Commit Graph

9500 Commits

Author SHA1 Message Date
Kevin Ansfield
2947db0e6b
Added API endpoint for browsing custom theme settings (#13362)
refs https://github.com/TryGhost/Team/issues/1070

- bumped `@tryghost/custom-theme-settings-service` to get access to `.listSettings()` method
- added GET `/api/canary/admin/theme_settings/` route behind `'customThemeSettings'` feature flag that uses the custom theme settings service to return settings resources that are a combination of the theme-provided definition and the saved value
2021-09-27 11:31:47 +01:00
Kevin Ansfield
cb53dd338e Moved theme settings permissions migration to correct Ghost version
refs b6d9bad6dc

- 4.16 has already been released, moved to 4.17 so the migrations will run correctly
2021-09-27 10:56:23 +01:00
Kevin Ansfield
b6d9bad6dc
Added custom theme settings browse/edit permissions for Administrators (#13361)
refs https://github.com/TryGhost/Team/issues/1070TryGhost/Team#1070

- initial implementation will only allow browse+edit via the API
2021-09-27 09:59:09 +01:00
Naz
dbb78820b3 Removed unnecessary error parameter in bridge
no issue

- The error parameter is passed arround by never used. Removed it to have less type check errors
2021-09-23 18:39:43 +02:00
Naz
035ad01f24 Swapped to American English spellings
refs 16728a3ef1

- initialised -> initialized
2021-09-23 18:36:38 +02:00
Matt Hanley
a9ea792d65
Updated OAuth middleware to use the correct URL helpers
no-ref

Hardcoded redirect URLs were breaking when admin and site URLs were
different, or when Ghost is configured with a subdirectory.
2021-09-23 17:26:29 +01:00
Daniel Lockyer
77ac9a99d5
Updated Admin to v4.16.0 2021-09-23 16:04:56 +01:00
Kevin Ansfield
04dd409243
Added syncing and theme exposure of custom theme settings (#13354)
refs https://github.com/TryGhost/Team/issues/1070

- added `@tryghost/custom-theme-settings-service` as a dependency
- `core/server/services/custom-theme-settings` creates an instance of the new service passing in the model used for storing the setting keys/values and a cache instance
- requiring `core/shared/services/custom-theme-settings-cache` creates a cache instance, it has no dependencies so can be required anywhere and the first require will initialize the shared instance
- updated the theme activation bridge to trigger the theme settings service to sync the newly activated theme settings and populate the cache
- updated theme validation to pass `labs` through as an option so that we get custom theme settings back as part of the checked theme as that's what is passed to the custom theme settings service
2021-09-23 12:44:39 +01:00
Kevin Ansfield
57effd9585
Added custom_theme_settings table/model (#13327)
refs https://github.com/TryGhost/Team/issues/1070

- stores values of custom theme settings
  - will be merged with full settings data parsed from themes for API output
  - will be cached and made available for lookup in themes to avoid db roundtrips
- stores type of custom theme settings so we can coerce values and know if the type has changed when syncing
- records will be synced with themes upon activation
2021-09-23 11:51:18 +01:00
Daniel Lockyer
57664696a4 v4.15.1
-----BEGIN PGP SIGNATURE-----
 
 iHUEABYIAB0WIQTqYa7kNs8D7Oo9dgLSEYbwtHKVrQUCYUxOIgAKCRDSEYbwtHKV
 reO6AQCL2mFdVLBwRbpVQa2Zs9RlYKk88ivLRMpAZPPiElNblQEAqt710wrVbMwm
 hOOWbWdFpPOWCrop9zhO8GJSPeNpJw0=
 =Ff3M
 -----END PGP SIGNATURE-----
gpgsig -----BEGIN PGP SIGNATURE-----
 
 iHUEABYIAB0WIQTqYa7kNs8D7Oo9dgLSEYbwtHKVrQUCYUxTawAKCRDSEYbwtHKV
 ra28AQCcambctLCH70Sc7SJmexojA5k6Ti0p3pwOktWY/WygZQEAlMEHSDw89wdY
 3U8R8zY1d1MeXqj51Op95sTYwiDAjg8=
 =HoUL
 -----END PGP SIGNATURE-----

Merged v4.15.1 into main

v4.15.1
2021-09-23 11:13:56 +01:00
Naz
bf4587d29e Fixed typos 2021-09-23 12:05:15 +02:00
Daniel Lockyer
92533b2de7
Updated Admin to v4.15.1 2021-09-23 10:51:30 +01:00
Fabien O'Carroll
944c2cc9af
🔒 Fixed member email change vulnerability
refs https://github.com/TryGhost/Ghost/security/advisories/GHSA-65p7-pjj8-ggmr

This updates the signup/signin flow for members to no longer support the
email address change flow - which had missing authentication. It has
been replaced with a dedicated email change flow, and Portal has been
updated to use it.
2021-09-23 10:49:30 +01:00
Naz
f13ee0e4fb Corrected type declarations in ThemeStorage
refs https://linear.app/tryghost/issue/CORE-35/refactor-route-and-redirect-settings

- Type declarations were incorrect, co changed them to something more suitable based on the implementation to reduce the error output.
2021-09-22 14:16:39 +02:00
Peter Zimon
496b98b751 Added Offers Alpha flag 2021-09-22 13:20:36 +02:00
Naz
7589218abc Converted import-manager module to a class
refs https://github.com/TryGhost/Team/issues/694
refs https://linear.app/tryghost/issue/CORE-16/tackle-importersdataindexjs

- The codebase uses class syntax instead of extending/instantiating a native function (this is a very old of doing pseudo OOP in JS). Updated the old syntax in a very one-to-one brainless way with intention to improve the file again when touched again
2021-09-22 20:10:23 +12:00
Naz
c39d1996a4 Brought back importer index.js file exposing a single thing
refs https://github.com/TryGhost/Team/issues/694
refs https://linear.app/tryghost/issue/CORE-16/tackle-importersdataindexjs

- This extra step was done to keep the git history cleaner (previous commit was a clean rename). This new index file exposes just one thing.
- The next step here should be refactoring of the "importer-manager" module into a class following a DI pattern.
2021-09-22 20:10:23 +12:00
Naz
0d32552d7a Renamed imports indexjs to import-manager
refs https://github.com/TryGhost/Team/issues/694
refs https://linear.app/tryghost/issue/CORE-16/tackle-importersdataindexjs

- The index file should contain an API index that the module/folder exposes. In this instance it is a full blown class-like set of data and functions that don't belong to index.js
2021-09-22 20:10:23 +12:00
Rishabh
1e239de039 Added new ingress endpoint for client-side events
res https://github.com/TryGhost/Team/issues/1064

- adds new events endpoint on members app to capture client side events for member analytics behind the `membersActivity` flag
2021-09-21 23:37:25 +05:30
Naz
90e9e473ad Brought back index.js file exposing a single thing
refs https://github.com/TryGhost/Team/issues/694
refs https://linear.app/tryghost/issue/CORE-16/tackle-importersdataindexjs

- This extra step was done to keep the git history cleaner (previous commit was a clean rename). This new index file exposes just one thing.
- The next step here should probably be refactoring of the data-importer module into a class following a DI pattern.
2021-09-22 03:23:12 +12:00
Naz
208dd49971 Renamed imports/data indexjs to data-importer
refs https://github.com/TryGhost/Team/issues/694
refs https://linear.app/tryghost/issue/CORE-16/tackle-importersdataindexjs

- The index file should contain an API index that the module/folder exposes. In this instance it is a full blown class-like set of data and functions that don't belong to index.js
2021-09-22 03:23:12 +12:00
Fabien O'Carroll
9183c3fa11 Exported MemberAnalyticEvent from models/index.js
refs https://github.com/TryGhost/Team/issues/1053

In order to use the model we must exports it from the index.js file.
This was missing from the commit which added the models.
2021-09-21 13:22:40 +02:00
Naz
74c15c7b02 Refactored secret settings util functions
refs https://github.com/TryGhost/Team/issues/694
refs https://linear.app/tryghost/issue/CORE-13

- The index file in services/settings was containning logic and started throwing an additional lint warning due to module length.
- The extracted secret settings utils were used in multiple places and were a good candidate to live in it's own small module
2021-09-21 23:05:57 +12:00
Naz
ed56239523 Moved browse method from settings API controllers
refs https://github.com/TryGhost/Team/issues/694
refs https://linear.app/tryghost/issue/CORE-13

- The browse method didn't throw a complexity warning but was a clear target to get extracted into settings bread service. This way we get rid of a settings cache dependency and reduce code duplication.
2021-09-21 23:05:57 +12:00
Naz
d76ba2852e Removed method complexity in settings API v3 controller
refs https://github.com/TryGhost/Team/issues/694
refs https://linear.app/tryghost/issue/CORE-13

- The controller code is not meant to contain complex business logic. Removed complexity in settings.edit method
- Have brought up to sync v3 controller code to the changes that were done in v4. Didn't touch v2 controller as it had slight API differences, so avoided going on another trip into the unknown
- Migrating v3 controller was pretty straigh forward as it's an exact copy of the v4 one (at least for the methods that were extracted)
2021-09-21 23:05:57 +12:00
Naz
ae3b2fad7c Removed method complexity in settings API controller
refs https://github.com/TryGhost/Team/issues/694
refs https://linear.app/tryghost/issue/CORE-13

- The controller code is not meant to contain complex business logic. Removed complexity in settings.edit method
- The code causing the complexity warning clearly belonged in the validation layer, so has been moved to it's propper location
2021-09-21 23:05:57 +12:00
Naz
e7ec197da1 Removed duplicate logic from settings edit permissions stage
refs https://github.com/TryGhost/Team/issues/694
refs https://linear.app/tryghost/issue/CORE-13

- The removed logic is done more thoroughly on the settings BREAD
service layer.
2021-09-21 23:05:57 +12:00
Naz
6b25b91fa4 Removed method complexity in settings API controller
refs https://github.com/TryGhost/Team/issues/694
refs https://linear.app/tryghost/issue/CORE-13

- The controller code is not meant to contain complex business logic. Removed complexity in settings.edit method
- Have separated the regular editing from "Stripe Data" editing to keep the dependency on the members service still in the controller reducing coupling of the settings BREAD service to the minimum.
- The stripeConnectData passed into `edit` method still feels out of place (maybe it should be passed as an array already that's ready to be merged with the rest of settings, but that was left for another refactor in the future)
2021-09-21 23:05:57 +12:00
Naz
85ee721157 Removed method complexity in settings API controller
refs https://github.com/TryGhost/Team/issues/694
refs https://linear.app/tryghost/issue/CORE-13

- The controller code is not meant to contain complex business logic.
Reduced complexity in the settings.read method
- Broke the usual "xxxService" naming pattern here in favor of "xxxBREADService" pattern that members package has been experimenting with recently (0469707f2e/packages/members-api/lib/services/member-bread.js (L25)). This naming choice was made because we already had a "SettingsService" and it would've become quite convoluted distinguishing the naming or doing renames for the sake of having a new temporary location for read/edit/add methods
- Also duplicated `hideValueIfSecret` method code with an intention to move it fully into the BREAD service once the refactoring is completed
2021-09-21 23:05:57 +12:00
Fabien O'Carroll
c1c969238f Passed MemberAnalyticEvent to @tryghost/members-api
refs https://github.com/TryGhost/Team/issues/1055

We use the models defined in Ghost as our database connection to store
the analytic events. So we must pass this down to the Members module so
that we can store the events
2021-09-21 11:42:05 +02:00
Rishabh
58bdf1e6e5 Added new ghost analytics meta tag behind activity alpha flag
refs https://github.com/TryGhost/Team/issues/1063

Member activity is a labs alpha feature which aims at capturing member events for site owner if switched on. The event metadata captures the site page/post where the event originates from, and the post/page id is included as content of new ghost analytics meta tag. The meta tag is only aded on the site if member activity is switched on from labs.
2021-09-20 13:55:37 +05:30
Daniel Lockyer
0a64916771
Updated Admin to v4.15.0 2021-09-17 16:58:45 +01:00
Daniel Lockyer
8590376795
Fixed linting issue
no issue

- I removed the use of Promises but didn't clean up the import
2021-09-17 16:51:52 +01:00
Daniel Lockyer
93e4b2eafd 🔒 Fixed remote command injection when using sendmail email transport
refs https://github.com/TryGhost/Ghost/security/advisories/GHSA-wfrj-qqc2-83cm
refs https://github.com/advisories/GHSA-48ww-j4fc-435p

- a vulnerability in `nodemailer` means that the `sendmail` transport is
  vulnerable to command injection for flags passed to the `sendmail`
  binary
- updating to the latest version of Nodemailer required creating
  `@tryghost/nodemailer`, which is a wrapper around Nodemailer and
  several plugins that used to be in the core
- this commit switches to using that package, and fixes up some small
  code + test changes
2021-09-17 16:46:51 +01:00
Fabien O'Carroll
61058fb0a4 fixup! Refactored migration to run faster 2021-09-17 16:33:14 +01:00
Fabien O'Carroll
3165315f84 fixup! Refactored migration to run faster 2021-09-17 16:33:14 +01:00
Fabien O'Carroll
484e0c1e05 Refactored migration to run faster
no-issue

We're seeing problems with large sites taking a long time to run this
migration. The aim here is to refactor it so that it is faster to run.

We've achieved that by reducing the number of database queries needed,
firstly by selecting members with a join to their events (rather than
fetching the events on a member-by-member basis) we also batch the
necessary updates to further reduce db query time.
2021-09-17 16:33:14 +01:00
Hannah Wolfe
7d1d6ec6eb
🐛 Fixed error in sitemap with >50k posts (#13317)
closes: CORE-34
refs: https://github.com/TryGhost/Team/issues/1044

- this is a super basic fix, it adds a max nodes concept and limits the node in each sub-sitemap to 50k by default
- this will prevent the error in google console
- a better fix is in progress, but we want to at least solve the errors ASAP
2021-09-17 11:13:42 +01:00
Fabien 'egg' O'Carroll
2dca63eae2
Added temporary database table for analytic events (#13312)
refs https://github.com/TryGhost/Team/issues/1053

This table is going to be completely deleted at some point in the
future. It serves as a persistent datastore for a spike into collection
analytic events for members. We've opted for a generic table, rather
than a table for each event, so that we can push the DB to the limit in
terms of the length of the table, and find out performance issues A$AP
2021-09-17 11:15:21 +02:00
Hannah Wolfe
ba587ba882
Fixed logic bugs in match helper (#13315)
closes: CORE-33

Two bugs:
- lodash isEmpty and handlebars util isEmpty are not the same
- I literally had the truthy and falsy cases the wrong way around 🙈

Notes:
- I have, for now, copied the isEmpty util from handlebars. It's so small it doesn't seem worth trying to require the util right now, although in future it'd be nice if that was easier to do
- Adding the management for the conditional being a SafeString allows the match helper to be a subexpression of itself, I can see this pattern being useful later in combo with the any and all helpers
2021-09-17 09:47:10 +01:00
Kevin Ansfield
02347aa788
🐛 Fixed Outlook incorrect text styling and ' appearing in email content (#13313)
refs https://github.com/TryGhost/Team/issues/1047

Rendering segmented emails uses `cheerio` to parse and re-render the html but this had a side-effect of converting the `$#39;` char code to the more modern `$apos;` code resulting in Outlook not understanding quotes inside inlined CSS and showing the raw char code if it appeared in the email contents.

- extracted our handling of the unsupported char codes from the main email html generation into a function so that it can be re-used when generating segmented html
2021-09-17 08:39:29 +01:00
Naz
191b313271 Removed method complexity in webhooks API controller
refs https://github.com/TryGhost/Team/issues/694
refs https://linear.app/tryghost/issue/CORE-14/tackle-webhooksjs

- The controller code is not meant to contain complex business logic.
2021-09-17 10:11:23 +03:00
Naz
cff0c483af Updated v3 Webhook API to match v4 implementation
refs 70627d84a7
refs 44035fd591
refs https://github.com/TryGhost/Team/issues/477

- When v4 Webhook API was changed removing redundant code v3 API code should've been updated as well. Making this change before extracting logic out into a WebhooksService to have clear chain of why the code that doesn't look the same has been substituted
2021-09-17 09:58:44 +03:00
Naz
4744349381 Removed method complexity in integrations API controller
refs https://github.com/TryGhost/Team/issues/694
refs https://linear.app/tryghost/issue/CORE-10/tackle-integrationsjs

- The controller code is not meant to contain complex business logic.
- Added a test case checking 'PUT' endpoint for integrations to ensure
proper 'NotFound' handling. Found that previous implemenation was
buggy - threw a 500 as 'models.Integration.NotFoundError' that was removed
in previous commit didn't catch a needed error.
2021-09-16 14:23:48 +03:00
Rishabh
08b7fbc73f Added membersActivity alpha labs flag
refs https://github.com/TryGhost/Team/issues/1060

- Adds new alpha labs flag for controlling upcoming feature to record member activity for analytics
2021-09-16 11:53:27 +05:30
Naz
74f00bae1e Fixed 404 error when email only posts have been enabled
refs https://github.com/TryGhost/Team/issues/990
refs https://linear.app/tryghost/issue/CORE-25

- It used to be required remembering to restart the ghost process/routing after switching the email-only flag for the change to take effect. It was often forgotten and caused confusion.
2021-09-16 01:41:21 +12:00
Kevin Ansfield
e2c41c52ee Added customThemeSettings labs flag
refs https://github.com/TryGhost/Team/issues/1045

- alpha flag for working on reworked design settings in Admin and allowing themes to define custom settings
2021-09-14 18:35:59 +01:00
Daniel Lockyer
d4adae775e v4.14.0
-----BEGIN PGP SIGNATURE-----
 
 iHUEABYIAB0WIQTqYa7kNs8D7Oo9dgLSEYbwtHKVrQUCYUB7mgAKCRDSEYbwtHKV
 rYTGAP9dggMBUTq6+2yLyYHChVMqLez2WS/XmgTdC4mc2tsZzgD+J2/zhRObGYX0
 d54Y39pAw7rPV8Z8md9nCm9olPpE4AM=
 =w206
 -----END PGP SIGNATURE-----
gpgsig -----BEGIN PGP SIGNATURE-----
 
 iHUEABYIAB0WIQTqYa7kNs8D7Oo9dgLSEYbwtHKVrQUCYUB8kwAKCRDSEYbwtHKV
 rTGVAP4wqFwWwQUFUXX4tLbvcLKQalvHQI3soLFneAzZT1M3DQEAtWO+crkH2auN
 Agt8ND2ndlIzsyGxYywliajBfbQVZwM=
 =nFhH
 -----END PGP SIGNATURE-----

Merged v4.14.0 into main

v4.14.0
2021-09-14 11:42:21 +01:00
Daniel Lockyer
07a1465e3b
Updated Admin to v4.14.0 2021-09-14 11:38:17 +01:00
Kevin Ansfield
6875796417 Blocked 0.* IP addresses when making oembed requests
no issue

It was possible for authenticated/trusted admin users to make GET requests to localhost via the oembed service by crafting a redirect that used 0.0.0.0.

- added the 0.* default route/routing block to the private IP regex used to block requests when we're contacting external sites
- added an additional IP or localhost check in the oembed service when fetching bookmark card data
2021-09-14 11:35:14 +01:00
Kevin Ansfield
d735e3a4f3 Removed dashboardTwo labs flag
no issue

The updated dashboard is shelved for now whilst the underlying analytics architecture is improved.
2021-09-14 10:08:43 +01:00
Daniel Lockyer
2d639ad4a1 Replaced removed Bookshelf findWhere function
- as per https://github.com/bookshelf/bookshelf/wiki/Migrating-from-0.15.1-to-1.0.0#collectionfindwhere, the `findWhere` function was removed
- `find` can be used in combination with `matchFunc` and then checking
  the values against each other to keep the same functionality
- also updates the tests to reflect the change in number of function calls
2021-09-10 16:59:11 +01:00
Daniel Lockyer
23c207cefc Updated signature of Bookshelf model listeners
- as per https://github.com/bookshelf/bookshelf/wiki/Migrating-from-0.15.1-to-1.0.0#different-arguments-on-after-save-event-listeners-saved-created-and-updated, the signature of saved, created and updated listeners has changed to remove the second argument
- this commits updates our signatures too
2021-09-10 16:59:11 +01:00
Daniel Lockyer
80fa1d903e Removed explicit loading of Bookshelf registry plugin
- as per 5a5a5d162e, the Bookshelf registry plugin is now in core
- we no longer need to explicitly load the plugin, and it displays a
  warning if you do
- this change also turns `._models` into `.registry.models`, so our code has
  been updated to reflect that
2021-09-10 16:59:11 +01:00
Daniel Lockyer
8fcb57bd6a Disabled new Bookshelf fetch behaviour across models
- as per https://github.com/bookshelf/bookshelf/wiki/Migrating-from-0.15.1-to-1.0.0#default-to-require-true-on-modelfetch-and-collectionfetchone, models will now default to `{require:true}` during a fetch, which changes how Bookshelf will respond when a models yields no results
- instead of passing a `null` result, it will reject with an error, so we'd need to switch to `.catch`ing everything
- our code is set up to handle all these null results and switching style is not currently on the cards so we want to use the existing behaviour for now
- to enable this, the `requireFetch` option needs to be added to the model definitions
2021-09-10 16:59:11 +01:00
Fabien O'Carroll
c9325aa2cc Fixed Complimentary subscriptions being created twice
refs https://github.com/TryGhost/Team/issues/1030

The usage of `setComplimentarySubscription` is for pre-Tiers enabled
sites only. We didn't see this issue before because the `comped` flag
was incorrectly being set to `false` by default. Since it was fixed in
https://github.com/TryGhost/Ghost/commit/ae844db60 the `comped` flag was
then getting sent up, and creating the subscription.

We've moved the usage of `setComplimentarySubscription` to behind the
feature flag so that we do not use old behaviour when Tiers are enabled
2021-09-10 14:29:20 +02:00
Kevin Ansfield
864e4583d4 Fixed segmented email content being sent to all members
refs https://github.com/TryGhost/Ghost/pull/13276

- when removing the labs flag a conditional in the email processor checking for the labs flag being enabled was replaced with a check for a member segment being present. This meant that email batches with `member_segment: null` representing all members that didn't have content specifically aimed at them were not having the segmented content stripped before sending
2021-09-10 11:36:42 +01:00
Rishabh Garg
2272f84cc9
Added beta {{products}} helper for tiers list on post (#13267)
refs https://github.com/TryGhost/Team/issues/1004

- adds new `{{products}}` helper behind `multipleProducts` flag
- `{{products}}` outputs a string with list of products that have access to specific post when used in a post context in theme
- outputs empty string when used out of a post context and without access to `visibility` property
- uses all available posts for a site via the global products data
- updates {{content}} helper cta to use this new helper to show list of tiers with access to post
2021-09-10 09:30:41 +05:30
Rishabh
025eb8bd79 Updated tiers as a beta feature from alpha
refs https://github.com/TryGhost/Team/issues/1026

Tiers is moving up as a beta feature with an early-access opt-in flow. This means site owners can now opt-in for early access to Tiers feature in Ghost, but it's a one way door and its not possible to switch off tiers once enabled. This is to ensure that sites don't break in any unexpected ways once the tiers feature is enabled by switching it off.
2021-09-09 16:57:46 +05:30
Peter Zimon
60d6d36c5e Updated sign up email copy
- Updated the copy of the confirm button in the signup email to make the use case (sign up vs. sign in) clearer.
2021-09-09 12:33:56 +02:00
Fabien O'Carroll
519757faec Cleaned up webhook settings on Stripe disconnect
refs https://github.com/TryGhost/Team/issues/1006

These should have been cleaned up previously as they are no longer used
or valid without a Stripe connection.
2021-09-07 18:58:25 +02:00
Fabien 'egg' O'Carroll
cd89c7e427
Used @tryghost/members-api Stripe disconnect logic (#13290)
refs https://github.com/TryGhost/Team/issues/1006

Moving the logic of disconnecting Stripe into the members-api module
decouples the Ghost API from the Members API internals. This method can
now be updated independently of Ghost, to implement the deletion of
webhooks from Stripe.
2021-09-07 18:25:53 +02:00
Fabien 'egg' O'Carroll
647f1f8f61
Fixed MemberStatusEvents for free members (#13287)
refs https://github.com/TryGhost/Team/issues/1000

Some free members were created with a status of 'comped', this resulted
in MemberStatusEvents being created with a `to_status` of 'comped'.

In 4.12 we fixed the status for all free members, but we did not update
the associated member_status_event.
2021-09-07 15:02:59 +02:00
Fabien 'egg' O'Carroll
ae844db60b
Fixed handling of Complimentary Stripe subscriptions (#13289)
refs https://github.com/TryGhost/Team/issues/995

Since we reintroduced the comped status, we did not update the
subscription handling to correctly set members to a status of comped
when they were on a 'Complimentary' plan. This meant that 'comped' members
had a status of 'paid'. The changes to @tryghost/members-api ensure that
handling subscriptions going forward will not result in this error.

Since we handle the Complimentary plan correctly now, we do not need to
manually check for the existence of one, we can instead rely on the
status to set the `comped` flag.
2021-09-07 11:31:47 +01:00
Fabien 'egg' O'Carroll
a0a35df13b
Migrated members comped status to reflect subscriptions (#13285)
* Migrated members comped status to reflect subscriptions

refs https://github.com/TryGhost/Team/issues/995

Due to a bug in subscription handling, members with Complimentary stripe
subscriptions were incorrectly given a status of 'paid'.

The goal of this migration is to fix existing broken members, and it
will be accompanied by a fix which prevents the bug for future members.

Since we are updating the status properties for members, we must ensure
that we also update the relevant member_status_events entries too, so
that we do not have incompatible sums between events and statuses.

For example, if we were to use events to graph comped members over time,
we would want the current count to match the query on statuses:

`SELECT COUNT(*) FROM members WHERE status='comped';`
2021-09-06 18:56:44 +02:00
Fabien 'egg' O'Carroll
62bb031bab
Fixed usage of linkStripeCustomer for v3 API (#13288)
refs https://github.com/TryGhost/Ghost/issues/12942

The function signature of this method has changed, and was only updated
in the canary API, this meant that API requests attempting to link a
stripe customer to a member would error for the v3 API.
2021-09-06 14:18:11 +01:00
Daniel Lockyer
5d700c6a79 v4.13.0
-----BEGIN PGP SIGNATURE-----
 
 iHUEABYIAB0WIQTqYa7kNs8D7Oo9dgLSEYbwtHKVrQUCYTX5vAAKCRDSEYbwtHKV
 rensAP9Oicx5z/VxT+24aUZye7ZAGKtixkcAD5t8mHL2sVOYtAEArmbbWcY7QObf
 e3xUbOTujGOkYdirKrnc4jSqhpPypAM=
 =IYQa
 -----END PGP SIGNATURE-----
gpgsig -----BEGIN PGP SIGNATURE-----
 
 iHUEABYIAB0WIQTqYa7kNs8D7Oo9dgLSEYbwtHKVrQUCYTX7TgAKCRDSEYbwtHKV
 reiOAQCp6medOlKFGD3uq9v/umvOn7+XQeKLQ0ELxXR80X/YrQD+Nych2u4kdHdC
 d060V9Bj1sNRcuuztwqJZx+iFg+jvwk=
 =wCw4
 -----END PGP SIGNATURE-----

Merged v4.13.0 into main

v4.13.0
2021-09-06 12:28:04 +01:00
Daniel Lockyer
7138bc6f8f
Updated Admin to v4.13.0 2021-09-06 12:21:31 +01:00
Fabien 'egg' O'Carroll
6a7cd9856e
Fixed imports for files missing the email_only key (#13284)
closes https://github.com/TryGhost/Team/issues/1024

Our importer would set the default value of all posts_meta keys to
`null`. This is an invalid value for the `email_only` key which only
accepts booleans.

Since we are already looping over the schema to create the default
values, we can use the `defaultTo` property in the schema to use the
intended default, and fall back to `null` if it doesn't exist.

We've used the `Reflect.has` function to determine if the `defaultTo`
key exists, as opposed to a truthy check, because it's possible that a
falsy value (e.g. false, in the case of email_only) can be used as the
default.
2021-09-06 11:56:05 +01:00
Fabien 'egg' O'Carroll
90a4d369db
Fixed imports for files missing the email_only key (#13284)
closes https://github.com/TryGhost/Team/issues/1024

Our importer would set the default value of all posts_meta keys to
`null`. This is an invalid value for the `email_only` key which only
accepts booleans.

Since we are already looping over the schema to create the default
values, we can use the `defaultTo` property in the schema to use the
intended default, and fall back to `null` if it doesn't exist.

We've used the `Reflect.has` function to determine if the `defaultTo`
key exists, as opposed to a truthy check, because it's possible that a
falsy value (e.g. false, in the case of email_only) can be used as the
default.
2021-09-06 11:51:42 +01:00
Naz
6c75de6464 Removed i18t dependency from post scheduling service
refs https://github.com/TryGhost/Team/issues/694

- The i18t pattern has been deprecated. Quick clean up to keep the number of dependencies in the new module to the minimum
2021-09-04 07:49:11 +12:00
Naz
db2ef7dbca Migrated schedules v2/v3 APIs to match refactor in canary
refs https://github.com/TryGhost/Team/issues/694

- The canary schedules controller was refactored to use newly introduced post-scheduling service in a previous commit. This is a follow up to match v2/v3 controllers as they had identical code to the canary one.
2021-09-04 07:49:11 +12:00
Naz
7b53a61b73 Removed method complexity in schedules API controller
refs https://github.com/TryGhost/Team/issues/694

- The controller code is not meant to contain complex business logic.
2021-09-04 07:49:11 +12:00
Naz
00460c96f4 Removed i18t dependency from installer module
refs https://github.com/TryGhost/Team/issues/694

- The i18t pattern has been deprecated. Quick clean up to keep the number of dependencies in the new module to the minimum
2021-09-03 20:33:28 +04:00
Naz
84c88683ba Removed method complexity in themes API controller
refs https://github.com/TryGhost/Team/issues/694

- The controller code is not meant to contain complex business logic.
- Kept the pattern used in all modules under services/themes. The install module shold be refactored into a class with DI pattern when touched next.
2021-09-03 20:33:28 +04:00
Naz
8d36ebeb3c Refactored Labels API add method back to promises
refs https://github.com/TryGhost/Team/issues/694

- Additional try/catch block needed in async/await implementation increased method complexity  and broke the complexity linting rule. This is a dirty way to fix the warning. Ideally the implementation should stay with async/await syntax and instead move the custom error handling logic into some different layer. For example we could introduce a separate "stage" in the API framework's "pipeline" where we'd catch and handle in a generic way all of the "unique" types of errors. It would make sense to have a generic handler because this same code happens in labels, member and few more places.
2021-09-03 20:33:28 +04:00
Kevin Ansfield
020acb643e
Removed emailCardSegments labs flag (#13276)
refs https://github.com/TryGhost/Team/issues/993
reqs https://github.com/TryGhost/Admin/pull/2080

- removed labs flag
- removed labs flag usage in conditionals
- moved labs email template changes into main template
2021-09-02 13:11:11 +01:00
Naz
cea2facfe8 Updated mega's sendTestEmail JSDoc
no issue

- The "memberSegment" parameter is optional, marked it as such to remove type check errors
2021-09-02 13:11:10 +04:00
Naz
26f419f085 Reduced method complexity for sendTestEmail method
refs baccbb4942
refs https://github.com/TryGhost/Team/issues/694

- The change is here to remove yet another ESLint method complexity error
- The custom error handling complexity was introduced here in a referenced commit without an obvious reason. The specifics of how the "sendTestEmail" method handles errors should not leak out from the method, if there are errors in the response they should be handled internally and the method would uniformly reject with a single error.
2021-09-02 13:11:10 +04:00
Naz
807322dccb Extracted email preview service
refs https://github.com/TryGhost/Team/issues/694

- The code complexity in the email preview's read controller method was breaking the complexity rule in ESLint. To reduce the complexity extracted common parts into mega service
2021-09-02 13:11:10 +04:00
Rishabh
c6fc3902c5 Refined Portal change plan design and scrolling behavior
no refs

- adds refinements to change plan UI in Portal
- adds other UI refinements to Portal for multiple tiers
- updates scrolling behavior in Portal in preview mode
- bumps `@tryghost/portal` to `1.9`
2021-09-02 12:31:17 +05:30
Naz
9a9866cf59 Refactored email-preview ctrl to use async/await
refs https://github.com/TryGhost/Team/issues/694

- async/await has been a standard way to handle async code throughout the codebase. Refactoring it before moving code makes it way easier to reason about similarities between multiple controllers
2021-09-02 10:59:00 +04:00
Kevin Ansfield
98f1200f77
Removed snippetReplacements labs flag (#13259)
refs https://github.com/TryGhost/Team/issues/1008
reqs https://github.com/TryGhost/Admin/pull/2073

- flag is no longer used by Admin as the feature is out of labs
2021-09-01 09:10:39 +01:00
Kevin Ansfield
28a9d2b134 Removed featureImgDragDrop labs flag
closes https://github.com/TryGhost/Team/issues/884

- Admin change is no longer behind the flag so it's now unused
2021-08-31 14:22:14 +01:00
Kevin Ansfield
d58901d548 Removed savedIndicator labs flag
refs https://github.com/TryGhost/Team/issues/779

- Admin change is no longer behind the flag so it's now unused
2021-08-31 09:59:04 +01:00
Naz
d0b82f418b Removed unnecessary parameter
no issue

- The method declaration has no parameters, removed them from the method call for clarity.
2021-08-30 12:33:33 +04:00
Naz
c9358bdddb Removed eccessive parameter in map method call
no issue

- There are only two parameters in `map` method. The one used here was probably some leftover from reduce or was put there by mistake
2021-08-30 12:11:16 +04:00
Naz
35e23636ae Fixed 'sent' status setting when publishing a post
refs https://github.com/TryGhost/Team/issues/947

- During the work of the UI and moving `email_only` flag to publish menu it created the situation where the publishing of the post was at the same time as adding `email_only` flag, resulted in not picking up teh `sent` status as the `posts_meta` model and record were's available during save.
- Adding the incoming attribute check for email_only flag covers this situation
2021-08-26 22:25:45 +04:00
Fabien 'egg' O'Carroll
bee1d4793d
Added static transaction method to base model (#13260)
no-issue

Writing code outside of Ghost which deals with the models is currently
done by passing the models which are needed to the external module,
rather than the instance of ghostBookshelf. This does not give us a way
to create transaction to run queries in. This method is designed as a
simple way to give all models the power to create a transaction for
themselves.

This will be used in @tryghost/members-api for example to ensure that
failures in communication with the Stripe API will rollback the related
inserts in the database.
2021-08-26 19:01:42 +01:00
Fabien O'Carroll
76311484df Added dummy subscription to comped members
refs https://github.com/TryGhost/Team/issues/873

This includes the update to @tryghost/members-api which includes the new
MemberBREADService which is used to handle the logic for controller
methods outside of the controller.

With it, we've introduced the concept of a dummy subscription for comped
members. This gives API consumers a way to get the created_at date for a
comped members access to a product.
2021-08-26 15:28:55 +02:00
Fabien O'Carroll
4e47c63e73 Updated members serializer to handle POJO
no-issue

The @tryghost/members-api module is being updated to export a BREAD
service which will be used to move the logic from the controller into.
This service is currently designed to returns objects rather than
models, as it has to do manipulation of the returned data at the object
level. This update to the serializer will allow a seamless transition to
the use of the BREAD service and allow us to pull out the logic from the
controller sooner!
2021-08-26 15:28:55 +02:00
Daniel Lockyer
51d602d5b3
Removed unused internal request lib
refs 3f0bab4389

- the internal `request` lib we had was replaced with `@tryghost/request` in
  the referenced commit
- this lib was not deleted, so it's still lingering around
- this commit deletes that file to clean it up
2021-08-26 14:21:27 +02:00
Fabien 'egg' O'Carroll
c7a7828b57
Gave Administrators permission to connect to Stripe (#13228)
refs https://github.com/TryGhost/Team/issues/994

This adds the permission required to connect to Stripe to the
Administrator role, as required by the linked issue.
2021-08-26 11:00:40 +01:00
Fabien O'Carroll
611f696149 Removed bluebird import from migration utils
no-issue

The bluebird library is unecessary in this module, as all uses of it
were wrapped in `async` functions which will return a native Promise
rather than a bluebird one.

refs https://ghost.slack.com/archives/C02G9E68C/p1629822160273500
2021-08-25 23:30:14 +02:00
Kevin Ansfield
413b06d1b5 Fixed leading/trailing HR removal when rendering email content
refs https://github.com/TryGhost/Team/issues/1007

- `:root` selector wasn't working as expected and ended up matching HRs within content
- switched to wrapping the post html inside a `<body>` element before parsing so that we have a proper top-level element for direct child selectors to match against
2021-08-25 09:25:55 +01:00
Kevin Ansfield
946ae43a15 Removed leading/trailing HR's when rendering email content
refs https://github.com/TryGhost/Team/issues/1007

- the new `email-cta` card allows surrounding dividers to be added when rendering, however if the card is at the beginning or end of the post then these would double-up with the already existing dividers at the beginning and end of the post content in the email template
- not wanting leading/trailing HR's is specific to the email template so it made sense to adjust the renderer output in Ghost's email generating rather than forcing all mobiledoc->html rendering to remove leading/trailing HR's
2021-08-24 19:38:29 +01:00
Fabien O'Carroll
a6bfd61986 Passed MemberProductEvent model to @tryghost/members-api
refs https://github.com/TryGhost/Team/issues/873

The @tryghost/members-api module needs access to this model in order to
create events when members access to products are updated.
2021-08-24 14:46:02 +02:00
Fabien O'Carroll
55f249a328 Added MemberProductEvent model & relations
refs https://github.com/TryGhost/Team/issues/873

We need a relation between members and their product events so that we
can pull out the events for a particular member to generate the start
date of their comped access to a product.
2021-08-24 14:44:53 +02:00
Fabien O'Carroll
e71114bb8f Added Members bulk actions endpoint
refs https://github.com/TryGhost/Team/issues/946

This adds the initial bulk actions endpoint used for the members
filtering feature. The idea is to eventually move bulk destroy into this
endpoint to and provide a consistent interface for applying bulk actions
to members.

The @tryghost/members-api package has been bumped to include the new
bulkEdit method.

The sinon.restore in tests was moved to an afterEach so that stubs did
not effect other tests.
2021-08-23 16:38:21 +02:00
Fabien O'Carroll
1835c22f3b Added getLabelRelations to Member Model
refs https://github.com/TryGhost/Team/issues/946

In order to bulk remove relations between members and labels we need a
way to get hold of all of the existing relations between a label and a
set of members.
2021-08-23 16:38:21 +02:00
Fabien 'egg' O'Carroll
2f33292600
Added members_product_events table (#13236)
refs https://github.com/TryGhost/Team/issues/873

This table is to track events related to members be given or having
removed access to products. It will allow us to provide start dates for
access for complimentary members, as well as being able to track access
to products over time, either for individual members or for aggregates.
2021-08-23 16:29:15 +02:00
Naz
04e7c9fca5 Refactored oembed service to async/await syntax
no issue

- The method was super hard to read with unintuitive catches in multiple places and lots of conditional logic. There's still more to reshuffle here, but that would be for the next time. At least now the data flow is clear within the method
2021-08-23 10:53:44 +04:00
Naz
0703596ace Fixed function comlexity lint warning in oembeds
no issue

- Logic with slightly more complex structure belongs to the service. Extracting it there also show's how little of an API the oembed service should actually expose
2021-08-23 10:36:18 +04:00
Naz
d6f3210fd2 Updated copy for email verification error
refs https://github.com/TryGhost/Team/issues/912

- The copy was changed in post members import email verification popup to have more consistent tone of voice.
2021-08-20 18:07:31 +04:00
Naz
7f09beb2a8 Moved email list check to GA
refs https://github.com/TryGhost/Team/issues/906

- The feature has moved to GA from behind alpha flag. It's skipping the beta phase as it's not needed in this specific situation
2021-08-20 18:07:31 +04:00
Fabien 'egg' O'Carroll
26c3e77640
Ordered Products by their monthly price by default (#13234)
refs https://github.com/TryGhost/Team/issues/714

In order to order products by their monthly price we need to apply a
join with the stripe_prices table when querying so we have access to the
amount column of stripe_prices.

As this ordering is core to how the tiers feature is intended to work,
we have added it as the default order. But this can be overriden by
manually passing the order option.

Also ensured that we do not create duplicate products in test fixtures
2021-08-20 14:46:06 +02:00
Naz
5937fa5b92 Updated copy for email verification error
refs 5fd1ed5bcb
refs https://github.com/TryGhost/Team/issues/912

- The copy was changed to reflect the partial success of the import.
2021-08-19 13:35:55 +04:00
Naz
937d9e58d1 Switched post routing to uuid instead of slug
refs https://github.com/TryGhost/Team/issues/990

- Relying on uuid instead of slug makes the posts less discoverable and partially soves discoverability through overriden robots.txt files
2021-08-19 12:27:45 +04:00
Naz
2f2fe16944 Added floating threshold to member import
closes https://github.com/TryGhost/Team/issues/958

- The change allows to dynamically adjust import threshold based on current member count
2021-08-18 18:39:43 +04:00
Naz
ec841c0944 Renamed index.js file to a service
refs https://github.com/TryGhost/Team/issues/958

- The module contains a service class and not an api index as index.js file should. This rename also fixes an ESLint warning around index.js file being too complicated.
- The serivice should ideally be extracted into the member repository in the future iteration
2021-08-18 11:48:16 +04:00
Daniel Lockyer
fa19ef7f0b v4.12.1
-----BEGIN PGP SIGNATURE-----
 
 iHQEABYIAB0WIQTqYa7kNs8D7Oo9dgLSEYbwtHKVrQUCYRviGQAKCRDSEYbwtHKV
 rfxSAPi1I0TdH6rbtpNCqaAmm0kAShomDM0IOajwm2bSwFIGAQDYgzablHFGAhv7
 fsFe7t66zHs2fGZ7jakF+vC/NEsMBw==
 =ci9A
 -----END PGP SIGNATURE-----
gpgsig -----BEGIN PGP SIGNATURE-----
 
 iHUEABYIAB0WIQTqYa7kNs8D7Oo9dgLSEYbwtHKVrQUCYRvi/wAKCRDSEYbwtHKV
 rdv+AP9sExkMA4Yqn13vs8Lh6vApLi5BmAYipbVZr7/htx9XVAEA2sd4iQBLvS7H
 KRxwT/4YMvT985cdPrsYL39hRa0ltwc=
 =dpmX
 -----END PGP SIGNATURE-----

Merged v4.12.1 into main

v4.12.1
2021-08-17 17:25:28 +01:00
Daniel Lockyer
1e712b9eab
Updated Admin to v4.12.1 2021-08-17 17:21:45 +01:00
Daniel Lockyer
f8aa065891 v4.12.0
-----BEGIN PGP SIGNATURE-----
 
 iHUEABYIAB0WIQTqYa7kNs8D7Oo9dgLSEYbwtHKVrQUCYRuK8QAKCRDSEYbwtHKV
 rXv7AP9tKQEpGwis3ZjVpWcE7EWkYfrwzTmTGnFMAOrqeCPlNQEAyaROjVd2qiGc
 xzHsLOu8fIHjhlbQtkbc0fh4ZMiZ2gw=
 =kec3
 -----END PGP SIGNATURE-----
gpgsig -----BEGIN PGP SIGNATURE-----
 
 iHUEABYIAB0WIQTqYa7kNs8D7Oo9dgLSEYbwtHKVrQUCYRuL4wAKCRDSEYbwtHKV
 rdLcAQCYNn+jTXH+QaBu2XBPLfwQltXuhTKe0oMoZA8YUFtC1gEA3tGWtXgZNIGH
 BoG+GubHsjSAxpMnxZjQ2dbaUMlZiQo=
 =xy1l
 -----END PGP SIGNATURE-----

Merged v4.12.0 into main

v4.12.0
2021-08-17 11:13:49 +01:00
Daniel Lockyer
1c2efb8731
Updated Admin to v4.12.0 2021-08-17 11:09:53 +01:00
Fabien 'egg' O'Carroll
26940bea3d
Fixed labs.enabledMiddleware isSet reference (#13227)
no-issue

The `this` used by enabledMiddleware is not bound to `module.exports`.
This updates the middleware to reference the `isSet` method correctly
2021-08-16 17:05:47 +01:00
Kevin Ansfield
23fe99e289 Added snippetReplacements to allowed labs flags
refs https://github.com/TryGhost/Team/issues/973

- alpha flag for Admin feature that allows for replacing a snippet's content without having to delete and recreate it manually
2021-08-16 10:40:57 +01:00
Fabien 'egg' O'Carroll
8abd344048
Removed non-existent labs file export
refs 9e2b21578a

Since the ref'd commit the labs middleware was moved to the shared labs module
and this require path no longer exists. This does not break anything as any module
still using this would error when reading the labs property
2021-08-13 13:41:38 +01:00
Hannah Wolfe
59a3a67683
Added eslint override for index.js false positives
- Unquestionably, at some point we need to rework the API code so that we have less stuff everywhere
- However, the max-lines index.js rule exists as a proxy to find index.js files which are not exposing Public API, but rather contain logic
- These 6 cases are all valid index.js files as the expose the Public API of the module
- Therefore, I've added an override and an override notice explaining.
2021-08-13 12:48:49 +01:00
Fabien 'egg' O'Carroll
1dd520754d
Added bulkEdit to bulk-operations bookshelf plugin (#13223)
refs https://github.com/TryGhost/Team/issues/946

This refactor pulls out the core logic so that we can easily add other
bulk operations without having to duplicate even more logic.

It also gives a consistent return value between bulk operations, renaming
`unsuccessfulIds` and `unsuccessfulRecords` to `unsuccessfulData`

We also add a bulkEdit method which will be used to bulk unsubscribe members
from the newsletter.
2021-08-13 12:19:02 +01:00
Fabien O'Carroll
de9efba30c Fixed existing members status properties
refs https://github.com/TryGhost/Team/issues/959

Since we had a bug where members with a canceled subscription would have
a status of 'comped' we must fix any existing members in this state.

We update all members which have no products to a status of 'free',
which is the definition of a 'free' member.
2021-08-13 11:39:19 +02:00
Naz
74280cfbea Added "email post" frontend routing
refs https://github.com/TryGhost/Team/issues/953

- Emails posts should be not explorable by the rest of the frontend similarly to the draft or scheduled posts. Email posts should also keep the content gating, so that specific parts of content can still be gated based on the post's visibility setup
- A separate frontend router was chosen to implement this part of the system instead of a moutable express app due to increased complexity to introduce the latter approach.
- All "sent" email-only posts will be accessible through the `/email/:slug/` route
2021-08-13 12:09:11 +04:00
Naz
2cae064575 Swapped to American English spellings
refs 16728a3ef1
2021-08-13 10:26:33 +04:00
Naz
0d7f253582 Added an internal API for email-only posts
refs https://github.com/TryGhost/Team/issues/899

- The internal API is needed to be able to fetch email-only posts through email router. The concept is similar to Preview API with a difference that only posts with `sent` status are accessible and there is content-gating present.
2021-08-13 10:12:54 +04:00
Naz
59a60d77b9 Fixed JSDoc apiType in the frame pipeline
no issue

- The apiType parameter is optional and was causing type checking to fail in many palces
2021-08-13 10:08:50 +04:00
Naz
9bc5a279ca Added a 'sent' status to post model
refs https://github.com/TryGhost/Team/issues/953

- We need to track email-only posts that have been sent out. New status was chosen as a way to differenciate such posts.
- Introducing a new "email post" type, conceptually like "page", was considered. Because there is no clear roadmap for "email post" becoming a bigger part of the product yet and a lot of uncertainty around this concept, overhead needed to introduce a new type was just too much to do at this moment. It's still a possibility in the future
2021-08-13 10:06:15 +04:00
Fabien 'egg' O'Carroll
235597a5e4
Refactored Members controller bulkDestroy (#13221)
no-issue

This moves the logic out of the controller and into the members-api
member repository. Removing complexity from the controllers and
out into services is desirable to reduce code in the Ghost codebase
and move logic into modules which can be tested easier.
2021-08-12 15:26:25 +01:00
Naz
cf14b5f433 Fixed function complexity linting warning
no issue

- Touched this file while looking into use of config.user_name/user_email and it was almost criminal to not do a tiny improvement
2021-08-12 15:38:58 +04:00
Naz
cb16675e29 Added "from" parameter to email verification
refs https://github.com/TryGhost/Team/issues/961

- More specific "from" address should improve handling when escalated. See refed issue for details.
2021-08-12 14:07:16 +04:00
Naz
41c70dfc96 Improved GhostMailer JSDocs
refs https://github.com/TryGhost/Team/issues/961

- The "from" parameter was not documented, so made it vary clear that it exists and is optional
2021-08-12 14:07:16 +04:00
Naz
fa13ff2798 Updated use of "blog" in variable to "site"
no issue

- The coding standard/preference in variable naming is to go with "site" where possible when referring to current instance instead of "blog".
2021-08-12 14:07:16 +04:00
Fabien 'egg' O'Carroll
6dba643ef9
Added ability to filter members on subscription data (#13214)
refs https://github.com/TryGhost/Team/issues/944

This will allow us to filter for members which have a canceled
subscription or for members which are currently on trial.
2021-08-12 10:10:51 +01:00
Naz
01f8737d39 Added /email/ route to robots.txt
closes https://github.com/TryGhost/Team/issues/952

- The `/email/` route will be a home for email only posts. We are adding the route preemptively to have the crowlers update their caches before the feature sees the light of The Internet
2021-08-10 13:45:53 +04:00
Naz
c9821a123a Swapped to American English spellings
refs 16728a3ef1
2021-08-09 13:35:01 +04:00
Naz
06a6dcb2d1 Added an /email/ root route for email-only posts
refs https://github.com/TryGhost/Team/issues/948

- The  frontend route `/email/:uuid` is aliased to the preview as a temporary solution. It fulfills the premise of the email-only post anyway - not being accessible publicly and only shared through email.
- The tests for the new route are missing as adding them was way more problematic than I envisoned. They are in the works and will be added as a follow up commit next.
2021-08-06 18:10:19 +04:00
Naz
db9e3a01ab Fixed invalid variable naming
refs ccab6117b4

- The change was meant to go with refed commit but was missed
2021-08-06 13:21:28 +04:00
Naz
ccab6117b4 Removed i18n dependency from psots service
refs https://github.com/TryGhost/Team/issues/949

- Use of i18n module is deprecated in favour of `tpl`/'messages` pattern
2021-08-06 12:21:23 +04:00
Naz
3c822e0457 Added ability to send newsletter and not publish the post
refs https://github.com/TryGhost/Team/issues/949

- When post is marked as "email-only" we can send it out to the selected audience when publishing without making the post publicly available
- The feature is available for experimentation behind "email only" alpha flag available in labs
2021-08-06 11:57:54 +04:00
Naz
a7503b9c0f Refactored posts service instantiation logic
refs https://github.com/TryGhost/Team/issues/949

- Initializing PostsService with almost identical parameters is burdensome, having a single factory method in create instances is far more maintainable
2021-08-06 11:57:54 +04:00
Naz
3a7bc1349d Reformatted big if statement
refs https://github.com/TryGhost/Team/issues/949

- It's relly hard to grasp what's going on in ifs with multiple conditions that are written down in a signle, gazzilion-line format. Having a nice column as way more readable
2021-08-06 11:57:54 +04:00
Naz
bd8a45d094 Extracted post edit logic to posts service
refs https://github.com/TryGhost/Team/issues/949

- The post model handling related to newsletter sending and email recipient filter logic were duplicating across v3/v4(canary) APIs and it made sense to extract it into a posts service.
- This will allow for a central place to handle about to land logic for email_only newsletter handling.
2021-08-05 15:18:29 +04:00
Naz
15073bad29 Extracted post/page cache invalidation logic to service
refs https://github.com/TryGhost/Team/issues/949

- The code is exactly the same in six (!) places. It's beyond unmaintainable to add another line to any of these place, which will be needed for `email_only` handling.
- The newly created posts service is a temporary, slightly better solution that complies with codebase's best practice of extracting new services using class with DI pattern
2021-08-05 14:51:47 +04:00
Naz
accf0c645a Refactored Pages API v3/canary controllers
refs https://github.com/TryGhost/Team/issues/949
refs e64274bb45

- This refactor is needed to bring the code in line with the rest of pages API controllers
- Next step will extract shared code patterns into a separate module
2021-08-05 14:42:16 +04:00
Naz
87ad210624 Refactored Pages API v2 controller
refs https://github.com/TryGhost/Team/issues/949
refs e64274bb45

- This refactor is needed to bring the code in line with the rest of pages API controllers
- Next step will extract shared code patterns into a separate module
2021-08-05 14:21:05 +04:00
Naz
ec19b01088 Fixed missing semicolon after the refactor
refs https://github.com/TryGhost/Team/issues/949

-  See previous commit
2021-08-05 14:14:58 +04:00
Naz
e64274bb45 Refactored Posts API v2 controller
refs https://github.com/TryGhost/Team/issues/949

- This refactor is needed to bring the code in line with the rest of post API controllers
- Next step will extract shared code patterns into a separate module
2021-08-05 14:13:02 +04:00
Naz
8b5d0f559d Added clarifying comment to the email_only mapping
https://github.com/TryGhost/Team/issues/893

- The assignment is not that obvious and might be confusing without wider context, which is why it warrants to have a clarifying comment. This became apparent during code review
2021-08-05 19:44:35 +12:00
Naz
838e94e535 Added email_only property in Posts Admin API v4
https://github.com/TryGhost/Team/issues/893

- The property is only added to Admin API v4 and is invisible in all Content APIs as well as v2/v3 Posts APIs
2021-08-05 19:44:35 +12:00
Naz
755a3a320e Added email_only column to posts_meta table
closes https://github.com/TryGhost/Team/issues/893

- We need a place to store email-only flag and posts_meta is the best place for it
2021-08-05 19:44:35 +12:00
Fabien 'egg' O'Carroll
424f621414
Moved NQL relations and expansions into the models (#13204)
refs https://github.com/TryGhost/framework/pull/19

The @tryghost/bookshelf-filter plugin no longer bundles hardcoded
relations and expansion definitions, instead leaving it up to the
library consumer to implement.

This PR adds the preexisting relations and expansions to the relevant
models, in order to preserve our existing filtering functionality.
2021-08-04 15:30:53 +01:00
Kevin Ansfield
482a93ac7a Added dashboardTwo to allowed labs flags
no issue

- flag for Admin to switch to a more comprehensive dashboard
- may be used in Ghost for changes to stats endpoints
2021-08-04 11:09:13 +01:00
Sanne de Vries
2be601d25e Fixed hr element and button overlapping in cta card in email template 2021-08-03 18:43:29 +02:00
Daniel Lockyer
5cce9818eb v4.11.0
-----BEGIN PGP SIGNATURE-----
 
 iHUEABYIAB0WIQTqYa7kNs8D7Oo9dgLSEYbwtHKVrQUCYQk0mQAKCRDSEYbwtHKV
 raAxAQCWNrrS6ixKZlzFkjv8opyMQ1b0HV25NBjg8rAkD8YRVQEAsvUM2Vu/G0+Y
 mbb7qeWAzK1L8tNP686Khc84TbeSBQY=
 =NBs1
 -----END PGP SIGNATURE-----
gpgsig -----BEGIN PGP SIGNATURE-----
 
 iHUEABYIAB0WIQTqYa7kNs8D7Oo9dgLSEYbwtHKVrQUCYQk1CAAKCRDSEYbwtHKV
 rcPcAP9eW3OIVa5eO05BTVt7Dgi6sqLkry7AKU1KA6yWANJS4wEAi+EygDpPjxXu
 HTIkCXAJRV8VAKPHbO6ESUcqtMTEOAc=
 =PoHi
 -----END PGP SIGNATURE-----

Merged v4.11.0 into main

v4.11.0
2021-08-03 13:22:26 +01:00
Daniel Lockyer
e32ad5ea6d
Updated Admin to v4.11.0 2021-08-03 13:20:40 +01:00
Naz
7471c98df2 Updated email sending error copy
refs https://github.com/TryGhost/Team/issues/912
2021-08-03 10:13:14 +04:00
Naz
5868fff1b9 Added emailOnlyPosts alpha labs flag
refs https://github.com/TryGhost/Team/issues/902

- The flag will be controlling upcoming feature with the same name enabling exactly how it reads - ability to create posts available through the newsletter only
2021-08-02 13:11:07 +04:00
Rishabh
12f5e03f61 Handled member session API response in Portal
refs 24b2a82461

Updates Portal to handle updated 204 response for member session API in case of logged out member
2021-07-30 10:57:24 +05:30
Rishabh
24b2a82461 Updated session API status code for logged out member
refs https://github.com/TryGhost/Team/issues/560
refs 69b773d112

The endpoint `/members/api/session/` is used by Portal for fetching member session while setting up and redirecting to Stripe Checkout flow. The status code returned by API for logged out member is changed from 4xx Unauthorized to 204 No Content, which is consistent with the status code returned while fetching member data when logged out. This API is made just before initiating the checkout session, and is not noticable in most cases due to redirect to Stripe Checkout and got missed.
2021-07-30 10:34:51 +05:30
Kevin Ansfield
10b7b31e6b Adjusted .btn-accent colors in emails for a white background
refs https://github.com/TryGhost/Team/issues/928

- applied same darkening of accent color in emails as we use in editor when there's insufficient contrast of accent color against a white background
2021-07-29 15:39:04 +01:00
Kevin Ansfield
eb92610df2 Added accent color button styles to labs email template
refs https://github.com/TryGhost/Team/issues/928

- duplicated email template so email-cta changes can go into the labs version
- added `accentContrastColor` to template settings for using white/black depending on the accent color
- added `.gh-btn-accent` styles to the email template (email-cta card already uses those for the button)
2021-07-29 15:25:09 +01:00
Naz
5fd1ed5bcb Added an escalation email when import triggers a limit
refs https://github.com/TryGhost/Team/issues/912

- When the improt acceedes the threshold for the first time we need a way to notify configured escalationAddress to verify the instance owner's email address.
2021-07-29 20:30:30 +12:00
Naz
fa33235fd9 Moved email verification logic into separate method
refs https://github.com/TryGhost/Team/issues/912

- The processImport method was becoming to big and unreadable
- Having small methods is easier to extract if needed later
2021-07-29 20:30:30 +12:00
Naz
93e8814589 Moved sending email error into MEGA
closes https://github.com/TryGhost/Team/issues/913

- Having a limit service rule triggered was a temporary hack to get a basic email blocking version working
- As the freeze value is now persisted in the DB it's possible to read and rely on it to throw an error straight from MEGA.
2021-07-29 20:30:30 +12:00
Naz
086840873e Moved verified email check closer to freeze logic
refs https://github.com/TryGhost/Team/issues/912

- Previous logic was a bit misleading because it prevented from reading the real threshold configured with an instance once the verified flag was present in the config.
- The reshuffle made here allows to check the freeze logic based on the threshold and then process the returned result accordingly instead of having hidden logic behind "importThreshold" config value
2021-07-29 20:30:30 +12:00
Naz
8bc4d00fe6 Added email unfreeze for verified email config
refs https://github.com/TryGhost/Team/issues/912

- When instance has "verified" email configuration it should remove email freeze and disallow future feezes
2021-07-29 20:30:30 +12:00
Naz
06788f0b6a Persisted email freeze in settings table
refs https://github.com/TryGhost/Team/issues/912

- The email freeze state has to be stored somewhere to make it through the instance restart and settings table is the best place for it.
2021-07-29 20:30:30 +12:00
Naz
2fbc1af165 Added email disabling flag to settings records
refs https://github.com/TryGhost/Team/issues/912

- We need a place to persist the email freeze state between instance restarts - settings table record is the best place for it
2021-07-29 20:30:30 +12:00
Thibaut Patel
ba4f8cc857 Added OAuth user data
issue https://github.com/TryGhost/Team/issues/614

- This allows keeping each user oauth data, to compare on future logins
2021-07-27 17:56:07 +02:00
Kevin Ansfield
dfca0abc93 Added support for segmented email content in previews and test emails
refs https://github.com/TryGhost/Team/issues/927

- the `email-cta` card can be segmented so only free or paid members can see the content, it should be possible for authors to preview what that will look like in either case
2021-07-27 16:31:41 +01:00
Naz
633d4f4771 Fixed typo 2021-07-27 14:07:57 +04:00
Naz
1a64af103a Fixed MemberCSVImporter initialization
refs https://github.com/TryGhost/Team/issues/912

- The membersApi variable can be in uninitialized state. It should be accessed through membersService getter to make sure it's always correctly referenced
2021-07-27 13:09:04 +04:00
Naz
8fbbd524df Swapped to American English spellings
refs 16728a3ef1
2021-07-27 12:15:19 +04:00
Daniel Lockyer
04b5a1c6c5 v4.10.2
-----BEGIN PGP SIGNATURE-----
 
 iHUEABYIAB0WIQTqYa7kNs8D7Oo9dgLSEYbwtHKVrQUCYP6iagAKCRDSEYbwtHKV
 rR/dAPsGjY89fheicUdZfWbVUGunIQAKCYWj4sNMR5ZJbFQ8IAD8Dbx5XLR1IYmX
 7uzjx7ayuHt+o9jJkaRFGpETIRln4w0=
 =JY+u
 -----END PGP SIGNATURE-----
gpgsig -----BEGIN PGP SIGNATURE-----
 
 iHUEABYIAB0WIQTqYa7kNs8D7Oo9dgLSEYbwtHKVrQUCYP6kDQAKCRDSEYbwtHKV
 rVJ1AQCDiGWEJNVItQbPoAURACUtQPtg8GH1O62We+LUNdKQ5gEA2+snzZAi9fag
 60k5eyYxcB4JOwSVLIS19FcybgnhuAg=
 =1a74
 -----END PGP SIGNATURE-----

Merged v4.10.2 into main

v4.10.2
2021-07-26 13:01:12 +01:00
Daniel Lockyer
469a2f32ad
Updated Admin to v4.10.2 2021-07-26 12:54:17 +01:00
Kevin Ansfield
8d5e7ed695
🐛 Fixed unsubscribed members receiving email when a post is sent to all members (#13181)
refs https://github.com/TryGhost/Team/issues/935

The problem was incorrect operator precedence when multiple statements existed in the filter original filter when we transform it to enforce `subscribed:true` before sending.

- free only - subscribed:true+status:free - no issue
- paid only - subscribed:true+status:-free - no issue
- all - subscribed:true+status:-free,status:free - the ,status:free part is treated as a separate OR statement meaning the subscribed:true is not applied to it and free members that are unsubscribed will receive the email

- extracted the filter transform into a separate function so it can be unit tested
- updated the transform to use `()` for operator precedence, eg: `subscribed:true+(status:-free,status:free)`
- used transform function in `addEmail()` and `getEmailMemberRows()`
- fixed `sent/send` typo in error message
2021-07-26 12:47:03 +01:00
Naz
ac3602cced Fixed empty response when import triggers a job
refs d60d348c88

- When the import triggers a background job the meta response should contain no data otherwise the client can mistake it for completed import
2021-07-23 21:14:06 +04:00
Naz
d60d348c88 Fixed error when hostLimits are undefined
refs a7dd7bb64b

- The error was introduced in the refed commit. Object.assign method only works when the first parameter is an object otherwise it fails.
2021-07-23 20:46:52 +04:00
Naz
a7dd7bb64b Added email verification limit check
refs https://github.com/TryGhost/Team/issues/912

- When the import threshold is reached we want to trigger an "email" limit. See details in the refed issue
2021-07-23 20:37:29 +04:00
Naz
ec8b49ea42 Moved member importer declaration for readability
refs https://github.com/TryGhost/Team/issues/912

- Exposing a single method out of the service makes the API surface smaller - more readable.
- Additionlally having a wrapping method in service will be helpful for other triggers that are going to be executed in later iterations
2021-07-23 16:58:46 +04:00
Daniel Lockyer
dcca28a45b v4.10.1
-----BEGIN PGP SIGNATURE-----
 
 iHUEABYIAB0WIQTqYa7kNs8D7Oo9dgLSEYbwtHKVrQUCYPmn5QAKCRDSEYbwtHKV
 rZ7GAP44uQbWr4HFW7cAdEBG3YRDA5EC7S0uy2fdizzxuvPr2AEAqpU51eOpUPgm
 SY43m3su6G2QUoMMUJEt6HJ0xzH4FQU=
 =Qvoa
 -----END PGP SIGNATURE-----
gpgsig -----BEGIN PGP SIGNATURE-----
 
 iHUEABYIAB0WIQTqYa7kNs8D7Oo9dgLSEYbwtHKVrQUCYPmoNQAKCRDSEYbwtHKV
 rY8SAQDDoVnCn5KBFk7F4pMBEsH9CV5olF1URJf5wShFdVZrpwD/bNOf/kN/xn1R
 X2SMUaG4uZav969eRRU36h3Ky64Hdw4=
 =2WgO
 -----END PGP SIGNATURE-----

Merged v4.10.1 into main

v4.10.1
2021-07-22 18:17:34 +01:00
Daniel Lockyer
51ae9f1900
Updated Ghost-Admin to v4.10.1 2021-07-22 18:16:20 +01:00
Rishabh
a110cdd34a Added membersFiltering alpha labs flag
closes https://github.com/TryGhost/Team/issues/925

- used by Admin for working on members filtering features
2021-07-21 21:16:15 +05:30
Naz
57c4afdea2 Integrated @tryghost/members-importer
closes https://github.com/TryGhost/Team/issues/916

- The members importer module was extracted into an ouside module as per project structuring standards
2021-07-21 19:34:30 +04:00
Fabien O'Carroll
49f48c0f09 Made a single request for products in theme middleware
refs https://github.com/TryGhost/Team/issues/907

The logic to populate the `@price` data and the `@products` data both
rely on the same product data, but were each making their own request to
the API. This refactor removes the request from the legacy `@price`
data, which should cut the database queries in half.
2021-07-21 12:50:21 +01:00
Fabien O'Carroll
f900b4ee78 Moved theme middleware after static middleware
refs https://github.com/TryGhost/Team/issues/907

The theme middleware makes several calls to the content api in order to
populate global theme data for use in templates. By adding this
middleware after the static theme files, we remove redundant calls.
2021-07-21 11:25:02 +01:00
Naz
170617feb3 Fixed this context for methods passed into importer
refs https://github.com/TryGhost/Team/issues/916

- Without `.bind`, `this` context was lost when used inside of the CSVImporter calss
2021-07-21 21:00:16 +12:00
Naz
25dcfde368 Refactored ghostMailer parameter
refs https://github.com/TryGhost/Team/issues/916

-  The constructor API should have as small of a surface as possible, there's no need to pass around whole ghostMailer instance
2021-07-21 21:00:16 +12:00
Naz
83c75a3fb4 Refactored settingsCache parameter
refs https://github.com/TryGhost/Team/issues/916

-  The constructor API should have as small of a surface as possible, there's no need to pass around whole settingsCache instance
2021-07-21 21:00:16 +12:00
Naz
19c5c0b05a Refactored storagePath parameter
refs https://github.com/TryGhost/Team/issues/916

-  The refactor was done follow the DI Constructor pattern with single options Object parameter
- It didn't make sense to have a "config" object inside of options object containing just one property
2021-07-21 21:00:16 +12:00
Naz
2472695535 Refactored constructure signature to be a n object
refs https://github.com/TryGhost/Team/issues/916

-  The refactor was done follow the DI Constructor pattern with single options Object parameter
2021-07-21 21:00:16 +12:00
Naz
da3620ca8e Refactored url-uitls out of MembersCSVImporter
refs https://github.com/TryGhost/Team/issues/916

-  The refactor was done follow the DI Constructor pattern and prepare module for extraction
2021-07-21 21:00:16 +12:00
Naz
66a6a522e0 Refactored db dependency out of MembersCSVImporter
refs https://github.com/TryGhost/Team/issues/916

-  The refactor was done follow the DI Constructor pattern and prepare module for extraction
2021-07-21 21:00:16 +12:00
Naz
b96a8f4f6b Refactored jobs service out of MembersCSVImporter
refs https://github.com/TryGhost/Team/issues/916

-  The refactor was done follow the DI Constructor pattern and prepare module for extraction
2021-07-21 21:00:16 +12:00
Thibaut Patel
489e470d7b Added a feature flag to the oauth login feature
issue https://github.com/TryGhost/Team/issues/614

- The feature flag was called `oauthLogin` instead of simply `oauth` to avoid clashes in the frontend `feature` service as it is merging the config and labs properties.
2021-07-20 23:16:49 +02:00
Naz
1eef1e9781 Refactored labs dependency out of MembersCSVImporter
refs https://github.com/TryGhost/Team/issues/916

-  The refactor was done follow the DI Constructor pattern and prepare module for extraction
2021-07-20 18:42:57 +04:00
Naz
c7edf256f6 Refactored Ghost mailer dependency out of MembersCSVImporter
refs https://github.com/TryGhost/Team/issues/916

-  The refactor was done follow the DI Constructor pattern and prepare module for extraction
2021-07-20 18:42:26 +04:00
Naz
a2fc3dde7d Removed dead code - batch-import module
refs https://github.com/TryGhost/Team/issues/916

- While investigating members importer related codebase this legacy module was spotted. It's not used anywhere and doesn't serve any particular purpose.
2021-07-20 17:44:25 +04:00
Naz
ce1711735f Swapped to American English spellings
refs 16728a3ef1

- Same reason as in refed commit, ltdc:
 - Traditionally all of Ghost's public-facing text was written in British English
 - We're changing that to US English because that's more common
 - US English should also be used in code e.g. properties are called color not colour
2021-07-20 17:27:24 +04:00
Fabien 'egg' O'Carroll
fc754c980f
Added missing comment to members .well-known mount
refs https://github.com/TryGhost/Team/issues/664

This was missed as part of PR review, as it is a non-standard mount location a comment
should be included to help our future selves!

PR: https://github.com/TryGhost/Ghost/pull/13163#discussion_r673066080
2021-07-20 13:58:29 +01:00
Daniel Lockyer
3ea9a6dff1
Updated Ghost-Admin to v4.10.0 2021-07-20 13:45:53 +01:00
Fabien O'Carroll
1962591c2e 🔒 Fixed permissible method for Integration Model
refs https://github.com/TryGhost/Ghost/security/advisories/GHSA-j5c2-hm46-wp5c

The permissible method of models overrides all permission logic, which
means we must manually check the user & api key permissions before
continuing.
2021-07-20 13:43:29 +01:00