fixes#4607
- moves file checks from db and upload API endpoints to api utils
- adds code to accept and then extract a zip and pull out a JSON file
- zip handling requires a lot of dependencies - this needs a good refactor
closes#4445
- post model gets permalink format
- post model queries urlPathForPost to return computed url
- url helper modified to use post url
- urlForPost method abolished and replaced where necessary
- updated tests
Closes#4611
Refactored generateXmlFromNodes to pull the urlElements itself from
sorted values in the lookup
Added some checks to existing unit tests to validate ordering.
fixes#4572
- Remove both inline and bottom footnotes from excerpt output before stripping the remaining HTML
- No more red errors, black text or bold links in codemirror, as codemirror gets confused by footnote syntax. This is a step towards the new editor which has no syntax highlighting in the editor
Refs #4578
- Match label "for" attributes with ids from the inputs they're
labeling.
- Remove extra promise generation from ghost header and footer helpers.
refs #1993
- adds ctrl/cmd+s for save
- adds config flag
- adds icon on settings page, puts items in the right order
- sorts out permissions for all settings pages with consistent configuration
fixes#4555
- There's no easy way to declare an XSL with the node xml module, so I
needed to move the declarations to both be strings
- Ideally the code to serve the XSL would also be inside the sitemap
module, but I think we need to refactor a bit to get there easily
- Added the XSL from #4559, with minor amends to make the tables and urls
display correctly
closes#4498
- remove toJSON code which returns only IDs from objects
- don't auto-include tags & fields in post responses
- don't auto-include roles in user responses
- fix #allthethings that made assumptions about the auto-includes, or otherwise were only working because of the auto-include
closes#4534
- Adds new Labs route
- Wires route in settings page
- Move and rename debug templates and logic to labs
- Redirect /debug to settings/labs
Closes#623
- Add basic init and eventing scaffold
- Add sitemap-index.xml generation
- Broke out generators to individual files, added request handler
- Add page, author and tag xml files; add index mapping
- Add SiteMapManager unit tests
- Add Generators tests
- Cache invalidation headers for sitemap-*.xml
- Redirect sitemap.xml to index and rename to sitemap-index
- Handle page convert and publish/draft changes
- Add very basic functional test for route existence
- Add cache headers to sitemap routes
closes#4485
- removes data attributes used on body in default.hbs
- introduces new way to generate configuration through meta tags
- config initializer consumes configurations from the meta tags using parser
- moves blog_title helper/value to be a property in a configuration api
No Issue
- Use Ghost version value that is already loaded instead of
reading package.json from the filesystem and parsing it on
every call into the configuration API.
- Every route can set a title token that is combined with the blog’s
title, resulting in titles like ‘Content - Test Blog’.
- Subroutes are supported (‘Settings - General - Test Blog’)
- The blog’s name is applied to and taken from the `config` object to
spare Ember a REST call via `store.find(‘settings’)`.
- Tests have been changed to test for the new titles.
- The initially proposed solution
(https://github.com/paddle8/ember-document-title) doesn’t play nice
with EAK, which is why I went with this solution
(https://gist.github.com/machty/8413411) by Ember.JS core dev @Machty.
no issue
- changes the content type for the RSS feeds from text/xml to
application/rss+xml
- changes the link rel=alternate tag to use an absolute URL for the feed
in the blog meta data
No Issue
- Fix exception being thrown when updateConfigTheme called before
settingsCache fully populated.
- Remove unnecessary check in a conditional in the migration command
builder.
Base64 encoding causes some issues when the token is URL encoded
as the = symbol is not a valid URL character. We replace any =
symbols with a - as this is valid in a URL, but is guaranteed
not to appear in a base64 string. This fix ensures that Ghost
password resets work with mail providers such as Mailgun that
add their own tracking redirects
closes#3872 (for real this time)
No Issue
- Strip sub-directory from image paths before passing to
config.createUrl. Since images are stored with the sub-directory
and createUrl builds a URL with the sub-directory the result
would be a URL that contains the sub-directory twice.
closes#4260
- Adds "tags" route inside of the settings routes.
- Adds this route to router.js
- Links the route from the settings.hbs template
- Adds demo tags html in tag.hbs template
- Adds flag for tagsUI
Refs #4277
- Switch from the built-in http module to request and set
a timeout of 2 seconds on gravatar lookup requests.
- Move request package from devDependencies to dependencies.
For example, outlook 2013 plus would not interpert the following html
(encoded via quoted-printable encoding):
<a href=3D=22http://engineering=
.como.com/ghost/signup/MTQxNTcwNzM5MTYwN3x5dXJ5QG5peC5jby5pbHx3NVBmUUN4RGZr=
cGhKc3FPOElybXNZNWtzR0FMTU9tRFI5UlNyRWQ4SGJZPQ=3D=3D/=22 style=3D=22color:
=
The workournd forces node-mailer to user base64, which outlook understands
well.
Issue #806
- Modify sanitize to check for duplicate posts and tags
- Update posts_tags when referencing removed duplicate tags
- Return both data and problems from importData
- Add tests for duplicate posts and tags with fixtures
Closes#3858
- urlPathForPost is now aware of the author’s slug, allowing for the
permalink setting to use :author
- Frontend controller only renders posts that have the specified
author, if one is given
- Extensive tests included
closes#4328
- Escapes metaTitle, metaDescription, blog url, blog title, tags
- Updates tests
- Adds test for metaTitle and metaDescription with double quotes
closes#3900
- Adds twitter cards to ghost head helper
- Adds schema json information
- Adds test with null values for post image and cover image
- Adds test for privacy flag
- Adds test for the case of no tags
- Updates test to check for twitter card and schema data
- Updates privacy.md
- Fixes issue with image urls that are linked by url rather than uploaded
no issue
- Split theme helpers into individual files for each
- Do the same for tests
- Have utils to share some things between them
- Move assetHash onto config
issue #3900
- uses isPrivacyDisabled helper to see if useStructuredData has been disabled in config.js
- adds an array of promises to deal with asynchronous data
- resolves asynchronous data then adds open graph tags after canonical link
- featured image and tags are only added if present
- open graph tags only added on post and page
- adds unit test to check correct data is returned
- updates other unit tests to reflect changes
Closes#4225
- If a theme is symlinked in the themes directory, follow
the symlink so that the theme object is populated correctly.
- Only do the fallback loading of theme data in the validations
module if it doesn't exist in config.
closes#4157
- adds cache-control header back to api routes
- moves cache rules object into testUtils
- adds cache-control header test to every existing API test
Closes#4018
* cleaned up `mail_spec.js`
* deprecated `mail.fromaddress`
* implemented 'Blog title <email@address.com>' format with fallbacks
* added tests to deprecation and from address, made existing ones more robust
* moved domain intuit into its own module: `GhostMailer.getDomain()`
Closes#4082
* reformatted code to allow for traversal
* deeper config items should be denoted like this: `object.object.object.property`.
* added tests for testing the deprecation warnings
Refs #3864
- Make sure that require() is able to resolve all dependencies
listed in package.json. If packages are missing halt the
bootstrap process and display an error and help message for user.
- Check that contentPath and its subdirectories exist with the correct
permissions.
- Check sqlite3 database file is set for read/write access.
Refs #3876
- Prevent signup page from flashing when an invalid invitation
token is used.
- Clear sensitive information from signup controller.
- Make isInvitation API behavior consistent with other auth
related APIs.
Closes#3565
- Added server API isInvitation (analog to isSetup), checking if an
invitation exists for a given email address.
- If the invitation is no longer valid (or didn’t exist in the first
place), the user is redirected and an error notification is shown.
ref #3795
- express updated to 4.9.2
- express 4.9.0 introduced res.sendStatus() to replace res.status().end()
- we no longer need express-session, connect or cookie-parser
- body-parser, busboy, compression, express-hbs, morgan, all bumped to
latest versions as well - there doesn't seem to be any breaking changes
no issue
- Whilst testing the mail PR #3915 I noticed the first run messages aren't
appearing because the dbHash is getting pre-populated, but there doesn't
appear to be a reason why this is necessary
closes#3983
- removed naive regex implementation
- added cheerio to project dependencies
- used cheerio to parse RSS content
- use attribute getter/setter to replace href/src attribute urls with the resolved version
closes#3241
- in config.js, the `privacy` attribute holds all privacy-related flags
- `privacy.userTinfoil: true` disables everything (equivalent to setting all flags to false)
- added helper function to core/server/config/index.js to checking privacy flags
- added helper function to core/server/config/index.js to show warning about deprecated items
addresses #2852
- Moves storage modules to use prototypes and to create prototypes
that inherit from the base storage ctor.
- Makes storage/base conform to an all Promise interface.
closes#3758
- new API method to delete access and refresh token
- use new ember-simple-auth config to revoke tokens on logout
- new method to delete tokens by .. token
Closes#1538
* rips out sendmail
* adds direct
* updates nodemailer to 0.7.1
* changes unit tests for mail
* changed integration tests for mail
* adds mail api tests
resolves#1789
- removes config/theme.js
- moves caching of theme variables to api/settings.js which is where the
rest of the settings cache occurs. this removes the requirement of having
to push changes to cache, now it simply occurs alongside when settings
are changed.
- updates relevant tests.
refs #827
- Moves ./index to use Ghost in a similar manner to how someone uses
Ghost as an npm module.
- Allows Ghost to be cleanly mounted on another express application
on any arbitrary endpoint, all you need to customize is the mount path.
Closes#3884
- This PR includes a reimplementation of Downsize@0.0.5 with `words: "0"`. It uses the same parsing methods, therefore guarunteeing identical behavior.
- Tests have been updated to be more extensive.
Closes#1977, Refs #3473
- Ensure that import operations are run in sequence.
Previously the operations were started in order but subsequent
ops were allowed to begin before the previous finished, which would
result in out-of-order execution.
- Fix bug in attach() where a model property was being passed in
instead of a transaction object. If the call was made when a
transaction was in process, it could cause bookshelf/knex to
hang and never finish the transaction.
Closes#3844
- Before importing, all data is checked for incorrect UUIDs. If check
fails, data is sanitized and outfitted with correct UUIDS.
- Scaffolding allows for easy implementation of additional
sanitization, should that be required in the future.
- Test included, old tests updated.
helps with #827, otherwise no issue
- This is general code clean-up and unification.
- Merges code from bootstrap.js into config module as they were both
concerned with managing the config file and as such should be in one
location.
- Updates all relevant tests.
fixes#3750
- Updated tests to create tokens for one user. This caused the tests to
fail for MySQL exposing the bug.
- Delete user's tokens along with posts
fixes#3857
- adds uncapitalise middleware which detects uppercase in req.path and
redirects to the lowercase equivalent
- change the ghost route to a regex, just so it's consistent with other
routes in the file
closes#2462
- adds conditionals for pagination for index, tags and author pages
- outputs correct meta title and description according to context
- adds further unit testing
closes#1967
- adds paged to eventually replace archive-template
- adds page-template to eventually replace page
- changes custom page template class to be page-slug instead of
page-template-slug
closes#3789
- Create a GhostServer class to manage state
- index.js now calls start on the exported server
- Alter tests to expect a GhostServer instance
closes#685
- Now that we have a ‘pagination’ meta object, we can implement
SEO-friendly `next` and `prev` ref links in `<head>`.
- This implementation works uniformly for anything that supports
pagination in the current schema (posts, tags, authors)
- Regex should make the implementation future-proof for additional
pagination
resolves#2170
- creates a models.init() function that requires all other model files
and caches them. This is opposed to the previous functionality where
when you require('./models') it would immediately require all other models.
Now it's done when you want.
- Updates all tests to reflect the new structure of the model module
refs #16, #17, #18, #19, #20, #21, #3801
- This code was a prototype system built when Ghost was still a prototype.
It was never fully implemented and hasn't actually worked for ages.
- Now that the admin is in Ember, it's likely we'll need a very different
system.
closes#3765
- Simple API check to ensure that the owner isn’t downgraded to a
different role (analog to the ’can’t change your own role’ check)
- Test added to ensure Owner can't be downgraded to a lower role
fixes#3724
- provide config.url to the ember client app via a data attribute
- create server and client side helpers to output the URL
- wire up the client side helper
- add a class for testing, and add tests for both the server and client side
fixes#3716
- change the importer to not override any user details
- only set published_by if it is not already set
- import users before anything else
- process the import and map user ids to existing users
- test fix - owner should have owner role
- test fix - catch invalid success in importer
Closes#3649
* Small refactor of the api route for email test. We no longer need to look up the email in the settings
* Added a user model lookup based on context to the test email method.
closes#3631
- Removed the 'by + setupUser.name' from authentication.js
- Removed the 'by Test User' from feed_test.js
- Added a '.' to the end of each per issue comment example
fixes#3658
- Catch any errors from user.save() events during login
- Prevent validation from happening at all when only updating status/last_login
- Fixes a problem I introduced with errors which are arrays in logError
closes#3450
- Added no-permission error handling for settings edit API.
- In Authentication API integration test, updated the initOwnerUser
function to insert the roles and user_roles for the owner user so the
owner can edit settings after adding the no-permission error handling. I
also added the mail send permission to the test since it's used after
the user edits the settings.
closes#3544
- limit forgotten password requests to five requests per IP per hour
for different email addresses
- limit forgotten password requests to five requests per email address
- limit signin requests to ten failed requests per IP per hour
- removed special treatment for tests
closes#3468
- added rate limit to deny more than 5 attempt every hour
- updated spam prevention to be configurable
- added config values spamTimeout, ratePeriod, rateAttempts
- added ratePeriod:1 to config.example.js to prevent functional tests
from hitting the rate limit
- commented spam test, I’ll fix it tomorrow
closes#3285
- remove apps stuff for now
- if there is a single user, behave the same as before, overriding
non-critical properties of the single owner user
- if there are multiple users, import them like normal resource
No Issue
- The method that generates a filename for the export during
a migration returns a promise, not the filename directly,
so the export file was being named [object Object].
Closes#3466
- Transferring the owner role is now done via a separate
endpoint and not through Ember-Data. As a result the
user role data needs to be updated manually.
- Updated the owner endpoint to return a response body
containing the updated user objects.
- Updated tests.
closes#3401
- modifying slug-generator to be more generic
- adding slugging capabilities for /settings/users/:slug
- modified posts to use the updated slug-generator
- edit and add endpoints don't assume role
- edit and add endpoints cope with no role, role objects, and strings
- resend user invite was failing at one point due to no role being sent, but this shouldn't be required
- other random api cleanup
