Commit Graph

8909 Commits

Author SHA1 Message Date
Katharina Irrgang
5921d9ce4a
Removed unit tests who use the database (#10407)
refs #9178

## Rule

- do not use the database in unit tests
- re-add correct unit tests if you work on something which is not tested properly (we have to bring them back at some point, but without using the database)
2019-01-22 13:36:30 +01:00
Kevin Ansfield
9fc9aefa9c Version bump to 2.12.0 2019-01-22 11:36:17 +00:00
Kevin Ansfield
77a1cabe95 Updated Ghost-Admin to 2.12.0 2019-01-22 11:36:17 +00:00
Kevin Ansfield
5c120068fd Upgrading Casper to 2.9.1 2019-01-22 11:09:05 +00:00
kirrg001
baa8a6a1d4 Bumped moment to version 2.24.0
no issue
2019-01-22 09:12:43 +01:00
kirrg001
c862110cc4 Respected peer dependency for bookshelf
no issue

- need to use knex 0.14.x for now
- Bookshelf already bumped the peer dependency in master, but was not released yet
2019-01-22 09:12:43 +01:00
Rish
e972483f6c Fixed error handling for members reset password
no-issue

- Both input and form error was shown on submitting reset-password form
- Does not submit form anymore in case of validation errors
2019-01-22 11:46:48 +05:30
Katharina Irrgang
585eada1c3
Removed grunt-docker from dev dependencies (#10405)
no issue

- this npm package is very out-of-date
- it shows 5-6 security warnings
- i don't really know why this grunt command exists
- it was added 5 years ago: f84d3d32e5
2019-01-22 06:56:50 +01:00
Katharina Irrgang
4acc375fb6
Bumped knex & bookshelf dependencies (#10404)
refs #9389, refs #9248

- https://github.com/bookshelf/bookshelf/releases/tag/0.14.0
- Bookshelf has fixed it's previous attr handling, see https://github.com/bookshelf/bookshelf/pull/1848
- SQlite3 double slashes was merged into knex and released 👻tgriesser/knex@c746dea
2019-01-21 21:53:11 +01:00
Hannah Wolfe
d70ec449bc Contrib guide: More info on features
- updating to try to set expectations
2019-01-21 17:58:26 +00:00
Katharina Irrgang
d0687da3a3
Bumped major test dependencies (#10403)
refs #9389

- eslint@5.12.1, eslint-plugin-ghost@0.1.0, grunt-contrib-clean@2.0.0, grunt-contrib-uglify@4.0.0, grunt-eslint@21.0.0, grunt-mocha-cli@4.0.0, grunt-shell@3.0.1, mocha@5.2
.0, nock@10.0.6, rewire@4.0.1

All of them dropped Node v4. I was not able to find any other big breaking changes, which affect us right now.
2019-01-21 18:28:44 +01:00
Katharina Irrgang
fb044e6d88
Bumped sinon from 4.4.6 to 7.3.2 (#10400)
refs #9389

- https://github.com/sinonjs/sinon/blob/master/CHANGELOG.md

Breaking changes for Ghost:

- no need to create a sandbox anymore, each file get's it's own sandbox
- just require sinon and use this sandbox
- you can still create separate sandboxes with .createSandbox
- reset single stubs: use .resetHistory instead of .reset

This is a global replace for any sandbox creation.

---

From https://sinonjs.org/releases/v7.2.3/sandbox/

> Default sandbox
> Since sinon@5.0.0, the sinon object is a default sandbox. Unless you have a very advanced setup or need a special configuration, you probably want to just use that one.
2019-01-21 17:53:44 +01:00
Hannah Wolfe
d24229fc16 Github support bot: dynamic author name 2019-01-21 16:44:13 +00:00
Hannah Wolfe
c64676766c Trying out github support bot
- Support bot will respond to any issues we label with "support"
2019-01-21 16:40:48 +00:00
kirrg001
c20ff9afb8 Bumped superagent from 3.8.3 to 4.1.0
refs #9389

- https://github.com/visionmedia/superagent/blob/master/History.md#400-2018-11-17
- breaking changes don't really affect us
  - .end(…) returns undefined instead of the request. If you need the request object after calling .end() (and you probably don't), save it in a variable and call request.end(…). Consider not using .end() at all, and migrating to promises by calling .then() instead.
  - this could be changed, but it's not required
2019-01-21 15:19:07 +01:00
kirrg001
742aef77f2 Bumped html-to-text from 3.3.0 to 4.0.0
refs #9389

- https://github.com/werk85/node-html-to-text/blob/master/CHANGELOG.md#version-400
- breaking change does not affect us
2019-01-21 15:02:52 +01:00
kirrg001
1705e8575f Bumped csv-parser from 1.12.1 to 2.1.0
refs #9389

- breaking change does not affect use
- https://github.com/mafintosh/csv-parser/releases/tag/v2.0.0
2019-01-21 14:40:30 +01:00
kirrg001
eedf0dae02 Bumped chalk from version 1.1.3 to 2.4.2
refs #9389

- i was not able to find a breaking change, which affects us
- https://github.com/chalk/chalk/releases/tag/v2.0.0
2019-01-21 14:31:26 +01:00
Nazar Gargol
c3e22b6ab9 🐛 Fixed forced page filter not being respected in Content API
closes https://github.com/TryGhost/Ghost/issues/10395, https://github.com/TryGhost/Ghost/issues/10390

- The grouping was introduced due to a flasy conjunction of last filter in 'or' group with enforced page filter, due to this the rest of filters in the 'or' group were bypassed
- Additional grouping added here increases the possiblity of https://github.com/NexesJS/NQL-Lang/issues/7 bug happening
2019-01-21 13:26:45 +00:00
kirrg001
8174a5cce7 Bumped archiver from version 1.3.0 to 3.0.0
refs #9389

- i wasn't able to find a breaking change which affect us
- https://github.com/archiverjs/node-archiver/blob/master/CHANGELOG.md
- we use it for downloading themes. this feature still works
2019-01-21 14:16:00 +01:00
kirrg001
7681199135 Bumped analytics-node from version 2.4.1 to 3.3.0
refs #9389

- breaking changes do not affect us
- https://github.com/segmentio/analytics-node/releases/tag/v3.0.0
2019-01-21 13:36:46 +01:00
kirrg001
f17d134759 Bumped dependencies
no issue
2019-01-21 13:33:20 +01:00
Katharina Irrgang
3df763009e
Added quick fix to handle integration upserts for x_by columns (#10295)
refs #10286

- this is just a hotfix for v0.1
- we keep the x_by fields for now and deprecate them
- as soon as an integration updates/inserts a resource, we just store the owner ID
- we currently work on a new concept for v2
- v2 no longer exposes or uses x_by, see https://github.com/TryGhost/Ghost/pull/10294
- we need to iterate on this change, because we currently use the naming `context.api_key_id` in the auth/API layer
2019-01-21 12:41:45 +01:00
Dexter Leng
da71b61bcf 🐛Deleted associated roles_users rows when user is destroyed (#10243)
closes #8843
2019-01-21 12:36:13 +01:00
Katharina Irrgang
a927aecc3f
🐛 Fixed prev_next helper when using Content API v2 (#10397)
closes #10389
2019-01-21 11:48:18 +01:00
Fabien O'Carroll
6f87f2af93 Fixed img_url to work with protocol relative urls
closes #10391

- We use "relative protocol" urls for gravatar images, which were
  incorrectly getting treated as relative path urls.

- Refactored getBlogUrl calls into const
2019-01-21 11:41:23 +01:00
kirrg001
26d0f48561 Renamed getValidAdminKey to getValidAdminToken for admin api v2 test area
no issue
2019-01-18 19:11:51 +01:00
kirrg001
1126997244 Added easy way to enable admin api key authentication
refs #9865

- small refactoring to make both session and admin api key handling similar
- admin api key authentication is still disabled, but easy to enable
- added proof test how to authenticate using admin api keys
2019-01-18 18:57:58 +01:00
kirrg001
4f7783939d Fixed lint
no issue
2019-01-18 18:03:15 +01:00
kirrg001
e90148e7c3 Switched to use new implementation of authorizeAdminApi
refs #9865

- see code comments
2019-01-18 17:54:08 +01:00
kirrg001
de7ba3cd85 Corrected content api test key
no issue

- we reduced the key length
2019-01-18 17:54:08 +01:00
kirrg001
fbe2829b93 Added test helper for admin api v2: getValidAdminKey
no issue
2019-01-18 17:54:08 +01:00
kirrg001
f82bb07534 Added empty lines and reduces line length in auth authorize
no issue

- improves readability
2019-01-18 17:54:08 +01:00
kirrg001
3f758c6a0a Protected against empty admin api key
refs #9865
2019-01-18 17:54:04 +01:00
kirrg001
1b5b95e198 Renamed authenticateAdminApiKey to authenticate for admin api key auth
refs #9865

- the outer authentication layer wants a consistent interface of each authentication package
  - admin.authenticate
  - session.authenticate

- furthermore, there is no need to put the full feature into the exposed function name
2019-01-18 17:30:07 +01:00
kirrg001
462865981e Updated admin api key authentication to expect api key id in payload
refs #9865

- see https://github.com/TryGhost/Ghost/blob/2.11.1/core/server/lib/members/index.js#L52
- consistency
2019-01-18 17:22:19 +01:00
Fabien O'Carroll
1c56221d80 Added API Key auth middleware to v2 Admin API (#10006)
refs #9865

- Added `auth.authenticate.authenticateAdminApiKey` middleware
  - accepts signed JWT in an `Authorization: Ghost [token]` header
  - sets `req.api_key` if the token is valid
- Updated `authenticatePrivate` middleware stack for v2 admin routes
2019-01-18 12:45:06 +00:00
Fabien O'Carroll
809a167a55 Updated permissible methods for hasApiKeyPermissions (#9970)
refs #9865

This updates all current permissible methods to use the new function
signature which includes the hasApiKeyPermissions parameter. It also
makes sure that the hasApiKeyPermissions argument is taken into account
whenever checking before returning a resolved promise.

To be continued. This is just a tiny part of the big picture. None of these changes are fully committed to stay as they are.
2019-01-18 13:39:53 +01:00
kirrg001
873d63dc5d Fixed unit test: services/permissions/parse-context_spec.js
no issue
2019-01-18 13:16:28 +01:00
kirrg001
2c7c72cd9f Fixed travis
no issue

- caused by fc73cd71bb
- breaks the content API access
2019-01-18 13:05:39 +01:00
Fabien O'Carroll
fc73cd71bb Updated permissions service to handle api keys (#9967)
refs #9865

- Enabled the permissions module to lookup permissions based on an api_key id.
- Updated the "can this" part of the permissions service to load permissions for any api key in the context, and correctly use that to determine whether an action is permissible. It also updates the permissible interface that models can implement to pass in the hasApiKeyPermissions param.
2019-01-18 11:17:11 +00:00
Fabien O'Carroll
42a1313bff
Removed members internal app (#10379)
no-issue

* Mounted members static router directly to parentApp

* Removed members internal app
2019-01-17 12:03:40 +01:00
Hannah Wolfe
909f9012ed
Updated docs links to best equivalents (#10386)
* Updated docs links to best equivalents
   - Our documentation has been overhauled, this updates the all the old links sprinkled through Ghost
* Update integrity hash
2019-01-17 06:57:37 +00:00
Fabien O'Carroll
2aec5db811 Version bump to 2.11.1 2019-01-16 09:58:53 +01:00
Fabien O'Carroll
0204245869 Updated Ghost-Admin to 2.11.1 2019-01-16 09:58:53 +01:00
Greg Hart
418e958c69 🐛Fixed custom redirects to forward hashes correctly (#10319)
closes #10290
2019-01-15 23:26:18 +01:00
Hannah Wolfe
a1f0169edf 🐛 Fixed 500 error for content with no collection
no issue

- Fixes a case where a post that doesn't belong to a collection throws a 500 Resource Not Found Error
- This should be a 404 Resource Not Found error
- 500 suggests something went very wrong and is our fault,
-  but this is a user error where the collections or posts are misconfigured, and some content doesn't have a home
2019-01-15 22:00:46 +00:00
Hannah Wolfe
846a94728f
🐛 Fixed uncaught exceptions from image fetches
closes #10383

- Upgrades got to 8.3.2, which contains better error handling and resolves the issue with uncaught exceptions
- Note: Got 9.x stream doesn't support Node v6
- Requires us to hardcode http:// for xmlrpc because there is a breaking change where got now defaults to https instead of http
2019-01-15 20:35:46 +00:00
Hannah Wolfe
d58ecda9a9 🐛 Fixed responsive images for .icos
closes #10301

- we allow .ico files for icons, but we cannot resize these specialist files at present
2019-01-15 17:41:25 +00:00
Hannah Wolfe
0d8aa92e68
Update commit message format 2019-01-15 14:10:29 +00:00