Commit Graph

9479 Commits

Author SHA1 Message Date
Nazar Gargol
4da03a38b6 Corrected debug namespace 2019-07-25 17:12:39 +02:00
Nazar Gargol
8135d4d188 Added validation layer to password reset
- Adding a new method in all.js seems a little dirty, but that seems like the best place for now as similar method was added for changePassword method
2019-07-25 17:12:39 +02:00
Nazar Gargol
b3ed11719e Migrated authentication.resetPassword method to v2 2019-07-25 17:12:20 +02:00
Naz Gargol
d9fef82170
Added global site SEO fields to be used in theme helpers (#10930)
#10921

- Changed {{meta_title}} helper to use site meta_title' field
- Changed {{meta_description}} helper to use site 'meta_description' field
- Changed {{og_image}} helper to use site 'og_image' field
- Added site title handling for og/twitter metadata
- Refactored use of 'blog' in variable name in favor of 'site'
- Extended meta_description test suite with 'home' context cases
- Changed {{twitter_image}} helper to use site 'twitter_image' field
- Added ghost_head test for site metadata
- Renamed blog->site in variable names for touched files
2019-07-25 11:08:29 +02:00
Aileen Nowak
5253131006 Updated fixtures hash for tests 2019-07-25 15:37:33 +08:00
Aileen Nowak
d11fd4210b Updated docs api links to be version-less 2019-07-25 15:17:23 +08:00
Hannah Wolfe
cdb3b03311 Updated yaml parser error to be InvalidUsageError
- a yaml parser error can only be fixed by the user uploading a file, therefore it should be a 4xx, not a 5xx error
- an amp parser error indicates the amperize module is unable to handle a genuine case, and needs to be fixed at the code level
2019-07-24 17:41:55 +01:00
Kevin Ansfield
1aa7e368a2
🎨 Added url value to the Content API /settings/ endpoint (#10946)
closes https://github.com/TryGhost/Ghost/issues/10945

- adds the `url` property to the returned output manually because it's a config value rather than a settings value
2019-07-24 11:12:07 +01:00
Fabien O'Carroll
805f3c7250 Added logging for members-ssr errors
no-issue

This will help us debug issues with members-ssr functionality going forward
2019-07-24 18:11:48 +08:00
Kevin Ansfield
2b6830b747 Ensured Admin API cannot fetch internal integrations (#10501)
no issue

- Forced a filter on read and browse requests to the integrations endpoint to limit fetches to only "custom" and "builtin" integration types
- Expanded test coverage for "internal" integrations
2019-07-24 11:52:55 +02:00
Kevin Ansfield
5bdaf29c89 Version bump to 2.25.9 2019-07-23 12:01:47 +01:00
Kevin Ansfield
736b8ac5d8 Updated Ghost-Admin to 2.25.9 2019-07-23 12:01:47 +01:00
Kevin Ansfield
7370dc2fa0 Updated Casper to 2.10.4 2019-07-23 12:01:47 +01:00
Renovate Bot
e774d7bdd3 Update dependency multer to v1.4.2 2019-07-23 10:41:43 +00:00
Nazar Gargol
bf5824a7ba Fixed ability for the owner to change password of other users
closes #10927

-  Previous fix 2823c0b342
- It didn't work because the validation layer in "frame" doesn't take into account the value under `required` property of the controller, so to prevent validation on the field whole `required` key/value have to be removed
- Removed unused variables
- Extended regression suite to prevent similar problems in the future
2019-07-22 19:00:21 +02:00
Nazar Gargol
3c7af7e6f0 Fixed accepnatce test failure
no issue

- Initial commit that broke the build: 20cce5da37
- There is no enforced ordering for integrations and because of combined differences how MySQL/SQLite orders by default in combination with how created_at/updated_at dates are generated for fixtures in tests and for migrations there is no reliable way to check order
2019-07-22 17:12:43 +02:00
Nazar Gargol
20cce5da37 Added test coverage for integrations Admin API endpoint
no issue

- The basic test coverate for 'browse' endpoint for integrations was missing.
- It case is needed to be able to expand it in https://github.com/TryGhost/Ghost/pull/10501
2019-07-22 14:35:19 +02:00
Aileen Nowak
496f873ac4
Updated links to docs (#10941)
no issue
2019-07-22 18:17:50 +08:00
Fabien O'Carroll
1f206d8be0 Removed local setting fron config.dev.json
no-issue

WHHHOOOOPS
2019-07-22 13:21:02 +08:00
Fabien O'Carroll
97983baed6 🐛 Fixed CORS for errors from Admin API
refs #10932

Previously we were only applying the cors middleware to the options
preflight request, which meant that if the request errored, the cors
headers would not be applied, resulting in the client being unable to
read response data. This applies the cors middleware to _all_ requests
to the Admin API.
2019-07-22 12:57:41 +08:00
Fabien O'Carroll
2cb41dd8cd 🐛 Fixed CORS for errors from Content API
closes #10932

Previously we were only applying the cors middleware to the options
preflight request, which meant that if the request errored, the cors
headers would not be applied, resulting in the client being unable to
read response data. This applies the cors middleware to _all_ requests
to the Content API.
2019-07-22 12:57:41 +08:00
Fabien O'Carroll
5da8da1879
Deleted unused pg.js module (#10928)
no-issue

This module was first created (AFAICT) in c09c20ad8d (diff-20a31f345ca2643b2602224678bb8d5b) and
has since undergone some filename renames and eslint refactors - we don't support
PostgreSQL and have no immediate plans to do so.
2019-07-22 12:11:19 +08:00
Renovate Bot
2b20ae8f78 Update dependency lodash to v4.17.15 2019-07-22 03:27:21 +00:00
Renovate Bot
a1ece81c55 Update dependency gscan to v2.6.4 2019-07-22 02:30:43 +00:00
Renovate Bot
876ef128a7 Update dependency archiver to v3.0.3 2019-07-22 01:28:19 +00:00
Naz Gargol
c3a80f112a
Exposed site SEO data through Conent API & {{@site.*}} helper (#10925)
refs #10921

- Site SEO data will now be available as part of `GET /settings` response in Content API as well as part of {{@site.*}} helper
2019-07-19 10:40:47 +02:00
Hannah Wolfe
97afc8aa28 Added frontend folder to watch task
- without this grunt dev doesn't restart when making changes to the frontend
2019-07-18 15:31:04 +01:00
Hannah Wolfe
ca7dfe0932 Remove unused doc-related grunt tasks
refs: 585eada1c3 (diff-b9cfc7f2cdf78a7f4b91a753d10865a2)

- doc-related tasks were left even though we removed the dep & generation task
2019-07-18 15:28:27 +01:00
Naz Gargol
b89b57b6fb
Added global site SEO fields in Admin API (#10923)
refs #10921

- New SEO related fields will now be available as a part of Admin API /settings endpoint
- The ordering of fields is taken from post's schema
- Extended settings test suite with new SEO fields
- Adjusted settings model unit test
2019-07-18 16:24:34 +02:00
Fabien O'Carroll
078060abdc
Refactored members service logging and errors (#10919)
* Installed @tryghost/members-ssr@0.2.1

refs https://github.com/TryGhost/Members/issues/38

This updates allows for dynamic access of the membersApi, which will be
used in future when replacing the membersApi instance with a newly
configured one.

* Set the membersApiInstance logger to use common.logging

refs https://github.com/TryGhost/Members/issues/38

Passes the Ghost logger to the members api, so that we can keep an eye
on errors produced by the api.

* Refactored memberService use to always use getter

refs https://github.com/TryGhost/Members/issues/38

This will allow us to switch out the membersApi and the consumers of it
to have the updated reference by going through a getter.

* Installed @tryghost/members-api@0.3.0

refs https://github.com/TryGhost/Members/issues/38

Adds support for setting the logger

* Uninstalled stripe@7.0.0

refs https://github.com/TryGhost/Members/issues/38

The stripe module is now a dep of members-api, as it should be

* Updated members service to reconfigure settings

refs https://github.com/TryGhost/Members/issues/38

Previously we were unable to stop an invalidly configured members api
instance, now that we create a new instance, we can wait for the ready
or error event and only switch it out then.
2019-07-18 15:37:11 +08:00
Nazar Gargol
d3ca12056f Version bump to 2.25.8 2019-07-17 17:45:21 +02:00
Nazar Gargol
987d497e7c Updated Ghost-Admin to 2.25.8 2019-07-17 17:45:21 +02:00
Rish
01ea872af2 🐛 Fixed cache invalidation header on theme override
closes #10920

- Fixed incorrect property name to correctly set cache invalidation header on theme override
2019-07-17 18:41:25 +05:30
Naz Gargol
46706646e3
Refactored authentication controller v0.1 (#10893)
refs #10060

- Modules extractions done here are meant to make upcoming migration of authentication controller to v2 more manageable and reduce code repetition
- There were couple modules extracted for different areas that controller touches: passwordrest, accept (for invitation), setup 
- The aim was to keep changes to the minimum while making small readability improvements to new functions through async/await syntax
- The biggest barrier to make more encapsulated functions was the fact that we mutate options parameter on multiple levels in the controller. e.g mutations of options.data during validation on the password reset ties it up to the implementation of doReset function
2019-07-17 12:28:16 +02:00
Naz Gargol
9dcc17a017
🐛 Fixed import for tag without slugs that belongs to a post (#10917)
closes #10785

- The behavior for tags will now be similar to posts' one described in the docs
- "The only strictly required field when importing posts is the title. Ghost will automatically generate slugs and set every other field to the default or empty."
- The breaking change was introduced with: 68d8154d4f (diff-e712df50c0dc7cf33746eeff0564003cR97) (assumed there's always slug in the imported object which is not true)
- Added originalIdMap to the importer base class to track id
substitution so it can be used when dealing with relational resource
updates
- Removed explicit use of 'this.stripProperties(['id']);' in
beforeImport of base class because we need to assign and remove the id
property in the same place to track this change
- Only calling 'this.stripProperties(['id']);' in
settings/trusted_domain imports as the method won't be called otherwise
- Expanded regression tests with new supported import case
2019-07-16 12:01:44 +02:00
Fabien O'Carroll
c2e4d0f6be Version bump to 2.25.7 2019-07-16 16:01:28 +08:00
Fabien O'Carroll
86526d69b8 Updated Ghost-Admin to 2.25.7 2019-07-16 16:01:28 +08:00
John O'Nolan
1a25d0e259
Merge pull request #10915 from peterzimon/update-default-404
Update default 404 page
2019-07-16 11:22:34 +08:00
Peter Zimon
a482c547ae Update default 404 page
refs. https://github.com/TryGhost/Ghost/issues/10899
- removed broken ghost "illustration" from default frontend 404 page
- refined style of 404 page to be more theme agnostic
2019-07-15 14:47:01 +02:00
Renovate Bot
c521b6632d Update dependency markdown-it to v9 2019-07-15 13:32:21 +01:00
Fabien O'Carroll
ff8e3ed953 💡 Bumped minimum node v8.x version to v8.10.0
refs https://github.com/TryGhost/Ghost-CLI/issues/952
2019-07-15 19:40:56 +08:00
Renovate Bot
033e58e4ac Update dependency knex to v0.19.0 2019-07-15 16:37:34 +08:00
Renovate Bot
6eefce3349 Update dependency brute-knex to v4 2019-07-15 16:13:14 +08:00
Renovate Bot
c7e30e9970 Update dependency intl-messageformat to v5 2019-07-15 14:27:05 +08:00
Renovate Bot
a926adfd6c Update dependency probe-image-size to v4.1.1 2019-07-15 14:26:19 +08:00
Vikas Potluri
2823c0b342 🐛 Allowed administrators to change other users' passwords (#10891)
closes #10427

- Administrators don't know other users' passwords, but they should be able to change other users' password
- Don't require oldPassword to be provided
2019-07-15 14:19:31 +08:00
Vikas Potluri
b431dc56cb 🐛 Fixed error message when get helper doesn't have API access (#10892)
closes #10875
2019-07-15 14:18:58 +08:00
Renovate Bot
e497486e78 Update dependency intl-messageformat to v4.4.0 2019-07-15 14:17:04 +08:00
Bradley D. Thornton
0681e8c725 Fixed typo in readme (#10885)
no-issue

Fixed grammar -  s/your/you/
2019-07-15 14:15:28 +08:00
Christoph Tavan
834a5a0521 Replaced v1 for v4 uuids (#10871)
* Swapped v1 with v4 UUID as requestId when logging

no issue

v1 UUID are based on current time and the hardware MAC address of the
machine where they are being generated. As such they have much more
complex semantics than v4 UUIDs which are simply randomly generated.

Unless there's a specific requirement for the special semantics of v1
UUIDs it is simpler and less error prone to simply go for v4 UUIDs
whenever just a unique identifier is needed.

* Swapped v1 with v4 UUID when creating a temporary contentFolder

no issue

v1 UUID are based on current time and the hardware MAC address of the
machine where they are being generated. As such they have much more
complex semantics than v4 UUIDs which are simply randomly generated.

Unless there's a specific requirement for the special semantics of v1
UUIDs it is simpler and less error prone to simply go for v4 UUIDs
whenever just a unique identifier is needed.

* Swapped v1 with v4 UUID when creating a temporary exportFolder

no issue

v1 UUID are based on current time and the hardware MAC address of the
machine where they are being generated. As such they have much more
complex semantics than v4 UUIDs which are simply randomly generated.

Unless there's a specific requirement for the special semantics of v1
UUIDs it is simpler and less error prone to simply go for v4 UUIDs
whenever just a unique identifier is needed.
2019-07-15 14:01:02 +08:00