" is ambiguous and too generic. Lack of good naming makes one to dig into the implementation details figuring out what the service does.
- Should be named a more descriptive way
2022-11-22 11:25:11 +07:00
renovate[bot]
43f5547ae0
Update metascraper to v5.32.1 2022-11-21 15:31:26 +00:00
renovate[bot]
7978bf5a6f
Update dependency cron-validate to v1.4.5 2022-11-21 12:34:38 +00:00
Hannah Wolfe
54574025e0 Improved server-side error handling
refs: https://github.com/TryGhost/Team/issues/1121
refs: dfffa309a8

- This makes a fundamental change to Ghost's server side error handling, so that no unhandled errors are used as API responses
- Anything that has been handled and rethrown as a Ghost error cna be trusted
- We also already trust a couple of known errors from bookshelf and handlebars
- Everything else is assumed to be a code error, and should not be shown as the main message
- Instead we use our generic fallback message and use the OG error as context
2022-11-21 12:13:16 +00:00
Peter Zimon
b0ac096d94 Fixed content importer email on errors
no refs.

- the content importer didn't send emails on unhandled errors
2022-11-21 13:09:33 +01:00