Commit Graph

44 Commits

Author SHA1 Message Date
Fabien O'Carroll
944c2cc9af
🔒 Fixed member email change vulnerability
refs https://github.com/TryGhost/Ghost/security/advisories/GHSA-65p7-pjj8-ggmr

This updates the signup/signin flow for members to no longer support the
email address change flow - which had missing authentication. It has
been replaced with a dedicated email change flow, and Portal has been
updated to use it.
2021-09-23 10:49:30 +01:00
Rishabh
c6fc3902c5 Refined Portal change plan design and scrolling behavior
no refs

- adds refinements to change plan UI in Portal
- adds other UI refinements to Portal for multiple tiers
- updates scrolling behavior in Portal in preview mode
- bumps `@tryghost/portal` to `1.9`
2021-09-02 12:31:17 +05:30
Rishabh
12f5e03f61 Handled member session API response in Portal
refs 24b2a82461

Updates Portal to handle updated 204 response for member session API in case of logged out member
2021-07-30 10:57:24 +05:30
Rishabh
24b2a82461 Updated session API status code for logged out member
refs https://github.com/TryGhost/Team/issues/560
refs 69b773d112

The endpoint `/members/api/session/` is used by Portal for fetching member session while setting up and redirecting to Stripe Checkout flow. The status code returned by API for logged out member is changed from 4xx Unauthorized to 204 No Content, which is consistent with the status code returned while fetching member data when logged out. This API is made just before initiating the checkout session, and is not noticable in most cases due to redirect to Stripe Checkout and got missed.
2021-07-30 10:34:51 +05:30
Matt Hanley
4ac89c0176
Added webp image support (#13105)
refs https://github.com/TryGhost/Ghost/issues/9448
refs https://github.com/TryGhost/Ghost/issues/2591

Added API support for webp image files.
2021-07-02 09:37:54 +01:00
Rishabh
ae70b2b5ce Refined multiple product flows in Portal
no refs

- updates UI flows for signup/upgrade/change plan in Portal to be more consistent
- adds specific flag handling for multiple products feature
2021-06-29 21:50:08 +05:30
Rishabh Garg
acb0bd47af
Added sentry config to frontend site settings for Portal (#13086)
no refs

- adds sentry config for portal when available to integrate error handling
2021-06-21 17:59:20 +05:30
Hannah Wolfe
16b5d14c9c
Removed bind from internal-only config helpers
- We were using the same bind pattern for both internal-only and public helpers
- Binding helpers to config makes them available throughout the codebase
- Removing the binding doesn't make the code much more complicated, but it does make the Public API of the config module a lot clearer
2021-06-18 21:19:16 +01:00
Hannah Wolfe
8cf411e524
Updated local config helpers bind pattern
- The new @tryghost/config-url-helpers has a pattern of exposing bindAll()
- Changed the local (non url) helpers to have the same pattern for consistency
- Also fixed types as best I can
2021-06-18 21:18:43 +01:00
Hannah Wolfe
6aafb735b1
Added config-url-helpers to config
- getSubdir, getSiteUrl & getAdminUrl were currently part of @tryghost/url-utils
- They have been split out into their own library, and refactored so that they expect to be bound to nconf
- With this commit we can do e.g. config.getSubdir() rather than needing @tryghost/url-utils
- These functions will be passed to url-utils via DI
- This is the first step in breaking down url-utils into smaller pieces
- This commit only does a single change in Gruntfile.js to use the new funtions - this will be rolled out slowly
2021-06-18 20:05:00 +01:00
Hannah Wolfe
ba8cdc8d2d
Split config utils into utils and helpers
- There are two different types of function here
   1. "helpers" are public API - config.something() that provide dynamic helpers on top of config
   2. "utils" are internal methods used only by config itself
- This commit makes this distinction clearer, although we should also change the code to enforce that utils are not exposed
2021-06-16 15:05:51 +01:00
Hannah Wolfe
93f9bc0105
Renamed config index to loader
- Renamed the file in line with our rules around index.js files
- Cleaned up some outdated code patterns
- Want to make the config module a little clearer in what it does
2021-06-16 14:42:06 +01:00
Hannah Wolfe
2adc7545c1
Cleaned code comments in config
- just one of those things you do to help make sense of code :D
- improves readability
2021-06-16 14:26:59 +01:00
Sam Lord
35e51e364b Switch to @tryghost/debug, remove ghost-ignition
no issue
The only pieces of Ghost-Ignition used in Ghost were debug and
logging. Both of these modules have been superceded by the Framework
monorepo, and all usages of Ignition have now been removed, replaced
with @tryghost/debug and @tryghost/logging.
2021-06-15 17:24:22 +01:00
Rishabh
8605597eea Updated multiple products UI handling on Portal
refs 4c1c607b83

- last commit missed updating portal version in the url, updated.
2021-06-11 15:10:23 +05:30
Rishabh
4c1c607b83 Added multiple products UI in Portal behind feature flag
refs https://github.com/TryGhost/Team/issues/767

- adds new multiple products UI in Portal (works behind the `multipleProducts` feature flag)
- Portal's current single product UI behaves the same when flag is switched off
2021-06-11 14:14:11 +05:30
Rishabh
c7cf9855fe Updated Portal to handle multiple products
refs https://github.com/TryGhost/Team/issues/718

This bumps Portal to `~1.5.1` which handles changes for multiple tiers/products -

- Handles updated `portal_plans` setting to use monthly/yearly again
- Handles list of available prices to use prices across multiple products
2021-06-04 19:25:39 +05:30
Rishabh
3cf0ad41bf Updated preview post message handling in Portal
no refs

As part of new membership settings in Admin, we need to resize the Portal preview container to dynamically adjust to selected preview options. Portal is updated to handle and fire resize events for Admin on popup container changes so the preview can be adjusted correctly.

- Bumps minimal Portal version to ~1.4.6
2021-05-27 17:56:26 +05:30
Rishabh
76adf920da Updated Portal to handle logged out API response
refs https://github.com/TryGhost/Team/issues/560
refs 196cdafe6b

The endpoint `/members/api/member/` used by Portal for fetching member details was updated to return 204 No Content instead of 401. This change updates Portal to handle updated API response for logged out member, along with couple of bug patches -

- 🐛 Fixed extra email sent for logged in members on upgrade
- 🐛 Fixed falsy value not used in preview
2021-05-18 15:01:33 +05:30
Rishabh
bf64ca697c Updated Portal to handle custom products/prices
refs https://github.com/TryGhost/Team/issues/637

Bumped Portal to 1.3.0, which introduces handling for custom products and prices.
2021-05-10 23:15:49 +05:30
Rishabh
d17c68ba96 Fixed invite only handling in Portal
refs https://github.com/TryGhost/Team/issues/579

Last commit missed updating Portal version in the URL, patched here.
2021-04-27 23:16:12 +05:30
Rishabh Garg
8c65b25c41
💡 Updated portal script to handle new signup access options (#12911)
refs https://github.com/TryGhost/Team/issues/579

Updates minimum Portal version to handle the new `members_signup_access` setting and explicitly handle the `invite` option to make Portal work in invite only mode if selected
2021-04-27 18:04:43 +01:00
Hannah Wolfe
9f50e941eb Added default API version to config
refs: https://github.com/TryGhost/Team/issues/527
refs: bf0823c9a2

- We have default API versions littered all over the codebase. When we updated to Ghost v4 we realised just how many and how much of a pain in the ass this is to manage.
- This creates a config value we can use. It's in overrides for the time being because we usually default to that until there is a usecase for it being overridable. If there is one, cool, change it!
- The main motivation for adding this now and only using it in boot and urlUtils is as part of work to decouple the theme service into logical compontents, because the engines system inside of themes has its own default, and this is one cause of tight coupling
- Expectation is that we'll slowly roll out use of the new default, hopefully without requiring config in any additional places (e.g. passing the version in from the boot file)
2021-04-21 14:57:07 +01:00
Fabien 'egg' O'Carroll
2a2009e4cd
Bumped @tryghost/members-api & Portal versions (#12836)
closes https://github.com/TryGhost/Team/issues/530

This adds support for the smart_cancel option when cancelling
subscriptions, which will cancel the subscription immediately if it is
in an "overdue" state. The update to Portal wires up this behaviour for
members.
2021-04-05 16:29:17 +01:00
Rish
ec9988af77 Updated Portal to v1.0.0
no refs
2021-03-10 23:01:29 +05:30
Naz
f09216efde Changed api:versions config for v4 to point to v4 API link
refs a551970315
refs https://github.com/TryGhost/Team/issues/513

- This setting is used in url-utils (b17a965c88/core/shared/url-utils.js (L7)) which would create a `canary/admin` for `v4` with previous configuration. The links should link to one's explicit version if available, not to an alias like 'canary'
2021-03-03 15:42:04 +13:00
Thibaut Patel
a551970315 Updated the configuration to include v4 pointing to canary
issue https://github.com/TryGhost/Team/issues/221
2021-02-22 15:39:48 +01:00
Daniel Lockyer
db1c1ce21d Changed DB path for SQLite tests
no issue

- previously for SQLite tests we were pointing to a DB file within the
  content/data folder, which would be stored on the filesystem
- by pointing this file to be under `/tmp`, the file is stored in memory
  and should be a lot quicker to access
- this works great for me! - 2x faster test suite for SQLite
- however, Windows doesn't have a `/tmp` folder so we need to rewrite that
  part to replace with `os.tmpdir()`
2021-02-19 12:21:00 +00:00
Rishabh Garg
aae2e68a1d
Added portal url to config (#12645)
no refs

The Portal URL that is shipped with every Ghost version is so far hardcoded in `ghost_head` and updated every-time we ship a new Portal minor/major change. This change brings the Portal URL inside the default Ghost config, which has few advantages -
- Allows easier access/managing of active Portal url/version
- Allows override for Portal URL for development/other purposes, where `config.*.json` allows using a Portal URL pointing to locally built copy for testing
2021-02-12 23:01:41 +05:30
Kevin Ansfield
f802128cfc
Added emailAnalytics config feature flag (#12443)
no issue

- email analytics may be desirable to fully switch off in certain circumstances, when that happens we want to prevent related background jobs from running and expose the feature flag via the config endpoint in the Admin API so that clients can adjust accordingly
2020-12-02 13:22:12 +00:00
Kevin Ansfield
b35eef1b02 Added kill-switch config for email analytics background jobs
no issue

- it's possible background jobs may cause unintended side-effects so it's useful to have a kill-switch to disable them individually to keep sites working
2020-12-01 09:10:59 +00:00
Rish
f53ab0f52b Updated default config for newsletter badge
no refs

- Migrations were using previous default for badge which was set to `false`
- Default config for badge was `false` which caused migration to switch off the badge, updated to `true`
2020-11-17 16:06:31 +05:30
Kukhyeon Heo
5715aa2155
Added .yaml format support in redirects configuration (#12187)
closes #11085

- Ghost has been using YAML format for other configurations (e.g. routes). The plan is to move to this format for all user-edited settings files. By default JSON format is still used in Ghost Admin API v2/v3, but will be changed to YAML in API v4. Check referenced issue for more context.
- New format supports all the features available before. The main noticeable change is the structure of config file. It is now grouped by redirect HTTP code instead of specifying `"permanent": true | false` attribute for each config property. Example format for YAML config:
```
302:
  /from-url/: /to-url/

301:
  /category/([a-z0-9\-]+)/i: /tag/$1/
  /v([0-9\.]+)/docs/([a-z0-9\-]+)/i: /docs/$2/
```
- Added 2 new endpoints: `POST redirects/upload` and `GET redirects/download`. These serve as an alias to current GET/POST `/redirects/json. "upload/download" naming pattern is introduced to match the convention with other resources that can be uploaded and downloaded (images, themes etc.). `/redirects/json`  endpoints will be removed in Admin API v4
- The parsing code from `custom-redirects.js` has been moved to `frontend/services/redirects/settings.js`. This location is more appropriate for this logic and eventually `custom-redirects.js` middlewear might be moved into "frontend" as this middlewear plays a role mostly effecting that area.
2020-11-04 12:08:32 +13:00
Rishabh Garg
8ad11fe082
Enabled Portal (#12317)
no refs

[Portal](https://github.com/TryGhost/Portal) is a new drop-in script to make the bulk of Ghost membership features work on any theme out of the box, which was under a developer flag so far. This release removes the flag for Portal and makes it included as default for any members-enabled Ghost site. The Portal script is backward compatible with old public members script and existing Members-enabled themes should notice no change.

- Removes Portal config flag as Portal is now enabled by default
- Removes old members script as Portal is backward compatible with it
- Changes `{{content}}` helper to show default CTA in case of restricted content access
- `accent_color` setting is no more behind the dev experiment flag and included by default
- Adds migration to switch off Portal button setting for all existing sites which don't have Portal enabled in beta
2020-11-03 14:36:21 +05:30
Kevin Ansfield
3148d6a946
Moved definition of default max image width to config (#12289)
no issue

- centralises definition of max width and allows customisation if needed
- allows for passing of the config value through to rendering libraries
2020-10-19 08:56:18 +01:00
Kristian Freeman
aca94e65c3
Added support for Stripe promo codes in config (#12149)
closes #12111 

* Added default value in defaults.json
* Passed config to members-api module

refs: https://github.com/TryGhost/Members/pull/194
2020-09-21 13:15:41 +01:00
Rish
7a3839fb14 Added new portal config flag
no issue

- The new Portal config flag allows switching on Portal conditionally with config
- The dev experiment flag still works for enabling Portal
- The flag currently defaults to `false` as Portal is still a beta feature and switched off by default
- We expose it on the admin api config endpoint so that the Ghost-Admin client can use it to conditionally render Portal settings
2020-09-17 19:40:34 +05:30
Peter Zimon
75f5ab637d Added minor member newsletter customisations via config
no issue
- adds a `members:emailTemplate` config object
  - `showSiteHeader` - defaults to `true`, shows the site title and icon in member emails
  - `showPoweredBy` - defaults to `false`, adds a "Publish with Ghost" button to member email footer
- updates member newsletter email template with hideable site header and "powered by" badge
2020-08-24 10:44:22 +01:00
Daniel Lockyer
226dc32ec5 Fixed default shutdown timeout
- should be 60s (60000ms), not 600s (600000ms)
2020-08-10 13:00:02 +01:00
Hannah Wolfe
19e3b70c7a Added stoppable for graceful shutdown of requests
- stopppable is a dependency that handles closing connections properly, which server.close does not
    - active connections are allowed to complete what they are doing
    - idle connections are closed
    - no new connections are allowed
- we call stoppable in stop() instead of server.close so that idle connections don't hold the server open
- calling await stop() from shutdown then ensures that we have a consistent experience of stop
- all together this allows ghost to shutdown gracefully when there are long-running requests
- @TODO: handle graceful shutdown of long-running processes
- @TODO: consider do we need to send 503s whilst the server is shutting down?
2020-08-10 11:46:36 +01:00
Fabien O'Carroll
01633470f8 Switched on Stripe Connect by default
no-issue

This flags switches off the old API Key UI and replaces it with the new
Stripe Connect flow!
2020-06-30 14:07:33 +02:00
Kevin Ansfield
ce8bc9d4bf Added imageOptimization:srcsets config to allow disabling of srcset attrs in content
no issue

- pass `srcsets` value through to mobiledoc renderer
  - it will stop adding `srcset` attributes to images when explicitly set to `false`
- adds `reload()` method to `mobiledocLib` so that memoized instances of the renderer can be reset during tests that change config values
2020-06-15 16:45:36 +01:00
Kevin Ansfield
70b205618f Added responsive-image srcset attribute to image and gallery card output
no issue

- adds a set of hardcoded "content image sizes" to the base config
- adjusts `handle-image-sizes` middleware to always allow the hardcoded content image sizes to be genreated
- updates `@tryghost/kg-card-factory` to allow passthrough of options to card renderers
- updates `@tryghost/kg-default-cards` to add `srcset` output for image and gallery cards
2020-06-11 13:28:44 +01:00
Vikas Potluri
15d9a77092
Moved config from server to shared (#11850)
* moved `server/config` to `shared/config`
* updated config import paths in server to use shared
* updated config import paths in frontend to use shared
* updated config import paths in test to use shared
* updated config import paths in root to use shared
* trigger regression tests
* of course the rebase broke tests
2020-05-27 18:47:53 +01:00