- we ignore some files within Casper via the Core .npmignore, but this
was outdated
- `.csscomb.json` and `.yarnrc` do not exist in the repo anymore
- `yarn.lock` should be added because this is the bundled theme files
and we don't expect to be editing them again
refs https://github.com/TryGhost/Toolbox/issues/389
- The e2e test suite log was full of ERR_NOCK_NO_MATCH warnings when the logging level was set to "warn". The cause of this warning was legit duplicated webhook trigger processing on test environment. Gah!
- The source of duplicate webhook processing was duplication of event handlers. Event handlers were registered multiple times for same event because of the singleton nature of the "common/events" module - it remains the same instance and is not cleaned up between reboots. The deeper issue of events module initialization should be solved separately, this slightly hacky approach fixes the problem now and highlights it to be tackled in the future.
refs https://github.com/TryGhost/Team/issues/1074
Rather than relying on the global block to stop malicious actors from
enumerating email addresses to determine who is and isn't a user, we
want our user login brute force protection to be on an IP basis,
rather than tied to the username.
refs https://github.com/TryGhost/Toolbox/issues/389
- if we enable warning logs in E2E tests, we get a bunch of error
messages saying `ERROR Unhandled rejection: aborted` coming from the
SQLite DB reset code
- specifically, it's coming from the line that resets the DB by copying
the file
- this line was initially added because we would see random SQLite
"malformed database" errors
- I have a feeling that was due to something else, but I can't be sure
- I'm also not sure how else we should shut the DB connection, as this
is the recommended way but it throws an unhandled rejection
- this commit is a bit of a gamble because I'm not actually sure what
was causing the problem, but it gets rid of the errors locally and
doesn't regress on the random failures
fixes https://github.com/TryGhost/Ghost/issues/15190
refs https://github.com/TryGhost/framework/pull/76
- log output always uses UTC timestamps, but it may be desirable to
configure logs to use the local machine timezone
- a new config option has been added to `@tryghost/logging` so you can
switch the logs to the local timezone
- this commit bumps the package and sets the default config option to
`false`, so it doesn't suddenly change the timezone of the logs
- docs will be updated soon but if you'd like to use the
timezone-altered timestamps, you can set `logging.useLocalTime` to
`true`
- credits to https://github.com/levee223 for the implementation and PR
- in its current form, bundling will happen before we build Admin
- Admin complains because the version in its package.json for
`@tryghost/members-csv` is different to the one linked in the monorepo
- by putting bundling at the end, we write the new package versions
after we've already built Admin, so this issue should go away
fixes https://github.com/TryGhost/Team/issues/1860
**Problem:**
Members were not able to comment on a post that was only visible for members with a specific tier.
**Causes:**
Content gating was done on models with missing relations.
- The products relation was not loaded on the member when doing content gating
- The tiers relation was not loaded on the post when doing content gating
**Tests:**
- Added for tier-only posts
- Added for paid-only commenting
fixes https://github.com/TryGhost/Team/issues/1859
**Problem:**
When for some reason a member has an active subscription (or legacy comped subscription) for product A, and a comped subscription for product B. You cannot remove comped subscription B.
**Fixed by:**
Updating the API to allow more flexible product changes on members.
- Allow the removal of (comped) products on a member, as long as that product doesn't have a related subscription
- (still) allow the addition of comped products to a member, as long as that member doesn't have other active subscriptions. This matches the existing behaviour, but now this is only checked for added products.
- Includes tests for these edge cases
- the code in question had the intention of returning early if no new
email batches had been created for an Email
- there were 2 minor bugs here:
- `batchIds` would end up being an array of an array of strings
because we just push an array in without the spread operator
- we would compare that the returned array equaled zero, which was
never the case
- this commit fixes these minor issues and adds JSDoc to document the
function's return type
no issue
- While auditing the access rights to endpoints have come across the "stable" / "experimental" notes that do not make any sense in the current approach towards the API. Every endpoint that's documented and exposed just "is" there no stable/unstable/canary/whatever distinction in the Admin API since Ghost v5
- Staff tokens were also acked as a separate way to access the API, so we have them in mind when modifying the access-list
fixes https://github.com/TryGhost/Team/issues/1679
These endpoints are safe to be removed, as they are only used by the admin app and usage has been removed over there. It is very unlikely that this endpoint has been used in a third party integration (in which case they will get a notification email).
no issue
- Return was missing for `res.end` if an invalid subscription_id was passed
- Added explicit `text/plain` `Content-Type` headers to error messages to avoid MIME sniffing
Signed-off-by: Elijah Conners <business@elijahpepe.com>
Co-authored-by: Simon Backx <simon@ghost.org>
In case there is an issue with the filtering of items in our client
side attribution script, we also check for and remove out of date
items here. This ensures that we do not erroneously attribute signups
or conversions to webpages from more than 24h ago.
We promote from alpha -> beta so that we don't require the
enableDeveloperExperiments flag, the toggle in the UI is behind the
flag still, so it will only be visible to developers or people using
alpha features.
refs TryGhost/Team#1826
- adds new service package that manages all the email alert notifications for free members and paid subscriptions
- includes email templates for free member signup and paid subscription start/cancel
- initializes staff service before members to allow managing email alert notifications
- passes staff service to members api for triggering alerts
refs TryGhost/Team#1826
- adds a method on user model which fetches all eligible users for a type of email alert
- restricts users to active `Owner` and `Administrators` with setting turned on
refs https://github.com/TryGhost/Toolbox/issues/387
- The limit values should be as configurable as possible to adjust verification thresholds dinamically per-usecase. This solves a problem of doing a separate version release when we need to adjust the verification thresholds.
- Before this "importThreshold" was the same concept as "apiThreshold", which makes it hard&confusing to reason about and hard to parameterize each specific case.
refs https://github.com/TryGhost/Toolbox/issues/387
- Similar reasoning as to previous renames - the variables were named with a single trigger source in mind and now would be confusing with multiple verification trigger sources.
refs https://github.com/TryGhost/Toolbox/issues/387
- There will three distinct verification limits soon. To keep the naming clear "configThreshold" would be too generic/confusing to use.
- Introduced jsdoc descriptions for the "source" parameter, which will be corelating with each new config parameter ("apiTriggerThreshold", "importTriggerThreshold", "adminTriggerThreshold", etc.). This should give a better visibility into parameters we are dealing in this area.
closes: https://github.com/TryGhost/Team/issues/1732
- adds a theme helper which outputs a working search button with a standard icon
- the icon adopts whatever the current color is from css, and has a set of default styles
- styles can be overridden with !important or the data attribute
- alternatively, any element in a theme may be turned into a search button by adding data-ghost-search
- this is meant to be a simple tool for non-theme-developers to easily add a search icon to their themes in a way that doesn't require css or html knowledge
refs: 203c8036fa
refs: 1fadbacdec
refs: 22fd7f289c
- There is something seriously weird about how content-length changes...
- It's different on CI to local sometimes...
- This particular test should not change IMO
refs https://github.com/TryGhost/Team/issues/1833
refs https://github.com/TryGhost/Team/issues/1834
We've added the attribution property to subscription and signup events when the
flag is enabled. The attributions resource is fetched by creating multiple relations
on the model, rather than polymorphic as we ran into issues with that as they can't
be nullable/optional.
The parse-member-event structure has been updated to make it easier to work with,
specifically `getObject` is only used when the event is clickable, and there is now a
join property which makes it easier to join the action and the object.
- after a while of browsing around filtering Actions, the endpoint will
suddenly lock up and start throwing stack exceeded errors
- this is because every time we initialize an Actions model, we push to
the `candidates` array with a list of the current models
- this was producing a `candidates` array with a length of several
thousand models after a few clicks, which would cause errors when
joining the data down the line
- the code was like this because we need to lazy-initialize the models,
so the order of requiring the Actions model doesn't matter
- this commit switches the code to using a `candidates` function to get
the models
- this seems to work and the performance cost is negligible given it now
doesn't error
refs: https://github.com/TryGhost/Ghost/issues/14882
- Usage of bluebird is deprecated in favour of using native promises
Co-authored-by: Navarjun <navarjun@Navarjuns-MBP.hitronhub.home>
refs https://github.com/TryGhost/Team/issues/1833
refs https://github.com/TryGhost/Team/issues/1834
We've added the attribution property to subscription and signup events when the
flag is enabled. The attributions resource is fetched by creating multiple relations
on the model, rather than polymorphic as we ran into issues with that as they can't
be nullable/optional.
The parse-member-event structure has been updated to make it easier to work with,
specifically `getObject` is only used when the event is clickable, and there is now a
join property which makes it easier to join the action and the object.
