Commit Graph

9173 Commits

Author SHA1 Message Date
Kevin Ansfield
288a38036b Improved error messages for failed authorization 2019-02-21 13:19:57 +07:00
kirrg001
03d4843628 Fixed random test deadlocks temporarily
no issue

- we have seen random test failures recently
- the cause: deadlocks

- @NOTE: Deadlocks can and will happen naturally in innodb when multiple transactions are running and they operate on the same table.
  	 The challenge is just how to minimize, handle or avoid them.

---

Why did the deadlock occur?

The tests insert posts in parallel.
As soon you insert two posts, we will attach the relations.

The relations are basically: tags & authors.

Both tables use foreign keys:
  post_id -> posts.id
  author_id -> users.id
  tag_id -> tags.id

Attaching relations runs through two stages:
- inserting or deleting the row (Bookshelf-Relations)
- updating the row because of sort order (Ghost)

2 or more transactions can create a deadlock on the target relation table because of X and S locks for the foreign key, which get automatically set.

Refs:
https://bugs.mysql.com/bug.php?id=48652
https://www.chriscalender.com/advanced-innodb-deadlock-troubleshooting-what-show-innodb-status-doesnt-tell-you-and-what-diagnostics-you-should-be-looking-at/

Long-Term?
- investigate further
- retry deadlocks if we know it's fine?
- drop foreign key and handle in Bookshelf?
2019-02-18 22:47:46 +01:00
kirrg001
3b2ede88e0 Handled duplicated authors
no issue

- discovered while testing
- the matching helper can fallback twice to owner user in theory
2019-02-18 19:30:11 +01:00
kirrg001
a575f85af7 Fixed regression tests
no issue

- https://travis-ci.org/TryGhost/Ghost/jobs/495022683
2019-02-18 19:22:32 +01:00
kirrg001
2ab0c8e222 🐛 Fixed filtering by primary_tag or primary_author in routes.yaml
closes #10482

- the mapping was missing
2019-02-18 19:13:22 +01:00
Nazar Gargol
4e12b73c8a Bumped and pinned version for @tryghost/html-to-mobiledoc
no issue
2019-02-15 19:07:01 +00:00
Nazar Gargol
9020293e61 Added posibility to accept html as an input source for post
closes #10471

- Allows accepting HTML input for /posts endpoint when `?source=html` is
present in query parameter along with `html` in request payload
2019-02-15 18:58:46 +00:00
Zimo
17e29a3185 Applying basic styles to members popups
no issue
2019-02-15 18:17:38 +01:00
Kevin Ansfield
8e9ade6357
Added migration to insert builtin Zapier integration (#10500)
no issue

A new Zapier app will be released that uses the v2 Admin API which means it will require an ApiKey that is linked to an Integration.

- adds a `type` column to the `integrations` table with the following types allowed:
  - `custom` (default) used by custom integrations added by users
  - `builtin` used by built-in integrations that have their own UI and won't show up in the "Custom Integrations" list
  - `internal` used by "internal" integrations such as the scheduler
- adds a `zapier` "builtin" integration to the fixtures
2019-02-15 14:48:21 +00:00
Nazar Gargol
aab3a5b89d Fixed tests related to tags validations
no issue
2019-02-15 14:04:57 +00:00
Nazar Gargol
18921747bb Added check for empty name for tags
refs #10438

- Also corrected and expanded test cases for tag validation
2019-02-15 13:19:06 +00:00
Nazar Gargol
921f9d394f Removed posts.tags.parent sanitation
refs #10438

- As we strip parent and parent_id fields in /tags endpoint, similarly stripping it for posts related tags
2019-02-15 12:19:49 +00:00
Nazar Gargol
c58e03a359 Added stricter validation for post.authors
refs #10438

- By stripping relational fields, it allows to remove redundant code in post input serializer
2019-02-15 12:19:49 +00:00
Nazar Gargol
e305d5e9cb Skiped 'all' validations for posts/tags endpoints
refs #10438

- Skipped validations that are now handled on JSON Schema level and would make sure error messages are consistent for these endpoints
2019-02-15 12:19:49 +00:00
Katharina Irrgang
40f359a238 🐛 Fixed night mode when using API v2 (#10499)
no issue
2019-02-15 12:15:37 +00:00
Rish
b84881e842 Updated members modal UI structure
no issue
2019-02-15 14:15:17 +05:30
Nazar Gargol
76c6f96aed Changed error type for missing file in /uploads
refs #10438
2019-02-14 20:52:51 +00:00
Fabien O'Carroll
9dd7aff9c6
Updated Content API to use members plans to determine permission (#10483)
no-issue


* Refactored hideMembersOnlyContent to 3 "stages"
* Exported paymentConfigured flag from members service
* Updated Content-API to check members service for paymentConfigured
* Updated members content output serializer to remove content if plan required and no plan
* Updated isContentAPI method
* Moved api util test
2019-02-14 18:17:02 +01:00
Rishabh Garg
896769ee8f
Updated signup page for members (#10493)
no issue

* Added new subscribe page with stripe integration
2019-02-14 22:29:41 +05:30
Nazar Gargol
3877f532e4 Version bump to 2.14.3 2019-02-14 11:03:10 +00:00
Nazar Gargol
f33dab29ae Updated Ghost-Admin to 2.14.3 2019-02-14 11:03:10 +00:00
Nazar Gargol
5f7c2b4d87 Improved error messaging returned from JSON Schema validations
refs #10438
2019-02-14 10:52:42 +00:00
Nazar Gargol
fa42a71181 🐛 Fixed validation error when adding tag from PSM
refs #10438

- Relaxed validation rules for tag.slug property to allow 'null' values
2019-02-14 10:04:02 +00:00
Katharina Irrgang
c2b3520652
Removed id restriction for posts relations in Admin API v2 (#10489)
refs #10438

- we now try to match by slug or id or email
- fallback to owner
- you cannot create a user via post endpoint
- Ghost uses the invite flow to add users
- get rid of `id` restriction on API level
2019-02-13 20:38:25 +01:00
Fabien O'Carroll
6bdeeaba10
Added apiType property to frame for {Content,Admin} API (#10487)
no-issue

This sets the `apiType` property of the `frame` to 'content' and 'admin'
for the Content & Admin API respectively.
2019-02-13 16:59:10 +01:00
Nazar Gargol
2f24aca5f4 Version bump to 2.14.2 2019-02-13 14:59:05 +00:00
Nazar Gargol
0e3e7fd4a7 Updated Ghost-Admin to 2.14.2 2019-02-13 14:59:05 +00:00
Katharina Irrgang
90c421a8a8 Removed client credentials from Admin API v2 (#10485)
refs #10438
- v2 does not use client credentials anymore
- exception: scheduler & backup clients
2019-02-13 13:51:51 +00:00
Naz Gargol
ae437a89dd
Updated posts JSON Schema with 'strip' properties (#10488)
refs #10438
refs #9100

- Added 'strip' attributes to properties that need to be ignored
- Relaxed 'uri' format to 'uri-reference'
- Made input array for posts more restrictive
2019-02-13 13:34:45 +00:00
Naz Gargol
40cc6e6548
Added JSON Schema validations for /tags (#10486)
Added JSON Schema validations for /tags endpoints

refs #10438
refs #9100

- Added JSON Schemas for POST/PUT /tags endpoints
- Added 'strip' keyword definition schema allowing to strip data and not throw errors on further validation stages
2019-02-13 12:26:32 +00:00
kirrg001
f8b62a063b Removed more unused fields from Admin API v2 response
refs #10438

- these fields are not used
- no need to expose them in v2
- we will either remove them in the next major or use them for new features (will see)
2019-02-13 11:42:08 +01:00
Fabien O'Carroll
a3e7a7b3ea
Updated product hashseed to be hardcoded (#10484)
no-issue
2019-02-13 11:19:43 +01:00
Fabien O'Carroll
5472aa61ac
Added config endpoint to Member API (#10467)
no-issue

* Added getPublicConfig method to stripe payment processor
* Added getPublicConfig method to subscriptions service
* Added initial config endpoint for members api
* Added getConfig method to members gateway
2019-02-13 10:12:15 +01:00
kirrg001
36547a9c3a Removed ghost_auth_id from Admin API v2 response
refs #10438

- unused field
- no need to expose this field
2019-02-12 23:36:42 +01:00
kirrg001
db148e653f Removed tag.parent from Admin API v2 response
refs #10438

- this is an unused field
- no need to expose this field
- if we start working on nested tags, this field might become interesting/used
2019-02-12 19:26:31 +01:00
Nazar Gargol
20300cf002 🐛 Fixed error when inserting unexistent related tag
refs #10438

- Additional check for present 'name' property before generating a
'slug'. Setting slug should not succeed and throw validation error in later
stages.
2019-02-12 17:50:51 +00:00
Nazar Gargol
d0d299285c Fixed tests for post input serialization
refs #10472

- Moved config related variable into function scope, so it can be reset by unit tests
- e47d1e275f broke the build and is being fixed by this commit
2019-02-12 12:04:18 +00:00
Rish
7a6375f931 Version bump to 2.14.1 2019-02-12 16:36:32 +05:30
Rish
a20202db7d Updated Ghost-Admin to 2.14.1 2019-02-12 16:36:32 +05:30
Rish
7d3e1aa00b Upgrading Casper to 2.9.2 2019-02-12 16:31:41 +05:30
Nazar Gargol
e47d1e275f Fixed image URL to be stored as relative in mobiledoc
refs #10477
closes #10472

- Adds transformation for any asset absolute URL's into relative used in mobiledoc
2019-02-11 19:20:16 +00:00
Fabien O'Carroll
21e6242498
Removed unused greenkeeper config (#10479)
refs #9441
2019-02-11 20:16:23 +01:00
Fabien O'Carroll
bc59465b39
Updated .gitignore to remove tracked files (#10478)
refs #9441 

Removes these files from ignore:
- content/themes/casper
- core/server/public/ghost-sdk.min.js
- core/server/web/admin/views/.gitkeep
2019-02-11 18:32:19 +01:00
Hannah Wolfe
bcfe2c3686 Updated Security.md w/ ref to improved docs
- We have improved our vulnerabiltiy reporting procedures and docs
- These now live in a centralised place, and will be linked to from our main public repos
2019-02-11 16:40:29 +00:00
Hannah Wolfe
ba9398fdd8 Updated / simplified contributing.md
- Make our policy on what gets merged a little clearer
2019-02-11 16:38:59 +00:00
Fabien O'Carroll
92621159a6
Errored if grunt master run in dirty working directory (#10476)
refs #9441 

* Refactored master script
* Added check for working directory
2019-02-11 17:25:25 +01:00
Fabien O'Carroll
bdd57b36cf
Moved grunt-eslint to npm script executing eslint (#10474)
refs #9441

* Updated top-level ids to use const
* Removed one layer of indentation
* Added .eslintignore files for server and test tasks
* Added npm scripts for eslint
* Fixed lint command in w/ grunt
* Uninstalled grunt-eslint
* Added eslint config
2019-02-11 13:26:06 +01:00
Nazar Gargol
6e0409d6db Bumped ghost-ignition version
no issue
2019-02-11 12:18:29 +00:00
Fabien O'Carroll
986c6d1f07
Removed minimist dev dependency (#10475)
refs #9441
2019-02-11 13:16:09 +01:00
Kevin Ansfield
aa1b9574ab Updated oembed providers list
no issue
- switch away from forked version of `oembed-parser` - our changes are merged upstream
- latest `oembed-parser` has a newer version of the providers list
2019-02-11 12:13:33 +00:00