Commit Graph

46 Commits

Author SHA1 Message Date
Kevin Ansfield
353cad7ed2 Fixed mirage members route permissions checks
refs 568e4183e3
refs 258f56ded9

- when in test environment add a `X-Test-User` header to API requests that allows the mirage endpoints to check the logged in user without having to cross boundaries into the application or test contexts
2022-10-03 14:59:16 +01:00
Kevin Ansfield
a934481f45 Fixed @sentry/browser imports
no issue

- needed for embroider compatibility
- the package we have installed is `@sentry/ember` not `@sentry/browser` so the imports fail when built by webpack
2022-09-24 13:28:35 +02:00
Kevin Ansfield
fa84808048 Dropped ember-cli-moment-shim dependency
no issue

Since `ember-moment@10.0` it's not been necessary to use the `ember-cli-moment-shim` package, with `moment` instead being usable directly via `ember-auto-import`. Getting rid of the shim package is necessary for compatibility with `embroider`, Ember's new build tooling.

- dropped `ember-cli-moment-shim` dependency
- added `moment-timezone` dependency and updated all imports to reflect the different package
- worked around `ember-power-calendar` having `ember-cli-moment-shim` as a sub-dependency
  - added empty in-repo-addon `ember-power-calendar-moment` to avoid `ember-power-calendar` complaining about a missing package
  - added `ember-power-calendar-utils` in-repo-addon that is a copy of `ember-power-calendar-moment` but without the build-time renaming of the tree for better compatibility with embroider
2022-09-24 13:28:23 +02:00
Naz
114b359ab7 Reverted Accept-Version header usage in Admin API communication
closes https://github.com/TryGhost/Toolbox/issues/222
refs https://github.com/TryGhost/Toolbox/issues/227
refs 74735ab59c
refs e23ae31e8f

- The usecases for the Accept-Version header have shown we should not be exposing the users of the clients we control to unnecessary notification about client-API incompatibility. Ghost-Admin is one of those clients that is always expected to be up to date with the version of Ghost it ships with, so the Accept-Version header should not be used here
2022-04-06 10:12:09 +08:00
Naz
74735ab59c Fixed the name of the version header
refs e23ae31e8f
refs https://github.com/TryGhost/Toolbox/issues/222

- In the referenced commit there was a mixup with the header naming used on the client. It should have been `Accept-Version` to start with. The `Content-Version` header will be returned from the server once there is logic attached to `Accept-Version` header processing
2022-03-08 11:36:46 +08:00
Naz
e23ae31e8f Added Content-Version header
refs https://github.com/TryGhost/Toolbox/issues/222

- Without Admin API versioning through URL, Content-Versioning header will be the best way to suggest an expected version of the resource (formatting). Having this header in place should minimize the ammount of breaking changes and would allow for the server to respond accordingly for a particular client version
2022-03-04 20:24:17 +07:00
Kevin Ansfield
c44766e8d3 Collapsed @service injection definitions to single-line style
no issue

- find+replace to make service injection style consistent and take up much less space at the top of files that used multi-line syntax
2022-02-03 19:04:43 +00:00
Gabriel Csapo
75a138cb39 [chore] Ran native classes codemod for app/services (#2240)
refs https://github.com/TryGhost/Admin/pull/2227

- a continuation of #2227 that runs the native classes codemod against app/services
2022-02-02 22:11:11 +00:00
Kevin Ansfield
a7dc63cfab Fixed tests
refs 8630be5a87

- referenced commit introduced an early return when invalidating session on a failed ajax request so that error alerts weren't shown when re-authenticating. This had an unintended side-effect of breaking invalidation when not re-authenticating and redirecting to signin screen
2021-07-14 12:55:23 +01:00
Kevin Ansfield
8630be5a87 🐛 Fixed re-authenticate modal not showing when saving in editor
closes https://github.com/TryGhost/Team/issues/865

Ghost now returns a forbidden error rather than an unauthorized error when saving whilst logged out so the session invalidation was not being triggered.

- added forbidden check to ajax service to trigger session invalidation
- added automatic retry of save in editor when re-authenticating
- fixed re-population of user and proxy services when re-authenticating, it's not needed at that point because nothing has been cleared
2021-07-14 12:28:09 +01:00
Kevin Ansfield
73d4ac8a26 Made server unreachable and maintenance error request retries application-wide
closes https://github.com/TryGhost/Team/issues/837

We previously added automatic retries to the editor controller for post saves; reviewing the resulting logs in Sentry we can see this stopped the "Server unreachable" error alerts showing to users because the requests typically succeeded on the first retry that was made 5 seconds later. However the problem is not limited to post saves and we can see other requests hitting the same issue, including when working in the editor such as adding embed cards, uploading images, or fetching member counts before publishing.

All of the API network requests we make in Admin run through an `ajax` service that makes and handles the request/response. By moving the retry logic for specific errors out of the editor controller and into the ajax service we can make temporary connection handling more graceful across the app.

- move retry behaviour from the editor controller to the `ajax` service so we can retry any request rather than just post save requests
- speed up retries so we reconnect as soon as possible
  - first retry at 500ms, then every 1000ms (previous was every 5s which meant overly long waits)
- reduce total retry time from >30s to 15s
- improve reporting to Sentry
  - report when a retry was required
  - report when a retry failed
  - include the total time taken for both success and failure reports
  - include the `server` header value from requests to distinguish between CDNs
  - include type of error so we can distinguish "server unreachable" from "maintenance" retries
2021-06-30 14:51:40 +01:00
Rishabh Garg
f068e40723 Added new members CSV importer (#1797)
no refs
depends on https://github.com/TryGhost/Ghost/pull/12472

The members CSV importer gets an overhaul and works with new importer module in members service, performing the import in a background job when the import will take too long to complete in a reasonable time and send an email with data on completion. Also includes updated CSV mapping UI and error handling to allow easier import from different type of exports.

Co-authored-by: Fabien O'Carroll <fabien@allou.is>
Co-authored-by: Peter Zimon <zimo@ghost.org>
2020-12-10 01:02:31 +05:30
Rish
59ce29e19a Added custom error message handling for newsletter email failures
refs https://github.com/TryGhost/Ghost/issues/11971

- Newsletter preview email request has been using hardcoded fixed error message
- Reads custom error message from server's API response to show when available
2020-07-17 13:54:31 +05:30
Rishabh Garg
d1cf671cbb Added upgrade modal for host member limits (#1428)
no issue

Uses 160ef2976a to add new upgrade popup for host limit errors while publishing/scheduling post with emails.
2019-12-17 19:27:42 +05:30
Kevin Ansfield
457a8e2955 🎨 Added auto-login to private site when viewing site preview in admin (#1286)
closes https://github.com/TryGhost/Ghost/issues/10995

- when first loading the site preview, if private mode is enabled submit the login form in the background to get the cookie before loading the iframe
- refactors post-authentication preloading to ensure it occurs before post-authentication route hooks are called
- adds `showSuccess` attribute to `<GhTaskButton>` so that when set to `false` it can stay in the running state after "success" to avoid state change flashes whilst waiting for a transition
2019-08-12 09:11:10 +01:00
Kevin Ansfield
e6d03e9904 Fixed deprecated computed().volatile() usage
no issue

- https://deprecations.emberjs.com/v3.x/#toc_computed-property-volatile
2019-05-07 14:54:41 +01:00
Kevin Ansfield
d0a834b477 🐛 Fixed missing error notification when attempting to activate an invalid theme
no issue
- updates error handling to work with new v2 error response formats
  - `.errorType` -> `.error`
  - `.errorDetails` -> `.details`
2019-03-25 11:32:29 +00:00
Kevin Ansfield
738823d8f8 Fixed "Authorization Failed" error screens when not logged in
no issue
- `/config/` can only be requested when authenticated
- updated `/config/` mock to look for an Authentication header and return a 403 if it's missing
- updated `ajax` service to add an `Authentication` header when authenticated in testing env (cookies are not present when testing)
- updated `config` service to add `fetchUnauthenticated()` and `fetchAuthenticated()` methods in addition to `.fetch()`
- updated `application` route to only fetch authenticated config when authenticated
- updated `signin` controller to correctly fetch config after sign-in
2019-02-26 10:38:00 +07:00
Fabien O'Carroll
3e5a62309f Use Admin API v2 with session auth (#1046)
refs #9865
- removed all `oauth2` and token-based ESA auth
- added new `cookie` authenticator which handles session creation
- updated the session store to extend from the `ephemeral` in-memory store and to restore by fetching the currently logged in user and using the success/failure state to indicate authentication state
  - ESA automatically calls this `.restore()` method on app boot
  - the `session` service caches the current-user query so there's no unnecessary requests being made for the "logged in" state
- removed the now-unnecessary token refresh and logout routines from the `application` route
- removed the now-unnecessary token refresh routines from the `ajax` service
- removed `access_token` query param from iframe file downloaders
- changed Ember Data adapters and `ghost-paths` to use the `/ghost/api/v2/admin/` namespace
2018-10-05 19:46:33 +01:00
Kevin Ansfield
a583b2587d Bumped ember-ajax dependency
no issue
- 3.1.1 moved to class syntax which had a knock-on effect with our custom error objects which also needed to be switched
2018-09-24 10:42:49 +01:00
Kevin Ansfield
f11cb2e491 Bump dependencies (#1003)
no issue
- bump deps with no major breaking changes
- bump yarn.lock sub-dependencies
- resolve deprecation warnings for removal of Authorizers in ember-simple-auth
2018-04-23 11:53:42 +01:00
Kevin Ansfield
ae759d39ea Fixed multiple 401s caused by token revocation requests
no issue
- disabled Ember Simple Auth's default token revocation
    - we trigger session invalidation on a 401 which means our token isn't valid so the revoke requests will also fail
- renamed application route's `invalidateSession` to `logout` in order to distinguish it from any ESA methods
    - added the token revocation requests to this action, we can be fairly sure at this point that the current tokens will be valid so the requests will succeed
- added check to `ajax.handleResponse` so that we don't invalidate the session for requests to external services
- removed pointless assertion from the ajax integration test
2018-04-16 17:55:21 +01:00
Kevin Ansfield
a85f5fae35 Switch to eslint-plugin-ghost extending plugin:ghost/ember
no issue
- fix lint errors in lib/gh-koenig
- fix ghost:base eslint errors
- update ember plugin refs, remove ember-suave plugin refs
- remove old jshint refs
- add `lint:js` script
- switch to `eslint-plugin-ghost` extending `plugin:ghost/ember`
2018-01-12 12:17:56 +00:00
Kevin Ansfield
3864584f74 Bump ember-ajax dependency (#902)
no issue
- upgrade `ember-ajax` to 3.0.0
- `ember-ajax` [now passes the payload through directly](https://github.com/ember-cli/ember-ajax/releases/tag/v3.0.0) rather than trying to normalize it so all our error handling needed to be updated
2017-11-03 22:59:39 +00:00
Kevin Ansfield
9adbcd1fd0 Match service/controller import to ember-modules-codemod style for consistency
no issue

Automated tools, code generators, and editor integrations are increasingly standardising on the import style used in `ember-modules-codemod`. Our import style differed a little with regards to service/controller injection imports which meant we were starting to see inconsistent naming.
2017-10-30 09:38:01 +00:00
Kevin Ansfield
fe034c7bf6 Fix caching headers 2017-08-24 14:36:31 +01:00
Kevin Ansfield
983110d931 Switched from ember-cli-shims to new module imports (#779)
no issue

- add eslint-plugin-ember, configure no-old-shims rule
- run `eslint --fix` on `app`, `lib`, `mirage`, and `tests` to move imports to the new module imports
- further cleanup of Ember globals usage
- remove event-dispatcher initializer now that `canDispatchToEventManager` is deprecated
2017-08-22 14:53:26 +07:00
Kevin Ansfield
cb59388c5b 💄🐷 sort-imports eslint rule (#712)
no issue

- adds `eslint-plugin-sort-imports-es6-autofix` dependency
  - implements ESLint's base `sort-imports` rule but has a distinction in that `import {foo} from 'bar';` is considered `multiple` rather than `single`
  - fixes ESLint's autofix behaviour so `eslint --fix` will actually fix the sort order
- updates all unordered import rules by using `eslint --fix`

With the increased number of `import` statements since Ember+ecosystem started moving towards es6 modules I've found it frustrating at times trying to search through randomly ordered import statements. Recently I've been sorting imports manually when I've added new code or touched old code so I thought I'd add an ESLint rule to codify it.
2017-05-29 20:50:03 +02:00
Kevin Ansfield
e74e2e039e Update code to match eslint rules
no issue
- switch `jscs` and `jshint` inline config to `eslint` config
- fix eslint errors, predominantly in tests where the config now the main app config more closely
2016-11-14 13:26:00 +00:00
Kevin Ansfield
a224154420 attempt expired session restore on network request (#327)
refs TryGhost/Ghost#5202

We can get into a situation where the app is left open without a
network connection and the token subsequently expires, this will
result in the next network request returning a 401 and killing the
session. This is an attempt to detect that and restore the session
using the stored refresh token before continuing with the request

- wrap ajax requests in a session restore request if we detect an expired `access_token`
2016-10-17 15:32:22 +02:00
Kevin Ansfield
ad656a6f10 🐛 fix file uploads (#301)
no issue
- pin `ember-ajax` on a version that contains related fixes (https://github.com/ember-cli/ember-ajax/issues/147)
- update our `ajax` service so that it defaults to `application/json` content-type rather than forcing it
2016-10-03 13:08:23 -05:00
Kevin Ansfield
43bf325800 use ember-ajax in place of ember-data's networking (#283)
closes #7014
- uses the `AjaxServiceSupport` mixin from `ember-ajax` to replace Ember Data's internal `ajax` method with our own ajax service
- normalizes all error handling to use `ember-ajax` style errors
- default to the `application/vnd.api+json` content-type so that we don't have a mix of urlencoded and plain JSON content
- fix `normalizeErrorResponse` in our `ajax` service so that it doesn't add an empty `errors` array to payloads
2016-09-26 11:59:04 -05:00
Kevin Ansfield
166fce1e63 deps: ember-ajax@2.5.1 (#282)
no issue
- update ember-ajax to 2.5.1
- replace custom error checking in setup/two with ember-ajax's `isInvalidError`
- update error normalisation and associated parsing tests to ensure all error types result in the same object structure
2016-09-26 08:07:18 -05:00
Kevin Ansfield
926f0283b5 detailed theme validation errors (#226)
no issue
- display the detailed validation errors that we get back from gscan so that users know how to fix their themes
2016-08-24 20:22:20 +02:00
Kevin Ansfield
3c92c171f9 "503 Maintenance" error handling
refs https://github.com/TryGhost/Ghost/issues/6976
- adds custom `MaintenanceError` and associated error checking functions
- updates app route and notifications service to handle `503` errors via the `upgrade-status` service
2016-07-08 15:17:26 +01:00
Kevin Ansfield
eb2a0359cf Refactor error handling
closes https://github.com/TryGhost/Ghost/issues/6974
- update "change password" fields/process to use inline validations
- remove `notifications.showErrors` and update all uses of it to `showAPIError`
- display multiple API errors as alerts rather than toaster notifications
- refactor `notifications.showAPIError`
  - remove `notifications.showErrors`, use a loop in `showAPIError` instead
  - properly determine the message from `AjaxError` or `AdapterError` objects
  - determine a unique key if possible so that we don't lose multiple different alerts
- add `ServerUnreachable` error for when we get a status code of 0 (eg, when the ghost service has been shut down)
- simplify error messages for our custom ajax errors
2016-07-08 15:16:54 +01:00
Kevin Ansfield
b4cdc85a59 "400 Version Mismatch" error handling
refs https://github.com/TryGhost/Ghost/issues/6949

Handle version mismatch errors by:
- displaying an alert asking the user to copy any data and refresh
- disabling navigation so that unsaved data is not accidentally lost

Detailed changes:
- add `error` action to application route for global route-based error handling
- remove 404-handler mixin, move logic into app route error handler
- update `.catch` in validation-engine so that promises are rejected with the
  original error objects
- add `VersionMismatchError` and `isVersionMismatchError` to ajax service
- add `upgrade-status` service
  - has a method to trigger the alert and toggle the "upgrade required" mode
  - is injected into all routes by default so that it can be checked before
    transitioning
- add `Route` override
  - updates the `willTransition` hook to check the `upgrade-status` service
    and abort the transition if we're in "upgrade required" mode
- update notifications `showAPIError` method to handle version mismatch errors
- update any areas where we were catching ajax errors manually so that the
  version mismatch error handling is obeyed
- fix redirect tests in editor acceptance test
- fix mirage's handling of 404s for unknown posts in get post requests
- adjust alert z-index to to appear above modal backgrounds
2016-07-08 14:56:26 +01:00
Austin Burdine
f53c7dfc88 convert ember imports to ember-cli-shim imports where possible (#95) 2016-06-30 11:21:47 +01:00
Kevin Ansfield
39a09ca28a Fix auth header caching in ajax service
closes https://github.com/TryGhost/Ghost/issues/6884
- mark the `headers` method in the ajax service as "volatile" - it's dependent key was causing the auth headers to be cached on first use which would then cause 401 errors once the token had been refreshed externally

It would also be possible to add `session.authenticated.access_token` as a dependent key but the code-path and usage are minimal so I believe `.volatile()` is preferable as it means that it's not tied directly to the authorizer implementation.
2016-06-13 11:40:08 +01:00
Kevin Ansfield
0c79ff3365 deps: ember-ajax@2.4.1
no issue
- update ember-ajax
- update error handling to match recommended approach
- update error normalization for handling a returned array of strings
2016-06-06 11:54:15 +01:00
Kevin Ansfield
d53ef125e0 Update package.json details, rename module to ghost-admin
no issue
- updates `package.json` details to better reflect the separation from the `Ghost` package
- update ember config and all import statements to reflect the new `ghost-admin` module name in `package.json`
2016-06-03 16:12:54 +01:00
Kevin Ansfield
4cc4781b3e Add version header to API requests
no issue
- modifies the version info included in `env.APP.version` to only include the `major.minor` version numbers
- update base adapter to include `X-Ghost-Version` header
- update `ajax` service to include `X-Ghost-Version` header
2016-06-03 11:53:29 +01:00
Kevin Ansfield
e8c337f3f6 Improve gh-profile-image tests for #6640
refs #6640
- add `NotFoundError` to ajax service and test against that when catching errors in `gh-profile-image`
- don't use `passthrough` in Mirage for gravatar requests to avoid network calls during testing
- add additional tests for `gh-profile-image` and put the debounced gravatar test back in place
2016-05-09 22:14:12 +02:00
Kevin Ansfield
62553cdf92 Replace jQuery-based uploader.js with ember components
no issue
- adds `gh-image-uploader` that handles image uploads in a fully ember fashion and with no dependency on `uploader.js`
- adds `gh-image-uploader-with-preview` that can fully replace the old `gh-uploader`
- replace uses of `gh-uploader` in PSM & TSM with `gh-image-uploader-with-preview`
- updates the editor preview image handling to use the new `gh-image-uploader-with-preview` component
- updates the image upload modal to use `gh-image-uploader` (utilises the `saveButton=false` flag which means the preview has to be handled externally to avoid auto-replacement when typing a URL)
- removes all old `uploader.js` related code
- adds custom `RequestEntityTooLargeError` and `UnsupportedMediaTypeError` errors to our `ajax` service
2016-04-05 12:03:20 +01:00
Kevin Ansfield
0e603eb3d3 Don't swallow error details in ajax service
no issue
- keep the original `ember-ajax` behaviour rather than returning `false` when we hit an ajax error - we should only be using `normalizeErrorResponse` to normalize our error responses 😉
- ensures our application code has access to the returned status code for ajax errors
2016-04-04 14:19:05 +01:00
Austin Burdine
8ff1a6954c deps: ember-ajax@0.7.1 2016-01-18 09:37:14 -06:00