Commit Graph

228 Commits

Author SHA1 Message Date
Harry Wolff
f16dc290b7 Improve bootstrap flow of a Ghost application
addresses #1789, #1364

- Moves ./core/server/loader -> ./core/bootstrap.
The bootstrap file is only accessed once during startup,
and it’s sole job is to ensure a config.js file exists
(creating one if it doesn’t) and then validates
the contents of the config file.

Since this is directly related to the initializing 
the application is is appropriate to have 
it in the ./core folder, named bootstrap as that
is what it does.

This also improves the dependency graph, as now
the bootstrap file require’s the ./core/server/config
module and is responsible for passing in the validated
config file.

Whereas before we had ./core/server/config
require’ing ./core/server/loader and running its
init code and then passing that value back to itself,
the flow is now more straight forward of
./core/bootstrap handling initialization and then
instatiation of config module

- Merges ./core/server/config/paths into 
./core/server/config
This flow was always confusing me to that some config
options were on the config object, and some were on
the paths object.

This change now incorporates all of the variables
previously defined in config/paths directly
into the config module, and in extension,
the config.js file.

This means that you now have the option of deciding
at startup where the content directory for ghost
should reside.

- broke out loader tests in config_spec to bootstrap_spec

- updated all relevant files to now use config().paths

- moved urlFor and urlForPost function into 
 ./server/config/url.js
2014-02-07 17:34:21 -05:00
Hannah Wolfe
0dc0a9bb7c Merge pull request #2126 from aiampogi/issue-2114-rssFeeds
Removed author tag inside channel tag in RSS
2014-02-07 11:52:41 +00:00
John-David Dalton
6eab7b3f92 Replace underscore with lodash. 2014-02-06 14:08:34 +00:00
balduv
eadbf7dffb Removed author tag inside channel tag in RSS
closes #2114
- instead of putting author in feedOptions of node-rss, it was moved to itemOptions
- supplying author: user ? user.name : null in itemOptions will still result to creating a dc:creator tag inside item tags so the info needed to have the author is still there like before
- node-rss should however still fix this quirk to not have that nasty author tag in channel tag when you supply author in feedOptions
2014-02-05 13:59:07 +08:00
Hannah Wolfe
f185a5d616 General cleanup
- Cleanup some todos, comments, and unused variables
2014-01-19 21:08:39 +00:00
Hannah Wolfe
c8917cab4d Error message updates
no issue

- couple of tweaks to the messaging of non-fatal errors that can be output when running Ghost
2014-01-12 21:49:24 +00:00
Hannah Wolfe
d6f4312255 Improve errors on image upload 2014-01-11 13:40:21 +00:00
Hannah Wolfe
dcf4b1e4e4 Add update notifications
closes #1464

- adds opt-out via updateCheck:false in config.js
- update check is done on admin index, but doesn't interfere with rendering
- adds update check module, which gets the usage data, makes the request and handles the response
- adds two new settings to default-settings, one for next check time, and one for whether to show the notification
- adds a new rejectError method to errorHandling
- adds a new helper for displaying the notification

Conflicts:
	core/server/helpers/index.js
	core/test/unit/server_helpers_index_spec.js
2014-01-07 08:20:08 +00:00
Hannah Wolfe
af6137248d New URL helper - URL consistency fixes
fixes #1765
fixes #1811
issue #1833

New UrlFor functions

- moved body of url helper to config.path.urlFor, which can generate a URL for various scenarios
- urlFor can take a string (name) or object (relativeUrl: '/') as the first
  argument - this is the first step towards issue #1833
- also added config.path.urlForPost which is async and handles getting
  permalink setting
- frontend controller, ghost_head helper, cache invalidation all now use
  urlFor or urlForPost all urls should be correct and consistent

URL Consistency Improvements

- refactored invalidateCache into cacheInvalidationHeader which returns a
  promise so that url can be generated properly by urlForPost
- moved isPost from models to schema, and refactored schema to have a tables object
- deleted posts now return the whole object, not just id and slug,
  ensuring cache invalidation header can be set on delete
- frontend controller rss and archive page redirects work properly with subdirectory
- removes {{url}} helper from admin and client, and replaced with adminUrl
  helper which also uses urlFor
- in res.locals ghostRoot becomes relativeUrl, and path is removed
2014-01-06 15:15:48 +00:00
Harry Wolff
09b64c82df Remove successful login connections from the auth
throttle list

- once a user has successfully logged into ghost
they no longer are a malicious user and as such
their IP address should be removed from the
array of login attempts

- should also reduce the memory usage of Ghost
as the loginSecurity array gets pruned upon
every successful login

- this also fixes a race condition i was experiencing
during functional tests wherein i would receive
the login throttle message during regular testing.
Seems my machine is able to run casper fast enough
that it could complete each test under an amount
of time that tripped the login throttle message.
2014-01-04 21:52:54 -05:00
Harry Wolff
ab80a132f3 Adds ability to quickly get to post’s edit page
fixes #1810

- updates frontend.single route to accept ‘edit’
as the last param

- updates controller.frontend to handle redirection
only when we would otherwise have rendered the page

- added unit tests for this behavior
2014-01-03 18:16:00 -05:00
Hannah Wolfe
834cb73613 Date permalinks use published date
fixes #1803

- switches date permalinks from created_at to published_at
- enforces that the post will ONLY render if the date is valid and correct
2014-01-01 15:28:59 +00:00
Hannah Wolfe
a2a606a920 Functional test debugging & improvements
issue #1702
2014-01-01 14:52:49 +00:00
Hannah Wolfe
bfe80da54a Enforce 2-digit dates in permalinks
fixes #1800

- changed permalink regex to require 4/2/2/slug
- changed url helper to enforce the same
- changed permalink toggle to set a specific state, this means the
  functional tests are independent again
- chnaged permalink toggle to wait for the settings page to load
- change as many frontend tests to not login as possible
2014-01-01 11:39:19 +00:00
Hannah Wolfe
5ef399faee Merge pull request #1790 from ErisDS/issue-1776
Ensure that RSS doesn't 404 when there is no user
2013-12-31 03:03:05 -08:00
Harry Wolff
91ca4a43e5 Fix routing of posts and static pages
closes #1757 and #1773

- switches routes.frontend for posts and pages
to use a regex with two capturing groups.  This removes
the need to dynamically remove an express route at a
later point, leaving the decision making to frontend
controller.

- added unit tests for all routing conditions that 
can arise for posts and pages.

- updated functional tests to also test for same thing
in unit tests

- removes old code from server/api/index that used
to fix this issue, but is no longer needed

- removed some un-needed require statements in routes/admin
2013-12-30 02:04:46 -05:00
Hannah Wolfe
7f1609ee78 Ensure that RSS doesn't 404 when there is no user
fixes #1776

- could really do with adding a test for this
2013-12-30 01:03:30 +00:00
Hannah Wolfe
ab0ecf65db Merge pull request #1785 from markberger/1777-rss-with-dated-permalinks
RSS uses correct links when dated permalinks are enabled
2013-12-29 16:52:17 -08:00
Mark Berger
0b8fbbb68a RSS uses correct links when dated permalinks are enabled
closes #1777
- Uses coreHelpers.url to resolve post url instead of assuming it is siteUrl + post.slug
- Functional feed tests now check for content instead of just rss tags
2013-12-29 17:13:38 -05:00
remixz
83f51ed08a Add welcome email for new sign ups
Closes #1766
- Once signed up, a quick welcome email is sent
- Links to their blog url, and gives the email they used to sign up
2013-12-29 13:54:15 -08:00
Hannah Wolfe
6f7f61d112 Merge pull request #1772 from markberger/1753-static-page-url
Static pages do not use dated permalinks
2013-12-28 10:40:07 -08:00
Mark Berger
075dd8ac9b Static pages do not use dated permalinks
closes #1753
- Pages are registered to '/:slug/' route if posts are using dated permalinks
2013-12-28 12:47:52 -05:00
Hannah Wolfe
755ad934bf Path, url and subdir cleanup & test
issue #1754

- remove path (it was only used once, and not needed)
- change webroot to subdir
- add unit tests for config.paths
- various other cleanup
- renamed client-side ghostRoot to subdir
- added url helper for client
2013-12-28 16:09:56 +00:00
Patrick Garman
0ffd045fc7 Add Post Tags to RSS Feed
Issue #1722
2013-12-24 10:45:24 -06:00
Harry Wolff
9bbf400dfc Fix loading of static pages in frontend controller
fixes #1644

- Fixes bug in controller/frontend
- Created functional test for posts API to test for this bug
- Created unit tests for frontend controller
- Fixed a global variable leak in core/test/utils/fixtures/data-generator
that was leaking the DataGenerator globally
- Resolved issue that arose from fixing above bug
2013-12-09 22:38:25 -05:00
Sebastian Gierlinger
078f464197 remove ghost.settings and ghost.notifications
covers 90% of #755
- moved ghost.settings to api.settings
- moved ghost.notifications to api.notifications
- split up api/index.js to notifications.js, posts.js, settings.js,
tags.js and users.js
- added instance.globals as temp workaround for blogglobals (Known
issue: blog title and blog description are updated after restart only)
- added webroot to config() to remove `var root = ...`
- changed `e` and `url` helper to async
- updated tests
2013-12-06 09:51:35 +01:00
Hannah Wolfe
696cfe7018 Swap url.resolve for slash handling 2013-12-04 21:20:24 +00:00
Hannah Wolfe
d2d9db3067 Add url.resolve for password reset email url
fixes #1604
2013-12-01 17:46:10 +00:00
Harry Wolff
37b2fd93d8 This commit removes a lot of code from ghost.js, including:
Move helper functions registerThemeHelper and registerAsyncThemeHelper
to the helpers module.
Also update the app proxy object to reflect this new code location,
and the tests to reflect that as well

Create ./sore/server/filters which houses all filter related behavior.
Was previously on the ghost singleton.
Also create the filters_spec file for testing
and update all code and tests to use new code location.

Create ./sore/server/helpers/template which houses all template related behavior.
Was previously on the ghost singleton.
Also create the helpers_template_spec file for testing
and update all code and tests to use new code location.

Move ghost.mail instance onto the mail module directly
and update related code and tests to use new location

Move Polyglot instance onto require module directly

Move ghost.availablePlugins to plugins module directly
2013-11-28 09:21:53 -05:00
Micheil Smith
3167a9b52c Fix several redirects in frontend and admin
refs #527
2013-11-27 09:57:44 +00:00
Harry Wolff
b920662790 Create the config module, initially used
to standardise getting paths and absolute URLs.  Easy
to extend for other configurations we may need.
2013-11-25 16:35:16 -05:00
Sebastian Gierlinger
3f2258e95b Replace cookieSession with session
- changed cookieSession to session
- added session.regenerate for login and logout
- added bookshelf session store
- added session table to database
- added import for databaseVersion 001
- added grunt task test-api
- cleanup of gruntfile to start express when needed only
- moved api tests to functional tests
2013-11-24 15:29:36 +01:00
Hannah Wolfe
7db5481f92 Merge pull request #1533 from jgillich/permalinks
Add Customisable Permalinks
2013-11-23 14:29:02 -08:00
Jakob Gillich
83d047c0ba Add Customisable Permalinks 2013-11-23 17:02:17 +01:00
Jacob Gable
34e453039b Improved Password Reset Tool
Closes #1471

- add api and User model methods for generating and validating tokens
- add routes and handlers for reset password pages
- add client styles and views for reset password form
- some basic integration tests for User model methods
2013-11-22 10:46:19 -06:00
Hannah Wolfe
315ca052a9 Merge pull request #1489 from sebgie/issue#1466
Fix wrong error message
2013-11-19 03:00:04 -08:00
Sebastian Gierlinger
fd60a12469 Fix wrong error message
closes #1466
- added status code for error object
- added test for frontend errors
2013-11-15 15:27:06 +01:00
Michael Bradshaw
0d4283176e Add support for SVG images 2013-11-12 11:37:54 -07:00
Hannah Wolfe
15da975c06 image upload controller refactor
issue #635

- upload controller shouldn't assume fs
- filesystem module proxies all the fs work
- proxies and exposes middleware for serving images
- creating a date based path and unique filename is a base object util
- unit tests updated
2013-11-11 16:10:57 +00:00
William Golden
766ce1ac51 Render a page template if it exists in a theme for a post marked as page.
Closes #1329.
2013-11-05 21:43:13 -06:00
Fabian Becker
48d3b10649 Fix image upload issue.
fixes #1377
2013-11-02 11:16:00 +00:00
Hannah Wolfe
6b29d4392a Merge pull request #1375 from jamesbloomer/image-refactor2
Tidy up the local file storage for images
2013-11-01 08:48:12 -07:00
jamesbloomer
f42e977fa7 Tidy up the local file storage for images 2013-11-01 13:08:27 +00:00
Hannah Wolfe
0db907ada2 Bump grunt-jslint and fix issues 2013-11-01 12:12:01 +00:00
Ben Gladwell
69d3a1460d Remove unparam:true from jslint config in Gruntfile.js
issue #1365
- added /*jslint unparam:true*/ to functions where absolutely necessary
- added /*jslint unparam:true*/ to functions in which keeping parameter
  list added clarity to the underlying api, even when those parameters
  are not currently used
- removed unused parameters in a few places
2013-10-31 14:02:34 -04:00
jamesbloomer
ec79069a1c Convert local file system image storage to use promises
Part of #635
2013-10-31 08:25:25 +00:00
jamesbloomer
6e44280b96 Moving file system storage to a module
issue #635

- refactored file system storage into module
- convert save to return a promise
- convert admin controller to use storage module
2013-10-31 08:25:24 +00:00
Jacob Gable
507174a00b Plugin API Refactor: Filter and Theme Helpers
issue #769

- Refactor doFilter to allow returning a promise from a filter handler
  and to also return a promise itself
- Move the logic out of the registerThemeHelper calls and into their own methods so
  we could test them in isolation.
- Assign the server to the ghost instance so the initPlugins method can
  get access to it.
2013-10-29 11:27:52 +00:00
Hannah Wolfe
5c33a707e9 Merge pull request #1164 from halfdan/1162-unpublished-posts
Unpublished Post should not be accessible
2013-10-25 13:18:39 -07:00
Simone D'Amico
c4bf0123c8 Added quotes to changepw admin controller 2013-10-25 20:11:33 +02:00
Fabian Becker
aa5c0cc620 Unpublished Post should not be accessible
fixes #1162
2013-10-24 21:29:10 +00:00
Sebastian Gierlinger
c558cb7648 Add validation for importer
closes #952
- moved api.js to api/index.js
- added api/db.js for import and export functions
- moved /ghost/debug/db/export to GET /api/v0.1/db
- moved /ghost/debug/db/import to POST /api/v0.1/db
- removed /ghost/debug/db/reset
- added validation for import
- added constraints object to migration
2013-10-23 19:42:55 +01:00
Fabian Becker
27e66f75f3 Show proper error message when image upload fails
fixes #994
2013-10-22 21:08:26 +00:00
Hannah Wolfe
65dcb17117 Merge branch '0.3.3-wip'
Conflicts:
	core/client/views/blog.js
	core/server/api.js
	core/server/views/default.hbs
	package.json
2013-10-20 10:09:39 +01:00
Sebastian Gierlinger
2ee8f96829 Revert sessions to cookieSessions
no issue
- modified sessions to use cookieSession
- set max-age to 12 hrs
- modified logout to delete cookie completely
2013-10-18 13:24:01 +02:00
Hannah Wolfe
2a6e77752f API JSON updates 2013-10-17 20:52:05 +01:00
Hannah Wolfe
d9c9ca0e33 Merge pull request #4 from sebgie/sec/3
Sec/3
2013-10-17 10:49:40 -07:00
Sebastian Gierlinger
374c41e138 Remove private data from API
no issue
- added removal to user.browse, posts.read, posts.browse
- fixed removal for user.read
2013-10-17 17:15:25 +02:00
Sebastian Gierlinger
90176e1f40 Security improvements
no issue
- added CSRF protection
- changed session handling to express.session
- changed session handling to change session id
- added config property useCookieSession
- added file extension check for /ghost/upload
- removed /ghost/debug/db/reset
2013-10-17 15:28:28 +02:00
Hannah Wolfe
b4e04b3650 Fix for image uploads
- express 3.4.0 uses connect 2.9.0 which had a sizable change to how multipart woks
- this change resulting in req.files.uploadimage.type going away
2013-10-11 20:26:09 +01:00
Sebastian Gierlinger
6ff17c78a2 Fix filepaths for config and upload
no issue
- added appRoot to config-loader.js
- modified uploader to use correct path
- modified tests
2013-10-10 12:44:31 +02:00
Gabor Javorszky
f709dcb798 Adds error message to blog import on empty / bad file
Closes #840
* Checks file to be size > 0
* Checks file to be .json
* Fails if either of them are not good
2013-09-28 15:42:42 +01:00
Hannah Wolfe
6bd62538af Merge branch '0.3.1-wip'
Conflicts:
	core/server/controllers/admin.js
2013-09-27 17:22:55 +01:00
Hannah Wolfe
681aa71bf5 Merge pull request #848 from jamesbloomer/705-image-Upload-file-storage-amends-type
Use file mime type to check server side if image upload is a valid file
2013-09-26 15:18:04 -07:00
Sebastian Gierlinger
fa43ca79d3 Add content to RSS
closes #886
- removed meta_description which is empty and would have crashed
- added content
- img src converted to absolute path
- a href converted to absolute path
2013-09-26 15:37:25 +01:00
John O'Nolan
d1957958e3 Cleanup indentation and quotes
Aligns all requirements vertically for easier reading + adds single quote standard consistently throughout Ghost, except in long strings.
2013-09-26 15:06:31 +01:00
Sebastian Gierlinger
6697d8a097 Add invalidate cache headers
closes #570
- added X-Cach-Invalidate headers for PUT, POST, DELETE requests
2013-09-24 17:21:43 +02:00
jamesbloomer
c215626d2b Use file mime type rather than extension to check server side if image upload is a valid file
closes #705
- uses the file type passed by express/connect
- relies on the type being set correctly by the browser upload
- doesn't reread the file to check
2013-09-20 13:20:59 +01:00
Hannah Wolfe
ee78f87c47 Import > Signout
- uncommitting the thing I shouldn't have commited
2013-09-18 16:11:21 +01:00
Hannah Wolfe
f717aed96f Merge pull request #820 from jamesbloomer/705-image-Upload-file-storage-amends
Remove temporary files when uploading images
2013-09-18 08:08:48 -07:00
Sebastian Gierlinger
1cac1acded RSS without User
closes #817
- no user, no rss author
2013-09-18 10:17:56 +02:00
jamesbloomer
36f218abaf Remove temporary files when uploading images
closes #502
part of #705
- copy the files but then remove the temporary ones
- moving instead of copying was problematic due to moving across devices
- still need to convert code to using promises
2013-09-18 09:15:21 +01:00
Hannah Wolfe
e0edb6455d Temporary Importer
closes #735

 - make sure the importer gets loaded
 - additional preprocessing to ensure data can be loaded
 - removed old importers
2013-09-18 04:20:21 +01:00
Christopher Giffard
8fa1ce96ff Settings: Return 404 for unrecognised pages
Fixes #798

- Now checks the request URL against a whitelist to determine whether the settings
  page exists.

**Notes**

- This works in the short term, but a better solution for enumerating the available
  settings views or centralising a list of recognised views that are available
  to client side code, (the router and sidebar, among others) as well as the backend
  controller will be required.
2013-09-18 12:31:43 +10:00
Hannah Wolfe
658a21bcf8 Quick file type amend
- adding .jpeg spelling to allowed extensions, #705 will fix this properly
2013-09-18 02:53:08 +01:00
Sebastian Gierlinger
60d93bd3f3 Fix for images with special chars
closes #780
- added replacing of special chars with '_'
2013-09-17 22:11:22 +02:00
Hannah Wolfe
750c19014a Populating admin email with user signup email
closes #775
2013-09-17 03:08:36 +01:00
Hannah Wolfe
79f75865a1 Error handling for the frontend routes 2013-09-17 01:54:36 +01:00
Sebastian Gierlinger
141361c40e Escape RSS post title
closes #755
- added html escape for post title
- changed author for rss feed to current user
- added simple test to check rss is working
2013-09-16 13:11:53 +02:00
Sebastian Gierlinger
8f22737f04 Make settings() 'magic'
- access value directly by using ghost.settings('key')
- removed use of <key>.value
- removed workaround for activeTheme path
2013-09-15 19:52:37 +02:00
Hannah Wolfe
117f70dcfd Merge pull request #752 from sebgie/settingsapi
Add setting filter
2013-09-15 09:53:23 -07:00
Hannah Wolfe
8d038b8bf2 One exporter to rule them all
closes #733

- Exporter will read meta data to determine the tables which are present and export all data from those tables
- Exporter figures out which version to export, rather than requiring that information
- deleted old exporters
2013-09-15 17:04:42 +01:00
Sebastian Gierlinger
bd8db968ea Add setting filter
closes #172
- added type to ghost.settings()
- added /api/settings?type=<filter>
- added availableThemes to settingsCache
- removed cachedSettingsRequestHandler
- removed /api/themes (including front end)
- changed activePlugins to type "plugin" in default-settings.json
2013-09-15 18:04:01 +02:00
Hannah Wolfe
9fcc0a6ed6 Renamed currentVersion setting to databaseVersion to avoid confusion with software version 2013-09-14 22:13:59 +01:00
Hannah Wolfe
d968495996 Mass renaming of things
Conflicts:
	core/client/views/settings.js
	core/server/models/user.js
2013-09-14 21:56:07 +01:00
Sebastian Gierlinger
35a32279d9 Clean up config (drop 'env')
closes #628
- removed .env from config.js
- ghost.config() returns correct config for NODE_ENV
- removed .env[process.env.NODE_ENV]
- updated tests
- deleted users.hbs, plugins.hbs, appearance.hbs (forgot to delete in PR #649)
2013-09-14 13:14:00 +01:00
Hannah Wolfe
486c2b4eea Use software version in RSS
closes #723

 Still waiting on https://github.com/dylang/node-rss/pull/16 to get this to actually output
2013-09-14 12:12:27 +01:00
Hannah Wolfe
cc785cc981 Merge pull request #686 from matthojo/Sign-up-screen-UI
Improved Auth screen markup and validation checks
2013-09-12 06:25:27 -07:00
Hannah Wolfe
4cd9f79116 Merge pull request #703 from matthojo/Dashboard-Removal
Temporarily removed the Dashboard and all references
2013-09-12 06:19:59 -07:00
Matthew Harrison-Jones
2678de902d Improved Auth screen markup and validation checks
* Signup now focuses on 'name' on load
* Fixed fade in on auth forms to work with `display: table`
* The 'name' field is required on Sign up forms
* The length check on the Signup form is in order of inputs
* Added check for password length
* Changed the auth form class names to better represent individual pages
* Updated CasperJS tests
2013-09-12 09:59:58 +01:00
Matthew Harrison-Jones
a85e8e1efc Temporarily removed the Dashboard and all references
This also updates the CasperJS to match the new changes.
2013-09-11 15:38:09 +01:00
jamesbloomer
3e28803672 Ensure image uploads do not overwrite if they have the same name
closes #619
- check if uploaded image name exists in month/year path
- if unique then save
- if not unique then add -1 to the end of the name eg. image-1.jpg
- if image-1.jpg exists then increment to -2
- keep going until a unique name is found
- uses tail recursion as normal path will be to save the first filename and deep recursion will be the exception
- (the alternative of loading the names of all the files in the directory could result in a large in memory array)
2013-09-10 22:02:28 +01:00
William Dibbern
9064914829 Added redirect to get rid of /page/1/
Fixes #592

- Added *permanent* redirect to ensure `/page/1/` isn't used and that
`/` is used instead.
- Added pageUrl helper (and unit tests) to generate client side url
fragment for blog pages conforming to the above standard.
- Updated pagination helper to use new `pageUrl` theme helper.
- Added functional tests for redirects and added scaffolding for
functional frontend tests in general.
2013-09-09 18:32:44 +01:00
Hannah Wolfe
0b3f2797e9 Fix for file upload paths on Windows
closes #669

- override incorrect path separators with / in the src for an image.
2013-09-09 17:19:58 +01:00
Hannah Wolfe
946544996c Updating forgotten password email template
closes #288

- added sign off using url from config
2013-09-09 11:51:12 +01:00
John O'Nolan
229597d341 Input signup name into user profile 2013-09-08 21:16:40 +02:00
Sebastian Gierlinger
27ba9289d6 Add setting for posts per page
closes #593
- added default setting of 6 posts per page
- added posts per page to settings page
- added limit to frontend.js (setting does not change API behavior)
2013-09-05 14:56:09 +02:00
Hannah Wolfe
ddcc7b78b6 Removing api calls from server side
closes #603, issue #395

- Changed hard-coded 'JOE BLOGGS' to use author data
- We still had api calls loading data server side before rendering pages.. which is unnecessary.
- Only thing using this was editor title, which is now populated client side
- May improve content screen load time.
2013-09-04 21:51:54 +01:00
Hannah Wolfe
21487aa802 Email errors & cleanup
closes #618

- don't send a welcome email. This appeared to be breaking tests.
- make sure we handle errors from sending emails properly
- use promises when adding notifications
2013-09-04 15:04:25 +01:00
Hannah Wolfe
36874badd5 Merge pull request #587 from javorszky/iss288
Email sending with Sendgrid plus password reset
2013-09-02 15:44:48 -07:00
Hannah Wolfe
13646f9ef6 Blog URL per environment
closes #572

 - Moved the siteUrl setting into each individual env config.
 - Updated app start and RSS to use the new config
2013-09-02 15:50:14 +01:00
Jacob Gable
3d2f03a08f Fix RSS urls 2013-09-01 20:34:26 -05:00
Gabor Javorszky
5999d01b7d Repaired email sending, implement password reset
Closes #288
* I use SendGrid for sending the emails, and it works fine (provided you supply the correct credentials in `config.mail` in `config.js`)
* Generates a random 12 char long alphanumeric password, replaces user's pw, and sends an email about it.
2013-09-01 00:20:12 +02:00
Hannah Wolfe
f9ace100fb Merge pull request #549 from pmgarman/rss
Add RSS Feed
2013-08-29 06:07:37 -07:00
Patrick Garman
8030946095 Add RSS Feed
Issue #366
- adds node-rss dependency
- adds /rss/ and /rss/:page/ routes which return XML RSS 2.0 feed
2013-08-28 10:36:32 -05:00
cobbspur
7ca3da398a Improved dropzone
- Made fail warning and button display none to reduce DOM content.
- Made toolbar red for fail not orange
- Fixed loading-cat  which was persistent in cases of low bandwidth (particularly downstream)
2013-08-27 19:54:06 +01:00
Hannah Wolfe
41e36cca7e Validation consistency
- introduced validation method in the post and user model
- moved signup validation onto model
- consistent use of validation & error messaging in the admin UI
- helper methods in base view moved to a utils object
2013-08-25 18:10:12 +01:00
William Dibbern
d7521958d5 Rename /logout/ to /signout/ and /login/ to /signin/
Closes #443
- Renamed routes
- Added redirects for old routes
- Added unit test for redirect
- Updated references to old routes in templates, html
2013-08-24 22:38:48 -05:00
Gabor Javorszky
368eb7a352 Added brute force protection to login
Closes half of #468
* adds a 2 second limit until you can retry logging in, otherwise sends you a 401.
* bounce: 2ms, checks the pw: 254ms on my machine
* added a test to the casper suite
2013-08-22 20:48:36 +01:00
Jacob Gable
23ee4cadc3 Fix redirect loop when no content 2013-08-21 09:05:17 -05:00
Hannah Wolfe
4cc3a11cda Manually merging pull request #439 from javorszky/iss354
Conflicts:
	core/client/views/login.js
2013-08-20 10:11:09 +01:00
Gabor Javorszky
be7ed2dfdc Added validation for signup and login screens
Closes #374
* Included node-validator as a package
* Implemented server side validation (the client side js is a mess, need a LOT of work)
* Validates email address both on signup and login screens, gives error message on malformed email addresses
* Requires at least 8 chars of password
* Tells user if password is too short
* Tells user if no such user on login
* Tells user if wrong password on login
* Tells user if server responds with a 404 (goes away, dies, etc)
* Added middleware between req and login / signup for validation
2013-08-20 09:42:42 +01:00
Gabor Javorszky
4e1aa2119c Removed flash, renamed file, unbroken logout / login request notifications
Closes #354
* Reintroduced the redirect functionality (not logged in, tries to go to `/settings/user/`, is sent to `/login/` with info notification, after login user is taken to `/settings/user/)
* Reintroduced the "Successfully logged out" message
* Added middleware to scrub passive notifications from `ghost.notifications` after one use basically mimicing client side passive notifications
* Removed flash from everywhere. Even from package.json.
* Renamed flashed.hbs to notifications.hbs, modified default.hbs accordingly
* Added function to parse GET variables on client side
2013-08-20 08:15:06 +01:00
Jacob Gable
a1d00b56b2 Trim title and don't allow negative pages
Added a .trim() to the slug generation and redirect to the first page if
the page parameter is parsed as less than 1.
2013-08-19 21:18:39 -05:00
Hannah Wolfe
5cb8b640da Merge pull request #454 from skattyadz/login-on-register
Immediately log in when a new user account is created
2013-08-19 13:46:06 -07:00
Jacob Gable
bbd60a6f23 Redirect to last page of posts
If requesting a page of posts that is above the total number of pages,
redirect to the last page of posts.
2013-08-19 09:35:52 -05:00
Adam Howard
6c829a0d63 Immediately log in newly registered users - removing the additional login step 2013-08-19 13:59:30 +01:00
Gabor Javorszky
f6d164b5d8 Current user added
Closes #340. Closes #375
* Replaced session with id of current user
* Added method to ghostlocals to always send profile picture and full name to templates (template checks if falsy)
* Modified user saving (`forge().set(new).save()` died on me, `forge().save(new)` didn't)
* If user has profile picture, that will be used
* If user has name, that will be used
* Password changing doesn't care about your email. Uses cookies. Tasty!
* User pane uses current user id. Had to set path to me, otherwise goes to `browse` instead of `read`.
* Added logic to user api to check for `id === 'me'`, and then use the cookie value
* User data saves are now correct
* There is no logout error
2013-08-17 22:02:46 +01:00
cobbspur
66278534dc fixes extensions bug for image uploader
- extensions set to lowercase
- changed navigation images to hyphenated names and corrected references
2013-08-13 21:04:07 +01:00
Hannah Wolfe
2f11f053ab Minor code cleanup, docs and other bits & pieces 2013-08-06 22:24:40 +01:00
Hannah Wolfe
eac3047d45 Merge pull request #339 from javorszky/iss282
Users can change password
2013-08-06 01:17:43 -07:00
Gabor Javorszky
071f9769c6 Users can change password
Closes #282
* Added a new route
* Added new methods
* Triple security!
* Passwords are actually changed
* Also added a change password button, because 'save' has too much baggage.

On security: checks whether you're logged in. Then checks whether your old password is actually the one that belongs to you (gets value from the email field for the email, see caveat no2). Checks the new passwords for === and length > 6 on client and server side as well. And THEN changes passwords.

Caveats:
* didn't add a test, as mocha fails spectacularly on my machine. SQLITE_CORRUPT: database disk image is malformed. Cute, huh?
* Because we don't have / I'm not aware of / could not find a "currentuser" variable, I need to get the email address of the user we want to change from the email field. Theoretically if they replace that with another user's email address, and supply their pw, they will change THEIR password instead of their own.
2013-08-06 00:49:06 +01:00
cobbspur
558c9d6caa Added image upload reusable plugin
issue #40 and issue #280

- Adds uploader jquery plugin
- includes settings for enabling/disabling upload progress bar
- adds routing for image uploads
- adds directories by year and month based on upload date
- Implements plugin on settings - general pane
- Implements plugin on editor
- adjusted general tab to save uploaded image src

TODO:
- Add error handling
- Storing information on editor
- Add events
2013-08-05 23:01:48 +01:00
Hannah Wolfe
338109c762 Data models import, export, and reset for 002
- added line to index.js to set node_env to development if it is not set
 - fixed a small bug with the persistent notifications and used them on debug page from server side
 - added 002 files to manage export and import for 002
 - 002 import is somewhat smarter than 001, merging settings (except version), replacing user & clearing primary keys
 - added reset to models and migration, which does the down operation the same way that init does the up operation
 - import and reset clear session & redirect to login / signup
 - additional unit tests
2013-08-05 13:56:30 +01:00
Gabor Javorszky
f36dc3c942 Login / Signup forms now use Backbone
* Moved most of control code to `core/client`
* Implemented ajax checks
2013-08-01 02:11:45 +01:00
ErisDS
273e2172cb Bugfix: data export path wasn't changed during restructure 2013-07-24 23:22:33 +01:00
Gabor Javorszky
b77a8fd0d9 Notifications on front end
Should close #37. There are persistent and passive notifications.

Persistent ones:
* are stored on `ghost.notifications`.
* have an api made to add / remove them with client side ajax logic (probably not the most elegant, but works)
* uses a modified `flashes.hbs` template
* will only disappear if user closes the bar
* stack

Passive
* added with backbone view / collection combo
* stack
* disappears on navigation and when user closes it
2013-07-22 14:41:27 +01:00
Hannah Wolfe
30b4eb07f7 App restructure - closes #245
- This is a first pass at getting a more logical structure. The focus is on moving from admin/frontend to client/server.
- The location of the databases is highly important, this isn't expected to change again
In the future
- client/assets should probably become public/
- more stuff should be shared (helpers etc)
- cleanup some confusion around tpl and views
2013-07-11 20:23:34 +01:00