Commit Graph

10982 Commits

Author SHA1 Message Date
Renovate Bot
02dd0df371
Update dependency oembed-parser to v1.3.9 2020-05-07 08:14:41 +00:00
Renovate Bot
e5cc0cb130
Update dependency eslint-plugin-ghost to v1.4.0 2020-05-06 17:15:42 +00:00
Daniel Lockyer
f0348014d7 v3.15.0 2020-05-06 13:43:38 +01:00
Daniel Lockyer
6c90db3a90 Updated Ghost-Admin to v3.15.0 2020-05-06 13:43:38 +01:00
Kevin Ansfield
0eec876cb1 Removed separate reset/forced-reset emails and updated email copy
refs https://github.com/TryGhost/Ghost/pull/11790

- reduced complexity by sticking to one email for both normal reset and forced reset (locked staff accounts)
- exposed `siteTitle` for use in any email templates
- updated email copy to be suitable for both types of password reset
2020-05-06 13:20:11 +01:00
Renovate Bot
7b0efa34a4
Update dependency oembed-parser to v1.3.8 2020-05-06 11:16:05 +00:00
Naz
c84866dda7
Improved password reset and session invalidation for "locked" users (#11790)
- Fixed session invalidation for "locked" user
  - Currently Ghost API was returning 404 for users having status set to "locked". This lead the user to be stuck in Ghost-Admin with "Rousource Not Found" error message.
  - By returning 401 for non-"active" users it allows for the Ghost-Admin to redirect the user to "signin" screen where they would be instructed to reset their password

- Fixed error message returned by session API
  - Instead of returning generic 'access' denied message when error happens during `User.check` we want to return more specific error thrown inside of the method, e.g.: 'accountLocked' or 'accountSuspended'
  - Fixed messaging for 'accountLocked' i18n, which not corresponds to the
actual UI available to the end user

- Added automatic password reset email to locked users on sign-in
  - uses alternative email for required password reset so it's clear that this is a security related reset and not a user-requested reset

- Backported the auto sending of required password reset email to v2 sign-in route
  - used by 3rd party clients where the email is necessary for users to know why login is failing

Co-authored-by: Kevin Ansfield <kevin@lookingsideways.co.uk>
2020-05-05 19:37:53 +01:00
Rishabh Garg
a01bcdd2d0
Added new endpoint for refreshing api key secret (#11791)
no issue

- Adds new endpoint on integration to refresh admin/content api key secret
- Allows owner/admin to refresh their content or admin API keys for an integration via Ghost Admin
- Adds a new `refreshed` event to actions table for anytime an api_key secret is refreshed
2020-05-05 23:36:21 +05:30
Renovate Bot
21f5912c2d
Update dependency metascraper-logo-favicon to v5.11.12 2020-05-04 15:15:40 +00:00
Fabien O'Carroll
7e72f44d6b
Fixed indentation in config.development.json
no-issue
2020-05-04 16:41:02 +02:00
Hannah Wolfe
53d14fd8e3 Added Router etc to shared/express + use everywhere
- Added a wrapper around express.Router to our shared/express util
- Also export static and _express
- Use this shared util everywhre, meaning express is only used directly in this one file
- ATM this file is mostly an experiment / debug helper, it might be removed again later
- The aim is to have a minimal framework wrapping express that allows us to:
     - reduce our usage of express() in favour of Router()
     - unify some of our duplicated logic
     - fix some structural issues e.g. Sentry
     - make it easier to understand the codebase
2020-05-01 19:32:57 +01:00
Hannah Wolfe
515d6936f0 Updated watch to cover all server JS files
- watch wasn't restarting the dev env if you edit the index.js or core/index.js
- these files aren't changed often, but it's still important that Ghost restarts when they do!
2020-05-01 18:00:57 +01:00
Hannah Wolfe
8383b11d84 Cleaned up some weird require paths
- these require paths go back too far. They work but it's odd!
2020-05-01 18:00:57 +01:00
Kevin Ansfield
ee20efc971 Fixed Outlook not centring content column in member emails
refs https://github.com/TryGhost/Ghost/issues/11756

- we removed the fixed `width: 600px` to fix gmail scaling but that means we need a new way of creating a 600px centre column in Outlook
2020-05-01 13:40:02 +01:00
Kevin Ansfield
28b24d2095 Fixed video embed card fallback display across gmail apps
refs https://github.com/TryGhost/Ghost/issues/11756

- bumped kg-default-cards package to generate fixed html for video embed fallbacks
2020-05-01 13:22:52 +01:00
Renovate Bot
f8c1d5b0e6
Update dependency gscan to v3.5.4 2020-05-01 10:15:50 +00:00
Kevin Ansfield
2404710e66 🐛 Fixed tiny font sizes sometimes seen in member emails on gmail mobile apps
refs https://github.com/TryGhost/Ghost/issues/11756

- fixed gmail scaling problems
  - the `width: 600px` on `.container` was forcing gmail to always render at 600px wide and then use scaling to resize the email to fit the device width
  - for most emails gmail would also apply their own font resizing to compensate so it didn't look _too_ bad
  - some emails however would not trigger the font resizing, most notably when posts contained a feature image, which would result in very small text
  - removing the fixed `width: 600px` resolves the scaling problem and lets the email be truly responsive
- removed attribute selectors in the media query CSS
  - gmail does not support attribute selectors
  - attribute selectors used to be necessary for Yahoo Mail but this is no longer the case
- tested using litmus.com for all popular email clients
2020-05-01 11:06:52 +01:00
Renovate Bot
549ef7aaa9
Update dependency metascraper-logo-favicon to v5.11.11 2020-04-30 20:14:34 +00:00
Hannah Wolfe
baa8118893 Refactor common pattern in service files
- Use array destructuring
- Use @tryghost/errors
- Part of the big move towards decoupling, this gives visibility on what's being used where
- Biting off manageable chunks / fixing bits of code I'm refactoring for other reasons
2020-04-30 20:48:42 +01:00
Hannah Wolfe
c70c49258e Added new members/api/site endpoint
- easy way to access public settings needed for building members clients
- no auth means this is for public info only
2020-04-30 19:50:40 +01:00
Hannah Wolfe
5365522cf5 Removed dupe use of labs.members & leftover file
- Meant to cleanup the old api/canary/members earlier, removed now as it's unused
- Also removed all the duplicate references to labs.members in various places
2020-04-30 19:33:09 +01:00
Hannah Wolfe
0cba02b370 Renamed members ssr + api endpoints 2020-04-30 19:00:37 +01:00
Hannah Wolfe
fa4dfa1b21 Moved members API out of backend 2020-04-30 18:18:39 +01:00
Hannah Wolfe
d7c60d1bd8 Fixed silly find&replace issue in members.js
- Delete contains the word let 🙈
2020-04-30 17:56:18 +01:00
Hannah Wolfe
84d8c89c37 Revert const/let changes in members.js
- My codebase-wide replacement of const/let yesterday went one step too far :)
- grunt uglify:prod fails on the use of const
- This file should continue to use var for the time being cos there's plans to upgrade this script already :)
2020-04-30 17:36:41 +01:00
Hannah Wolfe
a1f2715135 Moved members app mount to parent app
- Clarify that the parent app has 2 distinct parts: backend and frontend
- Frontend app takes members and site apps + the frontend SSL redirect middleware
- Backend app already has admin + API (and the SSL redirect needs significant work)
- There's a lot more to do here, but this increases clarity
2020-04-30 17:01:17 +01:00
Rish
87fa1db0c0 Bumped @tryghost/members-api to 0.18.3
no issue

- This bump adds ability to pre-fill customer email in stripe checkout session
2020-04-30 17:56:41 +05:30
Hannah Wolfe
985bbbd194 Moved members routing+mw into its own app
- create a new app for the /members/ endpoint
- moved all /members/ routes and middleware onto this app
- helps to separate members and frontend/site logic so we can start to decouple things more
2020-04-30 13:03:27 +01:00
Hannah Wolfe
822fda59cb Added a TODO for members access code
- Need to rethink how & where we apply this
- Want to make sure I find this again later :D
2020-04-30 13:03:27 +01:00
Kevin Ansfield
81bf1667fa Fixed video embed card fallback display in Outlook
refs https://github.com/TryGhost/Ghost/issues/11756

- updates `@tryghost/kg-default-cards` which includes a VML version of video embed card fallbacks
- fixes play button styling for Yahoo Mail
- adds a minimum height to video embeds so they appear more reasonable when images are not loaded
2020-04-30 12:08:06 +01:00
Renovate Bot
f8cecee05d
Update dependency @tryghost/members-ssr to v0.7.7 2020-04-30 10:45:08 +00:00
Renovate Bot
cc7bd3992b Update dependency uuid to v8 2020-04-30 09:58:07 +01:00
Rish
e54a8b5112 🐛 Fixed next middleware call after magic link redirect
no issue

We changed the magic link route handling from setting global value to just redirecting to frontend in [this](d8d5d6b7d0 (diff-0d54454fd954b0203a71ec52df4bd4c0R96-R98)) commit, but missed removing `next()` call which attempts to send response again causing Unhandled rejection error. This change simply removes the extra `next()` call
2020-04-30 13:47:20 +05:30
Daniel Lockyer
182a64dbc5 Reverted "Updated pull request template"
no issue

- this reverts commit f3bf2237e6
- ensuring regression tests pass should not be the full responsibility
  of the contributor so revert back to the prior advice
2020-04-30 09:10:40 +01:00
Hannah Wolfe
3133c302fc Fixed error in redirect regression test
- this redirect is the only one in our tests which is permanent
- also I verified that this new test works the same before and after the recent changes :)
2020-04-30 09:01:49 +01:00
Daniel Lockyer
f3bf2237e6 Updated pull request template
no issue

- adds `yarn test-all` for running the full test-suite and documents
  this in the PR template
2020-04-30 08:26:17 +01:00
Federico Tibaldo
4fcc31015b
🐛 Fixed regex match replacement when dealing with external URLs (#11781)
refs #10898

- Execute string replacement on external paths
- Take non-top-level base URLs into consideration (to avoid #10776 dups)
- Added tests for all of the above cases
2020-04-30 07:51:36 +01:00
Renovate Bot
e6dbf4ce47
Update dependency @tryghost/kg-markdown-html-renderer to v1.0.4 2020-04-29 19:38:11 +00:00
Hannah Wolfe
d8d5d6b7d0 Moved magiclink handling to /members/ + added redirect
- Magic link token handling doesn't need to be global, this couples the system to the frontend, which isn't necessary
- Instead, we create a session from the token, and redirect to the frontend
- Move res.locals.members setting into existing middleware function instead of having it separate
2020-04-29 19:35:41 +01:00
Hannah Wolfe
0e1ae7c2af Separated members token mw from members session mw
- The existing createSessionFromToken was actually doing two things behind the scenes
   1. Handling the ?token from the magic link and creating an actual session (mounted globally, which is not necessary)
   2. Loading an existing session so that a member is logged in to the frontent
- IMO 1. is part of members, and doesn't need to be global
- IMO 2. is part of the frontend. It does need to be global but should NOT be hidden away behind the token middleware, as it wasn't clear what this was doing
2020-04-29 19:19:19 +01:00
Hannah Wolfe
f10b4394dc Updated new local config to not affect tests
- if you have local config, e.g. a subdirectory in your URL, this would affect the tests
- tests should always only use test config
2020-04-29 18:54:03 +01:00
Renovate Bot
1c0db1dc87
Update dependency @tryghost/kg-card-factory to v1.0.3 2020-04-29 16:42:41 +00:00
Daniel Lockyer
7fe5bacada Changed bulk-email error to EmailError
no issue

- this error is more suitable than the generic GhostError
2020-04-29 17:20:04 +01:00
Hannah Wolfe
22e13acd65 Updated var declarations to const/let and no lists
- All var declarations are now const or let as per ES6
- All comma-separated lists / chained declarations are now one declaration per line
- This is for clarity/readability but also made running the var-to-const/let switch smoother
- ESLint rules updated to match

How this was done:

- npm install -g jscodeshift
- git clone https://github.com/cpojer/js-codemod.git
- git clone git@github.com:TryGhost/Ghost.git shallow-ghost
- cd shallow-ghost
- jscodeshift -t ../js-codemod/transforms/unchain-variables.js . -v=2
- jscodeshift -t ../js-codemod/transforms/no-vars.js . -v=2
- yarn
- yarn test
- yarn lint / fix various lint errors (almost all indent) by opening files and saving in vscode
- grunt test-regression
- sorted!
2020-04-29 16:51:13 +01:00
Kevin Ansfield
d255d98bbb Improved display of video embed cards in member emails
refs core/server/api/canary/oembed.js

- updated `kg-default-cards` to a version that will render a thumbnail and play button overlay for video embed cards when rendering to an email target
- added styling for video embed play button overlays to members email template
2020-04-29 16:44:20 +01:00
Kevin Ansfield
1f85ef46d2 Adjusted oembed endpoints to fetch higher resolution thumbnails
no issue

- embed cards now store metadata including thumbnail urls in their payload
- we want to use this metadata to render video cards in emails
- by default oembed endpoints return fairly small thumbnail images that don't look great when blown up
- oembed supports a `maxwidth` query param that will instruct oembed providers to return larger sizes of the content if available
2020-04-29 16:44:20 +01:00
Daniel Lockyer
6d21bbfc63 🐛 Fixed handling of Handlebars errors
no issue

- Handlebars now throws an Error for misuse errors within the if/unless
  helpers, but our error handling checks for a TypeError
- this would skip using an IncorrectUsageError and ends up throwing a GhostError
- this commit removes the TypeError check and switches to using the
  Handlebars error message
2020-04-29 16:32:50 +01:00
Renovate Bot
a72c4e7905
Update dependency knex-migrator to v3.4.6 2020-04-28 15:55:06 +00:00
Daniel Lockyer
9a962368dc Added Node environment to Sentry metadata
no issue

- this allows us to differentiate between development and production
2020-04-28 08:50:16 +01:00
Renovate Bot
ce48d36a49 Update dependency knex to v0.21.1 2020-04-28 08:48:46 +01:00