Commit Graph

29283 Commits

Author SHA1 Message Date
Simon Backx
999b111fce
🐛 Fixed paid email preview stopped working in emails (#15356)
fixes https://github.com/TryGhost/Team/issues/1870

Disables email sanitization that was enabled earlier because this bug is more important and urgent.

The recently introduced email sanitzation removes HTML comments from the post html.
- This breaks the email paid preview, because it depends on the `<!--members-only-->` comment.
- Breaks the Outlook comments `<!--[if !mso !vml]-->`

This commit reverts this change.
2022-09-02 15:49:39 +02:00
Ghost CI
7650ecafeb v5.12.3 2022-09-01 15:36:17 +01:00
Rishabh Garg
c4041e46c8
🐛 Fixed email alerts for paid members on import (#15347)
closes https://github.com/TryGhost/Team/issues/1868

- email alerts should not be sent out when paid subscriptions are created via our importer
2022-09-01 20:00:37 +05:30
Fabien 'egg' O'Carroll
c9f782a3fc
🔒 Fixed rate limiting for user login (#15336)
refs https://github.com/TryGhost/Team/issues/1074

Rather than relying on the global block to stop malicious actors from
enumerating email addresses to determine who is and isn't a user, we
want our user login brute force protection to be on an IP basis,
rather than tied to the username.
2022-09-01 13:29:59 +01:00
Ghost CI
a2edc7ea1b v5.12.2 2022-08-30 16:58:26 +01:00
Simon Backx
8cd2b3182a
🐛 Fixed commenting on tier-only posts (#15333)
fixes https://github.com/TryGhost/Team/issues/1860

**Problem:**
Members were not able to comment on a post that was only visible for members with a specific tier.

**Causes:**
Content gating was done on models with missing relations.
- The products relation was not loaded on the member when doing content gating
- The tiers relation was not loaded on the post when doing content gating

**Tests:**
- Added for tier-only posts
- Added for paid-only commenting
2022-08-30 16:48:47 +01:00
Simon Backx
aec2badc6c
🐛 Fixed removing comped subscriptions for members with active subs (#15332)
fixes https://github.com/TryGhost/Team/issues/1859

**Problem:**
When for some reason a member has an active subscription (or legacy comped subscription) for product A, and a comped subscription for product B. You cannot remove comped subscription B.

**Fixed by:**
Updating the API to allow more flexible product changes on members.
- Allow the removal of (comped) products on a member, as long as that product doesn't have a related subscription
- (still) allow the addition of comped products to a member, as long as that member doesn't have other active subscriptions. This matches the existing behaviour, but now this is only checked for added products.
- Includes tests for these edge cases
2022-08-30 16:48:44 +01:00
Daniel Lockyer
0b0401d593 v5.12.1 2022-08-30 11:56:45 +01:00
Fabien 'egg' O'Carroll
21e473ff78
🐛 Fixed newsletters not rendering with non-HTML safe chars (#15331)
Co-authored-by: Kevin Ansfield <kevin@lookingsideways.co.uk>
2022-08-30 11:26:01 +01:00
renovate[bot]
9355c6d8fa
Update dependency mailgun.js to v8.0.1 2022-08-30 08:10:52 +00:00
Daniel Lockyer
8e3b611606
Fixed early return when there are no new email batches
- the code in question had the intention of returning early if no new
  email batches had been created for an Email
- there were 2 minor bugs here:
  - `batchIds` would end up being an array of an array of strings
    because we just push an array in without the spread operator
  - we would compare that the returned array equaled zero, which was
    never the case
- this commit fixes these minor issues and adds JSDoc to document the
  function's return type
2022-08-30 08:55:38 +01:00
Daniel Lockyer
fcd6360869
Cleaned up asset-delivery env config
- this is no longer needed because we don't do env-specific builds
2022-08-30 08:24:48 +01:00
Naz
8af8905fa9
Updated comments around API access
no issue

- While auditing the access rights to endpoints have come across the "stable" / "experimental" notes that do not make any sense in the current approach towards the API. Every endpoint that's documented and exposed just "is" there no stable/unstable/canary/whatever distinction in the Admin API since Ghost v5
- Staff tokens were also acked as a separate way to access the API, so we have them in mind when modifying the access-list
2022-08-30 11:41:18 +08:00
renovate[bot]
619af026d6
Update dependency luxon to v3.0.3 2022-08-29 18:37:24 +00:00
renovate[bot]
ced7f41112
Update Test & linting packages 2022-08-29 15:21:11 +00:00
renovate[bot]
df2a97032d Update dependency testem to v3.9.0 2022-08-29 16:19:01 +01:00
Simon Backx
f2da1229d8
Removed unused support email verificaton endpoints (#15328)
fixes https://github.com/TryGhost/Team/issues/1679

These endpoints are safe to be removed, as they are only used by the admin app and usage has been removed over there. It is very unlikely that this endpoint has been used in a third party integration (in which case they will get a notification email).
2022-08-29 15:16:13 +02:00
Elijah
3c94812ee5
Added missing return in create-stripe-update-session
no issue

- Return was missing for `res.end` if an invalid subscription_id was passed
- Added explicit `text/plain` `Content-Type` headers to error messages to avoid MIME sniffing

Signed-off-by: Elijah Conners <business@elijahpepe.com>
Co-authored-by: Simon Backx <simon@ghost.org>
2022-08-29 14:02:58 +02:00
Peter Zimon
16dc2be3cf Fixed post status UI bug
no refs.

- due to a regression the padding on the left of the post status indicator was set to zero
2022-08-29 10:59:56 +02:00
renovate[bot]
19befe7d56 Update peter-evans/create-or-update-comment digest to 5fdb3a6 2022-08-29 08:34:13 +01:00
Naz
113e2a6515 Improved verification email copy
refs https://github.com/TryGhost/Toolbox/issues/387

- Copy improvement afte a review
2022-08-29 12:18:46 +08:00
renovate[bot]
ea5942ef3d
Update dependency luxon to v3.0.2 2022-08-29 00:09:28 +00:00
Daniel Lockyer
d986059a50 v5.12.0 2022-08-26 16:00:32 +01:00
Rishabh
5e2613b6ed Fixed lint
refs 594ef34871
2022-08-26 15:31:10 +05:30
Rishabh
74f94e85a4 Fixed lint for staff user test 2022-08-26 15:29:06 +05:30
Rishabh
76419f8ed4 Removed email alerts UI for non admin staff
refs https://github.com/TryGhost/Team/issues/1825
2022-08-26 15:24:28 +05:30
Rishabh Garg
594ef34871
Enabled member email alerts (#15321)
closes https://github.com/TryGhost/Team/issues/1825
closes https://github.com/TryGhost/Team/issues/1826

- allows site owners/admins to receive email notifications when somebody signs up, becomes paid, or cancels subscription
- owners/admins can set their email preference from staff settings
2022-08-26 09:38:12 +05:30
renovate[bot]
0cbaa8f73d
Update dependency tough-cookie to v4.1.2 2022-08-25 23:44:35 +00:00
Rishabh
fbac9689c9 Removed empty cancellation reason from alert template
refs https://github.com/TryGhost/Team/issues/1826
2022-08-26 01:49:10 +05:30
Fabien "egg" O'Carroll
4718171b1d Removed out of date history items from UrlHistory
In case there is an issue with the filtering of items in our client
side attribution script, we also check for and remove out of date
items here. This ensures that we do not erroneously attribute signups
or conversions to webpages from more than 24h ago.
2022-08-25 16:09:34 -04:00
Fabien "egg" O'Carroll
f523e1eb6b Refactored UrlHistory to use static factory method
This keeps the constructor clean, relying on types for validation,
whilst preserving the validation when creating the instance. The
constructor is now private so that the factory which handles
validation is always used.

The tests have also been updated to test the public factory interface
rather than the internal validation methods. Validation has been
rolled into a single method and slightly improved in the way of
readability.
2022-08-25 16:09:34 -04:00
Rishabh
75f08f55cf Refined email alert templates
refs https://github.com/TryGhost/Team/issues/1826
2022-08-26 01:19:55 +05:30
Fabien 'egg' O'Carroll
34eae1f284
Promoted Member Attribution to a private beta (#15316)
We promote from alpha -> beta so that we don't require the
enableDeveloperExperiments flag, the toggle in the UI is behind the
flag still, so it will only be visible to developers or people using
alpha features.
2022-08-25 15:41:43 -04:00
Simon Backx
67163209e1
Enabled member attribution flag in all tests (#15317)
closes https://github.com/TryGhost/Team/issues/1852

Updates all tests to run with memberAttribution flag enabled
2022-08-25 15:25:01 -04:00
Rishabh Garg
1bf70bf3c6
Stored geolocation for member on creation (#15320)
refs https://github.com/TryGhost/Team/issues/1826

Geolocation was prev. loaded after member was created and updated on existing member. this was mostly due to historical context where we couldn't store data on magic link token.
Since email alerts go out at the time of member creation, this flow missed out on attaching member's location to email. 
This change -

- stores request ip when a member asks for magic link in the token
- loads request ip from token when member uses magic link, and for new members loads their geolocation and stores it with member creation
2022-08-26 00:45:34 +05:30
Rishabh
b16ad52401 Updated geolocation handling for email alerts
refs https://github.com/TryGhost/Team/issues/1826

- geolocation is a stringified json on member, needs parsing
2022-08-26 00:17:41 +05:30
Simon Backx
977aba928c Updated admin lint todo 2022-08-25 18:13:48 +02:00
Simon Backx
da48f70267 Fixed empty member attribution filter loading state
refs https://ghost.slack.com/archives/C02G9E68C/p1661442387532489?thread_ts=1661419289.348579&cid=C02G9E68C

When filtering on attribution, the filter was already applied when the array was empty, causing an invalid NQL filter.
2022-08-25 18:03:32 +02:00
Rishabh Garg
a31af1dfe7
Refined mail template for member alerts (#15318)
refs https://github.com/TryGhost/Team/issues/1826

- added email to html templates
- design refinements

Co-authored-by: Peter Zimon <peter.zimon@gmail.com>
2022-08-25 21:27:50 +05:30
Simon Backx
d04276ab4d Fixed width flicking on full width for pages and posts
fixes https://github.com/TryGhost/Team/issues/1838

- The loading template was setting a different class
- That class is not used any longer
- Removed that part of the code
2022-08-25 17:26:50 +02:00
James Morris
50f027cccf Reordered the filtering in the dropdown for the member attribution
refs https://github.com/TryGhost/Team/issues/1854
2022-08-25 16:17:22 +01:00
Rishabh
891f19a563 Fixed email alert tests
refs c00205bb61
2022-08-25 20:46:54 +05:30
Simon Backx
2bc79cd94f Updated attribution counts linking to editor if zero
refs https://github.com/TryGhost/Team/issues/1843

- Also fixes that attribution counts are hidden for contributors
2022-08-25 17:09:22 +02:00
James Morris
913ea4e54f Updated the activity page to now be called member activity
- This changes the page title
- This also changes the links to see more

refs https://github.com/TryGhost/Team/issues/1853
2022-08-25 16:07:22 +01:00
Rishabh
c00205bb61 Updated copy for cancelation alerts
refs https://github.com/TryGhost/Team/issues/1826
2022-08-25 20:36:48 +05:30
Rishabh
ad2934ba71 Cleaned up staff service package
refs https://github.com/TryGhost/Team/issues/1826
2022-08-25 20:36:09 +05:30
James Morris
22b0586667 Tweaks to column sizes for events and a way to show new event icons for feature flag
- Has better column widths and fixed a bug with the time one
- Now allows to show alternative icons for feature flag

refs https://github.com/TryGhost/Team/issues/1851
2022-08-25 16:01:53 +01:00
James Morris
b01a56e057 Adjustments to the event look in the table
- More adjustments to make the event stronger and the link lighter and less messy
- Checking in the icons but need to wire them up

refs https://github.com/TryGhost/Team/issues/1851
2022-08-25 16:01:53 +01:00
Simon Backx
38ce6ee66e Fixed blank line linting issue 2022-08-25 16:47:52 +02:00
Rishabh
e6246b191e Updated options format in email alert method to prevent filter override
refs https://github.com/TryGhost/Team/issues/1826

- doesn't allow `filter` to be overridden by passed in options
2022-08-25 20:15:54 +05:30