Commit Graph

8542 Commits

Author SHA1 Message Date
Nazar Gargol
308b9ddd40 Fixed sanitization issue in subscribers
no issue

- Added sanitization to subscribed_url & subscribed_referrer fields when rendering error state

Credits: Antony Garand
2018-10-29 12:52:42 +01:00
Miguel Piedrafita
b8fff2321c Parsed nconf env values (#10077)
closes #10073, closes #8940

- see https://github.com/TryGhost/Ghost/issues/10073#issuecomment-433637006 and https://github.com/TryGhost/Ghost/issues/8940#issuecomment-418302189
2018-10-28 20:06:44 +01:00
kirrg001
8d12c8908f 🐛 Fixed missing filename when exporting subscribers csv
closes #10075

- the filename was missing
2018-10-27 18:39:39 +02:00
kirrg001
5f7401051c 🐛 Fixed pagination for subscribers
closes #10074

- the `page` option was missing
2018-10-27 18:27:35 +02:00
Hannah Wolfe
275d82199f 🐛 Fixed cardWidth being lost on 2.0 imports (#10068)
no issue

- When importing Ghost 2.0 blogs into 2.0 blogs...
- The Koenig image card would lose it's cardWidth setting,
- because it'd be overridden by the imageStyle setting, which was null
- The importer previous _only_ kept the width if importing 1.0 blogs
2018-10-26 11:30:39 +02:00
root@andrea:~#
3f91a9e8a2 Corrected 'Content-Length' header by using Buffer.byteLength (#10055)
Closes #10041
1. Why is this change neccesary?
String.prototype.length returns the number of code units in the string (number
of characters) while Buffer.byteLength returns the actual byte length of a
string.

2. How does it address the issue?
Places that use String.prototype.length to calculate Content-Length
were switched to Buffer.byteLength instead.
2018-10-25 09:18:36 +07:00
Fabien O'Carroll
7fafa1e152 Fixed mail api usage of the notifcations api
closes #10047

Requiring in the api module correctly wraps the notification api and
exposes it as a function.
2018-10-24 13:18:51 +05:30
Fabien O'Carroll
1c21153b85
Refactored request unit tests to return promises (#10045)
refs #7470

These tests had a random failure on travis for Node v6 w/ sqlite. I
figured I would update them to return promises, and remove state, to
make debugging easier, and hopefully fix any issues.
2018-10-24 12:14:44 +07:00
Fabien O'Carroll
f9da6c7eed
Refactored spam prevention tests to use promises (#10036)
closes #7470

This refactors the spam prevention tests to all return promises,
hopefully making it easier to see where a test timeout might occur, it
also refactors the tests to remove the count state, which made it hard
to follow exactly what was happening or being tested.
2018-10-23 17:34:39 +07:00
Jesse Houwing
d57b70b871 Enforced unix line endings (#9871)
no issue
2018-10-23 10:59:09 +02:00
Rish
35ba1d40df Version bump to 2.3.0 2018-10-22 15:41:19 +05:30
Rish
5cb0103ac8 Updated Ghost-Admin to 2.3.0 2018-10-22 15:41:19 +05:30
Kevin Ansfield
71f0c08a34
Added edit webhook route to v2 Admin API (#10033)
no issue
- webhooks UI requires the ability to edit webhooks
- added `edit` permission for `webhook`
- added `edit` method to v2 webhook controller
- added `PUT /webhooks/:id` route to v2 Admin API routes
2018-10-19 18:35:55 +01:00
Rishabh Garg
e2d0b2e543 Updated webhook request header and last triggered error mssg (#10035)
refs #9942

- Added error message if unknown status code on request failure
- Added event to payload
2018-10-19 14:11:03 +01:00
kirrg001
99a2f3ba3a Fixed read pages with user access
refs #9866

- we still serve pages via /posts with user access
- we only differentiate this behaviour for the content api
2018-10-19 10:54:05 +02:00
kirrg001
759c25d03e Fixed read posts/pages for v2
refs #9866

- read does not support `filter`
2018-10-19 10:40:47 +02:00
Andrey Ozornin
2f55b3baf2 Fixed a link typo in CONTRIBUTING.md (#10034)
no issue
- there was a typo in URL: github.comc instead of github.com so the link didn't work
2018-10-18 21:53:05 +01:00
Rishabh Garg
8ad951d7f3
Added new site.changed event and webhook trigger service (#10019)
refs #9942

* Added new middleware to trigger events

* Refactored webhooks service
- added new trigger service, moved listen service to its own file
- started listening to new site.changed event
- cleaned up trigger service to work with new webhook fields
- cleaned up tests
- removed redundant trigger method in v0.1 controller
2018-10-19 00:01:30 +05:30
kirrg001
45b8e6b66a Added TODO to controllers/entry.js
refs #9866
2018-10-18 19:41:07 +02:00
kirrg001
e302be2749 Changed preview controller to support v0.1 and v2
refs #9866

- invent preview api, but only used internally
  - the idea of a preview api is definitiely reaslistic and came up in the past a couple of times
- by that we don't have to differentiate between pages or posts controller
- still support v0.1
- preview controller is not registered for http, only internal handling
2018-10-18 19:41:07 +02:00
kirrg001
dcf6c0483c Extended {{get}} helper to query "pages"
refs #9866

- only possible with v2
2018-10-18 19:41:07 +02:00
kirrg001
12ff70497f Changed entry lookup helper to respect the resource type
refs #9866

- the entry helper is used for static pages and post lookups
- now that we support changing the api version, we have to respect the resource type
- for v2: we ask the pages controller for static pages
- in v0.1: pages and posts lived on the same route
- we are talking about the content API (!) - not admin api
2018-10-18 19:41:07 +02:00
kirrg001
803a325ade Renamed post-lookup to entry-lookup
refs #9866

- the static pages router uses the entry controller
- and the entry controller uses the lookup helper
- the lookup helper needs to either fetch static pages or posts
- v2 uses pages and posts controller
2018-10-18 19:41:07 +02:00
kirrg001
d8a7edd9aa Added TODO's for entry and preview controller
refs #9866
2018-10-18 19:41:07 +02:00
kirrg001
cbf2817e39 Added missing read pages endpoint
refs #9866

- the endpoints were missing
- the site app needs pages.read for v2
2018-10-18 19:41:07 +02:00
kirrg001
8caf8009ae Added TODO to amp_content
refs #9866

- this can be removed if we drop v0.1
2018-10-18 19:41:07 +02:00
kirrg001
15f6c2421c Fixed entry controller to handle v2 and v0.1 url response
refs #9866

- v2 returns absolute urls
- v0.1 returns relative urls
- this is a little ugly, but don't know how else to solve currently
2018-10-18 19:41:07 +02:00
kirrg001
640290c31b Updated blog site components to respect the api version
refs #9866

- the api call must be dynamic based on the api version information
2018-10-18 19:41:07 +02:00
kirrg001
3f9d0f51f5 Changed how we determine if a resource is owned by an url generator
refs #9601

- api v2 returns absolute urls
- api v0.1 returns relative urls
- it's easier if we compare by id
2018-10-18 19:41:07 +02:00
kirrg001
987e41e8d6 Attached api version to res.locals context
refs #9866

- each request get's the ghost api version attached
- this makes it possible to access the version in all steps (routing, theme helpers)
2018-10-18 19:41:07 +02:00
kirrg001
1f55c90037 Supported reading ghost api engine
refs #9866

- we fallback to v0.1 by default
- we support different formats
- this opens the box to switch the ghost api version for the whole blog site
- i had to add a different notation for overrides.json, because the structure is not optimal (i only want the versions, not the shortcuts)
2018-10-18 19:41:07 +02:00
Fabien O'Carroll
17feb14e4a Added HTTP BREAD for integrations resource (#9985)
refs #9865

* Added generic messaging for resource not found
* Ensured integration model uses transaction for writes
* Created POST /integrations endpoint
* Created GET /integrations/:id endpoint
* Created GET /integrations endpoint
* Created PUT /integrations/:id endpoint
* Created DELETE /integrations/:id endpoint
2018-10-18 14:03:56 +01:00
Kevin Ansfield
da2c292f64 Version bump to 2.2.4 2018-10-18 12:29:28 +01:00
Kevin Ansfield
62a222c445 Updated Ghost-Admin to 2.2.4 2018-10-18 12:29:28 +01:00
Rishabh Garg
915d5612a1 🐛 Fixed relative image URLs becoming absolute URLs on save (#10025)
closes #10024

- Updated input serializers for posts/tags/users to handle absolute urls conversion

-------
1. Ghost stores relative images urls
2. API V2 returns images with absolute urls
3. Ghost-Admin sends absolute urls back on any save e.g. update user

**Current behavior**: This will override the relative image path in db to absolute, which in turn won't get updated in future if domain or protocol changes for e.g.
**Fix**: On save/update, input serializers converts any absolute image url paths back to relative if the base URL from image fields matches the configured URL
2018-10-18 12:18:47 +01:00
Fabien O'Carroll
e865d2218c 🐛 Fixed pagination/duplicate posts and users appearing in admin area (#10031)
closes #10029

- allowed page option for users, posts, & tags browse 
  - The page query param was not forwarding to the query, meaning that when the admin client requested the next page of users or posts, it would receive the first page again.
2018-10-18 10:05:51 +01:00
Fabien O'Carroll
ae71f2deca Added spam prevention for v2 sessions (#10030)
no-issue

- Added spam prevention to POST /session
  - This blocks repeated requests the the /session endpoint preventing brute
force password attacks
- Updated session controller to reset brute middleware
  - This updates the session controller to reset the brute force protection
on a successful login. This is required so that a user is not locked out
forever :o!!
2018-10-18 09:58:29 +01:00
Nazar Gargol
fd958addb6 Migrated update check to use api v2
refs #9866

- Switched update checker to api v2
- Updated and cleaned up the corresponding test suite
- Updated the frame pipeline to respect context passed in with Frame instance
- Exposed 'active' verison from api index module
2018-10-18 00:13:31 +02:00
Nazar Gargol
734bcc9040 Removed obsolete 'testing-pg' env variable
no issue
2018-10-18 00:13:31 +02:00
John O'Nolan
c9c4dc0fe9
Update README.md 2018-10-17 18:49:33 +07:00
John O'Nolan
8f04c0570e
Update CONTRIBUTING.md 2018-10-17 18:47:29 +07:00
Nazar Gargol
49a729f77f Excluded sessions table from exporter (#9961)
refs #9865

- Made sessions table to be skipped during the export process
2018-10-17 18:29:24 +07:00
Rishabh Garg
c638863cb9 Updated webhooks schema and add relation (#10018)
* Extended webhooks schema/model and connected with integrations

refs #9942

- Updated webhooks schema with new columns - name, integration_id, secret, last_triggered_at, api_version
- Updated webhooks and integration model to map relationships
- Updated schema hash
- Updated test utils to exclude new webhooks columns for response comparison

* Added migration script for new webhooks columns

refs #9942

- Added migration script in 2.3 to add new columns to webhooks

* Updated schema hash

* Updated maxLength for api_version in schema

* Removed concurrency value from migration script

* Added defaults for webhooks model

* Added status field to webhooks for last trigger status

* Updated schema hash

* Fixed tests with status field

* Removed concurrency value in migration script

* Cleanup

* Updated schema with new fields

 - last_triggered_status, last_triggered_error
2018-10-17 18:17:13 +07:00
John O'Nolan
079a0d30d2
Update CONTRIBUTING.md 2018-10-17 18:00:12 +07:00
John O'Nolan
9ab286b7a9
Update CONTRIBUTING.md 2018-10-17 17:57:54 +07:00
Fabien O'Carroll
4f1866a263
Allowed for repeated query parameters for arrays (#10021)
no-issue

There are a few libraries, including node core that when given an array
for a query parameter will encode it as repeated query params. e.g.

```
{someParam: ['a', 'b']}
// becomes
'?someParam=a&someParam=b'
```

This adds a check for the value to stop us 500ing on repeated keys and
to add easier interop with http clients
2018-10-17 13:43:32 +07:00
Kevin Ansfield
2c603c8a8a Version bump to 2.2.3 2018-10-16 17:38:23 +01:00
Kevin Ansfield
2e5f3dc55a Updated Ghost-Admin to 2.2.3 2018-10-16 17:38:23 +01:00
kirrg001
6084330868 Corrected functional users v2 test case
no issue

- just noticed that this test was sending the incorrect body data
2018-10-16 18:20:47 +02:00
kirrg001
15a8951bc7 Respected hasUserPermissions & hasAppPermissions in invite model
no issue

- the permission service expects from the permissible function to respect the input values
  - hasUserPermissions
  - hasAppPermissions
2018-10-16 18:00:05 +02:00