Commit Graph

13951 Commits

Author SHA1 Message Date
Daniel Lockyer
48a906b879
v4.14.0 2021-09-14 11:38:18 +01:00
Daniel Lockyer
07a1465e3b
Updated Admin to v4.14.0 2021-09-14 11:38:17 +01:00
Kevin Ansfield
6875796417 Blocked 0.* IP addresses when making oembed requests
no issue

It was possible for authenticated/trusted admin users to make GET requests to localhost via the oembed service by crafting a redirect that used 0.0.0.0.

- added the 0.* default route/routing block to the private IP regex used to block requests when we're contacting external sites
- added an additional IP or localhost check in the oembed service when fetching bookmark card data
2021-09-14 11:35:14 +01:00
Kevin Ansfield
0294918eb9 Fixed labs service unit tests
refs d735e3a4f3
refs c7972c20a5

- the unit tests are currently tied to the labs service data rather than testing independent behaviour meaning that the test needs to be updated when the particular alpha flag they are tied to gets removed
2021-09-14 10:19:26 +01:00
Kevin Ansfield
d735e3a4f3 Removed dashboardTwo labs flag
no issue

The updated dashboard is shelved for now whilst the underlying analytics architecture is improved.
2021-09-14 10:08:43 +01:00
Renovate Bot
5251d1e559
Update dependency analytics-node to v5.1.0 2021-09-13 22:22:11 +00:00
Renovate Bot
66a705930c
Update metascraper to v5.24.6 2021-09-13 08:35:39 +00:00
Kevin Ansfield
a277ff5bf4 Bumped @tryghost/kg-* dependencies
no issue

- includes bump to minimum version of `markdown-it` for consistency between Ghost and Admin markdown rendering
2021-09-13 09:34:18 +01:00
Daniel Lockyer
2d639ad4a1 Replaced removed Bookshelf findWhere function
- as per https://github.com/bookshelf/bookshelf/wiki/Migrating-from-0.15.1-to-1.0.0#collectionfindwhere, the `findWhere` function was removed
- `find` can be used in combination with `matchFunc` and then checking
  the values against each other to keep the same functionality
- also updates the tests to reflect the change in number of function calls
2021-09-10 16:59:11 +01:00
Daniel Lockyer
23c207cefc Updated signature of Bookshelf model listeners
- as per https://github.com/bookshelf/bookshelf/wiki/Migrating-from-0.15.1-to-1.0.0#different-arguments-on-after-save-event-listeners-saved-created-and-updated, the signature of saved, created and updated listeners has changed to remove the second argument
- this commits updates our signatures too
2021-09-10 16:59:11 +01:00
Daniel Lockyer
80fa1d903e Removed explicit loading of Bookshelf registry plugin
- as per 5a5a5d162e, the Bookshelf registry plugin is now in core
- we no longer need to explicitly load the plugin, and it displays a
  warning if you do
- this change also turns `._models` into `.registry.models`, so our code has
  been updated to reflect that
2021-09-10 16:59:11 +01:00
Daniel Lockyer
7a3725fdbf Fixed settings tests due to Bookshelf update
- Bookshelf now seems to error out when the response is undefined and
  expects something
- this commit updates the test to the same empty response we use
  elsewhere
2021-09-10 16:59:11 +01:00
Daniel Lockyer
8fcb57bd6a Disabled new Bookshelf fetch behaviour across models
- as per https://github.com/bookshelf/bookshelf/wiki/Migrating-from-0.15.1-to-1.0.0#default-to-require-true-on-modelfetch-and-collectionfetchone, models will now default to `{require:true}` during a fetch, which changes how Bookshelf will respond when a models yields no results
- instead of passing a `null` result, it will reject with an error, so we'd need to switch to `.catch`ing everything
- our code is set up to handle all these null results and switching style is not currently on the cards so we want to use the existing behaviour for now
- to enable this, the `requireFetch` option needs to be added to the model definitions
2021-09-10 16:59:11 +01:00
Daniel Lockyer
0c7c34ff67 Updated bookshelf-relations dependency to 2.2.0 2021-09-10 16:59:11 +01:00
Daniel Lockyer
7b93efddd0 Updated bookshelf dependency to 1.2.0 2021-09-10 16:59:11 +01:00
Fabien O'Carroll
c9325aa2cc Fixed Complimentary subscriptions being created twice
refs https://github.com/TryGhost/Team/issues/1030

The usage of `setComplimentarySubscription` is for pre-Tiers enabled
sites only. We didn't see this issue before because the `comped` flag
was incorrectly being set to `false` by default. Since it was fixed in
https://github.com/TryGhost/Ghost/commit/ae844db60 the `comped` flag was
then getting sent up, and creating the subscription.

We've moved the usage of `setComplimentarySubscription` to behind the
feature flag so that we do not use old behaviour when Tiers are enabled
2021-09-10 14:29:20 +02:00
Kevin Ansfield
864e4583d4 Fixed segmented email content being sent to all members
refs https://github.com/TryGhost/Ghost/pull/13276

- when removing the labs flag a conditional in the email processor checking for the labs flag being enabled was replaced with a check for a member segment being present. This meant that email batches with `member_segment: null` representing all members that didn't have content specifically aimed at them were not having the segmented content stripped before sending
2021-09-10 11:36:42 +01:00
Renovate Bot
74c43bcea5 Update dependency c8 to v7.9.0 2021-09-10 11:25:21 +01:00
Rishabh Garg
2272f84cc9
Added beta {{products}} helper for tiers list on post (#13267)
refs https://github.com/TryGhost/Team/issues/1004

- adds new `{{products}}` helper behind `multipleProducts` flag
- `{{products}}` outputs a string with list of products that have access to specific post when used in a post context in theme
- outputs empty string when used out of a post context and without access to `visibility` property
- uses all available posts for a site via the global products data
- updates {{content}} helper cta to use this new helper to show list of tiers with access to post
2021-09-10 09:30:41 +05:30
Rishabh
c7972c20a5 Fixed alpha flag tests
refs 025eb8bd79

`mutipleProducts` has now been moved out of alpha to beta, though the alpha feature tests were still using it to verify alpha behavior. The tests are now updated to use `dashboardTwo` feature as base alpha feature instead.
2021-09-09 17:05:07 +05:30
Rishabh
025eb8bd79 Updated tiers as a beta feature from alpha
refs https://github.com/TryGhost/Team/issues/1026

Tiers is moving up as a beta feature with an early-access opt-in flow. This means site owners can now opt-in for early access to Tiers feature in Ghost, but it's a one way door and its not possible to switch off tiers once enabled. This is to ensure that sites don't break in any unexpected ways once the tiers feature is enabled by switching it off.
2021-09-09 16:57:46 +05:30
Peter Zimon
60d6d36c5e Updated sign up email copy
- Updated the copy of the confirm button in the signup email to make the use case (sign up vs. sign in) clearer.
2021-09-09 12:33:56 +02:00
Daniel Lockyer
10fa1283ca Updated ghost-storage-base to v0.0.6
no issue

- this package has been bumped to support Node 12 + 14
- AFAICT I added it to the Renovate list back when we had some timezone
  issues with moment, but we've since pinned the version of moment so we
  shouldn't experience that now
- therefore this commit also removes it from the Renovate ignore list
2021-09-09 10:15:26 +01:00
Daniel Lockyer
99d601bc9f
Moved GITHUB_TOKEN env variable to workflow scope
no issue

- the CLI install extension step also needs the token so it's just best
  to include it globally in the workflow
2021-09-09 09:49:08 +01:00
Renovate Bot
c05432889a
Update dependency sanitize-html to v2.5.0 2021-09-08 21:18:14 +00:00
Fabien O'Carroll
07e595b9aa Fixed webhook handler when Stripe is not connected
no-issue

The webhook handler did not correctly check for whether or not Stripe
was connected, and would attempt to handle webhooks anyway, resulting in
errors due to missing Stripe config. This fixes the handler to exit
early.
2021-09-08 12:41:20 +02:00
Daniel Lockyer
d897942af7
Added auto-assign workflow to pull requests
no issue

- Renovate will open PRs to bump dependencies but these are unassigned
- Renovate does have the ability to set assignees, but these are blanket
  assigns not based upon the package that is being upgraded
- we want to assign them to the owners of the package that is being
  upgraded
- I've created the `gh-auto-assign` GitHub CLI exntension which reads a
  `.github/AUTO_ASSIGN` file and assign PRs based upon the entries listed
- this commit adds the initial `AUTO_ASSIGN` file and GitHub Actions
  workflow to trigger when a PR is opened
2021-09-08 10:12:31 +01:00
Renovate Bot
0bb14c115b Update dependency @tryghost/members-importer to v0.3.2 2021-09-08 10:34:07 +02:00
Fabien O'Carroll
519757faec Cleaned up webhook settings on Stripe disconnect
refs https://github.com/TryGhost/Team/issues/1006

These should have been cleaned up previously as they are no longer used
or valid without a Stripe connection.
2021-09-07 18:58:25 +02:00
Fabien O'Carroll
fd574f527c Removed webhooks when disconnecting stripe
refs https://github.com/TryGhost/Team/issues/1006

The @tryghost/members-api module has been updated to remove webhooks
from Stripe when disconnecting. This will ensure that we do not leave
around old/invalid webhooks that will not be handled and generate
errors.
2021-09-07 18:58:25 +02:00
Fabien 'egg' O'Carroll
cd89c7e427
Used @tryghost/members-api Stripe disconnect logic (#13290)
refs https://github.com/TryGhost/Team/issues/1006

Moving the logic of disconnecting Stripe into the members-api module
decouples the Ghost API from the Members API internals. This method can
now be updated independently of Ghost, to implement the deletion of
webhooks from Stripe.
2021-09-07 18:25:53 +02:00
Fabien 'egg' O'Carroll
647f1f8f61
Fixed MemberStatusEvents for free members (#13287)
refs https://github.com/TryGhost/Team/issues/1000

Some free members were created with a status of 'comped', this resulted
in MemberStatusEvents being created with a `to_status` of 'comped'.

In 4.12 we fixed the status for all free members, but we did not update
the associated member_status_event.
2021-09-07 15:02:59 +02:00
Fabien 'egg' O'Carroll
ae844db60b
Fixed handling of Complimentary Stripe subscriptions (#13289)
refs https://github.com/TryGhost/Team/issues/995

Since we reintroduced the comped status, we did not update the
subscription handling to correctly set members to a status of comped
when they were on a 'Complimentary' plan. This meant that 'comped' members
had a status of 'paid'. The changes to @tryghost/members-api ensure that
handling subscriptions going forward will not result in this error.

Since we handle the Complimentary plan correctly now, we do not need to
manually check for the existence of one, we can instead rely on the
status to set the `comped` flag.
2021-09-07 11:31:47 +01:00
Fabien 'egg' O'Carroll
a0a35df13b
Migrated members comped status to reflect subscriptions (#13285)
* Migrated members comped status to reflect subscriptions

refs https://github.com/TryGhost/Team/issues/995

Due to a bug in subscription handling, members with Complimentary stripe
subscriptions were incorrectly given a status of 'paid'.

The goal of this migration is to fix existing broken members, and it
will be accompanied by a fix which prevents the bug for future members.

Since we are updating the status properties for members, we must ensure
that we also update the relevant member_status_events entries too, so
that we do not have incompatible sums between events and statuses.

For example, if we were to use events to graph comped members over time,
we would want the current count to match the query on statuses:

`SELECT COUNT(*) FROM members WHERE status='comped';`
2021-09-06 18:56:44 +02:00
renovate[bot]
677dc1a59b
Update dependency @tryghost/members-csv to v1.1.6 (#13273)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-09-06 16:16:10 +01:00
renovate[bot]
a8902bd1f8
Update dependency @tryghost/members-ssr to v1.0.12 (#13275)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-09-06 16:16:01 +01:00
renovate[bot]
b8b9707ddb
Update dependency @tryghost/magic-link to v1.0.11 (#13272)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-09-06 16:15:46 +01:00
Fabien 'egg' O'Carroll
62bb031bab
Fixed usage of linkStripeCustomer for v3 API (#13288)
refs https://github.com/TryGhost/Ghost/issues/12942

The function signature of this method has changed, and was only updated
in the canary API, this meant that API requests attempting to link a
stripe customer to a member would error for the v3 API.
2021-09-06 14:18:11 +01:00
Renovate Bot
f34a862526 Update dependency @tryghost/helpers to v1.1.52 2021-09-06 12:32:34 +01:00
Renovate Bot
b89967f9fb Update dependency @tryghost/logging to v0.1.6 2021-09-06 12:32:26 +01:00
Daniel Lockyer
5d700c6a79 v4.13.0
-----BEGIN PGP SIGNATURE-----
 
 iHUEABYIAB0WIQTqYa7kNs8D7Oo9dgLSEYbwtHKVrQUCYTX5vAAKCRDSEYbwtHKV
 rensAP9Oicx5z/VxT+24aUZye7ZAGKtixkcAD5t8mHL2sVOYtAEArmbbWcY7QObf
 e3xUbOTujGOkYdirKrnc4jSqhpPypAM=
 =IYQa
 -----END PGP SIGNATURE-----
gpgsig -----BEGIN PGP SIGNATURE-----
 
 iHUEABYIAB0WIQTqYa7kNs8D7Oo9dgLSEYbwtHKVrQUCYTX7TgAKCRDSEYbwtHKV
 reiOAQCp6medOlKFGD3uq9v/umvOn7+XQeKLQ0ELxXR80X/YrQD+Nych2u4kdHdC
 d060V9Bj1sNRcuuztwqJZx+iFg+jvwk=
 =wCw4
 -----END PGP SIGNATURE-----

Merged v4.13.0 into main

v4.13.0
2021-09-06 12:28:04 +01:00
Daniel Lockyer
8458e14b05
v4.13.0 2021-09-06 12:21:32 +01:00
Daniel Lockyer
7138bc6f8f
Updated Admin to v4.13.0 2021-09-06 12:21:31 +01:00
Fabien O'Carroll
31fafcb936
Fixed errors when creating complimentary subscriptions
no-issue

The ProductRepository changed to require the options parameter which is
not passed when created complimentary subscriptions. This updates the
code to no longer require the options parameter and instead provide a
default.
2021-09-06 12:04:25 +01:00
Fabien 'egg' O'Carroll
6a7cd9856e
Fixed imports for files missing the email_only key (#13284)
closes https://github.com/TryGhost/Team/issues/1024

Our importer would set the default value of all posts_meta keys to
`null`. This is an invalid value for the `email_only` key which only
accepts booleans.

Since we are already looping over the schema to create the default
values, we can use the `defaultTo` property in the schema to use the
intended default, and fall back to `null` if it doesn't exist.

We've used the `Reflect.has` function to determine if the `defaultTo`
key exists, as opposed to a truthy check, because it's possible that a
falsy value (e.g. false, in the case of email_only) can be used as the
default.
2021-09-06 11:56:05 +01:00
Fabien O'Carroll
dd2def277c Fixed errors when creating complimentary subscriptions
no-issue

The ProductRepository changed to require the options parameter which is
not passed when created complimentary subscriptions. This updates the
code to no longer require the options parameter and instead provide a
default.
2021-09-06 12:55:20 +02:00
Fabien 'egg' O'Carroll
90a4d369db
Fixed imports for files missing the email_only key (#13284)
closes https://github.com/TryGhost/Team/issues/1024

Our importer would set the default value of all posts_meta keys to
`null`. This is an invalid value for the `email_only` key which only
accepts booleans.

Since we are already looping over the schema to create the default
values, we can use the `defaultTo` property in the schema to use the
intended default, and fall back to `null` if it doesn't exist.

We've used the `Reflect.has` function to determine if the `defaultTo`
key exists, as opposed to a truthy check, because it's possible that a
falsy value (e.g. false, in the case of email_only) can be used as the
default.
2021-09-06 11:51:42 +01:00
Renovate Bot
33d94dadb8 Lock file maintenance 2021-09-06 04:37:57 +00:00
Renovate Bot
da151790af Lock file maintenance 2021-09-06 02:47:49 +00:00
Naz
6c75de6464 Removed i18t dependency from post scheduling service
refs https://github.com/TryGhost/Team/issues/694

- The i18t pattern has been deprecated. Quick clean up to keep the number of dependencies in the new module to the minimum
2021-09-04 07:49:11 +12:00