Commit Graph

10696 Commits

Author SHA1 Message Date
Renovate Bot
118c546e8c Update dependency sanitize-html to v1.22.1 2020-03-16 06:54:56 +00:00
Renovate Bot
0372616421 Update dependency @sentry/node to v5.14.2 2020-03-16 06:51:51 +00:00
Naz
6a9b53fcad
Cleaned up members isPaid flag in settings table (#11651)
no issue

- The flag has not been used and can be removed, to make the `members_subscription_settings` JSON record in `settings` table easier to read. 
- It used to indicate Stripe configuration being present. Currently that is checked by looking up if Stripe config's `public_token` and `secret_token` values are present (example - https://github.com/TryGhost/Ghost/blob/3.11.0/core/frontend/helpers/ghost_head.js#L54)
2020-03-16 13:36:51 +08:00
Kevin Ansfield
531ef01c48 Update dependency @tryghost/html-to-mobiledoc to v0.6.4
no issue

- includes fixes for html->mobiledoc conversion
  - fixes multiple spaces appearing in text content if source content is indented and has newlines
  - fixes crash if source content has `<li>` elements containing headers
  - fixes crash if source content has non-`<li>` top-level elements inside a list
  - fixes `blockquote>p` markup in source content losing blockquote styling
2020-03-12 18:57:06 +00:00
Rish
5f349b3ef7 🐛 Fixed missing publication icon in newsletter emails
no issue

Email template was incorrectly setting up publication icon url in case of subdirectory setup, leading to missing publication logo from newsletter emails in such cases. This adds the fix to use correct absolute url for publication icons in all setups.
2020-03-12 09:52:54 +05:30
Daniel Lockyer
2dd374043d Handled permissions error in file storage adapter
no issue

- trying to read a file without the correct permissions would cause a
  500 error
- this commit handles the error code and returns an appropriate
  response
2020-03-11 13:27:27 +00:00
Daniel Lockyer
303def2045 Version bump to 3.11.0 2020-03-10 13:02:54 +00:00
Daniel Lockyer
c7dc393719 Updated Ghost-Admin to 3.11.0 2020-03-10 13:02:54 +00:00
Naz
df056416bd
Cleaned up broken complimentary plan (#11650)
refs https://github.com/TryGhost/Ghost/issues/11648

- Removes Stripe plan entries from settings that are not formatted correctly.
- Incorrect formatting was caused by a bug in 3.10.0 Admin-Client where it wasn't able to find complimentary plan. Related fix for this here - 9e7a6b801a
2020-03-10 20:39:34 +08:00
John O'Nolan
70076f8c19
Update FUNDING.yml 2020-03-09 20:23:07 +07:00
Nazar Gargol
53b6ad16d8 Fixed handling of empty created_at dates in member CSV imorts
no issue

- When created_at value is not provided it should be treated as an empty one instead of trying to import empty string.
- This scenario happens when the column is defined in CSV but no values are present (default parsed value is empty string '')
2020-03-09 20:12:02 +08:00
Daniel Lockyer
52ccd4648f Version bump to 3.10.0 2020-03-09 10:49:09 +00:00
Daniel Lockyer
7694f5e786 Updated Ghost-Admin to 3.10.0 2020-03-09 10:49:09 +00:00
Daniel Lockyer
06a2371bd7 Updated Casper to 3.0.9 2020-03-09 10:49:09 +00:00
Kevin Ansfield
4773939670 🔒 Improved validation of fetched urls and responses in oembed endpoint
no issue

- prevent oembed fetching from accessing IP addresses or localhost domains
- prevent oembed endpoint from passing through fetched responses as-is
  - reject any fetched data that does not validate against the oembed spec
  - strip any unknown properties from the oembed response before returning

Credits: Nick Mykhailyshyn
2020-03-09 10:42:25 +00:00
Daniel Lockyer
afb3177e5e Added site URL to Update Check body
no issue
2020-03-09 09:48:04 +00:00
Renovate Bot
4215cee395 Update dependency sharp to v0.25.1 2020-03-09 07:53:07 +00:00
Renovate Bot
7fcb6c8e8f Update dependency uuid to v7.0.2 2020-03-09 07:33:53 +00:00
Renovate Bot
478a0668e4 Update dependency @sentry/node to v5.13.2 2020-03-09 07:33:32 +00:00
Renovate Bot
403f7990e8 Update dependency express-hbs to v2.3.1 2020-03-09 07:33:18 +00:00
Renovate Bot
2d20778bcb Update metascraper to v5.11.6 2020-03-09 07:32:59 +00:00
Nazar Gargol
895b3d98e7 Refactored members csv export for bettere readability
no issue
2020-03-06 13:55:11 +08:00
Daniel Lockyer
357671549a Added feature label to stalebot exemption list
no issue
2020-03-05 12:40:59 +00:00
Fabien O'Carroll
801608e077
Fixed permission to only fetch for active users (#11641)
no-issue

Essentially only active users should have their permissions loaded, this
means that suspended or inactive users are stripped of all permissions
until their status is changed.
2020-03-05 12:22:50 +02:00
Fabien O'Carroll
58187175c3
Deleted all but active sessions on password change (#11639)
closes #10323 

* Fixed usage of hasMany for user->session
* Refactored changePassword to async function
* Deleted all user sessions when password changed
* Tested for session retained after password changed
* Added the session to the frame
* Skipped the current session when changing password
2020-03-05 12:22:32 +02:00
Daniel Lockyer
7e1c7ef9d2
Updated README with GitHub Actions badge
no issue
2020-03-05 10:03:13 +00:00
Daniel Lockyer
7b32bf9ca5 Switched tests to GitHub Actions
no issue
2020-03-05 09:50:14 +00:00
Daniel Lockyer
edfc07b9c8 Captured bulk-email errors in Sentry
no issue
2020-03-04 13:44:23 +00:00
Daniel Lockyer
4fda464103 Added captureException helper to Sentry integration
no issue

- this allows us to custom capture exceptions
2020-03-04 13:42:30 +00:00
Nazar Gargol
8f789523e3 Fixed date formatting in members CSV export
no issue

- Made date formatting coherent with the one used in API and the exporter
- Using JSON.stringify() here because that's exactly how API is getting it's formattting done atm
2020-03-04 17:41:02 +08:00
Nazar Gargol
c0512e30bb Added custom currency support for Memer's plans
no issue

- Multiple currencies for membe plans were supported under the hood but never had a clear interface to manage them. This change allows to reference currently used currency and it's symbol from the theme layer with following syntax: `{{@price.currency}}` and `{{@price.currency_symbol}}
2020-03-04 13:15:21 +08:00
Eric Morgan
3f5daa60c8 🐛 Fixed publisher logo meta schema
refs #11304

- Previously the schema publisher logo attribute was incorrectly given the logo url
- schema.org and Google's docs show the logo needing it's own type and url attributes
- I added the correct @type and moved the metaData.site.logo to the new url attribute
- This change now clears the error in Google's Structured Data tester
- A future improvement would be to size the site logo to 60px in height per Google's recommendation
2020-03-03 12:18:23 +00:00
Daniel Lockyer
e31ba0dea3 Updated ghost-storage-base dependency
no issue
2020-03-03 09:56:40 +00:00
Renovate Bot
92c85f1485 Update dependency mocha to v7 2020-03-03 08:35:39 +00:00
Renovate Bot
095ed2a892 Update dependency uuid to v7 2020-03-03 08:32:58 +00:00
Daniel Lockyer
a851cdfc7b Handled bad URLs in oembed bookmark API
fixes #11636

- malformed URLs passed to oembed API would cause `got` or `metascraper`
  to throw an error and this would result in a 500 error from Ghost
- this commit catches the errors and returns a reasonable response
2020-03-02 14:24:26 +00:00
Daniel Lockyer
f7bc233f4c Version bump to 3.9.0 2020-03-02 12:02:24 +00:00
Daniel Lockyer
ad15457c05 Updated Ghost-Admin to 3.9.0 2020-03-02 12:02:24 +00:00
Daniel Lockyer
49ee2cf30f Updated Casper to 3.0.8 2020-03-02 12:02:24 +00:00
Fabien O'Carroll
c1bd6f35cb Exposed member uuid to themes as @member.uuid
no-issue

Ronseal. Exposes's uuid for use in third party tracking/linking of
members, e.g. google tag manager

refs: https://forum.ghost.org/t/ghost-and-member-id-for-google-tag-manager/12317
2020-03-02 13:39:13 +02:00
Daniel Lockyer
65d258972b Handled bad redirect URLs for private sites
no issue

- Sentry flagged up a redirect URL for the POST action of accessing a
  private site which would throw a 500
- `decodeURIComponent` would throw an error if it was passed bad data
- this commit moves the `decodeURIComponent` inside the try-catch to
  handle the error
2020-03-02 08:23:23 +00:00
Renovate Bot
c9af8844ba Update dependency @sentry/node to v5.13.1 2020-03-02 08:16:11 +00:00
Renovate Bot
394305ad0c Update dependency amperize to v0.6.1 2020-03-02 02:20:01 +00:00
Renovate Bot
35b9511c3e Update dependency @sentry/node to v5.12.5 2020-03-02 01:20:52 +00:00
Kevin Ansfield
7bf5b7d4e0 Deleted unused models/base/token.js file
no issue

- tokens usage was removed in 3.0
2020-02-27 11:32:17 +00:00
Kevin Ansfield
8218f490cd Added capture of geolocation during member signup/signin
no issue

- updated `@tryghost/members-api` which now includes geolocation lookup from IP address during member signup and signin when geolocation data doesn't already exist
2020-02-27 10:46:37 +00:00
Daniel Lockyer
93dd8b3dc3 Updated Travis configuration to remove cron references
no issue

- the cron is no longer used as regression tests run on master
2020-02-27 09:36:06 +00:00
Nazar Gargol
6cca5b45c5 Fixed regression test
refs b0ff1e7ca

- Regression test didn't get updated after migration was added
2020-02-27 12:57:53 +08:00
Naz
b0ff1e7cac
Added member login resource to Admin API (#11607)
no issue

- Adds 'GET /members/:id/signin_urls' endpoint to Admin API allowing to fetch login URL for member. This URL allows to log in as a member which is useful in situations when you need to impersonate a member (for example to debug some issue they are having)
- Added member_signin_urls permission with migrations. Only the "Owner" user can read "signin_urls" resource. Admin and other users will be denied access
2020-02-27 11:48:02 +08:00
Nazar Gargol
258bcc71bf Added minified members.js file handling
refs 91984b54ca

- For request effieciency we should be using a minified file just like we did previously with `ghost-sdk.js`
- Modified 'max-age' caching header to 1 year  for both minified and non-minified files as thay won't affect dev environment and should be beneficial for self-hosting instances that don't use minification
- Along the way corrected an extra 301 redirect because `/public/member.js` path wasn't using a bakslach in the end.
2020-02-26 14:08:10 +08:00