Commit Graph

5718 Commits

Author SHA1 Message Date
Rishabh Garg
dba2a2970b
Added migration to fix incorrect mrr events (#12837)
closes https://github.com/TryGhost/Team/issues/595

Due to a bug in `mrr_delta` calculation, we ended up reducing the MRR delta by twice the original amount when a subscription goes from active to canceled and storing it in `members_paid_subscription_events` table, which is used to show the MRR chart on Dashboard. The way we identify the incorrect events in the table which got the double negative value is by checking if they match certain criteria - Both `from_plan` and `to_plan` have same value as a subscription changes status while being on same plan.

This migration halves the `mrr_delta` for incorrect events to restore the correct MRR change for the site.
2021-04-06 21:14:54 +05:30
Naz
f3a581ef7f Fixed v3 API config's billingUrl fetching
refs 26f56626ce

- The renamed was missed during the config rename host_settings -> hostSettings in the referenced commit.
2021-03-31 13:47:58 +13:00
Rishabh Garg
72e8894eac
Cleaned old members stats endpoint (#12821)
no refs

- Removes old `/members/stats` endpoint in favor of new `/members/stats/count` in canary/v4 which captures members counts using new events table
- Removes tests for old `/members/stats` endpoint
- Added test for new `/members/stats/count` endpoint
2021-03-29 13:07:01 +05:30
naz
ffd866cedc
💥 Reduced default exports content for DB APIs (#12818)
refs https://github.com/TryGhost/Team/issues/555

- Export files included a lot of data which was not used in the importer, for example: members,  labels, migrations and many more. This lead to a lot of clutter in the import files and made it hard to reason about their purpose.
- The main purpose of exports - is to export importable resources. These are posts, tags, and users. The rest of data like members or migrations either have their own importer (like CSV importer for members) or does not and should not have any ways to be imported.
- These changes are in now way complete. It's a first step towards resource-based exports which could be properly versioned in the future on API level and not be a mirror of the DB structure.
- This is sort of a breaking change. But we are doing it because: (1) its an internal API that should not be used by external clients, (2) there was no public contract to have this API stable at any point, (3) we really need to get back the control over export files structure and size
- In case an external client was dependent on some structure of the exported json file they can still pass in ALL of previously exported data by passing table names in `include` query parameter.
2021-03-25 19:27:49 +13:00
Naz
aaa54c603c Refactored exporter to use "allowlist" table filtering
refs https://github.com/TryGhost/Team/issues/555

- Previous blocklist approach was resulting in adding every single new table into an export automatically. Which creates possibility to leak sensitive data if not used porperly. Allowlist approach gives better control over what is exported, makes this information explicit, and version-control friendlier
2021-03-25 16:46:56 +13:00
Naz
eccb15a988 Removed unecessaryly complex logic from exporter
refs https://github.com/TryGhost/Team/issues/555

- The getVersionAndTables was doing too much and was only used once creating clutter in doExport method. Refactored code doing 2 direct calls instead of destructuring "dances".
2021-03-25 15:27:39 +13:00
Naz
2e9ec65b63 Refactored exporter to use async/await
refs https://github.com/TryGhost/Team/issues/555

- async/await is much more readable and is a preferred style within the codebase
2021-03-25 15:27:39 +13:00
Rish
eb2b98a087 Fixed incorrect subdomain check
refs 2e81aa17fb

Incomplete push in the last commit with missing conditional check :/
2021-03-24 23:33:49 +05:30
Rish
2e81aa17fb 🏗 Removed www subdomain from default newsletter/support address
refs https://github.com/TryGhost/Team/issues/397

The default newsletter/support email address for a site is currently setup as noreply@DOMAIN , which means for a custom domain setup with www the email address becomes noreply@www.somesite.com which is not the expected behavior normally. This removes the `www` subdomain if present for those email addresses, but doesn't change any other subdomain
2021-03-24 23:31:00 +05:30
Rishabh Garg
82bb466316
Removed hardcoded accent color fallbacks (#12813)
refs https://github.com/TryGhost/Team/issues/536

From 4.0, we ensure and require that accent colour is always set. This change removes hardcoded accent color fallbacks to avoid confusion as well as cause accidental fallback that is undesired causing themes to look different
2021-03-24 18:25:26 +05:30
Kevin Ansfield
929cb0afe9
🐛 Fixed plaintext and excerpt fallbacks having incorrect URLs after domain change (#12811)
closes https://github.com/TryGhost/Team/issues/571

- `post.plaintext` values were being transformed with the markdown URL transformer but that wasn't picking up the link format used in our plaintext fields resulting in absolute URLs being stored in the database rather than `__GHOST_URL__` URLs
  - meant that if the `url` config is changed then plaintext and other calculated fields that used it would have URLs that referred to the old domain rather than the new one
  - re-saving the posts would have updated it but that's not feasible to do manually for large sites
- bumped `@tryghost/url-utils` to a version that has plaintext transform utils and updated the post model's transform map
2021-03-23 16:56:14 +00:00
Thibaut Patel
44035fd591 Added a better error when a user try to create an orphaned webhook
issue https://github.com/TryGhost/Team/issues/526
refs 70627d84a7 (r48575450)
2021-03-23 17:15:21 +01:00
Hannah Wolfe
2996180c60 🐛 Fixed limits not allowing contributors to be unsuspended
refs https://github.com/TryGhost/Team/issues/510

- contributors don't count towards the staff limit, therefore they should be allowed to be unsuspended
- currently, we don't check the role when unsuspending, which is incorrect
- this bug is pure oversight!
2021-03-23 14:04:18 +00:00
Kevin Ansfield
426cbeec0f
🐛 Fixed performance regression introduced in 4.1.0 (#12807)
closes https://github.com/TryGhost/Ghost/issues/12791
closes https://github.com/TryGhost/Team/issues/566

https://github.com/TryGhost/Ghost/pull/12787 introduced a significant performance regression due to a misunderstanding of when Bookshelf calls `.format()` ([related upstream issue](https://github.com/bookshelf/bookshelf/issues/668)). We expected `.format()` to only be called on save but it's also called when Bookshelf performs fetching and eager loading which happens frequently. `.format()` can be a heavy method as it needs to parse and serialize html and markdown so it should be performed as infrequently as possible.

- override `sync()` in the base model so we can call our own `.formatOnWrite()` method to transform attributes on `update` and `insert` operations
  - this was the only feasible location in Bookshelf I could find that is low enough level to not require modifying model instance attributes
  - gives models the option to perform heavy transform operations only when writing to the database compared to the usual `.format()` method that is also called on fetch in many situations
2021-03-23 09:11:24 +00:00
Peter Zimon
6d853ff43f Fixed email preheaders
- removed member import related preheader from invite, reset password and welcome emails
2021-03-23 09:49:33 +01:00
Rishabh Garg
738c8ac70d
🐛 Fixed Admin redirect for newsletter/support email update (#12810)
closes https://github.com/TryGhost/Team/issues/570

When site owner/admin updates their newsletter/support email address from settings, they receive an email with confirmation link which on success takes them to Ghost Admin on email settings screen with a toast about success. Since the path for email settings in Ghost Admin changed in v4, the fix updates the redirect link to new Admin settings URL.
2021-03-23 11:24:07 +05:30
Naz
81a54a70bc Fixed failing notification update for non-major version
refs 4dc413d6a1

- Fixed failing test cases which were designed to check non-major upgrade messages. There's no clear use cases for those, but still worth keeping such case in mind
2021-03-23 18:02:52 +13:00
Naz
4dc413d6a1 🐛 Fixed upgrade notification showing post-upgrade
closes https://github.com/TryGhost/Team/issues/564
refs https://github.com/TryGhost/Ghost/issues/10236

- The notification to upgrade to new 4.0 Ghost version was still visible to users after upgrading the instance to 4.0. This was caused by notification filtering not taking into account 3.x or 4.x versions.
- The fix filters out notifications that detect a major version notification using `x.0 is now available` pattern and compares current version to that major. This should future proof the issue from happening in Ghost 5.0 (but a proper holistic fix is preferable!)
2021-03-23 16:42:46 +13:00
Naz
265026d73d Added JSDoc to notifications service's constructor
refs https://github.com/TryGhost/Team/issues/564
refs https://github.com/TryGhost/Ghost/issues/10236
2021-03-23 15:22:14 +13:00
Peter Zimon
2d69c32481 Fixed member import email heading spacing 2021-03-22 18:15:11 +01:00
Thibaut Patel
70627d84a7 Removed redundant code for handling orphaned webhooks
issue https://github.com/TryGhost/Team/issues/526
refs https://github.com/TryGhost/Team/issues/477
2021-03-22 15:48:51 +01:00
Peter Zimon
b3b6a603af
New logo in Admin (#12768)
refs https://github.com/TryGhost/Team/issues/547

- replaced link to static/squircle to orb
2021-03-18 17:27:27 +00:00
Kevin Ansfield
afbe0c27fb
🐛 Fixed __GHOST_URL__ appearing in sitemaps (#12787)
closes https://github.com/TryGhost/Team/issues/552

Refactors URL transforms so they take place at the model layer rather than the API serializer layer. Continuation of the pattern created for the settings model in https://github.com/TryGhost/Ghost/pull/12738

- Added checks to all front-end tests to ensure output does not contain the magic replacement string
  - includes failing acceptance test for `__GHOST_URL__` appearing in sitemaps
- Removed all transform-ready URL transforms from API serializers
  - input serializers transform image urls relative->absolute to keep absolute-urls as the consistent "outside of the database" format
  - output serializers should not need to perform any URL transforms as that will be done at the model layer
- Added url transforms to models layer
  - removes knowledge from the API serializers which shouldn't need to know how data is stored internally in the database
  - makes absolute urls the consistent "outside of the database" URL format
  - adds transform step to the sitemap generator because the data used for that is fetched directly via knex which will not run through the bookshelf `parse()` methods
2021-03-18 17:16:37 +00:00
Rishabh Garg
1a84b8d81b
🐛 Fixed unable to delete member (#12784)
closes https://github.com/TryGhost/Team/issues/557

After updating to v4 on SQLite from v3, we were unable to delete members due to a foreign key mismatch error. This is because the migrations which recreates the tables for `members_stripe_customers_subscriptions` and `members_stripe_customers` doesn't add back the unique constraint which is needed by FKs for reference.

The migration creates the missing UNIQUE constraints on the tables.
2021-03-18 22:20:58 +05:30
Fabien 'egg' O'Carroll
8318391d4c
Fixed typo in migration to add backupContent permission (#12777)
refs https://github.com/TryGhost/Team/issues/553

This was introduced in https://github.com/TryGhost/Ghost/commit/79c3709f

This migration has a `noop` for the down, as we never want to revert
Ghost to a broken state
2021-03-18 14:52:12 +00:00
Thibaut Patel
63d55570a3 💥 Removed the /redirects/json route alias
no issue

This route had been deprecated and wasn't used anymore. You should switch to `GET /redirects/download` and `POST /redirects/upload` instead.
2021-03-17 15:58:28 +01:00
Naz
b5de4f4cf5 Reverted dropped model usage in post serializer
refs 6b07d4b2a0

- The model is needed here, because it contains full set of fields. In some cases, like email-preview, the "plaintext" field is not present in "attrs" which causes the logic to fail.
- This should be sorted along with https://github.com/TryGhost/Ghost/issues/10396
2021-03-17 20:01:12 +13:00
Naz
6b07d4b2a0 🐛 Fixed __GHOST_URL__ appearing in generated excerpts
refs https://github.com/TryGhost/Team/issues/467
refs a6f5eb71be

- When a generated excerpt is calculated for posts/page resources it uses raw model! to get the data. Model contains untranformed __GHOST_URL__ markup which has to be additionally processed before extracint an excerpt or use the transformed `plaintext` from available attributes (chose the latter to decrease complexity)
- Removed model dependency as `attrs` at this point of serialization should always contain the `plaintext` field. It's ugly and has an unsolved bug report here - https://github.com/TryGhost/Ghost/issues/10396. The reliance should be solved at some point, but definitely not a part of this issue
2021-03-17 19:12:40 +13:00
Hannah Wolfe
0e87a1c045 🐛 Allowed for inviting contributors when staff is limited
refs: https://github.com/TryGhost/Team/issues/510
refs: e30b9735fa

- In the case that there is a staff user limit, and the limit is maxed out, it is no longer possible to invite new staff users
- However, Contributors are not considered staff users and therefore it should always be possible to invite new Contributors
2021-03-15 11:40:44 +00:00
Kevin Ansfield
19d5448101
🐛 Fixed complimentary members' content gating (#12761)
no issue

Comped members were not able to view paid-member content because content gating was only looking for `member.status === 'paid'` which doesn't take into consideration members on a "complimentary" plan.

- added front-end acceptance tests for member access to posts
- updated content-gating check to take comped members into consideration
2021-03-15 19:13:48 +13:00
Hannah Wolfe
67adfe6054 Updated fixture copy
closes: https://github.com/TryGhost/Team/issues/528

- This only changes one sentence slightly to a minor grammar issue 💪
2021-03-11 19:20:30 +00:00
Hannah Wolfe
fdc043227a Updated fixtures for Ghost v4.0
- With 4.0 we have a brand new version of Casper, new fixtures and new default settings
- Fixture posts cover the key features and give users an introduction to how to use their site
- This all comes from the marketing and design teams to refresh the look and feel of Ghost and give users the best possible onboarding experience
Note: this fixture overhaul includes
- new content for new 4.0 features
- regenerated post content using our updated mobiledoc structure
- a switch from British to US English
2021-03-10 17:37:16 +00:00
Peter Zimon
30bc751237 Updated 'Powered by' badge ref to 4.0 repo 2021-03-10 16:02:00 +01:00
Peter Zimon
acf6e235c7 Updated squircle ref to 4.0 repo 2021-03-10 15:53:59 +01:00
Hannah Wolfe
44060d3515 Refined navigation default settings for 4.0
refs 2bba9989db

- Note: this will require new fixtures so that the navigation links actually work
- These updates are all in aid of getting the best possible default setup and onboarding experinence for new Ghost users
2021-03-10 10:42:21 +00:00
Hannah Wolfe
2bba9989db Updated default settings for 4.0
- With 4.0 we have a brand new version of Casper, new fixtures and new default settings
- This all comes from the marketing and design teams to refresh the look and feel of Ghost

Note on accent color:

This commit changes the default accent colour again.

The intention is that new sites should get #FF1A75 (pink) as their default.
Any existing sites that do not have an accent colour set yet, should get #15171A (black) on upgrading to 4.0.

These are different as they are different experinces. Fresh sites will be guided to pick a color, so
a bright color is more visible and helps to see what can be done, whilst existing sites get a muted
black, that should be a sensible fall back color.
2021-03-09 20:19:59 +00:00
Fabien 'egg' O'Carroll
15978689c0
Added default value to accent_color setting (#12743)
refs TryGhost/Team#535

We want to ensure that a site will always have a default value of
`'#15171A'` for the accent_color setting.

Since the boot process changed we have three cases to account for:

1. Setting does not exist
2. Setting exists with no value
3. Setting exists with a value

It is only in the case of 2. that we want the migration to update the
database with a default value.

In the case of 3. the site owner has already set a value, which we do
not want to override.

In the case of 1. the setting will be created (and populated with
default value) from the default-settings.json file, by the
populateDefaults method called from the settings service

We also update the accent_color setting to include a non-empty
validation, to ensure that the setting will always have a value, as
sites before 4.x may have an empty accent_color, we must update the
importer to set the default value if one is not present. Otherwise we
would run into validation errors and even if we didn't would have an
invalid database state.
2021-03-09 16:15:10 +00:00
Fabien 'egg' O'Carroll
52d1940460
Removed queries against information_schema (#12739)
no-issue

We were originally checking the state of the database, e.g. if a foreign
key constraint existed, so that we could conditionally act upon it. This
was to ensure that our migrations are idempotent.

Some database configurations, for example if you have many databases on
a single MySQL instance, would cause these information_schema queries to
take an exceptionally long time.

In order to speed up migrations, we instead attempt the action we want
to apply to the database, and then catch relevant errors to ensure the
migration is idempotent.

SQLite does not error when adding duplicate foreign or primary key
constraints, meaning that we must keep in pre-checks for these
operations, when running on SQLite

Co-authored-by: Daniel Lockyer <hi@daniellockyer.com>
2021-03-09 16:12:10 +00:00
Thibaut Patel
2eb5f19090 🐛 Fixed a foreign key to point to the right column
pr https://github.com/TryGhost/Ghost/pull/12713
2021-03-09 15:19:06 +01:00
Kevin Ansfield
cbbf5b4ad4
Fixed mobiledoc errors when upgrading from v1/v2 to v4 (#12741)
no issue

Upgrading from v1 or v2 can result in successful upgrades but with mobiledoc errors showing in the logs:

```
NAME: InternalServerError
MESSAGE: Mobiledoc card 'card-markdown' not found.
```

The errors do not signify a problem as long as the 4.0 migrations run because those rename the deprecated card before re-rendering.

- `@tryghost/kg-default-cards` dropped support for `card-markdown` cards. 4.0 migrations handled this by renaming all `card-markdown` cards to `markdown` before re-generating any content
- 2.0 and 3.0 also had migrations that re-generated content but they are run before the 4.0 card rename migration meaning that the mobiledoc renderer sees cards that it doesn't know about. The behaviour for unknown cards is to log an error and skip rendering of that card
- by NOOPing the 2.0 and 3.0 migrations we eliminate the incompatibility errors and reduce the amount of processing the upgrade needs to perform
2021-03-09 10:51:44 +00:00
Kevin Ansfield
021cfecb59
Fixed __GHOST_URL__ appearing in settings values after edit (#12738)
refs https://github.com/TryGhost/Ghost/pull/12736
refs https://github.com/TryGhost/Team/issues/467

knex's `parse()` method is only called on data when directly fetched from the db. This was causing problems when model instances are passed around via events for example because `.get('key')` will return data that was directly set on the model without having gone through the `parse()` transformations. The result of this inconsistency was settings appearing correct when Ghost started up but then being broken as soon as a setting was changed.

- moved absolute/relative->transform-ready URL transformations from the API input serializers to the model's `format()` method and replaced with a relative->absolute transform in API input serializers
    - results in consistency because `.get()` on a settings model will always return an URL
- removed transform-ready->absolute transforms from the API output serializers as that is now handled at the model-layer
2021-03-08 18:41:43 +00:00
Kevin Ansfield
28f0bc6bd2
Fixed settings images (cover_image, logo, etc) having wrong URL (#12736)
refs https://github.com/TryGhost/Team/issues/467
refs https://github.com/TryGhost/Ghost/pull/12731

- settings are mostly fetched directly from the settings cache rather than via the API so they aren't subject to the API-level output serializers that transform URLs meaning that URLs in the front-end ended up with raw `__GHOST_URL__` replacement strings
- added images to the Settings model's `parse()` method so they are transformed immediately when fetching from the database
2021-03-06 09:00:18 +00:00
Kevin Ansfield
a6f5eb71be
🏗 Changed internal URL storage format to use __GHOST_URL__ (#12731)
closes https://github.com/TryGhost/Team/issues/467

- switches to storing "transform-ready" URLs in the database
- transform-ready URLs contain a `__GHOST_URL__` placeholder that corresponds to the configured url that gives a few benefits
  - much faster and less memory intensive output transformations through not needing to parse html or markdown - the transform can be achieved using a straightforward regex find+replace
  - ability to change to/from or rename subdirectory without any manual updates to the database
- modified existing 4.0 url-transformation migration rather than adding another one and repeating the transformation on posts rows
2021-03-05 13:54:01 +00:00
Fabien O'Carroll
f03e1dd863 Excluded member events tables from site exports
refs https://github.com/TryGhost/Team/issues/525

We expect the member event tables to be large, and they contain what is
considered metadata. For this reason we do not want to include them in
the export of sites.
2021-03-05 11:41:00 +00:00
Rish
6594741c11 Cleaned member stats endpoints response
refs https://github.com/TryGhost/Team/issues/469

- Cleans up response format for mrr and volume stats endpoint to more consistent pattern
- Removes `unit` attribute for now as its not used
2021-03-05 16:39:12 +05:30
Hannah Wolfe
6f579331e1 Changed Config API response structure
refs: https://github.com/TryGhost/Team/issues/510

- Changed to return the full hostSettings key, not just the billing URL
- We are introducing several more settings that are needed by Admin including limits
- Passing the whole object makes this much easier to reason about as Admin has the exact same config as the server
2021-03-04 21:16:20 +00:00
Hannah Wolfe
d51fcd072e Added new member limit & removed old
refs: https://github.com/TryGhost/Team/issues/510

- The current member limit was implemented as a member-specific concept
- The new limit service is much more generic, here we are swapping old for new
- The updated concept here is blocking all publishing, not just email sending, when a site is over its member limit
- To determine that we are publishing a post, we must be in the model layer. The code has been moved to the permissible function which makes sense as this is a permissions error that we are throwing
- I've left the extra check for email retries in, in case there is some loophole here (but we may wish to change it)
2021-03-04 18:16:34 +00:00
Hannah Wolfe
e30b9735fa Added staff user limit
refs: https://github.com/TryGhost/Team/issues/510

- In the case that host config is provided, keep staff users within the limiti
- The definition of a staff user is a user with a role other than Contributor, and whose status is not inactive
   - Contributors don't count
   - Suspended (status inactive) users don't count
   - Locked users DO count
   - Invited users DO count
- You can't invite more staff users whilst there are pending invites
- You can't unsuspend a user, or change the role on a user in such a way as will take you over your limit
- You can't import staff users - all imported users are automatically set to Contributors
- As part of this work, we are changing the default Ghost user to a Contributor otherwise it uses up a staff user

Note: there is one known active bug with this commit.
- Assume you have one remaining user within your limit. You send an invite, this works.
- You cannot "resend" that invite, it will think you're sending a new invite and hit the limit
- You must "revoke" that invite first, and create a new one
- This bug exists because the resend function uses the add endpoint & does a delete+add, but this hits the permission check before the delete
2021-03-04 16:13:04 +00:00
Daniel Lockyer
4e18606942
Updated logging messages in migration commands
no issue

- by switching around the the columns and tables, it becomes a
  lot easier to read the log line in a natural order
2021-03-04 13:53:06 +00:00
Hannah Wolfe
26f56626ce Updated host config to correctly use camelCase
refs https://github.com/TryGhost/Team/issues/510

- When the host config was introduced it was incorrectly introduced as host_settings instead of hostSettings
- All other Ghost config uses camelCase, so changing this now before it becomes a problem
- Note: Also removed some rogue return awaits that don't make sense. It's not possible to hit that case, but cleaning up anyway
2021-03-04 11:39:32 +00:00
Naz
38fbfe0bde Added note about missing migration for itegration_id 2021-03-04 10:56:58 +01:00
Thibaut Patel
e52dc87b7c Added a foreign key from webhooks to integrations
issue https://github.com/TryGhost/Team/issues/477
2021-03-04 10:56:58 +01:00
Naz
9995ae3616 Added support for locale key in Admin Settings API
refs https://github.com/TryGhost/Team/issues/509

- Allows to update and read 'locale' key along with the deprecated 'lang'
- In Ghost v5 the 'lang' key will be dropped and the migration in settings table will clean up the key name to match the one exposed through the APIs
2021-03-04 21:20:46 +13:00
Naz
41c93f982d Added 'locale' property to public settings
refs https://github.com/TryGhost/Team/issues/509

- During 3.x we standardised on "lang" instead of "default_locale" for the site setting, which was an assumption based on an earlier change to @site.lang to make <html lang="@site.lang"> read nicer. This was a mistake as the field represents more than "lang" its a "locale". With this changeset we introduce a transition to use "locale" name for the value instead of "lang"
- Adds `@site.locale" value in as well as new 'locale' property in Content API's response
- "lang" will be considered as deprecated starting with API v4 and will be dropped completely with API v5
2021-03-04 16:00:02 +13:00
Naz
c2a3297f5d Restructured public settings cache hash
refs https://github.com/TryGhost/Team/issues/509

- Flipping around key/newKey pair allows to map multiple keys to the same field in the settings
- This becomes handy when there's a need to deprecate a field. For example, we are about to introduce a 'locale' setting which would need to map to 'lang' db key, with current structure it's impossible to have many:1 mapping because it's impossible to have duplicate keys in the JS object ("hash")
2021-03-04 15:24:08 +13:00
Naz
2e2d185087 Added note to webhooks.api_version column
refs https://github.com/TryGhost/Team/issues/513
refs https://github.com/TryGhost/Team/issues/477

- We have skipped work to improve the 'defaultTo' value when working on Ghost 4.0 release, so adding this comment while context loaded
-  defaultTo should not be set to anything as it leads to more maintenance work during major version bump
- having validation might make sense but could lead to similar maintenance work unless it's linked to some global nosion of "supported API versions" used everywhere
2021-03-04 13:09:31 +13:00
Naz
55e9ef957f Fixed typo 2021-03-04 11:27:31 +13:00
Naz
4778fce615 Reordered API exports to improve readability
refs https://github.com/TryGhost/Team/issues/513

- Having exports in no particular order was making it hard to spot if there's anything missing
- Having a DESC order on the exported API versions makes it very easy to modify and maintain in the future
2021-03-04 11:27:09 +13:00
Hannah Wolfe
edb626af18 Added custom integration feature limit
refs: https://github.com/TryGhost/Team/issues/510

- in the case that host config is provided, prevents the creation of custom integrations
2021-03-03 20:15:49 +00:00
Peter Zimon
a1aa18e5b2 Minor email copy updates 2021-03-03 17:42:28 +01:00
Peter Zimon
3064addcb5 Refined email template spacings 2021-03-03 17:34:35 +01:00
Peter Zimon
f71cc4e7b0 Updated email styles
- updated welcome, password reset and invitation email styles to match with 4.0 changes
2021-03-03 17:15:37 +01:00
Hannah Wolfe
b310666bda Added custom theme feature limit
refs: https://github.com/TryGhost/Team/issues/510

- in the case that host config is provided, limits Ghost to only permitting official themes to be installed and used
2021-03-03 14:25:19 +00:00
Hannah Wolfe
c7b843471f Added limit service
refs: https://github.com/TryGhost/Team/issues/510

- added and wired up the new limit service, which is a lazy-loaded service
- this handles the case that there are host limits set in config, and wraps all the logic needed for detecting exceeded limits & throwing limit errors
- expects limits to be set in config under `host_settings.limits`
- supported limits are managed in the limit service, outside of core
2021-03-03 13:43:05 +00:00
Peter Zimon
e0da433122 Added 'icon' to site API endpoint
- added 'icon' to site API response as Admin should access it on sign in screen
2021-03-03 13:49:44 +01:00
Thibaut Patel
126f9004b4 Updated a duplicate migration id
no issue
2021-03-03 10:45:21 +01:00
Thibaut Patel
8b7d7ba1f1 Fixed the add/drop foreign key on sqlite
issue https://github.com/TryGhost/Ghost/pull/12713
ref https://github.com/knex/knex/issues/4155
2021-03-03 10:35:10 +01:00
Thibaut Patel
0843ab6a37 Added 'on delete cascade' to several foreign keys in sqlite
issue https://github.com/TryGhost/Team/issues/476
blocked by https://github.com/TryGhost/Ghost/pull/12702
2021-03-03 10:35:10 +01:00
Fabien 'egg' O'Carroll
b7a092a24a
🐛 Stopped Ghost crashing when sending bulk emails (#12718)
refs https://github.com/TryGhost/Ghost/issues/12610
refs https://github.com/mailgun/mailgun-js-boland/blob/v0.22.0/lib/request.js#L285-L333

The mailgun domain is used by the mailgun API to construct the URL for
the API. e.g for a domain of "mg.example.com" the URL for the API
messages would look like:

https://api.mailgun.net/v3/mg.example.com/messages

One weird thing about the mailgun API is that if the path does not map
to an API endpoint, then instead of a 404, we get a 200, with a body of
"Mailgun Magnificent API".

The `mailgun-js` library which we use, expects a JSON response, and will
return a body of undefined if it does not get one.

This all resulted in us trying to read the property `id` of an undefined
`body` variable. The fix here is to reject the containing Promise, if
there is no body. So that the default error handling will kick in.
2021-03-03 09:34:44 +00:00
Naz
9fab028621 Added missing v4 API endpoints mount
refs ff6d31e08f
refs https://github.com/TryGhost/Team/issues/513

- The API was missing from the referenced commit when v3 was being extracted
2021-03-03 18:44:00 +13:00
Naz
b17a965c88 Switched members services to use v4 API
refs https://github.com/TryGhost/Team/issues/513

- Bumping version as this is now the latest stable API.
- The change might cause this particular side effect (acceptable for major version): if a member requests a login URL when the instance is on 3.x version and site owner upgrades do 4.x before member authenticates through login link, the login will fail and the member will have to request a new login URL.
2021-03-03 14:42:03 +13:00
Naz
e2f997d43b Fixed API version used to call mega's addEmail
refs d5cf0fc03e (diff-e36a1dec6b39d9ac36e1676236700e57b6f32d4e089c7183928b95b9c8daca4bL198)

- The changes was an overlooked version missmatch, should have been a 'canary' value
2021-03-03 13:16:25 +13:00
Thibaut Patel
874ccaef53 💡 Enabled foreign key checks on sqlite3
issue https://github.com/TryGhost/Team/issues/476
2021-03-02 11:13:19 +01:00
Thibaut Patel
c8af2d4a04 Added a foreign key in migration utils
no issue

- This makes it easy to add/remove foreign key in both mysql and sqlite
2021-03-02 11:13:19 +01:00
Kevin Ansfield
e177e7e1b5 Fixed analytics require error
refs a06064b115

- fixed incorrect path in require for base email analytics service
2021-03-02 08:26:42 +00:00
Kevin Ansfield
a06064b115 Fixed email analytics require error
refs https://github.com/TryGhost/Ghost/pull/12541
refs https://github.com/TryGhost/Ghost/pull/12689

- the analytics job had been switched to create it's own instance of EmailAnalyticsService to avoid requiring logging but the analytics extraction branch was created before this change and wasn't picked up when merging
- pulled `queries` option object into a separate file for re-use
- updated `fetchLatest` job to conform to extracted library interface
2021-03-02 08:22:11 +00:00
Kevin Ansfield
11802ebee0
Extracted email analytics library code to external packages (#12541)
closes https://github.com/TryGhost/Team/issues/493

- all functionality except that directly related to Ghost's database and business logic now lives in external packages
  - @tryghost/email-analytics-service
  - @tryghost/email-analytics-provider-mailgun
2021-03-02 07:26:33 +00:00
Naz
9a6bfd0e71 Switched default API version for JWT
refs https://github.com/TryGhost/Ghost/issues/12716

- This change is made to avoid using now deprecated 'v2' API anywhere in the codebase.
- Switching to 'v4' should not cause sideeffects as this parameter is always present within the URL when Admin API is used
2021-03-02 15:19:33 +13:00
Naz
b3542e9176 Added JSDocs to MEGA service
refs d5cf0fc03e

- Makes sure required `apiVerson` parameter in MEGA is visible and easy to discover
2021-03-02 14:32:43 +13:00
Naz
d5cf0fc03e Bumped MEGA related serialization code to use v4 API
refs https://github.com/TryGhost/Ghost/issues/12716

- The code in serializePostModel was broken and always defaulted to 'v3'!  It refered to non-existent `model.get('api_version')` there's no such field in posts model! Changed the implementation so that the API version is passed in as a parameter to the method instead
- The style of providing "defaults" everywhere creates a need for future maintenance when we bump the version e.g in Ghost v5. Maybe reworking these methods to require a passed version and throwing an error instead would be more maintainable long-term?
2021-03-02 14:31:01 +13:00
Naz
72f25a7099 Bumped webhook API defaults to v4
refs https://github.com/TryGhost/Ghost/issues/12716

- The default API in Ghost v4 will be `'v4'`. When a new webhook is created or any data passes through serialization it should assume `v4` as a fallback if not specified.
2021-03-02 12:31:52 +13:00
Fabien O'Carroll
24afc5d4ff Fixed status code for unauthenticated requests
refs https://github.com/TryGhost/Team/issues/498

Requests to fetch the data of the logged in member made without a
session cookie were responsing with 400 Bad Request. This was incorrect
and always should have been a 401 Unauthorized.
2021-03-01 16:19:28 +00:00
Fabien O'Carroll
41d9610aef Removed warning logging from members 'middleware'
refs https://github.com/TryGhost/Team/issues/498

This was filling up logs with less than useful information - for every
single request made by a non-member to the frontend. Be gone!
2021-03-01 16:05:34 +00:00
Fabien O'Carroll
d8fa54024b Fixed migrations to 4.x from 1.x
no-issue

The slack setting in 1.x did not have a `username` property. When
updating from 1.x, the migration to move the slack setting from a JSON
blob to two individual settings, would assume that the setting in the
database would have a value for the `username` property. This resulted
in errors on SQLite "sqlite does not support inserting default values."

The fix here is to add defaults when reading from the database, meaning
that we will _never_ attempt to insert `undefined`
2021-03-01 15:41:02 +00:00
Fabien 'egg' O'Carroll
3b6c55ec53
Remove orphaned Stripe data from SQLite (#12704)
refs https://github.com/TryGhost/Team/issues/476

* Moved paid subscription events population migration

This migration relies on the members_stripe_customers and
members_stripe_customer_subscriptions tables having no orphaned records
in order for it to correcly generate its data.

The migration to clean up orphaned records in those tables has not been
implemented yet, moving this migration free's up the "14" slot

* Removed orphaned stripe data from SQLite3

SQLite databases do not handle removing orphaned stripe records after a
member has been deleted. Our migration to populate the paid subscription
events relies on each customer and subscription being associated with a
member.
2021-03-01 14:32:49 +00:00
Fabien O'Carroll
68008baf0e 🐛 Fixed email permissions for all roles
refs https://github.com/TryGhost/Team/issues/494

The migrations in 3.1.0 which added email permissions did not add those
permissions to the roles. This means that whilst we have the permissions
in the database, only the Owner role could use any of them.

This migration ensures that the email related permissions are added to
the correct roles.
2021-03-01 13:17:43 +00:00
Thibaut Patel
4a939054ba Added a primary key to the brute table
issue https://github.com/TryGhost/Team/issues/267
2021-03-01 12:17:26 +01:00
Thibaut Patel
d7f432af0d Added an utility to add a primary key to a table
issue https://github.com/TryGhost/Team/issues/267
2021-03-01 12:17:26 +01:00
Fabien O'Carroll
3eb8b91a6b Fixed paid flag on members
refs https://github.com/TryGhost/Ghost/issues/12602

As part of the member events, we added a third status of 'comped'.
Members with a status of 'comped' should still be considered paid, so
this fixes the definition of the paid flag to take that into account.
2021-02-25 14:26:41 +00:00
Hannah Wolfe
7f29bbff8a Removed unused add/edit methods from integrations
refs 17feb14e4a

- The original commit adding this intended to add transactions, following the pattern of always forcing a transaction when we use bookshelf-relations
- (We use bookshelf-relations here because integrations have api-keys and webhooks associated wtih them and we upsert as one)
- These add and edit methods were inadvertently added to the wrong argument object/section of bookshelf (really fucking easily done, one day we will fix bookshelf so its easier to work with)
- Bottom line: these methods have never been called
- I tried moving them to the right section, but this created test failures throughout our acceptance tests:
   - Error: Transaction query already complete, run with DEBUG=knex:tx for more info
- This is likely because we need to account for integrations being used as part of the auth step in the before part of tests
- In terms of yak-shaving, fixing these tests is one step too far right now. I think not having this code here at all is a better state than having it look like it works when it doesn't
2021-02-25 10:48:05 +00:00
Fabien 'egg' O'Carroll
714e081efc
Removed hardcoded currency symbols (#12700)
refs https://github.com/TryGhost/Team/issues/473
refs https://github.com/TryGhost/Admin/commit/638e5027

We no longer want to maintain a list of currency symbols now that we support 100+ currencies,
so we will be relying on the `{{price}}` helper in themes and `Intl.NumberFormat` elsewhere.
2021-02-25 09:49:07 +00:00
Daniel Lockyer
0db07b57a0 Wrapped analytics tracker in try-catch
no issue

- the analytice-node v4 update contains a breaking change that throws an
  exception if the message is over 32kb
- I'm pretty sure we won't hit this, but it's good to track these errors
  anyway and stop Ghost from bombing out if there's an issue
- this commit wraps the tracking call and adds Sentry + logging to the
  error
2021-02-24 15:57:38 +00:00
Naz
1e3fc8b532 Fixed typos connnection -> connection 2021-02-24 12:04:53 +13:00
Thibaut Patel
da7859c5e7 🐛 Fixed ENOTFOUND error handling on NodeJS >=13
no issue
2021-02-23 19:37:03 +01:00
Kevin Ansfield
722825055f
Added posts html regeneration migration (#12660)
refs https://github.com/TryGhost/Team/issues/467
refs https://github.com/TryGhost/Team/issues/221

- we've introduced backwards-compatible changes to rendering in 3.0 such as srcset and sizes which will only have taken effect on posts created or edited since the changes were made
- 4.0 brings additional changes such as image card width/height
- re-generating the `html` field of all posts from the `mobiledoc` brings all content up to latest rendering output
2021-02-23 17:32:07 +00:00
Thibaut Patel
73d443e0ca Added a v4 alias to canary in the api module.
issue https://github.com/TryGhost/Team/issues/221
2021-02-23 15:47:28 +01:00
Fabien O'Carroll
b5e85c55dc Added limit option to /members/events API
refs https://github.com/TryGhost/Team/issues/469

The initial implementation was just to get us going with the dashboard
but the requirements have changed now, rather than updating the code we
allow to pass the `limit` options so the Admin can choose how many
events to display.
2021-02-23 12:38:46 +00:00
Hannah Wolfe
3373b5bbd1 Cleaned up use of express in ghost-server
- There is now one true way to start Ghost - you create a server, and then call start with an express app
- We may well expand this again to improve testing pathways in future, but it will be done with a bit more clarity about expectations
2021-02-23 12:33:00 +00:00
Thibaut Patel
5b72b20d1e Update the migration number for orphaned webhooks
no issue
2021-02-23 10:46:33 +01:00
Thibaut Patel
2250cd79e1 💡 Resolve orphaned webhooks
issue https://github.com/TryGhost/Ghost/issues/12567
2021-02-23 10:14:34 +01:00
Kevin Ansfield
08e1268aed
Added migration to remove surrounding <> in email_batches.provider_id (#12673)
refs https://github.com/TryGhost/Team/issues/221#issuecomment-759105424

- Mailgun responds to an email send with a provider id in the format `<x@y.com>` but everywhere else it's used in their API it uses the format `x@y.com`
- updates email batch save to strip the brackets, and migration removes brackets from existing records so we no longer have to add special handling for the stored id any time we use it
2021-02-23 08:48:21 +00:00
Kevin Ansfield
95105836aa
Removed logging require in db/connection.js (#12690)
refs https://github.com/TryGhost/Ghost/issues/12496

- having the logging require here means that workers wanting to use the db are unable to do so without requiring logging as a side-effect
- `connection.loggingHook` does not appear to be widely used for anything outside of specific debugging scenarios when using MySQL so it should be safe to disable until a proper fix is found for workers+logging leaking file descriptors
2021-02-22 12:58:57 +00:00
Kevin Ansfield
42e452b127
Removed models require from analytics job (#12689)
refs https://github.com/TryGhost/Ghost/issues/12496

By requiring the models layer the shared logging util was being required as a side-effect causing the open file descriptors problem to continue. Removing logging from the models layer isn't feasible due to deep require chains spreading across the codebase, it's much quicker to remove the need for models in the analytics job.

- models layer was only needed because it's used by the session service
- updated analytics job to create it's own instance of `EmailAnalyticsService` rather than the default instance in order to pass in custom dependencies
- pass in custom `logging` object that uses `parentPort.postMessage` as a way of writing log output
- pass in custom `settings` object that returns settings that have been manually fetched and cached during job instantiation
2021-02-22 12:10:19 +00:00
Rish
0620ff6ae0 Added new browse email endpoint
refs https://github.com/TryGhost/Ghost/issues/12633

Adds new `browse` endpoint for emails that allows Admin to check performance of newsletters over time and show stats on dashboard as primary usecase
2021-02-22 13:55:20 +05:30
Naz
12a1c60424 Added custom worker message handler
refs https://github.com/TryGhost/Ghost/issues/12496

- Handling logging in the main thread avoids file handle leaks which happen due to leaky implementation of bunyan logger (see referenced issue for more context)
- Bumped job-manager version to allow for `workerMessageHandler` callback funciton
2021-02-22 20:02:00 +13:00
Naz
8a718ca99a Migrated jobs to use parentPort.postMessage
refs https://github.com/TryGhost/Ghost/issues/12496

- Using ghost-ignition logging caused file handle leaks. As there is no straight-forward way to handle write streams with bunyan (ghost-ignition's underlying logging library) this method of logging was chosen as an alternative to keep the amount of open file handles to minimum
- The follow up changes will include custom formatter for jobs service which should make logging match the same format  as has been used inside the jobs
2021-02-22 20:02:00 +13:00
Naz
adebca422f Made addUnique/dropUnique migration utils idempodent
refs https://github.com/TryGhost/Ghost/pull/12598

- This changeset adds idepmotence to situations where unique contraint has to be dropped or added to the table
- Note '4.0/07-alter-unique-constraint-for-posts-slug.js` was migration that was effected by lack of idempotence
2021-02-22 16:13:28 +13:00
Naz
ce50653f89 Removed "object" as a valid value for settings type
refs https://github.com/TryGhost/Ghost/issues/10318

- Storing JSON object in settings has caused multiple bugs in the past and was considered an antipattern
- This is a last bit in the long process of getting rid of "object" settings in the database. At this point there should be no settings with this type. Yey!
2021-02-22 13:23:03 +13:00
Hannah Wolfe
176433e307 Refactored notify to send started + ready
- In the old boot the server wasn't started til we were ready
- In new boot, we start the server immediately and send the old started event
- Then, when we are ready to accept some traffic, we send a ready event
- At the moment, ready isn't quite sent at the right time:
   - It _should_ be when we're ready to serve real traffic, not just send 503s
   - This is after the URL generation has finished
   - But this requires more refactoring work :(
   - So for now we send when everything else is ready
- This really needs some tests
2021-02-19 20:42:10 +00:00
Hannah Wolfe
2527efd6fc Moved notify out of GhostServer
- make this a standalone module
2021-02-19 20:22:56 +00:00
Hannah Wolfe
b65cb7bd7b Renamed announceServerReadiness to notifyServerStarted
- Notify is a more familiar name e.g. systemd has the sd_notify system which this is similar to
- We're actually announcing the server started, it's not actually ready for traffic (will serve 503s)
2021-02-19 20:11:35 +00:00
Hannah Wolfe
b1a98b0b67 Cleaned up global server events
- use theme.ready for loading themes instead of server.start and properly clean this up
- remove server.start and server.stop as they are no longer used (only server.start was used, and only for themes)
- we're moving away from the pattern of using global events like this as they are hard to reason about
2021-02-19 15:21:58 +00:00
Hannah Wolfe
d150516ec3 Improved readability of ghost server and boot
- removed some unused code I added preivously
- refactored boot logging into a mini class for readability
2021-02-19 15:04:55 +00:00
Hannah Wolfe
481e2425af Finalised new boot process
- This commit removes the old boot process and any files that are no longer needed as a result
- Remove the duplicate event for triggering inactive themes to load
- Tidied up a few other bits
2021-02-19 13:15:12 +00:00
Thibaut Patel
9e93ed7ef0 Adding sentry logging to all ping errors
issue TryGhost/Team#362
2021-02-19 14:00:50 +01:00
Thibaut Patel
6e58846c94 Added sentry logging to 429 ping errors
issue https://github.com/TryGhost/Team/issues/362
2021-02-18 19:21:15 +01:00
Daniel Lockyer
a2dd7c7f7d
Unified migration logging styles
no issue

- all migrations should contain a logging message
- info for successful things, or warn if we deviated from what was
  expected for some reason
- also added some spacing to make them easier to read
2021-02-18 17:35:32 +00:00
Daniel Lockyer
bf960bcecb
Fixed typo in migration message
no issue

- simple rewording to clean up the message
2021-02-18 17:05:00 +00:00
Kevin Ansfield
c7a29b4e7c
🐛 Fixed unexpected members-only content appearing in excerpt field (#12670)
closes https://github.com/TryGhost/Team/issues/468

- updated post-gating
  - clears excerpt if there's no access
  - rebuilds excerpt from free preview if paywall card is used and there's no custom excerpt
2021-02-18 14:12:06 +00:00
Rish
6d2b731379 Fixed member status events query
refs https://github.com/TryGhost/Ghost/issues/12602

- Adds aggregate option to permitted options
- Cleans up SQL query to fetch delta values
2021-02-18 18:11:50 +05:30
Fabien 'egg' O'Carroll
7abc6ac705
Added initial member events timeline API (#12661)
refs https://github.com/TryGhost/Ghost/issues/12633

Allows us to show a list of recent member events for the site dashboard
2021-02-18 11:52:18 +00:00
Kevin Ansfield
2c96df42ac
Added paywall card to mark end of free content preview (#12663)
closes https://github.com/TryGhost/Team/issues/466

- upgraded kg-default-cards to include paywall card
- extracted `htmlToPlaintext` from post model to shared util for re-use
- updated post-gating to set html+plaintext to the free preview if a paywall card has been used
  - re-generates plaintext from the truncated html using `htmlToPlaintext` util
- display free content in the `{{content}}` helper via the default CTA template
2021-02-17 23:00:26 +00:00
Naz
abb8c1df74 Updated unsplash setting migration to be idempotent
refs https://github.com/TryGhost/Ghost/issues/10318

- Previous version of migration was not following the idempotence rule of migrations
2021-02-18 10:55:59 +13:00
Naz
e0cc314f91 Removed duplicate migration
no issue

- The migration didn't want to go away after rebases combined with renames
2021-02-18 10:55:59 +13:00
Fabien O'Carroll
7785fb6dc5 Refactored usage of pre v4 "unsplash" setting format
refs https://github.com/TryGhost/Ghost/issues/10318

- API changes introduced:

canary/v4 Admin API
GET /settings/ (browse)

+ "unsplash" present in response as boolean value

GET /settings/:settingName (read)

+ "unsplash" present in response as boolean value

PUT /settings/ (edit)

+ "unsplash" updates setting, accepts ONLY  boolean format

v3  Admin API
GET /settings/ (browse)

+ "unsplash" present in response with object value

GET /settings/:settingName (read)

+ "unsplash" present in response with object value

PUT /settings/ (edit)

+ "unsplash" updates setting, accepts either boolean or object formats

v2 Admin API
GET /settings/ (browse)

+ "unsplash" present in response with object value

GET /settings/:settingName (read)

+ "unsplash" present in response with object value

PUT /settings/ (edit)

+ "unsplash" updates setting, accepts object format
2021-02-18 10:55:59 +13:00
Fabien O'Carroll
9cb069eb8e 🏗 Updated "unsplash" setting handling to match updated format
refs https://github.com/TryGhost/Ghost/issues/10318

- JSON object format used in previous "unsplash" setting was considered an
anti-pattern. Flat structure was extracted out of the "unsplash.isActive" JSON.
- The naming convention uses `amp` as  a precedent (https://github.com/TryGhost/Team/issues/331#issuecomment-658815017)
2021-02-18 10:55:59 +13:00
Naz
0097f2037c Fixed slack setting migration to follow idempotance rule
refs https://github.com/TryGhost/Ghost/pull/12631

- Initialy writen migration would break if executed twice
- Also accounted for situation if only part of the migration executed leaving only one of the values migrated
2021-02-18 10:55:32 +13:00
Hannah Wolfe
a0bdba2516 Added theme preview mode
- Allow the frontend to accept post messages to generate previews of the frontend
- Created a new endpoint in admin we can use to render these previews, which is possibly not necessary
- Supports a limited group of settings, which can easily be expanded, but care should be taken if expanding to use user-provided strings
2021-02-17 13:49:41 +00:00
Naz
d0e0760dae Hardcoded labs to always return members:true
refs https://github.com/TryGhost/Ghost/issues/10318

- Because members is effectively "enabled" by default starting Ghost 4.0 have hardcoded labs setting to be such. The alternative of removing this key from labs would be equivalent to `labs.members === false` which is undesireable and would mean additional work on theme developer's side.
2021-02-17 19:55:16 +13:00
Naz
37ef40b46e Dropped support for labs setting parameter
refs https://github.com/TryGhost/Ghost/issues/10318

- `labs` setting is dropped from setting values as the use of JSON objec
to sore settings has been deprecated
- `labs` setting is no longer accepted as a paramter in the Settings API nor the
impoprter. The value is ignored if present in the POST/PUT requests and
returns 404 in case it is requested by key at `GET /settings/:key`
2021-02-17 19:55:16 +13:00
Naz
ea6d656457 🏗 Removed labs from setting
refs https://github.com/TryGhost/Team/issues/332

- The last value that has been used in the code was "members"
- By default members will be always "on" starting Ghost 4.0, so there's no need for this flag anymore
- Therefore there's no real need to keep "labs" around
2021-02-17 19:55:16 +13:00
Thibaut Patel
58be6d23db Split the "Too many requests" error in ping service
issue https://github.com/TryGhost/Team/issues/362
2021-02-17 13:18:45 +13:00
Kevin Ansfield
cabf718ae1
Added migration to transform all post content urls from absolute to relative (#12658)
refs https://github.com/TryGhost/Team/issues/467
refs https://github.com/TryGhost/Team/issues/221

- we added robust url transformation in Ghost 3.0 which ensures newly created or edited content is stored with relative URLs in the database
- this migration loops over all posts (and posts_meta) in the database performing the absolute->relative transformation to normalise data for old posts
2021-02-16 19:00:04 +00:00
Fabien O'Carroll
037b2ce761 Renamed migration to fill 01
no-issue
2021-02-16 18:19:09 +00:00
Fabien O'Carroll
87471fd5c6 Revert "Updated plan_nickname column to be nullable"
This reverts commit 5d122c3c62.
2021-02-16 18:19:09 +00:00
Fabien 'egg' O'Carroll
27b9e4ae04
Added member relation to events (#12656)
refs https://github.com/TryGhost/Ghost/issues/12602

When listing site-wide event, we want to include member information so
that we can contextualise the event when displaying it.
2021-02-16 16:14:20 +00:00
Kevin Ansfield
3dfbb6296b Fixed duplicate migration number 17 2021-02-16 12:33:24 +00:00
KiraLT
ba1ffb7b5f
🐛 Fixed EADDRINUSE error handling on NodeJS >=13 (#12591)
closes https://github.com/TryGhost/Ghost#12562

- From NodeJS v13 `error.errno` returns error code instead of a string. Because  of that use friendly "port is already in use" message did not work anymore. 
- Changed to use `error.code` which acts the same way as `error.errno` in older NodeJS versions.
2021-02-16 12:26:06 +00:00
Kevin Ansfield
66fe678cb7
Added 4.0 mobiledoc update migration (#12648)
refs https://github.com/TryGhost/Ghost/issues/12646

- adds `ghostVersion` property to mobiledoc of all posts so that we can pin the rendering output of existing content to protect against future breaking changes
- cleans any deprecated markdown card names from old Ghost 1.0 content
- cleans up HR cards that had an [accidental payload added](610d801bcf)
2021-02-16 12:13:30 +00:00
Kevin Ansfield
2d091fa8f9 Set mobiledoc.ghostVersion: '3.0' if missing on imported content
refs https://github.com/TryGhost/Ghost/issues/12646

- if the version is missing then the content was created before Ghost 4.0
- setting the version to `'3.0'` means it will continue to use the same rendering output so there are no unexpected breaking changes when migrating content
2021-02-16 12:08:40 +00:00
Fabien 'egg' O'Carroll
f4cb5c57c6
Updated members_status_events table (#12647)
refs https://github.com/TryGhost/Ghost/issues/12602

* Updated members_status_events table

By replacing the `status` column with a `from_status` and `to_status`
column, we are able to track the changes between multiple statuses
easier, and accumulate the data. e.g. the delta of paid members in a
given time range is the sum of the `to_status` columns set to 'paid'
minus the sum of the `from_status` columns set to 'paid' within that
time range

* Updated MEGA to handle addition of 'comped' status

With the addition of the 'comped' status, we need to ensure that MEGA
will still send emails to the correct recipients. I've opted to use an
"inverse" filter, as that is the intention of the free/paid split in
MEGA - as far as MEGA is concerned, "free" is the opposite of "paid"

* Updated customQuery for MemberStatusEvent

With the `status` column replaced with `from_status` and `to_status`
this allows us to fix and update the customQuery to correctly accumulate
the data into deltas over time, broken down by day.

* Populated members_status_events table

As the table will be used to generate deltas, we need to backfill the
data so that existing sites will be able to sum up the deltas and
calculate correct data.

The assumptions used in backfilling is that a Member's current status,
is their only status.
2021-02-16 10:38:36 +00:00
Fabien 'egg' O'Carroll
da9cd3b9d6
Updated status population to handle comped status (#12651)
refs https://github.com/TryGhost/Ghost/issues/12602

As part of collecting Member event data, we have added a third status
for members "comped" - this fixes the population of the column to handle
this
2021-02-16 10:37:06 +00:00
Rish
964fe222be Fixed incorrect volume delta selection in query
refs https://github.com/TryGhost/Ghost/issues/12602

The gross volume aggregate query was incorrectly naming the selected `SUM(amount)` value as `gross_volume` instead of expected `volume_delta`
2021-02-16 11:18:58 +05:30
Rish
0719b0618c Added new members stats endpoints
refs https://github.com/TryGhost/Ghost/issues/12633

Adds new stats endpoints for showing member dashboard, which fetches aggregate date over member events tables to form relevant datasets -

- Adds new endpoint for tracking MRR of site over time - `/members/stats/mrr`
- Adds new endpoint for tracking subscribers on site over time - `/members/stats/subscribers`
- Adds new endpoint for tracking gross volume of site over time - `/members/stats/gross_volume`
- Adds new endpoint for tracking member count on site over time - `/members/stats/count`
2021-02-16 11:18:58 +05:30
Hannah Wolfe
e0354ea5a0 Fixed attempts to stop server that isn't listening
- if our http server isn't listening yet, stop will throw an error
- also changeded the stopServer code to prefer a more readable syntax
2021-02-15 19:17:25 +00:00
Kevin Ansfield
ef76279084 Added mobiledoc.ghostVersion to blank mobiledoc document
refs https://github.com/TryGhost/Ghost/issues/12646

- when a blank mobiledoc document is created, ensure the correct Ghost version is added so content output is pinned to the version of Ghost that created it
2021-02-15 18:10:56 +00:00
Hannah Wolfe
21bea79848 Fixed inactive themes not loading [WIP]
- Currently the new boot process breaks the loading of inactive themes because the theme loader event isn't wired until after the server.start event is fired
- This is a WIP fix, there needs to be some bigger refactoring of the boot process once the old process is gone
2021-02-15 17:19:21 +00:00
Kevin Ansfield
70486ccb4e
Updated importer to transform 'card-markdown' to 'markdown' (#12650)
refs https://github.com/TryGhost/Ghost/issues/12646

- `card-markdown` support is being removed from the default mobiledoc cards so we need to make sure imported content doesn't fail
- removed long-unused `cardName` payload property from tests
2021-02-15 16:42:01 +00:00
Fabien O'Carroll
8880cc82c7 Refactored usage of the pre v4 "slack" setting
refs https://github.com/TryGhost/Ghost/issues/10318

- Change/compatibility table for this changeset:

Importer

+ "slack_username"  import
- "slack_url" ignore
+ "slack.username" import
- "slack.url" ignore

v3 & canary/v4 Admin APIs
GET /settings/ (browse)

+ "slack_username" present in response
+ "slack_url" present in response
+ "slack" present in response

GET /settings/:settingName (read)

+ "slack_username" present in response
+ "slack_url" present in response
+ "slack" present in response

PUT /settings/ (edit)

+ "slack_username" updates setting
+ "slack_url" updates setting
+ "slack" !NOTE! updates setting unless "slack_username" or "slack_ur"l are set (updated keys take priority)

v2 Admin API
GET /settings/ (browse)

- "slack_username" NOT present in response
- "slack_url" NOT present in response
+ "slack" present in response

GET /settings/:settingName (read)

- "slack_username" ignored (404)
- "slack_url" ignored (404)
- "slack" present in response

PUT /settings/ (edit)

- "slack_username" ignored (no error)
- "slack_url" ignored (no error)
+ "slack" updates setting
2021-02-15 15:25:54 +13:00
Fabien O'Carroll
12c28fe66e 🏗 Updated "slack" setting into "slack_{url,username}"
refs https://github.com/TryGhost/Ghost/issues/10318

- Object format used in previous "slack" setting was considered an
anti-pattern. Flag structure of separate slack_url and slack_username
values was extracted out of the "slack" JSON.
2021-02-15 15:25:54 +13:00
Fabien O'Carroll
b5c1b9e4fa Added customQuery for MemberStatusEvent
refs https://github.com/TryGhost/Ghost/issues/12602

This allows us to build up a count of member statuses over time
2021-02-12 16:38:57 +00:00
Rishabh Garg
1d281581eb
Updated members_email_change_events to store previous email (#12641)
refs https://github.com/TryGhost/Ghost/issues/12602

As we only want to add events for when an email is changed, we need to store the previous email if we want a complete log of all emails for a member
2021-02-12 16:15:31 +00:00
Thibaut Patel
2f547b2974 Added the frontmatter column to meta
issue https://github.com/TryGhost/Team/issues/452
2021-02-12 15:31:04 +01:00
Fabien O'Carroll
905421b774 Populated members_paid_subscription_events table
refs https://github.com/TryGhost/Ghost/issues/12602

By backfilling the data, we allow exisiting sites to view their MRR over
time
2021-02-12 13:55:14 +00:00
Fabien O'Carroll
7cf0252392 Added MemberPaidSubscriptionEvent model
refs https://github.com/TryGhost/Ghost/issues/12602

- Adds the aggregateMRRDeltas option to the `findAll` method,
allowing us to calculate MRR over time
2021-02-12 13:55:14 +00:00
Fabien O'Carroll
a68d037cef Added MemberEmailChangeEvent model
refs https://github.com/TryGhost/Ghost/issues/12602
2021-02-12 13:55:14 +00:00
Fabien O'Carroll
8e7d11ce40 Added MemberLoginEvent model
refs https://github.com/TryGhost/Ghost/issues/12602
2021-02-12 13:55:14 +00:00
Fabien O'Carroll
a8ee271336 Added MemberPaymentEvent model
refs https://github.com/TryGhost/Ghost/issues/12602

- Adds the aggregatePaymentVolume option to the `findAll` method,
allowing us to calculate volume over time
2021-02-12 13:55:14 +00:00
Fabien O'Carroll
1af6be63f0 Added MemberStatusEvent model
refs https://github.com/TryGhost/Ghost/issues/12602
2021-02-12 13:55:14 +00:00
Kevin Ansfield
3e228072ba
Added ability to install themes directly from GitHub (#12635)
refs https://github.com/TryGhost/Ghost/issues/12608

- adds `admin/canary/themes/install` endpoint to the Admin API
  - requires two query params. `source` must be set to "github". `ref` should refer to a GitHub repo in the format "{org}/{repo}"
  - downloads zip archive for the repo from github
  - runs downloaded zip through the same process as uploaded zips
2021-02-12 09:19:17 +00:00
Fabien 'egg' O'Carroll
f745fa7621
Updated members_paid_subscription_events table (#12636)
refs https://github.com/TryGhost/Ghost/issues/12602

This allows us to store the stripe_id of the subscription events
2021-02-11 12:45:18 +00:00
Fabien O'Carroll
5624e14b1b Renamed duplicate migration
no-issue
2021-02-11 11:02:18 +00:00
Fabien 'egg' O'Carroll
601d135b43
Added members event tables (#12618)
refs https://github.com/TryGhost/Ghost/issues/12602

* Added members_payment_events table

This table will store successful and unsuccessful payment attempts, and
can be used to calculate gross volume over time.

* Added members_login_events table

This table can be used to audit member logins

* Added members_email_change_events table

This table will allow us to store a history of email addresses associated with a member

* Added members_status_events table

This table will allow us to track the change in status over time for members, as well
as calculate aggregates over time, e.g. paid members over time

* Added members_paid_subscription_events

This table will allow us to track subscriptions changes for members, as well as 
calculating MRR over time
2021-02-11 10:54:30 +00:00
Fabien O'Carroll
4dd1423026 Added missing semicolon
no-issue
2021-02-10 10:14:29 +00:00
Fabien O'Carroll
9a142cd906 Added aggregateSubscriptionDeltas to permitted options
no-issue

This was missing from https://github.com/TryGhost/Ghost/commit/1dc6fdc.
Without it the option will never be passed into the customQuery method.
2021-02-10 10:06:06 +00:00
Naz
864fcd8a0c Removed settings populateDefaults pre-migration
refs https://github.com/TryGhost/Ghost/issues/12568
refs 5fbc40430b

- Having populateDefaults run before migrations creates a chicken and egg problem where populate defaults can create records that are "non-migratable" as happened in https://github.com/TryGhost/Ghost/issues/12026
2021-02-10 10:34:08 +13:00
Sanne de Vries
67b1745bcb Fixed bug for newsletter bookmarks without author displaying redundant separator 2021-02-09 09:35:45 +01:00
Naz
e0178099a2 🏗 Altered slug unique constraint in posts table
refs https://github.com/TryGhost/Ghost/issues/12567

- Changing unique constraint from slug to slug+type should allow for posts and pages to be created with the same slug
- The constraint will be present on application layer for API v4 while we figure out how to deal with it in API v5
2021-02-09 13:31:12 +13:00
Sanne de Vries
118ceae29c Fixed gmail bug for newsletter bookmark cards not displaying correctly 2021-02-08 16:49:13 +01:00
Hannah Wolfe
0b79abf5b2 Added new, simpler, linear boot process
Background:
- Ghosts existing boot process is split across multiple files, has affordances for outdated ways of running Ghost and is generally non-linear making it nigh-impossible to follow
- The web of dependencies that are loaded on boot are also impossible to unpick, which makes it really hard to decouple Ghost
- With 4.0 we want to introduce a new, linear, simpler, clearer way to boot up Ghost to unlock decoupling Ghost into much smaller pieces

This commit:
- adds a new ghost.js file which switches between boot mode with `node index` or `node index old` so that if we find bugs we can work around them this week
   - Note: the old boot process will go away very soon, but ghost.js will remain as the interface between the command to start Ghost and the application code
- reworks the database migration process into a standalone utility, so that the DB is handled as one simple step of the boot process, decoupled from everything else
- is missing tests for this new db utility
- leaves a lot of work to do around loading core code, services, express apps in a sensible order, as work to fix this would start to break the old boot process
- doesn't use the new maintenance app because we aren't restarting the server here, instead we have the concept of a "core app" that starts in maintenance mode - need to think about how apps will be decoupled in the near future
2021-02-08 11:56:44 +00:00
Fabien O'Carroll
93b1035df5 🐛 Fixed Member model removing labels when unset
closes https://github.com/TryGhost/Ghost/issues/12600

The bookshelf-relations plugin which we use will **remove** all
relations when they are set to an empty array, but will leave them alone
if it's set to undefined.

Our logic to deduplicate uppercase & lowercase version of the same label
was in advertently always setting the labels to an array, but when the
model was saved without passing the labels, this array would be empty.

Here we've added a check which will skip all label handling, if there
are no labels set.
2021-02-08 09:39:46 +00:00
Naz
47843bbfe9 Refactored migration to use transactional utility 2021-02-08 12:25:52 +13:00
Naz
d254a697b9 🏗 Cleanedup app-related settings
refs https://github.com/TryGhost/Ghost/issues/12565
refs f74d459dad

- These fields should have been cleaned up as a result of changed done in referenced commit
2021-02-08 12:25:52 +13:00
Naz
7e7a94def3 Added a note to locale columns
refs https://github.com/TryGhost/Ghost/pull/12599

- These columns are reserved for future features and should not be dropped.
2021-02-08 12:09:23 +13:00
Hannah Wolfe
2b3c00ac32 Changed exit codes to be > 0
ref: https://tldp.org/LDP/abs/html/exitcodes.html

- exit codes being -1 is a mistake that got perpetuated, should be 1 or greater
- for now, just use 1
2021-02-05 20:13:50 +00:00
Fabien O'Carroll
1dc6fdcd66 Added customQuery to handle subscribed aggregates
refs https://github.com/TryGhost/Ghost/issues/12602

In order to build up a list of un/subscribes over time we have to use
the customQuery functionality to run SQL aggregates - this is "hidden"
behind an option, so that we can find{All,Page} as usual.
2021-02-05 16:02:08 +00:00
Fabien O'Carroll
3dbc7ef5b4 Passed MemberSubscribeEvent to members-api
refs https://github.com/TryGhost/Ghost/issues/12602

This allows the Members module to create MemberSubscribeEvents when
appropriate
2021-02-05 16:02:08 +00:00
Fabien O'Carroll
5aab41931f Added skeleton MemberSubscribeEvent model
refs https://github.com/TryGhost/Ghost/issues/12602

Member Events in general are read-only after they've been created, so
we've explicitly disallowed destroying and editing via the model
2021-02-05 16:02:08 +00:00
Fabien O'Carroll
065bbaeafa Populated members_subscribe_events table
refs https://github.com/TryGhost/Ghost/issues/12602

This allows us to backfill the data for testing purposes as well as for
use by existing sites. The mechanism for determining the date of an
unsubscribe event is crude, we use the date of the last update, which we
might expect to be _sometimes_ correct, but not always. We store the
`source` as NULL for unsubscribes as we cannot determine that with any
certainty whatsoever.
2021-02-05 16:02:08 +00:00
Fabien O'Carroll
e39644bd2d Added members_subscribe_events table
refs https://github.com/TryGhost/Ghost/issues/12602
2021-02-05 16:02:08 +00:00
Fabien O'Carroll
873d21d975 Updated addTable util to take optional tableSpec
no-issue

Migrations should contain all the necessary information rather than
relying on external data
2021-02-05 16:02:08 +00:00
Hannah Wolfe
256b77b0e4 Moved sqlite3 override rules to db connection lib
- We have an already established location for special rules based on db client
- Removes the need to require config inside of overrides
2021-02-05 11:51:56 +00:00
Hannah Wolfe
f6a7abdf5a Removed oembed-parser from overrides
- oembed-parser no longer depends on promise-wtf (it's now an archived project)
- therefore the reason for having this here is goooooone
2021-02-05 11:51:51 +00:00
Naz
4b74230624 Refactored createTable migration utility
refs https://github.com/TryGhost/Ghost/issues/12567

- The method was using unneeded lodash dependency and was too complex for what it was doing
- Reshuffled internal code to use native JS filter/forEach iterators
2021-02-04 13:37:20 +13:00
Naz
6b61bcf123 Added unique constraint notation to schema definition
refs https://github.com/TryGhost/Ghost/issues/12567

- Introduced here @@UNIQUE_CONSTRAINTS@@ notation allows to create unique contraints over multiple database fields. This will be needed to change posts' table unique constraint from `slug` to `slug+type`.
- The notation is equivalent to SQL's: UNIQUE(column_name1,column_name2)
- Example use in schema:
posts: {
    slug: {type: 'string', maxlength: 191, nullable: false},
    type: {type: 'string', maxlength: 50, nullable: false, defaultTo: 'post', validations: {isIn: [['post', 'page']]}},
    '@@UNIQUES@@': [
        ['slug', 'type']
    ]
}
2021-02-04 13:37:20 +13:00
Kevin Ansfield
7195a904ba Fixed settings validation error not distinguishing between publishable/secret keys
no issue

- when saving Stripe keys with `stripeDirect: true` config, if either key didn't match the key format the returned validation error always contained `stripe_secret_key`
- updated to output `stripe_publishable_key` if it was the publishable key that was invalid
2021-02-03 16:42:51 +00:00
Thibaut Patel
7d4596adf6 Migrate the default api version from v2 to v3
issue https://github.com/TryGhost/Team/issues/221
2021-02-03 15:02:51 +01:00
Naz
606212d187 🏗 Dropped apps related tables
refs https://github.com/TryGhost/Ghost/issues/12565

- Dropped apps_* tables which were not used since the concept of "apps" has been abandoned
- Uses newly introduced "dropTables" migration utility
- Review for these changes has been completed in
(https://github.com/TryGhost/Ghost/pull/12592)
2021-02-03 12:20:08 +13:00
Daniel Lockyer
0958654457
Updated migration warn message
no issue

- fixed typo and improved message formatting
2021-02-02 16:12:53 +00:00
Naz
96f6ca6218
Fixed drop tables migration utility
refs b5b65b3a60

- The utility was meant to be "irreversible" instead of "transactional"
2021-02-02 16:12:53 +00:00
Naz
23c5ca0795
Added documentation and JSDoc to migration commands
refs https://github.com/TryGhost/Ghost/issues/12567

- Functions were missing documentation and were able to perform operations on multiple columns instead of single one after checking the knex docs (http://knexjs.org/#Schema-unique)
2021-02-02 16:12:53 +00:00
Naz
bf1fcd25ce
Added migration utils for dropping tables
refs https://github.com/TryGhost/Ghost/issues/12565

- Dropping tables happens sporadicaly, usually during major version releases. It made sense to create a utility based on previous migrations of this type (e.g.:  3.0/03-drop-client-auth-tables.js migration) to avoid code duplication in the future
2021-02-02 16:12:53 +00:00
Fabien 'egg' O'Carroll
73f6fd8c51
Enabled Members for all sites (#12582)
no-issue

This removes all references to the members labs setting, any code that was run conditionally behind this flag now runs unconditionally. 

* Removed usage of Members labs flag
* Removed tests for Members disabled
* Added dynamic keypair generation for when setting is missing
2021-02-02 16:12:53 +00:00
Rishabh Garg
26ee648397
🏗 Flattened members subscriptions data in API (#12581)
no refs

- Updates member model serializer to directly set subscriptions on member object instead of `stripe.subscriptions`
- Updates all references to members subscriptions from nested `stripe.subscriptions` to `subscriptions`
- Updates v3 API serializer to still use `stripe.subscriptions`
- Updates tests
2021-02-02 16:12:53 +00:00
Fabien 'egg' O'Carroll
6af2706f10
Updated Admin API and Mega to use status flag (#12579)
no-issue

* Removed support for paid param from v3 & canary API
* Updated active subscription checks to use status flag
* Updated MEGA to use status filter over paid flag
* Removed support for paid option at model level
* Installed @tryghost/members-api@1.0.0-rc.0
* Updated members fixtures
2021-02-02 16:12:51 +00:00
Fabien 'egg' O'Carroll
229295d671
Exited process when members-api fatally errors (#12489)
closes https://github.com/TryGhost/Ghost/issues/12448

This adds handling to force the process to exit when we receive an error
from the members-api on initialisation.
2021-02-02 16:12:10 +00:00
Fabien O'Carroll
5d122c3c62
Updated plan_nickname column to be nullable
no-issue

This value is nullable from the Stripe API so we're making sure that we
can store exact values locally.

SQLite3 does not supports altering columns so instead we have to:
1. Create a temp table and copy the data to it
2. Delete the original table
3. Recreate the original table with the necessary modifications
4. Copy the data from the temp table
5. Drop the temp table
2021-02-02 16:12:10 +00:00
Fabien O'Carroll
cc17de16ba
Added ability to specific table definition to createTable
no-issue
2021-02-02 16:12:10 +00:00
Naz
e33599432d
Fixed maintenance app initialization 2021-02-02 16:12:10 +00:00
Naz
9bff415572
Moved maintenance app to separate package
refs #12568

- Made a package out of maintenance app to keep as little code in the repository
2021-02-02 16:12:08 +00:00
Naz
dcb89f2be0
Changed maintenance app debug code 2021-02-02 16:11:35 +00:00
Naz
244e2374d3
Refactored maintenance app to be a class with DI
refs #12568

- DI pattern through constructor allows for very clear separation of concerns and makes it easy to extract the class into a separate module
2021-02-02 16:11:35 +00:00
Naz
7d9f056e9b
Added error handling and response formatting in maintenance 2021-02-02 16:11:35 +00:00
Naz
d60e36ab57
Added "maintenance" app serving 503 page
refs #12568

- When the server is in maintenance mode (e.g. during migration) it needs to serve a 503 page. Previously this role was delegated to the "frontend" which tightly coupled server bootup and frontend.
- With a dedicated HTTP application serving up 503 server is no longer coupled to the frontend during maintenance
2021-02-02 16:11:35 +00:00
Naz
7e28802b1c
Changed express apps to start after migrations
refs #12568

- Allowing express app (frontend) to be booted after the migrations
decouples server maintenance mode from a need to have the "frontend"
loaded beforehand
2021-02-02 16:11:34 +00:00
Fabien 'egg' O'Carroll
a79ed1170d
Added status property to members (#12570)
refs #12160

This flag will allow us easier filtering of members via the API

* Added status column to members table

This flag will be used to determine if a member is free or paid, rather
than relying on joins with the customers and subscriptions tables.

* Added migration to populate members.status

As we add the column with a default value of "free" we only need to care
about the paid members here. We also preemptively handle migrations for
SQLite where there are > 998 paid members.
2021-02-02 16:11:34 +00:00
Thibaut Patel
b724b2be92
Removed the deprecated send_email_when_published field from the API
refs https://github.com/TryGhost/Team/issues/457
2021-02-02 16:11:34 +00:00
Naz
9163c48f4e
Refactored minimal setup for Ghost boot
refs #12568

- Moved duplicated initialization code to make initialization stages clearer
2021-02-02 16:11:34 +00:00
Naz
75cacc460b
Fixed await for db initialization
refs #12568

- Was missed during the refactor in 62c2a1a05d
2021-02-02 16:11:34 +00:00
Naz
815f67492c
Refactored server boot process to use async/await
refs #12568

- The readivility of multiple nested promises is very poor
- Refactored this piece of code before doing a bigger reshuffle of frontend/server boot process
2021-02-02 16:11:34 +00:00
Thibaut Patel
746ab389ad
Removed the "type" filter from the GET settings api
refs https://github.com/TryGhost/Team/issues/454
2021-02-02 16:11:34 +00:00
Rish
c37c66609d
Removed portal-action and requestSrc
no issue

We added `portal-action` and `requestSrc` in 3.x to allow Portal to handle notifications only for auth actions trigged while using it directly, so that existing themes are not affected in any way. Going forward in 4.0, we don't want to have any special handling in backend for Portal but instead expect themes to handle any Portal specific behavior directly.

- Removes setting of `portal-action` for auth actions like signup
- Removes `requestSrc` being passed through to determine portal actions
2021-02-02 16:11:34 +00:00
Rishabh Garg
5417c4d0e1 Removed stripe keys and analytics data from export (#12573)
closes https://github.com/TryGhost/Ghost/issues/12449

We’re starting to bump into errors with our current exporter due to the size of some of the tables in the db and hitting an issue with Ghost running out of memory during export. The intention for the export/import is not to be backup/restore functionality, but for exporting content and authors.

In addition, exporting and re-importing Stripe secret/publishable keys can cause unexpected side-effects for sites that can has major side-effects. This change -

- Removes `email_batches` and `email_recipients` tables from export data to reduce export size due to large amount of analytics data
- Removes stripe's secret/publishable/webhook keys to avoid unexpected issues with re-import
2021-01-28 14:55:54 +05:30
Fabien O'Carroll
8631710b68 Fixed Members importer usage of linkStripeCustomer
no-issue

The method signature was updated in the refactor and this was missed
2021-01-26 21:26:19 +05:30
Thibaut Patel
ff6d31e08f Pointed the v3 endpoint to the v3 folder
refs https://github.com/TryGhost/Team/issues/221
2021-01-22 16:32:03 +13:00
Thibaut Patel
af9c5fd2f1 💡 Split the v3 endpoint from the canary endpoint
refs https://github.com/TryGhost/Team/issues/221
2021-01-22 16:32:03 +13:00
Aileen Nowak
c9d1fa0b96 Updated links to ghost.org sites
no issue

Follow-up task of the updated Ghost Docs structure. Updated links reflecting the new structure to prevent unnecessary 404s and redirects.
2021-01-20 09:59:45 +13:00
Fabien 'egg' O'Carroll
ab5833182b
Updated @tryghost/members-api to 0.37.1 (#12553)
no-issue

* Internal refactor
* Change to the signature of the updateSubscription method
2021-01-19 11:12:52 +00:00
Fabien 'egg' O'Carroll
7fdddf34b3
🐛 Added multiple use grace period to tokens (#12519)
closes https://github.com/TryGhost/Ghost/issues/12347

This change allows a token to be used multiple times for the first 10
seconds after its initial use, this will stop dynamic link checking
software from invaliding magic links.
2021-01-18 17:03:41 +00:00
Thibaut Patel
6a49df36cb Moved the users service to use our DI pattern
refs #12537
2021-01-15 17:58:36 +01:00
Sanne de Vries
c8931a47b5 Updated newsletter blockquote font styling 2021-01-15 15:42:01 +01:00
Thibaut Patel
3576832c0c Moved the OEmbed service to use our DI pattern
refs #12537
2021-01-15 15:35:30 +01:00
Rish
a1663bea91 💄Updated newsletter design to use accent color
no issue

- Updates newsletter design to use accent color for blockquote border if present
2021-01-15 19:47:32 +05:30
Rish
417a4c7281 Added firstpromoter id to member site data
no issue

Adds FirstPromoter id to member site data from settings, allowing Portal to setup FirstPromoter integration if enabled
2021-01-15 19:09:59 +05:30
Rishabh Garg
592c1bd46c
Added FirstPromoter Integration (#12540)
no refs

Adds new FirstPromoter settings similar to amp, which allows sites to take advantage of FirstPromoter to launch their own member referral program natively.

- Adds new firstpromoter settings group
- Adds `firstpromoter` setting to group
- Adds `firstpromoter_id` setting to group for FirstPromoter referral tracking id
- Updated tests
2021-01-15 19:05:15 +05:30
Thibaut Patel
0bea158832 Moved the service logic out of the users controller
refs #12537
2021-01-14 16:41:59 +01:00
Thibaut Patel
d8245216ec Moved the service logic out of the oembed controller
refs #12537
2021-01-14 16:41:33 +01:00
Naz
6d2dfff5b5 Refactored invites module into a class
refs #12537
2021-01-14 19:42:38 +13:00
Naz
01855389a5 Moved invites controller code into a service module
refs #12537

- Part of the controller code refactor into services to avoid code duplication during introduction of a new API.
2021-01-14 19:25:16 +13:00
Naz
1cec604318 Fixed update check tests
refs #12537

- Refactored overuse of rewire mocking blog-version.
- Fixed a bug introduced along the way when duplicate notifications errored instead of returning empty result
2021-01-14 18:30:09 +13:00
Naz
cc9d987e94 Fixed notifications api user for internal context
refs #12537

- Fix after a refactor introduced in 935ffdd0f6
2021-01-14 17:49:55 +13:00
Naz
935ffdd0f6 Refactored notifications module into a class
refs #12537

- Classes with DI friendly constructors are the pattern that are followed across the codebase
2021-01-14 16:19:15 +13:00
Naz
d2f0f0d7bc Moved notifications controller code into a service module
refs #12537

- notifications controllers were overbloated with non controller related code and were identical. It is important to reduce unnecessary code ahead of v4 API introduction
- Follow up commit will transform newly created module into a class following DI pattern
2021-01-14 15:55:55 +13:00
Naz
aff4a7055e Extracted members controller's import method
refs #12537

- Moved code related to the importer into the MembersImporter class to  keep the controller code light
2021-01-14 14:05:22 +13:00
Naz
105bc6cff3 Added jsdoc to MembersStats class
no issue
2021-01-14 12:59:17 +13:00
Naz
10304c79a4 Refactored members stats module into class
refs #12537

- Class syntax is preferred over module functions because of constructor parameter injection (DI) which allows for easier module decoupling and testing
2021-01-13 22:43:05 +13:00
Naz
e62c4075f0 Moved members stats code out of members controller
refs #12537

- `stats` method in members controller is quite big and does much more then controller method code should - few calls to relevant modules
- Extracted code "as is" into members serivce
- Next step will be to refactor this module as a class pattern with DI parameters
2021-01-13 22:43:05 +13:00
Kevin Ansfield
63f7f9a827 🐛 Disabled auto-unsubscribe of members on permanent email failure events
refs https://github.com/TryGhost/Team/issues/446

Mailgun permanent failure events do not always correspond to unsubscribe-level events as originally thought, meaning some members could be unsubscribed unexpectedly due to delivery hiccups.

- disabled auto-unsubscribe on permanent failure events in the analytics event processor
- list maintenance will be added back in the future via alternative means
2021-01-12 18:40:31 +00:00
Naz
b2e7d2bf06 Bumped job-manager version to 0.7.0
closes https://github.com/TryGhost/Ghost-Utils/issues/122
2021-01-06 17:48:05 +13:00
Kevin Ansfield
93fa9b4d9e Removed unnecessary bookshelf-relations config in EmailRecipient model
no issue

- we don't use any of the `bookshelf-relations` plugin's added features for the `EmailRecipient` model so there's no need to opt in to it
2021-01-05 15:28:30 +00:00
Kevin Ansfield
eccd220461 🐛 Fixed error when deleting a member that has received a newsletter email
closes https://github.com/TryGhost/Ghost/issues/12493

- bumps `bookshelf-relations` to new version that allows for `hasMany` children to be kept when a parent record is destroyed
- adds necessary config to the `Member.email_recipients` relationship to keep related records when a member is deleted
2021-01-05 14:06:20 +00:00
Rish
d2543462fa 🐛 Fixed reply-to address not set for newsletters
closes https://github.com/TryGhost/Ghost/issues/12492

The changes to email processing models had set replyTo address for an email batch as `reply_to` instead of `replyTo` which was not picked by mailgun service for setting newsletter reply address
2021-01-05 17:58:55 +05:30
Fabien O'Carroll
81218ab467 🐛 Fixed re-enabling of complimentary subscriptions
closes #12503

Since we include _all_ subscriptions in the `stripeSubscriptions`
relation, we must check that for an existing active complimentary
subscription to decide whether or not we should skip creation of a
complimentary subscription
2021-01-05 10:51:05 +00:00
Kukhyeon Heo
7528ec8c3b
🐛 Fixed redirects "to" query params forwarding (#12333)
ref #10898

- The redirects configuration's `to` & `from` URL parameters used to ignore it's query string parameters, which resulted in unexpected behavior
- Current changeset only partially fixes the issue. Now `to` URL's query parameters always take precedence over incoming query parameters and the rest of query parameters are passed through.
2021-01-05 14:11:06 +13:00
Fabien O'Carroll
5af0b5735b 🐛 Added translation for BookshelfRelationsError
refs #12493

This protects against accidental relation errors giving unfriendly
errors messages.
2021-01-04 15:35:43 +00:00
Sumedh
e756af65f2 Removed invalid default 'core' value in settings type
closes #12181
refs https://github.com/TryGhost/Ghost/pull/12265

- The 'core' value is invalid for settings 'type' column
- The 'core' default value for 'type' column in model is also invalid
- Both need to be removed as they are never used and only introduce confusion into the codebase
2021-01-04 15:32:57 +13:00
Naz
31a69d18f0 Improved JSDoc in default scheduler
no issue

- Previously used notation was not a valid JSDoc one. With this correction IDEs will provide more accurate information about all furnction parameters
2020-12-16 17:25:05 +13:00
Naz
c1e3788570 Added central error handler to job manager
refs https://github.com/TryGhost/Ghost-Utils/issues/118

- Duplicating error handling across jobs is not best developer experience. Also, having custom error handling logic did not allow for recommended worker script behavior: allowing for unhandled exceptions to bubble up and be managed by parent process
2020-12-14 18:01:41 +13:00
Kevin Ansfield
8aa55feaf8
Added acceptance test for /member/:id/?include=email_recipients (#12477)
refs c1d66f0b01

- fixed base model allowing '@@INDEXES@@' as a permitted attribute/order
- fixed base model automatically setting `@@INDEXES@@` to null on the model when creating
- added `doAuth('members:emails')`
  - creates an `email_batch` record attached to the first email in the fixtures
  - creates an `email_recipients` record for each member
  - runs analytics aggregation so the email and member counts are as expected
- added acceptance test for `/member/:id/?include=email_recipients`
2020-12-11 18:45:35 +00:00
Fabien O'Carroll
939a54cc35 🐛 Fixed comped flag for members
no-issue

We now include all subscriptions as part of the member, so we need to
ensure the comped flag is only true if the member has an **active**
complimentary plan
2020-12-10 13:14:07 +00:00
Peter Zimon
c856d712ec
Import email refinements (#12473)
* Updated import email subject

* Updated import email title

* Fixed copy in import email to reflect if there was at least one member added
2020-12-10 12:19:26 +01:00
Thibaut Patel
63dde5a46c
Made the package-json module ready to be exported (#12451)
no issue
2020-12-10 11:37:43 +01:00
Kevin Ansfield
c1d66f0b01
Added email_recipients include option to members API read endpoint (#12471)
refs https://github.com/TryGhost/Ghost-Admin/pull/1796

We want to be able to display an email activity timeline in Ghost-Admin for each member. The quickest way to achieve that right now is to provide access to the `email_recipient` data for the member when fetching, this will allow clients to build up a timeline based on the event timestamps included with each email_recipient/email pair.

- sets up `email_recipients` relationship in `Member` model
- updates members API read endpoint to accept an `email_recipients` include parameter
  - appends `email_recipients.email` to the `withRelated` array when `email_recipients` is included so that we have data available for email subject and html/plaintext for previews
- updates members API output serializer to include the email_recipients object in the output
2020-12-10 10:04:05 +00:00
Kevin Ansfield
9586d1ce56 Fixed sqlite storing member email open rate as floats
no issue

- sqlite will store a float in an integer column due to it's type affinity resulting in long decimal numbers in the UI when we're expecting an integer
- use the `ROUND()` function to ensure we're storing integers in place of floats when performing open rate average calculations
2020-12-10 10:00:25 +00:00
Fabien O'Carroll
32fe260763 Updated canary members controller to use new Importer
no-issue

This completely replaces the old import functionality with the new
importer!
2020-12-09 19:25:57 +00:00
Fabien O'Carroll
cfad396652 Exported MembersCSVImporter from Members service
no-issue

This will allow the controller to be updated to use the new importer
2020-12-09 19:25:57 +00:00
Fabien O'Carroll
ff7773d1cf Added new members importer module
no-issue

This module encapsulates the work around performing imports, it
currently uses the concept of a "Job" which at the moment is not
persisted to the database, however when we want to look at resuming
imports after a server restart, this should give us the flexibility to
do it.
2020-12-09 19:25:57 +00:00
Fabien O'Carroll
c7359a083f Added email template for completion of background jobs
no-issue

This will be used to generate email content used for notifying users
that their import has been completed.
2020-12-09 19:25:57 +00:00
Fabien O'Carroll
73dc19e498 Removed Members CSV import validation endpoint
no-issue

The new import flow does not use prevalidation of the CSV file, so we
have no use for this anymore.
2020-12-09 19:25:57 +00:00
Fabien O'Carroll
83c5270217 Removed support for batched CSV importer
no-issue

We are rewriting the Members CSV importer to use background jobs, the
batched importer will no longer be used locally.
2020-12-09 19:25:57 +00:00
Kevin Ansfield
baf635e27b Updated email stats aggregator for new member count columns
refs https://github.com/TryGhost/Ghost/issues/12461

- added two default aggregations for overall email count and opened email count
- when number of tracked emails is sufficient add the open rate aggregation to the update query
2020-12-09 13:14:39 +00:00
Kevin Ansfield
b1aafd715d
Added members.email_{count,opened_count} column migrations (#12470)
refs https://github.com/TryGhost/Ghost/issues/12461

- adds `members.email_count` and `members.email_opened_count` columns to contain cached counts for faster queries when outputting member data via API
- adds migration to populate cached counts with existing data
  - tested locally on ~50k members which took ~4sec on mysql
- updates members output serializer to include the new fields in API output
2020-12-09 12:21:56 +00:00
Thibaut Patel
c25344d414
Refactored core/server/lib/image for Dependency Injection (#12463)
no issue
2020-12-09 13:19:22 +01:00
Kevin Ansfield
748a8e0d0f
Added email_open_rate order option to members API (#12462)
refs https://github.com/TryGhost/Ghost/issues/12421

- add `orderRawQuery` function to members model so that we can ensure members with an open rate are ordered before members without an open rate no matter the order direction chosen
- added `email_open_rate` to members in the test fixtures to allow testing of order
2020-12-08 12:43:48 +00:00
Kevin Ansfield
567eb6325f
Added members.email_open_rate aggregation to email analytics (#12458)
refs https://github.com/TryGhost/Ghost/issues/12421
requires https://github.com/TryGhost/Ghost/pull/12457

- updates stats aggregator to calculate and store an open rate for each member
  - uses two queries because I couldn't find a reasonable approach to perform the update in a single query as per the email aggregation
  - benchmarked locally at <1sec/1000members
  - will not store an open rate unless the number of tracked emails sent to a member is above a certain threshold (defaults to 5) to avoid new members being heavily weighted
- fixes typo in EmailAnalytics that was stopping member stats from being aggregated
2020-12-08 12:43:10 +00:00
Kevin Ansfield
9fd6f30fd7
Added migration for members.email_open_rate column (#12457)
refs https://github.com/TryGhost/Ghost/issues/12421

- nullable so we can distinguish between members that have and haven't received any trackable emails
- indexed because we'll be using this column for sorting
2020-12-08 12:20:17 +00:00
Kevin Ansfield
84ae8585c6 Added guard for page.items existing in Mailgun response
no issue

- it's possible to get Mailgun responses where the `items` array doesn't exist so we need to guard against that so we don't error
2020-12-07 11:07:25 +00:00
Kevin Ansfield
7c57ffd6a6 Fixed posts without open rate being ordered in reverse
refs https://github.com/TryGhost/Ghost/issues/12420

- adds additional sorting by post creation date so that posts below those with an open rate appear in a more useful order
2020-12-04 13:12:14 +00:00
Thibaut Patel
7038f381b3 🐛 Fixed page preview
issue #12444
2020-12-04 11:35:15 +01:00
Kevin Ansfield
9ff7423b2b
Added email.open_rate order option to posts api (#12439)
refs https://github.com/TryGhost/Ghost/issues/12420

- updated `order` bookshelf plugin's `parseOrderOption()` method to return multiple order-related properties
  - `order` same as before, a key-value object of property-direction
  - `orderRaw` new property that is a raw SQL order string generated from `orderRawQuery()` method in models
  - `eagerLoad` new property that is an array of properties the `eagerLoad` plugin should use to join across
- updated `pagination.fetchAll()` to apply normal order + raw order if both are available and to handle eager loading / joins when `options.eagerLoad` is populated
- updated post model to include details for email relationship and to add `orderRawQuery()` that allows `email.open_rate` to be used as an order option
2020-12-03 20:13:37 +00:00
Daniel Lockyer
47397ca7a6
Updated logging message for webhooks
- removes double space and tidies up the output
2020-12-03 17:50:53 +00:00
Kevin Ansfield
a945ae7c02 Added sentry error capturing to email analytics jobs
no issue

- jobs operate in their own process and so do not share any of the error capturing that is configured in the parent process
2020-12-02 14:57:15 +00:00
Kevin Ansfield
c40a8e978d Fixed incorrect knex syntax
refs 166d072cd4

- accidentally committed an earlier attempt 🤦🏻‍♂️ updated with the valid syntax
2020-12-02 14:53:10 +00:00
Kevin Ansfield
166d072cd4 Fixed email analytics job not being registered when creating an email
no issue

- job registration was checking for submitted emails in it's email count but the job registration method is called as soon as an email is created meaning the email has a status of 'pending' which prevented the analytics job from being started until a second email was sent
2020-12-02 14:47:18 +00:00
Kevin Ansfield
f802128cfc
Added emailAnalytics config feature flag (#12443)
no issue

- email analytics may be desirable to fully switch off in certain circumstances, when that happens we want to prevent related background jobs from running and expose the feature flag via the config endpoint in the Admin API so that clients can adjust accordingly
2020-12-02 13:22:12 +00:00
Kevin Ansfield
2951eb9eaf Added missing moment require
refs 92ef83c61a
2020-12-02 12:15:27 +00:00
Kevin Ansfield
92ef83c61a Adjusted email jobs registration to check for emails newer than 30 days
no issue

- if emails are older than 30 days we wouldn't be able to fetch any analytics for them and if a site used emails in the past but is no longer using them it doesn't make sense to keep potentially expensive background worker threads spinning up
2020-12-02 12:14:22 +00:00
Daniel Lockyer
947603d0e3
Added original error to thrown error in mega code
- the original error is not propagated up with the error we throw, so it
  can sometimes be difficult to see what's going on down the line
2020-12-02 09:04:20 +00:00
Kevin Ansfield
d675278b0b
Prevented scheduling of recurring analytics jobs when not using emails (#12441)
no issue

- recurring jobs spin up worker threads which can be quite CPU intensive even when not performing much processing, this can be problematic in environments where there are many Ghost instances running
- updated the email job scheduling to be skipped on bootup when there are no emails in the database and to be started when the first email is created as long as we're not in testing env
- increase analytics job schedule from every 2 minutes to every 5 minutes to help spread the load further across instances
2020-12-02 08:17:44 +00:00
Kevin Ansfield
249fd4f06a Fixed email count check in email-analytics service
no issue

- raw knex `.count()` does not return a straight number, we need to handle an array of rowDataPacket objects
2020-12-01 15:02:04 +00:00
Kevin Ansfield
641be8fec3 Adjusted email analytics job scheduling to avoid API spikes
no issue

- typically cron/later schedules will schedule for :00 on the minute which would create API spikes with every members-email-using Ghost site hitting the API at the same time
- adjusted the scheduling to use cron syntax with job runs every 2 minutes on 1,3,5... or 2,4,6... and a random seconds value to smooth usage across sites
2020-12-01 11:27:34 +00:00
Kevin Ansfield
db7fff0b2a Fixed misleading emailAnalytics.fetchLatest debug statement 2020-12-01 10:16:41 +00:00
Kevin Ansfield
d604f96a9c Added no-emails guard check when fetching latest email events
no issue

- replicates the same guard used in `fetchLatest()` to prevent contacting Mailgun when there are no emails in the database
2020-12-01 10:15:31 +00:00
Kevin Ansfield
b35eef1b02 Added kill-switch config for email analytics background jobs
no issue

- it's possible background jobs may cause unintended side-effects so it's useful to have a kill-switch to disable them individually to keep sites working
2020-12-01 09:10:59 +00:00
Daniel Lockyer
8f86885132 Fixed typo in v2 oembed API
- canary uses `maxwidth` and it's the correct parameter to use
2020-12-01 08:59:41 +00:00
Scott Cabot
da5586e5aa Fixed user import with no created_at date breaking graph
- users imported from CSV with no created_at date where having their created_at date being stored as an int rather than a datetime.
- this was causing parsing issues with the graph so this commit fixes the formatting
2020-11-30 11:21:22 +00:00
Scott Cabot
1e5d201835 🐛 Fixed flat member chart for GMT-X timezones
closes #12083

- fixes a parsing issue where negative offset values were incorrectly having the + sign added regardless of actual offset for sqlite databases.
- for mysql databases absolute values of offset were taken with sign applied where appropriate to stop issues where both hours and minutes could be negative which would cause both an issue with offsets that could present as -2:30 and by the look of the code also trigger extra padding to result in -2:-030 rather than the expected -2:30
2020-11-30 11:21:22 +00:00
Naz
52bcf6086a Fixed malformatted JSDoc {Object} parameters
no issue

- Removed † symbol from the source code
- Not sure how this symbol got into the source code but it definitely should not be here
2020-11-30 17:18:13 +13:00
Naz
eb52cb06bb Improved threading performance on non-SQLite clients
refs https://github.com/TryGhost/Ghost/pull/12431

- child_process are more expensive to run comparing to worker_threads (ref. https://wanago.io/2019/05/20/node-js-typescript-14-performance-hooks/)
- limiting child process only to sqlite backed instances allows high load servers running with MySQL (most usecases) to continue using worker_threads
2020-11-30 13:27:40 +13:00
Kevin Ansfield
a29ac2691a
Fixed sqlite3 errors when email analytics jobs run (#12431)
no issue

- the 4.2.0 version of `sqlite3` that we're using is not compatible with `worker_threads`
- 5.0.0 should add support this but there are other errors
- 5.0.1 is released but not published (https://github.com/mapbox/node-sqlite3/issues/1386)
2020-11-26 15:12:12 +00:00
Kevin Ansfield
dcafebe379 Fixed linting 2020-11-26 13:11:18 +00:00
Kevin Ansfield
717543835c
Added email analytics service (#12393)
no issue

- added `EmailAnalyticsService`
  - `.fetchAll()` grabs and processes all available events
  - `.fetchLatest()` grabs and processes all events since the last seen event timestamp
  - `EventProcessor` passed event objects and updates `email_recipients` or `members` records depending on the event being analytics or list hygiene
    - always returns a `EventProcessingResult` instance so that progress can be tracked and merged across individual events, batches (pages of events), and total runs
    - adds email_id and member_id to the returned result where appropriate so that the stats aggregator can limit processing to data that has changed
    - sets `email_recipients.{delivered_at, opened_at, failed_at}` for analytics events
    - sets `members.subscribed = false` for permanent failure/unsubscribed/complained list hygiene events
  - `StatsAggregator` takes an `EventProcessingResult`-like object containing arrays of email ids and member ids on which to aggregate statistics.
  - jobs for `fetch-latest` and `fetch-all` ready for use with the JobsService
- added `initialiseRecurringJobs()` function to Ghost bootup procedure that schedules the email analytics "fetch latest" job to run every minute
2020-11-26 13:09:38 +00:00
Kevin Ansfield
0c59b948fa
Added migrations for email analytics (#12387)
no issue

- cleans up unused tables `emails.{meta,stats}`
- adds timestamp columns `email_recipients.{delivered_at,opened_at,failed_at}` that can be used for event timelines and basic stats aggregation
  - indexed because we want to sort by these columns to find the "latest event" when limiting Mailgun events API requests
- adds aggregated stats columns `emails.{delivered_count,opened_count,failed_count}`
- adds a composite index on `email_recipients.[email_id,member_email]` to dramatically speed up `email_recipient` update queries when processing events
  - modifies the db initialisation to support an `'@@INDEXES@@'` key in table schema definition for composite indexes
2020-11-25 17:48:24 +00:00
Fabien 'egg' O'Carroll
cbaf6e5a74
🐛 Fixed backwards compatibility for newsletters (#12422)
closes https://github.com/TryGhost/Ghost/issues/12416

This fixes compatibility for the `send_email_when_published` option for
the Posts API.

The model layer only allows setting the `email_recipient_filter` column
when the `status` is being changed. Because of this we need to withhold
the `status` change until after we have determined the
`email_recipient_filter`.
2020-11-25 13:58:21 +00:00
Daniel Lockyer
d14f174f35 Refactored 'add column' migrations to use helper
- this removes a lot of code duplication and streamlines how we do
  things across the codebase
2020-11-25 13:56:10 +00:00
Daniel Lockyer
5c3439dc86 Refactored 'add table' migrations to use helper
- this removes a lot of code duplication and streamlines how we do
  things across the codebase
2020-11-25 13:56:10 +00:00
Daniel Lockyer
ed2a21bef4 Added JSDoc comments into package-json lib 2020-11-25 11:29:04 +00:00
Daniel Lockyer
90f7cf9e67 Reverted "Refactored remaining function in package-json lib to use async-await"
- this reverts commit d4b15141a0.
- reverting until I can figure out why the tests are broken
2020-11-25 10:57:55 +00:00
Daniel Lockyer
d4b15141a0 Refactored remaining function in package-json lib to use async-await
- this helps simplify the code and gets rid of Promise chaining
- apparently I can't easily use an async function within filter, so I've
  left it for now
2020-11-25 10:44:15 +00:00
Fabien 'egg' O'Carroll
18b87d9734
Included all subscriptions in stripeSubscriptions (#12414)
refs https://github.com/TryGhost/Ghost/issues/12256

We no longer want to filter out cancelled subscriptions, so we are able
to remove the whereIn clause of the relation.

* Fixed paid flag on member
* Fixed content gating for members

Now that the subscriptions for a member include all of them, we must
explicitly check that the member has an active subscription in order to
consider them "paid"
2020-11-25 10:39:07 +00:00
Daniel Lockyer
ac17b6bc35 Refactored package-json lib to use more async-await
- this helps get rid of all the promise chaining and indentation,
  resulting in cleaner code
2020-11-25 09:19:35 +00:00
Daniel Lockyer
4378435e12 Refactored package-json lib into a class
- this helps bring all the code together so we can extract it in the
  future
- turning it into a class also lets us easily inject the i18n instance
  and store it locally
2020-11-25 09:19:35 +00:00
Kevin Ansfield
47e81e3ca1 Fixed error when creating emails when track opens is disabled
no issue

- ensure `email.track_opens` is a boolean rather than `null`
2020-11-25 08:08:15 +00:00
Naz
0e78f2ed63 Improved job queue logging
no issue

- Makes debugging scheduled jobs easier by listing running/scheduled job names
2020-11-25 13:28:13 +13:00
Fabien 'egg' O'Carroll
217f069085
Included cancellation_reason in subscription serialization (#12411)
refs #12403 

This new property needed to be exposed in serialization so that Ghost-Admin
can use it via the API.
2020-11-23 21:19:27 +00:00
Kevin Ansfield
7bbbeeb5b0 Fixed linting 2020-11-23 19:58:34 +00:00
Kevin Ansfield
a8d8598003 Updated mega service to use open tracking from settings
refs https://github.com/TryGhost/Ghost/issues/12390

- switched from enabling open tracking based on `enableDeveloperExperiments` to using the track-opens setting
2020-11-23 18:53:55 +00:00
Kevin Ansfield
ea77f3f349
Added "email_track_opens" setting (#12404)
refs https://github.com/TryGhost/Ghost/issues/12390

- adds "email_track_opens" setting to the `email` group, defaulting to `true`
2020-11-23 18:36:12 +00:00
Kevin Ansfield
4c96aa5c95 Fixed bulk email only having 'bulk-email' tag in certain circumstances
no issue

- the `'bulk-email`' tag was only being added to bulk emails if another more specific tag was set up via config
- we always want the `'bulk-email'` tag to be present for better event filtering
2020-11-23 18:34:17 +00:00
Fabien 'egg' O'Carroll
47e266e6d3
Added cancellation_reason column to stripe subscriptions (#12405)
refs #12403 

This will allow us to store the reason for each individual subscription
cancellation.
2020-11-23 15:36:14 +00:00
Peter Zimon
bf9820f97d Fixed sans-serif link style
no refs.
- fixed regression that links in emails with sans-serif setting wasn't underlined
2020-11-23 15:50:02 +01:00
Fabien 'egg' O'Carroll
f8b617af64
Supported redirecting externally after signup (#12391)
refs #12391

Adds support for redirecting to external URL's after successful signup for members.
2020-11-23 09:36:45 +00:00
Naz
5c4e884070 Added support for graceful job shutdown and worker threads
refs #12402

- With bumped version of job-manager it offloads job procesing into separate worker thread. Having jobs run out of main Ghost process even loop allows for safe job execution, which does not block Ghost from serving requests or performing other functions without a delay
- Added experimental data access to 'testmode' jobs. This should serve as an illustration of how to access data from the job layer
2020-11-23 17:17:49 +13:00
Naz
6ba6e9c307 Removed unused authors input serializer
refs https://github.com/TryGhost/Ghost/issues/10354

- The serializer wasn't hooked up properly during the implementation (1a4497fc9a). It is not possible to hook it back in now as that would introduce breaking change to now stable v2 API.
- v3 (canary) has is properly hooked in, so there should not be a problem going forward
2020-11-23 11:35:02 +13:00
Thibaut Patel
bda4e0da70 Fixed Personal Tokens migration file name
no ref
2020-11-20 10:35:31 +01:00
Thibaut Patel
5fefa9fe96 Disabled Personal Tokens of inactive/locked users
no issue
2020-11-20 09:53:18 +01:00
Thibaut Patel
d48febbbd8 Added Personal Token removal when a user is deleted
no issue
2020-11-20 09:53:18 +01:00
Thibaut Patel
4edccfd2f7 Added the Admin API and tests for Personal Tokens.
no issue
2020-11-20 09:53:18 +01:00
Thibaut Patel
be4146e324 Enabled authentication using an api key with a user_id
no issue

- Enables the Personal Tokens feature.
2020-11-20 09:53:18 +01:00
Thibaut Patel
214ed405cc Added the user_id field to the api_keys table
no issue

- Migration related to the Personal Tokens feature.
2020-11-20 09:53:18 +01:00
Fabien 'egg' O'Carroll
38d19c999d
Removed search params from custom signup redirects (#12386)
refs #12366

This means that custom redirects will not trigger the built in notifications handled by Portal.
2020-11-19 14:47:08 +00:00
Daniel Lockyer
49197a6597 Merged 3.38.2 into master
* origin/3.38.2:
  v3.38.2
  Updated Ghost-Admin to v3.38.2
  🐛 Added missing Bluebird require in v2 API
2020-11-19 13:43:18 +00:00
Daniel Lockyer
c72ecf6a96 🐛 Added missing Bluebird require in v2 API
- this was missed in the original pass when removing the global Promise
  override
2020-11-19 13:36:15 +00:00
Fabien 'egg' O'Carroll
9ba3e96790
Redirected to custom path on successful signup (#12372)
refs #12366 

This implements redirection based on the settings for successful member sign up!
- Removes support for redirecting to `req.path` afterwards, this was never used and
  we now have a more configurable implementation.
- Retains redirection to the homepage for unsuccessful sign up (invalid/expired token)
2020-11-19 09:58:32 +00:00
Fabien 'egg' O'Carroll
2600a20f54
Added new settings for members signup redirects (#12370)
refs #12366

Adds two new settings for redirecting members after signup, based on if
they're paid or free, defaulting to the current redirect of "/"
2020-11-17 17:17:54 +00:00
Fabien 'egg' O'Carroll
8ad995203e
🐛 Fixed migration for SQLite3 (#12371)
no-issue

The current version of SQLite3 bundled with Ghost supports a maximum of 999
variables, we use one variable for the SET value and so we're left with 998 for the
WHERE IN clause values.

refs: https://forum.ghost.org/t/unable-to-start-ghost-3-38-0-locally/18322
2020-11-17 16:39:42 +00:00
Fabien 'egg' O'Carroll
bfc152bede
Fixed handling of email_recipient_filter option (#12369)
no-issue

This logic would assume that the option was always passed at the point
of publishing the post, which is not the case for scheduled posts.

Instead of setting the property to 'none' when the option is not
present, we take the approach of ONLY setting the propery when
1. It is present and not 'none'
2. The post is being published or scheduled

This means that scheduled posts will have the property set correctly,
and any future publishing will leave the it in the original state
2020-11-17 11:00:03 +00:00
Rish
f53ab0f52b Updated default config for newsletter badge
no refs

- Migrations were using previous default for badge which was set to `false`
- Default config for badge was `false` which caused migration to switch off the badge, updated to `true`
2020-11-17 16:06:31 +05:30
Daniel Lockyer
33bc3c9011
Refactored column migrations to use helpers (#12360)
- these helpers remove a lot of the duplicated code that we had when doing up/down column migrations, and provides a much shorter way of doing this in the future
2020-11-16 11:55:51 +00:00
Peter Zimon
02d78a89aa Udpated email template footer spacings
no refs.
- updated padding between Ghost badge and rest of the footer
2020-11-16 12:31:37 +01:00
Rish
2d04bfbac9 Enabled newsletter badge by default
no issue

Updated newsletter badge to be shown by default which was previously set to be hidden. Users can still control the visibility via Email settings in Ghost-Admin
2020-11-16 15:55:05 +05:30
Peter Zimon
cfac18cb32 Newsletter email template refinements
no refs.
- updated color styles, links for footer text
- refined spacings for email footer paragraphs
2020-11-13 16:58:56 +01:00
Fabien 'egg' O'Carroll
3f9053ae94
Added setting for newsletter footer content (#12359)
no-issue

We want to give users to ability to customise the content of their newsletter, and the first step
toward that is a setting in which we can store text or html to embed in the template
2020-11-13 13:18:47 +00:00
Fabien 'egg' O'Carroll
4604ba1587
Fixed backward compatibility for send_email_when_published (#12357)
no-issue

* Handled send_email_when_published in Posts API

This restores backwards compatibility of the Posts API allowing existing
clients to continue to use the `send_email_when_published` flag. This
change uses two edits, which is unfortunate. The reason being is that
this is an API compatibility issue, not a model issue, so we shouldn't
introduce code to the model layer to handle it. The visibility property
of the model is used to determine how to fall back, and because it can
be left out of the API request, and relies on a default in the settings,
we require that the model decide on the `visibility` before we run our
fallback logic (or we duplicate the `visibility` default at the cost of
maintenance in the future)

* Dropped send_email_when_published column from posts

Since this column is not used any more, we can drop it from the table.
We include an extra migration to repopulate the column in the event of
a rollback

* Updated importer to handle send_email_when_published

Because we currently export this value from Ghost, we should correctly
import it. This follows the same logic as the migrations for this value.

* Included send_email_when_published in API response

As our v3 API documentation includes `send_email_when_published` we must
retain backward compatibility by calculating the property.

* Fixed fields filter with send_email_when_published

* Added safety checks to frame properties

Some parts of the code pass a manually created "frame" which is missing
lots of properties, so we check for the existence of all of them before
using them.

* Fixed 3.1 migration to include columnDefinition

We require that migrations have all the information they need contained
within them as they run in an unknown state of the codebase, which could
be from the commit they are introduced, to any future commit. In this
case the column definition is removed from the schema in 3.38 and the
migration would fail when run in this version or later.
2020-11-11 13:03:41 +00:00
Peter Zimon
215bfd0a7a
Added newsletter design settings (#12352)
refs https://github.com/TryGhost/Ghost/issues/12355

- Adds new default settings for newsletter customisations - `newsletter_show_badge`, `newsletter_show_header` and `newsletter_body_font_category`
- Adds migrations to update group for new settings
- Add migration to update settings based on existing config value for newsletter settings
- Passes new newsletter settings to newsletter template and updates design based on them
- Fix tests
2020-11-11 18:26:11 +05:30
Naz
5b6fe31002 Added support for jobs defined as modules
no issue

- These changes should allow easy testing of scheduled jobs and provide an implementation example for future jobs within Ghost
- Added experimental support to run jobs based on functions defined in modules
- Extendeded testmode "schedule" endpoint with an optional job name parameter which picks up job from "jobs" folder
- Adjusted scheduleJob method use and passed "schedule" as first parameter
- Bumped job-manager version to allow for all new functionality
2020-11-10 17:29:35 +13:00
Naz
d6505899a7 Moved testmode routes into their own folder
no issue

- Living in separate folder will allow adding more testmode specific modules (for example test jobs)
- Mimicks the folder structure of how v2/canary routes are structured better
2020-11-10 15:01:28 +13:00
Fabien 'egg' O'Carroll
6140a98351
Updated newsletter functionality to use email_recipient_filter (#12343)
no-issue

* Used email_recipient_filter in MEGA

This officially decouples the newsletter recipients from the post
visibility allowing us to send emails to free members only

* Supported enum for send_email_when_published in model

This allows us to migrate from the previously used boolean to an enum
when we eventually rename the email_recipient_filter column to
send_email_when_published

* Updated the posts API to handle email_recipient_filter

We now no longer rely on the send_email_when_published property to send
newsletters, meaning we can remove the column and start cleaning up the
new columns name

* Handled draft status changes when emails not sent

We want to reset any concept of sending an email when a post is
transition to the draft status, if and only if, and email has not
already been sent. If an email has been sent, we should leave the email
related fields as they were.

* Removed send_email_when_published from add method

This is not supported at the model layer

* Removed email_recipient_filter from v2&Content API

This should not be exposed on previous api versions, or publicly

* Removed reference to send_email_when_published

This allows us to move completely to the email_recipient_filter
property, keeping the code clean and allowing us to delete the
send_email_when_published column in the database. We plan to then
migrate _back_ to the send_email_when_published name at both the
database and api level.
2020-11-06 17:32:23 +00:00
Fabien O'Carroll
44b43a4755 Fixed error with removal of global.Promise override
refs #12182

These were missed in the cleanup and were causing errors.
2020-11-06 16:49:10 +00:00
Fabien O'Carroll
0ce8e3171b Bound SSOAdapter methods to their instance
no-issue

This allows custom SSO adapters to store instance config and refer to
in their methods
2020-11-05 13:08:11 +00:00
Kevin Ansfield
aface9ed4c Enabled Mailgun open tracking when dev experiments is enabled
no issue

- set `emails.track_opens` to `true` when the `enableDeveloperExperiments` flag is set
- update mailgun bulk-email provider to pass the open-tracking header to Mailgun when the email's `track_opens` flag is set
2020-11-05 12:55:08 +00:00
Daniel Lockyer
c8f23873c6 Fixed wording on warning message
- derp
2020-11-05 12:18:28 +00:00
Daniel Lockyer
d8fdf2052c Added check for missing DB data
- this check should never really be hit unless the DB has missing data,
  but the code tries to read from an undefined variable and crashes, which we
  can protect against
- this can be triggered by doing a `knex-migrator init` followed by a
  `knex-migrator rollback --v 3.0 --force`
2020-11-05 12:13:58 +00:00
Daniel Lockyer
a3c8b032de Added missing Bluebird requires
- 504509bb6 removed the global override for Promise
- there are a bunch of places in code that use Bluebird Promise methods,
  but Bluebird wasn't being imported in these places
- this would have thrown errors all over the place
2020-11-05 11:55:14 +00:00
Kevin Ansfield
d41c2f8446
Added migration for emails.track_opens column (#12331)
no issue

- tracking of bulk email opens can be enabled/disabled over time, if we're calculating analytics for emails we don't want emails which didn't have tracking enabled skewing the results so we need a record of whether tracking was enabled for each email
2020-11-05 11:39:53 +00:00
Naz
c7541a1fe0 Added scheduled job support in testmode
no issue

- We need an ability to early test scheduled jobs to refine the new feature and it's API. Should be used with caution
- To schedule an example scheduled job every 30 seconds run following request: `curl http://localhost:2368/ghost/api/schedule/every%2030%20seconds`
2020-11-05 17:46:57 +13:00
Naz
f69526c140 Fixed error logged for absent redirects config
refs #11085

- Incorrect usage error was logged to the output when there was no recirecst configuration file present in the system. Previously an empty string was returned in such situation, resulting in "ENOENT" error, which was ignored through special handling.
- The fix resembles logic in redirects async getter function where empty array is returned when the config file does not exits.
- Attempting to read unexistent config should not ever happen and will be handled on the config service layer, this is why special "ENOENT" handling has been removed
2020-11-05 12:45:02 +13:00
Fabien O'Carroll
601b6ce174 Added migration to populate recipient_filter
no-issue

This populates the recipient_filter column for existing emails
based on the visibility of the related post at the time of the
migration.
2020-11-04 16:29:54 +00:00
Fabien O'Carroll
918c721bd1 Added recipient_filter column to emails table
no-issue

This column will allow us to store the canonical recipient filter on the
email resource giving us a detailed log of which members an email was
intended for
2020-11-04 16:29:54 +00:00
Fabien O'Carroll
dd0f80c9fa Added migration to populate email_recipient_filter
no-issue

This populates the email_recipient_filter column for existing posts
based on 1. if they were sent as an email and 2. their visibility.
2020-11-04 16:29:54 +00:00
Fabien O'Carroll
3b0a84b33b Added email_recipient_filter column to posts table
no-issue

This column will allow us to decouple the recipients of newsletter from
the `visibility` of a post, allowing us to send emails to specifically
free members, or to send paid posts as newsletters to all members.
2020-11-04 16:29:54 +00:00
Daniel Lockyer
9b45ea6f7d Added original error to logged error message
- without this, the original error stacktrace is hidden which makes
  issues harder to track down
2020-11-04 14:00:59 +00:00
Kukhyeon Heo
504509bb67
Removed global.Promise override (#12182)
closed #11943 

* Remove global.Promise
* Fix brute-knex bluebird error.
* Fix api-acceptance tests.
* Fix unit tests
2020-11-04 10:55:47 +00:00
Naz
e3e15646eb Updated redirect error message
refs #11085

- The logic which uses this error deals with an input yaml file thus the change.
- Related discussion here - https://github.com/TryGhost/Ghost/pull/12187#discussion_r508144220
2020-11-04 12:26:22 +13:00
Kukhyeon Heo
5715aa2155
Added .yaml format support in redirects configuration (#12187)
closes #11085

- Ghost has been using YAML format for other configurations (e.g. routes). The plan is to move to this format for all user-edited settings files. By default JSON format is still used in Ghost Admin API v2/v3, but will be changed to YAML in API v4. Check referenced issue for more context.
- New format supports all the features available before. The main noticeable change is the structure of config file. It is now grouped by redirect HTTP code instead of specifying `"permanent": true | false` attribute for each config property. Example format for YAML config:
```
302:
  /from-url/: /to-url/

301:
  /category/([a-z0-9\-]+)/i: /tag/$1/
  /v([0-9\.]+)/docs/([a-z0-9\-]+)/i: /docs/$2/
```
- Added 2 new endpoints: `POST redirects/upload` and `GET redirects/download`. These serve as an alias to current GET/POST `/redirects/json. "upload/download" naming pattern is introduced to match the convention with other resources that can be uploaded and downloaded (images, themes etc.). `/redirects/json`  endpoints will be removed in Admin API v4
- The parsing code from `custom-redirects.js` has been moved to `frontend/services/redirects/settings.js`. This location is more appropriate for this logic and eventually `custom-redirects.js` middlewear might be moved into "frontend" as this middlewear plays a role mostly effecting that area.
2020-11-04 12:08:32 +13:00
Rishabh Garg
8ad11fe082
Enabled Portal (#12317)
no refs

[Portal](https://github.com/TryGhost/Portal) is a new drop-in script to make the bulk of Ghost membership features work on any theme out of the box, which was under a developer flag so far. This release removes the flag for Portal and makes it included as default for any members-enabled Ghost site. The Portal script is backward compatible with old public members script and existing Members-enabled themes should notice no change.

- Removes Portal config flag as Portal is now enabled by default
- Removes old members script as Portal is backward compatible with it
- Changes `{{content}}` helper to show default CTA in case of restricted content access
- `accent_color` setting is no more behind the dev experiment flag and included by default
- Adds migration to switch off Portal button setting for all existing sites which don't have Portal enabled in beta
2020-11-03 14:36:21 +05:30
Naz
4ebebd12d3 Removed unneeded parameter
no issue

- There is no second parameter in Promise constructor. Didn't serve any purpose as per comment - bbbd011074 (r41413465)
2020-11-03 13:38:08 +13:00
Naz
7326241718 🐛 Fixed server error for repeated order query parameter
closes #12263

- Express parses repeated query parameters as an array (req.query properties). Because there is no clear reason on why not to support this behavior extended order parameter parsing logic to handle arrays. This follows the rule of "liberal inputs, conservative outputs"
- Example supported query string for ordering can now look like: `?order=featured&order=published_at asc`, the priority of the order stays the same with the most significant appearing first and least significant last
2020-11-03 00:15:24 +13:00
naz
a2bfef53de
🐛 Fixed post resource filtering by posts_meta table fields (#12307)
refs #11572

- Filtering by fields coming from posts_meta table did not work for post resources. This was due to lack of support for these types of operations on NQL layer. The approach taken here is using same way filtering was done for many:many relations and generates a `WHERE IN` filtering clause. In the future we could look into adding preloading of 1:1 relations which should allow getting rid of `WHERE IN` in favor of `JOIN` and filtering directly by field names. 
- Changed structure of `EXPANSIONS` filter configuration. Current approach was based on "bag of all the things". Such structure will become problematic as more fields are added. For example, adding all the fields from 1:1 relation posts:posts_meta might collide with any other relations that would have similar naming like meta_description from tags table (if it were was added).
- Bumped nql version to 0.5.0. This adds filtering support to 1:1 relations
- Added filter expansions which can be unique per model Previous approach with single global expansions lookup wasn't working in case different models would need to declare expansion for same field names. Having a `filterExpansion` method per model works in a similar convention other filter related model methods do (e.g. enforcedFilters, defaultFilters)
2020-11-02 12:53:57 +13:00
Kevin Ansfield
7a74b78940 Included email-id as user variable when sending bulk emails via mailgun
no issue

- adding user variables via the mailgun API when sending emails means that events related to email have those variables attached to them
- adding the `email.id` value to user variables means we can easily associate mailgun events to emails, otherwise we'd have look up the batch via `email_batches.provider_id` then use a join to get back to the associated email
2020-10-29 16:37:42 +00:00
Daniel Lockyer
85da9bdeb2 Updated Ghost versioning lib to include all prerelease IDs
- currently if Ghost has a version of something like
  `3.37.0-pre.abc.def`, Ghost will return `3.37.0-pre.abc` as the full
  version
- this hides parts of the version which are useful for debugging
- this commit updates the logic to join together all prerelease elements
  so we keep the full string
2020-10-29 12:44:55 +00:00
Rish
c4c6bdf353 Updated mail template for member email change
no issue

The email change verification template was using the same as for `subscribe`, which did not have the right messaging that needs to be communicated about the action thats happening in this case. Updates the email template to same as what we use for email verification for support/newsletter address
2020-10-29 17:40:19 +05:30
Rish
746ccbd7ed Added custom action param for magic links
closes https://github.com/TryGhost/Ghost/issues/12253

- Allows using custom action param for requests from Portal by using a new `requestSrc` option that is passed down when a request for magic link is made via Portal
2020-10-29 13:42:52 +05:30
Rishabh Garg
0ce5f87616
🐛 Added past_due and unpaid subscriptions for members (#12301)
refs https://github.com/TryGhost/Ghost/issues/12256 , https://github.com/TryGhost/Ghost/issues/12255

Currently when listing subscriptions for Members in both the Admin and the Theme, we only show the subscriptions which have a status of trialing or active.

Based on discussion, the `unpaid` and `past_due` states on Stripe also represent owner's intention of considering a subscription as active instead of `cancelled`, so we allow any subscriptions under these 2 states to be also listed for a member and consider them as `paid`.

- Subscriptions will go into a past_due state if the payment is missed, this should be considered a grace period where the member still has access.

- After this the subscriptions will either go to the unpaid or the cancelled state - this can be configured on an account by account basis in the Stripe dashboard. `unpaid` is considered as an intention to keep the subscription to allow for re-activation later.
2020-10-27 15:19:48 +05:30
Peter Zimon
43b7c7b344
Updated members admin redirect to new page(#12296)
no refs.

- Members settings were moved to a new page [here](https://github.com/TryGhost/Ghost-Admin/pull/1736)
- updated members related redirect for from/newsletter email address change to point to new page
2020-10-22 16:10:25 +05:30
Rishabh Garg
7182efdb88
🐛 Fixed special chars in single use token (#12290)
no refs

- The token generation logic for single use token was replacing only the first instance of + or / to make the token URL safe, instead of replacing all instances which caused a bug where token was not validated properly in case it included multiple + or / in it.

- The fix ensures replacing all the + or / in the token with URL safe _ or - so it can be properly validated via magic link
2020-10-20 11:49:20 +05:30
naz
8ddf83f3c5
Fixed "no-shadow" linting error in server modules (#12287)
refs 143921948d

- Continuation of changes started in referenced commit
2020-10-20 12:02:56 +13:00
naz
38b7f8e311
Fixed "no-shadow" linting error in server/data modules (#12288)
refs 143921948d

- Continuation of changes started in referenced commit
2020-10-20 11:56:46 +13:00
Kevin Ansfield
d08b586781 🐛 Fixed width/height attributes in gallery cards not matching resized images
closes https://github.com/TryGhost/Ghost/issues/11548

- bumps @tryghost/kg-default-cards
  - introduces a breaking change where `imageOptimization` is passed as an options argument instead of separating out individual config options
  - fixes width/height attributes for images in gallery cards being larger than the max default width used when resizing images
2020-10-19 17:05:57 +01:00
Kevin Ansfield
3148d6a946
Moved definition of default max image width to config (#12289)
no issue

- centralises definition of max width and allows customisation if needed
- allows for passing of the config value through to rendering libraries
2020-10-19 08:56:18 +01:00
Kevin Ansfield
16bfb3fa41 Added basic CRUD admin API for snippets
no issue

- standard browse/read/add/edit/destroy API endpoints for snippets resource
- updates `@tryghost/admin-api-schema` dependency to version that includes snippet definition and schemas
2020-10-16 18:02:58 +01:00
Kevin Ansfield
e5a92be932 Fixed typo in snippets permission fixtures
refs https://github.com/TryGhost/Ghost/pull/12283

- `delete` -> `destroy` for action type
2020-10-16 17:46:31 +01:00
Kevin Ansfield
15afed4b81
Added snippets permissions migration and fixtures (#12283)
no issue

- all staff users can browse/read snippets so they're usable in the editor for everyone
- only administrators, editors, and admin integrations are able to create/edit/delete snippets
2020-10-16 12:53:09 +01:00
Kevin Ansfield
74269070dd
Added migration for snippets table creation (#12282)
no issue

- minimal table structure required for the first iteration of content snippets
- snippets are stored pieces of re-usable content that could effectively be entire posts so the `mobiledoc` field length matches the `posts.mobiledoc` field length
2020-10-16 12:52:06 +01:00
Rish
a5a7515fe8 Fixed typo in private setting import
no refs

Last commit introduced a small typo in how private setting is ignored during import
2020-10-15 15:55:24 +05:30
Rish
3e0948d04e Ignored member email settings in import
no issue

- Member email settings - newsletter and support - was previously being set to null for all cases, which can lead to `null` values being set for those addresses on a successful import whereas the expected behavior is to retain the old values.
- Adds the 2 email settings to ignored settings list so they are not changed during import process
2020-10-15 15:32:05 +05:30
Rish
54e638310c Added default support address for member site data
no issue

- In a case where support address is null, member's site data won't load as there was no fallback.
- The fix adds default `noreply` as the support address for site data
2020-10-15 14:44:16 +05:30
Fabien O'Carroll
a9b3d83e00 Loaded Action model after all other models
no-issue

The Action model loops through all registered models when the file is
loaded, by loading the model last, we ensure that it can read all
models, rather than an arbitrary selection which come before it.
2020-10-14 15:11:45 +01:00
Fabien O'Carroll
0fd0527da0 Fixed creation of EmailBatch and EmailRecipient collections
no-issue
2020-10-14 15:11:45 +01:00
naz
392140cb36
Allowed for comped field when creating a member through Members API (#12278)
closes #12273

- `comped` field has been allowed when editing a member or importing from a CSV. There has been a usecase (Zapier Integration) for API client to create a member with "Complimentary" plan, which made this change necessary
- Previously the logic for comped field was to skip and continue member record creation if Stripe was not connected. Now we throw an error - same as the one we have been throwing before when stripe_customer_id field was passed in. The implication of this change is that we won't be creating any record now if comped === true and Stripe is disabled. 
- Bumped admin-api-schema-package. Contains `comped` schema change so this field gets passed through to controller
2020-10-14 13:24:09 +13:00
Kevin Ansfield
8ad384d7f8 🐛 Fixed scheduled post emails pointing at /404/ for the "view online" link
no issue

When scheduling a post to publish+send the "view online" link was pointing at https://site.com/404/ rather than the published post's url.

The problem occurred because the `/schedules/` endpoint wraps it's post read+edit calls in a transaction. Context:
- when a post is published with with the "send email" option the email record is immediately generated and added to the API response, as part of the email record generation we render the email content including fetching the url for the "view online" link
- urls for all resources are handled by our `url` service, that service updates it's internal cache based upon model events such as the "edited" event triggered when a post is published
- if the posts API controller is given a transaction, the email record is also generated inside of that transaction however at this point the `url` service will not have been updated because the post record hasn't been committed meaning it has no available url for the post

Fix:
- removed the `models.Base.transaction()` wrapper around the post read+update in the `/schedules/` API controllers
- we don't need a transaction here. It was added as protection against another write request coming in between the `/schedules/` controller reading a post and publishing a post but we already have protection against that in the form of collision detection - if a write request comes in and commits between the schedules controller reading the post and updating it, the scheduler's update call will fail with a collision error at which point the scheduler itself should retry the request which could then publish the post successfully if everything else is in order
2020-10-08 10:26:49 +01:00
Kevin Ansfield
9cbeb74db0
🐛 Fixed broken embeds cards when pasting links to Wordpress sites (#12262)
closes https://github.com/TryGhost/Ghost/issues/12260

- if a card type was not explicitly chosen (i.e. a url was pasted into the editor) then abort fetching the oembed endpoint if we detect it's a `wp-json` oembed and return a bookmark card payload instead
- cleaned up an unused argument in the internal `fetchBookmarkData()` method
2020-10-06 08:44:03 +01:00
Kevin Ansfield
cde364bf27 🐛 Fixed email card replacements showing raw replacement text in emails
closes https://github.com/TryGhost/Ghost/issues/12257

- there was a destructuring problem introduced in the recent email refactor which meant the correct replacement data was not being passed over to the Mailgun provider when sending email
2020-10-05 17:24:48 +01:00
Kevin Ansfield
4f211d025d Fixed members with multiple subscriptions receiving multiple newsletters
closes https://github.com/TryGhost/Ghost/issues/12259

- adds a `DISTINCT` to the query used to fetch member rows when generating an email recipient list
- this increases query time 2.7s vs 1.6s locally with ~94k paid members but once the `members.paid` column is implemented this slow query can be removed
2020-10-05 16:53:35 +01:00
Naz
39e403d176 🐛 Fixed meta attributes calculation on post preview
closes https://github.com/TryGhost/Ghost/issues/12247

- Internal preview controller was lacking "mapping" call to post object which handled not only missing meta attribute information but lots of other mappings (e.g. users, tags, etc.)
- Have added a regression test to catch issues like this in the future
2020-10-05 17:52:40 +13:00
Kevin Ansfield
8f3ab3c535 🐛 Fixed email showing as success when an email batch fails to send
no issue

- fixed passing of errors up through send/processBatch/processEmail
- fixed errant overwrite of email status with a "submitted" status after a failure had occurred
2020-10-02 14:26:57 +01:00
Kevin Ansfield
b5ffb38726 Fixed partial email batch/recipient records when email creation fails
no issue

- wrap email batch/recipient record creation in a transaction so if an error occurs during creation we're not left with a partially created batch/recipient set in the database
2020-10-02 13:47:14 +01:00
Kevin Ansfield
0f30b9f6a0 🐛 Fixed email not showing as failed if error occurs when preparing email
no issue

- if an error occurred whilst creating email batch/recipient records the email status was never updated and was left in the 'pending' status
- adjusted the error handling to update the email status and record the error message if such a scenario occurs
2020-10-02 12:40:49 +01:00
Kevin Ansfield
7b789e1cd5 🐛 Fixed newsletters being sent to Stripe customer emails in place of member emails
no issue

- the paid-member SQL query that is obtained using `models.Member.getFilteredCollectionQuery({paid: true})` can return multiple columns with the same name (eg, `email`, `name`), when that happens the last column with duplicate names "wins" and it's value is used in the resulting knex row instance
- in the `mega` service when fetching email recipient rows we ran into this problem, to avoid it we adjust the query to explicitly select only the data from the `members` table
2020-10-02 12:17:17 +01:00
Kevin Ansfield
82126f29e6 Added guard for member rows having missing data when creating email recipients
no issue

- we've had an issue with emails failing due to unexpectedly missing data when inserting email recipient rows
- added a validation check before adding recipient details along with a log so that invalid data can be investigated
2020-10-02 11:29:10 +01:00
Rish
58fda5bad2 Allowed accent color setting for site with portal flag
no issue

- We had previously allowed accent_color setting for member site settings behind portal flag, but Ghost Admin also needs the public site setting with accent color to correctly reflect the accent color when flag is switched on
- Removes deletion of accent color setting when behind the Portal flag OR dev experiment flag
2020-10-02 15:30:54 +05:30
Kevin Ansfield
defb43fe7a 🐛 Fixed newsletters emails having no subject
no issue

- subject was not being picked out of the message data when passing over to the mailgun-js send method
2020-10-01 19:51:01 +01:00
Kevin Ansfield
e34acc31c5 🐛 Fixed newsletter email sending
no issue

- there was an typo in the recent email sending refactor that resulted in `Error: 'to' parameter is missing` errors when sending email previews and bulk emails
2020-10-01 19:03:57 +01:00
Fabien 'egg' O'Carroll
ce14d8113a
🐛 Fixed members form missing data-members-name (#12250)
refs #12249

This was incorrectly assuming the presence of the data-members-name
element in the document. By guarding against it and defaulting to
undefined, we fallback to the existing behaviour when the element is not
present.
2020-10-01 18:05:23 +01:00
Fabien 'egg' O'Carroll
244704156c
Updated all Origin header checks to handle 'null' (#12246)
closes #12244

As per RFC 6454 the Origin header MUST be set to the string 'null' when
in a "privacy-sensitive" context. We were not handling this string and
this was causing errors. This commit updates all checks of the 'Origin'
header to treat the value 'null' as if the header was not present.

ref: https://tools.ietf.org/html/rfc6454#section-7.3
2020-10-01 09:37:22 +01:00
Rishabh Garg
eb4933d27e
Added extra settings to member auth emails (#12238)
no issue

- Adds accent color, site domain and url to member auth emails for customization
2020-10-01 12:31:36 +05:30
Fabien O'Carroll
fd5194ea46 Updated magic link expiry to 24 hours
no-issue

As discussed with @JohnONolan 24 hours is the preferred expiry for magic links
2020-09-30 10:53:35 +01:00
Fabien 'egg' O'Carroll
c19d282a51
Ensured Admin API members resource only returns known fields (#12240)
refs #12055

As part of the work in TryGhost/Members#206 we load the stripeCustomers relation on the member model, and we do not want this to be part of the API response. The changes here include a refactor but the main thing is that the serialized object is explicit and does not include unexpected or unknown fields.

* Moved mapMember out of mapper file

This cleans up the serializer a bit by keeping it's functionality all in
one place, rather than a shared mapper file

* Refactored members controller to return models

Previously the controller was calling toJSON, which is serialization,
this updates the controller to only deal with models, leaving all of the
serialization to the serializer!

* Refactored members serializer

This adds typings to all of the methods/functions in the serializer, as
well as making the serializating explicit, rather than returning the
result of toJSON, we explicitly set the properties we expect to be on
the output object. This protects us against accidental API changes in
the future.
2020-09-30 10:22:22 +01:00
naz
071bf8edb5
Extracted Admin API JSON schemas into @tryghost/admin-api-schema (#12237)
closes https://github.com/TryGhost/Ghost/issues/10628

- JSON Schemas were extracted into a separate module to allow other clients to reuse them (for example documentation). Having them in a separate package also slims down the amount of code needed to be maintained in the core.
- Updated canary API input validators to use admin-api-schema module
- Removed canary schemas that moved into admin-api-schema package
- Updated v2 API input validators to use admin-api-schema package
- Removed v2 schemas that moved into admin-api-schema package
- Updated tests to contain needed information in apiConfig to pick up correct validation
- Added @tryghost/admin-api-schema package dependency
2020-09-30 16:25:12 +13:00
Kevin Ansfield
932def7e6d Fixed replacement strings showing when viewing sent emails
refs https://github.com/TryGhost/Ghost/pull/12232

When viewing sent emails in Ghost's admin area, it displays the `html` field directly from the `email` relation loaded with the post. Since the `mega` refactor we now store raw content in that field rather than sanitized "preview" content so it's necessary to modify the API output to match the old behaviour.

- use the API output serializers to parse replacements in email content and replace with the desired fallback or empty string
2020-09-29 17:39:22 +01:00
Kevin Ansfield
474e6c4c45 Refactor mega service to use stored email content and batch/recipient records
no issue

- store raw content in email record
  - keep any replacement strings in the html/plaintext content so that it can be used when sending email rather than needing to re-serialize the post content which may have changed
- split post email serializer into separate serialization and replacement parsing functions
  - serialization now returns any email content that is derived from the post content (subject/html/plaintext) rather than post content plus replacements
  - `parseReplacements` has been split out so that it can be run against email content rather than a post, this allows mega and the email preview service to work with the stored email content
- move mailgun-specific functionality into the mailgun provider
  - previously mailgun-specific behaviour was spread across the post email serializer, mega, and bulk-email service
  - the per-batch `send` functionality was moved from the `bulk-email` service to the mailgun provider and updated to take email content, recipient info, and replacement info so that all mailgun-specific headers and replacement formatting can be handled in one place
  - exposes the `BATCH_SIZE` constant because batch sizes are limited to what the provider allows
- `bulk-email` service split into three methods
  - `send` responsible for taking email content and recipients, parsing replacement info from the email content and using that to collate a recipient data object, and finally coordinating the send via the mailgun provider. Usable directly for use-cases such as test emails
  - `processEmail` takes an email ID, loads it and coordinates sending related batches concurrently
  - `processEmailBatch` takes an email_batch ID, loads it along with associated email_recipient records and passes the data through to the `send` function, updating the batch status as it's processed
  - `processEmail` and `processEmailBatch` take IDs rather than objects ready for future use by job-queues, it's best to keep job parameters as minimal as possible
- refactored `mega` service
  - modified `getEmailData` to collate email content (from/reply-to/subject/html/plaintext) rather than being responsible for dealing with replacements and mailgun-specific replacement formats
    - used for generating email content before storing in the email table, and when sending test emails
    - from/reply-to calculation moved out of the post-email-serializer into mega and extracted into separate functions used by `getEmailData`
  - `sendTestEmail` updated to generate `EmailRecipient`-like objects for each email address so that appropriate data can be supplied to the updated `bulk-email.send` method
  - `sendEmailJob` updated to create `email_batches` and associated `email_recipients` records then hand over processing to the `bulk-email` service
  - member row fetching extracted into a separate function and used by `createEmailBatches`
  - moved updating of email status from `mega` to the `bulk-email` service, keeps concept of Successful/FailedBatch internal to the `bulk-email` service
2020-09-29 17:17:54 +01:00
Kevin Ansfield
d34a3263e8 Store email batch and recipient records when sending newsletters (#12195)
requires https://github.com/TryGhost/Ghost/pull/12192

- added initial `EmailBatch` and `EmailRecipient` model definitions with defaults and relationships
- added missing `post` relationship function to email model
- fetch member list without bookshelf
    - bookshelf can add around 3x overhead when fetching the members list for an email
    - we don't need full members at this point, only having the data is fine
    - if we need full models later on we can push the model hydration into background jobs where recipient batches are fetched ready for an email to be sent
    - bookshelf model instantiation of many models blocks the event loop, using knex directly keeps concurrent requests fast
    - adds `getFilteredCollectionQuery` method to base model to facilitate getting a knex query based on our normal model filters along with transaction/forUpdate applied
- store recipient list before sending email
    - chunk already-fetched members list into batches and insert records into the `email_recipients` table via knex
    - chunked into batches of 1000 to match the number of emails that Mailgun accepts in a single API request but this may not be the absolute fastest batch size for recipient insertion:
        | Batch size | Batch time | Total time |
        | ---------- | ---------- | ---------- |
        |        500 |       20ms |     4142ms |
        |       1000 |       50ms |     4651ms |
        |       5000 |      170ms |     3540ms |
        |      10000 |      370ms |     3684ms |
    - create an email_batch record before inserting recipient rows so we can effeciently fetch recipients by batch and store the overall batch status
2020-09-29 17:17:54 +01:00
Rish
8e0976fc8f Allowed accent color in members site data
no issue

- The accent_color setting was being removed from members site data when behind portal flag
- The accent color setting is now allowed in members site data for all cases as it doesn't make any sense to remove it specifically from here where we already have all the other Portal settings included which is a dev/portal flag feature anyways
2020-09-29 17:23:33 +05:30
Fabien 'egg' O'Carroll
854a41e556
🐛 Fixed CSV import json-schema email validation (#12239)
no-issue

By using the "email" validation, we were validating emails in CSV
imports using a different validator to the rest of the API. AJV's built
in email validation was failing on emails with "special" characters,
such as letters with an umlaut above them.

This commit brings the validation for CSV imports in line with the rest
of the API.
2020-09-29 12:51:35 +01:00
Peter Zimon
4e45373730 Updated Webhook API error message
refs 6f1abc610a

- updated missing Webhook API error message when integration is missing
2020-09-28 13:24:47 +02:00
Naz
50f30c4f66 Fixed minor formatting in i18n file 2020-09-28 14:21:29 +13:00
Rish
03968219a7 🐛 Fixed email verification mails not sent
no issue

- Email ownership verification emails for support/from address was not using the updated magic link service syntax
2020-09-24 23:39:25 +05:30
Kevin Ansfield
1dfaf8c5f8
Added migration to store from/reply-to values in email table (#12204)
no issue

The email table should be a reference for all data that was used when sending an email. From and Reply-to addresses can change over time and we don't have any other reference for their value at the time of sending an email so we should store them alongside the email content.

- schema updated with `from` and `reply_to` columns
- both are set to `nullable` because we don't have historic data (can be populated and changed in later migrations if needed)
- neither `from` or `reply_to` have `isEmail` validations because they can have name+email in an email-specific format
- will help keep concerns separated in the future. `mega` service can deal with all of the email contents/properties, and the `bulk-email` service's concerns are then only email sending and any provider-specific needs
2020-09-24 08:20:10 +01:00
Naz
43153ba31e Disabled changing webhook's integration_id through PUT API
refs #12033

- Allowing to change parent integration opens up possible security holes and has no clear usecase at the moment. After a webhook record is created it should not be possible to change parent integration.
- Had do partially duplicate JSON schema definition from webhooks definition as there is no proper composition technique available in current version of JSON Schema.
2020-09-24 16:24:02 +12:00
Naz
6f1abc610a Added check for parent integration_id when creating a webhook
refs https://github.com/TryGhost/Ghost/issues/12033
refs https://github.com/TryGhost/Ghost/issues/10567

- Creating a webhook without valid parent integration leads to orphaned webhook records, which shoult not ever happen
- This scenario is only possible for non-integration authentication,
because in case of integration being authenticated it's id is
automatically assigned to creatd webhook
2020-09-24 15:09:51 +12:00
naz
bbcc83dadb
Added support for ordering Post API resources by fields coming form posts_meta table (#12226)
refs #11729

- When ordering is done by fields from a relation (like post's `meta_title` that comes form `posts_meta` table), Bookshelf does not include those relations in the original query which caused errors. To support this usecase added a mechanism to detect fields from a relation and load those relations into query. 
- Extended ordering to include table name in ordered field name.  The information about the table name is needed to avoid using `tableName` within pagination plugin and gives path to having other than original table ordering fields (e.g. order by posts_meta table fields)
- Added test case to check ordering on posts_meta fields
- Added support for "eager loading" relations. Allows to extend query builder object with joins to related tables,
which could be used in ordering (possibly in filtering later). Bookshelf does not support ordering/filtering by proprieties coming from relations, that's why this kind of plugin and query expansion is needed
- Added note about lack of support for child relations with same property names.
2020-09-24 13:32:40 +12:00
Kukhyeon Heo
635d26469f
Fixed settings reinit to only emit changed settings events (#12184)
closes #12038

Previously we were emitting changed events for _all_ settings which would
cause any listeners for those to be triggered, this ensures that listeners are
only triggered if the corresponding setting, _did_ in fact change.
2020-09-23 14:35:03 +01:00
Fabien O'Carroll
171908cefa Added support for filtering Members CSV exports
no-issue

Adding these options to the endpoint will pass them to the model layer,
allowing us to filter members CSV exports
2020-09-23 14:29:15 +01:00
Léo Bourrel
87855075c0
Added support for data-members-name in themes (#12191)
no-issue

This change allows themes to collect member names on signup with use of the
`data-members-name` attribute on an input element in the `data-members-form`
2020-09-23 13:59:26 +01:00
Nazar Gargol
84c8bcc457 Extracted ordering into separate bookshelf plugin
refs #11729

- Having a plugin allows to reason about ordering better and gives way
to further extraction away form the core.
- Just like with filtering, ordering falls into similar category of having effect on knex'es query builder object extension through additional statements - ORDER BY in this case.
- Because there were bugs associated with use of permittedAttributes inside of `parseOrderOption` method, introduced separate `orderAttributes` function which returns only those fields which are orderable (https://github.com/TryGhost/Ghost/issues/11729#issuecomment-685740836)
2020-09-22 16:27:12 +12:00
Nazar Gargol
32b37d7ba8 Improved error messaging for password reset process
refs #11878

- When password reset link is invalid previous messaging left the user
without clear information about why the reset failed and what they could do about it.
- Updated messaging around password reset tokens including detection of
when password token has invalid structure, has expired or has already
been used
2020-09-22 15:45:19 +12:00
Kevin Ansfield
6dc8d91ace Revert "Store email batch and recipient records when sending newsletters (#12195)"
This reverts commit 80af56b530.

- reverting temporarily so that all associated functionality can be merged in a single release
- creating email batch/recipient records without using them would cause inconsistent data
2020-09-21 17:02:59 +01:00
Fabien 'egg' O'Carroll
39dd492927
Updated magic link expiry information to 4 hours (#12224)
no-issue

Since TryGhost/Ghost#12218 magic links now have
an expiry of 4 hours.
2020-09-21 16:08:21 +01:00
Kristian Freeman
aca94e65c3
Added support for Stripe promo codes in config (#12149)
closes #12111 

* Added default value in defaults.json
* Passed config to members-api module

refs: https://github.com/TryGhost/Members/pull/194
2020-09-21 13:15:41 +01:00
Fabien 'egg' O'Carroll
7c5a3bb537
Updated magic links to use shorter, single us, longer lived tokens (#12218)
no-issue

* Added SingleUseTokenProvider to members service

This implements the TokenProvider interface required by members-api to
generate magic links. It handles checking if the token is expired and
pulls out any associated data.

Future improvments may include the email in the error for expired
tokens, which would make resending a token simpler.

* Passed SingleUseTokenProvider to members-api

This sets up the members-api module to use the new single use tokens

* Installed @tryghost/members-api@0.30.0

This includes the change to allow us to pass a token provider to the members-api
2020-09-18 17:32:18 +01:00
Fabien 'egg' O'Carroll
812e4b682f
Added SingleUseToken model (#12215)
no-issue

This is a model for the tokens table, which handles the single use
aspect by customising the `findOne` method to automatically destroy the
model after reading from it
2020-09-18 15:05:56 +01:00
Fabien O'Carroll
fe1e480e2e Updated getMagicLink call to handle Promise return
no-issue

refs: https://github.com/TryGhost/Members/commit/63942f03

The above commit updated all magic-link methods to be async, this change
ensures that we will handle a Promise return when it's updated in Ghost.
`await` has no effect on non Promise return values so it's safe to add
this now.
2020-09-18 10:49:18 +01:00
Fabien O'Carroll
a862a58b5f Updated the tokens table to have 32 char tokens
no-issue

After discussion with Matt, we decided that 192 bits for the token is a
good number, as it has no padding when base64 encoded and is more secure
than 128 bits, whilst still a managable size.
2020-09-17 17:33:43 +01:00
Fabien O'Carroll
01e62e3d79 Added tokens table to the database
no-issue

This is a table to store single use tokens for use in magic links, the
columns are as simple as possible at the moment and are designed as:
id - standard ObjectID like all of our tables
token - 128bit base64 encoded string
data - arbitrary data to store against the token
created_at - timestamp to allow for expiry to be implemented for tokens
2020-09-17 16:08:35 +01:00
Fabien O'Carroll
ed7adf16a2 Added migration util for adding new tables
no-issue

This pulls out some commonly used logic into a util for future use
2020-09-17 16:08:35 +01:00
Rish
ac146f1e3b Updated ownership verification email flow to use different From address
no issue

- In a recent change to ownership verification email flow, we changed the FROM address of ownership verification mails to use the same email as the one we are verifying, aka TO address.
- Email clients like Gmail flags off such emails as possible spam
- Fix updates the `FROM` address to `noreply@domain.com` where domain.com is domain for TO address
-  In case the TO is already noreply@domain.com, we use no-reply@domain.com to bypass the same address restriction.
2020-09-17 19:52:51 +05:30
Rish
7a3839fb14 Added new portal config flag
no issue

- The new Portal config flag allows switching on Portal conditionally with config
- The dev experiment flag still works for enabling Portal
- The flag currently defaults to `false` as Portal is still a beta feature and switched off by default
- We expose it on the admin api config endpoint so that the Ghost-Admin client can use it to conditionally render Portal settings
2020-09-17 19:40:34 +05:30
Rish
49abeaf398 Added blog domain for default support address
no issue

- Members site data was not appending blog domain for default support address which is `noreply`
- The change allows Portal to use default support address correctly
2020-09-17 12:33:16 +05:30
Nazar Gargol
46932c6d75 Removed unused messages from i18n file
no issue

- These messages are never used throughout the system. Removed to keep things tidy.
2020-09-16 15:46:22 +12:00
Kevin Ansfield
80af56b530
Store email batch and recipient records when sending newsletters (#12195)
requires https://github.com/TryGhost/Ghost/pull/12192

- added initial `EmailBatch` and `EmailRecipient` model definitions with defaults and relationships
- added missing `post` relationship function to email model
- fetch member list without bookshelf
    - bookshelf can add around 3x overhead when fetching the members list for an email
    - we don't need full members at this point, only having the data is fine
    - if we need full models later on we can push the model hydration into background jobs where recipient batches are fetched ready for an email to be sent
    - bookshelf model instantiation of many models blocks the event loop, using knex directly keeps concurrent requests fast
- store recipient list before sending email
    - chunk already-fetched members list into batches and insert records into the `email_recipients` table via knex
    - chunked into batches of 1000 to match the number of emails that Mailgun accepts in a single API request but this may not be the absolute fastest batch size for recipient insertion:
        | Batch size | Batch time | Total time |
        | ---------- | ---------- | ---------- |
        |        500 |       20ms |     4142ms |
        |       1000 |       50ms |     4651ms |
        |       5000 |      170ms |     3540ms |
        |      10000 |      370ms |     3684ms |
    - create an email_batch record before inserting recipient rows so we can effeciently fetch recipients by batch and store the overall batch status
2020-09-14 15:40:00 +01:00
Kevin Ansfield
76c1b60a4d
Added schema+migration for email_{batches,recipients} tables (#12192)
no issue

We want to store a list of recipients for each bulk email so that we have a consistent set of data that background processing/sending jobs can work from without worrying about moving large data sets around or member data changing mid-send.

- `email_batches` table acts as a join table with status for email<->email_recipient
  - stores a provider-specific ID that we get back when submitting a batch for sending to the bulk email provider
  - `status` allows for batch-specific status updates and picking up where we left off when submitting batches if needed
  - explicitly tying a list of email recipients to a batch allows for partial retries
- `email_recipients` table acts as a join table for email<->member
  - `member_id` does not have a foreign key constraint because members can be deleted but does have an index so that we can efficiently query which emails a member has received
  - stores static copies of the member info present at the time of sending an email for consistency in background jobs and auditing/historical data
2020-09-14 12:21:58 +01:00
naz
cbdc91ce48
Added Location header to API's POST request responses (#12186)
refs #2635

- Adds 'Location' header to endpoints which create new resources and have corresponding `GET` endpoint as speced in JSON API - https://jsonapi.org/format/#crud-creating-responses-201. Specifically:
    /posts/
    /pages/
    /integrations/
    /tags/
    /members/
    /labels/
    /notifications/
    /invites/

- Adding the header should allow for better resource discoverability and improved logging readability
- Added `url` property to the frame constructor. Data in `url` should give enough information  to later build up the `Location` header URL for created resource.
- Added Location header to headers handler. The Location value is built up from a combination of request URL and the id that is present in the response for the resource. The header is automatically added to requests coming to `add` controller methods which return `id` property in the frame result
- Excluded Webhooks API  as there is no "GET" endpoint available to fetch the resource
2020-09-14 22:33:37 +12:00
Talha
afa976066a
🐛 Fixed table constraint error when updating member's email with an already existing email (#12178)
closes #12045

- When member's email is updated to an already existing email of different member it caused table's unique constraint error, which was not handled properly. 
- Added handling for this error similar to one in members `add` method.
2020-09-10 16:03:57 +12:00
Nazar Gargol
5582d030e3 Added routes.yaml content checksum storage to the db
closes #11999

- When the routes.yaml file changes (manually or through API) we need
to store a checksum to be able to optimize routes reloads in the future
- Added mechanism to detect differences between stored and current routes.yaml hash value
- Added routes.yaml sync on server boot
- Added routes.yaml handling in controllers
- Added routes hash synchronization method in core settings. It lives in core settings
as it needs access to model layer. To avoid coupling with the frontend settings it accepts
a function which has to resolve to a routes hash
- Added note about settings validation side-effect. It mutates input!
- Added async check for currently loaded routes hash
- Extended frontend settings loader with async loader. The default behavior of the loader is
to load settings syncronously for reasons spelled in 0ac19dcf84
To avoid blocking the eventloop added async loading method
- Refactored frontend setting loader for reusability of  settings file path
- Added integrity check test for routes.yaml file
2020-09-10 10:54:57 +12:00
Talha
c8a6939b2e
🐛 Fixed error caused by accepting invitation with existing email (#12172)
closes #12060

- A 500 error what happening when invited user provided an email that is associated with an existing user
- Additional validation for existing email address was added to prevent invalid data hitting db constraint error
2020-09-09 11:58:53 +12:00
Rish
3c7a95aefa Added members support address to site data
refs https://github.com/TryGhost/members.js/issues/90

- Includes new members_support_address in member site data endpoint for Portal
2020-09-08 20:48:57 +05:30
naz
fcc6401445
Added routes_hash setting (#12171)
refs #11999

- The `routes_hash` setting will be used during the boot process to update the hash
of currently loaded routes.yaml file in case it's different from last restart
2020-09-07 21:54:55 +12:00
Nazar Gargol
4606c93e4f Refactored headers function to use async/await
no issue

- The async/await syntax makes it easier to reason about the code. Because adding 'Location' header is in the works it's a prep-work in a sense
2020-09-07 15:36:06 +12:00
Rish
2d2fa1a0ba Fixed missing subscription data in member update endpoint
closes https://github.com/TryGhost/members.js/issues/94

- The member-api package was recently updated to work directly with models and needs explicit `withRelated` options to attack relations
- Without options, the endpoint was returning the default member data without subscriptions attached, which in Portal showed paid member as free
- Fix updates the middleware for updating member data to correctly pass the relations needed to populate the member
2020-09-04 17:11:04 +05:30
Rish
dd6ac57aca Fixed missing domain for default support address
no issue

- By default for new sites, support address is set same as from address to `noreply` , with full email address using the domain for `@`
- For newsletter emails, the support address was missing the default site domain to be added to address if its `noreply`
- Fix updates the support address to use the same format as from address and add relevant domain for default case
2020-09-03 16:34:47 +05:30
Kevin Ansfield
936d7a315a 🐛 Fixed incorrect status used for trial subscription query
refs 96c18edc82

- replaced `trialed` with `trialing` to correctly match the status used in Stripe
2020-09-02 13:07:48 +01:00
Rish
696e60dd51 🐛 Fixed missing member email on unsubscribe page
no refs

- The `update` method in members-api package was edited to return Model object instead of JSON directly - TryGhost/Members@a28bcc5
- This unsubscribe handler was returning the raw member object returned from `update` method, which is now a model object and not able to access `member.email`
- Fix updates the unsubscribe request handler to return the member JSON again
2020-09-02 12:03:10 +05:30
Kevin Ansfield
96c18edc82 🐛 Fixed members with Stripe trials not receiving paid-members newsletters
no issue

- members who have trial subscriptions added directly via Stripe will have a status of `"trialed"` in their Ghost subscription
- the `paid: true` filter was not taking that into account meaning trial users were not receiving newsletters sent to paid members even though they have a "paid" subscription
2020-09-02 00:34:26 +01:00
Rish
806d0f8e21 Updated sender address for ownership verification emails to new address
no issue

- We used existing "from" address as sender for mails sent to new email address for verification, but that breaks the flow to update if the current "from" address has DMARC policy set.
- This updates the flow to always send the ownership verification email TO the new address and FROM the new address which both verifies the email deliverability for new address and ownership
2020-08-31 18:09:38 +05:30
Rish
8d022ecfb5 Updated newsletter emails to include reply-to address
no issue

- The newsletter emails are sent out with `from` address as sender
- The new `members_reply_address` setting is now used to set reply-to address for emails, which can be either newsletter or support address
2020-08-31 18:09:38 +05:30
Rish
ca8b77182c Updated sender address for member auth emails to support address
no issue

- Member auth emails were previously using the `from` address as sender
- New `members_support_address` was introduced with default as original "from" address
- Auth emails use the new support address as sender
2020-08-31 18:09:38 +05:30
Rish
cbb3664bdd Added handling for new members support/reply email addresses
no issue

- Updated magic link generation and validation methods for email update API to handle new support address
- Updated importer to ignore the new support address as it can only be updated via verification
- Updated members service to listen on settings edit for new support/reply address fields as well
- Updated tests to include the new settings
2020-08-31 18:09:38 +05:30
Rishabh Garg
bc2f6eb8e9 Added migrations for support and reply email address setting (#12163)
no issue

- Added default settings for the two new setting fields - `members_support_address` and `members_reply_address`
- Added migrations for setting group for new email settings
- Migration sets current from address as new support address default
- Added migration to set new support address same as from address
- Updated tests for new settings
- `members_support_address` - How members can reach for help with their account, public setting
- `members_reply_address` - Where you receive responses to newsletters
2020-08-31 17:16:53 +05:30
Rish
8cf9dc05e3 Revert "Added migrations for support and reply email address setting (#12163)"
This reverts commit 2216019a86.
2020-08-31 14:25:29 +05:30
Nazar Gargol
eb8c0fcff9 🐛 Fixed Tags API v2 to return posts count
closes #12167

- Tags API v2 was ignoring `count.posts` include parameter.
- Regression was introduced with a3f693b472
- Introduced regression tests across all Content API versions to avoid similar bug in the future
2020-08-31 18:46:35 +12:00
Rishabh Garg
2216019a86
Added migrations for support and reply email address setting (#12163)
no issue

- Added default settings for the two new setting fields - `members_support_address` and `members_reply_address`
- Added migrations for setting group for new email settings
- Migration sets current from address as new support address default
- Added migration to set new support address same as from address
- Updated tests for new settings
- `members_support_address` - How members can reach for help with their account
- `members_reply_address` - Where you receive responses to newsletters
2020-08-27 20:27:50 +05:30
Nazar Gargol
e8248cdc9e Refactored members imporeter in preparation for jobs
no issue

- This refactor extracts labels related code into a separate module for easier reuse by the "job-aware" batched importer
2020-08-27 21:47:00 +12:00
Nazar Gargol
262d33b73c Improved import_label creation logic
no issue

- When an import was done and there were no "global labels" present Ghost created generic `import-[data]` label which later helped to find a specific batch of imported data
- It did not make sense to create such generic label when user provided their own unique label
- The rules that work now are:
1. When there is no global provided Ghost generates on and removes it in case there are no imported records
2. When there is a unique new global label provided no new label is generated, but the label stays even if there are no imported records
2020-08-27 19:07:27 +12:00
Kevin Ansfield
f30d3cd2c2 Switched to bookshelf count in getTotalMembers()
no issue

- tested performance between knex raw, knex `count()` and bookshelf `count()` and found no difference over 1000 iterations of each (each ~19,500ms +- 500ms for 104k members locally)
- switched to using bookshelf as the code is the simplest
2020-08-27 01:52:36 +01:00
Kevin Ansfield
a995e9cc89 Allowed custom and search queries to be used with .findAll()
no issue

- extract filtering of an collection into a separate function
- use extracted function in `findAll()` so that it's query behaviour matches `findPage()`
2020-08-27 01:09:07 +01:00
Kevin Ansfield
5e64f113d5 Skipped separate count query in .findPage() for limit="all" requests
no issue

- for large result sets or complex queries the count query itself can be quite time consuming
- when `limit: 'all'` is passed as an option there's no need to perform a separate count query because we can determine the pagination data from the final result set
- skipped count query when `limit: 'all'` option is present
- re-ordered comments to be closer to the code they reference (ie, why we have our own count query instead of Bookshelf's `.count()`
2020-08-27 01:09:07 +01:00
Nazar Gargol
9fe5007929 Removed date handling validation in members importer logic
no issue

- This is handled on input sanitization layer with date
format check in JSON schema validation, so there's no need to do this
check again in the importer.
2020-08-26 17:25:24 +12:00
Nazar Gargol
544382b651 Updated boolean values validations for members uploads
no issue

- When the value is part of `enum` the `null` value is no longer
recognized by `null` type in JSON schema validator.
2020-08-26 17:23:36 +12:00
Nazar Gargol
95044e3ba0 Added error handling for failed member imports
no issue

- When bulk insert fails there is no transactional logic to revert
related records form being inserted. Also, previously there were no
attempts to "retry" the insert.
- To avoid complex retry logic, an iterative one-by-one insert retry
approach was taken. If this becomes a bottleneck in the future, the
retry algorithm could be improved.
- To avoid a lot of code duplication refactored model's `bulkAdd` & `bulkDestroy`
methods to use 'bulk-operations' module.
- Updated error handling and logging for bulk delete operations. It's very
unlikely for error to happen here,  but still need to make sure there is
a proper logging in place to trace back the failure.
- Added debug logs. This should improve debugging experience and
performance measurements.
- Added handling for unrecognized errors. Handling inspired by current unrecognized
error handling by ghost importer -10e5d5f3d4/core/server/data/importer/importers/data/base.js (L148-L154)
2020-08-26 17:11:35 +12:00
Nazar Gargol
45bca2b104 Fixed linting for await statements
refs 9d65de4b10
2020-08-25 19:30:02 +12:00
Nazar Gargol
9d65de4b10 Removed created import labels when no records were imported
no issue

- When no members are succesfully imported through CSV import process the import label should not be created. Otherwise after multiple failed attempts to import there are orphaned labels in the system
2020-08-25 19:23:05 +12:00
Kevin Ansfield
e07e0a17c6 🐛 Fixed bookmark card display in member emails when using Gmail+Chrome
no issue

- updates `@tryghost/kg-default-cards` which contains two fixes
  - removes email-specific output being added to post html (had no visual impact due to use of conditional comments but keeps rendered html smaller+cleaner)
  - adds a background-url style to the thumbnail container to give two options for styling
- updates member email template styling to hide the `<img>` element in bookmark cards and use a background image instead to get consistent rendering across email clients
2020-08-24 18:21:09 +01:00
Peter Zimon
75f5ab637d Added minor member newsletter customisations via config
no issue
- adds a `members:emailTemplate` config object
  - `showSiteHeader` - defaults to `true`, shows the site title and icon in member emails
  - `showPoweredBy` - defaults to `false`, adds a "Publish with Ghost" button to member email footer
- updates member newsletter email template with hideable site header and "powered by" badge
2020-08-24 10:44:22 +01:00
Rish
297b63edce 🐛 Fixed response for members API update endpoint
closes https://github.com/TryGhost/members.js/issues/87

- The `update` method in members-api package was edited to return Model object instead of JSON directly [here](a28bcc5b2a)
- This caused the update member API on member endpoint to return partial response only as most properties couldn't be fetched
- Fix updates the middleware to correctly call `toJSON` before formatting response
2020-08-24 13:38:21 +05:30
Nazar Gargol
91d1417df2 Fixed email newsletter error when post has no content
closes #12158
2020-08-24 19:46:46 +12:00
Daniel Lockyer
0ab190e83c Merged 3.30.2 into master
* 3.30.2:
  Bumped @tryghost/members-api to 0.28.1 in lockfile
  Bumbed @tryghost/members-api to 0.28.1
  🐛 Fixed unable to delete member when stripe is connected
2020-08-21 12:06:01 +01:00
Rish
87e8298ca7 🐛 Fixed unable to delete member when stripe is connected
closes https://github.com/TryGhost/Ghost/issues/12150

- The `destroy` method on members-api method was called incorrectly with not enough params
- It expects both `data` and `options` passed down [here](https://github.com/TryGhost/Members/blob/master/packages/members-api/lib/users.js#L14)
- Missing `options` in method call throws error as we read `cancelStripeSubscriptions` property on options if stripe is connected
- Fix passes both data and options to the destroy method
2020-08-21 11:13:07 +01:00
Rishabh Garg
c7f3837c54
Added admin endpoint for editing member subscription (#12145)
refs #12127

- Adds new `editSubscription` endpoint for members admin API which allows updating individual subscription for a member - `PUT /members/:id/subscriptions/:subscription_id/`
- `editSubscription` has same permissions as member's `edit` endpoint
- Currently allows toggling of cancellation at period end for an active subscription
2020-08-20 17:28:11 +05:30
Nazar Gargol
5670d99f46 Improved error handling for batch deleted records
no issue

- Similar handling to one introduced in 8418c829de
- Having granular tracking for failed to remove id's would make it possible to return more specific errors to the client
2020-08-20 19:11:41 +12:00
Nazar Gargol
8418c829de Improved error handling for batch inserted records
no issue

- Similar to 3a594ce22e this adds error handling to batch operations done outside models
2020-08-20 19:01:17 +12:00
Nazar Gargol
f8adb4a672 Refactored bulk insert/delete operations into separate module
no issue

- Moved bulk db operations outside of importer module to create clearer separation of responsibilities
2020-08-20 18:42:38 +12:00
naz
3a594ce22e
Improved error handling for batch inserted member records (#12146)
no issue

- When batch insert fails handling should be more granular and aim to retry and insert as many records from the batch as possible.  
- Added retry logic for failed member's batch inserts. It's a sequential insert for each record in the batch. This implementation was chosen to keep it as simple as possible
- Added filtering of "toCreate" records when member fails to insert. We should not try inserting related members_labels/members_stripe_customers/members_stripe_customer_subscriptions records because they would definitely fail insertion without associated member record
2020-08-20 17:41:47 +12:00
Nazar Gargol
2e769e3122 Fixed handling for Stripe connected members import
no issue

- When stripe is disconnected and there are Stripe-connected records present in imported set they should not be processed and proper error should be thrown
2020-08-20 17:08:19 +12:00
Nazar Gargol
4498b4624a Fixed label serialization in members bulk importer
no issue

- After a refactor logic was missing trimming logic and handling for empty labels
2020-08-20 16:43:42 +12:00
Nazar Gargol
32fd913ac3 Fixed default subscribed value for member model in the importer
no issue

- The default value should not be a string but rather a boolean
2020-08-19 23:42:48 +12:00
Kevin Ansfield
d8e319af88 🐛 Fixed card spacing and caption styling for member emails in Outlook
closes https://github.com/TryGhost/Ghost/issues/12139

- once the email content has been rendered in the post serializer, perform some whole-content transformation of `figure` and `figcaption` to `div` using cheerio
- juiced will have already inlined the elements styles so there's no need to adjust the template's stylesheet
2020-08-19 12:34:14 +01:00
Nazar Gargol
616767d0ec Fixed members bulk import's createdBy field assignment
no issue

- Method signature has been changed with cada88975a, the call needed an update as well
2020-08-19 17:14:45 +12:00
Jeremy Davidson
681c96b5e9
🐛 Fixed bookmark card author/publisher spacing in member emails (#12134)
closes #12078

- Root cause was that pseudo class .kg-bookmark-author:after was not getting inlined to email newsletter or its preview.
  - That is where the margin and bullet-point content are added between author and publisher.
- Dependency juice supports an option inlinePseudoElements which is false by default.
- Fix was to set inlinePseudoElements to true when serializing post email.

Co-authored-by: Jeremy Davidson <jeremy@crossingcontour.com>
2020-08-18 16:18:44 +01:00
Hannah Wolfe
9f291b2d10 Improved testmode logging of shutdown status
- testmode allows us to test Ghost's behaviour with long running requests and jobs
- moved all the testmode logging to only happen if Ghost starts successfully to make it clearer what is happening
- added a (currently very dirty) bit of code to fetch the jobService and output the queue status giving us a similar
     output for both open connections and jobs
- all of this allows for debugging exactly what Ghost is doing whilst it is processing a shutdown request
2020-08-18 15:48:42 +01:00
Kevin Ansfield
cefcdad090 🐛 Fixed emails appearing very wide in Outlook and improved email image sizes
closes https://github.com/TryGhost/Ghost/issues/11536

- bumps `@tryghost/kg-default-cards`
  - image and gallery cards now output `width/height` attributes on `img` elements with a max width of 600px
  - uses resized images where possible to keep email weight down
- adds `height: auto` style to image card images so that the `height` attribute does not cause distortion at smaller screen widths
2020-08-18 15:33:54 +01:00
Fabien 'egg' O'Carroll
cada88975a
Updated bulk importer to improve performance (#12128)
no-issue

* Added bulkAdd method to Member,Customer&Subscription model
  This allows us to keep the db access in the model layer
* Updated @tryghost/members-api to 0.27.2
  This includes fixes for rate-limiting of requests, and exposes necessary
  Stripe methods for creating customers and complimentary subscriptions,
  without affecting the database.
* Refactored importer to parallelise tasks where possible
  By parallelising our tasks we are able to improve the speed at which the
  entire import completes.
2020-08-18 13:39:45 +01:00
Rishabh Garg
2bac2c67cc
Granted Admin users ability to impersonate member (#12132)
refs #12126

- Adds migration to add impersonation permission to administrators
- Adds default permission fixture to allow administrators to read member impersonation urls
- Allows administrators to create member impersonation magic links
2020-08-18 14:17:56 +05:30
Nazar Gargol
6ca51eae29 Fixed member import csv validator for labels
no issue

- Labels can have a null value when there is none defined in the imported file. Such records fails for "string" type in JSON schema
2020-08-18 15:25:04 +12:00
Kevin Ansfield
752c1022f9 🐛 Fixed failing migration from <2.34 to 3.29
closes https://github.com/TryGhost/Ghost/issues/12129

Migrations were failing when upgrading from a version that didn't include stripe member subscriptions table. The `up` migration was checking for the existence of a unique index that was added to the schema in 3.29 but it was using the wrong variable name which meant that it would never return true for an existing index. For most migrations this worked because the index existed but when through 2.34 the table was created from scratch and did included the index at that point.

- fixed variable name and re-ordered variable assignment for better code locality that would have made the typo more visible
2020-08-17 18:31:00 +01:00
naz
51c9a50c4f
Added validation layer to members import endpoint (#12131)
no issue

- Additional validation is needed for imported data because in case of bulk insertions (through knex) we bypass model layer validation - this could lead to invalid data in the database, which would be hard to fix.
- Chose validation method we use for other endpoints - through JSON Schema. It proved to be very performant (200ms overhead for 50k records). When comparing it with iterative method (validating each record separately) this was adding about 17s of overhead.
- Refactored returned values from "sanitizeInput" method to encapsulate more logic so that the caller doesn't have to calculate amount of invalid records and deal with error types
- Whole sanitizeInput method could now be easily extracted into separate module (somewhere close to members importer)
- Bumped members-csv package. It is meant to handle empty string values - '' and null, which should allow validating member records more consistently!
2020-08-17 23:28:57 +12:00
Daniel Lockyer
046b5540fe Removed workaround for intermittent ghost-server logging
- upon further testing, this started to not work again so I'm removing
  this horrible hack
- it could be Bunyan playing around with us, and the server is actually
  shutting down
2020-08-13 18:45:51 +01:00
Daniel Lockyer
d4f1274ba5 Returned empty promises in ghost-server
- I have no idea why this is required and I really don't like it
- this change looks superfluous but I had problems with Ghost not
  displaying shutting down messages properly and this is the only
  thing that got it working
- the async-awaits were getting stuck in `await this._cleanup()`,
  and then wouldn't enter into the `finally` block
- oddly, this was only reproducible when a job was running, it would
  shut down normally otherwise
- if I find the solution in the mean time, I'll happily get rid of this
2020-08-13 17:26:33 +01:00
Nazar Gargol
ef41c57974 Added test coverage for invalid member import emails
no issue

- This test should serve as a control for new batched importer
2020-08-13 22:14:52 +12:00
Nazar Gargol
a1e6b8f898 Updated members import sanitization
no issue

- Updated sanitization logic to be self contained and return sanitieze input along with error stats
- This should give a nice place for validations to fit in
2020-08-13 22:12:20 +12:00
Nazar Gargol
4126187df3 Fixed parameter naming for members importer 2020-08-13 21:08:34 +12:00
Nazar Gargol
d2fbe327e4 Update Stripe concurrency in members importer
no issue

- There were many failed import records due to rate-limit errors. With concurrency of 9 imports go through with 100% success
- Would need to verify these limits with live API to make the most of it
2020-08-13 21:04:57 +12:00
Nazar Gargol
78b4dff656 Moved batching logic inside the members importer module
no issue

- This way importer is more self contained and controller logic doesn't have to know about batch sizes and other unecessary variables
2020-08-13 20:31:11 +12:00
Kevin Ansfield
c434666ba2 🐛 Removed [http://url/] output in member email preview text
no issue

- we output the post excerpt in a hidden div in the email template so that email clients pick it up as the "preview" text when listing emails
- when no custom excerpt is provided the preview text is grabbed from post.excerpt which is the first 500 chars of the post.plaintext value
- post.plaintext formats links as "Link [http://url/]" which is unwanted in html email previews

- add a basic replacement to the post email serializer to remove any `[http://url/]` occurrences from the post excerpt before rendering the email content
2020-08-12 20:14:06 +01:00
Kevin Ansfield
163092f377 🐛 Fixed apostrophes not displaying correctly in Outlook for member emails
refs https://github.com/TryGhost/Ghost/issues/11536

- Outlook supports `&#39;` as a special char for apostrophes but not `&#apos;` which is what cheerio/juiced render
- adds a basic string placement to the email serializer to switch to the older style of special char
2020-08-12 20:01:42 +01:00
Kevin Ansfield
c7ff4c9e93 Moved email sending to the background job queue
no issue

- moves the meat of `pendingEmailHandler()` code into a new function `sendEmailJob()` that is passed over to the new job service
- lets the server keep processing email generation and sending when it receives a shutdown request rather than halting processing mid-send and ending up in a partial state
2020-08-12 17:02:14 +01:00
Fabien 'egg' O'Carroll
1294e3f92c
Replaced all usage of member models with members-api (#12117)
no-issue

* Added stripeSubscriptions relation to member model

This allows us to fetch the subscriptions for a member via standard
model usage, e.g. `withRelated: ['stripeSubscriptions']` rather than
offloading to loops and `decorateWithSubscriptions` functions, this is
more performant and less non-standard than the existing method.

* Updated serialize methods to match existing format

The current usage of `decorateWithSubscriptions` and the usage of
members throughout the codebase has a subscriptions array on a stripe
object on the member, this ensures that when we serialize members to
JSON that we are using the same format.

There is definitely room to change this in future, but this is an
attempt to create as few breaking changes as possible.

* Installed @tryghost/members-api@0.26.0

This includes the required API changes so that everywhere can use
members-api directly rather than models and/or helper methods
2020-08-12 14:17:44 +01:00
Nazar Gargol
c696d715c1 Extracted batched member import into separate module
no issue

- The code in controller was becoming hard to reason about.
- Having a single module shows exactly how many dependencies are there to do an import for single batch.
- Having a separate module would make it easier to extract into it's own package in Members monorepo
2020-08-12 20:18:30 +12:00
Nazar Gargol
7d3f6e32ca Addes sort order support for imported members
no issue

- Member's labels have to have sort_order assigned when added/edited. This was lacking from batched importer.
- Implementation is based on logic used in model's base - e484709e73/core/server/models/base/index.js (L81-L86)
2020-08-12 16:34:15 +12:00
Hannah Wolfe
bbbd011074 Added job-manager & wired up shutdown and testmode
- Bottom line - we need to manage shutting down gracefully when doing long-running tasks
- To achieve that, we're going to use job queues

In this commit:
- added new @tryghost/job-manager dependency
- added a minimal job service, that handles in passing things like logging and (maybe later) config
- job service is wired up to server shutdown, so that the queue finishes before the server exits
- also added a new job endpoint to testmode so that it's easy to test job behaviour without needing to do real work
2020-08-11 21:31:34 +01:00
Hannah Wolfe
624206b6d7 Improved ghost-server with async/await
- Using consistent patterns for shutdown and stop
- Make it clear what each method does
- Use async/await to make the code more readable and simple
- This lays groundwork for having more cleanup tasks in stop than just server.stop()
2020-08-11 19:42:37 +01:00
Daniel Lockyer
5b471e1bbe Extracted promise libs and history into @tryghost/promise
- deleted files under `core/server/lib/promise` and related test files
- added `@tryghost/promise` as a dependency
- fixed all local requires to point to the new package
2020-08-11 18:44:21 +01:00
Daniel Lockyer
c9a5b28669 Extracted core/server/lib/security to @tryghost/security package
- code and tests were extracted out to this package
- deletes these files
- replaces all local requires, and adds it as a dependency
2020-08-11 14:06:50 +01:00
Daniel Lockyer
8799feb801 Replaced constants file with @tryghost/constants
- extracted constants file into a new package
- replaced all local requires of the file with new package
2020-08-11 12:51:16 +01:00
Hannah Wolfe
e84621d6ef 🐛 Readded missing server.start event
closes #12118

- server.start was mistakenly removed in 71f02d25e9
- it is used for loading themes (and other things) and is critical
- added tests to prevent this regressing again in future
2020-08-11 10:09:24 +01:00
Nazar Gargol
8a7e00c413 Enabled batched members import method through enableDeveloperExperiments flag
no issue

- Allows early testing of batched import method
2020-08-11 18:52:37 +12:00
Nazar Gargol
bbcc0f5178 Added batched members import API method
no issue

- New Member API batched import is meant to be a substitution to current import
with improved performance while keeping same behaviore. Current
import processes 1 record at a time using internal API calls and times
out consistently when large number of members has to be imported (~10k
records without Stripe).
- New import's aim is to improve performance and process >50K
records without timing out both with and without Stripe connected
members
- Batched import can be conceptually devided into 3 stages which have
their own ways to improve performance:
  1. labels - can be at current performance as number of
labels is usually small, but could also be improved through batching
  2. member records + member<->labels relations - these could
be performed as batched inserts into the database
  3. Stripe connections - most challanging bottleneck to solve because
API request are slow by it's nature and have to deal with rate limits of
Stripe's API itself
- It's a heavy WIP, with lots of known pitfalls which are marked with
TODOs. Will be solved iteratively through time untill the method can be
declared stable
- The new batched import method will be hidden behind 'enableDeveloperExperiments' flag to
allow early testing
2020-08-11 18:31:31 +12:00
Hannah Wolfe
b0512f2c25 Added a server testmode to help test behaviour
- A simple way to test behaviours without having to do complex interactions to e.g. generate errors or slow requests
- Makes it easier to test the new shutdown behaviour, among other things
2020-08-10 16:38:49 +01:00
Hannah Wolfe
a9c6e081cf Added an additional log to notify shutdown start
- there can now be quite a big delay between SIGINT/TERM being received and shutdown finishing
- add an extra log message to acknowledge the SIGINT/TERM to facilitate debugging and just be clear
2020-08-10 14:53:05 +01:00
Hannah Wolfe
19e3b70c7a Added stoppable for graceful shutdown of requests
- stopppable is a dependency that handles closing connections properly, which server.close does not
    - active connections are allowed to complete what they are doing
    - idle connections are closed
    - no new connections are allowed
- we call stoppable in stop() instead of server.close so that idle connections don't hold the server open
- calling await stop() from shutdown then ensures that we have a consistent experience of stop
- all together this allows ghost to shutdown gracefully when there are long-running requests
- @TODO: handle graceful shutdown of long-running processes
- @TODO: consider do we need to send 503s whilst the server is shutting down?
2020-08-10 11:46:36 +01:00
Hannah Wolfe
e72cc193c6 Refactored GhostServer to use a class
- use more up-to-date and less confusing syntax
- makes it easier to use async/await as well
2020-08-10 08:53:09 +01:00
Hannah Wolfe
2289b7c0f7 Moved sig event and stop message handling
- none of this should be inside the start message handling
- move to inside the start function, where it's clearer and makes more sense
2020-08-10 08:53:09 +01:00
Hannah Wolfe
31981d086b Updated stop messages to have a consistent interface
- changed method to logStopMessages, as we use start and stop, not start and shutdown
- changed logStopMesasges to output the "proper" messages and use this method consistently - the closing connections message isn't really useful
- changed uptime message to always be output cos I can't see a case where there isn't interesting/useful
2020-08-10 08:53:09 +01:00
Hannah Wolfe
f8cdaf0c24 Removed unused connection handling + restart method
- Connection handling is legacy code added in 1438278ce4
- Although we were tracking all connections in memory, we weren't actually closing any because stop isn't called
- This (and restart) were both added as part of the now long-deprecated system for using Ghost directly as an npm module
- If we want to close connections cleanly, we should use a tool to do this
2020-08-09 17:31:01 +01:00
Hannah Wolfe
71f02d25e9 Refactored server announce functions to be clearer
- the announce functions exist for the purpose of communicating with Ghost CLI
- the functions were called announceServerStart and announceServerStopped, which implies they tell Ghost CLI when the server starts and stops
- however, the true intention / purpose of these functions is to:
    - either tell Ghost CLI when Ghost has successfully booted (e.g. is ready to serve requests)
    - or tell Ghost CLI when the server failed to boot, and report the error so that Ghost CLI can communicate it to the user
- therefore, I've refactored the old functions into 1 function to make it clearer they do the same job, but with 2 different states
- also added some tests :D
2020-08-09 17:25:15 +01:00
Hannah Wolfe
c577007afe Update dependency @tryghost/bootstrap-socket to v0.2.0
- includes API changes
2020-08-09 17:22:27 +01:00
Hannah Wolfe
b765a30ee9 Moved bootstap-socket code to @tryghost/bootstrap-socket
- this code has zero deps and is much easier to reason about standalone
2020-08-07 18:43:46 +01:00
Hannah Wolfe
b09504e7cc Moved bootstrap socket logic out of server
- this logic is a dependency rather than part of the server code
- moved it out ready to be moved elsewhere, doesn't need to be here
2020-08-07 16:27:45 +01:00
Hannah Wolfe
028d3fc88b Added missing debug info for IPC on start
refs 022a433e56

- noticed I missed adding debug info in one place (not that it's used, just for consistency)
- also made the SIGINT/TERM code slightly more readable
2020-08-06 20:39:49 +01:00
Kevin Ansfield
2efcf94645
Improved performance of sending newsletter emails (#12091)
no-issue

- switch from `membersService.api.members.list` to using bookshelf `Member.findPage()` with the `{paid: true}` filter to avoid per-member queries (N+1) to decorate members with subscriptions and a heavy post-fetch filter via `contentGating`
- add concurrency to the Mailgun API requests in `bulk-email` service to reduce overall time submitting API requests
- add debug statements with timing output for easier measurements
2020-08-06 15:19:39 +02:00
Kevin Ansfield
490f9787fa
Added migration to create indexes and constraints for member tables (#12108)
no issue

For large numbers of members we're unable to perform queries for free/paid members in a reasonable time without indexes. Bulk delete is also very slow when looping through bookshelf models and having bookshelf manage deletion of child records, adding `ON DELETE CASCADE` to the foreign key indexes moves child deletion to the DB level and allows for performant bulk delete queries.

- migrations only run on mysql because sqlite does not support altering tables
- adds foreign key indexes and constraints with 'ON DELETE CASCADE' for members_labels, members_stripe_customers, and members_stripe_customers_subscriptions
2020-08-06 14:57:05 +02:00
Fabien 'egg' O'Carroll
d3384975da
Cleaned up members_stripe_* tables on MySQL (#12103)
refs #12100

For performance reasons we want to add foreign key and unique constraints
to the members_stripe_* tables so we can utilised cascading deletes and 
joins across the tables when querying.

In order to do this we must first ensure that:
- There are no duplicate entries in the `subscription_id` or `customer_id` columns
- There are no orphaned rows in the subscription or customers tables

If the first is not true, the unique constraint will fail, and if the second is not true,
the foreign key constraint will fail.

As we are only adding the indexes to existing MySQL databases at this point, the
cleanup migrations will also only be done for existing MySQL databases too.

The migrations for removing orphaned rows splits the deletion into a `SELECT`
followed by a `WHERE IN` to avoid the database "optimising" the query into a
`JOIN` which ends up taking much longer due to the lack of indexes.
2020-08-06 11:13:41 +02:00
Fabien 'egg' O'Carroll
d15446593a
Added support for ON DELETE CASCADE to the schema (#12105)
no-issue

We are in the process of creating migrations to add foreign key constraints
and cascading deletes to the members_stripe_* tables to make listing members
and deleting members faster. As well as the migrations we need to update the
database schema so that new installations have the correct indexes and constraints.

Co-authored-by: Kevin Ansfield <kevin@lookingsideways.co.uk>
2020-08-05 13:20:30 +02:00
Nazar Gargol
60ae9e82f9 Fixed integration_id assignment for webhook when creating through API key auth
refs 173e3292fa

- The bug was initially introduced in referenced commit. When request is done with `api_key` context, there should always be an `integration` object associated with it - 71c17539d8/core/server/services/permissions/parse-context.js (L36) . An `id` from `context.integration` not `context.api_key` has to be assigned to newly created webhook!
- The webhooks API is about to be declared stable in upcoming release, so no migration will be done
2020-08-04 16:43:24 +12:00
Gerardo Lopez Dueñas
275bf41ba3
Fixed bookmark card image size in fastmail (#11970)
closes #11907

The image in the bookmark card was being shown out of the bounds of
the card because of a general style `height: auto !important`.

I added a new `max-height` property to the image to avoid exceeding
parent height.
2020-08-03 18:38:45 +01:00
Nazar Gargol
2a4ad0e10f Updated stability index comments around Admin API v2 endpoints
refs 067d2eb614

- v2 API has been in maintenance mode since v3 has been released, updated comments accordingly
2020-08-03 23:46:23 +12:00
Nazar Gargol
067d2eb614 Moved canary/v3 webhooks API to "stable" group
no issue

- Webhooks API has been stabilized with latest changes and there are no breaking changes planned for v3. The change has strictly "informative" purpose
- Changed variable naming from "whitelisted" to "allowlisted" to follow updated naming convention (refs. https://mysqlhighavailability.com/mysql-terminology-updates/)
2020-08-03 23:40:15 +12:00
Nazar Gargol
b76a6a1eee Reduced error level to default for not found post error
refs #12064

- `critical` is meant to be something unpredictable like internal error, something worthy attention, as described in Ignition -3439456d94/README.md (list-of-errors)
- This error level was introduced with - this PR https://github.com/TryGhost/Ghost/pull/9426, but there is no context provided why this specific value was used. Assuming it's an outdated value as 'not found' is nowhere to be treated in any special way
2020-08-03 23:16:53 +12:00
Nazar Gargol
1b449f4f53 🐛 Fixed 500 error in webhooks API when modifying non-existing webhooks
closes #12064

- Handled permission check bug by returning 404, same way it is returned in other permissions related places when handling non-existing resource. Example - 60907a7ae4/core/server/models/relations/authors.js (L355-L358)
2020-08-03 23:08:47 +12:00
Kevin Ansfield
29d94e7814 Fixed mailgun config not allowing custom hosts with ports
no issue

- `mailgun()` expects the `host` option not to include a port but `url.host` will include the port, we instead want to use `url.hostname` which skips the port
2020-07-30 17:28:51 +01:00
Kevin Ansfield
577a934f53
Removed DISTINCT from member labels association query (#12088)
no issue

- bookshelf adds `DISTINCT` to any relation query that does not have an explicit `columns` statement
- when measuring the impact of `DISTINCT` on the eager-loading association query when listing members using `{withRelated: 'labels'}`, it can be 2x slower with no index on the sort_order column or 4x slower with an index on sort_order
2020-07-29 12:50:22 +01:00
Nazar Gargol
ef6586bfdc Fixed failing members import with label associations
no issue

- When processing entries with new labels in parallel Bookshelf relations is trying to create them which caused unique key constraints to fail. To avoid the failure, all labels should be pre-created before proceeding with creating members
2020-07-28 22:37:48 +12:00
Hannah Wolfe
436db4ec3b Updated host limit message to be clearer
- limits are based on total members not number of members that will be emailed
2020-07-26 20:49:30 +01:00
Hannah Wolfe
92446d85ea Changed member limit to be DRY & use raw query
- Member limit code was duplicated in 2 places unnecessarily
- Also used member api code that fetched members and subscriptions fully hyrated when we only need a count
- Using a raw query significantly improves performance here
2020-07-26 20:49:30 +01:00
Kevin Ansfield
14c6968388 Fixed auto-generated label not being attached to members during import
no issue

- label was being created and returned in the response OK but it was missing from the set of labels that get added to members during import
2020-07-26 18:30:58 +01:00
Fabien O'Carroll
c46475f5be Supported optionally cancelling subscriptions on delete
no-issue

This updates the Admin API Member resource to *not* cancel subscriptions
by default, and adds a `cancel` option. This can be used over HTTP by
including a `cancel=true` query parameter.
2020-07-24 16:01:06 +02:00
Fabien O'Carroll
92151a7b5d Added default options to transactional model methods
no-issue

This protects against calling model methods without passing an options
object
2020-07-24 15:31:48 +02:00
Hannah Wolfe
3491e60c9d Added config to send bulk email in testmode
- mailgun has a testmode flag we can use to get email to be accepted but not delivered
- this is useful for developers testing general bulk email code - not for users - so it is only available via config
2020-07-24 11:55:34 +01:00
Fabien 'egg' O'Carroll
5144a0e09c
Updated Member model to cascade on destroy (#12077)
no-issue

Up until now we have left orphaned rows in members_stripe_* tables when
a member is deleted, this updates the destroy method so that we cascade
and remove any MemberStripeCustomer and StripeCustomerSubscription
models related to the Member.

This also adds regression tests for the new functionality as well as to
confirm the existing functionality of cascading to the members_labels
join table

This adds the relations of Subscription->Customer & Customer->Member
2020-07-23 18:21:10 +02:00
Rish
2ac69e637e Added publication icon to members site data
refs https://github.com/TryGhost/members.js/issues/72

- Portal is using using publication logo from settings for signup/signin pages
- Instead, we are switching to using publication icon from settings, which also needs to be passed in site data API
2020-07-23 17:04:44 +05:30
Kevin Ansfield
8ceabbcfba Added automatic labelling of all members added during an import
no issue

Having all members created during an import labelled with a specific "import label" is useful for later operations such as bulk delete/edit or simply recording how and when a member was created.

- automatically create a label with the date/time the members CSV import occurred and assign it to all imported members
- return the import label data in the API response so that clients can react accordingly such as automatically filtering the members list by the label once an import finishes
2020-07-22 17:52:43 +01:00
Fabien 'egg' O'Carroll
69080824de
🐛 Ensured webhooks are created once (#12075)
refs #12074

Since we've split members settings into multiple keys the
reconfiguration of the members-api has been happening in quick
succession as the stripe_connect_* settings are all set at once.

This debounces the call to reconfigure the members-api so that we only
need to instantiate it once.
2020-07-22 12:27:05 +02:00
Rish
3d164d222b Updated error name check in GhostMailer
no issue
refs e8511d0568

- Adds extra check for empty `err` object while checking error name for status code in GhostMailer
2020-07-21 01:08:19 +05:30
Rish
e8511d0568 Updated error code for incorrect recipients in GhostMailer
no issue

- By default, GhostMailer throws EmailError with statusCode as `500` for any failure in sending mail
- In case of failure due to `RecipientError`, status code as now correctly sent as `400` as its a bad request and not an error we can't handle.
2020-07-21 01:05:21 +05:30
Fabien 'egg' O'Carroll
6232981be7
🐛 Fixed importing Stripe Plans with amount 0 (#12062)
closes #12049

Stripe plans used to default to 0, and our new validation of plan
amounts were causing issues when importing from an older version of
Ghost, this updates the validation to be skipped when importing.

- Added regression test for importing plans
2020-07-20 14:59:23 +02:00
Daniel Lockyer
d261f88456 Fixed typos in webhook error message
no issue
2020-07-20 09:05:56 +01:00
Rish
90b39fbb9a Updated status and error message for newsletter email failures
refs https://github.com/TryGhost/Ghost/issues/11971

- Added statusCode from bulk email provider to API response
- Updated error messages for different bulk email(mailgun) failure states
- Added `context` to preview mail API error message with mail provider's error message
2020-07-17 13:54:09 +05:30
Nazar Gargol
a520cdad0b Added JSON Schema validations to Webhooks Admin API v3
closes #12033

- Added webhooks schemas and definitions.
- Added validation checking if integration_id is present when using session auth. This is needed to prevent orphan webhooks.
- Integrated webhook schemas into frame's validation layer.
- Added isLowerCase ajv keyword support. This is needed to be able to do isLowerCase validation using JSON Schema for webhooks.
2020-07-17 17:37:14 +12:00
Fabien 'egg' O'Carroll
8f660c3259
Improved settings validation (#12048)
closes #12001

* Moved settings validation to the model

This moves the settings validation out of the validation file and into
the model, as it is _only_ used there.

It also sets us up in the future for custom validators on individual
settings.

* Improved validation of stripe_plans setting

- Checks `interval` is a valid string
- Checks `name` & `currency` are strings

* Moved stripe key validation into model

The stripe key settings are all nullable and the regex validation fails
when the input is `null`. Rather than reworking the entirety of how we
validate with default-settings validation objects, this moves the
validation into methods on the Settings model.

* Added tests for new setting validations

Adds tests for both valid and invalid settings, as well as helpers
making future tests easier and less repetitive
2020-07-15 17:11:27 +02:00
Fabien O'Carroll
8cedbdf07c Fixed version for amp_gtag_id setting migration
refs #11980

This was added to the 3.25 directory _after_ 3.25.0 was released, thanks
to @daniellockyer for the catch!
2020-07-15 15:33:37 +02:00
Fabien O'Carroll
48eca5f618 Added amp_gtag_id setting migration & default
refs #11980

This lays the ground for the rest of the work surrounding Google
Analytics in AMP.
2020-07-15 13:43:25 +02:00
Nazar Gargol
ced3e28d60 🐛 Fixed cache invalidation for published posts with no content
closes #12015
refs 95880dddeb

- The bug was caused by falsy plaintext field assignment to empty string `''` when the html content was `null`. Because of the `setEmptyValuesToNull` function (referenced commit), there is no sense to assign empty string value to plaintext property, because it would still end up being `null`
- The `''` -> `null` conversion was confusing the model layer to think that some fields were changed, where in reality none did. This in turn lead to a bug with falsy cache invalidation
2020-07-15 17:41:24 +12:00
Nazar Gargol
a75e1e27db 🐛 Fixed cache invalidation when editing post_meta fields
closes #12016

- The change detection didn't work when editing post_meta fileds because we only check current model's `_changed` fields when performing `wasChanged()` check
- A solution was adding change tracking of post_meta relation to currently edited post model and overloading `wasChanged` method to check these fields as well
2020-07-14 23:48:36 +12:00
Rishabh Garg
ead073ad68
Updated sender email to existing "from-address" (#12044)
refs #12043

- On updating From-address from Members settings in Labs, we send a confirmation email to the updated address with magic link for verification
- Previously, no explicit sender email was being set for this so fallback config address was used
- This updates the sender address to use the current from address for "from-address" update emails
2020-07-13 17:57:31 +05:30
Fabien O'Carroll
06c7152f4b 🐛 Fixed Stripe webhooks for subdirectory setups
no-issue

- Added breaking test for webhook url including subdirectory

- Previously the webhook handler URL was generated incorrectly when
  running Ghost on a subdirectory, appending the path to the root of the
  host, this fix ensures that the subdirectory is included before the
  path.
2020-07-10 17:43:46 +02:00
Fabien O'Carroll
832ecad43b Improved handling of Stripe webhooks on boot
no-issue

This version of members-api includes changes to how webhooks are
managed, previously they would be deleted and recreated on every boot of
Ghost. Now they are created and the secret is persisted, on boot the
webhook is updated to the most current url and events. If the api
version is wrong or the update fails, the webhook is deleted and
recreated and the settings updated.

 - Installed @tryghost/members-api@0.24.0
 - Updated config to work with 0.24.0
2020-07-10 17:43:46 +02:00
Fabien 'egg' O'Carroll
20a95de8f7
Added new stripe webhook settings (#12028)
no-issue

They will be used to store webhook information so that we can persist it between
boots and simplify the creation process of webhooks in members
2020-07-10 16:26:06 +02:00
Rish
5fbc40430b Added migration to update group for new portal settings
closes https://github.com/TryGhost/Ghost/issues/12026

- 3 new portal settings were added in `3.23` in default settings - `portal_button_style`, `portal_button_icon`, `portal_button_signup_text`
- New settings default to group `core` on migrating from pre 3.22 versions due to missing columns in DB
- Migration here updates the new settings to correct group
2020-07-10 18:32:54 +05:30
Nazar Gargol
d6267340a1 Updated Content API resource ordering to be same as slugs in filter
closes #11994

- Adds support for ordering based on slug filter  that contains a slug-is-in filter. It is applied only to Content API's resources - post, page, tag, author. The order is applied in the same order in which slugs appear in the filter.
- For, example providing following  query parameter filter for any of the above resources: `?filter=slug:[kitchen-sink,bacon,chorizo]`, would filter them by these slugs and order in the same way defined in the filter
- Can be used in handlebars templates in following way: `{{#get "tags" filter="slug:[slugs,of,the,tags,in,order]"}}`
- The property conteining this new order is assigned to `autoOrder` instead of `rawOrder` intentionally. This explicit asstignment would allow distinguishing where the 'orderRaw' comes from the model or the API layer. Apart from  adding necessary context this separation makes it easier to refactor separately model layer and API specific ordering in the future
- This commit also fixes default filtering for `author` resource in Content API. The serializer was never used before as it was missing from `serializers/index.js` module.
2020-07-10 18:33:00 +12:00
Peter Zimon
0ea767ff5c Updated member already exists error message
no refs.
- changed member already exists error message from "Duplicate email address"
2020-07-09 12:13:26 +02:00
Matt Hanley
64da78bd6d
Updated twitter social profile default value (#12024)
no issue

- Updates default twitter profile value from `tryghost` to the correct `ghost`
2020-07-08 22:58:50 +05:30
Fabien O'Carroll
a3f693b472 Updated tags output serialiasation for v2 API
no-issue

This ensures that the v2 API only outputs the tag properties we specify,
and doesn't include any new fields, like the new metadata columns.
2020-07-08 15:14:40 +02:00
Fabien O'Carroll
7e5292eccc Updated tags input schema for canary API
no-issue
2020-07-08 15:14:40 +02:00
Fabien 'egg' O'Carroll
e14188807d Fixed express-jwt config
no-issue

express-jwt expects an array of valid algorithms, not a single algorithm.
2020-07-08 15:09:44 +02:00
Fabien O'Carroll
a607610c3a Added new meta columns to tags table
no-issue

This prepares the database for future work, allowing tags to store metadata
2020-07-08 11:49:22 +02:00
Rish
c5d360e647 Fixed members plan currency symbol
no issue

The refactor to new settings lost the uppercasing of the currency string, this puts it back
2020-07-08 10:47:28 +05:30
Nazar Gargol
173e3292fa Fixed integration_id handling in Webhooks Admin API
no issue

- Changes introduced to both API v3 and v2
- Makes sure to use the same integration_id as authenticated integration for the webhook's data.
-  Makde it is impossible to create orphaned webhooks using token authentication
- Allowed only parent integration to edit it's children webhooks. Throwing permission error otherwise
2020-07-08 16:54:31 +12:00
Fabien O'Carroll
694d92d270 Added guards for stripe_plans setting being null
no-issue

There is concern that the settings cache can return `null` for values
which it cannot parse correctly, this just ensures that we always have
an array where we expect one
2020-07-07 13:10:17 +02:00
Rish
8675a7d317 Updated portal button setting to false
no issue

- Existing and new sites should have portal button hidden by default and need explicit switch on from Admin.
- Default value for new sites has been updated, but existing sites still have old default and portal button set as true
- Migration here resets portal button setting to false for all existing sites, and they'll need to be explicitly turn it on from admin again
2020-07-07 14:43:00 +05:30
Rish
8d989bd3c3 Updated members site data to include new portal settings
no issue

- Adds new portal button settings to members site data for portal script
- Updates settings input/output serializers to handle portal icon image url
2020-07-07 14:06:04 +05:30
Rish
c0e3c8bcfe Added new settings for portal button customization
no issue

- Adds new portal settings - `portal_button_style`, `portal_button_icon` and `portal_button_signup_text`
- New settings allows customization of portal button
- Updates tests to include new settings
2020-07-07 14:06:04 +05:30
Hannah Wolfe
8c8af3b4ac Fixed additional bracket in fixture code example
closes #11908

- The post publishing-options shows a snippet of JSON-LD in a code block, that had an extra comma and curly bracket
2020-07-06 19:49:10 +01:00
Daniel Lockyer
8956a9df35 Merged 3.22.2 into master
* tag '3.22.2':
  v3.22.2
  Updated Ghost-Admin to v3.22.2
  Emitted all settings events on reinit of cache (#12012)
  🐛 Updated access to be true by default in v3 API
  Hardened members subscription migration against missing data (#12009)
2020-07-06 16:19:55 +01:00
Fabien 'egg' O'Carroll
8b6ec4d922
Emitted all settings events on reinit of cache (#12012)
closes #12003

There are a few parts of Ghost that rely on the settings events being
emitted anytime a setting is changed, so that the data is kept in sync.

When a setting is renamed in a migration essentially what happens is
that the settings value is changed from a default value to its actual
value, but this does no emit an event.

Anything that is initialised before migrations have run that relies on
the events to keep it up to date will have stale data - e.g. the themes
i18n service.

This change ensures that when we `reinit` after migrations have been
run, we emit events for every setting to tell the rest of Ghost that it
has changed.
2020-07-06 17:09:43 +02:00
Hannah Wolfe
289c1b3e8a 🐛 Updated access to be true by default in v3 API
closes #11990

- access should be a members feature, but it was already accidentally exposed to the theme layer
- it has now been added to the API even if members is disabled
- access defaults to true, unless members is enabled
- when members is enabled, access is set to the currently logged in members' access
2020-07-06 16:04:29 +01:00
Fabien 'egg' O'Carroll
4a5079085a
Hardened members subscription migration against missing data (#12009)
closes #11993

We had some issues with some databases being in an unexpected state this
check for each property before using it add uses defaults when it is
missing.
2020-07-06 12:18:13 +02:00
Rish
27379b76e4 Revert "Updated default visibility for membersjs button"
This reverts commit bf80ba924f.

- New sites should have the portal enabled and shown by default when they enable members (behind dev flag currently)
2020-07-06 14:12:01 +05:30
Daniel Lockyer
f65c425786 🐛 Fixed searching for free/paid members
no issue

- when searching for paid/free members, the `members_stripe_customers`
  table would be joined into the query on `members`
- this table also has a `name` and `email` field, so both MySQL and
  SQLite would complain about ambiguous fields in the query
- the result of this would be a 500 error thrown inside Ghost, and no
  useful response to the user
- this commit explicitly chooses the `members` table to check against,
  and also adds a test for this
2020-07-06 09:09:08 +01:00
Rish
bf80ba924f Updated default visibility for membersjs button
no issue

- The membersjs default trigger button was set to be visible by default, even behind dev flag
- This changes the default visibility to false so it needs to be switched on from Admin to be visible on screen
2020-07-06 10:46:07 +05:30
Fabien O'Carroll
6ffb820137 Removed bulk_email_settings from settings
refs #10318

 - Removes old default setting
 - Adds migration for removing setting from database
 - Fixes regression tests
2020-07-03 16:49:49 +02:00
Fabien 'egg' O'Carroll
37d577fa90
Remove references to bulk email settings (#12000)
refs #10318

* Ignored bulk_email_settings when importing
* Removed custom handling for bulk_email_settings
* Removed bulk_email_settings from default-settings
* Ignored bulk_email_settings when editing settings
2020-07-03 16:30:54 +02:00
Fabien O'Carroll
957cf9fd1d Added mailgunIsConfigured prop to config API
refs #10318

This will replace the isConfig property attached to the bulk_email_settings
2020-07-03 11:48:47 +02:00
Fabien O'Carroll
5e6a4f6f7d Updated bulk-email service to use mailgun settings
refs #10318
2020-07-03 11:48:47 +02:00
Fabien 'egg' O'Carroll
9df217b04e
Added mailgun_{domain,api_key,base_url} settings (#11992)
refs #10318

 - Adds new default settings
 - Adds migration for populating settings with bulk_email_settings data
 - Fixes regression tests
2020-07-03 11:00:20 +02:00
Fabien O'Carroll
f3b4a538af Updated the validateSettings method to check stripe_plans
refs #11765

This ensures that plans will always be set to 1 of the currency
2020-07-03 10:37:13 +02:00
Fabien O'Carroll
38fce4efc5 Cleaned up data validation module
no-issue

Removes overly verbose repetition of identifiers making this easier to read
2020-07-03 10:37:13 +02:00
Fabien O'Carroll
774187ced5 Cleaned up onValidate method on settings model
no-issue

Explicit arguments and async/await make this nicer on the eyes
2020-07-03 10:37:13 +02:00
Kevin Ansfield
e9ae0d9baa 🐛 Fixed srcset and sizes attributes being rendered when image resizing unavailable
closes https://github.com/TryGhost/Ghost/issues/11944

- updates `@tryghost/image-transform` to version that exposes `canTransformFiles()` which checks for `sharp` availibility
- updates `@tryghost/kg-default-cards` to version that accepts a `canTransformImage()` method as an option
- updates our `mobiledoc` lib to pass a `canTransformImage()` function that returns false if sharp is unavailable, the image extension is not supported, or the storage engine in use does not support image transforms
- updates `populateImageSizes` to fetch image sizes when transforms are unavailable as the render/not-render is now handled in the renderer and we don't need to worry about adding size information to the mobiledoc source
2020-07-02 18:03:22 +01:00
Nazar Gargol
6902f86b40 Added field mapping support for members import CSVs
no issue

- This is a precursor work allowing client to send csv to JSON
field mapping hash as a `mapping` field parameter in the incoming
request.
2020-07-02 15:18:39 +12:00
Kevin Ansfield
fd4a011995
🐛 Fixed settings cache being out of sync after migrations (#11987)
refs https://github.com/TryGhost/Ghost/issues/10318

- re-initialize settings cache after migrations by shutting down to clean up event listeners then and calling `init` again
- important to ensure `db.ready` event is not emitted until settings have finished re-initializing to avoid problems with background processes using the db connection which is disconnected/re-connected or being kicked off with out-of-date settings
2020-07-01 17:16:57 +01:00
Nazar Gargol
d03f674a2f Fixed failing members import tests
refs 05f6faf846

- The logic in "Stripe" error detection depended on error's message string matching, which is not a good practice in general. Had fixed it do to exact match on "context" of the error we throw internally and left more extensive comment about why things are implemented the way they are.
2020-07-01 19:03:12 +12:00
Peter Zimon
05f6faf846 Updated error messages for member import
no refs.
- refined errors for member import post-validation
2020-07-01 07:23:20 +02:00
Fabien O'Carroll
44c03eb0f4 Fixed migration exiting for single missing setting
refs #10318

`return` would break the whole loop, `continue` will continue to the
next iteration
2020-06-30 18:38:55 +02:00
Fabien O'Carroll
0074324b10 Fixed migration when brand setting is null
refs #10318

This would throw if the setting was null, we catch and use the default
instead.
2020-06-30 18:30:05 +02:00
Kevin Ansfield
9810c41dca 🐛 Fixed facebook/twitter images having relative URLS in API output
no issue

Output serializer's url util was expecting `og_image` and `twitter_image` to be top-level attributes in the `attrs` object but they are actually nested under `posts_meta`.

- updated the code to use lodash's `get/set()` so that we can work with paths for easier handling of nested objects
- fixed unit tests where the mocked data under test did not match real-world data
2020-06-30 16:40:34 +01:00
Jonas Fabisiak
58ac033b97
Updated head to only output custom favicons (#11949)
closes #11932

- as per the issue, there is no need to output a <link> tag if the favicon is the default /favicon.ico, as all browsers automatically check for this 
- instead the favicon <link> is only output if a custom favicon has been set, telling the browser to look somewhere different to its default location
- some of the tests expected 3 links in the html head, but through the favicon change there are often only 2.

Co-authored-by: RenCloud <rencloud@pop-os.localdomain>
2020-06-30 15:07:08 +01:00
Hannah Wolfe
fa91c6c954
🐛 Moved access to an API property (#11967)
closes #11574

- the current implementation of the access property has it frontend only, and wired up only in one place
- this leaves it only available in a handful of places, e.g. can't use it in a post loop or get helper
- the current implementation also fails logically if the html content of the post is blank

This fix moves the behaviour to the API

- this ensures the field is always available no matter what context you are in
- it also updates the logic to use the same membersHasAccess logic as is used to gate the post, so it's always correct

TODO: should reconsider the location of this code
2020-06-30 14:46:46 +01:00
Rish
212e39f772 Updated settings importer to handle new mapping
refs https://github.com/TryGhost/Ghost/issues/10318

- Skipped `members_subscription_settings` and `stripe_connect_integration` from settings import
- Fixed import data field filtering for core and theme groups
2020-06-30 17:38:36 +05:30
Rish
d5f68dbbc5 Updated serializers/model layer validation using settings type
refs https://github.com/TryGhost/Ghost/issues/10318

- Updates `boolean` serialization in v2/canary serializers to apply only for `boolean` type settings
- Updates `boolean` transformation in model layer `format`/`parse` to check on `boolean` type setting
- Removes error thrown on Read-only setting for settings edit endpoint
- Updates v2/canary input serializers to remove any Read-only settings (using RO flag) to avoid edits
- Added type/group mappings in the importer when pre-migration settings table import data is present
- Updates tests
2020-06-30 17:38:36 +05:30
Rish
8a50a3e9c9 Updated default settings and schema with updated types
refs https://github.com/TryGhost/Ghost/issues/10318

- Updates default settings to contain correct type and validation for each setting
- Updates `populateDefaults` to correctly insert type value for new settings
- Updates settings schema to allow only select types - `array`, `number`, `boolean`, `string`
- `object` is a temporary type allowed till we get rid of all JSON object settings
2020-06-30 17:38:36 +05:30
Fabien O'Carroll
a5751341b6 Added RO flag to members_from_address
refs #10318

This was incorrectly missing before
2020-06-30 13:54:01 +02:00
Fabien O'Carroll
f2f40a5f4a Updated migrations to always set group,types,flags
refs #10318

Because settings are not populated with the correct group and flags, we
must _always_ set these. Then we can check to see if there are values
which need migrating, and if not, can safely exit and leave the values
as default.
2020-06-30 13:54:01 +02:00
Kevin Ansfield
fa2c9a4da1 Added missing PUBLIC flag for logo setting in migration
refs #10318

- `logo` setting should have had the `PUBLIC` flag but it was missed
2020-06-30 12:21:22 +01:00
Fabien O'Carroll
0a257c4b5d Updated settings api to ignore stripe_connect settings
refs #10318

These settings are only allowed to be set via the stripe_connect_integration_token key
2020-06-30 11:27:43 +02:00
Fabien O'Carroll
3b8cdb1657 Fixed migrations for missing settings
refs #10318

If migrating from a previous version that does not include the setting
being migrated from we can safely not update the new setting, and just
rely on its default value being present. When rolling back we can use
defaults if the new setting does not exist.
2020-06-30 10:33:55 +02:00
Fabien O'Carroll
bf736717e4 Fixed members default-settings default values
refs #10318
2020-06-29 19:34:14 +02:00
Rish
4ccfca8c00 Added migration to add types for settings
refs https://github.com/TryGhost/Ghost/issues/10318

- Updates the type field for a setting to specify its type explicitly
- Type can be one of (string, number, boolean, array)
- `object` is allowed a temp type till all the object settings are removed
- existing `type` value for setting was misleading and referring to `group`
- we moved the current `type` value for a setting to `group` here - 4a9e57c170
2020-06-29 15:05:38 +00:00
Fabien O'Carroll
21e9fd93b8 Fixed stripe_plans default settings
refs #10318

These should be fractional amounts so they needed to be 100x larger
2020-06-29 16:44:50 +02:00
Fabien 'egg' O'Carroll
8455d24894
Added migrations for members & stripe setting changes (#11961)
refs #10318

* Added migration for stripe_connect_integration
* Added migration for members_subscription_settings
2020-06-29 16:23:38 +02:00
Fabien 'egg' O'Carroll
ee786aaa5d
Cleaned up members & stripe settings (#11957)
* Updated members default settings

ref #10318

This pulls out the members_subscription_settings & stripe_connect_intgration settings into separate keys

* Updated usage of members_from_address

* Updated stripe_connect usage

* Updated members config to use new settings

* Updated members middleware to use isStripeConnected

* Updated members service to reload correctly

We reload the members-api instance when the related settings change, so
this makes sure we're listening to the correct settings changes

* Updated ghost_head helper to use new settings

* Updated theme middleware to use new settings

* Renamed members_allow_signup -> members_allow_free_signup

* Fixed tests after settings refactor

* Removed  from direct key settings key

* Fixed regression tests for settings api
2020-06-29 16:22:42 +02:00
Fabien 'egg' O'Carroll
3aa68b95e7
Updated migration to assume new settings exist (#11963)
refs #10318

As populateDefaults is run _before_ migrations, the new settings will
already be inserted in the database, so we just need to update their
values and then delete the old settings.
2020-06-29 15:31:16 +02:00
Kevin Ansfield
f45198245f Updated Settings.populateDefaults() to account for available columns
refs https://github.com/TryGhost/Ghost/issues/10318

`Settings.populateDefaults()` is run before migrations during Ghost's startup. This can cause problems when new settings table columns are added (and populated in `default-settings.json`) because `populateDefaults()` was using the model layer which assumes that those columns are available, resulting in `ER_BAD_FIELD_ERROR: Unknown column` type errors.

- query the database for the available `settings` table columns
- switch to using raw knex queries without Bookshelf for insertions so that we're in control of the columns that are added
- use `_.pick` to skip any properties in `default-settings.json` that do not match to an available column - those columns will be added and populated by later migrations
- moving away from using the model to insert settings has the side-effect of not emitting `settings.added/edited` and `settings.x.added/edited` events, this should be fine because `populateDefaults()` is called before anything else is set up and listening
- added a call to `populateDefaults()` in our knex-migrator "before migration" hook so that we have consistent db state across both startup initialised migrations and manually triggered knex migrations
2020-06-29 13:22:10 +00:00
Nazar Gargol
097ff9fba9 Fixed grouping error in members CSV importer
no issue

- Import error grouping wasn't working correctly when error didn't have defined context property
- The copy will be refined in final design review
2020-06-30 00:22:52 +12:00
Fabien O'Carroll
79c3709fb9 Updated ALL permissions migrations to use the utils
no-issue
2020-06-25 19:15:25 +02:00
Fabien O'Carroll
ec119c458c Added migration utils for permissions
no-issue

These utils are the first steps toward getting the models out of our
migrations! The utils here interact directly with the database and where
possible don't reinvent the wheel, by using smaller building blocks to
build more comples ones.
2020-06-25 19:15:25 +02:00
Nazar Gargol
91e3630f36 Updated settings API v3 tests to check for correct types returned for specific keys
refs https://github.com/TryGhost/Ghost/issues/10318
refs 476fca6e5b

- Symetric change to one done in referenced commit which maps fields for API v2
2020-06-25 17:36:10 +12:00
Nazar Gargol
e394b5ad9c Added naive settings type options parameter support to settings API v2
refs TryGhost/Ghost#10318
refs 8fc526ff6

- This is symetric change to one done for v3 API (commited as 8fc526ff6)
- Added 'core' filtering for v2 API controller
2020-06-25 16:32:16 +12:00
Kevin Ansfield
05ac53ffa1 Fixed defaultValue for sharedViews setting
refs https://github.com/TryGhost/Ghost/issues/10318

- `shared_views` is always an array (Ghost-Admin has handling to revert it to an array if it's anything else) but it's default value was set to an empty object
2020-06-24 15:15:55 +01:00
Kevin Ansfield
e9b6e8eca7 Removed API filter of settings now correctly grouped in "core"
refs https://github.com/TryGhost/Ghost/issues/10318

- `members_public_key` and `members_private_key` are now correctly grouped under `core` which is already filtered out so we don't need the extra filter to exclude them
2020-06-24 14:55:50 +01:00
Nazar Gargol
8fc526ff6e Added back compatible support for renamed settings types
refs https://github.com/TryGhost/Ghost/issues/10318
refs 1dc0405803

- Adds 1:1 mapping for filtering options  to renamed settings "type" to "gorup"
- Ignores the name changes and any old types
- Detailsed type -> group mappings can be checked in the refereneced migration commit
2020-06-25 00:55:40 +12:00
Kevin Ansfield
1dc0405803
Added migration to populate settings.{group,flags} (#11954)
refs https://github.com/TryGhost/Ghost/issues/10318

- maps old `settings.type` values to new `settings.type/group` values
  - uses an explicit map so that we don't lose information and can safely roll back even though we're modifying `settings.type` too
  - updates `settings.type` values too to keep code working while we switch to using `settings.group`
- sets the `settings.group` value for all settings which are keeping the same group as their current type
- adapts `settings.type` validations to match new groups
- adds flags to specific settings, both in the migration for existing settings records and in default-settings.json for new settings records
2020-06-24 12:38:18 +01:00
Kevin Ansfield
4a9e57c170
Added migration to add settings.{group,flags} columns (#11951)
refs https://github.com/TryGhost/Ghost/issues/10318

- `group`
  - to replace the `type` column, provides a more descriptive name for the columns use
  - for existing sites it will be populated by migrating data from the `type` column in a later migration
  - for new sites a minimal update has been added to `parseDefaultSettings()` to populate the `group` field when settings are created during startup - fixes the NOT NULL constraint on `settings.group`
- `flags`
  - signifies special handling that is different to other settings in a group
  - eg, `PUBLIC,RO` would indicate that the setting is available via unauthenticated endpoints and is read-only
2020-06-24 11:58:15 +01:00
Nazar Gargol
118b7033e0 Fixed input serializer for setting's PUT methods in Admin APIs
refs https://github.com/TryGhost/Ghost/issues/10318

- There was a copy/paste error and we didn't have a test to pick it up. Will follow up with a regression test to make sure it doesn't happen again
2020-06-24 22:11:03 +12:00
Nazar Gargol
8ea245fc7c Fixed importer mapping for renamed default_locale, active_timezone, ghost_* settings
refs #10318
refs 2614565d5a

- Adds importer mapping for fields as in referenced migration
- The intention is to allow exports from v2/v3 to still be compatilbe with current version
- Adds a mapper for deprecated fields and imports them with new settings "keys"
2020-06-24 14:19:52 +12:00
Nazar Gargol
2de1c07dd4 Renamed settings key brand.primaryColor to accent_color
refs #10318
2614565d5a

- Changes naming throughout the codebase matching the change in the
referenced commit
2020-06-24 14:18:13 +12:00
Nazar Gargol
f0a811e9fe Renamed ghost_head/ghost_foot to codeinjection_head/codeinjection_foot
refs #10318
refs 2614565d5a

- Renamed ghost_head/ghost_foot in settings to match the new names
introduced in migrations
- Above change lead to reshufling in the mappings in input/output
serializers
- Makes sure change is compatible with v2 API
2020-06-24 14:18:13 +12:00
Nazar Gargol
5f1060a8bf Renamed settings keys active_timezone to timezone
refs https://github.com/TryGhost/Ghost/issues/10318
refs 2614565d5a

- Renames to match referenced migration renames
- Fixed API responses so they are consistent with newly renamed fields
- Not returning lang and timezone keys from settings in API v2 ther rest should be returned in API v3/canary
2020-06-24 14:11:20 +12:00
Nazar Gargol
c4dff2d50e Renamed settings keys from default_locale to lang
refs #10318
refs 2614565d5a

- Renames default_locale settings key as introduced in referenced
migration
2020-06-24 14:07:24 +12:00
Kevin Ansfield
8a817050c5
Organised default settings into new groups (#11952)
refs https://github.com/TryGhost/Ghost/issues/10318

- precursor to migrating from `settings.type` to `settings.group`
- renames `blog` type to `site`
- renames `bulk_email` type to `email`
- moves settings out of `site` (previously `blog`) into more appropriate groups such as `core` or individual feature groups
2020-06-23 20:49:08 +01:00
Rish
adb5adea57 Fixed incorrect brand structure in settings migration
no issue

- Previous migration in commit - 2614565d5a - was using incorrect json structure for brand -> primary_color
- Fixes the up/down migrations to work on correct existing `brand: primary_color` structure
2020-06-23 22:13:32 +05:30
Naz
2614565d5a
Settings keys renames (#11948)
refs https://github.com/TryGhost/Ghost/issues/10318

- Adds following renames to settings table keys:
  'default_locale' -> 'lang'
  'active_timezone' -> 'timezone'
  'ghost_head' -> 'codeinjection_head'
  'ghost_foot' -> 'codeinjection_foot'
  'brand.publicationColor' -> 'accent_color'
- The renames are done to match revised naming conventions and naming
exposed through APIs
- Supersedes this revert - 1eeb5a60b8 and #11946
2020-06-24 01:10:25 +12:00
Nazar Gargol
5c800a6fe7 Revert "Revert "Added migration to remove deprecated values from the settings table (#11942)""
This reverts commit 32cb9c7f94.

Emergency release has been canceled changes can stay in master
2020-06-24 01:07:29 +12:00
Kevin Ansfield
db66f1cbbd Fixed populateImageSizes handling of images in subdir setups
no issue

- when using subdirectories, images can be stored in the database both with and without the subdirectory prefix. We weren't taking that into account and so images without the subdirectory were not having the `/content/images/` prefix removed when passed to the storage adapter resulting in the storage adapter not finding the image
2020-06-23 12:47:20 +01:00
Nazar Gargol
32cb9c7f94 Revert "Added migration to remove deprecated values from the settings table (#11942)"
This reverts commit bdd8049e06.

- Revert was done to allow emergency releaese
2020-06-23 19:29:01 +12:00
Nazar Gargol
1eeb5a60b8 Revert "Renamed settings table keys (#11946)"
This reverts commit d8cdeb6d01.

- Revert was done to allow emergency releaese
2020-06-23 19:27:52 +12:00
Naz
d8cdeb6d01
Renamed settings table keys (#11946)
refs https://github.com/TryGhost/Ghost/issues/10318

- Adds following renames to settings table keys:
  'default_locale' -> 'lang'
  'active_timezone' -> 'timezone'
  'ghost_head' -> 'codeinjection_head'
  'ghost_foot' -> 'codeinjection_foot'
  'brand.publicationColor' -> 'accent_color'
- The renames are done to match revised naming conventions and naming
exposed through APIs
2020-06-23 19:09:12 +12:00
Naz
bdd8049e06
Added migration to remove deprecated values from the settings table (#11942)
refs https://github.com/TryGhost/Ghost/issues/10318
refs https://github.com/TryGhost/Ghost/pull/11939

- Removes force_i18n, permalinks, and members_session_secret settings
values as their respective use has been removed from the codebase.
- Related code changes in referenced PR
2020-06-23 19:07:33 +12:00
Nazar Gargol
b78dbfbbc2 Removed use of deprecated setting flags from the codebase
refs #10318
refs https://github.com/TryGhost/Ghost/pull/11942

- Removes force_i18n, permalinks, and members_session_secret usage from the codebase
-  We deprecated these flasgs and have not used since Ghost v2. It's good time to remove them before we introduce bigger changes to how `settings` table opeartes.
- Fixed importer test. The test was meant to check if string values were converted properly, the check agains boolean didn't make much sense in this context, so removed it.
- Following this change are going to come ralated migrations to fix existing data (see ref)
2020-06-23 11:58:19 +12:00
Rish
77e1ada6c6 Added new settings for members modal
no issue

-  reverts commit 87c31444fd but with modifications to settings naming
-  Adds new settings for members modal customization to default settings
- `portal_button` controls the visibility of beacon in members modal
- `portal_name` controls the visibility of name field in signup
- `portal_plans` controls the visibility of plans allowed for member to signup with
-  Adds stripe connect check to determine if stripe is setup or not
-  Adds the 3 new settings to members site data
-  Updates to snake case naming for members site API data
2020-06-19 21:35:49 +05:30
Nazar Gargol
93e8ee83d9 Extracted members CSV related code into @tryghost/members-csv package
no issue

- Moves out CSV parsing and serialization related code into separate package as a part of push to modularize Ghost repo.
- Next up is to remove `csv-parser` dependency from this new package
2020-06-19 19:55:47 +12:00
Nazar Gargol
fabe06c5c5 Colocated readCSV util with members input serializer
refs 5a6ce5abfe

- Allows to move files and keep the history in one go.
- 'csv-parser' will be upgraded to 'papaparse' lib in a new package
2020-06-19 18:24:51 +12:00
Nazar Gargol
5a6ce5abfe Extracted members csv input serialization logic into separate module
refs a6b5a82f09

- This is prep work for extraction into members repository.
2020-06-19 17:58:33 +12:00
Nazar Gargol
a6b5a82f09 Extracted members csv serialization logic into separate module
no issue

- This is prep work for extraction into members repository.
2020-06-19 17:23:05 +12:00
Nazar Gargol
e698f9f95c Fixed handling for grouped validation errors during members import
refs 7904c303a7

- Model's validation errors are sometimes returned as an array of errors, in those cases they should be flattened to before returning to the client. This way there is more insight into what went wrong during the import.
2020-06-19 16:34:23 +12:00
Fabien O'Carroll
4716d13d13 Added API endpoints for disconnecting Stripe
no-issue
pr: https://github.com/TryGhost/Ghost/pull/11930

- Upgraded @tryghost/members-api to 0.23.0

  This version includes a new method hasActiveStripeSubscriptions

- Added /admin/members/hasActiveStripeSubscriptions

  This can be used to determine whether or not we should allow removing
  the stripe keys.

- Added /admin/settings/stripe/connect

  This can be used to delete a Stripe Connect integration, provided
  there are not active subscriptions
2020-06-18 18:42:20 +02:00
Kevin Ansfield
2553da1bee Fixed mobiledoc.populateImageSizes handling of empty image card payloads
no issue

- it's possible that image cards can be saved when they have no `src` attribute (placeholders)
2020-06-18 15:32:42 +01:00
Rish
87c31444fd Revert "Added new settings for members modal settings (#11927)"
This reverts commit ea7d450a9b.
2020-06-18 19:06:13 +05:30
Kevin Ansfield
4fb39f29cc Fixed population of image sizes when forcing re-render of posts
no issue

- fixed incorrect method name when calling
- fixed problem with setting post.mobiledoc to a promise rather than waiting for the size population to finish and setting it to a mobiledoc string
2020-06-18 14:02:53 +01:00
Kevin Ansfield
95525eeadc Allowed ?formats param in Admin API post+page create/edit requests
no issue

- `?formats` is useful when you want to get `html` back from the Admin API when creating/editing posts, otherwise you're forced to make a following `GET` request
2020-06-18 13:59:01 +01:00
Rishabh Garg
ea7d450a9b
Added new settings for members modal settings (#11927)
no issue

-  Adds new settings for members modal customization to default settings
- `membersjs_show_beacon` controls the visibility of beacon in members modal
- `membersjs_show_signup_name` controls the visibility of name field in signup
- `membersjs_allowed_plans` controls the visibility of plans allowed for member to signup with
-  Adds stripe connect check to determine if stripe is setup or not
-  Adds the 3 new settings to members site data
2020-06-18 17:11:08 +05:30
Kevin Ansfield
f27282bc3f
Added mobiledoc transform to populate missing image sizes on forced re-render (#11924)
no issue

- adds `populateImageSizes()` to our mobiledoc lib module
  - uses `image-size` lib to speed up reading of image dimensions
  - for local images, use storage adapter with same guards as used by `handle-image-sizes` middleware so that we don't insert srcsets for images that aren't transformable
  - for unsplash images, remove any width and crop params from the url so it points to the full-size image
- use `populateImageSizes(mobiledoc)` to modify post model's mobiledoc when re-rendering
2020-06-17 13:12:32 +01:00
Kevin Ansfield
4537ccd329 🐛 Fixed embed/bookmark retrieval for sites that require cookies during redirects
no issue

- known failing case was Medium. Some *.medium.com articles triggered redirects but without cookies being stored/sent across the redirect requests it would cause an infinite redirect loop and we'd abort after 10 redirects
- use `got`'s [cookie support](https://github.com/sindresorhus/got/tree/v9.6.0#cookies) via `tough-cookie` so that we can create bookmark cards for medium.com and other sites with similar problems
2020-06-17 10:03:36 +01:00
Kevin Ansfield
86f14c28a1 Fixed no-shadow linter warnings in image-size.js 2020-06-16 12:36:55 +01:00
Hannah Wolfe
a9759736d6
🐛 Fixed private blogging exposing 404 and robots (#11922)
- There were various cases where it was possible to trigger a private site to display a 404 instead of redirecting to /private/
- Private mode was also not always displaying the correct robots.txt
- This PR includes tests for all cases in test/frontend-acceptance/default_routes_spec.js & where possible the unit tests have also been updated for completeness
- Fixing the 404 issues required
    - Better handling of paths using req.path instead of req.url in filterPrivateRoutes
    - Additional error handling, to cover the case that a tag/author RSS feed does not exist
 - Fixing the robots.txt required the order of middleware to be changed, so that private blogging gets a chance to render first
    - NOTE private blogging is the only app with a setupMiddleware function so nothing else is affected
2020-06-16 11:42:32 +01:00
Fabien O'Carroll
c5b8dab523 🐛 Fixed custom redirects for subdirectory setups
no-issue

This issue only occurs when using custom redirects with a subdirectory
setup, and the path to be redirected from is expressed as a regex, and
the url that is being redirected to is not an external url.

The issue has a few components:

- Redirect paths as a regex generally use the ^ to ensure that they
  match the beginning of the path.

- The path that the regex is matched against conditionally excludes the
  subdirectory, specifically, the subdirectory is excluded for external
  urls

These combined means you end up with a regex like /^\/custom-redirect/
and a path like /subdir/custom-redirect, these will not match/replace
correctly, and you'll end in an infinite redirect loop.

The fix here is to *always* remove the subdirectory when testing regex's
and then conditionally adding it back *only* for the redirect, and only
if it is an internal redirect
2020-06-16 10:24:13 +02:00
Nazar Gargol
5f00619d1a Renamed members import/export endpoints
refs cb26fd9305

- Reasoning behind the rename in referenced commit
2020-06-16 18:08:50 +12:00
Kevin Ansfield
e0d1763424 🐛 Fixed fallback to bookmark card when pasting localhost Ghost url
no issue

- localhost check was causing an immediate "no provider" error when fetching oembed for a localhost url and bypassing the bookmark fallback even when the configured site lives on localhost
- allow `localhost:port` through in oembed endpoints when it matches the configured url
2020-06-15 18:38:43 +01:00
Kevin Ansfield
ce8bc9d4bf Added imageOptimization:srcsets config to allow disabling of srcset attrs in content
no issue

- pass `srcsets` value through to mobiledoc renderer
  - it will stop adding `srcset` attributes to images when explicitly set to `false`
- adds `reload()` method to `mobiledocLib` so that memoized instances of the renderer can be reset during tests that change config values
2020-06-15 16:45:36 +01:00
Kevin Ansfield
73429589bd Reverted to previous user-agent for bookmark and oembed requests
no issue

- need to document changes so that external systems can adapt to the revised user-agent
2020-06-15 16:02:04 +01:00
Hannah Wolfe
27066ce910
🐛 Fixed missing text version in bulk email (#11919)
closes #11917

- Pass text-only version to mailgun as `text` not `plaintext`
- This ensures we send a text-only version of the email, and this in turn should help to improve spam scores
2020-06-15 15:31:09 +01:00
Rishabh Garg
84d0a46c6e
Removed "from address" overwrite in importer (#11914)
refs https://github.com/TryGhost/Ghost/issues/11414

- Importing data currently overwrites the existing "from address" with new value
- "from address" needs to go through email validation flow before update which was bypassed
- Updates importer to not allow overwrite for "from address" and use existing
- Adds test for "from address" overwrite
2020-06-15 12:22:55 +05:30
Hannah Wolfe
edff7ac853
Adding INR currency support (#11911)
- We have many customers asking for INR as there are special rules in Stripe for this currency
- As well as a desire for local-selling
- Meaning it's not valid to use e.g. USD instead
2020-06-12 19:36:25 +01:00
Kevin Ansfield
424e43975c Allowed ?force_reload=true through on pages edit endpoint
refs 008f86fc29

- same as posts. Related functionality to handle the query param exists on the Post model
2020-06-12 19:15:19 +01:00
Fabien O'Carroll
63f1e57036 Fixed Members Stripe config for Stripe Connect
no-issue

This was initially missed as local settings always had the original
stripeDirect keys, this ensures that regardless of Connect vs Direct vs
Both vs Neither that the config is correct.

Also ensures that the Members API instance is reloaded when the Stripe
Connect settings are changed.
2020-06-12 19:22:36 +02:00
Kevin Ansfield
008f86fc29 Added ?force_rerender=true param to posts edit endpoint
no issue

- there are various situations where we adapt/fix/improve our mobiledoc->html output over time but we didn't have a way of updating old content without manually editing the mobiledoc and saving, or running an expensive migration to re-render all old content
- this adds a `?force_rerender=true` query param to the `PUT .../admin/posts/:id/` endpoint that allows the `html` field to be re-generated without modifying the `mobiledoc` field contents
2020-06-12 18:05:57 +01:00
Kevin Ansfield
5d0d0b397e Fixed no-shadow linting warnings in models/post.js 2020-06-12 17:55:40 +01:00
Nazar Gargol
cb26fd9305 Changed members upload validation endpoint to /members/upload/validate
no issue

- The intention is to move away from using file type names in URLs. This endpoint is meant to correspond to current `POST /members/csv` endpoint, that is  planned to be renamed into `/members/upload`. And the `GET /members/csv` to be renamed to  `/members/download` respectively.
2020-06-12 23:31:56 +12:00
Kevin Ansfield
f4d9a41d3b
Added ?paid query parameter to Admin API members browse endpoint (#11892)
no issue

- NQL does not support the relationship setup that members->stripe customer<->stripe subscriptions uses so it wasn't possible to use the `filter` param to query against having an active subscription
- adds `customQuery` bookshelf plugin that allows customisation of SQL query used in `findPage` method by individual models
- use `customQuery` in Member model to set up joins and conditionals to select free/paid members when `options.paid` is present
- allow `?paid` param through API and permitted options for member model
2020-06-12 12:12:10 +01:00
Daniel Lockyer
2229fd4d6c Fixed import paths for errors and logging modules
no issue

- errors is now `@tryghost/errors`
- logging moved location to `core/shared/logging`
2020-06-12 09:09:46 +01:00
Nazar Gargol
7904c303a7 Added invalid import record errors and counts
no issue

- This new format allows to return additional metadata with failed import records. The data for invalid records is returned in following format:
```
{
    count: {count_of_invalid_records},
    errors: [{
      message:	"Members not imported. Members with duplicate Stripe customer ids are not allowed." // message field of the error
     context:	"Attempting to import members with duplicate Stripe customer ids." // context field of the error
     help:	"Remove duplicate Stripe customer ids from the import file, and re-run the import." // help field of the error
     count:	2 // count of this specific error
    }]
};
- Errors are grouped by their context fields because message fields sometimes can contain unique information like Stripe customer id, which would produce too many errors in case of bigger datasets.
2020-06-12 19:59:36 +12:00
Nazar Gargol
589d826afd Added /members/validate ednpoint to Admin API
no issue

- This endpoint is meant to be used for validation of imported members
- Main function at the moment is to validate if stripe_customer_id present in the dataset exists in connected Stripe account
2020-06-12 16:34:12 +12:00
Rish
41b3ecc744 Removed extra redirect on Admin for from address update
no issue

- Ghost-Admin redirects all paths to `/ghost/settings...` as `/ghost/#/settings/...`, this updates the admin redirect on successful magic link validation to directly use the latter to avoid extra redirect
2020-06-11 19:49:19 +05:30
Rish
9c478d778a Fixed email copy for update email template
no issue

- Fixes email copy changes for update-email mails sent for from address update
2020-06-11 18:19:53 +05:30
Kevin Ansfield
70b205618f Added responsive-image srcset attribute to image and gallery card output
no issue

- adds a set of hardcoded "content image sizes" to the base config
- adjusts `handle-image-sizes` middleware to always allow the hardcoded content image sizes to be genreated
- updates `@tryghost/kg-card-factory` to allow passthrough of options to card renderers
- updates `@tryghost/kg-default-cards` to add `srcset` output for image and gallery cards
2020-06-11 13:28:44 +01:00
Fabien 'egg' O'Carroll
bfc03eb120
Replaced nql-map-key-values with @nexes/nql (#11896)
closes #11008

- Updated @nexes/nql to 0.4.0

  This version exports the mapKeyValues utility function

- Replaced nql-map-key-values with @nexes/nql util fn

  Usage was found using `rg nql-map-key-values` and replaced globally.

- Deleted nql-map-key-values module in shared 

  Now that this module isn't referenced anywhere else, we can remove it,
  relying solely on the util exported by @nexes/nql
2020-06-10 19:17:25 +02:00
Rish
82cf095600 Added stripe config check to members site data
refs https://github.com/TryGhost/members.js/issues/43

- Adds new `isStripeConfigured` flag to public members site data which denotes if stripe setup is completed
- Helps clients like members.js/themes to configure payment behavior based on this flag
2020-06-10 21:15:13 +05:30
Fabien O'Carroll
5f808dfbee Encoded the mode in the Stripe Connect OAuth state
no-issue

The service at stripe.ghost.org must know which client_secret to use,
either the test, or live one. By encoding a JSON object as the state we
are able to pass data through the flow to inform this decision at the
end.

Note, that we still keep a random value in the state to protect against
CSRF attacks.
2020-06-10 14:06:57 +02:00
Fabien O'Carroll
33d1148cff Supported test mode in members_stripe_connect API
no-issue

We've added a "mode" query param to the members_stripe_connect api auth
method, allowing the client to easily switch between live and test mode.
2020-06-10 14:06:57 +02:00
Fabien O'Carroll
2ff151a893 Added support for stripe connect test mode
no-issue

This adds the ability to pass a `mode` param of 'test' to the members stripe
connect service, which will ensure we use a testmode client_id for the
Stripe Connect OAuth flow.

This will allow users to connect their account in testmode.
2020-06-10 14:06:57 +02:00
Nazar Gargol
c8351720b1 Removed levtover code
refs 81fc5f8eda

- Comment was left here unintentionally
2020-06-10 14:40:33 +12:00
Fabien O'Carroll
9348134afe Added display_name & account_id to stripe connect
no-issue

This will allow us to display this information in the Admin to make it
easier for the user to see what the current state is.
2020-06-09 17:11:17 +02:00
Kevin Ansfield
8c235ff766 Shortened insufficient oembed data error message
no issue

- improves display in client
2020-06-09 12:47:34 +01:00
Nazar Gargol
81fc5f8eda Added special handling for member import with Stripe connection
no issue

- When imported member contains stripe_customer_id data but there is no Stripe configured on the Ghost instance such import should faiil. The logic is consistent with one where import fails after not being able to find customer in linked Stripe account
- Fixed import stats to show import failures instead of "duplicate" when the validation error is of "Stripe" origin
2020-06-09 23:02:38 +12:00
Rish
c63f7f2b13 Updated copy for email address change template
no issue

- Fixes typo and title for email address update mails
2020-06-09 12:11:57 +05:30
Nazar Gargol
dba664a200 Removed unused variable
refs 53abf79869
2020-06-09 15:31:42 +12:00
Nazar Gargol
53abf79869 Removed format-csv module in favor of papaparse
no issue

- The aim was to extract format-csv to become an external dependency. After some analysis found out that native papaparse method `unparse` was achieving the same results with a lot better test coverage and stability. Because papaparse will become Ghost's default csv processor in near future decided to integrate papaparse instead of extracting module for the format-csv module's code, which would become redundant soon anyways.
- For reference papaparse will substitute current csv-parser lib because it's better performance and maturity.
- Performance comparison can be checked here - https://github.com/Keyang/csvbench#result . At the time of writing papaparse is rougly 40% faster than csv-parser
2020-06-09 15:23:15 +12:00
Daniel Lockyer
5d30af1513 Fixed wrong require in post email serializer
refs https://github.com/TryGhost/Ghost/pull/11807

- this was originally reported in the PR above, but we could not
  reproduce it on master
- presumably the user had the latest version of moment installed for
  other purposes and so they were seeing the issue
- between moment 2.24.0 and 2.26.0, something must have changed which
  stopped the previous functionality working
2020-06-08 19:43:55 +01:00
Rish
bca41e1877 Allowed updating from address domain for member emails
refs https://github.com/TryGhost/Ghost/issues/11414

Confirms if the fromAddress for sending member emails is valid and accessible using magic link flow, allowing owners to update full from address including domain change.

- Extends member service to handle magic link generation and validation for email update
- Updates existing setting endpoint to not directly update from address
- Adds new endpoint to send magic link to new address
- Adds new endpoint for validating the magic link when clicked and update the new email for from address
- Adds new email template for from address update email
2020-06-09 00:06:07 +05:30
Rish
4200eaf1f7 Added migration updating members from address with domain
refs https://github.com/TryGhost/Ghost/issues/11414

We want to allow adding custom domains to member's from address as long as the new email is verified using the magic link flow and not saved directly to DB. Since we currently don't store domain as part of fromAddress, this PR -

- adds migration to update all existing fromAddress by appending site domain
2020-06-08 23:47:02 +05:30
Rish
bbcd32d204 🐛 Fixed "from" parameter handling for bulk email
closes https://github.com/TryGhost/Ghost/issues/11768

- Wraps from parameter in double quotes so mail clients can read it whole
- Escapes double quotes in site title to avoid clash with wrapping
2020-06-08 21:56:11 +05:30
Kevin Ansfield
db68560b11 🐛 Improved error message output when oembed request fails
refs https://github.com/TryGhost/Ghost/issues/11212

- if a bookmark card fetch is performed (either directly or from fallback) and the page does not have an extractable title, return a more specific error message than "No provider found for supplied URL."
2020-06-08 15:06:00 +01:00
Kevin Ansfield
5aa6a3dbad Fixed no-shadow linting errors in oembed controllers 2020-06-08 12:52:41 +01:00
Kevin Ansfield
d8773dcc45 Allowed bookmark cards to be created without a description
no issue

- title+description was too limiting for some sites so we're relaxing the requirements to only require a title
2020-06-08 07:55:38 +01:00
Nazar Gargol
c7648737ca Added context and help message to member linking with Stripe account error
no issue

- When the customer cannot be imported because they are missing from linked Stripe account or the linked account is incorrect one, these new messages should provide a better clue about what has caused the error and how to act on it.
2020-06-06 00:06:19 +12:00
Nazar Gargol
633ba27f0e Added custom label assignment to imported members
no issue

- There is a need to be able to label certain import group of members
with custom labels. This will allow to distinguish/filter these newly
imported  members.
- Allowed `POST /members/csv/` endpoint to accept `labels`
field parameter which assigns labels to every member from imported csv.
2020-06-05 16:22:09 +12:00
Kevin Ansfield
fdeb7daf40 Added shared_views default setting
no issue

- we want custom views to be shared for all users and managed by admins rather than per-user
2020-06-04 21:29:06 +01:00
Nazar Gargol
12c8b63a4a Added more specific error handling when adding duplicate labels
no issue

- Similarly to other additive api methods  (e.g. members.add) returned more specific ValidationError with contex filled in with the reason why adding did not succed.
- This change is needed for more graceful label handling when adding new members through import
2020-06-05 00:23:10 +12:00
Nazar Gargol
59c773fb04 Removed cache invalidation header when adding label through Amdin API
no issue

- Adding labels doesn't cause any content to invalidate, similarly to adding members. Unlike it's caunterpart - tags, there is no dependent "frontend" content that would become invalid
2020-06-04 23:44:19 +12:00
Fabien O'Carroll
7c188ec1eb 🐛 Fixed settings controller edit method
no-issue

This was because the API was recieving a default `null` value for the
stripe_connect_integration_token setting.

This also improves the logging for this error.
2020-06-02 19:01:19 +02:00
Fabien O'Carroll
37a1947fc5 Fixed broken regression tests from #11861
no-issue

The config is now a class and the context of `this` was not bound
2020-06-02 16:20:57 +02:00
Kevin Ansfield
4e139ee5b4 Fixed linting 2020-06-02 14:33:43 +01:00
Kevin Ansfield
64ed246d03
Merge pull request from GHSA-4m2q-w26j-h268
no issue

- added an `externalRequest` lib
  - uses same underlying `got` module as our `request` lib
  - uses `got`'s `beforeRequest` and `beforeRedirect` hooks to perform it's own dns resolution for each url that's encountered and aborts with an error if it resolves to a private IP address block
  - includes a bypass for Ghost's configured url so that requests to it's own hostname+port are not blocked
- updated v2 and canary oembed controllers to use the `externalRequest` lib
2020-06-02 14:30:10 +01:00
Fabien O'Carroll
44f1c0a7b6 Updated members config to respect stripeDirect
no-issue

If the stripeDirect config value is NOT set / false, then connect token
should be used over the API keys if both are present, or else use
whichever is present.  If the stripeDirect config value is set /
true,then API keys should be used and stripe connect token should be
completely ignored.

The reason for this is that we want to use Stripe Connect as the primary
auth method going forward, but we want to keep the direct version
availiable should the Ghost Foundation ever dismantle. This will allow
people to use all the same features with no dependency on an external
service.
2020-06-02 15:28:42 +02:00
Fabien O'Carroll
a1f883edbc Refactored members config to use DI
no-issue

This makes testing it much easier
2020-06-02 15:28:42 +02:00
Fabien O'Carroll
fc0e97593b Added membersStripeConnect controller auth method
no-issue

In order to issue a redirect we need access to the "raw" req/res
objects, which is why we must return the function which gets access to
them.

The members service is used to create the auth url and to update the
users session.
2020-06-02 15:28:42 +02:00
Fabien O'Carroll
5b058d6d5b Added permission for auth:members_stripe_connect
no-issue

This permission is used to ensure that only the Owner can
authenticate/authorize the members_stripe_connect integration.
2020-06-02 15:28:42 +02:00
Fabien O'Carroll
413aa06ca5 Wired up stripe-connect module to settings API
no-issue

Uses the members service to parse a stripe_connect_integration_token
setting and set the stripe_connect_integration based on that.

This change includes ignoring the stripe_connect_integration{,_token}
settings, as the token is never saved, and the integration can only be
set by using the token.
2020-06-02 15:28:42 +02:00
Fabien O'Carroll
95acbbad93 Added stripe_connect_integration default setting
no-issue

This will be used to store the keys and other information after a
sucessful Stripe Connect OAuth flow.
2020-06-02 15:28:42 +02:00
Fabien O'Carroll
eb962d8e5c Added stripe connect module to member service
no-issue

This module handles the creation of a url used for authorization of
Stripe Connect, and also the parsing of the data eventually received
from the authorization flow.
2020-06-02 15:28:42 +02:00
Fabien O'Carroll
88b4c5571d Refactored the settings edit controller
no-issue

There was some unused code here, the variable  was never used, also we
were looping and collecting a list of errors, but only every using the
first one, so switched to the `find` method which stops iteration after
an element has matched.
2020-06-02 15:28:42 +02:00
Rish
a7ede2768b 🐛 Fixed test email permissions for non-owner roles
closes https://github.com/TryGhost/Ghost/issues/11841

- Migration adds mapping between permissions and roles for email_preview send test mail
- Only owner previously had correct permission to send test emails
- Fixture existed to allow Admin/Editor/Integrations to send test mails but had missing migration
- Adds tests for roles to send test email
2020-06-02 14:54:50 +05:30
Rish
d2cf7111ec Added new mail type for member email update
refs https://github.com/TryGhost/members.js/issues/30

- Added new `updateEmail` type for sending email address update confirmation mail to member
- The link in email updates member's email address
2020-06-02 14:27:03 +05:30
Daniel Lockyer
3701d6e919 Fixed incorrect require for lodash package
no issue

- node was complaining the package was missing after the sanitize-html update [1]
- the update removed an old version of lodash which supported the dot importing
  method
- our code relied on this subdependency to work, but the structure has since
  been updated

[1]: https://github.com/TryGhost/Ghost/pull/11867
2020-06-01 08:42:58 +01:00
Rish
9948e85154 Updated member subscribe email template
no issue

- Updated button copy to "Confirm email address"
- Added missing color to copy link address
2020-06-01 12:55:47 +05:30
Vikas Potluri
00c324fa4e
Moved core/server/lib/common/logging to core/shared/logging (#11857)
- Represents that logging is shared across all parts of Ghost at present
  * moved core/server/lib/common/logging to core/shared/logging
  * updated logging path for generic imports
  * updated migration and schema imports of logging
  * updated tests and index logging import
  * 🔥 removed logging from common module
  * fixed tests
2020-05-28 19:30:23 +01:00
Rish
3471a21bc3 Removed email update directly using member session auth
refs https://github.com/TryGhost/members.js/issues/30

- Member cannot update their email directly but need to do it via magic link sent to new email address
- Previous profile update change had allowed email to be updated directly as well for authenticated member
2020-05-28 19:31:00 +05:30
Vikas Potluri
1bd8c18a16
Moved core/server/lib/url-utils to core/shared/url-utils (#11856)
* moved url-utils from server to shared
* updated imports of url-utils
2020-05-28 11:57:02 +01:00
Kevin Ansfield
35f8042d7b
Added ?search= param to Admin API members endpoint (#11854)
no issue

- adds `search` bookshelf plugin that calls out to an optional `searchQuery()` method on individual models to apply model-specific SQL conditions to queries
- updated the base model's `findPage()` method to use the search plugin within `findPage` calls
- added a `searchQuery` method to the `member` model that performs a basic `LIKE %query%` for both `name` and `email` columns
- allowed the `?search=` parameter to pass through in the `options` object for member browse requests
2020-05-28 10:14:02 +01:00
Vikas Potluri
e7dc5f0bb3
removed invalid require in v2 input validator (#11851) 2020-05-27 18:49:13 +01:00
Vikas Potluri
15d9a77092
Moved config from server to shared (#11850)
* moved `server/config` to `shared/config`
* updated config import paths in server to use shared
* updated config import paths in frontend to use shared
* updated config import paths in test to use shared
* updated config import paths in root to use shared
* trigger regression tests
* of course the rebase broke tests
2020-05-27 18:47:53 +01:00
Vikas Potluri
c17a6e457c
Removed import of common sub-modules (#11849)
* replaced import of `common/logging` with destructuring the "module" in migrations
* removed reference to `index` in admin regression test
2020-05-26 21:12:13 +01:00
Vikas Potluri
aeee302c9d
refactored 'lib/image' imports to use destructuring (#11847)
* refactored 'lib/image' imports to use destructuring
* trigger all-tests
2020-05-26 19:11:23 +01:00
Hannah Wolfe
c86933f44f
Remove common errors (#11848)
* refactored core/frontend/services/proxy to import common dependency like a normal person
* removed all imports of `common/errors`
* 🔥 removed common/errors module

Co-authored-by: Vikas Potluri <vikaspotluri123.github@gmail.com>
2020-05-26 19:10:29 +01:00
Kevin Ansfield
071ab9774b
Added Admin API endpoint for basic member stats (#11840)
no issue

- moves members stats generation for the admin graph from the client to the server
- outputs a basic totals count across a requested date range of 30, 90, 365 days, or all time. See below for the response shape
- leaves heavy lifting of the counts to the SQL engines - tested on a dataset of 100k members and query performance is <100ms

```
GET /ghost/api/canary/members/stats/?days=30

{
    total: 100000,
    total_in_range: 20000,
    total_on_date: {
        '2020-04-25': 19000,
        '2020-04-26': 19500,
        // continues until today's date
    },
    new_today: 200
}
```
2020-05-26 10:38:42 +01:00
Vikas Potluri
9254f94407
Refactored migrations to destructure common lib import (#11837) 2020-05-25 09:48:50 +01:00
Vikas Potluri
4ac88dce10
Refactored common lib import to use destructuring (#11835)
* refactored `core/frontend/apps` to destructure common imports
* refactored `core/frontend/services/{apps, redirects, routing}` to destructure common imports
* refactored `core/frontend/services/settings` to destructure common imports
* refactored remaining `core/frontend/services` to destructure common imports
* refactored `core/server/adapters` to destructure common imports
* refactored `core/server/data/{db, exporter, schema, validation}` to destructure common imports
* refactored `core/server/data/importer` to destructure common imports
* refactored `core/server/models/{base, plugins, relations}` to destructure common imports
* refactored remaining `core/server/models` to destructure common imports
* refactored `core/server/api/canary/utils/serializers/output` to destructure common imports
* refactored remaining `core/server/api/canary/utils` to destructure common imports
* refactored remaining `core/server/api/canary` to destructure common imports
* refactored `core/server/api/shared` to destructure common imports
* refactored `core/server/api/v2/utils` to destructure common imports
* refactored remaining `core/server/api/v2` to destructure common imports
* refactored `core/frontend/meta` to destructure common imports
* fixed some tests referencing `common.errors` instead of `@tryghost/errors`
   - Not all of them need to be updated; only updating the ones that are
causing failures
* fixed errors import being shadowed by local scope
2020-05-22 19:22:20 +01:00
Rish
65656a9cf4 Removed global bodyParser middleware for members app
no issue

- Removes global bodyParser middleware for membersApp and adds it to specific endpoints
- Removes global boolParser middleware for membersApp

We added bodayParser middleware to memebrsApp in [this](fe3eab1836) commit to read json requests for members update endpoint, but that had issues with stripe webhook parsing for `/webhooks` endpoint as stripe expects raw data to be passed down.
2020-05-22 14:34:40 +05:30
Kevin Ansfield
21d38b2d37 Added label to known filter params for members
no issue

- updated `filter` plugin with appropriate label relationship and replacement config for NQL
- fleshed out member and label fixture data and tools to facilitate tests
2020-05-21 18:44:52 +01:00
Fabien O'Carroll
4c3bd0e2e9 Added stripeDirect config to admin api w/ default
no-issue

The flag currently defaults to `true` as we are still using stripe
direct. We expose it on the admin api config endpoint so that the
Ghost-Admin client can use it to conditionally render
2020-05-20 16:47:58 +02:00
Rishabh Garg
fe3eab1836
Added member update endpoint with session auth (#11824)
- Allows member logged in with valid session to update their profile info - name, email, subscribed(newsletter subscription status)
- Adds new util method for formatted member response on the endpoints
- Adds common middlewares for body/bool parser and maintenance
- Adds `subscribed` status to member response
2020-05-20 14:37:58 +05:30
Peter Zimon
c2470bcddb
Fixed truncated URL for password reset email (#11827)
no issue

- shows the full URL instead of a truncated link in password reset email body. This is required for security and usability reasons (copy/paste)
2020-05-20 08:22:37 +01:00
Nazar Gargol
2d41e5cc88 🐛 Fixed permission for "Administrator" to be able to edit post visibility
closes #11825

- The initial implementation had a typo in a role name which didn't allow "Administrator" to edit post's "visibility" attribute
- Added unit tests to check administrator specific role and visibility attribute permission
2020-05-20 17:47:27 +12:00
Hannah Wolfe
998eb62e22 Added success indicator for members magic links
- Add a query param that indicates whether signin/up succeeded or failed
- Add unit tests for all 3 possible cases for the createSessionFromMagicLink middleware
- Added an acceptance test to show the behaviour works in principle
2020-05-08 13:17:51 +01:00
Hannah Wolfe
7ee2e56bb4
Redirect members on token error (#11796)
- This restores the functionality from 3.14 as follows:

/members/ -> (with no route) rendered 404 error
/members/ -> (with route) renders members template
/members/?token=invalidtoken&foo=bar -> redirects to /?foo=bar
/members/?token=validtoken&foo=bar -> redirects to /?foo=bar
2020-05-07 21:55:50 +01:00
Fabien O'Carroll
27a5887696
Increased route specificity for API error handling (#11795)
no-issue

This ensures that errors that are not part of the members frontend API will be handled by the theme and not with JSON
2020-05-07 22:38:58 +02:00
Kevin Ansfield
0eec876cb1 Removed separate reset/forced-reset emails and updated email copy
refs https://github.com/TryGhost/Ghost/pull/11790

- reduced complexity by sticking to one email for both normal reset and forced reset (locked staff accounts)
- exposed `siteTitle` for use in any email templates
- updated email copy to be suitable for both types of password reset
2020-05-06 13:20:11 +01:00
Naz
c84866dda7
Improved password reset and session invalidation for "locked" users (#11790)
- Fixed session invalidation for "locked" user
  - Currently Ghost API was returning 404 for users having status set to "locked". This lead the user to be stuck in Ghost-Admin with "Rousource Not Found" error message.
  - By returning 401 for non-"active" users it allows for the Ghost-Admin to redirect the user to "signin" screen where they would be instructed to reset their password

- Fixed error message returned by session API
  - Instead of returning generic 'access' denied message when error happens during `User.check` we want to return more specific error thrown inside of the method, e.g.: 'accountLocked' or 'accountSuspended'
  - Fixed messaging for 'accountLocked' i18n, which not corresponds to the
actual UI available to the end user

- Added automatic password reset email to locked users on sign-in
  - uses alternative email for required password reset so it's clear that this is a security related reset and not a user-requested reset

- Backported the auto sending of required password reset email to v2 sign-in route
  - used by 3rd party clients where the email is necessary for users to know why login is failing

Co-authored-by: Kevin Ansfield <kevin@lookingsideways.co.uk>
2020-05-05 19:37:53 +01:00
Rishabh Garg
a01bcdd2d0
Added new endpoint for refreshing api key secret (#11791)
no issue

- Adds new endpoint on integration to refresh admin/content api key secret
- Allows owner/admin to refresh their content or admin API keys for an integration via Ghost Admin
- Adds a new `refreshed` event to actions table for anytime an api_key secret is refreshed
2020-05-05 23:36:21 +05:30
Hannah Wolfe
53d14fd8e3 Added Router etc to shared/express + use everywhere
- Added a wrapper around express.Router to our shared/express util
- Also export static and _express
- Use this shared util everywhre, meaning express is only used directly in this one file
- ATM this file is mostly an experiment / debug helper, it might be removed again later
- The aim is to have a minimal framework wrapping express that allows us to:
     - reduce our usage of express() in favour of Router()
     - unify some of our duplicated logic
     - fix some structural issues e.g. Sentry
     - make it easier to understand the codebase
2020-05-01 19:32:57 +01:00
Hannah Wolfe
8383b11d84 Cleaned up some weird require paths
- these require paths go back too far. They work but it's odd!
2020-05-01 18:00:57 +01:00
Kevin Ansfield
ee20efc971 Fixed Outlook not centring content column in member emails
refs https://github.com/TryGhost/Ghost/issues/11756

- we removed the fixed `width: 600px` to fix gmail scaling but that means we need a new way of creating a 600px centre column in Outlook
2020-05-01 13:40:02 +01:00
Kevin Ansfield
28b24d2095 Fixed video embed card fallback display across gmail apps
refs https://github.com/TryGhost/Ghost/issues/11756

- bumped kg-default-cards package to generate fixed html for video embed fallbacks
2020-05-01 13:22:52 +01:00
Kevin Ansfield
2404710e66 🐛 Fixed tiny font sizes sometimes seen in member emails on gmail mobile apps
refs https://github.com/TryGhost/Ghost/issues/11756

- fixed gmail scaling problems
  - the `width: 600px` on `.container` was forcing gmail to always render at 600px wide and then use scaling to resize the email to fit the device width
  - for most emails gmail would also apply their own font resizing to compensate so it didn't look _too_ bad
  - some emails however would not trigger the font resizing, most notably when posts contained a feature image, which would result in very small text
  - removing the fixed `width: 600px` resolves the scaling problem and lets the email be truly responsive
- removed attribute selectors in the media query CSS
  - gmail does not support attribute selectors
  - attribute selectors used to be necessary for Yahoo Mail but this is no longer the case
- tested using litmus.com for all popular email clients
2020-05-01 11:06:52 +01:00
Hannah Wolfe
baa8118893 Refactor common pattern in service files
- Use array destructuring
- Use @tryghost/errors
- Part of the big move towards decoupling, this gives visibility on what's being used where
- Biting off manageable chunks / fixing bits of code I'm refactoring for other reasons
2020-04-30 20:48:42 +01:00
Hannah Wolfe
c70c49258e Added new members/api/site endpoint
- easy way to access public settings needed for building members clients
- no auth means this is for public info only
2020-04-30 19:50:40 +01:00
Hannah Wolfe
5365522cf5 Removed dupe use of labs.members & leftover file
- Meant to cleanup the old api/canary/members earlier, removed now as it's unused
- Also removed all the duplicate references to labs.members in various places
2020-04-30 19:33:09 +01:00
Hannah Wolfe
0cba02b370 Renamed members ssr + api endpoints 2020-04-30 19:00:37 +01:00
Hannah Wolfe
fa4dfa1b21 Moved members API out of backend 2020-04-30 18:18:39 +01:00
Hannah Wolfe
d7c60d1bd8 Fixed silly find&replace issue in members.js
- Delete contains the word let 🙈
2020-04-30 17:56:18 +01:00
Hannah Wolfe
84d8c89c37 Revert const/let changes in members.js
- My codebase-wide replacement of const/let yesterday went one step too far :)
- grunt uglify:prod fails on the use of const
- This file should continue to use var for the time being cos there's plans to upgrade this script already :)
2020-04-30 17:36:41 +01:00
Hannah Wolfe
a1f2715135 Moved members app mount to parent app
- Clarify that the parent app has 2 distinct parts: backend and frontend
- Frontend app takes members and site apps + the frontend SSL redirect middleware
- Backend app already has admin + API (and the SSL redirect needs significant work)
- There's a lot more to do here, but this increases clarity
2020-04-30 17:01:17 +01:00
Hannah Wolfe
985bbbd194 Moved members routing+mw into its own app
- create a new app for the /members/ endpoint
- moved all /members/ routes and middleware onto this app
- helps to separate members and frontend/site logic so we can start to decouple things more
2020-04-30 13:03:27 +01:00
Kevin Ansfield
81bf1667fa Fixed video embed card fallback display in Outlook
refs https://github.com/TryGhost/Ghost/issues/11756

- updates `@tryghost/kg-default-cards` which includes a VML version of video embed card fallbacks
- fixes play button styling for Yahoo Mail
- adds a minimum height to video embeds so they appear more reasonable when images are not loaded
2020-04-30 12:08:06 +01:00
Rish
e54a8b5112 🐛 Fixed next middleware call after magic link redirect
no issue

We changed the magic link route handling from setting global value to just redirecting to frontend in [this](d8d5d6b7d0 (diff-0d54454fd954b0203a71ec52df4bd4c0R96-R98)) commit, but missed removing `next()` call which attempts to send response again causing Unhandled rejection error. This change simply removes the extra `next()` call
2020-04-30 13:47:20 +05:30
Federico Tibaldo
4fcc31015b
🐛 Fixed regex match replacement when dealing with external URLs (#11781)
refs #10898

- Execute string replacement on external paths
- Take non-top-level base URLs into consideration (to avoid #10776 dups)
- Added tests for all of the above cases
2020-04-30 07:51:36 +01:00
Hannah Wolfe
d8d5d6b7d0 Moved magiclink handling to /members/ + added redirect
- Magic link token handling doesn't need to be global, this couples the system to the frontend, which isn't necessary
- Instead, we create a session from the token, and redirect to the frontend
- Move res.locals.members setting into existing middleware function instead of having it separate
2020-04-29 19:35:41 +01:00
Hannah Wolfe
0e1ae7c2af Separated members token mw from members session mw
- The existing createSessionFromToken was actually doing two things behind the scenes
   1. Handling the ?token from the magic link and creating an actual session (mounted globally, which is not necessary)
   2. Loading an existing session so that a member is logged in to the frontent
- IMO 1. is part of members, and doesn't need to be global
- IMO 2. is part of the frontend. It does need to be global but should NOT be hidden away behind the token middleware, as it wasn't clear what this was doing
2020-04-29 19:19:19 +01:00
Hannah Wolfe
f10b4394dc Updated new local config to not affect tests
- if you have local config, e.g. a subdirectory in your URL, this would affect the tests
- tests should always only use test config
2020-04-29 18:54:03 +01:00
Daniel Lockyer
7fe5bacada Changed bulk-email error to EmailError
no issue

- this error is more suitable than the generic GhostError
2020-04-29 17:20:04 +01:00
Hannah Wolfe
22e13acd65 Updated var declarations to const/let and no lists
- All var declarations are now const or let as per ES6
- All comma-separated lists / chained declarations are now one declaration per line
- This is for clarity/readability but also made running the var-to-const/let switch smoother
- ESLint rules updated to match

How this was done:

- npm install -g jscodeshift
- git clone https://github.com/cpojer/js-codemod.git
- git clone git@github.com:TryGhost/Ghost.git shallow-ghost
- cd shallow-ghost
- jscodeshift -t ../js-codemod/transforms/unchain-variables.js . -v=2
- jscodeshift -t ../js-codemod/transforms/no-vars.js . -v=2
- yarn
- yarn test
- yarn lint / fix various lint errors (almost all indent) by opening files and saving in vscode
- grunt test-regression
- sorted!
2020-04-29 16:51:13 +01:00
Kevin Ansfield
d255d98bbb Improved display of video embed cards in member emails
refs core/server/api/canary/oembed.js

- updated `kg-default-cards` to a version that will render a thumbnail and play button overlay for video embed cards when rendering to an email target
- added styling for video embed play button overlays to members email template
2020-04-29 16:44:20 +01:00
Kevin Ansfield
1f85ef46d2 Adjusted oembed endpoints to fetch higher resolution thumbnails
no issue

- embed cards now store metadata including thumbnail urls in their payload
- we want to use this metadata to render video cards in emails
- by default oembed endpoints return fairly small thumbnail images that don't look great when blown up
- oembed supports a `maxwidth` query param that will instruct oembed providers to return larger sizes of the content if available
2020-04-29 16:44:20 +01:00
Daniel Lockyer
6d21bbfc63 🐛 Fixed handling of Handlebars errors
no issue

- Handlebars now throws an Error for misuse errors within the if/unless
  helpers, but our error handling checks for a TypeError
- this would skip using an IncorrectUsageError and ends up throwing a GhostError
- this commit removes the TypeError check and switches to using the
  Handlebars error message
2020-04-29 16:32:50 +01:00
Hannah Wolfe
c902c71fbd Added support for local config file
- Because we want devExperiments enabled when checking out from source, we have a committed config.development.json
- It works, but is a PITA if you want to have some local settings, as they have to be stashed (or get accidentally committed)
- This commit adds `config.local.json` as a local file that anyone can specify in any env, and it will be loaded
- Note that config.[specific env].json will trump it / overwrite it
- But you can still have settings alongside!
2020-04-27 19:09:20 +01:00
Hannah Wolfe
0fe0e09d62 Moved express init + sentry to a shared util
- added core/shared to watched folders in grunt
- moved sentry to shared
- moved express initialisation to a shared file
- always set trust proxy + sentry error handler
- use this new express init everywhere, and remove duplicate trust proxy and sentry error handler code
2020-04-27 18:17:50 +01:00
Hannah Wolfe
be10039f76 Renamed app related files+variables for clarity
- renamed the parentApp in index.js to ghostApp, to reduce confusion with the layer that is named parentApp
- renamed the adminApp inside of parentApp to backendApp to reflect the fact it's both admin+api
- renamed a bunch more variables there to be backend, rather than admin
- renamed the api index.js file to app.js and created a new index which is an actual index
2020-04-27 17:50:08 +01:00
Hannah Wolfe
4e9889ea4f Updated canary admin/site endpoint again
- put brand back, but only if dev experiments is enabled
- put members plans and allowSelfSignup back, but this is temporary as they need to live elsewhere
2020-04-27 15:20:14 +01:00
Hannah Wolfe
89669cd8e9 Updated canary admin/site endpoint temporarily
- these changes are not ready for prime time
2020-04-27 12:58:09 +01:00
Kevin Ansfield
cd04262889 🐛 Fixed publish date in emails not respecting site's configured timezone
closes https://github.com/TryGhost/Ghost/issues/11659

- default `moment()` timezone is UTC and we store the `published_at` value in UTC
- fetch the configured timezone and convert the date into that timezone before formatting for inclusion in the email template
2020-04-27 11:38:11 +01:00
Hannah Wolfe
4a67ea5546
Fixed admin host with port causing infinite redirect (#11767)
closes #11766, refs 7284227f1

- when we changed from host to hostname, more changed than just using the x-forwarded-host if trusted because express req.hostname does not return the port
- this causes issues with an infinite redirect if you try to set a different admin host with a port
- added a test to demonstrate the case, that didn't fail due to an error in the test logic
- switched from redirecting based on req.hostname to using req.vhost.host which has the correct trusted, requested value that we should rely on
- simplified the comparison logic to explicitly compare host with host
2020-04-23 19:00:28 +01:00
Daniel Lockyer
43dd253c12 Fixed timeout in default scheduler
no issue

- the code didn't verify the existance of `timeoutInMS` before using it
- this caused `requestTimeout` to be `undefined`
- this commit adds the extra check so the fallback of 5000ms will be
  used
2020-04-23 15:15:12 +01:00
Hannah Wolfe
d4cd996e20 Use destructuring for more readable redirect code
- This code was a little verbose, which made it hard to see what was happening (it still is a bit)
- Used destructuring to reduce the code
- Renamed a few variables
2020-04-22 20:30:17 +01:00
Hannah Wolfe
19dde146c1 Renamed redirect functions for clarity
- we had urlRedirects, urlRedirects.adminRedirect and adminRedirects
- all do kinda similar things, but for different contexts so for now I've done a minimal renaming for clarity
- and updated some comments!!
- also removed totally unnecessary if res.isAdmin clause, as we don't use that, and it was never true
2020-04-22 19:31:36 +01:00
Hannah Wolfe
37a22edbe9 Refactored cache-control mw to remove dependencies
- cache-control had some logic in it for private blogging + similar logic exists for members in site/app
- having it in 2 places is weird, and having it inside the mw makes the mw less generic/reusable
- instead of requiring config inside the middleware, we pass config in for the one case where this is used
- fixed tests that didn't test anything 🙈
2020-04-22 18:01:01 +01:00
Hannah Wolfe
f4f61b8a3a Moved normalize image mw into api app
- Moved normalize image mw from shared to api as it is not shared (except within the API)
- This file is only used in one part of the app, this updates the code structure to reflect this
- This is one of many similar changes needed to make it easier to refactor to the existing setup
2020-04-22 17:48:54 +01:00
Rish
d0a16112f5 Fixed incorrect member first name in session data
no issue

Fixes a copy bug on how member's first name is calculated while getting member's session data in theme
2020-04-22 19:28:43 +05:30
Hannah Wolfe
de9864db30 Moved upload validation mw into api app
- Moved upload validation mw from shared to api as it is not shared (except within the API)
- Co-located the code with the upload middleware, as it's small and gives us a nice API of .upload.single and .upload.validation
- This file is only used in one part of the app, this updates the code structure to reflect this
- This is one of many similar changes needed to make it easier to refactor to the existing setup
2020-04-22 07:37:02 +01:00
Hannah Wolfe
1a4506dcf0 Moved validation utils into validation/upload
- These two functions have no dependencies and are only used in valiation/upload
- Co-locating the code makes it easier to move
- Exported them with a new module.exports._test pattern - we'll see about whether this is a good idea
- This is one of many similar changes needed to make it easier to refactor to the existing setup
2020-04-22 07:21:41 +01:00
Hannah Wolfe
d85c634669 Removed unused middleware code
- removed empty theme-handler_spec.js file
- removed unused export of uncapitalise
- removed unused export of utils
- remove unused blog-icon and profile-image validation code (now lives in core/server/api/[version]/utils/validators/input)
2020-04-22 07:15:51 +01:00
Hannah Wolfe
36b42505ea Moved upload mw into api app
- Moved upload mw from shared to api as it is not shared (except within the API)
- This file is only used in one part of the app, this updates the code structure to reflect this
- This is one of many similar changes needed to make it easier to refactor to the existing setup
2020-04-22 07:12:25 +01:00
Hannah Wolfe
05cf4f495d Moved update-user-last-seen mw into api app
- Moved update-user-last-seen from shared to api as it is not shared (except within the API)
- This file is only used in one part of the app, this updates the code structure to reflect this
- This is one of many similar changes needed to make it easier to refactor to the existing setup
2020-04-22 07:12:25 +01:00
Hannah Wolfe
92af5b8f09 Moved api cors mw into api app
- Moved api cors from shared to api as it is not shared (except within the API)
- This file is only used in one part of the app, this updates the code structure to reflect this
- This is one of many similar changes needed to make it easier to refactor to the existing setup
2020-04-22 07:12:25 +01:00
Hannah Wolfe
41c3b4e92b Moved version-match mw into api app
- Moved version-match from shared to api as it is not shared (except within the API)
- This file is only used in one part of the app, this updates the code structure to reflect this
- This is one of many similar changes needed to make it easier to refactor to the existing setup
2020-04-22 07:12:25 +01:00
Rish
adde1fa01c Fixed allowSelfSignup value in site data
refs https://github.com/TryGhost/members.js/issues/6

Fixed a bug in setting `allowSelfSignup` value as public plans
2020-04-21 23:35:16 +05:30
Rish
29bc241cf6 Exposed member session data on site
refs https://github.com/TryGhost/members.js/issues/6

This exposes an endpoint on site url (`/members/ssr/member`) to get member's data in exchange for their session/identity on a theme when they are logged in. It essentially uses the same logic and data which is passed down to theme through handlebar helpers, and is used by members.js script to load member data.
2020-04-21 23:35:16 +05:30
Rish
dd377492bf Updated public site endpoint with more data
no issue

This adds new public settings - description, logo, brand - and some public member settings - plans, allowSelfSignup to the open site endpoint which will be used by members.js for data initialization
2020-04-21 23:35:16 +05:30
Rish
4b654aaaf6 Added method to fetch public membership plans
no issue

This allows anyone using members service to fetch public membership plans for a site including currency and monthly/yearly charges. This is currently duplicated from theme service where we create the price helper, but will be cleaned up to keep logic in one single place.
2020-04-21 23:35:16 +05:30
Hannah Wolfe
213f0a4785 Moved ghost-locals mw into parent app
- Moved ghost-locals from shared to parent as it is not shared
- This file is only used in one place, this updates the code structure to reflect this
- This is one of many similar changes needed to make it easier to refactor to the existing setup
- This allows shared middleware to be unhooked from the parent app
2020-04-21 18:50:46 +01:00
Hannah Wolfe
295eac6ea1 Moved emit-events mw into parent app
- Moved emit-events from shared to parent as it is not shared
- This file is only used in one place, this updates the code structure to reflect this
- This is one of many similar changes needed to make it easier to refactor to the existing setup
2020-04-21 18:36:42 +01:00
Hannah Wolfe
e53baac13d Moved log-request mw into parent app
- Moved log-request from shared to parent as it is not shared
- This file is only used in one place, this updates the code structure to reflect this
- This is one of many similar changes needed to make it easier to refactor to the existing setup
2020-04-21 18:30:35 +01:00
Hannah Wolfe
8fe56852e0 Moved request-id mw into parent app
- Moved request-id from shared to parent as it is not shared
- This file is only used in one place, this updates the code structure to reflect this
- This is one of many similar changes needed to make it easier to refactor to the existing setup
2020-04-21 18:29:20 +01:00
Hannah Wolfe
becc239de1 Moved web/parent-app to web/parent/app
- Have a consistent structure so we can co-locate an app with its own middleware
- This is another small step in sorting out the giant mess that was web/shared/middleware
2020-04-21 18:08:29 +01:00
Hannah Wolfe
61633d48ee Moved serve-public-file mw into site app
- Moved serve-public-file from shared to site as it is not shared
- This file is only used in one place, this updates the code structure to reflect this
- This is one of many similar changes needed to make it easier to refactor to the existing setup
2020-04-21 17:23:07 +01:00
Hannah Wolfe
be71dfebe5 Removed unused requires
refs 406218489c

- I missed these due to using `grunt validate` instead of `yarn test` 🙈
2020-04-21 17:09:58 +01:00
Hannah Wolfe
0897b0ef3c Unhooked shared mw from members service 2020-04-21 17:04:20 +01:00
Hannah Wolfe
406218489c Remove additional mount of content/images
refs 717567995b

- We should not be using relative URLs inside the admin panel anymore
- Removes a usage of "shared" middleware which isn't truly shared
2020-04-21 17:02:16 +01:00
Hannah Wolfe
dbafaf7205 Moved handle-image-sizes mw into site app
- Moved handle-image-sizes from shared to site as it is not shared
- This file is only used in one place, this updates the code structure to reflect this
- This is one of many similar changes needed to make it easier to refactor to the existing setup
2020-04-21 15:50:01 +01:00
Hannah Wolfe
9fe741c9b9 Moved static-theme mw into site app
- Moved static-theme from shared to site as it is not shared
- This file is only used in one place, this updates the code structure to reflect this
- This is one of many similar changes needed to make it easier to refactor to the existing setup
2020-04-21 15:50:01 +01:00
Hannah Wolfe
40fa2053e3 Moved serve-favicon mw into site app
- Moved serve-favicon from shared to site as it is not shared
- This file is only used in one place, this updates the code structure to reflect this
- This is one of many similar changes needed to make it easier to refactor to the existing setup
2020-04-21 14:30:32 +01:00
Hannah Wolfe
c3f4b7a57c Moved admin-redirects mw into site app
- Moved admin-redirects from shared to site as it is not shared
- This file is only used in one place, this updates the code structure to reflect this
- This is one of many similar changes needed to make it easier to refactor to the existing setup
2020-04-21 12:18:19 +01:00
Kevin Ansfield
c5f7adf917 Fixed "view sent email" showing mailgun template variables
no issue

- the `email.{html,plaintext}` fields are only used to display what was sent in the email so it doesn't make sense to store the mailgun-specific content which can be confusing when viewing in the admin area
- store the raw serialized post content with a basic no-data replacement of replacement strings rather than the output of full data fetching and mailgun transformation
2020-04-20 15:35:33 +01:00
Kevin Ansfield
9981ea336c Changed {subscriber_firstname} replacement to {first_name}
no issue

- easier to remember and type
- removes need to remove the `subscriber_` prefix when accessing member properties
2020-04-20 14:25:58 +01:00
Kevin Ansfield
a09a6caf5f Fixed in-browser email preview showing raw replacement strings
no issue

- fixed plaintext templates being word wrapped and breaking across replacement strings
- updated `postEmailSerializer.serialize` to return the email template plus a replacements array that can be used for creating Mailgun-like recipient variable objects or more straight forward replacement
- updated email-preview API to work with the replacements data to show fallback data when previewing
2020-04-20 12:24:05 +01:00
Kevin Ansfield
e0e0a85a32 Updated test emails to fetch member data if email matches
no issue

- with the email replacements feature it's useful to have real member data when sending test emails from the PSM
- if the supplied email address matches a member then that member's data will be used for any replacements
2020-04-17 12:15:39 +01:00
Kevin Ansfield
d0393b6223 Fixed {subscriber_firstname} not picking up member's name in emails
no issue

- in our replacements the member properties are prefixed with `subscriber_` but this wasn't taken into account when requesting data from the member object
2020-04-17 12:15:39 +01:00
Daniel Lockyer
8853067830 Added custom json-string format to AJV validator
no issue

- the value of `mobiledoc` when submitting a page/post via the API must
  be JSON, but we don't validate this
- this results in url-utils throwing an error, which ends up being a 500
- this commit adds a custom format to AJV to validate it is valid JSON
- also updates tests with bad JSON - 'a'
2020-04-17 11:56:20 +01:00
Kevin Ansfield
374b43ceab Fixed linting error 2020-04-17 11:32:29 +01:00
Kevin Ansfield
a801352c7f Added email card and replacement handling to member emails
no issue

- adjusted mega's post serializer to get full email contents
  - fetch `mobiledoc` from the API rather than the pre-rendered `html` and `plaintext`
  - re-generate `html` using the mobiledoc renderer with an "email" target so that the email-only card content is included
  - re-generate `plaintext` from the newly generated email html

- added replacement handling to mega's `getEmailData` function
  - find all of our `%%{replacement "fallback"}%%` instances in the html template and push them into a replacements array with the respective property on the member instance and desired fallback
  - transform the replacement for Mailgun compatibility. Mailgun uses `%recipient.variable_name%` for its template variables so we need to replace our custom replacement string with the compatible version. Our replacements system allows for the same replacement (`{subscriber_name}`) to be used multiple times and have different fallbacks, Mailgun doesn't support fallbacks so for each replacement we also need an indexed `variable_name` part so that we can put our fallbacks in the correct place
  - perform the same Mailgun template transformation for the plaintext version except we re-use the replacements array to avoid bloating the API request to Mailgun with duplicate template variables for every recipient
  - swapped `reduce` for a plain loop for easier readability
2020-04-17 10:23:03 +01:00
Daniel Lockyer
8d9d129be4 Fixed spam prevention for private sites
fixes #11740

- there was a discrepancy in the use of `private_blog` within the
  code, and `private_block` in the default config
- this commit switches the code to `block` in order to avoid breaking
  existing configs
2020-04-15 16:44:53 +01:00
Hannah Wolfe
a4cf470c87 🐛 Fixed importer always erroring
- in 3.13.2 the importer always throws the error "The "path" argument must be of type string. Received an instance of Object"
- this is due to a change in method signature that wasn't accounted for
- added a test to catch similar changes to this code in future
2020-04-15 13:24:43 +01:00
Daniel Lockyer
da237ca885 Returned error upon oembed catch
no issue
2020-04-15 10:35:22 +01:00
Daniel Lockyer
87bd26a4d6 Returned full error upon missing tag/label
no issue
2020-04-15 10:15:48 +01:00
Daniel Lockyer
a769bbe86c Fixed 500 error when deleting items that don't exist
fixes #11723

- when deleting an invite/label/tag/webhook that doesn't
  exist, Ghost would throw a 500 error
- this commit catches the NotFoundError
- also rejects from model if nothing was found
- spotted in Sentry
2020-04-13 16:13:33 +01:00
Daniel Lockyer
946f7b872f Returned Promise.reject instead of throwing error
no issue

- brings in line with other code changes
2020-04-13 16:13:33 +01:00
Hannah Wolfe
59b9f161dd Moved non-helper code out of helpers
- the helper dir also contained some code used with helpers - utils and helper-helpers?
- the goal here was for helpers to be the only thing in their folder so we can look at moving them out
- all other code has been moved to services/themes for now, which is not the right place either
- services/themes is a catch-all for theme storage, loading, validation, rendering and more, needs to be broken down
2020-04-10 12:27:43 +01:00
Kevin Ansfield
f3627c5fc3 Update dependency @tryghost/kg-markdown-html-renderer to v2.0.0
no issue

- `version` integer parameter in the `render` method has been replaced with an `options` object parameter
2020-04-09 21:10:03 +01:00
Hannah Wolfe
4f5fb3d820 Swapped common for @tryghost/errors in core/server/web
- Update all references to common.errors to use @tryghost/errors
- Use dereferencing to only require used bits of common in each file
2020-04-09 19:40:00 +01:00
Kevin Ansfield
1ffdef98c3 Moved lib/thing/index.js files to lib/thing.js
no issue

- cleans up directory structure and increases naming consistency
2020-04-09 10:06:20 +01:00
Kevin Ansfield
b37ac8ef1f Switched to extracted @tryghost/mobiledoc-dom-renderer package
no issue

- moved `mobiledoc.renderers.mobiledocHtmlRenderer` to `mobiledoc.mobiledocHtmlRenderer` so that it's easier for the getter to access the parent objects getters
- removed all tests and dependencies that now live in @tryghost/mobiledoc-dom-renderer
  - kept the `mobiledocHtmlRenderer` test because that's testing that we've correctly wired up our cards and atoms and the output is what we expect
2020-04-08 18:27:12 +01:00
Kevin Ansfield
790a5701c9 Fixed typo in migration file
refs 5b96c82627
2020-04-08 16:46:46 +01:00
Kevin Ansfield
5b96c82627 Moved blank mobiledoc document out of mobiledocHtmlRenderer
no issue

- the blank document we use in Ghost is not specific to the html renderer
- renamed from `structure` to `document` to better represent its intent
- allows for easier extraction of `mobiledocHtmlRenderer`
2020-04-08 16:43:05 +01:00
Daniel Lockyer
48fe7b0bc7 Added Promise.reject to importer error cases
no issue
2020-04-08 15:19:03 +01:00
Kevin Ansfield
294187c41f Switched to extracted @tryghost/kg-default-atoms package
no issue

- removed code that now lives in the external Koenig monorepo
2020-04-08 14:49:44 +01:00
Daniel Lockyer
fe10d51536 Changed error when importing an LTS export
no issue

- importing an LTS export would cause Ghost to throw a 500 error because
  it used InternalServerError.
- an IncorrectUsageError is more applicable here
- this commit also updates the code comment and error message
- note: removed comment about WP exports because the plugin has been updated
  to support the v2 & v3 format
- spotted in Sentry
2020-04-08 14:42:29 +01:00
Kevin Ansfield
ce53c602a6 Updated oembed requests to use consistent timeout and user-agent
no issue

- added the same 2sec timeout and `Ghost` user-agent header to the `rel="alternate"` oembed request that we use for the initial html page request
2020-04-07 15:29:31 +01:00
Kevin Ansfield
2642405595
Merge pull request from GHSA-q6jp-j3gg-3mxr
no issue

- backports fixes implemented in https://github.com/TryGhost/Ghost/commit/477393967 from the v3/api endpoint to the v2 endpoint
2020-04-07 11:05:48 +01:00
Daniel Lockyer
13e1ecae27 Replaced use of Bluebird return method from knex code
no issue

- Knex removed their use of several Bluebird methods, including `return`
- our code used `return`, but mostly to return null after a destroy action
- these uses have been replaced with `.then(() => null)` in order to
  continue returning null and to avoid breaking anything
2020-04-07 10:49:12 +01:00
Fabien O'Carroll
a701ee7023
Added support for token session to /ghost (#11709)
no-issue

* Added default for getting origin of request

This function is used to attach the origin of the request to the
session, and later check that requests using the session are coming from
the same origin. This protects us against CSRF attacks as requests in
the browser MUST originate from the same origin on which the user
logged in.

Previously, when we could not determine the origin we would return
null, as a "safety" net.

This updates the function to use a secure and sensible default - which
is the origin of the Ghost-Admin application, and if that's not set -
the origin of the Ghost application.

This will make dealing with magic links simpler as you can not always
guaruntee the existence of these headers when visiting via a hyperlink

* Removed init fns and getters from session service

This simplifies the code here, making it easier to read and maintain

* Moved express-session initialisation to own file

This is complex enough that it deserves its own module

* Added createSessionFromToken to session service

* Wired up the createSessionFromToken middleware
2020-04-06 11:49:14 +02:00
Hannah Wolfe
022a433e56 Added debug info to controller process messages
- Whenever Ghost sends a message to its controller process
- Send extra debug info, so we can be sure what the Ghost process is seeing
2020-04-06 10:44:39 +01:00
Fabien O'Carroll
1f68d8dc20 Refactored existing adapters to use adapter-manager
no-issue

This removes duplications and reduces maintentence going forward.
2020-04-05 21:13:47 +02:00
Fabien O'Carroll
d0bb8c3333 Added base and default SSO Adapter
no-issue
2020-04-05 21:13:47 +02:00
Fabien O'Carroll
fb942af1db Added adapter-manager service
no-issue

This services handles the registration and retrieval of adapters,
it normalises the config to look like:

{
    [adapterType]: {
        active: adapterName,
        [adapterName]: adapterConfig
    }
}
2020-04-05 21:13:47 +02:00
Daniel Lockyer
3988029472 Refactored scheduling adapter loader to better display errors
no issue

- missing modules required by an adapter weren't flagged up as missing,
  but that the entire adapter was missing
- therefore, it was difficult to see what you were missing
- this commit handles the case where a module is missing, and displays
  an error
2020-04-02 19:21:19 +01:00
Fabien O'Carroll
23154f0739
Refactored session service (#11701)
* Refactored SessionStore to use @tryghost/errors

no-issue

* Updated tests to test exposed API

no-issue

This will make refactoring easier, as we only have the "public" contract to maintain

* Refactored session functionality to SessionService

no-issue

This splits the session logic away from the HTTP responding logic,
which will allows us to decouple session creation/modification from the
API. Eventually this can be used to create sessions based on magiclink
style tokens.

* Instantiated and exported the new SessionService

no-issue

* Refactored session middleware to take session service

no-issue

This removes duplication of code and makes the middleware more explicit
that it's just a wrapper around the session service.

* Updated to use external @tryghost/session-service

no-issue
2020-04-02 16:27:31 +02:00
Hannah Wolfe
957da0bfc5 Removed unused timezones.json file
- This file was moved to @tryghost/timezone-data some time ago
- It's no longer used in Ghost core, only in Ghost-Admin
2020-03-30 18:43:59 +01:00
Hannah Wolfe
7964c1de79 Updated image middleware to use new shared function
- we have a function for generating _o filenames in @tryghost/image-transform as of v0.2.0
- this  updates our Ghost code to use it
2020-03-30 18:33:59 +01:00
Daniel Lockyer
23eb3e7c14 Added missing semicolon
no issue
2020-03-26 16:45:33 +00:00
Daniel Lockyer
8f935fe8ae Fixed Slack service throwing error when post is empty
fixes #11694

- if the post contained no body, the `.replace` would throw an error
- converted to an if-statement instead of doing `|| ''` because there
  would be a floating full-stop
2020-03-26 16:38:30 +00:00
Daniel Lockyer
4f01bb34f9 Switched Sentry to use helper file for Ghost version
no issue
2020-03-26 15:35:46 +00:00
Kevin Ansfield
1ee1e68adf Replaced mobiledoc cards with @tryghost/kg-default-cards
no issue

- moved card definitions to a new library `@tryghost/kg-default-cards`
- moved `createCard` factory function to a new library `@tryghost/kg-card-factory`
2020-03-25 19:54:11 +00:00
Hannah Wolfe
d9dfdd775e
Replaced image manipulation w/ @tryghost/image-transform (#11687)
- moved image.manipulation lib to a new package called @tryghost/image-transform
- new package has an updated API signature, so the method calls have changed but the underlying code is identical
- removed the optional sharp dependency from Ghost, as this is now optionally required by the image-transform module
2020-03-25 17:33:03 +00:00
Kevin Ansfield
c65c9c1e5e Extracted markdown-html-renderer to @tryghost/kg-markdown-html-renderer
no issue

- prep for further extraction of mobiledoc cards and renderer
2020-03-25 13:35:32 +00:00
Hannah Wolfe
b2b278a3ba Removed typo 2020-03-25 12:28:57 +00:00
Hannah Wolfe
f12238b11a Cleanup repeated module mocking utils
- mock non existant module util was defined twice
- split it out properly from the rest of the utils, update all references
- this allows us to move this util out of the codebase along with other code, e.g. the image manipulation code
2020-03-25 12:07:32 +00:00
Hannah Wolfe
10ee38683d Update errors across lib/image and lib/request
- swap common.errors for @tryghost/errors
- doing this in batches across small parts of the codebase to reduce disruption
2020-03-25 10:28:14 +00:00
Hannah Wolfe
7e0c71509b Moved apps service to frontend
- App service is for our internal frontend apps
- This is a very straightforward move as this truly belongs to frontend
2020-03-23 19:43:01 +00:00
Nazar Gargol
d881f6704d Renamed migration in 3.12 to follow numerical sequence
no issue

- Migrations within a minor have to be named with numbered prefixes like 01-, 02-, 03-.
- These two migrations were merged into master in the same time window which lead to having incorrect naming
2020-03-23 10:39:09 +08:00
Hannah Wolfe
5ea10b47bd Replaced zip tools with @tryghost/zip
- Moved zipFolder to a new package
- also exposing extract-zip from the new package
- new package has the API pre-promisified
- also uses @tryghost/extract-zip instead of extract-zip, which has bugfixes
2020-03-20 21:08:57 +00:00
Hannah Wolfe
8c1a0b8d0c Remove External Apps
- Apps are marked as removed in 3.0, never officially launched and have been deprecated for at least 2 years.
- We've slowly removed bits that got in our way or were insecure over time meaning they mostly didn't work
- This cleans up the remainder of the logic
- The tables should be cleaned up in a future major
2020-03-20 10:40:22 +00:00
Hannah Wolfe
bc7906a7b2 Revert "Remove Apps"
This reverts commit cbb59a57db.
2020-03-20 08:58:26 +00:00
Hannah Wolfe
cbb59a57db Remove Apps
- Apps are marked as removed in 3.0, never officially launched and have been deprecated for at least 2 years.
- We've slowly removed bits that got in our way or were insecure over time meaning they mostly didn't work
- This cleans up the remainder of the logic
- The tables should be cleaned up in a future major
2020-03-19 19:06:17 +00:00
Hannah Wolfe
5e2c62e328
Moved theme i18n into theme service + refactor (#11674)
- The existing common.i18n library contained code for core and theme translations
- There is some shared logic and some theme-specific logic, and the theme-specific logic has dependencies we don't want in lib/common
- This refactor introduces an I18n base class that does all the main shared logic, with no dependencies on other parts of the codebase
- ThemeI18n then extends this logic, and replaces the functions it needs to handle differently and adds it's dependencies on config and settingsCache
- The class has several methods broken down into smaller pieces to make it easier to extend only the necessary parts
- The class also encapsulates all of its logic, without external functions or variables
- The function loadThemeTranslations becomes the 'init()' function overridden in themeI18n.
2020-03-19 14:07:20 +00:00
Kevin Ansfield
7e4de9b0c1 Fixed typo
no issue

- typo in require introduced in a120d02231
2020-03-19 13:58:13 +00:00
Kevin Ansfield
a120d02231 Moved create-card.js
no issue

- prep for easier move to external repo
2020-03-19 13:54:55 +00:00
Kevin Ansfield
0741114d11 Moved htmlToMobiledocConverter() out of renderers
no issue

- prep for extraction of various Koenig repos
- html->mobiledoc doesn't really fit into the "renderer" naming as it's more of a converter than a renderer and doesn't follow the same pattern
2020-03-19 12:18:54 +00:00
Kevin Ansfield
4949ad9214 Renamed mobiledoc converters to renderers
no issue

- matches naming with `mobiledoc-kit` nomenclature
- better matches intent for future additions of mobiledoc rendering to email/plaintext/etc
2020-03-18 18:13:25 +00:00
Vikas Potluri
dec24ad883
🐛 improve error handling for invalid JSON Theme Translations (#11655)
refs #11464

- Combine reading + parsing of translation file into same step
- DRY reading / parsing logic
- Log an error when parsing fails and fall back as if the locale doesn't exist
2020-03-18 15:51:57 +00:00
Fabien O'Carroll
6f6e5e2a3a Added migration for read:identity permission
no-issue

This ensures that the permission always exists in version 3.12
2020-03-16 13:22:04 +01:00
Fabien O'Carroll
d246a4761e Implemented externally verifiable identity tokens
no-issue

This adds two new endpoints, one at /ghost/.well-known/jwks.json for exposing
a public key, and one on the canary api /identities, which allows the
Owner user to fetch a JWT.

This token can then be used by external services to verify the domain

* Added ghost_{public,private}_key settings

    This key can be used for generating tokens for communicating with
    external services on behalf of Ghost

* Added .well-known directory to /ghost/.well-known

    We add a jwks.json file to the .well-known directory which exposes a
    public JWK which can be used to verify the signatures of JWT's created
    by Ghost

    This is added to the /ghost/ path so that it can live on the admin
    domain, rather than the frontend. This is because most of its
    uses/functions will be in relation to the admin domain.

* Improved settings model tests

    This removes hardcoded positions in favour of testing that a particular
    event wasn't emitted which is less brittle and more precise about what's
    being tested

* Fixed parent app unit tests for well-known

    This updates the parent app unit tests to check that the well-known
    route is mounted. We all change proxyquire to use `noCallThru` which
    ensures that the ubderlying modules are not required. This stops the
    initialisation logic in ./well-known erroring in tests

https://github.com/thlorenz/proxyquire/issues/215

* Moved jwt signature to a separate 'token' propery

    This structure corresponds to other resources and allows to exptend with
    additional properties in future if needed
2020-03-16 13:22:04 +01:00
Rish
318484d737 Read billing url from config and add to API
no issue
2020-03-16 13:22:04 +01:00
Naz
6a9b53fcad
Cleaned up members isPaid flag in settings table (#11651)
no issue

- The flag has not been used and can be removed, to make the `members_subscription_settings` JSON record in `settings` table easier to read. 
- It used to indicate Stripe configuration being present. Currently that is checked by looking up if Stripe config's `public_token` and `secret_token` values are present (example - https://github.com/TryGhost/Ghost/blob/3.11.0/core/frontend/helpers/ghost_head.js#L54)
2020-03-16 13:36:51 +08:00
Rish
5f349b3ef7 🐛 Fixed missing publication icon in newsletter emails
no issue

Email template was incorrectly setting up publication icon url in case of subdirectory setup, leading to missing publication logo from newsletter emails in such cases. This adds the fix to use correct absolute url for publication icons in all setups.
2020-03-12 09:52:54 +05:30
Daniel Lockyer
2dd374043d Handled permissions error in file storage adapter
no issue

- trying to read a file without the correct permissions would cause a
  500 error
- this commit handles the error code and returns an appropriate
  response
2020-03-11 13:27:27 +00:00
Naz
df056416bd
Cleaned up broken complimentary plan (#11650)
refs https://github.com/TryGhost/Ghost/issues/11648

- Removes Stripe plan entries from settings that are not formatted correctly.
- Incorrect formatting was caused by a bug in 3.10.0 Admin-Client where it wasn't able to find complimentary plan. Related fix for this here - 9e7a6b801a
2020-03-10 20:39:34 +08:00
Nazar Gargol
53b6ad16d8 Fixed handling of empty created_at dates in member CSV imorts
no issue

- When created_at value is not provided it should be treated as an empty one instead of trying to import empty string.
- This scenario happens when the column is defined in CSV but no values are present (default parsed value is empty string '')
2020-03-09 20:12:02 +08:00
Kevin Ansfield
4773939670 🔒 Improved validation of fetched urls and responses in oembed endpoint
no issue

- prevent oembed fetching from accessing IP addresses or localhost domains
- prevent oembed endpoint from passing through fetched responses as-is
  - reject any fetched data that does not validate against the oembed spec
  - strip any unknown properties from the oembed response before returning

Credits: Nick Mykhailyshyn
2020-03-09 10:42:25 +00:00
Daniel Lockyer
afb3177e5e Added site URL to Update Check body
no issue
2020-03-09 09:48:04 +00:00
Nazar Gargol
895b3d98e7 Refactored members csv export for bettere readability
no issue
2020-03-06 13:55:11 +08:00
Fabien O'Carroll
801608e077
Fixed permission to only fetch for active users (#11641)
no-issue

Essentially only active users should have their permissions loaded, this
means that suspended or inactive users are stripped of all permissions
until their status is changed.
2020-03-05 12:22:50 +02:00
Fabien O'Carroll
58187175c3
Deleted all but active sessions on password change (#11639)
closes #10323 

* Fixed usage of hasMany for user->session
* Refactored changePassword to async function
* Deleted all user sessions when password changed
* Tested for session retained after password changed
* Added the session to the frame
* Skipped the current session when changing password
2020-03-05 12:22:32 +02:00
Daniel Lockyer
edfc07b9c8 Captured bulk-email errors in Sentry
no issue
2020-03-04 13:44:23 +00:00
Daniel Lockyer
4fda464103 Added captureException helper to Sentry integration
no issue

- this allows us to custom capture exceptions
2020-03-04 13:42:30 +00:00
Nazar Gargol
8f789523e3 Fixed date formatting in members CSV export
no issue

- Made date formatting coherent with the one used in API and the exporter
- Using JSON.stringify() here because that's exactly how API is getting it's formattting done atm
2020-03-04 17:41:02 +08:00
Daniel Lockyer
a851cdfc7b Handled bad URLs in oembed bookmark API
fixes #11636

- malformed URLs passed to oembed API would cause `got` or `metascraper`
  to throw an error and this would result in a 500 error from Ghost
- this commit catches the errors and returns a reasonable response
2020-03-02 14:24:26 +00:00
Kevin Ansfield
7bf5b7d4e0 Deleted unused models/base/token.js file
no issue

- tokens usage was removed in 3.0
2020-02-27 11:32:17 +00:00
Naz
b0ff1e7cac
Added member login resource to Admin API (#11607)
no issue

- Adds 'GET /members/:id/signin_urls' endpoint to Admin API allowing to fetch login URL for member. This URL allows to log in as a member which is useful in situations when you need to impersonate a member (for example to debug some issue they are having)
- Added member_signin_urls permission with migrations. Only the "Owner" user can read "signin_urls" resource. Admin and other users will be denied access
2020-02-27 11:48:02 +08:00
Nazar Gargol
258bcc71bf Added minified members.js file handling
refs 91984b54ca

- For request effieciency we should be using a minified file just like we did previously with `ghost-sdk.js`
- Modified 'max-age' caching header to 1 year  for both minified and non-minified files as thay won't affect dev environment and should be beneficial for self-hosting instances that don't use minification
- Along the way corrected an extra 301 redirect because `/public/member.js` path wasn't using a bakslach in the end.
2020-02-26 14:08:10 +08:00
Naz
3af621ea9a
Added handling allowing members to edit their billing info (#11571)
no issue

- This functionality allows member to update their billing information, like credit card information.
- Adds handler to update Stripe billing when element with `data-members-edit-billing` attribute is present on the page. Additional `data-members-success` and `data-members-cancel` attributes could be used to control the redirects on billing update success or failure. They work in the same fission as for 'members-plan' (https://ghost.org/docs/members/checkout-buttons/#redirects)
2020-02-26 12:42:41 +08:00
Rishabh Garg
3815c0769a
🐛 Fixed incorrect email count on post publish (#11616)
no issue

The email data attached to a post when published with send email flag was not filtered on member access, and picked up the whole member list for email data. This resulted in incorrect data stored in emails table even in case of paid-members-only publish, and also incorrect count of "emails sent" being displayed on Admin.

NOTE: The actual emails being sent are still gated by member access, so no emails were sent to anyone without access, this only affected the associated email data and count. Also, the fix here will show correct email sent status for any future post, but will still show incorrect data for any already published posts as the email data in DB is already wrong and will probably need a migration
2020-02-24 16:34:07 +05:30
Daniel Lockyer
76f9fc50f6 Handled missing resource path for resized images
no issue

-
2020-02-22 10:12:57 +00:00
Kevin Ansfield
f38d490886 Added migration to add members.geolocation
no issue

- prep for storing geolocation of members
2020-02-22 10:12:06 +00:00
Nazar Gargol
b9db9fa15e Allowed editing member's email
no issue

- After investigating effects of allowing editing email there were no significant blockers found, so there is no reason not to allow editing this field
2020-02-21 16:00:13 +08:00
Nazar Gargol
b5183204e9 Added missing frame parameter in member mapper
no issue

- This is not causing any bugs but the frame should always be passed in into the mapper to avoid unintended bugs
2020-02-21 10:40:41 +08:00
Kevin Ansfield
2f55baccd7 Added "trust proxy" to members API app
no issue

- match the other express apps, makes sure that we have access to the correct IP and forwarded host names when running behind proxies
2020-02-20 18:20:57 +00:00
Daniel Lockyer
6dcb1094aa Refactored variable name to match intent
no issue
2020-02-20 11:56:01 +00:00
Nazar Gargol
a1fef1fc7c Added created_at field to accepted fields for members CSV import
no issue

- This field is usefult when importing from external sources.
- The date format should be compatible with one used internally by Ghost which is RFC 2822 compliant format
2020-02-19 19:55:32 +08:00
Kevin Ansfield
19812f53f4
Added member.avatar_image for member gravatars in themes (#11584)
refs https://github.com/TryGhost/Team/issues/243

- uses `member.toJSON()` to add a computed `avatar_image` property
  - if the member has an email address and gravatar is not disabled then we generate a gravatar url using the `?d=blank` parameter to return a transparent image if the member's email has no gravatar
2020-02-19 10:08:12 +00:00
Kevin Ansfield
354e946e6e 🐛 Fixed "Unable to update nested relation" error when adding labels to members
no issue

- 3.6.0 contained incorrect references in the `schema.js` file for the `members_label` table that was added in that version. On MySQL knex created a foreign key constraint for that reference which stopped member labels from being createable
- this fixes the schema file and has a migration to drop and recreate the table. Knex handles removal and addition of foreign keys during table drop/create
2020-02-18 09:08:28 +00:00
Nazar Gargol
6db07ce34d 🐛 Fixed member CSV import setting subscribed to true as default
no issue

- When importing through CSV we should remain the defaults of 'subscribed' fields (`true` at the moment), unless it is explicitly set to `false` or `FALSE` (the latter uppercase value often comes from scpredsheets)
2020-02-18 11:34:20 +08:00
Daniel Lockyer
28071a242a Fixed error reporting to Sentry
no issue

- some errors weren't being reported because they were being passed to
  Sentry before our middleware could populate the error information
- this commit inserts the Sentry middleware into these steps
2020-02-17 13:52:01 +00:00
Kevin Ansfield
02c034068c Fixed error when serving public images from servePublicFile middleware
no issue

- when `servePublicFile` middleware serves an image it resulted in a "Cannot set headers after they are sent to the client" error because `next()` was erroneously called for successful requests which then tripped the `prettyUrls` middleware which tries to perform a redirect
- only calling `next()` when an error is present allows errors to be picked up by later middleware but successful requests end in the `servePublicFile` middleware
2020-02-17 09:24:15 +00:00
Rish
fede3d05f5 Fixed members tests
no issue
2020-02-14 16:06:25 +05:30
Rish
7f337743e9 Fixed tests
no issue
2020-02-14 15:44:47 +05:30
Rishabh Garg
001db05075
Added labels for Members (#11538)
no issue

* Updated sendEmailWithMagicLink syntax

* Updated label name selection from theme

* Updated migration version for labels

* Added labels to export/import of members

* Added member labels sanitization for case-insensitive duplicates

* Fixed tests

* Fixed label serialization bug on import

* Bumped @tryghost/members-api to 0.15.0

* Fixed lint

* Cleanup
2020-02-14 15:03:10 +05:30
Rishabh Garg
9c1aa07ea8
Added host limit check for members email publish (#11534)
no issue
2020-02-13 10:43:36 +05:30
Nazar Gargol
25721828d9 Fixed failure when upgrading to version 3.5.x
no issue

- Initialy reported here: https://forum.ghost.org/t/unable-to-upgrade-ghost-from-v3-0-2-to-v3-5-1/11925
- The issue was caused by the refactor in 52635f1aa8 where the backup module signature changed and it wasn't updated in migrations
2020-02-13 12:53:44 +08:00
Rish
4eeed0d32a 🐛 Fixed "undefined" values in member csv export
no issue

We missed handling `undefined` values for fields during csv export for memebrs, which causes csv entries as `undefined` for fields that don't exist. It also added need for extra handling of `undefined` entries during csv import. This PR fixes the bug by properly handling empty/undefined values in export
2020-02-12 11:03:16 +05:30
Nazar Gargol
2c52282662 Added future cleanup note
no issue

- This method was created as a shortcut and the real issue of 'undefined' values being present in CSV should be fiexed instead
2020-02-11 18:17:46 +08:00
Nazar Gargol
51c2b22e9f 🐛 Fixed order for "Complimentary" plan creation
no issue

- When new Ghost instance is initialized "Complimentary" plan doesn't have to wait for the rest of plans to be configured.
- Without configured plans the admin would still be able  to assign "Complimentary" plan to members or import same kind of members.
- There is no error handling at the moment when plan initialization fails, that's why it was very confusing when all of the sudden it wasn't possible to create a member record
2020-02-11 17:14:41 +08:00
Nazar Gargol
5caf924013 Fixed member delete method to use correct options
closes #11589

- `findOne` method in destroy method was usinng wrong options object (unlinke read method id comes from frame.options not frame.data) thus this was causing 404 errors
2020-02-11 16:35:18 +08:00
Nazar Gargol
70cf2b2c86 Added input sanitization for backup path
- We need to limit the allowed filename accepted by the method to avoid opening up path traversal attack
2020-02-10 12:41:39 +00:00
Nazar Gargol
4a79a0e753 Corrected 404 handling 2020-02-10 12:41:39 +00:00
Nazar Gargol
52635f1aa8 Basic implementation of backup retreival from file 2020-02-10 12:41:39 +00:00
Nazar Gargol
49983e799c Changed backup service signature to be able to expand it
- Will need to add a new method allowing to read an export file, so the module signature has to become an object rather than a function
2020-02-10 12:41:39 +00:00
Nazar Gargol
afe11c2b06 Added basic backup implementation for users DELETE endpoint
- The filename is returned to be able to fetch the backup on demand
- Wasn't able to limit exported tables as exporter doesn't support such functionality
2020-02-10 12:41:39 +00:00
Kevin Ansfield
830610d243 Fixed serving of binary public files
no issue

- serving of our public asset images was broken
  - we were reading the binary file in as a string so we could do url transforms, this meant data was lost/corrupted and browsers could not display the served data
  - we were using the wrong mime-type for pngs which meant browsers were triggering downloads rather than displaying images (at least when accessed directly)
- updates uses of `servePublicFile` to have the correct png mimetype
- adjusts `servePublicFile` to treat any mime type starting with `image` as a binary file, passing the file directly through express using `res.sendFile` and skipping the in-memory content caching which is mostly only useful for text files with URL transforms
2020-02-10 09:51:32 +00:00
Nazar Gargol
42f4518a63 Improved error logging for member CSV import
no issue

- Error object can be an array in case of database constrain validation errors, for this reason need to distinguish between singular objects and an array. This handling resemles the one in common error-handler - https://github.com/TryGhost/Ghost/blob/3.5.0/core/server/web/shared/middlewares/error-handler.js#L31-L33
2020-02-10 16:25:56 +08:00
Nazar Gargol
019605e9e0 Added concurency limit for member creation when importing
no issue

- When importing large batches of members we should not allow for unlimited amount of parallel requests created as this might lead to connection pool problems and reaching API rate limits (for example Stripe API is limited to 100 req/s)
2020-02-10 16:03:08 +08:00
Nazar Gargol
e57f7219e5 Added error logging for errors occuring during CSV import
no issue

- CSV import uses direct API calls which skips through logging error. This additional code should catch and record any internal errors
2020-02-07 14:33:30 +08:00
Nazar Gargol
68a36dd799 Changed members CSV export to match import format
refs c295435b41

- The import format changed the `subscribed` to `subscribed_to_emails`. Export should have the same format as import for consistency
2020-02-05 15:34:55 +08:00
Daniel Lockyer
a510e075b6 Handled missing file extensions for resized image requests
no issue

- if a request was sent for an resized image URL that didn't contain a
  file extension, the code would eventually end up throwing a 500
- this commit checks for this case and returns a 404
2020-02-04 08:04:22 +00:00
Naz Gargol
c295435b41
Added new fields to members CSV import (#11539)
no issue

- New fields that are accepted through members CSV import endpoint are:
  - `subscribed_to_emails` - corresponds to `subscribed` flag in API
  - `stripe_customer_id` - links existing Stripe customer to created member
  - `complimentary_plan` - flag controlling "Complimentary" plan subscription creation for imported member

- Noteworthy exception in field naming - `subscribed_to_emails` that corresponds to `subscribed` API flag present on members resources. It's a special case of CSV format, where users can be less technical it's more explicit to what the flag does (also the same naming is applied in the Admin UI)

- Failing to either link Stripe customer or assign "Complimentary" subscription to imported member behaves in a transaction-like manner - imported record is not created in the database. This is needed to be able to retry imports when it fails for reasons like connectivity failure with Stripe or Stripe miss-configuration.

- To avoid conflicts with linking same Stripe customer to multiple members there is a special handling for duplicate `stripe_customer_id` fields. Records with duplicates are removed from imported set.
2020-02-04 13:51:24 +08:00
Daniel Lockyer
d76e76e1ef Fixed code linting issues
no issue

- just extraneous whitespace
2020-02-03 17:49:41 +00:00
Daniel Lockyer
7751e78c98 Integrated Sentry error tracking
no issue

- this allows tracking of application errors within Sentry
- only enabled for HTTP 500 errors for now
- it is disabled by default
2020-02-03 13:43:43 +00:00
Kevin Ansfield
68e2274d6d Reverted "Integrated Sentry error tracking"
This reverts commit 6e024331eb.

Temporarily reverting whilst we investigate an issue with Sentry and running Ghost via Ghost-CLI.

Ghost-CLI initiated boot was failing when Sentry was installed due to what appears to be `process.cwd()` returning `undefined` here https://github.com/TryGhost/Ignition/blob/master/lib/config/index.js#L26
2020-01-28 17:21:37 +00:00
Naz Gargol
25f11bbf1c
Added complimentary member subscription (#11537)
no issue

- We need a way to simulate "premium" membership without any payment from members' side. For this new "Complimentary" plan is introduced
- Allows `comped` flag as an input only on `PUT /members/:id` endpoint which sets  free subscriptions based on "complimentary" plan on the member
- Added `comped` flag to members endpoint responses
- Bumped members-api to 0.12.0. This version supports new set/cancel complimentary subscription methods
2020-01-28 11:25:00 +07:00
Naz Gargol
07e1a2406b Added {{price}} helper for formatting stripe amounts (ie. "1935" to "19.35") (#11473)
no issue

- This helper allows to format currencies that use decimal normalization. For example 19.35 USD is served as 1935 from the API which always needs to be divided by 100 to get a dollar ammount.
2020-01-27 11:41:12 +00:00
Kevin Ansfield
8b787ac803 🐛 Fixed unnecessary "unsaved changes" modal when using HR cards
no issue

- the `hr` mobiledoc card does not specify an `absoluteToRelative` or `relativeToAbsolute` transformer function so falls back to the default transformer
- the default transformer function's arguments were not correct which meant that the UrlUtils object was replacing the card's typical empty-object payload
- the card's payload changing when saving mobiledoc was triggering the editor's unsaved changes warning because the API response no longer matched what was in the editor
2020-01-22 11:59:13 +00:00
Daniel Lockyer
6e024331eb Integrated Sentry error tracking
no issue

- this allows tracking of application errors within Sentry
- only enabled for HTTP 500 errors for now
- it is disabled by default
2020-01-22 12:15:10 +07:00
Peter Zimon
a8b272cbd8 🐛 Fixed small image alignment for newsletters
no refs.
- fixed image alignment to be center for images smaller than newsletter content width
2020-01-21 13:21:45 +01:00
Daniel Lockyer
dbcffe9245 🐛 Handled trailing slashes in resized image URLs
no issue

- requests for resized images with a trailing slash would end up
  throwing a EISDIR error because it got through to writing an
  image buffer to a directory
- we want to cut this off early and disallow trailing slashes
2020-01-18 13:45:22 +07:00
Nazar Gargol
f5bcf77a16 Fixed typo in the post fixture
closes https://github.com/TryGhost/Ghost/issues/11520
refs

- The typo was introduced in https://github.com/TryGhost/Ghost/pull/11247
2020-01-17 13:00:38 +07:00
Nazar Gargol
4b57ad33b0 Removed unused isPaymentConfigured method
refs https://github.com/TryGhost/Ghost/pull/11499

- Removed unused and confusin isPaymentConfigured because it was basing it's logic on old `isPaid` flag. Having it in the codebase was adding confusion.
- `isPaid` config flag still needs a proper cleanup with a migration etc.
- Added little post PR merge cleanup
2020-01-17 12:08:30 +07:00
Daniel Lockyer
a671ad4707 Handle content requests with overly long filenames
no issue

- a request for a filename longer than those allowed by the filesystem produced a ENAMETOOLONG error, which would end up becoming a 500 error from Ghost
- this catches the error and returns a HTTP 400 Bad Request response
2020-01-16 14:18:09 +07:00
Nazar Gargol
e9e3f58792 Refactored member controller to use model layer
refs https://github.com/TryGhost/Members/pull/105

- As members module has become a core part it makes sense to follow the same principles as in all other controllers and use the model directly instead of calling external services.
- Bumped @tryghost/members-api to 0.11.1 . New stripe-specific methods used in controllers are available starting with this version
- Exposing these new methods is a little hacky because there are no relationships setup on members_* tables. Left notes for future improvements once relations are introduced.
- We don't allow for chaging member's emails at the moment. For this reason had to modify JSON schema a little. It doesn't support OO inheritence: "This shortcoming is perhaps one of the biggest surprises of the combining operations in JSON schema: it does not behave like inheritance in an object-oriented language. " (ref. https://json-schema.org/understanding-json-schema/reference/combining.html#allof)
2020-01-15 17:52:47 +07:00
Nazar Gargol
72ae194fbc Refactored member metadata logic into @tryghost/members-api package
refs c059e8e32e

- Reason why the refactor was needed can be found in refed commit
- The logic was extracted into members-api through passing models
directly as member-api module constructor parameters
- Bumped @tryghost/members-api to 0.11.0. Needed to work after the
refactor
2020-01-13 16:42:15 +07:00
Rishabh Garg
1e5f7852e6
Allowed localhost email for Ghost Mailer "from" address (#11476)
no issue

Allow localhost mails to bypass validator email check and assign blog title as email name when missing
2020-01-13 12:58:53 +05:30
Ian Sim
6247b52367 Allowed pages to accept HTML as a source (#11422)
refs https://github.com/TryGhost/Ghost/issues/10471

- Allow page resource endpoints to accept HTML source. This behavior is the same as the post's resource introduced with e9ecf70ff7372f395b8917340805148bc764e2ef
- The functionality was most likely missed when post split into posts & pages was happening.
- Added symmetric changes to API v2.
2020-01-08 17:44:34 +01:00
Naz Gargol
97ea664d4d
🐛 Fixed empty html/plaintext fields for narrow fields parameter (#11505)
refs https://forum.ghost.org/t/plaintext-value-is-empty-using-the-api/10537

- The `plaintext`/`html` fields were empty because `visibility` attribute was not present in response body on output serialization stage. `visibility` field is always needed for content gating to work as expected 
- Added `visibility` field in the input serialization layer as it wouldn't be possible to use content gating if added on model layer through `defaultColumnsToFetch`
- Added test cases covering a bug
2020-01-08 14:43:21 +01:00
Naz Gargol
c701293514
Optimized posts_meta table join when meta columns are not requested (#11300)
no issue

- This change speeds up qery execution ommiting a join with posts_meta
table when there is no need to fetch meta columns
2020-01-06 15:38:40 +01:00
Nazar Gargol
11d1acb475 🐛 Fixed plaintext field being added as empty property when member post is requested
no issue

- Tests in previous commit uncovered a bug with unwanted field attached to
the post response
2020-01-06 14:59:30 +01:00
Nazar Gargol
6896997984 Fixed cancel_link helper documentation link
no issue

- The documentation was decided to be published under `/members/ ` instead of general `/api/handlebars-themes/`
2019-12-20 11:39:58 +07:00
Rishabh Garg
160ef2976a
🏗Added host config limits for member emails (#11439)
no issue

Introduces host limits config for allowing email limits with members.
2019-12-17 19:24:27 +05:30
Rishabh Garg
169daead1f
Fixed post meta migration for 3.x (#11438)
no issue

Since we added `email_subject` to `posts_meta` table in `3.1`, the migration tries to add `email_subject` column from post table, which does not exist and thus tries adding `undefined` value for column. Since sqlite expects default values while inserting new columns, this breaks any migration directly from `1.x`/`2.x` to 3.x.

The fix adds a default `null` value for any post_schema entry which doesn't has a value.
2019-12-17 17:14:53 +05:30
Rishabh Garg
fa3686bcc3
Added new brand blog setting (#11408)
no issue

Adds new `brand: {primary_color: ''}` blog setting behind dev flag for setting user-defined brand color in themes and emails.
2019-12-17 16:15:31 +05:30
Nazar Gargol
e25e847f47 Removed email related fields from API v2 responses
refs  https://github.com/TryGhost/Ghost/issues/11461

- The email feature was introduced in API v3 and is not back compatible with API v2. These fields should not appear in any v2 responses.
- Added regression tests for API v2 so that cases like this are spotted
easier in the future.
2019-12-16 20:01:38 +07:00
Rish
2d9963fbd8 Allowed comment_id and uuid in post API input
refs https://github.com/TryGhost/Ghost/pull/11462

Allows `comment_id` and `uuid` to be passed in post `add`/`edit` API calls instead of failing requests with validation error, though both properties are stripped out in serializer as we don't allow editing them.
2019-12-16 18:22:48 +05:30
Naz Gargol
e277c6bad3
Added member's subscription cancellation helper {{cancel_link}} (#11434)
no issue

- The helper allows generating HTML needed to cancel or continue the member's subscription depending on subscription state.
- Added public members endpoint to allow updating subscription's `cancel_at_period_end` attribute available at: `PUT /api/canary/members/subscriptions/:id/`
- Added client-side hook to allow calling subscription cancellation. Allows to create elements with `data-members-cancel-subscription` / `data-members-continue-subscription` attributes which would call subscription update.
- Updated schema and added migration for `current_period_end` column
- As discussed we only add a single column to  subscriptions table to avoid preoptimizing for future cases
- Added {{cancel_link}} helper
- Added error handling for {{cancel_link}} when members are disabled
- Added test coverage for {{cancel_link}} helper
- Bumped @tryghost/members-api version to 0.10.2. Needed to use `updateSubscription` middleware
- Bumped gscan to 3.2.0. Needed to recognize new {{cancel_link}} helper
2019-12-12 19:59:15 +07:00
Nazar Gargol
75e8caa76c Removed unexisting member endpoints from API key access whitelist
no issue

- /members endpoints are not available under API v2, removed them from the whitelist to avoid confusion
2019-12-09 13:21:38 +07:00
Naz Gargol
bcddeeadf1
Removed redundant member manipulation proxy methods (#11423)
no issue

- This includes the interface change for members-api constructor - now accepts the member's model instead of proxy methods. These methods have been moved ton @tryghost/members-api in favor of using the model directly (ref: https://github.com/TryGhost/Members/pull/105)
- Moved error handling from the service layer to controller
- Bumped @tryghost/member-api package to 0.10.0
2019-12-06 12:04:10 +07:00
Fabien O'Carroll
2cd8f89933 🐛 Fixed 500 errors for incorrect Origin headers (#11433)
no-issue

Our function for determining cors options created a new instance of URL
without wrapping it in a try/catch which meant any failures to parse the
URL bubbled down as a 500 error.

500 errors are commonly used for alerting at the infrastructure level,
and this error is definitely one caused by a badly configured client, so
we wrap the construction and crap out with a Bad Request Error (HTTP
400) if it fails.
2019-12-04 18:06:30 +07:00
Nazar Gargol
3d49f3ed15 Renamed authentication middleware to createSessionFromToken
no issue

- This rename comes in to describe better what actually happens behind the middleware instead of catch-all "authentication"
2019-12-04 09:49:13 +02:00
Nazar Gargol
0be2c21f68 Renamed logout middleware to deleteSession
no issue

- This rename is meant to clarify what exactly happens behind the logout and be inline with `login`-> `getIdentityToken` rename
2019-12-04 09:49:13 +02:00
Fabien O'Carroll
046bd652e5 Renamed login middleware to getIdentityToken
no-issue

This name `login` was misleading as this middleware didn't login
members, that was handled by the `authentication` middleware,
specifically `exchangeTokenForSession`
2019-12-04 09:49:13 +02:00
Hannah Wolfe
419e12d90a Added support for secondary navigation (#11409)
no issue

- Secondary navigation means most nav concepts are supported, e.g. header & footer, or left & right
- The UI is added separately, this PR adds supporting concepts:
  - make sure the default value is an empty array
  - add support in the API (v3 only)
  - add handling in the navigation helper
2019-12-04 11:12:02 +07:00
Peter Zimon
60c44d360b 🎨 Fixed test newsletter email subject
no issue.

- "[Test]" being appended (at the end of) the test email subject made it hard to scan for test emails. This fixes it by prepending "[Test]" to the subject.
2019-12-03 16:26:25 +01:00
Kevin Ansfield
f9f2d36f53 Merge branch 'mega' 2019-11-27 12:12:27 +00:00
Naz Gargol
201bef31f0 Added transaction support to pagination plugin (#11421)
Adds transaction support to `fetchPage` method. This is needed to be able to count members during the post publish transaction. 

This is the next iteration over initial quick-fix: 90905b0212

* Added transaction support to pagination plugin
    - This support is needed to be able to use `fetchPage` method in transactional context (example usecase was counting members when publishing post for emails)
* Passed transaction related options during email creation
    - Without this SQLite would hang in a transaction and eventually timeout
* Updated parameter name for consistency
2019-11-27 10:00:27 +00:00
Rish
b122b683f4 🏗 Removed reschedule method from scheduling adapter
no issue

We changed `reschedule` event to trigger adapter's `unschedule` and  `schedule` methods since we now generate separate tokens(urls) for consistency as two different url(token) is needed to complete the reschedule functionality.
2019-11-27 13:38:30 +05:30
Rish
d42d112eba 🐛 Fixed incorrect url generation for post reschedule/unschedule
no issue

The default scheduling generates a known, independent URL for publishing a resource. In case of resource being rescheduled or unscheduled, the adapter expects the the same URL to remove/update existing jobs. The URL includes a JWT token for API auth which is calculated from post model and appended to URL.

There was a bug in token generation which meant If we go to update or delete the job i.e. unschedule a post then a new token is used which means the existing scheduled job cannot be removed. This PR:

- removes issued at (`iat`) timestamp from token generation which lead to a different token being generated for same payload
- Fixes timestamp being used for URL calculation from resource model
2019-11-27 13:38:30 +05:30
Rish
628f9179dc Fixed URL import for post email serializer
no issue
2019-11-27 13:18:44 +05:30