refs https://github.com/TryGhost/Team/issues/1575
- Updates the admin-api-schema to reflect new data structure
- Updates members-api to allow Portal to use new data structure
- Data is only mapped at the serialised level to avoid changing the underlying implementation
- Ensure only one version of domain-events present in yarn.lock
refs https://github.com/TryGhost/Toolbox/issues/314
- Writing schema definitions will become more concise without a need to specify all valid resource properties that could be accepted by the Admin API - no need to define "strip" attribute on every known
refs https://github.com/TryGhost/Toolbox/issues/329
- Adds and improves gscan checks for use of following helpers:
- @labs.members
- @member.products
- @price
@labs.members going in favour @site.members_enabled
@member.products gone in favour of @member.subscriptions
@price and it's variations gone in favour of {{price}} + {{@member.subscriptions}}
refs https://github.com/TryGhost/Team/issues/1583
- Check limits when unarchiving newsletters
- Added tests for more scenarios
- When editing/adding newsletters, the limit check happens in the same transaction.
- `limit-service` was bumped to add transactions support
- Added transaction support for edit in newsletter service
refs https://github.com/TryGhost/Toolbox/issues/314
- The API principle guiding this change is the Robustness Principle: "be conservative in what you send, be liberal in what you accept". The API will start accepting any additional properties that are not explicitly defined in the schema for the resource and will be trimming any rogue properties that are sent in the payload
closes: https://github.com/TryGhost/Toolbox/issues/324
refs: https://github.com/TryGhost/Ghost/issues/14446
- Currently, if url is configured to http but a request is marked secure, Ghost will handle upgrading all internal URLs to https so that there are no mixed content warnings
- From 5.0 that feature is going away, in favour of strictly honouring the configured URL
- Ghost will serve URLs exactly as configured and won't upgrade http to https anymore
- This use case was common when Ghost was first built, but in 2022 the web is mostly https.
- The code needed to support the feature creates a lot of additional complexity & maintenance overhead, so removing this gives us space to do more cool and useful stuff in 2022
refs https://github.com/TryGhost/Toolbox/issues/292
- Copy improvements were done base on feedback. Makes the information in the email more concise and removes unecessary/unsecure bits like query strings.
refs https://github.com/TryGhost/Toolbox/issues/292
- Providing user-defined Integration name instead of API client's UserAgent gives a lot more control to instance administrators identifying which integration is being used incorrectly.
- It's best practice to create an Integration with a set of API keys per API client - which should be enough to identify an outdated one.
refs https://github.com/TryGhost/Toolbox/issues/292
- The version mismatch notification emails were missing a URL of the endpoint that was being accessed by an outdated integraton
- Also squeezed in a refactor simplifying APIVersionCompatibilityService initialization
- these packages have had minor code changes or dependency updates that
have forced us to publish the packages in Lerna
- this commit updates all packages in one rollup commit
- updated usage of url-utils.urlFor to work with v3
Co-authored-by: Renovate Bot <bot@renovateapp.com>
Co-authored-by: Hannah Wolfe <github.erisds@gmail.com>
refs https://github.com/TryGhost/Toolbox/issues/292
- This change allows to reuse existing pattern present in Ghost on the version mismatch service layer, where we define the contents of the sent email through email templates instead of plain text.
- Apart form templates, there's now failed request URL present in the data passed to the email template along with site title and site url
refs https://github.com/TryGhost/Team/issues/1577
The last seen at was being updated via the model rather than the
respository, which mean that the default relations were not being
loaded.
This fix updates the repository to load the newseletters relation,
updates the last seen at updated to use the repository and updates the
output serializer to handle missing newsletter relation.
We also update all packages relying on the domain-events package to
ensure that they're all using the same version.
Co-authored-by: Fabien 'egg' O'Carroll <fabien@allou.is>
refs https://github.com/TryGhost/Toolbox/issues/292
- Following the concept of having as little code in Ghost core as possible :) The email content generation is also needed to be reused in the version mismatch handling package.
- these packages contain minor code or dependency updates but we're
forced to publish them because of Lerna
- this commit rolls up all pending updates into one commit to save noise
refs https://github.com/TryGhost/Team/issues/1545
**Changes (`members-api`)**
- Compare via https://github.com/TryGhost/Members/compare/%40tryghost/members-api%406.0.0...%40tryghost/members-api%406.1.0
- Added mapping from member subscribed to newsletters on edit/create
- When editing or creating a member with the subscribed property, it is mapped to the corresponding newletters value
- Defaults to all active newsletters with visibility = members and subscribe_on_signup = true
**Tests**
- Adds test that adds a member with subscribed = true
- Adds test that adds a member with subscribed = false
- Adds test that edits a member with subscribed = true
- Adds test that edits a member with subscribed = false
- these packages contain only code changes or dependency updates but
we're force to publish new versions due to Lerna's limitations
- this commit bulk updates the packages to save having many commits
refs 58ace0af76
- please see the referenced commit above for full context but this
commit bumps `@tryghost/nodemailer`, which contains a fix for reading
credentials when using the SES mail transport
- credits to @touzoku
refs https://github.com/TryGhost/Team/issues/1478
- Moved all admin API members tests to enable the multiple newsletters flag
- Checks if the susbcribe events are added correctly when adding or removing newsletters
- Checks if susbcribe events are added for default newsletters
refs https://github.com/TryGhost/Team/issues/1524
- This enables admins in the ghost admin to have an overview of the total posts/members associated with a newsletter.
- Follows the `?include=count.x` convention used by other resources
- I had to fork this dependency to add support for Knex 2.0 but yarn is
weird and won't bump it if we use `master` because "nothing changed"
- Using a hash should force yarn to pull the changes if the hash gets
updated
refs fccee0614f
- `@tryghost/nql-lang` had `date-fns` declared as a devDependency but it
was used within the library itself
- the referenced commit moved it to `dependencies` and this commit bumps
the packages in Ghost
- we had to switch to `@vscode/sqlite3` a while back because `sqlite3`
was unmaintained
- this fork didn't come with prebuilt binaries, so everyone had to
compile them on their machine
- this brought a lot of issues with installing Ghost
- since then, the Ghost team have picked up maintenance of `sqlite3` and
Knex has switched back, so we can switch back here too
refs https://github.com/TryGhost/Toolbox/issues/280
- Email notification handling logic needs to be added to Ghost. Ideally there should be as little code landing in the core as possible - mostly data fetching and hooking modules together.
- The primary email handling logic for the `Accept-Version`/`Conent-Version` header missmatch is done in `api-version-compatibility-service` module, and the `mw-api-version-mismatch` allows to intercept request with the missmatch and call the api version compatibility service to do it's job. The mw-error-handler gives each case of client BEHIND or AHEAD of the Ghost version a unique error code, so that the versioning compatibility service has data to distinguish different cases
refs https://github.com/TryGhost/Team/issues/1520
**Changes in members repo**
Bumped to `5.12.0`, with the following changes:
- Compare differences via https://github.com/TryGhost/Members/compare/%40tryghost/members-api%405.11.1...%40tryghost/members-api%405.12.0
- Instead of doing the matching of the offers and subscriptions by looking at the offer redemptions, we can now look at the offer_id from subscriptions.
- This also fixes an issue where we don't attach the offer object to subscriptions in the members' browse method
- Updated browse behaviour to match the read behaviour of members (product relation needs to get loaded because it is missing in member.products if the subscription is expired).
**Tests**
- Includes test to see if the API correctly returns the offer object when fetching one or multiple members
- Check if the return format is the same for the read, edit and browse members admin API endpoints (offer was missing in subscriptions)
- Snapshot files have been updated because now the offer is returned in subscriptions (content length increased)
refs https://github.com/TryGhost/Team/issues/1519
**Tests:**
- Tests whether the metadata from an offer is read correctly and stored in the database
- Test that invalid offer ids are ignored
**Changes in members repository:**
- Compare changes here: https://github.com/TryGhost/Members/compare/%40tryghost/members-api%405.9.2...%40tryghost/members-api%405.11.1
- The `offer_id` column of subscriptions is set based on the coupon id from Stripe
- `getByStripeCouponId` method added in the offers repository (required to look up an offer from a stripe_coupon_id)
- the `members-payments` package was bumped twice (once for changes, once for undoing those changes, my bad). Nothing else has changed in that package.
refs https://github.com/TryGhost/Toolbox/issues/267
- Node 12 becomes EOL on April 30th so we're going to be dropping
support for it in Ghost
- this commit updates the Node engine ranges so CLI can pick this up,
and drops 12.22.1 from the CI matrix
refs https://github.com/TryGhost/Team/issues/1469
Previously, members were subscribed to all available newsletters by default when added. This change updates the default newsletters subscription for member to take into account newsletter preferences for auto opt-in(`subscribe_on_signup`) as well as `visibility`.
refs https://github.com/TryGhost/Team/issues/1490
With multiple newsletters, members can choose their newsletter subscription preference in Portal while signing up. This change handles newsletter preference data for both free and paid members via magic link/stripe checkout and saves it for the newly created member.
refs https://github.com/TryGhost/Team/issues/1502
- Support the `newsletter_id` only when sending a newsletter
- Default to the default newsletter when `newsletter_id` isn't specified
- Ignore the `newsletter_id` parameter when passed in the post body
closes https://github.com/TryGhost/Ghost/issues/14452
- When {{tiers}} helper was used with parameters in a Ghost theme, for example statement like this: `{{tiers prefix="Access with:"}}`, the theme did not pass the gscan check and threw a false positive fatal error. {{tiers}} is fully valid and documented helper that should work in current version of Ghost
closes https://github.com/TryGhost/Ghost/issues/14452
- When {{tiers}} helper was used with parameters in a Ghost theme, for example statement like this: `{{tiers prefix="Access with:"}}`, the theme did not pass the gscan check and threw a false positive fatal error. {{tiers}} is fully valid and documented helper that should work in current version of Ghost
refs https://github.com/TryGhost/Toolbox/issues/280
- This change covers two use cases:
- The accept-version > current version + the request cannot be served: ERROR CASE 1
- The accept-version < current version + the request cannot be served: ERROR CASE 2
- Along with 406 status there's additional information about the probable cause and action to be taken by the Ghost site owner or an integration talking to the Ghost API.
- These errors is designed to allow introducing breaking API changes gradually and have meaningful information when the requests cannot be server any longer
refs https://github.com/TryGhost/Team/issues/1248
refs https://github.com/TryGhost/Team/issues/1302
refs https://github.com/TryGhost/Ghost/pull/14433
This fixes multiple problems we've had with handling stripe webhooks where
linking the same subscription concurrently was not locking the database row, we
would have the same operation attempted multiple times, in the case of creating
subscriptions this causes unique constraint errors, and in the case of creating
cancellation events, it was causing multiple cancellation events to be created.
refs https://github.com/TryGhost/Team/issues/1469
Currently, all new members get auto subscribed to the default newsletter. This change adds same behavior with multiple newsletters by auto subscribing all available newsletters on site for new members(If flag is enabled).
Note: In future, this will also take into consideration the `subscribe_on_signup` flag for a newsletter to filter which newsletters should a member be auto-subscribed.
- adds newsletters service for working with newsletter data
- bumps `@tryghost/members-api` package which handles default subscription
- adds new test fixture/data for newsletters
refs 2fa3985d42
- Running tests with error logging set to "error" lever, produced a massive amounts of errors related to failed Stripe keys. Making it hard to look through the output.
- When Ghost is running in teste environment by default it is configured with an invalid Stripe key that looks like `sk_test***`. In this case the Members migrations runs creating requiest to Stripe, which fail.
- these packages have had minor dependency bumps but we've been force to
publish them because of Lerna
- this commit updates all pending TryGhost packages ahead of release
refs 9f695dc254
- see the referenced commit for context but this resolves symlinked
themes missing from the list due to a bug in my refactor of
`@tryghost/package-json`
- the original bump wasn't released yet so this doesn't need to be an emoji
commit
refs https://github.com/TryGhost/Toolbox/issues/241
- The changes bring new fatal errors that will become visible with Ghost v5. These are errors with codes: GS001-DEPR-ESC and GS001-DEPR-CURR-SYM.
- There should be no visible change during theme activation for existing Ghsot version
closes https://github.com/TryGhost/Ghost/issues/14344
- Update dependency @tryghost/kg-default-cards to v5.16.2
- contains fix for unquoted `src` and `href` attributes in product cards that are not handled by our URL transform functions
Co-authored-by: Renovate Bot <bot@renovateapp.com>
- Updated express-test to latest version with new expectEmptyBody assertion
- Updated all the tests that used matchBodySnapshot for an empty body to use expectEmptyBody instead
- Updated all the snapshots that were affected manually, and verified running the tests works as expected
refs https://github.com/TryGhost/Ghost/issues/14344
- The video card containing thumbnail images did not pick up url tranformations (aka __GHOSt_URL__) needed to keep urls compatible across Ghost instancess.
- There's also a similar problem with product cards that will get a separate fix
refs https://github.com/TryGhost/gscan/issues/178
- When a theme with errors or warnings was uploaded the details of the error sometimes contained a broken link leading to a 404. For example, a warning that was visible when use of {{currency_symbol}} was linking to an unexisting page.
- Along with the version bump there are some performance optimizations and new fatal errors for Ghost's v5 theme checks
refs https://github.com/TryGhost/Toolbox/issues/213
- our `knex` dependency has been out of date for a while so my aim was
to bring it up to date
- this required also switching `sqlite3` to `@vscode/sqlite3` because
knex switched the default sqlite driver
- this commit also bumps knex-migrator and switches to a mock-knex fork
until Knex 1.0 support has been merged
- also updates an error message to handle a new code in SQLite
refs https://github.com/TryGhost/Toolbox/issues/241
- The `engines.ghost-api` property has been deprecated and the support for it will be dropped in Ghost v5 due to versionless nature of the Content API.
- When uploading a new theme or activating existing one that uses ghost-api in it's config a warning will be shown to the user
refs https://github.com/TryGhost/Team/issues/1437
- The discount was no longer showing up on the account page when the member had an active discount.
- The redemption counter on the offers page was not incrementing.
- The root cause was that messages sent on the internal bus were not reaching the internal bus listener, due to the unexpected duplication of the internal bus.
refs https://github.com/TryGhost/Team/issues/1437
- The discount was no longer showing up on the account page when the member had an active discount.
- The redemption counter on the offers page was not incrementing.
- The root cause was that messages sent on the internal bus were not reaching the internal bus listener, due to the unexpected duplication of the internal bus.
no issue
Prevents errors from being uploaded to Sentry when a 404 happens in Ghost Admin. At the moment, 404s in Ghost Admin create an ENOENT error in express' static library. Our generic 404 handler at the end will only intercept requests that don't have any errors in the context, so a simple middleware can strip out 404 errors just before we add in our own.
The Ghost-specific error that we attach to requests does not get uploaded to Sentry :)
closes https://github.com/TryGhost/Toolbox/issues/248
- When using the framework it was laways confusing to remember which variable would trigger the snapshot updates. Having aliases to most common "typos" makes the DX way better.
- List of updated variables triggering all snapshot updates:
SNAPSHOT_UPDATE
UPDATE_SNAPSHOT
SNAPSHOTS_UPDATE
UPDATE_SNAPSHOTS
- Additionally this bump automatically fixes missing trailing slashes in URLs used in tests
refs https://github.com/TryGhost/Toolbox/issues/241
- The `engines.ghost-api` property has been deprecated and the support for it will be dropped in Ghost v5 due to versionless nature of the Content API.
- When uploading a new theme or activating existing one that uses ghost-api in it's config a warning will be shown to the user
refs https://github.com/TryGhost/Team/issues/1302
- Added the `MemberCancelEvent` model to MembersApi
- Triggered when a subscription is canceled by an admin or by the member
- Updated shared dependencies
Co-authored-by: Simon Backx <simon@ghost.org>
- We've been seeing weird errors with tables not existing when running tests locally
- This appears to happen after an error causes the tests to abort
- This change includes two fixes:
1. we triggers a full DB reset just before the entire test suite runs
- this is done by wrapping the override file for tests that use a db, and supplying a mochaGlobalSetup hook
2. catch errors when attempting to do a fast truncation-based reset & init, and do a full reset & init instead
- These two changes should ensure the DB is always in the state we expect when running a new test suite
Tiers admin api schema was missing description and type properties. `type` is stripped as we only allow editing `paid` tiers at the moment and it's not allowed to change the type of a tier via API.
refs: https://github.com/TryGhost/Team/issues/1369
Change already made for JSON responses in @tryghost/mw-error-handler, but this change also fixes the order of operations for displaying theme errors.
refs https://github.com/TryGhost/Team/issues/1289
Due to a bug in site setup some Tiers were named "Default Product" and
so the corresponding Stripe Product was also named this. This adds a
Stripe migration to rename any Stripe Products from "Default Product" to
the site title.
refs https://github.com/TryGhost/Team/issues/1408
- switched from `@nexes/nql` to `@tryghost/nql` and bumped `@tryghost/bookshelf-plugins` to get access to the latest NQL version across the app
- adds "contains" operator support
- `:~'string'` - contains
- `:-~'string'` - does not contain
- `:~^'string'` - starts with
- `:-~^'string'` - does not start with
- `:~$'string'` - ends with
- `:-~$'string'` - does not end with
- enables `'` escaping in strings, eg `'O\'Nolan'`
refs https://github.com/TryGhost/Team/issues/1387
This will allow us to move from the portal_products and portal_plans
settings to using the visibility property on tiers to determine whether
or not a tier should be visible in Portal.
This also fixes a bug with the Tiers Admin API read method permissions.
- we seem to be getting some odd numbers when running c8 on Node 12, and
it's causing our CI checks to fail
- even when we're adding tests, the coverage value goes down
- this is disrupting the team from shipping, so we need to change that
- this commit alters the setup to run unit tests w/ c8 for Node 16 unit
tests, and without c8 for other versions
- `yarn test:unit` is kept the same for everyday use
- I recently went across every repo and made sure our c8 config was
correct, but this resulted in us having to publish patch versions of a
bunch of packages
- given these don't contain any code changes, we can just bump them all
at once
refs https://github.com/TryGhost/Toolbox/issues/174
- this commit switches Ghost from using the `mysql` library to the
`mysql2` one
- we've done this for several reasons:
- `mysql2` is more actively maintained
- `mysql2` natively supports the default auth plugin on MySQL 8
- `mysql2` is fasterrrr
- there have been various other commits refactoring the groundwork for
this commit but this commit should be short and sweet:
- alias `mysql` to `mysql2` client so we maintain backwards
compatibility with all configs who use `"client": "mysql"`
- enabled `decimalNumbers` so we maintain the same functionality as
`mysql`
- replaced the dependencies and updated `knex-migrator`
- hardcoded the newer authentication plugin in MySQL 8 CI. Before
switching to `mysql2`, this would break because it didn't support
this
refs https://github.com/TryGhost/Toolbox/issues/174
- right now, our migrations manually check the client of the knex
instance to see whether we're running on MySQL or SQLite
- that's been working fine, but the problem is that we're due to switch
to the mysql2 driver soon, so all these checks will be faulty
- i've altered the functionality of `@tryghost/database-info` to accept
a knex instance, and it'll return if the DB is MySQL or SQLite in some
helper functions
- this commit bumps the package and switches to that format
- originally I used a shared instance of the class within
`@tryghost/database-info` but there's a chance that the knex instance
inside migrations actually comes from knex-migrator, and not Ghost, so
that wouldn't work
refs https://github.com/TryGhost/Team/issues/1306
- This adds a `MemberPageViewEvent` event when a page is viewed by a member (post/page/tag/author/...)
- Integrates the `LastSeenAtUpdater` service that listens to the `MemberPageViewEvent` events to update `member.last_seen_at`
- Follows the latest testing recommendation (end to end test + testing for side-effects)
refs https://github.com/TryGhost/Team/issues/1306
- Updates once every day (in the publication timezone)
- Also updates when the value is `NULL`
- This is implemented as a SQL query as the code is on the job and doesn't have visibility to the members code
- Updating our config to have `--check-coverage` enforces that the coverage meets a certain level.
- The default is 95 I believe, but our coverage is lower.
- I've set the levels to our current levels, so any drop below these numbers will cause the build to fail.
- I've also set the reporters to be text, html and cobertura so we always have a mini report, the full HTML files to navigate and cobertura for CI
- Cleaned up CI so we don't use the cov:unit command as we're now using codecov
- This also means we can remove the cov:unit command which was weird to use because it uses the last test run, which can be confusing
refs https://github.com/TryGhost/Team/issues/1313
Rather than removing the /products API we're adding a /tiers API as
a first step towards renaming "products" to "tiers". The initial idea was
to alias the URL's but out API framework doesn't easily allow for this so
we've duplicated it instead.