Commit Graph

75 Commits

Author SHA1 Message Date
Hannah Wolfe
65dcb17117 Merge branch '0.3.3-wip'
Conflicts:
	core/client/views/blog.js
	core/server/api.js
	core/server/views/default.hbs
	package.json
2013-10-20 10:09:39 +01:00
Sebastian Gierlinger
2ee8f96829 Revert sessions to cookieSessions
no issue
- modified sessions to use cookieSession
- set max-age to 12 hrs
- modified logout to delete cookie completely
2013-10-18 13:24:01 +02:00
Hannah Wolfe
2a6e77752f API JSON updates 2013-10-17 20:52:05 +01:00
Hannah Wolfe
d9c9ca0e33 Merge pull request #4 from sebgie/sec/3
Sec/3
2013-10-17 10:49:40 -07:00
Sebastian Gierlinger
374c41e138 Remove private data from API
no issue
- added removal to user.browse, posts.read, posts.browse
- fixed removal for user.read
2013-10-17 17:15:25 +02:00
Sebastian Gierlinger
90176e1f40 Security improvements
no issue
- added CSRF protection
- changed session handling to express.session
- changed session handling to change session id
- added config property useCookieSession
- added file extension check for /ghost/upload
- removed /ghost/debug/db/reset
2013-10-17 15:28:28 +02:00
Hannah Wolfe
b4e04b3650 Fix for image uploads
- express 3.4.0 uses connect 2.9.0 which had a sizable change to how multipart woks
- this change resulting in req.files.uploadimage.type going away
2013-10-11 20:26:09 +01:00
Sebastian Gierlinger
6ff17c78a2 Fix filepaths for config and upload
no issue
- added appRoot to config-loader.js
- modified uploader to use correct path
- modified tests
2013-10-10 12:44:31 +02:00
Gabor Javorszky
f709dcb798 Adds error message to blog import on empty / bad file
Closes #840
* Checks file to be size > 0
* Checks file to be .json
* Fails if either of them are not good
2013-09-28 15:42:42 +01:00
Hannah Wolfe
6bd62538af Merge branch '0.3.1-wip'
Conflicts:
	core/server/controllers/admin.js
2013-09-27 17:22:55 +01:00
Hannah Wolfe
681aa71bf5 Merge pull request #848 from jamesbloomer/705-image-Upload-file-storage-amends-type
Use file mime type to check server side if image upload is a valid file
2013-09-26 15:18:04 -07:00
Sebastian Gierlinger
fa43ca79d3 Add content to RSS
closes #886
- removed meta_description which is empty and would have crashed
- added content
- img src converted to absolute path
- a href converted to absolute path
2013-09-26 15:37:25 +01:00
John O'Nolan
d1957958e3 Cleanup indentation and quotes
Aligns all requirements vertically for easier reading + adds single quote standard consistently throughout Ghost, except in long strings.
2013-09-26 15:06:31 +01:00
Sebastian Gierlinger
6697d8a097 Add invalidate cache headers
closes #570
- added X-Cach-Invalidate headers for PUT, POST, DELETE requests
2013-09-24 17:21:43 +02:00
jamesbloomer
c215626d2b Use file mime type rather than extension to check server side if image upload is a valid file
closes #705
- uses the file type passed by express/connect
- relies on the type being set correctly by the browser upload
- doesn't reread the file to check
2013-09-20 13:20:59 +01:00
Hannah Wolfe
ee78f87c47 Import > Signout
- uncommitting the thing I shouldn't have commited
2013-09-18 16:11:21 +01:00
Hannah Wolfe
f717aed96f Merge pull request #820 from jamesbloomer/705-image-Upload-file-storage-amends
Remove temporary files when uploading images
2013-09-18 08:08:48 -07:00
Sebastian Gierlinger
1cac1acded RSS without User
closes #817
- no user, no rss author
2013-09-18 10:17:56 +02:00
jamesbloomer
36f218abaf Remove temporary files when uploading images
closes #502
part of #705
- copy the files but then remove the temporary ones
- moving instead of copying was problematic due to moving across devices
- still need to convert code to using promises
2013-09-18 09:15:21 +01:00
Hannah Wolfe
e0edb6455d Temporary Importer
closes #735

 - make sure the importer gets loaded
 - additional preprocessing to ensure data can be loaded
 - removed old importers
2013-09-18 04:20:21 +01:00
Christopher Giffard
8fa1ce96ff Settings: Return 404 for unrecognised pages
Fixes #798

- Now checks the request URL against a whitelist to determine whether the settings
  page exists.

**Notes**

- This works in the short term, but a better solution for enumerating the available
  settings views or centralising a list of recognised views that are available
  to client side code, (the router and sidebar, among others) as well as the backend
  controller will be required.
2013-09-18 12:31:43 +10:00
Hannah Wolfe
658a21bcf8 Quick file type amend
- adding .jpeg spelling to allowed extensions, #705 will fix this properly
2013-09-18 02:53:08 +01:00
Sebastian Gierlinger
60d93bd3f3 Fix for images with special chars
closes #780
- added replacing of special chars with '_'
2013-09-17 22:11:22 +02:00
Hannah Wolfe
750c19014a Populating admin email with user signup email
closes #775
2013-09-17 03:08:36 +01:00
Hannah Wolfe
79f75865a1 Error handling for the frontend routes 2013-09-17 01:54:36 +01:00
Sebastian Gierlinger
141361c40e Escape RSS post title
closes #755
- added html escape for post title
- changed author for rss feed to current user
- added simple test to check rss is working
2013-09-16 13:11:53 +02:00
Sebastian Gierlinger
8f22737f04 Make settings() 'magic'
- access value directly by using ghost.settings('key')
- removed use of <key>.value
- removed workaround for activeTheme path
2013-09-15 19:52:37 +02:00
Hannah Wolfe
117f70dcfd Merge pull request #752 from sebgie/settingsapi
Add setting filter
2013-09-15 09:53:23 -07:00
Hannah Wolfe
8d038b8bf2 One exporter to rule them all
closes #733

- Exporter will read meta data to determine the tables which are present and export all data from those tables
- Exporter figures out which version to export, rather than requiring that information
- deleted old exporters
2013-09-15 17:04:42 +01:00
Sebastian Gierlinger
bd8db968ea Add setting filter
closes #172
- added type to ghost.settings()
- added /api/settings?type=<filter>
- added availableThemes to settingsCache
- removed cachedSettingsRequestHandler
- removed /api/themes (including front end)
- changed activePlugins to type "plugin" in default-settings.json
2013-09-15 18:04:01 +02:00
Hannah Wolfe
9fcc0a6ed6 Renamed currentVersion setting to databaseVersion to avoid confusion with software version 2013-09-14 22:13:59 +01:00
Hannah Wolfe
d968495996 Mass renaming of things
Conflicts:
	core/client/views/settings.js
	core/server/models/user.js
2013-09-14 21:56:07 +01:00
Sebastian Gierlinger
35a32279d9 Clean up config (drop 'env')
closes #628
- removed .env from config.js
- ghost.config() returns correct config for NODE_ENV
- removed .env[process.env.NODE_ENV]
- updated tests
- deleted users.hbs, plugins.hbs, appearance.hbs (forgot to delete in PR #649)
2013-09-14 13:14:00 +01:00
Hannah Wolfe
486c2b4eea Use software version in RSS
closes #723

 Still waiting on https://github.com/dylang/node-rss/pull/16 to get this to actually output
2013-09-14 12:12:27 +01:00
Hannah Wolfe
cc785cc981 Merge pull request #686 from matthojo/Sign-up-screen-UI
Improved Auth screen markup and validation checks
2013-09-12 06:25:27 -07:00
Hannah Wolfe
4cd9f79116 Merge pull request #703 from matthojo/Dashboard-Removal
Temporarily removed the Dashboard and all references
2013-09-12 06:19:59 -07:00
Matthew Harrison-Jones
2678de902d Improved Auth screen markup and validation checks
* Signup now focuses on 'name' on load
* Fixed fade in on auth forms to work with `display: table`
* The 'name' field is required on Sign up forms
* The length check on the Signup form is in order of inputs
* Added check for password length
* Changed the auth form class names to better represent individual pages
* Updated CasperJS tests
2013-09-12 09:59:58 +01:00
Matthew Harrison-Jones
a85e8e1efc Temporarily removed the Dashboard and all references
This also updates the CasperJS to match the new changes.
2013-09-11 15:38:09 +01:00
jamesbloomer
3e28803672 Ensure image uploads do not overwrite if they have the same name
closes #619
- check if uploaded image name exists in month/year path
- if unique then save
- if not unique then add -1 to the end of the name eg. image-1.jpg
- if image-1.jpg exists then increment to -2
- keep going until a unique name is found
- uses tail recursion as normal path will be to save the first filename and deep recursion will be the exception
- (the alternative of loading the names of all the files in the directory could result in a large in memory array)
2013-09-10 22:02:28 +01:00
William Dibbern
9064914829 Added redirect to get rid of /page/1/
Fixes #592

- Added *permanent* redirect to ensure `/page/1/` isn't used and that
`/` is used instead.
- Added pageUrl helper (and unit tests) to generate client side url
fragment for blog pages conforming to the above standard.
- Updated pagination helper to use new `pageUrl` theme helper.
- Added functional tests for redirects and added scaffolding for
functional frontend tests in general.
2013-09-09 18:32:44 +01:00
Hannah Wolfe
0b3f2797e9 Fix for file upload paths on Windows
closes #669

- override incorrect path separators with / in the src for an image.
2013-09-09 17:19:58 +01:00
Hannah Wolfe
946544996c Updating forgotten password email template
closes #288

- added sign off using url from config
2013-09-09 11:51:12 +01:00
John O'Nolan
229597d341 Input signup name into user profile 2013-09-08 21:16:40 +02:00
Sebastian Gierlinger
27ba9289d6 Add setting for posts per page
closes #593
- added default setting of 6 posts per page
- added posts per page to settings page
- added limit to frontend.js (setting does not change API behavior)
2013-09-05 14:56:09 +02:00
Hannah Wolfe
ddcc7b78b6 Removing api calls from server side
closes #603, issue #395

- Changed hard-coded 'JOE BLOGGS' to use author data
- We still had api calls loading data server side before rendering pages.. which is unnecessary.
- Only thing using this was editor title, which is now populated client side
- May improve content screen load time.
2013-09-04 21:51:54 +01:00
Hannah Wolfe
21487aa802 Email errors & cleanup
closes #618

- don't send a welcome email. This appeared to be breaking tests.
- make sure we handle errors from sending emails properly
- use promises when adding notifications
2013-09-04 15:04:25 +01:00
Hannah Wolfe
36874badd5 Merge pull request #587 from javorszky/iss288
Email sending with Sendgrid plus password reset
2013-09-02 15:44:48 -07:00
Hannah Wolfe
13646f9ef6 Blog URL per environment
closes #572

 - Moved the siteUrl setting into each individual env config.
 - Updated app start and RSS to use the new config
2013-09-02 15:50:14 +01:00
Jacob Gable
3d2f03a08f Fix RSS urls 2013-09-01 20:34:26 -05:00
Gabor Javorszky
5999d01b7d Repaired email sending, implement password reset
Closes #288
* I use SendGrid for sending the emails, and it works fine (provided you supply the correct credentials in `config.mail` in `config.js`)
* Generates a random 12 char long alphanumeric password, replaces user's pw, and sends an email about it.
2013-09-01 00:20:12 +02:00