Commit Graph

10674 Commits

Author SHA1 Message Date
Renovate Bot
3ebae36c0a Update dependency knex to v0.20.13 2020-04-07 10:49:12 +01:00
Daniel Lockyer
29647870f1 Pinned dependencies
no issue
2020-04-07 09:36:05 +01:00
Renovate Bot
ec49a362b8 Update dependency semver to v7.2.1 2020-04-07 08:27:48 +01:00
Daniel Lockyer
91054d10a0 Tidied up release GitHub Action
no issue
2020-04-07 08:19:17 +01:00
Renovate Bot
f60b3f5607
Update dependency gscan to v3.4.1 2020-04-06 17:10:36 +00:00
Joseph Coffland
67b8fbf6cf Added raw handlebars helper
- Allows using the 4-bracket raw block syntax e.g: {{{{raw}}}}{{{{/raw}}}}
- This allows you to include handlebars inside a template that is not compiled and executed
- The common usecase is if you want to include client-side handlebars templates inside server-side ones
2020-04-06 17:26:50 +01:00
Renovate Bot
4ee0b92eac
Update dependency express-hbs to v2.3.3 2020-04-06 15:42:24 +00:00
Daniel Lockyer
f79a0b5c73 Removed Sentry GitHub Action in favor of our release Action
no issue
2020-04-06 15:08:17 +01:00
Daniel Lockyer
bd1f175a56 Switched release process to built-in Node
no issue
2020-04-06 14:34:08 +01:00
Daniel Lockyer
b144a164e5
Updated release Action to run on all tags 2020-04-06 10:49:17 +01:00
Fabien O'Carroll
a701ee7023
Added support for token session to /ghost (#11709)
no-issue

* Added default for getting origin of request

This function is used to attach the origin of the request to the
session, and later check that requests using the session are coming from
the same origin. This protects us against CSRF attacks as requests in
the browser MUST originate from the same origin on which the user
logged in.

Previously, when we could not determine the origin we would return
null, as a "safety" net.

This updates the function to use a secure and sensible default - which
is the origin of the Ghost-Admin application, and if that's not set -
the origin of the Ghost application.

This will make dealing with magic links simpler as you can not always
guaruntee the existence of these headers when visiting via a hyperlink

* Removed init fns and getters from session service

This simplifies the code here, making it easier to read and maintain

* Moved express-session initialisation to own file

This is complex enough that it deserves its own module

* Added createSessionFromToken to session service

* Wired up the createSessionFromToken middleware
2020-04-06 11:49:14 +02:00
Hannah Wolfe
022a433e56 Added debug info to controller process messages
- Whenever Ghost sends a message to its controller process
- Send extra debug info, so we can be sure what the Ghost process is seeing
2020-04-06 10:44:39 +01:00
Renovate Bot
12d6b05498
Update metascraper to v5.11.8 2020-04-06 00:17:00 +00:00
Fabien O'Carroll
1f68d8dc20 Refactored existing adapters to use adapter-manager
no-issue

This removes duplications and reduces maintentence going forward.
2020-04-05 21:13:47 +02:00
Fabien O'Carroll
d0bb8c3333 Added base and default SSO Adapter
no-issue
2020-04-05 21:13:47 +02:00
Fabien O'Carroll
fb942af1db Added adapter-manager service
no-issue

This services handles the registration and retrieval of adapters,
it normalises the config to look like:

{
    [adapterType]: {
        active: adapterName,
        [adapterName]: adapterConfig
    }
}
2020-04-05 21:13:47 +02:00
Daniel Lockyer
2d42af8d72 Removed unused release-utils dependency
no issue

- this is no longer needed because we moved the main release code
  out
2020-04-03 14:25:28 +01:00
Daniel Lockyer
09e8474261 Switched to custom GitHub Action for a release
no issue
2020-04-03 13:37:33 +01:00
Daniel Lockyer
cd02b18872
Added renovate.json to npmignore
no issue
2020-04-03 13:10:12 +01:00
Daniel Lockyer
92aebc21f4 Updated Ghost-SDK packages
no issue
2020-04-03 10:43:35 +01:00
Daniel Lockyer
5a314636cd Configured release Action to only run on 3.x tags
no issue
2020-04-03 10:39:42 +01:00
Renovate Bot
deb1118714
Update dependency @tryghost/helpers to v1.1.25 2020-04-03 08:17:33 +00:00
Daniel Lockyer
3988029472 Refactored scheduling adapter loader to better display errors
no issue

- missing modules required by an adapter weren't flagged up as missing,
  but that the entire adapter was missing
- therefore, it was difficult to see what you were missing
- this commit handles the case where a module is missing, and displays
  an error
2020-04-02 19:21:19 +01:00
Fabien O'Carroll
23154f0739
Refactored session service (#11701)
* Refactored SessionStore to use @tryghost/errors

no-issue

* Updated tests to test exposed API

no-issue

This will make refactoring easier, as we only have the "public" contract to maintain

* Refactored session functionality to SessionService

no-issue

This splits the session logic away from the HTTP responding logic,
which will allows us to decouple session creation/modification from the
API. Eventually this can be used to create sessions based on magiclink
style tokens.

* Instantiated and exported the new SessionService

no-issue

* Refactored session middleware to take session service

no-issue

This removes duplication of code and makes the middleware more explicit
that it's just a wrapper around the session service.

* Updated to use external @tryghost/session-service

no-issue
2020-04-02 16:27:31 +02:00
Daniel Lockyer
5a748ee5a9 Updated eslint-plugin-ghost dependency
no issue
2020-04-02 14:11:33 +01:00
Daniel Lockyer
cadba8d9cc Moved Sentry release notification into main release workflow
no issue
2020-04-02 08:50:50 +01:00
Daniel Lockyer
90012c473a Enabled npm publish during the release process
no issue
2020-04-02 08:43:58 +01:00
Renovate Bot
f8f8a4b597
Update dependency express-hbs to v2.3.2 2020-04-01 18:04:24 +00:00
Daniel Lockyer
5989400df7 Removed unused chalk dependency
no issue

- left over from removing the stable branch warning from the Gruntfile
- it's not used anywhere else
2020-04-01 19:02:55 +01:00
Daniel Lockyer
dfb2995922 Removed stable branch warning from Gruntfile
no issue

- the `stable` branch no longer exists
2020-04-01 18:53:08 +01:00
Hannah Wolfe
e4404f9b9a Removed unnecessary dependency matchdep
- Don't really need a dependency here, can work without it
- matchdep hasn't been updated in 3 years, and has a web of potentially insecure dependencies
- Unlikely to affect us, but safer to go without
2020-04-01 17:50:03 +01:00
Hannah Wolfe
c3e0e82604 Removed unused grunt-cli dependency
- this should be installed globally
2020-04-01 17:50:03 +01:00
Daniel Lockyer
f5bf2673be Removed testing step from Grunt release task
no issue
2020-04-01 16:33:14 +01:00
Hannah Wolfe
9cf4312ae2 Removed misc unused dependencies 2020-04-01 15:38:26 +01:00
Renovate Bot
36a55eb0a4 Pin dependencies 2020-04-01 15:35:02 +01:00
Daniel Lockyer
02bf8773b9 Automated the release process
no issue
2020-04-01 15:17:52 +01:00
Renovate Bot
634b5e83a2
Update dependency uuid to v7.0.3 2020-04-01 12:49:34 +00:00
Hannah Wolfe
25f51056f5 Remove unused dev dependency should-http 2020-04-01 13:30:38 +01:00
Hannah Wolfe
a4175ff218 Swapped grunt-cssnano for grunt-postcss+cssnano
- The grunt-cssnano plugin is old and no longer maintained
- It uses insecure dependencies that don't really impact us, but we want to get rid of warnings
- Swapping for grunt-postcss+cssnano is a more up-to-date way of sorting this out
2020-04-01 13:17:49 +01:00
Daniel Lockyer
5ef8e0241f Simplified some release code in Gruntfile
no issue
2020-03-31 16:19:16 +01:00
Hannah Wolfe
573850ddd7 Removed fixture yarn.lock file
- This theme fixture is confusing GitHub's security tooling into thinking we have a tonne of insecure dependencies that we don't
2020-03-31 12:56:15 +01:00
Hannah Wolfe
658a6dd284 Cleaned all usages of proxy in helpers
- the proxy should always be used to access other parts of Ghost, including the urlService etc
- use consistent ES6 style for requires
- minimise use of lodash where possible
- remove circular dependency between proxy and template util
- End goal here is to enforce that the only link between helpers + the rest of Ghost is the proxy
2020-03-31 12:42:15 +01:00
Hannah Wolfe
957da0bfc5 Removed unused timezones.json file
- This file was moved to @tryghost/timezone-data some time ago
- It's no longer used in Ghost core, only in Ghost-Admin
2020-03-30 18:43:59 +01:00
Hannah Wolfe
7964c1de79 Updated image middleware to use new shared function
- we have a function for generating _o filenames in @tryghost/image-transform as of v0.2.0
- this  updates our Ghost code to use it
2020-03-30 18:33:59 +01:00
Hannah Wolfe
7f1d3ebc07
Move tests from core to root (#11700)
- move all test files from core/test to test/
- updated all imports and other references
- all code inside of core/ is then application code
- tests are correctly at the root level
- consistent with other repos/projects

Co-authored-by: Kevin Ansfield <kevin@lookingsideways.co.uk>
2020-03-30 16:26:47 +01:00
Renovate Bot
4c554ae131 Update dependency @tryghost/image-transform to v0.2.0 2020-03-30 10:55:07 +01:00
Daniel Lockyer
d35fd96abb Updated grunt-mocha-cli dependency
no issue
2020-03-30 10:52:48 +01:00
Daniel Lockyer
df213cdf0e Switched require statements to relative paths
no issue
2020-03-30 10:52:09 +01:00
renovate[bot]
f0f22d80b3
Update dependency bookshelf to v0.15.2 (#10982)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2020-03-30 22:42:25 +13:00
Kevin Ansfield
b984da9839 🐛 Fixed "Incorrectly eaten value" error if markdown footnote has trailing newline whitespace
no issue

- update `url-utils` dependency which contains a fixed version of remark footnote parsing
2020-03-29 20:26:04 +01:00