Progress on #2095
- Add new AppPermissions class with read() method
- has default permissions to read and browse posts
- uses default permissions if no package.json
- uses default permissions if no ghost object in package.json
- errors when reading malformed package.json
- uses ghost.permissions if found in package.json
closes#2138
- Adds new models for AppField and AppSetting
- Removed permitted attributes from App model (handled by base)
- Added reference from Post to AppFields
- Added fixture data to DataGenerator
- Added integration tests for Apps, AppSettings, AppFields
- Added import for Apps
- Added app_fields to default fixtures
- Pass permissions loading to buildObjectTypeHandlers to eliminate
shared state
- Load both app and user permissions to check
- Check app permissions if present
- Create apps table and App model
- Move effectiveUserPermissions to permissions/effective
- Change permissable interface to take context; user and app.
- Add unit tests for app canThis checks and effective permissions
closes#2580
- added new format to post API methods
- added post object parsing and wrapping to admin
- removed unused ‚user‘ object from API response
- updated tests
issue #2273
- test draft/page/published label
- test green add new post button
- test status and author in preview header
- test edit post button
- test delete modal
close#2443
- Refactor API tests from `/core/test/functional/api` to
`/core/test/functional/routes/api`, using supertest instead of request
- Remove `core/test/functional/api` folder
closes#2563
- build path relative to imagesPath (which contains the custom content path)
instead of appRoot
- added test for custom content path
- added logic to tests for Windows url building to handle cases where Windows
functionality is being tested on a unix operating system
closes#2442, issue #2182
- Server start refactored - messaging is just messaging, deferred resolves the httpserver so that the connection can be closed
- Updated travis config to set node env
- Updated example config to be less travis-specific
- Route tests updated to use this new functionality
- Grunt test-routes simplified
Closes#2513
- Checks for property `error.hbs` on active theme
- Added unit test to ensure `error` view is rendered when activeTheme has
a custom error template.
- Removed unused variable, `userErrorTemplatePath` from errorHandler
- Refactored errorHandler.`updateActiveTheme` to take one argument, the new active theme, and to then check if the active theme has an error.hbs
- Changed errorHandler unit test to use rewire for mocking config.
closes#2261
- reserved 'feed' in the list of reserved keywords for slugs
- added a 301 redirect from /feed/ to /rss/
- added a route test, and realised that standard express redirects don't get the right headers
- fixed the headers across all 301 redirects & added tests for the admin redirects
- removed the redirect from /ghost/login/ to /ghost/signin/ as this happens automatically if you're logged out, and isn't very useful if you're logged in as it just redirects again to /ghost/
closes#2148
- Added core/server/xmlrpc.js
- Hook into post::saved to ping when a published post gets saved
- Added node package to hook into http requests
issue #2312
- The typography extension is still interfering in HTML blocks, reference style links and other bits and pieces it probably shouldn't be :(
- We'll add it back when it's ready.
fixes#2385
- stolen the CM shim from js-bin
- if we're on a touchscreen device, don't use CM
- if we're on a touchscreen device, show a coming soon message for uploads
fixes#2075
- Updates knex to latest version
- Fixes expected value in page test
- Change fixture insertion to be sequential
- Add orderBy to insertMorePostsTags fixture helper
fixes PR#2395
- in editor_test.js line 272, I wait until the post settings menu appears, and THEN also wait until the delete post button appears, rather than just waiting for the first condition, this can result in a race condition which has been seen.
- in editor_test.js line 229, I click on the tag, then wait until it disappears, rather than asserting the tag doesn't exist immediately. This could potentially result in a race condition, but I have not seen it yet.
- in editr_test.js line 315, I click on the delete post button, and now wait for the modal container to appear before clicking the accept button. This could result in a race condition, but I have not seen it yet.
references #2273
- test tag creation and tag deletion
- tests image uploader appears after typing `![]()` in editor
- tests image URL matches url inside ``
- tests all input elements of post settings menu
closes#2260
- added routes for /tag/:slug/rss and /tag/:slug/rss/:page
- added support for tag in the rss controller
- added route tests for each extra case
- fixing a tiny typo in some test descriptions
references #2273
- added a test that clicks on both upload (image/cover) buttons and tests the same testing function on them since both modals are exactly the same
- the testing function checks for the '.js-drop-zone.image-uploader' selector, then clicks accept, and tests that a blank success notification appears
- shifted the test email test validation upwards so the ordering of tests matches the ordering of the UI elements
issue #2305
- changed validation for 'page' to expect '0' or '1', rather than 'true' or
'false'
- Added a 'can change a post to static page' test
- Added a 'can change a static page to a post' test
Closes#1379
- Convert to new api usage for both server-side and client-side
- Provide way require a negative response for boolean methods in
default-settings.json
- Add field validation functional tests
- Settings (General)
- Title length validation
- Description length validation
- postsPerPage, numeric, min, max
- Settings (User)
- Bio Length validation
- Location length validation
- Url validation
- Login
- Email validation
- Editor
- Title required validation
fixes#2272
- Remove libraries from shared/vendor
- Remove libraries from client/assets/vendor
- Add bower to package.json and postinstall
- Add bower.json with dependencies
- Add scripts from bower_components to concat/uglify
- Fix tests
- Serve jquery from /ghost/built/theme/
closes#2328
- added check for tag in coreHelpers.meta_title and use if set
- added test for correct title on tag pages
Rewritting to tag - blogtitle based on comments from PR
first 10 % of #2124
- added initial version of JSON API tests
- renamed error.errorCode to error.code
- renamed tags.all to tags.browse for consistency
Closes#2083
* Added hbs template for apps listing
* Added settings to read the activeApps
* Added viewcontrol to activate / deactivate apps
* Added API handler to store activeApps (by `name` in the `package.json` file)
* On button click it turns the button into "Working" and changes class to `button` (grey one)
* On success, rerenders the pane, adds success notification about apps being saved
* On error, rerenders the pane, adds error notification with error message
Missing:
* tests: couldn't figure out how to add mock apps with mock package.json data
* actually registering, etc, re #2140
* icon from the sidebar
no issue
There seemed to be no convention or order to the functions in the admin controller, so I have:
- organised them
- reordered them
- added a small doc-block
- reordered some routes
- updated tests accordingly
This change is needed because the previous default of the user's email
address is too often mismatched against the site domain, triggering spam filters.
Fixes#2145
- added `fromAddress()` to GhostMailer to handle this logic
- added unit tests to `mail_spec.js`
fixes#1969
- creates new ./server/helpers/tempalte.js method
which returns the correct view to use when rendering
- updates fronted controller to check if a custom page template
exists and if so then uses that to render the static page
- adds additional class name to body_class helper when
a custom page template is being rendered
- adds tests to address all new features
#closes #1655
- removed models as parameter for bookshelf-session
- changed to read permittedAttributes from schema.js
- changed updateTags to be executed at saved event
- added validate to execute after saving event
- added test for published_at = null (see #2015)
- fixed typo in general.hbs
fixes#2111
- modified Post model to support a tag query
param that will filter the desired post collection
to only include posts that contain the requested tag
- in the updated Post model it includes the Tag model
under a nested object called 'aspects'
- added tests for updated Post model, updating
test utils to add more posts_tags relations
- adds two new routes to frontend,
one for initial tag page,
another to page that tag page
- for tag pages the array of posts
is exposed to the view similarly
to the homepeage
- on the tag view page the information
for the tag is also accessible
for further theme usage
- the tag view page supports a hierarchy of
views, it'll first attempt to use a tag.hbs
file if it exists, otherwise fall back
to the default index.hbs file
- modified pageUrl and pagination helper
to have it be compatible with tag paging
- added unit tests for frontend controller
- added unit tests for handlebar helper modifications
- add functional tests for new tag routes
closes#2171
- added authentication middleware
- removed authentication from routes
- moved authentication before CSRF validation
- moved caching rules before authentication
- changed/added test
Closes#2081
* Amended require-tree to populate availableThemes and availablePlugins to use full file names (`basename.ext`) as keys instead of just basename. This way `image.jpg`, `image.png`, `image.gif` won't overwrite the `image` key.
* Amended require-tree to allow package.json file parsing to return the contents of the file as json on the `package.json` key.
* settings api populates theme data `package` if it exists. Otherwise it assigns `false` to it
* `general.hbs` (salute) was reworked to if there is the package key on the theme is not false, it will use the `name` and `version` keys of that. You can break it by not having a `name` or `version` in the package.json file.
* Added error and warning messages for package.json file parse errors and misses
fixes#2112
refs #1833
- modified config.urlFor to handle tag pages
- modified {{#tags}} handlebars helper to autolink to
tag pages. Additional autolink="false" parameter can
be used to deactivate autolinking
- modified url handlebars helper to handle tags
- added isTag function to schema
- added unit test for additional urlFor functionality
- added unit test for {{#tags}} helper modifications
- added unit test for url handlebards helper
fixes#2057
- uses express’ Route object to create RegExp’s
that we use to check the incoming path
- refactored structure of fronted controller single
tests to be easier to read
- amend regex to incorporate new allowed permalink
structure
ghost as a npm module
- modifies main script file to allow it to
take in an options object that currently
supports an express instance or a config file path
- added tests
closes#2106
- downsize 0.0.5 contains the fix to accept single quote found inside a double-quote string or vice-versa
- created unit tests to properly check this scenario
addresses #1789, #1364
- Moves ./core/server/loader -> ./core/bootstrap.
The bootstrap file is only accessed once during startup,
and it’s sole job is to ensure a config.js file exists
(creating one if it doesn’t) and then validates
the contents of the config file.
Since this is directly related to the initializing
the application is is appropriate to have
it in the ./core folder, named bootstrap as that
is what it does.
This also improves the dependency graph, as now
the bootstrap file require’s the ./core/server/config
module and is responsible for passing in the validated
config file.
Whereas before we had ./core/server/config
require’ing ./core/server/loader and running its
init code and then passing that value back to itself,
the flow is now more straight forward of
./core/bootstrap handling initialization and then
instatiation of config module
- Merges ./core/server/config/paths into
./core/server/config
This flow was always confusing me to that some config
options were on the config object, and some were on
the paths object.
This change now incorporates all of the variables
previously defined in config/paths directly
into the config module, and in extension,
the config.js file.
This means that you now have the option of deciding
at startup where the content directory for ghost
should reside.
- broke out loader tests in config_spec to bootstrap_spec
- updated all relevant files to now use config().paths
- moved urlFor and urlForPost function into
./server/config/url.js
closes#2114
- instead of putting author in feedOptions of node-rss, it was moved to itemOptions
- supplying author: user ? user.name : null in itemOptions will still result to creating a dc:creator tag inside item tags so the info needed to have the author is still there like before
- node-rss should however still fix this quirk to not have that nasty author tag in channel tag when you supply author in feedOptions
fixes#1782
- added builtFilesExist function to check for files during startup.
If built files do not exist Ghost startup is stopped and a link
to the documentation is displayed.
- exported a scriptFiles object from server/helpers.
- added a builtScriptPath to the paths module.
- removed "js-msg" about missing javascript from the UI.
closes#1947
- added fieldtype: medium for posts.html
- changed fieldtype: medium for posts.markdown
- added method to fix databases created with wrong field type
- added tests for database version 002
fixes#1498
- emails are no longer converted to lowercase, local mailbox can validly
be mixed case
- getByEmail uses JS to compare emails to ensure we can support unicode
- tests that users can be retrieved by their email address with case
insensitivity
closes#1932
- added showUpdateNotification with version check
- added temp workaround for boolean values in database
- changed default value from false to null
- updated tests
Fixes#1907
Refactored `updateTags` to correct a loop issue where the `insert`
method was mistakingly being passed rather than `update`, triggering a
duplicate PK SQL error.
closes#1880
- added `rss` to core/server/models `generateSlug` reserved keywords
- added integration test for safe slug generation to core/test/integration/model/model_posts_spec.js
closes#1464
- adds opt-out via updateCheck:false in config.js
- update check is done on admin index, but doesn't interfere with rendering
- adds update check module, which gets the usage data, makes the request and handles the response
- adds two new settings to default-settings, one for next check time, and one for whether to show the notification
- adds a new rejectError method to errorHandling
- adds a new helper for displaying the notification
Conflicts:
core/server/helpers/index.js
core/test/unit/server_helpers_index_spec.js
issue #1378fixes#1328
- xss santization does some odd things. This isn't needed until we have multi-user support, and we are investigating better solutions.
fixes#1765fixes#1811
issue #1833
New UrlFor functions
- moved body of url helper to config.path.urlFor, which can generate a URL for various scenarios
- urlFor can take a string (name) or object (relativeUrl: '/') as the first
argument - this is the first step towards issue #1833
- also added config.path.urlForPost which is async and handles getting
permalink setting
- frontend controller, ghost_head helper, cache invalidation all now use
urlFor or urlForPost all urls should be correct and consistent
URL Consistency Improvements
- refactored invalidateCache into cacheInvalidationHeader which returns a
promise so that url can be generated properly by urlForPost
- moved isPost from models to schema, and refactored schema to have a tables object
- deleted posts now return the whole object, not just id and slug,
ensuring cache invalidation header can be set on delete
- frontend controller rss and archive page redirects work properly with subdirectory
- removes {{url}} helper from admin and client, and replaced with adminUrl
helper which also uses urlFor
- in res.locals ghostRoot becomes relativeUrl, and path is removed
fixes#1810
- updates frontend.single route to accept ‘edit’
as the last param
- updates controller.frontend to handle redirection
only when we would otherwise have rendered the page
- added unit tests for this behavior
- Currently the test is taking the response date
which is in UTC and passes it through moment()
which by default parses input as local time. We
then add 12 hours to this now local time
and when compared against the response set-cookie
header the time spread is wrong.
- To fix we’re parsing the response date with
moment.utc which parses the date in UTC.
closes#1470
issue #1405
- added cache control middleware
- added defaults for all routes, assets, etc
- updated asset helper to add a query string with a timestamp hash to all assets
- added unit tests for asset and ghostScriptTags helpers
- added cache-control checks to route tests
fixes#1800
- changed permalink regex to require 4/2/2/slug
- changed url helper to enforce the same
- changed permalink toggle to set a specific state, this means the
functional tests are independent again
- chnaged permalink toggle to wait for the settings page to load
- change as many frontend tests to not login as possible
closes#1757 and #1773
- switches routes.frontend for posts and pages
to use a regex with two capturing groups. This removes
the need to dynamically remove an express route at a
later point, leaving the decision making to frontend
controller.
- added unit tests for all routing conditions that
can arise for posts and pages.
- updated functional tests to also test for same thing
in unit tests
- removes old code from server/api/index that used
to fix this issue, but is no longer needed
- removed some un-needed require statements in routes/admin
closes#1777
- Uses coreHelpers.url to resolve post url instead of assuming it is siteUrl + post.slug
- Functional feed tests now check for content instead of just rss tags
closes#1681
- import doesn't override user credentials
- import doesn't override theme
- import doesn't kill session
- import does refresh the settings cache
- updated tests, they now use a fixture instead of a generated export
- tests check to ensure import is safe
issue #1754
- remove path (it was only used once, and not needed)
- change webroot to subdir
- add unit tests for config.paths
- various other cleanup
- renamed client-side ghostRoot to subdir
- added url helper for client
fixes#1696
- this is a temp workaround until full fledged support
is added directly to bookshelfjs
- when importing we use the import json blob’s timestamps
as the value that’s set in the DB
- added tests for this change
fixes#1749
- pass config().url into theme.update
- rename paths functions to match theme function
- adds tests for theme config
- We should probably try to eliminate passing config.url around
closes#1303
- removed where and orderBy from being passed from the API through to bookshelf, and ultimately knex
- ordering is now consistent across both front and backend, which fixes#1303
- validated / cleaned up all the API parameters
- added API tests for the status and staticPages parameters
fixes#1703, fixes#1712
- featured star appears immediately for both draft and published items
- featured star is never red & alignment /style is updated
- improved markup and styling of statuses in general
- added to feature tests
closes#1640closes#1672
- changed to include config using require
- deleted has_tag helper
- deleted json helper
- removed fileStorage and ghostScriptTags helpers from frontend
- added fileStorage and url helper to admin
closes#1203
- Update express-hbs module to the new version (0.5.2)
- Use two instance of hbs one for the theme and an other for the admin
- Template helpers are register as partial view
- Partial views of the theme are reload when the theme changed
Remove clear partial cache in handlebars
This code will be move in `express-hbs`.
This doesn't cause a problem to remove this line but it is not clean.
Remove unused hbs instance
Resolve conflict
fixes#1644
- Fixes bug in controller/frontend
- Created functional test for posts API to test for this bug
- Created unit tests for frontend controller
- Fixed a global variable leak in core/test/utils/fixtures/data-generator
that was leaking the DataGenerator globally
- Resolved issue that arose from fixing above bug
fixes#1575
- Moves most code that was in ghost.js into ./core/server/index.js
- Creates ./core/server/config/theme.js to hold all theme configurations
(which previously lived on ghost.blogGlobals())
- Removed ghost.server, passing it in as an argument where needed
and allowing middleware to hold onto a reference for lazy use.
covers 90% of #755
- moved ghost.settings to api.settings
- moved ghost.notifications to api.notifications
- split up api/index.js to notifications.js, posts.js, settings.js,
tags.js and users.js
- added instance.globals as temp workaround for blogglobals (Known
issue: blog title and blog description are updated after restart only)
- added webroot to config() to remove `var root = ...`
- changed `e` and `url` helper to async
- updated tests
Closes#499
* On wrong passwords, statuses: `active` -> `warn-1` -> `warn-2` -> `warn-3` -> `locked`
* On login check, if user's status is `locked`, login automatically fails and user is encouraged to reset password. Does not even bother to check for passwords.
* login attempts tell user how many attempts she has remaining in notification box
* successful login will reset status to `active`
* resetting password with forgotten password emailed token resets status to `active`
* complete with a test suite
Move helper functions registerThemeHelper and registerAsyncThemeHelper
to the helpers module.
Also update the app proxy object to reflect this new code location,
and the tests to reflect that as well
Create ./sore/server/filters which houses all filter related behavior.
Was previously on the ghost singleton.
Also create the filters_spec file for testing
and update all code and tests to use new code location.
Create ./sore/server/helpers/template which houses all template related behavior.
Was previously on the ghost singleton.
Also create the helpers_template_spec file for testing
and update all code and tests to use new code location.
Move ghost.mail instance onto the mail module directly
and update related code and tests to use new location
Move Polyglot instance onto require module directly
Move ghost.availablePlugins to plugins module directly
- changed cookieSession to session
- added session.regenerate for login and logout
- added bookshelf session store
- added session table to database
- added import for databaseVersion 001
- added grunt task test-api
- cleanup of gruntfile to start express when needed only
- moved api tests to functional tests
Closes#1471
- add api and User model methods for generating and validating tokens
- add routes and handlers for reset password pages
- add client styles and views for reset password form
- some basic integration tests for User model methods
closes#1398closes#1399closes#1400
- added schema.js with database version '000'
- refactored migration to use schema.js
- if new table is added to schema.js and databaseVersion is increased, table will be added
- if new table is deleted to schema.js and databaseVersion is increased, table will be deleted
- alter table from issue #1400 is delayed until knex supports column modification
- changed import pre checks to work again (will be refactored separately)
- added basic PostgreSQL support (Attention: not supported/tested)
- changed error handling in server.js
issue #635
- upload controller shouldn't assume fs
- filesystem module proxies all the fs work
- proxies and exposes middleware for serving images
- creating a date based path and unique filename is a base object util
- unit tests updated
closes#1396
- moved core/test/unit/api* to core/test/integration/api/
- moved core/test/integration/model* to core/test/integration/model/
- moved core/test/unit/utils to core/test/utils
- moved core/test/unit/fixtures to core/test/utils/fixtures/
- changed gruntfile.js to execute api tests with target 'integration'
closes#1189
- added tests
- added request module
- added status codes to API calls
- fixed return values of API calls
- fixed that drafts caused an error when being deleted
- fixed X-Invalidate-Cache headers
- moved testUtils.js to utils/index.js
closes#1373
- Note that the tests fail if you run them pre #1363, thus future proofing us from this happening again.
- Added submodule handling to travis
- Added a new test for each of the home and post pages
issue #769
- Refactor doFilter to allow returning a promise from a filter handler
and to also return a promise itself
- Move the logic out of the registerThemeHelper calls and into their own methods so
we could test them in isolation.
- Assign the server to the ghost instance so the initPlugins method can
get access to it.
- Increased post-settings width to properly display "Static Page"
- Changed templates to display "Static Page" if set
- Added unit test for body_class helper
fixes#969
Fixes#1124
- Updated default mocha timeout to 15 seconds. Any future tests that
depend on a timeout (and thus might be better off with a lower value)
can override the default setting which is now 15 seconds.
- Removed test-specific timeout overrides for the mocha tests.
- Fixed the editor/splitbutton tests to wait for the appropriate
selector instead of assuming the dom has been updated immediately.
Should resolve intermittent timeouts when checking the splitbutton's
applied classes.
Fixes#1064
- Updated grunt config for unit and functional tests to remove the test
database after each is run.
- Cleaned up a couple of issues with the functional tests that may have
been causing travis builds to fail randomly, including: the start page
is now `about:blank` instead of whatever page the last test suite left
off at, added some checks in the logout tests to ensure they're truly
independent of the other test suites.
closes#942
- insert custom middleware to check for blacklisted files
- redirect to express.static if file accepted
- if not valid return next() to do nothing
- currently black listing .hbs, .txt, .md and .json
- debatable which is best, black list or white list, either one will probably need tweaks but erred on side of letting
a theme serve unknown types
issue #938
- rather than using escape, use node-validatiors santize function which is designed for preventing xss vectors
- added listener for changes to both editor and settings page
- added more sanitization to the user model
- consistently use triple-braces when outputting blog post titles
Fixes#362
- There is no need to set the viewport on functional tests anymore
unless something other
than the default of 1280x1024 is desired.
- There is no need to invoke `casper.run` to trigger `test.done`
anymore for functional tests.
- Each test works independently of the rest; registration is handled
once for the lifetime of the test run and then login/logout can be
invoked automatically as desired.
- Mocha tests all utilize predefined, more realistic fixtures when
appropriate.
- Renamed old api tests that were really model tests as appropraite.
- Added example api test for posts.
issue #858
- there is no guaranteed order to arrays, so sort before testing them
- tests run much faster, date comparisons fail
- settings tests are more explicit, otherwise they fail random validations
- dates must be inserted as date objects
closes#865
- rejigged markdown to have some functionality before showdown runs, and other functionality before.
- autolinking now happens last, so it can be smarter
Added a couple sanity checks to the config during the loadConfig call.
- Check that the config exists for the current NODE_ENV
- Check that the config.url exists and is valid structure
- Check that the config.database exists
- Check that the config.server exists and has a port and host value
closes#705
- uses the file type passed by express/connect
- relies on the type being set correctly by the browser upload
- doesn't reread the file to check
Fixes#825
- Changes the way the error middleware is delivered in server.js, moving
all the logic back into errorHandling.js
- Alters error logging to use console.error (probably more appropriate) instead
of console.log
- Changes error tests to accomodate for these alterations
- Alters user-error and error hbs templates to incorporate stack traces
- Adds additional styling for error pages to accomodate stack traces
- Added logic to parse and deliver formatted stack traces
Notes:
======
- Jslint gets in the way of the regex I've got to use to parse the stack.
(It cites 'security reasons' which are not relevant in this case.)
I needed to add a condition to relax it at the top of errorHandling.js
- The stack trace should probably be added as a partial, but I figured it
was out of scope for this PR.
closes#502
part of #705
- copy the files but then remove the temporary ones
- moving instead of copying was problematic due to moving across devices
- still need to convert code to using promises
closes#295
- Maintain a list of markers for CodeMirror which reference image codes
- Upload start triggers a selection
- Upload success replaces the selection
- No ref-style image markdown handling
- Showdown image URL handling improved at the expense of titles
- Tests updated
Fixes#258
- Modified post collection to have default values for paging.
- Added scroll handler to content view to check for more posts and load
as appropriate.
- Sanitized result from server-side post paging, ensure page # is
returned as an integer.
- Added a functional test stub.
