Commit Graph

429 Commits

Author SHA1 Message Date
Sebastian Gierlinger
d3c641ea31 Make session expiry less arsey
closes #2171
- added authentication middleware
- removed authentication from routes
- moved authentication before CSRF validation
- moved caching rules before authentication
- changed/added test
2014-02-14 11:00:11 +01:00
Gabor Javorszky
212711d896 Added package.js support for themes (and plugins)
Closes #2081
* Amended require-tree to populate availableThemes and availablePlugins to use full file names (`basename.ext`) as keys instead of just basename. This way `image.jpg`, `image.png`, `image.gif` won't overwrite the `image` key.
* Amended require-tree to allow package.json file parsing to return the contents of the file as json on the `package.json` key.
* settings api populates theme data `package` if it exists. Otherwise it assigns `false` to it
* `general.hbs` (salute) was reworked to if there is the package key on the theme is not false, it will use the `name` and `version` keys of that. You can break it by not having a `name` or `version` in the package.json file.
* Added error and warning messages for package.json file parse errors and misses
2014-02-13 23:57:58 +00:00
Fabian Becker
1124d9e4c0 Helper updates for Tag Pages
fixes #2112
refs #1833

- modified config.urlFor to handle tag pages

- modified {{#tags}} handlebars helper to autolink to
  tag pages. Additional autolink="false" parameter can
  be used to deactivate autolinking

- modified url handlebars helper to handle tags

- added isTag function to schema

- added unit test for additional urlFor functionality

- added unit test for {{#tags}} helper modifications

- added unit test for url handlebards helper
2014-02-13 18:32:08 +01:00
Hannah Wolfe
d790a504a3 Ensure filters get default priority if priority is null
- null priority should be set to the default
- second part to 86619cb087
2014-02-10 18:14:47 +00:00
Hannah Wolfe
b04c0bb83c Merge pull request #2116 from hswolff/permalink-upgrade
Adds support for additional permalink structures
2014-02-10 18:05:43 +00:00
Harry Wolff
b066e732dd Adds support for additional permalink structures
fixes #2057

- uses express’ Route object to create RegExp’s
 that we use to check the incoming path
- refactored structure of fronted controller single
 tests to be easier to read
- amend regex to incorporate new allowed permalink
 structure
2014-02-10 12:07:43 -05:00
Fabian Becker
3993b676b6 Rename unregisterFilter to deregisterFilter
fixes #2167
- Rename functions
- Adjust tests
2014-02-10 12:44:07 +00:00
Fabian Becker
3950c8b30a Fix for broken filters where this context was lost.
fixes #2157
- Change tests to only check for existance
- Properly bind helpers/filters to their instance
2014-02-10 01:45:24 +01:00
Hannah Wolfe
3c5b931432 Merge pull request #2099 from jgable/appDependencies
Install App Dependencies
2014-02-09 12:47:46 +00:00
Jacob Gable
e3affff713 Install App Dependencies
- Spawns an npm install command from the App root
- Has some special OS checks for windows command spawning
2014-02-08 16:58:13 -06:00
Hannah Wolfe
d28d65bf5e Merge pull request #1818 from hswolff/config-file-option
Adds ability to pass in configFile path when loading ghost as a npm module
2014-02-08 22:37:09 +00:00
Fabian Becker
f468b464a6 Allow HTML inside tag prefix/suffix
closes #2123
- Return hbs.Safestring
- Manually escape joined tags
- Added test
2014-02-08 22:27:36 +01:00
Harry Wolff
9dd543231b Adds ability to pass in configFile path when loading
ghost as a npm module

- modifies main script file to allow it to
take in an options object that currently
supports an express instance or a config file path

- added tests
2014-02-08 10:41:15 -05:00
Aia Patag
4e5c624d9f Updated downsize to 0.0.5
closes #2106
- downsize 0.0.5 contains the fix to accept single quote found inside a double-quote string or vice-versa
- created unit tests to properly check this scenario
2014-02-08 15:13:33 +00:00
Hannah Wolfe
37b7907c09 Merge pull request #1858 from hswolff/improve-bootstrap-flow
Improve bootstrap flow of a Ghost application
2014-02-08 14:36:29 +00:00
Harry Wolff
f16dc290b7 Improve bootstrap flow of a Ghost application
addresses #1789, #1364

- Moves ./core/server/loader -> ./core/bootstrap.
The bootstrap file is only accessed once during startup,
and it’s sole job is to ensure a config.js file exists
(creating one if it doesn’t) and then validates
the contents of the config file.

Since this is directly related to the initializing 
the application is is appropriate to have 
it in the ./core folder, named bootstrap as that
is what it does.

This also improves the dependency graph, as now
the bootstrap file require’s the ./core/server/config
module and is responsible for passing in the validated
config file.

Whereas before we had ./core/server/config
require’ing ./core/server/loader and running its
init code and then passing that value back to itself,
the flow is now more straight forward of
./core/bootstrap handling initialization and then
instatiation of config module

- Merges ./core/server/config/paths into 
./core/server/config
This flow was always confusing me to that some config
options were on the config object, and some were on
the paths object.

This change now incorporates all of the variables
previously defined in config/paths directly
into the config module, and in extension,
the config.js file.

This means that you now have the option of deciding
at startup where the content directory for ghost
should reside.

- broke out loader tests in config_spec to bootstrap_spec

- updated all relevant files to now use config().paths

- moved urlFor and urlForPost function into 
 ./server/config/url.js
2014-02-07 17:34:21 -05:00
Hannah Wolfe
0dc0a9bb7c Merge pull request #2126 from aiampogi/issue-2114-rssFeeds
Removed author tag inside channel tag in RSS
2014-02-07 11:52:41 +00:00
Fabian Becker
bb4e48bf50 Removed mailto auto-linking.
fixes #1617
- Removed test
- Removed auto-linking from showdown gfm extension
2014-02-06 15:34:13 +00:00
John-David Dalton
6eab7b3f92 Replace underscore with lodash. 2014-02-06 14:08:34 +00:00
Hannah Wolfe
ca01b732b2 Fixing App unit test on Windows
- switched test from exact string to regex to match both types of paths
2014-02-06 11:58:58 +00:00
balduv
eadbf7dffb Removed author tag inside channel tag in RSS
closes #2114
- instead of putting author in feedOptions of node-rss, it was moved to itemOptions
- supplying author: user ? user.name : null in itemOptions will still result to creating a dc:creator tag inside item tags so the info needed to have the author is still there like before
- node-rss should however still fix this quirk to not have that nasty author tag in channel tag when you supply author in feedOptions
2014-02-05 13:59:07 +08:00
Jacob Gable
c7713c1d27 Load Apps Sandboxed
- Based on suggestions from hswolff loading with a Module class approach
- Loads relative modules in child sandboxes
2014-02-04 15:46:31 -06:00
Hannah Wolfe
c2bb793c36 Merge pull request #2052 from Borkason/patch-1
Fix dash-to-triple-hyphen replacement in generateSlug function.
2014-01-28 12:38:20 -08:00
Daniel Niccoli
d092b4ecd2 Altered integration test to cover dashes in slug 2014-01-28 21:27:05 +01:00
Hannah Wolfe
be9afc439c Merge branch '0.4-maintenance' 2014-01-28 09:25:38 +00:00
Hannah Wolfe
b9e426478d Add body class if update is available
issue #1995
2014-01-27 21:24:53 +00:00
Hannah Wolfe
199a92d9cb Merge branch '0.4-maintenance'
Conflicts:
	core/server/config/paths.js
	core/test/unit/config_spec.js
2014-01-26 16:11:02 +00:00
Hannah Wolfe
b0345b6238 Merge pull request #2024 from jgillich/0.4-maintenance
Use absolute path when storing images
2014-01-26 02:45:24 -08:00
Jakob Gillich
1ee70e3849 Use absolute path when storing images
closes #1983
2014-01-24 16:16:57 +01:00
John O'Nolan
7ebd104f3f Rename 'plugins' to 'apps'
Fixes #1988
2014-01-21 15:45:27 +07:00
Hannah Wolfe
2aa7288777 Merge pull request #1948 from sebgie/issue#1932-1
Fix display update notification
2014-01-20 07:24:02 -08:00
Hannah Wolfe
39b9c1cf6b Merge pull request #1927 from schneidmaster/fix-1907
Fixed issue with adding multiple new tags to a post
2014-01-20 06:04:59 -08:00
Hannah Wolfe
6c222df83d Merge pull request #1956 from jaswilli/issue-1782
Show message and don't start if javascript files have not been built
2014-01-20 05:59:01 -08:00
Hannah Wolfe
f185a5d616 General cleanup
- Cleanup some todos, comments, and unused variables
2014-01-19 21:08:39 +00:00
Jason Williams
d7c3dbb17e Show message and don't start if javascript files have not been built
fixes #1782
- added builtFilesExist function to check for files during startup.
  If built files do not exist Ghost startup is stopped and a link
  to the documentation is displayed.
- exported a scriptFiles object from server/helpers.
- added a builtScriptPath to the paths module.
- removed "js-msg" about missing javascript from the UI.
2014-01-15 19:10:43 +00:00
Hannah Wolfe
c1290d77a6 Merge pull request #1954 from ErisDS/issue-1498
Adding case-insensitive User.getByEmail method
2014-01-15 05:57:58 -08:00
Sebastian Gierlinger
03cbc89a53 Fix posts.html and posts.markdown field type
closes #1947
- added fieldtype: medium for posts.html
- changed fieldtype: medium for posts.markdown
- added method to fix databases created with wrong field type
- added tests for database version 002
2014-01-15 14:29:23 +01:00
Hannah Wolfe
6098b83152 Adding case-insensitive User.getByEmail method
fixes #1498

- emails are no longer converted to lowercase, local mailbox can validly
  be mixed case
- getByEmail uses JS to compare emails to ensure we can support unicode
- tests that users can be retrieved by their email address with case
  insensitivity
2014-01-15 10:39:40 +00:00
Sebastian Gierlinger
fd4f3051e6 Fix display update notification
closes #1932

- added showUpdateNotification with version check
- added temp workaround for boolean values in database
- changed default value from false to null
- updated tests
2014-01-14 20:46:36 +01:00
Zach Schneider
fa7bd62857 Fixed issue with adding multiple new tags to a post
Fixes #1907

Refactored `updateTags` to correct a loop issue where the `insert`
method was mistakingly being passed rather than `update`, triggering a
duplicate PK SQL error.
2014-01-13 09:29:40 -05:00
Hannah Wolfe
9f0dea0559 Minor fixes to asset helper and tests
no issue

- asset helper ignores it if theme devs specify the asset dir
- asset helper strips leading slashes
- static asset tests were wrong
2014-01-12 21:48:34 +00:00
Hannah Wolfe
3dea6431df Ensure cookies are only ever set for admin
fixes #1901

- Adds a trailing slash to the cookie path
- Resolves random log-outs
- Adds a test which proves the case
2014-01-12 17:08:48 +00:00
nicovalencia
e8746a2375 Add rss to the list of reserved post titles/slugs.
closes #1880
- added `rss` to core/server/models `generateSlug` reserved keywords
- added integration test for safe slug generation to core/test/integration/model/model_posts_spec.js
2014-01-07 17:30:53 -07:00
Hannah Wolfe
dcf4b1e4e4 Add update notifications
closes #1464

- adds opt-out via updateCheck:false in config.js
- update check is done on admin index, but doesn't interfere with rendering
- adds update check module, which gets the usage data, makes the request and handles the response
- adds two new settings to default-settings, one for next check time, and one for whether to show the notification
- adds a new rejectError method to errorHandling
- adds a new helper for displaying the notification

Conflicts:
	core/server/helpers/index.js
	core/test/unit/server_helpers_index_spec.js
2014-01-07 08:20:08 +00:00
Hannah Wolfe
3f9b0fa618 Disable xss santization
issue #1378
fixes #1328

- xss santization does some odd things. This isn't needed until we have multi-user support, and we are investigating better solutions.
2014-01-06 20:17:20 +00:00
Hannah Wolfe
af6137248d New URL helper - URL consistency fixes
fixes #1765
fixes #1811
issue #1833

New UrlFor functions

- moved body of url helper to config.path.urlFor, which can generate a URL for various scenarios
- urlFor can take a string (name) or object (relativeUrl: '/') as the first
  argument - this is the first step towards issue #1833
- also added config.path.urlForPost which is async and handles getting
  permalink setting
- frontend controller, ghost_head helper, cache invalidation all now use
  urlFor or urlForPost all urls should be correct and consistent

URL Consistency Improvements

- refactored invalidateCache into cacheInvalidationHeader which returns a
  promise so that url can be generated properly by urlForPost
- moved isPost from models to schema, and refactored schema to have a tables object
- deleted posts now return the whole object, not just id and slug,
  ensuring cache invalidation header can be set on delete
- frontend controller rss and archive page redirects work properly with subdirectory
- removes {{url}} helper from admin and client, and replaced with adminUrl
  helper which also uses urlFor
- in res.locals ghostRoot becomes relativeUrl, and path is removed
2014-01-06 15:15:48 +00:00
Hannah Wolfe
05dd48feb7 Improving regexes in functional tests
- being more explicit about what resources we expect to load after saving
  a post
- should prevent #1839 from failing tests
2014-01-05 21:10:48 +00:00
Hannah Wolfe
3937c1bf0e Merge pull request #1821 from schneidmaster/fix-1791
Modified github.js to ensure __ is not escaped at the beginning of a line
2014-01-04 11:13:37 -08:00
Hannah Wolfe
d51e63c7b7 Merge pull request #1840 from hswolff/fix-content-helper
Fix {{content words=“0”}} to actually return 0 words
2014-01-04 08:45:26 -08:00
Hannah Wolfe
9f17361bf5 Merge pull request #1831 from schneidmaster/fix-1827
Added handling for undefined errors and test coverage
2014-01-04 08:42:02 -08:00
Harry Wolff
0a2c8248b9 Fix {{content words=“0”}} to actually return 0 words
fixes #1796

- adds in a workaround to the weirdness that currently
exists in downsize module
- adds tests
2014-01-04 00:30:52 -05:00
Harry Wolff
ab80a132f3 Adds ability to quickly get to post’s edit page
fixes #1810

- updates frontend.single route to accept ‘edit’
as the last param

- updates controller.frontend to handle redirection
only when we would otherwise have rendered the page

- added unit tests for this behavior
2014-01-03 18:16:00 -05:00
Zach Schneider
044af51267 Added handling for undefined errors and test coverage
Fixes #1827
2014-01-03 15:07:08 -05:00
Zach Schneider
a79597d8b3 Modified github.js to ensure __ isn't escaped at beginning of line
fixes #1791
2014-01-03 09:45:40 -05:00
Hannah Wolfe
a50f5e1b9d Merge pull request #1815 from ErisDS/more-tests
Error handling simplification & test improvements
2014-01-02 18:13:27 -08:00
Harry Wolff
20055157ef Fixes admin session cookie test
- Currently the test is taking the response date
which is in UTC and passes it through moment()
which by default parses input as local time.  We
then add 12 hours to this now local time
and when compared against the response set-cookie
header the time spread is wrong.

- To fix we’re parsing the response date with
moment.utc which parses the date in UTC.
2014-01-02 21:06:23 -05:00
Hannah Wolfe
495b7b7f05 Error handling simplification & test improvements
fixes #1266

- simplifies the check for if a theme has an error template
- adds more / better tests for error handling
2014-01-02 21:03:37 +00:00
Hannah Wolfe
1925fa0196 Cache control headers & query string asset management
closes #1470
issue #1405

- added cache control middleware
- added defaults for all routes, assets, etc
- updated asset helper to add a query string with a timestamp hash to all assets
- added unit tests for asset and ghostScriptTags helpers
- added cache-control checks to route tests
2014-01-02 12:14:33 +00:00
Hannah Wolfe
16acba5628 Merge pull request #1805 from ErisDS/route-tests
Route tests
2014-01-01 09:05:21 -08:00
Hannah Wolfe
a697a631c2 Route tests
issue #1773

- Adds functional tests for frontend routing
- Tests the request-response contract
- Requires db access at the moment
- Tests #1790
2014-01-01 16:18:03 +00:00
Hannah Wolfe
834cb73613 Date permalinks use published date
fixes #1803

- switches date permalinks from created_at to published_at
- enforces that the post will ONLY render if the date is valid and correct
2014-01-01 15:28:59 +00:00
Hannah Wolfe
a2a606a920 Functional test debugging & improvements
issue #1702
2014-01-01 14:52:49 +00:00
Hannah Wolfe
bfe80da54a Enforce 2-digit dates in permalinks
fixes #1800

- changed permalink regex to require 4/2/2/slug
- changed url helper to enforce the same
- changed permalink toggle to set a specific state, this means the
  functional tests are independent again
- chnaged permalink toggle to wait for the settings page to load
- change as many frontend tests to not login as possible
2014-01-01 11:39:19 +00:00
Harry Wolff
91ca4a43e5 Fix routing of posts and static pages
closes #1757 and #1773

- switches routes.frontend for posts and pages
to use a regex with two capturing groups.  This removes
the need to dynamically remove an express route at a
later point, leaving the decision making to frontend
controller.

- added unit tests for all routing conditions that 
can arise for posts and pages.

- updated functional tests to also test for same thing
in unit tests

- removes old code from server/api/index that used
to fix this issue, but is no longer needed

- removed some un-needed require statements in routes/admin
2013-12-30 02:04:46 -05:00
Hannah Wolfe
e2325dc969 Don't allow a subdirectory called Ghost
fixes #1755

- adds extra validation to config loader
- adds tests for config loader and validation
2013-12-30 01:04:29 +00:00
Hannah Wolfe
ab0ecf65db Merge pull request #1785 from markberger/1777-rss-with-dated-permalinks
RSS uses correct links when dated permalinks are enabled
2013-12-29 16:52:17 -08:00
Hannah Wolfe
158b92cc55 Fixing notifications on ugly debug page
- also fixes an issue where the debug tools didn't redirect properly when Ghost was operating in a subdirectory.
2013-12-30 00:00:43 +00:00
Mark Berger
0b8fbbb68a RSS uses correct links when dated permalinks are enabled
closes #1777
- Uses coreHelpers.url to resolve post url instead of assuming it is siteUrl + post.slug
- Functional feed tests now check for content instead of just rss tags
2013-12-29 17:13:38 -05:00
Hannah Wolfe
d50354dde3 Update import tool to be safe
closes #1681

- import doesn't override user credentials
- import doesn't override theme
- import doesn't kill session
- import does refresh the settings cache
- updated tests, they now use a fixture instead of a generated export
- tests check to ensure import is safe
2013-12-29 13:23:23 +00:00
Hannah Wolfe
64cf2b1b24 Merge pull request #1759 from hswolff/fix-import-updated-at
Allows disabling of timestamps when importing posts
2013-12-28 11:41:05 -08:00
Hannah Wolfe
a8e987ec6c Shared folder asset handling
fixes #1659, fixes #1668

- removed relative asset url from css
- added asset helper to client
- updated references to shared assets
- added functional tests
2013-12-28 18:29:33 +00:00
Hannah Wolfe
755ad934bf Path, url and subdir cleanup & test
issue #1754

- remove path (it was only used once, and not needed)
- change webroot to subdir
- add unit tests for config.paths
- various other cleanup
- renamed client-side ghostRoot to subdir
- added url helper for client
2013-12-28 16:09:56 +00:00
Harry Wolff
32528de4a4 Allows disabling of timestamps when importing posts
fixes #1696

- this is a temp workaround until full fledged support
is added directly to bookshelfjs
- when importing we use the import json blob’s timestamps
as the value that’s set in the DB 
- added tests for this change
2013-12-26 15:29:16 -05:00
Hannah Wolfe
8892b755d5 Adds URL back into theme config
fixes #1749

- pass config().url into theme.update
- rename paths functions to match theme function
- adds tests for theme config
- We should probably try to eliminate passing config.url around
2013-12-26 12:15:10 +00:00
Hannah Wolfe
38e781c8da jQuery link and min map 404 fixes
fixes #1652

- removes the min map thing which doesn't work properly #551, #766, #1479
2013-12-23 21:43:13 +00:00
Michael Bradshaw
a785696115 Escape URL for use in regex 2013-12-21 14:19:23 -07:00
Hannah Wolfe
bdbeffb262 Merge pull request #1716 from ErisDS/post-order
API refactor / cleanup
2013-12-21 12:46:57 -08:00
Hannah Wolfe
545f426c37 Merge pull request #1704 from ErisDS/featured-star
Markup & style fixes for post list statuses
2013-12-21 12:37:39 -08:00
Hannah Wolfe
78737b35ff API refactor / cleanup
closes #1303

- removed where and orderBy from being passed from the API through to bookshelf, and ultimately knex
- ordering is now consistent across both front and backend, which fixes #1303
- validated / cleaned up all the API parameters
- added API tests for the status and staticPages parameters
2013-12-20 13:07:01 +00:00
Hannah Wolfe
05c603ee2c Markup & style fixes for post list statuses
fixes #1703, fixes #1712

- featured star appears immediately for both draft and published items
- featured star is never red & alignment /style is updated
- improved markup and styling of statuses in general
- added to feature tests
2013-12-20 12:29:47 +00:00
Sebastian Gierlinger
7ae543289d Fix 'dbHash' not found
closes #1685
- changed dbHash initialization from db direct access to api access
- added dbHash to default-settings.json
- added dbHash to tests
2013-12-16 11:16:06 +01:00
Hannah Wolfe
96f246533b CasperJS waitForOpaque fails more gracefully 2013-12-15 18:30:15 +00:00
Sebastian Gierlinger
05810b318c Improve Helpers
closes #1640
closes #1672
- changed to include config using require
- deleted has_tag helper
- deleted json helper
- removed fileStorage and ghostScriptTags helpers from frontend
- added fileStorage and url helper to admin
2013-12-14 17:28:54 +01:00
Seb Gotvitch
fef9b4be25 Bug fixes for partial views
closes #1203
- Update express-hbs module to the new version (0.5.2)
- Use two instance of hbs one for the theme and an other for the admin
- Template helpers are register as partial view
- Partial views of the theme are reload when the theme changed

Remove clear partial cache in handlebars

This code will be move in `express-hbs`.
This doesn't cause a problem to remove this line but it is not clean.

Remove unused hbs instance

Resolve conflict
2013-12-12 12:11:02 -05:00
Harry Wolff
9bbf400dfc Fix loading of static pages in frontend controller
fixes #1644

- Fixes bug in controller/frontend
- Created functional test for posts API to test for this bug
- Created unit tests for frontend controller
- Fixed a global variable leak in core/test/utils/fixtures/data-generator
that was leaking the DataGenerator globally
- Resolved issue that arose from fixing above bug
2013-12-09 22:38:25 -05:00
Harry Wolff
c8c02a65fa Remove ghost.js
fixes #1575
- Moves most code that was in ghost.js into ./core/server/index.js
- Creates ./core/server/config/theme.js to hold all theme configurations 
(which previously lived on ghost.blogGlobals())
- Removed ghost.server, passing it in as an argument where needed 
and allowing middleware to hold onto a reference for lazy use.
2013-12-07 10:10:02 -05:00
Hannah Wolfe
7a46c36045 Merge pull request #1627 from sebgie/issue#755
remove ghost.settings and ghost.notifications
2013-12-07 03:36:08 -08:00
Fabian Becker
1f853194ee Upgrade downsize to 0.0.4
refs #1095
- added new unicode test to excerpt helper
2013-12-06 15:43:03 +00:00
Sebastian Gierlinger
078f464197 remove ghost.settings and ghost.notifications
covers 90% of #755
- moved ghost.settings to api.settings
- moved ghost.notifications to api.notifications
- split up api/index.js to notifications.js, posts.js, settings.js,
tags.js and users.js
- added instance.globals as temp workaround for blogglobals (Known
issue: blog title and blog description are updated after restart only)
- added webroot to config() to remove `var root = ...`
- changed `e` and `url` helper to async
- updated tests
2013-12-06 09:51:35 +01:00
Sebastian Gierlinger
faeef9d209 Fix login test failure
no issue
- added timeout after login limit tests
2013-12-05 15:25:20 +01:00
Hannah Wolfe
d69e87b625 Merge pull request #1594 from halfdan/1591-excerpt-helper
Fix excerpt/content helpers
2013-11-30 10:16:26 -08:00
Hannah Wolfe
7c3031507d Merge pull request #1593 from ErisDS/app-proxy-update
Direct api access for app proxy
2013-11-30 10:15:20 -08:00
Fabian Becker
5c1091af10 Fix excerpt/content helpers
fixes #1591
- Convert quoted strings to numbers
- Update code examples
- Update helper tests
2013-11-29 18:58:58 +00:00
Hannah Wolfe
ed6455f5a4 Direct api access for app proxy
- proxy doesn't need a ghost object :)
2013-11-29 16:26:56 +00:00
Gabor Javorszky
c515e20ea3 Adds login limiter
Closes #499
* On wrong passwords, statuses: `active` -> `warn-1` -> `warn-2` -> `warn-3` -> `locked`
* On login check, if user's status is `locked`, login automatically fails and user is encouraged to reset password. Does not even bother to check for passwords.
* login attempts tell user how many attempts she has remaining in notification box
* successful login will reset status to `active`
* resetting password with forgotten password emailed token resets status to `active`
* complete with a test suite
2013-11-29 01:24:25 +00:00
Harry Wolff
37b2fd93d8 This commit removes a lot of code from ghost.js, including:
Move helper functions registerThemeHelper and registerAsyncThemeHelper
to the helpers module.
Also update the app proxy object to reflect this new code location,
and the tests to reflect that as well

Create ./sore/server/filters which houses all filter related behavior.
Was previously on the ghost singleton.
Also create the filters_spec file for testing
and update all code and tests to use new code location.

Create ./sore/server/helpers/template which houses all template related behavior.
Was previously on the ghost singleton.
Also create the helpers_template_spec file for testing
and update all code and tests to use new code location.

Move ghost.mail instance onto the mail module directly
and update related code and tests to use new location

Move Polyglot instance onto require module directly

Move ghost.availablePlugins to plugins module directly
2013-11-28 09:21:53 -05:00
Hannah Wolfe
2dd1f4a635 Test bug fix
- test should use testing config, not development config. If you run the tests whilst also running the dev server, the tests fail.
2013-11-28 12:33:02 +00:00
Hannah Wolfe
76f3730427 Bug fixes for paths / windows & tests
- removed path.join used for urls
- made sure async tests fail/timeout correctly
2013-11-28 11:21:49 +00:00
Tim Griesser
726014f59a bumping to knex 0.5 and bookshelf 0.6.1 2013-11-26 23:10:31 +00:00
Sebastian Gierlinger
e95b592028 Remove cookie from Frontend
closes #1437
closes #1472

- changed cookie to path:'/ghost'
- added conditional CSRF middleware
- added redirects for signup, signin, signout to /ghost/sign*/
2013-11-26 10:38:54 +01:00