closes#1838
- adding `forceAdminSSL: {redirect: true/false}` option to allow 403 over non-SSL rather than redirect
- adding `urlSSL` option to specify SSL variant of `url`
- using `urlSSL` when redirecting to SSL (forceAdminSSL), if specified
- dynamically patching `.url` property for view engine templates to use SSL variant over HTTPS connections (pass `.secure` property as view engine data)
- using `urlSSL` in a "reset password" email, if specified
- adding unit tests to test `forceAdminSSL` and `urlSSL` options
- created a unit test utility function to dynamically fork a new instance of Ghost during the test, with different configuration options
closes#2264
- added permissions check to db, users and posts
- added register method to users
- added doesUserExist method to users
- added user from session to internal calls
- changed permissible to overwrite canThis
- removed action map and action type from permissable method
closes#2058
- fixed apiContext as suggested in the issue
- added user to options object for models
- added api.users.register() for public registration
- changed models to use options.user for created_by, updated_by,
author_id and published_by
- added override to session model to avoid created_by and updated_by
values
- added user (id: 1) to tests
- added user (id: 1) for registration
- added user (id: 1) for import, fixtures and default settings
- added user (id: 1) for user update
- added user (id: 1) for settings update (dbHash, installedApps, update
check)
- updated bookshelf to version 0.6.8
Closes#2083
* Added hbs template for apps listing
* Added settings to read the activeApps
* Added viewcontrol to activate / deactivate apps
* Added API handler to store activeApps (by `name` in the `package.json` file)
* On button click it turns the button into "Working" and changes class to `button` (grey one)
* On success, rerenders the pane, adds success notification about apps being saved
* On error, rerenders the pane, adds error notification with error message
Missing:
* tests: couldn't figure out how to add mock apps with mock package.json data
* actually registering, etc, re #2140
* icon from the sidebar
no issue
There seemed to be no convention or order to the functions in the admin controller, so I have:
- organised them
- reordered them
- added a small doc-block
- reordered some routes
- updated tests accordingly
addresses #1789, #1364
- Moves ./core/server/loader -> ./core/bootstrap.
The bootstrap file is only accessed once during startup,
and it’s sole job is to ensure a config.js file exists
(creating one if it doesn’t) and then validates
the contents of the config file.
Since this is directly related to the initializing
the application is is appropriate to have
it in the ./core folder, named bootstrap as that
is what it does.
This also improves the dependency graph, as now
the bootstrap file require’s the ./core/server/config
module and is responsible for passing in the validated
config file.
Whereas before we had ./core/server/config
require’ing ./core/server/loader and running its
init code and then passing that value back to itself,
the flow is now more straight forward of
./core/bootstrap handling initialization and then
instatiation of config module
- Merges ./core/server/config/paths into
./core/server/config
This flow was always confusing me to that some config
options were on the config object, and some were on
the paths object.
This change now incorporates all of the variables
previously defined in config/paths directly
into the config module, and in extension,
the config.js file.
This means that you now have the option of deciding
at startup where the content directory for ghost
should reside.
- broke out loader tests in config_spec to bootstrap_spec
- updated all relevant files to now use config().paths
- moved urlFor and urlForPost function into
./server/config/url.js
closes#1464
- adds opt-out via updateCheck:false in config.js
- update check is done on admin index, but doesn't interfere with rendering
- adds update check module, which gets the usage data, makes the request and handles the response
- adds two new settings to default-settings, one for next check time, and one for whether to show the notification
- adds a new rejectError method to errorHandling
- adds a new helper for displaying the notification
Conflicts:
core/server/helpers/index.js
core/test/unit/server_helpers_index_spec.js
throttle list
- once a user has successfully logged into ghost
they no longer are a malicious user and as such
their IP address should be removed from the
array of login attempts
- should also reduce the memory usage of Ghost
as the loginSecurity array gets pruned upon
every successful login
- this also fixes a race condition i was experiencing
during functional tests wherein i would receive
the login throttle message during regular testing.
Seems my machine is able to run casper fast enough
that it could complete each test under an amount
of time that tripped the login throttle message.
issue #1754
- remove path (it was only used once, and not needed)
- change webroot to subdir
- add unit tests for config.paths
- various other cleanup
- renamed client-side ghostRoot to subdir
- added url helper for client
covers 90% of #755
- moved ghost.settings to api.settings
- moved ghost.notifications to api.notifications
- split up api/index.js to notifications.js, posts.js, settings.js,
tags.js and users.js
- added instance.globals as temp workaround for blogglobals (Known
issue: blog title and blog description are updated after restart only)
- added webroot to config() to remove `var root = ...`
- changed `e` and `url` helper to async
- updated tests
Move helper functions registerThemeHelper and registerAsyncThemeHelper
to the helpers module.
Also update the app proxy object to reflect this new code location,
and the tests to reflect that as well
Create ./sore/server/filters which houses all filter related behavior.
Was previously on the ghost singleton.
Also create the filters_spec file for testing
and update all code and tests to use new code location.
Create ./sore/server/helpers/template which houses all template related behavior.
Was previously on the ghost singleton.
Also create the helpers_template_spec file for testing
and update all code and tests to use new code location.
Move ghost.mail instance onto the mail module directly
and update related code and tests to use new location
Move Polyglot instance onto require module directly
Move ghost.availablePlugins to plugins module directly
- changed cookieSession to session
- added session.regenerate for login and logout
- added bookshelf session store
- added session table to database
- added import for databaseVersion 001
- added grunt task test-api
- cleanup of gruntfile to start express when needed only
- moved api tests to functional tests
Closes#1471
- add api and User model methods for generating and validating tokens
- add routes and handlers for reset password pages
- add client styles and views for reset password form
- some basic integration tests for User model methods
issue #635
- upload controller shouldn't assume fs
- filesystem module proxies all the fs work
- proxies and exposes middleware for serving images
- creating a date based path and unique filename is a base object util
- unit tests updated
issue #1365
- added /*jslint unparam:true*/ to functions where absolutely necessary
- added /*jslint unparam:true*/ to functions in which keeping parameter
list added clarity to the underlying api, even when those parameters
are not currently used
- removed unused parameters in a few places
closes#952
- moved api.js to api/index.js
- added api/db.js for import and export functions
- moved /ghost/debug/db/export to GET /api/v0.1/db
- moved /ghost/debug/db/import to POST /api/v0.1/db
- removed /ghost/debug/db/reset
- added validation for import
- added constraints object to migration
closes#705
- uses the file type passed by express/connect
- relies on the type being set correctly by the browser upload
- doesn't reread the file to check
closes#502
part of #705
- copy the files but then remove the temporary ones
- moving instead of copying was problematic due to moving across devices
- still need to convert code to using promises
Fixes#798
- Now checks the request URL against a whitelist to determine whether the settings
page exists.
**Notes**
- This works in the short term, but a better solution for enumerating the available
settings views or centralising a list of recognised views that are available
to client side code, (the router and sidebar, among others) as well as the backend
controller will be required.
