Commit Graph

8186 Commits

Author SHA1 Message Date
Daniel Lockyer
a769bbe86c Fixed 500 error when deleting items that don't exist
fixes #11723

- when deleting an invite/label/tag/webhook that doesn't
  exist, Ghost would throw a 500 error
- this commit catches the NotFoundError
- also rejects from model if nothing was found
- spotted in Sentry
2020-04-13 16:13:33 +01:00
Daniel Lockyer
946f7b872f Returned Promise.reject instead of throwing error
no issue

- brings in line with other code changes
2020-04-13 16:13:33 +01:00
Hannah Wolfe
fc664ac697 Improved helper index, use glob to read directory
- Having to remember to add files to an index.js is a PITA
- We already have glob as a dependency, so use that
- This requires that the file prev_next be renamed to prev_post, which is what it's called as by default
- next_post is an alias of next_post - so this reflects that more closely
2020-04-10 13:08:41 +01:00
Hannah Wolfe
59b9f161dd Moved non-helper code out of helpers
- the helper dir also contained some code used with helpers - utils and helper-helpers?
- the goal here was for helpers to be the only thing in their folder so we can look at moving them out
- all other code has been moved to services/themes for now, which is not the right place either
- services/themes is a catch-all for theme storage, loading, validation, rendering and more, needs to be broken down
2020-04-10 12:27:43 +01:00
Kevin Ansfield
f3627c5fc3 Update dependency @tryghost/kg-markdown-html-renderer to v2.0.0
no issue

- `version` integer parameter in the `render` method has been replaced with an `options` object parameter
2020-04-09 21:10:03 +01:00
Hannah Wolfe
4f5fb3d820 Swapped common for @tryghost/errors in core/server/web
- Update all references to common.errors to use @tryghost/errors
- Use dereferencing to only require used bits of common in each file
2020-04-09 19:40:00 +01:00
Kevin Ansfield
1ffdef98c3 Moved lib/thing/index.js files to lib/thing.js
no issue

- cleans up directory structure and increases naming consistency
2020-04-09 10:06:20 +01:00
Hannah Wolfe
e639a25171 Moved labs usage into cancel_link helper file
- this removes the need to require the proxy inside the helpers/index.js file
- have the helper file define and return it's own labs-enabled-ness
- update the tests to test for the labs flag being unset
2020-04-08 19:31:55 +01:00
Kevin Ansfield
b37ac8ef1f Switched to extracted @tryghost/mobiledoc-dom-renderer package
no issue

- moved `mobiledoc.renderers.mobiledocHtmlRenderer` to `mobiledoc.mobiledocHtmlRenderer` so that it's easier for the getter to access the parent objects getters
- removed all tests and dependencies that now live in @tryghost/mobiledoc-dom-renderer
  - kept the `mobiledocHtmlRenderer` test because that's testing that we've correctly wired up our cards and atoms and the output is what we expect
2020-04-08 18:27:12 +01:00
Hannah Wolfe
35e3e0708c Moved helper proxy into a service
- The proxy is not a helper, we want the helpers folder to only include helpers
- The proxy is also meant to be the interface to Ghost for the helpers, and we want to enforce that
- This is a small step on the way
2020-04-08 17:22:44 +01:00
Kevin Ansfield
790a5701c9 Fixed typo in migration file
refs 5b96c82627
2020-04-08 16:46:46 +01:00
Kevin Ansfield
5b96c82627 Moved blank mobiledoc document out of mobiledocHtmlRenderer
no issue

- the blank document we use in Ghost is not specific to the html renderer
- renamed from `structure` to `document` to better represent its intent
- allows for easier extraction of `mobiledocHtmlRenderer`
2020-04-08 16:43:05 +01:00
Hannah Wolfe
646a49039e Updated method call syntax for @tryghost/zip@1.0.0
- @tryghost/zip 1.0.0 has a totally different API, but it works the same
- This updates to use the new API
2020-04-08 16:09:08 +01:00
Daniel Lockyer
48fe7b0bc7 Added Promise.reject to importer error cases
no issue
2020-04-08 15:19:03 +01:00
Kevin Ansfield
294187c41f Switched to extracted @tryghost/kg-default-atoms package
no issue

- removed code that now lives in the external Koenig monorepo
2020-04-08 14:49:44 +01:00
Daniel Lockyer
fe10d51536 Changed error when importing an LTS export
no issue

- importing an LTS export would cause Ghost to throw a 500 error because
  it used InternalServerError.
- an IncorrectUsageError is more applicable here
- this commit also updates the code comment and error message
- note: removed comment about WP exports because the plugin has been updated
  to support the v2 & v3 format
- spotted in Sentry
2020-04-08 14:42:29 +01:00
Daniel Lockyer
8cc075431e Updated Ghost-Admin to v3.13.1 2020-04-07 16:03:38 +01:00
Kevin Ansfield
ce53c602a6 Updated oembed requests to use consistent timeout and user-agent
no issue

- added the same 2sec timeout and `Ghost` user-agent header to the `rel="alternate"` oembed request that we use for the initial html page request
2020-04-07 15:29:31 +01:00
Daniel Lockyer
e13d6acadd Updated Ghost-Admin to v3.13.0 2020-04-07 11:12:52 +01:00
Kevin Ansfield
2642405595
Merge pull request from GHSA-q6jp-j3gg-3mxr
no issue

- backports fixes implemented in https://github.com/TryGhost/Ghost/commit/477393967 from the v3/api endpoint to the v2 endpoint
2020-04-07 11:05:48 +01:00
Daniel Lockyer
13e1ecae27 Replaced use of Bluebird return method from knex code
no issue

- Knex removed their use of several Bluebird methods, including `return`
- our code used `return`, but mostly to return null after a destroy action
- these uses have been replaced with `.then(() => null)` in order to
  continue returning null and to avoid breaking anything
2020-04-07 10:49:12 +01:00
Joseph Coffland
67b8fbf6cf Added raw handlebars helper
- Allows using the 4-bracket raw block syntax e.g: {{{{raw}}}}{{{{/raw}}}}
- This allows you to include handlebars inside a template that is not compiled and executed
- The common usecase is if you want to include client-side handlebars templates inside server-side ones
2020-04-06 17:26:50 +01:00
Fabien O'Carroll
a701ee7023
Added support for token session to /ghost (#11709)
no-issue

* Added default for getting origin of request

This function is used to attach the origin of the request to the
session, and later check that requests using the session are coming from
the same origin. This protects us against CSRF attacks as requests in
the browser MUST originate from the same origin on which the user
logged in.

Previously, when we could not determine the origin we would return
null, as a "safety" net.

This updates the function to use a secure and sensible default - which
is the origin of the Ghost-Admin application, and if that's not set -
the origin of the Ghost application.

This will make dealing with magic links simpler as you can not always
guaruntee the existence of these headers when visiting via a hyperlink

* Removed init fns and getters from session service

This simplifies the code here, making it easier to read and maintain

* Moved express-session initialisation to own file

This is complex enough that it deserves its own module

* Added createSessionFromToken to session service

* Wired up the createSessionFromToken middleware
2020-04-06 11:49:14 +02:00
Hannah Wolfe
022a433e56 Added debug info to controller process messages
- Whenever Ghost sends a message to its controller process
- Send extra debug info, so we can be sure what the Ghost process is seeing
2020-04-06 10:44:39 +01:00
Fabien O'Carroll
1f68d8dc20 Refactored existing adapters to use adapter-manager
no-issue

This removes duplications and reduces maintentence going forward.
2020-04-05 21:13:47 +02:00
Fabien O'Carroll
d0bb8c3333 Added base and default SSO Adapter
no-issue
2020-04-05 21:13:47 +02:00
Fabien O'Carroll
fb942af1db Added adapter-manager service
no-issue

This services handles the registration and retrieval of adapters,
it normalises the config to look like:

{
    [adapterType]: {
        active: adapterName,
        [adapterName]: adapterConfig
    }
}
2020-04-05 21:13:47 +02:00
Daniel Lockyer
3988029472 Refactored scheduling adapter loader to better display errors
no issue

- missing modules required by an adapter weren't flagged up as missing,
  but that the entire adapter was missing
- therefore, it was difficult to see what you were missing
- this commit handles the case where a module is missing, and displays
  an error
2020-04-02 19:21:19 +01:00
Fabien O'Carroll
23154f0739
Refactored session service (#11701)
* Refactored SessionStore to use @tryghost/errors

no-issue

* Updated tests to test exposed API

no-issue

This will make refactoring easier, as we only have the "public" contract to maintain

* Refactored session functionality to SessionService

no-issue

This splits the session logic away from the HTTP responding logic,
which will allows us to decouple session creation/modification from the
API. Eventually this can be used to create sessions based on magiclink
style tokens.

* Instantiated and exported the new SessionService

no-issue

* Refactored session middleware to take session service

no-issue

This removes duplication of code and makes the middleware more explicit
that it's just a wrapper around the session service.

* Updated to use external @tryghost/session-service

no-issue
2020-04-02 16:27:31 +02:00
Hannah Wolfe
658a6dd284 Cleaned all usages of proxy in helpers
- the proxy should always be used to access other parts of Ghost, including the urlService etc
- use consistent ES6 style for requires
- minimise use of lodash where possible
- remove circular dependency between proxy and template util
- End goal here is to enforce that the only link between helpers + the rest of Ghost is the proxy
2020-03-31 12:42:15 +01:00
Hannah Wolfe
957da0bfc5 Removed unused timezones.json file
- This file was moved to @tryghost/timezone-data some time ago
- It's no longer used in Ghost core, only in Ghost-Admin
2020-03-30 18:43:59 +01:00
Hannah Wolfe
7964c1de79 Updated image middleware to use new shared function
- we have a function for generating _o filenames in @tryghost/image-transform as of v0.2.0
- this  updates our Ghost code to use it
2020-03-30 18:33:59 +01:00
Hannah Wolfe
7f1d3ebc07
Move tests from core to root (#11700)
- move all test files from core/test to test/
- updated all imports and other references
- all code inside of core/ is then application code
- tests are correctly at the root level
- consistent with other repos/projects

Co-authored-by: Kevin Ansfield <kevin@lookingsideways.co.uk>
2020-03-30 16:26:47 +01:00
Daniel Lockyer
df213cdf0e Switched require statements to relative paths
no issue
2020-03-30 10:52:09 +01:00
Daniel Lockyer
23eb3e7c14 Added missing semicolon
no issue
2020-03-26 16:45:33 +00:00
Daniel Lockyer
8f935fe8ae Fixed Slack service throwing error when post is empty
fixes #11694

- if the post contained no body, the `.replace` would throw an error
- converted to an if-statement instead of doing `|| ''` because there
  would be a floating full-stop
2020-03-26 16:38:30 +00:00
Daniel Lockyer
4f01bb34f9 Switched Sentry to use helper file for Ghost version
no issue
2020-03-26 15:35:46 +00:00
Daniel Lockyer
ac3e18c080 Updated Ghost-Admin to 3.12.1 2020-03-26 14:29:12 +00:00
Kevin Ansfield
1ee1e68adf Replaced mobiledoc cards with @tryghost/kg-default-cards
no issue

- moved card definitions to a new library `@tryghost/kg-default-cards`
- moved `createCard` factory function to a new library `@tryghost/kg-card-factory`
2020-03-25 19:54:11 +00:00
Hannah Wolfe
d9dfdd775e
Replaced image manipulation w/ @tryghost/image-transform (#11687)
- moved image.manipulation lib to a new package called @tryghost/image-transform
- new package has an updated API signature, so the method calls have changed but the underlying code is identical
- removed the optional sharp dependency from Ghost, as this is now optionally required by the image-transform module
2020-03-25 17:33:03 +00:00
Hannah Wolfe
7986cb3171 Removed .only from regression test 2020-03-25 14:51:28 +00:00
Kevin Ansfield
c65c9c1e5e Extracted markdown-html-renderer to @tryghost/kg-markdown-html-renderer
no issue

- prep for further extraction of mobiledoc cards and renderer
2020-03-25 13:35:32 +00:00
Fabien O'Carroll
299c08b079 Added ghost_{public,private}_key to settings mock
no-issue

This ensures that running individual tests are not relying on other
tests having been run so they suceed, specifically the
regression/site/site_spec.js tests
2020-03-25 14:32:17 +02:00
Hannah Wolfe
b2b278a3ba Removed typo 2020-03-25 12:28:57 +00:00
Hannah Wolfe
f12238b11a Cleanup repeated module mocking utils
- mock non existant module util was defined twice
- split it out properly from the rest of the utils, update all references
- this allows us to move this util out of the codebase along with other code, e.g. the image manipulation code
2020-03-25 12:07:32 +00:00
Hannah Wolfe
10ee38683d Update errors across lib/image and lib/request
- swap common.errors for @tryghost/errors
- doing this in batches across small parts of the codebase to reduce disruption
2020-03-25 10:28:14 +00:00
Hannah Wolfe
7e0c71509b Moved apps service to frontend
- App service is for our internal frontend apps
- This is a very straightforward move as this truly belongs to frontend
2020-03-23 19:43:01 +00:00
Daniel Lockyer
216c95dc16 Updated Ghost-Admin to 3.12.0 2020-03-23 12:23:44 +00:00
Nazar Gargol
d881f6704d Renamed migration in 3.12 to follow numerical sequence
no issue

- Migrations within a minor have to be named with numbered prefixes like 01-, 02-, 03-.
- These two migrations were merged into master in the same time window which lead to having incorrect naming
2020-03-23 10:39:09 +08:00
Hannah Wolfe
5ea10b47bd Replaced zip tools with @tryghost/zip
- Moved zipFolder to a new package
- also exposing extract-zip from the new package
- new package has the API pre-promisified
- also uses @tryghost/extract-zip instead of extract-zip, which has bugfixes
2020-03-20 21:08:57 +00:00
Hannah Wolfe
ca9d72f317 Used proxy in helper rather than direct require
- we already have access to urlUtils through our helper proxy
2020-03-20 13:01:41 +00:00
Hannah Wolfe
99c192e140 Removed unused test file + dep
- couple of minor bits of cleanup
2020-03-20 12:28:37 +00:00
Hannah Wolfe
e106c6dc1c Added acceptance tests for private blogging
- Test that the basic routes are working
2020-03-20 11:40:11 +00:00
Hannah Wolfe
297c773f2a Added a timer for Start Ghost test utility
- Show us how long it takes to start Ghost in each acceptance/regression test that uses this method
- Useful for debugging slow tests, and also Ghost boot time!
2020-03-20 11:40:11 +00:00
Hannah Wolfe
11682bb8a7 Added frontend acceptance tests
- Basic set of tests checks that our default behaviour works as expected
- Moved current acceptance tests to api-acceptance, and added this in frontend-acceptance
- This reduces nesting, and will help when we eventually separate the frontend out entirely
2020-03-20 10:40:22 +00:00
Hannah Wolfe
8c1a0b8d0c Remove External Apps
- Apps are marked as removed in 3.0, never officially launched and have been deprecated for at least 2 years.
- We've slowly removed bits that got in our way or were insecure over time meaning they mostly didn't work
- This cleans up the remainder of the logic
- The tables should be cleaned up in a future major
2020-03-20 10:40:22 +00:00
Hannah Wolfe
bc7906a7b2 Revert "Remove Apps"
This reverts commit cbb59a57db.
2020-03-20 08:58:26 +00:00
Hannah Wolfe
cbb59a57db Remove Apps
- Apps are marked as removed in 3.0, never officially launched and have been deprecated for at least 2 years.
- We've slowly removed bits that got in our way or were insecure over time meaning they mostly didn't work
- This cleans up the remainder of the logic
- The tables should be cleaned up in a future major
2020-03-19 19:06:17 +00:00
Hannah Wolfe
5e2c62e328
Moved theme i18n into theme service + refactor (#11674)
- The existing common.i18n library contained code for core and theme translations
- There is some shared logic and some theme-specific logic, and the theme-specific logic has dependencies we don't want in lib/common
- This refactor introduces an I18n base class that does all the main shared logic, with no dependencies on other parts of the codebase
- ThemeI18n then extends this logic, and replaces the functions it needs to handle differently and adds it's dependencies on config and settingsCache
- The class has several methods broken down into smaller pieces to make it easier to extend only the necessary parts
- The class also encapsulates all of its logic, without external functions or variables
- The function loadThemeTranslations becomes the 'init()' function overridden in themeI18n.
2020-03-19 14:07:20 +00:00
Kevin Ansfield
7e4de9b0c1 Fixed typo
no issue

- typo in require introduced in a120d02231
2020-03-19 13:58:13 +00:00
Kevin Ansfield
a120d02231 Moved create-card.js
no issue

- prep for easier move to external repo
2020-03-19 13:54:55 +00:00
Kevin Ansfield
0741114d11 Moved htmlToMobiledocConverter() out of renderers
no issue

- prep for extraction of various Koenig repos
- html->mobiledoc doesn't really fit into the "renderer" naming as it's more of a converter than a renderer and doesn't follow the same pattern
2020-03-19 12:18:54 +00:00
Kevin Ansfield
4949ad9214 Renamed mobiledoc converters to renderers
no issue

- matches naming with `mobiledoc-kit` nomenclature
- better matches intent for future additions of mobiledoc rendering to email/plaintext/etc
2020-03-18 18:13:25 +00:00
Vikas Potluri
dec24ad883
🐛 improve error handling for invalid JSON Theme Translations (#11655)
refs #11464

- Combine reading + parsing of translation file into same step
- DRY reading / parsing logic
- Log an error when parsing fails and fall back as if the locale doesn't exist
2020-03-18 15:51:57 +00:00
Edward Kerstein
129610526d
🐛 Fixed youtube video embeds not displaying in AMP pages (#11058)
closes https://github.com/TryGhost/Ghost/issues/10972

- adds `amp-youtube` to the allowed AMP components list
- adjusts `{{amp_components}}` output to include the `amp-youtube` script if any iframes with youtube urls are detected in the AMP content

Co-authored-by: Joseph Coffland <joseph@cauldrondevelopment.com>
2020-03-16 14:39:10 +00:00
Fabien O'Carroll
b529a7ab86 Fixed regression test for database migrations
no-issue

We added a new permission and this test was not updated
2020-03-16 14:46:12 +02:00
Fabien O'Carroll
6f6e5e2a3a Added migration for read:identity permission
no-issue

This ensures that the permission always exists in version 3.12
2020-03-16 13:22:04 +01:00
Fabien O'Carroll
d246a4761e Implemented externally verifiable identity tokens
no-issue

This adds two new endpoints, one at /ghost/.well-known/jwks.json for exposing
a public key, and one on the canary api /identities, which allows the
Owner user to fetch a JWT.

This token can then be used by external services to verify the domain

* Added ghost_{public,private}_key settings

    This key can be used for generating tokens for communicating with
    external services on behalf of Ghost

* Added .well-known directory to /ghost/.well-known

    We add a jwks.json file to the .well-known directory which exposes a
    public JWK which can be used to verify the signatures of JWT's created
    by Ghost

    This is added to the /ghost/ path so that it can live on the admin
    domain, rather than the frontend. This is because most of its
    uses/functions will be in relation to the admin domain.

* Improved settings model tests

    This removes hardcoded positions in favour of testing that a particular
    event wasn't emitted which is less brittle and more precise about what's
    being tested

* Fixed parent app unit tests for well-known

    This updates the parent app unit tests to check that the well-known
    route is mounted. We all change proxyquire to use `noCallThru` which
    ensures that the ubderlying modules are not required. This stops the
    initialisation logic in ./well-known erroring in tests

https://github.com/thlorenz/proxyquire/issues/215

* Moved jwt signature to a separate 'token' propery

    This structure corresponds to other resources and allows to exptend with
    additional properties in future if needed
2020-03-16 13:22:04 +01:00
Rish
318484d737 Read billing url from config and add to API
no issue
2020-03-16 13:22:04 +01:00
Naz
6a9b53fcad
Cleaned up members isPaid flag in settings table (#11651)
no issue

- The flag has not been used and can be removed, to make the `members_subscription_settings` JSON record in `settings` table easier to read. 
- It used to indicate Stripe configuration being present. Currently that is checked by looking up if Stripe config's `public_token` and `secret_token` values are present (example - https://github.com/TryGhost/Ghost/blob/3.11.0/core/frontend/helpers/ghost_head.js#L54)
2020-03-16 13:36:51 +08:00
Rish
5f349b3ef7 🐛 Fixed missing publication icon in newsletter emails
no issue

Email template was incorrectly setting up publication icon url in case of subdirectory setup, leading to missing publication logo from newsletter emails in such cases. This adds the fix to use correct absolute url for publication icons in all setups.
2020-03-12 09:52:54 +05:30
Daniel Lockyer
2dd374043d Handled permissions error in file storage adapter
no issue

- trying to read a file without the correct permissions would cause a
  500 error
- this commit handles the error code and returns an appropriate
  response
2020-03-11 13:27:27 +00:00
Daniel Lockyer
c7dc393719 Updated Ghost-Admin to 3.11.0 2020-03-10 13:02:54 +00:00
Naz
df056416bd
Cleaned up broken complimentary plan (#11650)
refs https://github.com/TryGhost/Ghost/issues/11648

- Removes Stripe plan entries from settings that are not formatted correctly.
- Incorrect formatting was caused by a bug in 3.10.0 Admin-Client where it wasn't able to find complimentary plan. Related fix for this here - 9e7a6b801a
2020-03-10 20:39:34 +08:00
Nazar Gargol
53b6ad16d8 Fixed handling of empty created_at dates in member CSV imorts
no issue

- When created_at value is not provided it should be treated as an empty one instead of trying to import empty string.
- This scenario happens when the column is defined in CSV but no values are present (default parsed value is empty string '')
2020-03-09 20:12:02 +08:00
Daniel Lockyer
7694f5e786 Updated Ghost-Admin to 3.10.0 2020-03-09 10:49:09 +00:00
Kevin Ansfield
4773939670 🔒 Improved validation of fetched urls and responses in oembed endpoint
no issue

- prevent oembed fetching from accessing IP addresses or localhost domains
- prevent oembed endpoint from passing through fetched responses as-is
  - reject any fetched data that does not validate against the oembed spec
  - strip any unknown properties from the oembed response before returning

Credits: Nick Mykhailyshyn
2020-03-09 10:42:25 +00:00
Daniel Lockyer
afb3177e5e Added site URL to Update Check body
no issue
2020-03-09 09:48:04 +00:00
Nazar Gargol
895b3d98e7 Refactored members csv export for bettere readability
no issue
2020-03-06 13:55:11 +08:00
Fabien O'Carroll
801608e077
Fixed permission to only fetch for active users (#11641)
no-issue

Essentially only active users should have their permissions loaded, this
means that suspended or inactive users are stripped of all permissions
until their status is changed.
2020-03-05 12:22:50 +02:00
Fabien O'Carroll
58187175c3
Deleted all but active sessions on password change (#11639)
closes #10323 

* Fixed usage of hasMany for user->session
* Refactored changePassword to async function
* Deleted all user sessions when password changed
* Tested for session retained after password changed
* Added the session to the frame
* Skipped the current session when changing password
2020-03-05 12:22:32 +02:00
Daniel Lockyer
edfc07b9c8 Captured bulk-email errors in Sentry
no issue
2020-03-04 13:44:23 +00:00
Daniel Lockyer
4fda464103 Added captureException helper to Sentry integration
no issue

- this allows us to custom capture exceptions
2020-03-04 13:42:30 +00:00
Nazar Gargol
8f789523e3 Fixed date formatting in members CSV export
no issue

- Made date formatting coherent with the one used in API and the exporter
- Using JSON.stringify() here because that's exactly how API is getting it's formattting done atm
2020-03-04 17:41:02 +08:00
Nazar Gargol
c0512e30bb Added custom currency support for Memer's plans
no issue

- Multiple currencies for membe plans were supported under the hood but never had a clear interface to manage them. This change allows to reference currently used currency and it's symbol from the theme layer with following syntax: `{{@price.currency}}` and `{{@price.currency_symbol}}
2020-03-04 13:15:21 +08:00
Eric Morgan
3f5daa60c8 🐛 Fixed publisher logo meta schema
refs #11304

- Previously the schema publisher logo attribute was incorrectly given the logo url
- schema.org and Google's docs show the logo needing it's own type and url attributes
- I added the correct @type and moved the metaData.site.logo to the new url attribute
- This change now clears the error in Google's Structured Data tester
- A future improvement would be to size the site logo to 60px in height per Google's recommendation
2020-03-03 12:18:23 +00:00
Daniel Lockyer
a851cdfc7b Handled bad URLs in oembed bookmark API
fixes #11636

- malformed URLs passed to oembed API would cause `got` or `metascraper`
  to throw an error and this would result in a 500 error from Ghost
- this commit catches the errors and returns a reasonable response
2020-03-02 14:24:26 +00:00
Daniel Lockyer
ad15457c05 Updated Ghost-Admin to 3.9.0 2020-03-02 12:02:24 +00:00
Fabien O'Carroll
c1bd6f35cb Exposed member uuid to themes as @member.uuid
no-issue

Ronseal. Exposes's uuid for use in third party tracking/linking of
members, e.g. google tag manager

refs: https://forum.ghost.org/t/ghost-and-member-id-for-google-tag-manager/12317
2020-03-02 13:39:13 +02:00
Daniel Lockyer
65d258972b Handled bad redirect URLs for private sites
no issue

- Sentry flagged up a redirect URL for the POST action of accessing a
  private site which would throw a 500
- `decodeURIComponent` would throw an error if it was passed bad data
- this commit moves the `decodeURIComponent` inside the try-catch to
  handle the error
2020-03-02 08:23:23 +00:00
Kevin Ansfield
7bf5b7d4e0 Deleted unused models/base/token.js file
no issue

- tokens usage was removed in 3.0
2020-02-27 11:32:17 +00:00
Nazar Gargol
6cca5b45c5 Fixed regression test
refs b0ff1e7ca

- Regression test didn't get updated after migration was added
2020-02-27 12:57:53 +08:00
Naz
b0ff1e7cac
Added member login resource to Admin API (#11607)
no issue

- Adds 'GET /members/:id/signin_urls' endpoint to Admin API allowing to fetch login URL for member. This URL allows to log in as a member which is useful in situations when you need to impersonate a member (for example to debug some issue they are having)
- Added member_signin_urls permission with migrations. Only the "Owner" user can read "signin_urls" resource. Admin and other users will be denied access
2020-02-27 11:48:02 +08:00
Nazar Gargol
258bcc71bf Added minified members.js file handling
refs 91984b54ca

- For request effieciency we should be using a minified file just like we did previously with `ghost-sdk.js`
- Modified 'max-age' caching header to 1 year  for both minified and non-minified files as thay won't affect dev environment and should be beneficial for self-hosting instances that don't use minification
- Along the way corrected an extra 301 redirect because `/public/member.js` path wasn't using a bakslach in the end.
2020-02-26 14:08:10 +08:00
Naz
3af621ea9a
Added handling allowing members to edit their billing info (#11571)
no issue

- This functionality allows member to update their billing information, like credit card information.
- Adds handler to update Stripe billing when element with `data-members-edit-billing` attribute is present on the page. Additional `data-members-success` and `data-members-cancel` attributes could be used to control the redirects on billing update success or failure. They work in the same fission as for 'members-plan' (https://ghost.org/docs/members/checkout-buttons/#redirects)
2020-02-26 12:42:41 +08:00
Daniel Lockyer
92a0e6abec Renamed test function to fix eslint warning
no issue

- teardown is an internal Mocha hook, and eslint would complain about it
  being used outside a test
- our use of teardown is actually a custom function, so it's better to
  rename the function across the board
2020-02-24 20:51:09 +00:00
Daniel Lockyer
474f0a2184 Updated semver dependency
no issue

- required code change for new API
2020-02-24 18:01:53 +00:00
Daniel Lockyer
57d29cf36b Updated Ghost-Admin to 3.8.0 2020-02-24 11:53:34 +00:00
Rishabh Garg
3815c0769a
🐛 Fixed incorrect email count on post publish (#11616)
no issue

The email data attached to a post when published with send email flag was not filtered on member access, and picked up the whole member list for email data. This resulted in incorrect data stored in emails table even in case of paid-members-only publish, and also incorrect count of "emails sent" being displayed on Admin.

NOTE: The actual emails being sent are still gated by member access, so no emails were sent to anyone without access, this only affected the associated email data and count. Also, the fix here will show correct email sent status for any future post, but will still show incorrect data for any already published posts as the email data in DB is already wrong and will probably need a migration
2020-02-24 16:34:07 +05:30
Daniel Lockyer
76f9fc50f6 Handled missing resource path for resized images
no issue

-
2020-02-22 10:12:57 +00:00
Kevin Ansfield
f38d490886 Added migration to add members.geolocation
no issue

- prep for storing geolocation of members
2020-02-22 10:12:06 +00:00
Nazar Gargol
b9db9fa15e Allowed editing member's email
no issue

- After investigating effects of allowing editing email there were no significant blockers found, so there is no reason not to allow editing this field
2020-02-21 16:00:13 +08:00
Nazar Gargol
b5183204e9 Added missing frame parameter in member mapper
no issue

- This is not causing any bugs but the frame should always be passed in into the mapper to avoid unintended bugs
2020-02-21 10:40:41 +08:00
Kevin Ansfield
2f55baccd7 Added "trust proxy" to members API app
no issue

- match the other express apps, makes sure that we have access to the correct IP and forwarded host names when running behind proxies
2020-02-20 18:20:57 +00:00
Daniel Lockyer
6dcb1094aa Refactored variable name to match intent
no issue
2020-02-20 11:56:01 +00:00
Daniel Lockyer
55bd1cdd6b Fixed use of deprecated function in test suite
no issue
2020-02-19 19:59:05 +00:00
Nazar Gargol
a1fef1fc7c Added created_at field to accepted fields for members CSV import
no issue

- This field is usefult when importing from external sources.
- The date format should be compatible with one used internally by Ghost which is RFC 2822 compliant format
2020-02-19 19:55:32 +08:00
Kevin Ansfield
8e78c5f19c Fixed member API regression tests
no issue

- added `avatar_image` to the expected members API response shape
2020-02-19 10:49:21 +00:00
Kevin Ansfield
19812f53f4
Added member.avatar_image for member gravatars in themes (#11584)
refs https://github.com/TryGhost/Team/issues/243

- uses `member.toJSON()` to add a computed `avatar_image` property
  - if the member has an email address and gravatar is not disabled then we generate a gravatar url using the `?d=blank` parameter to return a transparent image if the member's email has no gravatar
2020-02-19 10:08:12 +00:00
Daniel Lockyer
71a35092b0 Updated Ghost-Admin to 3.7.0 2020-02-18 12:23:18 +00:00
Kevin Ansfield
354e946e6e 🐛 Fixed "Unable to update nested relation" error when adding labels to members
no issue

- 3.6.0 contained incorrect references in the `schema.js` file for the `members_label` table that was added in that version. On MySQL knex created a foreign key constraint for that reference which stopped member labels from being createable
- this fixes the schema file and has a migration to drop and recreate the table. Knex handles removal and addition of foreign keys during table drop/create
2020-02-18 09:08:28 +00:00
Nazar Gargol
6db07ce34d 🐛 Fixed member CSV import setting subscribed to true as default
no issue

- When importing through CSV we should remain the defaults of 'subscribed' fields (`true` at the moment), unless it is explicitly set to `false` or `FALSE` (the latter uppercase value often comes from scpredsheets)
2020-02-18 11:34:20 +08:00
Daniel Lockyer
28071a242a Fixed error reporting to Sentry
no issue

- some errors weren't being reported because they were being passed to
  Sentry before our middleware could populate the error information
- this commit inserts the Sentry middleware into these steps
2020-02-17 13:52:01 +00:00
Kevin Ansfield
02c034068c Fixed error when serving public images from servePublicFile middleware
no issue

- when `servePublicFile` middleware serves an image it resulted in a "Cannot set headers after they are sent to the client" error because `next()` was erroneously called for successful requests which then tripped the `prettyUrls` middleware which tries to perform a redirect
- only calling `next()` when an error is present allows errors to be picked up by later middleware but successful requests end in the `servePublicFile` middleware
2020-02-17 09:24:15 +00:00
Daniel Lockyer
669987eaf6 Updated Ghost-Admin to 3.6.0 2020-02-14 11:50:36 +00:00
Rish
fede3d05f5 Fixed members tests
no issue
2020-02-14 16:06:25 +05:30
Rish
c5833aa1d9 Fixed tests
no issue
2020-02-14 15:50:49 +05:30
Rish
7f337743e9 Fixed tests
no issue
2020-02-14 15:44:47 +05:30
Rishabh Garg
001db05075
Added labels for Members (#11538)
no issue

* Updated sendEmailWithMagicLink syntax

* Updated label name selection from theme

* Updated migration version for labels

* Added labels to export/import of members

* Added member labels sanitization for case-insensitive duplicates

* Fixed tests

* Fixed label serialization bug on import

* Bumped @tryghost/members-api to 0.15.0

* Fixed lint

* Cleanup
2020-02-14 15:03:10 +05:30
Naz
aff289bfee
Added 'visibility' property check to {{#has}} helper (#11596)
no issue

- Allows for syntax like `{{#has visibility="paid"}}` to be used on Content API resources (posts, pages, etc.)|
- The need for this change cropped out from being able to distinguish paid/member-only/public posts in member-enabled themes.
2020-02-14 17:28:26 +08:00
Rishabh Garg
9c1aa07ea8
Added host limit check for members email publish (#11534)
no issue
2020-02-13 10:43:36 +05:30
Nazar Gargol
25721828d9 Fixed failure when upgrading to version 3.5.x
no issue

- Initialy reported here: https://forum.ghost.org/t/unable-to-upgrade-ghost-from-v3-0-2-to-v3-5-1/11925
- The issue was caused by the refactor in 52635f1aa8 where the backup module signature changed and it wasn't updated in migrations
2020-02-13 12:53:44 +08:00
Rish
4eeed0d32a 🐛 Fixed "undefined" values in member csv export
no issue

We missed handling `undefined` values for fields during csv export for memebrs, which causes csv entries as `undefined` for fields that don't exist. It also added need for extra handling of `undefined` entries during csv import. This PR fixes the bug by properly handling empty/undefined values in export
2020-02-12 11:03:16 +05:30
Nazar Gargol
2c52282662 Added future cleanup note
no issue

- This method was created as a shortcut and the real issue of 'undefined' values being present in CSV should be fiexed instead
2020-02-11 18:17:46 +08:00
Daniel Lockyer
1dc0a70bee Updated Ghost-Admin to 3.5.2 2020-02-11 09:37:50 +00:00
Nazar Gargol
51c2b22e9f 🐛 Fixed order for "Complimentary" plan creation
no issue

- When new Ghost instance is initialized "Complimentary" plan doesn't have to wait for the rest of plans to be configured.
- Without configured plans the admin would still be able  to assign "Complimentary" plan to members or import same kind of members.
- There is no error handling at the moment when plan initialization fails, that's why it was very confusing when all of the sudden it wasn't possible to create a member record
2020-02-11 17:14:41 +08:00
Nazar Gargol
5caf924013 Fixed member delete method to use correct options
closes #11589

- `findOne` method in destroy method was usinng wrong options object (unlinke read method id comes from frame.options not frame.data) thus this was causing 404 errors
2020-02-11 16:35:18 +08:00
Daniel Lockyer
8f161880cb Updated Ghost-Admin to 3.5.1 2020-02-10 12:55:55 +00:00
Nazar Gargol
7e24b727e1 Added new test case to db regression suite
- Checks for correctly returned 404 when file is not there
- Renames make more sense to correspond to what it actually going on in
the suite
2020-02-10 12:41:39 +00:00
Nazar Gargol
70cf2b2c86 Added input sanitization for backup path
- We need to limit the allowed filename accepted by the method to avoid opening up path traversal attack
2020-02-10 12:41:39 +00:00
Nazar Gargol
d5c61c7eea Updated acceptance test to include db export request check 2020-02-10 12:41:39 +00:00
Nazar Gargol
4a79a0e753 Corrected 404 handling 2020-02-10 12:41:39 +00:00
Nazar Gargol
52635f1aa8 Basic implementation of backup retreival from file 2020-02-10 12:41:39 +00:00
Nazar Gargol
49983e799c Changed backup service signature to be able to expand it
- Will need to add a new method allowing to read an export file, so the module signature has to become an object rather than a function
2020-02-10 12:41:39 +00:00
Nazar Gargol
afe11c2b06 Added basic backup implementation for users DELETE endpoint
- The filename is returned to be able to fetch the backup on demand
- Wasn't able to limit exported tables as exporter doesn't support such functionality
2020-02-10 12:41:39 +00:00
Kevin Ansfield
830610d243 Fixed serving of binary public files
no issue

- serving of our public asset images was broken
  - we were reading the binary file in as a string so we could do url transforms, this meant data was lost/corrupted and browsers could not display the served data
  - we were using the wrong mime-type for pngs which meant browsers were triggering downloads rather than displaying images (at least when accessed directly)
- updates uses of `servePublicFile` to have the correct png mimetype
- adjusts `servePublicFile` to treat any mime type starting with `image` as a binary file, passing the file directly through express using `res.sendFile` and skipping the in-memory content caching which is mostly only useful for text files with URL transforms
2020-02-10 09:51:32 +00:00
Nazar Gargol
42f4518a63 Improved error logging for member CSV import
no issue

- Error object can be an array in case of database constrain validation errors, for this reason need to distinguish between singular objects and an array. This handling resemles the one in common error-handler - https://github.com/TryGhost/Ghost/blob/3.5.0/core/server/web/shared/middlewares/error-handler.js#L31-L33
2020-02-10 16:25:56 +08:00
Nazar Gargol
019605e9e0 Added concurency limit for member creation when importing
no issue

- When importing large batches of members we should not allow for unlimited amount of parallel requests created as this might lead to connection pool problems and reaching API rate limits (for example Stripe API is limited to 100 req/s)
2020-02-10 16:03:08 +08:00
Nazar Gargol
e57f7219e5 Added error logging for errors occuring during CSV import
no issue

- CSV import uses direct API calls which skips through logging error. This additional code should catch and record any internal errors
2020-02-07 14:33:30 +08:00
Daniel Lockyer
b3973801df Updated Ghost-Admin to 3.5.0 2020-02-05 11:42:31 +00:00
Nazar Gargol
68a36dd799 Changed members CSV export to match import format
refs c295435b41

- The import format changed the `subscribed` to `subscribed_to_emails`. Export should have the same format as import for consistency
2020-02-05 15:34:55 +08:00
Daniel Lockyer
a510e075b6 Handled missing file extensions for resized image requests
no issue

- if a request was sent for an resized image URL that didn't contain a
  file extension, the code would eventually end up throwing a 500
- this commit checks for this case and returns a 404
2020-02-04 08:04:22 +00:00
Naz Gargol
c295435b41
Added new fields to members CSV import (#11539)
no issue

- New fields that are accepted through members CSV import endpoint are:
  - `subscribed_to_emails` - corresponds to `subscribed` flag in API
  - `stripe_customer_id` - links existing Stripe customer to created member
  - `complimentary_plan` - flag controlling "Complimentary" plan subscription creation for imported member

- Noteworthy exception in field naming - `subscribed_to_emails` that corresponds to `subscribed` API flag present on members resources. It's a special case of CSV format, where users can be less technical it's more explicit to what the flag does (also the same naming is applied in the Admin UI)

- Failing to either link Stripe customer or assign "Complimentary" subscription to imported member behaves in a transaction-like manner - imported record is not created in the database. This is needed to be able to retry imports when it fails for reasons like connectivity failure with Stripe or Stripe miss-configuration.

- To avoid conflicts with linking same Stripe customer to multiple members there is a special handling for duplicate `stripe_customer_id` fields. Records with duplicates are removed from imported set.
2020-02-04 13:51:24 +08:00
Daniel Lockyer
d76e76e1ef Fixed code linting issues
no issue

- just extraneous whitespace
2020-02-03 17:49:41 +00:00
Daniel Lockyer
7751e78c98 Integrated Sentry error tracking
no issue

- this allows tracking of application errors within Sentry
- only enabled for HTTP 500 errors for now
- it is disabled by default
2020-02-03 13:43:43 +00:00
Daniel Lockyer
94d9536b62 Fixed select failures in regressions tests
no issue

- a couple of regressions tests would repeatedly fail on CI. They would
  always follow tests that closed the Ghost server beforehand.
- this commit doesn't close the server after those tests have completed,
  which is similar functionality to all other tests
- the actual cause is unknown at this point, but I suspect it's some
  sort of race condition
2020-01-30 11:14:26 +00:00
Daniel Lockyer
1c6583ae03 Set journal_mode to truncate for SQLite in tests
no issue

- we would regularly see IO errors coming from SQLite, which caused
  random regression tests to fail
- the default journal_mode is `delete`, but this is slow and can cause
  issues when multiple tests try to remove the journal file
- `truncate` is faster and shouldn't cause these issues
2020-01-30 11:14:26 +00:00
Kevin Ansfield
4e54691310 Updated Ghost-Admin to 3.4.0 2020-01-28 17:23:42 +00:00
Kevin Ansfield
68e2274d6d Reverted "Integrated Sentry error tracking"
This reverts commit 6e024331eb.

Temporarily reverting whilst we investigate an issue with Sentry and running Ghost via Ghost-CLI.

Ghost-CLI initiated boot was failing when Sentry was installed due to what appears to be `process.cwd()` returning `undefined` here https://github.com/TryGhost/Ignition/blob/master/lib/config/index.js#L26
2020-01-28 17:21:37 +00:00
Naz Gargol
25f11bbf1c
Added complimentary member subscription (#11537)
no issue

- We need a way to simulate "premium" membership without any payment from members' side. For this new "Complimentary" plan is introduced
- Allows `comped` flag as an input only on `PUT /members/:id` endpoint which sets  free subscriptions based on "complimentary" plan on the member
- Added `comped` flag to members endpoint responses
- Bumped members-api to 0.12.0. This version supports new set/cancel complimentary subscription methods
2020-01-28 11:25:00 +07:00
Naz Gargol
07e1a2406b Added {{price}} helper for formatting stripe amounts (ie. "1935" to "19.35") (#11473)
no issue

- This helper allows to format currencies that use decimal normalization. For example 19.35 USD is served as 1935 from the API which always needs to be divided by 100 to get a dollar ammount.
2020-01-27 11:41:12 +00:00
Kevin Ansfield
8b787ac803 🐛 Fixed unnecessary "unsaved changes" modal when using HR cards
no issue

- the `hr` mobiledoc card does not specify an `absoluteToRelative` or `relativeToAbsolute` transformer function so falls back to the default transformer
- the default transformer function's arguments were not correct which meant that the UrlUtils object was replacing the card's typical empty-object payload
- the card's payload changing when saving mobiledoc was triggering the editor's unsaved changes warning because the API response no longer matched what was in the editor
2020-01-22 11:59:13 +00:00
Daniel Lockyer
6e024331eb Integrated Sentry error tracking
no issue

- this allows tracking of application errors within Sentry
- only enabled for HTTP 500 errors for now
- it is disabled by default
2020-01-22 12:15:10 +07:00
Peter Zimon
a8b272cbd8 🐛 Fixed small image alignment for newsletters
no refs.
- fixed image alignment to be center for images smaller than newsletter content width
2020-01-21 13:21:45 +01:00
Daniel Lockyer
dbcffe9245 🐛 Handled trailing slashes in resized image URLs
no issue

- requests for resized images with a trailing slash would end up
  throwing a EISDIR error because it got through to writing an
  image buffer to a directory
- we want to cut this off early and disallow trailing slashes
2020-01-18 13:45:22 +07:00
Nazar Gargol
f5bcf77a16 Fixed typo in the post fixture
closes https://github.com/TryGhost/Ghost/issues/11520
refs

- The typo was introduced in https://github.com/TryGhost/Ghost/pull/11247
2020-01-17 13:00:38 +07:00
Nazar Gargol
4b57ad33b0 Removed unused isPaymentConfigured method
refs https://github.com/TryGhost/Ghost/pull/11499

- Removed unused and confusin isPaymentConfigured because it was basing it's logic on old `isPaid` flag. Having it in the codebase was adding confusion.
- `isPaid` config flag still needs a proper cleanup with a migration etc.
- Added little post PR merge cleanup
2020-01-17 12:08:30 +07:00
Sven Ewers
0030acf5a6 🎨 Optimized loading stripe scripts only when it is needed (#11499)
closes #11463

- Ghost used to always load stripe.js into the frontend of all pages when memberships are enabled, even when Stripe isn't configured / memberships to a page are free. This changes Ghost's behaviour to only load stripe.js when both stripe API tokens are present & not empty (the quickest way to verify that Stripe is fully configured & operational on a blog).
- Needs a follow-up cleanup removing confusing/not functional `isPaymentConfigured` method from members service
2020-01-17 11:57:29 +07:00
Daniel Lockyer
a671ad4707 Handle content requests with overly long filenames
no issue

- a request for a filename longer than those allowed by the filesystem produced a ENAMETOOLONG error, which would end up becoming a 500 error from Ghost
- this catches the error and returns a HTTP 400 Bad Request response
2020-01-16 14:18:09 +07:00
Nazar Gargol
e9e3f58792 Refactored member controller to use model layer
refs https://github.com/TryGhost/Members/pull/105

- As members module has become a core part it makes sense to follow the same principles as in all other controllers and use the model directly instead of calling external services.
- Bumped @tryghost/members-api to 0.11.1 . New stripe-specific methods used in controllers are available starting with this version
- Exposing these new methods is a little hacky because there are no relationships setup on members_* tables. Left notes for future improvements once relations are introduced.
- We don't allow for chaging member's emails at the moment. For this reason had to modify JSON schema a little. It doesn't support OO inheritence: "This shortcoming is perhaps one of the biggest surprises of the combining operations in JSON schema: it does not behave like inheritance in an object-oriented language. " (ref. https://json-schema.org/understanding-json-schema/reference/combining.html#allof)
2020-01-15 17:52:47 +07:00
Fabien O'Carroll
b31921ba7b Updated Ghost-Admin to 3.3.0 2020-01-13 14:08:24 +02:00
Nazar Gargol
72ae194fbc Refactored member metadata logic into @tryghost/members-api package
refs c059e8e32e

- Reason why the refactor was needed can be found in refed commit
- The logic was extracted into members-api through passing models
directly as member-api module constructor parameters
- Bumped @tryghost/members-api to 0.11.0. Needed to work after the
refactor
2020-01-13 16:42:15 +07:00
Rishabh Garg
1e5f7852e6
Allowed localhost email for Ghost Mailer "from" address (#11476)
no issue

Allow localhost mails to bypass validator email check and assign blog title as email name when missing
2020-01-13 12:58:53 +05:30
Ian Sim
6247b52367 Allowed pages to accept HTML as a source (#11422)
refs https://github.com/TryGhost/Ghost/issues/10471

- Allow page resource endpoints to accept HTML source. This behavior is the same as the post's resource introduced with e9ecf70ff7372f395b8917340805148bc764e2ef
- The functionality was most likely missed when post split into posts & pages was happening.
- Added symmetric changes to API v2.
2020-01-08 17:44:34 +01:00
Naz Gargol
97ea664d4d
🐛 Fixed empty html/plaintext fields for narrow fields parameter (#11505)
refs https://forum.ghost.org/t/plaintext-value-is-empty-using-the-api/10537

- The `plaintext`/`html` fields were empty because `visibility` attribute was not present in response body on output serialization stage. `visibility` field is always needed for content gating to work as expected 
- Added `visibility` field in the input serialization layer as it wouldn't be possible to use content gating if added on model layer through `defaultColumnsToFetch`
- Added test cases covering a bug
2020-01-08 14:43:21 +01:00
Nazar Gargol
cb68257952 Improved logs for slow get helper
no issue

- Updated the logs to show something more useful - controller name, instead of current [object Ojbect] appearing in the log
2020-01-07 11:25:51 +01:00
Naz Gargol
c701293514
Optimized posts_meta table join when meta columns are not requested (#11300)
no issue

- This change speeds up qery execution ommiting a join with posts_meta
table when there is no need to fetch meta columns
2020-01-06 15:38:40 +01:00
Nazar Gargol
11d1acb475 🐛 Fixed plaintext field being added as empty property when member post is requested
no issue

- Tests in previous commit uncovered a bug with unwanted field attached to
the post response
2020-01-06 14:59:30 +01:00
Nazar Gargol
6fa20066f5 Added regression tests for content gating
no issue

- There was a lack of any kind of tests checking if content gating
behaves as it should. These changes create a base to expand upon when
more changes are introduced into content gating mechanism
- One thing that would be great to add in the future is imitation of
member authentication to test the content is visible for authenticated
paying/non-paying members
- Added 'members only' tests
- Added 'paid' post test case
- Added plaintext gating test case
2020-01-06 14:59:30 +01:00
Zlatan Vasović
4361a0b936 2020
refs 679fc7e1c5
2020-01-06 10:51:18 +01:00
Nazar Gargol
7e44412568 Fixed cancel_link helper test
no issue

- We don't check for specifics of the error thrown in the other heper tests, don't see a reason to do so here. It's important to see the error was thrown at all in this case
2019-12-20 14:50:08 +07:00
Nazar Gargol
6896997984 Fixed cancel_link helper documentation link
no issue

- The documentation was decided to be published under `/members/ ` instead of general `/api/handlebars-themes/`
2019-12-20 11:39:58 +07:00
Rish
02cdb2e7f1 Updated Ghost-Admin to 3.2.0 2019-12-17 21:52:51 +05:30
Rishabh Garg
160ef2976a
🏗Added host config limits for member emails (#11439)
no issue

Introduces host limits config for allowing email limits with members.
2019-12-17 19:24:27 +05:30
Rishabh Garg
169daead1f
Fixed post meta migration for 3.x (#11438)
no issue

Since we added `email_subject` to `posts_meta` table in `3.1`, the migration tries to add `email_subject` column from post table, which does not exist and thus tries adding `undefined` value for column. Since sqlite expects default values while inserting new columns, this breaks any migration directly from `1.x`/`2.x` to 3.x.

The fix adds a default `null` value for any post_schema entry which doesn't has a value.
2019-12-17 17:14:53 +05:30
Rish
a3c2209420 Fixed tests
no issue
2019-12-17 16:42:30 +05:30
Rishabh Garg
fa3686bcc3
Added new brand blog setting (#11408)
no issue

Adds new `brand: {primary_color: ''}` blog setting behind dev flag for setting user-defined brand color in themes and emails.
2019-12-17 16:15:31 +05:30
Nazar Gargol
e25e847f47 Removed email related fields from API v2 responses
refs  https://github.com/TryGhost/Ghost/issues/11461

- The email feature was introduced in API v3 and is not back compatible with API v2. These fields should not appear in any v2 responses.
- Added regression tests for API v2 so that cases like this are spotted
easier in the future.
2019-12-16 20:01:38 +07:00
Rish
2d9963fbd8 Allowed comment_id and uuid in post API input
refs https://github.com/TryGhost/Ghost/pull/11462

Allows `comment_id` and `uuid` to be passed in post `add`/`edit` API calls instead of failing requests with validation error, though both properties are stripped out in serializer as we don't allow editing them.
2019-12-16 18:22:48 +05:30
Naz Gargol
e277c6bad3
Added member's subscription cancellation helper {{cancel_link}} (#11434)
no issue

- The helper allows generating HTML needed to cancel or continue the member's subscription depending on subscription state.
- Added public members endpoint to allow updating subscription's `cancel_at_period_end` attribute available at: `PUT /api/canary/members/subscriptions/:id/`
- Added client-side hook to allow calling subscription cancellation. Allows to create elements with `data-members-cancel-subscription` / `data-members-continue-subscription` attributes which would call subscription update.
- Updated schema and added migration for `current_period_end` column
- As discussed we only add a single column to  subscriptions table to avoid preoptimizing for future cases
- Added {{cancel_link}} helper
- Added error handling for {{cancel_link}} when members are disabled
- Added test coverage for {{cancel_link}} helper
- Bumped @tryghost/members-api version to 0.10.2. Needed to use `updateSubscription` middleware
- Bumped gscan to 3.2.0. Needed to recognize new {{cancel_link}} helper
2019-12-12 19:59:15 +07:00
Nazar Gargol
75e8caa76c Removed unexisting member endpoints from API key access whitelist
no issue

- /members endpoints are not available under API v2, removed them from the whitelist to avoid confusion
2019-12-09 13:21:38 +07:00
Naz Gargol
bcddeeadf1
Removed redundant member manipulation proxy methods (#11423)
no issue

- This includes the interface change for members-api constructor - now accepts the member's model instead of proxy methods. These methods have been moved ton @tryghost/members-api in favor of using the model directly (ref: https://github.com/TryGhost/Members/pull/105)
- Moved error handling from the service layer to controller
- Bumped @tryghost/member-api package to 0.10.0
2019-12-06 12:04:10 +07:00
Nazar Gargol
59143de19d Removed flaky test
no issue

- This test was checking for a very edge casy scenario (blog timezone change when scheduled date for a post changes at the same time). It's been hard to keep it maintaned so had to go.
2019-12-04 21:14:24 +07:00
Nazar Gargol
ae21f604c9 Updated Ghost-Admin to 3.1.1 2019-12-04 20:39:08 +07:00
Fabien O'Carroll
2cd8f89933 🐛 Fixed 500 errors for incorrect Origin headers (#11433)
no-issue

Our function for determining cors options created a new instance of URL
without wrapping it in a try/catch which meant any failures to parse the
URL bubbled down as a 500 error.

500 errors are commonly used for alerting at the infrastructure level,
and this error is definitely one caused by a badly configured client, so
we wrap the construction and crap out with a Bad Request Error (HTTP
400) if it fails.
2019-12-04 18:06:30 +07:00
Nazar Gargol
3d49f3ed15 Renamed authentication middleware to createSessionFromToken
no issue

- This rename comes in to describe better what actually happens behind the middleware instead of catch-all "authentication"
2019-12-04 09:49:13 +02:00
Nazar Gargol
0be2c21f68 Renamed logout middleware to deleteSession
no issue

- This rename is meant to clarify what exactly happens behind the logout and be inline with `login`-> `getIdentityToken` rename
2019-12-04 09:49:13 +02:00
Fabien O'Carroll
046bd652e5 Renamed login middleware to getIdentityToken
no-issue

This name `login` was misleading as this middleware didn't login
members, that was handled by the `authentication` middleware,
specifically `exchangeTokenForSession`
2019-12-04 09:49:13 +02:00
Hannah Wolfe
419e12d90a Added support for secondary navigation (#11409)
no issue

- Secondary navigation means most nav concepts are supported, e.g. header & footer, or left & right
- The UI is added separately, this PR adds supporting concepts:
  - make sure the default value is an empty array
  - add support in the API (v3 only)
  - add handling in the navigation helper
2019-12-04 11:12:02 +07:00
Peter Zimon
60c44d360b 🎨 Fixed test newsletter email subject
no issue.

- "[Test]" being appended (at the end of) the test email subject made it hard to scan for test emails. This fixes it by prepending "[Test]" to the subject.
2019-12-03 16:26:25 +01:00
Naz Gargol
2e28bc2a5f
Added fallback to excerpt in {{excerpt}} helper for gated content (#11430)
refs https://github.com/TryGhost/Ghost/issues/10062

- When content gating is in place a lot of times both `html` and `custom_excerpt` fields on posts/pages are empty and the output of `{{excerpt}}` helper is also empty. We do return an `excerpt` property as a part of post resource which can serve as a safe fallback for when the above fields are not filled. It massively improves the experience of using the helper with gated content 
- Refactored nested ternaries to be more readable
- Added fallback to excerpt property when HTML is hidden from members
- Removed note about the review of excerpt helper
- Added test case for 'excerpt' property
2019-12-03 11:32:46 +07:00
Nazar Gargol
b774d66966 Fixed linter
- Stray whitespace was commited
2019-11-28 18:23:27 +07:00
Kevin Ansfield
c95cf2811c Updated Ghost-Admin to 3.1.0 2019-11-27 14:11:19 +00:00
Rish
3328200695 Fixed members test
no issue
2019-11-27 18:54:49 +05:30
Kevin Ansfield
69c210b5cb Fixed permissions fixtures regression test
no issue

- updated to include bulk email permissions
2019-11-27 13:01:55 +00:00
Kevin Ansfield
f9f2d36f53 Merge branch 'mega' 2019-11-27 12:12:27 +00:00
Naz Gargol
201bef31f0 Added transaction support to pagination plugin (#11421)
Adds transaction support to `fetchPage` method. This is needed to be able to count members during the post publish transaction. 

This is the next iteration over initial quick-fix: 90905b0212

* Added transaction support to pagination plugin
    - This support is needed to be able to use `fetchPage` method in transactional context (example usecase was counting members when publishing post for emails)
* Passed transaction related options during email creation
    - Without this SQLite would hang in a transaction and eventually timeout
* Updated parameter name for consistency
2019-11-27 10:00:27 +00:00
Rish
b122b683f4 🏗 Removed reschedule method from scheduling adapter
no issue

We changed `reschedule` event to trigger adapter's `unschedule` and  `schedule` methods since we now generate separate tokens(urls) for consistency as two different url(token) is needed to complete the reschedule functionality.
2019-11-27 13:38:30 +05:30
Rish
d42d112eba 🐛 Fixed incorrect url generation for post reschedule/unschedule
no issue

The default scheduling generates a known, independent URL for publishing a resource. In case of resource being rescheduled or unscheduled, the adapter expects the the same URL to remove/update existing jobs. The URL includes a JWT token for API auth which is calculated from post model and appended to URL.

There was a bug in token generation which meant If we go to update or delete the job i.e. unschedule a post then a new token is used which means the existing scheduled job cannot be removed. This PR:

- removes issued at (`iat`) timestamp from token generation which lead to a different token being generated for same payload
- Fixes timestamp being used for URL calculation from resource model
2019-11-27 13:38:30 +05:30
Rish
628f9179dc Fixed URL import for post email serializer
no issue
2019-11-27 13:18:44 +05:30
Rish
9a53177544 Refactored unsubsribe url and getemailData methods
no issue
2019-11-27 10:58:32 +05:30
Rish
a3802c495d Fixed post serialization to keep plaintext in json
no issue

- Fixes missing plaintext on email preview
- Fixes tests
2019-11-27 10:58:32 +05:30
Nazar Gargol
63e6dd59fa Added missing await statement
no issue

- The 90905b0212 refactor missed the statment which is causing email to not being sent
2019-11-27 09:39:48 +07:00
Kevin Ansfield
90905b0212 Fixed emails sending when scheduled post is published
no issue

- the schedules controller wraps the post creation in a transaction
- we need to pass that transaction through to all other queries, especially on sqlite where a non-transaction query inside a transaction will lock up because there's only 1 connection available
- updates our model method calls to pass through the transaction options
- switches the members service `list()` call to a direct model `findAll()` call to avoid going through our pagination plugin because the raw knex query does not respect the transacting option
2019-11-26 17:43:29 +00:00
Rish
b9dd0d2b94 Refactored email handling to be consistent for test and newsletter emails
no issue
2019-11-26 21:41:01 +05:30
Hannah Wolfe
8ad764aa2f 🐛 Fixed csv file uploads on Windows w/Excel installed
no issue

- refs https://forum.ghost.org/t/import-json-file-from-v-2-34-0-to-v-3-0-3-ignores-my-subscribers/10324
- Windows machines that have excel installed use a weird mime type for CSV files
- Users can fix this by adjusting their registry, but that's annoying
- We should just allow this, it doesn't really change anything & we still require .csv as the extension
2019-11-26 15:11:05 +00:00
Nazar Gargol
9ff5fecbaf Fixed knex connection pool errors when scheduling a posts
no issue

- A subquery in mege service that creates email record wasn't using 'options' object needed to track transactions
2019-11-26 17:44:42 +07:00
Peter Zimon
4790e64256 Updated unsubscribe copy 2019-11-26 11:03:14 +01:00
Rish
7209abb729 Updated unsubscribe url for preview email
no issue
2019-11-26 15:14:52 +05:30
Rish
e6f74c63db Fixed post serialization for test emails
no issue
2019-11-26 11:59:41 +05:30
Nazar Gargol
157820419a 🐛 Fixed error when rendering static page from dynamic route
no issue

- When having following routes.yaml configuation and theme runing API v3:
routes:
  /:
    data: page.home
    template: home

- There was an internall error in meta layer: `Cannot read property 'website' of undefined` which was caused by not being able to read primary_author on a fetched page
- We need to include authors and tags for pages, the same way we do for posts to prevent this error (as they should have identical properties from meta layer perspective)
2019-11-25 18:34:37 +07:00
Nazar Gargol
075fb76a60 Moved toJSON calls to serializer
- toJSON transformations should happen on serializer level so controllers could be called directly with it's own options internally
2019-11-25 12:04:58 +07:00
Kevin Ansfield
65adbf7514 Added email.error_data column migration
no issue

- additional migration for the column added since the last 3.1 beta release to allow beta upgrades without rollbacks
- will be a no-op for upgrades from 3.0 as it's covered by `3.1/05-add-emails-table.js`
2019-11-22 16:44:10 +00:00
Kevin Ansfield
6a057fad99
Added /emails/:id/retry/ endpoint for retrying failed emails (#11410)
We want to allow admin users to trigger a retry of failed emails without having to go through the unpublish/republish dance.

- fixed resource identifier in email permissions migration so email permissions are added correctly
- added new email permissions migration so that beta releases can be upgraded without rollback (will be a no-op for any non-beta upgrades)
- added `/emails/:id/retry/` canary Admin API endpoint
  - follows same URL pattern as theme activation
  - only triggers mega service retry endpoint if the email has a `'failed'` status
2019-11-22 14:20:32 +00:00
Peter Zimon
d7d5d9a13d Refined email styles 2019-11-22 11:40:56 +01:00
Kevin Ansfield
be4a5a84d9
Updated meta/structured data sources & fallbacks (#11068)
refs https://github.com/TryGhost/Ghost/issues/10921, closes https://github.com/TryGhost/Ghost/issues/11357, closes https://github.com/TryGhost/Ghost/issues/11403

- updates the sources and fallbacks for the output of `{{ghost_head}}` meta/structured data
- re-works related tests to better show the fallback chains for different scenarios
- fixes `{{ghost_head}}` tests to use `before/afterEach` so that tests are not interdependent
2019-11-21 13:08:00 +00:00
Naz Gargol
193c179110
Extracted members-specific middleware from site app module (#11405)
no issue

- In order to keep site/app.js module tidy and less coupled with members module we need to extract some of the functionality where it belongs conceptually
- Added "members enabled check" middleware to stripe webhook endpoint
- Reshuffled members middleware so that siteApp is in control of mounting points. This is meant to be a more explicit way to see which endpoints are being handled by members middleware
- Extracted member-specific public file middleware
- Unified use of `labs.member` alias method. Done for code style consistency
- Added basic members' test suite. This is a base we could work from when more modifications are needed
- Removed route handler for unexisting members file "members-theme-bindings.js". Calling this route otherwise causes a 500. Looks like a leftover from 49672a1e4d
2019-11-21 10:01:24 +07:00
Kevin Ansfield
f6ef12847a Override "Forbidden" Mailgun error to be more useful
no issue

- a 401 is received from Mailgun when invalid credentials are used but the default error message of "Forbidden" is not particularly useful
- intercepts "Forbidden" and swaps it for "Invalid Mailgun credentials" to be more user-friendly
2019-11-20 17:31:26 +00:00
Peter Zimon
e82f706afa Email design refinements 2019-11-20 18:27:52 +01:00
Kevin Ansfield
6eb992ce1f Removed meaningless code comment
no issue

- comment was about a deprecated property that has already been removed in 3.0
2019-11-19 16:24:04 +00:00
Naz Gargol
c2aec69af9
Added email retry logic for failed batches (#11402)
no issue

- When whole email batch fails we want to allow retrying sending a batch when post is republished
- Refactored naming for email event handling in mega
2019-11-18 21:28:54 +07:00
Kevin Ansfield
8fd1e816ae Cleaned up references to reserved slugs
refs https://github.com/TryGhost/Ghost/pull/11301

- the reserved slugs list was emptied in https://github.com/TryGhost/Ghost/pull/11301 but the empty array was left in place
- this cleans up all other references to reserved slugs so that the empty array can also be removed
2019-11-18 14:25:33 +00:00
Kevin Ansfield
0ef81708e7 Removed duplicated members key in overrides.json
no issue

- basic cleanup
2019-11-18 14:10:33 +00:00
Kevin Ansfield
1c8b78818f Merge branch 'master' into mega 2019-11-18 11:09:46 +00:00
Nazar Gargol
6751cc50c8 Fixed integrity test
no issue

- Schema was changed in c99f40957e
2019-11-18 15:47:19 +07:00
Rish
baccbb4942 Updated test email to throw error for failed requests
no issue
2019-11-18 13:24:28 +05:30
Peter Zimon
a64fab7e69 Refined mobile screen for unsubscribe 2019-11-16 16:39:26 +01:00
Peter Zimon
1f67cc6ddc Updated unsubscribe screen error handling 2019-11-16 13:02:36 +01:00
Kevin Ansfield
0a20243540 Fixed knex connection pool errors when saving posts with sqlite
no issue

- sub query within the `Post.onSaving` method was not passing through the transaction options which was locking up sqlite
2019-11-15 15:11:55 +00:00
Peter Zimon
b409a665b5 Refined unsubscribe screen design 2019-11-15 14:01:45 +01:00
Naz Gargol
c99f40957e
Improved mega error handling (#11393)
no issue

- Increased default mailgun retry limit to 5
- Handling retry logic closer to SDK layer gives less future manual handling
- Allowed failing request to be passed through to the caller
- To be able to handle failed requests more gracefully in the future we need all available error information to be given to the caller
- The previous method with `Promise.all` would have rejected a whole batch without providing details on each specific batch.
- Limited data returned with a failed message to batch values
- Added better error handling on mega layer
- Added new column to store failed batch info
- Added reference to mailgan error docs
- Refactored batch emailer to respond with instances of an object
- It's hard to reason about the response type of bulk mailer when multiple object types can be returned
- This gives more clarity and ability to check with `instanceof` check
2019-11-15 18:25:33 +07:00
Kevin Ansfield
ee47dd4dae
Added /unsubscribe/ route to the front-end (#11394)
no issue

- adds new router to the frontend for handling unsubscribe
- default template lives in `core/server/frontend/views/unsubscribe.hbs`
- `{{error}}` is present and contains the error message when unsubscribe fails
- `{{member}}` is present and contains the member email
- updated unsubscribe url to match the new format
2019-11-15 09:36:49 +00:00
Rish
52eb3ca9da Converted all link tags in preview to open in new tab
no issue
2019-11-15 11:26:43 +05:30
Kevin Ansfield
90f61d1f04 Added 'bulk-email' tag to bulk messages sent with mailgun
no issue

- helps distinguish bulk vs transactional email when both are using the same mailgun account
2019-11-15 00:06:23 +00:00
Kevin Ansfield
5fd2b7fed1 Added send_email_when_published query param to posts endpoint
no issue

- having a `send_email_when_published` property on the Post resource that only has an effect at certain times was confusing and was causing issues with clients that needed to know details of how that toggle worked
- makes `post.send_email_when_published` a fully read-only property in the API
- adds support for `?send_email_when_published=true` query param that can be passed in POST/PUT requests to the posts endpoint when scheduling or publishing a post - this is the only way to set `post.send_email_when_published` to `true`
- adds handling to ensure that `post.send_email_when_published` is always reset to `false` when reverting a post back to a draft _unless_ an email has already been sent
2019-11-14 17:29:03 +00:00
Rish
dbae6ccb58 Added site title as sender name for bulk email
no issue
2019-11-14 20:39:51 +05:30
Rish
c4706230d9 Updated fixtures regression test 2019-11-14 20:39:25 +05:30
Naz Gargol
d325912a55
Switched scheduler to use API v3 (#11391)
no issue

- The switch is needed so that mailinglist work when posts are scheduled
- v3 API is the default stable API that should be preferably used by all clients (including Scheduler)
2019-11-14 15:12:52 +07:00
Rish
1d89bbc852 Fixed settings tests 2019-11-14 11:32:34 +05:30
Nazar Gargol
98364e4d66 Removed unused method from bulk-mailer
- This was a leftover from rebase
- The method is not meant to be used anywhere
2019-11-14 12:35:26 +07:00
Rish
22b48cbef3 Fixed mailgun instance not updated on settings change
no issue
2019-11-14 10:45:26 +05:30
Rish
6d1de1b912 Fixed post not showing authors in email
no issue
2019-11-14 10:45:05 +05:30
Rish
eaf7289af3 Fixed bulk settings input serializer 2019-11-14 08:20:16 +05:30
Rish
b7df5c360d Updated send test email to use common email data 2019-11-13 22:53:33 +05:30
Rish
d3229b6ade Wired mailgun provider API keys via config or settings
no issue
2019-11-13 22:29:31 +05:30
Rish
05e9f01f30 Added dynamic fields isEnabled/isConfig on bulk email settings
no issue

Adds 2 new dynamic calculated fields on bulk email settings -

`isEnabled` - If mailgun is configured either with config or admin settings
`isConfig` - If mail is configured via config directly
2019-11-13 22:29:31 +05:30
Rish
572e56f90a Removed redundant bulk email settings migration
no issue
2019-11-13 22:29:31 +05:30
Rish
e540f36a9a Added new top-level bulk email settings
no issue
2019-11-13 22:29:31 +05:30
Peter Zimon
06afa4c042 Refined mail design 2019-11-13 14:11:54 +01:00
Rish
af43c0872c Fixed mailgun not sending test emails due to empty recipient variables
no issue

Mailgun expects `recipient-variables` to be a json object and fails to attempt sending the message in case its undefined, which is the case for test emails as they don't have member `uuid` or `unsubscribe` url. This sets a default empty object for `recipent-variables` in case of no data.
2019-11-13 17:02:56 +05:30
Fabien O'Carroll
d4ab151fce
Removed basic email validation
no-issue

This was rubbish anyway, and we should just rely on the input having `type=email`
2019-11-13 18:18:49 +07:00
Naz Gargol
f5479e1473
Added batching support for bulk email service (#11388)
no issue

- The limitation on Mailgun side of API seems to be 1000 emails per message.
- The only place where I could find a hard limit of 1000 emails per
batch was this PHP SDK issue: https://github.com/mailgun/mailgun-php/issues/469
- To store ids of sent messages introduce a mega column on the emails table. They can be synced with stats or other metrics during even pooling in the future
- Removed redundant `join(',')` statement.The SDK accepts an array of emails as well. Less code - better code :)
2019-11-13 17:52:23 +07:00
Naz Gargol
208b710677
Added tagging support to bul email service (#11390)
no issue

- Tagging needs to be added to be able to group/filter sent messages for various reasons. An example use case is when multiple Ghost instances use the same mailgun account
- Tag value can be provided as a part of config.json file under
`bulkEmail.mailgun.tag` key
2019-11-13 17:36:19 +07:00
Nazar Gargol
c9bd4a6c97 Updated Ghost-Admin to 3.0.3 2019-11-11 18:55:36 +07:00
Naz Gargol
45253cfe5f
🐛 Fixed 3.0 SQLite subscribers migration (#11383)
closes #11349

- The main reason for failure was SQLite's 999 variable limit
- More details here https://github.com/TryGhost/Ghost/pull/11270
2019-11-11 18:20:38 +07:00
Nazar Gargol
ae5eb4802c Reverted support to only data.post in meta layer
no issue

- It was partially removed in https://github.com/TryGhost/Ghost/pull/11080/files but didn't take into account hardcoded value in format response stage
2019-11-11 17:49:36 +07:00
Nazar Gargol
6345684556 🐛 Fixed twitter meta description for pages
closes https://github.com/TryGhost/Ghost/issues/11317
refs https://github.com/TryGhost/Ghost/issues/10042

- Introduced with f69f04ae8d
- Description and possible solution available in https://github.com/TryGhost/Ghost/issues/10042#issuecomment-551467666
2019-11-11 17:49:03 +07:00
Hannah Wolfe
6c921bf2ef Fix typo in regression test 2019-11-08 17:28:07 +07:00
Fabien O'Carroll
0a47adac88
Updated name of bulk email service config
no-issue
2019-11-08 17:26:05 +07:00
Hannah Wolfe
551e552928 Add a fallback API version, allows tests to pass
- 😏
- this shouldn't really be a thing, but it's better than updating 52 tests...
2019-11-08 17:24:10 +07:00
Fabien O'Carroll
11d0eff863 Converted bulk email service to use mailgun
no-issue
2019-11-08 17:21:20 +07:00
Fabien O'Carroll
00da426a02 Added unique_id to the recipient data
no-issue

This will be required by mailgun
2019-11-08 17:21:20 +07:00
Fabien O'Carroll
2b285c5fd3 Set from adress in the mega service
no-issue
2019-11-08 17:21:20 +07:00
Fabien O'Carroll
cc39786958 Updated members service to use config module
no-issue
2019-11-08 17:21:20 +07:00
Fabien O'Carroll
90d582c5f6 Added config module to members service
no-issue

This is for a central place to retrive member related settings from
2019-11-08 17:21:20 +07:00
Nazar Gargol
93b22af899 Added default stats object to email model
- The serialized object is meant to serve as a placeholder for future email related stats pooled from mail service provider
2019-11-08 17:11:54 +07:00
Naz Gargol
3f88e7de63
🐛 Fixed incorrect html title appearing on 'pages' pages (#11358)
closes #11357

- Change that introduced a bug was made in cbca480b97
- The condition could be removed once https://github.com/TryGhost/Ghost/issues/10042 is resolved. It is currently not dependent on the API version rather the object form used in the frontend.
2019-11-08 12:58:11 +07:00
Rish
0a17f5d3c0 Renamed migrations in correct sequence 2019-11-08 12:25:26 +07:00
Naz Gargol
b48f1f4b2c
Updated defaults handling for email property in posts (#11355)
no issue

- Fixed default email property output when the empty value is returned
- This is needed for consistency with other endpoint properties like primary_tag which are null when there is no value assigned
- Updated acceptance tests to handle email property
- Schema had to be updated to not use reference so that the information about email can be independent of the post - can still exist if the post is deleted
2019-11-08 11:40:49 +07:00
Nazar Gargol
13a0108aac Moved email preview spec to acceptance tests
- Tests here are baseline usecases which should be always in check
- More edge case scenarios might go into regression suite in the future
2019-11-08 11:38:06 +07:00
Peter Zimon
ed2f9e499c Fixed gallery image height 2019-11-07 17:17:34 +07:00
Nazar Gargol
3ca25886eb Removed redundant context passing
- Context object is not needed when model is used directly
2019-11-07 17:09:30 +07:00
Rish
d7d06653df Fixed email not returned in put object on post publish 2019-11-07 17:03:23 +07:00
Nazar Gargol
cc581c66ce Inlined context use so it matches convention used in most of the codebase 2019-11-07 16:45:53 +07:00
Peter Zimon
47bc7c400c Fixed pre style for email template 2019-11-07 16:31:48 +07:00
Nazar Gargol
fdba1cb95b Updated status handling
- We need to distinguish 2 stages before and after attempted sending of the email
2019-11-07 16:26:34 +07:00
Nazar Gargol
92dc86f0a5 Changed existing email status handling according to chenges in schema 2019-11-07 16:26:34 +07:00
Nazar Gargol
d0e8561b03 Changed email model statuses in schema
- Renames were done as that suits how emails would be handled by the bulk email handler
- These statuses are only for internal representation of the state and don't represent what happens to emails delivery-wise
- There is no need for 'sent' status as emails are "never done" and stats wold be checked for stats field would be used to check on details of the status
2019-11-07 16:26:34 +07:00
Rishabh Garg
b1d436e2ee
Added input validation to strip email object on post (#11351)
no issue

Removes post email relation from edit/add requests as we don't want to edit email object directly as part of post
2019-11-07 16:11:37 +07:00
Nazar Gargol
b364fc5e35 Not creating email record when there is nobody to send it to 2019-11-07 16:00:18 +07:00
Rish
7e0da18f85 Fixed typo on email relation in model 2019-11-07 15:52:01 +07:00
Kevin Ansfield
2421516aa6 Made email a default include on posts API in v3/canary 2019-11-07 12:47:07 +07:00
Nazar Gargol
3b792a075a Fixed serializer unit tests 2019-11-07 12:27:02 +07:00
Nazar Gargol
640f7155fc Fixed linter 2019-11-07 11:47:15 +07:00
Nazar Gargol
f34f4a7b8d Added comment to addEmail method 2019-11-07 11:47:15 +07:00
Nazar Gargol
eca129c18d Hooked mega service to listen to email.added event
- This was needed because we switched to synchronous request handling (to allow including email data with post.publish event)
2019-11-07 11:47:15 +07:00
Nazar Gargol
4e1caa8b08 Added email relation to post and allowed include for /posts endpoint 2019-11-07 11:47:15 +07:00
Rish
97e2af9a06 Added mailgun domain to members subscription settings
no issue

-  Delete api key and domain setting if its in the config to hide it in admin
2019-11-07 11:28:42 +07:00
Rish
86d6fc8578 Serialized post html for email
no issue
2019-11-07 11:15:16 +07:00
Rish
898c354644 Added [Test] for preview email subject 2019-11-06 19:20:12 +07:00
Rish
7b89cd445a Fixed unsubscribe url for preview email 2019-11-06 18:36:27 +07:00
Peter Zimon
4b24780ebd Refined figcaption size in emails 2019-11-06 18:35:03 +07:00
Rish
6357d0c79b Fixed custom subject in email preview 2019-11-06 18:32:11 +07:00
Rish
77daa77e04 Added status=all by default to preview api 2019-11-06 18:18:44 +07:00
Fabien O'Carroll
81b9018526 Passed unsubscribeUrl template variable to bulk email
no-issue
2019-11-06 18:08:11 +07:00
Fabien O'Carroll
509682cd6a Supported unsubscribe_url template variable for bulk email
no-issue
2019-11-06 18:08:11 +07:00
Fabien O'Carroll
00db1d385c Added createUnsubscribeUrl fn to mega
no-issue
2019-11-06 18:08:11 +07:00
Rish
4db260f17e Added authors to email preview template 2019-11-06 18:03:46 +07:00
Fabien O'Carroll
c64be968c1 Updated default values for post model
no-issue
2019-11-06 17:32:14 +07:00
Rish
90af59d15c Fixed test preview mail for draft posts 2019-11-06 17:02:42 +07:00
Rish
30f8cfddb4 Added mail. api key to default setting
no issue
2019-11-06 16:24:22 +07:00
Peter Zimon
4bd5b1c435 Added unsubscribe URL 2019-11-06 16:19:21 +07:00
Peter Zimon
36f7a88b84 Added current year in email footer 2019-11-06 16:17:03 +07:00
Nazar Gargol
f2a9bfcb93 Fixed DB integrity check 2019-11-06 16:07:14 +07:00
Nazar Gargol
59153394c3 Fixed db export test 2019-11-06 15:56:56 +07:00
Nazar Gargol
9d10f3b3b8 Fixed linter 2019-11-06 15:56:56 +07:00
Nazar Gargol
055fc6b09a Added email record after mage service sends an email 2019-11-06 15:56:56 +07:00
Nazar Gargol
c1ba238450 Fixed typo in email permissions migration 2019-11-06 15:56:56 +07:00
Nazar Gargol
6bc8a1bb18 Added email resource permission 2019-11-06 15:56:56 +07:00
Nazar Gargol
0e822b4d54 Added field defaults 2019-11-06 15:56:56 +07:00
Nazar Gargol
ae14eb00f9 Implemented GET /emails/:id endpoint 2019-11-06 15:56:56 +07:00
Nazar Gargol
1ed2598c3b Added basic read endpoint test 2019-11-06 15:56:56 +07:00
Nazar Gargol
c342ea1454 Added email data generators in test utils 2019-11-06 15:56:56 +07:00
Nazar Gargol
c264a5d8c4 Added email model 2019-11-06 15:56:56 +07:00
Nazar Gargol
fc9e62b1a2 Added emails table migration 2019-11-06 15:56:56 +07:00
Nazar Gargol
2af2500ccf Fixed db version integrity check 2019-11-06 15:56:56 +07:00
Nazar Gargol
f0c0ea2197 Added emails table schema definition 2019-11-06 15:56:56 +07:00
Peter Zimon
2c55b82be1 Refined email template 2019-11-06 15:47:20 +07:00
Peter Zimon
d6e8db28ab Refined email template 2019-11-06 15:39:27 +07:00
Fabien O'Carroll
809334d7dd Fixed tests for pages api
no-issue
2019-11-06 15:30:37 +07:00
Fabien O'Carroll
030819dc9e Added eslint ignore comments for template
no-issue
2019-11-06 15:30:37 +07:00
Fabien O'Carroll
cd6de74010 Added migration to populate missing uuid fields
no-issue

This is to ensure that all members have a uuid
2019-11-06 15:30:37 +07:00
Fabien O'Carroll
f2709964ae Added migration for members uuid column
no-issue
2019-11-06 15:30:37 +07:00
Fabien O'Carroll
354e59a795 Added defaults to member model
no-issue
2019-11-06 15:30:37 +07:00
Fabien O'Carroll
a7e7f74f8b Wired up middleware to handle unsubscribing
no-issue
2019-11-06 15:30:37 +07:00
Fabien O'Carroll
73b00e77c2 Added unsubscribe handler to mega service
no-issue
2019-11-06 15:30:37 +07:00
Fabien O'Carroll
23964750a9 Allowed getting member by uuid
no-issue
2019-11-06 15:30:37 +07:00
Fabien O'Carroll
389b034875 Added uuid column to members table
no-issue

This will be used for unsubscribe links
2019-11-06 15:30:37 +07:00
Rish
45cd39c386 Fixed members settings cleanup for mailgun config 2019-11-06 15:21:46 +07:00
Rish
b3aba084ee Fixed fixture for send test email 2019-11-06 15:21:46 +07:00
Hannah Wolfe
9a2719ac4f Decoupled routing service and theme service
- This is a fairly temporary state
- It at least removes the themeService require from inside the routingService
- Requires us to pass the routingService the desired API Version...
- We're working towards having the entire frontend respect the theme API version by having it passed around everywhere
2019-11-06 15:20:13 +07:00
Hannah Wolfe
ca61e245e8 Updated syntax in labs service
- use consistent, simpler syntax
2019-11-06 14:53:53 +07:00
Peter Zimon
c2633b09ea Refined post email template 2019-11-06 14:53:40 +07:00
Hannah Wolfe
7a36200e24 🐛 Ensure deprecated labs flags are unset
fixes #11343

- solves the case where themes depends on old labs flags that are now always false, but the DB still has the feature set to true
- add concept of deprecated labs flags to the labs service
- make sure that the labs service gets used in our theme middleware
- added tests and other small fixes
2019-11-06 14:42:39 +07:00
Rish
9018e64493 Fixed email preview auth for test mails
no issue
2019-11-06 13:15:14 +07:00
Hannah Wolfe
27dd442059 Added extra handling for test port conflict errors
- If you use ghost cli, you may have extra ghost instances running on 2369
- Add extra handling to make this case super clear next time it happens to someone (probably me)
2019-11-06 12:48:58 +07:00
Rish
3e331fcf86 Fixed lint 2019-11-06 12:15:03 +07:00
Rish
cc514f1776 Fixed permission for test email API 2019-11-06 12:09:55 +07:00
Rish
686e0143c7 Added date formatting for email post data
no issue
2019-11-06 12:06:24 +07:00
Rish
3023619ac9 Allowed status data for email preview API
no issue
2019-11-06 11:57:46 +07:00
Naz Gargol
69bd4bdd4e Added post email preview permissions migrations (#11345) 2019-11-06 11:38:30 +07:00
Hannah Wolfe
814bb7da55 Fix silly issues with post class 2019-11-06 11:02:50 +07:00
Peter Zimon
7f3a1e93ae Working on email template 2019-11-06 10:21:58 +07:00
Daniel Lockyer
b91f3071be Deferred loading metascraper (#11337)
no issue

- reduces Ghost boot time from 1.47s to 1.33s on my machine.
2019-11-06 08:31:11 +07:00
Nazar Gargol
d47100168b Removed post only fields from pages
- As we introduced email_subject and send_email_when_published for post responses we don't want to return them for pages
2019-11-05 18:42:31 +07:00
Rish
d5aa38464b Added mail provider api key setting migration
no issue
2019-11-05 18:35:07 +07:00
Rish
78a9463243 Updated members setting serializer for mail config 2019-11-05 18:23:23 +07:00
Nazar Gargol
bb223f9f4d Allowed editing subscribed field for members 2019-11-05 18:03:19 +07:00
Hannah Wolfe
1cdc181c54 Added no-image class to content w/o feature_image
no issue

- Most of the offical Ghost themes have been doing this manually
- So we'll just do it by default:
2019-11-05 18:02:23 +07:00
Nazar Gargol
d0bf6e8579 Filtered out members which are unsubscribed in mailing service 2019-11-05 17:00:21 +07:00
Nazar Gargol
1ef015da10 Added subscribed column to members table
no issue

- Needed for unsubscribe functionality
2019-11-05 17:00:21 +07:00
Peter Zimon
b2f86315c0 Updated post email template 2019-11-05 16:37:12 +07:00
Rish
4a53184d7f Added send preview email API
no issue
2019-11-05 16:09:18 +07:00
Hannah Wolfe
72679aefb9 Updated inconistent frontend debug statements
- Fixed debug statements had wrong/inconsistent debug statement path after refactor
2019-11-05 15:06:15 +07:00
Nazar Gargol
5d76ceef8b Added plaintext field to email preview response 2019-11-05 15:04:48 +07:00
Fabien O'Carroll
d1812281f7 Updated serialisation to use current attributes
no-issue

We were getting some funny behaviour before this because some previous
attributes were just the defaults, when a post was new
2019-11-05 12:53:14 +07:00
Fabien O'Carroll
84300747a9 Added content gating to the mega service
no-issue
2019-11-05 12:53:14 +07:00
Fabien O'Carroll
15ffae211d Refactored members content gating check
no-issue
2019-11-05 12:53:14 +07:00
Fabien O'Carroll
6c97db2c22 Added content-gating module to members service
no-issue

This should be used as the central place to manage permissions to
members content
2019-11-05 12:53:14 +07:00
Fabien O'Carroll
0689ae9657 Fixed JSDoc comments for bulk emailer
no-issue
2019-11-05 12:53:14 +07:00
Nazar Gargol
a527a08cb0 Fixed linter error 2019-11-05 12:24:28 +07:00
Nazar Gargol
164861da76 Fixed unit tests - DB integriti checks
- Needed to be updated after adding new preview email permissions to the permission fixtures
2019-11-05 12:23:52 +07:00
Nazar Gargol
9daed773c9 Added email preview output serializer 2019-11-05 12:15:50 +07:00
Nazar Gargol
c913b0cbbf Extracted post email serializer from mega service 2019-11-05 12:15:50 +07:00
Nazar Gargol
8a7bf353d4 Added email preview controller 2019-11-05 12:15:50 +07:00
Nazar Gargol
61af0e08ae Added email preview endpoint to Admin API 2019-11-05 12:15:50 +07:00
Nazar Gargol
5e9a701d3a Improved regression test for post email 2019-11-05 12:15:50 +07:00
Nazar Gargol
facc2d0f29 Added email preview test 2019-11-05 12:15:50 +07:00
Nazar Gargol
60fd91b839 Added preview permissions 2019-11-05 12:15:50 +07:00
Fabien O'Carroll
3b11d25170
Fixed check for send_email_when_published
no-issue
2019-11-05 11:28:16 +07:00
Peter Zimon
5aaee4e8b2 Fixed post serialisation 2019-11-05 11:20:03 +07:00
Naz Gargol
977298b6e1 Added basic HTML template support to MEGA (#11336)
no issue

- Sends formatted email to members
- Added css inlining support for MEGA template
- Migrated MEGA service to use API serializers
- Service needs to be compliant with the API to be able to serve absolute URLs for resources like images
- Fixed send email check for previously sent mails
2019-11-04 17:53:42 +07:00
Rish
424e3aea7c Added restriction to not send mail for published posts
no issue
2019-11-04 16:07:33 +07:00
Rish
5b438d3df9 Added action for post email delievery
no issue
2019-11-04 15:42:00 +07:00
Nazar Gargol
fb88c541be Fixed custom subjects for mega emails 2019-11-04 15:24:20 +07:00
Naz Gargol
74f2145e81
Added MEGA service (#11333)
no issue

- This services listens  to 'post.publish' event, assemples email data and calls bulk mailer
2019-11-04 14:38:40 +07:00
Rish
82e022b582 Fixed db integrity test 2019-11-04 13:26:41 +07:00
Fabien O'Carroll
39688cef07 Fixed bulk-email service loop
no-issue
2019-11-04 13:23:49 +07:00
Rish
2ac2975178 Added migrations for email settings
no issue
2019-11-04 13:22:03 +07:00
Rishabh Garg
f2f9073edd
Added email subject post meta field (#11335)
no issue
2019-11-04 13:15:23 +07:00
Fabien O'Carroll
8503105b39 Improved bulk email service
no-issue

Used proper logging
2019-11-04 13:01:58 +07:00
Kevin Ansfield
e63083cd32 Added "send_email_when_published" migration 2019-11-04 12:58:42 +07:00
Fabien O'Carroll
5b071d08de Made send_email_when_published nullable
no-issue
2019-11-04 12:53:08 +07:00
Fabien O'Carroll
20ce0c313c Added initial bulk-email service
no-issue

This is a simple wrapper around the current ghost mailer service for now
2019-11-04 12:36:12 +07:00
Fabien O'Carroll
a30caa5c66 Added send_email_when_published to post input schema
no-issue

This is required to allow us to send the flag into the api
2019-11-04 12:03:24 +07:00
Fabien O'Carroll
3fc3c52dd3 Added flag for sending email when post is published
no-issue
2019-11-04 11:56:46 +07:00
Kevin Ansfield
6b420d0cbd Added member.edited webhook
no issue

- member model emits a `member.edited` event on update
- webhooks service listens for `member.edited` event and will trigger any registered hooks
2019-10-31 14:34:50 +00:00
Kevin Ansfield
a339a838b3
Removed /api/v2/members/ endpoints (#11308)
no issue

- this was a hangover from earlier members betas
- members is only available on `v3` and `canary` APIs
2019-10-31 11:11:46 +00:00
Naz Gargol
0c3b90283a
Renamed members to post-gating for better context (#11309)
no issue

- Using members.js naming for the file was a bad choice and lead to some false signals when doing a cleanup.  `post-gating` is more explicit and to the point of what the module is responsible for
2019-10-31 10:33:37 +01:00
Kevin Ansfield
1fd7014c45 Fixed member.deleted webhook having an empty payload
no issue

- the members output serializer was passing model objects through on `frame.response` but the webhooks serializer doesn't know how to deal with those
- adjusting the output serializer to use a mapper as per the other serializers means that POJOs are being passed through which allows the webhook serializer to correctly pick out the changed attributes
2019-10-31 15:19:45 +07:00
Casper Bøgeskov Hansen
638b4fc2f2 Fixed post preview access flag in 3.0 (#11275)
no-issue

The access flag was not being set in the preview controller which was causing 3.0 Member themes to incorrectly hide the content
2019-10-31 13:58:47 +07:00
Kevin Ansfield
2dc6f30f11 🐛 Fixed internal error for RSS feed when a post has no content
no issue

- initial report https://forum.ghost.org/t/rss-feed-stopped-working/9874
- `htmlRelativeToAbsolute` will return `null` if `null` is passed into it but `cheerio.load(null)` will throw a "Cannot read property 'parent' of null" error so we need to ensure we at least load an empty string
2019-10-30 17:46:17 +00:00
Kevin Ansfield
bddbdd2429 Updated Ghost-Admin to 3.0.2 2019-10-30 11:08:00 +00:00
Kevin Ansfield
a95bb6c5fd Updated Ghost-Admin to 3.0.1 2019-10-29 14:20:09 +00:00
Naz Gargol
9b347d6d95 🐛 Fixed 3.0 migration on SQLite with many posts (#11302)
refs https://github.com/TryGhost/Ghost/pull/11270

- Fixed 3.0/11-update-posts-html migration which failed in scenario when more than 999 posts with posts_meta relation were present
- The issue was originally spotted here: https://github.com/TryGhost/Ghost/pull/11270#issuecomment-546248308
- The main problem is in the `SELECT` statement which is generated for `findAll` method in Bookshelf which creates `WHERE IN(post_ids_here)` statement with all posts in the database
- Using knex directly as that's a preferred way to write migrations (does not depend on the model layer)
2019-10-29 12:16:47 +00:00
Kevin Ansfield
c2cdfef9e2
💡 Removed list of reserved slugs (#11301)
no issue

- reserved slugs get in the way of creating pages such as `/signin/` which do not currently exist and are useful for members
- the reserved slugs concept is a little meaningless because if there are any route clashes then our own routes should always win out over a post slug
2019-10-29 09:49:47 +00:00
Rishabh Garg
d370a4e840
🐛 Fixed members export limiting to 15 members only (#11299)
refs https://github.com/TryGhost/Ghost/issues/11298

The members export admin API by default paginates the result and only returns upto 15 members. This allows passing `limit` param to the API and allows passing `limit=all` to fetch all members in result.
2019-10-29 10:20:32 +05:30
Naz Gargol
99c6351feb
🐛 Fixed 3.0 migration for SQLite (#11270)
closes #11263

- Fixed `3.0/05-populate-posts-meta-table.js` migration failure when having >999 posts with metadata in the database
- The issue here is with hitting SQLite's internal SQLITE_LIMIT_VARIABLE_NUMBER limit when updating with a large amount of posts having metadata fields set (ref.: https://sqlite.org/limits.html#max_variable_number)
- Transforming migration to iterative method avoided inserting lots of records at once
2019-10-28 14:21:21 +01:00
Kevin Ansfield
7284227f1e
🐛 Fixed 404s when using a proxy setup (#11269)
no issue

When using certain proxy setups that result in `host` and `x-forwarded-host` being different, it became impossible to access Ghost because all routes showed generic 404 pages.

- `vhost` module that we are using to separate front-end and admin urls does not use express' `req.hostname` so it does not pick up the `x-forwarded-host` url that express' `'trust proxy'` config gives us
- switched to the forked `@tryghost/vhost-middleware` package which has a one-line change to use `req.hostname || req.host`
- added `'trust proxy'` config to the admin express app and switched to using `req.hostname` in our redirect code to avoid infinite redirect loops
2019-10-28 11:22:05 +00:00
Naz Gargol
b1e20d2ad5
🐛 Fixed migration path from pre 2.28.x to 3.0.0 (#11268)
no issue

- Bug reported here https://forum.ghost.org/t/ghost-3-0-update-q-install-cannot-read-property-type-of-undefined/9659/3
- The issue happens when migrating from e.g. 2.28.x Ghost instance directly to 3.0
2019-10-28 12:02:16 +01:00
Fabien O'Carroll
80e1530f7e Converted has helper imports to individual const
no-issue
2019-10-28 10:55:14 +00:00
Fabien O'Carroll
d78cbed84d 🐛 Fixed error from has helper w/o dependent data
no-issue

Usage of the has helper like `{{#has 'author:count>1'}}` when the
current context does not have the dependent data (in this case
`authors`) would error, because it could not read property length of
undefined.
2019-10-28 10:55:14 +00:00
Naz Gargol
518f2ccd82
🐛 Fixed incorrect body class output on page (#11264)
closes #11262
refs #10042

- Fixed issue where using {{body_class}} helper on a "page" type of a page was outputting `post-template` instead of `page-template`
- The issue was caused by this change 7dc38e2078 (diff-c33149d31de747bc5fbefcaf7a44da79L67-L72)
- Updated the comment to have real context of why this if is here
- Added test coverage for .page-template class
2019-10-23 18:06:45 +02:00
Fabien O'Carroll
a789431dfa Updated Ghost-Admin to 3.0.0 2019-10-21 22:41:48 +07:00
Fabien O'Carroll
74044190ff Updated Ghost-Admin to 3.0.0-beta.8 2019-10-21 18:34:46 +07:00
Nazar Gargol
5760395e92 Fixed reading_time calculation for non public posts
no issue

- The calculation of reading time has to happen before html field is sanitized for members plan.
2019-10-21 18:07:38 +07:00
Fabien O'Carroll
95543b0461
Added price data to templates (#11259)
no-issue

This is p. damn hacky!!
This exports `{{@price.monthly}}` and `{{@price.yearly}}` to the theme
so that we can have dynamic payment pages
2019-10-21 17:50:54 +07:00
Fabien O'Carroll
870b12ca2e Updated Ghost-Admin to 3.0.0-beta.7 2019-10-21 13:05:33 +07:00
Rish
d3c96ac04e Fixed filter in url config for posts
no issue

We use `visibility:public` filter for post url config for all API versions, which causes any post with non-public visibility to not get added in resource list. This means every time on server start/restart, fetching posts in theme will exclude any post not having `visibility:public` as it won't have a corresponding url resource added.

This fix was previously committed to master here - ff13821b27 - but got overwritten during `master` ->`v3` merge somewhere causing weird behavior with member posts on v3.
2019-10-21 12:20:39 +07:00
Rish
082718d236 Updated Ghost-Admin to 3.0.0-beta.6 2019-10-20 16:11:09 +05:30
Rish
38d7030708 Updated Ghost-Admin to 3.0.0-beta.5 2019-10-20 14:19:55 +05:30
Rish
1e1b704675 Updated Ghost-Admin to 3.0.0-beta.4 2019-10-19 18:40:27 +05:30
Fabien O'Carroll
acd7376803 Updated Ghost-Admin to 3.0.0-beta.3 2019-10-18 19:30:44 +07:00
Fabien O'Carroll
3c31820468 Updated Ghost-Admin to 3.0.0-beta.2 2019-10-17 18:53:17 +07:00
Fabien O'Carroll
a3b4ced241 Updated Ghost-Admin to 3.0.0-beta.1 2019-10-17 17:36:15 +07:00
Fabien O'Carroll
a500c3761f Added migration for subscriber labs flag
no-issue
2019-10-17 16:58:46 +07:00
Fabien O'Carroll
1fb41e1946 Removed superfluous space from filename
no-issue
2019-10-17 16:58:46 +07:00
Naz Gargol
f1fa74b5c4
💄Updated fixtures for Ghost v3 content + assets (#11247)
no issue 

- Updated post images and content
- Updated default blog cover asset
- Updated default Ghost user avatar
2019-10-17 10:49:30 +02:00
Fabien O'Carroll
8ab1d3fae9 Fixed test for updated favicon
no-issue
2019-10-17 13:20:09 +07:00
Peter Zimon
ce2e2e3834 Updated default publication icon
no issue
2019-10-17 07:59:21 +02:00
Rishabh Garg
d8e65d46e9
Updated post model queries to raw knex queries (#11246)
no issue

We split `posts` table into 2 in v3 with a new `posts_meta` table. Since migrations always use the version of code which is being migrated to - in this case the Post model - which in v3 relies on the posts_meta table, `2.x` migrations relying on post model will fail as it doesn't exist in the expected state. This PR updates all 2.x migrations using `models.Post` to use knex queries directly to access database and perform operations.
2019-10-17 10:36:18 +05:30
Fabien O'Carroll
7c4f177fee Added missing page prop to v2 Content API posts
no-issue

We have to wrap this in a check to make sure that `page` property is
only returned if either:
A) No `fields` param is passed (send back all fields)
B) `fields` param is passed AND it includes the `page` field
2019-10-16 15:44:05 +07:00
Fabien O'Carroll
38a05c0393 Fixed regression test for page property
no-issue

We have to manually add the page property since the schema no longer
includes it
2019-10-16 15:44:05 +07:00
Fabien O'Carroll
9a3bd55886 Updated fixture integrity hash
no-issue
2019-10-16 14:22:42 +07:00
John O'Nolan
055f129059 Correct Twitter username 2019-10-16 14:22:42 +07:00
Peter Zimon
cac8c4a3e7 Refined member emails
no issues
- refined typography and spacing for member signup, singin and subscribe emails
2019-10-16 14:22:42 +07:00
Fabien O'Carroll
d6b0db39c0 Added access property to entries for v3+ api
no-issue

This is done at the theme layer so that we do not introduce new concepts
to the api which may go away very quickly due to the beta status of
members.
2019-10-16 14:15:52 +07:00
Hannah Wolfe
fb072395ac Reduced API debug statements
- outputting so much information makes debug less useful
 - node debugger should be used for tracing values through the system,
     debug() is for more generally following logic and timing
 - removed debugs that output large objects
 - added consistent debugs for api methods
 - a couple of other tweaks for easier understanding of what's happening on a request
2019-10-15 15:07:38 +01:00
Fabien O'Carroll
c9c37b0da2
Merge master -> v3 (#11242)
Merge master -> v3
2019-10-15 17:44:14 +07:00
Nazar Gargol
634a9160a8 Fixed test suite timeout for multi-author posts
no issue

- The timeout has been triggered due to lot's (25) of posts being inserted into the databse , which took over 20 000ms on Travis.
- We don't need to insert this many posts in the first place to test the case
- The reason why it is taking longer to do the insertion operation then before should be investigated separately
2019-10-14 16:11:10 +02:00
Kevin Ansfield
8e2ed1d5b0 Updated Ghost-Admin to 2.37.0 2019-10-14 13:50:10 +01:00
Rishabh Garg
1e9d4875f5
Added new member subscription settings (#11240)
no issue

We added 2 new member subscription settings - `allowSelfSignup` and `fromAddress`- with defaults as `true` and `noreply`, this migration sets default values for both settings for users migrating from previous version and cleans up intermediate naming for `allowSelfSignup`.
2019-10-14 16:58:15 +05:30
Nazar Gargol
84d40983d2 Unskipped fixed test
no issue

- The test was fixed with 4a10ddc8fa
2019-10-14 12:21:26 +02:00
Fabien O'Carroll
20a6ad1ea6 Added member.added and member.deleted webhooks
no-issue
2019-10-14 15:50:24 +07:00
Fabien O'Carroll
5fb05e970c Updated webhook default to v3 api
no-issue

There are no members serializers on the v2 api
2019-10-14 15:50:24 +07:00
Fabien O'Carroll
d680f33f10 Removed unused members getter
no-issue

This would have errored when used
2019-10-14 15:50:24 +07:00
Fabien O'Carroll
94b261759e Added added and deleted events to member model
no-issue

These can be used to trigger webhooks
2019-10-14 15:50:24 +07:00
Fabien O'Carroll
df8a67a9ca Enabled members by default (#11190)
no-issue

This removes the need for `enableDeveloperExperiments` flag for members
2019-10-14 08:34:04 +05:30
Kevin Ansfield
4bdaa16792 Fixed tests 2019-10-11 13:45:54 +01:00
Kevin Ansfield
05f348f0fe Merge branch 'master' into v3 2019-10-11 13:28:19 +01:00
Kevin Ansfield
8aa3b40fd6 Fixed tests 2019-10-11 13:16:54 +01:00
Rish
0a75921a53 Updated Ghost-Admin to 2.36.0 2019-10-11 16:59:08 +05:30
Kevin Ansfield
78e16ddd3f Merge branch 'master' into v3 2019-10-11 11:31:31 +01:00
Rishabh Garg
fb1d11c09a Fixed subscribers migration to work without model (#11227)
no issue

Since we removed subscribers code in v3, we cannot use `models.Subscribers` for migration, and instead switch to using db directly for fetching existing subscribers before migrating them to members.
2019-10-11 10:43:18 +01:00
Rish
cd02fd5c63 Renamed member requirePayment setting
no issue

Renames member setting `requirePaymentForSignup` -> `allowSelfSignup` to match members API usage
2019-10-11 14:08:31 +05:30
Fabien O'Carroll
85d83b4f08 Fixed regression test for canary content api
no-issue

We now return the visibility field on the content api
2019-10-11 14:14:46 +07:00
Fabien O'Carroll
3eb4427888
Exposed visibility prop for posts on canary api (#11229)
no-issue

This is required by the theme layer to style member only posts
differently
2019-10-11 13:58:50 +07:00
Fabien O'Carroll
95fa815eb3 Improved settings model tests
no-issue

This makes them way less brittle and reliant on correctly indexing an array
2019-10-11 13:47:48 +07:00
Fabien O'Carroll
1500881923 Renamed getRequirePaymentSetting
no-issue

The negation before this function call was a little easy to miss for me
2019-10-11 13:47:48 +07:00
Fabien O'Carroll
0c602976c0 Passed members_email_auth_secret to members-api
no-issue
2019-10-11 13:47:48 +07:00
Fabien O'Carroll
cbb13904b8 Added members_email_auth_secret setting
no-issue

This will be used for signing HS256 JWTs it's a 64 byte (256 bit) hex
string
2019-10-11 13:47:48 +07:00
Fabien O'Carroll
ef5e6f7e5b Removed text-transform: capitalize from buttons
no-issue

Button text should be sentence case not title case
2019-10-11 11:45:11 +07:00
Fabien O'Carroll
527632f287 Updated members email templates
no-issue

These changes fix come colors and styles
2019-10-11 11:45:11 +07:00
Fabien O'Carroll
3062ec7690 Wired up members plaintext emails
no-issue
2019-10-11 11:45:11 +07:00
Fabien O'Carroll
257bebbb39 Wired up the members emails templates
no-issue
2019-10-11 11:45:11 +07:00
Fabien O'Carroll
f4d202d7c5 Added member email templates
no-issue
2019-10-11 11:45:11 +07:00
Fabien O'Carroll
98f27c1c33 Added getSubject function for members emails
no-issue
2019-10-11 11:45:11 +07:00
Fabien O'Carroll
6f160518d1 Ensured that members emails include our text version
no-issue
2019-10-11 11:45:11 +07:00
Fabien O'Carroll
b030081a4b Updated GhostMailer to allow forcing text content
no-issue

This is so that we can pass our own customised text content
2019-10-11 11:45:11 +07:00
Naz Gargol
1b04b48ffd Added from parameter for member emails (#11222)
* Added from parameter for member emails

no issue

- Passed in the `from` parameter when initializing members mailer to be able to customize outgoing address
- Extends GhsotMailer to accept a from parameter from the outside
2019-10-11 11:21:53 +07:00
Kevin Ansfield
0cc8b019d1 Updated Ghost-Admin to 2.35.0 2019-10-10 18:18:45 +01:00
Kevin Ansfield
c0533b75ac Fixed regression tests 2019-10-10 17:45:47 +01:00
Kevin Ansfield
6b3c4a59b4 🐛 Fixed rendering and url transformation of v1 "card-markdown" aliased cards
no issue

- Ghost 1.x stored markdown cards with the name `card-markdown`, this was changed in Ghost 2.x to be `markdown`. To keep compatibility with the older mobiledoc content the `markdown` card was aliased using a straightforward `Object.assign()`. Unfortunately this failed to work adequately when the url transformation functions were added to cards and resulted in corrupted data being returned in API responses
- moved the markdown card definition into a factory function so that a clean card definition object can be used for both the `markdown` and `card-markdown` cards
2019-10-10 16:35:29 +01:00
Rish
4f0ca2914f Updated members schema validation for name
no issue

- Removed minimum length requirement for `name` as its possible to have empty name for a member
2019-10-10 17:26:56 +05:30
Fabien O'Carroll
6b4e6fb400 Removed unused stripe_customers relationship
no-issue
2019-10-10 17:51:46 +07:00
Fabien O'Carroll
99681e692a Updated the create,get&update member functions
no-issue

This updates them to async functions, and defaults falsy name and note to null
2019-10-10 17:51:46 +07:00
Fabien O'Carroll
38832d5c6b Added note to member json schema
no-issue
2019-10-10 17:51:46 +07:00
Fabien O'Carroll
f3a8119870 Added note column to csv import/export for members
no-issue
2019-10-10 17:51:46 +07:00
Fabien O'Carroll
fe59613867 Wired up the note property to members-api
no-issue
2019-10-10 17:51:46 +07:00
Fabien O'Carroll
035cb55ca9 Added migration for note column on members table
no-issue
2019-10-10 17:51:46 +07:00
Fabien O'Carroll
0a40d11af9 Added note column to members table
no-issue
2019-10-10 17:51:46 +07:00
Fabien O'Carroll
58651caa32 Removed members endpoint from admin v2 api
no-issue
2019-10-10 17:51:46 +07:00
Fabien O'Carroll
dd214d71dc Decoupled add from importCSV queries
no-issue
2019-10-10 17:51:46 +07:00
Kevin Ansfield
08a0a4c69e Fixed regression tests 2019-10-10 11:10:04 +01:00
Kevin Ansfield
7fc10106dc Merge branch 'master' into v3 2019-10-10 10:37:42 +01:00
Nazar Gargol
977fb5f650 Added reading_time property to post/page resources in Content API 2019-10-10 15:42:04 +07:00
Nazar Gargol
4a10ddc8fa Fixed unsafeAttributes fetching in Admin API v2
no issue

- This check was misside and only was implemented for canary.
2019-10-09 21:16:27 +02:00
Kevin Ansfield
e37cb1dce8 Updated Ghost-Admin to 2.34.0 2019-10-09 18:43:04 +01:00
Kevin Ansfield
cb89703e2b Fixed regression tests 2019-10-09 18:37:44 +01:00
Kevin Ansfield
57e9bd5aae Updated regression tests for subscribers removal 2019-10-09 16:40:52 +01:00
Kevin Ansfield
587bd8accb Merge branch 'master' into v3 2019-10-09 15:04:09 +01:00
Kevin Ansfield
dc9a22d4de
Updated post model url transforms for posts/posts_meta split (#11223)
no issue

- `og_image` and `twitter_image` fields are now located in a separate model so the transform functionality for those fields needed to move accordingly
2019-10-09 13:38:08 +01:00
Rish
e7d7d9fdcc Added new fromAddress setting for member subscriptions
no issue

- Adds new `fromAddress` setting for member subscriptions to allow custom from mail address
2019-10-09 15:28:40 +05:30
Naz Gargol
0225936292
Removed subscribers from the codebase (#11153)
refs https://github.com/TryGhost/Ghost/pull/11152

- Added subscribers table drop migration
- Removed subscribers from schema
- Removed subscribers controllers/routes/regression tests
- Removed subscriber related API code
- Removed subscribers from internal apps
- Removed subscriber importer
- Removed subscriber model
- Removed subscriber related permissions
- Removed webhook code related to subscribers
- When upgrading to v3 it is on the site admin to migrate all zapps or any other webhook clients to use members
- Removed subscriber-specific translation
- Removed subscriber lab flag
2019-10-09 11:47:04 +02:00
Fabien O'Carroll
b77026870b Moved migrations from 3.0 to 2.34
no-issue
2019-10-09 16:24:51 +07:00
Fabien O'Carroll
cbb6337ae4 Prefixed stripe_customers_subscriptions with members
no-issue
2019-10-09 16:24:51 +07:00
Fabien O'Carroll
29b3dad302 Updated get/set metadata fn signatures
no-issue

This is to reflect an upstream change in members-api
2019-10-09 16:24:51 +07:00
Fabien O'Carroll
4c07d86086 Updated getMemberMetadata to use findAll method
no-issue

This means we go via our version of the bookshelf model
2019-10-09 16:24:51 +07:00
Fabien O'Carroll
ee0449245a Updated setMemberMetadata to use upsert method
no-issue

Much cleaner now :)
2019-10-09 16:24:51 +07:00
Fabien O'Carroll
3366bd1254 Added upsert method to stripe models
no-issue

This is kind of copied from the session model, but simplified
This will allow much easier integration with members-api
2019-10-09 16:24:51 +07:00
Fabien O'Carroll
998642eb24 Allowed filter option for findAll method
no-issue

This will allow us to constrain findAll queries, rather than using knex
`where` & `fetchAll` methods
2019-10-09 16:24:51 +07:00
Fabien O'Carroll
a6354d1acb Updated members api to store/retrieve subscriptions
no-issue
2019-10-09 16:24:51 +07:00
Fabien O'Carroll
37bb12afb3 Added model for stripe_customers_subscriptions
no-issue
2019-10-09 16:24:51 +07:00
Fabien O'Carroll
0c32dfaa30 Added migrations for stripe tables
no-issue
2019-10-09 16:24:51 +07:00
Fabien O'Carroll
a4ff87a774 Added stripe subscriptions & updated customers table
no-issue
2019-10-09 16:24:51 +07:00
Naz Gargol
786eaac57e
Added permission restrictions to editing members flag (#11217)
no issue

- Added test cases to check edit permission on settings endpoints
- Added test to demonstrate owner-only being able to toggle members flag
- Permission check when editing settings `lab.members`
- Passed additional function to permissions to allow custom selection of unsafe attributes due to settings object structure.
- Fully implementing this check on controller level would be wrong architecturally and not that straight forward because we lack role data in "frame"
- Cleaned up test after moving default_content_visibility to it's own property
2019-10-09 10:26:54 +02:00
Fabien O'Carroll
1e731dcdd3 Removed token param on page load for members
no-issue

This adds a bit of protection from accidentally sharing the url, and
also makes the url look cleaner
2019-10-09 13:36:06 +07:00
Fabien O'Carroll
dd419be2fb Added guard for missing stripe tokens
no-issue

This ensures that even if a stripe config object is present, we still
ensure that stripe is configured without keys
2019-10-09 12:00:53 +07:00
Fabien O'Carroll
079a64e46b Exposed @member.firstname in the theme data
no-issue

This is very basic split on whitespace for now
2019-10-09 12:00:53 +07:00
Rishabh Garg
7dc2eb2a1e
Added new requirePaymentForSignup setting for members (#11214)
* Added new `requirePaymentForSignup` setting for members

no issue

- Adds new `requirePaymentForSignup` setting flag for members, `false` by default.

- Wired members API `allowSelfSignup` to `requirePayment` setting
2019-10-08 22:00:46 +05:30
Naz Gargol
daa77c5c00
Permission restrictions for post.visibility modifications (#11213)
no issue

- Limited posts visibility field permissions to Editor-Up + Admin Integrations
- We don't want contributors or other roles lower than Editor to be able to modify content gating attribute
2019-10-08 15:44:27 +02:00
Kevin Ansfield
6028fde666 Merge branch 'master' into v3 2019-10-08 13:58:08 +01:00
Kevin Ansfield
c78496c456 Updated Ghost-Admin to 2.33.0 2019-10-08 11:25:41 +01:00
Rishabh Garg
d9a0c8732c Fixed error when saving unknown url in bookmark card (#11210)
no issue

- `payload.metadata` may not exist in a bookmark card because it's possible to save a mobiledoc document when the card is in it's "unable to parse url" state in the editor
- check for `payload.metadata` object before performing any url transformations to avoid invalid property access
2019-10-08 11:11:32 +01:00
Fabien O'Carroll
f1ef801b78 🐛 Fixed error when during migration to 2.32.0 on mysql (#11208)
closes #11207

MySQL doesn't allow unqiue keys with a length of more than 191 when using InnoDB with utfmb4. These changes will ensure any incorrect tables created are fixed and have the
correct length for customer_id

* Changed `customer_id` to non-unique column
* Nooped the 2.32 `members_stripe_customers` migration
* Added migration to recreate `members_stripe_customers` table
  * sqlite doesn't allow `ALTER TABLE` queries so this is the cleanest solution considering the table is not yet in use
2019-10-08 11:07:29 +01:00
Kevin Ansfield
d81c3410cb Updated Ghost-Admin to 2.32.0 2019-10-07 23:11:18 +01:00
Kevin Ansfield
32f3f9d2c3 🐛 Fixed "unsaved changes" modal displaying when post has been saved
refs https://github.com/TryGhost/Ghost/issues/10477

The unsaved changes modal is displaying even when the post has been saved if images have been uploaded because the server is transforming absolute image urls to relative during input of the `mobiledoc` field but not transforming them back to absolute during output. The editor then thinks it's out of sync and shows the warning when trying to leave.

- `@tryghost/url-utils` has been updated with new methods for transforming URLs in mobiledoc content
- moves absolute->relative transformation from the API input serializers into the Post model
- transforms URLs in more fields for a more comprehensive transformation and fewer issues when re-configuring a site's domain
  - previously there could be problems with internal links between posts not being transformed so you could change the url config to newdomain.com but links in post content would still be pointing to olddomain.com
- updates the API post output serializers to transform all modified fields
- drops the `?absolute_urls=true` param switch from the `canary` API post output serializer so that all URLs are output as absolute
  - we're transforming more urls to relative when saving so this is necessary to ensure the unsaved changes modal is not triggered
  - the query param isn't documented and will disappear in v3
2019-10-07 22:59:19 +01:00
Kevin Ansfield
fa4e68ba13 Added transformer methods to mobiledoc cards
no issue

- adds abolsute->relative and relative->absolute transformer methods to card definitions
- allows for each card to tailor it's transformation to the specific needs of it's payload so that the `mobiledoc` field can be transformed successfully during API serialization/deserialization
2019-10-07 22:59:19 +01:00
Fabien O'Carroll
a12a8bd109 Updated eslint for tests to allow async functions
no-issue
2019-10-06 21:03:56 +07:00
Fabien O'Carroll
5b33507bf8 Allowed overriding the default from address
no-issue

This will allow the members service to pass a custom from address
2019-10-06 21:03:56 +07:00
Fabien O'Carroll
a6086995a6 Refactored GhostMailer into a class
no-issue

This breaks down the send method into distinct components that are
easier to reason about
2019-10-06 21:03:56 +07:00
Fabien O'Carroll
f349c5385c Used sinon.createSandbox rather than global sinon
no-issue
2019-10-06 21:03:56 +07:00
Fabien O'Carroll
a22d575a9e Removed from and getDomain methods from prototype
no-issue
2019-10-06 21:03:56 +07:00
Fabien O'Carroll
f4dbcb5f35 Changed imported modules assigned to const
no-issue

Updates to current standard
2019-10-06 21:03:56 +07:00
John O'Nolan
423b0d5412 Updated default from-address for system emails (#11202)
no-issue

Until now, we've used ghost@siteurl.com as the default from address for system emails, like user invitations and password resets. This was fine, because all system emails were going to people who would interact with "ghost" the app in some way, so the naming made sense.

Now we're introducing members, which will send emails on behalf of of the site owner, to their readers. If all goes to plan, they should be able to set a custom from address, however our default mail config will still be the fallback if no other value is available.

If you run "magazine.com" and you send someone a link to "login to magazine.com" then it's pretty weird for that email to come from "ghost@magazine.com" - so this PR changes the default value from ghost to noreply for an equally generic, but less opinionated default.
2019-10-06 19:02:10 +07:00
Fabien O'Carroll
b8e39af7ac Added stripe query param to checkout redirect urls
no-issue

The value will be set to one of 'success' or 'cancel' based on howthe
user exited the checkout flow.
2019-10-06 13:54:09 +07:00
Nazar Gargol
b750bb9a5d Fixed post model regression test
no issue

- The fake call logic had to be updated as a result of this change e214838039
2019-10-04 11:17:00 +02:00
Naz Gargol
a4462c5753
Added members CSV export to Admin API (#11198)
no issue
2019-10-03 20:36:22 +02:00
Naz Gargol
bb355ac9f2
Added members CSV import to Admin API (#11197)
no issue

- Improved error handling for member creation. We should be returning 422s instead of 500 when possible
- Wrapped `members.add` method with Bluebird promise. Wrapping is needed to be able to use `.reflect()` in CSV export method
- Added proper members CSV fixture
2019-10-03 19:59:19 +02:00
Kevin Ansfield
1fa70dea23
Whitelisted members endpoints for v2 and canary Admin APIs (#11196)
no issue

- http verbs needed to be whitelisted for the members endpoint to avoid `NotImplementedError`s when accessing
2019-10-03 17:28:20 +01:00
Naz Gargol
30326cbd2d
Added handling for PUT members endpoint (#11194)
no issue

- Adds the ability to edit `name` field for a specific member by using `PUT /members/:id` endpoint
2019-10-03 13:38:22 +02:00
Fabien O'Carroll
d4f71ade11 Added support for dynamic stripe checkout redirects
no-issue

You can now use `data-members-success` and `data-members-cancel` on any
element which also has a valid `data-members-plan` attribute to set the
cancel and success redirects for stripe checkout.

The value will be used similar to how a `href` attribute would be.

e.g.

On a page https://site.com/membership

An attribute of "/success" would redirect to https://site.com/success
An attribute of "success" would redirect to https://site.com/membership/success
An attribute of "https://site.com/whatever" would redirect to https://site.com/whatever
2019-10-03 17:36:33 +07:00
Naz Gargol
5228d9819b
Added members POST API (#11189)
no issue

- Added Regression full test coverage for members Admin API
- Added `POST /members` endpoint
- Added members schema definition + validation
- Added ability to pass through send_email/emal_type options to members API
2019-10-03 11:15:50 +02:00
Kevin Ansfield
839cf0289f Added tests for bookmark card
no issue
2019-10-02 17:47:37 +01:00
Nazar Gargol
7abeaf6f18 Fixed local utils paths in canary regression tests
no issue

- The path that was used pointed to differen API which was overseen during one of the refactorings
2019-10-02 17:09:33 +02:00
Nazar Gargol
fae0975c6e Removed check for isPaid flag
ref 6bbe7bb3d4

- This value is no longer being set on the client side and doesn't serve any purpose. The logic should rely on payment processors being configured instead
2019-10-02 11:22:29 +02:00
Naz Gargol
e214838039
Improve visibility's default handling (#11183)
no issue

- Moved default_content_visibility out of labs as we should be extra careful with what is exposed in the labs + it doesn't really belong there.
2019-10-02 11:08:10 +02:00
Fabien O'Carroll
a3f3a56589 Fixed DELETE method for members on admin
no-issue

members-api uses async functions internally which return non-bluebird
promises, so the `return` method wasn't availiable.
2019-10-02 15:44:14 +07:00
Fabien O'Carroll
2bdef15971 Passed basic updateMember function to members-api
no-issue

This adds support for updating member names
2019-10-02 15:26:40 +07:00
Fabien O'Carroll
db51add380 Passed logging correctly to members-api
no-issue

Since 0.7.2 of members-api setLogger has been removed and expects a
logger to be passed at creation
2019-10-02 14:03:00 +07:00
Fabien O'Carroll
500f8aac17 Passed partner_id in stripe appInfo
no-issue

This correctly configures stripe to use our partner integration
2019-10-01 17:55:59 +07:00
Fabien O'Carroll
655edcd5be Supported data-members-form=signup/signin/subscribe
no-issue

This allows the theme developer to drive the different flows based on
the data-members-form attribute. If the attribute is empty or blank, the
default "signin" will be sent.
2019-10-01 15:16:28 +07:00
Fabien O'Carroll
a0a406fe6a Updated members api to use type for url/email
no-issue

This adds basic templates for "signup"/"signin"/"subscribe" types for
the magic-link email template. It also adds the action query parameter
to the link so that clientside js can handle the different states.
2019-10-01 15:16:28 +07:00
Fabien O'Carroll
d899923210 Renamed @member.subscribed to @member.paid
no-issue

To match the content gating terminology
2019-10-01 13:05:48 +07:00
Fabien O'Carroll
10cf9539db Added name, email & subscriptions to data in theme
no-issue

This is to allow better customistion of a "members area" in the theme
2019-10-01 13:05:48 +07:00
Nazar Gargol
a33d5feb43 Fixed db regression tests
refs 6859e9a9a1

- The change in the ref didn't take into account increasing counts in regression tests
2019-09-30 22:32:11 +02:00
Nazar Gargol
955bc434d1 Fixed posts model regression test
no issue

- The failing test was introduced with 80f7e0b19e
- The counter was not correctly incremented
2019-09-30 21:25:23 +02:00
Nazar Gargol
84b08e627d Removed #member tag logic from input/output serializers 2019-09-30 17:46:36 +02:00
Naz Gargol
36379b2806
Added content gating based on visibility flag (#11173)
no issue

- Checks content gating based on members current plan and visibility option set on the requested post/page
2019-09-30 17:40:03 +02:00
Naz Gargol
80f7e0b19e
Added default_content_visibility flag for content gating (#11163)
no issue

- Added 'labs' flag settings test
- Added test for default_content_visibility flag
- Default post's visibility takes into account values set in default_content_visibility setting
2019-09-26 15:40:24 +02:00
Naz Gargol
ff13821b27
Members post gating options (#11160)
no issue

- Removed uses of `visibility` column in frontend url service configs
- The value of `visibility` is always set to 'public' in posts at the moment and doesn't serve any specific purpose when used with these filters.
- Allowed new visibility attributes in post model
- `posts.visibility` column is being repurposed for the needs of member content gating
- Added test for visibility editing in Admin API
- Corrected test schema checks for Admin API post/page responses
2019-09-26 15:38:35 +02:00
Fabien O'Carroll
f1cd51b04b Added support for setting name in members-api
no-issue
2019-09-26 17:32:32 +07:00
Naz Gargol
a562f09c0d
🏗 Migrated subscribers data to members (#11152)
no issue 

- Populates members table with existing subscribers. Only takes into account columns we know already exist and need to be copied i.e `name`/`email`
2019-09-26 10:39:20 +02:00
Fabien O'Carroll
a62b014905 Renamed members_stripe_info to members_stripe_customers
no-issue

This is more specific and better if we start adding more stripe tables
2019-09-26 12:58:29 +07:00
Fabien O'Carroll
9b3d45d4c4 Corrected number for members name column migration
no-issue
2019-09-26 12:58:29 +07:00
Fabien O'Carroll
18285613c9 Ensured webhook handler uses members servicer getter
no-issue
2019-09-26 11:35:44 +07:00
Fabien O'Carroll
d81e1bf1c3 Allowed newer tokens to refresh member session
no-issue

This is so that an email sent after a payment is made will refresh the
session.
2019-09-26 11:35:44 +07:00
Fabien O'Carroll
a85328f0e5 Passed the set/get metadata methods to members-api
no-issue
2019-09-26 11:35:44 +07:00
Fabien O'Carroll
d4249a07c0 Wired up the members webhook handler endpoint
no-issue
2019-09-26 11:35:44 +07:00
Fabien O'Carroll
ab18905c76 Updated members api to use middleware exposed
no-issue
2019-09-26 11:35:44 +07:00
Fabien O'Carroll
11e246a93a Allowed checkout flow to be started without member
no-issue

This will allow non-logged in members to start the stripe checkout flow,
which will result in a webhook being sent
2019-09-26 11:35:44 +07:00
Fabien O'Carroll
a6fa0bc043 Updated member.plans to member.stripe.subscriptions
no-issue

This is to support the new format in which stripe information is
returned from the members-api module.
2019-09-26 11:35:44 +07:00
Fabien O'Carroll
97bf329ee2 Passed appInfo to members-api stripe instance
no-issue
2019-09-26 11:35:44 +07:00
Kevin Ansfield
d69440bd4f
Update dependency @tryghost/url-utils to 0.4.0 (#11156)
no issue

- updates usage of `htmlRelativeToAbsolute` to avoid unnecessary duplication of "home" url fetching (the UrlUtils instance already has that information)
2019-09-25 12:35:59 +01:00
Naz Gargol
d54be917d1
Added name column back to members table (#11151)
refs 294f3769cb

- We have a need for name field now :)
- This time `name` is nullable !
2019-09-25 10:44:50 +02:00
Fabien O'Carroll
c9b4fa4a09 Updated Member model to handle stripe_info property
no-issue

This maps the stripe_info property to the MemberStripeInfo model, so
that we can update the member model, and correctly add/edit rows in the
members-stripe-info table.
2019-09-25 10:05:30 +07:00
Fabien O'Carroll
e54adfd30d Added MemberStripeInfo model
no-issue

Simple model to allow us to do relations with the Member model
2019-09-25 10:05:30 +07:00
Fabien O'Carroll
fd1db4ffac Added migration for members-stripe-info table
no-issue
2019-09-25 10:05:30 +07:00
Fabien O'Carroll
6859e9a9a1 Added members-stripe-info table
no-issue

This will be used to store stripe specific information for members

customer_id has a max length of 255 https://stripe.com/docs/upgrades

member_id is not unique as we cannot ensure that a member doesn't have
more than one customer object associated with them. e.g. if they signup
twice, or if they cancel, and signup again, creating a new customer.

We probably won't handle this case to begin with, but we will keep the
data intact.
2019-09-25 10:05:30 +07:00
Fabien O'Carroll
e078cb5612 Removed unused password logic from Member model
no-issue
2019-09-25 10:05:30 +07:00
Rish
1559d7cb54 Skipped scheduler tests using old auth method
no issue

To be updated
2019-09-24 12:17:03 +05:30
Rish
5de1c58c50 Switched to correct local utils for api regression tests
no issue

Previously were using now non-existent old/admin utils from acceptance test
2019-09-24 11:18:23 +05:30
Kevin Ansfield
3eb11533bd Marked the client auth table drop migration as irreversible
no issue

- bumps `knex-migrator` so it supports irreversible migrations
- marks the `03-drop-client-auth` migration as irreversible because it destroys data that is not recoverable and is required for earlier versions of Ghost to function
2019-09-23 17:22:46 +01:00
Rishabh Garg
6d0f19ebfa
🏗 Migrated scheduler to work with v2 API (#11142)
* Updated scheduler to use v2 API by default

* Updated scheduling for post/page resource types

* Extended base method to take options param with token and jwt options

* Updated token expiration to 6 hours after publish/blog start time to allow retries
2019-09-23 21:42:53 +05:30
Nazar Gargol
1ae491b567 Updated Ghost-Admin to 2.31.1 2019-09-23 17:13:25 +02:00
Nazar Gargol
3712e6e01c Bumped gscan to 2.9.0 2019-09-23 16:48:21 +02:00
Naz Gargol
50546d8cba
🔥 Removed deprecated ghost_head and ghost_foot properties from /settings responses (#11144)
no issue 

- Removed ghost_head/ghost_foot propeties from Content API `GET /setting` response
- Removed ghost_head/ghost_foot from the output in Admin API
- Added validation when requesting ghost_head/ghost_food fields
- Updated deprecation comments
2019-09-23 12:59:00 +02:00
Hannah Wolfe
36db3ce66f Added tests for x-request-id handling
refs 0107ac848

- added unit tests for middleware added yesterday
2019-09-23 07:34:59 +01:00
Hannah Wolfe
0107ac848a Improved x-request-id handling
- Currently, we create a request ID for internal use if one isn't set & this is used in logs
- If a custom request ID is set via X-Request-ID header, this gets logged, however, we don't return this with the response
- Means that a custom ID gets lost on the way back out, and makes tracing requests through a system trickier
- This change ensures that if X-Request-ID is set on the request, it is also set on the response so that requests can be properly traced
- It's easy to set this in e.g. nginx so that the feature becomes available - Ghost doens't need to do this
- Note: also split request id handling out into new middleware
2019-09-22 18:23:45 +01:00
Naz Gargol
2ea8c3e33b
Switched to canary endpoints in acceptance tests (#11143)
no issue

- Switched acceptance tests to run against canary branch
- Corrected actions specs
- Corrected authentication spec
- Moved test suites our of 'old' folder
2019-09-20 17:02:45 +02:00
Kevin Ansfield
5189f5e640 Removed begin/end html comments from output of most cards
no issue

- the begin/end comments are only really useful when wrapping free-form content cards such as html and markdown, the rest all have specific elements and classes that can be used in parsers
- made the comment wrappers optional in the `render()` function created by the `createCard()` factory
- opted into comment wrappers for the html and markdown cards
2019-09-20 14:31:42 +01:00
Nazar Gargol
18798f5315 Fixed gscan failures
- Adjusted theme fixtures to follow new rules introduced in gscan 2.9.0:
- {{code}} deprecation on canary only
- style errors on v2+ rules
2019-09-19 23:15:18 +02:00
Nazar Gargol
cc8f9bcb98 Marked code property for removal in Ghost 4.0
refs https://github.com/TryGhost/gscan/issues/144
refs https://github.com/TryGhost/gscan/pull/259

- The property hasn't been marked correctly in Ghsot 2.0 so will be able to go away the earliest in Ghost 4.0
2019-09-19 12:15:17 +02:00
Kevin Ansfield
fb1b207db9 Fixed error rolling back the "remove empty strings" migration
no issue

- rollbacks have switched to using transactions but the migration code was copied from an old migration coded before that switch
- `down()` is no longer called with an object that contains a `connection` key, it has `transacting` instead
2019-09-18 16:08:18 +01:00
Naz Gargol
6f9026af6b
Limited legacy subscriber webhook payload to v2 only (#11139)
no issue

- In v3 we don't need to support any legacy webhook formats
- Added a comment about the removal of the format when v2 is dropped
2019-09-18 16:22:07 +02:00
Nazar Gargol
3b65081b5e 🔥 Removed deprecated markdown wrapper 2019-09-18 11:53:41 +02:00
Nazar Gargol
5def462bf0 Removed confusing use of v0.1 in theme handler test 2019-09-18 10:27:23 +02:00
Nazar Gargol
38a7a66fd1 Updated author/author_id cleanup notes
no issue

- Updated test utilities to clearly identify both fields are not used in API responses
- Updated comment to remember clearning authors/author_id before releasing Ghost 4.0
2019-09-17 17:26:23 +02:00
Nazar Gargol
a43ff6f639 Removed v0.1 TODO for {{excerpt}} helper
no issue

- The general "revisit" of of this helper might happen in the future but has nothing critical to do with shipping v3 or dropping v0.1 support
2019-09-17 17:16:36 +02:00
Naz Gargol
a2ebee3f4e
🔥 Removed 'staticPages' filter (#11135)
refs #5151
refs #10737

- Removed all uses/references to post's "staticPages" filter
- It was only a feature specific to API v0.1 which doesn't have to take space in the codebase anymore
2019-09-17 14:12:25 +02:00
Nazar Gargol
a30812cce1 Bumped default API for member to v3 2019-09-17 10:15:39 +02:00
Nazar Gargol
8e54cfd31f Bumped default API for url utils to v3 2019-09-17 09:43:31 +02:00
Fabien O'Carroll
24e730fa25 Updated members-ssr middleware to async functions
no-issue

Also updates to use Object.assign rather than req.member = value to get
around false positives from eslint:

  * https://github.com/eslint/eslint/issues/11899
2019-09-17 11:05:06 +08:00
Fabien O'Carroll
162ff4e0bf Removed POST signin functionality
no-issue

This is no longer needed as we can signin with a GET now
2019-09-17 11:05:06 +08:00
Fabien O'Carroll
73bc3ec388 Added a middleware to handle signin via a GET
no-issue

This also adds a basic check before handing of to the members-ssr
module, this should make logs a little less noisy and only log warnings
if a token was passed and that token was invalid/incorrect.
2019-09-17 11:05:06 +08:00
Fabien O'Carroll
0e60b5dea4 Updated members service usage of members-ssr@0.5.0
no-issue

members-ssr@0.5.0 changed the `membersApi` param with `getMembersApi`
2019-09-17 11:05:06 +08:00
Fabien O'Carroll
531e217b82 Protected members middleware with a labs check
no-issue

This would have been creating a lot of noisy logs for sites without
members enabled.
2019-09-17 11:05:06 +08:00
Fabien O'Carroll
a3940ef9db Simplified urlUtils require path
no-issue

This was previously going to a parent directory which was shared by both modules
2019-09-17 11:05:06 +08:00
Nazar Gargol
f371ccd9e5 Bumped default engines.ghost-api to v3 2019-09-16 23:05:12 +02:00
Kevin Ansfield
5be275bd46
Added migration for re-generating html of all posts (#11133)
refs https://github.com/TryGhost/Ghost/issues/10445

- re-generates HTML for every post so that they are using the most recent Koenig renderer output
2019-09-16 17:44:00 +01:00
Kevin Ansfield
ea7a677e4a
Added migration to normalize all empty strings to NULL (#11132)
refs https://github.com/TryGhost/Ghost/issues/10388, original PR https://github.com/TryGhost/Ghost/pull/10428

- re-introduces the migration which normalizes all empty strings in the database to `NULL`
- this was previously reverted due to being too large of a migration for a minor but a major is a good time to do it
2019-09-16 17:43:48 +01:00
Naz Gargol
0bee38d586
💡Bumped gscan version to 2.8.0 (#11134)
no issue

- This version contains --canary flag and new rules that come with it
- The theme checks will be run against canary rules by default
2019-09-16 18:22:49 +02:00
Naz Gargol
cb58115700
🔥 Moved user email removal to API serialization layer (#11110) 2019-09-16 15:42:14 +02:00
Kevin Ansfield
39db5bd177 Prefixed 3.0 migrations with 0 to preserve order
no issue

- `knex-migrator` will run migrations in the order that nodejs provides when running `fs.readDirSync` which in most cases is strict alphabetical
- 3.0 will shortly have more than 9 migrations which was resulting in the migration order being 1, 10, 2
- prefixing all single-digit migrations with `0` means that strict alphabetical ordering results in the expected order
2019-09-16 13:21:39 +01:00
Kevin Ansfield
06365b282f Fixed migrations folder name
no issue

- 3.0.0 was renamed to 3.0 for consistency
2019-09-16 11:54:03 +01:00
Kevin Ansfield
e57e19ec31
🏗 Migrated posts.page column to posts.type (#11111)
refs https://github.com/TryGhost/Ghost/issues/10922

- adds migrations to...
  1. add `post.type` column
  2. populate `post.type` column based on `post.page` value
  3. drop `post.page` column
- updates all code paths to work with `post.type` in place of `post.page`
- adds `nql-map-key-values` transformer for mapping `page`->`type` in `filter` params when using the v2 API
- modifies importer to handle `post.page`->`post.type` transformation when importing older export files
2019-09-16 11:51:54 +01:00
Rish
d2bd3975f9 Fixed migration order 2019-09-16 14:22:01 +05:30
Rish
0b34b508d8 Fixed migration order and folder naming 2019-09-16 14:19:13 +05:30
Rishabh Garg
8ec12d9eee
🏗 Extracted post metadata in new post_meta table (#11102)
NOTE: The post metadata table split is purely an internal optimization for v3 and doesn't require or expect any external actions including related API usage in v3

We keep running into issues adding new fields to the post table because there are too many fields making the post table "too wide". We have also hit MySQL limitations in how many bytes can be in a row (64kb) with post table.

In v3, we decided to split the 8 post fields (meta, twitter and og) used for meta data into a posts_meta table as these 8 fields are all "problem" `varchar` fields and make sense logically grouped together. The API layer is unaffected by the split as input/output serializers ensure the data flow works the same way as it was in v2. Only thing to note is json export in v3 will have slightly different structure with posts meta fields as separate.

- Creates new post_meta schema/table with 8 fields (2 meta_* , 3 twitter_* and 3 og_*)
- Update relations between post and post_meta table
- Update input/output serializers to keep existing API behavior
- Avoids new entry in post_meta table for post where all meta fields are null
- Keeps the current fields API param behavior
- Handles migration of existing posts to new table structure
- Updates importer/exporter to work seamlessly with table changes
2019-09-16 14:15:55 +05:30
Kevin Ansfield
378ebe62b1 Merge branch 'master' into v3 2019-09-16 09:32:10 +01:00