Commit Graph

365 Commits

Author SHA1 Message Date
Jason Williams
fddf2ee42f Fix active theme selector. Add validation to API.
Closes #3226
- Remove dependent property from the computed content property
  that is used to build the active theme selector.
- Add validation to the Settings model so that it rejects
  attempts to set an activeTheme that is not installed.
2014-07-09 22:14:33 +00:00
Sebastian Gierlinger
035fb04d34 closes #3197
- added role to user obj (only returned from the user endpoint)
- added `/users/?include=roles` and
`/users/?include=roles,roles.permissions` query parameters
- added and updated tests
2014-07-08 18:00:59 +02:00
Jason Williams
05d199f9b4 Check datatype for date format conversion
Closes #3199
-If datatype is dateTime convert to javascript Date object when
 retrieved from the database.
-Add tests to make sure models and internal API are using Date
 objects for dateTime fields.
-Add tests to make sure the HTTP API is returning ISO 8601
 date strings for dateTime fields.
2014-07-05 19:15:32 +00:00
Sebastian Gierlinger
79a80b67ac Invite user API
closes #3080
- added users.invite() to add user from email with random password
- added `GET /ghost/api/v0.1/users/` to invite users and resend
invitations
- removed one user limit
- added global utils for uid generation
- changed some „“ to ‚‘
2014-07-02 16:22:18 +02:00
Kevin Ansfield
7e2e8b3376 Persistent notifications
closes #3057
- add Notification model
- update injected Notifications object to handle persistent notifications
- load server notifications on setup if logged in otherwise on successful sign-in
- changed all existing notifications.closeAll calls to closePassive
- fixed dismissable/dismissible spelling in server API & tests
- add notifications.closeNotification method so DELETE calls can be made for server-originating notifications
2014-07-01 11:36:21 +02:00
Sebastian Gierlinger
c8e8da4780 oAuth
closes #2759
closes #3027

- added oauth2orize library for server side oAuth handling
- added ember-simple-auth library for admin oAuth handling
- added tables for client, accesstoken and refreshtoken
- implemented RFC6749 4.3 Ressouce Owner Password Credentials Grant
- updated api tests with oAuth
- removed session, authentication is now token based

Known issues:
- Restore spam prevention #3128
- Signin after Signup #3125
- Signin validation #3125

**Attention**
- oldClient doesn't work with this PR anymore, session authentication
was
removed
2014-06-30 14:58:10 +02:00
Fabian Becker
3d2205195d Generate slug when adding new app.
No issue
- Remove duplicate code from model_posts_spec.
- Add slug generation to app model
- Test slug generation on app model
2014-06-24 22:20:35 +00:00
Fabian Becker
2bff35bcc2 Complete moveover to new Notification API format
fixes #2775
- Fix all occurences of notifications.add to use proper API format
2014-06-16 08:07:29 +00:00
Jason Williams
bb4a0a3540 Update slug API to work with additional types
Closes #2866
-update slug API to handle users and apps in addition to
 posts and tags
-update existing tests
-add new functional tests for slug endpoint on http api
2014-06-04 05:54:03 +00:00
Jason Williams
a3c2fe5496 Fix up unit tests. Check config url with isURL.
No issue
-validate url in config.js using validator.isURL
-fix up async flow in bootstrap unit tests
-make sure done handler is called on async tests
2014-05-29 21:06:40 +00:00
lennerd
bebafdc9a9 Refactore slug API for generating tag and post slugs.
Closes #2601
- Removed slug generation from the post API
- Added new, self-contained slug API
- Fixed slug permissions in the fixtures files
- Added a HTTP route for the new API method
- Added integrational tests
2014-05-26 10:07:05 +02:00
Hannah Wolfe
c02ebb0dcf Refactor API arguments
closes #2610, refs #2697

- cleanup API index.js, and add docs
- all API methods take consistent arguments: object & options
- browse, read, destroy take options, edit and add take object and options
- the context is passed as part of options, meaning no more .call
  everywhere
- destroy expects an object, rather than an id all the way down to the model layer
- route params such as :id, :slug, and :key are passed as an option & used
  to perform reads, updates and deletes where possible - settings / themes
  may need work here still
- HTTP posts api can find a post by slug
- Add API utils for checkData
2014-05-15 10:41:05 +01:00
Hannah Wolfe
4c0010db45 Merge pull request #2673 from halfdan/2592-tags-api
Implements new Themes JSON API
2014-05-14 16:31:36 +01:00
Fabian Becker
628654961a Implements new Themes JSON API
closes #2592
- Add themes browse/read endpoint
- Add new permissions for themes (only admin by default)
- Add integration tests
2014-05-14 11:23:42 +02:00
Gabor Javorszky
24190a186e Move mail api to json/api format
Fixes #2650
* rerouted all mail sending to api/mail
* changed request and response formats to json/api-like structure
* tested with forgotten password and new blog email
2014-05-13 17:34:37 +01:00
Jason Williams
414890f263 Ensure settings values are strings before saving
closes #2736
-reintroduces JSON.stringify for non-string values in
 api.settings.edit
-added a regression test
2014-05-13 05:36:18 +00:00
Sebastian Gierlinger
fd0f5a5028 Add distinct error classes
closes #2690
- added new error classes
- moved errorhandling.js to /errors/index.js
- changed API errors to use new classes
- updated tests
2014-05-09 12:11:29 +02:00
David Arvelo
2d783ac3d4 DB API returns JSON-API compatible objects. Export triggers 'Save As' dialog.
closes #2647
- GET method returns { db: [exportedData] }
- POST, DELETE methods return { db: [] }
- 'delete all content' test updated
- Attach 'Content-Disposition' header on DB export for 'Save As' browser dialog
- Add DB API functional test for Export
2014-05-07 19:05:09 -04:00
Jacob Gable
298077582b ACL and strict rules for Settings API
Ref #2061

- Add canThis permission checks to settings api calls
- Add strict rules about accessing core settings without internal: true
- Omit core settings in browse() call unless internal: true
- Update unit tests to call api.settings with contexts
- Add a couple unit tests for new scenarios
- Update all api.settings calls in the app to call with internal context
- Re-arrange permissions.init in server startup so config.theme.update
can access settings without permissions error
2014-05-07 10:56:03 -05:00
Fabian Becker
2795e723e1 Move to new API format for Settings.
refs #2606
- Use new API format when updating settings from the client side
- Add additional test to test new API format
- Adjust functional tests to work with the new format
2014-05-06 19:02:55 +00:00
Hannah Wolfe
31fc84cefb Consistency in model method naming
- The API has the BREAD naming for methods
- The model now has findAll, findOne, findPage (where needed), edit, add and destroy, meaning it is similar but with a bit more flexibility
- browse, read, update, create, and delete, which were effectively just aliases, have all been removed.
- added jsDoc for the model methods
2014-05-06 00:36:42 +01:00
Fabian Becker
2a803aecdd Proper endpoints for persistent notifications
closes #2637
- Add new get API route for all notifications
- Wrap API responses to comply with JSON-API
- Add new tests / adjust fixtures
- Adjust all occurences of passive notifications
2014-05-06 00:05:14 +02:00
cobbspur
b201b06e56 updated error handling on all mocha tests
- switch to using catch
- added error handling where missing
2014-05-05 21:58:58 +01:00
Sebastian Gierlinger
39e654e9c3 Change error message response
closes #2643
- added error type
- added error property for validations
- wrapped errors in an array
- returns multiple errors for validation
- updated tests and admin
2014-05-05 15:51:21 +02:00
Jason Williams
4d41e12c02 Adjust update check to handle changes in API calls
closes #2681
- fixed api calls and response parsing
- added a test to for update check
- adjusted gruntfile.js to run new update check integration test
2014-05-04 01:36:00 +00:00
lennerd
66a046b00b Return new tags when posts are created via API
closes #2680
- added include options when adding a post
- added functional and integrational tests
2014-05-03 19:24:11 +02:00
Hannah Wolfe
f2071eedb2 Move user API to primary document format
closes #2593

- added new format to user API methods
- changed all places where the user api was used
- updated tests and added more coverage
- little bit of cleanup in utils/api
2014-05-02 20:50:44 +01:00
Jacob Gable
7e9880ce8d Settings API Primary Document refactor
Closes #2606

- Refactor settings api responses to { settings: [ ] } format
- Update all code using api.settings to handle new response format
- Update test stubs to return new format
- Update client site settings model to parse new format into one object of key/value pairs
- Refactor to include all setting values
- Remove unused settingsCollection method
- Update settingsCache to store all attributes
- Update settingsResult to send all attributes
- Remove unnecessary when() wraps
- Reject if editing a setting that doesn't exist
- Reject earlier if setting key is empty
- Update tests with new error messages
- Use setting.add instead of edit that was incorrectly adding
- Update importer to properly import activePlugins and installedPlugins
- Update expected setting result fields
- Fix a weird situation where hasOwnProperty didn't exist 🤷
2014-04-30 23:15:27 -05:00
Sebastian Gierlinger
e1bbc60467 Additional objects
closes #2620
- moved aspect -> filters
- updated tests
- fixed inconsistency in pagination object
2014-04-27 19:34:44 +02:00
Sebastian Gierlinger
1e62400465 Add include parameter for posts API
closes #2609
- added include parameter to api.posts.*
- changed toJSON to omit objects that are not included
- added include parameter to admin
- added include parameter to frontend.js
- updated tests
- removed duplicate code from posts model

**Known Issue:** It is not possible to attach a tag using an ID.
2014-04-27 18:58:34 +02:00
Alan Richards
686aec7ab5 Post API response to use author not author_id
Closes #2608
- added toJSON method override for post model
- in the event no expanded author relation is present the id will be used
- removed author_id from expected response JSON for posts.
- updated integration tests to check for existence or not of author and author_id
2014-04-22 02:13:33 -07:00
Jacob Gable
cf7c8aab3b Tag API: Primary Document Format
Closes #2605

- Change tags browse() response to { tags: [...] }
- Update client side collection to use nested tags document
- Update test references to use response.tags
2014-04-20 19:48:59 -05:00
Sebastian Gierlinger
32ea948675 Post response move pagination -> meta
closes #2604
- moved ‚pagination‘ to ‚meta‘ property
- added response test for pagination property
- changed ‚next‘ and ‚prev‘ to be set to null and exist on every
response
- removed unnecessary call to API for RSS author
2014-04-19 17:03:20 +02:00
Sebastian Gierlinger
da3630071a Added and fixed permission tests
- fixed test for db functions
- added tests for different users
2014-04-16 18:22:22 +02:00
Sebastian Gierlinger
e47e9c62d0 Add permissions to API
closes #2264
- added permissions check to db, users and posts
- added register method to users
- added doesUserExist method to users
- added user from session to internal calls
- changed permissible to overwrite canThis
- removed action map and action type from permissable method
2014-04-16 18:22:22 +02:00
Sebastian Gierlinger
61e94a6e8b Use current user in models
closes #2058
- fixed apiContext as suggested in the issue
- added user to options object for models
- added api.users.register() for public registration
- changed models to use options.user for created_by, updated_by,
author_id and published_by
- added override to session model to avoid created_by and updated_by
values
- added user (id: 1) to tests
- added user (id: 1) for registration
- added user (id: 1) for import, fixtures and default settings
- added user (id: 1) for user update
- added user (id: 1) for settings update (dbHash, installedApps, update
check)
- updated bookshelf to version 0.6.8
2014-04-16 18:20:09 +02:00
Fabian Becker
41cef386bc Implements Models & Data API for Apps
closes #2138
- Adds new models for AppField and AppSetting
- Removed permitted attributes from App model (handled by base)
- Added reference from Post to AppFields
- Added fixture data to DataGenerator
- Added integration tests for Apps, AppSettings, AppFields
- Added import for Apps
- Added app_fields to default fixtures
2014-04-16 18:14:56 +02:00
Jacob Gable
9369dd3bf7 Add app permission checking to canThis
- Pass permissions loading to buildObjectTypeHandlers to eliminate
shared state
- Load both app and user permissions to check
- Check app permissions if present
- Create apps table and App model
- Move effectiveUserPermissions to permissions/effective
- Change permissable interface to take context; user and app.
- Add unit tests for app canThis checks and effective permissions
2014-04-16 18:06:39 +02:00
Sebastian Gierlinger
9321289c1d Move post API to primary document format
closes #2580
- added new format to post API methods
- added post object parsing and wrapping to admin
- removed unused ‚user‘ object from API response
- updated tests
2014-04-16 12:09:03 +02:00
Matt Enlow
f8d90f1cc6 Added populate last login time
closes #2515
- sets last_login when user is saved if user status changed to active
- added integration test in user Basic Operations
2014-03-27 12:29:43 -06:00
Sebastian Gierlinger
b83fc25613 Fix delete button
closes #2492
- added when.all() to wait until all posts are deleted before deleting
tags
- added a test
2014-03-24 14:49:23 +01:00
Fabian Becker
428fb94278 Fixes random pg failures.
fixes #2075
- Updates knex to latest version
- Fixes expected value in page test
- Change fixture insertion to be sequential
- Add orderBy to insertMorePostsTags fixture helper
2014-03-17 10:54:31 +00:00
Sebastian Gierlinger
7155d95f9d Add JSON API tests & cleanup
first 10 % of #2124
- added initial version of JSON API tests
- renamed error.errorCode to error.code
- renamed tags.all to tags.browse for consistency
2014-02-28 22:26:03 +00:00
Harry Wolff
9ab4b7d4d5 Adds tag pages
fixes #2111

- modified Post model to support a tag query
  param that will filter the desired post collection
  to only include posts that contain the requested tag

- in the updated Post model it includes the Tag model
  under a nested object called 'aspects'

- added tests for updated Post model, updating
  test utils to add more posts_tags relations

- adds two new routes to frontend,
  one for initial tag page,
  another to page that tag page

- for tag pages the array of posts
  is exposed to the view similarly
  to the homepeage

- on the tag view page the information
  for the tag is also accessible
  for further theme usage

- the tag view page supports a hierarchy of
  views, it'll first attempt to use a tag.hbs
  file if it exists, otherwise fall back
  to the default index.hbs file

- modified pageUrl and pagination helper
  to have it be compatible with tag paging

- added unit tests for frontend controller

- added unit tests for handlebar helper modifications

- add functional tests for new tag routes
2014-02-18 15:10:02 -05:00
John-David Dalton
6eab7b3f92 Replace underscore with lodash. 2014-02-06 14:08:34 +00:00
Daniel Niccoli
d092b4ecd2 Altered integration test to cover dashes in slug 2014-01-28 21:27:05 +01:00
Hannah Wolfe
39b9c1cf6b Merge pull request #1927 from schneidmaster/fix-1907
Fixed issue with adding multiple new tags to a post
2014-01-20 06:04:59 -08:00
Hannah Wolfe
6098b83152 Adding case-insensitive User.getByEmail method
fixes #1498

- emails are no longer converted to lowercase, local mailbox can validly
  be mixed case
- getByEmail uses JS to compare emails to ensure we can support unicode
- tests that users can be retrieved by their email address with case
  insensitivity
2014-01-15 10:39:40 +00:00
Zach Schneider
fa7bd62857 Fixed issue with adding multiple new tags to a post
Fixes #1907

Refactored `updateTags` to correct a loop issue where the `insert`
method was mistakingly being passed rather than `update`, triggering a
duplicate PK SQL error.
2014-01-13 09:29:40 -05:00
nicovalencia
e8746a2375 Add rss to the list of reserved post titles/slugs.
closes #1880
- added `rss` to core/server/models `generateSlug` reserved keywords
- added integration test for safe slug generation to core/test/integration/model/model_posts_spec.js
2014-01-07 17:30:53 -07:00
Hannah Wolfe
3f9b0fa618 Disable xss santization
issue #1378
fixes #1328

- xss santization does some odd things. This isn't needed until we have multi-user support, and we are investigating better solutions.
2014-01-06 20:17:20 +00:00
Hannah Wolfe
78737b35ff API refactor / cleanup
closes #1303

- removed where and orderBy from being passed from the API through to bookshelf, and ultimately knex
- ordering is now consistent across both front and backend, which fixes #1303
- validated / cleaned up all the API parameters
- added API tests for the status and staticPages parameters
2013-12-20 13:07:01 +00:00
Harry Wolff
9bbf400dfc Fix loading of static pages in frontend controller
fixes #1644

- Fixes bug in controller/frontend
- Created functional test for posts API to test for this bug
- Created unit tests for frontend controller
- Fixed a global variable leak in core/test/utils/fixtures/data-generator
that was leaking the DataGenerator globally
- Resolved issue that arose from fixing above bug
2013-12-09 22:38:25 -05:00
Sebastian Gierlinger
3f2258e95b Replace cookieSession with session
- changed cookieSession to session
- added session.regenerate for login and logout
- added bookshelf session store
- added session table to database
- added import for databaseVersion 001
- added grunt task test-api
- cleanup of gruntfile to start express when needed only
- moved api tests to functional tests
2013-11-24 15:29:36 +01:00
Jacob Gable
34e453039b Improved Password Reset Tool
Closes #1471

- add api and User model methods for generating and validating tokens
- add routes and handlers for reset password pages
- add client styles and views for reset password form
- some basic integration tests for User model methods
2013-11-22 10:46:19 -06:00
Fabian Becker
89201a5c84 Lowercase email address.
fixes #1498
2013-11-18 00:34:51 +00:00
Hannah Wolfe
3235a3a3e2 Merge pull request #1442 from Decad/user-gravatar
Add users Gravatar on signup
2013-11-12 03:53:49 -08:00
Declan cook
cbe8c15dc8 Add users Gravatar on signup
When a user registers try to find their gravatar.
2013-11-11 23:45:47 +00:00
Hannah Wolfe
b0c61720d9 Test file cleanup on accoutn of OCD 2013-11-11 10:37:09 +00:00
Sebastian Gierlinger
a137d9c93e Add X-Cache-Invalidation Tests
closes #1397
- added checks for x-cache-invalidation to api tests
2013-11-07 16:08:39 +00:00
Sebastian Gierlinger
e2cee5be66 Move API tests to /integration/
closes #1396
- moved core/test/unit/api* to core/test/integration/api/
- moved core/test/integration/model* to core/test/integration/model/
- moved core/test/unit/utils to core/test/utils
- moved core/test/unit/fixtures to core/test/utils/fixtures/
- changed gruntfile.js to execute api tests with target 'integration'
2013-11-07 14:26:47 +01:00
Fabian Becker
88d7682605 Automatically replace unicode characters with ascii characters for slugs.
fixes #1285
2013-11-05 21:00:29 +00:00
Sebastian Gierlinger
8574813660 Bugfixes for tests 2013-11-05 15:02:12 +00:00
Sebastian Gierlinger
bb17e1c0e9 Add API tests
closes #1189
- added tests
- added request module
- added status codes to API calls
- fixed return values of API calls
- fixed that drafts caused an error when being deleted
- fixed X-Invalidate-Cache headers
- moved testUtils.js to utils/index.js
2013-11-03 18:13:19 +01:00
Fabian Becker
933a8c764a Separate model tests to separate tasks/directory.
refs #921
2013-11-01 09:38:42 +00:00