Commit Graph

128 Commits

Author SHA1 Message Date
Rish
9018e64493 Fixed email preview auth for test mails
no issue
2019-11-06 13:15:14 +07:00
Rish
4a53184d7f Added send preview email API
no issue
2019-11-05 16:09:18 +07:00
Nazar Gargol
61af0e08ae Added email preview endpoint to Admin API 2019-11-05 12:15:50 +07:00
Kevin Ansfield
a339a838b3
Removed /api/v2/members/ endpoints (#11308)
no issue

- this was a hangover from earlier members betas
- members is only available on `v3` and `canary` APIs
2019-10-31 11:11:46 +00:00
Kevin Ansfield
78e16ddd3f Merge branch 'master' into v3 2019-10-11 11:31:31 +01:00
Fabien O'Carroll
58651caa32 Removed members endpoint from admin v2 api
no-issue
2019-10-10 17:51:46 +07:00
Naz Gargol
0225936292
Removed subscribers from the codebase (#11153)
refs https://github.com/TryGhost/Ghost/pull/11152

- Added subscribers table drop migration
- Removed subscribers from schema
- Removed subscribers controllers/routes/regression tests
- Removed subscriber related API code
- Removed subscribers from internal apps
- Removed subscriber importer
- Removed subscriber model
- Removed subscriber related permissions
- Removed webhook code related to subscribers
- When upgrading to v3 it is on the site admin to migrate all zapps or any other webhook clients to use members
- Removed subscriber-specific translation
- Removed subscriber lab flag
2019-10-09 11:47:04 +02:00
Kevin Ansfield
6028fde666 Merge branch 'master' into v3 2019-10-08 13:58:08 +01:00
Naz Gargol
a4462c5753
Added members CSV export to Admin API (#11198)
no issue
2019-10-03 20:36:22 +02:00
Naz Gargol
bb355ac9f2
Added members CSV import to Admin API (#11197)
no issue

- Improved error handling for member creation. We should be returning 422s instead of 500 when possible
- Wrapped `members.add` method with Bluebird promise. Wrapping is needed to be able to use `.reflect()` in CSV export method
- Added proper members CSV fixture
2019-10-03 19:59:19 +02:00
Kevin Ansfield
1fa70dea23
Whitelisted members endpoints for v2 and canary Admin APIs (#11196)
no issue

- http verbs needed to be whitelisted for the members endpoint to avoid `NotImplementedError`s when accessing
2019-10-03 17:28:20 +01:00
Naz Gargol
30326cbd2d
Added handling for PUT members endpoint (#11194)
no issue

- Adds the ability to edit `name` field for a specific member by using `PUT /members/:id` endpoint
2019-10-03 13:38:22 +02:00
Naz Gargol
5228d9819b
Added members POST API (#11189)
no issue

- Added Regression full test coverage for members Admin API
- Added `POST /members` endpoint
- Added members schema definition + validation
- Added ability to pass through send_email/emal_type options to members API
2019-10-03 11:15:50 +02:00
Fabien O'Carroll
ab18905c76 Updated members api to use middleware exposed
no-issue
2019-09-26 11:35:44 +07:00
Rishabh Garg
6d0f19ebfa
🏗 Migrated scheduler to work with v2 API (#11142)
* Updated scheduler to use v2 API by default

* Updated scheduling for post/page resource types

* Extended base method to take options param with token and jwt options

* Updated token expiration to 6 hours after publish/blog start time to allow retries
2019-09-23 21:42:53 +05:30
Naz Gargol
5b59c7b542
🔥 Removed v0.1 controllers & routes (#11103)
no issue 

- Removed v0.1 controllers
- Removed 0.1 API unit tests
- Removed 0.1 API app and mount point
- Removed leftover use of v0.1 in entry-lookup test suite
- Removed frontend client API enpoints and related code (middleware)
- Fixed prev/next test suites to use v2 API
- Set default API version to explicit v2 in UrlUtils
- Removed v0.1 API regex from public files middleware
2019-09-11 19:10:10 +02:00
Naz Gargol
b8b0a5ea18
💡Migrated session controllers for compatibility with "frame" (#11101)
no issue

- Session controllers were using API v1 http method which bypassed "frame" introduced with API v2. 
- Changes here are just a long-awaited cleanup to allow completely remove v0.1 code
2019-09-11 11:28:55 +02:00
Kevin Ansfield
58b9aea00d Added publicAdminApi middleware stack
refs https://github.com/TryGhost/Ghost/issues/11083

- the `/api/v2/admin/site/` endpoint is "public" and as such was not using the `authAdminApi` middleware stack so it did not act like other API endpoints with protocol or trailing-slash redirects
- adds `publicAdminApi` middleware array and uses it for the `/site/` endpoint in both v2 and canary API versions
2019-09-10 15:47:49 +01:00
Kevin Ansfield
1752132051 Merge branch 'master' into v3 2019-09-10 09:50:15 +01:00
Fabien O'Carroll
49672a1e4d Updated members service to use magic-link signin
no-issue
2019-09-05 11:14:50 +08:00
Rishabh Garg
303046bc0a
💡Added v3 API endpoint (#11073)
no issue

- Adds new /v3/ endpoint which currently aliases canary code
2019-09-03 12:33:31 +05:30
Fabien O'Carroll
62f2c4a2bf Updated canary actions endpoint
closes #11015

This simplifies the actions endpoint and allows for filtering and
querying of all types of actions across separate resources and actors
2019-08-14 17:40:36 +08:00
Rish
9ab754a0c7 Added canary endpoint to parent app
no issue

Mounts new canary api endpoint on parent app
2019-08-09 20:46:49 +05:30
Nazar Gargol
bae19fbdb6 Allowed access to POST /db/backup endpoint
no-issue
2019-08-09 10:57:49 +08:00
Nazar Gargol
00f95e7328 Migrated schedules controller to v2
closes #10060

- Implemented scheduling for posts and pages
- Added cache invalidation when scheduling
- Refactored admin token eneration function to accept existing key as parameter in tests
- Added Ghost Scheduler Integration fixture
- Added fixture for permissions for post publish action
- Migrated getScheduled method to v2
- Did not add support for 'from' and 'to' parameters as they were not used by DefaultScheduler
- This method needs rethinking in a long run as it's an ugly hack and should rather become proper endpoint that returns JSON data instead of models
- Removed unused auth middleware from v2 routes
- Added internal scheduler role
- Implemetnted transactions in v2 frame
- This takes into account scenario mentioned in c93f03b87e
- Specifically:
>if two queries happening in a transaction we have to signalise
  knex/mysql that we select for an update
  otherwise the following case happens:
  you fetch posts for an update
  a user requests comes in and updates the post (e.g. sets title to "X")
  you update the fetched posts, title would get overriden to the old one
2019-08-07 14:51:36 +02:00
Fabien O'Carroll
f31e535041 Removed authenticateClient usage from v2 api
no-issue

We do not support this authentication mechanism for api v2
2019-08-07 17:57:26 +08:00
Nazar Gargol
db9eed6288 Switched to use v2 http module instead of ovelooked v1
- Small adjustments in controller that came along with the switch
2019-08-01 13:06:15 +02:00
Nazar Gargol
8b651bff9d Migrated authentication.updateSetup method to v2 2019-07-25 17:12:39 +02:00
Nazar Gargol
4441ee15a0 Migrated authentication.isSetup method to v2 2019-07-25 17:13:05 +02:00
Nazar Gargol
ddabd5e808 Migrated setup method 2019-07-25 17:12:39 +02:00
Nazar Gargol
132e278a22 Migrated authentication.isInvitation method to v2 2019-07-25 17:12:47 +02:00
Nazar Gargol
f4b97d3bc8 Migrated authentication.acceptInvitation method to v2 2019-07-25 17:12:39 +02:00
Nazar Gargol
b3ed11719e Migrated authentication.resetPassword method to v2 2019-07-25 17:12:20 +02:00
Fabien O'Carroll
97983baed6 🐛 Fixed CORS for errors from Admin API
refs #10932

Previously we were only applying the cors middleware to the options
preflight request, which meant that if the request errored, the cors
headers would not be applied, resulting in the client being unable to
read response data. This applies the cors middleware to _all_ requests
to the Admin API.
2019-07-22 12:57:41 +08:00
Fabien O'Carroll
2cb41dd8cd 🐛 Fixed CORS for errors from Content API
closes #10932

Previously we were only applying the cors middleware to the options
preflight request, which meant that if the request errored, the cors
headers would not be applied, resulting in the client being unable to
read response data. This applies the cors middleware to _all_ requests
to the Content API.
2019-07-22 12:57:41 +08:00
Fabien O'Carroll
078060abdc
Refactored members service logging and errors (#10919)
* Installed @tryghost/members-ssr@0.2.1

refs https://github.com/TryGhost/Members/issues/38

This updates allows for dynamic access of the membersApi, which will be
used in future when replacing the membersApi instance with a newly
configured one.

* Set the membersApiInstance logger to use common.logging

refs https://github.com/TryGhost/Members/issues/38

Passes the Ghost logger to the members api, so that we can keep an eye
on errors produced by the api.

* Refactored memberService use to always use getter

refs https://github.com/TryGhost/Members/issues/38

This will allow us to switch out the membersApi and the consumers of it
to have the updated reference by going through a getter.

* Installed @tryghost/members-api@0.3.0

refs https://github.com/TryGhost/Members/issues/38

Adds support for setting the logger

* Uninstalled stripe@7.0.0

refs https://github.com/TryGhost/Members/issues/38

The stripe module is now a dep of members-api, as it should be

* Updated members service to reconfigure settings

refs https://github.com/TryGhost/Members/issues/38

Previously we were unable to stop an invalidly configured members api
instance, now that we create a new instance, we can wait for the ready
or error event and only switch it out then.
2019-07-18 15:37:11 +08:00
Fabien O'Carroll
177411045a
Moved members static pages to members api URL (#10887)
* Installed @tryghost/members-api@0.2.0

refs #10886

This will allow us to mount one router rather than having a static and
api router.

* Added members v2 api directory

refs #10886

This brings the members api more inline with how the rest of the apis
work within Ghost.

* Mounted the members api app to the api route

closes #10886

This successfully mounts the api and the static pages to the
/api/v2/members/ URL.

* Installed @tryghost/members-auth-pages@1.0.0

refs #10886

This updates the auth pages to work correctly with the new mount point.

* Changed membersUrl in members.js to use members api

refs #10886

This keeps the membersUrl lined up with the path for the static
members pages.

* Removed old members static mount point

refs #10886

These are no longer used, nor desired.

* Remove superfluous code from members service

refs #10886

This remove the gateway getter which is no longer used, and the fallback
for members not enabled - which is handled within the members app.

* Updated ssoOrigin to use admin url

refs #10886

This ensures that sites running on a separate admin domain have the
correct ssoOrigin, which is used to ensure only the designated auth
pages are used to hit the authentication endpoints.

Since the auth pages are now hosted under the `/ghost` url, they will be
on the admin origin and not the site origin
2019-07-09 19:02:44 +08:00
Hannah Wolfe
6f507b8608 Updated theme activation API to experimental
- allow both uploading and activating themes as experiemental API features
- previously only uploading was allowed, I believe purely due to an oversight
2019-07-01 10:14:03 +01:00
Naz Gargol
abda6e6338
Migrated to use url-utils from Ghost-SDK (#10787)
closes #10773

- The refactoring is a substitute for `urlService.utils` used previously throughout the codebase and now extracted into the separate module in Ghost-SDK
- Added url-utils stubbing utility for test suites
- Some tests had to be refactored to avoid double mocks (when url's are being reset inside of rested 'describe' groups)
2019-06-18 15:13:55 +02:00
Rishabh Garg
c03ca79c66
Added Admin API for deleting members (#10673)
no issue

- Added new API to delete members
- Added methods to handle e2e member deletion
- Deleting member via Admin leads to
  - Removal of member from payment processor and cancelling all active subscriptions immediately
  - Removal of member information from DB
2019-04-13 10:38:56 +05:30
Rish
20a898a986 Refactored members auth flow with dynamic settings
no issue

- Updated members auth flow UI
- Updated members settings and routing to be dynamic
2019-02-26 15:43:36 +07:00
kirrg001
38e93c19b5 Reverted & Solved apiType differently
no issue

- was unable to revert 9dd7aff9c6, because it contains members changes
- functional calls did not work correctly, because the content and admin ctrl differentiation happend in the web layer
- `isContentAPI` returned true for `api.v2.settings.edit(data, {context: {internal:true{})`
- content & admin API are using different controllers
- we can just tell which ctrl is content API and which is not
- the direction fits for the content & admin API split
2019-02-26 08:33:10 +01:00
kirrg001
46d7a5666e Renamed authors ctrl to authors-public
no issue

- consistency
2019-02-26 08:33:10 +01:00
Hannah Wolfe
bd904cd8e1
Tags endpoint is experimental
- hasn't been tested yet, soooooooon
2019-02-26 12:52:58 +07:00
kirrg001
a1023f0b11 Renamed theme upload file field name
no issue

- consistent with /images/upload/ endpoint
2019-02-25 13:26:03 +01:00
kirrg001
bd7da54ce3 Changed config endpoint for Admin API v2
no issue

- re-designed config endpoint
- timezones.json should live in Ghost-SDK long-term
2019-02-25 13:24:19 +01:00
kirrg001
f9974a91a9 Added public /site endpoint to Admin API v2
no issue
2019-02-25 13:24:19 +01:00
Nazar Gargol
f558b58c89 Combined /images* endpoints into /images/upload
- refs #10438

- /images/upload now accepts all the image uploads and distinguishes their purpuse using new `purpose` form data field
2019-02-25 19:15:16 +07:00
Nazar Gargol
50ea7f0eff Added user friendly error messages to Admin API
refs #10438

- Adds new fields to errors returned from API:  help, code, and id
- Makes `message` more descriptive towards non technical users
2019-02-25 10:40:35 +07:00
Nazar Gargol
9d4b0c09a8 Renamed uploads to images
refs #10438

- As the support of /uploads endpoint has been dropped in Admin API, all related files have to correspond to new naming
2019-02-24 11:18:45 +07:00