Commit Graph

11763 Commits

Author SHA1 Message Date
Rishabh Garg
7182efdb88
🐛 Fixed special chars in single use token (#12290)
no refs

- The token generation logic for single use token was replacing only the first instance of + or / to make the token URL safe, instead of replacing all instances which caused a bug where token was not validated properly in case it included multiple + or / in it.

- The fix ensures replacing all the + or / in the token with URL safe _ or - so it can be properly validated via magic link
2020-10-20 11:49:20 +05:30
Naz
635580f291 Fixed "no-shadow" linting in a test suite
refs 1439219
2020-10-20 13:19:33 +13:00
naz
8ddf83f3c5
Fixed "no-shadow" linting error in server modules (#12287)
refs 143921948d

- Continuation of changes started in referenced commit
2020-10-20 12:02:56 +13:00
naz
38b7f8e311
Fixed "no-shadow" linting error in server/data modules (#12288)
refs 143921948d

- Continuation of changes started in referenced commit
2020-10-20 11:56:46 +13:00
Renovate Bot
8cf644d5ba
Update dependency @tryghost/kg-markdown-html-renderer to v2.0.3 2020-10-19 18:05:31 +00:00
Renovate Bot
79c49a8262
Update dependency @tryghost/kg-card-factory to v2.1.3 2020-10-19 16:07:31 +00:00
Kevin Ansfield
d08b586781 🐛 Fixed width/height attributes in gallery cards not matching resized images
closes https://github.com/TryGhost/Ghost/issues/11548

- bumps @tryghost/kg-default-cards
  - introduces a breaking change where `imageOptimization` is passed as an options argument instead of separating out individual config options
  - fixes width/height attributes for images in gallery cards being larger than the max default width used when resizing images
2020-10-19 17:05:57 +01:00
Fabien 'egg' O'Carroll
7097cfe8a4
Updated @tryghost/members-api to 0.33.3 (#12292)
closes https://github.com/TryGhost/Ghost/issues/12270
refs https://github.com/TryGhost/Members/pull/209

This includes a change to member creation after a Stripe Checkout, we
now add the name from the default payment method at creation, rather
than updating it after.
2020-10-19 13:06:51 +01:00
Kevin Ansfield
3148d6a946
Moved definition of default max image width to config (#12289)
no issue

- centralises definition of max width and allows customisation if needed
- allows for passing of the config value through to rendering libraries
2020-10-19 08:56:18 +01:00
Naz
143921948d Fixed "no-shadow" eslint warning in tests
refs b6728ecb0f

- The "no-shadow" eslint rune was introduced into ghost's eslint plugin (referenced commmit), which resulted in flood of warning in console output when linting the project codebase.
- This cleanup is aiming to make any new linting issues more visible. Follow up commits will contain similar cleanups in other parts of the codebase
2020-10-19 17:45:26 +13:00
Renovate Bot
b61fb2a867
Update dependency mocha to v8.2.0 2020-10-16 21:23:19 +00:00
Renovate Bot
1700206aa7
Update dependency @tryghost/helpers to v1.1.33 2020-10-16 18:05:47 +00:00
Kevin Ansfield
49ceafc4eb Fixed errant .only in tests
refs 16bfb3fa41
2020-10-16 18:05:18 +01:00
Kevin Ansfield
16bfb3fa41 Added basic CRUD admin API for snippets
no issue

- standard browse/read/add/edit/destroy API endpoints for snippets resource
- updates `@tryghost/admin-api-schema` dependency to version that includes snippet definition and schemas
2020-10-16 18:02:58 +01:00
Kevin Ansfield
e5a92be932 Fixed typo in snippets permission fixtures
refs https://github.com/TryGhost/Ghost/pull/12283

- `delete` -> `destroy` for action type
2020-10-16 17:46:31 +01:00
Kevin Ansfield
15afed4b81
Added snippets permissions migration and fixtures (#12283)
no issue

- all staff users can browse/read snippets so they're usable in the editor for everyone
- only administrators, editors, and admin integrations are able to create/edit/delete snippets
2020-10-16 12:53:09 +01:00
Kevin Ansfield
74269070dd
Added migration for snippets table creation (#12282)
no issue

- minimal table structure required for the first iteration of content snippets
- snippets are stored pieces of re-usable content that could effectively be entire posts so the `mobiledoc` field length matches the `posts.mobiledoc` field length
2020-10-16 12:52:06 +01:00
Naz
34875b85f3 Added test coverage for members search
no issue

- This test confirms there is no 404 returned when search fails to find any results. It's important to return a 200 in this case as some API clients (e.g. Zapier integration) could treat non-2xx responses as errors
2020-10-16 13:10:40 +13:00
Renovate Bot
8ecd6a7c71 Update dependency @tryghost/members-api to v0.33.2 2020-10-15 12:45:19 +01:00
Rish
288de8758a Fixed test for ignoring member email address'
no issue

- Fixed test for members from address being ignored in import
- Adds test for members support address being ignored in import
2020-10-15 16:05:49 +05:30
Rish
a5a7515fe8 Fixed typo in private setting import
no refs

Last commit introduced a small typo in how private setting is ignored during import
2020-10-15 15:55:24 +05:30
Rish
3e0948d04e Ignored member email settings in import
no issue

- Member email settings - newsletter and support - was previously being set to null for all cases, which can lead to `null` values being set for those addresses on a successful import whereas the expected behavior is to retain the old values.
- Adds the 2 email settings to ignored settings list so they are not changed during import process
2020-10-15 15:32:05 +05:30
Rish
54e638310c Added default support address for member site data
no issue

- In a case where support address is null, member's site data won't load as there was no fallback.
- The fix adds default `noreply` as the support address for site data
2020-10-15 14:44:16 +05:30
Fabien O'Carroll
a9b3d83e00 Loaded Action model after all other models
no-issue

The Action model loops through all registered models when the file is
loaded, by loading the model last, we ensure that it can read all
models, rather than an arbitrary selection which come before it.
2020-10-14 15:11:45 +01:00
Fabien O'Carroll
0fd0527da0 Fixed creation of EmailBatch and EmailRecipient collections
no-issue
2020-10-14 15:11:45 +01:00
Renovate Bot
2cf5ca546b Update dependency @tryghost/string to v0.1.13 2020-10-14 08:45:29 +01:00
Renovate Bot
92f98a8d36 Update dependency @tryghost/url-utils to v0.6.22 2020-10-14 08:00:51 +01:00
Renovate Bot
a22da3c5a6 Update dependency @tryghost/social-urls to v0.1.14 2020-10-14 08:00:27 +01:00
Renovate Bot
f3643b2804 Update dependency @tryghost/html-to-mobiledoc to v0.7.5 2020-10-14 08:00:05 +01:00
Renovate Bot
eb1b30d520
Update dependency @tryghost/helpers to v1.1.32 2020-10-14 00:25:14 +00:00
naz
392140cb36
Allowed for comped field when creating a member through Members API (#12278)
closes #12273

- `comped` field has been allowed when editing a member or importing from a CSV. There has been a usecase (Zapier Integration) for API client to create a member with "Complimentary" plan, which made this change necessary
- Previously the logic for comped field was to skip and continue member record creation if Stripe was not connected. Now we throw an error - same as the one we have been throwing before when stripe_customer_id field was passed in. The implication of this change is that we won't be creating any record now if comped === true and Stripe is disabled. 
- Bumped admin-api-schema-package. Contains `comped` schema change so this field gets passed through to controller
2020-10-14 13:24:09 +13:00
Renovate Bot
d81b9c93b2
Update dependency @sentry/node to v5.26.0 2020-10-12 15:31:54 +00:00
Renovate Bot
7e52241451
Update dependency ajv to v6.12.6 2020-10-12 00:06:54 +00:00
Renovate Bot
e821b7eef9
Update dependency eslint to v7.11.0 2020-10-09 21:06:17 +00:00
Daniel Lockyer
f81e0755cc v3.35.5 2020-10-08 11:00:35 +01:00
Daniel Lockyer
39ff4fe688 Updated Ghost-Admin to v3.35.5 2020-10-08 11:00:35 +01:00
Kevin Ansfield
8ad384d7f8 🐛 Fixed scheduled post emails pointing at /404/ for the "view online" link
no issue

When scheduling a post to publish+send the "view online" link was pointing at https://site.com/404/ rather than the published post's url.

The problem occurred because the `/schedules/` endpoint wraps it's post read+edit calls in a transaction. Context:
- when a post is published with with the "send email" option the email record is immediately generated and added to the API response, as part of the email record generation we render the email content including fetching the url for the "view online" link
- urls for all resources are handled by our `url` service, that service updates it's internal cache based upon model events such as the "edited" event triggered when a post is published
- if the posts API controller is given a transaction, the email record is also generated inside of that transaction however at this point the `url` service will not have been updated because the post record hasn't been committed meaning it has no available url for the post

Fix:
- removed the `models.Base.transaction()` wrapper around the post read+update in the `/schedules/` API controllers
- we don't need a transaction here. It was added as protection against another write request coming in between the `/schedules/` controller reading a post and publishing a post but we already have protection against that in the form of collision detection - if a write request comes in and commits between the schedules controller reading the post and updating it, the scheduler's update call will fail with a collision error at which point the scheduler itself should retry the request which could then publish the post successfully if everything else is in order
2020-10-08 10:26:49 +01:00
Renovate Bot
eaae62d814
Update dependency sinon to v9.2.0 2020-10-06 19:09:59 +00:00
Daniel Lockyer
8c25719227 v3.35.4 2020-10-06 09:55:49 +01:00
Daniel Lockyer
90a00ab3e5 Updated Ghost-Admin to v3.35.4 2020-10-06 09:55:49 +01:00
Fabien 'egg' O'Carroll
98a76f4a78
Updated @tryghost/members-api to 0.33.0 (#12261)
no-issue

This removes some webhook cleanup code, which means that webhooks should
be static for the lifetime of a sites url. Rather than being destroyed
and recreated on each boot. This should keep webhooks more stable and
avoid issues when running two instances of Ghost with the same config.
2020-10-06 09:45:37 +01:00
Kevin Ansfield
9cbeb74db0
🐛 Fixed broken embeds cards when pasting links to Wordpress sites (#12262)
closes https://github.com/TryGhost/Ghost/issues/12260

- if a card type was not explicitly chosen (i.e. a url was pasted into the editor) then abort fetching the oembed endpoint if we detect it's a `wp-json` oembed and return a bookmark card payload instead
- cleaned up an unused argument in the internal `fetchBookmarkData()` method
2020-10-06 08:44:03 +01:00
Renovate Bot
ce4da16edb
Update dependency @tryghost/members-api to v0.33.0 2020-10-05 17:35:20 +00:00
Kevin Ansfield
cde364bf27 🐛 Fixed email card replacements showing raw replacement text in emails
closes https://github.com/TryGhost/Ghost/issues/12257

- there was a destructuring problem introduced in the recent email refactor which meant the correct replacement data was not being passed over to the Mailgun provider when sending email
2020-10-05 17:24:48 +01:00
Kevin Ansfield
4f211d025d Fixed members with multiple subscriptions receiving multiple newsletters
closes https://github.com/TryGhost/Ghost/issues/12259

- adds a `DISTINCT` to the query used to fetch member rows when generating an email recipient list
- this increases query time 2.7s vs 1.6s locally with ~94k paid members but once the `members.paid` column is implemented this slow query can be removed
2020-10-05 16:53:35 +01:00
Renovate Bot
b27faeb138
Update dependency @sentry/node to v5.25.0 2020-10-05 12:55:19 +00:00
Renovate Bot
f54201ceef Update dependency jwks-rsa to v1.10.1 2020-10-05 07:59:42 +01:00
Naz
39e403d176 🐛 Fixed meta attributes calculation on post preview
closes https://github.com/TryGhost/Ghost/issues/12247

- Internal preview controller was lacking "mapping" call to post object which handled not only missing meta attribute information but lots of other mappings (e.g. users, tags, etc.)
- Have added a regression test to catch issues like this in the future
2020-10-05 17:52:40 +13:00
Renovate Bot
b34f2e86fb
Update dependency uuid to v8.3.1 2020-10-05 00:06:30 +00:00
Theodore Chu
230f1358cb
Updated link to upgrade documentation (#12251)
no issue

- Updated link avoid unnecessary redirect
2020-10-05 11:44:54 +13:00