Commit Graph

7479 Commits

Author SHA1 Message Date
Katharina Irrgang
b5cdc01ad1 🎨 Updates for Gruntfile (#8158)
* grunt docs did not work
  - the option "extras" did not work
  - https://github.com/jbt/docker/blob/v0.2.14/src/docker.js#L1280
  - there is a bug in docker docs
  - i removed it for now
* grunt watch-docs typo + remove old config
* remove client testing and client linting
* optimise grunt validate
  - validate is just a wrapper command for `npm test`
  - it will either run lint or the server tests
  - no build - why should validate build ember?
* config updates
  - we don't have a config.js anymore
  - use new config notation
* Update grunt dev
  - livereload for Ghost wasn't working correct, the server wasn't stopped correctly and after reload an address in use error was visibile
  - that is because the "spawn" option has changed to "nospawn"
  - add stdout/stderr info to the bgshell watch command
2017-03-14 13:51:32 +00:00
Katharina Irrgang
974adee932 🔥 remove fileStorage option (#8144)
refs #8032

- this was used to disable the upload image functionality in Ghost-Admin
- we no longer need this boolean, because people can add their own storage adapter
2017-03-14 10:31:33 +00:00
Hannah Wolfe
27ee1dc7b8 Implement custom errors 2.0 (#8148)
closes #8079

- add a new view type of defaultViews, as this is NOTHING to do with the admin!
- rename user-error.hbs to error.hbs, because this can be for any sort of error
- reimplement custom errors, but with a stack like channels & single templates
- change ghost_head to only not output on 500+ server errors, rather than 400+ user errors
- add coverage for the new template functions
2017-03-14 10:06:42 +01:00
Hannah Wolfe
bb3cc8c0f8 Reimplement custom theme templates (#8147)
closes #8082

- Update the `pickTemplate` logic to
  a) rely on getActive().hasTemplate() instead of being passed a list of paths
  b) support the concept of a fallback, which is returned if there is no theme, or if the theme doesn't have a more specific template
- Update every instance of template picking, across the 3 internalApps, and render-channel, to use this new logic
- update the tests
2017-03-14 00:15:50 +01:00
Hannah Wolfe
b06f03b370 New fully-loaded & validated activeTheme concept (#8146)
📡 Add debug for the 3 theme activation methods
There are 3 different ways that a theme can be activated in Ghost:

A. On boot: we load the active theme from the file system, according to the `activeTheme` setting
B. On API "activate": when an /activate/ request is triggered for a theme, we validate & change the `activeTheme` setting
C. On API "override": if uploading a theme with the same name, we override. Using a dirty hack to make this work.

A: setting is done, should load & validate + next request does mounting
B: load is done, should validate & change setting + next request does mounting
C: load, validate & setting are all done + a hack is needed to ensure the next request does mounting

 Validate w/ gscan when theme activating on boot
- use the new gscan validation validate.check() method when activating on boot

 New concept of active theme
- add ActiveTheme class
- make it possible to set a theme to be active, and to get the active theme
- call the new themes.activate() method in all 3 cases where we activate a theme

🎨 Use new activeTheme to simplify theme code
- make use of the new concept where we can, to reduce & simplify code
- use new hasPartials() method so we don't have to do file lookups
- use path & name getters to reduce use of getContentPath etc
- remove requirement on req.app.get('activeTheme') from static-theme middleware (more on this soon)

🚨 Improve theme unit tests (TODO: fix inter-dep)
- The theme unit tests are borked! They all pass because they don't test the right things.
- This improves them, but they are still dependent on each-other
- configHbsForContext tests don't pass if the activateTheme tests aren't run first
- I will fix this in a later PR
2017-03-13 21:13:17 +01:00
Katharina Irrgang
7556e68c48 🎨 Ghost bootstrap: optimise requires (#8121)
* 🎨  Ghost bootstrap: optimise requires

no issue

- require as less as possible on bootstrap

* do not load icojs on bootstrap
2017-03-13 20:07:12 +00:00
Katharina Irrgang
e0cd5b55ce 🎨 fetch user profile by auth id (#8110)
no issue

- this is secured by client credentials
- you can only fetch the user info if the user is connected to your blog (invited, owner)
- passport ghost instance stores the client credentials in the instance, no need to pass them into
- tested on staging
2017-03-13 19:49:30 +00:00
Katharina Irrgang
ea0f696c4d 🐛 fix usages of logError (#8138)
no issue
2017-03-13 19:47:09 +00:00
Hannah Wolfe
e060a4f811 🎨 🐛 Improve theme lib, middleware & error handling (#8145)
no issue

🎨 simplify loader - use loadOneTheme for init
- use loadOneTheme for init
- move updateThemeList to the one place that it is used
- this just reduces the surface area of the loader

🎨 Move init up to index temporarily
- need to figure out what stuff goes in here as well as loading themes
- will move it again later once I've got it figured out

🎨 Reorder & cleanup theme middleware
- move the order in blog/app.js so that theme middleware isn't called for shared assets
- add comments & cleanup in the middleware itself, for clarity

🎨 Simplify the logic in themes middleware
- Separate out config dependent on settings changing and config dependent on request
- Move blogApp.set('views') - no reason why this isn't in the theme activation method as
  it's actually simpler if it is there, we already know the active theme exists & can remove the if-guard

🎨 Improve error handling for missing theme
- ensure we display a warning
- don't have complex logic for handling errors
- move loading of an empty hbs object into the error-handler as this will support more cases

🐛 Fix assetHash clearing bug on theme switch
- asset hash wasn't correctly being set on theme switch

🎨 Remove themes.read & test loader instead
- Previously, we've simplified loader & improved error handling
- We are now able to completely remove theme.read as it's nothing more than a wrapper for package.read
- This also means we can change our tests from testing the theme reader to loader
2017-03-13 17:30:35 +01:00
Katharina Irrgang
c9f551eb96 suspend user feature (#8114)
refs #8111 
- Ghost returns now all (active+none active) users by default
- protect login with suspended status
- test permissions and add extra protection for suspending myself
- if a user is suspended and tries to activate himself, he won't be able to proceed the login to get a new token
2017-03-13 12:03:26 +00:00
Hannah Wolfe
b2f1d0559b Themes API activation permissions & validation (#8104)
refs #8093

 Add activate theme permission
- add permission to activate themes
- update tests
- also: update tests for invites
TODO: change how the active theme setting is updated to reduce extra permissions

 Move theme validation to gscan
- add a new gscan validation method and use it for upload
- update activate endpoint to do validation also using gscan
- change to using SettingsModel instead of API so that we don't call validation or permissions on the settings API
- remove validation from the settings model
- remove the old validation function
- add new invalid theme message to translations & remove a bunch of theme validation related unused keys

📖  Planned changes

🚨 Tests for theme activation API endpoint
🐛 Don't allow deleting the active theme

🚫 Prevent activeTheme being set via settings API
- We want to control how this happens in future.
- We still want to store the information in settings, via the model.
- We just don't want to be able to change this info via the settings edit endpoint

🐛  Fix warnings for uploads & add for activations
- warnings for uploads were broken in f8b498d
- fix the response + adds tests to cover that warnings are correctly returned
- add the same response to activations + more tests
- activations now return a single theme object - the theme that was activated + any warnings

🎨 Improve how we generate theme API responses
- remove the requirement to pass in the active theme!
- move this to a specialist function, away from the list

🎨 Do not load gscan on boot
2017-03-13 12:44:44 +01:00
Greenkeeper
234e27ff87 Update ghost-ignition to version 2.8.9 🚀 (#8139)
* chore(package): update ghost-ignition to version 2.8.9

https://greenkeeper.io/

* chore: yarn.lock
2017-03-13 09:44:21 +01:00
Greenkeeper
0d2f9c6aa8 Update passport-ghost to version 2.3.1 🚀 (#8125)
* chore(package): update passport-ghost to version 2.3.1

https://greenkeeper.io/

* chore: yarn.lock
2017-03-10 19:56:02 +01:00
Greenkeeper
45127d4b0a Update knex-migrator to version 2.0.13 🚀 (#8124)
* chore(package): update knex-migrator to version 2.0.13

https://greenkeeper.io/

* chore: yarn.lock
2017-03-10 19:35:23 +01:00
Katharina Irrgang
f8c51ac7e5 😱 🚀 🎨 tests: use truncate instead of database deletion (#8119)
* 😱  🚀  🎨  tests: use truncate instead of delete the database

refs #7718, refs #7470

- should bring massive speed improvement
- could also fix random test failures (e.g. sqlite database is busy)

* gruntfile: add knex-migrator command in test-setup
2017-03-09 19:38:20 +00:00
Greenkeeper
feaa25dad2 Update knex-migrator to version 2.0.12 🚀 (#8118)
* chore(package): update knex-migrator to version 2.0.12

https://greenkeeper.io/

* chore: yarn.lock
2017-03-09 19:08:06 +01:00
Greenkeeper
29511bf61a Update passport-ghost to version 2.3.0 🚀 (#8108)
* chore(package): update passport-ghost to version 2.3.0

https://greenkeeper.io/

* chore: yarn.lock
2017-03-08 15:41:36 +01:00
Greenkeeper
1909e0c730 Update knex-migrator to version 2.0.9 🚀 (#8092)
* chore(package): update knex-migrator to version 2.0.9

https://greenkeeper.io/

* chore: yarn.lock
2017-03-08 15:41:21 +01:00
Katharina Irrgang
27f17c973d 🎨 handle case: sync email after logout (#8097)
no issue

If the user changes the email in the remote auth service and executes a logout directly afterwards, the user would lock himself out of his blog, because the email sync happens once per hour right now.
For that case, we have to store the ghost auth id.
2017-03-08 14:31:22 +00:00
kirrg001
345003a16f Updated Ghost-Admin 2017-03-08 14:39:44 +01:00
Hannah Wolfe
94d53cf5fb Move activation to themes endpoint (#8093)
no issue
- browse will now include the correct activated theme again
- PUT /theme/:name/activate will activate a theme
- tests now read from a temp directory not content/themes
- all tests check errors and responses
2017-03-08 10:46:03 +00:00
Katharina Irrgang
27e659a21e 🐛 export database read settings from database (#8103)
* 🐛  export database read settings from database

no issue

- the backup script uses the export database lib and is broken if knex-migrator is called via shell, the settings cache is not loaded
- i have changed the export database lib to read the settings key directly from the db

* use get('value')
2017-03-08 10:26:57 +00:00
Hannah Wolfe
9aec9c6a63 🐛 Use isIgnitionError to detect unhandled errors (#8100)
closes #8099, refs https://github.com/TryGhost/Ignition/issues/28

- use new utility to detect if an error has not yet been handled & convert it to a generic Ghost error
- update theme_spec tests to include checking error messages, which catches this issue
2017-03-06 17:37:16 +01:00
kirrg001
fdcc66bdbf Upgrading Casper to 1.3.6 2017-03-06 12:33:47 +01:00
kirrg001
d34399c4ca Version bump to 1.0.0-alpha.15 2017-03-03 18:35:18 +01:00
kirrg001
43aacf63c3 Updated Ghost-Admin to 1.0.0-alpha.15 2017-03-03 18:35:18 +01:00
Katharina Irrgang
773eb92960 🐛 fix cors middleware (#8094)
no issue

- same fix as https://github.com/TryGhost/Ghost/pull/8066
- just for master
2017-03-03 16:41:20 +00:00
Greenkeeper
0fd0807f7b Update knex to version 0.12.7 🚀 (#8014)
* chore(package): update knex to version 0.12.7

https://greenkeeper.io/

* chore: yarn.lock
2017-03-03 17:29:04 +01:00
Katharina Irrgang
efe24fa9ec 🐛 subscriber: sanitize email (#8078)
no issue
2017-03-03 15:44:07 +01:00
sahand12
481154a55b fix uid method in core/server/utils/index.js to return a string which length is equal to len argument (#8025)
closes #7998
2017-03-03 15:35:08 +01:00
Greenkeeper
b79df0e89a Update jsonpath to version 0.2.11 🚀 (#8004)
* chore(package): update jsonpath to version 0.2.11

https://greenkeeper.io/

* chore: yarn.lock
2017-03-03 15:24:00 +01:00
Greenkeeper
f74dbc47a6 Update superagent to version 3.5.0 🚀 (#8043)
* chore(package): update superagent to version 3.5.0

https://greenkeeper.io/

* chore: yarn.lock
2017-03-03 15:14:45 +01:00
Greenkeeper
499a2c846b Update validator to version 6.3.0 🚀 (#8049)
* chore(package): update validator to version 6.3.0

https://greenkeeper.io/

* chore: yarn.lock
2017-03-03 15:04:38 +01:00
Greenkeeper
d3954b7833 Update nock to version 9.0.9 🚀 (#8073)
* chore(package): update nock to version 9.0.9

https://greenkeeper.io/

* chore: yarn.lock
2017-03-03 14:54:49 +01:00
Greenkeeper
4fe24e5332 Update debug to version 2.6.1 🚀 (#7978)
* chore(package): update debug to version 2.6.1

https://greenkeeper.io/

* chore: yarn.lock
2017-03-03 14:53:59 +01:00
Greenkeeper
a9612f33be Update oauth2orize to version 1.8.0 🚀 (#8074)
* chore(package): update oauth2orize to version 1.8.0

https://greenkeeper.io/

* chore: yarn.lock
2017-03-03 14:48:44 +01:00
Greenkeeper
4fef487070 Update html-to-text to version 3.2.0 🚀 (#8075)
* chore(package): update html-to-text to version 3.2.0

https://greenkeeper.io/

* chore: yarn.lock
2017-03-03 14:44:02 +01:00
Greenkeeper
3c0adfaa28 Update body-parser to version 1.17.0 🚀 (#8083)
* chore(package): update body-parser to version 1.17.0

https://greenkeeper.io/

* chore: yarn.lock
2017-03-03 14:39:37 +01:00
Greenkeeper
1c45368150 Update express to version 4.15.0 🚀 (#8084)
* chore(package): update express to version 4.15.0

https://greenkeeper.io/

* chore: yarn.lock
2017-03-03 14:35:03 +01:00
Hannah Wolfe
e3c82c1643 🎨 Use settingsCache in theme handler (#8091)
no issue

- we already have the settingsCache here, makes no sense to call the API
2017-03-02 23:05:35 +01:00
Hannah Wolfe
a5ab2ffc13 🔥 🎨 No more updateSettingsCache (#8090)
no issue

🔥 Remove unnecessary cache update
🎨 simplify updateSettingsCache()
🎨 Simplify readSettingsResult
- although this is more code, it's now much clearer what happens in the two cases
🎨 Don't use readSettingResult for edit
🎨 Simplify updateSettingsCache further
🔥 Remove now unused readSettingsResult
🎨 Change populateDefault to return all
🎨 Move the findAll call out of updateSettingsCache
🔥 Remove updateSettingsCache!!
🎨 Restructure init & finish up settingsCache
- move initialisation into settingsCache.init AT LAST
- change settingCache to use cloneDeep, so that the object can't be modified outside of the functions
- add lots of docs to settings cache
🎨 Cleanup db api endpoints
🔥 Don't populate settings in migrations
2017-03-02 23:00:01 +01:00
Katharina Irrgang
9fafc38b79 🎨 deny auto switch (#8086)
* 🎨  deny auto switch

no issue

- deny auth switch after the blog was setup
- setup completed depends on the status of the user right now, see comments

* Updates from comments

- re-use statuses in user model
- update error message
2017-03-02 19:50:58 +00:00
Austin Burdine
144544e83d 🎨 fix admin and theme caching issues (#8058)
refs #7812, closes #7958

- fixes boolean logic wrt to theme cache value from config
- disable cache for admin assets in development
- only add asset hash in production
2017-03-02 18:18:21 +01:00
Greenkeeper
75ba25db3f Update ghost-ignition to version 2.8.8 🚀 (#8089)
* chore(package): update ghost-ignition to version 2.8.8

https://greenkeeper.io/

* chore: yarn.lock
2017-03-02 17:54:05 +01:00
Hannah Wolfe
f8b498d6e7 🔥 No more availableThemes (#8085)
no issue

🎨 Switch themes API to use config.availableThemes
- this gets rid of the only places where settings.availableThemes are used

🔥 Get rid of settings.availableThemes
- this is no longer used anywhere
- also get rid of every related call to updateSettingsCache

🔥 Replace config.availableThemes with theme cache
- Creates a tailor-made in-memory cache for themes inside the theme module
- Add methods for getting & setting items on the cache
- Move all references to config.availableThemes to use the new cache
- This can be abstracted later to support other kinds of caches?

🎨 Start improving theme lib's API
Still TODO: simplifying/clarifying:
- what is the structure of the internal list
- what is the difference between a package list, and a theme list?
- what is the difference between reading a theme and loading it?
- how do we update the theme list (add/remove)
- how do we refresh the theme list? (hot reload?!)
- how do we get from an internal list, to one that is sent as part of the API?
- how are we going to handle theme storage: read/write, such that the path is configurable

🎨 Use themeList consistently
🎨 Update list after storage
2017-03-02 17:53:48 +01:00
Katharina Irrgang
0b68458eb7 🎨 optimise requires for MigratorConfig (#8088)
no issue

- if knex-migrator loads the MigratorConfig too much stuff was required, which increases the memory usage
- i have deleted the IncorrectUsage errors for now, because this error should actually never appear
2017-03-02 16:02:23 +00:00
Hannah Wolfe
c70fbc2c7e 🎨 Collect & simplify package utils (#8080)
closes #8056

🎨 Collect together the package-related utils
- read directory actually reads a directory of packages
- parse package json is very tighly related to this

🎨 Move filterPaths -> packages.filterPackages
- this function is related to packages, not settings
- move the function to the new utils/packages
- add 100% test coverage

🎨 Simplify filterPackages code
🎨 Simplify reading of packages & themes
- This massively reduces all the complex code in the read packages & themes utils
- Added full test coverage

🎨 Improve & clarify active prop in filterPackages
- active is returned from API endpoints to combine data from multiple sources
- see https://github.com/TryGhost/Ghost/pull/8064#discussion_r103514810

🎨 Better error handling
🔥 Temporarily remove custom error templates
- we will reimplement this later when we have got a better concept of loading the active theme in place
- refs #8079
2017-03-01 14:09:31 +01:00
Katharina Irrgang
fa38257170 🐛 🎨 old accesstokens are not cleaned up (#8065)
closes #8035
- create auth/utils
- use authUtils.createTokens for all cases
- decrease the expiry of the old access token before creating a new one
2017-03-01 10:12:03 +00:00
kirrg001
23c0d691df Update brute-knex 🚀
- chore: yarn.lock
2017-02-28 18:35:58 +01:00
Greenkeeper
415d091578 Update passport-ghost to version 2.2.4 🚀 (#8072)
* chore(package): update passport-ghost to version 2.2.4

https://greenkeeper.io/

* chore: yarn.lock
2017-02-28 18:10:59 +01:00