Commit Graph

2246 Commits

Author SHA1 Message Date
Hannah Wolfe
6741f139d5
Updated redirects todo to be a deprecation notice
- When we have todos related to deprecations, we should use @deprecated instead
- @deprecated notices should say when a feature was deprecated, not when it was removed
2022-09-09 17:11:27 +01:00
Ghost CI
352b4ad537 v5.14.0 2022-09-09 16:00:35 +01:00
Hannah Wolfe
cbc56d953a
Removed outdated todo referencing api versions
refs: https://github.com/TryGhost/Toolbox/issues/229

- We got rid of the configs, so this todo is no longer valid
2022-09-09 13:58:27 +01:00
Hannah Wolfe
b0234dd58e
Removed apiVersions from test urlUtils
refs: https://github.com/TryGhost/Toolbox/issues/229

- These properties were removed from urlUtils in 5.0 and no longer do anything
2022-09-09 13:32:30 +01:00
Ronald Langeveld
c9e6f42ca8 Bumped Portal to 2.12.0
ref https://github.com/TryGhost/Team/issues/1800

- Adds v 2.12.0 of Portal
- Updates snapshots for tests
2022-09-09 13:54:43 +02:00
Naz
235d716048
Refactored notifications e2e tests to use test framework
no issue

- Bumped into these tests when doing cleanup in the notifications service. Having full snapshot of requests is useful to have as a sanity check, so migrated this test suite quickly.
2022-09-09 19:51:50 +08:00
Ronald Langeveld
a001c63dbd Revert "Bumped to Portal to 2.11.2"
This reverts commit 8276cad6f1.
2022-09-09 13:33:29 +02:00
Ronald Langeveld
8276cad6f1
Bumped to Portal to 2.11.2
ref https://github.com/TryGhost/Ghost/pull/15335
2022-09-09 13:12:11 +02:00
Simon Backx
145a111e4c Updated admin auth frame to use versionless API
refs https://ghost.slack.com/archives/C02G9E68C/p1662717296469599

The API no longer has versions, so this required a redirect every time.
2022-09-09 12:01:23 +02:00
Ronald Langeveld
eb6534bd7f
Replaced all 'bio' references with 'expertise' for member comments. (#15359)
closes https://github.com/TryGhost/Team/issues/1772

- The user facing side of comments recently replaced `bio` with `expertise`.
- To remain consistent we replaced all the references of `bio` with `expertise` throughout the codebase.
- This includes a database column name changing migration, within the `members` table.
- Bumped up the comments-ui version to a new minor (0.10.x) as its a breaking change.
2022-09-09 10:14:49 +02:00
Naz
8935f53d63
Fixed yarn command failure
refs ab0661c746

- The command was failing on non-org machines because the @tryghost/adapter-base-cache was published as private by accident.
2022-09-09 13:39:57 +08:00
Naz
ab0661c746
Fixing yarn command failure
no issue

- By bumping the version of adapter-base-cache I'm expecting `yarn` command to pick up this package. I suspect the failures on CI are due to some caching issue.
2022-09-09 13:26:51 +08:00
Naz
ff5919e86c
Extracted cache adapter base class to external package
https://github.com/TryGhost/Toolbox/issues/364

- When the adapter base class lives deep inside Ghost's codebase it is pretty hard for other developers to extend it. With the goal of making Ghost easier to use and deploy by others, this kind of functionality should be as easy to extend as possible.
- The base adapters should live in the TryGhost/SDK repository. Next ones to move are Scheduling, SSO, and Storage base adapters.
2022-09-09 12:36:49 +08:00
renovate[bot]
3d4c97f8c7
Updated @tryghost dependencies (#15349)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2022-09-08 18:32:13 +01:00
Daniel Lockyer
790e4c5598
Added history log for staff actions
fixes https://github.com/TryGhost/Toolbox/issues/356

- this feature allows site Administrators to view a history log of staff
  actions on their site so they can audit when and by whom that something happened
- this commit promotes the History log to GA
2022-09-08 18:23:39 +01:00
Hannah Wolfe
7084217d3d
Added same-origin referrer rule to post previews
- this prevents the referrer/referer header being sent for requests that go to external domains
- this in turn prevents preview URLs from appearing in the analytics of sites that are linked to and clicked on from previews
- otherwise, preview URLs can be leaked to the owners of the linked and clicked sites
2022-09-08 12:39:13 +01:00
rw4nn
dc84983550
🐛 Fixed square brackets being % encoded in URLs (#14977)
fixes: #14863
refs: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/encodeURI#encoding_for_ipv6

- added a simple Regex replace for the percent-encoded square brackets to get them back to non-encoded
- a preferred solution might be using new URL(), but that causes other issues. The regex solves the immediate need.
2022-09-08 12:09:40 +01:00
Simon Backx
6bffa893b1
Added snapshot tests to ghost_head helper (#15327)
refs https://github.com/TryGhost/Team/issues/1795

- Snapshots help us detect unexpected changes in the `<head>` of all sites (e.g., newly introduced script tags)
- Added ghost_head tests for comment count helper
2022-09-08 13:04:34 +02:00
renovate[bot]
be70064716
Pinned dependency html-validate to 7.3.3 (#15384)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2022-09-08 10:30:07 +01:00
Simon Backx
4534b693e4
Added test that validates output HTML of email template (#15365)
refs https://github.com/TryGhost/Team/issues/1871

This commit adds a test to the serialize method of `post-emaiserializer`. It checks whether the generated email HTML is valid and standard HTML5 and that all properties are escaped.

To do this validation, I depend on the new `html-validate` dev dependency. Just parsing the HTML with a HTML parser is not enough to guarantee that the HTML is okay.

Apart from that this fixes:
- Removed the sanitizeHTML method and replaced it with normal HTML escaping. We don't want to allow any HTML in the escaped fields. Whereas `sanitizeHTML` still allows valid HTML, but we don't want that and want the same behaviour as on the site. E.g., a post with a title `All your need to know about the <br /> tag` should actually render the same title and non-html content, being `All your need to know about the &lt;br /&gt; tag`
- The file, nft and audio card didn't (always) escape the injected HTML fields (new version @tryghost/kg-default-cards) 
- `@tryghost/string` is bumped because it contains the new escapeHtml method
2022-09-08 10:11:01 +02:00
Daniel Lockyer
04e3ee9f10 Added property cleaning to tag relations on pages + posts
refs https://github.com/TryGhost/Ghost/pull/15375

- we currently pass all properties for the `tags` property of a
  `page`/`post` body down further into Ghost, which is causing issues
  because it's handling properties it doesn't expect
- this is showing up because it's triggering save history events for
  tags when a post is edited
- this commit introduces a clean util which has an allowlist of
  properties allows on tag relations
- this list was taken from the schema: 128f8fb006/packages/admin-api-schema/lib/schemas/posts.json (L214-L227)
2022-09-07 22:28:56 +01:00
Simon Backx
74ecde73db
Moved attribution event handler to events service (#15379)
fixes https://github.com/TryGhost/Team/issues/1821

This change moves all the event storage logic to one new place: the event storage class in the MembersEventsService, which is initialised in a new members events service wrapper.

Apart from this, this includes some improvements:
- Removed DomainEvents from the constructor arguments to the subscribe method (to make it more clear where to subscribe to and decrease dependencies)
- LastSeenAtUpdater doesn't subscribe in the constructor any longer (removes unclear side effect)
- Moved LastSeenAtUpdater initialisation to new members events service wrapper
- Added missing tests to LastSeenAtUpdater to assure that the MembersEventsService package has 100% coverage.
2022-09-07 16:41:59 +02:00
renovate[bot]
3d76c89660 Update dependency @playwright/test to v1.25.2 2022-09-07 13:10:11 +01:00
renovate[bot]
5812e491d2 Update dependency uuid to v9 2022-09-07 13:06:48 +01:00
Kevin Ansfield
10946a56b2
🐛 Fixed product card images causing very wide emails in Outlook (#15374)
closes https://github.com/TryGhost/Team/issues/1873

- bumps `@tryghost/kg-default-cards` which amends the product card rendering to output adjusted `width` and `height` attributes and a resized `src` attribute on the `<img>` element
2022-09-06 19:36:19 +01:00
Daniel Lockyer
4a6f57b105
Merged v5.13.2 into main
v5.13.2
2022-09-06 16:45:52 +01:00
Ghost CI
d71efb128f v5.13.2 2022-09-06 16:32:05 +01:00
Fabien 'egg' O'Carroll
f7a58ecafc
🐛 Fixed OpenSea NFT OEmbeds (#15372)
refs https://github.com/TryGhost/Team/issues/1879

OpenSea updated their URL format for NFTs after adding support for Solana
which broke our regex, this updates to support the new format.
2022-09-06 11:29:35 -04:00
Simon Backx
8b4d5504e8
Moved (un)like endpoint code to comments service (#15371)
fixes https://github.com/TryGhost/Team/issues/1861

- Moved like and unlike endpoint handling to comments service and controller
- Moved small part of report logic to comments controller
- Added proper 401 authentication error when not authenticated as member
2022-09-06 17:20:55 +02:00
Sanne de Vries
cbccd400c6 Updated Explore section on dashboard
No issue
2022-09-06 14:59:33 +01:00
Ronald Langeveld
1f177e1c17
Added optional data-attribute to enable and disable auto redirection. (#15335)
closes https://github.com/TryGhost/Ghost/issues/15104 https://github.com/TryGhost/Team/issues/1800

- On custom sign up and login forms, creators often wouldn't want their members to be redirected to that page after signing in.
- This takes a new data-attribute value (eg `data-members-autoredirect="false"`) that can be set on [custom sign up / login forms](https://ghost.org/docs/themes/members/#signup-forms) into account before parsing the referrer on the magic link URL that gets sent to the member for login.
2022-09-06 14:36:06 +02:00
Naz
920a3aeb4c
Fixed adapter-related unit test
refs 37dd187fe6
refs c36575627d/ghost/core/core/server/data/importer/handlers/image.js (L16)

- The tests were failing because they were stubbing a "generic" adapter, instead of the one which the module under test was using (see referenced code to see what I mean)
2022-09-06 18:46:32 +08:00
Naz
c36575627d
Fixed unit test
refs 37dd187fe6

- The referenced commit lacked cleanup after module removal
2022-09-06 18:11:22 +08:00
Naz
a96a7340c0
Added JSDoc to adapter options resolver
refs https://github.com/TryGhost/Toolbox/issues/384

- Added jsdoc for intellisence/typechecking
- Cleaned up the naming of returned values to resemble the usecases a bit better
2022-09-06 17:51:57 +08:00
Naz
28791bd6bf
Fixed typo 2022-09-06 17:51:57 +08:00
Naz
67df9a6105
Removed unused adapterType variable
refs https://github.com/TryGhost/Toolbox/issues/384

- The adapter manager can parse the adapter type internally from the "type:feature" syntax, so there's no need to pass it around.
2022-09-06 17:51:57 +08:00
Naz
1fc8c8d671
Added more explicit adapter config syntax
refs https://github.com/TryGhost/Toolbox/issues/384

- Existing adapter config was based on the notion there can only be one configuration per one adapter class. With adapter cache now allowing instantiating multiple adapter instances with the same base class it opened up a possibility to have shared configuration for a base class and then extend/override it in "feature" configurations (see tests in this commit for specific examples)
2022-09-06 17:51:57 +08:00
Naz
37dd187fe6
Added adapter caching based on features
refs https://github.com/TryGhost/Toolbox/issues/384

- Adapter cache was not able to store multiple object instances derived from same Base class. This created a need to create boilerplate "shell" classes inheriting from the Base class, e.g.: ImageSizeCacheSyncInMemory etc.
- Having feature-based adapter instance caching in the adapter manager allows to simplify configuration and reuse the "base class" instead of creating artificial "shell" classes.
- For example with this change both image sizes and settings caches will create separate cache instances deriving from default "Memory" class. Less code, less configuration!
2022-09-06 17:51:57 +08:00
Naz
a0d0c38aaf
Fixed typo complementary -> complimentary 2022-09-06 17:51:56 +08:00
Hannah Wolfe
db6fb2d6d0
Removed unused fixture tasks
- these old concepts aren't used anymore
2022-09-06 10:18:55 +01:00
Daniel Lockyer
e0f86cb1cb
Merged v5.13.1 into main
v5.13.1
2022-09-06 10:12:54 +01:00
Ghost CI
da1997d96e v5.13.1 2022-09-06 09:53:23 +01:00
Daniel Lockyer
79368f565f
Fixed Tier events being created when Posts are edited
refs https://github.com/TryGhost/Team/issues/1875

- due to an misbehavior in our model layer, when `tiers` is set on a Post, it'll
  trigger a save of the Tier, and this produces an extra event in the
  `actions` table
- mapping the Tier(s) to just the ID prevents bookshelf-relations from
  editing the Tier and thus prevents the extra event
- also fixed tests which were implicitly assuming supplying a slug to a
  post would create the product
2022-09-05 17:19:27 +01:00
Hannah Wolfe
f1bc8026b7
Removed unused resetRoles method
- working on cleaning up our fixture mechanism and making it easier to understand
2022-09-05 09:32:54 +01:00
renovate[bot]
8c91f7b7d4 Update sentry-javascript monorepo to v7.12.1 2022-09-02 16:27:26 +01:00
Ghost CI
27704794d4 v5.13.0 2022-09-02 16:00:27 +01:00
Simon Backx
2e85ae98be
🐛 Fixed sending emails from email domain that includes www subdomain (#15348)
fixes https://github.com/TryGhost/Team/issues/1855
fixes https://github.com/TryGhost/Team/issues/1866

This commit moves all duplicate methods to get the support email address to a single location. Also methods to get the default email domain are moved.

For the location, I initially wanted to put it at the settings service. But that service doesn't feel like the right place. Instead I created a new settings helpers service. This service takes the settingsCache, urlUtils and config and calculates some special 'calculated' settings based on those:

- Support email methods
- Stripe (active) keys / stripe connected (also removed some duplicate code that calculated the keys in a couple of places)
- All the calculated settings are moved to the settings helpers

I'm not 100% confident in whether this is the right place to put the helpers. Suggestions are welcome.
2022-09-02 16:57:59 +02:00
Simon Backx
51ddc39fa7 Updated snapshots of email preview tests
refs dd2bfb8c0e
2022-09-02 16:19:28 +02:00
Daniel Lockyer
dd2bfb8c0e
Merged v5.12.4 into main
v5.12.4
2022-09-02 15:13:37 +01:00
Ghost CI
c02646b31d v5.12.4 2022-09-02 15:04:07 +01:00
Simon Backx
999b111fce
🐛 Fixed paid email preview stopped working in emails (#15356)
fixes https://github.com/TryGhost/Team/issues/1870

Disables email sanitization that was enabled earlier because this bug is more important and urgent.

The recently introduced email sanitzation removes HTML comments from the post html.
- This breaks the email paid preview, because it depends on the `<!--members-only-->` comment.
- Breaks the Outlook comments `<!--[if !mso !vml]-->`

This commit reverts this change.
2022-09-02 15:49:39 +02:00
James Morris
d5094fe235 Improved formatting of multiple authors for newsletters
- No longer showing all authors together, but using & others over 2

no issue
2022-09-02 11:48:30 +01:00
Hannah Wolfe
409a4783a3
Renamed content api agent auth method
- the query param is called key, so key is easier to remember
2022-09-02 10:48:03 +01:00
Hannah Wolfe
642b6ff8ae
Added loginAs[Role] to e2e framework with example
closes: https://github.com/TryGhost/Toolbox/issues/342
refs: 032a26f9f3
refs: 588c9d04e8

- Now that the old `users:no-owner` (now named 'users') is working correctly :)
- Was able to add loginAs[Role] methods for each staff role, so that it's possible to execute tests as that user and check permissions
- Refactored the email preview tests to use the new e2e framework and these methods, as an example
2022-09-02 10:38:22 +01:00
Hannah Wolfe
588c9d04e8
Renamed users:no-owner to users as main user fixture
- This fixture is the main user fixture you'd want to use when testing staff roles
- At the moment it has a weird name that makes it less likely people will use it
- A tiny step in trying to make our fixture system make a tiny bit more sense
2022-09-02 10:08:37 +01:00
Hannah Wolfe
032a26f9f3
Fixed users:no-owner fixture to add roles correctly
- This fixture would only work if the roles were inserted by the fixture system
- In most cases, this fixture was adding users without their associated roles
- Now we assume the roles exist already, and that we need to map users to each role
- This will allow us to more easily test user roles in e2e tests
2022-09-02 08:26:30 +01:00
Kevin Ansfield
c220c1e288
🐛 Fixed image width/height and links not being preserved when pasting or importing html (#15350)
refs https://github.com/TryGhost/Koenig/issues/330
refs https://github.com/TryGhost/Koenig/issues/329

- bumps packages related to pasting content into the editor and importing content via the posts API with `?source=html`
2022-09-01 17:31:21 +01:00
Daniel Lockyer
df99e1aec3
Merged v5.12.3 into main
v5.12.3
2022-09-01 15:36:46 +01:00
Ghost CI
7650ecafeb v5.12.3 2022-09-01 15:36:17 +01:00
Fabien 'egg' O'Carroll
e4cbb3d24d
Reset magic link rate limiting upon successful login (#15345)
refs https://github.com/TryGhost/Team/issues/1771

We don't have access to `req.brute.reset` due to the way the flow
works, we have one endpoint which sends an email with a magic link,
and another route which handles the login. We don't want to apply
brute force protection to both because our rate limiting is designed
for API requests not web page visits (which is how login is handled).

Because of this we require access to the underlying ExpressBrute
instance exposed by the spam-protection module, so that we can
perform the reset.
2022-09-01 08:54:14 -04:00
Fabien 'egg' O'Carroll
c9f782a3fc
🔒 Fixed rate limiting for user login (#15336)
refs https://github.com/TryGhost/Team/issues/1074

Rather than relying on the global block to stop malicious actors from
enumerating email addresses to determine who is and isn't a user, we
want our user login brute force protection to be on an IP basis,
rather than tied to the username.
2022-09-01 13:29:59 +01:00
renovate[bot]
d0103a6b31 Update sentry-javascript monorepo to v7.12.0 2022-09-01 08:48:54 +01:00
Daniel Lockyer
4505b2f3f5
Cleaned up npmignore entries for Casper
- we ignore some files within Casper via the Core .npmignore, but this
  was outdated
- `.csscomb.json` and `.yarnrc` do not exist in the repo anymore
- `yarn.lock` should be added because this is the bundled theme files
  and we don't expect to be editing them again
2022-09-01 08:22:01 +01:00
Naz
945ebd4806
Fixed ERR_NOCK_NO_MATCH warning during test runs
refs https://github.com/TryGhost/Toolbox/issues/389

- The e2e test suite log was full of ERR_NOCK_NO_MATCH warnings when the logging level was set to "warn". The cause of this warning was legit duplicated webhook trigger processing on test environment. Gah!
- The source of duplicate webhook processing was duplication of event handlers. Event handlers were registered multiple times for same event because of the singleton nature of the "common/events" module - it remains the same instance and is not cleaned up between reboots. The deeper issue of events module initialization should be solved separately, this slightly hacky approach fixes the problem now and highlights it to be tackled in the future.
2022-09-01 12:25:47 +08:00
Naz
88e0ae892c
Fixed typo 2022-09-01 11:01:15 +08:00
renovate[bot]
36ac8ccb41
Update dependency knex to v2.3.0 2022-08-31 20:32:37 +00:00
renovate[bot]
87a97726c6
Update dependency human-number to v2.0.1 2022-08-31 19:21:36 +00:00
renovate[bot]
405d1acec5 Update dependency @tryghost/express-test to v0.11.3 2022-08-31 16:42:28 +01:00
Fabien 'egg' O'Carroll
2ff81cc5d3
🔒 Fixed rate limiting for user login (#15336)
refs https://github.com/TryGhost/Team/issues/1074

Rather than relying on the global block to stop malicious actors from
enumerating email addresses to determine who is and isn't a user, we
want our user login brute force protection to be on an IP basis,
rather than tied to the username.
2022-08-31 10:33:42 -04:00
Daniel Lockyer
c2b399fc2c Fixed warning about aborted connection in tests
refs https://github.com/TryGhost/Toolbox/issues/389

- if we enable warning logs in E2E tests, we get a bunch of error
  messages saying `ERROR Unhandled rejection: aborted` coming from the
  SQLite DB reset code
- specifically, it's coming from the line that resets the DB by copying
  the file
- this line was initially added because we would see random SQLite
  "malformed database" errors
- I have a feeling that was due to something else, but I can't be sure
- I'm also not sure how else we should shut the DB connection, as this
  is the recommended way but it throws an unhandled rejection
- this commit is a bit of a gamble because I'm not actually sure what
  was causing the problem, but it gets rid of the errors locally and
  doesn't regress on the random failures
2022-08-31 12:15:30 +01:00
Daniel Lockyer
7a2f766668
Added logging configuration option for timestamps to use the local timezone
fixes https://github.com/TryGhost/Ghost/issues/15190
refs https://github.com/TryGhost/framework/pull/76

- log output always uses UTC timestamps, but it may be desirable to
  configure logs to use the local machine timezone
- a new config option has been added to `@tryghost/logging` so you can
  switch the logs to the local timezone
- this commit bumps the package and sets the default config option to
  `false`, so it doesn't suddenly change the timezone of the logs
- docs will be updated soon but if you'd like to use the
  timezone-altered timestamps, you can set `logging.useLocalTime` to
  `true`
- credits to https://github.com/levee223 for the implementation and PR
2022-08-31 10:29:55 +01:00
Daniel Lockyer
e897efe842
Moved bundling to the end of prepack steps
- in its current form, bundling will happen before we build Admin
- Admin complains because the version in its package.json for
  `@tryghost/members-csv` is different to the one linked in the monorepo
- by putting bundling at the end, we write the new package versions
  after we've already built Admin, so this issue should go away
2022-08-31 08:48:47 +01:00
renovate[bot]
5a359be582 Update dependency knex-migrator to v5.0.4 2022-08-31 07:36:17 +00:00
David Kolosowski
0c28fc2286
Removed BB dep from url service (#14939)
refs: #14882

- Usage of bluebird is deprecated in favour of using native promises
2022-08-30 17:23:47 +01:00
Ghost CI
a2edc7ea1b v5.12.2 2022-08-30 16:58:26 +01:00
Simon Backx
8cd2b3182a
🐛 Fixed commenting on tier-only posts (#15333)
fixes https://github.com/TryGhost/Team/issues/1860

**Problem:**
Members were not able to comment on a post that was only visible for members with a specific tier.

**Causes:**
Content gating was done on models with missing relations.
- The products relation was not loaded on the member when doing content gating
- The tiers relation was not loaded on the post when doing content gating

**Tests:**
- Added for tier-only posts
- Added for paid-only commenting
2022-08-30 16:48:47 +01:00
Simon Backx
aec2badc6c
🐛 Fixed removing comped subscriptions for members with active subs (#15332)
fixes https://github.com/TryGhost/Team/issues/1859

**Problem:**
When for some reason a member has an active subscription (or legacy comped subscription) for product A, and a comped subscription for product B. You cannot remove comped subscription B.

**Fixed by:**
Updating the API to allow more flexible product changes on members.
- Allow the removal of (comped) products on a member, as long as that product doesn't have a related subscription
- (still) allow the addition of comped products to a member, as long as that member doesn't have other active subscriptions. This matches the existing behaviour, but now this is only checked for added products.
- Includes tests for these edge cases
2022-08-30 16:48:44 +01:00
Daniel Lockyer
0b0401d593 v5.12.1 2022-08-30 11:56:45 +01:00
Fabien 'egg' O'Carroll
21e473ff78
🐛 Fixed newsletters not rendering with non-HTML safe chars (#15331)
Co-authored-by: Kevin Ansfield <kevin@lookingsideways.co.uk>
2022-08-30 11:26:01 +01:00
Daniel Lockyer
8e3b611606
Fixed early return when there are no new email batches
- the code in question had the intention of returning early if no new
  email batches had been created for an Email
- there were 2 minor bugs here:
  - `batchIds` would end up being an array of an array of strings
    because we just push an array in without the spread operator
  - we would compare that the returned array equaled zero, which was
    never the case
- this commit fixes these minor issues and adds JSDoc to document the
  function's return type
2022-08-30 08:55:38 +01:00
Naz
8af8905fa9
Updated comments around API access
no issue

- While auditing the access rights to endpoints have come across the "stable" / "experimental" notes that do not make any sense in the current approach towards the API. Every endpoint that's documented and exposed just "is" there no stable/unstable/canary/whatever distinction in the Admin API since Ghost v5
- Staff tokens were also acked as a separate way to access the API, so we have them in mind when modifying the access-list
2022-08-30 11:41:18 +08:00
renovate[bot]
619af026d6
Update dependency luxon to v3.0.3 2022-08-29 18:37:24 +00:00
renovate[bot]
ced7f41112
Update Test & linting packages 2022-08-29 15:21:11 +00:00
Simon Backx
f2da1229d8
Removed unused support email verificaton endpoints (#15328)
fixes https://github.com/TryGhost/Team/issues/1679

These endpoints are safe to be removed, as they are only used by the admin app and usage has been removed over there. It is very unlikely that this endpoint has been used in a third party integration (in which case they will get a notification email).
2022-08-29 15:16:13 +02:00
Elijah
3c94812ee5
Added missing return in create-stripe-update-session
no issue

- Return was missing for `res.end` if an invalid subscription_id was passed
- Added explicit `text/plain` `Content-Type` headers to error messages to avoid MIME sniffing

Signed-off-by: Elijah Conners <business@elijahpepe.com>
Co-authored-by: Simon Backx <simon@ghost.org>
2022-08-29 14:02:58 +02:00
renovate[bot]
ea5942ef3d
Update dependency luxon to v3.0.2 2022-08-29 00:09:28 +00:00
Daniel Lockyer
d986059a50 v5.12.0 2022-08-26 16:00:32 +01:00
Rishabh Garg
594ef34871
Enabled member email alerts (#15321)
closes https://github.com/TryGhost/Team/issues/1825
closes https://github.com/TryGhost/Team/issues/1826

- allows site owners/admins to receive email notifications when somebody signs up, becomes paid, or cancels subscription
- owners/admins can set their email preference from staff settings
2022-08-26 09:38:12 +05:30
Fabien "egg" O'Carroll
4718171b1d Removed out of date history items from UrlHistory
In case there is an issue with the filtering of items in our client
side attribution script, we also check for and remove out of date
items here. This ensures that we do not erroneously attribute signups
or conversions to webpages from more than 24h ago.
2022-08-25 16:09:34 -04:00
Fabien 'egg' O'Carroll
34eae1f284
Promoted Member Attribution to a private beta (#15316)
We promote from alpha -> beta so that we don't require the
enableDeveloperExperiments flag, the toggle in the UI is behind the
flag still, so it will only be visible to developers or people using
alpha features.
2022-08-25 15:41:43 -04:00
Simon Backx
67163209e1
Enabled member attribution flag in all tests (#15317)
closes https://github.com/TryGhost/Team/issues/1852

Updates all tests to run with memberAttribution flag enabled
2022-08-25 15:25:01 -04:00
Rishabh
e6246b191e Updated options format in email alert method to prevent filter override
refs https://github.com/TryGhost/Team/issues/1826

- doesn't allow `filter` to be overridden by passed in options
2022-08-25 20:15:54 +05:30
Rishabh
216eeb9d71 Added paid subscription start email alert
refs TryGhost/Team#1826

- triggers paid subscription start email via staff service
2022-08-25 19:53:02 +05:30
Rishabh
aeadf8a5e1 Added email alert trigger for free member signup
refs TryGhost/Team#1826

- fires email alert on free member creation after they finish signing up via checkout link
2022-08-25 19:53:02 +05:30
Simon Backx
a8239bfa97
Added ENUM validation for member/subscription created events (#15312)
closes https://github.com/TryGhost/Team/issues/1842

- members_created_events: source + attribution_type
- members_subscription_created_events: attribution_type
- members_subscribe_events: source
2022-08-25 15:39:37 +02:00
Simon Backx
232882daa2 Mapped '/' attribution url to homepage
fixes https://github.com/TryGhost/Team/issues/1846

- Shows homepage instead of / for attribution values
2022-08-25 14:51:38 +02:00
Rishabh
281d52610f Added staff service to manage email alert notifications
refs TryGhost/Team#1826

- adds new service package that manages all the email alert notifications for free members and paid subscriptions
- includes email templates for free member signup and paid subscription start/cancel
- initializes staff service before members to allow managing email alert notifications
- passes staff service to members api for triggering alerts
2022-08-25 18:01:52 +05:30
Rishabh
effd5af615 Handled fetching staff users for email alerts
refs TryGhost/Team#1826

- adds a method on user model which fetches all eligible users for a type of email alert
- restricts users to active `Owner` and `Administrators` with setting turned on
2022-08-25 18:01:52 +05:30
Naz
6e76fcc36a Parameterized api sourced verification threshold
refs https://github.com/TryGhost/Toolbox/issues/387

- The limit values should be as configurable as possible to adjust verification thresholds dinamically per-usecase. This solves a problem of doing a separate version release when we need to adjust the verification thresholds.
- Before this "importThreshold" was the same concept as "apiThreshold", which makes it hard&confusing to reason about and hard to parameterize each specific case.
2022-08-25 17:07:10 +08:00
Rishabh
7182ee0e85 Added feature flag for email alerts
refs https://github.com/TryGhost/Team/issues/1826

- adds alpha flag for setting up email alerts for staff users
2022-08-25 13:03:13 +05:30
Naz
7e3b8ff404 Added email verification trigger for admin requests
refs https://github.com/TryGhost/Toolbox/issues/387

- When members are added through the Admin client they have to be a part of instance validation process to prevent service misuse.
2022-08-25 14:26:44 +08:00
Naz
7cae68baaa Renamed trigger amount variable
refs https://github.com/TryGhost/Toolbox/issues/387

- Similar reasoning as to previous renames - the variables were named with a single trigger source in mind and now would be confusing with multiple verification trigger sources.
2022-08-25 14:26:44 +08:00
Naz
8892a60948 Renamed verification threshold parameter
refs https://github.com/TryGhost/Toolbox/issues/387

- There will three distinct verification limits soon. To keep the naming clear "configThreshold" would be too generic/confusing to use.
- Introduced jsdoc descriptions for the "source" parameter, which will be corelating with each new config parameter ("apiTriggerThreshold", "importTriggerThreshold", "adminTriggerThreshold", etc.). This should give a better visibility into parameters we are dealing in this area.
2022-08-25 14:26:44 +08:00
Hannah Wolfe
c9864ee63f Added {{search}} theme helper
closes: https://github.com/TryGhost/Team/issues/1732

- adds a theme helper which outputs a working search button with a standard icon
- the icon adopts whatever the current color is from css, and has a set of default styles
- styles can be overridden with !important or the data attribute
- alternatively, any element in a theme may be turned into a search button by adding data-ghost-search
- this is meant to be a simple tool for non-theme-developers to easily add a search icon to their themes in a way that doesn't require css or html knowledge
2022-08-24 21:34:20 +01:00
Hannah Wolfe
96f7b8fdc8 Fixed content-length, again
refs: 203c8036fa
refs: 1fadbacdec
refs: 22fd7f289c

- There is something seriously weird about how content-length changes...
- It's different on CI to local sometimes...
- This particular test should not change IMO
2022-08-24 20:38:35 +01:00
Hannah Wolfe
203c8036fa
Fixed more content-length labs issues
refs: 1fadbacdec
refs: https://github.com/TryGhost/Ghost/commit/x5447985ee2e8a4b497e9c1afbad07

- I'm trying to make it so that changing labs flags doesn't require changes to these snapshot files!
2022-08-24 19:45:20 +01:00
Simon Backx
f124d142c9 Added member attributions to activity feed (#15283)
refs https://github.com/TryGhost/Team/issues/1833
refs https://github.com/TryGhost/Team/issues/1834

We've added the attribution property to subscription and signup events when the
flag is enabled. The attributions resource is fetched by creating multiple relations
on the model, rather than polymorphic as we ran into issues with that as they can't
be nullable/optional.

The parse-member-event structure has been updated to make it easier to work with,
specifically `getObject` is only used when the event is clickable, and there is now a 
join property which makes it easier to join the action and the object.
2022-08-24 11:17:28 -04:00
Daniel Lockyer
2c60340a7d
Fixed maximum call stack exceeded error when filtering Action events
- after a while of browsing around filtering Actions, the endpoint will
  suddenly lock up and start throwing stack exceeded errors
- this is because every time we initialize an Actions model, we push to
  the `candidates` array with a list of the current models
- this was producing a `candidates` array with a length of several
  thousand models after a few clicks, which would cause errors when
  joining the data down the line
- the code was like this because we need to lazy-initialize the models,
  so the order of requiring the Actions model doesn't matter
- this commit switches the code to using a `candidates` function to get
  the models
- this seems to work and the performance cost is negligible given it now
  doesn't error
2022-08-24 17:03:12 +02:00
Fabien "egg" O'Carroll
3c431bd8da Revert "Added member attributions to activity feed (#15283)"
This reverts commit e986b78458.

The tests were not passing for the PR and it was erroneously
merged into main
2022-08-24 11:01:47 -04:00
Emmanuel Gatwech
d9f0db6a22
Replaced Promise.join() with .all() in user model (#14972)
refs: https://github.com/TryGhost/Ghost/issues/14882

- Usage of bluebird is deprecated in favour of using native promises
2022-08-24 15:32:44 +01:00
Navarjun
57a786c63c
Removed bluebird from frontend/meta (#14940)
refs: https://github.com/TryGhost/Ghost/issues/14882

- Usage of bluebird is deprecated in favour of using native promises

Co-authored-by: Navarjun <navarjun@Navarjuns-MBP.hitronhub.home>
2022-08-24 15:28:35 +01:00
Simon Backx
e986b78458
Added member attributions to activity feed (#15283)
refs https://github.com/TryGhost/Team/issues/1833
refs https://github.com/TryGhost/Team/issues/1834

We've added the attribution property to subscription and signup events when the
flag is enabled. The attributions resource is fetched by creating multiple relations
on the model, rather than polymorphic as we ran into issues with that as they can't
be nullable/optional.

The parse-member-event structure has been updated to make it easier to work with,
specifically `getObject` is only used when the event is clickable, and there is now a 
join property which makes it easier to join the action and the object.
2022-08-24 10:11:25 -04:00
Daniel Lockyer
ab8952dd46 v5.11.0 2022-08-24 15:04:56 +01:00
Rishabh
968380132b Allowed setting expiry for complimentary subscriptions
closes https://github.com/TryGhost/Team/issues/1727

- allows site owners to give cardless free trials to members by setting expiry on complimentary subscriptions
- also allows complimentary members to upgrade as paid member
2022-08-24 19:24:31 +05:30
Rishabh
326bb97d2c Enabled free trials via tiers and offers
refs https://github.com/TryGhost/Team/issues/1724
refs https://github.com/TryGhost/Team/issues/1726

- allows site owners to add a default free trial period to their tiers
- allows site owners to create custom offers that allow free trials on tiers
2022-08-24 19:24:31 +05:30
Simon Backx
1f11282228
Added backfill migration for members created events (#15294)
closes https://github.com/TryGhost/Team/issues/1836

- Uses the timestamps from the members table to determine the timestamps for the events
- Clears the table when downgrading to prevent having multiple rows for the same member

Co-authored-by: Fabien "egg" O'Carroll <fabien@allou.is>
2022-08-24 09:38:00 -04:00
Rishabh Garg
9abfae2ddb
Switched off email alerts for subscription cancellation by default (#15304)
refs TryGhost/Team#1825

- all sites are expected to have cancellation alerts off by default
2022-08-24 18:54:00 +05:30
Daniel Lockyer
046fd2bd82 Fixed missing options when creating or editing an Offer
- without this, the model doesn't have the context on who was
  adding/editing it
- this resulted in being unable to store actions for Offers because the
  `actor` is unknown
- this is the pattern we use elsewhere in the code so I've copied it
  into here
2022-08-24 13:56:07 +02:00
Daniel Lockyer
9bdba0250a
Collected Offer CRUD actions
refs https://github.com/TryGhost/Toolbox/issues/356

- this allows collection of CRUD events for Offers but we currently don't
  show them in the UI until it's overhauled to avoid being monotonously
  long
2022-08-24 13:24:13 +02:00
Daniel Lockyer
74e6b4bcf7
Collected Tier CRUD actions
refs https://github.com/TryGhost/Toolbox/issues/356

- this allows collection of CRUD events for Tiers but we currently don't
  show them in the UI until it's overhauled to avoid being monotonously
  long
2022-08-24 12:54:56 +02:00
Hannah Wolfe
21231536cb Removed all remaining bluebird catch predicates
refs: https://github.com/TryGhost/Ghost/issues/14882

- The use of predicates is deprecated, and we're working to remove them from everywhere, so that we can remove bluebird
- This should be the final piece of the puzzle in terms of predicates, from here we can start removing bluebird without concern that a predicate somewhere will explode
- Note: some of this code is poorly tested, but the refactors are very straightforward and minimal
2022-08-24 11:27:09 +01:00
Hannah Wolfe
af94855349 Removed bluebird catch predicates from API endpoints
refs: https://github.com/TryGhost/Ghost/issues/14882

- I found a common pattern where catch predicates were being used to catch non-existent models in destroy methods, and sometimes elsewhere in the API endpoints
- The use of predicates is deprecated, and we're working to remove them from everywhere, so that we can remove bluebird
- In order to still handle these errors correctly, we needed a small change to mw-error-handler so that it can detect EmptyResponse errors from bookshelf, as well as 404s
Note: there is a small change as a result of this - the context on these errors now says "Resource not found" instead of "{ModelName} not found".
- I think this is acceptable for now, as we will be reviewing these errors in more depth later. It's quite easy to make changes, we just have to decide what with proper design input
2022-08-24 11:27:09 +01:00
Daniel Lockyer
c6e62b80fa
Protected against missing resource types
- this shouldn't ever be the case, but if we forget to label the
  resource type, we shouldn't proceed with storing the event because
  it'll throw an error
2022-08-24 11:54:28 +02:00
Daniel Lockyer
76406f78bb
Added primary_name context for added events
refs https://github.com/TryGhost/Toolbox/issues/356

- we should store the `primary_name` on `added` events too because if
  the resource is eventually deleted, we won't have the pretty name to
  refer to it
2022-08-24 08:53:12 +02:00
renovate[bot]
c860b5b715 Update dependency @playwright/test to v1.25.1 2022-08-24 08:42:13 +02:00
Daniel Lockyer
5e38a23976 Fixed Action event resource_type from page to post
refs https://github.com/TryGhost/Toolbox/issues/356
refs 3a9016639c

- I misunderstood the purpose of a column, and changed the values that
  are inserted into it, which broke relation includes in Bookshelf
- I've since reverted that in the commit above but this migration is to
  fixup the data that got stored in the DB
- we want to replace `resource_type` = `page` back to `post`, but then
  use the `context` column as described in the referenced commit to
  store that the type is actually a `page`, so we can link to it
  from the audit log accordingly
- I'm overwriting the `context` column without taking into account the
  current contents but that's ok because this bug existed before we
  started using `context`
2022-08-24 08:37:51 +02:00
Rishabh Garg
c48c65cc88
Added member email alert notification columns for staff (#15276)
refs https://github.com/TryGhost/Team/issues/1825

- adds 3 new columns to users table for storing email alert preferences for member signups/cancellation
- adds column for new member signup alert
- adds column for paid subscription started alert
- adds column for paid subscription canceled alert
- Updated default fixtures and tests for new columns
2022-08-23 22:11:38 +05:30
Daniel Lockyer
7f0996d986
Implemented resource linking in Audit Log
refs https://github.com/TryGhost/Toolbox/issues/356

- we have a very crude version of this before but it just wasn't
  maintainable
- one of the first things I did here was to add `include=resource` on
  the API call, so it returns the fields we need without extra API
  requests
- after we have the id/slug, I could build a route and model array
  dynamically, or return null if we can't redirect to the object (it
  doesn't exist)
2022-08-23 17:48:11 +02:00
Fabien "egg" O'Carroll
73466c1c40 Added ability to filter members on conversion attribution
refs https://github.com/TryGhost/Team/issues/1830
2022-08-23 11:36:56 -04:00
Fabien "egg" O'Carroll
83f2bf4757 Added ability to filter members on signup attribution
refs https://github.com/TryGhost/Team/issues/1831
2022-08-23 11:36:56 -04:00
Georg Grauberger
36d9ae36ae
Added secret handling for webhooks (#13980)
closes: https://github.com/TryGhost/Team/issues/1203
refs: https://github.com/TryGhost/Ghost/issues/9942

- Ensures that the webhook secret is validated and saved in Ghost admin
- Then makes use of this value by optionally adding an X-Ghost-Signature header that effectively signs the webhooks
- This allows for verifying the source of a webhook coming from Ghost is truly Ghost.
- Uses the same pattern as GitHub uses: https://docs.github.com/en/developers/webhooks-and-events/webhooks/securing-your-webhooks

Co-authored-by: Hannah Wolfe <github.erisds@gmail.com>
2022-08-23 16:34:32 +01:00
Daniel Lockyer
f4f757c314
Fixed missing resource type definition
refs 3a9016639c

- this was accidentally missed from the referenced commit
2022-08-23 16:49:11 +02:00
Daniel Lockyer
3a9016639c
Fixed page actions stored under page resource type
refs bde9b84221

- the commit above claimed to fix an issue where actions taken on pages
  were stored using the `post` resource type
- whilst it does that, this actually breaks part of the API because we
  use the `resource_type` to join on tables when doing an
  `include=resource`
- this commit reverts that functionality and instead stores the type in
  the `context` field so we can still differentiate between pages and
  posts
2022-08-23 16:39:47 +02:00
Simon Backx
d91d6c1311
Added attribution counts to Pages API (#15289)
fixes https://github.com/TryGhost/Team/issues/1835

This was missed in the initial pass when adding to the Posts API
2022-08-23 10:26:34 -04:00
Hannah Wolfe
4cd210c29c Added post deletion tests using new e2e framework
- copied over and rewrote the deletion test from the legacy file
- added a new test that checks that we get a 404 when attempting to delete an unknown post
- this is a guard to protect and futureproof the API whilst we do refactoring to improve 404 handling from bookshelf
- in turn this is aimed at helping to get rid of a bunch of catch predicates from the API
2022-08-23 14:49:29 +01:00
Hannah Wolfe
a2a71c8e67 Renamed e2e admin post tests to legacy
- I want to start rewriting the post tests using the new e2e framework, but it's quite a big task
- For now I have renamed the existing file, and will use the correct file name for writing modern versions of tests
- Note: I have a specific test that I'd like to add which is far easier to write in the new framework
- This change should facilitate moving forward more with the new framework
2022-08-23 14:49:29 +01:00
Daniel Lockyer
9effa119c6 Implemented context on Actions events
refs https://github.com/TryGhost/Toolbox/issues/356

- in order to show data that we might not necessarily still have around
  (ie. when you delete a post, you might want the title), we're going to
  start utilizing the `context` column
- right now, we store the `primary_name` for deleted events, and we also
  store the `setting` `key` and `group` so we can reference it in the
  audit log
2022-08-23 14:58:41 +02:00
Aileen Nowak
e5b604cca0 Updated camelCase properties in Explore endpoint to be snake_case 2022-08-23 12:04:07 +01:00
Aileen Nowak
4892f1d0d5 Added publication language to admin site endpoint
no issue

- The site locale should be exposed within the public site config in order to handle i18n in third party apps
- Added the locale to Explore service to simplify fetching it when submitting a new site
2022-08-23 12:04:07 +01:00
Kevin Ansfield
3fd32ce3cf
Lexical-powered editor experiment (#15278)
no issue

We're spending a bit of time playing with an alternative to mobiledoc-kit to test it's feasibility as a base for future editor improvements.

- add `editor.lexicalUrl` config that points at the unpkg release by default
- set up a route on `/ghost/#/lexical-editor/post/` for the test playground which renders `<KoenigLexicialEditor>` as the editor
- adds `<KoenigLexicalEditor>` component that lazy loads the external react component
2022-08-23 11:45:50 +01:00
Naz
02a0fd5a32 Fixed source attribution for staff token API requests
closes https://github.com/TryGhost/Toolbox/issues/386

- When the API request was made using staff token the source attribution was "user" instead of "api". Misattribution caused ripple effects in  limit service.
- The fix also adds a new combination of data available on the  `req` object - both `user` and `api_key` can be present when the request is done using a staff (user) token. Having both pieces of data on the request object gives more context for business logic, did not find a good reason to keep it "pure" with either `api_key` or `user` property.
2022-08-23 14:38:46 +08:00
Daniel Lockyer
c459807f9a
Stored action events for settings
refs https://github.com/TryGhost/Toolbox/issues/356

- this enables us to store and filter on actions affecting Settings,
  which will usually be `edited`
2022-08-22 21:12:32 +02:00
Simon Backx
fe3430202a
Fixed member attribution for subdirectories (#15277)
fixes https://github.com/TryGhost/Team/issues/1829

- Remove the subdirectories when creating the Attribution instances
- URLs are now always stored relative to the subdirectory instead of the root directory (makes changing the subdirectory easier)
- Fixed returning absolute urls
- Added tests
2022-08-22 17:16:18 +02:00
Simon Backx
02168b41ce Improved dependency structure of member-attribution package
refs https://github.com/TryGhost/Ghost/pull/15266#discussion_r950337271

- Moved dependency building to the the service wrapper
- Don't listen for events inside the constructor
- Used a models option to pass around models to make constructors more readable
2022-08-22 11:36:24 +02:00
Simon Backx
0943daad72
Added member attribution to member details page (#15266)
refs https://github.com/TryGhost/Team/issues/1817

Co-authored-by: James Morris <moreofmorris@users.noreply.github.com>
2022-08-19 16:39:18 -04:00
Daniel Lockyer
46870c423f
Merged v5.10.1 into main
v5.10.1
2022-08-19 18:57:59 +02:00
Daniel Lockyer
6ade771a9f v5.10.1 2022-08-19 17:50:40 +01:00
Rishabh
61b4651901 Fixed display of free trial pill on Portal
refs https://github.com/TryGhost/Team/issues/1728
2022-08-19 22:02:12 +05:30
Rishabh
a072d5d0a8 Handled upgrade and expiry of comped subs in Portal
refs https://github.com/TryGhost/Team/issues/1727
refs https://github.com/TryGhost/Team/issues/1728

- allows comped members to upgrade(behind flag)
- shows expiry for comped subs
2022-08-19 21:05:33 +05:30
Daniel Lockyer
b023f716ab
Fixed content-length header in Explore snapshot
- this endpoint returns the Ghost version, of which the minor just hit
  double digits
- because of this, the content-length size changed, and the snapshot was
  incorrect
- we've previously allowed overrides for the content-length to be any number (see
  1fadbacdec)
- this commit allows the header to be any number so it doesn't fail when
  the Ghost version is incremented
2022-08-19 17:14:04 +02:00
Daniel Lockyer
0df8ee8c72 v5.10.0 2022-08-19 16:02:37 +01:00
Hannah Wolfe
809c1a6e08 🐛 Fixed error deleting post with comment replies
closes: https://github.com/TryGhost/Ghost/issues/15252

- comments are deleted when posts are deleted. Without cascade delete on parent_id, replies cannot be deleted
- this change means that deleting a post will delete all comments and replies without error
2022-08-19 15:49:58 +01:00
Hannah Wolfe
d2acf3aada Fixed attribution table missing on cascade delete
refs: https://github.com/TryGhost/Ghost/issues/15252

- all columns with a foreign key (references prop) must have a deletion strategy
- we just found a bug with this in the comments table - see referenced issue
- this fix adjusts the schema and migration for this change before its released so we don't have to write a horrible migration later
2022-08-19 15:28:45 +01:00
Hannah Wolfe
6d53e40bd9 🐛 Fixed broken email prefs link in comment emails
closes: https://github.com/TryGhost/Ghost/issues/15251

- getAdminUrl is a config helper that returns the direct value from config
- change to using urlJoin and urlFor helpers to generate the correct URL
- not entirely happy with this fix as there's no test, but I've verified it locally
2022-08-19 14:29:35 +01:00
Rishabh
fa26f6a783 Added scheduled job to clean expired complimentary subs
refs https://github.com/TryGhost/Team/issues/1727

- runs a daily cron job at start of the day to cleanup all expired comped subs
- removes `members<>products` mapping for expired entries, and updates status for corresponding members
- also adds status events for members going back from comp -> free as a result of expiry
- scope for future optimisation on how the scheduled job is ran or does the cleanup
2022-08-19 18:20:52 +05:30
Rishabh
1258156c38 Handled storing complimentary subscription expiry
refs https://github.com/TryGhost/Team/issues/1727

- if feature flag is enabled, handles storing expiry date on complimentary subscriptions in `expiry_at` column of `members_products`
- updates the expiry value on both member edit or add with tiers
- expiry is passed as `expiry_at` in `tiers` list of a member
- includes `expiry_at` on tiers data of a member when flag is enabled
2022-08-19 18:20:52 +05:30
Rishabh
c123fdf5da Added feature flag for cardless trials
refs https://github.com/TryGhost/Team/issues/1727

- adds alpha flag to toggle cardless trials via expiring complimentary subscriptions
2022-08-19 18:20:52 +05:30
Hannah Wolfe
704f17ff96
Added beta search helper implementation (#15236)
refs: TryGhost/Team#1732

- We're testing out the feasibility of having a {{search}} helper that outputs an pre-styled icon to trigger search.
2022-08-19 12:27:38 +01:00
Daniel Lockyer
ddd79494b0
Fixed actions not stored when deleting posts
- if a model is being deleted, `attributes` is an empty object and the
  data we actually need is in `_previousAttributes`
- because of this, only fetching the type using `.get` returned the
  wrong value, and the Action model validator would throw an error
  because we tried to insert an empty type
- we can access the previous value using `.previous(..)`
- this commit fixes saving actions when deleting a post by fetching the
  type from the previous attributes if the current attributes is empty
2022-08-19 13:21:13 +02:00
Hannah Wolfe
1fadbacdec
Fixed content-length in labs snapshot
refs: 22fd7f289c

- in the mentioned commit I changed the tests so that we don't need to update snapshots for every labs flag change
- this commit does the same for content-length which didn't get picked up locally, but does on CI for some reason
- the goal is to allow the team to add and remove flags without needing to update a random snapshot
2022-08-19 10:51:43 +01:00
Daniel Lockyer
bf63e250ad Disabled members migrations in test environment
- it turns out we're running the members migration job in tests, and
  these run every time we boot Ghost. Given we wipe the DB each time,
  this forces the job to run, which is just burning valuable test time
- the reason this block of code is slow is because it waits 500ms to see
  if the job has completed
- we run this 55 times, as of writing, during the E2E tests, so that's
  over 27s of idle time
- this commit gates running the migrations to outside of the test environment
2022-08-19 10:03:46 +02:00
Rishabh Garg
43b8ad5069
Added expiry column for complimentary subscriptions (#15241)
refs https://github.com/TryGhost/Team/issues/1727

- allows adding expiry date to complimentary subscriptions, effectively allowing cardless trials.
- expiry is stored in members<>products mapping table
2022-08-19 08:41:40 +05:30
Fabien "egg" O'Carroll
27f1795a5d Fixed count queries for Post signups and conversions
refs https://github.com/TryGhost/Team/issues/1803
refs https://github.com/TryGhost/Team/issues/1802

We renamed the tables during development and these count queries
were missed.
2022-08-18 19:24:54 -04:00
Fabien "egg" O'Carroll
20726c8fc2 Added signup & conversion counts to Posts API
refs https://github.com/TryGhost/Team/issues/1822

Exposing the values through the API is restricted behind the alpha flag.
We're exposing the values by default when the flag is enabled for now,
but can reconsider that later.
2022-08-18 19:24:54 -04:00
Rishabh
f2c6ccf3e5 Updated free trial signup design on Portal
refs https://github.com/TryGhost/Team/issues/1724
2022-08-18 22:51:33 +05:30
Simon Backx
da24d13601
Added member attribution events and storage (#15243)
refs https://github.com/TryGhost/Team/issues/1808
refs https://github.com/TryGhost/Team/issues/1809
refs https://github.com/TryGhost/Team/issues/1820
refs https://github.com/TryGhost/Team/issues/1814

### Changes in `member-events` package

- Added MemberCreatedEvent (event, not model)
- Added SubscriptionCreatedEvent (event, not model) 

### Added `member-attribution` package (new)

- Added the AttributionBuilder class which is able to convert a url history to an attribution object (exposed as getAttribution on the service itself, which handles the dependencies)
```
[{
    "path": "/",
    "time": 123
}]
```
to
```
{
    "url": "/",
    "id": null,
    "type": "url"
}
```

- event handler listens for MemberCreatedEvent and SubscriptionCreatedEvent and creates the corresponding models in the database.

### Changes in `members-api` package

- Added urlHistory to `sendMagicLink` endpoint body + convert the urlHistory to an attribution object that is stored in the tokenData of the magic link (sent by Portal in this PR: https://github.com/TryGhost/Portal/pull/256).
- Added urlHistory to `createCheckoutSession` endpoint + convert the urlHistory to attribution keys that are saved in the Stripe Session metadata (sent by Portal in this PR: https://github.com/TryGhost/Portal/pull/256).

- Added attribution data property to member repository's create method (when a member is created)
- Dispatch MemberCreatedEvent with attribution

###  Changes in `members-stripe-service` package (`ghost/stripe`)

- Dispatch SubscriptionCreatedEvent in WebhookController on subscription checkout (with attribution from session metadata)
2022-08-18 17:38:42 +02:00
Aileen Nowak
e0602b8159 Fixed explore snapshot 2022-08-18 15:50:28 +01:00
Aileen Nowak
f2fdf9e671 Added accent color to Explore service 2022-08-18 15:50:28 +01:00
Daniel Lockyer
bbb5cd24c8
Added actions events for integrations and webhooks
refs https://github.com/TryGhost/Toolbox/issues/356

- this allows Ghost to collect CRUD events for integrations and
  webhooks, to eventually be shown in the audit log
2022-08-18 16:47:48 +02:00
Fabien "egg" O'Carroll
37ef0582e6 Added members_subscription_created_events table & model
refs https://github.com/TryGhost/Team/issues/1803
2022-08-18 10:45:53 -04:00
Fabien "egg" O'Carroll
03155a61ff Added members_created_events table & model
refs https://github.com/TryGhost/Team/issues/1802
2022-08-18 10:45:53 -04:00
Daniel Lockyer
bde9b84221
Fixed page actions events stored as posts
- this was due to the fact that we use the same model for pages as we do
  for posts, so the hardcoded `post` key was not accurate
- this commit adds support for providing a function to return the key for the
  action type
2022-08-18 14:07:04 +02:00
Daniel Lockyer
f51226e5fb Organized package dependencies
- cleaned up unused dependencies
- adds missing dependencies that are used in the code
- this should help us be more explicit about the dependencies a package
  uses
2022-08-18 11:55:49 +02:00
renovate[bot]
0f998e30aa Update sentry-javascript monorepo to v7.11.1 2022-08-17 21:53:41 +02:00
renovate[bot]
79f28a82a3 Update sentry-javascript monorepo to v7.11.0 2022-08-17 21:16:25 +02:00
Naz
8b46814700 Reworked image sizes cache to work with async cache
refs https://github.com/TryGhost/Toolbox/issues/364

- The caches can be or async nature. Having await syntax allows to  support both types - sync and async.
2022-08-17 19:03:50 +02:00
Daniel Lockyer
7aecae11cc
Cleaned up multiple implementations of getAction
refs https://github.com/TryGhost/Toolbox/issues/356

- we had a function called `getAction` in every model where we were
  collecting CRUD actions to store in the DB
- this function has the same boilerplate code - make sure it's not
  internal and then construct the object to return
- as we add more actions to more models, we probably want to pull this
  out and just configure the things specific to the model
- this commit pulls out the function into the actions plugin and adds a
  couple of keys to the models to indicate we'd like to store CRUD
  actions, along with the model name
2022-08-17 10:40:34 +02:00
renovate[bot]
f348fc3223
Updated @tryghost dependencies (#15235)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2022-08-17 08:45:47 +02:00
Simon Backx
c4ea36cfde
Added member attribution script (#15242)
refs https://github.com/TryGhost/Team/issues/1804

- Adds a script that is only injected when the member attribution alpha flag is enabled
- This script builds a history and saves it in localStorage as `ghost-history` that contains something like this: 
``` json
[
    {
       "time": 1660650730,
        "path": "/about/"
   },
   {
        "time": 1660651730,
       "path": "/welcome/"
    }
]
```

- Keeps track of the time of every page visit, so we can correctly remove old items. I also considered saving the time separately and clearing the whole history when the saved time is older than 24h, but that would have the side effect that items older than 24h might leak into the history if you visit every 12 hours (to give an example). Plus, having objects in the history might make it easier to add other attributes to the items if we ever want to do that in the future. We also have access to the time between visits.
- Added `.eslintrc` configuration for this new frontend script. This makes it easier to spot errors when developing, and follow the same syntax rules as other scripts. In the future it can allow us to require an older ECMA version in the browser script. If we like this pattern, we could also use it for other frontend scripts.
2022-08-16 15:44:51 +02:00
Naz
6cf49d8f89 Fixed inconsistent format of image sizes cache
refs https://github.com/TryGhost/Toolbox/issues/364
refs 147ec91162

- This looks like a subtle bug that has gone unnoticed for years. Have checked if we rely on the logic anywhere (mostly used in image-dimensions frontend helper) - we don't access the "url" directly.
- There is no reasoning attached behind why the cached size was stored as a url (see refed commit)

- WHY is this even being fixed? Caches can store anything... does not mean we should! Inconsistent data becomes a real PITA  if the cache is persisted and is hard to repopulate (e.g. to migrate the cached data format).
2022-08-16 15:20:49 +02:00
Peter Zimon
1b6b905dcd Added free trial indicator to tier card in Admin
refs. https://github.com/TryGhost/Team/issues/1806

- free trial indicator - which helps users identify tiers easier - was missing on tier cards in Settings / Membership in the Admin
2022-08-16 14:15:31 +02:00
Naz
e4d02657ee Swapped image size "Map" cache for adapter cache
refs https://github.com/TryGhost/Toolbox/issues/364

- The "new Map()" cache was a "hidden cache" that did not follow any specific pattern. Following the cache adapter pattern here makes it possible swapping out the cache for alternative implementations - e.g. Redis storage
2022-08-16 12:35:35 +02:00
Naz
34b4421452 Moved settings cache to an explicit "in memory" adapter
refs https://github.com/TryGhost/Toolbox/issues/364

- Before introducing an image size caching mechanism we need to make existing caches explicit - makes sure caches are operating in multiple different instances.
- Explicit syntax also allows to pass in different configurations for each cache instance (e.g. use different Redis connections for caches with different purposes)
2022-08-16 12:35:35 +02:00
Naz
05eb719d0a Swapped image size cache with InMemoryCache
refs https://github.com/TryGhost/Toolbox/issues/364

- The InMemoryCache is an implementation of the cache adapter interface and allows to test cache in the works which is "close to the real world". Being able to do so in tests for image sizes cache manager proves we can use other cache adapters such as Redis based ones.
2022-08-16 12:35:35 +02:00
Naz
e549528985 Simplified image size cache module constructor
refs https://github.com/TryGhost/Toolbox/issues/364

- As little as possible should be passed in in the parameters for any method/constructor/whatever. Specific Function > vague Object
2022-08-16 12:35:35 +02:00
Naz
58a656cbc2 Refactored cached image sized module async error handling
refs https://github.com/TryGhost/Toolbox/issues/364

- A little cleanup
2022-08-16 12:35:35 +02:00
Naz
92d6c998b3 Fixed error handling bug in image size cache
refs https://github.com/TryGhost/Toolbox/issues/364

- Doing the `.catch(errors.NotFoundError...` was throwing another error as this syntax did not work with native promises. Checking `instanceof` works 100% and is way more explicit/readable way to handle this type of error differently
2022-08-16 12:35:35 +02:00
Naz
7910779143 Removed "has" method usage to be cache-compatible
refs https://github.com/TryGhost/Toolbox/issues/364

- Cache adapter does not have a "has" method, so using "get" instead to achieve the same to have full compatibility. Should allow to just drop in the cache adapter implementation instead of current Map instance.
2022-08-16 12:35:35 +02:00
Naz
38c76847e9 Refactored cache image size test suite
refs https://github.com/TryGhost/Toolbox/issues/364

- It was using an outdated syntax and relied on Bluebird depencency. Updated the syntax to async/await and dropped the Bluebird dependency.
2022-08-16 12:35:35 +02:00
Naz
7d3b678d4e Refactored cached image size to have cache as DI
refs https://github.com/TryGhost/Toolbox/issues/364

- Groundwork before swapping out existing cache for in-memory cache from the adapter
2022-08-16 12:35:35 +02:00
Fabien "egg" O'Carroll
c37670ea40 Fixed Settings API test snapshot
refs https://github.com/TryGhost/Team/issues/1801

Adding a new labs flag increased the content length of the settings snapshot
2022-08-15 17:20:43 -04:00
Fabien "egg" O'Carroll
73fec0fc93 Added the memberAttribution alpha flag
refs https://github.com/TryGhost/Team/issues/1801

This will allow us to develop behind a flag, and switch it to beta
down the line.
2022-08-15 17:10:08 -04:00
Daniel Lockyer
d153b40c48 v5.9.4 2022-08-15 20:47:26 +01:00
Fabien 'egg' O'Carroll
96cd6df6fa
🐛 Fixed Comments administration for self hosters (#15239)
refs https://github.com/TryGhost/Team/issues/1799

Rather than using the `adminAuthAssets` config which is not updated to
be aware of running in a different directory to the cwd, we use the
getContentPath method which handles all of the directory checking.

Without this, we were unable to serve the admin-auth iframe, as the
directory was incorrect for self hosters.
2022-08-15 15:38:19 -04:00
Daniel Lockyer
b27ea8f504
Optimized database resets for local testing
- we've had an optimization in CI that copies a fresh SQLite DB to a
  file, and copies it back when we need to do a DB reset
- I originally only let this run in CI but we've had it around for a
  while so we should GA it to run on local machines
- there may be edge cases, but we should fix them instead of letting
  tests run slower for development
- this also makes sure we clean up any existing files before
  initializing the DB
2022-08-15 16:58:56 +02:00
Hannah Wolfe
9f38e8c49c
Removed unused comments route (#15238)
- the comments system lives at members/api/comments and was meant to be removed from here in an early refactor but was missed, possibly as a result of the huge rebase we did
2022-08-15 15:45:42 +01:00
Hannah Wolfe
22fd7f289c
Removed need for snapshot updates for feature flags
- prior to this commit, if you add or remove a faeture flag, you also have to update the snapshots for the settings tests
- feature flags are intended to be very easy to add and remove, and so this extra step doesn't fit with our needs
- it's also unnecessary, we don't need to verify the exact contents of the labs setting
2022-08-15 15:36:14 +01:00
Daniel Lockyer
70aa1dd3c8
Added auditLog labs flag
refs https://github.com/TryGhost/Toolbox/issues/356

- allows work on the Audit Log project whilst in alpha
2022-08-15 14:59:32 +02:00
Daniel Lockyer
d493fd7bf1 v5.9.3 2022-08-15 13:09:54 +01:00
Peter Zimon
aaa967eafe Fixed missing quote indicators in comment emails
refs. https://github.com/TryGhost/Team/issues/1794

- left border was missing for quotes in comment related emails
2022-08-15 13:47:25 +02:00
Simon Backx
bad4f13c2f 🐛 Fixed comments script always injected
refs https://ghost.slack.com/archives/C02G9E68C/p1660562592376769
2022-08-15 13:26:24 +02:00
Daniel Lockyer
fa6900b299 v5.9.2 2022-08-15 10:55:17 +01:00
Simon Backx
a666b846e6
🐛 Fixed unsubscribe flow for comment reply emails (#15232)
refs https://github.com/TryGhost/Team/issues/1790

- Currently we go to the account settings when you click 'Manage your email preferences' in the footer of an email that informs a comment author that they received a reply.
- Related Portal changes are here: https://github.com/TryGhost/Portal/pull/255
2022-08-15 11:36:08 +02:00
Simon Backx
f6a7f75465 Bumped comments-ui to v0.9 2022-08-15 11:30:54 +02:00
renovate[bot]
7f5d95ffff Update @tryghost 2022-08-15 10:08:46 +02:00
renovate[bot]
7d3f5d3165 Update dependency eslint to v8.22.0 2022-08-15 10:07:34 +02:00
Daniel Lockyer
d2eda5cf51 Extracted oembed service to separate package
refs https://github.com/TryGhost/Toolbox/issues/363

- the oembed service is completely standalone and could do with some
  individual unit tests
- moving it out to a package allows us to draw the boundaries better and
  allows us to remove some dependencies from the core package.json
2022-08-15 10:07:06 +02:00
Daniel Lockyer
dfbe8ee296 Removed Sentry from oembed service
- I'm not sure if we gain anything here except noise
- it was added after a bug in the oembed service but it was regarding
  oembed-parser and not metascraper
2022-08-15 10:07:06 +02:00
renovate[bot]
5250dd9a12 Update dependency cssnano to v5.1.13 2022-08-13 11:20:27 +02:00
Daniel Lockyer
54baa8d71e v5.9.1 2022-08-12 17:11:31 +01:00
Daniel Lockyer
b7ea57e2da
🐛 Fixed packaging issue with missing component
refs bf254b9c6a

- this was missing from the referenced commit in order to import the
  package into Ghost core
2022-08-12 17:48:40 +02:00
Daniel Lockyer
b06b7c5ddd v5.9.0 2022-08-12 16:00:29 +01:00
Daniel Lockyer
02c9f287fb 🎨 Updated Casper to v5.3.0 2022-08-12 16:00:29 +01:00
Simon Backx
27df4e536f
Added native comments (#15223)
no issue

- Removes the comments lab flag (bumping it to GA).
- Bumps comments-ui to v0.8
2022-08-12 16:06:06 +02:00
Aileen Nowak
77e4be6b81 Updated tests to incl. host limit cases for core integrations
- added core and builtin integrations to test fixtures
- allowed passing a custom api key id to generate JWT
- updated admin key auth test to make successful request with a `core` integration, which doesn't work atm because relations are not returned
2022-08-12 14:18:44 +01:00
Aileen Nowak
5ac779f86b Added core type integrations to API serializer 2022-08-12 14:18:44 +01:00
Aileen Nowak
0e284edbad Allowed core integrations to work with Admin API 2022-08-12 14:18:44 +01:00
Aileen Nowak
c813e5d96e Added migrations to change Ghost Explore integration type
no issue

- The previous integration type is insufficient and we need to utilise a new type `core`
2022-08-12 14:18:44 +01:00
James Morris
44aa5336d6 Updated the comments version to 0.7.0
no issue
2022-08-12 14:11:46 +01:00
Simon Backx
7ddfa9a195 Readded limit to replies relation
no issue

Was accidentally committed with previous commit.
2022-08-12 14:49:43 +02:00
Simon Backx
5c75997685 Fixed options not being passed to loaded replies
fixes https://github.com/TryGhost/Team/issues/1787

- Options were not passed
- The member context variable was not passed to the count helper
- Liked was always false for replies
2022-08-12 14:41:29 +02:00
Daniel Lockyer
7ea1c2591b
Added metric collection for URL service initialization time
- this should help us get more visibility into the URL service and the
  effect it has on bootup time
2022-08-12 11:08:42 +02:00
Daniel Lockyer
5f514a7d1b
Improved functionality of yarn setup
- we need to initialize the submodules in case they weren't done when
  cloning, otherwise Casper will be missing
- we can avoid doing an initial build because it'll get wiped when we do
  `yarn dev` anyway
2022-08-12 09:36:48 +02:00
Fabien 'egg' O'Carroll
ae8cd7c0f4
Fixed comment replies limiting (#15217)
The limit applies to the replies relation is applies globally when
fetching a collection, which means only 3 replies in total will be
fetched across all comments.

This patches the findPage method to manually fetch the replies and
replies adjacent relations manually on each comment, applying the limit
on a comment-by-comment basis.

This is not optimised as we currently still make the initial request for
relations.
2022-08-11 17:58:43 +01:00
renovate[bot]
9b7604b999 Update sentry-javascript monorepo to v7.10.0 2022-08-11 18:03:48 +02:00
Daniel Lockyer
537714cb6c Moved API documentation to api-framework README
- it's better suited here given this package is now the API framework
2022-08-11 17:44:59 +02:00
Daniel Lockyer
687e68d5de Extracted shared API framework to separate package
refs https://github.com/TryGhost/Toolbox/issues/363

- this API framework is standalone and should be pulled out into a
  separate package so we can define its boundaries more clearly, and
  promote better testing of smaller parts
2022-08-11 17:44:59 +02:00
Daniel Lockyer
9aa5eab5ed Fixed internal shared framework requires
- these requires go outside of the shared folder, and then back in to
  the index.js
- this is confusing and won't work when we pull this code out of core
- this commit cleans up the requires to make them more explicit
2022-08-11 17:44:59 +02:00
Daniel Lockyer
dc0cec56ea Moved settings mappers from shared frame to endpoints
- I'm still not sure where these are meant to be but they don't really
  belong in shared and I'm about to pull that folder out into a separate
  package
2022-08-11 17:44:59 +02:00
Daniel Lockyer
7d52ae52cf Deleted concept of external user
refs https://github.com/TryGhost/Toolbox/issues/363

- AFAICT, this is an outdated and unused concept from when subscribers
  were a thing, but members are now how we do things, and this is causing code
  to linger around that we don't need
2022-08-11 16:05:00 +02:00
Daniel Lockyer
120dee86b3
Refactored permissions.canThis to class structure
- updates the file to modern classes given that Ghost/Node supports them
2022-08-11 15:35:56 +02:00
Daniel Lockyer
42e722d627
Moved Cache-Control middleware to separate package
refs https://github.com/TryGhost/Toolbox/issues/363

- this middleware is standalone and I suspect we're going to be touching
  it further when we work on Ghost's caching in the near future
2022-08-11 14:14:20 +02:00
Simon Backx
ea86191d1e Bumped comments-ui to v0.6 2022-08-11 10:05:14 +02:00
renovate[bot]
74f1d9240b Update dependency @playwright/test to v1.25.0 2022-08-11 10:04:32 +02:00
Rishabh
f200eeb1ec Wired free trial offers UI in Portal
refs https://github.com/TryGhost/Team/issues/1726

- adds offer page for free trial offers in Portal
2022-08-11 12:09:56 +05:30
Rishabh
843bbfa55d Handled stripe setup for free trial offers
refs https://github.com/TryGhost/Team/issues/1726

- free trial offers don't need a stripe coupon created for them
- checkout sessions for free trial offers ignore stripe coupon and directly pass the trial days value
- trial days of an offer take precedence over trial days added as default to a tier
2022-08-11 11:04:39 +05:30
Rishabh
27a89d4b0e Updated offers schema to allow free trials
refs https://github.com/TryGhost/Team/issues/1726

- updates offer type validation to include `trial`
- add offer duration validation which includes `trial` for free trial offers
2022-08-11 11:04:39 +05:30
Simon Backx
7414c4dbb7 Added publication attribute to comments helper script
refs https://github.com/TryGhost/Team/issues/1776
2022-08-10 17:34:05 +02:00
James Morris
be7fa97144 Updated the text for emails and followed the same styling as other emails
- Needs some careful testing as emails are a little tricky code wise

refs https://github.com/TryGhost/Team/issues/1770
2022-08-10 16:13:32 +01:00
Daniel Lockyer
bf254b9c6a Extracted Mailgun client to separate package
refs https://github.com/TryGhost/Toolbox/issues/363

- this commit pulls all code involving the Mailgun client SDK into one
  new package called `mailgun-client`
- this means we should be able to replace `mailgun-js` (deprecated) with
  `mailgun.js` (the new, official one) without editing code all over the
  place
- this also lays some groundwork for better testing of smaller
  components
2022-08-10 17:12:37 +02:00
Simon Backx
82a3133ace
Added replies/likes count and limited replies to comments (#15206)
refs https://github.com/TryGhost/Team/issues/1723

- Added count.replies to comments
- Added replies endpoint
- Limited returned replies to 3.
- Replaced likes_count with count.likes in comments
- Instead of fetching all the likes of a comment to determine the total count, we'll now use count.likes
- Instead of fetching all the likes of a comment to determine whether a member liked a comment, we'll now use count.liked (which returns the amount of likes of the current member, being 0 or 1). This is mapped to `liked` to make it more natural to work with.

The `members.test.snap` file changed because we no longer include `liked: false` if we didn't fetch the liked relation. And in the comments events of the activity feed the liked property is therefore removed.

These changes requires an update to the `bookshelf-include-count` plugin:
- Updated to also work for nested relations
- This moves the count queries from the `bookshelf-include-count` plugin to the `countRelations` method of each model.
- Updated to keep the counts after saving a model (crud.edit didn't return the counts before)
2022-08-10 16:12:35 +02:00
Daniel Lockyer
41d228a1ae
Added copied release assets into .gitignore
- these files are copied into the `ghost/core` folder by monobundle so
  they can be included with NPM, but they shouldn't be in git because
  they'd just be duplicates of the top-level files
2022-08-10 14:19:16 +02:00
Daniel Lockyer
89106bce1c
Added monobundle as a prepack step
- in order to pack the tarball correctly, we need monobundle to run
  beforehand
- up until now, it's the responsibility of the release script to make sure
  to run it before `npm pack`
- this commit ensures it gets run, so the generated .tgz file is valid
2022-08-10 14:19:16 +02:00
Daniel Lockyer
e000c6cca6
Deleted unused schema util
refs 03cbc89a53

- this util was added to fix an issue with the types of columns in
  MySQL, but the issue was back in 2014 (!!)
- we're long past doing it in this way so we'll likely never use it
  again
2022-08-10 10:53:47 +02:00
Rishabh
58f13517d2 Updated member's free trial detail on Portal
refs https://github.com/TryGhost/Team/issues/1724

- refines design for free trial detail for a member on Portal
2022-08-09 21:37:38 +05:30
Daniel Lockyer
509662b52b v5.8.3 2022-08-09 16:02:55 +01:00
Fabien "egg" O'Carroll
9dc6e9fcbc Bumped comments-ui version to 0.5.0
This includes fixes to the comment count, and updates it based on local actions.
2022-08-09 15:16:41 +01:00
Daniel Lockyer
6dde5e40e3
Updated Eslint ECMAScript compatibility to 2022
refs https://github.com/TryGhost/Toolbox/issues/345

- this commit bumps `eslint-plugin-ghost`, which bumps compatiblity to
  2022
- this also removes a lot of the manually-added
  `parserOptions.ecmaVersion` that we had in imported packages, in favor
  of the value set in `eslint-plugin-ghost`
2022-08-09 15:51:40 +02:00
Fabien 'egg' O'Carroll
43d41e8b0e
Removed deleted and hidden comments from the comment count
refs https://github.com/TryGhost/Team/issues/1763

These should not be included in the count as they do not contain content.
2022-08-09 13:51:13 +01:00
Aileen Nowak
fd9e19ce07 Fixed limit service not allowing explore integration
no issue

- Don't run limit checks for the Ghost Explore integration
2022-08-09 13:15:00 +01:00
Fabien 'egg' O'Carroll
f34740d6d0
Added support for autowrap and class to the comment_count helper (#15203)
refs https://github.com/TryGhost/Team/issues/1760

This allows theme developers to wrap the output of the comment_count
helper in an element, which will only be shown when there is content
to output.

This makes styling a lot easier, as the default output for no comments
is nothing, meaning that separators defined with CSS will not be rendered.
2022-08-09 13:08:36 +01:00
Rishabh Garg
098f40bbe3
Added trial info to member subscription detail (#15193)
refs https://github.com/TryGhost/Team/issues/1757

- exposes trial start and end dates in member's subscription object
- allows portal and admin to show member's trial information in UI
2022-08-09 17:28:00 +05:30
renovate[bot]
ac2ddee8fb Update dependency postcss to v8.4.16 2022-08-09 12:54:15 +02:00
Rishabh
ce80d250bf Handled null trial days on tiers
refs e26c977c66

- handles null trial days in admin and API, sets trial days as 0 for null values
2022-08-09 14:14:22 +05:30
Rishabh
98b21d18f9 Allowed null value for trial days in tiers api
refs e26c977c66

- allows trial days to be null in admin api schema when set via tiers api
2022-08-09 14:14:22 +05:30
Daniel Lockyer
c2e45b657f Removed bthreads dependency in favor of native worker_threads
fixes https://github.com/TryGhost/Toolbox/issues/370

- we no longer need `bthreads` because we can use native
  `worker_threads` now we don't have to support Node 10 any longer
- this allows us to clean up a dependency and stick with native
  libraries
- the referenced node-sqlite3 issue should be fixed (or at least, we now
  maintain it so we can fix it if not)
2022-08-09 09:04:59 +02:00
renovate[bot]
db86e21512
Update dependency juice to v8.1.0 2022-08-09 05:03:08 +00:00
Daniel Lockyer
c11f5edc10 v5.8.2 2022-08-08 19:19:03 +01:00
Fabien 'egg' O'Carroll
e26c977c66
🐛 Fixed saving membership settings (#15196)
refs https://github.com/TryGhost/Ghost/commit/a58efd6b

The references commit updated the admin-api-schema to require the `trail_days`
property, which is not yet supported by the Admin. When saving membership
setting we also save all the Tiers, which then causes the validation to fail.

Until the Admin supports the property we should remove validation from the API
2022-08-08 19:10:54 +01:00
Daniel Lockyer
67aa8d5956 v5.8.1 2022-08-08 15:53:50 +01:00
Fabien 'egg' O'Carroll
5165a0b298
Redacted comment html for deleted and hidden comments (#15173)
refs https://github.com/TryGhost/Team/issues/1745

This is done at the mapper layer, so that the model can be used for the
Admin API - where will probably want to expose the underlying content.

We've also disabled editing of deleted/hidden comments, to avoid
accidentally overriding the comments html when sending up deleted
comments.
2022-08-08 13:29:27 +01:00
Daniel Lockyer
e1984c8607
Cleaned up core package Gruntfile
- most of these tasks were duplicates or had been extracted out into
  npm/yarn scripts
- in order to get closer to removing Grunt, I've cleaned up the majority
  of those script
- this also removes an intermediate command to building Admin, so it starts
  ever so slightly quicker
2022-08-08 13:03:49 +02:00
Daniel Lockyer
71b599b632
Removed coffeescript dev dependency
refs 82dcc042cd

- `coffeescript` was only added in the first place because of an update
  to `grunt-bg-shell`, which required it
- since then, we've removed `grunt-bg-shell`, so we don't need this
  dependency any further
2022-08-08 12:37:07 +02:00
renovate[bot]
6d9a5cc28a
Update metascraper to v5.30.1 2022-08-05 19:09:11 +00:00
Simon Backx
eb4d882bb2 Fixed whitespace in bio not removed
fixes https://github.com/TryGhost/Team/issues/1755
2022-08-05 17:10:56 +02:00
Daniel Lockyer
512c40b5d5 v5.8.0 2022-08-05 16:02:32 +01:00
renovate[bot]
342ced452e Update sentry-javascript monorepo to v7.9.0 2022-08-05 16:05:30 +02:00
Daniel Lockyer
ad209f3a7d
Improved yarn dev development tooling
- this commit switches our `yarn dev` workflow from heavily relying on
  Grunt, to using `nodemon` and `concurrently`
- we're doing this to reduce reliance on Grunt, but also to fix several
  nits with the way `yarn dev` works in the monorepo
- we now use `nodemon` to run the Ghost backend, and it should
  auto-refresh whenever you change a file in any of the packages (except
  `admin`)
- we use `concurrently` to simultaneously run `ghost` and `admin` at
  the same time. it seems to handle process cleanup well and has nice
  colored prefixes to help with differentiating between log output
- this commit ends up removing a handful of Grunt dependencies and
  reduces the functionality stored in the Gruntfile
- on the whole, it should keep existing functionality but there may be
  some small underlying changes to get used to
2022-08-05 15:54:37 +02:00
Simon Backx
46e1f52d3a Cleaned up debug console log
refs 17a9759cf3
2022-08-05 15:39:54 +02:00
Simon Backx
17a9759cf3 Fixed posting empty comments
refs https://github.com/TryGhost/Team/issues/1750

- Trim whitespace from empty paragraphs
- Do not allow empty comments
- Also includes: Allow requesting the parent relationship of a comment (required for focusing comments)
2022-08-05 15:31:08 +02:00
David Kolosowski
3c76172e81
removed catch predicate from integrations (#14969)
refs https://github.com/TryGhost/Ghost/issues/14882

- catch predicates make removing Bluebird from other parts of the code risky.
2022-08-05 14:21:02 +01:00
Rishabh
eb5b463460 Updated comment notification management in Portal
refs https://github.com/TryGhost/Team/issues/1677

- updates managing comment notifications in UI for single newsletter sites
- updated cta for tiers with free trial
2022-08-05 18:21:18 +05:30
Rishabh Garg
5704ac061e
Handled storing of trial start/end info for subscription (#15161)
refs https://github.com/TryGhost/Team/issues/1724

With free trials, members can start subscriptions with a trial period. This change stores the information about trial start and end date for every subscription so it can be shown on Admin/Portal for member.

- adds new `trial_start_at` column for storing trial start date on Stripe subscription. Will in most cases match the start of subscription date.
- adds new `trial_end_at` column for storing trial end date on Stripe subscription.
- wires storing trial start and end values on stripe subscription
2022-08-05 17:50:40 +05:30
Rishabh
a58efd6ba1 Updated admin api schema to include trial days on tiers
refs https://github.com/TryGhost/Team/issues/1724
2022-08-05 17:23:40 +05:30
Rishabh
2d12d9aa89 Wired trial days to tiers API
refs https://github.com/TryGhost/Team/issues/1724

- Added `trial_days` to api serializers
2022-08-05 17:23:40 +05:30
Daniel Lockyer
a0dca653e7
Updated @tryghost/* packages
- these were all published from the SDK repo
2022-08-05 13:30:50 +02:00
arsereg
182a7ea07c
💡 Upgraded Tenor API to v2 (#15087)
closes: https://github.com/TryGhost/Ghost/issues/14980
refs: cc276486f0

- Tenor is now operated by Google, and the old v1 Tenor API has been decommissioned
- At present anyone with a pre-configured tenor integration will get intermittent errors, whilst it is impossible to setup a new tenor API integration
- Sadly old keys do not work with the new API, and new keys do not work with the old API, so there is no happy path forward.
- After this lands, everyone will need to go and get a new Google API Key for Tenor, update their config, and then the integration will work properly again.
- This particular change renames the API key from `publicReadOnlyApiKey` to `googleApiKey` to reflect that the key itself changes in type and behaviour

Co-authored-by: Hannah Wolfe <github.erisds@gmail.com>
2022-08-05 12:13:27 +01:00
Daniel Lockyer
ba863966ad
Increased integration test threshold
- this is only a temporary fix until we have time to go and investigate
  some performance issues in the tests
- we keep seeing random failures due to timeouts in the integration
  tests, and it's incredibly distracting
2022-08-05 12:57:57 +02:00
Daniel Lockyer
36fef8976b Fixed allowing multiple shutdown procedures
- Ghost doesn't prevent itself from running the `shutdown` procedure more than once
- if you spam Ctrl-C, you can reproduce this
  - this might not be the case when running using `yarn dev` because
    some Grunt code captures the SIGINT/SIGTERM, but that is changing
    very soon
- whilst not necessary a problem now, we might introduce code that runs
  during a shutdown but only expects to happen once
- this commit introduces a flag to say that Ghost is shutting down, and
  prevents the `shutdown` function from executing further once true
2022-08-05 12:43:18 +02:00
Simon Backx
43f57a4742 Bumped comments-ui to 0.4.0
no issue
2022-08-05 11:50:50 +02:00
Aileen Nowak
085958d53d Added Ghost Explore integration
no issue

- bumps Ghost Explore to GA from alpha
2022-08-05 10:06:10 +01:00
Daniel Lockyer
c8b3a08f24
Fixed linting 2022-08-05 10:01:09 +02:00
Daniel Lockyer
dd41929251
Removed Grunt from Admin
- as part of our effort to reduce our usage of Grunt in favor of more
  maintainable (and maintained) alternatives, this commit removes Grunt
  from Admin
- the main difference here is switching from subgrunt to shell, which
  should be a nice stepping stone to removing Grunt altogether one day
2022-08-05 09:53:08 +02:00
renovate[bot]
7cb6bcac85
Update dependency @tryghost/kg-mobiledoc-html-renderer to v5.3.6 (#15118)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2022-08-04 21:23:54 +01:00
Rishabh
2055a742de Updated comments notification copy in Portal
refs https://github.com/TryGhost/Team/issues/1744
2022-08-05 01:08:02 +05:30
Daniel Lockyer
8f8fcbd5e9
Switched to original version for metrics
- up until now, we've been sending the `safe` version as data in
  metrics, but this only includes major.minor
- we'd like to be able to see how every release affects the results, so
  this commit switches to using the version that was supplied in the
  package.json so we've got more of a granular overview
2022-08-04 19:22:57 +02:00
Naz
fa8d94fce2 Fixed the typo
refs e9bfc4ef01

- Did a typo in the find and replace... and now correcting a typo of a typo  -_-
2022-08-04 15:38:32 +01:00
Naz
2de7688eaf Used in memory cache adapter in settigs cache manager
refs https://github.com/TryGhost/Toolbox/issues/364

- Settings Manager used to store all of it's settings values in a hash - an in memory cache in disguise. Having a hidden cache made it hard to reason about it's impact of memory usage and did not allow to swap it out for an alternative storage metchanism easily. Having a cache storage abstraction in Settings Manager allows to get rid of long lasting memory problems + decouples storage mechanism from the logic around transforming stored values.
2022-08-05 02:28:33 +12:00
Naz
ed79d3e9b3 Added basic memory cache storage implementation
refs https://github.com/TryGhost/Toolbox/issues/364

- This is groundwork to substitute in memory caches we use across the codebase. The first candidate would be settings cache. The interface of the memory cache was kept to the minimum. The "keys" method is a somewhat acceptable alternative to the "getAll" method used in the codebase right now.
- The next iteration over this would be adding async methods are alternative key/value storage methanisms like Redis.
2022-08-05 02:28:33 +12:00
Naz
af0014917b Moved cache storage initialization
refs https://github.com/TryGhost/Toolbox/issues/364

- Passing "cache" through constructor did not work out because cache setting is still dependent upon on the model layer (gets called before it has a chance to initialize during db migrations)
- To remove the initialization dependency blockers were:
    "defaults" method in the post model - the value resolved to "undefined" anyway during the fixture insertion
    validate-password module - checks the password against "undefined" during fixture initialization
- Passing the cache through "init" method works too, but is not as clear as with constructor DI pattern.
2022-08-05 02:28:33 +12:00
Naz
e9bfc4ef01 Changed the lingo to US of A variation
refs 16728a3ef1

- It's 'merica time!
2022-08-05 02:28:33 +12:00
Simon Backx
bac8f4b8db
Added bio to members api (#15168)
refs https://github.com/TryGhost/Team/issues/1716

- Adds the bio field to the API output
- Allow setting bio when updating the member
- Includes new E2E tests for the members API that were missing
2022-08-04 15:51:23 +02:00
renovate[bot]
f4a31aae7d
Update dependency @tryghost/kg-default-atoms to v3.1.3 (#15115)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2022-08-04 12:17:58 +01:00
renovate[bot]
4957298e68
Update dependency @tryghost/kg-markdown-html-renderer to v5.1.6 (#15117)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2022-08-04 12:17:04 +01:00
renovate[bot]
88436506f4
Update dependency @tryghost/kg-default-cards to v5.16.3 (#15116)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2022-08-04 11:06:18 +01:00
renovate[bot]
4868989a4a
Update dependency @tryghost/kg-card-factory to v3.1.4 (#15114)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2022-08-04 11:05:55 +01:00
Fabien "egg" O'Carroll
7e630dcb23 Bumped comments-ui version to 0.3.x
refs https://github.com/TryGhost/Team/issues/1695

This version of the comments-ui includes changes to work with the
comments helper design.
2022-08-04 11:04:50 +01:00
Kevin Ansfield
2524916e61 Switched koenig-react experiment URL back to unpkg
no issue

- jsdelivr has heavy CDN and local caching for 7 days which makes it difficult to test the frequent package bumps whilst we're actively working on the experimental package. Switching back to unpkg for now to take advantage of it's 60s cache
2022-08-04 10:32:38 +01:00
Daniel Lockyer
7cf4f595f7 🐛 Fixed missing published Admin assets when running in development
refs https://forum.ghost.org/t/admin-template-issues-default-install/31750

- we recently switched to using different folders within `core/built`, to
  indicate the assets that are applicable for development/production
  environments
- unfortunately, this came with the side effect of the "development" assets
  missing in the published tarball, which meant Admin wouldn't load when
  running in development mode
- this was a regression from how it previously worked because we used to
  just copy the production HTML file to the development HTML name, and
  use the same assets
- after thinking about it, I think we can get rid of the split folders
  for assets, because I don't think the use-case is there for having
  them:
  - if you run Ghost from source, you're 99% only using the
    development-built assets
  - if you want production ones, you can run with a flag, but the
    development ones get wiped anyway
  - those running Ghost from a published package are using the same
    assets and HTML file
- therefore, I think we can make our lives simpler by removing the env
  folders and using a folder under `core/built/admin/...`
- this commit implements that across Ghost and Admin
2022-08-04 10:55:35 +02:00
James Morris
5ff512256f Fixed up some email template problems on mobile for comments
- Swapped out some tables for divs for more reliable sizing
- Changes should help avatars on mobile

refs https://github.com/TryGhost/Team/issues/1742
2022-08-04 09:29:29 +01:00
Rishabh Garg
c931d80cc0
Added migration to store trial days on tier (#15129)
refs https://github.com/TryGhost/Team/issues/1724

- storing trial period days allows site owners to give free trial for N days to all members signing up on a tier
- by default, all tiers have 0 trial period days(same as no trial)
2022-08-04 11:35:57 +05:30
Daniel Lockyer
a398a0e57d
Cleaned up subgrunt usage between Ghost and Admin
refs https://github.com/TryGhost/Toolbox/issues/365

- some of this was barely used anyway, but now Admin is a package in the
  monorepo, we don't need to be installing dependencies twice
2022-08-03 17:05:57 +02:00
Daniel Lockyer
464b5ca426 Extracted html-to-plaintext shared lib into package
refs https://github.com/TryGhost/Toolbox/issues/363

- this shared library is standalone, and it used in various places of
  Ghost core, so we can pull it out to keep it easier to reason about
- we also use the `html-to-text` dependency in another package but it's
  outdated and could now switch to this new package
2022-08-03 16:51:56 +02:00
Daniel Lockyer
b3d7347e9e
Deleted reference to core/admin
refs https://github.com/TryGhost/Toolbox/issues/365

- this directory no longer exists because we've brought it into the
  monorepo
2022-08-03 16:28:41 +02:00
Daniel Lockyer
b1d6b434b5
Fixed yarn dev
refs https://github.com/TryGhost/Toolbox/issues/365

- this fixes the path of the admin assets to the ghost package dir and
  points the subgrunt path to the admin dir
2022-08-03 16:00:40 +02:00
Simon Backx
e1bee3c647
Implemented admin auth origin check (#15135)
refs https://github.com/TryGhost/Team/issues/1694

- Added replacements option to `@tryghost/minifier` + updated documentation and name of 'options' param which was a bit confusing. 
- At compile time, we'll replace `'{{SITE_ORIGIN}}'` with the actual and JS encoded origin string.
- Block requests to the auth frame with the wrong origin, but log a warning for now to make debugging easier.
- Limit who can read the response messages by origin
2022-08-03 15:59:08 +02:00
Daniel Lockyer
c2f2312ad2
Deleted Admin submodule
refs https://github.com/TryGhost/Toolbox/issues/365

- this is no longer needed because we've inline Admin into the monorepo
2022-08-03 15:56:53 +02:00
Daniel Lockyer
59c750a369 v5.7.1 2022-08-03 12:56:44 +01:00
Daniel Lockyer
068c52de1d 🎨 Updated Casper to v5.2.3 2022-08-03 12:56:44 +01:00
Fabien "egg" O'Carroll
8dc8ab88ca Added default values for comment_count helper
refs https://github.com/TryGhost/Team/issues/1695

We add english defaults for the singular and plural params leaving the
empty param blank so as to not draw attention to low engagement.
2022-08-03 12:23:37 +01:00
renovate[bot]
81ce63f584 Pin dependency @types/common-tags to 1.8.1 2022-08-03 13:05:20 +02:00
Daniel Lockyer
02e696bd2f
Pinned dependency
- this should be pinned because Ghost is an application
2022-08-03 12:56:14 +02:00
Fabien "egg" O'Carroll
b8e3eb55cd Updated GScan to support comment_count and comments helpers
refs https://github.com/TryGhost/Team/issues/1695

Since these helpers take params now, we need to explicity add them
to the list of known helpers.
2022-08-03 11:52:08 +01:00
Fabien "egg" O'Carroll
e6317e9da3 Fixed the count endpoint for the Members Comments API
refs https://github.com/TryGhost/Team/issues/1695

When a post does not have any comments we were not returning any data
from the API, which would cause issues with the comment counts helper
frontend script. This updates the endpoint to always include the count
when explicitly requesting the count for specific posts.

We've also pulled the logic out into a stats service so that the endpoint
can just refer to the controller.
2022-08-03 11:52:08 +01:00
Fabien "egg" O'Carroll
023d85d561 Updated comment_count helper and frontend script
refs https://github.com/TryGhost/Team/issues/1695

This updates the comment_count helper from a block to inline, and the
frontend script to replace the entire element with the comment count
text. This means that theme designers will have the most flexibility
as they can choose whether or not to wrap the text in an element, as
well as which element.
2022-08-03 11:52:08 +01:00
Naz
452132600b Fixed trailing whitespace in test file
no issue

- The linter does not seem to pickup the trailing whitespace problem in test files. This would be good to fix project-wise with the `--fix` options or something similar
- This change is for example purpuses :)
2022-08-03 11:48:02 +01:00
Simon Backx
b57ffc0258 Added underline and bold style to post link in comment emails
refs https://github.com/TryGhost/Team/issues/1739
2022-08-03 11:55:05 +02:00
Daniel Lockyer
a17dc84869
Fixed Admin HTML missing from NPM tarball
refs f59b88967b

- the npmignore rules meant that the Admin HTML was missing from the
  tarball produced by NPM
2022-08-03 11:31:58 +02:00
renovate[bot]
3c47d61e68 Update dependency analytics-node to v6.2.0 2022-08-03 08:26:33 +02:00
Daniel Lockyer
82e7a0f103
Cleaned up Grunt copy plugin
refs 0a34be4012

- the admin html is no longer stored in core/server, and we don't need to
  copy the production file to default.html
- this commit cleans up the grunt command to do this, and removes the
  plugin whose only use was doing this
- this takes us another step closer to removing grunt
2022-08-02 21:14:04 +02:00
Daniel Lockyer
b9a0cc04b9
Switched out @lodder/grunt-postcss for postcss-cli
- this commit switches out the Grunt postcss plugin with the official
  postcss CLI
- this means we can remove yet another step from Grunt, which helps
  towards our goal of removing Grunt entirely
- I've confirmed the minified output is exactly the same as before
2022-08-02 20:27:44 +02:00
Naz
f65c068442 Fixed failing tests
refs 492960b9a8 (diff-658dc5d7181e4b0fe52a60085b938fa830b22a82a0f58e7fe49a1455984c58ce)

- The `this` context binding was not set on some of the class methods causing all sorts of chaos
2022-08-02 19:21:32 +01:00
Naz
492960b9a8 Refactored settings cache to use class/DI pattern
refs https://github.com/TryGhost/Toolbox/issues/364

- This is a groundwork which moves the "cache" property in settings cache to be injectable parameter, so we can swap it out with different implementations.
- The module will be broken downn into two concepts - an injectable cache  and a cache manager (the update system)
2022-08-02 17:18:07 +01:00
Simon Backx
e112f1cd40 Added empty line trimming to comment messages
fixes https://github.com/TryGhost/Team/issues/1737

- Empty lines at start
- Empty lines at end
- Duplicate empty lines inside the comment message (max one allowed)
2022-08-02 17:45:42 +02:00
Simon Backx
3f8ddd61f9 Changed subject lines for comment emails
fixes https://github.com/TryGhost/Team/issues/1735
2022-08-02 17:45:42 +02:00
renovate[bot]
9652d5ab32 Update dependency luxon to v3 2022-08-02 17:17:29 +02:00
renovate[bot]
7147495f3a Update dependency @tryghost/html-to-mobiledoc to v1.8.7 2022-08-02 17:13:28 +02:00
Rishabh Garg
845718111e
Added free trial feature flag in labs (#15130)
refs https://github.com/TryGhost/Team/issues/1724

- adds new `freeTrials` alpha flag for feature development

Co-authored-by: Djordje Vlaisavljevic <dzvlais@gmail.com>
2022-08-02 20:02:18 +05:30
Daniel Lockyer
f59b88967b
Cleaned up unused npmignore references
refs 0a34be4012

- as of the referenced commit, we no longer store the HTML in the
  core/server folder so we don't need to keep this folder in the
  npmignore
2022-08-02 15:18:05 +02:00
Kevin Ansfield
0a34be4012
Updated admin asset serving for ember-auto-import@2 compatibility (#15128)
refs https://github.com/TryGhost/Admin/pull/2252
closes https://github.com/TryGhost/Team/issues/1182

- Admin now copies it's build output to a single env-specific directory rather than splitting html and assets
  - `core/built/admin/{development|production}/*`
- updated the admin app's `serveStatic` definition for assets and controller's html serving to reflect the new asset paths
2022-08-02 13:43:45 +01:00
renovate[bot]
f132475ff9
Update dependency @sentry/node to v7.8.1 2022-08-01 20:49:21 +00:00
Simon Backx
a5084c7ee6 Renamed #ghost-comments-root to #ghost-comments (fragment to jump to comments section)
fixes https://github.com/TryGhost/Team/issues/1730
refs db8d1120f4
2022-08-01 16:36:03 +02:00
Daniel Lockyer
9ca8e80990 v5.7.0 2022-08-01 15:23:39 +01:00
renovate[bot]
4cbb622334 Update dependency @tryghost/image-transform to v1.2.1 2022-08-01 15:28:09 +02:00
Simon Backx
b7f3892be0
Added format option to img-url helper (#14962)
fixes https://github.com/TryGhost/Ghost/issues/14323

- Fixed support for resizing images from Unsplash using the `img-url` helper (previously the size property was ignored for images from Unsplash)
- Added support for `avif` file formats (supported by sharp out of the box)
- Added support for setting the format of images, with a new  `format` option:

E.g. to convert an image to webp (only works in combination with size for now, except for Unsplash where you can use it without size):
```
{{img_url @site.cover_image size="s" format="webp"}}
```

This can help improve the performance of a theme, by serving assets in `<picture>` elements with webp and fallback image formats.

Usage example:
```html
<picture>
    <source 
        srcset="{{img_url feature_image size="s" format="avif"}} 300w,
                {{img_url feature_image size="m" format="avif"}} 600w,
                {{img_url feature_image size="l" format="avif"}} 1000w,
                {{img_url feature_image size="xl" format="avif"}} 2000w"
        sizes="(min-width: 1400px) 1400px, 92vw" 
        type="image/avif"
    >
    <source 
        srcset="{{img_url feature_image size="s" format="webp"}} 300w,
                {{img_url feature_image size="m" format="webp"}} 600w,
                {{img_url feature_image size="l" format="webp"}} 1000w,
                {{img_url feature_image size="xl" format="webp"}} 2000w"
        sizes="(min-width: 1400px) 1400px, 92vw" 
        type="image/webp"
    >
    <img
        srcset="{{img_url feature_image size="s"}} 300w,
                {{img_url feature_image size="m"}} 600w,
                {{img_url feature_image size="l"}} 1000w,
                {{img_url feature_image size="xl"}} 2000w"
        sizes="(min-width: 1400px) 1400px, 92vw"
        src="{{img_url feature_image size="xl"}}"
        alt="{{#if feature_image_alt}}{{feature_image_alt}}{{else}}{{title}}{{/if}}"
    >
</picture>
```
2022-08-01 14:45:54 +02:00
Rishabh
312e2330a1 Extended paywall card for newsletters
refs https://github.com/TryGhost/Team/issues/1680

- paywall card in Admin now inserts cta and restricts content for newsletters as well
- mimics paywall behavior in posts for newsletters
2022-08-01 18:02:25 +05:30
Djordje Vlaisavljevic
5d65655f51 Updated newsletter CTA design 2022-08-01 18:02:25 +05:30
Daniel Lockyer
a25b5dc2e3 v5.6.0 2022-08-01 09:23:35 +01:00
Aileen Booker
304b660c9d
Added migrations to change Ghost Explore integration type 2022-08-01 09:08:06 +02:00
Sam Lord
48550c81aa Improved performance of prepareContentFolder function
fixes https://github.com/TryGhost/Toolbox/issues/150

- up until now, the test framework has copied all theme fixtures to the
  test directory when it boots Ghost
- the vast majority of tests don't need all the themes, so this is quite
  a wasteful operation
- this commit disables copying all themes by default, and provides the
  `copyThemes` boot option to enable this
- also adds a `copySettings` option, and defaults `redirectsFile` to
  false to further reduce the number of file copies
2022-08-01 08:58:13 +02:00
renovate[bot]
2c27d45473 Update dependency knex-migrator to v5.0.3 2022-08-01 08:57:57 +02:00
renovate[bot]
9c65aa166f Update dependency @playwright/test to v1.24.2 2022-08-01 08:42:59 +02:00
renovate[bot]
f325241430
Update dependency eslint to v8.21.0 2022-08-01 04:27:05 +00:00
renovate[bot]
b88f989f5f
Update dependency sqlite3 to v5.0.11 2022-08-01 02:02:20 +00:00
renovate[bot]
828587378c Update dependency @sentry/node to v7.8.0 2022-07-28 21:19:39 +00:00
Naz
195973eae1 Added successful job run check
refs https://github.com/TryGhost/Toolbox/issues/358

- Allows to check for a **successfull** job run and restart/re-add the job in case it was a failed one off job
2022-07-28 19:07:49 +01:00
Rishabh Garg
be3a8db828
Fixed failing preview test email (#15105)
refs https://github.com/TryGhost/Team/issues/1680

- using test emails via email preview in admin were failing due to missing post data attached to them
- adds test to make sure email segment rendering doesn't crash even with missing data
2022-07-28 21:05:47 +05:30
Fabien "egg" O'Carroll
467cf51b74 Added comment property to posts in Content API
refs https://github.com/TryGhost/Team/issues/1695

This property can be used by theme developers to determine if comments
are available for the currently logged in member. It follows the same
logic as used internally in the comments helper, so that they can be
used interchangeably
2022-07-28 14:55:53 +01:00
Fabien "egg" O'Carroll
93694d837e Updated {{comments}} helper with new options
refs https://github.com/TryGhost/Team/issues/1695

This updates the comments helper based on the design document

Changes include:
 - `color_scheme` renamed to `mode`
 - `avatar_saturation` renamed to `saturation`
 - `saturation` default changed from 50 to 60
 - `count` option added
 - `title` option added

The count and title options allow theme developers to better customise
the output of comments, so that they can either pass in their own
title, or pass in no title, and instead provide HTML in the them to
handle it. The same is the case for the count option, which is used to
toggle whether or not the comment count is shown.
2022-07-28 14:53:33 +01:00
Ronald Langeveld
f2710c906d Added koenig-react cdn url to default config. 2022-07-28 13:46:17 +02:00
Djordje Vlaisavljevic
f0d1cf2d66
Updated newsletter paywall cta design (#15111)
refs https://github.com/TryGhost/Team/issues/1705

- Made `max-width` smaller to avoid super-long lines
- Added `span` elements with `nowrap` to avoid one or two-word orphans

Co-authored-by: Rishabh <zrishabhgarg@gmail.com>
2022-07-28 16:10:09 +05:30
Naz
ec0d548031 Fixed CI
no issue

- The test was initialized backwards... causing the job manager to start without "models" being fully initialized
2022-07-27 18:39:28 +01:00
Naz
1606a10ff8 Moved members migrations to one off job
refs https://github.com/TryGhost/Toolbox/issues/358

- The execution of members migration only ever has to be done once in the lifetime of the Ghost instance. It is slightly slow and blocking process, which slows down instance boot time considerably. Putting the execution into one off job allows to execute migrations only once and save boot time on each consequent instance restart - less resource usage, save the planet!
2022-07-27 18:07:24 +01:00
Aileen Nowak
b0144a7f8f Added explore alpha feature flag 2022-07-27 14:53:50 +01:00
Fabien 'egg' O'Carroll
e36e5e16bc
Improved Members Comments API
refs https://github.com/TryGhost/Team/issues/1688


We've moved the BREAD logic out of the endpoint and into a controller which
interfaces with the `frame` object from our API framework. The service handles
the core logic of comments, and has been updated with several fixes. This
separation means we keep the HTTP API logic and the underlying comments logic
decoupled.

We've also updated the naming to make it clear that it is part of the members api.

Permissions have been implemented, ensuring that members cannot create comments
if they do not have the required access, but they are able to edit their existing comments,
regardless of access.

The edited_at field is now correctly updated when a comment is edited.
2022-07-27 13:56:16 +01:00
renovate[bot]
9973b5419c Update dependency @playwright/test to v1.24.1 2022-07-26 18:18:50 +02:00
Daniel Lockyer
4b5b3de11c
Moved test agents into subfolder
- these agent files are all very similar and should be grouped together
- moving them into a subfolder makes the `test/utils` folder a little
  bit easier to browse
2022-07-26 18:00:37 +02:00
Daniel Lockyer
044b342de3
Fixed random test failure due to asynchronous directory creation
- we keep seeing random failures that complain about a directory already
  existing when trying to create it
- the error arises from the `fs.copySync` in this `prepareContentFolder`
  function, because it tries to create the folder if it doesn't exist
- it turns out we're using the asynchronous `fs.ensureDir` without an
  await just before, so it doesn't block on creating the folder
- there's a veeeery small window where the code within `copySync` thinks
  the folder doesn't exist, `ensureDir` creates the folder, and
  then `copySync` tries to create the folder => 💥
- it looks like we're already `await`-ing `prepareContentFolder`, so we
  can just switch all the calls to the Promise-based ones and await them
- the other `prepareContentFolder` uses the sync versions of the
  functions, but we can fix that in the future: 7b7767d483/ghost/core/test/utils/e2e-utils.js (L73-L79)
2022-07-26 17:28:16 +02:00
Daniel Lockyer
7b7767d483
Deleted .jshintrc file
refs bcf5a1bc34

- we no longer use jshint so this file is not needed
2022-07-26 16:47:31 +02:00
Naz
8c3473e5e0 Moved exception handling for members migrations
refs https://github.com/TryGhost/Toolbox/issues/358

- Error handling should be done as close to the place that knows how to handle them. It's a catch-all block which doesn't add any logic, so does not really make sense to have that extra code in general "init" method which ideally should be just a whole bunch of calls with no extras.
2022-07-26 15:13:12 +01:00
Rishabh Garg
9c616fe067
Added content paywall for newsletters (#15048)
refs TryGhost/Team#1680

- extends the public preview card so that the paywall is shown in newsletters for paid-only posts based on member's access
- adds CTA for paywalled content in newsletters
- the segmentation for paywall only considers free and non-free members, so post with specific `tiers` and `paid-only` access settings are sent to all paid members

Co-authored-by: Djordje Vlaisavljevic <dzvlais@gmail.com>
2022-07-26 19:16:08 +05:30
Daniel Lockyer
735608ea76
Renamed @tryghost/vhost-middleware to @tryghost/mw-vhost
refs https://github.com/TryGhost/Toolbox/issues/354

- this commit renames the vhost middleware to follow our naming pattern
  of `mw-X`
2022-07-26 15:12:32 +02:00
Daniel Lockyer
5fc7ba59d3
Reset package versions back to 0.0.0
refs https://github.com/TryGhost/Toolbox/issues/354

- these packages won't be published from now on, so setting the versions
  back to 0.0.0 keeps them clean
2022-07-26 14:57:43 +02:00
renovate[bot]
fd41b48f41 Update dependency @tryghost/limit-service to v1.2.2 2022-07-26 11:56:19 +02:00
Daniel Lockyer
2df2106701 v5.5.0 2022-07-26 08:23:55 +01:00
Daniel Lockyer
8936d83cac 🎨 Updated Casper to v5.2.2 2022-07-26 08:23:54 +01:00
Daniel Lockyer
d08144e2bf
Updated @tryghost packages
- this commit bumps all `@tryghost` packages that only contain
  dependency updates
2022-07-25 22:28:24 +02:00
Rishabh
487b61eb81 Updated stylesheet url handling for frontend apps
refs https://github.com/TryGhost/Team/issues/1719

- updates search and comments app to use configurable stylesheet url instead of hardcoded value
2022-07-25 23:00:37 +05:30
Rishabh
eb75888b48 Updated frontend apps to use new config
refs https://github.com/TryGhost/Team/issues/1719

- creates scripts injected for portal/search/comments using new config format
- adds `data-styles` to search/comments script for adding external styles URL
2022-07-25 23:00:37 +05:30
Rishabh
a44460d226 ℹ️ Updated default config and CDN for frontend apps
refs https://github.com/TryGhost/Team/issues/1719

- switches default CDN from unpkg to jsDelivr for better reliability
- current config for frontend apps doesn't allow easy switching of CDN for frontend urls
- allows easy switch of base CDN for frontend apps via config
- fixes double use of version string in the config
- extends config to include url needed for loading styles for frontend app instead of hardcoded urs
2022-07-25 23:00:37 +05:30
Daniel Lockyer
c376587288
Moved yarn main functionality up to root yarn script
- since we've turned the repo into a monorepo, the `yarn main` scripts
  have lived in their original place under `ghost/core` package.json and
  Gruntfile.js
- for one, we want to remove grunt because it's terribly old and our use
  is hacked together
- secondly, `yarn main` applies to the monorepo + submodules as a whole,
  and not just the Ghost core folder
- this commit extracts the functionality into yarn scripts in the
  top-level and removes the dependency that was required
2022-07-25 18:30:21 +02:00
Simon Backx
5235d67fed
Added comment events to activity feed (#15064)
refs https://github.com/TryGhost/Team/issues/1709

- New event type `comment_event` (comments and replies of a member in the activity feed)
- Includes member, post and parent relation by default
- Added new output mapper for ActivityFeed events

**Changes to `Comment` model:**
* **Only limit comment fetched to root comments when not authenticated as a user:** 
`enforcedFilters` is applied to all queries, which is a problem because for the activity feed we also need to fetch comments which have a parent_id that is not null (`Member x replied to a comment`). The current filter in the model is specifically for the members API, not the admin API (so checking the user should fix that, not sure if that is a good pattern but couldn’t find a better alternative).
* **Only set default relations for comments when withRelated is empty or not set:**
`defaultRelations`: Right now, for every fetch it would force all these relations. But we don’t need all those relations for the activity feed; So I updated the pattern to only set the default relations when it is empty (which we also do on a couple of other places and seems like a good pattern). I also updated the comments-ui frontend to not send ?include
2022-07-25 17:48:23 +02:00
Simon Backx
31a4135fec
Added members.last_commented_at and last_seen_at update when commenting (#15088)
refs https://github.com/TryGhost/Team/issues/1717

- Updates last_commented_at and last_seen_at (only once a day)
- Used the LastSeenAtUpdater, so we can combine updating last_commented_at and last_seen_at in one query + used same pattern
- Updated comments service to await emails in order to make E2E tests more stable (as we don't have any method to await emails and test emails otherwise). This removed the email sending logic from the `onCreated` hook of the model.
2022-07-25 17:35:46 +02:00
Simon Backx
57a743e3aa
Fixed TXT content of report emails (#15090)
fixes https://github.com/TryGhost/Team/issues/1718

- Text content of report emails still had some placeholder text
- Converts HTML comments to TXT to include in the TXT version of the email
- Added support for Regexp matchers in the email mocker
- Added tests to check if the email content is in the new comment/report emails
2022-07-25 15:27:38 +01:00
Naz
7c3ca9a26d Cleaned up stripe service init syntax
no issue

- It's super hard to read long lines and not that great tracking changes when an array is in a single line declaraion
2022-07-25 12:58:01 +01:00
renovate[bot]
396bc865a9
Update dependency knex-migrator to v5.0.2 2022-07-25 11:11:31 +00:00
Fabien 'egg' O'Carroll
b3471ab439
Improved comments API security (#15065)
refs https://github.com/TryGhost/Team/issues/1688

* Added missing/failing tests
* Refactored comments BREAD into service
* Ensured member_id is not writable, it should come from auth only
* Ensured one cannot reply to a reply
* Ensured the parent_id is not writable on edit
2022-07-25 10:41:33 +01:00
Daniel Lockyer
ee5753a6b7
Fixed minor linting issue in member-count tests
- we don't need to return this value, and eslint complains about it if
  we do
2022-07-25 11:25:14 +02:00
Daniel Lockyer
57d47a79f9
Added yarn setup to root scripts
- we had this working in the Ghost repo before switching to a monorepo
- this commit adds a `setup` script to the root package.json so we can
  maintain the functionality
2022-07-25 08:35:57 +02:00
Daniel Lockyer
184149492d
Lifted "fix repo" scripts up to root package.json
- these scripts are useful for just trying to fix your repo when
  node_modules is playing up
- as we now have a monorepo, they should be lifted up to the root and
  not hidden in the ghost package
2022-07-25 08:35:55 +02:00
Naz
5f2967cf27 Added support for offloaded oneoff jobs
refs https://github.com/TryGhost/Toolbox/issues/357

- Adds support for persisted one off offloaded (worker thread) jobs
- To try them out run Ghost instance in "testmode" and shoo a request like so: `curl http://localhost:2368/ghost/api/oneoff/graceful-job` - this starts a one time job from graceful-job script (can only ever be executed once on the Ghost instance)
- Job's progress and runtime details are persisted in `jobs` table
- To play more with one off jobs use `addOneOffJob` method available on jobsService
2022-07-22 18:19:07 +01:00
renovate[bot]
e9132d7572
Update dependency sqlite3 to v5.0.10 2022-07-22 12:09:33 +00:00
Naz
c667620d8f 🏗 Added jobs table creation migration
refs https://github.com/TryGhost/Toolbox/issues/357

- One time jobs need a storage mechanism to be run only ever once.
- Field notes:

- `id`, `created_at`, `updated_at` - standard Ghost fields
- `name` - unique name of the job, could also be used with prefixing to identify certain type of job (e.g.: backup-bob-2022-10-16, backup-sam-2023-01-13 identifying backup jobs run by users)
- `status` - 'started' | 'finished' | 'failed' | 'queued'  (need to identify when the job is in progress, done, added to the execution queue, or errored)
- `started_at` - when the job started execution
- `finished_at` - when the job successfully finished execution
2022-07-22 23:32:58 +12:00
Simon Backx
30c4f11e27
Added report API for comments (#15043)
closes https://github.com/TryGhost/Team/issues/1684

**Migrations:**
- Added report permissions (fixtures + migrations)
- Dropped reason field in reports (no textarea in reports in V1)
- Dropped nullable from comment_likes.member_id (can't be null)
- Added SET NULL/CASCADE foreign keys for comments related tables(*)

(*):
fixes https://github.com/TryGhost/Team/issues/1687
refs https://ghost.slack.com/archives/C02G9E68C/p1658217288591369

This commit adds support for `SET NULL` foreign keys in schema and migration helpers + also fixes the foreign keys for the comment_reports, comment_likes and comments tables.

- When a member is deleted, we **do** want to keep their reports (SET NULL)
- When a member is deleted, we **do not** want to keep their likes (CASCADE)
- When a member is deleted, we **do** want to keep the comments (SET NULL)

**Changes:**
- Added report API: `POST /members/api/comments/{id}}/report/`
- Sends an email to the owner when a comment is reported
- Saves a report to the database (not used for now, but might be useful later)
2022-07-22 12:03:05 +02:00
renovate[bot]
2339577dd3 Update dependency metascraper-logo-favicon to v5.30.0 2022-07-22 08:34:07 +00:00
renovate[bot]
33b3fab663 Update dependency @playwright/test to v1.24.0 2022-07-22 09:39:38 +02:00
Naz
3e57e6fe10 Moved jobmanager initialization logic
refs https://github.com/TryGhost/Toolbox/issues/357

- In upcoming iteration job manager will need "models" fully initialized to be able to persiste one time jobs. This bit of code of in a bad place as it initialized (through require) the job manager without having models module initialized first.
- The change moves that code from a bad to less bad place (wasn't able to think of any better location for now). Checking for `server:testmode' config in job initialization has a little bit of a smell, but don't think it's super critical. Could be improved if a better structure appears in the future!
2022-07-21 17:00:45 +01:00
renovate[bot]
6ebe34fdf0 Update dependency @playwright/test to v1.23.4 2022-07-21 14:37:19 +02:00
Daniel Lockyer
6192ae4620
Increased E2E test timeout temporarily
- we keep seeing a lot of random failures from CI due to the Posts
  Content API
- I think it's because of the Ghost boot + number of fixtures we load,
  which sends us over our 10s threshold
- let's see if 15s resolves that
2022-07-21 09:40:09 +02:00
Daniel Lockyer
9ec83a6e21
Disabled publishing for Members packages
- we don't want to publish these anymore so this commit disables the
  ability to
- also fixes up a missing version that wasn't reset
2022-07-21 09:26:04 +02:00
Daniel Lockyer
376ee24600
Switched to unversioned Members packages
- these packages are split apart for local development, but will be
  bundled into Ghost when publishing
- therefore, these packages won't be published so we are resetting the
  versions to make them cleaner
2022-07-21 09:15:29 +02:00
renovate[bot]
6a18b50b8a
Update dependency sanitize-html to v2.7.1 2022-07-20 19:40:39 +00:00
Daniel Lockyer
273d53cf09
Updated testing & linting packages
- these weren't updated in core before the migration, so we ended up
  with two different versions in yarn.lock
2022-07-20 18:05:27 +02:00
Daniel Lockyer
796961329a
Fixed yarn test from top-level repo
- we probably don't want it to be this long term but it allows us to
  enable tests on the new packages
2022-07-20 17:41:11 +02:00
Daniel Lockyer
9fa789159c
Reset Publishing packages version and visibility
refs https://github.com/TryGhost/Toolbox/issues/354

- these packages are here for development and will be bundled when
  published, so they don't need versioning nor publishing
2022-07-20 17:20:24 +02:00
Daniel Lockyer
3d989eba23 Converted Ghost repo into a monorepo
refs https://github.com/TryGhost/Toolbox/issues/354

- this commit turns the Ghost repo into a monorepo so we can bring our
  internal packages back in, which makes life easier when working on
  Ghost
2022-07-20 16:41:05 +02:00