refs 0503ce5f35
- referenced commit changed `dashboard` to redirect to `site` when logged in user is not an owner or admin
- updated tests to reflect the change
no refs.
- added "View site" as the first and default menu item in navigation bar to be able to browse the site without leaving the Admin
- rearranged left sidebar items according to new structure (moved Labs down to bottom)
- removed "View site" from publication main menu because it's become redundant
- added Night shift toggle in line with Labs menu to be able quickly access it
no issue
- upgrade to latest `ember-source` and related dependencies including `ember-cli`
- upgrade to latest `ember-mocha` and modern ember testing setup
- https://github.com/emberjs/rfcs/blob/master/text/0268-acceptance-testing-refactor.md
- switch from using global acceptance test helpers and `native-dom-helpers` to using the new `ember-test-helpers` methods
- use [`chai-dom`](https://github.com/nathanboktae/chai-dom) assertions where in some places (still a lot of places in the tests that could use these)
- pin `ember-in-viewport` to 3.0.x to work around incompatibilities between different versions used in `ember-light-table`, `ember-infinity`, and `ember-sticky-element`
- incompatibilities manifested as "Invalid value used as weak map key" errors thrown when using `ember-light-table` (subscribers screen)
- pin `ember-power-datepicker` to unreleased version that contains a move from global acceptance test helpers to modern test helpers
refs #9865
- removed all `oauth2` and token-based ESA auth
- added new `cookie` authenticator which handles session creation
- updated the session store to extend from the `ephemeral` in-memory store and to restore by fetching the currently logged in user and using the success/failure state to indicate authentication state
- ESA automatically calls this `.restore()` method on app boot
- the `session` service caches the current-user query so there's no unnecessary requests being made for the "logged in" state
- removed the now-unnecessary token refresh and logout routines from the `application` route
- removed the now-unnecessary token refresh routines from the `ajax` service
- removed `access_token` query param from iframe file downloaders
- changed Ember Data adapters and `ghost-paths` to use the `/ghost/api/v2/admin/` namespace
no issue
- bump `ember-cli-chai` and update tests
- add missing Post model properties to the post factory with `null` to better match API output
- replace uses of `.blank` which no longer exists, swapping for `.empty` or explicit checks for `null`
- manually parse strings to numbers before using `.above` and `.below`
- bump top-level deps with no breaking changes
- bump yarn.lock sub-dependencies
no issue
- if we would like to re-add html in our error messages, we have to differentiate between static messages which can contain html and messages which are dynamic and can contain dynamic input, which should not allow html
- e.g. it is always possible that Ghost receives a message from a third party module, which concats static text with input text
- if we want to show html content from an error, we need to come up with a concept
- for now: no support for html in error messages
refs TryGhost/Ghost#9150
- added a new validator for password validations that will take care of the rules client side
- Passwort rules added:
- Disallow obviously bad passwords: 1234567890, qwertyuiop, asdfghjkl; and asdfghjklm
- Disallow passwords that contain the words "password" or "ghost"
- Disallow passwords that match the user's email address
- Disallow passwords that match the blog domain or blog title
- Disallow passwords that include 50% or more of the same characters: 'aaaaaaaaaa', '1111111111' and 'ababababab' for example.
- When changing the own password, the old password is not affected by the new validations
- Validation are running on
- setup
- signup
- password change in Team - User (only new passwords are validated)
- passwort reset
refs TryGhost/Ghost#9150
- Increase the password length in validators for signups, pw resets, and password changes for users to 10 instead of 8
- Update tests
no issue
We weren't being consistent in our use of Mirage's `normalizedRequestAttrs()` method which meant that in certain cases Mirage's internal database had duplicated attrs, the original set being `camelCase` and the new/updated set being `underscore_case` which was not only confusing but can lead to errors or unexpected behaviour in tests.
- updated Mirage config to always normalize where necessary
- updated tests to always use `camelCase` attrs
- added `HEAD` route handler for gravatar to avoid unknown route noise in tests
refs https://github.com/TryGhost/Ghost/issues/8958
- Ghost OAuth isn't coming back, time for the code to disappear and simply all the things
- fixes the `Usage of router is deprecated` notices that flood the console/test logs when testing
closes https://github.com/TryGhost/Ghost/issues/8622 by inadvertent knock-on effect.
People were having trouble with automatically entering password verification in blog title field. This re-orders the form to a more "normal" flow where password field is the last item on the page, so no risk of double-typing it.
no issue
- adds `eslint-plugin-sort-imports-es6-autofix` dependency
- implements ESLint's base `sort-imports` rule but has a distinction in that `import {foo} from 'bar';` is considered `multiple` rather than `single`
- fixes ESLint's autofix behaviour so `eslint --fix` will actually fix the sort order
- updates all unordered import rules by using `eslint --fix`
With the increased number of `import` statements since Ember+ecosystem started moving towards es6 modules I've found it frustrating at times trying to search through randomly ordered import statements. Recently I've been sorting imports manually when I've added new code or touched old code so I thought I'd add an ESLint rule to codify it.
refs TryGhost/Ghost#7865💄 refactor signup to use ember-concurrency
refs https://github.com/TryGhost/Ghost/issues/7865
- moves authentication actions from `signup` route to controller
- refactors authentication and signup logic into EC tasks
- replaces use of `gh-spin-button` with `gh-task-button` in signup template
💄 refactor setup screens to use ember-concurrency
refs https://github.com/TryGhost/Ghost/issues/7865
- moves authentication actions from `setup/two` route to controller
- refactors authentication and setup logic into EC tasks
- replaces use of `gh-spin-button` with `gh-task-button`
- fixes some styling issues with the new SVG icons
- adds `app/styles/patterns/icons.css` back to contain per-icon overrides and animations (some SVGs use fills and others use strokes so we sometimes have conflicting styles)
closes https://github.com/TryGhost/Ghost/issues/8321
- adds `gh-download-count` component that uses ember-concurrency to poll the count endpoint
- removes the no-longer-needed `setup/one` route as ember-concurrency now handles the setInterval bookkeeping for us
no issue
- preparation for using `ember-pikaday` that utilizes `ember-cli-moment-shim`
- removes usage of `moment` global
- removes custom imports of `moment` and `moment-timezone` libraries
closes https://github.com/TryGhost/Ghost/issues/8055
- use `expired` if the date is in the past, otherwise `expires`
- fix mirage factories to use `moment.valueOf` instead of `moment.unix` for invite `expires` attributes
no issue
- switch `jscs` and `jshint` inline config to `eslint` config
- fix eslint errors, predominantly in tests where the config now the main app config more closely
refs TryGhost/Ghost#7628 (issue), refs TryGhost/Ghost#7631 (required)
- update `config` service to fetch from public configuration endpoint
- add `beforeModel` to `application` route to fetch config and pause further processing until the request is complete
- remove `<meta name="env-*">` tags from generated `default.hbs` and internal testing `index.html`
- add mirage config to simulate configuration endpoint and helper to simulate enabled oauth config
- update `ghost-oauth2` torii provider to use auth server URL from server-provided config
issue TryGhost/Ghost#7452, requires TryGhost/Ghost#7451
- use a `ghostOAuth` config flag to switch between the old-style per-install auth and centralized OAuth auth based on config provided by the server
- add OAuth flows for:
- setup
- sign-in
- sign-up
- re-authenticate
- add custom `oauth-ghost` authenticator to support our custom data structure
- add test helpers to stub successful/failed oauth authentication
- hide change password form if using OAuth (temporary - a way to change password via oauth provider will be added later)
closes https://github.com/TryGhost/Ghost/issues/7420, requires https://github.com/TryGhost/Ghost/pull/7422
- adds a new `Invite` model with associated serializer and test setup
- updates team screen to use invites rather than existing users with the "invited" property
- updates signup process to work with new invite model
- updates setup process to create invites instead of users
- swaps usage of `gh-select-native` for `one-way-select` in the invite modal so that attributes can be set on the `select` element
- updates resend invite process to account for server returning a new model
- rewrites the invite management tests and fixes mirage mocks for invite endpoints
- sorts invites by email address to avoid jumping invites when re-sending
no issue
- updates `package.json` details to better reflect the separation from the `Ghost` package
- update ember config and all import statements to reflect the new `ghost-admin` module name in `package.json`
no issue
- add ember-suave dependency
- upgrade grunt-jscs dependency
- add a new .jscsrc for the client's tests directory that extends from client's base .jscsrc
- separate client tests in Gruntfile jscs task so they pick up the test's .jscsrc
- standardize es6 usage across client