Commit Graph

10768 Commits

Author SHA1 Message Date
Renovate Bot
19aadf100d Update dependency gscan to v3.4.0 2020-03-20 09:43:02 +00:00
Hannah Wolfe
bc7906a7b2 Revert "Remove Apps"
This reverts commit cbb59a57db.
2020-03-20 08:58:26 +00:00
Hannah Wolfe
cbb59a57db Remove Apps
- Apps are marked as removed in 3.0, never officially launched and have been deprecated for at least 2 years.
- We've slowly removed bits that got in our way or were insecure over time meaning they mostly didn't work
- This cleans up the remainder of the logic
- The tables should be cleaned up in a future major
2020-03-19 19:06:17 +00:00
Hannah Wolfe
5e2c62e328
Moved theme i18n into theme service + refactor (#11674)
- The existing common.i18n library contained code for core and theme translations
- There is some shared logic and some theme-specific logic, and the theme-specific logic has dependencies we don't want in lib/common
- This refactor introduces an I18n base class that does all the main shared logic, with no dependencies on other parts of the codebase
- ThemeI18n then extends this logic, and replaces the functions it needs to handle differently and adds it's dependencies on config and settingsCache
- The class has several methods broken down into smaller pieces to make it easier to extend only the necessary parts
- The class also encapsulates all of its logic, without external functions or variables
- The function loadThemeTranslations becomes the 'init()' function overridden in themeI18n.
2020-03-19 14:07:20 +00:00
Kevin Ansfield
7e4de9b0c1 Fixed typo
no issue

- typo in require introduced in a120d02231
2020-03-19 13:58:13 +00:00
Kevin Ansfield
a120d02231 Moved create-card.js
no issue

- prep for easier move to external repo
2020-03-19 13:54:55 +00:00
Kevin Ansfield
0741114d11 Moved htmlToMobiledocConverter() out of renderers
no issue

- prep for extraction of various Koenig repos
- html->mobiledoc doesn't really fit into the "renderer" naming as it's more of a converter than a renderer and doesn't follow the same pattern
2020-03-19 12:18:54 +00:00
Kevin Ansfield
4949ad9214 Renamed mobiledoc converters to renderers
no issue

- matches naming with `mobiledoc-kit` nomenclature
- better matches intent for future additions of mobiledoc rendering to email/plaintext/etc
2020-03-18 18:13:25 +00:00
Vikas Potluri
dec24ad883
🐛 improve error handling for invalid JSON Theme Translations (#11655)
refs #11464

- Combine reading + parsing of translation file into same step
- DRY reading / parsing logic
- Log an error when parsing fails and fall back as if the locale doesn't exist
2020-03-18 15:51:57 +00:00
Daniel Lockyer
2d42e7eaea Tidied up GitHub Actions workflows
no issue
2020-03-17 12:46:03 +00:00
Daniel Lockyer
64f34273a7 Renamed GitHub Actions workflow file
no issue
2020-03-17 12:43:54 +00:00
Renovate Bot
0507841c9e Update dependency grunt to v1.1.0 2020-03-17 06:46:44 +00:00
Edward Kerstein
129610526d
🐛 Fixed youtube video embeds not displaying in AMP pages (#11058)
closes https://github.com/TryGhost/Ghost/issues/10972

- adds `amp-youtube` to the allowed AMP components list
- adjusts `{{amp_components}}` output to include the `amp-youtube` script if any iframes with youtube urls are detected in the AMP content

Co-authored-by: Joseph Coffland <joseph@cauldrondevelopment.com>
2020-03-16 14:39:10 +00:00
Fabien O'Carroll
b529a7ab86 Fixed regression test for database migrations
no-issue

We added a new permission and this test was not updated
2020-03-16 14:46:12 +02:00
Fabien O'Carroll
6f6e5e2a3a Added migration for read:identity permission
no-issue

This ensures that the permission always exists in version 3.12
2020-03-16 13:22:04 +01:00
Fabien O'Carroll
d246a4761e Implemented externally verifiable identity tokens
no-issue

This adds two new endpoints, one at /ghost/.well-known/jwks.json for exposing
a public key, and one on the canary api /identities, which allows the
Owner user to fetch a JWT.

This token can then be used by external services to verify the domain

* Added ghost_{public,private}_key settings

    This key can be used for generating tokens for communicating with
    external services on behalf of Ghost

* Added .well-known directory to /ghost/.well-known

    We add a jwks.json file to the .well-known directory which exposes a
    public JWK which can be used to verify the signatures of JWT's created
    by Ghost

    This is added to the /ghost/ path so that it can live on the admin
    domain, rather than the frontend. This is because most of its
    uses/functions will be in relation to the admin domain.

* Improved settings model tests

    This removes hardcoded positions in favour of testing that a particular
    event wasn't emitted which is less brittle and more precise about what's
    being tested

* Fixed parent app unit tests for well-known

    This updates the parent app unit tests to check that the well-known
    route is mounted. We all change proxyquire to use `noCallThru` which
    ensures that the ubderlying modules are not required. This stops the
    initialisation logic in ./well-known erroring in tests

https://github.com/thlorenz/proxyquire/issues/215

* Moved jwt signature to a separate 'token' propery

    This structure corresponds to other resources and allows to exptend with
    additional properties in future if needed
2020-03-16 13:22:04 +01:00
Rish
318484d737 Read billing url from config and add to API
no issue
2020-03-16 13:22:04 +01:00
Renovate Bot
ccd586ea6e Update dependency rewire to v5 2020-03-16 09:28:32 +00:00
Daniel Lockyer
204efe0158 Fixed MySQL port mapping in CI
no issue

- turns out the exposed port is randomly assigned, but this worked for
  us so far
- this commit enforces the use of 3306 for the MySQL port
2020-03-16 08:59:07 +00:00
Renovate Bot
784ae3ddf1 Update dependency @tryghost/social-urls to v0.1.6 2020-03-16 08:06:39 +00:00
Renovate Bot
1288dce961 Update dependency @tryghost/url-utils to v0.6.14 2020-03-16 08:06:26 +00:00
Renovate Bot
f645e20b92 Update dependency @tryghost/helpers to v1.1.23 2020-03-16 08:06:14 +00:00
Renovate Bot
118c546e8c Update dependency sanitize-html to v1.22.1 2020-03-16 06:54:56 +00:00
Renovate Bot
0372616421 Update dependency @sentry/node to v5.14.2 2020-03-16 06:51:51 +00:00
Naz
6a9b53fcad
Cleaned up members isPaid flag in settings table (#11651)
no issue

- The flag has not been used and can be removed, to make the `members_subscription_settings` JSON record in `settings` table easier to read. 
- It used to indicate Stripe configuration being present. Currently that is checked by looking up if Stripe config's `public_token` and `secret_token` values are present (example - https://github.com/TryGhost/Ghost/blob/3.11.0/core/frontend/helpers/ghost_head.js#L54)
2020-03-16 13:36:51 +08:00
Kevin Ansfield
531ef01c48 Update dependency @tryghost/html-to-mobiledoc to v0.6.4
no issue

- includes fixes for html->mobiledoc conversion
  - fixes multiple spaces appearing in text content if source content is indented and has newlines
  - fixes crash if source content has `<li>` elements containing headers
  - fixes crash if source content has non-`<li>` top-level elements inside a list
  - fixes `blockquote>p` markup in source content losing blockquote styling
2020-03-12 18:57:06 +00:00
Rish
5f349b3ef7 🐛 Fixed missing publication icon in newsletter emails
no issue

Email template was incorrectly setting up publication icon url in case of subdirectory setup, leading to missing publication logo from newsletter emails in such cases. This adds the fix to use correct absolute url for publication icons in all setups.
2020-03-12 09:52:54 +05:30
Daniel Lockyer
2dd374043d Handled permissions error in file storage adapter
no issue

- trying to read a file without the correct permissions would cause a
  500 error
- this commit handles the error code and returns an appropriate
  response
2020-03-11 13:27:27 +00:00
Daniel Lockyer
303def2045 Version bump to 3.11.0 2020-03-10 13:02:54 +00:00
Daniel Lockyer
c7dc393719 Updated Ghost-Admin to 3.11.0 2020-03-10 13:02:54 +00:00
Naz
df056416bd
Cleaned up broken complimentary plan (#11650)
refs https://github.com/TryGhost/Ghost/issues/11648

- Removes Stripe plan entries from settings that are not formatted correctly.
- Incorrect formatting was caused by a bug in 3.10.0 Admin-Client where it wasn't able to find complimentary plan. Related fix for this here - 9e7a6b801a
2020-03-10 20:39:34 +08:00
John O'Nolan
70076f8c19
Update FUNDING.yml 2020-03-09 20:23:07 +07:00
Nazar Gargol
53b6ad16d8 Fixed handling of empty created_at dates in member CSV imorts
no issue

- When created_at value is not provided it should be treated as an empty one instead of trying to import empty string.
- This scenario happens when the column is defined in CSV but no values are present (default parsed value is empty string '')
2020-03-09 20:12:02 +08:00
Daniel Lockyer
52ccd4648f Version bump to 3.10.0 2020-03-09 10:49:09 +00:00
Daniel Lockyer
7694f5e786 Updated Ghost-Admin to 3.10.0 2020-03-09 10:49:09 +00:00
Daniel Lockyer
06a2371bd7 Updated Casper to 3.0.9 2020-03-09 10:49:09 +00:00
Kevin Ansfield
4773939670 🔒 Improved validation of fetched urls and responses in oembed endpoint
no issue

- prevent oembed fetching from accessing IP addresses or localhost domains
- prevent oembed endpoint from passing through fetched responses as-is
  - reject any fetched data that does not validate against the oembed spec
  - strip any unknown properties from the oembed response before returning

Credits: Nick Mykhailyshyn
2020-03-09 10:42:25 +00:00
Daniel Lockyer
afb3177e5e Added site URL to Update Check body
no issue
2020-03-09 09:48:04 +00:00
Renovate Bot
4215cee395 Update dependency sharp to v0.25.1 2020-03-09 07:53:07 +00:00
Renovate Bot
7fcb6c8e8f Update dependency uuid to v7.0.2 2020-03-09 07:33:53 +00:00
Renovate Bot
478a0668e4 Update dependency @sentry/node to v5.13.2 2020-03-09 07:33:32 +00:00
Renovate Bot
403f7990e8 Update dependency express-hbs to v2.3.1 2020-03-09 07:33:18 +00:00
Renovate Bot
2d20778bcb Update metascraper to v5.11.6 2020-03-09 07:32:59 +00:00
Nazar Gargol
895b3d98e7 Refactored members csv export for bettere readability
no issue
2020-03-06 13:55:11 +08:00
Daniel Lockyer
357671549a Added feature label to stalebot exemption list
no issue
2020-03-05 12:40:59 +00:00
Fabien O'Carroll
801608e077
Fixed permission to only fetch for active users (#11641)
no-issue

Essentially only active users should have their permissions loaded, this
means that suspended or inactive users are stripped of all permissions
until their status is changed.
2020-03-05 12:22:50 +02:00
Fabien O'Carroll
58187175c3
Deleted all but active sessions on password change (#11639)
closes #10323 

* Fixed usage of hasMany for user->session
* Refactored changePassword to async function
* Deleted all user sessions when password changed
* Tested for session retained after password changed
* Added the session to the frame
* Skipped the current session when changing password
2020-03-05 12:22:32 +02:00
Daniel Lockyer
7e1c7ef9d2
Updated README with GitHub Actions badge
no issue
2020-03-05 10:03:13 +00:00
Daniel Lockyer
7b32bf9ca5 Switched tests to GitHub Actions
no issue
2020-03-05 09:50:14 +00:00
Daniel Lockyer
edfc07b9c8 Captured bulk-email errors in Sentry
no issue
2020-03-04 13:44:23 +00:00