Commit Graph

20265 Commits

Author SHA1 Message Date
Princi Vershwal
81ba4c7f4f
Added tests for dashboard stats service (#20567)
ref: https://linear.app/tryghost/issue/ENG-1374/add-tests-analytics-sources-shouldnt-be-case-sensitive
2024-07-10 00:50:41 +05:30
Sag
d0d0783837
🐛 Fixed pasting product URLs into the editor (#20565)
fixes https://linear.app/tryghost/issue/ENG-1215

- when pasting URLs that return `type: link` from the oembed service, we
now fallback to using a Bookmark card
- previously, this would render a plain link in the editor
- example product URL with `type: link`:
https://indiebeer.co.uk/products/terra-tempo-vinicius-red-wine-ba-wild-ale-with-mango-pineapple-honeydew-melon-and-banana-750ml-7
2024-07-09 18:28:56 +02:00
Steve Larson
00230314db
🐛 Fixed member source attribution for sign-up (Portal) links (#20566)
ref https://linear.app/tryghost/issue/ONC-154
- the query params did not carry through on portal sign up links because
of the hash creating an ignored fragment
(/#/portal/signup?ref=something)

Now when we check link attribution, we'll attempt to run the same logic
for the referrer source after stripping out `#/portal` from the URL.
Otherwise we should continue to treat these fragments as fragments to be
ignored by the client.

NOTE: We do not have e2e tests that cover member signup on the front end
and the data entered in the back end. The tests we have mock only the
server side of things. The test added here only covers the data that is
generated from the front end request (at this time), *not* the front end
request itself, meaning it's fragile.
2024-07-09 16:14:33 +00:00
Sag
8b45af3458
Cleaned up 'Filter by email disabled' GA feature flag (#20554)
no issue

- "Filter by email disabled" feature has been released to GA in [Ghost
v5.74.0](https://github.com/TryGhost/Ghost/releases/tag/v5.74.0)
(commit: 32d0d2b293)
- cf. [Project
details](https://www.notion.so/ghost/Filter-by-email-disabled-2a73f5da5e8b46bcaacb944bd98e0674?pvs=4)
2024-07-09 10:11:26 +00:00
Daniël van der Winden
4084a3d00f
Fixes complimentary subscription display issues (#20563)
Fixes
https://linear.app/tryghost/issue/DES-324/complimentary-plan-issues

We were showing renewal copy for subscriptions that are forever
complimentary. We also had a trailing en-dash in the Member detail
screen when their subscription was complimentary and had no end date.

Those things are solved now. We don't show dates or renewal copy when we
don't need to.
2024-07-09 11:53:02 +02:00
Sag
480f192f75
Updated Ghost Admin README with updated test instructions (#20561)
no issue
2024-07-08 16:57:52 +00:00
Sag
6e884b1a95
🐛 Fixed selection bugs in editor (#20557)
ref https://ghost.slack.com/archives/CTH5NDJMS/p1720422460943619

- bumping 'lexical' from 0.13.1 to 0.14.2 created a few selection bugs
in the editor
- this commit reverts 'lexical' back to 0.13.1 and any related changes
in the editor codebase
2024-07-08 13:34:51 +01:00
Ronald Langeveld
3818445a18
🐛 Fixed bad redirects yaml overriding backed up working yaml file (#20555)
ref ENG-945

- Fixed an issue where upload a broken redirects yaml will override the
last working yaml.
- Instead it will now do the validation before saving and overriding the
yaml.
2024-07-08 16:45:20 +07:00
Ghost CI
bd15ce5c03 v5.87.1 2024-07-05 16:04:15 +00:00
Ghost CI
d260d81348 🎨 Updated Source to v1.3.0 2024-07-05 16:04:15 +00:00
Ghost CI
dc1f9492de 🎨 Updated Casper to v5.7.3 2024-07-05 16:04:15 +00:00
Kevin Ansfield
191a301242
Cleaned up hasPortalImprovements GA feature flag (#20548)
no issue

- the feature has been GA for a long time now so the conditionals are no longer required
2024-07-04 16:21:48 +00:00
Kevin Ansfield
3b87c9be53
Cleaned up websockets experiment (#20547)
no issue

- we're no longer making use of the websockets experiment so it's just bloat
- this is the whole feature in a single commit in case we need to revive it at some point
2024-07-04 16:08:06 +00:00
Michael Barrett
e58fd86b96
🐛 Fixed image editing not saving changes (#20543)
refs
[ENG-1363](https://linear.app/tryghost/issue/ENG-1363/bug-with-image-editing-not-saving-changes)

Bumped `@tryghost/koenig-lexical` to `1.3.3` to fix image editing not
saving changes
2024-07-04 11:48:48 +01:00
Daniel Lockyer
98d171cfc6 Bumped @tryghost/metrics package
- this change contains the removal of the `promise.allsettled` package,
  as this is not needed on Node 12+, which removes 75 further dependencies
  in production mode
2024-07-04 11:40:56 +02:00
renovate[bot]
6fadf45f4a Update dependency ws to v8.18.0 2024-07-03 17:36:56 +00:00
Kevin Ansfield
e6df014f84 Cleaned up newsletterExcerpt flag
no issue

- feature is GA so the flag and related conditionals are no longer required
2024-07-03 18:22:39 +01:00
Daniel Lockyer
33c9786025 Removed unused dependency
- this dependency is also present in `dependencies`, so it's not needed
  here
2024-07-03 14:35:31 +02:00
Sanne de Vries
e393676e8d
Removed duplicate email template and styles files (#20528)
Refs https://ghost.slack.com/archives/C02G9E68C/p1720003723371169
- These duplicate files have been lingering since working on an email
customisation feature that was never released.
2024-07-03 14:35:17 +02:00
Sag
6e0b009034
🎨 Added 'Payment failed' subscription cancellation reason (#20527)
ref https://linear.app/tryghost/issue/ENG-1254

- we currently only store a cancellation reason when a member cancels
manually in Portal
- we now also store "Payment failed" when the cancellation is automatic
due to several payment failures
2024-07-03 13:12:01 +02:00
Sanne de Vries
be77080f39
Updated typography and spacing for callout cards and blockquotes (#20525)
REF DES-542
2024-07-03 09:43:51 +00:00
renovate[bot]
6c6d3b6ce4 Update dependency jose to v4.15.9 2024-07-03 09:16:44 +00:00
Daniel Lockyer
895e3719bd Revert "🐛 Fixed unexpected leave confirmation after Cmd+S on member profile"
This reverts commit 186c6f3c42.
2024-07-02 21:49:08 +02:00
renovate[bot]
8d33c9d64f Update dependency lib0 to v0.2.94 2024-07-02 18:27:02 +02:00
renovate[bot]
31ea0ba6a3 Update metascraper 2024-07-02 15:57:06 +00:00
Princi Vershwal
bec647412f
🐛 Fixed url decoding issue - URLs sent in emails containing a % can now be updated(#20518)
fixes https://linear.app/tryghost/issue/ENG-447/🐛-urls-sent-in-emails-containing-a-percent-can-not-be-updated

URLs were decoded before making a search query to the db. This is the reason the `%2F` character gets converted to  `/`. This decoding is not required.
2024-07-02 21:13:32 +05:30
Michael Barrett
b36c2356fc
Added custom redirects ReDoS validation (#20515)
refs
[ENG-709](https://linear.app/tryghost/issue/ENG-709/%F0%9F%90%9B-bad-redirects-causing-container-tear-down)

Added validation to prevent RegEx's susceptible to ReDoS from being used
with custom redirects. Also moved error details out of `context` and
into `errorDetails` to be consistent with error logging elsewhere as
well as fix issue in admin-x where blank screen would be shown when an
error occurred during redirects upload (due to logic not accounting for
`context` being an object)
2024-07-02 16:00:19 +01:00
Steve Larson
fe31ee34e8
Revert "Improved performance in Admin Posts view (#20503)" (#20514)
ref https://linear.app/tryghost/issue/ONC-111

This reverts commit 3d9d552271.

This commit broke bulk post actions which we do not have tests for, so
we will need to address that as well as add tests.
2024-07-02 14:27:44 +00:00
Sanne de Vries
3618632129
Updated password updated successfully notification copy (#20512)
REF DES-540
2024-07-02 16:26:12 +02:00
Sag
92a84f77fd
Removed leftover .only on Admin unit tests (#20513)
no issue
2024-07-02 14:10:23 +00:00
Fabien 'egg' O'Carroll
a4107b8202
🐛 Fixed incorrect member subscription details in Admin (#20476)
fixes https://linear.app/tryghost/issue/ENG-642

- When a subscription is in the `canceled` state the corresponding
Member has no access to the Ghost site. The only time a Member will
continue to have access if their subscription is due to cancel at the
period end is if it is still in an active state, which is one of
`active` `trialing` `unpaid` or `past_due`
- When a subscription is canceled immediately (i.e. before the end of
the current billing period), we now render "Ended" without a date,
because we don't store the cancellation date in the subscription object.
We previously used "Ended {current_period_end}" which would sometimes
lead to dates in the future
- Bonus: refactored code and added unit tests

---------

Co-authored-by: Sag <guptazy@gmail.com>
2024-07-02 13:58:20 +00:00
Sanne de Vries
18719e2168
Updated password reset notification (#20510)
REF DES-540
2024-07-02 15:24:14 +02:00
Daniel Lockyer
23075b7bf8 Optimized aggregating member attribution statistics
- the existing code creates a new moment instance, takes away some days
  and then formats the result
- this is run for every entry of the member attribution stats, which
  means dashboards for big sites with a lot of attribution data become
  slow
- this value doesn't change across each iteration of the filter, so we
  can just extract it out and calculate it once
- this commit removes this code block from the flamegraph completely
2024-07-02 11:44:22 +02:00
Princi Vershwal
62aad6fd84
🐛 Fixed analytics sources to not be case sensitive (#20506)
fixes https://linear.app/tryghost/issue/ENG-925/analytics-sources-shouldnt-be-case-sensitive
2024-07-02 08:41:32 +00:00
Princi Vershwal
e6b1f8a8bf
Fixed analytics sources to not be case sensitive (#20506)
fixes
https://linear.app/tryghost/issue/ENG-925/analytics-sources-shouldnt-be-case-sensitive
2024-07-02 12:17:13 +05:30
renovate[bot]
9522ef8ca8 Update nest monorepo to v10.3.10 2024-07-02 08:31:07 +02:00
Daniel Lockyer
186c6f3c42 🐛 Fixed unexpected leave confirmation after Cmd+S on member profile
fix https://linear.app/tryghost/issue/ENG-779/%F0%9F%90%9B-cmds-does-not-save-member-profile-changes

- previously, pressing Cmd+S on a member profile would save the profile,
  but the dirty attributes weren't being cleaned, so the application
  would trigger the leave confirmation when exiting
- now, we've fixed the code to keep a dynamic scratch member,
- long term, we should get rid of the scratch model, but this still
  allows us to fix the bug for now
2024-07-02 08:30:53 +02:00
renovate[bot]
90033eff2d Update dependency @tryghost/kg-html-to-lexical to v1.1.6 2024-07-02 08:26:16 +02:00
Kevin Ansfield
2fd9116499
🐛 Fixed unwanted extra blank paragraphs when copy/pasting from Google Docs (#20505)
closes https://linear.app/tryghost/issue/ENG-1255

- updated Koenig packages including:
  - addition of `/preview` for public preview card
  - fix for HTML import from Google Docs
  - fix for embed thumbnails being cut off in email
  - fix for wide image card width on medium screens
- multiple fixes for unhandled (but non user-visible) errors causing noise in console and error logging
2024-07-01 21:14:07 +01:00
Steve Larson
3d9d552271
Improved performance in Admin Posts view (#20503)
ref https://linear.app/tryghost/issue/ONC-111
- changed posts fetching/display behavior to be client-side instead of server-side
- admin will issue (potentially multiple) requests based on the desired status(es)
- updated admin acceptance test for missing coverage

I've pulled the sort from the database query as this triple sort
performs very poorly at scale (taking ~4s+ past ~20k posts sometimes).
Instead, we now split up the fetch to grab only one status at a time and
use the front-end logic to handle displaying scheduled, then drafts,
then published. This should result in a much more responsive view.

We will separately change the default sort on the Admin API as that was the ultimate intent for this change.
2024-07-01 19:43:41 +00:00
Sag
7f963e9c2a
🎨 Added 'Changed email address' event to Member Activity (#20493)
fixes https://linear.app/tryghost/issue/ENG-1256

- when a member changes their email address, surface it in Member
Activity
2024-07-01 15:33:33 +00:00
Michael Barrett
c285b0a0f1
🔒 Added timestamp to webhook signature hash (#20500)
refs
[ENG-1238](https://linear.app/tryghost/issue/ENG-1238/🔒-webhook-signatures-dont-include-timestamp-in-the-signature)

Added timestamp to the webhook signature hash to prevent replay attacks.
This is
a breaking change for webhook consumers as signature verification logic
will need to be updated to account for the timestamp in the hash, for
example:

```js
const crypto = require('crypto');

// Webhook secret from Ghost Admin
const WEBHOOK_SECRET = 'FOOBARBAZ'

// Sample incoming webhook request object
const req = {
    headers: {
        'x-ghost-signature': 'sha256=fc9749d5b3333109bd779f65d4b1b891576bc5c92febea3b1d186a7f946d0745, t=1719842984367'
    },
    body: {
        tag: {
            current: {
                id: '6682b8a8e10cc04306284330',
                name: 'test',
                slug: 'test',
                description: null,
                feature_image: null,
                visibility: 'public',
                og_image: null,
                og_title: null,
                og_description: null,
                twitter_image: null,
                twitter_title: null,
                twitter_description: null,
                meta_title: null,
                meta_description: null,
                codeinjection_head: null,
                codeinjection_foot: null,
                canonical_url: null,
                accent_color: null,
                created_at: '2024-07-01T14:09:44.000Z',
                updated_at: '2024-07-01T14:09:44.000Z',
                url: 'http://localhost:2368/404/'
            },
            previous: {}
        }
    }
};

// Get the request body as a JSON string
const reqBodyJSON = JSON.stringify(req.body);

// Extract the hash and timestamp from the x-ghost-signature header
const {sha256: hash, t: timestamp} = req.headers['x-ghost-signature']
    .split(', ')
    .map((x) => x.split('='))
    .reduce((acc, [key, value]) => ({ ...acc, [key]: value }), {})

// Recreate the hash using the secret, request body, and timestamp and compare it to the hash from the header
const isValid = crypto.createHmac('sha256', WEBHOOK_SECRET).update(`${reqBodyJSON}${timestamp}`).digest('hex') === hash

if (isValid) {
    console.log('Valid signature!')
}
```
2024-07-01 15:59:04 +01:00
Daniel Lockyer
fcb95ecc1a Switched faker to @faker-js/faker
- `faker` was the original dependency but the maintainer ended up
  deleting the repo, so development continued in `@faker-js/faker`
- we're already using that dependency, so we can make a few simple
  changes and remove the old dependency from our repo
2024-07-01 14:49:42 +02:00
Daniel Lockyer
60f37ed118 Fixed browser tests
refs 6378d7d66f

- the buttons have been renamed and split apart into separate ones
2024-07-01 14:49:20 +02:00
Daniel Lockyer
a146709c16 Cleaned up unused core dependencies
- analytics-node usage was removed a while back
- juice is used by a different package now
2024-07-01 13:56:31 +02:00
Sanne de Vries
95a4895e8f
Center aligned feature image in email template (#20491)
REF DES-380
- Center aligned feature image in email template
- Updated feature image css in editor to better display image overlay
and improve caption spacing
2024-07-01 08:43:26 +00:00
Daniel Lockyer
5f36bef451 Changed "commented" link in member feed to redirect to post
fix https://linear.app/tryghost/issue/ENG-1217/activity-log-link-for-comments-goes-to-wrong-place

- the post analytics page does not contain any comments, so it's not the
  most intuitive location to point the user. Instead, we can send them
  to the frontend of the post, where they can view comments
2024-07-01 10:15:46 +02:00
renovate[bot]
f561f362f4 Update dependency postcss to v8.4.39 2024-07-01 07:28:24 +02:00
renovate[bot]
41d8240d50 Update dependency mysql2 to v3.10.2 2024-07-01 02:07:18 +00:00
Ghost CI
0d60c74957 v5.87.0 2024-06-28 16:27:27 +00:00