Commit Graph

7650 Commits

Author SHA1 Message Date
Daniel Lockyer
7ac614030d 🐛 Fixed structured metadata for images
fixes #11746

- the original fix[1] inadvertently moved the logo object down one level
- this commit moves it back up, and fixes the tests to reflect the
  expected format

[1]: 3f5daa60c8
2020-04-17 13:51:55 +01:00
Kevin Ansfield
e0e0a85a32 Updated test emails to fetch member data if email matches
no issue

- with the email replacements feature it's useful to have real member data when sending test emails from the PSM
- if the supplied email address matches a member then that member's data will be used for any replacements
2020-04-17 12:15:39 +01:00
Kevin Ansfield
d0393b6223 Fixed {subscriber_firstname} not picking up member's name in emails
no issue

- in our replacements the member properties are prefixed with `subscriber_` but this wasn't taken into account when requesting data from the member object
2020-04-17 12:15:39 +01:00
Daniel Lockyer
8853067830 Added custom json-string format to AJV validator
no issue

- the value of `mobiledoc` when submitting a page/post via the API must
  be JSON, but we don't validate this
- this results in url-utils throwing an error, which ends up being a 500
- this commit adds a custom format to AJV to validate it is valid JSON
- also updates tests with bad JSON - 'a'
2020-04-17 11:56:20 +01:00
Kevin Ansfield
374b43ceab Fixed linting error 2020-04-17 11:32:29 +01:00
Kevin Ansfield
a801352c7f Added email card and replacement handling to member emails
no issue

- adjusted mega's post serializer to get full email contents
  - fetch `mobiledoc` from the API rather than the pre-rendered `html` and `plaintext`
  - re-generate `html` using the mobiledoc renderer with an "email" target so that the email-only card content is included
  - re-generate `plaintext` from the newly generated email html

- added replacement handling to mega's `getEmailData` function
  - find all of our `%%{replacement "fallback"}%%` instances in the html template and push them into a replacements array with the respective property on the member instance and desired fallback
  - transform the replacement for Mailgun compatibility. Mailgun uses `%recipient.variable_name%` for its template variables so we need to replace our custom replacement string with the compatible version. Our replacements system allows for the same replacement (`{subscriber_name}`) to be used multiple times and have different fallbacks, Mailgun doesn't support fallbacks so for each replacement we also need an indexed `variable_name` part so that we can put our fallbacks in the correct place
  - perform the same Mailgun template transformation for the plaintext version except we re-use the replacements array to avoid bloating the API request to Mailgun with duplicate template variables for every recipient
  - swapped `reduce` for a plain loop for easier readability
2020-04-17 10:23:03 +01:00
Nazar Gargol
bd92fcd282 🐛 Fixed /edit route redirect for tag taxonomies
refs 183e22e0bf (diff-f3a289058604b2b069d07bb8e2cda60cL39)

- When using the `/edit` route in the end of tag taxonomy redirect was landing on 404 page in Ghost-Admin. For example redirect for `/tags/getting-started/edit/` would redirect to `/#/settings/tags/getting-started`, instead of `/#/tags/getting-started`
- Referenced commit is where the routing in Ghost-Admin was changed from `/settings/tags/:slug/` to `/tags/:slug`
2020-04-16 21:23:38 +12:00
Daniel Lockyer
8d9d129be4 Fixed spam prevention for private sites
fixes #11740

- there was a discrepancy in the use of `private_blog` within the
  code, and `private_block` in the default config
- this commit switches the code to `block` in order to avoid breaking
  existing configs
2020-04-15 16:44:53 +01:00
Daniel Lockyer
bd19d93482 Updated Ghost-Admin to v3.13.3 2020-04-15 14:06:16 +01:00
Hannah Wolfe
a4cf470c87 🐛 Fixed importer always erroring
- in 3.13.2 the importer always throws the error "The "path" argument must be of type string. Received an instance of Object"
- this is due to a change in method signature that wasn't accounted for
- added a test to catch similar changes to this code in future
2020-04-15 13:24:43 +01:00
Daniel Lockyer
ba6ef004e5 Updated Ghost-Admin to v3.13.2 2020-04-15 11:40:33 +01:00
Kevin Ansfield
8d0a6b2674 🐛 Fixed "View site" not logging into private sites with separate admin domains
no issue

- browsers now block cross-origin cookies unless they are explicitly set with `SameSite=none` and `Secure=true` options which was preventing the login request made by Ghost-Admin from working
- added an explicit `SameSite=none` option to the private site session cookie
- will only work when the front-end site is served over HTTPS - there's no way to get browsers to accept cross-origin cookies over HTTP
2020-04-15 10:52:30 +01:00
Daniel Lockyer
da237ca885 Returned error upon oembed catch
no issue
2020-04-15 10:35:22 +01:00
Daniel Lockyer
87bd26a4d6 Returned full error upon missing tag/label
no issue
2020-04-15 10:15:48 +01:00
Daniel Lockyer
a769bbe86c Fixed 500 error when deleting items that don't exist
fixes #11723

- when deleting an invite/label/tag/webhook that doesn't
  exist, Ghost would throw a 500 error
- this commit catches the NotFoundError
- also rejects from model if nothing was found
- spotted in Sentry
2020-04-13 16:13:33 +01:00
Daniel Lockyer
946f7b872f Returned Promise.reject instead of throwing error
no issue

- brings in line with other code changes
2020-04-13 16:13:33 +01:00
Hannah Wolfe
fc664ac697 Improved helper index, use glob to read directory
- Having to remember to add files to an index.js is a PITA
- We already have glob as a dependency, so use that
- This requires that the file prev_next be renamed to prev_post, which is what it's called as by default
- next_post is an alias of next_post - so this reflects that more closely
2020-04-10 13:08:41 +01:00
Hannah Wolfe
59b9f161dd Moved non-helper code out of helpers
- the helper dir also contained some code used with helpers - utils and helper-helpers?
- the goal here was for helpers to be the only thing in their folder so we can look at moving them out
- all other code has been moved to services/themes for now, which is not the right place either
- services/themes is a catch-all for theme storage, loading, validation, rendering and more, needs to be broken down
2020-04-10 12:27:43 +01:00
Kevin Ansfield
f3627c5fc3 Update dependency @tryghost/kg-markdown-html-renderer to v2.0.0
no issue

- `version` integer parameter in the `render` method has been replaced with an `options` object parameter
2020-04-09 21:10:03 +01:00
Hannah Wolfe
4f5fb3d820 Swapped common for @tryghost/errors in core/server/web
- Update all references to common.errors to use @tryghost/errors
- Use dereferencing to only require used bits of common in each file
2020-04-09 19:40:00 +01:00
Kevin Ansfield
1ffdef98c3 Moved lib/thing/index.js files to lib/thing.js
no issue

- cleans up directory structure and increases naming consistency
2020-04-09 10:06:20 +01:00
Hannah Wolfe
e639a25171 Moved labs usage into cancel_link helper file
- this removes the need to require the proxy inside the helpers/index.js file
- have the helper file define and return it's own labs-enabled-ness
- update the tests to test for the labs flag being unset
2020-04-08 19:31:55 +01:00
Kevin Ansfield
b37ac8ef1f Switched to extracted @tryghost/mobiledoc-dom-renderer package
no issue

- moved `mobiledoc.renderers.mobiledocHtmlRenderer` to `mobiledoc.mobiledocHtmlRenderer` so that it's easier for the getter to access the parent objects getters
- removed all tests and dependencies that now live in @tryghost/mobiledoc-dom-renderer
  - kept the `mobiledocHtmlRenderer` test because that's testing that we've correctly wired up our cards and atoms and the output is what we expect
2020-04-08 18:27:12 +01:00
Hannah Wolfe
35e3e0708c Moved helper proxy into a service
- The proxy is not a helper, we want the helpers folder to only include helpers
- The proxy is also meant to be the interface to Ghost for the helpers, and we want to enforce that
- This is a small step on the way
2020-04-08 17:22:44 +01:00
Kevin Ansfield
790a5701c9 Fixed typo in migration file
refs 5b96c82627
2020-04-08 16:46:46 +01:00
Kevin Ansfield
5b96c82627 Moved blank mobiledoc document out of mobiledocHtmlRenderer
no issue

- the blank document we use in Ghost is not specific to the html renderer
- renamed from `structure` to `document` to better represent its intent
- allows for easier extraction of `mobiledocHtmlRenderer`
2020-04-08 16:43:05 +01:00
Hannah Wolfe
646a49039e Updated method call syntax for @tryghost/zip@1.0.0
- @tryghost/zip 1.0.0 has a totally different API, but it works the same
- This updates to use the new API
2020-04-08 16:09:08 +01:00
Daniel Lockyer
48fe7b0bc7 Added Promise.reject to importer error cases
no issue
2020-04-08 15:19:03 +01:00
Kevin Ansfield
294187c41f Switched to extracted @tryghost/kg-default-atoms package
no issue

- removed code that now lives in the external Koenig monorepo
2020-04-08 14:49:44 +01:00
Daniel Lockyer
fe10d51536 Changed error when importing an LTS export
no issue

- importing an LTS export would cause Ghost to throw a 500 error because
  it used InternalServerError.
- an IncorrectUsageError is more applicable here
- this commit also updates the code comment and error message
- note: removed comment about WP exports because the plugin has been updated
  to support the v2 & v3 format
- spotted in Sentry
2020-04-08 14:42:29 +01:00
Daniel Lockyer
8cc075431e Updated Ghost-Admin to v3.13.1 2020-04-07 16:03:38 +01:00
Kevin Ansfield
ce53c602a6 Updated oembed requests to use consistent timeout and user-agent
no issue

- added the same 2sec timeout and `Ghost` user-agent header to the `rel="alternate"` oembed request that we use for the initial html page request
2020-04-07 15:29:31 +01:00
Daniel Lockyer
e13d6acadd Updated Ghost-Admin to v3.13.0 2020-04-07 11:12:52 +01:00
Kevin Ansfield
2642405595
Merge pull request from GHSA-q6jp-j3gg-3mxr
no issue

- backports fixes implemented in https://github.com/TryGhost/Ghost/commit/477393967 from the v3/api endpoint to the v2 endpoint
2020-04-07 11:05:48 +01:00
Daniel Lockyer
13e1ecae27 Replaced use of Bluebird return method from knex code
no issue

- Knex removed their use of several Bluebird methods, including `return`
- our code used `return`, but mostly to return null after a destroy action
- these uses have been replaced with `.then(() => null)` in order to
  continue returning null and to avoid breaking anything
2020-04-07 10:49:12 +01:00
Joseph Coffland
67b8fbf6cf Added raw handlebars helper
- Allows using the 4-bracket raw block syntax e.g: {{{{raw}}}}{{{{/raw}}}}
- This allows you to include handlebars inside a template that is not compiled and executed
- The common usecase is if you want to include client-side handlebars templates inside server-side ones
2020-04-06 17:26:50 +01:00
Fabien O'Carroll
a701ee7023
Added support for token session to /ghost (#11709)
no-issue

* Added default for getting origin of request

This function is used to attach the origin of the request to the
session, and later check that requests using the session are coming from
the same origin. This protects us against CSRF attacks as requests in
the browser MUST originate from the same origin on which the user
logged in.

Previously, when we could not determine the origin we would return
null, as a "safety" net.

This updates the function to use a secure and sensible default - which
is the origin of the Ghost-Admin application, and if that's not set -
the origin of the Ghost application.

This will make dealing with magic links simpler as you can not always
guaruntee the existence of these headers when visiting via a hyperlink

* Removed init fns and getters from session service

This simplifies the code here, making it easier to read and maintain

* Moved express-session initialisation to own file

This is complex enough that it deserves its own module

* Added createSessionFromToken to session service

* Wired up the createSessionFromToken middleware
2020-04-06 11:49:14 +02:00
Hannah Wolfe
022a433e56 Added debug info to controller process messages
- Whenever Ghost sends a message to its controller process
- Send extra debug info, so we can be sure what the Ghost process is seeing
2020-04-06 10:44:39 +01:00
Fabien O'Carroll
1f68d8dc20 Refactored existing adapters to use adapter-manager
no-issue

This removes duplications and reduces maintentence going forward.
2020-04-05 21:13:47 +02:00
Fabien O'Carroll
d0bb8c3333 Added base and default SSO Adapter
no-issue
2020-04-05 21:13:47 +02:00
Fabien O'Carroll
fb942af1db Added adapter-manager service
no-issue

This services handles the registration and retrieval of adapters,
it normalises the config to look like:

{
    [adapterType]: {
        active: adapterName,
        [adapterName]: adapterConfig
    }
}
2020-04-05 21:13:47 +02:00
Daniel Lockyer
3988029472 Refactored scheduling adapter loader to better display errors
no issue

- missing modules required by an adapter weren't flagged up as missing,
  but that the entire adapter was missing
- therefore, it was difficult to see what you were missing
- this commit handles the case where a module is missing, and displays
  an error
2020-04-02 19:21:19 +01:00
Fabien O'Carroll
23154f0739
Refactored session service (#11701)
* Refactored SessionStore to use @tryghost/errors

no-issue

* Updated tests to test exposed API

no-issue

This will make refactoring easier, as we only have the "public" contract to maintain

* Refactored session functionality to SessionService

no-issue

This splits the session logic away from the HTTP responding logic,
which will allows us to decouple session creation/modification from the
API. Eventually this can be used to create sessions based on magiclink
style tokens.

* Instantiated and exported the new SessionService

no-issue

* Refactored session middleware to take session service

no-issue

This removes duplication of code and makes the middleware more explicit
that it's just a wrapper around the session service.

* Updated to use external @tryghost/session-service

no-issue
2020-04-02 16:27:31 +02:00
Hannah Wolfe
658a6dd284 Cleaned all usages of proxy in helpers
- the proxy should always be used to access other parts of Ghost, including the urlService etc
- use consistent ES6 style for requires
- minimise use of lodash where possible
- remove circular dependency between proxy and template util
- End goal here is to enforce that the only link between helpers + the rest of Ghost is the proxy
2020-03-31 12:42:15 +01:00
Hannah Wolfe
957da0bfc5 Removed unused timezones.json file
- This file was moved to @tryghost/timezone-data some time ago
- It's no longer used in Ghost core, only in Ghost-Admin
2020-03-30 18:43:59 +01:00
Hannah Wolfe
7964c1de79 Updated image middleware to use new shared function
- we have a function for generating _o filenames in @tryghost/image-transform as of v0.2.0
- this  updates our Ghost code to use it
2020-03-30 18:33:59 +01:00
Hannah Wolfe
7f1d3ebc07
Move tests from core to root (#11700)
- move all test files from core/test to test/
- updated all imports and other references
- all code inside of core/ is then application code
- tests are correctly at the root level
- consistent with other repos/projects

Co-authored-by: Kevin Ansfield <kevin@lookingsideways.co.uk>
2020-03-30 16:26:47 +01:00
Daniel Lockyer
df213cdf0e Switched require statements to relative paths
no issue
2020-03-30 10:52:09 +01:00
Daniel Lockyer
23eb3e7c14 Added missing semicolon
no issue
2020-03-26 16:45:33 +00:00
Daniel Lockyer
8f935fe8ae Fixed Slack service throwing error when post is empty
fixes #11694

- if the post contained no body, the `.replace` would throw an error
- converted to an if-statement instead of doing `|| ''` because there
  would be a floating full-stop
2020-03-26 16:38:30 +00:00