Commit Graph

11239 Commits

Author SHA1 Message Date
Nazar Gargol
c8351720b1 Removed levtover code
refs 81fc5f8eda

- Comment was left here unintentionally
2020-06-10 14:40:33 +12:00
Fabien O'Carroll
9348134afe Added display_name & account_id to stripe connect
no-issue

This will allow us to display this information in the Admin to make it
easier for the user to see what the current state is.
2020-06-09 17:11:17 +02:00
Daniel Lockyer
980a63ceba Added Slack notification for broken build
no issue
2020-06-09 13:22:05 +01:00
Kevin Ansfield
8c235ff766 Shortened insufficient oembed data error message
no issue

- improves display in client
2020-06-09 12:47:34 +01:00
Daniel Lockyer
69b8c8de68 Configured regression tests to always run
no issue
2020-06-09 12:45:00 +01:00
Nazar Gargol
81fc5f8eda Added special handling for member import with Stripe connection
no issue

- When imported member contains stripe_customer_id data but there is no Stripe configured on the Ghost instance such import should faiil. The logic is consistent with one where import fails after not being able to find customer in linked Stripe account
- Fixed import stats to show import failures instead of "duplicate" when the validation error is of "Stripe" origin
2020-06-09 23:02:38 +12:00
Daniel Lockyer
7918653da4 v3.19.0 2020-06-09 10:27:45 +01:00
Daniel Lockyer
d527f0be51 Updated Ghost-Admin to v3.19.0 2020-06-09 10:27:45 +01:00
Rish
c63f7f2b13 Updated copy for email address change template
no issue

- Fixes typo and title for email address update mails
2020-06-09 12:11:57 +05:30
Nazar Gargol
dba664a200 Removed unused variable
refs 53abf79869
2020-06-09 15:31:42 +12:00
Nazar Gargol
53abf79869 Removed format-csv module in favor of papaparse
no issue

- The aim was to extract format-csv to become an external dependency. After some analysis found out that native papaparse method `unparse` was achieving the same results with a lot better test coverage and stability. Because papaparse will become Ghost's default csv processor in near future decided to integrate papaparse instead of extracting module for the format-csv module's code, which would become redundant soon anyways.
- For reference papaparse will substitute current csv-parser lib because it's better performance and maturity.
- Performance comparison can be checked here - https://github.com/Keyang/csvbench#result . At the time of writing papaparse is rougly 40% faster than csv-parser
2020-06-09 15:23:15 +12:00
Daniel Lockyer
d44dae0c79 Fixed wrong use of moment
no issue

- whilst updating moment, a test that was doing timezone calculation was
  failing. We were only importing moment before, and not moment-timezone
- this commit fixes that
2020-06-08 19:43:55 +01:00
Daniel Lockyer
13986a797c Updated ghost-storage-base dependency
no issue

- ghost-storage-base uses moment which was affected by the moment update
- this commit updates the dependency so they use the same moment version
2020-06-08 19:43:55 +01:00
Daniel Lockyer
5d30af1513 Fixed wrong require in post email serializer
refs https://github.com/TryGhost/Ghost/pull/11807

- this was originally reported in the PR above, but we could not
  reproduce it on master
- presumably the user had the latest version of moment installed for
  other purposes and so they were seeing the issue
- between moment 2.24.0 and 2.26.0, something must have changed which
  stopped the previous functionality working
2020-06-08 19:43:55 +01:00
Renovate Bot
dfb1f9aeae Update dependency moment to v2.26.0 2020-06-08 19:43:55 +01:00
Rish
bca41e1877 Allowed updating from address domain for member emails
refs https://github.com/TryGhost/Ghost/issues/11414

Confirms if the fromAddress for sending member emails is valid and accessible using magic link flow, allowing owners to update full from address including domain change.

- Extends member service to handle magic link generation and validation for email update
- Updates existing setting endpoint to not directly update from address
- Adds new endpoint to send magic link to new address
- Adds new endpoint for validating the magic link when clicked and update the new email for from address
- Adds new email template for from address update email
2020-06-09 00:06:07 +05:30
Rish
4200eaf1f7 Added migration updating members from address with domain
refs https://github.com/TryGhost/Ghost/issues/11414

We want to allow adding custom domains to member's from address as long as the new email is verified using the magic link flow and not saved directly to DB. Since we currently don't store domain as part of fromAddress, this PR -

- adds migration to update all existing fromAddress by appending site domain
2020-06-08 23:47:02 +05:30
Renovate Bot
867e0306b9
Update dependency @tryghost/kg-default-cards to v2.0.2 2020-06-08 16:31:07 +00:00
Rish
bbcd32d204 🐛 Fixed "from" parameter handling for bulk email
closes https://github.com/TryGhost/Ghost/issues/11768

- Wraps from parameter in double quotes so mail clients can read it whole
- Escapes double quotes in site title to avoid clash with wrapping
2020-06-08 21:56:11 +05:30
Hannah Wolfe
d541a14826 Change theme uploads to move & delete at end
- Currently theme uploads delete the existing theme before copying the new files into place
- If something goes wrong with the delete action, you will end up in a bad state
   - Some or all of the files may be deleted, but now Ghost won't try to put the new theme in place, instead returning an error
   - This leaves you with an invalid active theme and a broken site
- Unlike delete, move is a one-hit operation that succeeds or fails, there moving a theme is safer than deleting
- This updated code moves the old theme to a folder with the name [theme-name]-[uuid] before copying the new theme into place
- Even if this fails, the files should not be gone
- There's a cleanup operation to remove the theme backup at the end, but we don't care too much if this fails
2020-06-08 16:12:17 +01:00
Renovate Bot
a97996eec1 Update dependency @sentry/node to v5.17.0 2020-06-08 16:06:33 +01:00
Kevin Ansfield
db68560b11 🐛 Improved error message output when oembed request fails
refs https://github.com/TryGhost/Ghost/issues/11212

- if a bookmark card fetch is performed (either directly or from fallback) and the page does not have an extractable title, return a more specific error message than "No provider found for supplied URL."
2020-06-08 15:06:00 +01:00
Kevin Ansfield
5aa6a3dbad Fixed no-shadow linting errors in oembed controllers 2020-06-08 12:52:41 +01:00
renovate[bot]
1d49cba426
Update dependency @tryghost/kg-mobiledoc-html-renderer to v3 (#11887)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2020-06-08 10:47:17 +01:00
Kevin Ansfield
e1fd8cc11f 🐛 Fixed original url/query params not being used in bookmark cards
refs https://github.com/TryGhost/Ghost/issues/11212
credit @devaman https://github.com/TryGhost/Ghost/pull/11542

- use `payload.url` for the `href` which is the originally entered url rather than `payload.metadata.url` which is the final url after redirects and metascraper extraction
- retains query params and redirects which are useful for things like affiliate links
2020-06-08 09:04:14 +01:00
renovate[bot]
31d0966e2d
Update dependency @tryghost/kg-markdown-html-renderer to v2 (#11886)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2020-06-08 08:17:30 +01:00
renovate[bot]
90a19ee397
Update dependency @tryghost/kg-default-atoms to v2 (#11884)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2020-06-08 08:17:16 +01:00
Kevin Ansfield
d8773dcc45 Allowed bookmark cards to be created without a description
no issue

- title+description was too limiting for some sites so we're relaxing the requirements to only require a title
2020-06-08 07:55:38 +01:00
Renovate Bot
b92f976a6a
Update dependency eslint to v7.2.0 2020-06-08 00:58:20 +00:00
Renovate Bot
e9b812e4f0
Update dependency csv-parser to v2.3.3 2020-06-05 13:28:20 +00:00
Nazar Gargol
c7648737ca Added context and help message to member linking with Stripe account error
no issue

- When the customer cannot be imported because they are missing from linked Stripe account or the linked account is incorrect one, these new messages should provide a better clue about what has caused the error and how to act on it.
2020-06-06 00:06:19 +12:00
Renovate Bot
80fa891965 Update dependency sanitize-html to v1.26.0 2020-06-05 09:59:48 +01:00
Nazar Gargol
633ba27f0e Added custom label assignment to imported members
no issue

- There is a need to be able to label certain import group of members
with custom labels. This will allow to distinguish/filter these newly
imported  members.
- Allowed `POST /members/csv/` endpoint to accept `labels`
field parameter which assigns labels to every member from imported csv.
2020-06-05 16:22:09 +12:00
Kevin Ansfield
fdeb7daf40 Added shared_views default setting
no issue

- we want custom views to be shared for all users and managed by admins rather than per-user
2020-06-04 21:29:06 +01:00
Kevin Ansfield
ff83cd0d97 🐛 Fixed location not being recorded for paid member signups
no issue

- updates `@tryghost/members-{api/ssr}` packages that move geolocation into the token->session exchange step so that the member's IP address is always available for rough geolocation
2020-06-04 13:32:09 +01:00
Nazar Gargol
12c8b63a4a Added more specific error handling when adding duplicate labels
no issue

- Similarly to other additive api methods  (e.g. members.add) returned more specific ValidationError with contex filled in with the reason why adding did not succed.
- This change is needed for more graceful label handling when adding new members through import
2020-06-05 00:23:10 +12:00
Nazar Gargol
59c773fb04 Removed cache invalidation header when adding label through Amdin API
no issue

- Adding labels doesn't cause any content to invalidate, similarly to adding members. Unlike it's caunterpart - tags, there is no dependent "frontend" content that would become invalid
2020-06-04 23:44:19 +12:00
Renovate Bot
5dcd856088
Update dependency fs-extra to v9.0.1 2020-06-04 00:26:05 +00:00
Renovate Bot
66026c57e9
Update dependency @sentry/node to v5.16.1 2020-06-03 16:59:57 +00:00
Daniel Lockyer
171f7627cd Removed unused env variables in release workflow
no issue
2020-06-03 08:12:54 +01:00
Daniel Lockyer
ff3f8b2489 Removed unused mochacli variable
no issue
2020-06-03 08:12:30 +01:00
Daniel Lockyer
3757cd936b v3.18.1 2020-06-02 18:07:38 +01:00
Daniel Lockyer
eeea5ef64d Updated Ghost-Admin to v3.18.1 2020-06-02 18:07:38 +01:00
Fabien O'Carroll
7c188ec1eb 🐛 Fixed settings controller edit method
no-issue

This was because the API was recieving a default `null` value for the
stripe_connect_integration_token setting.

This also improves the logging for this error.
2020-06-02 19:01:19 +02:00
Daniel Lockyer
0f6e23668c v3.18.0 2020-06-02 15:22:02 +01:00
Daniel Lockyer
a7ce7fcdc1 Updated Ghost-Admin to v3.18.0 2020-06-02 15:22:02 +01:00
Fabien O'Carroll
37a1947fc5 Fixed broken regression tests from #11861
no-issue

The config is now a class and the context of `this` was not bound
2020-06-02 16:20:57 +02:00
Kevin Ansfield
4e139ee5b4 Fixed linting 2020-06-02 14:33:43 +01:00
Kevin Ansfield
64ed246d03
Merge pull request from GHSA-4m2q-w26j-h268
no issue

- added an `externalRequest` lib
  - uses same underlying `got` module as our `request` lib
  - uses `got`'s `beforeRequest` and `beforeRedirect` hooks to perform it's own dns resolution for each url that's encountered and aborts with an error if it resolves to a private IP address block
  - includes a bypass for Ghost's configured url so that requests to it's own hostname+port are not blocked
- updated v2 and canary oembed controllers to use the `externalRequest` lib
2020-06-02 14:30:10 +01:00
Fabien O'Carroll
44f1c0a7b6 Updated members config to respect stripeDirect
no-issue

If the stripeDirect config value is NOT set / false, then connect token
should be used over the API keys if both are present, or else use
whichever is present.  If the stripeDirect config value is set /
true,then API keys should be used and stripe connect token should be
completely ignored.

The reason for this is that we want to use Stripe Connect as the primary
auth method going forward, but we want to keep the direct version
availiable should the Ghost Foundation ever dismantle. This will allow
people to use all the same features with no dependency on an external
service.
2020-06-02 15:28:42 +02:00