Commit Graph

13534 Commits

Author SHA1 Message Date
Daniel Lockyer
469a2f32ad
Updated Admin to v4.10.2 2021-07-26 12:54:17 +01:00
Kevin Ansfield
8d5e7ed695
🐛 Fixed unsubscribed members receiving email when a post is sent to all members (#13181)
refs https://github.com/TryGhost/Team/issues/935

The problem was incorrect operator precedence when multiple statements existed in the filter original filter when we transform it to enforce `subscribed:true` before sending.

- free only - subscribed:true+status:free - no issue
- paid only - subscribed:true+status:-free - no issue
- all - subscribed:true+status:-free,status:free - the ,status:free part is treated as a separate OR statement meaning the subscribed:true is not applied to it and free members that are unsubscribed will receive the email

- extracted the filter transform into a separate function so it can be unit tested
- updated the transform to use `()` for operator precedence, eg: `subscribed:true+(status:-free,status:free)`
- used transform function in `addEmail()` and `getEmailMemberRows()`
- fixed `sent/send` typo in error message
2021-07-26 12:47:03 +01:00
Daniel Lockyer
eec8273147
v4.10.1 2021-07-22 18:16:20 +01:00
Daniel Lockyer
51ae9f1900
Updated Ghost-Admin to v4.10.1 2021-07-22 18:16:20 +01:00
Thibaut Patel
bdb6e950db
🐛 Fixed GScan errors when handling partials with undefined names
refs 81b89e9289

- The mark-used-partials util was recording `undefined` partials, it's not anymore
- Also fixed the `normalizePath` function that was breaking when given `undefined`
- This solves the two ends of a bug that prevented some Ghost instances to boot due to a theme with dynamic partials
- this commit bumps GScan to the fixed version
2021-07-22 18:12:43 +01:00
Daniel Lockyer
62d31bc65d
v4.10.0 2021-07-20 13:45:53 +01:00
Daniel Lockyer
3ea9a6dff1
Updated Ghost-Admin to v4.10.0 2021-07-20 13:45:53 +01:00
Fabien O'Carroll
1962591c2e 🔒 Fixed permissible method for Integration Model
refs https://github.com/TryGhost/Ghost/security/advisories/GHSA-j5c2-hm46-wp5c

The permissible method of models overrides all permission logic, which
means we must manually check the user & api key permissions before
continuing.
2021-07-20 13:43:29 +01:00
Fabien O'Carroll
ba7ddc88c1 🐛 Fixed 500 error when creating Products
refs https://github.com/TryGhost/Team/issues/919

This version of @tryghost/members-api has a patch to the loading of the
benefits relation for products, which previously was erroring and
causing a 500 error.
2021-07-20 13:22:21 +01:00
Fabien 'egg' O'Carroll
264fb51a87
Exposed Members pub keys on /members/.well-known/ (#13163)
refs https://github.com/TryGhost/Team/issues/664

The new WellKnownController and middleware handles exposing a JSON Web
Key Set for us.

In order to serve the keys on /members/.well-known/jwks.json without a
trailing slash, we must mount the wellKnown middleware before the
frontend.
2021-07-20 13:19:31 +01:00
Kevin Ansfield
ea3bf8ad7f Bumped Koenig-related packages
refs https://github.com/TryGhost/Team/issues/910

- fixed missing `alt` attributes on images in bookmark cards
- added `email-cta` card
- dropped node 10 support
2021-07-20 12:20:36 +01:00
renovate[bot]
6646c1bb65
🐛 Fixed member cookies remaining after signout
refs https://github.com/TryGhost/Team/issues/908

The `cookies` module inside `@tryghost/members-ssr` was being used incorrectly
and resulted in cookies being set with `'[Object object]'`

Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-07-20 11:16:00 +01:00
Naz
9a26ee9125 Added checkEmailList alpha labs flag
closes https://github.com/TryGhost/Team/issues/911

- See refed issue
2021-07-20 13:59:36 +04:00
Thibaut Patel
8425fb480d 🐛 Fixed gscan path issues on windows
issue https://github.com/TryGhost/Team/issues/901

- The main issue was in the AST linter, where partials could have either forward- or backward-slash separators depending on the operating system. We have normalized all partial names to only have forward-slashes, which matches the handlebars syntax, like `{{> icons/avatar}}`.
- The second issue was in the 005-template-compile, where we wouldn't check partials even though they were used. This also comes from the path separator difference.
- We have also updated all regular expressions to account for paths with backward-slashes
2021-07-19 18:17:17 +02:00
Renovate Bot
ab4694db47
Update dependency eslint-plugin-ghost to v2.6.0 2021-07-19 12:50:50 +00:00
Rishabh
41717a53a0 Fixed migration to avoid incorrect default prices
refs https://github.com/TryGhost/Team/issues/778

- cleans up the stripe migration to add default monthly/yearly prices for sites, which had a possibility of using complimentary (0 amount prices) in edge cases
- adds missing return in the same migration for an unlikely failure to parse stripe plans
2021-07-19 18:19:17 +05:30
Renovate Bot
dbf6c783a5
Update metascraper to v5.22.11 2021-07-19 11:38:44 +00:00
Peter Zimon
94234e1505 Updated copy for tiers CTA
- Updated "product" copy to "tier" in the default content CTA  when members need to be on a different plan to have access to a post.
2021-07-19 13:14:37 +02:00
Fabien 'egg' O'Carroll
c0f32b7746
Replaced usage of Error with @tryghost/errors (#13161)
refs 2f1123d6ca

Usage of the raw Error class has been deprecated in favour of our own
errors, which are more descriptive and have built in HTTP status codes.

This also updates the same errors to use @tryghost/tpl for the error
messages, which is the new pattern we are following in order for us to
deprecate the i18n module.
2021-07-19 11:46:38 +01:00
Renovate Bot
846db16071 Update dependency analytics-node to v5 2021-07-19 11:28:51 +01:00
Renovate Bot
21fcdaa69b Lock file maintenance 2021-07-19 11:26:48 +01:00
Kevin Ansfield
e5db28db00 Removed use of i18n in snippets controllers
no issue

- i18n is deprecated in favour of `tpl`
- normalized method syntax so `add` matches the rest of the controller's methods (fixed a complexity warning but was not the primary intention)
2021-07-19 11:08:55 +01:00
Naz
810b052e01 Removed use of deprecated new Error() syntax
refs 2f1123d6ca
refs 6f1a3e1774

- As per refed commits, we are removing deprecated use of `new Error()` in the codebase
- Exposed few internal from commands module methods for easier testing, otherwise it was turning into neverending mocking show
2021-07-19 21:31:31 +12:00
Naz
4c4af001e6 Removed use of deprecated new Error() syntax
refs 2f1123d6ca
refs 6f1a3e1774

- As per refed commits, we are removing deprecated use of `new Error()` in the codebase
2021-07-19 21:31:31 +12:00
Naz
a266c64130 Removed use of deprecated new Error() syntax
refs 2f1123d6ca
refs 6f1a3e1774

- As per refed commits, we are removing deprecated use of `new Error()` in the codebase
2021-07-19 21:31:31 +12:00
Naz
798bbd5320 Increased slow unit tests threshold to 2000ms
refs 20aea8c819
refs bf587d4055

- The 1000 ms limit was not enough to pass consistently for some slow unit  tests. Doubling the previous threshold to be on the safe side of the slow CIs.
- We should limit this back down to 1000ms or less during next cleanup!
2021-07-19 13:22:31 +04:00
Naz
648662af93 Reverted "Moved disguised unit tests into regression test suite"
refs bf587d4055

- The change broke regression tests and due to this change being out of
scope of the cycle dicided to rever it and increase the time limit on
unit tests instead
- We should focus on refactoring moving slow unit tests in the next
cleanup period
2021-07-19 13:22:31 +04:00
Fabien 'egg' O'Carroll
1af2b50dcf
Added userAuth brute middleware to members auth endpoint (#13152)
refs https://github.com/TryGhost/Team/issues/696

The userAuth spam prevention logic is reused, but a new piece of
middleware has to be created so that we can use a custom lookup key to
conatin the member email.

We must also add json parsing middleware to the route so that the brute
middleware can read the email.

The express body-parser middleware handles multiple instances on the
same route, so this doesn't cause problems upstream.

https://github.com/expressjs/body-parser/blob/1.19.0/lib/types/json.js#L99-L103
2021-07-19 09:40:38 +01:00
Naz
bf587d4055 Moved disguised unit tests into regression test suite
no issue

- Two affected unit tests were triggering the "slow unit test" error on CI which gave a clue they were either:
- written badly
OR
- were not unit tests at all

- The latter proved to be true and the tests were moved where they belong - into the regression test suite with much more forgiving running itme constraints.
- Unit tests should run quick ALWAYS as that's the first thing that gets triggered before pushing improvements to main. Faster - better.
2021-07-19 12:04:42 +04:00
Naz
d1b569075f Decreased coupling of frontend routing to server api
refs https://github.com/TryGhost/Team/issues/527
refs https://github.com/TryGhost/Ghost/issues/10790

- Frontent has to have as few as possible coupling points with the Ghost Server API. By design that point has been a "proxy.api" property that will become more and more constraint in the future based to limit the surface of frontend interaction with servers's API
- Removing `.../server/api` requires in favor of using a proxy decreases direct coupling
2021-07-19 19:45:54 +12:00
Renovate Bot
566615f014 Update dependency jwks-rsa to v2.0.4 2021-07-19 08:16:08 +01:00
Renovate Bot
97f19b1650
Update dependency eslint to v7.31.0 2021-07-19 01:06:44 +00:00
renovate[bot]
a292a4ba18
Update dependency eslint-plugin-ghost to v2.5.0 (#13149)
Co-authored-by: Renovate Bot <bot@renovateapp.com>

This version of eslint contains changes for Admin only
2021-07-16 13:13:04 +01:00
Fabien 'egg' O'Carroll
81e7d71391
Fixed created_at dates for member events on import (#13151)
refs https://github.com/TryGhost/Team/issues/542

The members-api has been updated to use the passed `created_at`
property when creating members for the status change events, as well as
using the subscription start_date for members paid subscription events

This is a duplicate of 7eb821b3f5 but
with updated dependencies.
2021-07-16 12:06:46 +01:00
Rishabh
07dd783a40 🐛 Fixed error on saving member with existing label
closes https://github.com/TryGhost/Team/issues/743

Unlike tags, a label has a unique constraint on its `name`. So saving a new label on member with the same name as existing label fails with error due to unique constraint error.

- adds id for new label to match existing label if they are the same name, which avoids creating a new label
2021-07-16 14:01:47 +05:30
Fabien O'Carroll
768709ce88 Revert "Fixed created_at dates for member events on import"
This reverts commit 7eb821b3f5.

This package version is broken.
2021-07-15 18:45:47 +01:00
Fabien O'Carroll
7eb821b3f5 Fixed created_at dates for member events on import
refs https://github.com/TryGhost/Team/issues/542

The members-api has been updated to use the passed `created_at`
property when creating members for the status change events, as well as
using the subscription start_date for members paid subscription events
2021-07-15 17:44:22 +01:00
Kevin Ansfield
9b963cef63 Added featureImgDragDrop alpha labs flag
refs https://github.com/TryGhost/Team/issues/884

- used by Admin whilst working on drag/drop support and design
2021-07-15 16:01:34 +01:00
Fabien 'egg' O'Carroll
71ba9f3d17
Readded support for comped status in event aggregate (#13142)
refs https://github.com/TryGhost/Team/issues/880

The aggregate for `paid_delta` was incorrect as it did not handle the
case where an event went from paid->comped or from comped->paid. This
resulted in an overcount for paid members.
2021-07-15 15:17:51 +01:00
Naz
20aea8c819 Decreased unit test's timeout
refs https://github.com/TryGhost/Team/issues/860

- As major slow test have been refactored making the timeout stricter will enforce better quality unit tests in the future
2021-07-16 00:02:33 +12:00
Naz
8a219f4f72 Fixed slow-running external request test
refs https://github.com/TryGhost/Team/issues/860

- Slow unit tests cause longer waiting time to deliver code to main. Before this fix the test was taking a whooping 6s on average
- The main cause of the delay was a downstream's package (got) default retry logic that was taking up a lot of time. The test is meant to check a "500" response handling not a retry logic, so disabling it for this specific test makes sense
2021-07-15 15:21:33 +04:00
Naz
84d0815e47 Refactored scheduling default test to use nock
refs https://github.com/TryGhost/Team/issues/860

- `nock` has been used in other similar unit tests. It was proven to have easy to understand and use API. By not making up custom code through express/httpServer stuff we reduce the amount of boilerplate code significantly - makes tests a lot more readable
- Bonus, removes couplint dependency to "shared" express module
2021-07-15 14:07:11 +04:00
Naz
9870aff8f0 Fixed slow-running scheduling default test
refs https://github.com/TryGhost/Team/issues/860

- Slow unit tests cause longer waiting time to deliver code to main. Before this fix the test was taking a whooping 6s on average
- The main cause of the delay was a downstream's package (got) default retry logic that was taking up a lot of time bypassing the retry logic present in the default scheduler itself
2021-07-15 13:50:59 +04:00
Kevin Ansfield
9c5a25b060 🐛 Fixed alt="null" for feature image in emails
no issue

- when no alt text was set for feature images we were incorrectly rendering `alt="null"` in emails
2021-07-15 09:44:34 +01:00
Fabien O'Carroll
62ee693310 Lazily instantiated express-session middleware
refs https://github.com/TryGhost/Team/issues/756

When running the tests it was possible for this middleware to be
instantiated before the settings cache, resulting in an undefined
'session_secret' setting being passed. This would cause tests to fail.

Tracking this down proved difficult, so the fix was made here, by
instantiating the express-session middleware only once a request needs
to use it, we can be confident that Ghost has completely started.
2021-07-14 17:19:53 +01:00
Naz
5ea8e9b926 Removed use of deprecated new Error() syntax
refs 2f1123d6ca
refs 6f1a3e1774

- As per refed commits, we are removing deprecated use of `new Error()` in the codebase
- This bit cleans up the rest of `new Error()` usage in MEGA service
2021-07-14 19:17:35 +04:00
Naz
b045112950 Renamed exposed _getEmailMemberRows in mega
no issue

- Exposing internal methods out of the module is a non-standard practice. Adding `_` prefix allows to signal that this method is not for general use.
- When mega is refactored into a proper class this method will become exposed anyways
2021-07-14 18:56:57 +04:00
Naz
f343e73c92 Removed use of deprecated new Error() syntax
refs 2f1123d6ca
refs 6f1a3e1774

- As per refed commits, we are removing deprecated use of `new Error()` in the codebase
- This bit cleans up `new Error()` usage in MEGA service
2021-07-14 18:44:25 +04:00
Naz
3b7042545a Fixed typo 2021-07-14 13:23:15 +04:00
Naz
8f5d6ebf8c Removed use of deprecated new Error() syntax
refs 2f1123d6ca
refs 6f1a3e1774

- The use of new Error() has been deprecated. Refactoring the migration  to use `createIrreversibleMigration` made most sense to have central error handling for migration which are not meant to be reverted.
2021-07-14 12:16:44 +04:00