Commit Graph

1474 Commits

Author SHA1 Message Date
Aileen Nowak
d086841f36
Updated link to Marketplace (#10754)
no issue

- Marketplace moved to https://ghost.org/marketplace
2019-05-22 16:55:28 +08:00
Fabien O'Carroll
c101fd90d7
Removed lib/members in favour of packages (#10739)
* Installed `@tryghost/members-{api,auth-pages}`

no-issue

* Used @tryghost/members-auth-pages in member service

no-issue

* Used @tryghost/members-api in members service

no-issue

* Deleted core/server/lib/members

no-issue

* Fixed parent app tests

no-issue

Requiring the members api (via the `gateway` getter) was throwing an
error, so we stub out the members service getters
2019-05-08 14:08:25 +02:00
Rish
a4f4a00cc4 Updated to use slugify method from SDK for safe string
refs #10618

- Updated lib safe string security method
2019-05-07 15:33:07 +05:30
Aileen Nowak
b2ed906773 🎨 Allowed protocol overwrite for canonical URLs (#10729)
closes #10709

- Only transform a canonical URL that is identical with the Blog URL to a relative URL when the protocol matches as well
- Leave the canonical URL absolute for all other cases
- Use case for this is e. g. when users want to port over their Facebook comments/shares/likes after a move from `http` to `https`
2019-05-06 15:27:54 +02:00
Aileen Nowak
79345f9030 🐛 Fixed Twittercard having wrong property when no feature image provided
closes #10706

- Fixed a bug where we weren't assigning `summary_large_image` as Twitter card property when no feature image is provided, but a dedicated Twitter image
- Updated test to reflect this case to be tested better
2019-05-06 12:51:43 +02:00
Katharina Irrgang
2447335ab1 🐛 Fixed post scheduling on restart (#10726)
no issue

- case: restart Ghost and while having a scheduled post 
- caused by 4acc375fb6 (diff-4726ce3c4d18d41afad4b46cb0aa7dd3)
  - the bug exists since 2.12
  - Bookshelf added support (or better said fixed a bug) for accessing previous attributes
  - `object.updated('published_at')` always returned "undefined", because the self-implementation < 2.12 only remembered previous attributes after update (see https://github.com/TryGhost/Ghost/blob/2.11.0/core/server/models/base/index.js#L234)
  - but `object.previous('published_at')` returns the current value (object.get('published_at') === object.previous('published_at') -> and that's why rescheduling on bootstrap never worked
- might fix https://forum.ghost.org/t/scheduled-posts-never-publish/6873/10
- reduced timeouts on scheduling unit tests
2019-05-06 11:11:43 +02:00
Kevin Ansfield
90db78b369 Properly fix escaping in test comparison 2019-05-04 11:46:13 +01:00
Kevin Ansfield
5db9651a60 Fixed tests due to escaped chars in comparison string 2019-05-04 11:39:06 +01:00
Kevin Ansfield
75ae3f8736 Added parsing of html cards when using ?source=html with the v2 Admin API
no issue

- when sending `html` with `?source=html` to the v2 Admin API it's now possible to include blocks of HTML that will be extracted to html cards rather than going through the normal lossy html-to-mobiledoc conversion

Example usage would be sending HTML in the following format:

```html
<p>Some standard content...</p>

<!--kg-card-begin: html-->
<div class="my-custom-html">...</div>
<!--kg-card-end: html-->

<p>Some more content...</p>
```

In this case an html card will be created in the mobiledoc with the content `<div class="my-custom-html">...</div>`.
2019-05-04 11:30:59 +01:00
Fabien O'Carroll
0a67a25dbc Fixed member permission/role relations in fixtures
no-issue

The previous relations were setup to match against "members", which is
plural, but the object_type on the permission is "member". This was
causing the permissions to not be added as a relation to the role.
2019-05-02 17:31:38 +02:00
Kevin Ansfield
990ecec873
Added caption support to code card renderer (#10719)
* Added caption support to code card renderer

refs https://github.com/TryGhost/Ghost-Admin/pull/1181

- when a caption for a code card is provided, render the contents inside a `<figure>` element with a `<figcaption class="kg-card kg-code-card">` to match other caption-enabled cards
2019-05-01 17:10:24 +02:00
Nazar Gargol
f5c1ed8fcb 🐛 Fixed 404 in collection index page if using data.slug
closes #10542

- Fixed error that was causing collection index to not be rendered: relations connected to alliased resource were not fetched
2019-04-30 18:20:20 +02:00
Nazar Gargol
cea598597b Restructured theme check logic
refs #10571

- Removes dependency on 'context' property being set in error when
checking a theme
- Refactoring was needed to be able to avoid passing checked theme as a
part of thrown error (logic was relying on error having this specific
data in context property). This created a problem where we controlled
the logic flow with data in error object.
- Introduced 2 different types of theme check handling, one behaves the
same way as before, the other gives more granulac control to the caller
to decide what to do with returned errors.
2019-04-22 22:34:12 +02:00
Nazar Gargol
809e610842 Added notification access persmission for users of Editor role
closes #9546

- Updated permissions  fixture for Editor role
- Added migration for permissions for Editor users
- Updated tests
2019-04-18 13:02:23 +02:00
Fabien O'Carroll
f9899cb8c4
Updated theme layer to use members-ssr (#10676)
* Removed support for cookies in members auth middleware

no-issue

The members middleware will no longer be supporting cookies, the cookie
will be handled by a new middleware specific for serverside rendering,
more informations can be found here:

https://paper.dropbox.com/doc/Members-Auth-II-4WP4vF6coMqDYbSMIajo5

* Removed members auth middleware from site app

no-issue

The site app no longer needs the members auth middleware as it doesn't
support cookies, and will be replaced by ssr specific middleware.

https://paper.dropbox.com/doc/Members-Auth-II-4WP4vF6coMqDYbSMIajo5

* Added comment for session_secret setting

no-issue

We are going to have multiple concepts of sessions, so adding a comment
here to be specific that this is for the Ghost Admin client

* Added theme_session_secret setting dynamic default

no-issue

Sessions for the theme layer will be signed, so we generate a random hex
string to use as a signing key

* Added getPublicConfig method

* Replaced export of httpHandler with POJO apiInstance

no-issue

This is mainly to reduce the public api, so it's easier to document.

* Renamed memberUserObject -> members

no-issue

Simplifies the interface, and is more inline with what we would want to export as an api library.

* Removed use of require options inside members

no-issue

This was too tight of a coupling between Ghost and Members

* Simplified apiInstance definition

no-issue

* Added getMember method to members api

* Added MembersSSR instance to members service

* Wired up routes for members ssr

* Updated members auth middleware to use getPublicConfig

* Removed publicKey static export from members service

* Used real session secret

no-issue

* Added DELETE /members/ssr handler

no-issue

This allows users to log out of the theme layer

* Fixed missing code property

no-issue

Ignition uses the statusCode property to forward status codes to call sites

* Removed superfluous error middleware

no-issue

Before we used generic JWT middleware which would reject, now the
middleware catches it's own error and doesn't error, thus this
middleware is unecessary.

* Removed console.logs

no-issue

* Updated token expirty to hardcoded 20 minutes

no-issue

This returns to our previous state of using short lived tokens, both for
security and simplicity.

* Removed hardcoded default member settings

no-issue

This is no longer needed, as defaults are in default-settings.json

* Removed stripe from default payment processor

no-issue

* Exported `getSiteUrl` method from url utils

no-issue

This keeps inline with newer naming conventions

* Updated how audience access control works

no-issue

Rather than being passed a function, members api now receives an object
which describes which origins have access to which audiences, and how
long those tokens should be allowed to work for. It also allows syntax
for default tokens where audience === origin requesting it. This can be
set to undefined or null to disable this functionality.

{
    "http://site.com": {
        "http://site.com": {
            tokenLength: '5m'
        },
        "http://othersite.com": {
            tokenLength: '1h'
        }
    },
    "*": {
        tokenLength: '30m'
    }
}

* Updated members service to use access control feature

no-issue

This also cleans up a lot of unecessary variable definitions, and some
other minor cleanups.

* Added status code to auth pages html response

no-issue

This was missing, probably default but better to be explicit

* Updated gateway to have membersApiUrl from config

no-issue

Previously we were parsing the url, this was not very safe as we can
have Ghost hosted on a subdomain, and this would have failed.

* Added issuer to public config for members

no-issue

This can be used to request SSR tokens in the client

* Fixed path for gateway bundle

no-issue

* Updated settings model tests

no-issue

* Revert "Removed stripe from default payment processor"

This reverts commit 1d88d9b6d73a10091070bcc1b7f5779d071c7845.

* Revert "Removed hardcoded default member settings"

This reverts commit 9d899048ba7d4b272b9ac65a95a52af66b30914a.

* Installed @tryghost/members-ssr

* Fixed tests for settings model
2019-04-16 16:50:25 +02:00
Vikas Potluri
c58236e549 🐛 Disallowed locked/suspended users from being made owner via the API (#10647)
- closes #10555
- Added a check to the user modal that the new owner is active 
- Had to refactor Owner->Author unit test (also renamed it)
  - Based on the first 2 lines, owner->editor change is attempted (hence the rename)
  - Since both stubs return a 'modal' with owner role which means owner->owner change is actually attempted
  - Now that there's a user status check, added the `status` property to the user receiving owernship
2019-04-16 10:30:29 +01:00
Fabien O'Carroll
37bcdb0a83 Removed filters module
no-issue

This is no longer used now, as it was for apps to extend Ghost
2019-04-16 11:05:33 +02:00
Fabien O'Carroll
90c2dbcd6b Removed use of filters module
no-issue

As we're deprecating apps, filters are no longer used.

- Removed use of filters in helpers
- Removed use of filters from routing service
- Removed use of filters from rss service
- Removed use of filters in base model
2019-04-16 11:05:33 +02:00
Fabien O'Carroll
54ac98037b Refactored proxy to not take name param
no-issue

This was only used as context to api methods, but those have been removed.
2019-04-16 11:05:33 +02:00
Fabien O'Carroll
ca2dc1889a Removed unused filters object from apps proxy
no-issue

This is not used by any current apps, and apps are considered
deprecated.
2019-04-16 11:05:33 +02:00
Fabien O'Carroll
0d40952232 Removed apps from update-check
no-issue

This only read external apps, so can be removed now we don't support them
2019-04-16 11:05:33 +02:00
Fabien O'Carroll
f74d459dad Removed active and installed apps default settings
no-issue
2019-04-16 11:05:33 +02:00
Fabien O'Carroll
7ae139c6b4 Removed apps lifecycle test
no-issue

This module didn't really seem to be tetsing anything, it was all based
on internally set properties, which if there was a bu, likely the bug
would be reflected in this property too - resulting in useless test.
2019-04-16 11:05:33 +02:00
Fabien O'Carroll
7fcad145c7 Updated app proxy test to ignore permissions
no-issue

The module has no concepts of permissions anymore, so all tests can
ignore this concept too. Also refactors tests to match the new signature
of the module.
2019-04-16 11:05:33 +02:00
Fabien O'Carroll
a77b38cb09 Deleted tests for removed apps service modules
no-issue

The companion moduleis for these tests have been deleted.
2019-04-16 11:05:33 +02:00
Rishabh Garg
62f5bdac4c
Updated to use count words/images helpers from SDK (#10686)
refs #10618

- Added @tryghost/helpers dependency to use Ghost-SDK helpers
- Updated countWords, countImages helpers and removed local copy
2019-04-16 08:00:01 +05:30
Kevin Ansfield
47692b1081 🐛 Fixed last paragraph not rendering on front-end when it's styled
no issue
- the conditional for removal of trailing blank paragraphs was not sufficient to handle paragraphs where the first child element was not a text node such as when the content of the last paragraph is italic
- switched to a method that fully walks the DOM of the last paragraph node to extract its equivalent `.textContent` value for use in the "last para is blank?" check
2019-04-08 16:25:20 +01:00
Fabien O'Carroll
40d74ec3e0 Updated theme middleware tests
no-issue

This allows the tests to not inspect the "internals" of the module, and
deal with the middleware array it exports.

- Removes two layers of indentation for readablity
- Adds executeMiddleware helper
- Reuses the global requires, rather than making new globals for stubs
2019-04-04 10:44:43 +02:00
Naz Gargol
c219446f85
Model regression tests cleanup (#10639)
refs #9178

- Migrated settings model regression to unit tests
- Removed redundant/unuseful post tests
- Extracted post model regression tests to API tests 
- Renamed test suites for consistency
2019-03-26 11:37:32 +08:00
Kevin Ansfield
9886e21cb2 Loosened equality check for error message in GhostMailer test 2019-03-22 13:37:00 +00:00
kirrg001
1e6f4ba340 🐛 Fixed Admin API v2 wasn't returning preview url
no issue

- Admin API v2 returned /404/, see comment in code base:

/**
* CASE: admin api should serve preview urls
*
* @NOTE
* The url service has no clue of the draft/scheduled concept. It only generates urls for published resources.
* Adding a hardcoded fallback into the url service feels wrong IMO.
*
* Imagine the site won't be part of core and core does not serve urls anymore.
* Core needs to offer a preview API, which returns draft posts.
* That means the url is no longer /p/:uuid, it's e.g. GET /api/v2/content/preview/:uuid/.
* /p/ is a concept of the site, not of core.
*
* The site is not aware of existing drafts. It won't be able to get the uuid.
*
* Needs further discussion.
*/
2019-03-21 19:08:38 +01:00
Nazar Gargol
2517e9dc65 Added consistent handling to empty mobiledoc
closes #10612

- Added handling for 'blank' mobiledoc structure which should be converted to '""' instead of '<p></p>'
2019-03-18 20:06:53 +08:00
Nazar Gargol
04857e8823 Added tests for null values in content/excerpt helpers
refs #10612

- Added test coverage for existing implementation in excerpt helper and new changes in content helper (9a21bea)
2019-03-18 19:52:49 +08:00
Fabien O'Carroll
56b6c633f6
Updated backup file names to include timestamp (#10607)
no-issue

Currently if you run two migrations on the same day, the backup is overwritten. This change adds the `HH-mm-ss` to the file name, meaning that you get a unique backup for each migration.
2019-03-13 21:06:05 +01:00
Katharina Irrgang
f64af762ef 🐛 Fixed "Cannot read property 'feature_image' of undefined" (#10602)
no issue

- refs https://forum.ghost.org/t/default-hbs-cannot-read-property-feature-image-of-undefined/6194
-
2019-03-13 18:13:52 +08:00
kirrg001
811ba83b19 🐛 Fixed {{body_class}} helper when using data: page.{slug} in routes
refs #10082

- throwed a 500 because this.page was not handled
- v2 differentiates between page and post
2019-03-12 12:34:16 +01:00
kirrg001
555dc2f180 🐛 Fixed {{meta_title}} output when using data: page.{slug} in routes
refs #10082

- meta_title output wrong meta title

Only solves meta_title outout for this use case:

```
routes:
  /:
    data: page.{slug}
    template: t
```
2019-03-12 12:34:16 +01:00
kirrg001
3b4edccf62 🐛 Fixed {{meta_description}} output when using data: page.{slug} in routes
refs #10599

- meta_description output wrong meta description

Only solves meta_description for this use case:

```
routes:
  /:
    data: page.{slug}
    template: t
```
2019-03-12 12:34:16 +01:00
kirrg001
fef0aa44d3 🐛 Fixed meta twitter_image output when using data: post.{slug} for routes
refs #10082

```
routes:
  /news/:
    data: post.news
```

The twitter_image was not available, because the context is [news, post] and the data is in `data.post`.
The context helper was incorrect. I think it is still not fully correct, but only focused on this use case.
The meta layer needs a full refactoring.
2019-03-12 12:13:47 +01:00
Naz Gargol
34fad7eaaf
Added Canonical URL support to posts&pages in Admin & Content API v2 (#10594)
refs #10593

- Added `canonical_url` field to post&pages resources in Admin & Content APIs
- Support for canonical URL on metadata layer (used in {{ghost_head}} helper)
- Made sure the new field is not accessible from API v0.1 
- Added handling same domain relative and absolute URLs
2019-03-12 17:51:29 +08:00
kirrg001
0c8373afb7 Removed 'null' parsing in settings model
refs #10582

- I don't think this is a good idea
- If a user passses "null", we should treat it as a string
- I am not aware of a use case why people have "null" in their database
- If people send "null" via the API, we should respect this and accept a string
2019-03-11 20:07:48 +01:00
kirrg001
160d50a258 🐛 Fixed /edit url redirecting to wrong admin client url
no issue

- admin client has fixed showing a 500
- we now show a 404 if the url is wrong
- server side has corrected the editor url
2019-03-11 15:26:13 +01:00
Fabien O'Carroll
a2aa66ca73
🐛 Fixed img-url to output relative url by default (#10596)
closes #10595

* Added breaking test for img-url helper

Input from the content API was absolute, adding this test to verify my fix

* Updated existing test to breaking test for img-url

Had made a dumb assumption when building images sizes, this updates the
test to fail so we can verify the fix

* Refactored img-url to return as early as possible

This makes it a little easier to parse what's going on, and it also
allows us to remove the check for existence of the image url in the
getImageSizes function

* Refactored img-url config parsing to clean up core logic

Superficial refactor to make future changes able to focus on what rather
than how.

* Refactored internal image detection into helper

We're gonna need to know if the image is internal or not, when we force
the path to relative, if we pull this out now, we have access in the top
level logic

* Removed duplicate checks for internal image

Cleaning up and moving "higher-level" logic into the main function of
the module

* Renamed attr -> requestedImageUrl

Superficial refactor, trying to be more explicit about identifiers

* 🐛 Fixed img-url to output relative url by default

Includes a check to isInternalImage as we never want to make external
images relative.

* Returned early if img-url recieves external url

After realising we never want to deal with external urls, we can
continue to return as early as possible, letting us remove checks and
simplify the more complex logic for internal images.

* Cleaned up the internal image logic

Defining the three functions in order helps to see what operations are
going to happen and in which order, we can then return the result of
each operation applied to the next operation.
2019-03-11 15:20:05 +01:00
Hannah Wolfe
d2b1e0d4b7 Attr pass-thru & full context in partial helpers
refs #5162

- allow pagination and navigation partial helpers to have attributes passed through to them
    - e.g. {{navigation header=true}} -> {{#if header}} will now work
    - allows styling navigation to be done differently for different sections of the page
- properly create a data frame, and pass through "this" context
    - means {{navigation header=true}} is the same as {{> navigation header=true navigation=@site.navigation}}
    - our partial helpers, have the same behaviour exactly as if the partial was called directly
- this is additive, and improves behaviour
2019-03-09 21:21:01 +00:00
Katharina Irrgang
04c60b4ce1
🐛 Fixed private blogging getting enabled when saving any setting (#10576)
no issue

- Reported here: https://forum.ghost.org/t/in-version-2-16-3-found-bug/6065/3

---

Admin Client sends false or true booleans for `is_private` key.

The settings table has two columns "key" and "value". And "value" is always type TEXT.

If you pass value=false, the db will transform this value into "0".
`settingsCache.get('is_private')` is then always true, even though the value is meant to be false.

We should add a migration in v3 and normalize all setting values to ensure consistent database values. Furthermore, we should improve the handling around settings values in general.

For now, we protect parsing values from DB, which we anyway need to transform the values into the correct data type, because we always save strings. This will protect values being stored as "false" or "1" or whatever.
2019-03-06 12:56:26 +01:00
kirrg001
ac26436c10 🐛 Fixed v0.1 username/password authentication
no issue

- refs 39edb7646e
2019-03-06 10:48:21 +01:00
Kevin Ansfield
39edb7646e
Improved error message when attempting to use disabled v0.1 Public API (#10562)
no issue
- trying to use the v0.1 Public API when it was disabled led to a confusing error message, see https://forum.ghost.org/t/403-forbidden-error-on-postman-api-call/6017
- adds an explicit check for the Public API being enabled in the client authentication step and throws a useful error message if client auth is attempted when it's disabled
2019-03-05 10:41:07 +00:00
Nazar Gargol
30c005f848 🐛 Fixed field filtering for /authors/:id endpoints
closes #10512

- Removed field filtering in blog owner fetching because it didn't work before (fields weren't reduced) and now broke generated sql queries (ambiguous id field)
2019-03-05 15:18:32 +08:00
Nazar Gargol
62c4ae119d 🐛 Fixed field filtering for /tags/:id endpoints
refs #10512

- Fixed ability to fetch specific fields when fetching tag resource by id
- Also only returning `url` field when specified in `fields` parameter
2019-03-05 13:17:38 +08:00
kirrg001
449bae9a48 🐛 Fixed missing "value" property for settings Admin API v2
closes #10518

- we had a very generic logic to remove "unwanted" null values
  - copied from v0.1
  - originally added in 7d4107fec4
- this logic transformed: settings = [{key: 'key', value: null}] to [{key: 'key'}], which is wrong
- i've removed this generic logic completely, because i don't know which purpose it serves
- if there a specific case where we want to remove null values, we should either use the JSON schema or use a specific serializer for the target resource
- added tests to proof that settings API behaves as it should
- one test failed because we removed the isNull logic -> if you send published_at = null on a published post
  - the model layer has a piece of logic to force a date if you set published_at to null if the status is published
  - protected
2019-03-04 20:06:53 +01:00
Fabien O'Carroll
98b4940f70
🐛 Allowed data in collections to use specified key (#10559)
closes #10434

This adds the list of objects to the specified key,
finishing off the work started in the PR here:
https://github.com/TryGhost/Ghost/pull/10449
2019-03-04 17:53:58 +01:00
Kevin Ansfield
5a7356de5b 🐛 Fixed excerpt property being missing if plaintext is NULL or ""
closes https://github.com/TryGhost/Ghost/issues/10558
- added conditional to explicitly set `excerpt` to `null` in the API output serializer when a post has no `plaintext` or `custom_excerpt` value
2019-03-04 14:30:26 +00:00
Fabien O'Carroll
d7238e94c2
🐛 Supported "false" as absolute attribute value (#10556)
no-issue

* Added breaking test
* 🐛 Supported "false" as absolute attribute value

refs https://github.com/TryGhost/docs-api/pull/29
2019-03-04 11:23:42 +01:00
Vikas Potluri
42c472feff Removed superagent dependency (#10535)
no issue

- Migrated default scheduling adapter to use Got via the request proxy
- SchedulingDefault is the only module that was using superagent so removed it as a dependency
2019-03-04 15:59:38 +08:00
kirrg001
f8d1e38290 🐛 Fixed empty amp page
closes #10547

- TODO: raise issue
2019-02-27 17:56:09 +01:00
Rish
d62feca270 Added members permission migrations
no issue

- Added new fixtures for member permissions for Admin
2019-02-26 15:43:36 +07:00
kirrg001
38e93c19b5 Reverted & Solved apiType differently
no issue

- was unable to revert 9dd7aff9c6, because it contains members changes
- functional calls did not work correctly, because the content and admin ctrl differentiation happend in the web layer
- `isContentAPI` returned true for `api.v2.settings.edit(data, {context: {internal:true{})`
- content & admin API are using different controllers
- we can just tell which ctrl is content API and which is not
- the direction fits for the content & admin API split
2019-02-26 08:33:10 +01:00
kirrg001
46d7a5666e Renamed authors ctrl to authors-public
no issue

- consistency
2019-02-26 08:33:10 +01:00
Nazar Gargol
96e0e3fcaf Fixed unit tests
no issue

- Fixed breaking test suites that were introduced with 4f9e687f62
2019-02-26 12:18:06 +07:00
Fabien O'Carroll
4e6a6a24ac Updated Admin API key auth to require kid in header (#10538)
* Required kid be a header claim as according to spec

https://tools.ietf.org/html/rfc7515#section-4.1.4 (JWT is an extension of JWS)

* Updated error message for missing kid

* Fixed admin-api key unit tests

* Fixed regression and acceptance tests
2019-02-26 11:03:47 +07:00
Fabien O'Carroll
cc1f62438d
Added support for serverside rendering of members content (#10522)
no-issue

- Added member auth middleware to siteApp
- Passed member as context in routing service
- set Cache-Control: private for member requests
- fucked up some tests
- Added member as global template variable
- Updated tokens to have expiry of subscription_period_end
2019-02-25 17:03:27 +01:00
Kevin Ansfield
4f9e687f62 Updated mobiledoc renderer to insert begin/end HTML comments around cards
no issue

We're creating tooling to convert HTML to Ghost flavoured mobiledoc, however we have cards that allow arbitrary content without a wrapper element which means that we're unable to do a 1:1 mapping of mobiledoc->html->mobiledoc. To work around this problem we now output HTML comments before/after the output of each card so that our converter can extract card content correctly when parsing HTML.

- added `createCard` method which wraps a card's `render()` method to add begin/end comments and updated all cards to use it
- only takes affect for newly added or re-saved posts/pages
2019-02-25 18:05:01 +07:00
Kevin Ansfield
792c2608c5 Added kg-card-hascaption class to image/gallery/embed cards with captions
refs https://github.com/TryGhost/Ghost/issues/10445
- adds class to card renderers
- class will only be present on new or re-saved posts
2019-02-25 10:15:14 +07:00
Fabien O'Carroll
4a1a245e9b
Updated audience validation for admin api tokens (#10519)
no-issue
2019-02-23 12:51:21 +01:00
Katharina Irrgang
a361a8d7c0
Added support for short format when attaching authors/tags in Admin API v2 (#10505)
closes #10504

- both formats are supported
2019-02-22 13:01:04 +01:00
Katharina Irrgang
dfd350bd69
Cleaned up Admin API v2 posts/pages input serializer (#10516)
no issue

- make use of filter instead of status=all or data.page
- nql was designed to filter data on database layer
- do not break v0.1
- we just got rid of the "status" query param, you should use the filter instead
- get rid of the ugly condition to remove page field if "fields" param was used
- allow filtering on model layer for "findOne"
  - do not allow filtering for "findOne" on API layer for now
  - the API controller defines what is allowed
  - the model layer can allow more by default
  - we can re-use the powerful filter logic without adding hacks
2019-02-22 12:07:34 +01:00
Katharina Irrgang
0a70226128 Separated pages & posts in Admin API v2 (#10494)
refs #10438, refs #10106

* Renamed existing pages ctrl
* Splitted posts & pages for Admin API v2
* Added pages JSON input schema for Admin API v2
* Removed single author for Content & Admin API v2
  - single author is not documented
  - single author usage is deprecated in v0.1
  - single author usage is removed in API v2
* Splitted posts & postsPublic controller for v2
* Removed requirement to send `status=all` from Admin API v2
* Removed `status` option from pages Content API v2
* Removed `status` options from Users Admin API v2
2019-02-22 10:17:14 +07:00
kirrg001
0dd3aad2d0 Required updated_at for Admin API v2 when updating a post/page
refs #10438

- the `updated_at` functions as version control value
- it is required for collision detection
- we might redesign this feature at some point
2019-02-21 08:39:17 +01:00
Nazar Gargol
f394eaa7b8 Added optional support for HTML source
closes TryGhost/Ghost-SDK/issues/51

- Due to JSDOM not supporting Node v6 the support for HTML conversion is now optional
2019-02-21 13:27:47 +07:00
Nazar Gargol
9020293e61 Added posibility to accept html as an input source for post
closes #10471

- Allows accepting HTML input for /posts endpoint when `?source=html` is
present in query parameter along with `html` in request payload
2019-02-15 18:58:46 +00:00
Kevin Ansfield
8e9ade6357
Added migration to insert builtin Zapier integration (#10500)
no issue

A new Zapier app will be released that uses the v2 Admin API which means it will require an ApiKey that is linked to an Integration.

- adds a `type` column to the `integrations` table with the following types allowed:
  - `custom` (default) used by custom integrations added by users
  - `builtin` used by built-in integrations that have their own UI and won't show up in the "Custom Integrations" list
  - `internal` used by "internal" integrations such as the scheduler
- adds a `zapier` "builtin" integration to the fixtures
2019-02-15 14:48:21 +00:00
Nazar Gargol
aab3a5b89d Fixed tests related to tags validations
no issue
2019-02-15 14:04:57 +00:00
Nazar Gargol
18921747bb Added check for empty name for tags
refs #10438

- Also corrected and expanded test cases for tag validation
2019-02-15 13:19:06 +00:00
Nazar Gargol
e305d5e9cb Skiped 'all' validations for posts/tags endpoints
refs #10438

- Skipped validations that are now handled on JSON Schema level and would make sure error messages are consistent for these endpoints
2019-02-15 12:19:49 +00:00
Fabien O'Carroll
9dd7aff9c6
Updated Content API to use members plans to determine permission (#10483)
no-issue


* Refactored hideMembersOnlyContent to 3 "stages"
* Exported paymentConfigured flag from members service
* Updated Content-API to check members service for paymentConfigured
* Updated members content output serializer to remove content if plan required and no plan
* Updated isContentAPI method
* Moved api util test
2019-02-14 18:17:02 +01:00
Fabien O'Carroll
6bdeeaba10
Added apiType property to frame for {Content,Admin} API (#10487)
no-issue

This sets the `apiType` property of the `frame` to 'content' and 'admin'
for the Content & Admin API respectively.
2019-02-13 16:59:10 +01:00
Naz Gargol
ae437a89dd
Updated posts JSON Schema with 'strip' properties (#10488)
refs #10438
refs #9100

- Added 'strip' attributes to properties that need to be ignored
- Relaxed 'uri' format to 'uri-reference'
- Made input array for posts more restrictive
2019-02-13 13:34:45 +00:00
Naz Gargol
40cc6e6548
Added JSON Schema validations for /tags (#10486)
Added JSON Schema validations for /tags endpoints

refs #10438
refs #9100

- Added JSON Schemas for POST/PUT /tags endpoints
- Added 'strip' keyword definition schema allowing to strip data and not throw errors on further validation stages
2019-02-13 12:26:32 +00:00
Nazar Gargol
e47d1e275f Fixed image URL to be stored as relative in mobiledoc
refs #10477
closes #10472

- Adds transformation for any asset absolute URL's into relative used in mobiledoc
2019-02-11 19:20:16 +00:00
kirrg001
38705ef91c Removed test from request_spec.js
no issue

- the test fails randomly, not sure why
- the test is not important, just removing it
2019-02-11 12:11:23 +01:00
Naz Gargol
19643c75dd
Added JSON Schema validation for /posts endpoint (#10468)
refs #10438

- Added  validation helper based on JSON schema
- Added schema validation for POST/PUT in /posts endpoints
- Refactored existing authors validation test suite
- Extended test coverage with a minimally required structure of post.add validator
2019-02-08 10:40:58 +00:00
kirrg001
b83232bf0c Added more webhooks & changed payload
refs #10461

- do not break the existing webhooks by keeping both payload formats for subscribers events
- refactored webhooks service to run models through target API version
- added new events described in the target issue reference
- this refactoring & enhancement is undocumented, further breaking changes will happen because we are actively working on: https://github.com/TryGhost/Ghost/issues/10438
2019-02-07 23:14:27 +01:00
kirrg001
5f4cf42c14 Fixed tests
no issue
2019-02-06 21:36:09 +01:00
kirrg001
fde31b31ba Added permissions for actions including migration
refs #10431

- migration script to add permissions for actions
- restricted to owner & admin & integration role for now
- we will add permissions for other rules too, but we need add more granular restrictions
  - e.g. contributors can only read actions for posts which he created
2019-02-06 18:59:09 +01:00
kirrg001
c127b406fc Added actions table including migration
refs 10431

- add actions table
- add migration
2019-02-06 18:59:09 +01:00
Hannah Wolfe
426c122ed1 Updated messaging around {{get}} helper access
closes #10447

- Get helper message talks about the old API, but upgrading is the best way to solve the problem
- Had to create a way to add a custom message to a labs enabled helper to achieve this
2019-02-04 17:58:35 +00:00
Hannah Wolfe
5365094dfc 🐛 Provided get helper filters access to globals
closes #10448

- using @site.lang to read posts is a valid use case for the get helper filters
- get helper filters have special treatment of anything wrapped in {{}}, in the form of resolvePaths
- resolvePaths uses some custom logic + jsonpath to find the right bit of data to inject
- this function had no handling for globals starting with `@`, and also didn't have access to them
2019-02-04 15:26:45 +00:00
kirrg001
93092c8f20 Removed author from Admin API v2 output
refs #10438

- single author is deprecated and get's completely dropped in v3
2019-01-31 16:27:56 +01:00
kirrg001
7f7b477ce9 Fixed error message being unclear when admin api keys create posts without authors
refs #10438

- integrations != users
- Ghost's assumption is: if you create a post, the primary author becomes the logged in user
- we have to require authors for integrations
- short fix and needs some more thoughts later
2019-01-31 16:27:56 +01:00
Fabien O'Carroll
95880dddeb
🐛 Updated base model to store null instead of empty string (#10425)
refs #10388 

This updates the base model to retrieve column information, and explicitly set every property whose column is `nullable` and content is the empty string (`""`) to `null`
2019-01-28 16:58:28 +01:00
kirrg001
cc87b78517 Fixed tests because of .only
no issue
2019-01-28 10:08:21 +01:00
kirrg001
1c1b9021db Removed .only from core/test/unit/api/v2/index_spec.js
no issue

- oops
2019-01-28 10:03:57 +01:00
Nazar Gargol
6318b65cab Changed context.api_key_id to an object containing key type information
refs #9865

- Changed id passed for api_key to an object to be able to differenciate between admin and content api requests
- Added integration id to frame context
- Small refactoring of frame context initialization
2019-01-24 17:22:58 +00:00
Naz Gargol
a0712d23e8
Shortened admin key length (#10418)
refs #10156

- Updated ApiKey model to use shorter secrets for admin keys
2019-01-24 13:46:33 +00:00
Nazar Gargol
5fbad09a56 Modified Admin API key output format
refs #9865

- Changed key format to {id}:{secret} so API consumer only has to worry about copying a single value during setup
- Updated key expiration time in getValidAdminToken test helper to match server side expiration check
2019-01-23 17:18:50 +00:00
Katharina Irrgang
5921d9ce4a
Removed unit tests who use the database (#10407)
refs #9178

## Rule

- do not use the database in unit tests
- re-add correct unit tests if you work on something which is not tested properly (we have to bring them back at some point, but without using the database)
2019-01-22 13:36:30 +01:00
Katharina Irrgang
4acc375fb6
Bumped knex & bookshelf dependencies (#10404)
refs #9389, refs #9248

- https://github.com/bookshelf/bookshelf/releases/tag/0.14.0
- Bookshelf has fixed it's previous attr handling, see https://github.com/bookshelf/bookshelf/pull/1848
- SQlite3 double slashes was merged into knex and released 👻tgriesser/knex@c746dea
2019-01-21 21:53:11 +01:00
Katharina Irrgang
fb044e6d88
Bumped sinon from 4.4.6 to 7.3.2 (#10400)
refs #9389

- https://github.com/sinonjs/sinon/blob/master/CHANGELOG.md

Breaking changes for Ghost:

- no need to create a sandbox anymore, each file get's it's own sandbox
- just require sinon and use this sandbox
- you can still create separate sandboxes with .createSandbox
- reset single stubs: use .resetHistory instead of .reset

This is a global replace for any sandbox creation.

---

From https://sinonjs.org/releases/v7.2.3/sandbox/

> Default sandbox
> Since sinon@5.0.0, the sinon object is a default sandbox. Unless you have a very advanced setup or need a special configuration, you probably want to just use that one.
2019-01-21 17:53:44 +01:00
Nazar Gargol
c3e22b6ab9 🐛 Fixed forced page filter not being respected in Content API
closes https://github.com/TryGhost/Ghost/issues/10395, https://github.com/TryGhost/Ghost/issues/10390

- The grouping was introduced due to a flasy conjunction of last filter in 'or' group with enforced page filter, due to this the rest of filters in the 'or' group were bypassed
- Additional grouping added here increases the possiblity of https://github.com/NexesJS/NQL-Lang/issues/7 bug happening
2019-01-21 13:26:45 +00:00
Katharina Irrgang
a927aecc3f
🐛 Fixed prev_next helper when using Content API v2 (#10397)
closes #10389
2019-01-21 11:48:18 +01:00