Commit Graph

9856 Commits

Author SHA1 Message Date
Fabien O'Carroll
c9b4fa4a09 Updated Member model to handle stripe_info property
no-issue

This maps the stripe_info property to the MemberStripeInfo model, so
that we can update the member model, and correctly add/edit rows in the
members-stripe-info table.
2019-09-25 10:05:30 +07:00
Fabien O'Carroll
e54adfd30d Added MemberStripeInfo model
no-issue

Simple model to allow us to do relations with the Member model
2019-09-25 10:05:30 +07:00
Fabien O'Carroll
fd1db4ffac Added migration for members-stripe-info table
no-issue
2019-09-25 10:05:30 +07:00
Fabien O'Carroll
6859e9a9a1 Added members-stripe-info table
no-issue

This will be used to store stripe specific information for members

customer_id has a max length of 255 https://stripe.com/docs/upgrades

member_id is not unique as we cannot ensure that a member doesn't have
more than one customer object associated with them. e.g. if they signup
twice, or if they cancel, and signup again, creating a new customer.

We probably won't handle this case to begin with, but we will keep the
data intact.
2019-09-25 10:05:30 +07:00
Fabien O'Carroll
e078cb5612 Removed unused password logic from Member model
no-issue
2019-09-25 10:05:30 +07:00
Nazar Gargol
aa7f9ddbeb Version bump to 2.31.1 2019-09-23 17:13:25 +02:00
Nazar Gargol
1ae491b567 Updated Ghost-Admin to 2.31.1 2019-09-23 17:13:25 +02:00
Nazar Gargol
3712e6e01c Bumped gscan to 2.9.0 2019-09-23 16:48:21 +02:00
Rish
de106728a8 Reverted .travis.yml using std notifications
no issue

Std notifications for travis is not working well in generating slack notifications, reverted to use custom script to send Slack messages
2019-09-23 12:29:11 +05:30
Hannah Wolfe
36db3ce66f Added tests for x-request-id handling
refs 0107ac848

- added unit tests for middleware added yesterday
2019-09-23 07:34:59 +01:00
Renovate Bot
93e04b0a43 Update dependency @tryghost/members-api to v0.5.3 2019-09-23 03:25:09 +00:00
Renovate Bot
b89e3650f1
Update dependency nock to v11.3.5 2019-09-23 01:27:17 +00:00
Renovate Bot
d33fc8c8a6 Update dependency @tryghost/helpers to v1.1.10 2019-09-23 01:26:36 +00:00
Hannah Wolfe
0107ac848a Improved x-request-id handling
- Currently, we create a request ID for internal use if one isn't set & this is used in logs
- If a custom request ID is set via X-Request-ID header, this gets logged, however, we don't return this with the response
- Means that a custom ID gets lost on the way back out, and makes tracing requests through a system trickier
- This change ensures that if X-Request-ID is set on the request, it is also set on the response so that requests can be properly traced
- It's easy to set this in e.g. nginx so that the feature becomes available - Ghost doens't need to do this
- Note: also split request id handling out into new middleware
2019-09-22 18:23:45 +01:00
Fabien O'Carroll
24e730fa25 Updated members-ssr middleware to async functions
no-issue

Also updates to use Object.assign rather than req.member = value to get
around false positives from eslint:

  * https://github.com/eslint/eslint/issues/11899
2019-09-17 11:05:06 +08:00
Fabien O'Carroll
162ff4e0bf Removed POST signin functionality
no-issue

This is no longer needed as we can signin with a GET now
2019-09-17 11:05:06 +08:00
Fabien O'Carroll
73bc3ec388 Added a middleware to handle signin via a GET
no-issue

This also adds a basic check before handing of to the members-ssr
module, this should make logs a little less noisy and only log warnings
if a token was passed and that token was invalid/incorrect.
2019-09-17 11:05:06 +08:00
Fabien O'Carroll
0e60b5dea4 Updated members service usage of members-ssr@0.5.0
no-issue

members-ssr@0.5.0 changed the `membersApi` param with `getMembersApi`
2019-09-17 11:05:06 +08:00
Fabien O'Carroll
531e217b82 Protected members middleware with a labs check
no-issue

This would have been creating a lot of noisy logs for sites without
members enabled.
2019-09-17 11:05:06 +08:00
Fabien O'Carroll
a3940ef9db Simplified urlUtils require path
no-issue

This was previously going to a parent directory which was shared by both modules
2019-09-17 11:05:06 +08:00
Fabien O'Carroll
01fca3ec2c Installed @tryghost/members-ssr@0.5.0
no-issue

This includes changes that can be used to signin via a GET request
2019-09-17 11:05:06 +08:00
Renovate Bot
2f86894dff Update dependency knex to v0.19.4 2019-09-16 04:25:49 +00:00
Renovate Bot
21b9ba893a Update dependency image-size to v0.7.5 2019-09-16 03:26:55 +00:00
Fabien O'Carroll
359d89d897 Logged out members signin link in development
no-issue

This makes it easier to test locally when mail config hasn't been setup
2019-09-16 09:33:45 +08:00
Renovate Bot
c82418153d
Update Test & linting packages 2019-09-16 00:28:05 +00:00
Fabien O'Carroll
8d4056a6ec Installed @tryghost/members-api@0.5.2
no-issue

This improves the logging of errors when sending magic link.
2019-09-15 11:53:29 +08:00
Fabien O'Carroll
e881caab76 Included specific member props in theme service
no-issue

This simplifies the @member prop in themes, and includes a subscribed
property
2019-09-10 17:29:04 +08:00
Fabien O'Carroll
00604bf522 Ensured events are not fired whilst being handled
no-issue

This _should_ stop double firing of API requests
2019-09-10 17:29:04 +08:00
Fabien O'Carroll
ebd42440a2 Added support for data-members-signout
no-issue

This will cause the session to be destroyed when clicking on element
with data-members-signout attr
2019-09-10 17:29:04 +08:00
Fabien O'Carroll
e59d56fe92 Improved error handling for members.js
no-issue

This now allows for an element with the data-members-error to be added
as the child of a data-members-form or data-members-plan and will be
populated with the error message when appropriate.
2019-09-10 17:29:04 +08:00
Fabien O'Carroll
9d9dae5da4 Ensure that dataset is read from correct element
no-issue

This fixes a problem where the click event is fired from a child of the element
2019-09-10 17:29:04 +08:00
Fabien O'Carroll
84dac3ddb3 Renamed button to el
no-issue
2019-09-10 17:29:04 +08:00
Fabien O'Carroll
1a92fb8619 Added loading class to data-members elements
no-issue

This is so that developers can confitionally render state based on if
the request is currently in progress
2019-09-10 17:29:04 +08:00
renovate[bot]
c3eb5c291c Lock file maintenance (#11061) 2019-09-10 09:45:45 +01:00
renovate[bot]
74fab21eb5 Update dependency mobiledoc-dom-renderer to v0.7.0 (#10937) 2019-09-10 09:36:43 +01:00
renovate[bot]
aa22de4db8 Update dependency nock to v11 (#11093) 2019-09-10 09:13:26 +01:00
renovate[bot]
07448ce034 Update dependency sqlite3 to v4.1.0 (#11034) 2019-09-10 08:58:35 +01:00
renovate[bot]
68af109d8e Update dependency bookshelf-relations to v1.3.0 (#11065) 2019-09-10 08:57:56 +01:00
Kevin Ansfield
2c5fb3d7b8 Version bump to 2.31.0 2019-09-09 17:47:56 +01:00
Kevin Ansfield
e8188f8f6b Updated Ghost-Admin to 2.31.0 2019-09-09 17:47:56 +01:00
Kevin Ansfield
ba3c26ef5c
🐛 Fixed "View site" screen in admin on private sites with separate admin url (#11098)
closes https://github.com/TryGhost/Ghost/issues/11078

Problem:
- the admin client makes an XHR request to the `/private/` endpoint when a private site is configured
- when a separate admin URL is configured this was causing 500 errors in the admin client because missing CORS headers on the endpoint was causing browsers to abort the request
- browsers will also look at the CORS headers on any resources that are the result of a redirect and abort the request if they do not allow cross-origin requests, this means allowing all requests on `/private/` is not enough

Solution:
- uses the `cors` middleware with a dynamic options function for the whole of the front-end site app
- dynamic options function allows the following requests through:
  - same-origin (browsers and non-browser agents will not send an `Origin` header)
  - origin is `localhost` or `127.0.0.1` with any protocol and port
  - origin matches the configured `url` hostname+port on any protocol
  - origin matches the configured `admin:url` hostname+port on any protocol
2019-09-09 17:42:55 +01:00
Kevin Ansfield
88659e5a52 Switched private login brute errors to correct error status code
no issue

- when too many login attempts were detected for the `/private/` form we were throwing 500 errors instead of the more appropriate 429 error that we use everywhere else for "too many request" type errors
2019-09-09 16:02:21 +01:00
Kevin Ansfield
5be63958b9 Reverted dependency oembed-parser to 1.2.2
no issue

- 1.3.1 is breaking the oembed regression tests
2019-09-09 16:00:04 +01:00
Kevin Ansfield
be71afa07d Fixed regression tests expecting relative URLs for admin redirects
no issue

- @tryghost/url-utils was bumped to 0.3.1 which fixed admin redirects returning relative rather than absolute URLs
- updates tests that were expecting relative URLs rather than absolute URLs
2019-09-09 15:52:26 +01:00
Hannah Wolfe
708927335b Added error handling for weird handlebars syntax
refs #10496

- handlebars if and unless helpers throw weird, unhelpful syntax errors
- for now, catch these errors and do something helpful with them
2019-09-09 13:03:04 +01:00
Hannah Wolfe
9abffe4396 Added guard to asset helper for missing paths
refs #10496

- currently {{asset this/is/not/a.string}} would throw a 500 error
- this commit changes that to make it throw a sensible 400 + incorrect usage error
2019-09-09 13:02:45 +01:00
renovate[bot]
5c8efd087e Update dependency @tryghost/html-to-mobiledoc to v0.6.0 (#11092) 2019-09-09 10:45:30 +01:00
renovate[bot]
fa0a399345 Update dependency oembed-parser to v1.3.1 (#10983) 2019-09-09 10:44:13 +01:00
Fabien O'Carroll
b8fc0d2bd1
Cached member data in ghost-members-ssr-cache cookie (#11096)
no-issue

* Installed @tryghost/members-ssr@0.4.0
  This now supports caching of the data returned by the members-api

* Renamed cookies set by members-ssr
  As discussed with @ErisDS I have prefixed these cookies with `ghost`
2019-09-09 17:39:46 +08:00
Fabien O'Carroll
9447165e0a Alphabetically sorted dependencies in package.json
no-issue

When installing new packages yarn sorts them alphabetically, this meant
that installing/updating packages would have extra changes which would
be noisy either to developers or the git history.
2019-09-09 17:33:47 +08:00