Commit Graph

10658 Commits

Author SHA1 Message Date
Hannah Wolfe
a8e4492109 Added CODEOWNERS file to protect DB migrations
- DB migrations are risky changes
- require review from devops before merging these
2020-02-17 13:05:09 +00:00
Kevin Ansfield
02c034068c Fixed error when serving public images from servePublicFile middleware
no issue

- when `servePublicFile` middleware serves an image it resulted in a "Cannot set headers after they are sent to the client" error because `next()` was erroneously called for successful requests which then tripped the `prettyUrls` middleware which tries to perform a redirect
- only calling `next()` when an error is present allows errors to be picked up by later middleware but successful requests end in the `servePublicFile` middleware
2020-02-17 09:24:15 +00:00
Nazar Gargol
8def4fb402 Bumped @tryghost/members-api to 0.15.1
no issue

- This bump removed limitation to cancel/renew "Complimentary" plan subscription
2020-02-17 16:31:23 +08:00
Renovate Bot
63b6bb58ad Update dependency @tryghost/vhost-middleware to v1.0.1 2020-02-17 01:18:44 +00:00
Daniel Lockyer
b7f1579968 Version bump to 3.6.0 2020-02-14 11:50:36 +00:00
Daniel Lockyer
669987eaf6 Updated Ghost-Admin to 3.6.0 2020-02-14 11:50:36 +00:00
Rish
fede3d05f5 Fixed members tests
no issue
2020-02-14 16:06:25 +05:30
Rish
c5833aa1d9 Fixed tests
no issue
2020-02-14 15:50:49 +05:30
Rish
7f337743e9 Fixed tests
no issue
2020-02-14 15:44:47 +05:30
Rishabh Garg
001db05075
Added labels for Members (#11538)
no issue

* Updated sendEmailWithMagicLink syntax

* Updated label name selection from theme

* Updated migration version for labels

* Added labels to export/import of members

* Added member labels sanitization for case-insensitive duplicates

* Fixed tests

* Fixed label serialization bug on import

* Bumped @tryghost/members-api to 0.15.0

* Fixed lint

* Cleanup
2020-02-14 15:03:10 +05:30
Naz
aff289bfee
Added 'visibility' property check to {{#has}} helper (#11596)
no issue

- Allows for syntax like `{{#has visibility="paid"}}` to be used on Content API resources (posts, pages, etc.)|
- The need for this change cropped out from being able to distinguish paid/member-only/public posts in member-enabled themes.
2020-02-14 17:28:26 +08:00
Rishabh Garg
9c1aa07ea8
Added host limit check for members email publish (#11534)
no issue
2020-02-13 10:43:36 +05:30
Nazar Gargol
25721828d9 Fixed failure when upgrading to version 3.5.x
no issue

- Initialy reported here: https://forum.ghost.org/t/unable-to-upgrade-ghost-from-v3-0-2-to-v3-5-1/11925
- The issue was caused by the refactor in 52635f1aa8 where the backup module signature changed and it wasn't updated in migrations
2020-02-13 12:53:44 +08:00
Rish
4eeed0d32a 🐛 Fixed "undefined" values in member csv export
no issue

We missed handling `undefined` values for fields during csv export for memebrs, which causes csv entries as `undefined` for fields that don't exist. It also added need for extra handling of `undefined` entries during csv import. This PR fixes the bug by properly handling empty/undefined values in export
2020-02-12 11:03:16 +05:30
Nazar Gargol
2c52282662 Added future cleanup note
no issue

- This method was created as a shortcut and the real issue of 'undefined' values being present in CSV should be fiexed instead
2020-02-11 18:17:46 +08:00
Daniel Lockyer
d2aee78b01 Version bump to 3.5.2 2020-02-11 09:37:50 +00:00
Daniel Lockyer
1dc0a70bee Updated Ghost-Admin to 3.5.2 2020-02-11 09:37:50 +00:00
Nazar Gargol
51c2b22e9f 🐛 Fixed order for "Complimentary" plan creation
no issue

- When new Ghost instance is initialized "Complimentary" plan doesn't have to wait for the rest of plans to be configured.
- Without configured plans the admin would still be able  to assign "Complimentary" plan to members or import same kind of members.
- There is no error handling at the moment when plan initialization fails, that's why it was very confusing when all of the sudden it wasn't possible to create a member record
2020-02-11 17:14:41 +08:00
Nazar Gargol
5caf924013 Fixed member delete method to use correct options
closes #11589

- `findOne` method in destroy method was usinng wrong options object (unlinke read method id comes from frame.options not frame.data) thus this was causing 404 errors
2020-02-11 16:35:18 +08:00
Nazar Gargol
995788f5a2 Bumped @tryghost/members-api to 0.14.2
d8acfba44a

- The bump is needed to handle plan nickname fallback with an actual value instead of empty string
2020-02-11 14:11:06 +08:00
Renovate Bot
d64efff9db Update dependency @sentry/node to v5.12.3 2020-02-10 18:02:47 +00:00
Daniel Lockyer
0eb16264be Configured regression tests to run on main branches
no issue

- run the entire test suite on the master or 2.x branch
2020-02-10 17:06:44 +00:00
Daniel Lockyer
1254ac7ac7 Version bump to 3.5.1 2020-02-10 12:55:55 +00:00
Daniel Lockyer
8f161880cb Updated Ghost-Admin to 3.5.1 2020-02-10 12:55:55 +00:00
Nazar Gargol
7e24b727e1 Added new test case to db regression suite
- Checks for correctly returned 404 when file is not there
- Renames make more sense to correspond to what it actually going on in
the suite
2020-02-10 12:41:39 +00:00
Nazar Gargol
70cf2b2c86 Added input sanitization for backup path
- We need to limit the allowed filename accepted by the method to avoid opening up path traversal attack
2020-02-10 12:41:39 +00:00
Nazar Gargol
d5c61c7eea Updated acceptance test to include db export request check 2020-02-10 12:41:39 +00:00
Nazar Gargol
4a79a0e753 Corrected 404 handling 2020-02-10 12:41:39 +00:00
Nazar Gargol
52635f1aa8 Basic implementation of backup retreival from file 2020-02-10 12:41:39 +00:00
Nazar Gargol
49983e799c Changed backup service signature to be able to expand it
- Will need to add a new method allowing to read an export file, so the module signature has to become an object rather than a function
2020-02-10 12:41:39 +00:00
Nazar Gargol
afe11c2b06 Added basic backup implementation for users DELETE endpoint
- The filename is returned to be able to fetch the backup on demand
- Wasn't able to limit exported tables as exporter doesn't support such functionality
2020-02-10 12:41:39 +00:00
Daniel Lockyer
67f856c572 Update gscan dependency to 3.3.1
no issue
2020-02-10 12:38:55 +00:00
Nazar Gargol
27d2c2fb3a Bumped @tryghost/members-api to 0.14.1
no issue

- This bump fixes a problem where members_stripe_customers_subscriptions were not able to be created due to plan 'nickname' NOT NULL constraing. This case was possible because in earlier versions of Stripe API  `nickname` property was allowed to be `null`
2020-02-10 19:11:42 +08:00
Kevin Ansfield
830610d243 Fixed serving of binary public files
no issue

- serving of our public asset images was broken
  - we were reading the binary file in as a string so we could do url transforms, this meant data was lost/corrupted and browsers could not display the served data
  - we were using the wrong mime-type for pngs which meant browsers were triggering downloads rather than displaying images (at least when accessed directly)
- updates uses of `servePublicFile` to have the correct png mimetype
- adjusts `servePublicFile` to treat any mime type starting with `image` as a binary file, passing the file directly through express using `res.sendFile` and skipping the in-memory content caching which is mostly only useful for text files with URL transforms
2020-02-10 09:51:32 +00:00
Nazar Gargol
42f4518a63 Improved error logging for member CSV import
no issue

- Error object can be an array in case of database constrain validation errors, for this reason need to distinguish between singular objects and an array. This handling resemles the one in common error-handler - https://github.com/TryGhost/Ghost/blob/3.5.0/core/server/web/shared/middlewares/error-handler.js#L31-L33
2020-02-10 16:25:56 +08:00
Nazar Gargol
019605e9e0 Added concurency limit for member creation when importing
no issue

- When importing large batches of members we should not allow for unlimited amount of parallel requests created as this might lead to connection pool problems and reaching API rate limits (for example Stripe API is limited to 100 req/s)
2020-02-10 16:03:08 +08:00
Renovate Bot
6a6413cec5 Update dependency @sentry/node to v5.11.2 2020-02-10 01:16:53 +00:00
Nazar Gargol
e57f7219e5 Added error logging for errors occuring during CSV import
no issue

- CSV import uses direct API calls which skips through logging error. This additional code should catch and record any internal errors
2020-02-07 14:33:30 +08:00
Daniel Lockyer
69ed7cd23f Version bump to 3.5.0 2020-02-05 11:42:31 +00:00
Daniel Lockyer
b3973801df Updated Ghost-Admin to 3.5.0 2020-02-05 11:42:31 +00:00
Daniel Lockyer
f0a045cfd1 Updated Casper to 3.0.7 2020-02-05 11:42:31 +00:00
Nazar Gargol
68a36dd799 Changed members CSV export to match import format
refs c295435b41

- The import format changed the `subscribed` to `subscribed_to_emails`. Export should have the same format as import for consistency
2020-02-05 15:34:55 +08:00
Renovate Bot
c863d215fb Update dependency gscan to v3.3.0 2020-02-04 13:16:06 +00:00
Daniel Lockyer
a510e075b6 Handled missing file extensions for resized image requests
no issue

- if a request was sent for an resized image URL that didn't contain a
  file extension, the code would eventually end up throwing a 500
- this commit checks for this case and returns a 404
2020-02-04 08:04:22 +00:00
Naz Gargol
c295435b41
Added new fields to members CSV import (#11539)
no issue

- New fields that are accepted through members CSV import endpoint are:
  - `subscribed_to_emails` - corresponds to `subscribed` flag in API
  - `stripe_customer_id` - links existing Stripe customer to created member
  - `complimentary_plan` - flag controlling "Complimentary" plan subscription creation for imported member

- Noteworthy exception in field naming - `subscribed_to_emails` that corresponds to `subscribed` API flag present on members resources. It's a special case of CSV format, where users can be less technical it's more explicit to what the flag does (also the same naming is applied in the Admin UI)

- Failing to either link Stripe customer or assign "Complimentary" subscription to imported member behaves in a transaction-like manner - imported record is not created in the database. This is needed to be able to retry imports when it fails for reasons like connectivity failure with Stripe or Stripe miss-configuration.

- To avoid conflicts with linking same Stripe customer to multiple members there is a special handling for duplicate `stripe_customer_id` fields. Records with duplicates are removed from imported set.
2020-02-04 13:51:24 +08:00
Renovate Bot
2f78e53468 Update dependency @tryghost/html-to-mobiledoc to v0.6.3 2020-02-03 22:17:20 +00:00
Daniel Lockyer
d76e76e1ef Fixed code linting issues
no issue

- just extraneous whitespace
2020-02-03 17:49:41 +00:00
Daniel Lockyer
722a92e9b5 Added extra tests to Ghost-CLI GitHub Action
no issue

- test for a clean install and updating from the latest release
- upgrading from the previous major is waiting on an update from
  Ghost-CLI
2020-02-03 17:39:06 +00:00
Daniel Lockyer
9183cf6045 Enabled testing on Renovate PRs
no issue
2020-02-03 15:44:54 +00:00
Daniel Lockyer
d065c268a7 Reverted tmp to v0.0.33
no issue

- Renovate automerged a bump for tmp, but this version has a bug and
  shouldn't have passed the automated tests
- this commit reverts the package back to the working version
2020-02-03 15:22:26 +00:00