Commit Graph

1392 Commits

Author SHA1 Message Date
Hannah Wolfe
705a72431d
Removed GET settings/:key route
refs: https://github.com/TryGhost/Team/issues/1625

- there's not really a usecase for this route, so removing so we don't have to maintain it
2022-05-13 23:18:53 +01:00
Hannah Wolfe
37818a1b71
Removed settings that are no longer in use (#14802)
refs: TryGhost/Team#1625
refs: TryGhost/Team#1558

- none of these settings are actively used anymore

Co-authored-by: Daniel Lockyer <hi@daniellockyer.com>
2022-05-13 21:19:21 +01:00
Simon Backx
a95e9d0b7b
Fixed error in newsletter editing limit checks (#14817)
refs https://github.com/TryGhost/Team/issues/1583
refs https://ghost.slack.com/archives/C02G9E68C/p1652397268702749?thread_ts=1652397192.822389&cid=C02G9E68C

Used `model.status` instead of `model.get('status')`, resulting in undefined, resulting in `!== 'active'` to return true. Also added a test case for editing active newsletters.
2022-05-13 10:15:35 +02:00
Hannah Wolfe
dec6a4d72a Removed unused getPaymentConfig method
refs: https://github.com/TryGhost/Team/issues/1625

- this references unused stripe_product_name setting and defunct stripe_plans setting, but is not used anywhere
2022-05-12 20:05:10 +01:00
Hannah Wolfe
cd20738d65 Removed support for editing members_from_address
refs: https://github.com/TryGhost/Team/issues/1625
refs: https://github.com/TryGhost/Team/issues/1558

- the members_from_address setting is no longer used, instead we use newsletters from address
2022-05-12 20:05:10 +01:00
Hannah Wolfe
5cc7a54edc
Replaced Products with Tiers API endpoints
ref: https://github.com/TryGhost/Team/issues/1145
ref: 8f8b7e7364

- The /products/ endpoint was replaced with /tiers/ some time ago but we didn't finish the switch
- The work is complete now, so can remove the endpoint entirely and cleanup remaining usages
2022-05-12 19:59:57 +01:00
Hannah Wolfe
a58ac016be
Swapped setup to use tiers API endpoint
refs: https://github.com/TryGhost/Team/issues/1145

- the products endpoint is going away in favour of tiers
2022-05-12 19:48:27 +01:00
Hannah Wolfe
b6d9389124
🔥 Removed legacy product + price helpers from themes
refs: https://github.com/TryGhost/Team/issues/1145
refs: https://github.com/TryGhost/Ghost/issues/14446

- remove legacy members theme helpers @products @product @price and @members.products
- all of these have been replaced with new concepts with the introduction of tiers
2022-05-12 18:58:01 +01:00
Rishabh Garg
afd92813c8
Added subscribe_on_signup to newsletter content API data (#14808)
- portal needs this to show default newsletter subscription during signup
2022-05-12 21:31:50 +05:30
Hannah Wolfe
962971c436
🔥 Removed members/api/site
closes: https://github.com/TryGhost/Team/issues/1599

- remove the now unused members/api/site endpoint
- portal now talks to the content API instead
2022-05-12 16:21:47 +01:00
Matt Hanley
0d379a9264 Added permissions for Authors to read labels
refs https://github.com/TryGhost/Team/issues/1618

- Authors require access to labels as part of the publish + send workflow
2022-05-12 16:07:05 +01:00
Rishabh Garg
f4066067e4
Extended public settings to include portal settings (#14801)
refs https://github.com/TryGhost/Team/issues/1599

- adds `portal_*` settings to public settings endpoint
- adds calculated `firstpromoter_account` setting for public settings endpoint
- also adds Ghost `version` information
2022-05-12 19:54:45 +05:30
Hannah Wolfe
de118b0b04
Renamed lang and session_secret default settings (#14791)
refs: https://github.com/TryGhost/Toolbox/issues/327

- lang / locale has had a lot of churn, but we decided this setting should always be locale
- session_secret is too generic as we have multiples of these
2022-05-12 15:07:05 +01:00
Matt Hanley
1fabd76391 Added newsletter permissions for Editors and Authors
refs https://github.com/TryGhost/Team/issues/1618

- Editors and Authors require read access to newsletters as part of the publish + send workflow
2022-05-12 14:46:55 +01:00
Matt Hanley
78d1132b13
Updated theme card asset default setting (#14789)
refs https://github.com/TryGhost/Team/issues/1611

- For Ghost 5.0 card assets will be included by default, including bookmark and gallery cards
2022-05-12 14:44:31 +01:00
Rishabh Garg
725c2673ea
Added offer read endpoint to content API (#14794)
refs TryGhost/Team#1599

- allows offer details to be fetched via content API directly
2022-05-12 18:16:10 +05:30
Simon Backx
3214186f98
Improved newsletter limit checking (#14780)
refs https://github.com/TryGhost/Team/issues/1583

- Check limits when unarchiving newsletters
- Added tests for more scenarios
- When editing/adding newsletters, the limit check happens in the same transaction.
- `limit-service` was bumped to add transactions support
- Added transaction support for edit in newsletter service
2022-05-12 14:28:45 +02:00
Matt Hanley
3398e0d07d Added test for Author user publishing a post and sending a newsletter 2022-05-12 12:45:42 +01:00
Naz
9236b8a397 Relaxed validation rules + removed unknown properties
refs https://github.com/TryGhost/Toolbox/issues/314

- The API principle guiding this change is the Robustness Principle: "be conservative in what you send, be liberal in what you accept". The API will start accepting any additional properties that are not explicitly defined in the schema for the resource and will be trimming any rogue properties that are sent in the payload
2022-05-12 18:06:38 +08:00
Naz
7252f03824 Improved assertions
refs https://github.com/TryGhost/Toolbox/issues/283
2022-05-12 13:54:21 +08:00
Naz
a1e1feb125 Added 'Content-Version' header to outgoing webhook requests
refs https://github.com/TryGhost/Toolbox/issues/283

- The header is needed to signal to the webhook subscribers the content version they are being served. This should imrove API version compatibility and allow for the client to handle incoming data better
2022-05-12 13:54:21 +08:00
Naz
2a3be178ab Refactored trigger test to us assert instead of should
refs https://github.com/TryGhost/Toolbox/issues/283

- Should assertion library is outdated and it's preferred to use native assert to make assertions
2022-05-12 13:54:21 +08:00
Naz
21c2c5579b Refactored webhook triggering to be asyc
refs https://github.com/TryGhost/Toolbox/issues/283

- In tests we need assurance that the triggering of webhooks has been finished before making assertions. Doing this was impossible with a previous fire-and-forget style of the request call.
- The change also adds an optional "request" parameter to be able to override the request library used internally - this is purely for testing purposes.
2022-05-12 13:54:21 +08:00
Naz
67dca08df8 Refactored trigger module to be testable
refs https://github.com/TryGhost/Toolbox/issues/283

- Current trigger module handling webhook paypload delivery isn't testable! It sucks to add features to it without assurance things still work
- Apart from expanding the test suite this changeset also needs live testing - setting up webhooks etc.
2022-05-12 13:54:21 +08:00
Naz
586af2500c Fixed tests
refs f10f224668
2022-05-12 13:54:21 +08:00
Rishabh Garg
3836030950
Allowed tiers include and data for member endpoints (#14790)
refs https://github.com/TryGhost/Team/issues/1145

- allows members endpoint to accept `?include=tiers`
- allows members endpoint to return `tiers` data
2022-05-11 22:26:03 +05:30
Hannah Wolfe
409dc3b534
Added frontend key to ghost_head for portal (#14782)
refs: https://github.com/TryGhost/Team/issues/1599
refs: f3d5d9cf6b

- this commit adds the concept of a frontend data service, intended for passing data to the frontend from the server in a clean way. This is the start of a new & improved pattern, to hopefully reduce coupling
- the newly added internal frontend key is then exposed through this pattern so that the frontend can make use of it
- the first use case is so that portal can use it to talk to the content API instead of having weird endpoints for portal
- this key will also be used by other internal scripts in future, it's public and therefore safe to expose, but it's meant for internal use only and therefore is not exposed in a generic way e.g. as a helper
2022-05-11 17:34:31 +01:00
Rishabh Garg
9f85f7a4fe
Added newsletters endpoint to Content API (#14778)
refs https://github.com/TryGhost/Team/issues/1599

- allows active newsletters data to be fetched via content API
2022-05-11 21:36:43 +05:30
Simon Backx
837e11b4d8
Fixed email preview using wrong newsletter (#14756)
refs https://github.com/TryGhost/Team/issues/1603

When previewing a scheduled/published post via Post editor menu > E-mail newsletter > Preview in browser. The e-mail template from the default newsletter was used instead of the newsletter that was selected when scheduling the post.
2022-05-11 17:52:24 +02:00
Hannah Wolfe
196b8ad0da
Removed active_timezone, default_locale & locale compat (#14788)
- These settings no longer exist, having been renamed to timezone and lang
- As of 5.0 we no longer need any kind of backwards compatibility outside of the importer
- We making breaking changes and cleaning up as many old code paths as possible 
- We have not really exposed the admin Settings API, meaning backwards compatibility was more for internal use
- We will be changing lang back to locale, but that's a separate issue and won't need backwards compatibility
2022-05-11 16:22:25 +01:00
Matt Hanley
ae45579903 Promoted feature flags for v5 features to GA 2022-05-11 15:55:15 +01:00
Hannah Wolfe
b29852b012
🔥 Removed support for http/https mixed mode (#14783)
closes: https://github.com/TryGhost/Toolbox/issues/324
refs: https://github.com/TryGhost/Ghost/issues/14446

- Currently, if url is configured to http but a request is marked secure, Ghost will handle upgrading all internal URLs to https so that there are no mixed content warnings
- From 5.0 that feature is going away, in favour of strictly honouring the configured URL
- Ghost will serve URLs exactly as configured and won't upgrade http to https anymore
- This use case was common when Ghost was first built, but in 2022 the web is mostly https.
- The code needed to support the feature creates a lot of additional complexity & maintenance overhead, so removing this gives us space to do more cool and useful stuff in 2022
2022-05-11 14:53:23 +01:00
Daniel Lockyer
84a10daebf
🏗 Dropped webhooks.status column (#14713)
refs https://github.com/TryGhost/Toolbox/issues/309

- this column is not used and I was going to add `validation` to it but
  it's better to clean it up and re-add the column if we need it again
2022-05-11 14:11:47 +01:00
Naz
961e300e77 Fixed tests
refs f10f224668
2022-05-11 16:18:12 +08:00
Hannah Wolfe
c5ba27e2b5
Added initial concept of calculated settings (#14766)
refs: https://github.com/TryGhost/Team/issues/626

- calculated settings are simplified settings (booleans) that are based on other settings or data
- they make it easier for us to determine what state features are in elsewhere in ghost e.g. admin and themes
- this duplicates some of the members config concepts in the settings service
2022-05-10 21:49:38 +01:00
Hannah Wolfe
54b4a3c351
Renamed settings index.js to settings-service.js
- in line with our policy of not keeping logic in index.js files
- Note: callign all services service.js is no more helpful :D
2022-05-10 20:55:31 +01:00
Aileen Nowak
56a1143e53 Fixed incorrect usage of limit config causing Ghost not to boot
no issue

- When applying an incorrect limits config, or missing expected values, Ghost would not boot as the errors would interrupt this process, which should not happen
- This commit catches the error thrown by the limit-service on boot sequence and transforms it into a warning if it's an `IncorectUsageError`. Other errors are handled as before
- Added a test for the limit-service service
2022-05-10 15:47:45 -04:00
Hannah Wolfe
ddb718f0bb
Fixed settingsCache returning falsy as null
refs: e68cb8b314

- a couple of months ago when improving the test coverage here I found some weird behaviour with falsey values
- turned out it didn't matter at the time because we didn't have any settings that are false
- with the introduction of calculated settings we will have: https://github.com/TryGhost/Ghost/pull/14766
- whilst building that, I found settings that should be returned as false were being returned as null
- fixing it in a separate commit to keep the work clean
2022-05-10 20:37:03 +01:00
Hannah Wolfe
b911c66bb6
Fixed legacyApiPathMatch not working with subdirs
- The recently refactored path matching code forgot to take into account that originalUrl can include the subdir
- Added more permutations to tests and ensured that all tests pass
- This means we don't have to worry about what sort of path we pass to the function, it'll figure out the version and api info
2022-05-10 13:57:06 +01:00
Simon Backx
f732b0181d
Fixed last_seen updated for suspended users (#14715)
refs https://github.com/TryGhost/Team/issues/1461

- A suspended user was able to make it through the Express middlewares to the `updateUserLastSeen` middleware, until it was halted when checking the user permissions in the API pipeline. This was only the case for session logins, not for API keys.
- For API keys, the user status is checked:
6dc3f1bf56/core/server/services/auth/api-key/admin.js (L178-L181)
- In the session middleware, the `findUserById` in `getUserForSession` didn't filter on the active status of users:
be4146e324/core/server/services/auth/session/middleware.js (L22-L27)
- This has been fixed now by updating the sessionService's `findUserById` method.
2022-05-10 13:34:12 +02:00
Hannah Wolfe
f3d5d9cf6b Added internal frontend integration
refs: https://github.com/TryGhost/Team/issues/1599

- add an internal integration for Ghost's frontend to talk to the content API
- this is so that portal and future features can access our APIs through the correct mechanism of an API key
2022-05-10 11:43:07 +01:00
Daniel Lockyer
b794c6885e Deleted membersActivity flag
refs https://github.com/TryGhost/Toolbox/issues/325

- this was used for an alpha proof-of-concept for member activity data
  collection but we're rethinking the strategy so this is the easiest
  way to ensure it can't be enabled when the database table has been deleted
2022-05-10 11:19:58 +01:00
Daniel Lockyer
98a8fa8b0d Dropped temp_member_analytic_events table
refs https://github.com/TryGhost/Toolbox/issues/309

- this table was used an an experiment for member analytics
- as we rethink the strategy, we can take the opportunity to clean the table up
2022-05-10 10:00:19 +01:00
Daniel Lockyer
c8d6024a0c Dropped subscribed column in members table
refs https://github.com/TryGhost/Toolbox/issues/309

- this column is now a calculated value based upon the relation of a
  member to a newsletter
- we should no longer need `subscribed`, so this migrations cleans up
  the column in the DB
2022-05-09 16:47:43 +01:00
Simon Backx
5657019e47
Fixed wrong newsletter used when sending scheduled post (#14734)
refs https://ghost.slack.com/archives/C02G9E68C/p1651939076681719

Cause:
- When a scheduled post was published via the post scheduler, no `newsletter_id` option is passed when editing the post.
- When editing a post via the posts service, without the `newsletter_id` option, the `newsletter_id` option is automatically set to the default newsletter's id.
- Inside the post model, this new `newsletter_id` was not saved, because it was already set, and changing it is prevented.
- The `mega` service wasn't using the (unchanged) post's newsletter_id, but used the option instead, which contained the default newsletter's id.

Fix:
- Always using the newsletter_id from the post and requiring the newsletter associated with a post to exist.
- This behaviour can be/is tested by publishing a scheduled post without any option.

Also cleaned up some `Object.assign` usages.
2022-05-09 17:30:50 +02:00
Rishabh Garg
4d6b3568c5
Enabled Admin integration for newsletters API (#14714)
refs https://github.com/TryGhost/Team/issues/1546

- allows newsletters API to work with Admin API keys
- updates fixtures to add permissions to admin integration role for new sites
- adds migration to update existing sites to have correct permissions for role
- whitelists add/edit/read/browse on newsletters API for integrations
2022-05-09 20:46:34 +05:30
Daniel Lockyer
e10f33e30f Added users.status validation to the schema
refs https://github.com/TryGhost/Toolbox/issues/309

- this commit adds a validation array of valid user `status` values to
  the schema
- this also includes a migration to update users with invalid statuses
  to `inactive`, which I've seen with `invited` and `invited-pending`
  statuses that pre-dated proper invitations
- this also deletes tests that were wrong and written 7 years ago before
  invites was added
2022-05-09 16:13:44 +01:00
Daniel Lockyer
f48a668671 Removed unused defaults from text columns in schema
refs https://github.com/TryGhost/Toolbox/issues/309

- I originally started looking at this because I wanted to change the default of
  `emails.recipient_filter` for old DBs to `status:-free`
- we changed these columns to a `text` type, which doesn't support
  defaults
- the tables already have defaults set in the model, so the only change
  needed here is to delete the `defaultTo` in the schema to avoid
  confusion
- on the way, I ended up fixing 51498abb5c too
2022-05-09 14:31:35 +01:00
Daniel Lockyer
1c12557c46 🏗 Dropped oauth table
refs https://github.com/TryGhost/Toolbox/issues/309

- we're removing the OAuth prototype and the table was never used, so we
  should be good to drop it
- this commit adds a migration to drop the table
2022-05-09 14:18:01 +01:00
Naz
7fbf2a62ac Removed support for single "author" shorthand in fixtures
refs https://github.com/TryGhost/Toolbox/issues/230

 - The test fixtures should be using `authors: [{id:...}]` syntax instead of relyin on `author_id` or `author` - these are deprecated concepts that should go away from the codebase
2022-05-09 20:43:19 +08:00