closes https://github.com/TryGhost/Ghost/issues/10995
- when first loading the site preview, if private mode is enabled submit the login form in the background to get the cookie before loading the iframe
- refactors post-authentication preloading to ensure it occurs before post-authentication route hooks are called
- adds `showSuccess` attribute to `<GhTaskButton>` so that when set to `false` it can stay in the running state after "success" to avoid state change flashes whilst waiting for a transition
no issue
- `/config/` can only be requested when authenticated
- updated `/config/` mock to look for an Authentication header and return a 403 if it's missing
- updated `ajax` service to add an `Authentication` header when authenticated in testing env (cookies are not present when testing)
- updated `config` service to add `fetchUnauthenticated()` and `fetchAuthenticated()` methods in addition to `.fetch()`
- updated `application` route to only fetch authenticated config when authenticated
- updated `signin` controller to correctly fetch config after sign-in
refs #9865
- removed all `oauth2` and token-based ESA auth
- added new `cookie` authenticator which handles session creation
- updated the session store to extend from the `ephemeral` in-memory store and to restore by fetching the currently logged in user and using the success/failure state to indicate authentication state
- ESA automatically calls this `.restore()` method on app boot
- the `session` service caches the current-user query so there's no unnecessary requests being made for the "logged in" state
- removed the now-unnecessary token refresh and logout routines from the `application` route
- removed the now-unnecessary token refresh routines from the `ajax` service
- removed `access_token` query param from iframe file downloaders
- changed Ember Data adapters and `ghost-paths` to use the `/ghost/api/v2/admin/` namespace
no issue
- bump deps with no major breaking changes
- bump yarn.lock sub-dependencies
- resolve deprecation warnings for removal of Authorizers in ember-simple-auth
no issue
- disabled Ember Simple Auth's default token revocation
- we trigger session invalidation on a 401 which means our token isn't valid so the revoke requests will also fail
- renamed application route's `invalidateSession` to `logout` in order to distinguish it from any ESA methods
- added the token revocation requests to this action, we can be fairly sure at this point that the current tokens will be valid so the requests will succeed
- added check to `ajax.handleResponse` so that we don't invalidate the session for requests to external services
- removed pointless assertion from the ajax integration test
no issue
- upgrade `ember-ajax` to 3.0.0
- `ember-ajax` [now passes the payload through directly](https://github.com/ember-cli/ember-ajax/releases/tag/v3.0.0) rather than trying to normalize it so all our error handling needed to be updated
no issue
Automated tools, code generators, and editor integrations are increasingly standardising on the import style used in `ember-modules-codemod`. Our import style differed a little with regards to service/controller injection imports which meant we were starting to see inconsistent naming.
no issue
- add eslint-plugin-ember, configure no-old-shims rule
- run `eslint --fix` on `app`, `lib`, `mirage`, and `tests` to move imports to the new module imports
- further cleanup of Ember globals usage
- remove event-dispatcher initializer now that `canDispatchToEventManager` is deprecated
no issue
- adds `eslint-plugin-sort-imports-es6-autofix` dependency
- implements ESLint's base `sort-imports` rule but has a distinction in that `import {foo} from 'bar';` is considered `multiple` rather than `single`
- fixes ESLint's autofix behaviour so `eslint --fix` will actually fix the sort order
- updates all unordered import rules by using `eslint --fix`
With the increased number of `import` statements since Ember+ecosystem started moving towards es6 modules I've found it frustrating at times trying to search through randomly ordered import statements. Recently I've been sorting imports manually when I've added new code or touched old code so I thought I'd add an ESLint rule to codify it.
no issue
- switch `jscs` and `jshint` inline config to `eslint` config
- fix eslint errors, predominantly in tests where the config now the main app config more closely
refs TryGhost/Ghost#5202
We can get into a situation where the app is left open without a
network connection and the token subsequently expires, this will
result in the next network request returning a 401 and killing the
session. This is an attempt to detect that and restore the session
using the stored refresh token before continuing with the request
- wrap ajax requests in a session restore request if we detect an expired `access_token`
no issue
- pin `ember-ajax` on a version that contains related fixes (https://github.com/ember-cli/ember-ajax/issues/147)
- update our `ajax` service so that it defaults to `application/json` content-type rather than forcing it
closes#7014
- uses the `AjaxServiceSupport` mixin from `ember-ajax` to replace Ember Data's internal `ajax` method with our own ajax service
- normalizes all error handling to use `ember-ajax` style errors
- default to the `application/vnd.api+json` content-type so that we don't have a mix of urlencoded and plain JSON content
- fix `normalizeErrorResponse` in our `ajax` service so that it doesn't add an empty `errors` array to payloads
no issue
- update ember-ajax to 2.5.1
- replace custom error checking in setup/two with ember-ajax's `isInvalidError`
- update error normalisation and associated parsing tests to ensure all error types result in the same object structure
refs https://github.com/TryGhost/Ghost/issues/6976
- adds custom `MaintenanceError` and associated error checking functions
- updates app route and notifications service to handle `503` errors via the `upgrade-status` service
closes https://github.com/TryGhost/Ghost/issues/6974
- update "change password" fields/process to use inline validations
- remove `notifications.showErrors` and update all uses of it to `showAPIError`
- display multiple API errors as alerts rather than toaster notifications
- refactor `notifications.showAPIError`
- remove `notifications.showErrors`, use a loop in `showAPIError` instead
- properly determine the message from `AjaxError` or `AdapterError` objects
- determine a unique key if possible so that we don't lose multiple different alerts
- add `ServerUnreachable` error for when we get a status code of 0 (eg, when the ghost service has been shut down)
- simplify error messages for our custom ajax errors
refs https://github.com/TryGhost/Ghost/issues/6949
Handle version mismatch errors by:
- displaying an alert asking the user to copy any data and refresh
- disabling navigation so that unsaved data is not accidentally lost
Detailed changes:
- add `error` action to application route for global route-based error handling
- remove 404-handler mixin, move logic into app route error handler
- update `.catch` in validation-engine so that promises are rejected with the
original error objects
- add `VersionMismatchError` and `isVersionMismatchError` to ajax service
- add `upgrade-status` service
- has a method to trigger the alert and toggle the "upgrade required" mode
- is injected into all routes by default so that it can be checked before
transitioning
- add `Route` override
- updates the `willTransition` hook to check the `upgrade-status` service
and abort the transition if we're in "upgrade required" mode
- update notifications `showAPIError` method to handle version mismatch errors
- update any areas where we were catching ajax errors manually so that the
version mismatch error handling is obeyed
- fix redirect tests in editor acceptance test
- fix mirage's handling of 404s for unknown posts in get post requests
- adjust alert z-index to to appear above modal backgrounds
closes https://github.com/TryGhost/Ghost/issues/6884
- mark the `headers` method in the ajax service as "volatile" - it's dependent key was causing the auth headers to be cached on first use which would then cause 401 errors once the token had been refreshed externally
It would also be possible to add `session.authenticated.access_token` as a dependent key but the code-path and usage are minimal so I believe `.volatile()` is preferable as it means that it's not tied directly to the authorizer implementation.
no issue
- update ember-ajax
- update error handling to match recommended approach
- update error normalization for handling a returned array of strings
no issue
- updates `package.json` details to better reflect the separation from the `Ghost` package
- update ember config and all import statements to reflect the new `ghost-admin` module name in `package.json`
no issue
- modifies the version info included in `env.APP.version` to only include the `major.minor` version numbers
- update base adapter to include `X-Ghost-Version` header
- update `ajax` service to include `X-Ghost-Version` header
refs #6640
- add `NotFoundError` to ajax service and test against that when catching errors in `gh-profile-image`
- don't use `passthrough` in Mirage for gravatar requests to avoid network calls during testing
- add additional tests for `gh-profile-image` and put the debounced gravatar test back in place
no issue
- adds `gh-image-uploader` that handles image uploads in a fully ember fashion and with no dependency on `uploader.js`
- adds `gh-image-uploader-with-preview` that can fully replace the old `gh-uploader`
- replace uses of `gh-uploader` in PSM & TSM with `gh-image-uploader-with-preview`
- updates the editor preview image handling to use the new `gh-image-uploader-with-preview` component
- updates the image upload modal to use `gh-image-uploader` (utilises the `saveButton=false` flag which means the preview has to be handled externally to avoid auto-replacement when typing a URL)
- removes all old `uploader.js` related code
- adds custom `RequestEntityTooLargeError` and `UnsupportedMediaTypeError` errors to our `ajax` service
no issue
- keep the original `ember-ajax` behaviour rather than returning `false` when we hit an ajax error - we should only be using `normalizeErrorResponse` to normalize our error responses 😉
- ensures our application code has access to the returned status code for ajax errors
