Commit Graph

385 Commits

Author SHA1 Message Date
Katharina Irrgang
5210271474 🐛 import subscribers (#7834)
closes #7748

- logic for import of subscribers was just missing
2017-01-10 19:38:20 +00:00
Marc Bachmann
353330bb8a chore(package): update uuid to version 3.0.0 (#7742) 2017-01-04 17:10:29 +01:00
Katharina Irrgang
7eb316b786 replace auto increment id's by object id (#7495)
* 🛠  bookshelf tarball, bson-objectid

* 🎨  schema changes

- change increment type to string
- add a default fallback for string length 191 (to avoid adding this logic to every single column which uses an ID)
- remove uuid, because ID now represents a global resource identifier
- keep uuid for post, because we are using this as preview id
- keep uuid for clients for now - we are using this param for Ghost-Auth

*   base model: generate ObjectId on creating event

- each new resource get's a auto generate ObjectId
- this logic won't work for attached models, this commit comes later

* 🎨  centralised attach method

When attaching models there are two things important two know

1. To be able to attach an ObjectId, we need to register the `onCreating` event the fetched model!This is caused by the Bookshelf design in general. On this target model we are attaching the new model.
2. We need to manually fetch the target model, because Bookshelf has a weird behaviour (which is known as a bug, see see https://github.com/tgriesser/bookshelf/issues/629). The most important property when attaching a model is `parentFk`, which is the foreign key. This can be null when fetching the model with the option `withRelated`. To ensure quality and consistency, the custom attach wrapper always fetches the target model manual. By fetching the target model (again) is a little performance decrease, but it also has advantages: we can register the event, and directly unregister the event again. So very clean code.

Important: please only use the custom attach wrapper in the future.

* 🎨  token model had overriden the onCreating function because of the created_at field

- we need to ensure that the base onCreating hook get's triggered for ALL models
- if not, they don't get an ObjectId assigned
- in this case: be smart and check if the target model has a created_at field

* 🎨  we don't have a uuid field anymore, remove the usages

- no default uuid creation in models
- i am pretty sure we have some more definitions in our tests (for example in the export json files), but that is too much work to delete them all

* 🎨  do not parse ID to Number

- we had various occurances of parsing all ID's to numbers
- we don't need this behaviour anymore
- ID is string
- i will adapt the ID validation in the next commit

* 🎨  change ID regex for validation

- we only allow: ID as ObjectId, ID as 1 and ID as me
- we need to keep ID 1, because our whole software relies on ID 1 (permissions etc)

* 🎨  owner fixture

- roles: [4] does not work anymore
- 4 means -> static id 4
- this worked in an auto increment system (not even in a system with distributed writes)
- with ObjectId we generate each ID automatically (for static and dynamic resources)
- it is possible to define all id's for static resources still, but that means we need to know which ID is already used and for consistency we have to define ObjectId's for these static resources
- so no static id's anymore, except of: id 1 for owner and id 0 for external usage (because this is required from our permission system)
- NOTE: please read through the comment in the user model


* 🎨  tests: DataGenerator and test utils

First of all: we need to ensure using ObjectId's in the tests. When don't, we can't ensure that ObjectId's work properly.
This commit brings lot's of dynamic into all the static defined id's.
In one of the next commits, i will adapt all the tests.

* 🚨  remove counter in Notification API

- no need to add a counter
- we simply generate ObjectId's (they are auto incremental as well)
- our id validator does only allow ObjectId as id,1 and me

* 🎨  extend contextUser in Base Model

- remove isNumber check, because id's are no longer numbers, except of id 0/1
- use existing isExternalUser
- support id 0/1 as string or number

*   Ghost Owner has id 1

- ensure we define this id in the fixtures.json
- doesn't matter if number or string

* 🎨  functional tests adaptions

- use dynamic id's

* 🎨  fix unit tests

* 🎨  integration tests adaptions

* 🎨  change importer utils

- all our export examples (test/fixtures/exports) contain id's as numbers
- fact: but we ignore them anyway when inserting into the database, see https://github.com/TryGhost/Ghost/blob/master/core/server/data/import/utils.js#L249
- in 0e6ed957cd (diff-70f514a06347c048648be464819503c4L67) i removed parsing id's to integers
- i realised that this ^ check just existed, because the userIdToMap was an object key and object keys are always strings!
- i think this logic is a little bit complicated, but i don't want to refactor this now
- this commit ensures when trying to find the user, the id comparison works again
- i've added more documentation to understand this logic ;)
- plus i renamed an attribute to improve readability

* 🎨  Data-Generator: add more defaults to createUser

- if i use the function DataGenerator.forKnex.createUser i would like to get a full set of defaults

* 🎨  test utils: change/extend function set for functional tests

- functional tests work a bit different
- they boot Ghost and seed the database
- some functional tests have mis-used the test setup
- the test setup needs two sections: integration/unit and functional tests
- any functional test is allowed to either add more data or change data in the existing Ghost db
- but what it should not do is: add test fixtures like roles or users from our DataGenerator and cross fingers it will work
- this commit adds a clean method for functional tests to add extra users

* 🎨  functional tests adaptions

- use last commit to insert users for functional tests clean
- tidy up usage of testUtils.setup or testUtils.doAuth

* 🐛  test utils: reset database before init

- ensure we don't have any left data from other tests in the database when starting ghost

* 🐛  fix test (unrelated to this PR)

- fixes a random failure
- return statement was missing

* 🎨  make changes for invites
2016-11-17 09:09:11 +00:00
Katharina Irrgang
0f855c538e 🎨 invites roles table into a field on the invites table (#7705)
* 🎨  schema change

- simply role_id attribute

* 🎨  update invite model

- remove all methods we don't need
- ensure we remove the relation from the model
- ensure we do not allow to call withRelated

* 🎨  adapt api changes

* 🎨  adapt auth module

* 🎨  adapt tests

* 🎨  better error handling

* schema update
2016-11-16 09:33:44 +00:00
Katharina Irrgang
b48031fa0e 🎨 unique constraint for permission and role name (#7674)
refs #7494,  refs #7495 

I saw tests adding permissions and roles twice. (see screenshots)
That happened because the setup in the test was mis-used and there is no restriction for static resources to create duplicates.
With this PR i suggest to make name unique.
2016-11-09 15:02:49 +00:00
Katharina Irrgang
0a744c2781 🎨 public client registration updates (#7690)
* 🎨  use updateClient function to update redirectUri

refs #7654

* 🎨  name instead of clientName
* 🎨  config.get('theme:title') for client name

- initial read can happen from config

*   register public client: client name and description

- no update yet
- for initial client creation
- we forward title/description to Ghost Auth
- TODO: use settings-cache when merged

*   store blog_uri in db
* 🎨  passport logic changes

- use updateClient instead of changeCallbackURL
- be able to update: blog title, blog description, redirectUri and blogUri
- remove retries, they get implemented in passport-ghost soon
- reorder logic a bit

* 🛠  passport-ghost 1.2.0

* 🎨  tests: extend DataGenerator createClient

- set some defaults

* 🎨  tests

- extend tests
- 👻

*   run auth.init in background

- no need to block the bootstrap process
- if client can't be registered, you will see an error
- ensure Ghost-Admin renders correctly

* 🛠   passport-ghost 1.3.0

- retries

* 🎨  use client_uri in Client Schema

- adapt changes
- use blog_uri only when calling the passport-ghost instance
- Ghost uses the client_uri notation to improve readability

*   read blog title/description from settings cache

* 🚨  Ghost Auth returns email instead of email_address

- adapt Ghost
2016-11-08 14:21:25 +00:00
David Wolfe
68af2145a1 Replace memory spam prevention with brute-express (#7579)
no issue

- removes count from user checks model
- uses brute express brute with brute-knex adaptor to store persisted data on spam prevention
- implement brute force protection for password/token exchange, password resets and private blogging
2016-11-08 12:33:19 +01:00
Katharina Irrgang
bae0de6cd5 knex-migrator v2 (#7605)
* 🎨  knex-migrator reset

[ci skip]

*   add migration example

- hooks
- 1.0

[ci skip]

* 🛠  knex-migrator tarball

- remove when released

[ci skip]

* 🎨  jscs/jshint

* 🕵🏻 do not drop the database connection when running tests

- please read the comments in the commit

* 🔥  remove example migration

* 🛠  knex-migrator 0.1.0

* 🛠  knex-migrator 0.1.1

- fix a single test to ensure we catch the error

* 🛠  knex-migrator 0.1.2

* 🎨  make tests green

- added my keyword: kate-migrations
- i will go over all TODO's when removing the old migrations code

* 🛠  knex-migrator update

* 🛠  knex-migrator 0.2.0
2016-11-07 11:39:49 +00:00
Katharina Irrgang
a55fb0bafe 🎨 public config endpoint (#7631)
closes #7628

With this PR we expose a public configuration endpoint.
When /ghost is requested, we don't load and render the configurations into the template anymore. Instead, Ghost-Admin can request the public configuration endpoint.

* 🎨  make configuration endpoint public
* 🔥  remove loading configurations in admin app
- do not render them into the default html page
*   load client credentials in configuration endpoint
- this is not a security issue, because we have exposed this information anyway before (by rendering them into the requested html page)
* 🎨  extend existing configuration integration test
*   tests: add ghost-auth to data generator
*   add functional test
* 🔥  remove type/value pattern
* 🎨  do not return stringified JSON objects
2016-10-28 14:07:46 +01:00
Katharina Irrgang
8d8d7bdb26 knex migrator (#7565)
refs #7489
- remove sephiroth
- use knex migrator npm
- goodbye bootup script
- 🎨  update README
- 🎨  knex migrator @ 0.0.2
2016-10-17 13:50:29 +01:00
Hannah Wolfe
4411f8254f 🎉 🎨 Remove middleware/index.js (#7548)
closes #4172, closes #6948, refs #7491, refs #7488, refs #7542, refs #7484

* 🎨 Co-locate all admin-related code in /admin
- move all the admin related code from controllers, routes and helpers into a single location
- add error handling middleware explicitly to adminApp
- re-order blogApp middleware to ensure the shared middleware is mounted after the adminApp
- TODO: rethink the structure of /admin, this should probably be an internal app

* 💄 Group global middleware together

- There are only a few pieces of middleware which are "global"
- These are needed for the admin, blog and api
- Everything else is only needed in one or two places

*  Introduce a separate blogApp

- create a brand-new blogApp
- mount all blog/theme only middleware etc onto blogApp
- mount error handling on blogApp only

* 🎨 Separate error handling for HTML & API JSON

- split JSON and HTML error handling into separate functions
- re-introduce a way to not output the stack for certain errors
- add more tests around errors & an assertion framework for checking JSON Errors
- TODO: better 404 handling for static assets

Rationale:

The API is very different to the blog/admin panel:
 - It is intended to only ever serve JSON, never HTML responses
 - It is intended to always serve JSON

Meanwhile the blog and admin panel have no need for JSON errors,
when an error happens on those pages, we should serve HTML pages
which are nicely formatted with the error & using the correct template

* 🐛 Fix checkSSL to work for subapps

- in order to make this work on a sub app we need to use the pattern `req.originalUrl || req.url`

* 🔥 Get rid of decide-is-admin (part 1/2)

- delete decide-is-admin & tests
- add two small functions to apiApp and adminApp to set res.isAdmin
- mount checkSSL on all the apps
- TODO: deduplicate the calls to checkSSL by making blogApp a subApp :D
- PART 2/2: finish cleaning this up by removing it from where it's not needed and giving it a more specific name

Rationale:

Now that we have both an adminApp and an apiApp,
we can temporarily replace this weird path-matching middleware
with middleware that sets res.isAdmin for api & admin

* 🎨 Wire up prettyURLs on all Apps

- prettyURLs is needed for all requests
- it cannot be global because it has to live after asset middleware, and before routing
- this does not result in duplicate redirects, but does result in duplicate checks
- TODO: resolve extra middleware in stack by making blogApp a sub app

* ⏱ Add debug to API setup

* 🎨 Rename blogApp -> parentApp in middleware

* 🎨 Co-locate all blog-related code in /blog

- Move all of the blogApp code from middleware/index.js to blog/app.js
- Move routes/frontend.js to blog/routes.js
- Remove the routes/index.js and routes folder, this is empty now!
- @TODO is blog the best name for this? 🤔
- @TODO sort out the big hunk of asset-related mess
- @TODO also separate out the concept of theme from blog

* 🎉 Replace middleware index with server/app.js

- The final piece of the puzzle! 🎉 🎈 🎂
- We no longer have our horrendous middleware/index.js
- Instead, we have a set of app.js files, which all use a familiar pattern

* 💄 Error handling fixups
2016-10-13 17:24:09 +02:00
Katharina Irrgang
869a35c97d migrations: seeding is part of init db task (#7545)
* 🎨  move heart of fixtures to schema folder and change user model

- add fixtures.json to schema folder
- add fixture utils to schema folder
- keep all the logic!

--> FIXTURE.JSON
- add owner user with roles

--> USER MODEL
- add password as default
- findAll: allow querying inactive users when internal context (defaultFilters)
- findOne: do not remove values from original object!
- add: do not remove values from original object!

* 🔥  remove migrations key from default_settings.json

- this was a temporary invention for an older migration script
- sephiroth keep alls needed information in a migration collection

* 🔥   add code property to errors

- add code property to errors
- IMPORTANT: please share your opinion about that
- this is a copy paste behaviour of how node is doing that (errno, code etc.)
- so code specifies a GhostError

* 🎨  change error handling in versioning

- no need to throw specific database errors anymore (this was just a temporary solution)
- now: we are throwing real DatabaseVersionErrors
- specified by a code
- background: the versioning unit has not idea about seeding and population of the database
- it just throws what it knows --> database version does not exist or settings table does not exist

* 🎨  sephiroth optimisations

- added getPath function to get the path to init scripts and migration scripts
- migrationPath is still hardcoded (see TODO)
- tidy up database naming to transacting

*   migration init scripts are now complete

- 1. add tables
- 2. add fixtures
- 3. add default settings

* 🎨  important: make bootup script smaller!

- remove all TODO'S except of one
- no seeding logic in bootup script anymore 🕵🏻

*   sephiroth: allow params for init command

- param: skip (do not run this script)
- param: only (only run this script)
- very simple way

* 🎨  adapt tests and test env

- do not use migrate.populate anymore
- use sephiroth instead
- jscs/jshint

* 🎨  fix User model status checks
2016-10-12 16:18:57 +01:00
Katharina Irrgang
9fad7f1d69 use migration runner for init db (#7502)
refs #7489

* 🎨  protect error when creating owner
* 🎨  reset migration table
- temporary solution, see TODO's
* 🎨  use sephiroth in bootUp script
- do not populate the database
- ask sephiroth for database state
- do seeding manually (this will be removed in next seeding PR)
* 🎨  rewrite createTableIfNotExists because it causes error when running twice
- see knex issue
- hasTable and createTable
- indexes can cause trouble when calling them twice
* 🎨  tests: populate db in test env
- when forking db
- when starting ghost()
- this basically affects only the functional tests
* 🎨  server spec test adaption
- we now throw an error when database is not populated, instead of populating the database
* 🎨   migration spec adaption
- reset database now deletes migration table
- we will move the reset script into sephiroth and then we make it pretty
* 🎨  error creation adaption in bootUp
* 🎨  fixes
- sephiroth error handling
- fix tests
2016-10-11 13:37:11 +01:00
Katharina Irrgang
c8691a85c5 🐛 tests: fix fork config (#7508)
closes #7506
2016-10-06 20:40:01 +01:00
Katharina Irrgang
e2e83a0f7b Migration: New database versioning (#7499)
refs #7489

- new database versioning scheme which is based upon the Ghost version, and so easier to reason about
- massive refactor of all the version related code 

Summary of changes:

*   new error: DatabaseNotSeeded
* 🎨  change versioning module
  - versioning is based on Ghost Version
* 🎨  change bootUp file
  - add big picture description
  - version error get's trigger from versioning module
* 🎨  default setting for database version is null
  - very important change: this is caused by the big picture
  - see bootUp description
  - the database version get's set by the seed script later
  - db version is by default null
  - 1. population happens (we ensure that this has finished, by checking if each table exists)   
  - 2. seeds happening (we ensure that seeds happend if database version is set to X.X)
* 🎨  temporary change for population logic
  - set database version after population happens
  - ensure population of default settings happend before
  - both: get's removed in next iteration
* 🎨  adapt tests && mark TODO's
* 🎨  err instance checking
2016-10-06 14:50:55 +01:00
Katharina Irrgang
1882278b5b 🎨 configurable logging with bunyan (#7431)
- 🛠  add bunyan and prettyjson, remove morgan

-   add logging module
  - GhostLogger class that handles setup of bunyan
  - PrettyStream for stdout

-   config for logging
  - @TODO: testing level fatal?

-   log each request via GhostLogger (express middleware)
  - @TODO: add errors to output

- 🔥  remove errors.updateActiveTheme
  - we can read the value from config

- 🔥  remove 15 helper functions in core/server/errors/index.js
  - all these functions get replaced by modules:
    1. logging
    2. error middleware handling for html/json
    3. error creation (which will be part of PR #7477)

-   add express error handler for html/json
  - one true error handler for express responses
  - contains still some TODO's, but they are not high priority for first implementation/integration
  - this middleware only takes responsibility of either rendering html responses or return json error responses

- 🎨  use new express error handler in middleware/index
  - 404 and 500 handling

- 🎨  return error instead of error message in permissions/index.js
  - the rule for error handling should be: if you call a unit, this unit should return a custom Ghost error

- 🎨  wrap serve static module
  - rule: if you call a module/unit, you should always wrap this error
  - it's always the same rule
  - so the caller never has to worry about what comes back
  - it's always a clear error instance
  - in this case: we return our notfounderror if serve static does not find the resource
  - this avoid having checks everywhere

- 🎨  replace usages of errors/index.js functions and adapt tests
  - use logging.error, logging.warn
  - make tests green
  - remove some usages of logging and throwing api errors -> because when a request is involved, logging happens automatically

- 🐛  return errorDetails to Ghost-Admin
  - errorDetails is used for Theme error handling

- 🎨  use 500er error for theme is missing error in theme-handler

- 🎨  extend file rotation to 1w
2016-10-04 16:33:43 +01:00
Hannah Wolfe
e40290af5d 🎨 Use GhostAuth name and example emails (#7475)
refs #7452

- remove references to 'patronus' in favour of GhostAuth, Note: this will require databases to be deleted ;)
- remove email addresses from test data
2016-10-03 15:11:43 +01:00
Katharina Irrgang
1867e1a75e 🎨 run database population in transaction (#7448)
* 🎨  run database population in transaction

refs #6574, refs #7432

- create transaction for creating tables
- if an error occurs or a container get's destroyed before population finishes, transaction is rolled back

* 🎨  simplify transaction creation and test
2016-09-30 14:05:17 +01:00
Katharina Irrgang
6473c9e858 Ghost OAuth (#7451)
issue #7452

Remote oauth2 authentication with Ghost.org.

This PR supports:

- oauth2 login or local login
- authentication on blog setup
- authentication on invite
- normal authentication
- does not contain many, many tests, but we'll improve in the next alpha weeks
2016-09-30 12:45:59 +01:00
kirrg001
b79a18ca8f 🎨 Separate invites from user
refs #7420
- remove invite logic from user
- add invite model and adapt affected logic for inviting team members
2016-09-26 11:08:43 +02:00
kirrg001
8115d83782 🔥 remove postgres support
refs #1333, refs #5878, refs #5321
2016-09-20 15:59:34 +01:00
kirrg001
66dbd5f5f2 🚨 adapt fork logic
refs #6982
- write json file instead of js file
- simplifiy how we pass config for a forked child process

[ci skip]
2016-09-20 15:59:34 +01:00
kirrg001
b158a3a944 🚨 change logic for test/utils/configUtils
refs #6982
- adaption because of using nconf
- change tests which changed config directly

[ci skip]
2016-09-20 15:59:34 +01:00
kirrg001
bdad235f6a 🚨 improve error handling in test env
no issue
[ci skip]
2016-09-20 15:59:34 +01:00
kirrg001
0ae0a0b490 🎨 change how we get and set config
refs #6982
- a replace for all config usages
- always use config.get or config.set
- this a pure replacement, no logic has changed

[ci skip]
2016-09-20 15:59:34 +01:00
Katharina Irrgang
5acc2a9c30 🚨 increase ping tries when forking process (#7377)
no issue
2016-09-14 14:09:47 +01:00
Katharina Irrgang
a91e54cf1a feature: theme upload/download/delete (#7209)
refs #7204

- added 3 new themes permissions
- change core/client
- add theme upload/download logic
- extended local file storage to serve zips
- added gscan dependency
- add ability to handle the express response within the api layer
- restrict theme upload to local file storage
- added 007 migration
2016-08-23 13:07:25 +01:00
Katharina Irrgang
356d6ea031 fix: error handling when login via test env (#7228)
no issue
- add error protection for login via test env
- extend route test: users_spec to get login with a different user working
2016-08-19 12:02:07 +01:00
Katharina Irrgang
fb50e316d4 Revert "fix: error handling when login via test env" (#7227) 2016-08-19 09:45:55 +02:00
Katharina Irrgang
16b13c7134 fix: error handling when login via test env (#7214)
no issue

- When you choose a non existent user (email+pwd) for login via the test env, no error was shown.
2016-08-19 07:32:45 +01:00
Katharina Irrgang
97e955a55e fix: choose user when login from test env (#7213)
no issue

- pass userIndex when do testUtils.auth
2016-08-19 07:32:01 +01:00
Katharina Irrgang
663b410fd4 feature: upload validation middleware (#7208)
no issue

- Source out validation logic into a upload validation middleware for all upload types (csv, image, subscribers). This unit can be later used for Ghost 1.0 as a pre validation core unit. 
- More usage of route tests than controller tests. These are use case tests, a use case only changes if the product changes
2016-08-18 20:25:51 +01:00
Katharina Irrgang
748c664b78 feature: maintenance mode (#7019)
closes #6976
- add maintenance mode when running migrations
- refactor update/populate migrations
2016-07-15 17:22:41 +01:00
Hannah Wolfe
71282a241e Various post-repo-split cleanup (#6910)
no issue

- remove bower from dependencies, greenkeeper ignores & .editorconfig
- remove old custom jscs rule for ember
2016-07-12 11:55:46 -06:00
“kirrg001”
1421c92ba5 post-scheduling
refs #6413
- PUT endpoint to publish a post/page for the scheduler
- fn endpoint to get all scheduled posts (with from/to query params) for the scheduler
- hardcoded permission handling for scheduler client
- fix event bug: unscheduled
- basic structure for scheduling
- post scheduling basics
- offer easy option to change adapter
- integrate the default scheduler adapter
- update scheduled posts when blog TZ changes
- safety check before scheduler can publish a post (not allowed to publish in the future or past)
- add force flag to allow publishing in the past
- invalidate cache header for /schedules/posts/:id
2016-06-14 10:52:13 +02:00
Hannah Wolfe
584e9911c4 Merge pull request #6973 from acburdine/lodash-4
deps: lodash@4.13.1
2016-06-11 21:39:30 +01:00
Hannah Wolfe
6bcc08e874 Cleanup indentation now JSCS can see it
- this is needed to make #6925 mergable
2016-06-11 20:25:15 +01:00
Austin Burdine
44537bd15f deps: lodash@4.13.1
closes #6911
- update lodash to v4
- remove lodash.tostring override
- remove lodash from greenkeeper ignore
2016-06-11 13:13:55 -06:00
Hannah Wolfe
d341263934 Merge pull request #6961 from kirrg001/improvement/add-not-existing-module-mock-fns
improvement: add mocks helper module for test env
2016-06-10 10:18:44 +01:00
kirrg001
27d8eb5e70 improvement: add mocks helper module for test env
no issue
- add methods to mock/unmock not existent files
2016-06-10 09:23:00 +02:00
kirrg001
b057c2fc16 improvement: rename and extend test utils fixture functions
no issue
- rename insertPosts to insertPostsAndTags
- add insertPosts
- extend insertOne to choose index
2016-06-10 07:14:21 +02:00
cobbspur
0f0ca5a304 Add CSV parser for csv read utility
closes #6865

- switch csv-read to use a csv-parser for greater reliability and management of strings when importing a csv
2016-06-07 10:47:56 +01:00
kirrg001
c9fbf01521 improvement: general fixes
- add NODE_LEVEL to print errors while running tests
- try/catch while parsing translations file
- run setup/teardown as promise or callback
- some general error improvements
2016-06-01 07:07:20 +02:00
Sebastian Gierlinger
01ae7ae49f Subscribers: Model, API & CSV import/export
- subscriber model
- subscriber app updates
- subscriber end points
- import/export CSV
- added headers to export file
- added dynamic email field detection for import
- returns stats object after CSV import
- mask error message from DB
2016-05-11 10:28:10 +02:00
Katharina Irrgang
d24466a284 add events for post scheduling
refs #6413
- accept scheduled status
- add a lot of tests for all kinds of edge cases
- compare dates without ms because mysql does not store ms
2016-04-18 16:44:41 +02:00
Sebastian Gierlinger
9a674018b0 Merge pull request #6696 from ErisDS/fixture-migration-amends
Improve code for handling fixture migrations
2016-04-14 16:17:58 +02:00
Jason Williams
7559bb7b26 Fix test conflicts
Closes #6710
- Restore config to baseline before testing.
- Don't mutate fixture data.
2016-04-13 11:27:26 -05:00
Hannah Wolfe
a96a74c5a1 Improve code for handling fixture migrations
refs #6301, #4176

- always check existence of items before attempting to create them, in order to prevent duplicates
- provide stats on how many object creations are expected vs done
- split out and improve fixture utils tests (100% covers utils)
2016-04-10 19:02:22 +01:00
Jason Williams
5f8ef26eb3 Merge pull request #6654 from ErisDS/fixture-population
Improve fixture population code
2016-04-02 09:04:24 -05:00
Hannah Wolfe
d16433085f Improve fixtures & population code
refs #6301

- The order of model fixtures matters, so they should be in an array
- By splitting out the population code into a utils file, it'll be possible to use this to do updates as well
- This should make it much easier to do permissions updates in future
2016-03-31 11:48:44 +01:00
Jason Williams
0ed0a72c35 Replace internal tempfile name generator
- Drops "tempfile" module in favor of using the "tmp"
  external package.
- Drop unused "rimraf-then" package.
2016-03-29 15:19:42 -05:00
Jason Williams
9fe573a0c5 Refactor content deletion
- Simplify the `init` method in `models/index.js` so that it no longer
  returns a promise. Easier to use.
- Eliminates the `deleteAllContent` method from `models/index.js` as it
  can all be handled at the API layer in a single spot.
- Optimize `destroyAllContent` in `api/db.js`. Eliminates
  double-fetching every post from the database and converting it to
  JSON. Also only fetches ids from the database instead of the entire
  model.
- Eliminates the custom static method `destroy` in the Post model in
  favor of handling detaching tag relations in a single place (the
  `destroying` event). This also eliminates a big source of unneeded
  database round trips--needing to get post ids to feed into
  `Post.destroy()` which then re-fetches the post again.
2016-03-22 10:10:09 -05:00
Hannah Wolfe
b2659d0cbb Refactor & test fixture migrations
refs #6301

Fixtures:
- Removed all the old (and now broken) 003 fixture upgrades
- Split the 004 fixture upgrade tasks out, each into their own file
- Improved the versioning code that figured out which upgrades we should do
- Added lots of test coverage to make sure all the fixtures are still being run correctly.

Permissions fixtures:
- Changed the code that was populating permissions fixtures to be more automated & based only on what is in the permissions.json file.
- Added lots of test coverage to make sure all the permissions are still being created correctly.

Merging the two things:
- Merged the content of permissions.json and fixtures.json into fixtures.json, but using the new structure from permissions.json.
- Changed to use the new automated model & relation creation for all fixtures, not just permissions.
- The only thing that can't be auto-populated just now is the owner creation, I think that's important enough to do separately.
- There were (so far) never any permission updates, so code for updating fixtures stays the same through the merge.
- This results in two clear code paths: populate (fill out a brand new DB) and update (make any changes since the last version)

Test coverage is now 100% across both updates and populations.
2016-03-03 09:03:37 +00:00
Hannah Wolfe
ed16998461 Restructure Configuration API endpoint
refs #6421, #6525

- The configuration API endpoint was a bit of an animal:
   - It's used currently in two ways, once for general config, another for the about page.
   - These two things are different, and would require different permissions in future.
   - There was also both a browse and a read version, even though only browse was used.
   - The response from the browse was being artificially turned into many objects, when its really just one with multiple keys
- The new version treats each type of config as a different single object with several keys
- The new version therefore only has a 'read' request
- A basic read request with no key will return basic config that any client would need
- A read request with the about key returns the about config
- A read request with a different key could therefore return some other config
2016-02-19 18:49:23 +00:00
Hannah Wolfe
54979049ee Migration related test improvements
refs #6301

- Don't hardcode the model fields in utils/api -> use the schema + modify the lists
   = We can now easily see what the differences between the schema and the API result are
- Don't hardcode the default DB version in the import/export tools
   = We don't have to update this every time we update the database version
2016-02-14 13:23:45 +00:00
Hannah Wolfe
1c85650108 Move db connection out of config
refs #5047

- database connections are not configuration
2016-02-12 13:56:23 +00:00
Sebastian Gierlinger
819116465e Merge pull request #6388 from ErisDS/schema-rejig
Reorganise & Rename server/data/ folder internals
2016-02-08 11:19:40 +01:00
Jason Williams
2528ce5304 deps: supertest@1.1.0
Closes #6449
- supertest now includes a `.then()` method and as a
  result, only one of either .then or .end may be called on
  a request object.
2016-02-07 13:10:27 -06:00
Hannah Wolfe
1ad7a91f4d Reorganise & rename server/data/ folder internals
refs #6301

- In the migration folder, commands.js changed to builder.js to resolve conflict with the 'commands' inside data/utils/clients/.
- a new data/schema/ folder has been added to hold all the code related to the database schema
- data/utils/clients have been moved to data/schema/clients
- data/utils/index.js has become data/schema/commands.js
- data/schema.js has been split, the definition of the DB schema stays put, the additional checks have moved to data/schema/checks.js
- data/validation/index.js has become data/schema/versioning.js
- data/fixtures has moved to data/migration/fixtures
- data/default-settings.json has moved to data/schema/default-settings.json
2016-02-04 20:39:15 +00:00
Austin Burdine
7d304a046f refactor admin config to include explicit value types
closes #6266
- add "type" to valid keys in configuration api
- refactor ember config service to parse values based on provided type
2016-01-19 09:43:09 -06:00
Hannah Wolfe
bc97de5fe9 Unify usage of config in unit tests
no issue

- provide a single point for accessing config in unit tests
- create a single way to set and restore config
- ensure that restore deletes top level optional keys that are now undefined
- use this._config in check deprecations, otherwise the config gets cached
- solves issues with interdependent tests
2015-12-15 10:48:24 +00:00
Hannah Wolfe
770f45245c Safe post_count for Tags & Users
refs #6009, #5614

- Use the new isPublicContext method to detect whether to add extra clauses to the count
- Add count to users
2015-11-18 19:19:11 +00:00
Hannah Wolfe
1a3ae578af Add filter param for tags & users
refs #5604

- `filter` is missing from tags & users - add it in and add tests which show it works
2015-11-16 18:16:59 +00:00
Hannah Wolfe
e9035fde4e Switch frontend controller to use new filter param
refs #5943, #5091

- updated fetch-data to handle multiple api queries
- using named keys for queries so that the names of items in the result are correct (tag instead of tags etc)
- updated channel configs in frontend controller
- removed old filter code from frontend controller
- added test coverage for fetch-data and format-response
- fixes / removes tests which are broken by the refactor
2015-10-26 09:40:19 +00:00
Hannah Wolfe
afbcecc3f6 Merge pull request #5848 from sebgie/public-api-1
Public API
2015-10-22 20:39:41 +01:00
Sebastian Gierlinger
f48dfb09cf Public API
refs #4180
closes #4181
- added client and user authentication
- added authenticatePublic/authenticatePrivate as workaround for
missing permissions
- added domain validation
- added CORS header for valid clients
- merged authenticate.js and client-auth.js into auth.js
- removed middleware/api-error-handlers.js
- removed authentication middleware
- added and updated tests
2015-10-22 15:28:47 +02:00
Hannah Wolfe
b5cebb9ec6 Add filter parameter using GQL
refs #5604, refs #5463

- deps: ghost-gql@0.0.2
- adds code to wire up the filtering to a paginated query
- updated pagination plugin count query to use 'distinct' so it's more robust
- rename paginationUtils.query to addLimitAndOffset to be more explicit and make the code clearer
- add a new 'advanced browsing spec' set of tests for tracking these features as they are built out
2015-10-22 11:29:05 +01:00
vdemedes
05f44c4c64 Add readThemes() utility to get a list of themes
refs #5923
- add read-themes module to get a list of themes
- replace readDirectory() usage with readThemes(), where only themes are needed
- test read-themes
- test read-directory
- test validate-themes
- test parse-package-json
- add tempfile testing utility to generate temporary paths
2015-10-13 15:54:41 +02:00
Sebastian Gierlinger
a87715f688 Fix client.secret for new installs
closes #5872
- added random secret for new databases
- added temporary fix for existing databases
- secret is still static (`not_available`) during tests
- fixed fork mechanism to keep active environment (never change
NODE_ENV!!!)
2015-09-25 21:03:33 +02:00
Sebastian Gierlinger
f22796ff7d Add dynamic client_id/client_secret
no issue
- added ghost-admin client_id to admin
- added ghost-admin client_secret to admin
- added client.read() api endpoint
- added random generation of client_secret to migration
- removed addClientSecret method
- updated tests
2015-09-02 16:39:34 +01:00
Joe Cannatti
6938216984 Add tour field to User
closes #5171

- adds tour field to user model
- Bump Schema version
- Update tests
2015-09-02 13:39:22 +01:00
Sebastian Gierlinger
6120d0a80f Improve middleware coverage
refs #5286
- changed auth-strategies to be testable
- added tests
2015-08-21 23:46:42 +02:00
Hannah Wolfe
8d89c3e5ab Fix pagination for tags with post_count
closes #5551

- adds new test fixture generator and tests for tag pagination
- changes how post_count is added to use a select subquery rather than a join
2015-08-09 18:59:58 +01:00
cobbspur
870d6af066 Fix API query for featured posts
No Issue

- fixes bug where featured: false was not being built into query
- adds tests
2015-07-29 02:42:08 +01:00
Hannah Wolfe
1e630e6c90 Merge pull request #5578 from hwdsl2/fix-rss-protocol-relative-urls
RSS Fix: Do not convert protocol relative URLs
2015-07-22 22:28:13 +01:00
hwdsl2
14dd95faf2 RSS Fix: Do not convert protocol relative URLs
closes #5567
- Fixed an issue with protocol relative URLs in the RSS feed
- Such URLs should be kept as-is and not prefixed with baseUrl
- Added corresponding test to cover this case
2015-07-21 23:16:04 -05:00
Fabian Becker
2878b5ae00 Update lodash and cheerio
- update lodash to 3.1.0
- cheerio update uses new css-select, css-what packages (others were deprecated)

refs #5578
2015-07-21 19:59:49 +02:00
Hannah Wolfe
f6322da4c9 Use extends correctly & consistently
- extends clobbers the first argument you pass to it, so that should not be a variable that is used elsewhere, if you're also assigning the value, as it will have unintended side effects.
2015-06-25 19:56:27 +01:00
Hannah Wolfe
34b22eefa2 Use urlJoin in RSS + test coverage
refs #1833

- move RSS tests to be in rss_spec.js
- improve RSS test coverage
- fix a bug with RSS title generation for tag RSS feeds
- replace custom code in processUrls with urlJoin
2015-06-10 09:18:52 +01:00
cobbspur
261a862da1 Prevent multiple owner creation via importer
closes #4778

 - If import contains an owner that does not match original owner they are downgraded to admin
 - Change error message for locked users to more generic message to account for imported users
 - Adds duplicated user test
 - Process Roles and maps import roles to db roles
 - reduces export files in test fixtures

temp commit
2015-05-15 10:12:30 +01:00
Matt Enlow
433956c102 Add post preview via uuid (/p/:uuid)
Refs #5097

- All drafts will show a preview link (this needs real css)
- Published posts will redirect
- prev/next post helpers only activate on published posts
- Powered by ~10 pints between the two of us (@ErisDS, @novaugust)
2015-04-30 11:57:37 +01:00
Hannah Wolfe
e26e83d40a Refactor to remove author.email from API
refs #2330

- Pass through `options` to all toJSON calls on posts, tags, and users
- Use options.context.user to determine whether it's OK to return user.email
- Remove author.email handling code from frontend.js
2015-04-17 22:27:04 +01:00
Hannah Wolfe
14134fb4b0 Add media:content support to RSS
refs #2263, #4888

- Adds media:content element to Ghost Rt pSS feeds containing the post cover image if one is available
- Removes the prepending of the image to the `<description>` field
- Keeps the prepending of the image in `<content:encoded>`
2015-04-06 18:47:10 +01:00
Hannah Wolfe
79d213436e Improve RSS feed
refs #2263

- Switch content type back to text/xml
- Use content:encode for full content
- Use meta description or first 50 words of content for description
2015-04-03 19:00:00 +01:00
Sebastian Gierlinger
023a37b074 Merge pull request #4772 from ekulabuhov/4262_NextPrevPostWIP
[API] Retrieve next and previous post
2015-01-14 10:32:07 +01:00
Ivan Votti
a63d3ec350 Fix typo in disallow-object-controller 2015-01-13 22:13:26 +07:00
Eugene Kulabuhov
0e2709c42f [API] Retrieve next and previous post
closes #4262
- implementation based on #1545
- added integration test. Modified mocked posts because code requires published_at timestamps to be different.
- fixed 2 broken tests that depended on mocked posts to have "new Date()" as their timestamps
- added checks to only query db if next/previous post requested
2015-01-13 12:49:16 +00:00
Hannah Wolfe
fbdabce086 Add markdown file handler to importer
closes #4691

- adds a file handler for markdown file (.md and .markdown)
- handles titles and featured images
- gets status, date, and slug from the filename
- has a test suite
2015-01-09 20:04:56 +00:00
Jason Williams
7f753acff1 Merge pull request #4752 from ErisDS/importer-updates
Image Importer Improvements
2015-01-05 10:39:35 -06:00
Hannah Wolfe
add4c6b078 Image Importer Improvements
ref #4608, #4609, #4690

- fix errors with cleaning up files
- improve handling of base directories, and introduce a simple valid format for zips (must contain importable files or folders, and may contain up to one base directory)
- vastly improve test coverage
2015-01-02 22:54:40 +00:00
Robert Jackson
a1ed9adf92
Remove ObjectController proxying behavior.
Ember.ObjectController (and Ember.ArrayController) will be deprecated in
Ember 1.11 (and removed from core in Ember 2.0). The reasoning is
detailed in the Ember 2.0 RFC.

This PR does the following:

* Updates templates/controllers/views to explicitly reference model
  properties (instead of relying on proxying behavior).
* Clearly delineate where certain properties are being set or retrieved
  from (for example it was not clear exactly where `scratch` and
  `titleScratch` were stored).
* Remove usage of `Ember.ObjectController`.
* Add JSCS rule to prevent future PR's from adding regressions.
2015-01-01 21:51:20 -05:00
Hannah Wolfe
ba3d4b3689 Add support for importing images
closes #4608, #4609

- image handler loads in any image files & figures out where they'll get stored
- image importer has a preprocessor which replaces image paths in
  pertinent spots of post, tag and user models
- image importer stores images, keeping the path where it makes sense
- basic test for the preprocessor
2014-12-21 01:58:35 +00:00
Hannah Wolfe
3c9273ed37 Data importer improvements and fixes
refs #4605, #4479

- Removes versioning from the importer
- Fixes an issue with SQLITE errors not being thrown properly for posts
- Ensures that posts have a created_at date
- Makes sure that the API wrapper is properly handled
2014-12-18 19:50:53 +00:00
cobbspur
cd5d87ddf2 Return computed url with post object
closes #4445

- post model gets permalink format
- post model queries urlPathForPost to return computed url
- url helper modified to use post url
- urlForPost method abolished and replaced where necessary
- updated tests
2014-12-10 17:23:02 +00:00
Hannah Wolfe
4cb909542a API - no more m-2-m relation ids by default
closes #4498

- remove toJSON code which returns only IDs from objects
- don't auto-include tags & fields in post responses
- don't auto-include roles in user responses
- fix #allthethings that made assumptions about the auto-includes, or otherwise were only working because of the auto-include
2014-12-02 19:24:44 +00:00
Hannah Wolfe
cb726d57ef Adding comprehensive subdirectory route tests
closes #2230, refs #4477, #4476

- Test that subdirectories route correctly no matter how they're specified
2014-11-24 08:28:34 +00:00
Hannah Wolfe
fe659117bc Merge pull request #4155 from jgable/importDuplicates
Remove duplicate posts and tags on import
2014-11-03 15:03:44 +00:00
Jason Williams
817b8d2906 Improve handling of forked processes in tests.
Closes #4277
- Increase the wait time for forked processes to spin up.
- If we give up on waiting for a forked process, send it a
  kill signal so if it comes alive later it doesn't sit in the
  background forever.
- Fail fast if test setup fails instead of waiting for the timeout.
2014-10-31 16:00:35 +00:00
Jacob Gable
5de5cfe7a1 Remove duplicate posts and tags on import
Issue #806

- Modify sanitize to check for duplicate posts and tags
- Update posts_tags when referencing removed duplicate tags
- Return both data and problems from importData
- Add tests for duplicate posts and tags with fixtures
2014-10-27 18:20:32 -05:00
Hannah Wolfe
5199a007b5 frontend functional tests -> frontend route tests
no issue

- Some of the tests were duplicated and all of these tests are faster and easier to do with super test as we aren't testing interactions
- Introduced a new test util to toggle permalinks which allows us to test the different structures
- Using cheerio in route tests to test the HTML / XML output is well formed
2014-10-19 21:10:13 +02:00
Hannah Wolfe
e5e7488d4d Fix cache-control header for API routes
closes #4157

- adds cache-control header back to api routes
- moves cache rules object into testUtils
- adds cache-control header test to every existing API test
2014-09-25 11:06:28 +01:00
Fabian Becker
f2fcb5b62b Let Ghost serve favicon instead of using dependency
no ref
- Remove static-favicon dependency
- Refactor robots.txt middleware to also serve favicon
- Add ETag
2014-09-18 13:51:41 +02:00
Harry Wolff
469aaa398c Add jscs task to grunt file and clean up files to adhere to jscs rules.
resolves #1920

- updates all files to conform to style settings.
2014-09-17 21:44:29 -04:00
Fabian Becker
bc558cf0d2 Apply JSHint to test files.
closes #2666
- Add new jshint:test task
- Fix jshint errors
2014-09-03 20:33:58 +02:00
Fabian Becker
688b3914e4 Implements new Configuration API
closes #3619
- adds new permissions for configuration API
- adds integration tests
- adds configuration API for reading allowed values
2014-08-31 20:54:17 +00:00
Hannah Wolfe
93e4cfdadf Merge pull request #3855 from felixrieseberg/iss3844-importer
Importer: Sanitize UUIDs
2014-08-26 16:51:49 +01:00
Felix Rieseberg
6fe93f6a50 Importer: Sanitize UUIDs
Closes #3844
- Before importing, all data is checked for incorrect UUIDs. If check
fails, data is sanitized and outfitted with correct UUIDS.
- Scaffolding allows for easy implementation of additional
sanitization, should that be required in the future.
- Test included, old tests updated.
2014-08-23 18:02:23 -07:00
Hannah Wolfe
74c6a341be Delete tokens before deleting a user
fixes #3750

- Updated tests to create tokens for one user. This caused the tests to
  fail for MySQL exposing the bug.
- Delete user's tokens along with posts
2014-08-23 20:13:17 +01:00
Jason Williams
07ad400ee0 Replace the when promise library with bluebird.
Closes #968
2014-08-23 17:15:40 +00:00
Hannah Wolfe
663dc5861b Removing hard-coded port number
closes #1391
2014-08-22 08:58:21 +01:00
Harry Wolff
5ff2a31ce1 Move Models module to have an init method that sets up all models
resolves #2170

- creates a models.init() function that requires all other model files
and caches them.  This is opposed to the previous functionality where
when you require('./models') it would immediately require all other models.
Now it's done when you want.

- Updates all tests to reflect the new structure of the model module
2014-08-18 15:54:10 -04:00
Hannah Wolfe
2d2e61676d MU Importer - Assign objects correctly
fixes #3716

- change the importer to not override any user details
- only set published_by if it is not already set
- import users before anything else
- process the import and map user ids to existing users
- test fix - owner should have owner role
- test fix - catch invalid success in importer
2014-08-10 14:49:23 +01:00
Waleed Ali
7009d416cb Improve settings error handling
closes #3450
- Added no-permission error handling for settings edit API.
- In Authentication API integration test, updated the initOwnerUser
  function to insert the roles and user_roles for the owner user so the
  owner can edit settings after adding the no-permission error handling. I
  also added the mail send permission to the test since it's used after
  the user edits the settings.
2014-08-06 09:11:50 +01:00
Fabian Becker
a2d5105bcc Changing User.read API to default to active users.
refs #3542
- Properly handle forgotten screen (ember)
- Change Users API to only return active users on read
- Adjust tests
2014-08-06 00:30:48 +02:00
Hannah Wolfe
756368721e Update importer for MU
closes #3285

- remove apps stuff for now
- if there is a single user, behave the same as before, overriding
  non-critical properties of the single owner user
- if there are multiple users, import them like normal resource
2014-07-31 23:14:57 +01:00
Hannah Wolfe
6413337c2f Merge pull request #3425 from jgable/fixImporter
Make importer more robust for tags
2014-07-31 20:52:51 +01:00
Jacob Gable
69b871a754 Make importer more robust for tags
Closes #3242

- Add checks for valid fields in tags and posts
- Add unit test with empty tag export data file
- Add unit test with empty post export data file
2014-07-30 22:33:45 -05:00
Gabor Javorszky
8487dada0b Implement user and related content deletion
Closes #3100

* Introduces `destroyByAuhor`, given a context and an id, it will check if context has permission to delete the user by the id, and then deletes all the content where `author_id` is id, and then deletes the user
* Does multiple checks to make sure user exists
* Added a fixture `posts:mu` that creates 4 users belonging to 4 roles, 50 posts that have authors evenly distributed, 5 tags and all 50 have one tag attached to it, evenly distributed.

Caveats / questions

* Started testing
2014-07-31 03:48:59 +01:00
Hannah Wolfe
5dc457b417 Merge pull request #3443 from halfdan/30850-users-api
Users API advanced browsing
2014-07-30 22:47:55 +01:00
Fabian Becker
d4fdb07d9c Users API advanced browsing
closes #3085
- active and invited include multiple statuses when fetching
- adjusted data generator
2014-07-30 16:59:27 +00:00
Sebastian Gierlinger
ded6aa6ac0 Transfer ownership end point
closes #3426
- added transfer ownership endpoint
- added owner to roles.permissible
- manually removed owner from roles.browse
- removed hard coded author role
- fixed tests that were passing due to hard coded author role
- added testUtils.setup(‚roles‘)
2014-07-30 17:40:30 +02:00
Jacob Gable
0b34ad84cb Fix lazy loading of settings
Closes #3281

- Add the missing return to populateDefault
- Wrap defaultSetting in [] when passing to readSettingsResult
- Populate default value of dbHash in parseDefaultSettings
- Modify migrations.init to only load databaseVersion for export_spec test
- Fix spacing in test util file and null reference error in test
- Uncomment user tests (but add .skip) and remove settings from testUtils.setup()
2014-07-29 10:43:38 -05:00
Hannah Wolfe
0ffc5e6d47 Improve importer error messaging
closes #3274

- Ensure that validation errors are always handled by moving them into the
  importer
- Ensure that db errors are handled consistently across sqlite and mysql
- Change the errors to be output in a table, with a short failure notification
- Add tests for 003 importing bad files
2014-07-29 12:02:18 +01:00
Hannah Wolfe
49660ff703 Test for invite users error
refs #3433
2014-07-29 10:19:02 +01:00
Sebastian Gierlinger
e1c0c5ce98 Change refresh token expiry
no issue
- acquiring a new access token using a refresh token sets the
expiration time of the refresh token to now + 24 hrs.
- moved all occurrences of ONE_HOUR, ONE_DAY and ONE_YEAR to
`core/server/utils`
2014-07-28 15:19:49 +02:00
Hannah Wolfe
987e9277dc User edit, add & destroy perms restricted by role
closes #3096, closes #3378, refs #3100

- user.permissible updated to reflect proper permissions
- small amount of API refactoring to handle extra cases
- extensive integration testing
2014-07-28 08:32:04 +01:00
Hannah Wolfe
7714dc6ab1 Adding role API tests & fixing browse
refs #3083, refs #3196
2014-07-28 07:22:06 +01:00
Hannah Wolfe
e7dc51dc66 Improving error handling 2014-07-28 06:30:01 +01:00
Hannah Wolfe
337713ce63 Refactor fixture use in tests
no issue

- Refactor all integration tests to specify and load ONLY the fixtures
  they require to run, rather than initialising the whole kit-and-kaboodle
  for every single test which takes FOREVER.
- Refactor the route tests to share a doAuth function, and also specify
  additional fixtures required
- Move import and export unit tests, which are actually integration tests
  (they touch the DB)
- Comment out most of the permissions unit tests for now as they need more
  stubs/mocks so as to not touch the DB

Still todo:

- prevent default DB initialisation in route tests, and specify all
  fixtures requires as per the integration tests
- fix up the unit/permissions_spec
2014-07-23 05:04:50 +01:00
Harry Wolff
be37070fb6 This aims to speed up both the ghost application and tests by
migration from usage of config() to just an object of config.

no relevant issue

- Change 'loadConfig' task to 'ensureConfig' to more accurately reflect
what it is actually doing.  Its sole purpose is to make sure a `config.js`
 file exists, and as such the name now reflects that purpose.

- Update config/index.js to export the ghostConfig object directly
so that it can be accessed from other modules

- Update all references of config(). to config.
This was a blind global find all and replace, treat it as such.

- Fixes to tests to support new config access method

- Allow each test to still work when invoked invidually
2014-07-22 22:37:44 -04:00
Sebastian Gierlinger
28b03ec87e Add edit roles
refs #3087
- added ability to edit user/roles relation
- user is not allowed assign roles to himself
- only one role per user is supported atm
- added tests
2014-07-21 22:50:43 +02:00
Maurice Williams
a8ca517c54 Pagination for Users Management screen
closes #3222
- implementing server-side pagination for /users API
- passing /users?limit=none will return all users
- passing /users?status=invited will filter base on user status
- creating 3 mixins (route, controller and view) to keep pagination logic DRY
- updating route, controller and view for Posts to use new mixing
- implementing infinite scrolling for Users Management screen (using new mixins)
- Users Management screen displays all invited users, but paginates active users
2014-07-21 14:03:26 -04:00
Hannah Wolfe
cf9839c71d Integration tests use consistent teardown methods 2014-07-21 13:25:51 +01:00
Hannah Wolfe
8fc1b03ea7 Wrap up schema amends for 003
closes #2600

- adds 2 new columns to tags, for the soon-to-land tag management UI
- fixes validation for the active bool in app_fields
- adds missing return to addColumn command
- cleanup in addTableColumn util
2014-07-18 19:33:36 +01:00
Fabian Becker
5cd5f8cca9 Schema changes for Apps
refs #2465
- Add active field to app_fields
- Adjust data generator for app fields
2014-07-18 12:39:14 +00:00
Hannah Wolfe
ce06ad412a Adding and renaming permissions
refs #3283, refs #2739, refs #3096

- Renames permissions which didn't follow bread
- Adds permissions for notifications, mail and tags

Still todo:

- wire up the new permissions where they are needed
- add permissions for roles
2014-07-17 12:32:25 +01:00
Harry Wolff
25076ab087 Fix slowdown of tests by reverting back to using knex in test/utils 2014-07-10 08:05:03 -04:00
Harry Wolff
cddd23f926 Only reference model properties through the models module.
This frees us up to enforce one single point of access, thus paving
the way towards allowing us to initialize the models at are request,
and not when it's require().

addresses #2170
2014-07-10 08:04:32 -04:00
Sebastian Gierlinger
5e4fae6f11 Add owner fixture
closes #3073
- added fixture for owner role
- added fixture for initial user (new db)
- added conversion administrator -> owner (existing db)
- changed tests to take over owner user
- removed some functional tests until /setup works with owner user
2014-07-10 12:00:51 +02:00
Sebastian Gierlinger
035fb04d34 closes #3197
- added role to user obj (only returned from the user endpoint)
- added `/users/?include=roles` and
`/users/?include=roles,roles.permissions` query parameters
- added and updated tests
2014-07-08 18:00:59 +02:00
Jason Williams
05d199f9b4 Check datatype for date format conversion
Closes #3199
-If datatype is dateTime convert to javascript Date object when
 retrieved from the database.
-Add tests to make sure models and internal API are using Date
 objects for dateTime fields.
-Add tests to make sure the HTTP API is returning ISO 8601
 date strings for dateTime fields.
2014-07-05 19:15:32 +00:00
Kevin Ansfield
7e2e8b3376 Persistent notifications
closes #3057
- add Notification model
- update injected Notifications object to handle persistent notifications
- load server notifications on setup if logged in otherwise on successful sign-in
- changed all existing notifications.closeAll calls to closePassive
- fixed dismissable/dismissible spelling in server API & tests
- add notifications.closeNotification method so DELETE calls can be made for server-originating notifications
2014-07-01 11:36:21 +02:00
Sebastian Gierlinger
c8e8da4780 oAuth
closes #2759
closes #3027

- added oauth2orize library for server side oAuth handling
- added ember-simple-auth library for admin oAuth handling
- added tables for client, accesstoken and refreshtoken
- implemented RFC6749 4.3 Ressouce Owner Password Credentials Grant
- updated api tests with oAuth
- removed session, authentication is now token based

Known issues:
- Restore spam prevention #3128
- Signin after Signup #3125
- Signin validation #3125

**Attention**
- oldClient doesn't work with this PR anymore, session authentication
was
removed
2014-06-30 14:58:10 +02:00
Jason Williams
9a9593536d Update when.js dependency to version 3.2.3 2014-06-16 04:11:22 +00:00
lennerd
bebafdc9a9 Refactore slug API for generating tag and post slugs.
Closes #2601
- Removed slug generation from the post API
- Added new, self-contained slug API
- Fixed slug permissions in the fixtures files
- Added a HTTP route for the new API method
- Added integrational tests
2014-05-26 10:07:05 +02:00
Hannah Wolfe
c02ebb0dcf Refactor API arguments
closes #2610, refs #2697

- cleanup API index.js, and add docs
- all API methods take consistent arguments: object & options
- browse, read, destroy take options, edit and add take object and options
- the context is passed as part of options, meaning no more .call
  everywhere
- destroy expects an object, rather than an id all the way down to the model layer
- route params such as :id, :slug, and :key are passed as an option & used
  to perform reads, updates and deletes where possible - settings / themes
  may need work here still
- HTTP posts api can find a post by slug
- Add API utils for checkData
2014-05-15 10:41:05 +01:00
Fabian Becker
628654961a Implements new Themes JSON API
closes #2592
- Add themes browse/read endpoint
- Add new permissions for themes (only admin by default)
- Add integration tests
2014-05-14 11:23:42 +02:00
Fabian Becker
2a803aecdd Proper endpoints for persistent notifications
closes #2637
- Add new get API route for all notifications
- Wrap API responses to comply with JSON-API
- Add new tests / adjust fixtures
- Adjust all occurences of passive notifications
2014-05-06 00:05:14 +02:00
Hannah Wolfe
f2071eedb2 Move user API to primary document format
closes #2593

- added new format to user API methods
- changed all places where the user api was used
- updated tests and added more coverage
- little bit of cleanup in utils/api
2014-05-02 20:50:44 +01:00
Jacob Gable
7e9880ce8d Settings API Primary Document refactor
Closes #2606

- Refactor settings api responses to { settings: [ ] } format
- Update all code using api.settings to handle new response format
- Update test stubs to return new format
- Update client site settings model to parse new format into one object of key/value pairs
- Refactor to include all setting values
- Remove unused settingsCollection method
- Update settingsCache to store all attributes
- Update settingsResult to send all attributes
- Remove unnecessary when() wraps
- Reject if editing a setting that doesn't exist
- Reject earlier if setting key is empty
- Update tests with new error messages
- Use setting.add instead of edit that was incorrectly adding
- Update importer to properly import activePlugins and installedPlugins
- Update expected setting result fields
- Fix a weird situation where hasOwnProperty didn't exist 🤷
2014-04-30 23:15:27 -05:00
Lev Gimelfarb
a013840503 Support for urlSSL config option and forceAdminSSL 403 response
closes #1838
- adding `forceAdminSSL: {redirect: true/false}` option to allow 403 over non-SSL rather than redirect
- adding `urlSSL` option to specify SSL variant of `url`
- using `urlSSL` when redirecting to SSL (forceAdminSSL), if specified
- dynamically patching `.url` property for view engine templates to use SSL variant over HTTPS connections (pass `.secure` property as view engine data)
- using `urlSSL` in a "reset password" email, if specified
- adding unit tests to test `forceAdminSSL` and `urlSSL` options
- created a unit test utility function to dynamically fork a new instance of Ghost during the test, with different configuration options
2014-04-27 17:01:49 -04:00
Hannah Wolfe
9bf02c9e8c Merge pull request #2641 from alarobric/feature/2607TagParentRelation
Tag API response to use parent rather than parent_id
2014-04-23 12:47:37 +01:00
Alan Richards
5877e7d211 Tag API response to use parent rather than parent_id
Closes #2607
- added toJSON method to tag model
- parent_id attribute is replaced by parent
- integration tests will expect parent as an attribute
2014-04-22 23:46:53 -07:00
Alan Richards
686aec7ab5 Post API response to use author not author_id
Closes #2608
- added toJSON method override for post model
- in the event no expanded author relation is present the id will be used
- removed author_id from expected response JSON for posts.
- updated integration tests to check for existence or not of author and author_id
2014-04-22 02:13:33 -07:00
Sebastian Gierlinger
32ea948675 Post response move pagination -> meta
closes #2604
- moved ‚pagination‘ to ‚meta‘ property
- added response test for pagination property
- changed ‚next‘ and ‚prev‘ to be set to null and exist on every
response
- removed unnecessary call to API for RSS author
2014-04-19 17:03:20 +02:00
Sebastian Gierlinger
da3630071a Added and fixed permission tests
- fixed test for db functions
- added tests for different users
2014-04-16 18:22:22 +02:00
Sebastian Gierlinger
e47e9c62d0 Add permissions to API
closes #2264
- added permissions check to db, users and posts
- added register method to users
- added doesUserExist method to users
- added user from session to internal calls
- changed permissible to overwrite canThis
- removed action map and action type from permissable method
2014-04-16 18:22:22 +02:00
Fabian Becker
b8e8f63e44 Adds additional fields to apps schema.
fixes #2356
- Adds slug, version and status fields to apps schema
- Added fields to data generator
2014-04-16 18:16:10 +02:00
Fabian Becker
41cef386bc Implements Models & Data API for Apps
closes #2138
- Adds new models for AppField and AppSetting
- Removed permitted attributes from App model (handled by base)
- Added reference from Post to AppFields
- Added fixture data to DataGenerator
- Added integration tests for Apps, AppSettings, AppFields
- Added import for Apps
- Added app_fields to default fixtures
2014-04-16 18:14:56 +02:00
Jacob Gable
9369dd3bf7 Add app permission checking to canThis
- Pass permissions loading to buildObjectTypeHandlers to eliminate
shared state
- Load both app and user permissions to check
- Check app permissions if present
- Create apps table and App model
- Move effectiveUserPermissions to permissions/effective
- Change permissable interface to take context; user and app.
- Add unit tests for app canThis checks and effective permissions
2014-04-16 18:06:39 +02:00
Sebastian Gierlinger
9321289c1d Move post API to primary document format
closes #2580
- added new format to post API methods
- added post object parsing and wrapping to admin
- removed unused ‚user‘ object from API response
- updated tests
2014-04-16 12:09:03 +02:00
surgesoft
e89e38dd4b Refactor the API route tests to use supertest
close #2443
- Refactor API tests from `/core/test/functional/api` to
  `/core/test/functional/routes/api`, using supertest instead of request
- Remove `core/test/functional/api` folder
2014-04-07 15:40:20 +01:00
Fabian Becker
428fb94278 Fixes random pg failures.
fixes #2075
- Updates knex to latest version
- Fixes expected value in page test
- Change fixture insertion to be sequential
- Add orderBy to insertMorePostsTags fixture helper
2014-03-17 10:54:31 +00:00
Sebastian Gierlinger
7155d95f9d Add JSON API tests & cleanup
first 10 % of #2124
- added initial version of JSON API tests
- renamed error.errorCode to error.code
- renamed tags.all to tags.browse for consistency
2014-02-28 22:26:03 +00:00
Gabor Javorszky
667888aeb3 Implements Initial lifecycle and App UI start
Closes #2083

* Added hbs template for apps listing
* Added settings to read the activeApps
* Added viewcontrol to activate / deactivate apps
* Added API handler to store activeApps (by `name` in the `package.json` file)
* On button click it turns the button into "Working" and changes class to `button` (grey one)
* On success, rerenders the pane, adds success notification about apps being saved
* On error, rerenders the pane, adds error notification with error message

Missing:
* tests: couldn't figure out how to add mock apps with mock package.json data
* actually registering, etc, re #2140
* icon from the sidebar
2014-02-28 14:06:36 +00:00
Harry Wolff
9ab4b7d4d5 Adds tag pages
fixes #2111

- modified Post model to support a tag query
  param that will filter the desired post collection
  to only include posts that contain the requested tag

- in the updated Post model it includes the Tag model
  under a nested object called 'aspects'

- added tests for updated Post model, updating
  test utils to add more posts_tags relations

- adds two new routes to frontend,
  one for initial tag page,
  another to page that tag page

- for tag pages the array of posts
  is exposed to the view similarly
  to the homepeage

- on the tag view page the information
  for the tag is also accessible
  for further theme usage

- the tag view page supports a hierarchy of
  views, it'll first attempt to use a tag.hbs
  file if it exists, otherwise fall back
  to the default index.hbs file

- modified pageUrl and pagination helper
  to have it be compatible with tag paging

- added unit tests for frontend controller

- added unit tests for handlebar helper modifications

- add functional tests for new tag routes
2014-02-18 15:10:02 -05:00
John-David Dalton
6eab7b3f92 Replace underscore with lodash. 2014-02-06 14:08:34 +00:00
Jacob Gable
c7713c1d27 Load Apps Sandboxed
- Based on suggestions from hswolff loading with a Module class approach
- Loads relative modules in child sandboxes
2014-02-04 15:46:31 -06:00
Hannah Wolfe
199a92d9cb Merge branch '0.4-maintenance'
Conflicts:
	core/server/config/paths.js
	core/test/unit/config_spec.js
2014-01-26 16:11:02 +00:00
John O'Nolan
7ebd104f3f Rename 'plugins' to 'apps'
Fixes #1988
2014-01-21 15:45:27 +07:00
Sebastian Gierlinger
03cbc89a53 Fix posts.html and posts.markdown field type
closes #1947
- added fieldtype: medium for posts.html
- changed fieldtype: medium for posts.markdown
- added method to fix databases created with wrong field type
- added tests for database version 002
2014-01-15 14:29:23 +01:00
Hannah Wolfe
3dea6431df Ensure cookies are only ever set for admin
fixes #1901

- Adds a trailing slash to the cookie path
- Resolves random log-outs
- Adds a test which proves the case
2014-01-12 17:08:48 +00:00
Hannah Wolfe
dcf4b1e4e4 Add update notifications
closes #1464

- adds opt-out via updateCheck:false in config.js
- update check is done on admin index, but doesn't interfere with rendering
- adds update check module, which gets the usage data, makes the request and handles the response
- adds two new settings to default-settings, one for next check time, and one for whether to show the notification
- adds a new rejectError method to errorHandling
- adds a new helper for displaying the notification

Conflicts:
	core/server/helpers/index.js
	core/test/unit/server_helpers_index_spec.js
2014-01-07 08:20:08 +00:00
Hannah Wolfe
a697a631c2 Route tests
issue #1773

- Adds functional tests for frontend routing
- Tests the request-response contract
- Requires db access at the moment
- Tests #1790
2014-01-01 16:18:03 +00:00
Hannah Wolfe
d50354dde3 Update import tool to be safe
closes #1681

- import doesn't override user credentials
- import doesn't override theme
- import doesn't kill session
- import does refresh the settings cache
- updated tests, they now use a fixture instead of a generated export
- tests check to ensure import is safe
2013-12-29 13:23:23 +00:00
Hannah Wolfe
bdbeffb262 Merge pull request #1716 from ErisDS/post-order
API refactor / cleanup
2013-12-21 12:46:57 -08:00
Hannah Wolfe
78737b35ff API refactor / cleanup
closes #1303

- removed where and orderBy from being passed from the API through to bookshelf, and ultimately knex
- ordering is now consistent across both front and backend, which fixes #1303
- validated / cleaned up all the API parameters
- added API tests for the status and staticPages parameters
2013-12-20 13:07:01 +00:00
Sebastian Gierlinger
7ae543289d Fix 'dbHash' not found
closes #1685
- changed dbHash initialization from db direct access to api access
- added dbHash to default-settings.json
- added dbHash to tests
2013-12-16 11:16:06 +01:00
Harry Wolff
9bbf400dfc Fix loading of static pages in frontend controller
fixes #1644

- Fixes bug in controller/frontend
- Created functional test for posts API to test for this bug
- Created unit tests for frontend controller
- Fixed a global variable leak in core/test/utils/fixtures/data-generator
that was leaking the DataGenerator globally
- Resolved issue that arose from fixing above bug
2013-12-09 22:38:25 -05:00
Sebastian Gierlinger
3f2258e95b Replace cookieSession with session
- changed cookieSession to session
- added session.regenerate for login and logout
- added bookshelf session store
- added session table to database
- added import for databaseVersion 001
- added grunt task test-api
- cleanup of gruntfile to start express when needed only
- moved api tests to functional tests
2013-11-24 15:29:36 +01:00
Jakob Gillich
83d047c0ba Add Customisable Permalinks 2013-11-23 17:02:17 +01:00
Fabian Becker
89201a5c84 Lowercase email address.
fixes #1498
2013-11-18 00:34:51 +00:00
Declan cook
cbe8c15dc8 Add users Gravatar on signup
When a user registers try to find their gravatar.
2013-11-11 23:45:47 +00:00
Sebastian Gierlinger
a137d9c93e Add X-Cache-Invalidation Tests
closes #1397
- added checks for x-cache-invalidation to api tests
2013-11-07 16:08:39 +00:00
Sebastian Gierlinger
e2cee5be66 Move API tests to /integration/
closes #1396
- moved core/test/unit/api* to core/test/integration/api/
- moved core/test/integration/model* to core/test/integration/model/
- moved core/test/unit/utils to core/test/utils
- moved core/test/unit/fixtures to core/test/utils/fixtures/
- changed gruntfile.js to execute api tests with target 'integration'
2013-11-07 14:26:47 +01:00