refs https://github.com/TryGhost/Team/issues/2110
- dynamically defined properties on the config service did not have
autotracking set up properly if they were accessed in any way before the
property was defined, this caused problems in a number of areas because
we have both "unauthed" and "authed" sets of config and when not logged
in we had parts of the app checking for authed config properties that
don't exist until after sign-in and subsequent config re-fetch
- renamed `config` service to `configManager` and updated to only
contain methods for fetching config data
- added a `config` instance initializer that sets up a `TrackedObject`
instance with some custom properties/methods and registers it on
`config:main`
- uses application instance initializer rather than a standard
initializer because standard initializers are only called once when
setting up the test suite so we'd end up with config leaking across
tests
- added an `@inject` decorator that when used takes the property name
and injects whatever is registered at `${propertyName}:main`, this
allows us to use dependency injection for any object rather than just
services or controllers
- using `application.inject()` in the initializer was initially used but
that only works for objects that extend from `EmberObject`, the
injections weren't available in native-class glimmer components so this
decorator keeps the injection syntax consistent
- swapped all `@service config` uses to `@inject config`
no issue
The `config` service has been a source of confusion when writing with modern Ember patterns because it's use of the deprecated `ProxyMixin` forced all property access/setting to go via `.get()` and `.set()` whereas the rest of the system has mostly (there are a few other uses of ProxyObjects remaining) eliminated the use of the non-native get/set methods.
- removed use of `ProxyMixin` in the `config` service by grabbing the API response after fetching and using `Object.defineProperty()` to add native getters/setters that pass through to a tracked object holding the API response data. Ember's autotracking automatically works across the native getters/setters so we can then use the service as if it was any other native object
- updated all code to use `config.{attrName}` directly for getting/setting instead of `.get()` and `.set()`
- removed unnecessary async around `config.availableTimezones` which wasn't making any async calls
no issue
- bumped dependency
- fixed all new lint failures
- removed deprecated `ember-cli-eslint`
- it was tying us to an old version of `eslint` resulting in missing rule definition errors when linting was run as part of `yarn dev` and `ember test`
- we run linting separately in CI so we don't need linting to run _again_ on each of our ember test runs
refs https://github.com/TryGhost/Ghost/issues/14101
- dropped usage of `<GhTrimFocusInput>` and `<GhTextInput>` in favor of native input elements for more explicit behaviour
- switched `SignupController` to native class syntax
- migrated to `@action` decorators and swapped all template action triggers to `{{on}}` and `{{fn}}`
no issue
- ran the `ember-native-class-codemod` codemod to convert just the route classes to native class syntax and performed some minor manual cleanup
- modern Ember uses native classes rather than EmberObject-based objects, this brings us closer to normalizing our code style across the codebase
- skipped the Application route as that requires deeper testing with a replacement for the `ShortcutsRoute` mixin
refs https://github.com/TryGhost/Admin/pull/1901
Ember has deprecated mixins in preparation for 4.0 and `ember-simple-auth` has now done the same in 3.1.0.
- removed all imports of Ember Simple Auth mixins
- moved authenticated and invalidated handling from application route to session service
- moved server-notification loading from application route to session service
- updated `AuthenticatedRoute` to use the session service directly rather than authenticated route mixin
- added `UnauthenticatedRoute` that incorporates the behaviour from our overridden `UnauthenticatedRouteMixin` and switches to using the session service directly
no issue
- removed `styleBody` mixin in favour of using Ember's `buildRouteInfoMetadata` hook and router events in the `ui` service
- refactored separate CSS classes for each unauthenticated route into a single `.unauthenticated-route` class because hiding mobile nav whilst unauthenticated was the only use for body classes
no issue
- ran [es5-getter-ember-codemod](https://github.com/rondale-sc/es5-getter-ember-codemod)
- [es5 getters RFC](https://github.com/emberjs/rfcs/blob/master/text/0281-es5-getters.md)
- updates the majority of `object.get('property')` with `object.property` with exceptions:
- `.get('nested.property')` - it's not possible to determine if this is relying on "safe" path chaining for when `nested` doesn't exist
- `.get('config.x')` and `.get('settings.x')` - both our `config` and `settings` services are proxy objects which do not support es5 getters
- this PR is not exhaustive, there are still a number of places where `.get('service.foo')` and similar could be replaced but it gets us a long way there in a quick and automated fashion
closes https://github.com/TryGhost/Ghost/issues/9868
- place email field directly above password field
- enable email field and do not set an initial value requiring user to type-in/auto-fill the email for Chrome to recognise it
closes https://github.com/TryGhost/Ghost/issues/9868
- moved submit action to the `<form>` which allowed removal of the per-input enter key handlers
- changed submit button to trigger the form submit
- improved markup for password managers
- linked labels with inputs
- changed button to a "submit" type and linked it with the form
- added hidden email input at the bottom of the form in case password managers do not take disabled inputs into account
no issue
Automated tools, code generators, and editor integrations are increasingly standardising on the import style used in `ember-modules-codemod`. Our import style differed a little with regards to service/controller injection imports which meant we were starting to see inconsistent naming.
refs TryGhost/Ghost#9150
- added a new validator for password validations that will take care of the rules client side
- Passwort rules added:
- Disallow obviously bad passwords: 1234567890, qwertyuiop, asdfghjkl; and asdfghjklm
- Disallow passwords that contain the words "password" or "ghost"
- Disallow passwords that match the user's email address
- Disallow passwords that match the blog domain or blog title
- Disallow passwords that include 50% or more of the same characters: 'aaaaaaaaaa', '1111111111' and 'ababababab' for example.
- When changing the own password, the old password is not affected by the new validations
- Validation are running on
- setup
- signup
- password change in Team - User (only new passwords are validated)
- passwort reset
no issue
- add eslint-plugin-ember, configure no-old-shims rule
- run `eslint --fix` on `app`, `lib`, `mirage`, and `tests` to move imports to the new module imports
- further cleanup of Ember globals usage
- remove event-dispatcher initializer now that `canDispatchToEventManager` is deprecated
no issue
- adds `eslint-plugin-sort-imports-es6-autofix` dependency
- implements ESLint's base `sort-imports` rule but has a distinction in that `import {foo} from 'bar';` is considered `multiple` rather than `single`
- fixes ESLint's autofix behaviour so `eslint --fix` will actually fix the sort order
- updates all unordered import rules by using `eslint --fix`
With the increased number of `import` statements since Ember+ecosystem started moving towards es6 modules I've found it frustrating at times trying to search through randomly ordered import statements. Recently I've been sorting imports manually when I've added new code or touched old code so I thought I'd add an ESLint rule to codify it.
refs https://github.com/TryGhost/Ghost/issues/7865
- moves authentication actions from `signup` route to controller
- refactors authentication and signup logic into EC tasks
- replaces use of `gh-spin-button` with `gh-task-button` in signup template
refs #8140🎨 remove usage of ghost's {{asset}} helper in built index.html files
requires https://github.com/TryGhost/Ghost/pull/8142
- switch to hash-location rather than history-location
- remove usage of Ghost's `{{asset}}` helper in index.html
- add `content-for` helpers to `asset-delivery` addon that switch asset urls in index.html to `.min` files in production
- update the `asset-delivery` addon to copy the production `index.min.html` to `default-prod.hbs` so Ghost can serve production assets when in production mode
- change template output path to `core/server/admin/views/`
- enable asset fingerprinting
- remove `ember-cli-sri` dependency - we weren't using it but now that ember is handling assets it was used automatically and could potentially create issues if users have proxy servers that attempt to compress or otherwise modify asset files
✨ redirect to setup if server says setup isn't finished
refs https://github.com/TryGhost/Ghost/issues/8140
- now we're using hash-location the server no longer knows if we're hitting the /setup route so it's not able to redirect for us
- extends the default ESA `UnauthenticatedRouteMixin` to add a check against the `/authentication/setup` API endpoint and redirects to `/#/setup/one` if setup isn't complete - this works for all routes because the default behaviour when hitting an authenticated route without the right credentials is to force a logout and redirect to `/#/signin` which utilises the `UnauthenticatedRouteMixin`
deps: ember-cli-inject-live-reload@1.6.1
issue TryGhost/Ghost#7452, requires TryGhost/Ghost#7451
- use a `ghostOAuth` config flag to switch between the old-style per-install auth and centralized OAuth auth based on config provided by the server
- add OAuth flows for:
- setup
- sign-in
- sign-up
- re-authenticate
- add custom `oauth-ghost` authenticator to support our custom data structure
- add test helpers to stub successful/failed oauth authentication
- hide change password form if using OAuth (temporary - a way to change password via oauth provider will be added later)
no issue
- updates `package.json` details to better reflect the separation from the `Ghost` package
- update ember config and all import statements to reflect the new `ghost-admin` module name in `package.json`
no issue
- review use of Ember core hooks and add a call to `this._super` if missing
- fix a few occurrences of using the wrong component lifecycle hooks that could result in multiple/duplicate event handlers being attached
`_super` should always be called when overriding Ember's base hooks so that core functionality or app functionality added through extensions, mixins or addons is not lost. This is important as it guards against issues arising from later refactorings or core changes.
As example of lost functionality, there were a number of routes that extended from `AuthenticatedRoute` but then overrode the `beforeModel` hook without calling `_super` which meant that the route was no longer treated as authenticated.
no issue
- add ember-suave dependency
- upgrade grunt-jscs dependency
- add a new .jscsrc for the client's tests directory that extends from client's base .jscsrc
- separate client tests in Gruntfile jscs task so they pick up the test's .jscsrc
- standardize es6 usage across client
closes#5903, refs #5409
- switch alert/notification component tests from unit to integration where appropriate
- rename `notifications.closeAll` to `notifications.clearAll` to better represent it's behaviour
- add concept of a "key" to alerts/notifications and ability to close only specified keys through notifications service
- close duplicate alerts/notifications before showing a new one
- specify a key for all existing alerts
- close failure alerts on successful retries
- clear all currently displayed alerts on successful sign-in
issue #5409
- change persistent/passive notification status to alert/notification
- replace showSuccess/Info/Warn/Error with showNotification/showAlert
- fix and clean up notification/alert components
issue #5525
- add `DS.Errors` to `signup` model
- add check for errors: run `showErrors` method only if errors are defined, like in `signin` controller
No Issue
- Switches to the newer style of dependency injection.
- Instead of injection Controllers via "needs," use
Ember.inject.controller().
- Get rid of initializers that were only injecting objects
into various factories. Converts these objects into Ember.Service
objects and declaratively inject them where needed via
Ember.inject.service(). The added benefit to this is that it's no
longer a mystery where these properties/methods come from and it's
straightforward to inject them where needed.
No issue
- ember-simple-auth@0.8.0-beta.2.
- Switch from SimpleAuth global to ember-cli-simple-auth and
ES6 imports.
- Refactor controllers to handle changes in 0.8.
- Introduces a new initializer to override some configuration
items that are set in environment.js but need to be set with
information that's only (easily) available at runtime.