Commit Graph

10083 Commits

Author SHA1 Message Date
Fabien O'Carroll
3366bd1254 Added upsert method to stripe models
no-issue

This is kind of copied from the session model, but simplified
This will allow much easier integration with members-api
2019-10-09 16:24:51 +07:00
Fabien O'Carroll
998642eb24 Allowed filter option for findAll method
no-issue

This will allow us to constrain findAll queries, rather than using knex
`where` & `fetchAll` methods
2019-10-09 16:24:51 +07:00
Fabien O'Carroll
a6354d1acb Updated members api to store/retrieve subscriptions
no-issue
2019-10-09 16:24:51 +07:00
Fabien O'Carroll
37bb12afb3 Added model for stripe_customers_subscriptions
no-issue
2019-10-09 16:24:51 +07:00
Fabien O'Carroll
0c32dfaa30 Added migrations for stripe tables
no-issue
2019-10-09 16:24:51 +07:00
Fabien O'Carroll
a4ff87a774 Added stripe subscriptions & updated customers table
no-issue
2019-10-09 16:24:51 +07:00
Fabien O'Carroll
312e0cc31e Installed @tryghost/members-ssr@0.7.0
no-issue

This removes the cookie caching functionality from members-ssr
2019-10-09 16:24:51 +07:00
Naz Gargol
786eaac57e
Added permission restrictions to editing members flag (#11217)
no issue

- Added test cases to check edit permission on settings endpoints
- Added test to demonstrate owner-only being able to toggle members flag
- Permission check when editing settings `lab.members`
- Passed additional function to permissions to allow custom selection of unsafe attributes due to settings object structure.
- Fully implementing this check on controller level would be wrong architecturally and not that straight forward because we lack role data in "frame"
- Cleaned up test after moving default_content_visibility to it's own property
2019-10-09 10:26:54 +02:00
Fabien O'Carroll
1e731dcdd3 Removed token param on page load for members
no-issue

This adds a bit of protection from accidentally sharing the url, and
also makes the url look cleaner
2019-10-09 13:36:06 +07:00
Fabien O'Carroll
dd419be2fb Added guard for missing stripe tokens
no-issue

This ensures that even if a stripe config object is present, we still
ensure that stripe is configured without keys
2019-10-09 12:00:53 +07:00
Fabien O'Carroll
079a64e46b Exposed @member.firstname in the theme data
no-issue

This is very basic split on whitespace for now
2019-10-09 12:00:53 +07:00
Rishabh Garg
7dc2eb2a1e
Added new requirePaymentForSignup setting for members (#11214)
* Added new `requirePaymentForSignup` setting for members

no issue

- Adds new `requirePaymentForSignup` setting flag for members, `false` by default.

- Wired members API `allowSelfSignup` to `requirePayment` setting
2019-10-08 22:00:46 +05:30
Naz Gargol
daa77c5c00
Permission restrictions for post.visibility modifications (#11213)
no issue

- Limited posts visibility field permissions to Editor-Up + Admin Integrations
- We don't want contributors or other roles lower than Editor to be able to modify content gating attribute
2019-10-08 15:44:27 +02:00
Kevin Ansfield
6028fde666 Merge branch 'master' into v3 2019-10-08 13:58:08 +01:00
Kevin Ansfield
da45881719 Version bump to 2.33.0 2019-10-08 11:25:41 +01:00
Kevin Ansfield
c78496c456 Updated Ghost-Admin to 2.33.0 2019-10-08 11:25:41 +01:00
Rishabh Garg
d9a0c8732c Fixed error when saving unknown url in bookmark card (#11210)
no issue

- `payload.metadata` may not exist in a bookmark card because it's possible to save a mobiledoc document when the card is in it's "unable to parse url" state in the editor
- check for `payload.metadata` object before performing any url transformations to avoid invalid property access
2019-10-08 11:11:32 +01:00
Fabien O'Carroll
f1ef801b78 🐛 Fixed error when during migration to 2.32.0 on mysql (#11208)
closes #11207

MySQL doesn't allow unqiue keys with a length of more than 191 when using InnoDB with utfmb4. These changes will ensure any incorrect tables created are fixed and have the
correct length for customer_id

* Changed `customer_id` to non-unique column
* Nooped the 2.32 `members_stripe_customers` migration
* Added migration to recreate `members_stripe_customers` table
  * sqlite doesn't allow `ALTER TABLE` queries so this is the cleanest solution considering the table is not yet in use
2019-10-08 11:07:29 +01:00
Kevin Ansfield
5789d40951 Version bump to 2.32.0 2019-10-07 23:11:18 +01:00
Kevin Ansfield
d81c3410cb Updated Ghost-Admin to 2.32.0 2019-10-07 23:11:18 +01:00
Kevin Ansfield
fab836a509 Updated Casper to 2.11.2 2019-10-07 23:11:18 +01:00
Kevin Ansfield
32f3f9d2c3 🐛 Fixed "unsaved changes" modal displaying when post has been saved
refs https://github.com/TryGhost/Ghost/issues/10477

The unsaved changes modal is displaying even when the post has been saved if images have been uploaded because the server is transforming absolute image urls to relative during input of the `mobiledoc` field but not transforming them back to absolute during output. The editor then thinks it's out of sync and shows the warning when trying to leave.

- `@tryghost/url-utils` has been updated with new methods for transforming URLs in mobiledoc content
- moves absolute->relative transformation from the API input serializers into the Post model
- transforms URLs in more fields for a more comprehensive transformation and fewer issues when re-configuring a site's domain
  - previously there could be problems with internal links between posts not being transformed so you could change the url config to newdomain.com but links in post content would still be pointing to olddomain.com
- updates the API post output serializers to transform all modified fields
- drops the `?absolute_urls=true` param switch from the `canary` API post output serializer so that all URLs are output as absolute
  - we're transforming more urls to relative when saving so this is necessary to ensure the unsaved changes modal is not triggered
  - the query param isn't documented and will disappear in v3
2019-10-07 22:59:19 +01:00
Kevin Ansfield
fa4e68ba13 Added transformer methods to mobiledoc cards
no issue

- adds abolsute->relative and relative->absolute transformer methods to card definitions
- allows for each card to tailor it's transformation to the specific needs of it's payload so that the `mobiledoc` field can be transformed successfully during API serialization/deserialization
2019-10-07 22:59:19 +01:00
Renovate Bot
0f2afafcbb Update dependency knex to v0.19.5 2019-10-07 09:30:22 +00:00
renovate[bot]
4c81a62a9d Lock file maintenance (#11175) 2019-10-07 12:53:34 +05:30
renovate[bot]
cb9eab0248 Update dependency bluebird to v3.7.0 (#11206) 2019-10-07 12:44:07 +05:30
Renovate Bot
fe4dccfaa3
Update dependency nock to v11.3.6 2019-10-07 01:29:57 +00:00
Renovate Bot
cc70fe983e Update dependency @tryghost/helpers to v1.1.12 2019-10-07 01:29:14 +00:00
Fabien O'Carroll
aaaf473154 Installed @tryghost/members-api@0.7.7
no-issue

This ensures that the correct emails are sent regardless of the form and
allows us to pass a flag to disable sending emails to users that are nor
already members.
2019-10-06 21:22:58 +07:00
Fabien O'Carroll
a12a8bd109 Updated eslint for tests to allow async functions
no-issue
2019-10-06 21:03:56 +07:00
Fabien O'Carroll
5b33507bf8 Allowed overriding the default from address
no-issue

This will allow the members service to pass a custom from address
2019-10-06 21:03:56 +07:00
Fabien O'Carroll
a6086995a6 Refactored GhostMailer into a class
no-issue

This breaks down the send method into distinct components that are
easier to reason about
2019-10-06 21:03:56 +07:00
Fabien O'Carroll
f349c5385c Used sinon.createSandbox rather than global sinon
no-issue
2019-10-06 21:03:56 +07:00
Fabien O'Carroll
a22d575a9e Removed from and getDomain methods from prototype
no-issue
2019-10-06 21:03:56 +07:00
Fabien O'Carroll
f4dbcb5f35 Changed imported modules assigned to const
no-issue

Updates to current standard
2019-10-06 21:03:56 +07:00
John O'Nolan
423b0d5412 Updated default from-address for system emails (#11202)
no-issue

Until now, we've used ghost@siteurl.com as the default from address for system emails, like user invitations and password resets. This was fine, because all system emails were going to people who would interact with "ghost" the app in some way, so the naming made sense.

Now we're introducing members, which will send emails on behalf of of the site owner, to their readers. If all goes to plan, they should be able to set a custom from address, however our default mail config will still be the fallback if no other value is available.

If you run "magazine.com" and you send someone a link to "login to magazine.com" then it's pretty weird for that email to come from "ghost@magazine.com" - so this PR changes the default value from ghost to noreply for an equally generic, but less opinionated default.
2019-10-06 19:02:10 +07:00
Fabien O'Carroll
b8e39af7ac Added stripe query param to checkout redirect urls
no-issue

The value will be set to one of 'success' or 'cancel' based on howthe
user exited the checkout flow.
2019-10-06 13:54:09 +07:00
Rishabh Garg
13d1a5b328
Updated travis notifications config (#11200)
no issue

Uses travis conditionals to push slack notifications only for cron run on master
2019-10-05 10:03:29 +05:30
Nazar Gargol
b750bb9a5d Fixed post model regression test
no issue

- The fake call logic had to be updated as a result of this change e214838039
2019-10-04 11:17:00 +02:00
Naz Gargol
a4462c5753
Added members CSV export to Admin API (#11198)
no issue
2019-10-03 20:36:22 +02:00
Naz Gargol
bb355ac9f2
Added members CSV import to Admin API (#11197)
no issue

- Improved error handling for member creation. We should be returning 422s instead of 500 when possible
- Wrapped `members.add` method with Bluebird promise. Wrapping is needed to be able to use `.reflect()` in CSV export method
- Added proper members CSV fixture
2019-10-03 19:59:19 +02:00
Kevin Ansfield
1fa70dea23
Whitelisted members endpoints for v2 and canary Admin APIs (#11196)
no issue

- http verbs needed to be whitelisted for the members endpoint to avoid `NotImplementedError`s when accessing
2019-10-03 17:28:20 +01:00
Naz Gargol
30326cbd2d
Added handling for PUT members endpoint (#11194)
no issue

- Adds the ability to edit `name` field for a specific member by using `PUT /members/:id` endpoint
2019-10-03 13:38:22 +02:00
Fabien O'Carroll
d4f71ade11 Added support for dynamic stripe checkout redirects
no-issue

You can now use `data-members-success` and `data-members-cancel` on any
element which also has a valid `data-members-plan` attribute to set the
cancel and success redirects for stripe checkout.

The value will be used similar to how a `href` attribute would be.

e.g.

On a page https://site.com/membership

An attribute of "/success" would redirect to https://site.com/success
An attribute of "success" would redirect to https://site.com/membership/success
An attribute of "https://site.com/whatever" would redirect to https://site.com/whatever
2019-10-03 17:36:33 +07:00
Fabien O'Carroll
cb431d758b Installed @tryghost/members-api@0.7.6
no-issue

This adds support for dynamic success and cancel urls for stripe checkout
2019-10-03 17:36:33 +07:00
Naz Gargol
5228d9819b
Added members POST API (#11189)
no issue

- Added Regression full test coverage for members Admin API
- Added `POST /members` endpoint
- Added members schema definition + validation
- Added ability to pass through send_email/emal_type options to members API
2019-10-03 11:15:50 +02:00
Kevin Ansfield
839cf0289f Added tests for bookmark card
no issue
2019-10-02 17:47:37 +01:00
Nazar Gargol
7abeaf6f18 Fixed local utils paths in canary regression tests
no issue

- The path that was used pointed to differen API which was overseen during one of the refactorings
2019-10-02 17:09:33 +02:00
Kevin Ansfield
36674c7584 Updated dependency @tryghost/url-utils to v0.6.0
no issue

- has refactored relativeToAbsolute utility
- has bugfixes for subdirectory handling and deduplication
- includes new utilities for transforming urls in markdown and mobiledoc
2019-10-02 13:06:50 +01:00
Fabien O'Carroll
8bb0f6631f Installed @tryghost/members-ssr@0.6.0
no-issue

This adds extra protection for weird cookies states when trying to get
identity tokens
2019-10-02 18:23:52 +07:00