Commit Graph

1096 Commits

Author SHA1 Message Date
Naz
ebc33180a1 Simplified route-settings module api signature
refs https://linear.app/tryghost/issue/CORE-35/refactor-route-and-redirect-settings

- There's no additional logic, so wrapping with a function is unnecessary
2021-09-28 04:59:41 +13:00
Naz
7a91917424 Removed use of 'routes' parameter in route settings loader
refs https://linear.app/tryghost/issue/CORE-35/refactor-route-and-redirect-settings

- The only allowed route settings name is 'routes.yaml', which removes a need to parameterize the function as the location is permanent anyway
- Simplifying the function in any possible way before extracting the common bits into an external lib
2021-09-28 04:59:41 +13:00
Naz
ba964c549f Moved route settings "getter" to the backend
refs https://linear.app/tryghost/issue/CORE-35/refactor-route-and-redirect-settings

- Frontend is not meant to know about the underlying source of the "routes" configuration, so any reads/edits/validations are being moved into a backend service. This should also simplify the coupling of the backend with the frontend where the latter will get a JSON blob with all needed configuration during the boot
- Nother problem the "get" method had was hiding an underlying function it was doing - reading the file from the filesystem SYNCRONOUSLY. It might be a thing we need to do during the "web" app initialization, but there's no clear need to do this in a sync fassion during the bootup for example. Also having a more explicit name should help :)
2021-09-28 04:59:41 +13:00
Naz
484bb2eea2 Moved default-routes.yaml file to backend
refs https://linear.app/tryghost/issue/CORE-35/refactor-route-and-redirect-settings
refs c1c9bf0866

- Actions logic related to file system operations (like ensuring files exist) should be done on the backend. Now the route settings initialization logic lives on the backend it makes sense to keep the file closer to the source.
- The move is the opposite to the one refed in the commit with a
difference that the file now lives in "route-settings"
2021-09-28 04:59:41 +13:00
Naz
4b80fe1ab3 Reworked routeSettings service public API
refs 4da7e7f0cb
refs https://linear.app/tryghost/issue/CORE-35/refactor-route-and-redirect-settings

- This rework is mean to give cleaner separation over methods used by the API and internal methods
2021-09-28 04:59:41 +13:00
Naz
31e9434466 Moved route settings initialization to backend
refs https://linear.app/tryghost/issue/CORE-35/refactor-route-and-redirect-settings

- Actions logic related to file system operations (like ensuring files exist) should be done on the backend. The frontend will be receiving a unified JSON blob config without needing to know about filesystem
2021-09-28 04:59:41 +13:00
Kevin Ansfield
04dd409243
Added syncing and theme exposure of custom theme settings (#13354)
refs https://github.com/TryGhost/Team/issues/1070

- added `@tryghost/custom-theme-settings-service` as a dependency
- `core/server/services/custom-theme-settings` creates an instance of the new service passing in the model used for storing the setting keys/values and a cache instance
- requiring `core/shared/services/custom-theme-settings-cache` creates a cache instance, it has no dependencies so can be required anywhere and the first require will initialize the shared instance
- updated the theme activation bridge to trigger the theme settings service to sync the newly activated theme settings and populate the cache
- updated theme validation to pass `labs` through as an option so that we get custom theme settings back as part of the checked theme as that's what is passed to the custom theme settings service
2021-09-23 12:44:39 +01:00
Naz
f13ee0e4fb Corrected type declarations in ThemeStorage
refs https://linear.app/tryghost/issue/CORE-35/refactor-route-and-redirect-settings

- Type declarations were incorrect, co changed them to something more suitable based on the implementation to reduce the error output.
2021-09-22 14:16:39 +02:00
Naz
74c15c7b02 Refactored secret settings util functions
refs https://github.com/TryGhost/Team/issues/694
refs https://linear.app/tryghost/issue/CORE-13

- The index file in services/settings was containning logic and started throwing an additional lint warning due to module length.
- The extracted secret settings utils were used in multiple places and were a good candidate to live in it's own small module
2021-09-21 23:05:57 +12:00
Naz
ed56239523 Moved browse method from settings API controllers
refs https://github.com/TryGhost/Team/issues/694
refs https://linear.app/tryghost/issue/CORE-13

- The browse method didn't throw a complexity warning but was a clear target to get extracted into settings bread service. This way we get rid of a settings cache dependency and reduce code duplication.
2021-09-21 23:05:57 +12:00
Naz
e7ec197da1 Removed duplicate logic from settings edit permissions stage
refs https://github.com/TryGhost/Team/issues/694
refs https://linear.app/tryghost/issue/CORE-13

- The removed logic is done more thoroughly on the settings BREAD
service layer.
2021-09-21 23:05:57 +12:00
Naz
6b25b91fa4 Removed method complexity in settings API controller
refs https://github.com/TryGhost/Team/issues/694
refs https://linear.app/tryghost/issue/CORE-13

- The controller code is not meant to contain complex business logic. Removed complexity in settings.edit method
- Have separated the regular editing from "Stripe Data" editing to keep the dependency on the members service still in the controller reducing coupling of the settings BREAD service to the minimum.
- The stripeConnectData passed into `edit` method still feels out of place (maybe it should be passed as an array already that's ready to be merged with the rest of settings, but that was left for another refactor in the future)
2021-09-21 23:05:57 +12:00
Naz
85ee721157 Removed method complexity in settings API controller
refs https://github.com/TryGhost/Team/issues/694
refs https://linear.app/tryghost/issue/CORE-13

- The controller code is not meant to contain complex business logic.
Reduced complexity in the settings.read method
- Broke the usual "xxxService" naming pattern here in favor of "xxxBREADService" pattern that members package has been experimenting with recently (0469707f2e/packages/members-api/lib/services/member-bread.js (L25)). This naming choice was made because we already had a "SettingsService" and it would've become quite convoluted distinguishing the naming or doing renames for the sake of having a new temporary location for read/edit/add methods
- Also duplicated `hideValueIfSecret` method code with an intention to move it fully into the BREAD service once the refactoring is completed
2021-09-21 23:05:57 +12:00
Fabien O'Carroll
c1c969238f Passed MemberAnalyticEvent to @tryghost/members-api
refs https://github.com/TryGhost/Team/issues/1055

We use the models defined in Ghost as our database connection to store
the analytic events. So we must pass this down to the Members module so
that we can store the events
2021-09-21 11:42:05 +02:00
Daniel Lockyer
8590376795
Fixed linting issue
no issue

- I removed the use of Promises but didn't clean up the import
2021-09-17 16:51:52 +01:00
Daniel Lockyer
93e4b2eafd 🔒 Fixed remote command injection when using sendmail email transport
refs https://github.com/TryGhost/Ghost/security/advisories/GHSA-wfrj-qqc2-83cm
refs https://github.com/advisories/GHSA-48ww-j4fc-435p

- a vulnerability in `nodemailer` means that the `sendmail` transport is
  vulnerable to command injection for flags passed to the `sendmail`
  binary
- updating to the latest version of Nodemailer required creating
  `@tryghost/nodemailer`, which is a wrapper around Nodemailer and
  several plugins that used to be in the core
- this commit switches to using that package, and fixes up some small
  code + test changes
2021-09-17 16:46:51 +01:00
Kevin Ansfield
02347aa788
🐛 Fixed Outlook incorrect text styling and ' appearing in email content (#13313)
refs https://github.com/TryGhost/Team/issues/1047

Rendering segmented emails uses `cheerio` to parse and re-render the html but this had a side-effect of converting the `$#39;` char code to the more modern `$apos;` code resulting in Outlook not understanding quotes inside inlined CSS and showing the raw char code if it appeared in the email contents.

- extracted our handling of the unsupported char codes from the main email html generation into a function so that it can be re-used when generating segmented html
2021-09-17 08:39:29 +01:00
Naz
191b313271 Removed method complexity in webhooks API controller
refs https://github.com/TryGhost/Team/issues/694
refs https://linear.app/tryghost/issue/CORE-14/tackle-webhooksjs

- The controller code is not meant to contain complex business logic.
2021-09-17 10:11:23 +03:00
Naz
4744349381 Removed method complexity in integrations API controller
refs https://github.com/TryGhost/Team/issues/694
refs https://linear.app/tryghost/issue/CORE-10/tackle-integrationsjs

- The controller code is not meant to contain complex business logic.
- Added a test case checking 'PUT' endpoint for integrations to ensure
proper 'NotFound' handling. Found that previous implemenation was
buggy - threw a 500 as 'models.Integration.NotFoundError' that was removed
in previous commit didn't catch a needed error.
2021-09-16 14:23:48 +03:00
Kevin Ansfield
6875796417 Blocked 0.* IP addresses when making oembed requests
no issue

It was possible for authenticated/trusted admin users to make GET requests to localhost via the oembed service by crafting a redirect that used 0.0.0.0.

- added the 0.* default route/routing block to the private IP regex used to block requests when we're contacting external sites
- added an additional IP or localhost check in the oembed service when fetching bookmark card data
2021-09-14 11:35:14 +01:00
Kevin Ansfield
864e4583d4 Fixed segmented email content being sent to all members
refs https://github.com/TryGhost/Ghost/pull/13276

- when removing the labs flag a conditional in the email processor checking for the labs flag being enabled was replaced with a check for a member segment being present. This meant that email batches with `member_segment: null` representing all members that didn't have content specifically aimed at them were not having the segmented content stripped before sending
2021-09-10 11:36:42 +01:00
Peter Zimon
60d6d36c5e Updated sign up email copy
- Updated the copy of the confirm button in the signup email to make the use case (sign up vs. sign in) clearer.
2021-09-09 12:33:56 +02:00
Naz
6c75de6464 Removed i18t dependency from post scheduling service
refs https://github.com/TryGhost/Team/issues/694

- The i18t pattern has been deprecated. Quick clean up to keep the number of dependencies in the new module to the minimum
2021-09-04 07:49:11 +12:00
Naz
7b53a61b73 Removed method complexity in schedules API controller
refs https://github.com/TryGhost/Team/issues/694

- The controller code is not meant to contain complex business logic.
2021-09-04 07:49:11 +12:00
Naz
00460c96f4 Removed i18t dependency from installer module
refs https://github.com/TryGhost/Team/issues/694

- The i18t pattern has been deprecated. Quick clean up to keep the number of dependencies in the new module to the minimum
2021-09-03 20:33:28 +04:00
Naz
84c88683ba Removed method complexity in themes API controller
refs https://github.com/TryGhost/Team/issues/694

- The controller code is not meant to contain complex business logic.
- Kept the pattern used in all modules under services/themes. The install module shold be refactored into a class with DI pattern when touched next.
2021-09-03 20:33:28 +04:00
Kevin Ansfield
020acb643e
Removed emailCardSegments labs flag (#13276)
refs https://github.com/TryGhost/Team/issues/993
reqs https://github.com/TryGhost/Admin/pull/2080

- removed labs flag
- removed labs flag usage in conditionals
- moved labs email template changes into main template
2021-09-02 13:11:11 +01:00
Naz
cea2facfe8 Updated mega's sendTestEmail JSDoc
no issue

- The "memberSegment" parameter is optional, marked it as such to remove type check errors
2021-09-02 13:11:10 +04:00
Naz
26f419f085 Reduced method complexity for sendTestEmail method
refs baccbb4942
refs https://github.com/TryGhost/Team/issues/694

- The change is here to remove yet another ESLint method complexity error
- The custom error handling complexity was introduced here in a referenced commit without an obvious reason. The specifics of how the "sendTestEmail" method handles errors should not leak out from the method, if there are errors in the response they should be handled internally and the method would uniformly reject with a single error.
2021-09-02 13:11:10 +04:00
Naz
807322dccb Extracted email preview service
refs https://github.com/TryGhost/Team/issues/694

- The code complexity in the email preview's read controller method was breaking the complexity rule in ESLint. To reduce the complexity extracted common parts into mega service
2021-09-02 13:11:10 +04:00
Kevin Ansfield
413b06d1b5 Fixed leading/trailing HR removal when rendering email content
refs https://github.com/TryGhost/Team/issues/1007

- `:root` selector wasn't working as expected and ended up matching HRs within content
- switched to wrapping the post html inside a `<body>` element before parsing so that we have a proper top-level element for direct child selectors to match against
2021-08-25 09:25:55 +01:00
Kevin Ansfield
946ae43a15 Removed leading/trailing HR's when rendering email content
refs https://github.com/TryGhost/Team/issues/1007

- the new `email-cta` card allows surrounding dividers to be added when rendering, however if the card is at the beginning or end of the post then these would double-up with the already existing dividers at the beginning and end of the post content in the email template
- not wanting leading/trailing HR's is specific to the email template so it made sense to adjust the renderer output in Ghost's email generating rather than forcing all mobiledoc->html rendering to remove leading/trailing HR's
2021-08-24 19:38:29 +01:00
Fabien O'Carroll
a6bfd61986 Passed MemberProductEvent model to @tryghost/members-api
refs https://github.com/TryGhost/Team/issues/873

The @tryghost/members-api module needs access to this model in order to
create events when members access to products are updated.
2021-08-24 14:46:02 +02:00
Naz
04e7c9fca5 Refactored oembed service to async/await syntax
no issue

- The method was super hard to read with unintuitive catches in multiple places and lots of conditional logic. There's still more to reshuffle here, but that would be for the next time. At least now the data flow is clear within the method
2021-08-23 10:53:44 +04:00
Naz
0703596ace Fixed function comlexity lint warning in oembeds
no issue

- Logic with slightly more complex structure belongs to the service. Extracting it there also show's how little of an API the oembed service should actually expose
2021-08-23 10:36:18 +04:00
Naz
d6f3210fd2 Updated copy for email verification error
refs https://github.com/TryGhost/Team/issues/912

- The copy was changed in post members import email verification popup to have more consistent tone of voice.
2021-08-20 18:07:31 +04:00
Naz
5937fa5b92 Updated copy for email verification error
refs 5fd1ed5bcb
refs https://github.com/TryGhost/Team/issues/912

- The copy was changed to reflect the partial success of the import.
2021-08-19 13:35:55 +04:00
Naz
2f2fe16944 Added floating threshold to member import
closes https://github.com/TryGhost/Team/issues/958

- The change allows to dynamically adjust import threshold based on current member count
2021-08-18 18:39:43 +04:00
Naz
ec841c0944 Renamed index.js file to a service
refs https://github.com/TryGhost/Team/issues/958

- The module contains a service class and not an api index as index.js file should. This rename also fixes an ESLint warning around index.js file being too complicated.
- The serivice should ideally be extracted into the member repository in the future iteration
2021-08-18 11:48:16 +04:00
Naz
cb16675e29 Added "from" parameter to email verification
refs https://github.com/TryGhost/Team/issues/961

- More specific "from" address should improve handling when escalated. See refed issue for details.
2021-08-12 14:07:16 +04:00
Naz
41c70dfc96 Improved GhostMailer JSDocs
refs https://github.com/TryGhost/Team/issues/961

- The "from" parameter was not documented, so made it vary clear that it exists and is optional
2021-08-12 14:07:16 +04:00
Naz
fa13ff2798 Updated use of "blog" in variable to "site"
no issue

- The coding standard/preference in variable naming is to go with "site" where possible when referring to current instance instead of "blog".
2021-08-12 14:07:16 +04:00
Naz
c9821a123a Swapped to American English spellings
refs 16728a3ef1
2021-08-09 13:35:01 +04:00
Naz
db9e3a01ab Fixed invalid variable naming
refs ccab6117b4

- The change was meant to go with refed commit but was missed
2021-08-06 13:21:28 +04:00
Naz
ccab6117b4 Removed i18n dependency from psots service
refs https://github.com/TryGhost/Team/issues/949

- Use of i18n module is deprecated in favour of `tpl`/'messages` pattern
2021-08-06 12:21:23 +04:00
Naz
3c822e0457 Added ability to send newsletter and not publish the post
refs https://github.com/TryGhost/Team/issues/949

- When post is marked as "email-only" we can send it out to the selected audience when publishing without making the post publicly available
- The feature is available for experimentation behind "email only" alpha flag available in labs
2021-08-06 11:57:54 +04:00
Naz
a7503b9c0f Refactored posts service instantiation logic
refs https://github.com/TryGhost/Team/issues/949

- Initializing PostsService with almost identical parameters is burdensome, having a single factory method in create instances is far more maintainable
2021-08-06 11:57:54 +04:00
Naz
bd8a45d094 Extracted post edit logic to posts service
refs https://github.com/TryGhost/Team/issues/949

- The post model handling related to newsletter sending and email recipient filter logic were duplicating across v3/v4(canary) APIs and it made sense to extract it into a posts service.
- This will allow for a central place to handle about to land logic for email_only newsletter handling.
2021-08-05 15:18:29 +04:00
Naz
15073bad29 Extracted post/page cache invalidation logic to service
refs https://github.com/TryGhost/Team/issues/949

- The code is exactly the same in six (!) places. It's beyond unmaintainable to add another line to any of these place, which will be needed for `email_only` handling.
- The newly created posts service is a temporary, slightly better solution that complies with codebase's best practice of extracting new services using class with DI pattern
2021-08-05 14:51:47 +04:00
Sanne de Vries
2be601d25e Fixed hr element and button overlapping in cta card in email template 2021-08-03 18:43:29 +02:00
Naz
7471c98df2 Updated email sending error copy
refs https://github.com/TryGhost/Team/issues/912
2021-08-03 10:13:14 +04:00
Rishabh
24b2a82461 Updated session API status code for logged out member
refs https://github.com/TryGhost/Team/issues/560
refs 69b773d112

The endpoint `/members/api/session/` is used by Portal for fetching member session while setting up and redirecting to Stripe Checkout flow. The status code returned by API for logged out member is changed from 4xx Unauthorized to 204 No Content, which is consistent with the status code returned while fetching member data when logged out. This API is made just before initiating the checkout session, and is not noticable in most cases due to redirect to Stripe Checkout and got missed.
2021-07-30 10:34:51 +05:30
Kevin Ansfield
10b7b31e6b Adjusted .btn-accent colors in emails for a white background
refs https://github.com/TryGhost/Team/issues/928

- applied same darkening of accent color in emails as we use in editor when there's insufficient contrast of accent color against a white background
2021-07-29 15:39:04 +01:00
Kevin Ansfield
eb92610df2 Added accent color button styles to labs email template
refs https://github.com/TryGhost/Team/issues/928

- duplicated email template so email-cta changes can go into the labs version
- added `accentContrastColor` to template settings for using white/black depending on the accent color
- added `.gh-btn-accent` styles to the email template (email-cta card already uses those for the button)
2021-07-29 15:25:09 +01:00
Naz
5fd1ed5bcb Added an escalation email when import triggers a limit
refs https://github.com/TryGhost/Team/issues/912

- When the improt acceedes the threshold for the first time we need a way to notify configured escalationAddress to verify the instance owner's email address.
2021-07-29 20:30:30 +12:00
Naz
fa33235fd9 Moved email verification logic into separate method
refs https://github.com/TryGhost/Team/issues/912

- The processImport method was becoming to big and unreadable
- Having small methods is easier to extract if needed later
2021-07-29 20:30:30 +12:00
Naz
93e8814589 Moved sending email error into MEGA
closes https://github.com/TryGhost/Team/issues/913

- Having a limit service rule triggered was a temporary hack to get a basic email blocking version working
- As the freeze value is now persisted in the DB it's possible to read and rely on it to throw an error straight from MEGA.
2021-07-29 20:30:30 +12:00
Naz
086840873e Moved verified email check closer to freeze logic
refs https://github.com/TryGhost/Team/issues/912

- Previous logic was a bit misleading because it prevented from reading the real threshold configured with an instance once the verified flag was present in the config.
- The reshuffle made here allows to check the freeze logic based on the threshold and then process the returned result accordingly instead of having hidden logic behind "importThreshold" config value
2021-07-29 20:30:30 +12:00
Naz
8bc4d00fe6 Added email unfreeze for verified email config
refs https://github.com/TryGhost/Team/issues/912

- When instance has "verified" email configuration it should remove email freeze and disallow future feezes
2021-07-29 20:30:30 +12:00
Naz
06788f0b6a Persisted email freeze in settings table
refs https://github.com/TryGhost/Team/issues/912

- The email freeze state has to be stored somewhere to make it through the instance restart and settings table is the best place for it.
2021-07-29 20:30:30 +12:00
Kevin Ansfield
dfca0abc93 Added support for segmented email content in previews and test emails
refs https://github.com/TryGhost/Team/issues/927

- the `email-cta` card can be segmented so only free or paid members can see the content, it should be possible for authors to preview what that will look like in either case
2021-07-27 16:31:41 +01:00
Naz
633d4f4771 Fixed typo 2021-07-27 14:07:57 +04:00
Naz
1a64af103a Fixed MemberCSVImporter initialization
refs https://github.com/TryGhost/Team/issues/912

- The membersApi variable can be in uninitialized state. It should be accessed through membersService getter to make sure it's always correctly referenced
2021-07-27 13:09:04 +04:00
Naz
8fbbd524df Swapped to American English spellings
refs 16728a3ef1
2021-07-27 12:15:19 +04:00
Daniel Lockyer
04b5a1c6c5 v4.10.2
-----BEGIN PGP SIGNATURE-----
 
 iHUEABYIAB0WIQTqYa7kNs8D7Oo9dgLSEYbwtHKVrQUCYP6iagAKCRDSEYbwtHKV
 rR/dAPsGjY89fheicUdZfWbVUGunIQAKCYWj4sNMR5ZJbFQ8IAD8Dbx5XLR1IYmX
 7uzjx7ayuHt+o9jJkaRFGpETIRln4w0=
 =JY+u
 -----END PGP SIGNATURE-----
gpgsig -----BEGIN PGP SIGNATURE-----
 
 iHUEABYIAB0WIQTqYa7kNs8D7Oo9dgLSEYbwtHKVrQUCYP6kDQAKCRDSEYbwtHKV
 rVJ1AQCDiGWEJNVItQbPoAURACUtQPtg8GH1O62We+LUNdKQ5gEA2+snzZAi9fag
 60k5eyYxcB4JOwSVLIS19FcybgnhuAg=
 =1a74
 -----END PGP SIGNATURE-----

Merged v4.10.2 into main

v4.10.2
2021-07-26 13:01:12 +01:00
Kevin Ansfield
8d5e7ed695
🐛 Fixed unsubscribed members receiving email when a post is sent to all members (#13181)
refs https://github.com/TryGhost/Team/issues/935

The problem was incorrect operator precedence when multiple statements existed in the filter original filter when we transform it to enforce `subscribed:true` before sending.

- free only - subscribed:true+status:free - no issue
- paid only - subscribed:true+status:-free - no issue
- all - subscribed:true+status:-free,status:free - the ,status:free part is treated as a separate OR statement meaning the subscribed:true is not applied to it and free members that are unsubscribed will receive the email

- extracted the filter transform into a separate function so it can be unit tested
- updated the transform to use `()` for operator precedence, eg: `subscribed:true+(status:-free,status:free)`
- used transform function in `addEmail()` and `getEmailMemberRows()`
- fixed `sent/send` typo in error message
2021-07-26 12:47:03 +01:00
Naz
ac3602cced Fixed empty response when import triggers a job
refs d60d348c88

- When the import triggers a background job the meta response should contain no data otherwise the client can mistake it for completed import
2021-07-23 21:14:06 +04:00
Naz
d60d348c88 Fixed error when hostLimits are undefined
refs a7dd7bb64b

- The error was introduced in the refed commit. Object.assign method only works when the first parameter is an object otherwise it fails.
2021-07-23 20:46:52 +04:00
Naz
a7dd7bb64b Added email verification limit check
refs https://github.com/TryGhost/Team/issues/912

- When the import threshold is reached we want to trigger an "email" limit. See details in the refed issue
2021-07-23 20:37:29 +04:00
Naz
ec8b49ea42 Moved member importer declaration for readability
refs https://github.com/TryGhost/Team/issues/912

- Exposing a single method out of the service makes the API surface smaller - more readable.
- Additionlally having a wrapping method in service will be helpful for other triggers that are going to be executed in later iterations
2021-07-23 16:58:46 +04:00
Naz
57c4afdea2 Integrated @tryghost/members-importer
closes https://github.com/TryGhost/Team/issues/916

- The members importer module was extracted into an ouside module as per project structuring standards
2021-07-21 19:34:30 +04:00
Naz
170617feb3 Fixed this context for methods passed into importer
refs https://github.com/TryGhost/Team/issues/916

- Without `.bind`, `this` context was lost when used inside of the CSVImporter calss
2021-07-21 21:00:16 +12:00
Naz
25dcfde368 Refactored ghostMailer parameter
refs https://github.com/TryGhost/Team/issues/916

-  The constructor API should have as small of a surface as possible, there's no need to pass around whole ghostMailer instance
2021-07-21 21:00:16 +12:00
Naz
83c75a3fb4 Refactored settingsCache parameter
refs https://github.com/TryGhost/Team/issues/916

-  The constructor API should have as small of a surface as possible, there's no need to pass around whole settingsCache instance
2021-07-21 21:00:16 +12:00
Naz
19c5c0b05a Refactored storagePath parameter
refs https://github.com/TryGhost/Team/issues/916

-  The refactor was done follow the DI Constructor pattern with single options Object parameter
- It didn't make sense to have a "config" object inside of options object containing just one property
2021-07-21 21:00:16 +12:00
Naz
2472695535 Refactored constructure signature to be a n object
refs https://github.com/TryGhost/Team/issues/916

-  The refactor was done follow the DI Constructor pattern with single options Object parameter
2021-07-21 21:00:16 +12:00
Naz
da3620ca8e Refactored url-uitls out of MembersCSVImporter
refs https://github.com/TryGhost/Team/issues/916

-  The refactor was done follow the DI Constructor pattern and prepare module for extraction
2021-07-21 21:00:16 +12:00
Naz
66a6a522e0 Refactored db dependency out of MembersCSVImporter
refs https://github.com/TryGhost/Team/issues/916

-  The refactor was done follow the DI Constructor pattern and prepare module for extraction
2021-07-21 21:00:16 +12:00
Naz
b96a8f4f6b Refactored jobs service out of MembersCSVImporter
refs https://github.com/TryGhost/Team/issues/916

-  The refactor was done follow the DI Constructor pattern and prepare module for extraction
2021-07-21 21:00:16 +12:00
Thibaut Patel
489e470d7b Added a feature flag to the oauth login feature
issue https://github.com/TryGhost/Team/issues/614

- The feature flag was called `oauthLogin` instead of simply `oauth` to avoid clashes in the frontend `feature` service as it is merging the config and labs properties.
2021-07-20 23:16:49 +02:00
Naz
1eef1e9781 Refactored labs dependency out of MembersCSVImporter
refs https://github.com/TryGhost/Team/issues/916

-  The refactor was done follow the DI Constructor pattern and prepare module for extraction
2021-07-20 18:42:57 +04:00
Naz
c7edf256f6 Refactored Ghost mailer dependency out of MembersCSVImporter
refs https://github.com/TryGhost/Team/issues/916

-  The refactor was done follow the DI Constructor pattern and prepare module for extraction
2021-07-20 18:42:26 +04:00
Naz
a2fc3dde7d Removed dead code - batch-import module
refs https://github.com/TryGhost/Team/issues/916

- While investigating members importer related codebase this legacy module was spotted. It's not used anywhere and doesn't serve any particular purpose.
2021-07-20 17:44:25 +04:00
Fabien 'egg' O'Carroll
c0f32b7746
Replaced usage of Error with @tryghost/errors (#13161)
refs 2f1123d6ca

Usage of the raw Error class has been deprecated in favour of our own
errors, which are more descriptive and have built in HTTP status codes.

This also updates the same errors to use @tryghost/tpl for the error
messages, which is the new pattern we are following in order for us to
deprecate the i18n module.
2021-07-19 11:46:38 +01:00
Kevin Ansfield
9c5a25b060 🐛 Fixed alt="null" for feature image in emails
no issue

- when no alt text was set for feature images we were incorrectly rendering `alt="null"` in emails
2021-07-15 09:44:34 +01:00
Fabien O'Carroll
62ee693310 Lazily instantiated express-session middleware
refs https://github.com/TryGhost/Team/issues/756

When running the tests it was possible for this middleware to be
instantiated before the settings cache, resulting in an undefined
'session_secret' setting being passed. This would cause tests to fail.

Tracking this down proved difficult, so the fix was made here, by
instantiating the express-session middleware only once a request needs
to use it, we can be confident that Ghost has completely started.
2021-07-14 17:19:53 +01:00
Naz
5ea8e9b926 Removed use of deprecated new Error() syntax
refs 2f1123d6ca
refs 6f1a3e1774

- As per refed commits, we are removing deprecated use of `new Error()` in the codebase
- This bit cleans up the rest of `new Error()` usage in MEGA service
2021-07-14 19:17:35 +04:00
Naz
b045112950 Renamed exposed _getEmailMemberRows in mega
no issue

- Exposing internal methods out of the module is a non-standard practice. Adding `_` prefix allows to signal that this method is not for general use.
- When mega is refactored into a proper class this method will become exposed anyways
2021-07-14 18:56:57 +04:00
Naz
f343e73c92 Removed use of deprecated new Error() syntax
refs 2f1123d6ca
refs 6f1a3e1774

- As per refed commits, we are removing deprecated use of `new Error()` in the codebase
- This bit cleans up `new Error()` usage in MEGA service
2021-07-14 18:44:25 +04:00
Daniel Lockyer
17f0aae97e v4.9.4
-----BEGIN PGP SIGNATURE-----
 
 iHUEABYIAB0WIQTqYa7kNs8D7Oo9dgLSEYbwtHKVrQUCYOyBkgAKCRDSEYbwtHKV
 rUwwAQCxNVIluZNQaQFq1mXsXK99oJUh62TcfaRVpLln4OIW2gEA9P74NRNzAdM+
 RC3C0CeEnGEU0ggmfa4Snp6NNT47BAU=
 =wETf
 -----END PGP SIGNATURE-----
gpgsig -----BEGIN PGP SIGNATURE-----
 
 iHUEABYIAB0WIQTqYa7kNs8D7Oo9dgLSEYbwtHKVrQUCYOyCCgAKCRDSEYbwtHKV
 rTK6AQC+F1TV6FvH/JOrjyR0pdxgr3SzAubG22a4imwQenLjEwEA0nC2wFzsyRJd
 QZxi1khdgSXKe68ZpOMhqYPvC9maCA8=
 =RAf0
 -----END PGP SIGNATURE-----

Merged v4.9.4 into main

v4.9.4
2021-07-12 18:55:16 +01:00
Vikas Potluri
27e618e60c updated theme validation error copy to match other messages 2021-07-12 18:51:08 +01:00
Vikas Potluri
803a9e11b7 🐛 fixed name is not defined error when uploading invalid theme 2021-07-12 18:51:08 +01:00
Fabien O'Carroll
caf01544c8 Updated WEBHOOK_SECRET check to output a warning
refs https://github.com/TryGhost/Team/issues/841

When using our development tooling Ghost should always start, instead of
exiting with an error. This check for the WEBHOOK_SECRET env var was the
primary cause of Ghost erroring in development, so it's been switched
with a warning.
2021-07-12 11:23:46 +01:00
Hannah Wolfe
6726246697
Fixed test for overriding active theme
refs: f9a3f7d955

- The test for overriding a theme (uploading a theme with the same name as the currently active theme) doesn't test the right codepath
- It incorrectly assumes uploading the same theme twice results in an override, but this is only true for the active theme
- This change splits the override test out into it's own test, and only tests overriding by changing the active theme first
- Also fixed a minor comment type whilst here
2021-07-11 20:02:32 +01:00
Kevin Ansfield
f9a3f7d955 🐛 Fixed "Cannot destructure property" error when overwriting active theme
refs https://github.com/TryGhost/action-deploy-theme/issues/45

- added missing `throw error` in the `setFromZip()` catch which was hiding the underlying error when a theme uploaded and saved successfully but other code had failed
- fixed incorrect method name `activator.activateFromOverride` -> `activator.activateFromAPIOverride`
2021-07-09 20:40:01 +01:00
Kevin Ansfield
4235753e95 🐛 Fixed "Cannot destructure property" error when overwriting active theme
refs https://github.com/TryGhost/action-deploy-theme/issues/45

- added missing `throw error` in the `setFromZip()` catch which was hiding the underlying error when a theme uploaded and saved successfully but other code had failed
- fixed incorrect method name `activator.activateFromOverride` -> `activator.activateFromAPIOverride`
2021-07-09 19:27:49 +01:00
Thibaut Patel
b0762e623f Enabled removing all segmented email cards when the memberSegment is null
no issue

- In the current iteration of the gated email project, we are returning a null segment instead of returning the correct list of segmented users as a temporary measure. The expectation was to clear all segmented cards and it's now the case.
2021-07-08 18:34:30 +02:00
Hannah Wolfe
c29c118fcf
Moved labs utlity to shared
- This isn't really a "service" - it's a set of utilities for working with labs flags
- It's also required all over the place, and doesn't require anything that isn't shared
- Therefore, it should live in shared
2021-07-08 09:05:41 +01:00
Hannah Wolfe
2072361022
Fixed frontend require in labs
- Replaced requiring SafeString all the way from the theme engine, with using express-hbs directly
- This is quite a big require, just for the safe string function, but without this we have to tie labs to our theme layer
- Also removed i18n and updated the jsdoc for enabledHelper
- The labs service can be moved to shared now!
2021-07-08 09:05:40 +01:00
Hannah Wolfe
4481b51992
Revert "Fixed frontend require in labs"
This reverts commit 6fb8736560.
2021-07-08 07:10:11 +01:00
Hannah Wolfe
8d38957bd7
Revert "Moved labs utlity to shared"
This reverts commit 782de52678.
2021-07-08 07:09:13 +01:00
Hannah Wolfe
782de52678
Moved labs utlity to shared
- This isn't really a "service" - it's a set of utilities for working with labs flags
- It's also required all over the place, and doesn't require anything that isn't shared
- Therefore, it should live in shared
2021-07-07 21:41:34 +01:00
Hannah Wolfe
6fb8736560
Fixed frontend require in labs
- Replaced requiring SafeString all the way from the theme engine, with using express-hbs directly
- This is quite a big require, just for the safe string function, but without this we have to tie labs to our theme layer
- Also removed i18n and updated the jsdoc for enabledHelper
- The labs service can be moved to shared now!
2021-07-07 21:33:15 +01:00
Kevin Ansfield
3c9f5da39d 🐛 Fixed small text in Gmail on Android for newsletters containing images
closes https://github.com/TryGhost/Team/issues/737

- without an explicit `width: auto` on images Gmail on Android will make not make the image responsive, instead it was keeping the 1200px intrinsic width of the image and shrinking other content around it to match
2021-07-07 21:11:42 +01:00
Kevin Ansfield
b12589ce6d Added savedIndicator alpha labs flag
refs https://github.com/TryGhost/Team/issues/779

- used by Admin whilst working on editor saved/unsaved status indicator
2021-07-07 19:11:24 +01:00
Hannah Wolfe
61e1b19d46
Added comments to all usages of lib/common/events
- This is a precursor to trying to split apart into:
   - model events + webhooks system which makes sense
   - frontend events which should be independent or removed
   - maybe some concept of a settings manager that we can use in various places to bind logic 🤔
   - other usages of events that should be refactored to not use events
2021-07-07 16:02:44 +01:00
Hannah Wolfe
4da7e7f0cb
Rework the themeService public API
refs: https://github.com/TryGhost/Team/issues/831

- This ultimately fixes the index.js file
- It also makes it super clear what methods in the themeService are used by the API, and which are part of the service loading logic
- It also moves the activate and init function into a single file in a way that highlights they are very similar
- They are also very similar to what happens in storage.setFromZip but that code is mixed up with storage code at the moment
2021-07-07 15:02:02 +01:00
Hannah Wolfe
c3774a3fab
Moved bridge.activateTheme calls into one place
- This is a slightly weird thing, but the intention is to highlight that there are 3 different code paths that can activate a theme
- Ideally we want to unify all the codepaths more, but for now this at least helps us see what is happening where
2021-07-07 15:02:02 +01:00
Hannah Wolfe
496b2bf47b
Refactored theme index to use async/await
refs: 82ef700d81

- the index file got missed in the earlier changes to async/await
2021-07-07 15:02:01 +01:00
Hannah Wolfe
6a39d0a011
Unified ThemeValidationError generation code
- All the code for creating these errors is now replaced with a single function
- This is useful DRY as it helps make code more readable
- This gets rid of the override of the error type to ThemeWorksButHasErrors - which is both weird and afaict not used anywhere
2021-07-07 14:45:08 +01:00
Hannah Wolfe
362140b31e
Removed passing of error to active theme
refs:  076ad99593

- as of 076ad99593 we no longer use the error property of the active theme anywhere
- cleaning up and removing this usage reduces the code pathways and makes the init fn a bit clearer
2021-07-07 14:38:08 +01:00
Hannah Wolfe
82ef700d81
Refactored theme service to use async/await
refs: https://github.com/TryGhost/Team/issues/831

- We prefer async/await over promise chains because it makes the code much more readable
- the Theme Service needs further work and this should make that work much easier
   - e.g. https://github.com/TryGhost/Team/issues/831
   - e.g. fixing up the index.js file
2021-07-07 12:28:55 +01:00
Hannah Wolfe
ee5962bd5d
Removed i18n from backend theme code
- slowly slowly removing the @deprecated i18n code from everywhere in favour of tpl
2021-07-07 11:32:53 +01:00
Hannah Wolfe
dda884ee4f
Removed i18n from frontend theme code
- slowly slowly removing the @deprecated i18n code from everywhere in favour of tpl
2021-07-07 11:32:02 +01:00
Hannah Wolfe
10aad8db7e
Removed Bluebird catch predicate
- We use bluebird inconsistently throughout the codebase now
- The original reason why we needed to use it so heavily was so that all promises returned had the bluebird behaviour, including catch predicates
- Most other usage is explicit, but this is really hard to detect and hasn't made it to standard promises, so we should get rid of this pattern
2021-07-07 11:26:36 +01:00
Hannah Wolfe
bab5764179
Simplified + unified debug naming conventions
- Reduced the number of levels in our debug naming in the frontend
- Unified components like "themes" and "routing" under one name
- Should help to make debug slightly more useful again
2021-07-07 09:57:14 +01:00
Kevin Ansfield
c756cf5feb Removed psmRedesign from allows labs flags
refs https://github.com/TryGhost/Team/issues/840

- redesign in Admin is now in `main` without flag
2021-07-02 19:06:42 +01:00
Thibaut Patel
3ca4cd99f1 Moved the gated email card feature behing an alpha flag
issue https://github.com/TryGhost/Team/issues/842
2021-07-02 12:15:03 +02:00
Rishabh
86fbb14033 Added subscription price data for logged-in member
no refs

- adds `price` data on subscription from related `stripe_price` on updating a member via frontend
- removes inconsistency between `GET` and `PUT` data for logged in member on a site
2021-07-01 23:30:14 +05:30
Naz
380c0dad2c Fixed email batch partitioning when only one card used
refs https://github.com/TryGhost/Team/issues/828

- Previous method had a bug where it didn't take into account cases when onlya single card with a segment filter has been used leaving the members not covered by that filter without an email
2021-07-01 20:58:24 +04:00
Naz
986a7526f5 Added member partitioner based on segment
refs https://github.com/TryGhost/Team/issues/828

- Before sending out batches with members we need to partition all members based on the segment they belong to. Special segment "unsegmented" is used in case none of the segments used in the emal cards cover part of the members set (for example only free members card used when emailing all members)
2021-07-01 20:58:24 +04:00
Thibaut Patel
2d95c1b8d7 Reverted a bad change from a previous commit
commit b94c8bcfd4
2021-07-01 16:39:36 +02:00
Hannah Wolfe
6f1a3e1774
Removed usages of new Error & i18n in legacy code
- cleaning up a handful of usages of i18n and new Error in some really old codepaths
- pushing our new patterns forward wherever we can
2021-07-01 12:53:06 +01:00
Thibaut Patel
b94c8bcfd4 Render an email correctly according to the associated member segment
issue https://github.com/TryGhost/Team/issues/829
2021-07-01 13:36:42 +02:00
Kevin Ansfield
29af4b93a0 Fixed linter errors
refs 517d2abc5c

- forgot to remove now-unused labs requires
2021-07-01 10:59:40 +01:00
Kevin Ansfield
517d2abc5c Added feature_image_{alt/caption} to the v4 posts API
refs https://github.com/TryGhost/Team/issues/839

It's now possible to set alt and caption for post feature images using `feature_image_alt` and `feature_image_caption` fields on a post resource.

- `feature_image_alt` - plain text, limited to 191 chars (alt text is not recommended to be longer than 125 chars, screen readers may cut the description off at that point)
- `feature_image_caption` - basic HTML, limited to 65535 chars

Alt and caption will be automatically used inside of newsletter content, for your website content make sure your theme is updated to use the v4 API and make use of the new properties.

---

- removed `featureImageMeta` labs flag
2021-07-01 10:53:55 +01:00
Hannah Wolfe
bd597db829
Moved settings/cache to shared/settings-cache
- This is part of the quest to separate the frontend and server & get rid of all the places where there are cross-requires
- At the moment the settings cache is one big shared cache used by the frontend and server liberally
- This change doesn't really solve the fundamental problems, as we still depend on events, and requires from inside frontend
- However it allows us to control the misuse slightly better by getting rid of restricted requires and turning on that eslint ruleset
2021-06-30 15:49:10 +01:00
Hannah Wolfe
3ea6df819c
Refactored SettingsCache to get events through DI
- requiring lib/common/events makes the settings cache tightly coupled to the server
- moving this up to settings index means the cache itself can be moved to a shared component/moved out of Ghost
- the index then becomes the settings manager
- questionable whether the event listeners & updater part of this shouldn't be part of a manager, independent of the actual cache 🤔
2021-06-30 15:40:41 +01:00
Naz
d33baf9ba4 Added member_segment persistance to email_batches
refs https://github.com/TryGhost/Team/issues/828

- We need a way to recreate a filter that was used to create an email content for specific email_recipient. By saving member_segment value for each email_batch we can traverse back to the filter that was applied during email creation.
2021-06-30 18:32:31 +04:00
Hannah Wolfe
0b333765d4
Refactored shutdown and reset for settings
- shutdown removed listeners, which should really be done before adding them anyway!
- reset sets the cache back to an empty object, which was already done by init
- merge these into one reset function that fully resets the cache
- all instances of shutdown were called before an init call, and now called during init, therefore these can be removed
- acceptance utils had an instance of calling shutdown and reset together as part of stopping Ghost, reworked that to be clearer
2021-06-30 15:18:15 +01:00
Naz
a62ab18b9f Added segmeted email batch creation
refs https://github.com/TryGhost/Team/issues/828

- When sending email batches out they need to be created without mixing different member segments. This allows for easier reasoning about what data has been sent out to each specific email recipient
- Modified email batches to chunk based on segments defined in the HTML content of the post
2021-06-30 17:43:28 +04:00
Naz
bb8cf6001e Added unique filtering for segment parser
refs https://github.com/TryGhost/Team/issues/828

- When detecting email segments and later creating a member filter out of this data we only care about unique segments otherwise we'd be creating multiple batches with the same segment filter
2021-06-30 17:43:28 +04:00
Naz
e04af28efe Added segment parser logic
refs https://github.com/TryGhost/Team/issues/828

- This is experimental segment extraction logic, more to follow. Alllows to extract arrays of email segments used in the email's HTML content
2021-06-30 17:43:28 +04:00
Hannah Wolfe
b33b837c39
Removed unused reinit function
refs: https://github.com/TryGhost/Ghost/pull/11987
refs: 7e28802b1c
refs: 0b79abf5b2
refs: https://github.com/TryGhost/Ghost/issues/12003

- renit was added in https://github.com/TryGhost/Ghost/pull/11987
- it was then refactored out in 7e28802b1c (I think inadvertently)
- but we no longer call settings.init() before the DB is ready with the new boot proces 0b79abf5b2s
- original bugs, such as https://github.com/TryGhost/Ghost/issues/12003 could have regressed as a result of this being removed, but it is hard to reproduce
- by not initising settings before migrations, we reduce the complexity of needing to reinit them
- this commit actually just removes dead code, but I've left all the context I've found today here in this message so that it can be easily reconstructed if needed
2021-06-30 12:44:32 +01:00
Hannah Wolfe
8612f3aaeb
Moved route settings to new server service
- The main goal here is getting this settings related code out of the routing service as it really doesn't belong there
- This settings file is used purely by the API to get and set files - its not really anything to do with actual routing
- This file calls out to the bridge to do a reload, which helps decouple slightly
- More refactoring is needed to get rid of the urlService dependency
- Note this file is really similar to the redirects one, it would be good to merge them
2021-06-30 10:58:33 +01:00
Naz
32a09dc9c6 Updated createEmailBatches JSDoc
refs https://github.com/TryGhost/Team/issues/828

- Updated to follow latest code standards
2021-06-30 13:56:35 +04:00
Hannah Wolfe
ed46f31c71
Revert "Moved route settings to server"
This reverts commit 3c36af63cf.
2021-06-30 10:52:19 +01:00
Rishabh
d196d9b525 Added benefits to product data in portal settings
refs https://github.com/TryGhost/Team/issues/838

- adds benefits data to product for portal UI
2021-06-30 14:51:42 +05:30
Hannah Wolfe
3c36af63cf
Moved route settings to server 2021-06-30 09:31:15 +01:00
Daniel Lockyer
1ff4f6ce7d
Added guards against parentPort being null
fixes https://github.com/TryGhost/Team/issues/834

- see referenced issue for context
- there are times when `parentPort` can be null and the job crashes
  because `parentPort.postMessage` won't work
- this commit adds guards around `parentPort`, or moves code inside
  existing guards, to protect against this
2021-06-29 12:14:48 +01:00
Naz
c6c720634c Removed unused email analytics job
no issue

- The 'fetch-all' job was only used during development and has never been useful since. It's a dead code x_x
2021-06-29 13:47:55 +04:00
Naz
3f2327c4d1 🐛 Fixed update notification showing after upgrade
refs https://github.com/TryGhost/Team/issues/754
refs https://github.com/TryGhost/Team/issues/204
refs https://forum.ghost.org/t/critical-security-notification-keeps-displaying-even-after-updating-to-the-latest-version/23673

- After Ghost instance upgrade higher than v4.3.3 the security notification should not be shown any more, as the instance is now patched and fixes the issue.
- There was no way to derive the targetted Ghost version of the notification message so had to include matching based on other unique id of the message.
- Future improvements to update check/notifications should take this inconvenience into account (e.g. introduce a special field in notifications that tracks targetted Ghost instance version)
2021-06-28 11:25:04 +04:00
Naz
07f7a7a158 Added JSDoc to notifications service's destroy
refs https://github.com/TryGhost/Team/issues/754

- Extra type intellisense is good!
2021-06-24 16:34:29 +04:00
Naz
b5fb439ae7 🐛 Fixed version update indicator on about page
refs https://github.com/TryGhost/Team/issues/754
closes https://github.com/TryGhost/Ghost/issues/13088
refs a7dec233ba

- The corrupted data recovery mechanism for notifications is needed to be able to fix the data stored in `settings` table under `notifications` key. There was no validation in place, which has caused some instances to store data in unreadable/writable state
- The recovery mechanism is in place to avoid adding migrations every time we spot a broken notifications data (will be fixed by validation soon).
- The notification data is also NOT critical but valuable for system functioning properly, that's the reason why the data "healing" happens in less secure  "fire-and-forget" way
- The referenced commit is where the "bigger" problem that was causing the data corruption was at. This change is a "cleanup" after what has happened there - storing Ghost error object in `value` for `notifications` key
2021-06-24 16:33:01 +04:00
Matthew Schmoyer
7bac21d591
🐛 Fix test email member uuid (#12809)
refs: #12808

- we need to use the uuid, not the id, so that e.g. unsubscribe urls are set correctly
- this is only for test emails, but it's still important to be able to test things fully!
2021-06-24 09:42:15 +01:00
Thibaut Patel
f12f64e87b
🔒 Added a "reset all passwords" feature (#13005)
issue https://github.com/TryGhost/Team/issues/750

- Only accessible by admins
- Resets all staff users' passwords and prevents them to log-in
- Sends them a reset email password to give them back access to their account
- Closes all existing staff user sessions
2021-06-23 14:54:28 +02:00
Fabien O'Carroll
c46542532d Added support for importing products column
refs https://github.com/TryGhost/Team/issues/765

This supercedes the `complimentary_plan` flag, as it is more precise
because it determines _which_ product(s) a member has access to. Because
of this, if the `products` column is present the `complimentary_plan`
column is not used.
2021-06-23 13:53:34 +01:00
Fabien O'Carroll
b197d71c4e Linked comped members to default product for imports
refs https://github.com/TryGhost/Team/issues/765

As part of the multiple products feature, we're not longer using Stripe
subscriptions to denote Complimentary access, instead we're linking
members directly to products. Here we update the importer to follow
suit, so long as the flag is enabled.
2021-06-23 13:53:34 +01:00
Fabien O'Carroll
9fc69d8f07 Moved MembersCSVImporter out of index.js file
no-issue

This cleans up the importer to match the standards of the rest of our
codebase.
2021-06-23 13:53:34 +01:00
Naz
90cc801394 Added JSDoc and unit tests for email replacement parser
refs 474e6c4c45

- The method was not easy to understand after skimming through it.
- As we are working on developing a similar pattern for upcoming similar featured created a basic test suited to see input/output relation clearly
2021-06-23 12:00:03 +04:00