refs https://github.com/TryGhost/Team/issues/2393
- During boot and loading the active theme, we now cache the result of
the gscan validation. Cache configuration can happen in
`adapters.cache.gscan`
- We now also return non-fatal errors when activating or adding a theme.
- When the `themeErrorsNotification` feature flag is on, we fetch the
active theme (which includes the validation information) when loading
admin
- If the currently active theme has errors, we show an error
notification that can open the error modal
- Added a new endpoint: `/ghost/api/admin/themes/active/` that returns
the result of the last gscan validation of the active theme. If no cache
is available, it will run a new gscan validation.
- Added new permissions for the active action/endpoint (author, editor,
administrator)
closes https://github.com/TryGhost/Team/issues/2241
- as part of the authenticated application setup, update the captured Sentry data with the user role
- helps narrow things down when we see permission errors pop up due to requests being made for endpoints that the current user doesn't have permission to access
refs https://github.com/TryGhost/Team/issues/2110
- dynamically defined properties on the config service did not have
autotracking set up properly if they were accessed in any way before the
property was defined, this caused problems in a number of areas because
we have both "unauthed" and "authed" sets of config and when not logged
in we had parts of the app checking for authed config properties that
don't exist until after sign-in and subsequent config re-fetch
- renamed `config` service to `configManager` and updated to only
contain methods for fetching config data
- added a `config` instance initializer that sets up a `TrackedObject`
instance with some custom properties/methods and registers it on
`config:main`
- uses application instance initializer rather than a standard
initializer because standard initializers are only called once when
setting up the test suite so we'd end up with config leaking across
tests
- added an `@inject` decorator that when used takes the property name
and injects whatever is registered at `${propertyName}:main`, this
allows us to use dependency injection for any object rather than just
services or controllers
- using `application.inject()` in the initializer was initially used but
that only works for objects that extend from `EmberObject`, the
injections weren't available in native-class glimmer components so this
decorator keeps the injection syntax consistent
- swapped all `@service config` uses to `@inject config`
fixes: https://github.com/TryGhost/Ghost/issues/15291
- An attempt to improve re-authenticate modal toggle - show re-authenticate modal every time user save (ctrl/cmd + s)
- An attempt to fix redirection when user re-login on different tab. Prevent redirection to sign-in page since the user already logged in on another tab.
- Re-enable `editor` test on `authentication-test.js`
no issue
The `config` service has been a source of confusion when writing with modern Ember patterns because it's use of the deprecated `ProxyMixin` forced all property access/setting to go via `.get()` and `.set()` whereas the rest of the system has mostly (there are a few other uses of ProxyObjects remaining) eliminated the use of the non-native get/set methods.
- removed use of `ProxyMixin` in the `config` service by grabbing the API response after fetching and using `Object.defineProperty()` to add native getters/setters that pass through to a tracked object holding the API response data. Ember's autotracking automatically works across the native getters/setters so we can then use the service as if it was any other native object
- updated all code to use `config.{attrName}` directly for getting/setting instead of `.get()` and `.set()`
- removed unnecessary async around `config.availableTimezones` which wasn't making any async calls
no issue
- needed for embroider compatibility
- the package we have installed is `@sentry/ember` not `@sentry/browser` so the imports fail when built by webpack
https://github.com/TryGhost/Admin/pull/2286
- `session.authenticate()` returns from it's promise as soon as the authenticate request is completed but it was assumed that it returned after the `session.handleAuthentication()` promise was also completed. A side-effect of that was that depending on network timing, the setup flow could transition to the dashboard before we had loaded all of the necessary user, config, and settings requests
- normally that's not a problem because `handleAuthentication()` kicks off a transition once authentication is fully complete, in the setup flow we're handling the transition manually so need a way to manage the full async flow from outside of the session service
- it didn't show up as a problem previously because the setup flow transitioned to a third setup screen that didn't require all of the post-auth data to exist
- moved the async parts of `session.handleAuthentication()` into a task and updated to return the currently running task instance if one was already running
- lets code that is relying on the full authentication flow to have completed call `await this.session.handleAuthentication()` without causing a double-load of the post-auth API requests
- updated setup flow
- removed manual `session.populateUser()` call as that was a workaround for the async timing issue and caused a double-fetch of the current user API endpoint
- added an `await this.session.handleAuthentication()` call to the manual post-auth handler so we don't transition until the full auth flow is complete
no issue
- if the automatic private site login fails during post-auth setup, don't fully error because that will block Admin from loading properly
- the automatic login is a nice-to-have and making it look like it worked won't break anything that wouldn't already be broken when the browser is blocking x-domain requests
closes https://github.com/TryGhost/Team/issues/1161
- when a site is in private mode, design previews, the portal previews on membership, customize portal and offer pages were unable to load.
- For design and theme previews, the request to fetch preview data was failing due to cors and cookie not attached when admin and frontend have split urls.
- For portal and offer previews, there was no authentication done on private site before load, so if user opened the pages directly on them it failed to load the site.
- this change adds a new service that authenticates private site from admin as soon as user session is loaded, so previews on settings will always find the authenticated session for private sites and load correctly.
- it also updates fetch method for previews to include credentials so they are always able to fetch the site data after login
- removes authentication from site route since that was done as its now centrally taken care of by the frontend service
refs https://github.com/TryGhost/Team/issues/884
Drop-to-upload functionality was lost in the first version of the new feature image uploader inside the main editor area, this adds it back in.
- fixed dropzone flickering issue by switching the event listeners to the capture rather than bubble phase so we can indicate a drag is occurring on the body without each individual drag/drop handler needing to know about it
- moved the event handler init/cleanup to the `ui` service
- moved the event handler init call to the application service as it no longer requires auth to have occurred for access to the labs flag setting
- removed the `featureImgDragDrop` labs flag
refs https://github.com/TryGhost/Team/issues/884
- add `[data-user-is-dragging]` to `body` element when any drag is occurring so that we can make drop zones active
- added dropzone and drop handling to feature image component
refs 8630be5a87
- referenced commit skipped current user and proxy service population when `skipAuthSuccessHandler` was set but the population is needed during setup
- `skipAuthSuccessHandler` is used for skipping the post-authentication transition rather than skipping all post-auth behaviour so the the post-auth behaviour was reintroduced but put in a guard so we don't try to do it again when it's already been run
closes https://github.com/TryGhost/Team/issues/865
Ghost now returns a forbidden error rather than an unauthorized error when saving whilst logged out so the session invalidation was not being triggered.
- added forbidden check to ajax service to trigger session invalidation
- added automatic retry of save in editor when re-authenticating
- fixed re-population of user and proxy services when re-authenticating, it's not needed at that point because nothing has been cleared
no issue
Having `session.user` return a promise made dealing with it in components difficult because you always had to remember it returned a promise rather than a model and had to handle the async behaviour. It also meant that you couldn't use any current user properties directly inside getters which made refactors to Glimmer/Octane idioms harder to reason about.
`session.user` was a cached computed property so it really made no sense for it to be a promise - it was loaded on first access and then always returned instantly but with a fulfilled promise rather than the underlying model.
Refactoring to a synchronous property that is loaded as part of the authentication flows (we load the current user to check that we're logged in - we may as well make use of that!) means one less thing to be aware of/remember and provides a nicer migration process to Glimmer components. As part of the refactor, the auth flows and pre-load of required data across other services was also simplified to make it easier to find and follow.
- refactored app setup and `session.user`
- added `session.populateUser()` that fetches a user model from the current user endpoint and sets it on `session.user`
- removed knowledge of app setup from the `cookie` authenticator and moved it into = `session.postAuthPreparation()`, this means we have the same post-authentication setup no matter which authenticator is used so we have more consistent behaviour in tests which don't use the `cookie` authenticator
- switched `session` service to native class syntax to get the expected `super()` behaviour
- updated `handleAuthentication()` so it populate's `session.user` and performs post-auth setup before transitioning (handles sign-in after app load)
- updated `application` route to remove duplicated knowledge of app preload behaviour that now lives in `session.postAuthPreparation()` (handles already-authed app load)
- removed out-of-date attempt at pre-loading data from setup controller as that's now handled automatically via `session.handleAuthentication`
- updated app code to not treat `session.user` as a promise
- predominant usage was router `beforeModel` hooks that transitioned users without valid permissions, this sets us up for an easier removal of the `current-user-settings` mixin in the future
refs https://github.com/TryGhost/Admin/pull/1901
Ember has deprecated mixins in preparation for 4.0 and `ember-simple-auth` has now done the same in 3.1.0.
- removed all imports of Ember Simple Auth mixins
- moved authenticated and invalidated handling from application route to session service
- moved server-notification loading from application route to session service
- updated `AuthenticatedRoute` to use the session service directly rather than authenticated route mixin
- added `UnauthenticatedRoute` that incorporates the behaviour from our overridden `UnauthenticatedRouteMixin` and switches to using the session service directly
closes https://github.com/TryGhost/Ghost/issues/10995
- when first loading the site preview, if private mode is enabled submit the login form in the background to get the cookie before loading the iframe
- refactors post-authentication preloading to ensure it occurs before post-authentication route hooks are called
- adds `showSuccess` attribute to `<GhTaskButton>` so that when set to `false` it can stay in the running state after "success" to avoid state change flashes whilst waiting for a transition
closes https://github.com/TryGhost/Ghost/issues/10629
- the error was occurring due to `session.user` CP being populated with a rejected promise when attempting to access the first route. The CP has no dependent key so any further attempts to access `session.user` would be rejected
- marking the CP as "changed" immediately after logging in means that the next request will create a new promise and successfully fetch the user
no issue
- ran [es5-getter-ember-codemod](https://github.com/rondale-sc/es5-getter-ember-codemod)
- [es5 getters RFC](https://github.com/emberjs/rfcs/blob/master/text/0281-es5-getters.md)
- updates the majority of `object.get('property')` with `object.property` with exceptions:
- `.get('nested.property')` - it's not possible to determine if this is relying on "safe" path chaining for when `nested` doesn't exist
- `.get('config.x')` and `.get('settings.x')` - both our `config` and `settings` services are proxy objects which do not support es5 getters
- this PR is not exhaustive, there are still a number of places where `.get('service.foo')` and similar could be replaced but it gets us a long way there in a quick and automated fashion
no issue
- upgrade to latest `ember-source` and related dependencies including `ember-cli`
- upgrade to latest `ember-mocha` and modern ember testing setup
- https://github.com/emberjs/rfcs/blob/master/text/0268-acceptance-testing-refactor.md
- switch from using global acceptance test helpers and `native-dom-helpers` to using the new `ember-test-helpers` methods
- use [`chai-dom`](https://github.com/nathanboktae/chai-dom) assertions where in some places (still a lot of places in the tests that could use these)
- pin `ember-in-viewport` to 3.0.x to work around incompatibilities between different versions used in `ember-light-table`, `ember-infinity`, and `ember-sticky-element`
- incompatibilities manifested as "Invalid value used as weak map key" errors thrown when using `ember-light-table` (subscribers screen)
- pin `ember-power-datepicker` to unreleased version that contains a move from global acceptance test helpers to modern test helpers
no issue
Automated tools, code generators, and editor integrations are increasingly standardising on the import style used in `ember-modules-codemod`. Our import style differed a little with regards to service/controller injection imports which meant we were starting to see inconsistent naming.
no issue
- add eslint-plugin-ember, configure no-old-shims rule
- run `eslint --fix` on `app`, `lib`, `mirage`, and `tests` to move imports to the new module imports
- further cleanup of Ember globals usage
- remove event-dispatcher initializer now that `canDispatchToEventManager` is deprecated
refs https://github.com/TryGhost/Ghost/issues/5168
- adds a `tour` service that handles syncing and management of tour throbbers & content
- adds a `gh-tour-item` component that handles the display of a throbber and it's associated popover when clicked
- uses settings API endpoint to populate viewed tour items on app boot/signin
- adds `liquid-tether@2.0.3` dependency for attaching throbbers and popups
- adds initial tour contents
no issue
- adds `eslint-plugin-sort-imports-es6-autofix` dependency
- implements ESLint's base `sort-imports` rule but has a distinction in that `import {foo} from 'bar';` is considered `multiple` rather than `single`
- fixes ESLint's autofix behaviour so `eslint --fix` will actually fix the sort order
- updates all unordered import rules by using `eslint --fix`
With the increased number of `import` statements since Ember+ecosystem started moving towards es6 modules I've found it frustrating at times trying to search through randomly ordered import statements. Recently I've been sorting imports manually when I've added new code or touched old code so I thought I'd add an ESLint rule to codify it.
supersedes #6773
- update `feature` service and `gh-feature-flag` component to work synchronously rather than async
- use the application route's `afterModel` hook so that settings are loaded before first load
- override `session` service's `authenticate` method to load the settings after successful authentication before any other routes are processed
no issue
- add ember-suave dependency
- upgrade grunt-jscs dependency
- add a new .jscsrc for the client's tests directory that extends from client's base .jscsrc
- separate client tests in Gruntfile jscs task so they pick up the test's .jscsrc
- standardize es6 usage across client