Commit Graph

53 Commits

Author SHA1 Message Date
Paul Adam Davis
a11e25c12b Add ghost logo anchor tag
Amends #3736, references #3623

With `button.ghost-logo`, there's no `href`, so cannot be opened in a new window. This changes it back to an anchor and appends the blog URL to a href attribute. Win!

Bumps Ghost-UI version to 0.8.13 bring in related CSS changes.
2014-08-11 12:08:08 +01:00
Hannah Wolfe
e5771b0b3f Merge pull request #3736 from novaugust/ghost-burgers
Fix -navbar events attachment
2014-08-10 22:45:50 +01:00
Matt Enlow
d61e37e799 Fix -navbar events attachment
Closes #3623
- Move hamburger logic to action with terrible name, "toggleSidebarOrGoHome"
- Move ".js-close-sidebar" events to a document.on(event, *selector*, f) to make sure they attach even when the js-close-sidebars aren't on page (ie, hidenav)
2014-08-10 15:31:47 -06:00
Hannah Wolfe
32d72d5daa Expose blog URL to client app
fixes #3724

 - provide config.url to the ember client app via a data attribute
 - create server and client side helpers to output the URL
 - wire up the client side helper
 - add a class for testing, and add tests for both the server and client side
2014-08-10 18:49:37 +01:00
Paul Adam Davis
6615f7aad3 Swap notification close link for a button
No issue

- Swap out notification <a> close link for <button> (gains a native hover state)
2014-08-05 20:08:03 +01:00
Sebastian Gierlinger
c62d7ba43e Improve spam prevention
closes #3544
- limit forgotten password requests to five requests per IP per hour
for different email addresses
- limit forgotten password requests to five requests per email address
- limit signin requests to ten failed requests per IP per hour
- removed special treatment for tests
2014-08-05 12:58:58 +02:00
Paul Adam Davis
a7b5c72e68 Change user menu link to a button
Closes #3546

- Change user menu popover toggle from a <a> to a <button>
- Change tests accordingly
2014-08-01 10:56:03 +01:00
Hannah Wolfe
59953c6610 Merge pull request #3486 from sebgie/issue#3468
Update spam prevention
2014-08-01 00:10:50 +01:00
Sebastian Gierlinger
3792598a31 Update spam prevention
closes #3468
- added rate limit to deny more than 5 attempt every hour
- updated spam prevention to be configurable
- added config values spamTimeout, ratePeriod, rateAttempts
- added ratePeriod:1 to config.example.js to prevent functional tests
from hitting the rate limit
- commented spam test, I’ll fix it tomorrow
2014-08-01 00:58:32 +02:00
John O'Nolan
854a3041fd Shorter notifications
Basic notifications are unnecessarily verbose and, in some instances, even cause line-wrapping to occur. This change shortens them to short, concsise statements to indicate what action has taken place.
2014-07-31 19:19:47 +03:00
Matt Enlow
21abed7f9a Add User Role Dropdown
Closes #3402, Closes #3428

-------------------

 ### Components
- Added GhostSelectComponent to handle async select creation (h/t @rwjblue)
- Added GhostRolesSelector (extends GhostSelect) for displaying user role options
- Created StoreInjector for surgically inserting the store into things that normally wouldn't have them.

 ### Users Settings
- InviteNewUserModal now uses GhostRolesSelector & defaults to Author
- The role dropdown for user settings has permissions set per 3402

 ### User Model
- Added `role` property as an interface to getting and setting `roles`
- Refactored anything that set `roles` to set `role`
- isAdmin, isAuthor, isOwner and isEditor are all keyed off of `role` now

 ### Tests
- Added functional tests for Settings.Users
- updated settings.users and settings.users.user screens
- fix spacing on screens

 ### Server Fixtures
- Fixed owner fixture's roles
2014-07-30 17:59:14 -06:00
Jason Williams
725d4aac7d Fixup signin and signout
No Issue
- Move authentication related handlers to the Application route.
- Switch Sign Out from a button to a link.  Use the signout route
  to handle invalidating the session and redirecting instead of
  an action from a button.
- Clear error messages on signin page when pressing log in button.
- Errors are now always shown on sign in screen and a success
  notification is shown after sign out.
- Update functional tests.
2014-07-29 20:58:43 +00:00
Sebastian Gierlinger
d895238571 Add XSS prevention
closes #3387
- added placeholder for <script> and <iframe>
- added google-caja sanitizer
- changed title in posts overview to ‚double-stash‘
2014-07-27 23:03:01 +02:00
Paul Adam Davis
93051fcbdb Change signout link to button
References https://github.com/TryGhost/Ghost-UI/issues/65

- Swap signout link from an `<a>` tag to `<button>`
- Changed tests to match new element
2014-07-23 22:12:45 +01:00
Hannah Wolfe
4c276603ec Fix tests tripping spam protection 2014-07-21 14:33:42 +01:00
Sebastian Gierlinger
ab456638c1 Fix tests failing because of spam protection
closes #3128 (now really)
- added express variable disableLoginLimiter
- added disableLoginLimiter to all tests that use Ghost as module and
do authentication
- fixed isSetup not working for status other than active
- removed ‚Ensure a User is Registered‘ test as this is covered by the
new setup test
2014-07-17 14:22:32 +02:00
Sebastian Gierlinger
42f461cb6d Restored spam prevention
closes #3128
- added spam prevention middleware
- restored tests
2014-07-17 14:22:07 +02:00
Hannah Wolfe
5c1a7a7349 Revert "Restore spam prevention" 2014-07-17 12:11:23 +01:00
Hannah Wolfe
ef8c280635 Merge pull request #3282 from sebgie/issue#3128
Restore spam prevention
2014-07-16 19:39:32 +01:00
Jason Williams
979c3f237c Prevent loading setup screen if already setup
Closes #3145
- Prevent navigation to the setup screen if Ghost setup
  has previously been completed.
- Fix templates that were incorrectly using foreach instead of each.
- Add validation for minimum password length.
- Fix up functional tests and split out tests for setup to a separate
  instance of casper because setup requires a new database.
- Add a cleanDatabase task to grunt which resets the database to
  new.
2014-07-16 15:54:42 +00:00
Sebastian Gierlinger
e4e027d17b Restored spam prevention
closes #3128
- added spam prevention middleware
- restored tests
2014-07-16 10:00:49 +02:00
Paul Adam Davis
6451be695b Replace anchors with no real href with buttons
Closes #3101 & #916
2014-07-15 17:43:21 +01:00
Hannah Wolfe
4d610268c6 Merge pull request #3259 from novaugust/settings-mobile-routing
Refactor Settings routing and mobile interactions
2014-07-15 16:55:02 +01:00
Matt Enlow
58b635203c Remove minor notifications; Close persistent notifications even on error
Closes #3105, Closes #3175

- Removed notification on successful post's `page` status change
- Removed notification on successful post `featured` status change
- Added `closePassive()` notifications on error in the post-settings-menu
- Persistent notifications will close whether their `DELETE` request was
  successful or not.

 #### Misc
- Added `name` attribute to `post-setting-menu.hbs` inputs to facilitate testing
- Removed `return <Promise>` from action in `PostSettingsMenuController`. Actions should only return `true`
- Toggling `post.featured` won't fire NProgress.
2014-07-15 09:03:18 -06:00
Matt Enlow
153f76aa7c Refactor settings routing and mobile interactions
Closes #3254, closes #3138, closes #3245
 ### Settings Routing and View refactoring
- Refactored `SettingsView` to handle transitions between mobile and desktop layouts
- `SettingsRoute` will only transition to `settings.general` if the screen is large enough to show both the menu and the content
- Added `SettingsIndexView` to handle showing the settings menu on mobile screens
- Added `SettingsContentBaseView` to be inherited by any settings view that is not index.
- Updated Settings templates appropriately to work with new views
- Removed extraneous `active` class from `settings-content`
- Changed settings menu to use `gh-activating-list-item`
- Retooled settings tests

 ### Mobile Utils
- Renamed file to `mobile.js`, since it's inside of `utils/`
- Added `mobileQuery` MediaQueryList to help detect layout changes
- Removed unused `hasTouchScreen`, `device.js` should be used instead.
- Removed unused `smallScreen` function
- Moved FastClickInit to codemirror-mobile
2014-07-14 17:36:48 -06:00
Sebastian Gierlinger
215badc663 Setup hijacks owner user
closes #3074
- user generated by fixture is hijacked
- user is updated with name, email, password, slug and status
- creates new user if db is migrated but no user exists
- previously removed tests are back
2014-07-10 19:29:51 +02:00
Sebastian Gierlinger
5e4fae6f11 Add owner fixture
closes #3073
- added fixture for owner role
- added fixture for initial user (new db)
- added conversion administrator -> owner (existing db)
- changed tests to take over owner user
- removed some functional tests until /setup works with owner user
2014-07-10 12:00:51 +02:00
Maurice Williams
ad9997e995 Removing old "user settings" screen and putting in new MU "users settings" screen and updating functional test cases.
Fixes #3078
- new "users" resource, with matching controller and template
- fetching real data from /ghost/api/v0.1/users/
- updated "user" route to accept a :slug as a URL parameter
- updated labels everywhere (from "user" to "users")
- updated "profile" link to header to point to proper "users/:slug" route
- updated core/client/.jshintrc to recognize moment as a valid global function
- adjusted DOM selector used in Casper to properly identify the new screen
- adding "slug" as a new property of the user data used during the Casper functional tests
2014-07-05 11:33:03 -04:00
Matt Enlow
1421550a06 PostSettingsMenu: Don't save new posts, reset values on failure
Closes #3158, Closes #3143, Closes #3134
- Added `model.rollback()` when PSM fails to save.
- Added `showErrors` and `showSuccess` helper functions to PSM to abstract
  closing and showing of notifications.
- Added `togglePage` action to indirect the setting of `page`.
- Removed `isStaticPage` property in favor of `togglePage` action
- moved `updateSlug` error catching to outer promise (slugGenerator promise)
- modifying the `page` and `published_at` properties will no longer cause a new post to save
- Close passive notifications on published date parse fail
- Removed promise creation in catch statements

- Changed tests to click on label, rather than the input for
  .post-setting-static-page.
2014-07-02 15:29:15 -06:00
Hannah Wolfe
0beb36d387 Merge pull request #3172 from sebgie/issue#3145
Redirect setup if authenticated
2014-07-01 13:57:56 +01:00
Sebastian Gierlinger
b332e8c158 Redirect setup if authenticated
closes #3145
- added beforeModel redirect
- added test
2014-07-01 12:57:44 +02:00
Sebastian Gierlinger
ace2cc1673 Redirect signin if authenticated
closes #3147
- added beforeModel redirect
- added test
2014-07-01 11:21:05 +02:00
Hannah Wolfe
f70f99b5cf Replace the old admin with the ember admin
closes #3056

- Remove clientold
- Remove clientold tests
- Cleanup old admin helpers
- Remove old routes from admin and controllers from admin controller
- Comment out / remove old and broken tests
- Cleanup Gruntfile.js, bower.js, package.json etc

Still TODO:

- cleanup / add removed tests
- do we still need countable?
2014-07-01 08:33:17 +01:00
Hannah Wolfe
48a2f9c70d Merge pull request #3144 from darvelo/sort-new-posts
New posts pass PostsController sorting function at the top
2014-06-30 16:23:51 +01:00
Sebastian Gierlinger
c8e8da4780 oAuth
closes #2759
closes #3027

- added oauth2orize library for server side oAuth handling
- added ember-simple-auth library for admin oAuth handling
- added tables for client, accesstoken and refreshtoken
- implemented RFC6749 4.3 Ressouce Owner Password Credentials Grant
- updated api tests with oAuth
- removed session, authentication is now token based

Known issues:
- Restore spam prevention #3128
- Signin after Signup #3125
- Signin validation #3125

**Attention**
- oldClient doesn't work with this PR anymore, session authentication
was
removed
2014-06-30 14:58:10 +02:00
David Arvelo
a958a66c4c New posts pass PostsController sorting function at the top
- PostsController orderBy function sorts posts with isNew to the top, otherwise their undefined dates fail to compare
- also catch when `updated_at` is undefined, happens when model is being written with results from the server
- catch objects of type Error in validation engine, helps catching client errors
- join server errors with BR tag in ajax util
- add `emberBuild` task to `grunt test-functional`
- add a test helper, `thenTransitionAndWaitForScreenLoad`, to test transitioning to major parts of the app
- add a test that transitions from Content to the Editor, and back to Content
2014-06-29 21:49:32 -04:00
Hannah Wolfe
5db08ee333 Ember post order matches server post order
fixes #3008

- this effectively breaks the sort order on the client, because the serverside order is marginally broken.
2014-06-27 21:57:59 +01:00
Hannah Wolfe
b391c8d1ae Switching the tests to use ember admin by default
ref #3060

- Some of our tests use the old signin/signout as part of the setup/teardown process. The old stuff is going away, so this PR switches everything over to use the new admin by default.
- There wil be a further PR to remove the old stuff completely soon.
2014-06-26 16:05:42 +01:00
Fabian Becker
72156c7f89 New setup screen for blog installation.
fixes #3072
- Change router to handle /ember/setup/
- Adjust doSignup to also handle setup
- Adjust tests and add new where necessary
- Add setup controller, setup validation, setup route
- Adjust casper emberSetup to handle new setup
2014-06-26 15:31:44 +02:00
Jason Williams
b9f9c576ed Enable validation for settings/general screen
Closes #3036 Refs #3012
-Enable validation for settings/general
-Turn on functional tests for the validations
-Move notification closeAll calls so that notifications
 are cleared on attempted saves instead of just on
 successful saves
2014-06-24 13:32:47 +00:00
Paul Adam Davis
6201b697a5 Prevent notifications from being too tall and unclosable
Closes #1558

- Adds a wrapping tag around the notification message
- Change tests to look for new wrapping tag

For the fix to work properly, it needs styles from the [0.8 branch](b98029911c) of Ghost-UI
2014-06-24 13:30:33 +01:00
Hannah Wolfe
5af5959843 Uncomment signin validation test + test cleanup
closes #2989

- classing this as finishing the casper tests for now
- adding a name to the description in the settings template
2014-06-24 12:17:40 +01:00
Hannah Wolfe
4b610f09d3 Merge pull request #3051 from jgable/loginValidation
Add validation for signin/signup
2014-06-24 09:48:33 +01:00
Hannah Wolfe
b3eb0974ea Removing console.log 2014-06-24 04:02:25 +01:00
Jacob Gable
b6a429ec35 Add validation for signin/signup
Closes #2976, Closes #3017

- Move logic to signup controller
  - Add ValidationEngine mixin to signup controller
  - Add signup validator with code from clientold login view
- Add signin validator and integrate into signin controller
- Add validation to forgotten controller
  - Switch to button action to support hitting enter in text field to submit
- Clear all notifications in notifications.closeAll
- Modify ValidationEngine.validate to not format errors based on option
- Update casper test for signin to wait for notification before trying
to do another signin
2014-06-23 21:17:57 -05:00
Hannah Wolfe
1bca35a83c Update shortcut for zen mode
closes #2988

- includes tests
2014-06-23 22:24:28 +01:00
Hannah Wolfe
4d407fa105 Merge pull request #3042 from halfdan/3040-trim-title
Trim title in editor on blue/focusOut
2014-06-23 22:16:13 +01:00
Hannah Wolfe
3f6ac4441f Merge pull request #3044 from halfdan/3035-character-count
Implements character count helper.
2014-06-23 22:14:15 +01:00
Fabian Becker
a5900d34ff Trim title in editor on blue/focusOut
closes #3040, fixes #3038
- Properly trim title
- Re-add casper test/adjust where necessary
- Rename gh-focus-input component
2014-06-23 20:07:34 +00:00
Fabian Becker
786a0ca7bd Implements character count helper.
closes #3035
- New character count helper
- Re-add casper test for bio count
- Change settings.general and settings.user to show character count
2014-06-23 20:02:09 +00:00