refs https://github.com/TryGhost/Team/issues/1665
- The search script should be uniquiely identifiable in DOM. Previously element for portal scipt element and search element both had `data-ghost` attributes` for identification. Having `data-sodo-search` makes naming unique
no issue
- The sodoSearch needs to be injected into rendered HTML the same way portal scripts are.
- The feature is behind a `sodoSearch` alpha flag, so the scripts are injected conditionally
refs 911ce4f29e
- Fixed the settings snapshot for a news labs flag
- Long term we should look into making the labs property match dynamically as it is updated quite often. We'll forget to update this snapshot!
- now we only have one API version, it doesn't make sense to keep
"canary" around
- renaming it to `endpoints/` makes more sense for this
- this commit renames the `core/server/api/canary/` folder to
`core/server/api/endpoints/`
- it also fixes the naming in test titles and the various other places
we relied on this
refs d63e9256ea
- Following the ref'd commit, when migrating a site the default and free tiers would be skipped because they exist by default in the new site
- As the product is skipped, we don't have the ID available in the imported data to map the stripe_product to
- If the stripe_product isn't mapped, imported members won't be mapped to the correct tier
- This commit adds a lookup for the product by name and slug to restore the correct stripe_product mapping
Co-authored-by: Simon Backx <simon@ghost.org>
refs https://github.com/TryGhost/Toolbox/issues/320
- Wanted to verify if multiple webhook snapshot tests would play nicely together. They did!
- Also having few tests of the same type allows to detect patterns that could be extracted and reused later :)
refs https://github.com/TryGhost/Toolbox/issues/320
- Following the rule of having minimum code changes in the Ghost core codebase. This module belongs to "framework" along with other testing tools anyway.
- The bump includes a noteworthy changes - the "snapshotManager" was extracted into a separate exposed property of express-test API (maybe should be even it's own separate concept eventually, for now exposing it was enough). "snapshotManager" had to be exposed to be able to pass it to the webhook mock receiver - to use same instance configured with mocha hooks. snapshotManager has to be a singleton in the system to configure snapshots correctly through mochaHooks.
refs https://github.com/TryGhost/Toolbox/issues/320
- This is an **MVP** to be able to intercept and match webhook request
snapshots. The concept is similar to the one used in API E2E tests using
same "matchBodySnapshot" and other "match*" methods to test the webhook
**request** data
- Next up here would be:
1. Header matcher
2. Mocking more than one webhook (and doing something nicer with the way
the fixture data is inserted, does this logic belong to the mock-receiver?
closes https://github.com/TryGhost/Team/issues/1655
refs https://github.com/TryGhost/Ghost/commit/4bc14d2c4
- The API should always accept the input it returns. In this case it did not accept the input when it contained an unchanged roles property
- The problem here came from the referenced commit where we can now end up in the situation when the `roleToAssign` is just empty. It was an optimization to prevent a need to do ANY DB operation when none was needed.
refs https://github.com/TryGhost/Team/issues/1526
This adds a check for existing subscriptions for a member associated with the
email addressed used for Stripe Checkout, if any are found the Checkout Session
creation fails and responds with a 403.
We've also updated the error handling for the create-stripe-checkout-session
endpoint so that it follows the existing Ghost API patterns.
no issue
If you try to publish a draft email only post by setting the status to sent, you won't receive an error but the email won't get sent. This is because we don't support this behaviour. This is very counter-intuitive when writing the documentation, so I've patched this behaviour and added some more tests.
- When setting the status to `sent` for not email only posts, the post status will be set to `published` without warning
- Also published_by was not set correctly in the past. This is also fixed and has new tests.
closes https://github.com/TryGhost/Toolbox/issues/351
- When an invalid value was passed in `roles` parameter when editing a user it resulted in incorrect database state (all roles appeared to be unassigned from the user).
- The fix includes ability to set user role by an allowed name, one of: 'Administrator', 'Editor', 'Author', 'Contributor'.
- Also added a validation in case a non-ObjectID value is passed in roles to the users edit method.
closes https://github.com/TryGhost/Team/issues/1626
- getLazyRelation is a safer shorthand for `model.related('relationName').fetch()`
- prevents doing a `fetch` operation on a relation that is already loaded, which can cause issues when `formatOnWrite` has a custom implementation
- uses the already loaded relation if it exists, or loads the relation
- doesn't reload if already loaded
- reload is forceable using the forceRefresh option
no issue
Some tests timeout for an unknown reason. This commit adds some missing awaits for async test methods (that don't perform any async operation, but are marked as async).
fixes https://github.com/TryGhost/Team/issues/1652
fixes https://github.com/TryGhost/Ghost/issues/13319
**Image formatting**
Added support for changing the format of images via the `handle-image-sizes` middleware (e.g. format SVG to png, jpeg, webp)
This change was required:
- Not all browsers support SVG favicons, so we need to convert them to PNGs
- We can't fit image resizing and formatting in the `serve-favicon` middleware: we need to store the resized image to avoid resizing on every request. This system was already present in the `handle-image-sizes` middleware.
To format an uploaded image:
- Original URL: https://localhost/blog/content/images/2022/05/giphy.gif
- To resize: https://localhost/blog/content/images/size/w256h256/2022/05/giphy.gif (already supported)
- To resize and format to webp: https://localhost/blog/content/images/size/w256h256/format/webp/2022/05/giphy.gif
- Animations are preserved when converting Gifs to Webp and in reverse, and also when only resizing (https://github.com/TryGhost/Ghost/issues/13319)
**Favicons**
- Custom favicons are no longer served via `/favicon.png` or `/favicon.ico` (only for default favicon), but use their full path
- Added support for uploading more image extensions in Ghost as a favicon: .jpg, .jpeg, .gif, .webp and .svg are now supported (already supported .png and .ico).
- File extensions other than jpg/jpeg, png, or ico will always get transformed to the image/png format to guarantee browser support (webp and svg images are not yet supported as favicons by all browsers).
For all image formats, other than .ico files:
- Allowed to upload images larger than 1000px in width and height, they will get cropped to 256x256px.
- Allowed uploading favicons that are not square. They will get cropped automatically.
- Allowed to upload larger files, up to 20MB (will get served at a lower file size after being resized)
For .svg files:
- The minimum size of 60x60px is no longer required.
For .ico files:
- The file size limit is increased to 200kb (coming from 100kb)
- This PR was created by deleting all .snap files & running the tests
- The result is that all tests that have been removed or renamed have had their now-unused snaps deleted
We have to update the output serializer to only clean includes for the
Admin API, so that these includes aren't stripped for not being in the
original include query param.
This also rejigs the other Content API only logic to sit together in
the input serializer.
refs https://github.com/TryGhost/Team/issues/1650
Since we introduced calculated settings, we need to return all settings when editing a setting, because those calculated settings can change.
- When editing settings, return all the settings. Previously we didn't include the calculated settings (which caused issues with admin not having up to date values for those)
- Updated Stripe <head> script to be injected based on the calculated settings
Required for https://github.com/TryGhost/Admin/pull/2405
refs TryGhost/Team#1641
This commit adds a custom query for the members export, to improve the performance and to prevent any timeouts from happening when exporting large amounts of members.
Co-authored-by: Simon Backx <simon@ghost.org>
Co-authored-by: Matt Hanley <git@matthanley.co.uk>
- The migration path from 4.x on SQLite to 5.0 on MySQL requires an export/import
- Exports don't include the Stripe info required to map members to tiers correctly on import. This change fixes that.
Co-authored-by: Simon Backx <simon@ghost.org>
Co-authored-by: Hannah Wolfe <github.erisds@gmail.com>
refs https://ghost.slack.com/archives/C02G9E68C/p1652980792270029
- When bulk unsubscribing members, the number of deleted newsletter relations are returned instead of the number of members with newsletters that were cleared
- Updates members-api to 8.1.0, which uses this new option to delete newsletter relations by member_id instead of the id of the relation (which allows us to fetch the number of successfully/failed member deletes) Changes: https://github.com/TryGhost/Members/pull/400
- Added tests for bulk unsubscribe and bulk delete labels (because they both use the updated bulkDestroy method)
refs https://github.com/TryGhost/Team/issues/1640
- Some tests require making request to the root of the mounted server path like `GET /ghost/.well-known/jwks.json`. These are not stricly APIs like Admin, Content, and Members. They do need a separate agent to distinguish the configuration - for this agetn we can stop loading some parts like "server" in the future to speed things up (didn't work straight out of the box)
refs https://github.com/TryGhost/Team/issues/1642
- Updated `members-csv` (dependency via `members-importer`, shouldn't this be a separate dependency too?) package to use the `tiers` field instead of the (removed) products field.
- Added basic test to see if products and labels are returned in the csv.
refs https://github.com/TryGhost/Toolbox/issues/335
- When eventually the major will be bumped next week the returned version will become `5.0.0` which changes the `content-length` header in all of the responses using the version from package.json
- The version number is dynamic, so it's expected the content-length to float as minor and patch versions fluctuate in 1-2 digit numbers. For lon-term easy maintenance it's best to set the content-length to any number (or maybe some sort of floating range in the future?)
refs https://github.com/TryGhost/Toolbox/issues/335
- When eventually the major will be bumped next week the returned version will become `5.0.0` which changes the `content-length` header in all of the responses using the version from package.json
- The version number is dynamic, so it's expected the content-length to float as minor and patch versions fluctuate in 1-2 digit numbers. For lon-term easy maintenance it's best to set the content-length to any number (or maybe some sort of floating range in the future?)
refs https://github.com/TryGhost/Toolbox/issues/335
- Similarly to `anyEtag` pattern for `etag` headers there's a need to match dynamic content-length and content-version headers.
- The `anyContentLength` is the same as `anyStringNumber` matcher, created a separate one to show the intention over a function when reading the code (maybe we could introduce something like floating number range matcher in the future to be more precise in situations where we expect the content-length to float in +-2 length range)
refs https://github.com/TryGhost/Toolbox/issues/335
- Existing `anyNumber` matcher does not do a job when the number is stringified, so introduced a new string matcher to match stringified numbers
- filtering member list on `tier:tier-slug` was failing as it only accepted member.product column
- member table needed to expand the tier filter to use product naming for filtering to work
refs https://github.com/TryGhost/Team/issues/1637
The `stripe_connect_integration_token` setting is required for the Stripe
Connect flow to work. The existing `stripe_connect_*` settings are also not able
to be edited. So we've updated the allow list to remove those, and add the one
required for the Stripe Connect flow.
- checkout session creation was failing when setup with `offerId` instead of `tierId` and `cadence`
- updates `members-api` to ignore cadence check to allow creation using `offerId` present in request