Commit Graph

5641 Commits

Author SHA1 Message Date
Kevin Ansfield
b6d9bad6dc
Added custom theme settings browse/edit permissions for Administrators (#13361)
refs https://github.com/TryGhost/Team/issues/1070TryGhost/Team#1070

- initial implementation will only allow browse+edit via the API
2021-09-27 09:59:09 +01:00
Naz
035ad01f24 Swapped to American English spellings
refs 16728a3ef1

- initialised -> initialized
2021-09-23 18:36:38 +02:00
Matt Hanley
a9ea792d65
Updated OAuth middleware to use the correct URL helpers
no-ref

Hardcoded redirect URLs were breaking when admin and site URLs were
different, or when Ghost is configured with a subdirectory.
2021-09-23 17:26:29 +01:00
Kevin Ansfield
04dd409243
Added syncing and theme exposure of custom theme settings (#13354)
refs https://github.com/TryGhost/Team/issues/1070

- added `@tryghost/custom-theme-settings-service` as a dependency
- `core/server/services/custom-theme-settings` creates an instance of the new service passing in the model used for storing the setting keys/values and a cache instance
- requiring `core/shared/services/custom-theme-settings-cache` creates a cache instance, it has no dependencies so can be required anywhere and the first require will initialize the shared instance
- updated the theme activation bridge to trigger the theme settings service to sync the newly activated theme settings and populate the cache
- updated theme validation to pass `labs` through as an option so that we get custom theme settings back as part of the checked theme as that's what is passed to the custom theme settings service
2021-09-23 12:44:39 +01:00
Kevin Ansfield
57effd9585
Added custom_theme_settings table/model (#13327)
refs https://github.com/TryGhost/Team/issues/1070

- stores values of custom theme settings
  - will be merged with full settings data parsed from themes for API output
  - will be cached and made available for lookup in themes to avoid db roundtrips
- stores type of custom theme settings so we can coerce values and know if the type has changed when syncing
- records will be synced with themes upon activation
2021-09-23 11:51:18 +01:00
Daniel Lockyer
57664696a4 v4.15.1
-----BEGIN PGP SIGNATURE-----
 
 iHUEABYIAB0WIQTqYa7kNs8D7Oo9dgLSEYbwtHKVrQUCYUxOIgAKCRDSEYbwtHKV
 reO6AQCL2mFdVLBwRbpVQa2Zs9RlYKk88ivLRMpAZPPiElNblQEAqt710wrVbMwm
 hOOWbWdFpPOWCrop9zhO8GJSPeNpJw0=
 =Ff3M
 -----END PGP SIGNATURE-----
gpgsig -----BEGIN PGP SIGNATURE-----
 
 iHUEABYIAB0WIQTqYa7kNs8D7Oo9dgLSEYbwtHKVrQUCYUxTawAKCRDSEYbwtHKV
 ra28AQCcambctLCH70Sc7SJmexojA5k6Ti0p3pwOktWY/WygZQEAlMEHSDw89wdY
 3U8R8zY1d1MeXqj51Op95sTYwiDAjg8=
 =HoUL
 -----END PGP SIGNATURE-----

Merged v4.15.1 into main

v4.15.1
2021-09-23 11:13:56 +01:00
Fabien O'Carroll
944c2cc9af
🔒 Fixed member email change vulnerability
refs https://github.com/TryGhost/Ghost/security/advisories/GHSA-65p7-pjj8-ggmr

This updates the signup/signin flow for members to no longer support the
email address change flow - which had missing authentication. It has
been replaced with a dedicated email change flow, and Portal has been
updated to use it.
2021-09-23 10:49:30 +01:00
Naz
f13ee0e4fb Corrected type declarations in ThemeStorage
refs https://linear.app/tryghost/issue/CORE-35/refactor-route-and-redirect-settings

- Type declarations were incorrect, co changed them to something more suitable based on the implementation to reduce the error output.
2021-09-22 14:16:39 +02:00
Naz
7589218abc Converted import-manager module to a class
refs https://github.com/TryGhost/Team/issues/694
refs https://linear.app/tryghost/issue/CORE-16/tackle-importersdataindexjs

- The codebase uses class syntax instead of extending/instantiating a native function (this is a very old of doing pseudo OOP in JS). Updated the old syntax in a very one-to-one brainless way with intention to improve the file again when touched again
2021-09-22 20:10:23 +12:00
Naz
c39d1996a4 Brought back importer index.js file exposing a single thing
refs https://github.com/TryGhost/Team/issues/694
refs https://linear.app/tryghost/issue/CORE-16/tackle-importersdataindexjs

- This extra step was done to keep the git history cleaner (previous commit was a clean rename). This new index file exposes just one thing.
- The next step here should be refactoring of the "importer-manager" module into a class following a DI pattern.
2021-09-22 20:10:23 +12:00
Naz
0d32552d7a Renamed imports indexjs to import-manager
refs https://github.com/TryGhost/Team/issues/694
refs https://linear.app/tryghost/issue/CORE-16/tackle-importersdataindexjs

- The index file should contain an API index that the module/folder exposes. In this instance it is a full blown class-like set of data and functions that don't belong to index.js
2021-09-22 20:10:23 +12:00
Rishabh
1e239de039 Added new ingress endpoint for client-side events
res https://github.com/TryGhost/Team/issues/1064

- adds new events endpoint on members app to capture client side events for member analytics behind the `membersActivity` flag
2021-09-21 23:37:25 +05:30
Naz
90e9e473ad Brought back index.js file exposing a single thing
refs https://github.com/TryGhost/Team/issues/694
refs https://linear.app/tryghost/issue/CORE-16/tackle-importersdataindexjs

- This extra step was done to keep the git history cleaner (previous commit was a clean rename). This new index file exposes just one thing.
- The next step here should probably be refactoring of the data-importer module into a class following a DI pattern.
2021-09-22 03:23:12 +12:00
Naz
208dd49971 Renamed imports/data indexjs to data-importer
refs https://github.com/TryGhost/Team/issues/694
refs https://linear.app/tryghost/issue/CORE-16/tackle-importersdataindexjs

- The index file should contain an API index that the module/folder exposes. In this instance it is a full blown class-like set of data and functions that don't belong to index.js
2021-09-22 03:23:12 +12:00
Fabien O'Carroll
9183c3fa11 Exported MemberAnalyticEvent from models/index.js
refs https://github.com/TryGhost/Team/issues/1053

In order to use the model we must exports it from the index.js file.
This was missing from the commit which added the models.
2021-09-21 13:22:40 +02:00
Naz
74c15c7b02 Refactored secret settings util functions
refs https://github.com/TryGhost/Team/issues/694
refs https://linear.app/tryghost/issue/CORE-13

- The index file in services/settings was containning logic and started throwing an additional lint warning due to module length.
- The extracted secret settings utils were used in multiple places and were a good candidate to live in it's own small module
2021-09-21 23:05:57 +12:00
Naz
ed56239523 Moved browse method from settings API controllers
refs https://github.com/TryGhost/Team/issues/694
refs https://linear.app/tryghost/issue/CORE-13

- The browse method didn't throw a complexity warning but was a clear target to get extracted into settings bread service. This way we get rid of a settings cache dependency and reduce code duplication.
2021-09-21 23:05:57 +12:00
Naz
d76ba2852e Removed method complexity in settings API v3 controller
refs https://github.com/TryGhost/Team/issues/694
refs https://linear.app/tryghost/issue/CORE-13

- The controller code is not meant to contain complex business logic. Removed complexity in settings.edit method
- Have brought up to sync v3 controller code to the changes that were done in v4. Didn't touch v2 controller as it had slight API differences, so avoided going on another trip into the unknown
- Migrating v3 controller was pretty straigh forward as it's an exact copy of the v4 one (at least for the methods that were extracted)
2021-09-21 23:05:57 +12:00
Naz
ae3b2fad7c Removed method complexity in settings API controller
refs https://github.com/TryGhost/Team/issues/694
refs https://linear.app/tryghost/issue/CORE-13

- The controller code is not meant to contain complex business logic. Removed complexity in settings.edit method
- The code causing the complexity warning clearly belonged in the validation layer, so has been moved to it's propper location
2021-09-21 23:05:57 +12:00
Naz
e7ec197da1 Removed duplicate logic from settings edit permissions stage
refs https://github.com/TryGhost/Team/issues/694
refs https://linear.app/tryghost/issue/CORE-13

- The removed logic is done more thoroughly on the settings BREAD
service layer.
2021-09-21 23:05:57 +12:00
Naz
6b25b91fa4 Removed method complexity in settings API controller
refs https://github.com/TryGhost/Team/issues/694
refs https://linear.app/tryghost/issue/CORE-13

- The controller code is not meant to contain complex business logic. Removed complexity in settings.edit method
- Have separated the regular editing from "Stripe Data" editing to keep the dependency on the members service still in the controller reducing coupling of the settings BREAD service to the minimum.
- The stripeConnectData passed into `edit` method still feels out of place (maybe it should be passed as an array already that's ready to be merged with the rest of settings, but that was left for another refactor in the future)
2021-09-21 23:05:57 +12:00
Naz
85ee721157 Removed method complexity in settings API controller
refs https://github.com/TryGhost/Team/issues/694
refs https://linear.app/tryghost/issue/CORE-13

- The controller code is not meant to contain complex business logic.
Reduced complexity in the settings.read method
- Broke the usual "xxxService" naming pattern here in favor of "xxxBREADService" pattern that members package has been experimenting with recently (0469707f2e/packages/members-api/lib/services/member-bread.js (L25)). This naming choice was made because we already had a "SettingsService" and it would've become quite convoluted distinguishing the naming or doing renames for the sake of having a new temporary location for read/edit/add methods
- Also duplicated `hideValueIfSecret` method code with an intention to move it fully into the BREAD service once the refactoring is completed
2021-09-21 23:05:57 +12:00
Fabien O'Carroll
c1c969238f Passed MemberAnalyticEvent to @tryghost/members-api
refs https://github.com/TryGhost/Team/issues/1055

We use the models defined in Ghost as our database connection to store
the analytic events. So we must pass this down to the Members module so
that we can store the events
2021-09-21 11:42:05 +02:00
Daniel Lockyer
8590376795
Fixed linting issue
no issue

- I removed the use of Promises but didn't clean up the import
2021-09-17 16:51:52 +01:00
Daniel Lockyer
93e4b2eafd 🔒 Fixed remote command injection when using sendmail email transport
refs https://github.com/TryGhost/Ghost/security/advisories/GHSA-wfrj-qqc2-83cm
refs https://github.com/advisories/GHSA-48ww-j4fc-435p

- a vulnerability in `nodemailer` means that the `sendmail` transport is
  vulnerable to command injection for flags passed to the `sendmail`
  binary
- updating to the latest version of Nodemailer required creating
  `@tryghost/nodemailer`, which is a wrapper around Nodemailer and
  several plugins that used to be in the core
- this commit switches to using that package, and fixes up some small
  code + test changes
2021-09-17 16:46:51 +01:00
Fabien O'Carroll
61058fb0a4 fixup! Refactored migration to run faster 2021-09-17 16:33:14 +01:00
Fabien O'Carroll
3165315f84 fixup! Refactored migration to run faster 2021-09-17 16:33:14 +01:00
Fabien O'Carroll
484e0c1e05 Refactored migration to run faster
no-issue

We're seeing problems with large sites taking a long time to run this
migration. The aim here is to refactor it so that it is faster to run.

We've achieved that by reducing the number of database queries needed,
firstly by selecting members with a join to their events (rather than
fetching the events on a member-by-member basis) we also batch the
necessary updates to further reduce db query time.
2021-09-17 16:33:14 +01:00
Fabien 'egg' O'Carroll
2dca63eae2
Added temporary database table for analytic events (#13312)
refs https://github.com/TryGhost/Team/issues/1053

This table is going to be completely deleted at some point in the
future. It serves as a persistent datastore for a spike into collection
analytic events for members. We've opted for a generic table, rather
than a table for each event, so that we can push the DB to the limit in
terms of the length of the table, and find out performance issues A$AP
2021-09-17 11:15:21 +02:00
Kevin Ansfield
02347aa788
🐛 Fixed Outlook incorrect text styling and ' appearing in email content (#13313)
refs https://github.com/TryGhost/Team/issues/1047

Rendering segmented emails uses `cheerio` to parse and re-render the html but this had a side-effect of converting the `$#39;` char code to the more modern `$apos;` code resulting in Outlook not understanding quotes inside inlined CSS and showing the raw char code if it appeared in the email contents.

- extracted our handling of the unsupported char codes from the main email html generation into a function so that it can be re-used when generating segmented html
2021-09-17 08:39:29 +01:00
Naz
191b313271 Removed method complexity in webhooks API controller
refs https://github.com/TryGhost/Team/issues/694
refs https://linear.app/tryghost/issue/CORE-14/tackle-webhooksjs

- The controller code is not meant to contain complex business logic.
2021-09-17 10:11:23 +03:00
Naz
cff0c483af Updated v3 Webhook API to match v4 implementation
refs 70627d84a7
refs 44035fd591
refs https://github.com/TryGhost/Team/issues/477

- When v4 Webhook API was changed removing redundant code v3 API code should've been updated as well. Making this change before extracting logic out into a WebhooksService to have clear chain of why the code that doesn't look the same has been substituted
2021-09-17 09:58:44 +03:00
Naz
4744349381 Removed method complexity in integrations API controller
refs https://github.com/TryGhost/Team/issues/694
refs https://linear.app/tryghost/issue/CORE-10/tackle-integrationsjs

- The controller code is not meant to contain complex business logic.
- Added a test case checking 'PUT' endpoint for integrations to ensure
proper 'NotFound' handling. Found that previous implemenation was
buggy - threw a 500 as 'models.Integration.NotFoundError' that was removed
in previous commit didn't catch a needed error.
2021-09-16 14:23:48 +03:00
Daniel Lockyer
d4adae775e v4.14.0
-----BEGIN PGP SIGNATURE-----
 
 iHUEABYIAB0WIQTqYa7kNs8D7Oo9dgLSEYbwtHKVrQUCYUB7mgAKCRDSEYbwtHKV
 rYTGAP9dggMBUTq6+2yLyYHChVMqLez2WS/XmgTdC4mc2tsZzgD+J2/zhRObGYX0
 d54Y39pAw7rPV8Z8md9nCm9olPpE4AM=
 =w206
 -----END PGP SIGNATURE-----
gpgsig -----BEGIN PGP SIGNATURE-----
 
 iHUEABYIAB0WIQTqYa7kNs8D7Oo9dgLSEYbwtHKVrQUCYUB8kwAKCRDSEYbwtHKV
 rTGVAP4wqFwWwQUFUXX4tLbvcLKQalvHQI3soLFneAzZT1M3DQEAtWO+crkH2auN
 Agt8ND2ndlIzsyGxYywliajBfbQVZwM=
 =nFhH
 -----END PGP SIGNATURE-----

Merged v4.14.0 into main

v4.14.0
2021-09-14 11:42:21 +01:00
Kevin Ansfield
6875796417 Blocked 0.* IP addresses when making oembed requests
no issue

It was possible for authenticated/trusted admin users to make GET requests to localhost via the oembed service by crafting a redirect that used 0.0.0.0.

- added the 0.* default route/routing block to the private IP regex used to block requests when we're contacting external sites
- added an additional IP or localhost check in the oembed service when fetching bookmark card data
2021-09-14 11:35:14 +01:00
Daniel Lockyer
2d639ad4a1 Replaced removed Bookshelf findWhere function
- as per https://github.com/bookshelf/bookshelf/wiki/Migrating-from-0.15.1-to-1.0.0#collectionfindwhere, the `findWhere` function was removed
- `find` can be used in combination with `matchFunc` and then checking
  the values against each other to keep the same functionality
- also updates the tests to reflect the change in number of function calls
2021-09-10 16:59:11 +01:00
Daniel Lockyer
23c207cefc Updated signature of Bookshelf model listeners
- as per https://github.com/bookshelf/bookshelf/wiki/Migrating-from-0.15.1-to-1.0.0#different-arguments-on-after-save-event-listeners-saved-created-and-updated, the signature of saved, created and updated listeners has changed to remove the second argument
- this commits updates our signatures too
2021-09-10 16:59:11 +01:00
Daniel Lockyer
80fa1d903e Removed explicit loading of Bookshelf registry plugin
- as per 5a5a5d162e, the Bookshelf registry plugin is now in core
- we no longer need to explicitly load the plugin, and it displays a
  warning if you do
- this change also turns `._models` into `.registry.models`, so our code has
  been updated to reflect that
2021-09-10 16:59:11 +01:00
Daniel Lockyer
8fcb57bd6a Disabled new Bookshelf fetch behaviour across models
- as per https://github.com/bookshelf/bookshelf/wiki/Migrating-from-0.15.1-to-1.0.0#default-to-require-true-on-modelfetch-and-collectionfetchone, models will now default to `{require:true}` during a fetch, which changes how Bookshelf will respond when a models yields no results
- instead of passing a `null` result, it will reject with an error, so we'd need to switch to `.catch`ing everything
- our code is set up to handle all these null results and switching style is not currently on the cards so we want to use the existing behaviour for now
- to enable this, the `requireFetch` option needs to be added to the model definitions
2021-09-10 16:59:11 +01:00
Fabien O'Carroll
c9325aa2cc Fixed Complimentary subscriptions being created twice
refs https://github.com/TryGhost/Team/issues/1030

The usage of `setComplimentarySubscription` is for pre-Tiers enabled
sites only. We didn't see this issue before because the `comped` flag
was incorrectly being set to `false` by default. Since it was fixed in
https://github.com/TryGhost/Ghost/commit/ae844db60 the `comped` flag was
then getting sent up, and creating the subscription.

We've moved the usage of `setComplimentarySubscription` to behind the
feature flag so that we do not use old behaviour when Tiers are enabled
2021-09-10 14:29:20 +02:00
Kevin Ansfield
864e4583d4 Fixed segmented email content being sent to all members
refs https://github.com/TryGhost/Ghost/pull/13276

- when removing the labs flag a conditional in the email processor checking for the labs flag being enabled was replaced with a check for a member segment being present. This meant that email batches with `member_segment: null` representing all members that didn't have content specifically aimed at them were not having the segmented content stripped before sending
2021-09-10 11:36:42 +01:00
Peter Zimon
60d6d36c5e Updated sign up email copy
- Updated the copy of the confirm button in the signup email to make the use case (sign up vs. sign in) clearer.
2021-09-09 12:33:56 +02:00
Fabien O'Carroll
519757faec Cleaned up webhook settings on Stripe disconnect
refs https://github.com/TryGhost/Team/issues/1006

These should have been cleaned up previously as they are no longer used
or valid without a Stripe connection.
2021-09-07 18:58:25 +02:00
Fabien 'egg' O'Carroll
cd89c7e427
Used @tryghost/members-api Stripe disconnect logic (#13290)
refs https://github.com/TryGhost/Team/issues/1006

Moving the logic of disconnecting Stripe into the members-api module
decouples the Ghost API from the Members API internals. This method can
now be updated independently of Ghost, to implement the deletion of
webhooks from Stripe.
2021-09-07 18:25:53 +02:00
Fabien 'egg' O'Carroll
647f1f8f61
Fixed MemberStatusEvents for free members (#13287)
refs https://github.com/TryGhost/Team/issues/1000

Some free members were created with a status of 'comped', this resulted
in MemberStatusEvents being created with a `to_status` of 'comped'.

In 4.12 we fixed the status for all free members, but we did not update
the associated member_status_event.
2021-09-07 15:02:59 +02:00
Fabien 'egg' O'Carroll
ae844db60b
Fixed handling of Complimentary Stripe subscriptions (#13289)
refs https://github.com/TryGhost/Team/issues/995

Since we reintroduced the comped status, we did not update the
subscription handling to correctly set members to a status of comped
when they were on a 'Complimentary' plan. This meant that 'comped' members
had a status of 'paid'. The changes to @tryghost/members-api ensure that
handling subscriptions going forward will not result in this error.

Since we handle the Complimentary plan correctly now, we do not need to
manually check for the existence of one, we can instead rely on the
status to set the `comped` flag.
2021-09-07 11:31:47 +01:00
Fabien 'egg' O'Carroll
a0a35df13b
Migrated members comped status to reflect subscriptions (#13285)
* Migrated members comped status to reflect subscriptions

refs https://github.com/TryGhost/Team/issues/995

Due to a bug in subscription handling, members with Complimentary stripe
subscriptions were incorrectly given a status of 'paid'.

The goal of this migration is to fix existing broken members, and it
will be accompanied by a fix which prevents the bug for future members.

Since we are updating the status properties for members, we must ensure
that we also update the relevant member_status_events entries too, so
that we do not have incompatible sums between events and statuses.

For example, if we were to use events to graph comped members over time,
we would want the current count to match the query on statuses:

`SELECT COUNT(*) FROM members WHERE status='comped';`
2021-09-06 18:56:44 +02:00
Fabien 'egg' O'Carroll
62bb031bab
Fixed usage of linkStripeCustomer for v3 API (#13288)
refs https://github.com/TryGhost/Ghost/issues/12942

The function signature of this method has changed, and was only updated
in the canary API, this meant that API requests attempting to link a
stripe customer to a member would error for the v3 API.
2021-09-06 14:18:11 +01:00
Fabien 'egg' O'Carroll
90a4d369db
Fixed imports for files missing the email_only key (#13284)
closes https://github.com/TryGhost/Team/issues/1024

Our importer would set the default value of all posts_meta keys to
`null`. This is an invalid value for the `email_only` key which only
accepts booleans.

Since we are already looping over the schema to create the default
values, we can use the `defaultTo` property in the schema to use the
intended default, and fall back to `null` if it doesn't exist.

We've used the `Reflect.has` function to determine if the `defaultTo`
key exists, as opposed to a truthy check, because it's possible that a
falsy value (e.g. false, in the case of email_only) can be used as the
default.
2021-09-06 11:51:42 +01:00
Naz
6c75de6464 Removed i18t dependency from post scheduling service
refs https://github.com/TryGhost/Team/issues/694

- The i18t pattern has been deprecated. Quick clean up to keep the number of dependencies in the new module to the minimum
2021-09-04 07:49:11 +12:00
Naz
db2ef7dbca Migrated schedules v2/v3 APIs to match refactor in canary
refs https://github.com/TryGhost/Team/issues/694

- The canary schedules controller was refactored to use newly introduced post-scheduling service in a previous commit. This is a follow up to match v2/v3 controllers as they had identical code to the canary one.
2021-09-04 07:49:11 +12:00
Naz
7b53a61b73 Removed method complexity in schedules API controller
refs https://github.com/TryGhost/Team/issues/694

- The controller code is not meant to contain complex business logic.
2021-09-04 07:49:11 +12:00
Naz
00460c96f4 Removed i18t dependency from installer module
refs https://github.com/TryGhost/Team/issues/694

- The i18t pattern has been deprecated. Quick clean up to keep the number of dependencies in the new module to the minimum
2021-09-03 20:33:28 +04:00
Naz
84c88683ba Removed method complexity in themes API controller
refs https://github.com/TryGhost/Team/issues/694

- The controller code is not meant to contain complex business logic.
- Kept the pattern used in all modules under services/themes. The install module shold be refactored into a class with DI pattern when touched next.
2021-09-03 20:33:28 +04:00
Naz
8d36ebeb3c Refactored Labels API add method back to promises
refs https://github.com/TryGhost/Team/issues/694

- Additional try/catch block needed in async/await implementation increased method complexity  and broke the complexity linting rule. This is a dirty way to fix the warning. Ideally the implementation should stay with async/await syntax and instead move the custom error handling logic into some different layer. For example we could introduce a separate "stage" in the API framework's "pipeline" where we'd catch and handle in a generic way all of the "unique" types of errors. It would make sense to have a generic handler because this same code happens in labels, member and few more places.
2021-09-03 20:33:28 +04:00
Kevin Ansfield
020acb643e
Removed emailCardSegments labs flag (#13276)
refs https://github.com/TryGhost/Team/issues/993
reqs https://github.com/TryGhost/Admin/pull/2080

- removed labs flag
- removed labs flag usage in conditionals
- moved labs email template changes into main template
2021-09-02 13:11:11 +01:00
Naz
cea2facfe8 Updated mega's sendTestEmail JSDoc
no issue

- The "memberSegment" parameter is optional, marked it as such to remove type check errors
2021-09-02 13:11:10 +04:00
Naz
26f419f085 Reduced method complexity for sendTestEmail method
refs baccbb4942
refs https://github.com/TryGhost/Team/issues/694

- The change is here to remove yet another ESLint method complexity error
- The custom error handling complexity was introduced here in a referenced commit without an obvious reason. The specifics of how the "sendTestEmail" method handles errors should not leak out from the method, if there are errors in the response they should be handled internally and the method would uniformly reject with a single error.
2021-09-02 13:11:10 +04:00
Naz
807322dccb Extracted email preview service
refs https://github.com/TryGhost/Team/issues/694

- The code complexity in the email preview's read controller method was breaking the complexity rule in ESLint. To reduce the complexity extracted common parts into mega service
2021-09-02 13:11:10 +04:00
Naz
9a9866cf59 Refactored email-preview ctrl to use async/await
refs https://github.com/TryGhost/Team/issues/694

- async/await has been a standard way to handle async code throughout the codebase. Refactoring it before moving code makes it way easier to reason about similarities between multiple controllers
2021-09-02 10:59:00 +04:00
Naz
35e23636ae Fixed 'sent' status setting when publishing a post
refs https://github.com/TryGhost/Team/issues/947

- During the work of the UI and moving `email_only` flag to publish menu it created the situation where the publishing of the post was at the same time as adding `email_only` flag, resulted in not picking up teh `sent` status as the `posts_meta` model and record were's available during save.
- Adding the incoming attribute check for email_only flag covers this situation
2021-08-26 22:25:45 +04:00
Fabien 'egg' O'Carroll
bee1d4793d
Added static transaction method to base model (#13260)
no-issue

Writing code outside of Ghost which deals with the models is currently
done by passing the models which are needed to the external module,
rather than the instance of ghostBookshelf. This does not give us a way
to create transaction to run queries in. This method is designed as a
simple way to give all models the power to create a transaction for
themselves.

This will be used in @tryghost/members-api for example to ensure that
failures in communication with the Stripe API will rollback the related
inserts in the database.
2021-08-26 19:01:42 +01:00
Fabien O'Carroll
76311484df Added dummy subscription to comped members
refs https://github.com/TryGhost/Team/issues/873

This includes the update to @tryghost/members-api which includes the new
MemberBREADService which is used to handle the logic for controller
methods outside of the controller.

With it, we've introduced the concept of a dummy subscription for comped
members. This gives API consumers a way to get the created_at date for a
comped members access to a product.
2021-08-26 15:28:55 +02:00
Fabien O'Carroll
4e47c63e73 Updated members serializer to handle POJO
no-issue

The @tryghost/members-api module is being updated to export a BREAD
service which will be used to move the logic from the controller into.
This service is currently designed to returns objects rather than
models, as it has to do manipulation of the returned data at the object
level. This update to the serializer will allow a seamless transition to
the use of the BREAD service and allow us to pull out the logic from the
controller sooner!
2021-08-26 15:28:55 +02:00
Daniel Lockyer
51d602d5b3
Removed unused internal request lib
refs 3f0bab4389

- the internal `request` lib we had was replaced with `@tryghost/request` in
  the referenced commit
- this lib was not deleted, so it's still lingering around
- this commit deletes that file to clean it up
2021-08-26 14:21:27 +02:00
Fabien 'egg' O'Carroll
c7a7828b57
Gave Administrators permission to connect to Stripe (#13228)
refs https://github.com/TryGhost/Team/issues/994

This adds the permission required to connect to Stripe to the
Administrator role, as required by the linked issue.
2021-08-26 11:00:40 +01:00
Fabien O'Carroll
611f696149 Removed bluebird import from migration utils
no-issue

The bluebird library is unecessary in this module, as all uses of it
were wrapped in `async` functions which will return a native Promise
rather than a bluebird one.

refs https://ghost.slack.com/archives/C02G9E68C/p1629822160273500
2021-08-25 23:30:14 +02:00
Kevin Ansfield
413b06d1b5 Fixed leading/trailing HR removal when rendering email content
refs https://github.com/TryGhost/Team/issues/1007

- `:root` selector wasn't working as expected and ended up matching HRs within content
- switched to wrapping the post html inside a `<body>` element before parsing so that we have a proper top-level element for direct child selectors to match against
2021-08-25 09:25:55 +01:00
Kevin Ansfield
946ae43a15 Removed leading/trailing HR's when rendering email content
refs https://github.com/TryGhost/Team/issues/1007

- the new `email-cta` card allows surrounding dividers to be added when rendering, however if the card is at the beginning or end of the post then these would double-up with the already existing dividers at the beginning and end of the post content in the email template
- not wanting leading/trailing HR's is specific to the email template so it made sense to adjust the renderer output in Ghost's email generating rather than forcing all mobiledoc->html rendering to remove leading/trailing HR's
2021-08-24 19:38:29 +01:00
Fabien O'Carroll
a6bfd61986 Passed MemberProductEvent model to @tryghost/members-api
refs https://github.com/TryGhost/Team/issues/873

The @tryghost/members-api module needs access to this model in order to
create events when members access to products are updated.
2021-08-24 14:46:02 +02:00
Fabien O'Carroll
55f249a328 Added MemberProductEvent model & relations
refs https://github.com/TryGhost/Team/issues/873

We need a relation between members and their product events so that we
can pull out the events for a particular member to generate the start
date of their comped access to a product.
2021-08-24 14:44:53 +02:00
Fabien O'Carroll
e71114bb8f Added Members bulk actions endpoint
refs https://github.com/TryGhost/Team/issues/946

This adds the initial bulk actions endpoint used for the members
filtering feature. The idea is to eventually move bulk destroy into this
endpoint to and provide a consistent interface for applying bulk actions
to members.

The @tryghost/members-api package has been bumped to include the new
bulkEdit method.

The sinon.restore in tests was moved to an afterEach so that stubs did
not effect other tests.
2021-08-23 16:38:21 +02:00
Fabien O'Carroll
1835c22f3b Added getLabelRelations to Member Model
refs https://github.com/TryGhost/Team/issues/946

In order to bulk remove relations between members and labels we need a
way to get hold of all of the existing relations between a label and a
set of members.
2021-08-23 16:38:21 +02:00
Fabien 'egg' O'Carroll
2f33292600
Added members_product_events table (#13236)
refs https://github.com/TryGhost/Team/issues/873

This table is to track events related to members be given or having
removed access to products. It will allow us to provide start dates for
access for complimentary members, as well as being able to track access
to products over time, either for individual members or for aggregates.
2021-08-23 16:29:15 +02:00
Naz
04e7c9fca5 Refactored oembed service to async/await syntax
no issue

- The method was super hard to read with unintuitive catches in multiple places and lots of conditional logic. There's still more to reshuffle here, but that would be for the next time. At least now the data flow is clear within the method
2021-08-23 10:53:44 +04:00
Naz
0703596ace Fixed function comlexity lint warning in oembeds
no issue

- Logic with slightly more complex structure belongs to the service. Extracting it there also show's how little of an API the oembed service should actually expose
2021-08-23 10:36:18 +04:00
Naz
d6f3210fd2 Updated copy for email verification error
refs https://github.com/TryGhost/Team/issues/912

- The copy was changed in post members import email verification popup to have more consistent tone of voice.
2021-08-20 18:07:31 +04:00
Fabien 'egg' O'Carroll
26c3e77640
Ordered Products by their monthly price by default (#13234)
refs https://github.com/TryGhost/Team/issues/714

In order to order products by their monthly price we need to apply a
join with the stripe_prices table when querying so we have access to the
amount column of stripe_prices.

As this ordering is core to how the tiers feature is intended to work,
we have added it as the default order. But this can be overriden by
manually passing the order option.

Also ensured that we do not create duplicate products in test fixtures
2021-08-20 14:46:06 +02:00
Naz
5937fa5b92 Updated copy for email verification error
refs 5fd1ed5bcb
refs https://github.com/TryGhost/Team/issues/912

- The copy was changed to reflect the partial success of the import.
2021-08-19 13:35:55 +04:00
Naz
937d9e58d1 Switched post routing to uuid instead of slug
refs https://github.com/TryGhost/Team/issues/990

- Relying on uuid instead of slug makes the posts less discoverable and partially soves discoverability through overriden robots.txt files
2021-08-19 12:27:45 +04:00
Naz
2f2fe16944 Added floating threshold to member import
closes https://github.com/TryGhost/Team/issues/958

- The change allows to dynamically adjust import threshold based on current member count
2021-08-18 18:39:43 +04:00
Naz
ec841c0944 Renamed index.js file to a service
refs https://github.com/TryGhost/Team/issues/958

- The module contains a service class and not an api index as index.js file should. This rename also fixes an ESLint warning around index.js file being too complicated.
- The serivice should ideally be extracted into the member repository in the future iteration
2021-08-18 11:48:16 +04:00
Fabien 'egg' O'Carroll
8abd344048
Removed non-existent labs file export
refs 9e2b21578a

Since the ref'd commit the labs middleware was moved to the shared labs module
and this require path no longer exists. This does not break anything as any module
still using this would error when reading the labs property
2021-08-13 13:41:38 +01:00
Hannah Wolfe
59a3a67683
Added eslint override for index.js false positives
- Unquestionably, at some point we need to rework the API code so that we have less stuff everywhere
- However, the max-lines index.js rule exists as a proxy to find index.js files which are not exposing Public API, but rather contain logic
- These 6 cases are all valid index.js files as the expose the Public API of the module
- Therefore, I've added an override and an override notice explaining.
2021-08-13 12:48:49 +01:00
Fabien 'egg' O'Carroll
1dd520754d
Added bulkEdit to bulk-operations bookshelf plugin (#13223)
refs https://github.com/TryGhost/Team/issues/946

This refactor pulls out the core logic so that we can easily add other
bulk operations without having to duplicate even more logic.

It also gives a consistent return value between bulk operations, renaming
`unsuccessfulIds` and `unsuccessfulRecords` to `unsuccessfulData`

We also add a bulkEdit method which will be used to bulk unsubscribe members
from the newsletter.
2021-08-13 12:19:02 +01:00
Fabien O'Carroll
de9efba30c Fixed existing members status properties
refs https://github.com/TryGhost/Team/issues/959

Since we had a bug where members with a canceled subscription would have
a status of 'comped' we must fix any existing members in this state.

We update all members which have no products to a status of 'free',
which is the definition of a 'free' member.
2021-08-13 11:39:19 +02:00
Naz
2cae064575 Swapped to American English spellings
refs 16728a3ef1
2021-08-13 10:26:33 +04:00
Naz
0d7f253582 Added an internal API for email-only posts
refs https://github.com/TryGhost/Team/issues/899

- The internal API is needed to be able to fetch email-only posts through email router. The concept is similar to Preview API with a difference that only posts with `sent` status are accessible and there is content-gating present.
2021-08-13 10:12:54 +04:00
Naz
59a60d77b9 Fixed JSDoc apiType in the frame pipeline
no issue

- The apiType parameter is optional and was causing type checking to fail in many palces
2021-08-13 10:08:50 +04:00
Naz
9bc5a279ca Added a 'sent' status to post model
refs https://github.com/TryGhost/Team/issues/953

- We need to track email-only posts that have been sent out. New status was chosen as a way to differenciate such posts.
- Introducing a new "email post" type, conceptually like "page", was considered. Because there is no clear roadmap for "email post" becoming a bigger part of the product yet and a lot of uncertainty around this concept, overhead needed to introduce a new type was just too much to do at this moment. It's still a possibility in the future
2021-08-13 10:06:15 +04:00
Fabien 'egg' O'Carroll
235597a5e4
Refactored Members controller bulkDestroy (#13221)
no-issue

This moves the logic out of the controller and into the members-api
member repository. Removing complexity from the controllers and
out into services is desirable to reduce code in the Ghost codebase
and move logic into modules which can be tested easier.
2021-08-12 15:26:25 +01:00
Naz
cf14b5f433 Fixed function complexity linting warning
no issue

- Touched this file while looking into use of config.user_name/user_email and it was almost criminal to not do a tiny improvement
2021-08-12 15:38:58 +04:00
Naz
cb16675e29 Added "from" parameter to email verification
refs https://github.com/TryGhost/Team/issues/961

- More specific "from" address should improve handling when escalated. See refed issue for details.
2021-08-12 14:07:16 +04:00
Naz
41c70dfc96 Improved GhostMailer JSDocs
refs https://github.com/TryGhost/Team/issues/961

- The "from" parameter was not documented, so made it vary clear that it exists and is optional
2021-08-12 14:07:16 +04:00
Naz
fa13ff2798 Updated use of "blog" in variable to "site"
no issue

- The coding standard/preference in variable naming is to go with "site" where possible when referring to current instance instead of "blog".
2021-08-12 14:07:16 +04:00
Fabien 'egg' O'Carroll
6dba643ef9
Added ability to filter members on subscription data (#13214)
refs https://github.com/TryGhost/Team/issues/944

This will allow us to filter for members which have a canceled
subscription or for members which are currently on trial.
2021-08-12 10:10:51 +01:00
Naz
01f8737d39 Added /email/ route to robots.txt
closes https://github.com/TryGhost/Team/issues/952

- The `/email/` route will be a home for email only posts. We are adding the route preemptively to have the crowlers update their caches before the feature sees the light of The Internet
2021-08-10 13:45:53 +04:00
Naz
c9821a123a Swapped to American English spellings
refs 16728a3ef1
2021-08-09 13:35:01 +04:00
Naz
06a6dcb2d1 Added an /email/ root route for email-only posts
refs https://github.com/TryGhost/Team/issues/948

- The  frontend route `/email/:uuid` is aliased to the preview as a temporary solution. It fulfills the premise of the email-only post anyway - not being accessible publicly and only shared through email.
- The tests for the new route are missing as adding them was way more problematic than I envisoned. They are in the works and will be added as a follow up commit next.
2021-08-06 18:10:19 +04:00
Naz
db9e3a01ab Fixed invalid variable naming
refs ccab6117b4

- The change was meant to go with refed commit but was missed
2021-08-06 13:21:28 +04:00
Naz
ccab6117b4 Removed i18n dependency from psots service
refs https://github.com/TryGhost/Team/issues/949

- Use of i18n module is deprecated in favour of `tpl`/'messages` pattern
2021-08-06 12:21:23 +04:00
Naz
3c822e0457 Added ability to send newsletter and not publish the post
refs https://github.com/TryGhost/Team/issues/949

- When post is marked as "email-only" we can send it out to the selected audience when publishing without making the post publicly available
- The feature is available for experimentation behind "email only" alpha flag available in labs
2021-08-06 11:57:54 +04:00
Naz
a7503b9c0f Refactored posts service instantiation logic
refs https://github.com/TryGhost/Team/issues/949

- Initializing PostsService with almost identical parameters is burdensome, having a single factory method in create instances is far more maintainable
2021-08-06 11:57:54 +04:00
Naz
3a7bc1349d Reformatted big if statement
refs https://github.com/TryGhost/Team/issues/949

- It's relly hard to grasp what's going on in ifs with multiple conditions that are written down in a signle, gazzilion-line format. Having a nice column as way more readable
2021-08-06 11:57:54 +04:00
Naz
bd8a45d094 Extracted post edit logic to posts service
refs https://github.com/TryGhost/Team/issues/949

- The post model handling related to newsletter sending and email recipient filter logic were duplicating across v3/v4(canary) APIs and it made sense to extract it into a posts service.
- This will allow for a central place to handle about to land logic for email_only newsletter handling.
2021-08-05 15:18:29 +04:00
Naz
15073bad29 Extracted post/page cache invalidation logic to service
refs https://github.com/TryGhost/Team/issues/949

- The code is exactly the same in six (!) places. It's beyond unmaintainable to add another line to any of these place, which will be needed for `email_only` handling.
- The newly created posts service is a temporary, slightly better solution that complies with codebase's best practice of extracting new services using class with DI pattern
2021-08-05 14:51:47 +04:00
Naz
accf0c645a Refactored Pages API v3/canary controllers
refs https://github.com/TryGhost/Team/issues/949
refs e64274bb45

- This refactor is needed to bring the code in line with the rest of pages API controllers
- Next step will extract shared code patterns into a separate module
2021-08-05 14:42:16 +04:00
Naz
87ad210624 Refactored Pages API v2 controller
refs https://github.com/TryGhost/Team/issues/949
refs e64274bb45

- This refactor is needed to bring the code in line with the rest of pages API controllers
- Next step will extract shared code patterns into a separate module
2021-08-05 14:21:05 +04:00
Naz
ec19b01088 Fixed missing semicolon after the refactor
refs https://github.com/TryGhost/Team/issues/949

-  See previous commit
2021-08-05 14:14:58 +04:00
Naz
e64274bb45 Refactored Posts API v2 controller
refs https://github.com/TryGhost/Team/issues/949

- This refactor is needed to bring the code in line with the rest of post API controllers
- Next step will extract shared code patterns into a separate module
2021-08-05 14:13:02 +04:00
Naz
8b5d0f559d Added clarifying comment to the email_only mapping
https://github.com/TryGhost/Team/issues/893

- The assignment is not that obvious and might be confusing without wider context, which is why it warrants to have a clarifying comment. This became apparent during code review
2021-08-05 19:44:35 +12:00
Naz
838e94e535 Added email_only property in Posts Admin API v4
https://github.com/TryGhost/Team/issues/893

- The property is only added to Admin API v4 and is invisible in all Content APIs as well as v2/v3 Posts APIs
2021-08-05 19:44:35 +12:00
Naz
755a3a320e Added email_only column to posts_meta table
closes https://github.com/TryGhost/Team/issues/893

- We need a place to store email-only flag and posts_meta is the best place for it
2021-08-05 19:44:35 +12:00
Fabien 'egg' O'Carroll
424f621414
Moved NQL relations and expansions into the models (#13204)
refs https://github.com/TryGhost/framework/pull/19

The @tryghost/bookshelf-filter plugin no longer bundles hardcoded
relations and expansion definitions, instead leaving it up to the
library consumer to implement.

This PR adds the preexisting relations and expansions to the relevant
models, in order to preserve our existing filtering functionality.
2021-08-04 15:30:53 +01:00
Sanne de Vries
2be601d25e Fixed hr element and button overlapping in cta card in email template 2021-08-03 18:43:29 +02:00
Naz
7471c98df2 Updated email sending error copy
refs https://github.com/TryGhost/Team/issues/912
2021-08-03 10:13:14 +04:00
Rishabh
24b2a82461 Updated session API status code for logged out member
refs https://github.com/TryGhost/Team/issues/560
refs 69b773d112

The endpoint `/members/api/session/` is used by Portal for fetching member session while setting up and redirecting to Stripe Checkout flow. The status code returned by API for logged out member is changed from 4xx Unauthorized to 204 No Content, which is consistent with the status code returned while fetching member data when logged out. This API is made just before initiating the checkout session, and is not noticable in most cases due to redirect to Stripe Checkout and got missed.
2021-07-30 10:34:51 +05:30
Kevin Ansfield
10b7b31e6b Adjusted .btn-accent colors in emails for a white background
refs https://github.com/TryGhost/Team/issues/928

- applied same darkening of accent color in emails as we use in editor when there's insufficient contrast of accent color against a white background
2021-07-29 15:39:04 +01:00
Kevin Ansfield
eb92610df2 Added accent color button styles to labs email template
refs https://github.com/TryGhost/Team/issues/928

- duplicated email template so email-cta changes can go into the labs version
- added `accentContrastColor` to template settings for using white/black depending on the accent color
- added `.gh-btn-accent` styles to the email template (email-cta card already uses those for the button)
2021-07-29 15:25:09 +01:00
Naz
5fd1ed5bcb Added an escalation email when import triggers a limit
refs https://github.com/TryGhost/Team/issues/912

- When the improt acceedes the threshold for the first time we need a way to notify configured escalationAddress to verify the instance owner's email address.
2021-07-29 20:30:30 +12:00
Naz
fa33235fd9 Moved email verification logic into separate method
refs https://github.com/TryGhost/Team/issues/912

- The processImport method was becoming to big and unreadable
- Having small methods is easier to extract if needed later
2021-07-29 20:30:30 +12:00
Naz
93e8814589 Moved sending email error into MEGA
closes https://github.com/TryGhost/Team/issues/913

- Having a limit service rule triggered was a temporary hack to get a basic email blocking version working
- As the freeze value is now persisted in the DB it's possible to read and rely on it to throw an error straight from MEGA.
2021-07-29 20:30:30 +12:00
Naz
086840873e Moved verified email check closer to freeze logic
refs https://github.com/TryGhost/Team/issues/912

- Previous logic was a bit misleading because it prevented from reading the real threshold configured with an instance once the verified flag was present in the config.
- The reshuffle made here allows to check the freeze logic based on the threshold and then process the returned result accordingly instead of having hidden logic behind "importThreshold" config value
2021-07-29 20:30:30 +12:00
Naz
8bc4d00fe6 Added email unfreeze for verified email config
refs https://github.com/TryGhost/Team/issues/912

- When instance has "verified" email configuration it should remove email freeze and disallow future feezes
2021-07-29 20:30:30 +12:00
Naz
06788f0b6a Persisted email freeze in settings table
refs https://github.com/TryGhost/Team/issues/912

- The email freeze state has to be stored somewhere to make it through the instance restart and settings table is the best place for it.
2021-07-29 20:30:30 +12:00
Naz
2fbc1af165 Added email disabling flag to settings records
refs https://github.com/TryGhost/Team/issues/912

- We need a place to persist the email freeze state between instance restarts - settings table record is the best place for it
2021-07-29 20:30:30 +12:00
Thibaut Patel
ba4f8cc857 Added OAuth user data
issue https://github.com/TryGhost/Team/issues/614

- This allows keeping each user oauth data, to compare on future logins
2021-07-27 17:56:07 +02:00
Kevin Ansfield
dfca0abc93 Added support for segmented email content in previews and test emails
refs https://github.com/TryGhost/Team/issues/927

- the `email-cta` card can be segmented so only free or paid members can see the content, it should be possible for authors to preview what that will look like in either case
2021-07-27 16:31:41 +01:00
Naz
633d4f4771 Fixed typo 2021-07-27 14:07:57 +04:00
Naz
1a64af103a Fixed MemberCSVImporter initialization
refs https://github.com/TryGhost/Team/issues/912

- The membersApi variable can be in uninitialized state. It should be accessed through membersService getter to make sure it's always correctly referenced
2021-07-27 13:09:04 +04:00
Naz
8fbbd524df Swapped to American English spellings
refs 16728a3ef1
2021-07-27 12:15:19 +04:00
Daniel Lockyer
04b5a1c6c5 v4.10.2
-----BEGIN PGP SIGNATURE-----
 
 iHUEABYIAB0WIQTqYa7kNs8D7Oo9dgLSEYbwtHKVrQUCYP6iagAKCRDSEYbwtHKV
 rR/dAPsGjY89fheicUdZfWbVUGunIQAKCYWj4sNMR5ZJbFQ8IAD8Dbx5XLR1IYmX
 7uzjx7ayuHt+o9jJkaRFGpETIRln4w0=
 =JY+u
 -----END PGP SIGNATURE-----
gpgsig -----BEGIN PGP SIGNATURE-----
 
 iHUEABYIAB0WIQTqYa7kNs8D7Oo9dgLSEYbwtHKVrQUCYP6kDQAKCRDSEYbwtHKV
 rVJ1AQCDiGWEJNVItQbPoAURACUtQPtg8GH1O62We+LUNdKQ5gEA2+snzZAi9fag
 60k5eyYxcB4JOwSVLIS19FcybgnhuAg=
 =1a74
 -----END PGP SIGNATURE-----

Merged v4.10.2 into main

v4.10.2
2021-07-26 13:01:12 +01:00
Kevin Ansfield
8d5e7ed695
🐛 Fixed unsubscribed members receiving email when a post is sent to all members (#13181)
refs https://github.com/TryGhost/Team/issues/935

The problem was incorrect operator precedence when multiple statements existed in the filter original filter when we transform it to enforce `subscribed:true` before sending.

- free only - subscribed:true+status:free - no issue
- paid only - subscribed:true+status:-free - no issue
- all - subscribed:true+status:-free,status:free - the ,status:free part is treated as a separate OR statement meaning the subscribed:true is not applied to it and free members that are unsubscribed will receive the email

- extracted the filter transform into a separate function so it can be unit tested
- updated the transform to use `()` for operator precedence, eg: `subscribed:true+(status:-free,status:free)`
- used transform function in `addEmail()` and `getEmailMemberRows()`
- fixed `sent/send` typo in error message
2021-07-26 12:47:03 +01:00
Naz
ac3602cced Fixed empty response when import triggers a job
refs d60d348c88

- When the import triggers a background job the meta response should contain no data otherwise the client can mistake it for completed import
2021-07-23 21:14:06 +04:00
Naz
d60d348c88 Fixed error when hostLimits are undefined
refs a7dd7bb64b

- The error was introduced in the refed commit. Object.assign method only works when the first parameter is an object otherwise it fails.
2021-07-23 20:46:52 +04:00
Naz
a7dd7bb64b Added email verification limit check
refs https://github.com/TryGhost/Team/issues/912

- When the import threshold is reached we want to trigger an "email" limit. See details in the refed issue
2021-07-23 20:37:29 +04:00
Naz
ec8b49ea42 Moved member importer declaration for readability
refs https://github.com/TryGhost/Team/issues/912

- Exposing a single method out of the service makes the API surface smaller - more readable.
- Additionlally having a wrapping method in service will be helpful for other triggers that are going to be executed in later iterations
2021-07-23 16:58:46 +04:00
Naz
57c4afdea2 Integrated @tryghost/members-importer
closes https://github.com/TryGhost/Team/issues/916

- The members importer module was extracted into an ouside module as per project structuring standards
2021-07-21 19:34:30 +04:00
Fabien O'Carroll
f900b4ee78 Moved theme middleware after static middleware
refs https://github.com/TryGhost/Team/issues/907

The theme middleware makes several calls to the content api in order to
populate global theme data for use in templates. By adding this
middleware after the static theme files, we remove redundant calls.
2021-07-21 11:25:02 +01:00
Naz
170617feb3 Fixed this context for methods passed into importer
refs https://github.com/TryGhost/Team/issues/916

- Without `.bind`, `this` context was lost when used inside of the CSVImporter calss
2021-07-21 21:00:16 +12:00
Naz
25dcfde368 Refactored ghostMailer parameter
refs https://github.com/TryGhost/Team/issues/916

-  The constructor API should have as small of a surface as possible, there's no need to pass around whole ghostMailer instance
2021-07-21 21:00:16 +12:00
Naz
83c75a3fb4 Refactored settingsCache parameter
refs https://github.com/TryGhost/Team/issues/916

-  The constructor API should have as small of a surface as possible, there's no need to pass around whole settingsCache instance
2021-07-21 21:00:16 +12:00
Naz
19c5c0b05a Refactored storagePath parameter
refs https://github.com/TryGhost/Team/issues/916

-  The refactor was done follow the DI Constructor pattern with single options Object parameter
- It didn't make sense to have a "config" object inside of options object containing just one property
2021-07-21 21:00:16 +12:00
Naz
2472695535 Refactored constructure signature to be a n object
refs https://github.com/TryGhost/Team/issues/916

-  The refactor was done follow the DI Constructor pattern with single options Object parameter
2021-07-21 21:00:16 +12:00
Naz
da3620ca8e Refactored url-uitls out of MembersCSVImporter
refs https://github.com/TryGhost/Team/issues/916

-  The refactor was done follow the DI Constructor pattern and prepare module for extraction
2021-07-21 21:00:16 +12:00
Naz
66a6a522e0 Refactored db dependency out of MembersCSVImporter
refs https://github.com/TryGhost/Team/issues/916

-  The refactor was done follow the DI Constructor pattern and prepare module for extraction
2021-07-21 21:00:16 +12:00
Naz
b96a8f4f6b Refactored jobs service out of MembersCSVImporter
refs https://github.com/TryGhost/Team/issues/916

-  The refactor was done follow the DI Constructor pattern and prepare module for extraction
2021-07-21 21:00:16 +12:00
Thibaut Patel
489e470d7b Added a feature flag to the oauth login feature
issue https://github.com/TryGhost/Team/issues/614

- The feature flag was called `oauthLogin` instead of simply `oauth` to avoid clashes in the frontend `feature` service as it is merging the config and labs properties.
2021-07-20 23:16:49 +02:00
Naz
1eef1e9781 Refactored labs dependency out of MembersCSVImporter
refs https://github.com/TryGhost/Team/issues/916

-  The refactor was done follow the DI Constructor pattern and prepare module for extraction
2021-07-20 18:42:57 +04:00
Naz
c7edf256f6 Refactored Ghost mailer dependency out of MembersCSVImporter
refs https://github.com/TryGhost/Team/issues/916

-  The refactor was done follow the DI Constructor pattern and prepare module for extraction
2021-07-20 18:42:26 +04:00
Naz
a2fc3dde7d Removed dead code - batch-import module
refs https://github.com/TryGhost/Team/issues/916

- While investigating members importer related codebase this legacy module was spotted. It's not used anywhere and doesn't serve any particular purpose.
2021-07-20 17:44:25 +04:00
Fabien 'egg' O'Carroll
fc754c980f
Added missing comment to members .well-known mount
refs https://github.com/TryGhost/Team/issues/664

This was missed as part of PR review, as it is a non-standard mount location a comment
should be included to help our future selves!

PR: https://github.com/TryGhost/Ghost/pull/13163#discussion_r673066080
2021-07-20 13:58:29 +01:00
Fabien O'Carroll
1962591c2e 🔒 Fixed permissible method for Integration Model
refs https://github.com/TryGhost/Ghost/security/advisories/GHSA-j5c2-hm46-wp5c

The permissible method of models overrides all permission logic, which
means we must manually check the user & api key permissions before
continuing.
2021-07-20 13:43:29 +01:00
Fabien 'egg' O'Carroll
264fb51a87
Exposed Members pub keys on /members/.well-known/ (#13163)
refs https://github.com/TryGhost/Team/issues/664

The new WellKnownController and middleware handles exposing a JSON Web
Key Set for us.

In order to serve the keys on /members/.well-known/jwks.json without a
trailing slash, we must mount the wellKnown middleware before the
frontend.
2021-07-20 13:19:31 +01:00
Fabien 'egg' O'Carroll
c0f32b7746
Replaced usage of Error with @tryghost/errors (#13161)
refs 2f1123d6ca

Usage of the raw Error class has been deprecated in favour of our own
errors, which are more descriptive and have built in HTTP status codes.

This also updates the same errors to use @tryghost/tpl for the error
messages, which is the new pattern we are following in order for us to
deprecate the i18n module.
2021-07-19 11:46:38 +01:00
Kevin Ansfield
e5db28db00 Removed use of i18n in snippets controllers
no issue

- i18n is deprecated in favour of `tpl`
- normalized method syntax so `add` matches the rest of the controller's methods (fixed a complexity warning but was not the primary intention)
2021-07-19 11:08:55 +01:00
Naz
810b052e01 Removed use of deprecated new Error() syntax
refs 2f1123d6ca
refs 6f1a3e1774

- As per refed commits, we are removing deprecated use of `new Error()` in the codebase
- Exposed few internal from commands module methods for easier testing, otherwise it was turning into neverending mocking show
2021-07-19 21:31:31 +12:00
Naz
4c4af001e6 Removed use of deprecated new Error() syntax
refs 2f1123d6ca
refs 6f1a3e1774

- As per refed commits, we are removing deprecated use of `new Error()` in the codebase
2021-07-19 21:31:31 +12:00
Naz
a266c64130 Removed use of deprecated new Error() syntax
refs 2f1123d6ca
refs 6f1a3e1774

- As per refed commits, we are removing deprecated use of `new Error()` in the codebase
2021-07-19 21:31:31 +12:00
Fabien 'egg' O'Carroll
1af2b50dcf
Added userAuth brute middleware to members auth endpoint (#13152)
refs https://github.com/TryGhost/Team/issues/696

The userAuth spam prevention logic is reused, but a new piece of
middleware has to be created so that we can use a custom lookup key to
conatin the member email.

We must also add json parsing middleware to the route so that the brute
middleware can read the email.

The express body-parser middleware handles multiple instances on the
same route, so this doesn't cause problems upstream.

https://github.com/expressjs/body-parser/blob/1.19.0/lib/types/json.js#L99-L103
2021-07-19 09:40:38 +01:00
Rishabh
07dd783a40 🐛 Fixed error on saving member with existing label
closes https://github.com/TryGhost/Team/issues/743

Unlike tags, a label has a unique constraint on its `name`. So saving a new label on member with the same name as existing label fails with error due to unique constraint error.

- adds id for new label to match existing label if they are the same name, which avoids creating a new label
2021-07-16 14:01:47 +05:30
Fabien 'egg' O'Carroll
71ba9f3d17
Readded support for comped status in event aggregate (#13142)
refs https://github.com/TryGhost/Team/issues/880

The aggregate for `paid_delta` was incorrect as it did not handle the
case where an event went from paid->comped or from comped->paid. This
resulted in an overcount for paid members.
2021-07-15 15:17:51 +01:00
Naz
9870aff8f0 Fixed slow-running scheduling default test
refs https://github.com/TryGhost/Team/issues/860

- Slow unit tests cause longer waiting time to deliver code to main. Before this fix the test was taking a whooping 6s on average
- The main cause of the delay was a downstream's package (got) default retry logic that was taking up a lot of time bypassing the retry logic present in the default scheduler itself
2021-07-15 13:50:59 +04:00
Kevin Ansfield
9c5a25b060 🐛 Fixed alt="null" for feature image in emails
no issue

- when no alt text was set for feature images we were incorrectly rendering `alt="null"` in emails
2021-07-15 09:44:34 +01:00
Fabien O'Carroll
62ee693310 Lazily instantiated express-session middleware
refs https://github.com/TryGhost/Team/issues/756

When running the tests it was possible for this middleware to be
instantiated before the settings cache, resulting in an undefined
'session_secret' setting being passed. This would cause tests to fail.

Tracking this down proved difficult, so the fix was made here, by
instantiating the express-session middleware only once a request needs
to use it, we can be confident that Ghost has completely started.
2021-07-14 17:19:53 +01:00
Naz
5ea8e9b926 Removed use of deprecated new Error() syntax
refs 2f1123d6ca
refs 6f1a3e1774

- As per refed commits, we are removing deprecated use of `new Error()` in the codebase
- This bit cleans up the rest of `new Error()` usage in MEGA service
2021-07-14 19:17:35 +04:00
Naz
b045112950 Renamed exposed _getEmailMemberRows in mega
no issue

- Exposing internal methods out of the module is a non-standard practice. Adding `_` prefix allows to signal that this method is not for general use.
- When mega is refactored into a proper class this method will become exposed anyways
2021-07-14 18:56:57 +04:00
Naz
f343e73c92 Removed use of deprecated new Error() syntax
refs 2f1123d6ca
refs 6f1a3e1774

- As per refed commits, we are removing deprecated use of `new Error()` in the codebase
- This bit cleans up `new Error()` usage in MEGA service
2021-07-14 18:44:25 +04:00
Naz
8f5d6ebf8c Removed use of deprecated new Error() syntax
refs 2f1123d6ca
refs 6f1a3e1774

- The use of new Error() has been deprecated. Refactoring the migration  to use `createIrreversibleMigration` made most sense to have central error handling for migration which are not meant to be reverted.
2021-07-14 12:16:44 +04:00
Naz
bfb899b293 Removed stray code
refs 77a5ea5659

- This part was misscommited, wasn't meant for main
2021-07-14 11:51:14 +04:00
Naz
77a5ea5659 Added JSDoc to addTable method
no issue

- This mehod has an important `tableSpec` parameter which MUST be present when creating a new table migration. Having a description in form of the JSDoc somewhat helps this cause
- Next best improvement would be throwing an error if the parameter wasn't present, but that would require a bigger refactor backporting all usages of `addTable` method
2021-07-14 11:39:23 +04:00
Daniel Lockyer
17f0aae97e v4.9.4
-----BEGIN PGP SIGNATURE-----
 
 iHUEABYIAB0WIQTqYa7kNs8D7Oo9dgLSEYbwtHKVrQUCYOyBkgAKCRDSEYbwtHKV
 rUwwAQCxNVIluZNQaQFq1mXsXK99oJUh62TcfaRVpLln4OIW2gEA9P74NRNzAdM+
 RC3C0CeEnGEU0ggmfa4Snp6NNT47BAU=
 =wETf
 -----END PGP SIGNATURE-----
gpgsig -----BEGIN PGP SIGNATURE-----
 
 iHUEABYIAB0WIQTqYa7kNs8D7Oo9dgLSEYbwtHKVrQUCYOyCCgAKCRDSEYbwtHKV
 rTK6AQC+F1TV6FvH/JOrjyR0pdxgr3SzAubG22a4imwQenLjEwEA0nC2wFzsyRJd
 QZxi1khdgSXKe68ZpOMhqYPvC9maCA8=
 =RAf0
 -----END PGP SIGNATURE-----

Merged v4.9.4 into main

v4.9.4
2021-07-12 18:55:16 +01:00
Vikas Potluri
27e618e60c updated theme validation error copy to match other messages 2021-07-12 18:51:08 +01:00
Vikas Potluri
803a9e11b7 🐛 fixed name is not defined error when uploading invalid theme 2021-07-12 18:51:08 +01:00
Fabien O'Carroll
caf01544c8 Updated WEBHOOK_SECRET check to output a warning
refs https://github.com/TryGhost/Team/issues/841

When using our development tooling Ghost should always start, instead of
exiting with an error. This check for the WEBHOOK_SECRET env var was the
primary cause of Ghost erroring in development, so it's been switched
with a warning.
2021-07-12 11:23:46 +01:00
Hannah Wolfe
6726246697
Fixed test for overriding active theme
refs: f9a3f7d955

- The test for overriding a theme (uploading a theme with the same name as the currently active theme) doesn't test the right codepath
- It incorrectly assumes uploading the same theme twice results in an override, but this is only true for the active theme
- This change splits the override test out into it's own test, and only tests overriding by changing the active theme first
- Also fixed a minor comment type whilst here
2021-07-11 20:02:32 +01:00
Kevin Ansfield
f9a3f7d955 🐛 Fixed "Cannot destructure property" error when overwriting active theme
refs https://github.com/TryGhost/action-deploy-theme/issues/45

- added missing `throw error` in the `setFromZip()` catch which was hiding the underlying error when a theme uploaded and saved successfully but other code had failed
- fixed incorrect method name `activator.activateFromOverride` -> `activator.activateFromAPIOverride`
2021-07-09 20:40:01 +01:00
Kevin Ansfield
4235753e95 🐛 Fixed "Cannot destructure property" error when overwriting active theme
refs https://github.com/TryGhost/action-deploy-theme/issues/45

- added missing `throw error` in the `setFromZip()` catch which was hiding the underlying error when a theme uploaded and saved successfully but other code had failed
- fixed incorrect method name `activator.activateFromOverride` -> `activator.activateFromAPIOverride`
2021-07-09 19:27:49 +01:00
Thibaut Patel
b0762e623f Enabled removing all segmented email cards when the memberSegment is null
no issue

- In the current iteration of the gated email project, we are returning a null segment instead of returning the correct list of segmented users as a temporary measure. The expectation was to clear all segmented cards and it's now the case.
2021-07-08 18:34:30 +02:00
Hannah Wolfe
9e2b21578a
Moved labs middleware into labs utility
- this middleware isn't used anywhere at the moment
- including it in our labs utility should help to make it moe discoverable
2021-07-08 09:05:41 +01:00
Hannah Wolfe
c29c118fcf
Moved labs utlity to shared
- This isn't really a "service" - it's a set of utilities for working with labs flags
- It's also required all over the place, and doesn't require anything that isn't shared
- Therefore, it should live in shared
2021-07-08 09:05:41 +01:00
Hannah Wolfe
2072361022
Fixed frontend require in labs
- Replaced requiring SafeString all the way from the theme engine, with using express-hbs directly
- This is quite a big require, just for the safe string function, but without this we have to tie labs to our theme layer
- Also removed i18n and updated the jsdoc for enabledHelper
- The labs service can be moved to shared now!
2021-07-08 09:05:40 +01:00
Hannah Wolfe
72a1c0b898
Revert "Moved vhost mounts into boot file"
This reverts commit 7e61f73b8c.
2021-07-08 07:10:18 +01:00
Hannah Wolfe
4481b51992
Revert "Fixed frontend require in labs"
This reverts commit 6fb8736560.
2021-07-08 07:10:11 +01:00
Hannah Wolfe
8d38957bd7
Revert "Moved labs utlity to shared"
This reverts commit 782de52678.
2021-07-08 07:09:13 +01:00
Hannah Wolfe
145762485e
Revert "Moved labs middleware into labs utility"
This reverts commit 161ba51d2b.
2021-07-08 07:09:06 +01:00
Hannah Wolfe
161ba51d2b
Moved labs middleware into labs utility
- this middleware isn't used anywhere at the moment
- including it in our labs utility should help to make it moe discoverable
2021-07-07 21:47:19 +01:00
Hannah Wolfe
782de52678
Moved labs utlity to shared
- This isn't really a "service" - it's a set of utilities for working with labs flags
- It's also required all over the place, and doesn't require anything that isn't shared
- Therefore, it should live in shared
2021-07-07 21:41:34 +01:00
Hannah Wolfe
6fb8736560
Fixed frontend require in labs
- Replaced requiring SafeString all the way from the theme engine, with using express-hbs directly
- This is quite a big require, just for the safe string function, but without this we have to tie labs to our theme layer
- Also removed i18n and updated the jsdoc for enabledHelper
- The labs service can be moved to shared now!
2021-07-07 21:33:15 +01:00
Hannah Wolfe
7e61f73b8c
Moved vhost mounts into boot file
- This stops the mounting of the admin and frontend from being buried deep in express initialisation
- Instead it's explicit, which makes two things almost possible:
   1. we can potentially boot the frontend or backend independently
   2. we can pass services and settings loaded during boot into the frontend
- This needs more work, but we can start to group all the frontend code together
- Meanwhile we also need to rip apart the routing and url services to decouple the frontend from the backend fully
- BABY STEPS!
2021-07-07 21:29:14 +01:00
Kevin Ansfield
3c9f5da39d 🐛 Fixed small text in Gmail on Android for newsletters containing images
closes https://github.com/TryGhost/Team/issues/737

- without an explicit `width: auto` on images Gmail on Android will make not make the image responsive, instead it was keeping the 1200px intrinsic width of the image and shrinking other content around it to match
2021-07-07 21:11:42 +01:00
Kevin Ansfield
69bc5a9dfd Fixed error when requesting resize of a blank image
closes https://github.com/TryGhost/Team/issues/819

- adds guard for an empty buffer when reading file from storage for resizing, if a blank image is loaded then redirect to the original file
2021-07-07 19:11:24 +01:00
Kevin Ansfield
b12589ce6d Added savedIndicator alpha labs flag
refs https://github.com/TryGhost/Team/issues/779

- used by Admin whilst working on editor saved/unsaved status indicator
2021-07-07 19:11:24 +01:00
Thibaut Patel
605b042a33 Update cache invalidation on several routes
issue https://github.com/TryGhost/Team/issues/859

- Added invalidation to PUT /authentication/setup
- Added invalidation to POST /db
- Added invalidation to DELETE /db
- Added invalidation to GET /slugs/:type/:name
- Removed invalidation from PUT /users/:id/token
2021-07-07 18:12:51 +02:00
Naz
360e8d08d4 Fixed failing tests
refs https://github.com/TryGhost/Team/issues/856
refs dfe1089ee2

- Module export order matters
2021-07-07 19:18:54 +04:00
Hannah Wolfe
61e1b19d46
Added comments to all usages of lib/common/events
- This is a precursor to trying to split apart into:
   - model events + webhooks system which makes sense
   - frontend events which should be independent or removed
   - maybe some concept of a settings manager that we can use in various places to bind logic 🤔
   - other usages of events that should be refactored to not use events
2021-07-07 16:02:44 +01:00
Naz
dfe1089ee2 Bumped default API version export to be canary/v4
refs https://github.com/TryGhost/Team/issues/856

- The default internal version of the API is expected to be the latest one available which is v4/canary at the moment.
- There will be more information posted in the referenced issue later around how to approach the "default version", for now it's just a change to make a small step into a right direction.
2021-07-07 18:44:21 +04:00
Naz
11f37a9363 Refactor imports in API's routes files
refs https://github.com/TryGhost/Team/issues/856

- There were two problems with routes.js files defining API routes:
- First, the module requires wen too deep into the "api" module and used specific api modules directly. We have an "index.js" file which defines an API for whole API, it should be used as an entry point to anything to do with the API.
- Second, The naming was inconsistent between the routes.js files for "api", "apiV2", "apiCanary" - it is an extra maintenance burden to go on and change each "api" name when the new version is introduced. The only thing that should be changed within these files is a single line on very top that "requires" a specific API version like so: "const api = require('../../../../api').canary;" - way less maintenance to change that canary to v5 instead of doing an extra rename for all "apiCanary" to "apiV5"
2021-07-07 18:33:25 +04:00
Hannah Wolfe
4da7e7f0cb
Rework the themeService public API
refs: https://github.com/TryGhost/Team/issues/831

- This ultimately fixes the index.js file
- It also makes it super clear what methods in the themeService are used by the API, and which are part of the service loading logic
- It also moves the activate and init function into a single file in a way that highlights they are very similar
- They are also very similar to what happens in storage.setFromZip but that code is mixed up with storage code at the moment
2021-07-07 15:02:02 +01:00
Hannah Wolfe
c3774a3fab
Moved bridge.activateTheme calls into one place
- This is a slightly weird thing, but the intention is to highlight that there are 3 different code paths that can activate a theme
- Ideally we want to unify all the codepaths more, but for now this at least helps us see what is happening where
2021-07-07 15:02:02 +01:00
Hannah Wolfe
496b2bf47b
Refactored theme index to use async/await
refs: 82ef700d81

- the index file got missed in the earlier changes to async/await
2021-07-07 15:02:01 +01:00
Hannah Wolfe
6a39d0a011
Unified ThemeValidationError generation code
- All the code for creating these errors is now replaced with a single function
- This is useful DRY as it helps make code more readable
- This gets rid of the override of the error type to ThemeWorksButHasErrors - which is both weird and afaict not used anywhere
2021-07-07 14:45:08 +01:00
Hannah Wolfe
362140b31e
Removed passing of error to active theme
refs:  076ad99593

- as of 076ad99593 we no longer use the error property of the active theme anywhere
- cleaning up and removing this usage reduces the code pathways and makes the init fn a bit clearer
2021-07-07 14:38:08 +01:00
Hannah Wolfe
82ef700d81
Refactored theme service to use async/await
refs: https://github.com/TryGhost/Team/issues/831

- We prefer async/await over promise chains because it makes the code much more readable
- the Theme Service needs further work and this should make that work much easier
   - e.g. https://github.com/TryGhost/Team/issues/831
   - e.g. fixing up the index.js file
2021-07-07 12:28:55 +01:00
Hannah Wolfe
ee5962bd5d
Removed i18n from backend theme code
- slowly slowly removing the @deprecated i18n code from everywhere in favour of tpl
2021-07-07 11:32:53 +01:00
Hannah Wolfe
dda884ee4f
Removed i18n from frontend theme code
- slowly slowly removing the @deprecated i18n code from everywhere in favour of tpl
2021-07-07 11:32:02 +01:00
Hannah Wolfe
10aad8db7e
Removed Bluebird catch predicate
- We use bluebird inconsistently throughout the codebase now
- The original reason why we needed to use it so heavily was so that all promises returned had the bluebird behaviour, including catch predicates
- Most other usage is explicit, but this is really hard to detect and hasn't made it to standard promises, so we should get rid of this pattern
2021-07-07 11:26:36 +01:00
Hannah Wolfe
e7b80e50dc
Refactored bootstrap.init to require route settings
- The router bootstrap is no longer allowed to fetch it's own settings, but rather is passed them
- This moves the call to the site routes.js file, which isn't much better but it's a start
- The goal is to always pass these in from the boot process, or from the bridge reloader
2021-07-07 10:25:45 +01:00
Hannah Wolfe
bab5764179
Simplified + unified debug naming conventions
- Reduced the number of levels in our debug naming in the frontend
- Unified components like "themes" and "routing" under one name
- Should help to make debug slightly more useful again
2021-07-07 09:57:14 +01:00
Naz
4f73d9ae9d Fixed critical alerts sending to admin users
refs https://github.com/TryGhost/Team/issues/726

- The refed feature got broken during the refactors. Even though this area is covered by unit tests the "this context" testing should probably done on an integration test level, which we don't have a clear pattern for just yet
2021-07-07 11:29:18 +04:00
Rishabh
5a1d3b0e95 Added cache control headers to members api
closes https://github.com/TryGhost/Team/issues/846

- members api was missing cacheControl middleware to declare its cache control headers
2021-07-06 20:33:14 +05:30
Fabien O'Carroll
fa137ed16e Added support for the 'comped' status for members
refs https://github.com/TryGhost/Team/issues/790

The schema validations are used at the model layer to validate inputs
and need to be updated in order for us to reintroduce the 'comped'
status.
2021-07-06 12:00:25 +01:00
Fabien O'Carroll
8a87eb9e36 Migrated members_status_events for comped members
refs https://github.com/TryGhost/Team/issues/790

Since version 4.6 the 'comped' status has not been used. Any members
which were given complimentary plans since then will have had a `status`
of 'paid', and therefore the corresponding members_status_events row
would have a `to_status` of 'paid'.

This migration is designed to fix these members_status_events rows by
ensuring that the last (chronologically) members_status_event row for a
comped member has a to status of 'comped'.

Unfortuantely this migration loses information which makes writing a
perfect inverse migraion impossible. Alternative down migrations were
considered, but these would lose further information.
2021-07-06 12:00:03 +01:00
Fabien O'Carroll
47cf21514e Migrated comped members to 'comped' status
refs https://github.com/TryGhost/Team/issues/790

In order to track when a member was comped, as well as to differentiate
paid members from comped, we are reintroducing the 'comped' status. This
migration will updated members with a Complimentary Stripe Subscription
to a status of 'comped'. It is essentially a reversal of the 4.6
migration.
2021-07-06 12:00:03 +01:00
Kevin Ansfield
541fb4d2db
🐛 Fixed potential for partial content re-generation in 4.0 migrations (#13120)
no issue

- incorrect syntax was used in the error handlers inside of the `for` loop, by using `return` when logging the whole for-loop was aborted whereas we want to log and continue processing the rest of the items
2021-07-06 10:15:32 +01:00
Kevin Ansfield
05b317af9d
🐛 Fixed incorrectly stored URLs after migration from 3.x to 4.6.1-4.8.4 (#13109)
refs https://github.com/TryGhost/Team/issues/853

A refactor of `urlUtils` usage in 4.6.1 left a buggy 4.0 migration that did not transform URLs inside of mobiledoc cards. Anyone upgrading from 3.x to 4.6.1-4.8.4 would end up with inconsistent URL formats and potentially broken images.

- fixed 4.0 migration by passing our mobiledoc cards list in when transforming mobiledoc urls
- added a new migration that re-applies the missed URL transforms and content re-generation for any site that did a 3.x upgrade to a buggy 4.x version
2021-07-06 10:15:00 +01:00
Naz
2c1ae2e9af 🐛 Fixed a 500 error for incorrect fields parameter in API
refs 8a1fd1f57f
refs 5584430ddc

- The change to async/await in the original commit 558443 was causing problems in downstream dependencies (create-error package) where it was loosing a context of "this". It's not a direct dependency so I didn't go yak shaving into where exacly the context is lost.
- The fix to keep a correct context of "this" was sticking to an existing pattern using regular function returning promises. Once we need to redo them into async/await we can investigate if there's a way around create-error's context prolbem
2021-07-06 11:58:37 +04:00
Daniel Lockyer
8a1fd1f57f
Revert "🐛 Fixed a 500 error for incorrect fields parameter in API"
- this reverts commit 5584430ddc until we
  can investigate why tests are failing
2021-07-05 17:36:44 +01:00
Naz
5584430ddc 🐛 Fixed a 500 error for incorrect fields parameter in API
closes https://github.com/TryGhost/Team/issues/817
refs 6d083ee00e/packages/bookshelf-pagination/lib/bookshelf-pagination.js (L256)

- The 500 error is not the best we can do in this situation and throwing a 400 just like we doo in a referenced commit would keep the convention
- The underlying problem of the bug is bigger - we allow the fields named the same way as relations to leak into the db query and that causes an incorrect SQL syntax. It's a bigger problem which would need a separate, holistic approach
2021-07-05 18:46:02 +04:00
Thibaut Patel
9c2cfb5d00 Added cache invalidation to the POST authentication/setup route
issue https://github.com/TryGhost/Team/issues/859
2021-07-05 16:01:25 +02:00
Rishabh
3e9a23355f Handled visibility filter in post/page API
refs https://github.com/TryGhost/Team/issues/849

As part of work for segmented post access with multiple products, the custom filter for post access is stored in `visibility` field on posts but passed with `visibility_filter` property on API. This change -

- updates input serializer of posts to transform `visibility` and `visibility_filter` properties correctly
- updates output serializer for canary to transform and send `visibility_filter` attribute with filter value
- updates output serializer for v3 to ignore any custom filter on visibility and return `paid` instead as v3 didn't have a concept of custom filter
2021-07-05 17:10:45 +05:30
Rishabh
d413b3d654 Updated visibility validator for page/posts
refs https://github.com/TryGhost/Team/issues/849

Custom post visibility (behind alpha flag) is added to the API using new `visibility_filter` attribute that stores the custom filter. This change -

- updates validator for visibility to check new `visibility_filter` property
- cleans usage of i18n in favor of tpl
2021-07-05 17:10:45 +05:30
Kevin Ansfield
c756cf5feb Removed psmRedesign from allows labs flags
refs https://github.com/TryGhost/Team/issues/840

- redesign in Admin is now in `main` without flag
2021-07-02 19:06:42 +01:00
Naz
0f49e19127 Removed unneded i18n and logging parametes from update check
refs https://github.com/TryGhost/Team/issues/727

- @tryghost/update-check-service v0.2.0 does not require either i18n or logging parameters - makes things less tangled up!
2021-07-02 19:07:13 +04:00
Naz
703827b4c2 Changed update check's API version to use default one
refs https://github.com/TryGhost/Team/issues/727

- The version was forgotten to get a bump durin g 4.0 release. The API version used by update check should be the same as internal default.
- Because the current internal default is mistakenly set to v3 API it's still not optimal but will need a holistic solution in the future
2021-07-02 19:07:13 +04:00
Thibaut Patel
3ca4cd99f1 Moved the gated email card feature behing an alpha flag
issue https://github.com/TryGhost/Team/issues/842
2021-07-02 12:15:03 +02:00
Naz
607623211a Corrected deprecation comment
no issue

- Ghost 4.0 didn't contain any breaking changes. Breaks like this one will be introduced in 5.0
2021-07-02 13:50:11 +04:00
Rishabh
86fbb14033 Added subscription price data for logged-in member
no refs

- adds `price` data on subscription from related `stripe_price` on updating a member via frontend
- removes inconsistency between `GET` and `PUT` data for logged in member on a site
2021-07-01 23:30:14 +05:30
Naz
380c0dad2c Fixed email batch partitioning when only one card used
refs https://github.com/TryGhost/Team/issues/828

- Previous method had a bug where it didn't take into account cases when onlya single card with a segment filter has been used leaving the members not covered by that filter without an email
2021-07-01 20:58:24 +04:00
Naz
986a7526f5 Added member partitioner based on segment
refs https://github.com/TryGhost/Team/issues/828

- Before sending out batches with members we need to partition all members based on the segment they belong to. Special segment "unsegmented" is used in case none of the segments used in the emal cards cover part of the members set (for example only free members card used when emailing all members)
2021-07-01 20:58:24 +04:00
Thibaut Patel
2d95c1b8d7 Reverted a bad change from a previous commit
commit b94c8bcfd4
2021-07-01 16:39:36 +02:00
Hannah Wolfe
6f1a3e1774
Removed usages of new Error & i18n in legacy code
- cleaning up a handful of usages of i18n and new Error in some really old codepaths
- pushing our new patterns forward wherever we can
2021-07-01 12:53:06 +01:00
Thibaut Patel
b94c8bcfd4 Render an email correctly according to the associated member segment
issue https://github.com/TryGhost/Team/issues/829
2021-07-01 13:36:42 +02:00
Kevin Ansfield
29af4b93a0 Fixed linter errors
refs 517d2abc5c

- forgot to remove now-unused labs requires
2021-07-01 10:59:40 +01:00
Kevin Ansfield
517d2abc5c Added feature_image_{alt/caption} to the v4 posts API
refs https://github.com/TryGhost/Team/issues/839

It's now possible to set alt and caption for post feature images using `feature_image_alt` and `feature_image_caption` fields on a post resource.

- `feature_image_alt` - plain text, limited to 191 chars (alt text is not recommended to be longer than 125 chars, screen readers may cut the description off at that point)
- `feature_image_caption` - basic HTML, limited to 65535 chars

Alt and caption will be automatically used inside of newsletter content, for your website content make sure your theme is updated to use the v4 API and make use of the new properties.

---

- removed `featureImageMeta` labs flag
2021-07-01 10:53:55 +01:00
Hannah Wolfe
bd597db829
Moved settings/cache to shared/settings-cache
- This is part of the quest to separate the frontend and server & get rid of all the places where there are cross-requires
- At the moment the settings cache is one big shared cache used by the frontend and server liberally
- This change doesn't really solve the fundamental problems, as we still depend on events, and requires from inside frontend
- However it allows us to control the misuse slightly better by getting rid of restricted requires and turning on that eslint ruleset
2021-06-30 15:49:10 +01:00
Hannah Wolfe
3ea6df819c
Refactored SettingsCache to get events through DI
- requiring lib/common/events makes the settings cache tightly coupled to the server
- moving this up to settings index means the cache itself can be moved to a shared component/moved out of Ghost
- the index then becomes the settings manager
- questionable whether the event listeners & updater part of this shouldn't be part of a manager, independent of the actual cache 🤔
2021-06-30 15:40:41 +01:00
Naz
d33baf9ba4 Added member_segment persistance to email_batches
refs https://github.com/TryGhost/Team/issues/828

- We need a way to recreate a filter that was used to create an email content for specific email_recipient. By saving member_segment value for each email_batch we can traverse back to the filter that was applied during email creation.
2021-06-30 18:32:31 +04:00
Hannah Wolfe
0b333765d4
Refactored shutdown and reset for settings
- shutdown removed listeners, which should really be done before adding them anyway!
- reset sets the cache back to an empty object, which was already done by init
- merge these into one reset function that fully resets the cache
- all instances of shutdown were called before an init call, and now called during init, therefore these can be removed
- acceptance utils had an instance of calling shutdown and reset together as part of stopping Ghost, reworked that to be clearer
2021-06-30 15:18:15 +01:00
Naz
a62ab18b9f Added segmeted email batch creation
refs https://github.com/TryGhost/Team/issues/828

- When sending email batches out they need to be created without mixing different member segments. This allows for easier reasoning about what data has been sent out to each specific email recipient
- Modified email batches to chunk based on segments defined in the HTML content of the post
2021-06-30 17:43:28 +04:00
Naz
bb8cf6001e Added unique filtering for segment parser
refs https://github.com/TryGhost/Team/issues/828

- When detecting email segments and later creating a member filter out of this data we only care about unique segments otherwise we'd be creating multiple batches with the same segment filter
2021-06-30 17:43:28 +04:00
Naz
e04af28efe Added segment parser logic
refs https://github.com/TryGhost/Team/issues/828

- This is experimental segment extraction logic, more to follow. Alllows to extract arrays of email segments used in the email's HTML content
2021-06-30 17:43:28 +04:00
Thibaut Patel
a792b92e94 Added member segment to email batches
issue https://github.com/TryGhost/Team/issues/826
2021-06-30 14:56:20 +02:00
Hannah Wolfe
b33b837c39
Removed unused reinit function
refs: https://github.com/TryGhost/Ghost/pull/11987
refs: 7e28802b1c
refs: 0b79abf5b2
refs: https://github.com/TryGhost/Ghost/issues/12003

- renit was added in https://github.com/TryGhost/Ghost/pull/11987
- it was then refactored out in 7e28802b1c (I think inadvertently)
- but we no longer call settings.init() before the DB is ready with the new boot proces 0b79abf5b2s
- original bugs, such as https://github.com/TryGhost/Ghost/issues/12003 could have regressed as a result of this being removed, but it is hard to reproduce
- by not initising settings before migrations, we reduce the complexity of needing to reinit them
- this commit actually just removes dead code, but I've left all the context I've found today here in this message so that it can be easily reconstructed if needed
2021-06-30 12:44:32 +01:00
Hannah Wolfe
441b12d62c
Fixed route settings ref in api v3
refs: 8612f3aaeb

- this change was missing a git commit --amend 🙈
- note to self: our acceptance tests all use the v3 API...
2021-06-30 11:49:32 +01:00
Hannah Wolfe
8612f3aaeb
Moved route settings to new server service
- The main goal here is getting this settings related code out of the routing service as it really doesn't belong there
- This settings file is used purely by the API to get and set files - its not really anything to do with actual routing
- This file calls out to the bridge to do a reload, which helps decouple slightly
- More refactoring is needed to get rid of the urlService dependency
- Note this file is really similar to the redirects one, it would be good to merge them
2021-06-30 10:58:33 +01:00
Naz
32a09dc9c6 Updated createEmailBatches JSDoc
refs https://github.com/TryGhost/Team/issues/828

- Updated to follow latest code standards
2021-06-30 13:56:35 +04:00
Hannah Wolfe
ed46f31c71
Revert "Moved route settings to server"
This reverts commit 3c36af63cf.
2021-06-30 10:52:19 +01:00
Hannah Wolfe
4ef2ae4436
Revert "Refactored routing to be passed routes config"
This reverts commit 8d754a592e.
2021-06-30 10:52:11 +01:00
Rishabh
d196d9b525 Added benefits to product data in portal settings
refs https://github.com/TryGhost/Team/issues/838

- adds benefits data to product for portal UI
2021-06-30 14:51:42 +05:30
Hannah Wolfe
8d754a592e
Refactored routing to be passed routes config
- At the moment the bootstrap.start method asks the settings service for its settings
- This couples the routing and settings services together - when maybe we want to use a different method to generate settings
- By passing the settings to the routing service at the right time, we open up possibilities for refactoring
2021-06-30 09:43:54 +01:00
Hannah Wolfe
3c36af63cf
Moved route settings to server 2021-06-30 09:31:15 +01:00
Hannah Wolfe
2c729e99f9
Added reload frontend wrapper to bridge
- Allows for slight decoupling of API and frontend with route settings being updated
- Activate theme now calls the same codepath to reload the frontend
- Yet another step on the path to make it possible to init/reload/run the frontend independently from the server
2021-06-29 18:45:03 +01:00
Fabien O'Carroll
a6592566bb Added support for benefits to Admin Products API
refs https://github.com/TryGhost/Team/issues/806
2021-06-29 16:53:15 +01:00
Fabien O'Carroll
c57e612286 Added benefits relation to Product model
refs https://github.com/TryGhost/Team/issues/806

This relation sets up the ability to both read and write relations via
the Product model, allowing us to expose benefits via the Admin Product
API.
2021-06-29 16:53:15 +01:00
Fabien O'Carroll
cbac3d1eb0 Added Benefit model
refs https://github.com/TryGhost/Team/issues/806

This is the model to represent the Benefit resource stored in the
`benefits` table. The `onSaving` method has been copied from the Tag
model and ensures that we have a unique slug.
2021-06-29 16:53:15 +01:00
Daniel Lockyer
1ff4f6ce7d
Added guards against parentPort being null
fixes https://github.com/TryGhost/Team/issues/834

- see referenced issue for context
- there are times when `parentPort` can be null and the job crashes
  because `parentPort.postMessage` won't work
- this commit adds guards around `parentPort`, or moves code inside
  existing guards, to protect against this
2021-06-29 12:14:48 +01:00
Naz
7e9c182dc5 Added protective code to update-check job
refs https://github.com/TryGhost/Ghost/pull/13091

- When the job is run under Node v14 with SQLite DB the parentPort is `null` in some of the environments. The guarding code protects from the job crashing in such situation.
- The most probable cause is running btrheds with `BTHREADS_BACKEND = 'child_process';` configuration for SQLite. Should be fixed once https://github.com/mapbox/node-sqlite3/issues/1386 is properly resolved
2021-06-29 14:02:16 +04:00
Naz
c6c720634c Removed unused email analytics job
no issue

- The 'fetch-all' job was only used during development and has never been useful since. It's a dead code x_x
2021-06-29 13:47:55 +04:00
Hannah Wolfe
77996d1ee4
Moved vhost arg logic out of the parent app
- Makes the logic for determining the admin and frontend vhost args independent and easier to test
- Moved the tests to specifically test the vhost utils & removed proxyquire as a dependency
- We want to breakdown the current parent app into the existing core/app.js and boot code, allowing us to decouple the backend and frontend further
- This is all part of the refactoring to separate server and frontend completely
2021-06-28 19:38:42 +01:00
Hannah Wolfe
fcce649600
🔥 Removed netjet support
refs: https://github.com/cloudflare/netjet/issues/46

- HTTP2/Push never made it, this module is therefore defunct
2021-06-28 16:13:46 +01:00
Daniel Lockyer
1fc56ff1e8
🐛 Fixed validation on theme install API parameters
fixes https://github.com/TryGhost/Team/issues/818

- validation on query parameters should be wrapped in `options` within
  `validation`
- this is missing from the theme install API endpoint so we don't force
  the parameters to be passed in
- Ghost throws a 500 if `ref` is not supplied because following code
  assumes we've checked the existence
- this commit wraps the two query parameter validation statements in
  an `options` object to ensure they exist - Ghost returns a 422 if
  missing
2021-06-28 14:03:28 +01:00
Naz
58b3c47781 Fixed broken notifications/setting acceptance tests
refs d9ddc2db6a
refs https://github.com/TryGhost/Team/issues/754

- The tests were written with falsy assumptions and validation added in refed commit have uncovered it!
-  A secondary issue touched here is additional JSON object serialization that is used in the  "input serializer" -d9ddc2db6a/core/server/api/v2/utils/serializers/input/settings.js (L107-L110)
- The additional stringification should not be there at all. It covers for a mistaken internal use of Settings API where raw objects are passed around instead of serialized JSON Objects (see commets left with this changeset for details)
2021-06-28 16:48:00 +04:00
Naz
d9ddc2db6a Added extra validation for some settings of array type
refs https://github.com/TryGhost/Team/issues/754
refs a7dec233ba

- Additional validation protects from problems like the ones in refed commit from even getting through to the database.
- At the moment only used notificatons and couple more settings to ensure they are arrays when passed into the API. This is to avoid making big change in settings straight away - this is a problematic area which needs cautious approach.
- Ideally in the future the list of settings to check the "array" type (and other types) should be automatically generated based on the default-settings.json (or whatever way we define settings in the db a that moment)
- There's an ugly code-tripplication going on in this change. This is a separate topic that will be addressed once we work on API cleanup.
2021-06-28 14:26:18 +04:00
Naz
3f2327c4d1 🐛 Fixed update notification showing after upgrade
refs https://github.com/TryGhost/Team/issues/754
refs https://github.com/TryGhost/Team/issues/204
refs https://forum.ghost.org/t/critical-security-notification-keeps-displaying-even-after-updating-to-the-latest-version/23673

- After Ghost instance upgrade higher than v4.3.3 the security notification should not be shown any more, as the instance is now patched and fixes the issue.
- There was no way to derive the targetted Ghost version of the notification message so had to include matching based on other unique id of the message.
- Future improvements to update check/notifications should take this inconvenience into account (e.g. introduce a special field in notifications that tracks targetted Ghost instance version)
2021-06-28 11:25:04 +04:00
Fabien O'Carroll
b894b2a913 Added products_benefits table
refs https://github.com/TryGhost/Team/issues/804

The associative table is used to implement the many-to-many relationship
between Products and Benefits. The `sort_order` column is needed because
a product's benefits should be orderable by an admin.
2021-06-24 17:21:01 +01:00
Fabien O'Carroll
65b2e8a0a5 Added benefits table
refs https://github.com/TryGhost/Team/issues/804

Benefits are tag-like resources which will be associated with Products.
The first iteration just requires a name for the benefit, which will be
stored as plaintext.
2021-06-24 17:21:01 +01:00
Daniel Lockyer
53b7eb227b v4.8.3
-----BEGIN PGP SIGNATURE-----
 
 iHUEABYIAB0WIQTqYa7kNs8D7Oo9dgLSEYbwtHKVrQUCYNSBfAAKCRDSEYbwtHKV
 rdNyAP9sT2e/01PE1p8l0PoTbq6nOL08BIA8ZKDiX/tFDeJ7owD9EikupgI6snND
 VrvRyA3AIZf3+hooAfjxIogX7NhUrQU=
 =Aqm+
 -----END PGP SIGNATURE-----
gpgsig -----BEGIN PGP SIGNATURE-----
 
 iHUEABYIAB0WIQTqYa7kNs8D7Oo9dgLSEYbwtHKVrQUCYNSCAwAKCRDSEYbwtHKV
 rWOLAQDCheD486UqjssUUaEAjNxjoSzwvqnHSpnfRJB809eOmAEAv0UzVYM+vcJ6
 7vJdRXK2ke/dIc50n0mgRR8ktue6XAs=
 =TQTw
 -----END PGP SIGNATURE-----

Merged v4.8.3 into main

v4.8.3
2021-06-24 14:00:41 +01:00
Daniel Lockyer
f2ab12bb91
🐛 Fixed incorrect data returned when using API fields
refs 188de00489

- this fix was incorrect - the function should have been on the
  prototype but I'd moved it over incorrectly into the static class functions
- this commit moves `defaultColumnsToFetch` to the prototype functions
  and reverts the referenced commit back to `this.prototype` as expected
- this wasn't including the custom columns from the `post` model, which
  was causing tests to fail
- pro tip: run tests!
2021-06-24 13:47:15 +01:00
Naz
07f7a7a158 Added JSDoc to notifications service's destroy
refs https://github.com/TryGhost/Team/issues/754

- Extra type intellisense is good!
2021-06-24 16:34:29 +04:00
Naz
b5fb439ae7 🐛 Fixed version update indicator on about page
refs https://github.com/TryGhost/Team/issues/754
closes https://github.com/TryGhost/Ghost/issues/13088
refs a7dec233ba

- The corrupted data recovery mechanism for notifications is needed to be able to fix the data stored in `settings` table under `notifications` key. There was no validation in place, which has caused some instances to store data in unreadable/writable state
- The recovery mechanism is in place to avoid adding migrations every time we spot a broken notifications data (will be fixed by validation soon).
- The notification data is also NOT critical but valuable for system functioning properly, that's the reason why the data "healing" happens in less secure  "fire-and-forget" way
- The referenced commit is where the "bigger" problem that was causing the data corruption was at. This change is a "cleanup" after what has happened there - storing Ghost error object in `value` for `notifications` key
2021-06-24 16:33:01 +04:00
Daniel Lockyer
e389a6d991 v4.8.2
-----BEGIN PGP SIGNATURE-----
 
 iHUEABYIAB0WIQTqYa7kNs8D7Oo9dgLSEYbwtHKVrQUCYNR3tAAKCRDSEYbwtHKV
 rXcMAQDQd7EcEmIx3sHlA5wjMz9SMZaybaOqLMzgCdUft2KOagD/dFtZBYpK4DLB
 Kr42XrNMVvORHNPso5lL35s9KNbTlwM=
 =OqBv
 -----END PGP SIGNATURE-----
gpgsig -----BEGIN PGP SIGNATURE-----
 
 iHUEABYIAB0WIQTqYa7kNs8D7Oo9dgLSEYbwtHKVrQUCYNR4ygAKCRDSEYbwtHKV
 rXtsAQDNUqm3qK0b8/hET9h7cIG5J5RpAo0WYJWxv01DwcTscAEAjlfK3vgUo3wD
 uHeeXH+DXOIhAqSxsXoJr7X+N/s+WQw=
 =BJTH
 -----END PGP SIGNATURE-----

Merged v4.8.2 into main

v4.8.2
2021-06-24 13:21:23 +01:00
Daniel Lockyer
188de00489
🐛 Fixed error when using API to search for tags
refs a457631a20

- `defaultColumnsToFetch` was moved to the CRUD plugin in the referenced
  commit, which makes it a function on `this` instead of `this.prototype`
- this means the function doesn't exist and Admin throws an error when
  you start typing in the search bar because the API 500s
- this commit switches it to `this.defaultColumnsToFetch()`
2021-06-24 13:08:05 +01:00
Daniel Lockyer
ac8029680c v4.8.1
-----BEGIN PGP SIGNATURE-----
 
 iHUEABYIAB0WIQTqYa7kNs8D7Oo9dgLSEYbwtHKVrQUCYNRcHQAKCRDSEYbwtHKV
 rQJeAP9ufmgIztn1oj8kF7tZMZk4xaVCakqIgyQBlPvFKc+aawD8Dv44mmZ4Ntar
 7FQ52i07TCwk/b8lCUwxD4maYBuZNAE=
 =fgVN
 -----END PGP SIGNATURE-----
gpgsig -----BEGIN PGP SIGNATURE-----
 
 iHUEABYIAB0WIQTqYa7kNs8D7Oo9dgLSEYbwtHKVrQUCYNRciwAKCRDSEYbwtHKV
 rRatAQCJ27vyVeGYlnXVWF0XSgj3+QEwl2eEgh4GoVp4BPzHAwD/WrGvKRvddDtA
 kiqv93vRTda3GV1R4FGYVl34MwbGFAA=
 =+Yci
 -----END PGP SIGNATURE-----

Merged v4.8.1 into main

v4.8.1
2021-06-24 11:20:53 +01:00
Daniel Lockyer
ce68b2e4a9
Reverted destroy function of CRUD plugin to chained promises
refs https://github.com/TryGhost/Team/issues/808

- see referenced issue for context, but turning this function into
  async-await seems to have broken error handling when deleting things
  that don't exist
- i'm really not sure why - but my running theory is that it's something
  to do with Bluebird Promises vs native Promises
- this should keep the same functionality until I can investigate what
  is going on
2021-06-24 10:17:40 +01:00
Daniel Lockyer
323074f106
🐛 Fixed error when deleting non-existent snippet
fixes https://github.com/TryGhost/Team/issues/809

- Bookshelf won't throw a `NotFoundError` unless `require=true` in the
  options
- this is present in most other API endpoints, so it's just simply
  missing from the snippet one
- without this, Ghost will crash with a 500 saying `Cannot read property
  'destroy' of null`
- this commit adds `require=true` to the destroy options for both the canary +
  v3 endpoints
2021-06-24 09:58:35 +01:00
Matthew Schmoyer
7bac21d591
🐛 Fix test email member uuid (#12809)
refs: #12808

- we need to use the uuid, not the id, so that e.g. unsubscribe urls are set correctly
- this is only for test emails, but it's still important to be able to test things fully!
2021-06-24 09:42:15 +01:00
Thibaut Patel
dc91eabe3c Moved the "Reset all passwords" permission migration to Ghost 4.9
commit f12f64e87b
2021-06-23 17:08:44 +02:00
Naz
42e11ca859 Fixed update check logging when run within a job
refs https://github.com/TryGhost/Team/issues/754

- The logging wasn't working for the update check when run from the scheduled job. Fixed package method signature to allow for "logging" parameter. The sideeffect of this change was such that we need to instantiate a new instance of the UpdateCheckService on every method call to differentiate the call from within the code (controller) or from the job level
- Also added an await before returning the check method call as it didn't execute properly on the job level - the `await` wasn't waiting for the update check to actually do it's job!
2021-06-23 18:38:05 +04:00
Thibaut Patel
f12f64e87b
🔒 Added a "reset all passwords" feature (#13005)
issue https://github.com/TryGhost/Team/issues/750

- Only accessible by admins
- Resets all staff users' passwords and prevents them to log-in
- Sends them a reset email password to give them back access to their account
- Closes all existing staff user sessions
2021-06-23 14:54:28 +02:00
Fabien O'Carroll
c46542532d Added support for importing products column
refs https://github.com/TryGhost/Team/issues/765

This supercedes the `complimentary_plan` flag, as it is more precise
because it determines _which_ product(s) a member has access to. Because
of this, if the `products` column is present the `complimentary_plan`
column is not used.
2021-06-23 13:53:34 +01:00
Fabien O'Carroll
1de88f7397 Included products when exporting member csv
refs https://github.com/TryGhost/Team/issues/765

Since Members can be given complimentary access to one of many products,
we must include which products a member has access to when exporting
from Ghost. This will allow us to reimport without losing information.
2021-06-23 13:53:34 +01:00
Fabien O'Carroll
b197d71c4e Linked comped members to default product for imports
refs https://github.com/TryGhost/Team/issues/765

As part of the multiple products feature, we're not longer using Stripe
subscriptions to denote Complimentary access, instead we're linking
members directly to products. Here we update the importer to follow
suit, so long as the flag is enabled.
2021-06-23 13:53:34 +01:00
Fabien O'Carroll
9fc69d8f07 Moved MembersCSVImporter out of index.js file
no-issue

This cleans up the importer to match the standards of the rest of our
codebase.
2021-06-23 13:53:34 +01:00
Naz
0d0e09f173 Moved update check scheduling logic out of boot.js
refs https://github.com/TryGhost/Team/issues/754

- This is a minor cleanup. There should be no logic in the boot.js file other than calling services to "initialize themselves"
2021-06-23 15:01:43 +04:00
Naz
90cc801394 Added JSDoc and unit tests for email replacement parser
refs 474e6c4c45

- The method was not easy to understand after skimming through it.
- As we are working on developing a similar pattern for upcoming similar featured created a basic test suited to see input/output relation clearly
2021-06-23 12:00:03 +04:00
Naz
5edd056a61 Renamed bulk-email index to bulk email processor
no issue

- idex.js files are meant to expose the API of the module and not contain code
- Next step would be reworking the code to use class/injection pattern
2021-06-22 20:19:57 +04:00
Ikko Ashimine
cb9ca30f72 Fix typo in image-size.js
withing -> within
2021-06-22 15:47:41 +01:00
Rishabh
d9c1713dae Updated sentry config for members site endpoint
no refs

- updates portal sentry config's dsn and env naming
2021-06-22 12:31:30 +05:30
Kevin Ansfield
446993a905
Added additional newsletter customisation settings (#13074)
refs https://github.com/TryGhost/Team/issues/793

New settings added for newsletter customisation options:

- `newsletter_header_image` - `null/"$url"`
- `newsletter_show_header_icon` - `"true/false"`
- `newsletter_show_header_title` - `"true/false"`
- `newsletter_title_alignment` - `"center/left"`
- `newsletter_title_font_category` - `"serif/sans_serif"`
- `newsletter_show_feature_image` - `"true/false"`

`newsletter_show_header` has been dropped because the same functionality can be achieved by setting both `newsletter_show_header_icon` and `newsletter_show_header_title` to `false`

---

- migration to convert and delete `newsletter_show_header` setting
- removed `newsletter_show_header` from default settings to ensure it doesn't get re-created
- replaced main labs template and template settings generation with the labs template
- deleted labs template
2021-06-21 13:40:40 +01:00
Rishabh Garg
acb0bd47af
Added sentry config to frontend site settings for Portal (#13086)
no refs

- adds sentry config for portal when available to integrate error handling
2021-06-21 17:59:20 +05:30
Rishabh Garg
d8c2428094
Added portal products data to member site endpoint (#13053)
refs https://github.com/TryGhost/Team/issues/768

- adds `portal_product` settings data to the member site endpoint for Portal behind the `multipleProducts` flag
2021-06-21 14:41:15 +05:30
Rishabh Garg
8f104f67b1
Added new portal_products setting (#13055)
refs https://github.com/TryGhost/Team/issues/768

- `portal_products` stores list of products available in Portal
- adds new `portal_products` setting to default settings
- adds migration to populate `portal_products` with current product so its available by default
- update tests
2021-06-21 14:01:50 +05:30
Kevin Ansfield
ca5c58030b Added feature image caption and alt to labs email template
no issue

- when feature image redesign flag is enabled add the caption under the feature image when available
- adds extra class for feature image so spacing can be adjusted when the caption is present
2021-06-18 16:03:58 +01:00
Kevin Ansfield
22306c4b19 Fixed type errors in post-email-serializer
no issue

- fixed errors showing in editor, no bugs just minor expected type differences
2021-06-18 15:37:42 +01:00
Daniel Lockyer
a457631a20
Moved defaultColumnsToFetch to Bookshelf CRUD plugin
no issue

- the CRUD plugin uses this function so we want to keep similar things
  together to make it easier to test in the future
2021-06-17 17:07:10 +01:00
Daniel Lockyer
0830bcb74e
Moved setId function to Bookshelf events plugin
no issue

- `setId` is only used within the `events` plugin and it makes sense to
  keep code together
- we don't lose anything by putting it here, but it should make it
  easier to test in the future
2021-06-17 17:07:10 +01:00
Fabien O'Carroll
5b66933981 Supported directly assigning products to members
refs https://github.com/TryGhost/Team/issues/748

This updates the @tryghost/members-api MemberRepository to stop ignoring
the `products` data passed to write operations, and to attach products
directly to members. As this logic is part of a new feature, we are
maintaining existing functionality by deleting the products data when
the feature flag is not enabled.

This functionality allows us to give members complimentary access to a
product without needing to use a Stripe Subscription internally.
2021-06-17 16:57:53 +01:00
Daniel Lockyer
c0baf5fdee
Moved formatOnWrite function to Bookshelf override plugin
no issue

- `formatOnWrite` doesn't override anything in Bookshelf but we use it
  within the `override` plugin and sub-models may override it, so it's
  easier to keep these things together
2021-06-17 16:47:47 +01:00
Daniel Lockyer
a635f3b68d
Updated JSDoc optional syntax in CRUD plugin
no issue

- optional parameters can be given in square brackets which makes
  editors understand it easier
2021-06-17 15:04:52 +01:00
Daniel Lockyer
a622f44564 Extracted Bookshelf method overrides to plugin
no issue

- all these functions override those within Bookshelf so this commit
  extracts them into a separate plugin from the Base model
2021-06-17 15:02:34 +01:00
Daniel Lockyer
5e9ab27a21
Refactored out local DB require in bulk-operations plugin
no issue

- we were only importing the `db` to access the `knex` instance, but
  we can get this through the Bookshelf instance
- switches to pulling out `knex` from Bookshelf so we can remove the
  remaining local require
2021-06-17 13:16:11 +01:00
Daniel Lockyer
a2b3568956
Fixed indenting for Bookshelf sanitize plugin JSDoc
no issue

- the indentation copied over incorrectly when I moved the code between
  files
2021-06-17 13:01:15 +01:00
Daniel Lockyer
76397f5aed Moved Bookshelf plugins to folder
no issue

- this moves all the plugins into a folder which but allows us to
  see which are still hanging around to be extracted out
2021-06-17 12:04:38 +01:00
Daniel Lockyer
67539a143b Extracted Bookshelf data manipulation code into plugins
no issue

- this commit extracts all code relating to manipulating/fixing data
  from the Base model into its own plugin
2021-06-17 12:04:38 +01:00
Daniel Lockyer
33d0f686be Extracted Bookshelf user type code into plugin
no issue

- this commit extracts the code relating to detecting if a user ID is
  internal/external from the Base model into a separate plugin
2021-06-17 12:04:38 +01:00
Daniel Lockyer
89ba4081b4 Extracted Bookshelf filtered collection code into plugin
no issue

- this commit extracts all code relating to filtering collections to a
  separate plugin to break down the Base model
2021-06-17 12:04:38 +01:00
Daniel Lockyer
930df4b7fb Extracted Bookshelf bulk operations to plugin
no issue

- this commit extracts code relating to bulk DB operations into a
  separate plugin
- it __could__ go into the CRUD one but these operations are a little
  more involved
2021-06-17 12:04:38 +01:00
Daniel Lockyer
e2b2a51d9b Extracted Bookshelf generateSlug function to plugin
no issue

- this commit extracts the niche `generateSlug` function into
  its own plugin so it can be extracted in the future
2021-06-17 12:04:38 +01:00
Daniel Lockyer
553e0932b2 Added missing Bookshelf JSDoc import
no issue

- this helps us with types across the model code
2021-06-17 12:04:38 +01:00
Daniel Lockyer
763d368c6e Extracted Bookshelf sanitization code to plugins
no issue

- this commit extracts all options + data sanitization code from the Base
  model into a plugin
2021-06-17 12:04:38 +01:00
Daniel Lockyer
f4f31027b7 Extracted Bookshelf raw_knex function to plugin
no issue

- this commit extracts the niche `raw_knex` function from the Base model
  into its own plugin
2021-06-17 12:04:38 +01:00
Daniel Lockyer
6ce1b11a15 Extracted Bookshelf events code to plugin
no issue

- this commit extracts event related code from the Base model into a plugin
- in particular:
    - events initialization
    - the `on*` events
    - `emitChange` - I'm not sure about this one but it __is__ event
      related
2021-06-17 12:04:38 +01:00
Daniel Lockyer
93c00b1ab7 Extracted Bookshelf actions code to plugin
no issue

- this commit extracts code related to Actions from the Base model into
  a separate plugin
- `api-key.js` contained the exact same helper function as the Base
  model so that has been de-duplicated
2021-06-17 12:04:38 +01:00
Daniel Lockyer
14ffd0b9d9 Extracted Bookshelf setup code into separate file
no issue

- I'm working on pulling apart the base index.js and this code is
  specific to setting up Bookshelf + the plugins, which is pretty
  contained and can stay in one file
- it only has one local require so it might be a good candidate for
  extracting out of Ghost in the future
2021-06-17 12:04:38 +01:00
Kevin Ansfield
557ef28ae5 Added psmRedesign as an allowed labs flag
refs https://github.com/TryGhost/Team/issues/786

- flag will be used by Admin to toggle between old (popover) and new (sidebar) post settings menu behaviour
2021-06-17 10:49:20 +01:00
Sam Lord
3f0bab4389 Replaced request module with @tryghost/request
no issue
Part of the effort to break up Ghost into smaller, decoupled modules.
2021-06-16 13:16:15 +01:00
Sam Lord
24332c3d24 Replaced ghost-version.js with @tryghost/version
no issue
Part of the effort to break up the Ghost codebase into smaller, decoupled modules.
2021-06-16 13:16:15 +01:00
Fabien 'egg' O'Carroll
8ea577b58b
Added support for canceling subscriptions (#13039)
refs https://github.com/TryGhost/Team/issues/775

As we currently do not delete canceled subscriptions and they are
exposed via the API, this functionality has been added to the
editSubscription controller method under the PUT HTTP method.

The cancelSubscription method in @tryghost/members-api was updated to
handle deleting by member id
2021-06-16 11:25:19 +01:00
Hannah Wolfe
526993965a
Switch to @trghost/validator, remove validator
- Part of the effort to split Ghost down into smaller, decoupled pieces
- Moved out our internal validator tooling to a separate library
- Replaced all usage of our own tooling and validatorjs directly with @tryghost/validator
- Removed the validatorjs dependency and removed the renovate pin
- This gives us a consistant, smaller, clearer public API for validations
- It will eventually be used on Ghost Admin too
- This way we can start getting up to date with validator whilst not increasing build size
2021-06-16 08:11:22 +01:00
Daniel Lockyer
97c0c93959 Refactored Bookshelf CRUD functions into plugin
no issue

- we're going to pull this out into the framework monorepo but
  refactoring it here first makes it a lot easier to extract without
  losing the history
2021-06-15 18:27:43 +01:00
Sam Lord
35e51e364b Switch to @tryghost/debug, remove ghost-ignition
no issue
The only pieces of Ghost-Ignition used in Ghost were debug and
logging. Both of these modules have been superceded by the Framework
monorepo, and all usages of Ignition have now been removed, replaced
with @tryghost/debug and @tryghost/logging.
2021-06-15 17:24:22 +01:00
Daniel Lockyer
f91daffdad
Revert "Refactored Bookshelf CRUD functions into plugin"
this reverts the following until tests have been fixed:
 - e51d505abb
 - c86ac27dcf
 - 3ffba967f2
2021-06-15 16:41:14 +01:00
Sam Lord
caea330647 Change to use @tryghost/logging
no issue

Logging is now controlled by a logginrc.js file in the root of the project - and now we can just import @tryghost/logging everywhere
2021-06-15 15:59:11 +01:00
Daniel Lockyer
3ffba967f2
Fixed path to CRUD plugin
no issue

- I renamed this just before pushing the previous commits but forgot to
  update it here
2021-06-15 15:50:22 +01:00
Daniel Lockyer
c86ac27dcf
Removed unused require
no issue

- we no longer need this as the code was extracted into a plugin
2021-06-15 15:49:21 +01:00
Daniel Lockyer
e51d505abb
Refactored Bookshelf CRUD functions into plugin
no issue

- we're going to pull this out into the `framework` monorepo but
  refactoring it here first makes it a lot easier to extract without
  losing the history
- note: this is very temporary and will be extracted soon
2021-06-15 15:46:33 +01:00
Hannah Wolfe
0fe8426f97
Renamed validation to validator + better public API
- renamed our internal validation library to "validator" - which is the same as the tool it wraps
- updated the public api so that validator methods are directly exposed
- this will make it a drop-in replacement for validator-js
- in turn, this allows us to pull this out into @tryghost/validator, and use our own wrapper instead of the 3rd party library
2021-06-15 15:32:36 +01:00
Hannah Wolfe
1688b17c49
Refactored + cleaned up validation tools
- General code cleanup
- Removed unused notContains rule
- Swapped custom empty rule for builtin isEmpty rule
- Dropped usage of .extend on validator, as this was removed 2 years ago!
   - This will allow us to upgrade the validator dependency to a much newer version
- Changed our internal validator module to only expose the functions we use.
   - This gives us a clearer Public API
   - It makes it easier to see if we are affected by changes in validator
   - It's still easy to add another validator, we just have to update what we require
   - We can potentially use this to make smaller builds esp for client-side usage
   - Once ripped out into a module we can use ES imports :D
- Rejigged and _slightly_ improved the tests
2021-06-15 15:17:20 +01:00
Sam Lord
160cb07e02 Added @tryghost/root-utils to the ghost-version module
no issue
Part of the effort to split ghost into smaller, decoupled parts. The
@root-utils package lets us avoid hard-coding a path to package.json,
and means that the ghost-version.js file could eventually be moved
into a separate module.

This commit uses a patched version of @tryghost/root-utils which
checks for the existence of a `current` directory, as used in
Ghost-CLI. Since this is very specific to Ghost and Ghost CLI, there's
a new method called "getGhostRoot" for this purpose.
2021-06-15 15:06:31 +01:00
Daniel Lockyer
7cbe565f4f
Fixed JSDocs in base model
no issue

- Promise parameter types are given in diamond branches instead of
  parentheses, so switching to this makes editors happy
2021-06-15 13:28:59 +01:00
Daniel Lockyer
495ef867c2 Extracted Bookshelf plugins from Ghost to Framework repo
refs:
  - cf15f60085
  - dd20cc649b
  - ccf27f7009
  - abf146d61f
  - 2b54c92a14
  - bb029a53f6
  - 95bd7ee675
  - 9018b4df22
  - df01a6e5f4
  - d313726b34

- these plugins were in a state where they were independent enough to be
  pulled out into their own packages, which is what we did in the
  referenced commits above
- each package is named like `@tryghost/bookshelf-<plugin>`
- to avoid requiring multiple packages into Ghost, we've also created a
  wrapper package called `@tryghost/bookshelf-plugins` which re-exports
  all these plugins, so the changes in Ghost are very simple - dbebdd43b5
- this commit deletes the plugins + tests, and replaces with our new
  package with some minor code changes
2021-06-15 12:49:38 +01:00
Hannah Wolfe
4e49aeb9a0
Moved password validation into a library
- This is super specific code relating only to validating passwords.
- It's needed as a shared validator as we use other funnels to help people setup Ghost on Pro, but currently it's hard-baked into Ghost
- It's also not the greatest code. It'd be nice to be able to rework it and know that would automatically update everywhere passwords are set
2021-06-15 12:33:14 +01:00
Hannah Wolfe
d3cc85c920
Moved schema validator into the schema module
- This is a really specific piece of code related to validating models against our internal schema.js format
- This doesn't make sense without a schema.js file
- It does depend on the internal validator and validate tools - but those are used elsewhere too, and can reasonably be moved out of the codebase
- I don't see schema.js moving out of the codebase any time soon. We can move the validator but it would be a class that requires schema via DI
- For now my focus is on getting the data/validation tooling separated and making clear sense
- Improving data/schema can come later :)
2021-06-15 11:54:34 +01:00
Hannah Wolfe
68d60a1834
Removed i18n from validation modules 2021-06-15 11:30:37 +01:00
Daniel Lockyer
8e46288f37
Fixed JSDocs within pagination Bookshelf plugin
no issue

- `options` is not a correct type, so changed it to `Object` - maybe we
  could introduce an `options` type at some point
- also fixed another case of incorrect subtype extraction from
  `bookshelf`
2021-06-15 09:09:48 +01:00
Rishabh
db50aa64d8 Added cache invalidation for products api
no refs

- adding/changing products needs cache invalidation header otherwise frontend endpoints like `/members/api/site` use cached product data
- adds cache invalidation for both add and edit endpoints for products
2021-06-15 12:40:55 +05:30
Daniel Lockyer
5c866fadde
Removed i18n from base model
refs d783a8d2d4

- we're removing i18n from Ghost core because it no longer meets our
  needs
- this switches out i18n in the base Bookshelf model for our
  `tryghost/tpl` package with a `messages` object of strings sprinkled
  through the code
2021-06-14 20:53:13 +01:00
Daniel Lockyer
b7d96149e2
Improved JSDoc typing for Bookshelf plugins
no issue

- eager-load: turned param import into typedef for reusability and fixed
  attribute typing
- pagination:
    - removed typing on helper function object - this was incorrect and
      tsserver can pick up the real types a lot better, so removing it
      reduces maintenance overhead
    - `fetchPage` actually returns a Promise, so this fixes the typing
      on the docs
2021-06-14 20:52:18 +01:00
Daniel Lockyer
becf4c04e5
Converted Bookshelf collision plugin into async-await
no issue

- this helps avoid promise chaining and keeps the code neater
- also removes unneeded `bluebird` import after this change
2021-06-14 20:52:18 +01:00
Sam Lord
1ec79bfaea Revert "Added @root-utils to the ghost-version module"
This reverts commit 846e9f1bbc.
2021-06-14 18:42:40 +01:00
Hannah Wolfe
c37de311ea
Split validation index into separate files
- The data/validation module is made up of several loosely related things with lots of dependencies
- Separating out the various components makes it possible to see what's what, and importantly what has complex dependencies
- validator + validate probably go togetheri in an external module, the other two files should probably have their own homes in related areas of ghost e.g. schema -> data/schema/validate.js
2021-06-14 18:18:28 +01:00
Sam Lord
846e9f1bbc Added @root-utils to the ghost-version module
no issue
Part of the effort to split ghost into smaller, decoupled parts. The
@root-utils package lets us avoid hard-coding a path to package.json,
and means that the ghost-version.js file could eventually be moved
into a separate module.
2021-06-14 16:33:53 +01:00
Daniel Lockyer
0cd9acabec
Imported Bookshelf type into plugin JSDocs
no issue

- the `Bookshelf` type wasn't being imported anywhere and editors were
  showing warnings for the missing type
- also fixes use of `Bookshelf.Model` - this doesn't work if we declare
  `Bookshelf` using a `@typedef` and the preferred syntax is using an
  array index
- note: it still complains because we're calling functions that are only
  declared in our custom Bookshelf Model but this is a step in the right
  direction
2021-06-14 16:30:58 +01:00
Daniel Lockyer
de9960fc45
Fixed broken syntax in pagination plugin
refs d783a8d2d4

- missed a comma in the `messages` object 🤦
2021-06-14 15:21:57 +01:00
Daniel Lockyer
d783a8d2d4
Removed use of i18n in Bookshelf plugins
no issue

- i18n is eventually going away in Ghost so we want to remove uses of it
- Bookshelf plugins are also getting extraced out of Ghost so we need to
  remove all local requires
- i18n is being replaced by inline templating with strings stored in the
  `messages` object
- this commit switches out the use of i18n in the Bookshelf plugins and
  replaces the templating function with our `@tryghost/tpl` package
2021-06-14 15:13:41 +01:00
Daniel Lockyer
e3ea40e268
Fixed JSDoc for DB helper functions
no issue

- the docs were referring to different parameter names so this commit
  bring them in line to make the warnings go away
2021-06-11 16:03:42 +01:00
Rishabh
0766a19afd Updated products data in portal site endpoint
refs https://github.com/TryGhost/Team/issues/763
refs https://github.com/TryGhost/Team/issues/718

- Removes redundant `plans` data from site data
- Updates products data to include monthly/yearly price
- Filters multiple products on site data based on labs flag
2021-06-11 12:41:46 +05:30
Kevin Ansfield
1bc57b584a
Added posts_meta.feature_image_{alt,caption} columns (#13030)
refs https://github.com/TryGhost/Team/issues/770

We want post feature image functionality to better match what's available inside the editor, to do that we'll need somewhere to store alt and caption meta data. `posts_meta` chosen because even though we want to make this generic for other tables in the future those tables also have a `feature_image` (or closely related) field.

- updated schema with new columns
- added migration to create columns
- cleaned new columns from API output
  - not output on v2/v3
  - conditionally output on v4/canary output based on labs flag
- bumped `@tryghost/admin-api-schema` to allow new columns through in canary API requests
  - silently clean properties from input when labs flag is disabled
  - updated acceptance tests so they fail if `admin-api-schema` is not letting the new fields through
2021-06-10 20:35:56 +01:00
Kevin Ansfield
4e724b6451
Fixed order of flatten/clean operations in posts output serializers (#13038)
no issue

`post.clean()` implementation was expecting a flat structure representing final API output but was being called before the flatten operation for `posts_meta` meaning the structure looked like `attrs.posts_meta.property` instead

- adjusted order in output serializers to call `clean()` after flattening the `posts_meta` object
- in `v2` output serializer, moved removal of properties from the serializer into `clean()` for consistency
2021-06-10 15:14:02 +01:00