Commit Graph

1825 Commits

Author SHA1 Message Date
Renovate Bot
9642635ca9 Update dependency @tryghost/job-manager to v0.8.9 2021-10-01 08:38:40 +01:00
renovate[bot]
1b6253e140
Update dependency @tryghost/members-importer to v0.3.3 (#13372)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-09-29 10:58:10 +02:00
Kevin Ansfield
59adb9a9cb Added route for updating custom theme settings
refs https://github.com/TryGhost/Team/issues/1070

- bumped `@tryghost/custom-theme-settings-service` for access to `.updateSettings()`
- added `PUT /custom_theme_settings` route that delegates to `customThemeSettingsService.updateSettings()` to perform the db and cache updates
- invalidates the cache in Ghost because a theme setting change will mean the front-end output will change
2021-09-28 16:09:39 +01:00
Daniel Lockyer
1e5f28727d
🐛 Fixed mail config not respecting disabled secure connections
refs https://forum.ghost.org/t/un-noticed-email-config-change-in-4-15-16/25869/6
refs https://linear.app/tryghost/issue/CORE-66/fixed-secureconnection-alias-for-nodemailer

- `secureConnection` was removed in Nodemailer 1.0.2 in favor of
  `secure` but we're locked into supporting it because a lot of
  our users will have it in their config
- I attempted to alias it to keep compatibility but I did this
  incorrectly and only handled the cases where it was set to `true`
- this meant users who had disabled secure connections were seeing SSL
  warnings because the library was trying to connect via SSL to a
  non-SSL endpoint
- the aliasing is fixed in `@tryghost/nodemailer` 0.3.3 and so this
  commit bumps the package in Ghost
2021-09-28 15:19:36 +01:00
renovate[bot]
9797787c4b
Update dependency @tryghost/magic-link to v1.0.13 (#13370)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-09-28 16:09:07 +02:00
renovate[bot]
135bb6a4a4
Update dependency @tryghost/members-csv to v1.1.7 (#13371)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-09-28 16:08:50 +02:00
renovate[bot]
7044fd459e
Update dependency @tryghost/members-ssr to v1.0.14 (#13373)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-09-28 15:44:06 +02:00
Fabien O'Carroll
b22050c037 Added initial support for Offers 1-day version
refs https://github.com/TryGhost/Team/issues/1090

This updates the members-api to allow passing an Offer ID when creating
a Stripe Checkout Session. This will be used for the 1-day version of
Offers.
2021-09-28 15:10:27 +02:00
Renovate Bot
328a88087b
Update metascraper to v5.24.7 2021-09-27 21:15:26 +00:00
Renovate Bot
85c46b4eda Update dependency postcss to v8.3.8 2021-09-27 13:00:59 +01:00
Kevin Ansfield
2947db0e6b
Added API endpoint for browsing custom theme settings (#13362)
refs https://github.com/TryGhost/Team/issues/1070

- bumped `@tryghost/custom-theme-settings-service` to get access to `.listSettings()` method
- added GET `/api/canary/admin/theme_settings/` route behind `'customThemeSettings'` feature flag that uses the custom theme settings service to return settings resources that are a combination of the theme-provided definition and the saved value
2021-09-27 11:31:47 +01:00
Renovate Bot
91a6917563
Update dependency mocha to v9.1.2 2021-09-27 03:11:58 +00:00
Kevin Ansfield
04dd409243
Added syncing and theme exposure of custom theme settings (#13354)
refs https://github.com/TryGhost/Team/issues/1070

- added `@tryghost/custom-theme-settings-service` as a dependency
- `core/server/services/custom-theme-settings` creates an instance of the new service passing in the model used for storing the setting keys/values and a cache instance
- requiring `core/shared/services/custom-theme-settings-cache` creates a cache instance, it has no dependencies so can be required anywhere and the first require will initialize the shared instance
- updated the theme activation bridge to trigger the theme settings service to sync the newly activated theme settings and populate the cache
- updated theme validation to pass `labs` through as an option so that we get custom theme settings back as part of the checked theme as that's what is passed to the custom theme settings service
2021-09-23 12:44:39 +01:00
Renovate Bot
cecec3d253 Update dependency @tryghost/email-analytics-service to v1.0.1 2021-09-23 12:39:32 +01:00
Fabien O'Carroll
91907cd900 Bumped @tryghost/members-api for security patch
refs https://github.com/TryGhost/Ghost/commit/944c2cc9af

The original fix for this happened off of `main` on a separate branch for
v4.15.1 - the same was the case for the @tryghost/members-api package.

Because work happened on both packages in `main`, since the versions
that were patched, we needed to rebump the dependency here to include
the changes.
2021-09-23 12:18:08 +02:00
Renovate Bot
8560aa6b34 Update dependency @tryghost/email-analytics-provider-mailgun to v1.0.1 2021-09-23 10:09:38 +01:00
Renovate Bot
701d5555a2
Update dependency glob to v7.2.0 2021-09-23 01:03:51 +00:00
Renovate Bot
5da0caf9cc Update dependency @tryghost/package-json to v1.0.3 2021-09-22 19:17:29 +01:00
Renovate Bot
99c776aa10 Update dependency @tryghost/constants to v0.1.9 2021-09-22 19:17:20 +01:00
Renovate Bot
c52d1bbe37 Update dependency @tryghost/job-manager to v0.8.8 2021-09-22 19:17:12 +01:00
Renovate Bot
9c64228e13 Update dependency @tryghost/mw-session-from-token to v0.1.23 2021-09-22 19:17:05 +01:00
Renovate Bot
ee67df704e Update dependency @tryghost/vhost-middleware to v1.0.16 2021-09-22 19:16:58 +01:00
Renovate Bot
cabb7c779b Update dependency @tryghost/security to v0.2.10 2021-09-22 19:16:45 +01:00
Renovate Bot
a8fb066c71 Update dependency @tryghost/limit-service to v0.6.2 2021-09-22 18:02:34 +01:00
Renovate Bot
e6845237e0 Update dependency @tryghost/image-transform to v1.0.14 2021-09-22 18:02:09 +01:00
Renovate Bot
ca798ccb73 Update dependency @tryghost/errors to v0.2.14 2021-09-22 18:02:00 +01:00
Renovate Bot
cd008a6d48 Update dependency @tryghost/config-url-helpers to v0.1.1 2021-09-22 18:01:50 +01:00
Renovate Bot
db907f88f2 Update dependency @tryghost/bootstrap-socket to v0.2.10 2021-09-22 18:01:44 +01:00
Renovate Bot
0c4e119483 Update dependency @tryghost/adapter-manager to v0.2.15 2021-09-22 18:01:38 +01:00
Renovate Bot
be47f78293 Update dependency @tryghost/promise to v0.1.10 2021-09-22 18:01:17 +01:00
Renovate Bot
27ce353222 Update dependency @tryghost/session-service to v0.1.25 2021-09-22 18:01:07 +01:00
Renovate Bot
db2c7b64dd Update dependency @tryghost/tpl to v0.1.4 2021-09-22 18:00:59 +01:00
Renovate Bot
40fd068229 Update dependency @tryghost/zip to v1.1.15 2021-09-22 18:00:40 +01:00
Renovate Bot
23bece59a9 Update dependency @tryghost/update-check-service to v0.2.2 2021-09-22 16:31:51 +01:00
Rishabh
4c4efc3a3a Added member analytics events handling
refs https://github.com/TryGhost/Team/issues/1064
refs https://github.com/TryGhost/Team/issues/1056
refs https://github.com/TryGhost/Team/issues/1054
refs https://github.com/TryGhost/Team/issues/1055

- adds handling for new member analytic events including new ingress endpoint
- introduces member-analytics packages and code
2021-09-22 18:21:10 +05:30
renovate[bot]
e9e9d90ec4
Update dependency @tryghost/members-ssr to v1.0.13 (#13332)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-09-22 11:33:14 +02:00
renovate[bot]
bbe6a0a933
Update dependency @tryghost/magic-link to v1.0.12 (#13331)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-09-22 11:32:59 +02:00
Renovate Bot
c8afdac0c9 Update dependency postcss to v8.3.7 2021-09-22 10:01:09 +01:00
Renovate Bot
ebf13f07a0
Update dependency @sentry/node to v6.13.2 2021-09-21 16:32:20 +00:00
Renovate Bot
7c1192fc20
Update dependency @sentry/node to v6.13.1 2021-09-20 18:46:49 +00:00
Renovate Bot
9615d76ff3
Update dependency @sentry/node to v6.13.0 2021-09-20 15:08:22 +00:00
Daniel Lockyer
8a534c5b14
🐛 Fixed sending emails via SES or non-standard SMTP config
fixes https://linear.app/tryghost/issue/CORE-45/

- this commit fixes two email related issues:
    - SES transport: the auth mechanism was set up wrong and so none of
      the requests would go through. This now follows the docs on https://nodemailer.com/transports/ses/
    - SMTP transport: the latest versions of Nodemailer don't seem to
      allow overriding of options if a service is present. I've filed
      https://github.com/nodemailer/nodemailer/issues/1327 but in the
      mean time, I assign the options back to the transporter object
      to ensure they always get applied
- I've fixed this in our `@trghost/nodemailer` package and so this commit
  bumps that here
2021-09-20 15:53:44 +01:00
Renovate Bot
12f59e7ec0 Update dependency coffeescript to v2.6.0 2021-09-20 08:04:52 +01:00
Renovate Bot
9fb78b338c Lock file maintenance 2021-09-20 02:46:58 +00:00
Daniel Lockyer
93e4b2eafd 🔒 Fixed remote command injection when using sendmail email transport
refs https://github.com/TryGhost/Ghost/security/advisories/GHSA-wfrj-qqc2-83cm
refs https://github.com/advisories/GHSA-48ww-j4fc-435p

- a vulnerability in `nodemailer` means that the `sendmail` transport is
  vulnerable to command injection for flags passed to the `sendmail`
  binary
- updating to the latest version of Nodemailer required creating
  `@tryghost/nodemailer`, which is a wrapper around Nodemailer and
  several plugins that used to be in the core
- this commit switches to using that package, and fixes up some small
  code + test changes
2021-09-17 16:46:51 +01:00
Renovate Bot
3eb41d3e36 Update dependency @tryghost/root-utils to v0.3.4 2021-09-15 08:44:13 +01:00
Renovate Bot
fc66c6621f Update dependency @tryghost/logging to v0.1.7 2021-09-15 08:44:04 +01:00
Renovate Bot
b6c8a8efdf Update dependency @tryghost/validator to v0.1.5 2021-09-15 08:43:53 +01:00
Renovate Bot
3e7f9cd54c Update dependency @tryghost/request to v0.1.5 2021-09-14 18:30:37 +01:00
Renovate Bot
ac7f92b8d5 Update dependency @tryghost/debug to v0.1.5 2021-09-14 18:30:22 +01:00
Renovate Bot
50dfe20369 Update dependency @tryghost/bookshelf-plugins to v0.3.1 2021-09-14 17:51:14 +01:00
Renovate Bot
18945ef805 Update dependency @tryghost/version to v0.1.4 2021-09-14 17:50:46 +01:00
Renovate Bot
fb452d739a
Update dependency sanitize-html to v2.5.1 2021-09-14 14:56:18 +00:00
Renovate Bot
5251d1e559
Update dependency analytics-node to v5.1.0 2021-09-13 22:22:11 +00:00
Renovate Bot
66a705930c
Update metascraper to v5.24.6 2021-09-13 08:35:39 +00:00
Kevin Ansfield
a277ff5bf4 Bumped @tryghost/kg-* dependencies
no issue

- includes bump to minimum version of `markdown-it` for consistency between Ghost and Admin markdown rendering
2021-09-13 09:34:18 +01:00
Daniel Lockyer
0c7c34ff67 Updated bookshelf-relations dependency to 2.2.0 2021-09-10 16:59:11 +01:00
Daniel Lockyer
7b93efddd0 Updated bookshelf dependency to 1.2.0 2021-09-10 16:59:11 +01:00
Renovate Bot
74c43bcea5 Update dependency c8 to v7.9.0 2021-09-10 11:25:21 +01:00
Daniel Lockyer
10fa1283ca Updated ghost-storage-base to v0.0.6
no issue

- this package has been bumped to support Node 12 + 14
- AFAICT I added it to the Renovate list back when we had some timezone
  issues with moment, but we've since pinned the version of moment so we
  shouldn't experience that now
- therefore this commit also removes it from the Renovate ignore list
2021-09-09 10:15:26 +01:00
Renovate Bot
c05432889a
Update dependency sanitize-html to v2.5.0 2021-09-08 21:18:14 +00:00
Fabien O'Carroll
07e595b9aa Fixed webhook handler when Stripe is not connected
no-issue

The webhook handler did not correctly check for whether or not Stripe
was connected, and would attempt to handle webhooks anyway, resulting in
errors due to missing Stripe config. This fixes the handler to exit
early.
2021-09-08 12:41:20 +02:00
Renovate Bot
0bb14c115b Update dependency @tryghost/members-importer to v0.3.2 2021-09-08 10:34:07 +02:00
Fabien O'Carroll
fd574f527c Removed webhooks when disconnecting stripe
refs https://github.com/TryGhost/Team/issues/1006

The @tryghost/members-api module has been updated to remove webhooks
from Stripe when disconnecting. This will ensure that we do not leave
around old/invalid webhooks that will not be handled and generate
errors.
2021-09-07 18:58:25 +02:00
Fabien 'egg' O'Carroll
cd89c7e427
Used @tryghost/members-api Stripe disconnect logic (#13290)
refs https://github.com/TryGhost/Team/issues/1006

Moving the logic of disconnecting Stripe into the members-api module
decouples the Ghost API from the Members API internals. This method can
now be updated independently of Ghost, to implement the deletion of
webhooks from Stripe.
2021-09-07 18:25:53 +02:00
Fabien 'egg' O'Carroll
ae844db60b
Fixed handling of Complimentary Stripe subscriptions (#13289)
refs https://github.com/TryGhost/Team/issues/995

Since we reintroduced the comped status, we did not update the
subscription handling to correctly set members to a status of comped
when they were on a 'Complimentary' plan. This meant that 'comped' members
had a status of 'paid'. The changes to @tryghost/members-api ensure that
handling subscriptions going forward will not result in this error.

Since we handle the Complimentary plan correctly now, we do not need to
manually check for the existence of one, we can instead rely on the
status to set the `comped` flag.
2021-09-07 11:31:47 +01:00
renovate[bot]
677dc1a59b
Update dependency @tryghost/members-csv to v1.1.6 (#13273)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-09-06 16:16:10 +01:00
renovate[bot]
a8902bd1f8
Update dependency @tryghost/members-ssr to v1.0.12 (#13275)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-09-06 16:16:01 +01:00
renovate[bot]
b8b9707ddb
Update dependency @tryghost/magic-link to v1.0.11 (#13272)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-09-06 16:15:46 +01:00
Renovate Bot
f34a862526 Update dependency @tryghost/helpers to v1.1.52 2021-09-06 12:32:34 +01:00
Renovate Bot
b89967f9fb Update dependency @tryghost/logging to v0.1.6 2021-09-06 12:32:26 +01:00
Fabien O'Carroll
dd2def277c Fixed errors when creating complimentary subscriptions
no-issue

The ProductRepository changed to require the options parameter which is
not passed when created complimentary subscriptions. This updates the
code to no longer require the options parameter and instead provide a
default.
2021-09-06 12:55:20 +02:00
Renovate Bot
33d94dadb8 Lock file maintenance 2021-09-06 04:37:57 +00:00
Renovate Bot
da151790af Lock file maintenance 2021-09-06 02:47:49 +00:00
Renovate Bot
7851e4ce52
Update dependency oembed-parser to v1.4.8 2021-09-03 03:32:36 +00:00
Fabien O'Carroll
a39dd7255d Fixed updating products inside of a transaction
no-issue

When updating products we make many reads and writes to the database,
some of these reads were not happening inside of a transaction which was
causing issues when loading the members setting page. This bumps the
@tryghost/members-api dependency to ensure that all of the database
operations happen inside of the transaction
2021-09-01 19:14:21 +02:00
renovate[bot]
f52d0136ef
Update dependency @tryghost/kg-mobiledoc-html-renderer to v5.1.1 (#13251)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-09-01 09:12:09 +01:00
renovate[bot]
2f2939ec1b
Update dependency @tryghost/color-utils to v0.1.2 (#13269)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-09-01 09:11:21 +01:00
Naz
75744041c1 Allowed for a 'sent' status in canary Admin Post API
refs https://github.com/TryGhost/Team/issues/892

- When a published email-only post is edited on the client it sends through a "sent" status over to the backend over PUT endpoint. It's a valid new status that should be accepted by the validation
2021-09-01 10:55:13 +04:00
Renovate Bot
966f167fd9
Update dependency @sentry/node to v6.12.0 2021-08-31 16:25:51 +00:00
Renovate Bot
192f0d07ba Lock file maintenance 2021-08-30 05:34:49 +00:00
Renovate Bot
ac57c1b364
Update dependency mocha to v9.1.1 2021-08-30 00:13:33 +00:00
Fabien O'Carroll
b895b87add Errored when creating products if any error occurs
refs https://github.com/TryGhost/Team/issues/982

When creating a Product with invalid data for Stripe, e.g. a price of
one gazillion dollars - the Stripe API requests would fail, but we would
end up with a broken product created in the database. This updates
@tryghost/members-api to wrap these calls in a database transaction, and
will roll back any operations if one of them fails.
2021-08-26 20:10:31 +02:00
Fabien 'egg' O'Carroll
9a1417c8b9
Exposed dummy subscriptions to theme layer (#13257)
refs https://github.com/TryGhost/Team/issues/986

This updates the @tryghost/members-api module to return the full member
object from getMemberIdentityData, which is used to populate req.member
used by themes to construct the `@member` template data.

The full object is read from the service which handles all additional
properties and logic for retrieving members, including the dummy
subscriptions for comped members.
2021-08-26 16:03:32 +01:00
Fabien O'Carroll
e05fa6af38 Fixed subscription handling to remove old products
refs https://github.com/TryGhost/Team/issues/979

This bump to @tryghost/members-api includes a fix for handling a
subscription updating to a new price. Previously we would add the new
product to the member, but the old one would still be attached. Now we
check that there are no other active subscriptions for the product
associated with the old price, and remove it.
2021-08-26 15:55:22 +02:00
Fabien O'Carroll
76311484df Added dummy subscription to comped members
refs https://github.com/TryGhost/Team/issues/873

This includes the update to @tryghost/members-api which includes the new
MemberBREADService which is used to handle the logic for controller
methods outside of the controller.

With it, we've introduced the concept of a dummy subscription for comped
members. This gives API consumers a way to get the created_at date for a
comped members access to a product.
2021-08-26 15:28:55 +02:00
renovate[bot]
b2aa2dd7e1
Update dependency @tryghost/members-importer to v0.3.1 (#13231)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-08-25 13:43:13 +01:00
Renovate Bot
789773ae8a Update dependency nock to v13.1.3 2021-08-25 12:08:30 +02:00
Kevin Ansfield
5e83d87ab9 Updated email-cta card rendering to match editor
refs https://github.com/TryGhost/Team/issues/1007

- bumped `@tryghost/kg-default-cards` with updated rendering
  - aligns text as well as button
  - has single payload toggle for divider display
  - adds toggle for button display
- bumps other @tryghost/kg-*` packages that had minor dependency bumps
2021-08-24 18:10:07 +01:00
Fabien O'Carroll
3a6e71a2b6 Wired up MemberProductEvents to member product changes
refs https://github.com/TryGhost/Team/issues/873

This version of @tryghost/members-api handles creating
MemberProductEvents when a member is created, updated or has their
subscription updated. This populates the members_product_events table
and can be used to determine when a member was given access to a
product, which is useful with the concept of comped access to a product,
where we do not have a subscription as a record.
2021-08-24 15:22:10 +02:00
renovate[bot]
2ed9529fa0
Update dependency @tryghost/members-csv to v1.1.5 (#13246)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-08-24 14:17:02 +01:00
renovate[bot]
734f1c4422
Update dependency @tryghost/members-ssr to v1.0.11 (#13247)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-08-24 11:55:51 +02:00
renovate[bot]
0cc64fc5f2
Update dependency @tryghost/magic-link to v1.0.10 (#13245)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-08-24 11:55:42 +02:00
Renovate Bot
17fd1b3c7d Update dependency nock to v13.1.2 2021-08-24 11:17:28 +02:00
Fabien O'Carroll
e71114bb8f Added Members bulk actions endpoint
refs https://github.com/TryGhost/Team/issues/946

This adds the initial bulk actions endpoint used for the members
filtering feature. The idea is to eventually move bulk destroy into this
endpoint to and provide a consistent interface for applying bulk actions
to members.

The @tryghost/members-api package has been bumped to include the new
bulkEdit method.

The sinon.restore in tests was moved to an afterEach so that stubs did
not effect other tests.
2021-08-23 16:38:21 +02:00
renovate[bot]
4266bb751f
Update dependency @tryghost/magic-link to v1.0.9 (#13237)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-08-23 11:06:21 +01:00
renovate[bot]
47f89f56c8
Update dependency @tryghost/members-csv to v1.1.4 (#13238)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-08-23 10:35:10 +01:00
renovate[bot]
6ca8eb2d23
Update dependency @tryghost/members-ssr to v1.0.10 (#13239)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-08-23 10:35:03 +01:00
Renovate Bot
539145b0c6 Lock file maintenance 2021-08-23 05:03:43 +00:00
Naz
7f09beb2a8 Moved email list check to GA
refs https://github.com/TryGhost/Team/issues/906

- The feature has moved to GA from behind alpha flag. It's skipping the beta phase as it's not needed in this specific situation
2021-08-20 18:07:31 +04:00