Commit Graph

2544 Commits

Author SHA1 Message Date
Naz Gargol
27bf453792
Migrated authentication controller to v2 (#10950)
refs #10060

- Migrated authentication.resetPassword method to v2
- Migrated authentication.acceptInvitation method to v2
- Migrated authentication.setup method to v2
- Added missing test coverage for "setupUpdate" method
- Migrated authentication.updateSetup method to v2
- Migrated authentication.isInvitation method to v2
- Migrated authentication.isSetup method to v2
- Removed unused 'setup.completed' event as it wasn's used anywhere in the system and has been complicating the logic unnecessarily
- Without the event, it's possible to simplify sendNotification method to just use email address of the user
- Added email sending check to v0.1 test suite
- Refactored sendNotification method to just use email address as parameter
- Renamed sendNotification to sendWelcomeMail
- The only thing the method does now is sending welcome mail, so new naming seems natural :)
2019-08-01 13:18:24 +02:00
Nazar Gargol
956da204f2 Expanded authentication test suite with cases for password reset flow
- Added missing endpoint coverage
- Minor fixes with formatting and validations uncovered by the test
- Added same test to v0.1 coverage
2019-07-30 22:48:59 +02:00
Nazar Gargol
36026ab929 Added email sending check to v0.1 test suite 2019-07-30 16:10:55 +02:00
Nazar Gargol
27523e2ed7 Moved mailService stub closer to it's usecase 2019-07-30 16:09:54 +02:00
Nazar Gargol
7b97c1ada1 Added missing notification email when setting up a site 2019-07-30 15:42:16 +02:00
Fabien O'Carroll
b0efad7ac9
Fixed img_url helper when using image sizes with relative path… (#10964)
closes #10949 

This updates the getImageWithSize function in the img_url helper to consider relative paths WITHOUT a leading slash the "base case". If a path does have a leading slash, we remove it, pass it through the function again, and then prepend the slash.
2019-07-29 16:54:09 +08:00
Nazar Gargol
8b651bff9d Migrated authentication.updateSetup method to v2 2019-07-25 17:12:39 +02:00
Nazar Gargol
03934e30c9 Removed old auth suite 2019-07-25 17:12:39 +02:00
Nazar Gargol
67c2fb8285 Added missing test coverage for "setupUpdate" method 2019-07-25 17:12:39 +02:00
Nazar Gargol
07782d8fa2 Corrected object check to include 'url' property 2019-07-25 17:12:39 +02:00
Nazar Gargol
132e278a22 Migrated authentication.isInvitation method to v2 2019-07-25 17:12:47 +02:00
Nazar Gargol
f4b97d3bc8 Migrated authentication.acceptInvitation method to v2 2019-07-25 17:12:39 +02:00
Nazar Gargol
8135d4d188 Added validation layer to password reset
- Adding a new method in all.js seems a little dirty, but that seems like the best place for now as similar method was added for changePassword method
2019-07-25 17:12:39 +02:00
Nazar Gargol
b3ed11719e Migrated authentication.resetPassword method to v2 2019-07-25 17:12:20 +02:00
Naz Gargol
d9fef82170
Added global site SEO fields to be used in theme helpers (#10930)
#10921

- Changed {{meta_title}} helper to use site meta_title' field
- Changed {{meta_description}} helper to use site 'meta_description' field
- Changed {{og_image}} helper to use site 'og_image' field
- Added site title handling for og/twitter metadata
- Refactored use of 'blog' in variable name in favor of 'site'
- Extended meta_description test suite with 'home' context cases
- Changed {{twitter_image}} helper to use site 'twitter_image' field
- Added ghost_head test for site metadata
- Renamed blog->site in variable names for touched files
2019-07-25 11:08:29 +02:00
Aileen Nowak
5253131006 Updated fixtures hash for tests 2019-07-25 15:37:33 +08:00
Aileen Nowak
d11fd4210b Updated docs api links to be version-less 2019-07-25 15:17:23 +08:00
Kevin Ansfield
1aa7e368a2
🎨 Added url value to the Content API /settings/ endpoint (#10946)
closes https://github.com/TryGhost/Ghost/issues/10945

- adds the `url` property to the returned output manually because it's a config value rather than a settings value
2019-07-24 11:12:07 +01:00
Kevin Ansfield
2b6830b747 Ensured Admin API cannot fetch internal integrations (#10501)
no issue

- Forced a filter on read and browse requests to the integrations endpoint to limit fetches to only "custom" and "builtin" integration types
- Expanded test coverage for "internal" integrations
2019-07-24 11:52:55 +02:00
Nazar Gargol
bf5824a7ba Fixed ability for the owner to change password of other users
closes #10927

-  Previous fix 2823c0b342
- It didn't work because the validation layer in "frame" doesn't take into account the value under `required` property of the controller, so to prevent validation on the field whole `required` key/value have to be removed
- Removed unused variables
- Extended regression suite to prevent similar problems in the future
2019-07-22 19:00:21 +02:00
Nazar Gargol
3c7af7e6f0 Fixed accepnatce test failure
no issue

- Initial commit that broke the build: 20cce5da37
- There is no enforced ordering for integrations and because of combined differences how MySQL/SQLite orders by default in combination with how created_at/updated_at dates are generated for fixtures in tests and for migrations there is no reliable way to check order
2019-07-22 17:12:43 +02:00
Nazar Gargol
20cce5da37 Added test coverage for integrations Admin API endpoint
no issue

- The basic test coverate for 'browse' endpoint for integrations was missing.
- It case is needed to be able to expand it in https://github.com/TryGhost/Ghost/pull/10501
2019-07-22 14:35:19 +02:00
Aileen Nowak
496f873ac4
Updated links to docs (#10941)
no issue
2019-07-22 18:17:50 +08:00
Naz Gargol
c3a80f112a
Exposed site SEO data through Conent API & {{@site.*}} helper (#10925)
refs #10921

- Site SEO data will now be available as part of `GET /settings` response in Content API as well as part of {{@site.*}} helper
2019-07-19 10:40:47 +02:00
Naz Gargol
b89b57b6fb
Added global site SEO fields in Admin API (#10923)
refs #10921

- New SEO related fields will now be available as a part of Admin API /settings endpoint
- The ordering of fields is taken from post's schema
- Extended settings test suite with new SEO fields
- Adjusted settings model unit test
2019-07-18 16:24:34 +02:00
Naz Gargol
9dcc17a017
🐛 Fixed import for tag without slugs that belongs to a post (#10917)
closes #10785

- The behavior for tags will now be similar to posts' one described in the docs
- "The only strictly required field when importing posts is the title. Ghost will automatically generate slugs and set every other field to the default or empty."
- The breaking change was introduced with: 68d8154d4f (diff-e712df50c0dc7cf33746eeff0564003cR97) (assumed there's always slug in the imported object which is not true)
- Added originalIdMap to the importer base class to track id
substitution so it can be used when dealing with relational resource
updates
- Removed explicit use of 'this.stripProperties(['id']);' in
beforeImport of base class because we need to assign and remove the id
property in the same place to track this change
- Only calling 'this.stripProperties(['id']);' in
settings/trusted_domain imports as the method won't be called otherwise
- Expanded regression tests with new supported import case
2019-07-16 12:01:44 +02:00
Vikas Potluri
b431dc56cb 🐛 Fixed error message when get helper doesn't have API access (#10892)
closes #10875
2019-07-15 14:18:58 +08:00
Christoph Tavan
834a5a0521 Replaced v1 for v4 uuids (#10871)
* Swapped v1 with v4 UUID as requestId when logging

no issue

v1 UUID are based on current time and the hardware MAC address of the
machine where they are being generated. As such they have much more
complex semantics than v4 UUIDs which are simply randomly generated.

Unless there's a specific requirement for the special semantics of v1
UUIDs it is simpler and less error prone to simply go for v4 UUIDs
whenever just a unique identifier is needed.

* Swapped v1 with v4 UUID when creating a temporary contentFolder

no issue

v1 UUID are based on current time and the hardware MAC address of the
machine where they are being generated. As such they have much more
complex semantics than v4 UUIDs which are simply randomly generated.

Unless there's a specific requirement for the special semantics of v1
UUIDs it is simpler and less error prone to simply go for v4 UUIDs
whenever just a unique identifier is needed.

* Swapped v1 with v4 UUID when creating a temporary exportFolder

no issue

v1 UUID are based on current time and the hardware MAC address of the
machine where they are being generated. As such they have much more
complex semantics than v4 UUIDs which are simply randomly generated.

Unless there's a specific requirement for the special semantics of v1
UUIDs it is simpler and less error prone to simply go for v4 UUIDs
whenever just a unique identifier is needed.
2019-07-15 14:01:02 +08:00
Naz Gargol
f3ec2fb2f7
Cleaned up theme service (#10884)
refs #10790

- Following TODO in theme index file was waiting for 2 years, and today is the day to cross it out:
- "Reduced the amount of things we expose to the outside world"
- "Made this a nice clean sensible API we can all understand!" - by @ErisDS
- Cleaned exposed methods from themes module
- Removed unused storage getter
- Removed list method
- Removed validate method
- Renamed Storage to ThemeStorage
  - Named the file the same way the class defined inside of it is named
  - Naming was conflicting with coming rename of  `settings` -> `storage`
- Renamed theme settings to storage
2019-07-09 16:35:18 +02:00
Hannah Wolfe
ce563179b8 🐛 Fixed infinite redirect for amp when disabled
fixes 10883

- fixed an issue where /amp/ pages would cause an infinite redirect loop
- this only occurred when amp was disabled, and query params were passed to the /amp/ url
- this fix resolves the issue by not assuming /amp/ is the end of the URL
- it also checks for `/amp/` (both slashes) and replaces one
2019-07-08 17:32:12 +01:00
renovate[bot]
db53ac0721 Update Test & linting packages (major) (#10858)
no issue 

- Updated Test & linting packages
- Updated use of hasOwnProperty
- Using Object.prototype.hasOwnProperty instead (ref. eslint.org/docs/rules/no-prototype-builtins)
- Removed already defined built-in global variable Intl
- Applied `--fix` with lint command on `core/test` folder
- The rules were broken because some of them were made stricter for `eslint: recommended` ruleset (ref. https://eslint.org/docs/user-guide/migrating-to-6.0.0#eslint-recommended-changes)
- Removed redundant global variable declarations to pass linting
2019-07-05 13:40:43 +02:00
Nazar Gargol
82e16a749e Corrected regression test for dynamic routing
no issue

- The reason for the test failure was:
- Bump in express version: 5a316c3c80)
- Which included bump of it's internal dependency `send` to version send@0.17.1: https://github.com/expressjs/express/releases/tag/4.17.0)
- Which had a change in how 'xml' type was interpreted: https://github.com/pillarjs/send/pull/154/files
- Because in Ghost documentation for dynamic routing, we clearly state to use `contetn_type: text/xml` instead of just `content_type:xml` the test was considered to be not up to date (ref. https://docs.ghost.org/api/handlebars-themes/routing/routes/)
- Returning `content-type: text/xml; charset=UTF-8` stays in line with the rest of Ghost codebase
- WARNING: when using `res.type('xml')` for whatever reason in the codebase be awere that express will send `application/xml` header which is not the convention used throughout the codebase
2019-07-04 15:43:19 +02:00
renovate[bot]
1f32a1372f Update dependency got to v9 (#10861)
no issue 

- The underlying issue is the change in retry behavior in 'got' (a3e77de287)
- Now 500 responses trigger 2 default retries
- Renamed retries -> retry. As mentioned in https://github.com/sindresorhus/got/releases/v9.0.0
- Added response body error check
2019-07-04 10:36:51 +02:00
Jeffrey Fisher
6ca34a29fd 🐛 Allowed .ico files to be uploaded for icons. (#10820)
closes #10641

There is already an "icons" section in this json file, but it appears
that that is only used for v0.1 in which there was a "/uploads/icon"
route that passed in a "type" of "icons" to the validation middleware.
However, in v2, there is only a generic "/images/upload" route that is
used for both icons and images, which passes a "type" of "images"
so the .ico information needs to be added to the "images" section
of the json file.
2019-07-01 13:29:24 +07:00
Nazar Gargol
9d69951c81 Fixed frontend regression test
no issue

- Fixed require for a wrong module as this part of settings has been moved
2019-06-26 09:41:37 +02:00
Naz Gargol
0bf1542bc6
Extracted settings service part manipulating routes.yaml (#10800)
refs #10790
refs #9528

- The settings service was designed to handle more settings then just routing, but till this day there wasn't anything else added. As routes.yaml is only being used by frontend router so conceptually it fits better to have this code in frontend, so that it doesn't have to reach out to server
- The code left in server settings is the one that interacts with the database `settings` table and only partially provides information to frontend. That part is known as 'settings cache' and will be accessed through API controllers.
2019-06-25 18:33:56 +02:00
Fabien O'Carroll
15585971e2 🐛 Fixed async helpers nested in template helpers
closes #10643

The async resolver in express-hbs relies on storing the state of the
promises on the `this` value inside of a helper, which is always set to
the `context`. This patch updates our helpers which render templates, to
use `this` as the context when rendering their templates.
2019-06-25 16:19:33 +07:00
Naz Gargol
df7e64fafa
Extracted frontend folder (#10780)
refs #10790

- Moved /core/apps into core/frontend
- Moved /core/server/helpers to /core/frontend/helpers along with /core/server/services/themes
- Changed helper location in overrides
- Moved /core/server/services/routing to /core/frontend/services
- Moved /core/server/services/url to /core/frontend/services
- Moved /core/server/data/meta to /core/frontend/meta
- Moved /core/server/services/rss to /core/frontend/services
- Moved /core/server/data/xml to /core/frontend/services
2019-06-19 11:30:28 +02:00
Kevin Ansfield
3069f5f5a9 Mocked network access for {{amp_content}} img unit test (#10792)
no issue

- unit test was fetching images over the network which could cause random test failures on poor connections
2019-06-19 13:56:30 +07:00
Naz Gargol
abda6e6338
Migrated to use url-utils from Ghost-SDK (#10787)
closes #10773

- The refactoring is a substitute for `urlService.utils` used previously throughout the codebase and now extracted into the separate module in Ghost-SDK
- Added url-utils stubbing utility for test suites
- Some tests had to be refactored to avoid double mocks (when url's are being reset inside of rested 'describe' groups)
2019-06-18 15:13:55 +02:00
Kevin Ansfield
bbae006eb5
Speed up image-size utility functions (#10784)
no issue

- add `probe-image-size` dependency
- use `probe-image-size` to fetch partial image data over the network where possible
2019-06-11 16:25:15 +01:00
Rish
a4f119cb7f Moved visibility utility from static model fn to Ghost-SDK
refs #10618

- Visibility methods don't belong on model, but are generic utils
- Used directly from ghost helper's visibility methods, cleans up core
- Removes direct model dependency of theme helper
- Updated `foreach_spec` to correct test data as per schema - visibility property cannot be empty
2019-06-09 13:12:04 +05:30
Nazar Gargol
f5544e7831 Migrated to use @tryghost/social-urls package
refs #10618

- /lib/social/urls was extracted into SDK to move more modules out of the core and reduce coupling of the theme layer
2019-06-06 17:10:13 +02:00
Naz Gargol
acdcadc396
🔥 Dropped Node v6 support (#10771)
no issue
    
- Node v6 has come to EOL as of 2019-04-30 (ref. https://github.com/nodejs/Release#end-of-life-releases)
- Removed Node v6 specific tests and code
2019-06-03 14:20:23 +02:00
Kevin Ansfield
f88adb9180
Added x-frame-options header to /ghost/ route (#10760)
no issue
- by default the `/ghost/` route will add an `x-frame-options: sameorigin` header to the response to help protect the admin area against clickjacking
- the header can be disabled by adding `"adminFrameProtection": false` to the `config.{env}.json` configuration file

Credits: Muhammad Fawwad Obaida
2019-05-28 09:04:48 +01:00
Aileen Nowak
d086841f36
Updated link to Marketplace (#10754)
no issue

- Marketplace moved to https://ghost.org/marketplace
2019-05-22 16:55:28 +08:00
Nazar Gargol
bb7bb55cf3 Bumped gscan version to 2.6.0
no issue

- Updated valid theme fixture to be inline with warning that was added when using {{each}} helper instead of {{foreach}}
2019-05-08 16:56:22 +02:00
Fabien O'Carroll
c101fd90d7
Removed lib/members in favour of packages (#10739)
* Installed `@tryghost/members-{api,auth-pages}`

no-issue

* Used @tryghost/members-auth-pages in member service

no-issue

* Used @tryghost/members-api in members service

no-issue

* Deleted core/server/lib/members

no-issue

* Fixed parent app tests

no-issue

Requiring the members api (via the `gateway` getter) was throwing an
error, so we stub out the members service getters
2019-05-08 14:08:25 +02:00
Rish
a4f4a00cc4 Updated to use slugify method from SDK for safe string
refs #10618

- Updated lib safe string security method
2019-05-07 15:33:07 +05:30
Aileen Nowak
b2ed906773 🎨 Allowed protocol overwrite for canonical URLs (#10729)
closes #10709

- Only transform a canonical URL that is identical with the Blog URL to a relative URL when the protocol matches as well
- Leave the canonical URL absolute for all other cases
- Use case for this is e. g. when users want to port over their Facebook comments/shares/likes after a move from `http` to `https`
2019-05-06 15:27:54 +02:00
Aileen Nowak
79345f9030 🐛 Fixed Twittercard having wrong property when no feature image provided
closes #10706

- Fixed a bug where we weren't assigning `summary_large_image` as Twitter card property when no feature image is provided, but a dedicated Twitter image
- Updated test to reflect this case to be tested better
2019-05-06 12:51:43 +02:00
Katharina Irrgang
2447335ab1 🐛 Fixed post scheduling on restart (#10726)
no issue

- case: restart Ghost and while having a scheduled post 
- caused by 4acc375fb6 (diff-4726ce3c4d18d41afad4b46cb0aa7dd3)
  - the bug exists since 2.12
  - Bookshelf added support (or better said fixed a bug) for accessing previous attributes
  - `object.updated('published_at')` always returned "undefined", because the self-implementation < 2.12 only remembered previous attributes after update (see https://github.com/TryGhost/Ghost/blob/2.11.0/core/server/models/base/index.js#L234)
  - but `object.previous('published_at')` returns the current value (object.get('published_at') === object.previous('published_at') -> and that's why rescheduling on bootstrap never worked
- might fix https://forum.ghost.org/t/scheduled-posts-never-publish/6873/10
- reduced timeouts on scheduling unit tests
2019-05-06 11:11:43 +02:00
Kevin Ansfield
90db78b369 Properly fix escaping in test comparison 2019-05-04 11:46:13 +01:00
Kevin Ansfield
5db9651a60 Fixed tests due to escaped chars in comparison string 2019-05-04 11:39:06 +01:00
Kevin Ansfield
75ae3f8736 Added parsing of html cards when using ?source=html with the v2 Admin API
no issue

- when sending `html` with `?source=html` to the v2 Admin API it's now possible to include blocks of HTML that will be extracted to html cards rather than going through the normal lossy html-to-mobiledoc conversion

Example usage would be sending HTML in the following format:

```html
<p>Some standard content...</p>

<!--kg-card-begin: html-->
<div class="my-custom-html">...</div>
<!--kg-card-end: html-->

<p>Some more content...</p>
```

In this case an html card will be created in the mobiledoc with the content `<div class="my-custom-html">...</div>`.
2019-05-04 11:30:59 +01:00
Nazar Gargol
cd703a6dc3 Fixed regression test
no issue

- The test was broken due to removed `lts` flag in d0970ad30
2019-05-02 21:04:16 +02:00
Fabien O'Carroll
0a67a25dbc Fixed member permission/role relations in fixtures
no-issue

The previous relations were setup to match against "members", which is
plural, but the object_type on the permission is "member". This was
causing the permissions to not be added as a relation to the role.
2019-05-02 17:31:38 +02:00
Kevin Ansfield
990ecec873
Added caption support to code card renderer (#10719)
* Added caption support to code card renderer

refs https://github.com/TryGhost/Ghost-Admin/pull/1181

- when a caption for a code card is provided, render the contents inside a `<figure>` element with a `<figcaption class="kg-card kg-code-card">` to match other caption-enabled cards
2019-05-01 17:10:24 +02:00
Nazar Gargol
f5c1ed8fcb 🐛 Fixed 404 in collection index page if using data.slug
closes #10542

- Fixed error that was causing collection index to not be rendered: relations connected to alliased resource were not fetched
2019-04-30 18:20:20 +02:00
Nazar Gargol
cea598597b Restructured theme check logic
refs #10571

- Removes dependency on 'context' property being set in error when
checking a theme
- Refactoring was needed to be able to avoid passing checked theme as a
part of thrown error (logic was relying on error having this specific
data in context property). This created a problem where we controlled
the logic flow with data in error object.
- Introduced 2 different types of theme check handling, one behaves the
same way as before, the other gives more granulac control to the caller
to decide what to do with returned errors.
2019-04-22 22:34:12 +02:00
Nazar Gargol
e1dca54bf7 🎨 Made notifications dismissible per user
refs #10656

- To make sure more users see important updates or announcements
notification dismissal now works per user instead of globally
- Expanded acceptance test for notification deletion
- Expanded regression test covering multiuser dismissal of notification
- Added clarifying comment about destroyAll method use in API
2019-04-19 09:43:14 +02:00
Nazar Gargol
809e610842 Added notification access persmission for users of Editor role
closes #9546

- Updated permissions  fixture for Editor role
- Added migration for permissions for Editor users
- Updated tests
2019-04-18 13:02:23 +02:00
Fabien O'Carroll
f9899cb8c4
Updated theme layer to use members-ssr (#10676)
* Removed support for cookies in members auth middleware

no-issue

The members middleware will no longer be supporting cookies, the cookie
will be handled by a new middleware specific for serverside rendering,
more informations can be found here:

https://paper.dropbox.com/doc/Members-Auth-II-4WP4vF6coMqDYbSMIajo5

* Removed members auth middleware from site app

no-issue

The site app no longer needs the members auth middleware as it doesn't
support cookies, and will be replaced by ssr specific middleware.

https://paper.dropbox.com/doc/Members-Auth-II-4WP4vF6coMqDYbSMIajo5

* Added comment for session_secret setting

no-issue

We are going to have multiple concepts of sessions, so adding a comment
here to be specific that this is for the Ghost Admin client

* Added theme_session_secret setting dynamic default

no-issue

Sessions for the theme layer will be signed, so we generate a random hex
string to use as a signing key

* Added getPublicConfig method

* Replaced export of httpHandler with POJO apiInstance

no-issue

This is mainly to reduce the public api, so it's easier to document.

* Renamed memberUserObject -> members

no-issue

Simplifies the interface, and is more inline with what we would want to export as an api library.

* Removed use of require options inside members

no-issue

This was too tight of a coupling between Ghost and Members

* Simplified apiInstance definition

no-issue

* Added getMember method to members api

* Added MembersSSR instance to members service

* Wired up routes for members ssr

* Updated members auth middleware to use getPublicConfig

* Removed publicKey static export from members service

* Used real session secret

no-issue

* Added DELETE /members/ssr handler

no-issue

This allows users to log out of the theme layer

* Fixed missing code property

no-issue

Ignition uses the statusCode property to forward status codes to call sites

* Removed superfluous error middleware

no-issue

Before we used generic JWT middleware which would reject, now the
middleware catches it's own error and doesn't error, thus this
middleware is unecessary.

* Removed console.logs

no-issue

* Updated token expirty to hardcoded 20 minutes

no-issue

This returns to our previous state of using short lived tokens, both for
security and simplicity.

* Removed hardcoded default member settings

no-issue

This is no longer needed, as defaults are in default-settings.json

* Removed stripe from default payment processor

no-issue

* Exported `getSiteUrl` method from url utils

no-issue

This keeps inline with newer naming conventions

* Updated how audience access control works

no-issue

Rather than being passed a function, members api now receives an object
which describes which origins have access to which audiences, and how
long those tokens should be allowed to work for. It also allows syntax
for default tokens where audience === origin requesting it. This can be
set to undefined or null to disable this functionality.

{
    "http://site.com": {
        "http://site.com": {
            tokenLength: '5m'
        },
        "http://othersite.com": {
            tokenLength: '1h'
        }
    },
    "*": {
        tokenLength: '30m'
    }
}

* Updated members service to use access control feature

no-issue

This also cleans up a lot of unecessary variable definitions, and some
other minor cleanups.

* Added status code to auth pages html response

no-issue

This was missing, probably default but better to be explicit

* Updated gateway to have membersApiUrl from config

no-issue

Previously we were parsing the url, this was not very safe as we can
have Ghost hosted on a subdomain, and this would have failed.

* Added issuer to public config for members

no-issue

This can be used to request SSR tokens in the client

* Fixed path for gateway bundle

no-issue

* Updated settings model tests

no-issue

* Revert "Removed stripe from default payment processor"

This reverts commit 1d88d9b6d73a10091070bcc1b7f5779d071c7845.

* Revert "Removed hardcoded default member settings"

This reverts commit 9d899048ba7d4b272b9ac65a95a52af66b30914a.

* Installed @tryghost/members-ssr

* Fixed tests for settings model
2019-04-16 16:50:25 +02:00
Vikas Potluri
c58236e549 🐛 Disallowed locked/suspended users from being made owner via the API (#10647)
- closes #10555
- Added a check to the user modal that the new owner is active 
- Had to refactor Owner->Author unit test (also renamed it)
  - Based on the first 2 lines, owner->editor change is attempted (hence the rename)
  - Since both stubs return a 'modal' with owner role which means owner->owner change is actually attempted
  - Now that there's a user status check, added the `status` property to the user receiving owernship
2019-04-16 10:30:29 +01:00
Fabien O'Carroll
7461869f13 Updated import to only show warning when apps exist
no-issue

This is so that someone with empty defaults for installed_apps and
active_apps, or someone without the defaults at all, will not see the
warning message when importing.
2019-04-16 11:19:17 +02:00
Fabien O'Carroll
37bcdb0a83 Removed filters module
no-issue

This is no longer used now, as it was for apps to extend Ghost
2019-04-16 11:05:33 +02:00
Fabien O'Carroll
90c2dbcd6b Removed use of filters module
no-issue

As we're deprecating apps, filters are no longer used.

- Removed use of filters in helpers
- Removed use of filters from routing service
- Removed use of filters from rss service
- Removed use of filters in base model
2019-04-16 11:05:33 +02:00
Fabien O'Carroll
54ac98037b Refactored proxy to not take name param
no-issue

This was only used as context to api methods, but those have been removed.
2019-04-16 11:05:33 +02:00
Fabien O'Carroll
ca2dc1889a Removed unused filters object from apps proxy
no-issue

This is not used by any current apps, and apps are considered
deprecated.
2019-04-16 11:05:33 +02:00
Fabien O'Carroll
0d40952232 Removed apps from update-check
no-issue

This only read external apps, so can be removed now we don't support them
2019-04-16 11:05:33 +02:00
Fabien O'Carroll
f74d459dad Removed active and installed apps default settings
no-issue
2019-04-16 11:05:33 +02:00
Fabien O'Carroll
7ae139c6b4 Removed apps lifecycle test
no-issue

This module didn't really seem to be tetsing anything, it was all based
on internally set properties, which if there was a bu, likely the bug
would be reflected in this property too - resulting in useless test.
2019-04-16 11:05:33 +02:00
Fabien O'Carroll
7fcad145c7 Updated app proxy test to ignore permissions
no-issue

The module has no concepts of permissions anymore, so all tests can
ignore this concept too. Also refactors tests to match the new signature
of the module.
2019-04-16 11:05:33 +02:00
Fabien O'Carroll
a77b38cb09 Deleted tests for removed apps service modules
no-issue

The companion moduleis for these tests have been deleted.
2019-04-16 11:05:33 +02:00
Rishabh Garg
62f5bdac4c
Updated to use count words/images helpers from SDK (#10686)
refs #10618

- Added @tryghost/helpers dependency to use Ghost-SDK helpers
- Updated countWords, countImages helpers and removed local copy
2019-04-16 08:00:01 +05:30
Fabien O'Carroll
32a4798d76 Added skip of active/installed apps settings during import (#10681)
no issue
- the `{active,installed}_apps` settings related to a very old, minimally implemented, unreleased, and problematic approach to custom apps
- this is the first step towards full removal of the old "apps" concept

Credits: Kacper Szurek
2019-04-15 11:10:10 +01:00
Kevin Ansfield
47692b1081 🐛 Fixed last paragraph not rendering on front-end when it's styled
no issue
- the conditional for removal of trailing blank paragraphs was not sufficient to handle paragraphs where the first child element was not a text node such as when the content of the last paragraph is italic
- switched to a method that fully walks the DOM of the last paragraph node to extract its equivalent `.textContent` value for use in the "last para is blank?" check
2019-04-08 16:25:20 +01:00
Fabien O'Carroll
40d74ec3e0 Updated theme middleware tests
no-issue

This allows the tests to not inspect the "internals" of the module, and
deal with the middleware array it exports.

- Removes two layers of indentation for readablity
- Adds executeMiddleware helper
- Reuses the global requires, rather than making new globals for stubs
2019-04-04 10:44:43 +02:00
Nazar Gargol
b7224ef1b0 Fixed regression test
no issue

- html to plaintext was broken with c219446f85 . Ghost's API supports html intpu format only for version above v8
2019-04-03 10:58:36 +08:00
Nazar Gargol
7d6436f9bf Bumped gscan version to 2.4.0
no issue

- Updated theme fixtures to be in line with new deprecation rules
for {{lang}} and {{@blog.*}} helpers introduced with https://github.com/TryGhost/gscan/pull/180
2019-04-02 13:47:59 +08:00
Nazar Gargol
a2d8c07c96 Fixed regression tests
no issue

- Tests were broken with b9eaf27e56
2019-04-02 11:23:46 +08:00
Nazar Gargol
0d89acd910 🐛 Fixed redirects to external URL
closes #10623

- The ability to redirect to external URLs was broken with 7e211a307c
- Added test coverage for external URL case
2019-04-01 12:33:29 +08:00
Naz Gargol
c219446f85
Model regression tests cleanup (#10639)
refs #9178

- Migrated settings model regression to unit tests
- Removed redundant/unuseful post tests
- Extracted post model regression tests to API tests 
- Renamed test suites for consistency
2019-03-26 11:37:32 +08:00
Kevin Ansfield
9886e21cb2 Loosened equality check for error message in GhostMailer test 2019-03-22 13:37:00 +00:00
kirrg001
1e6f4ba340 🐛 Fixed Admin API v2 wasn't returning preview url
no issue

- Admin API v2 returned /404/, see comment in code base:

/**
* CASE: admin api should serve preview urls
*
* @NOTE
* The url service has no clue of the draft/scheduled concept. It only generates urls for published resources.
* Adding a hardcoded fallback into the url service feels wrong IMO.
*
* Imagine the site won't be part of core and core does not serve urls anymore.
* Core needs to offer a preview API, which returns draft posts.
* That means the url is no longer /p/:uuid, it's e.g. GET /api/v2/content/preview/:uuid/.
* /p/ is a concept of the site, not of core.
*
* The site is not aware of existing drafts. It won't be able to get the uuid.
*
* Needs further discussion.
*/
2019-03-21 19:08:38 +01:00
Nazar Gargol
cf499c39a1 Fixed intergration tests
refs #10612

- Fixed output of html field when mobiledoc field is empty
2019-03-19 11:28:21 +08:00
Nazar Gargol
2517e9dc65 Added consistent handling to empty mobiledoc
closes #10612

- Added handling for 'blank' mobiledoc structure which should be converted to '""' instead of '<p></p>'
2019-03-18 20:06:53 +08:00
Nazar Gargol
04857e8823 Added tests for null values in content/excerpt helpers
refs #10612

- Added test coverage for existing implementation in excerpt helper and new changes in content helper (9a21bea)
2019-03-18 19:52:49 +08:00
Fabien O'Carroll
56b6c633f6
Updated backup file names to include timestamp (#10607)
no-issue

Currently if you run two migrations on the same day, the backup is overwritten. This change adds the `HH-mm-ss` to the file name, meaning that you get a unique backup for each migration.
2019-03-13 21:06:05 +01:00
Katharina Irrgang
f64af762ef 🐛 Fixed "Cannot read property 'feature_image' of undefined" (#10602)
no issue

- refs https://forum.ghost.org/t/default-hbs-cannot-read-property-feature-image-of-undefined/6194
-
2019-03-13 18:13:52 +08:00
kirrg001
7bac1824c2 Added regression test for editing a scheduled post
refs #10600

- ensure it does not happen again
- we only have some regression model tests, which edit scheduled posts
2019-03-12 20:20:46 +01:00
kirrg001
811ba83b19 🐛 Fixed {{body_class}} helper when using data: page.{slug} in routes
refs #10082

- throwed a 500 because this.page was not handled
- v2 differentiates between page and post
2019-03-12 12:34:16 +01:00
kirrg001
555dc2f180 🐛 Fixed {{meta_title}} output when using data: page.{slug} in routes
refs #10082

- meta_title output wrong meta title

Only solves meta_title outout for this use case:

```
routes:
  /:
    data: page.{slug}
    template: t
```
2019-03-12 12:34:16 +01:00
kirrg001
3b4edccf62 🐛 Fixed {{meta_description}} output when using data: page.{slug} in routes
refs #10599

- meta_description output wrong meta description

Only solves meta_description for this use case:

```
routes:
  /:
    data: page.{slug}
    template: t
```
2019-03-12 12:34:16 +01:00
kirrg001
fef0aa44d3 🐛 Fixed meta twitter_image output when using data: post.{slug} for routes
refs #10082

```
routes:
  /news/:
    data: post.news
```

The twitter_image was not available, because the context is [news, post] and the data is in `data.post`.
The context helper was incorrect. I think it is still not fully correct, but only focused on this use case.
The meta layer needs a full refactoring.
2019-03-12 12:13:47 +01:00
Naz Gargol
34fad7eaaf
Added Canonical URL support to posts&pages in Admin & Content API v2 (#10594)
refs #10593

- Added `canonical_url` field to post&pages resources in Admin & Content APIs
- Support for canonical URL on metadata layer (used in {{ghost_head}} helper)
- Made sure the new field is not accessible from API v0.1 
- Added handling same domain relative and absolute URLs
2019-03-12 17:51:29 +08:00
kirrg001
0c8373afb7 Removed 'null' parsing in settings model
refs #10582

- I don't think this is a good idea
- If a user passses "null", we should treat it as a string
- I am not aware of a use case why people have "null" in their database
- If people send "null" via the API, we should respect this and accept a string
2019-03-11 20:07:48 +01:00
Nazar Gargol
e19cd6a919 Modified export/import regression test so it doesn't leave leftover files 2019-03-11 20:07:48 +01:00
kirrg001
255b55cab5 Added proper importer regression tests
refs #10582
2019-03-11 20:07:48 +01:00
kirrg001
160d50a258 🐛 Fixed /edit url redirecting to wrong admin client url
no issue

- admin client has fixed showing a 500
- we now show a 404 if the url is wrong
- server side has corrected the editor url
2019-03-11 15:26:13 +01:00