Commit Graph

2618 Commits

Author SHA1 Message Date
Hannah Wolfe
5dac1c97fc
Split renderChannel into controller + renderer (#9218)
refs #5091, refs #9192

- render channel was always a weird file
- now it's clearly 2 things
- we're slowly getting towards closing #5091... 🎉
- added some extra tests
2017-11-06 12:17:24 +00:00
Hannah Wolfe
4c5ef16bc3
Represent channels as class instances (#9209)
refs #9192, refs #5091

- Using a class allows for easy shared logic
- Loading is designed to work from config right now, but could be DB driven, etc
- Provided configuration can be simplified and extended in the constructor / class methods
- Update tests, move custom assertions to utils
2017-11-05 10:04:59 +00:00
Hannah Wolfe
4ee522069c
Increased URL utility coverage to 100% (#9201)
refs #9192

To anyone seeing this go by - I'm about to start some fairly major refactoring work on the url utility. Before I do that, I wanted to make sure I had 100% coverage, and understanding of some of the weird cases.

The majority of the changes I've made are adding tests, but I was also able to clean up a little bit, remove a few lines or change them to make use of other tools.
2017-11-02 20:35:58 +00:00
Hannah Wolfe
329289a2b4 Classes must use strict mode 2017-11-01 15:55:06 +00:00
Hannah Wolfe
5319fd4e35 Added concept of ghost-query debug mode
- Outputting all queries is too much debug info for normal dev
- Use DEBUG=ghost:*,ghost-query to debug queries
- Or just DEBUG=ghost-query
2017-11-01 15:18:53 +00:00
Hannah Wolfe
9b54ed0689 Refactored apps to have access to a router
refs #9192

- Instead of `setupRoutes` function in apps that gets passed a router, there is now a registerRouter function as part of the proxy
- Moved towards a route service, which will know about all routes
- Using classes to abstract away shared behaviour

Notes:

- changing the app proxy didn't result in a test failure!
- structure of route service is totally new and may change a lot yet
2017-11-01 15:02:25 +00:00
Hannah Wolfe
bcf5a1bc34
Switch to Eslint (#9197)
refs #9178

* Add eslint deps, remove old lint deps
* Add eslint config, remove old lint configs
* Config for server and tests are different
* Tweaked rules to suit us
* Fix linting in codebase - lots of indent changes.
* Fix a real broken test
2017-11-01 13:44:54 +00:00
Hannah Wolfe
bbf59fc6c1
Refactored to save settings only if value changes (#9194)
refs #9192

- Each setting is saved individually
- Update this to only happen on import, or when a value changes
- Reduces the amount of work Ghost does on every setting change
2017-10-31 15:47:30 +00:00
kirrg001
9d4ed8c61c Replaced extract-zip-fork by extract-zip
no issue

- we had to fork the original repository at one point, because of slow maintenance
- maintenance is back now
- https://github.com/maxogden/extract-zip/pull/52 was merged and released
2017-10-31 12:11:59 +01:00
Hannah Wolfe
882a2361ee
Moved apps to /services/ & moved individual tests (#9187)
refs #9178

* Moved app handling code into services/apps
  - Apps is a service, that allows for the App lifecycle 
  - /server/apps = contains internal apps 
   - /server/services/apps = contains code for managing/handling app life cycle, providing the proxy, etc
* Split apps service tests into separate files
* Moved internal app tests into test folders
    - Problem: Not all the tests in apps were unit tests, yet they were treated like they were in Gruntfile.js
    - Unit tests now live in /test/unit/apps
    - Route tests now live in /test/functional/routes/apps
    - Gruntfile.js has been updated to match
* Switch api.read usage for settingsCache
* Add tests to cover the basic App lifecycle
* Simplify some of the init logic
2017-10-30 12:31:04 +00:00
Hannah Wolfe
b5228f5c43 Rename blog -> site
- We're going to be moving towards this naming convention more
- Doing this now makes it easier to name other things
2017-10-26 18:09:56 +01:00
Hannah Wolfe
b8a8360219 Use t_ for translations in channel routes
refs #5091

- rkw is something I made up on the spot
- t_ looks like a translation function, which is what this IS!
2017-10-26 13:04:01 +01:00
Katharina Irrgang
34054a32c0 🐛 Theme name is point number (#9184)
closes #9182

- e.g. "1.4"
- extend settings cache to ensure we return strings for numbers and floating point numbers
2017-10-26 13:54:18 +02:00
Katharina Irrgang
88eab9898c Moved fetching client out of our ghost_head helper (#9180)
refs #8995

- move the getClient lookup from ghost_head into middleware
- use res.locals to keep track of the information (res.locals.client)
- make the middleware global to all frontend routes
- ghost_head: get locals from options.data not this (!)
- adapt lot's of tests
2017-10-26 12:03:53 +02:00
Aileen Nowak
c8cbbc4eb6 Improved password validation rules (#9171)
refs #9150 

- Moves the password length fn from `models/user` to `data/validation` where the other validator functions live.
- Added password validation rules. Password rules added:
   - Disallow obviously bad passwords: '1234567890', 'qwertyuiop', 'asdfghjkl;' and 'asdfghjklm' for example
   - Disallow passwords that contain the words 'password' or 'ghost'
   - Disallow passwords that match the user's email address
   - Disallow passwords that match the blog domain or blog title
   - Disallow passwords that include 50% or more of the same characters: 'aaaaaaaaaa', '1111111111' and 'ababababab' for example.
- Password validation returns an `Object` now, that includes an `isValid` and `message` property to differentiate between the two error messages (password too short or password insecure).
- Use a catch predicate in `api/authentication` on `passwordReset`, so the correct `ValidationError` will be thrown during the password reset flow rather then an `UnauthorizedError`.
- When in setup flow, the blog title is not available yet from `settingsCache`. We therefore supply it from the received form data in the user model `setup` method to have it accessible for the validation.
2017-10-26 11:01:24 +01:00
Hannah Wolfe
05729d2f29 Group channel-handling code together
refs #5091

- Move all of the code to do with handling channels into one folder
- Still keeping all the shared/simlar code for rendering etc inside weird
  frontend folder until I am sure what this will look like
2017-10-25 18:48:47 +01:00
Hannah Wolfe
e659766f55 Move xmlrpc & slack to services (#9179)
refs #9178

- Introduce the /services/ folder
- Move xmlrpc there
- Move slack there
- In slack: remove a usage of the settings API that should use settingsCache
- In slack: Simplify the tests 
- Various tiny changes to move towards code consistency
2017-10-25 15:27:56 +01:00
Hannah Wolfe
050f1751c4 Simplify config for channels (#9158)
refs #5091

- remove the use of functions
- remove unnecessary quotes from tag filter
- move channel config to be a JSOn file called config.channels.json
- accept external config
- new channelUtils for tests
- remove channelConfig.get 
- refactor so tests work as expected
- refactor away duplicate 'name' value
2017-10-24 17:18:35 +01:00
Hannah Wolfe
ac3feb96d6 🐛 Prevents xmlrpc pings happening on import (#9165)
closes #9164

- check options.importing on xmlrpc
- also don't ping if private
- cleanup slack to work the same way
- update tests
- TODO: we need to prevent this event happening altogether
2017-10-23 18:30:33 +01:00
Hannah Wolfe
c20a6aa7f7 Improve channels router code (#9166)
refs #5091

- There is very little that changes here, just code readability
- However I've expanded out the tests getting ready to be able to test more deeply as I refactor the routing
2017-10-23 11:42:48 +01:00
Aileen Nowak
d4b6390fd6 Improved importer logic for password in users (#9161)
refs #9150

- move data manipulation for importing users from `importers/data/users` to `model/user` for more consistency (see behaviour of post imports)
- changed importing logic in `onSaving` fn for user model:
   - when importing, we set the password to a random uid and don't validate, just hash it and lock the user
   - when importing with `importPersistUser` we check if the password is a bcrypt hash already and fall back to normal behaviour if not (set random password, lock user, and hash password)
   - don't run validations when importing
2017-10-19 10:43:52 +01:00
aimingoo
958544ae90 support prev/next filtering by author (#9149)
refs #9141

- adds support for `{{#prev_post in="author"}}{{/prev_post}}` & `{{#next_post in="author"}}{{/next_post}}` 
- "author.slug" is the author equivalent of "primary_tag.slug" - there is only one
- added tests to cover both cases in the prev/next helpers
2017-10-18 18:12:20 +01:00
Aileen Nowak
7d388cb9e1 🐛 Fixed internal links converting to absolute URLs (#9143)
closes #9136

Changed the functionality in `make-absolute-urls.js` util to not convert the URL when starting which an `#`, as it indicates and internal link.
The util is used inside of the `{{amp_content}}` helper and to render the RSS feed. I tested the changes with the most popular RSS reader 'Feedly' and it seems like these internal links get converted to absolute URL inside of Feedly automatically.
2017-10-18 17:54:17 +01:00
Aileen Nowak
0ed92959c8 Increase minimum password length to 10 characters (#9152)
refs #9150

- Sets password min length in validator to 10
- Updates tests
2017-10-18 17:45:41 +01:00
Hannah Wolfe
1c382792ef Prev & next post filtering, with primary tag support (#9141)
closes #9140
* Rip out existing prev/next implementation
* New implementation using filter
* Support next/prev in primary_tag
2017-10-13 15:44:39 +01:00
Katharina Irrgang
8de691d575 🐛 HTML page error: correct templateData (#9144)
no issue

- `this.statusCode` was always undefined
- see HTML error handler
- it's hard to add a test for this case
- manual test only
2017-10-13 14:26:42 +01:00
Hannah Wolfe
9f9d8b2fec Always use our redirects utility (#9132)
no issue

- This started as an attempt to simplify the admin redirect code
- I realised we were sometimes using utils.redirect301 and sometimes not
- Decided to move this into utils.url as it's more relevant to URL generation
- Unified usage of redirects in the codebase
- Updated tests & ensured we have basic coverage
- rename adminRedirect -> redirectToAdmin
- Tweak method signature, fix channel edit redirects
- Tests: Optimised test descriptions for url-redirects_spec.js
- ensure caching works as expected
2017-10-12 14:36:50 +02:00
Kevin Ansfield
9699016cca 🎨 Improved accessibility markup in default navigation.hbs partial (#9137)
refs #9135

- remove `role="presentation"` attribute from list items
- add explicit `menu` and `menuitem` roles to improve screen ready accessibility
2017-10-12 13:57:18 +02:00
Hannah Wolfe
c25c5e2395 🐛 Fixed showing "theme missing" error incorrectly (#9129)
closes #8222

- There are still some cases where Ghost shows "the currently active theme X is missing" when it isn't
- This is due to the error handling masking several cases
- This PR resolves that, ensuring errors from gscan and the underlying environment don't get masked
2017-10-11 15:19:12 +02:00
Katharina Irrgang
594b0c2d14 Custom post templates (#9073)
closes #9060

- Update `gscan` - it now extracts custom templates and exposes them to Ghost
- Add `custom_template` field to post schema w/ 1.13 migration
- Return `templates` array for the active theme in `/themes/` requests
- Users with Author/Editor roles can now request `/themes/`
- Front-end will render `custom_template` for posts if it exists, template priority is now:
  1. `post/page-{{slug}}.hbs`
  2. `{{custom_template}}.hbs`
  3. `post/page.hbs`
2017-10-10 13:36:35 +01:00
Hannah Wolfe
7999c38fa2 Support filtering based on primary_tag (#9124)
closes #8668, refs #8920

- Updated tests to include internal tags
  - Tests had no example of an internal tag
  - Need this to show that the new filtering works as expected
- primary_tag is a calculated field
- This ensures that we can alias the field to equivalent logic in API filters
- By replacing primary_tag by a lookup based on a tag which has order 0
- bump ghost-gql to 0.0.8

**NOTE:**
Until GQL is refactored, there are limitations on what else can be filtered when using primary_tag in a filter e.g. it wont be possible to do a filter based on primary_tag AND/OR other tag filters.
2017-10-10 14:07:44 +02:00
Hannah Wolfe
2941932ebe Removed hardcoded url structures from RSS (#9113)
refs #5091

- This removes hardcoded config to generate feed urls
- This means that RSS feeds work properly for custom channels
- Remaining assumption is that paginated feeds will end /pageNum/
- Added extra tests
- Don't pass through query params
2017-10-09 16:08:53 +02:00
Katharina Irrgang
8c54f3cca9 Added request id header (#9122)
no issue

- be able to track a request through different systems
- case insensitive
- manual test only
2017-10-09 14:48:32 +02:00
Hannah Wolfe
d77e000113 Splitted preview & single controllers from index (#9121)
refs #5091

- one step towards having a less confusing controller/routing system for blogs
2017-10-09 13:56:44 +02:00
Hannah Wolfe
75fdcd168e Added support for custom channel contexts (#9114)
refs #5091

- This simple change allows custom contexts to use existing channel logic
- E.g. if we want to create a custom tag-based channel, it can pass "tag" as the context, and get all the same metadata logic
2017-10-09 11:59:46 +02:00
Hannah Wolfe
6760ccc8ec Permissions: minor refactors (#9104)
refs #9043

- Cleanups / refactors to make the code more manageable
- Move remaining code out of index.js 
   - Only "init" function is left. Actions map cache and init function is based heavily on the settings cache module
- refactor the odd way of exporting
   - This was cleaned up naturally by moving the actionsMap object out
- rename "effective" -> "providers"
  - "Providers" provide permissions for different things that can have permissions (users, apps, in future clients).
2017-10-05 21:01:34 +02:00
Aileen Nowak
19167c1af2 🐛 Fixed author helper not returning the correct url (#9102)
closes #9101

With 506a0c3e9e we don't expose the `status` field for author context anymore, which is used to determine the correct URL for the `{{url}}` helper in https://github.com/TryGhost/Ghost/blob/master/core/server/data/schema/checks.js#L13

This fix uses the field `profile_image` instead and adds a missing test for author context to the `{{url}}` helper test.
2017-10-05 13:50:55 +02:00
Katharina Irrgang
30e790bf12 Debug: Update Collision (#9103)
refs #8969

- we would like to figure out how often people get the error and with which context
2017-10-05 12:24:21 +01:00
Katharina Irrgang
7800ed3d8b Private RSS feed (#9088)
refs #9001

When a blog is in private mode there is now an unguessable URL that allows access to the RSS feed for internal use, commenting systems, etc.

- add public hash for private blogging
  - auto generate on bootstrap if missing
  - global hash, we can re-use in the future
- update private blogging middleware to detect the private RSS URL and rewrite it so that the normal rss route/code is used for display
- if a normal `/rss/` route is accessed with a private session return a 404
2017-10-05 11:07:32 +01:00
Katharina Irrgang
a36ca9c14e Debug: Measure AMP parse (#9097)
no issue
2017-10-04 10:32:00 +01:00
kirrg001
78ac98ee27 Debug: LocalStorage response time
no issue
2017-10-04 10:05:35 +01:00
kirrg001
41c9db30b5 Debug: MySQL logging hook
no issue
2017-10-04 10:05:35 +01:00
Katharina Irrgang
73568ba55a Image Size Utility: optimised unknown request error handling (#9094)
no issue

- we want to know and learn from the full original error
2017-10-04 10:03:26 +01:00
Katharina Irrgang
3d6227e11b Brute store error is an internal server error (#9092)
no issue
- If the brute store throws an error and the `handleStoreError` is called, then the storage is unable to get/set values.
- This is not a PermissionError. The result is that the user has no access, because the brute store has problems reading/writing to the storage.
2017-10-04 10:02:22 +01:00
Katharina Irrgang
c4b2e8035d Debug: Add post.url if amp parse error happens (#9091)
no issue
- if AMP parse failed, we want to figure out which url is/was affected
2017-10-04 10:01:00 +01:00
Katharina Irrgang
5f44972d44 🐛 Fixed being able to store invalid date formats (#9090)
closes #9089
- use the current date any time a post is fetched if the database contains an invalid date
- raise an error any time an attempt is made to save an invalidate date via the API
2017-10-04 09:56:09 +01:00
Katharina Irrgang
15446766bf Protected internal tags visibility (#9076)
closes https://github.com/TryGhost/Ghost/issues/8943

- if you send a tag name with a hash, it's an internal tag
- ensure that the visibility property is forced to `internal`
- add a proper test
2017-10-03 13:00:33 +01:00
Katharina Irrgang
66f78af6a1 Refactored private blogging app: use settings cache (#9086)
no issue

- preparation for #9001
- no need to require the settings API, we can simply fetch the data from the settings cache
- the settings API uses the settings cache anyway
2017-10-03 12:40:53 +01:00
Kevin Ansfield
b82932b492 🎨 Disabled auto-linking of domain names in markdown (#9084)
closes https://github.com/TryGhost/Ghost/issues/8987

- set `linkify-it` `fuzzyLink` option to false so that it only auto-links URLs starting with `http(s)://` or other valid schemes
2017-10-03 12:14:53 +02:00
Vikas
b7e82f3b00 Improved the usage of missing translation keys (#9081)
closes #9079

- log error if missing key was used
- send client generic error message (they can look at logs to get a
better understanding)
2017-10-03 09:47:48 +02:00
Katharina Irrgang
506a0c3e9e 🔥 Removed certain fields from public user response (#9069)
no issue 

* Comment current state of toJSON for user model

- currently the user model does not return the email if the context is app/external/public OR if there is no context object at all
- i am not 100% sure why if there is no context we should not return the email address
- i think no context means internal access
- maybe change this condition cc @ErisDS

* Extend our access rules plugin

- we already have a instance method to determine which context is used
- this relies on passing options into `.forge` - but we almost never pass the context into the forge call
  - added @TODO
- provide another static method to determine the context based on the options object passed from outside

* Use the new static function for existing code

* Add comment where the external context is used

* Remove certain fields from a public request (User model only)

* Tests: support `checkResponse` for a public request

- start with an optional option pattern
- i would love to get rid of checkResponse('user', null, null, null)
- still support old style for now
- a resoure can define the default response fields and public response fields

* Tests: adapt public api test

* Tests: adapt api user test

- use new option pattern for `checkResponse`
- eww null, null, null, null....

* Revert the usage of the access rules plugin
2017-09-28 14:00:52 +01:00
Katharina Irrgang
42af268d1b 🎨 User is not allowed to add/modify certain fields (#9053)
no issue

- it's not allowed to change/add these attributes via the API
  - created_at = is only once set on adding the resource
  - created_by = is only once set on adding the resource
  - updated_by = is set on the server side when updating the model (based on who is logged in)
  - updated_at = is set on the server side when updating the model

* Revert the usage of the access rules plugin
2017-09-28 13:59:42 +01:00
Katharina Irrgang
d3d04a8e72 Fixed wrong handling of formats param (#9078)
closes #9077

- because of our API layer refactoring, see https://github.com/TryGhost/Ghost/pull/9068
- we can now see that code was written wrong because of this horrible API bug
- this fixes the formats parameter for querying a single post
2017-09-28 13:38:32 +01:00
kirrg001
e347163940 Removed bypassing option filtering in User model
no issue

- the logic here bypasses filtering options!
- that is wrong, because if we filter out certain options e.g. include
- the tests from the previous commit fail because of this
- if we don't fix this logic, the tests won't pass, because as said, you can bypass certain logic e.g. remove roles from include
- this has worked before, because we passed the wrong options via the API layer
- was introduced here 014e2c88dd, because of https://github.com/TryGhost/Ghost/pull/6122
- add proper tests to proof that these queries work!!
2017-09-28 10:18:18 +01:00
kirrg001
1e2beface1 Refactored the API layer: do not handle API response after pipelining
no issue

- this has a big underlying problem
- each task in the pipeline can modify the options
- e.g. add a proper permission context
- if we chain after the pipeline, we don't have access to the modified options object
- and then we pass the wrong options into the `toJSON` function of a model
- the toJSON function decides what to return based on options
- this is the easiest solution for now, but i am going to write a spec if we can solve this problem differently
2017-09-28 10:18:18 +01:00
Katharina Irrgang
a6d57d6324 🐛 Fixed missing cache invalidation header when uploading redirects (#9071)
closes #9065
2017-09-27 18:58:33 +01:00
Hannah Wolfe
fcd3c6847b 🐛 Fixed author role permission to change author (#9067)
🐛  Fixed author role permission to change author

no issue

- To be able to fix this bug, we had to solve tasks from #9043
- This bug affects the private / undocumented API only
- Author role users should not be allowed to change the author of a post
2017-09-27 13:12:53 +02:00
Katharina Irrgang
baf8116d6b Removed OAuth leftover: emit event when calling /users/me (#9061)
refs #8342

- was added in this commit 319a388277
- we can remove this event
2017-09-27 04:07:39 +01:00
Katharina Irrgang
3002747b68 Return dates from the database without milliseconds (#9054)
no issue

- we store dates without milliseconds in the database
- our test environment does not use our model layer to insert data, this is related to  https://github.com/TryGhost/Ghost/issues/7196
- so it can happen that the test env inserts unix timestamps instead of a formatted string
- e.g. adding data via the model layer (e.g. via the API) the format is always normalised to `YYYY-MM-DD HH:mm:ss`
- if we fetch the date from the database, we have a hook which sorts out knex returning different formats for dates
- this hook wraps the returned date into a UTC moment date, but adds the current milliseconds on top
- which can collide in tests when you have specific assertions
- use `startOf` to ignore milliseconds
- furthermore: remove the mentionings of `pg` (postgres)
2017-09-26 17:16:46 +01:00
Hannah Wolfe
b468d6dbe2 Support for attribute-based permissions (#9025)
refs #8602

- Add the wiring to pass attributes around the permission system
- Allows us to get access to the important "unsafe" attributes that are changing
- E.g. status for posts
- This can then be used to determine whether a user has permission to perform an attribute-based action
- E.g. publish a post (change status)
2017-09-26 18:06:14 +02:00
Katharina Irrgang
a80a09e483 🔥 Removed public API endpoint to fetch users by email address (#9059)
no issue

- our public API is still a beta/labs feature
- from api.ghost.org
  > The API is still under very (very) heavy development and subject to regular breaking changes.
- users should expect breaking changes in any release (independent from semver versions)
- the public user API never returns any email addresses to decrease the information we expose
- there is no need to keep the support fetching a user by email address
2017-09-26 16:42:58 +01:00
Katharina Irrgang
af01f51204 🐛 Fixed returning roles for the public user resource (#9039)
no issue

- this bug fix affects all endpoints for the public user access
- we allowed fetching `roles` via the public api by accident
- see our docs: https://api.ghost.org/docs/users)
  - we only allow `count.posts`
- returning roles via the public api exposes too many details
- this was never intentional
2017-09-26 15:43:21 +01:00
Katharina Irrgang
e921c7a044 Revert "🐛 Fixed returning roles for the public user resource (#9039)" (#9062)
This reverts commit 217bc6914d.

- NOTE: will be released in the next minor release
2017-09-26 14:28:34 +01:00
Katharina Irrgang
22017b8ede 🎨 Backup redirects.json file before overriding (#9051)
refs #9028

- if you upload a redirects file and a redirects file exists already, we backup this file to `data/redirects-YYYY-MM-DD-HH-mm-ss.json`
- decrease chance of random test failures by not comparing date format with seconds
2017-09-25 18:35:57 +01:00
Katharina Irrgang
472858f262 Removed unused API endpoint: POST /users (#9052)
no issue

- this endpoint does not exist anymore
- if you want to add a new user, you have to invite him via the invites API
- on invite accept, the user is inserted
2017-09-25 16:58:14 +01:00
Kevin Ansfield
ec6e25674c Removed markdown-it-named-headers and unused string deps (#8994)
refs https://github.com/TryGhost/Ghost-Admin/pull/856

- moves `markdown-it-named-headers` functionality into our own app code without requiring the [`string.js`](http://stringjs.com) sub-dependency
- matches Ghost-Admin markdown-it code
2017-09-25 16:36:34 +02:00
Katharina Irrgang
1dd365778f 🐛 Fixed persistent upgrade notifications showing for the currently installed version (#9048)
closes #9040

- introduced by https://github.com/TryGhost/Ghost/pull/9009
- a condition was missing, was removed by mistake
2017-09-25 12:22:56 +01:00
Katharina Irrgang
217bc6914d 🐛 Fixed returning roles for the public user resource (#9039)
no issue

- this bug fix affects all endpoints for the public user access
- we allowed fetching `roles` via the public api by accident
- see our docs: https://api.ghost.org/docs/users)
  - we only allow `count.posts`
- returning roles via the public api exposes too many details
- this was never attentional
2017-09-25 11:18:23 +01:00
Hannah Wolfe
9da7b956d5 Permissions: code cleanup & basic unit tests (#9037)
refs #9043

- Split public-related and context code into logical components
- Split tests up to match
- Ensure we have 100% unit test coverage
- General cleanup
2017-09-25 11:17:06 +02:00
Vikas
e8f85fd3da 🐛 Fixed redirects upload for various browsers/systems (#9042)
closes #9036
2017-09-22 21:57:43 +02:00
Katharina Irrgang
d943fc7cc9 Allow Upload/Download of redirects.json (#9029)
refs #9028

- add two new endpoints for uploading/downloading the redirects (file based)
- reload/re-register redirects on runtime
- migration for 1.9 to add permissions for redirects download/upload
2017-09-21 16:01:03 +01:00
kirrg001
f478e4f9c8 🎨 Enabled Unsplash by default
refs https://github.com/TryGhost/Ghost/issues/8859

There are four cases:

- unsplash setting is empty (default), admin can enable the app by default (hardcoded isActive:true)
- unsplash settings are set, unsplash is disabled, admin detects that app was disabled on purpose
- unsplash setting is set, unsplash is enabled and has a key, app is enabled, old key get's ignored and overridden on the next save
- unsplash setting is set, unsplash is enabled and has no key, app is enabled
2017-09-20 11:44:47 +01:00
kirrg001
79fead5516 Removed private configuration endpoint
refs https://github.com/TryGhost/Ghost/issues/8859

- We don't need the config option for Unsplash anymore
- The private endpoint (/configuration/private) was introduced for Unsplash
2017-09-20 11:44:47 +01:00
Katharina Irrgang
edf2348394 Improved log output for welcome email error (#9016)
* Improved log output for welcome email error

no issue

- if Ghost is unable to send a welcome email, the server log printe a huge error log
- the reason was that each component wrapped the original error into a new error instance
  - so the stack grows and grows
- the golden rule should always be: the smallest/lowest component should instanitate a specifc error
  - the caller can expect to receive a custom Ghost error

* Tidy up error messages for mail failures and fix tests

- We never use "Error:" notation in our translations
- Make the error messages consistent and show a reason if possible
2017-09-19 14:24:20 +01:00
Aileen Nowak
0ce24b48bd Moved published_at creation to fixtures/utils (#8595)
no issue

- follow-up from #8573
- bove the hack that creates published_at values from the migration fn to our fixture util
2017-09-19 12:54:01 +02:00
Katharina Irrgang
4ac34a7f33 🐛 Fixed api url for the ghost sdk (#9013)
no issue

- mirror LTS behaviour to master
- if your blog or admin url is configured to http, it's still possible that e.g. nginx allows both https/http
- that's why we should generate the api url without protocol in this case
- so it depends how you serve your blog, example:
  - blog url is http://example.com
  - generated api url for the sdk is //example.com (dynamic protocol allowed)
  - you serve your blog via https://example.com, protocol is https
  - you serve your blog via http://example.com, protocol is http
2017-09-18 16:28:22 +01:00
Katharina Irrgang
abb84d065e Improved debug logs for auth utils (#9015)
no issue

- reduce the debug logs
- it's okay to log the old token to delete, because this token is getting removed anyway
2017-09-18 16:23:47 +01:00
Katharina Irrgang
7b4c3fc085 Removed defunct Ghost OAuth code (#9014)
closes #8342

- no need to add a migration, because when we'released 1.0, OAuth was never an option
- it was disabled in April, 1.0-beta was released in June
- remove all remote authentication code
2017-09-18 13:01:58 +01:00
kirrg001
18abb425fc 🐛 Fixed doubled query params for url/admin-url redirection
no issue

- express adds the query parameters to the `originalUrl`
- we have to ensure that we don't add the query params twice
2017-09-14 07:55:14 +07:00
kirrg001
79959d9581 🐛 Fixed public api access on custom domain
no issue

- if you blog runs on a custom domain, but your admin panel is configured using a different domain
  -> Ghost losts the origin header
- we had this situation once with pretty urls (your request get's redirected from /posts to /posts/, see https://github.com/TryGhost/Ghost/pull/8094)
- we've moved all our redirect logic to Ghost and ran into the same situation
- i've added proper test to ensure it won't happen again
2017-09-14 07:55:14 +07:00
Katharina Irrgang
85f8498bd6 🎨 Changed showing update notifications for minor/major only (#9009)
closes #9006

- this is a temporary fix to only show update notifications for minor/major releases
- the notification refactoring is in the pipeline, but not yet merged into 1.X/LTS, see https://github.com/TryGhost/Ghost/pull/8871
2017-09-13 18:12:41 +07:00
Hannah Wolfe
4237446277 Misc cleanup & consistency amends (#9002)
no issue

- Consistent naming for postLookup
   - makes it easier to search and inspect the various usages
- Cleanup unneeded code
- Make res.render calls more consistent
- add some consistency to the calls to res.render
- Remove ancient reference to dataProvider
- Let's call it models everywhere now...
- Use consistent formatting across the API
- we're no longer using alignment in vars
- Misc other consistency changes in API
- always refer to local utils as apiUtils
- logical grouping of requires - dependencies, utils, "lib common" etc
- use xAPI to refer to API endpoints, e.g. mailAPI, settingsAPI for clarity
2017-09-12 17:31:14 +02:00
kirrg001
c99557d9a3 🐛 Fixed disqus comment id when exporting/importing 1.x content
no issue

- while i was testing random failures, i discovered an edge case for disqus
- you start a new 1.0 blog, you add disqus, the unique identifer is the post id (object id)
- now you export your content and import it on a new instance
- the importer detects that the amp field is null and imports the old object id as comment id
- but the post model is not prepared for this case
- see next commit for tests

**NOTE**: The comment id had two different data types (Number or String). Disqus expects a string. So this should not change any behaviour, now that the comment_id is always a string.
2017-09-12 16:29:59 +01:00
Aileen Nowak
a45a91c906 🐛 Fix invalid image URLs not being cached and causing timeouts (#8986)
refs #8868

* 📐  Use request util in image-size
- swapped the usage of `got` for requests with the request util

* 💄  Use catch predicates
- Uses catch predicates instead of conditionals in `getImageSizeFromUrl`
- Return `NotFoundError` if applicable in `getImageSizeFromFilePath` as the caller function `cachedImageSizeFromUrl` is differentiating those between this error and others.

* 🐛  Fixed ImageObject URL & simplify no protocol URL logic

- Using `ImageObject` as a global var resulted in having the `url` property being the same for all requests coming in.
- The logic that checked for an existing protocol (e. g. gravatar URLs) was overly complicated. Refactored it to be more simple.
- Passing the correct value to `fetchDimensionsFromBuffer` as the population of `imageObject.url` happens there. These are used in our structured data and need to be full URLs (in case of locally stored files) or the original URL (in case of URLs missing the protocol)
- Added two more debug logs in `getCachedImageSizeFromUrl` so it's logged when an image is added to the cache even tho it was returned as error.

* 👀  Differentiate error codes between request and storage

* 🔥  Remove not needed `Promise.resolve()`

We're always resolving the result in `getCachedImageSizeFromUrl`, so there's no need to return the values with a `Promise.resolve()`. The caller fn uses waits for the Promises to be fulfilled.

* ☂️  Wrap already rejected predicate errors in catch all

* Use errorDetails instead of context

* ☂️  Support /assets/ image paths

- adds a guard that checks the image URL for `/assets/` in the beginning and passes a completed URL to the request util to try and fetch the image size
- adds tests
2017-09-12 12:53:18 +01:00
Katharina Irrgang
add9e541c2 🐛 Fixed private blogging leaking post information (#8999)
* 🐛  Fixed private blogging leaking post information

closes #8990

- a condition in the private blogging app redirected rss && sitemap to 404, which can possibly leak content
- remove this condition and ensure we always redirect to /private

* lint 😋
2017-09-11 14:09:19 +01:00
Katharina Irrgang
7e211a307c 🐛 Fixed custom redirects with query/search params (#8998)
closes #8997

- improved the logic for custom redirects
- added more tests
2017-09-11 13:20:29 +01:00
Hannah Wolfe
45fd2d437f Properly return a bluebird promise (#8988)
refs #8980

- ☹️ apparently this is actually the only way
2017-09-07 20:48:20 +07:00
Aileen Nowak
6c216b81be Request util to wrap got library (#8980)
no issue

This PR includes a new util which wraps the `got` library. It is not used in the codebase yet, but tested with `image-size` util:
- wraps `got` request library in its own `request.js` util that returns bluebird promises and validates URL before starting a request
- adds tests
2017-09-07 12:17:24 +01:00
Hannah Wolfe
cdf6a10490 ghost_head improvements (#8983)
no issue

- Added debug statements to ghost_head
  - useful for determining how much render time is spent in ghost head
- Make promises more readable
- Used join instead of props for less code
2017-09-07 12:59:02 +02:00
Aileen Nowak
56d64e53bf Logging for image size (#8978)
no issue

- added debug logs to image size util and related fn:
    - when fetched via network request
    - when fetched from storage
    - when added to cache
    - when read from cache
2017-09-07 10:34:10 +01:00
Hannah Wolfe
6c47285bba Added error handling for ghost_head (#8982)
refs #8945

- Ensure that errors in ghost_head are logged
- Render some content despite the error!
2017-09-07 09:29:44 +02:00
Katharina Irrgang
d460cf1291 🐛 Fixed post scheduling (#8976)
closes #8975

- recursive logic was broken
- caused via bf47397ac2
2017-09-05 19:23:11 +01:00
Hannah Wolfe
69657a1ac6 Keep the original error in registerAsyncTheme (#8977)
refs #8945

- pass the original error as part of the errorDetails
- improves logging, so we know what really went wrong
- for debug purposes - can be removed at some point
2017-09-05 20:11:59 +02:00
Katharina Irrgang
71cee504c2 Added default logging rotation config (#8974)
no issue

- define `period` and `count` in our defaults.json config
- advantage: easier access and better overview how logging is configured by default
- period is 1d and count is 10
2017-09-05 17:25:20 +02:00
Katharina Irrgang
1fe87a6110 Tests: Stub image request for dimensions (#8973)
no issue
- test cases were trying to fetch image sizes for `localhost:port/favicon.ico` but no server is running so they time out
- stub the `getImageSizeFromUrl` method so it resolves instantly
2017-09-05 16:24:04 +01:00
Aileen Nowak
eef7932e94 Refactor: fetch image dimensions from local file storage (#8900)
refs #8868

- Removed image-size in blog logo fn for meta data and made it synchronous
- Renamed `image-size-from-url.js` to `image-size.js` (incl. the test)
- Added second fn `getImageSizeFromFilePath` that reads from local file storage
- Added guard in `getImageSizeFromUrl` that checks if the image should be on local file storage and uses the new fn then instead
- Added a fn `fetchDimensionsFromBuffer` that takes the file buffer and returns an `imageObject` with dimensions.
- Added a new utils.js in `adapters/storage` for getting the file storage path
2017-09-05 14:13:22 +02:00
Austin Burdine
a9e668a949 🐛 Fixed only save imported post ids if amp field is empty (#8967)
closes #8963

- if an LTS export is imported into a 1.0 blog, then the 1.0 blog is
exported and re-imported into another 1.0 blog, any post ids from the
lts import were getting clobbered. This only saves the post id if the
amp field does not already exist
- add failing test that passes w/change
2017-09-04 09:48:56 +02:00
Kevin Ansfield
47322e4239 Re-instate mobiledoc dom rendering with bypass of SimpleDOM parsing (#8937)
closes #8757

- update the markdown card render method to use SimpleDOM's `createRawHtmlSection`. This avoids SimpleDOM parsing and tokenization of broken or unsupported free-form HTML that markdown allows
- replace markdown extraction/render with mobiledoc's renderer in the `Post` model
- removes `jsdom` as it's no longer necessary
2017-08-31 12:09:02 +02:00
Vikas
8606ea22a2 Normalize docs URLs (#8949)
no issue

v1.0.0 is no longer the standard in the docs, so I updated all of the URLs containing it with v1
Note: I tried squashing commits, but failed. I'll try again in the future with throwaway changes
Secondary Note: I tested most of the URLs listed and got no 404s!
2017-08-31 11:45:59 +02:00
Aileen Nowak
30bee115fe Used got to handle requests for image-size (#8892)
refs #8589, refs #8868

- swap `request` with `got` in `getImageSizeFromUrl` util
- less handling for request cases e.g. timeouts, follow redirects
2017-08-31 11:39:37 +02:00
Katharina Irrgang
bf47397ac2 Small improvements for the scheduler (#8957)
no issue

- add caching logic to adapter creation (same as we use for storages)
- add debug logs to the default scheduler
- add `requestTimeout` to the default scheduler to support custom timeouts
- add `isRunning` logic to protect running the scheduler twice
2017-08-31 14:12:44 +07:00
Katharina Irrgang
7dec743bba Blog and Admin redirects with trailing slash (#8955)
no issue

- reduce the number of redirects
- before: you are redirected from example.com/ghost to admin.example.com/ghost and Ghost would detect a missing slash and redirect you to /ghost/
- now: you are redirected from example.com/ghost to admin.example.com/ghost/
2017-08-30 17:42:00 +01:00
Katharina Irrgang
029a2a276c 🐛 Fixed redirects loop if admin url does not equal blog url (#8950)
no issue

- this bug was invented with this commit 25c4e5025a
- the updated logic ensures that
  - only if you have configured a custom admin url and your requested host does not match, we redirect you
  - we still keep the wish of no force redirect if you have only configured a custom blog url and you navigate to /ghost
2017-08-29 10:13:56 +01:00
Hannah Wolfe
688d8c9051 🐛 Downgraded errors to warnings for img_url
refs #8703

- Instead of throwing errors, throw warnings for incorrect usage of the img_url helper
- Differentiate between no attribute passed, and attribute evaluating to undefined
2017-08-29 10:31:00 +02:00
Hannah Wolfe
c49dba12a0 🐛 Added error handling to prev/next post helpers
refs #8703

- On API error, call inverse with a data error, the same as the get helper
2017-08-29 10:31:00 +02:00
Hannah Wolfe
b6b2930d15 🐛 Fixed error handling in async helpers
refs #8703

- Always always call cb() even if we get an error!
- Ensure the error is handled, and converted to a GhostError if not already
- If we're in development mode, render the error. Else render nothing.
2017-08-29 10:31:00 +02:00
Hannah Wolfe
c6d54ceea1 🐛 Fixed internal tags being used as primary tags (#8934)
fixes #8920

- Implements logic such that internal tags cannot be primary tags
- If the first tag on a post is an internal tag, that post will not have a primary tag
2017-08-24 13:07:19 +01:00
John O'Nolan
b15f09426e 🛠 Removed "archive" from reserved slugs (#8928) 2017-08-22 17:21:24 +01:00
Kevin Ansfield
f7ce8d0e79 Fix lint error 2017-08-22 14:06:36 +01:00
Kevin Ansfield
2928f649a0 Fix "add-backup-client" migration
no issue
- use correct parameters for `addFixturesForModel` method
2017-08-22 13:51:44 +01:00
David Wolfe
be54da265b Add segment analytics for blog data (#8912)
no issue
- adds data to track such as post published
- adds ability to add custom data and event prefix via config file
2017-08-22 12:23:23 +01:00
Hannah Wolfe
ff15dc1667 Added any & all matching to {{#has}} helper
closes #8901

- Adds support for

```
{{#has any="twitter, facebook, website"}}
{{#has any="author.facebook, author.twitter,author.website"}}
{{#has any="@blog.facebook, @blog.twitter, @labs.subscribers"}}
{{#has all="@labs.subscribers,@labs.publicAPI"}}
```
2017-08-22 11:21:47 +01:00
Hannah Wolfe
746ac2db4d Optimise {{#has}} helper code
refs #8901

- Reduce the amount of code in the helper
- Optimise the checks, so that we only do the minimal amount of work necessary
2017-08-22 11:21:47 +01:00
David Wolfe
c3fcb3105f Add ghost-backup client to trigger export (#8911)
no issue
- adds a ghost-backup client
- adds a client authenticated endpoint to export blog for ghost-backup client only
- allows some additional overrides during import
- allows for an import by file to override locking a user and double hashing the password
2017-08-22 11:15:40 +01:00
Hannah Wolfe
b1cfa6e342 Improved version match logic (#8922)
closes #8821

- Use semver to do constraint matching
- Use client to generate a caret constraint
- E.g. if the client is 1.1, then the constraint ^1.1.0 will match >=1.1.0 <2.0.0
- Updated tests
2017-08-22 10:59:01 +01:00
Aileen Nowak
b086b432ad Dumped icojs and use image-size for .ico (#8888)
refs #8868

The `image-size` library supports now `.ico` files, which means there is no longer need to use the `icojs` library.
- removes unnecessary `icojs` dependency
- refactors `getIconDimensions` fn in blog icon util to fetch image sizes synchronus
- removes unnecessary `getIconDimensions` fn in blog icon validation, as there is no longer need to use different image size fn for different file extensions, and uses `getIconDimensions` from blog util fn instead.
- updates and adds more tests
2017-08-17 17:44:05 +01:00
Hannah Wolfe
4f3a8f6b38 API express app routing & middleware improvements (#8883)
no issue

- Split routes out from the API app 🎨
    - Use the same pattern as the blog app
    - General cleanup/unification across all of the `app.js` files

- Split middleware config out from API routes
    - Logical groupings make it easier to see WTF is going on 😬
2017-08-17 17:52:58 +07:00
Hannah Wolfe
8c7d305cd5 🐛 Fixed channel context to be based on res.locals (#8910)
closes #8907, closes #8908

- Add a bunch of tests to detect these breakages!
- Then change all the places where req.channelConfig was still being used
2017-08-16 11:06:30 +01:00
Hannah Wolfe
86e4b7b723 Added slug & id matching to {{#has}} helper (#8903)
refs #8901

- Adds support for

```
{{#has slug="welcome"}}
{{#has slug=../../slug}}
{{#has id=post.id}}
```
2017-08-15 16:25:06 +01:00
Hannah Wolfe
6ee9bb491c Added number & index matching to {{#has}} helper (#8902)
refs #8901

- Adds support for:

    ```
    {{#has number="3"}} // A single number
    {{#has number="3, 6, 9"}} // list the numbers you want to match against
    {{#has number="nth:3"}} // special syntax for nth item
    ```

    And

    ```
    {{#has index="3"}} // A single number
    {{#has index="3, 6, 9"}} // list the numbers you want to match against
    {{#has index="nth:3"}} // special syntax for nth item
    ```
2017-08-15 16:00:17 +01:00
Kevin Ansfield
d064eda229 Add configuration/private endpoint and settings for Unsplash (#8895)
refs #8859

- adds new `configuration/private` endpoint for exposing config that should not be accessible without authentication
- adds `unsplashAPI` to private config
- adds empty `unsplash` config to default settings
2017-08-15 15:59:16 +01:00
Hannah Wolfe
b6b299a8f7 Used ghost-ignition.debug, removed debug dep (#8881)
no issue

- Upgraded ghost-ignition
- Use debug from ghost-ignition everywhere in the code base
- Remove debug dependency
- Fixed random typo in Gruntfile.js
2017-08-15 18:29:27 +07:00
Hannah Wolfe
cafabff89e 🐛 Fixed duplicate subdirs in plaintext (#8882)
fixes #8845

- We had a report of weird URLS being output in admin stories view
- This is due to plaintext being incorrectly generated
- In order for a URL to be correct, it would need to already contain the subdirectory
- This line in the post model adds it as well, causing a duplicate
- Hence removing this line is the fix
2017-08-15 11:31:22 +01:00
Hannah Wolfe
512808e8b4 🐛 Added 409 UpdateCollisionError for the editor (#8899)
fixes #8898

- This is a user error, not a system error
- Downgrading to a 4xx status code means it doesn't appear in logs where it shouldn't
- We didn't have a suitable error available so I added UpdateCollisionError with 409 status
2017-08-15 12:06:40 +02:00
Hannah Wolfe
852155075f 🐛 Added 409 DisabledFeatureError for labs features (#8890)
fixes #8889

- This is a user error, not a system error
- Downgrading to a 4xx status code means it doesn't appear in logs where it shouldn't
- We didn't have a suitable error available so I added DisabledFeatureError with 409 status
- Ref: https://stackoverflow.com/questions/36874263/expected-http-status-code-for-an-action-on-a-disabled-resource
- Also tweaked the error message slightly as it didn't read clearly to me
2017-08-15 10:50:36 +02:00
Hannah Wolfe
bd41dba35b 🦄 Channels: Stored config in res.locals not req (#8884)
refs #5091

- This tiny refactor opens the door for using channel config inside of helpers
- This means that ghost_head, and the next_post/prev_post helpers can be context aware
2017-08-14 10:21:24 +07:00
Hannah Wolfe
137b8bf973 Optimised usage of debug (#8874)
no issue

- Reduced debug calls down for redirects
- Added start/end debug for custom redirect loading
- Removed duplicate request debug logs
2017-08-11 00:23:49 +02:00
Katharina Irrgang
e930b12e6c Be able to define a custom Update Check endpoint (#8870)
no issue

- helps developing
2017-08-10 15:01:51 +01:00
Hannah Wolfe
4474ca1a1d 🐛 Fixed Infinite 404s for images (#8869)
refs #8868

- Improve the error returned from local file store
- Use the new code to differentiate between static & non-static errors
2017-08-10 15:31:52 +02:00
Hannah Wolfe
1cc4be8010 🦄 Channels: make RSS & Pagination configurable (#8857)
refs #5091

- occurred to me whilst documenting the custom homepage config, that RSS and pagination
need to be optional
- added a very quick if statement & tests
- needs further refactoring & test improvements
- this will not disable the RSS url output in meta data yet 😔
2017-08-10 11:12:09 +02:00
Hannah Wolfe
147ec91162 🎨 Switched to 404 error in image size utility (#8862)
refs #8850

- This reduces the amount of noise from the image size utility.
2017-08-09 19:24:28 +02:00
Hannah Wolfe
d9b97c2a92 🛠 Moved 404 requests from error log to access log (#8850)
no issue

- 404 errors clutter up the log files and stdout when developing
- We don't really need these as more than a single line, like other requests
- This is how it worked in LTS
- This is also more consistent with other software (e.g. nginx)
2017-08-08 12:48:10 +02:00
Hannah Wolfe
2e8a8ad88a 🐛 Fixed meta on subscribe page if labs not enabled (#8848)
refs #8597

- Only set the subscribe context if the labs flag is set
- Committed at 38000ft
2017-08-08 09:45:37 +02:00
Hannah Wolfe
dbd7060e69 🦄 Added /edit/ redirect to admin for post previews (#8836)
no issue

- This already works for posts and channels
- It always felt like a bug that it didn't work for previews
- Now it does 😬
2017-08-08 09:32:55 +02:00
Aileen Nowak
cfbb7f6c6b Facebook and Twitter data per post feature (#8827)
closes #8334

- adds title, image and description to structured data to be rendered as open graph and twitter data.
- if meta title and description for a post exists already, the custom structured data will overwrite those for `og:` and `twitter:` data. `JSON-LD` (Schema.org`) is not affected and will stay the same.
- adds tests
- adds new og and twitter fields to schema incl. migration
2017-08-03 15:48:39 +04:00
Sam Wilskey
d73133d74b 🐛 Fixed keeping user inactive during user import (#8738)
closes #8651

- inactive users are suspended users or the owner user on blog setup
- added a check to see if user is inactive in import
- passes all tests
2017-08-03 13:21:37 +04:00
Hannah Wolfe
0c54541b4d 🐛 Fixed error in error template hiding errors (#8832)
closes #8808

Problem:
- In certain cases, particularly in production mode, errors would be hidden
- E.g. fatal theme errors could not be seen, users instead saw "Failed to lookup view 'error' in views directory"
- This is extremely unhelpful, particularly for people upgrading from 1.0.0 or 1.0.1 where the disqus rule was added
afterwards and modified casper would error
Solution:
- Ensure that we properly setup handlebars when we throw an error
- If engines is not set, set all the view engine related properties
2017-08-03 13:12:16 +04:00
Hannah Wolfe
60de57163e 🐛 Fixed user images not being imported properly (#8834)
closes #8833

- Don't re-run gravatar check when importing users
2017-08-03 12:59:05 +04:00
Hannah Wolfe
f5443f8812 🐛 Fixed link that appears in update notification (#8830)
refs #8825

- The link was pointing to an install page, which had also moved
- Updated to point to the upgrade page
2017-08-03 11:32:35 +04:00
Aileen Nowak
a63c26a82b 🐛 Fixed custom post excerpt length (#8826)
closes #8823

- if a custom post excerpt is set, the default max length of 50 was used, which was wrong
- adds more tests
2017-08-02 15:09:12 +04:00
Katharina Irrgang
2f866a99f6 🐛 Fixed global and post code injection output (#8824)
no issue

- if a custom post code injection is defined, we output both
2017-08-02 15:06:51 +04:00
Katharina Irrgang
8f39d6cb5f Code Injection per Post feature (#8820)
no issue

- add 1.4 database migration to add two new fields to the database (use type text, because of max row size)
- handle global code injection vs. post code injection
- add tests
2017-08-02 13:38:19 +04:00
Hannah Wolfe
aa7f3dd5fd 🐛 Fixed pagination w/ letters duplicating content (#8796)
refs #8700

- if you used a url e.g. /page/2abc/ ghost would interpret the 2 as /page/2/
- these urls should have returned 404, but instead were responding correctly
- this effectively creates duplicate pages
- added a test, but needed a dirty hack to get it to work 😞
- TODO: update casper fixture and use it in channel tests!
2017-08-02 12:25:41 +04:00
Katharina Irrgang
c9e3f8b180 🐛 Fix ghost update with migrations (#8810)
no issue

- if you backup your database and you are in the middle of a transaction, the transaction was not fully forwarded
- we were running into a pool error in knex
2017-08-01 17:27:13 +04:00
Kevin Ansfield
4da94a287f 📝 Correct typos in default welcome posts (#8807)
closes #8806
- `omellete` -> `omelette`
- `sleak` -> `sleek`
2017-08-01 13:04:08 +04:00
Katharina Irrgang
7845617607 Custom Post Excerpt Feature (#8792)
closes #8793

- 1.3 post excerpt migration
  - add 1.3 migration to add `excerpt` to post schema

NOTE:
    - knex-migrator relies on the package.json safe version
    - so right now Ghost is on 1.2
    - the migration script is for 1.3
    - if you pull down the PR (or if we merge this PR into master), you have to run `knex-migrator migrate --v 1.3 --force`
    - knex-migrator will tell you what you have todo

- Bump dependencies
  - knex-migrator@2.1.3
- Soft limit for custom_excerpt
- Extended {{excerpt}} to use custom excerpt
   - when a `custom_excerpt` field exists, the `{{excerpt}}` helper will output this and fall back to autogenerated excerpt if not.
- Refactored behaviour of (meta) description
   - html tag `<meta name="description" />` for posts, tags and author doesn't get rendered if not provided.
        - fallback for `author.bio` removed
        - fallback for `tag.description` removed
   - structured data and schema.org for `post` context takes the following order to render description fields:
        1. custom excerpt
        2. meta description
        3. automated excerpt (50 words)
    - updated and added tests to reflect the changes
2017-08-01 12:39:34 +04:00
Grant Winney
d8fb7ce7f6 🐛 Fixed wrong min-width publication icon validation
closes #8797 

Changed the min-width for publication icon validation to allow icon greater or equal to 60px, rather than greater only.
2017-08-01 12:20:23 +04:00
Aileen Nowak
7ed706d653 ↙️ Minified CSS in AMP default template
closes #7314

Minified the CSS in the default `amp.hbs` template.
2017-07-31 16:24:03 +04:00
Katharina Irrgang
b003a6c173 🐛 fix transfer ownership (#8784)
closes #8781

- when the ownership get's transferred, the id of the new owner is not '1' anymore
- we previously added a database rule, which signalises if the blog is setup or not, see 827aa15757 (diff-7a2fe80302d7d6bf67f97cdccef1f71fR542)
- this database rule is based on the owner id being '1', which is wrong when you transfer ownership
- we should keep in mind, that the owner id being '1' is only the default Ghost setup, but it can change
- blog is setup if the owner is locked
2017-07-31 13:37:37 +04:00
John O'Nolan
0b5de14900 🎨 Improved SEO meta titles for paginated archives (#8785)
closes #8575
2017-07-31 13:13:06 +04:00
Hannah Wolfe
353e11dafb Primary tag (#8669)
refs #8668

- return primary tag from Post API
- support primary tag in URL
2017-07-31 13:00:03 +04:00
John O'Nolan
4333604480 Fix fixture typo 2017-07-31 12:43:58 +04:00
Austin Burdine
65d219c29a 🐛 🔗 resolve symlinks before building zip (#8780)
closes #8778

- if folderToZip is a symlink, find the target using fs.realPathSync so we zip the right thing
- add a test
2017-07-31 11:48:00 +04:00
Hannah Wolfe
301696632f 🛠 🙈 Rename ghost-url.js to ghost-sdk.js (#8767)
closes #8605

- This file has already been moved, might as well get the rename out of the way
- Especially as we don't migrate clients - everyone will now need to make just one change
2017-07-28 18:23:32 +04:00
Katharina Irrgang
3462f07f58 🎨 take the latest attached role when importing (#8765)
refs #8756

- there was a bug in one of the last LTS releases, which produced duplicated attached roles to users
- we want to prevent that on import and take the latest created based on the autoincrement id
2017-07-27 13:25:01 +04:00
Katharina Irrgang
948c279f60 🔥 fromaddress support (#8753)
refs #8748

- please use `from`
- documentation was already updated
2017-07-27 12:27:38 +04:00
John O'Nolan
0698be503a Site description fixture update (#8763)
No issue
2017-07-27 12:26:31 +04:00
Kevin Ansfield
57ffa4571c 🐛 fix "unbalanced tag" errors on save/import (#8759)
refs https://github.com/TryGhost/Ghost/issues/8757

- remove mobiledoc parsing, it's reliance on SimpleDom makes it too
fragile when dealing with the unconstrained user-entered HTML that is
allowed in markdown
2017-07-27 12:10:15 +04:00
Katharina Irrgang
ce3830f8a9 🚓 disqus comments (#8762)
closes #8760

- we have to remember the old post id's when migrating a blog from LTS to 1.0
- otherwise we would break disqus comments, because they rely on the post id
- this should fix the discovered situation
2017-07-27 11:55:23 +04:00
Kevin Ansfield
4f994a1a17 🐛 fix incorrect rendering of non-closing tags (eg. <br></br>) (#8749)
closes https://github.com/TryGhost/Ghost/issues/8743

- the serializer in our mobiledoc renderer didn't have the list of non-closing HTML tags passed in which meant that tags such as `<br>` in the markdown HTML output were being re-serialized to `<br></br>` which is invalid HTML which (at least Chrome) then attempts to fix by rendering it as `<br><br>` instead
- the elements with incorrect rendering that may result in unwanted "fixing" by browsers are `AREA`, `BASE`, `BR`, `COL`, `COMMAND`, `EMBED`, `HR`, `IMG`, `INPUT`, `KEYGEN`, `LINK`, `META`, `PARAM`, `SOURCE`, `TRACK`, and `WBR`
2017-07-25 15:50:33 +04:00
Katharina Irrgang
5ff7574324 🐛 user was not imported, but the importer tries to correct the reference (#8722)
no issue

- this is usually an edge case, but i investigated because i thought that the importer is broken
- the importer logic is build like this:
   - it creates a transaction
   - this transactions runs through:
      - beforeImport
      - doImport
      - afterImport
   - afterImport corrects user references and if a user could not be imported, we have to protect that
       NOTE: we could create two transactions to be more correct, but building this had no priority because of edge cases only
             having two transactions would solve: you first add the data (error or success), then you correct the data
   - usually a user can be always imported (!), but there are a few edge cases (e.g. multiple roles attached)
2017-07-21 09:59:18 +01:00
Katharina Irrgang
d6aaf2dbc7 🎨 do not run model listeners on import (#8720)
no issue

- if you upload a huge import file, parallel operations can throw errors e.g. lock wait exceeds
- this can happen if multiple transactions run in parallel
- there is no need to run:
  1. the removal of active tokens on import, because imported users have no active session
  2. rescheduling logic on timezone, because importing scheduled posts works out of the box via the model layer (if a published date is detected and it's in the future, the post get's scheduled)
2017-07-21 09:58:58 +01:00
Katharina Irrgang
60558a776f 🐛 be able to serve locked users (#8711)
closes #8645, closes #8710

- locked users were once part of the category "active users", but were moved to the inactive category
  -> we have added a protection of not being able to edit yourself when you are either suspended or locked
- but they are not really active users, they are restricted, because they have no access to the admin panel
- support three categories: active, inactive, restricted

* - revert restricted states
- instead, update permission layer: fallback to `all` by default, because you are able to serve any user status
- add more tests

- ATTENTION: there is a behaviour change, that a blog owner's author page can be served before setting up the blog, see conversation on slack
   -> LTS serves 404
   -> 1.0 would serve 200
2017-07-20 12:45:13 +01:00
Katharina Irrgang
59d7302da5 🐛 import invalid dates (#8712)
closes #8703, closes #8015

- add sanitize fn to importer
- check wether an imported date is a valid date
- if not, print a warning
2017-07-20 11:24:23 +01:00
Katharina Irrgang
90fc7a6c06 🐛 respect owner user id references when importing (#8693)
closes #8691 

There was a condition added when i've refactored the importer.

> if (models.User.isOwnerUser(obj[key])) {

This condition is absolutely wrong! If you import an owner user, this owner user get's imported as administrator. But the original owner user id reference must be updated as well, so that the reference points to the new administrator id ✌🏻
2017-07-20 11:11:56 +01:00
kirrg001
91f36fc241 🐛 invite existing users
refs #8692

- protect invite endpoint
2017-07-18 18:24:36 +01:00
kirrg001
d4c74e74c4 🐛 fix unknown user id on deactivated event
no issue

- if you delete an active user, Ghost logs an error message (Ghost does not crash!)
- but the event logic is not triggered, that means we don't delete the users tokens
- token deletion happens on: suspend a user and delete a user
2017-07-18 18:20:10 +01:00
kirrg001
522bd02224 🎨 Optimise permissble function in user model
no issue

- if you destroy a user with an unknown user id, Ghost would crash
- because `userModel.hasRole` is undefined

- there is actually a bigger underlying architectual problem:
   - the permission check should rely on an existing user
   - so there should be a first api layer, which 1. validates (this code exists) and 2. ensures that requested database id's exist
   - but this requires a bigger refactoring
2017-07-18 18:20:10 +01:00
Katharina Irrgang
35f12273ee 🔥 remove beta mentioning's (#8673)
no issue

- preparation for rc.1
2017-07-11 14:05:55 +01:00
Katharina Irrgang
e54d959289 🎨 transform console.log into logging (#8671)
closes #8361

- the console.log are not appearing in the logs
- fix jscs
- remove chalk.green from ghost server
2017-07-11 09:00:07 +01:00
John O'Nolan
cb2f754472 Update welcome post fixture (#8672)
Closes #8620

Info about how to delete the default Ghost user and all of the welcome posts along with it
2017-07-10 20:38:03 +07:00
Hannah Wolfe
6a45ca2605 🐛 Honour labs defaults on import (#8667)
closes #8601

- This makes sure that when you do an import, you still get the LATEST
  default settings for labs. Even if you had a different value before.
- LTS -> 1.0 is an upgrade, and Public API should be on by default, even if you
  had deliberately turned it off before.
- Cheeky test added
2017-07-09 14:31:53 +02:00
Aileen Nowak
c49e840fc6 🐛 Update amp.hbs image helper and meta (#8659)
no issue

Seems like we forgot to update the AMP template to reflect our image helper changes.

- Replaces `{{image}}` helper with `{{img_url}}` for `feature_image`
- Removes `{{meta_description}}` helper
2017-07-06 10:23:50 +02:00
Aileen Nowak
827aa15757 Add new fixture Ghost Author (#8638)
refs #8620

Adds a new Ghost Author user, which is the author of the new welcome blog posts. The user is set to active, so the author slug works (otherwise it would render a 404, when user is suspended). Furthermore, there's one little fix in the user model, which was checking only for `active` user to decide the signup or setup process for the UI. Adding one more conditional to check if the found active user is also the owner, prevents to get redirected to sign in.
2017-07-06 00:18:27 +02:00
Patrick Kim
83345d706f 🐛 Fix custom robots.txt via template directory. (#8648)
no issue

- serving a custom robots.txt from the active theme didn't work anymore
- re-ordering the blog middleware solves it
- see http://themes.ghost.org/docs/templates#section-robots-txt
2017-07-06 00:14:35 +02:00
Austin Burdine
49c8277390 fix(config): cleanup absolute path config function (#8641)
refs https://github.com/TryGhost/Ghost-CLI/issues/228

- don't try to reinvent path.isAbsolute
2017-07-06 00:04:18 +02:00
Aileen Nowak
dc25c06b31 🙈 Remove url from default production config (#8644)
closes #8619

Removes the `url` property from `config.production.json` as it's not needed and causes confusing errors.
2017-07-05 23:02:49 +02:00
Patrick Kim
c2e47f89ba 🐛 Modify regex to allow subdir/ghost urls. (#8627)
no issue

- redirect admin url's if Ghost uses a subdirectory
- fixes a bug where reset password and invite links do not route to the right destination
2017-06-27 09:08:59 +02:00
Hannah Wolfe
117aeaa61d Pass clientExtensions to Ghost Admin (#8617)
no issue

- pass through this additional config if it exists
2017-06-22 20:45:35 +02:00
Hannah Wolfe
2058127dc5 Enable Public API by default (#8600)
closes #8601 

- this doesn't take the feature out of beta, but does enable it by default
- no need to enable the public api in the test anymore
- because public api is enabled by default
2017-06-20 10:10:49 +07:00
Aileen Nowak
c3dbd0e56b 🐛 Remove trailing slash for {{@blog.url}} (#8596)
closes #8569

- remove the trailing slash for `{{@blog.url}}` data in theme middleware
2017-06-19 16:11:53 +02:00
Aileen Nowak
35bd0aeb60 🐛 Fix error message for login when password wrong (#8594)
closes #8565

- isPasswordCorrect fn returns a specific error, which we simply forward
- no need to wrap a custom error into a new custom error
- the rule is always: if you are using a Ghost unit/function, you can expect that this unit returns a custom error
2017-06-19 10:37:58 +02:00
David Wolfe
bc301463c7 Fix sitemap for author permalink (#8585)
refs #8494
- include author in postgenerator for sitemap
2017-06-15 18:25:18 +01:00
Kevin Ansfield
88ba07f657 📖 shorten mail config docs links (#8592)
no issue
- URL on docs.ghost.org has been shortened for more readable display in
errors
2017-06-15 18:04:48 +01:00
Aileen Nowak
5bc5eca315 🐛 Fix double slash in scheduling API URL (#8574)
closes #8568

- use our `urlJoin` util to concatenate the URL (not the query part of it, as this is not supported in `urlJoin`) and to prevent possible missing or double slashes, as `config.apiUrl` could be with or without trailing slash
2017-06-14 16:26:28 +02:00
Aileen Nowak
57f8367cdf 🐛 Add published_at to post model fixtures (#8573)
closes #8562
- before we create our model fixtures, we assign a `published_at` property with a difference of 1 second for each blog post, so the `prev_post` and `next_post` helpers work correctly
2017-06-13 10:27:42 +01:00
Katharina Irrgang
f5ef8dbb52 📖 replace any support.ghost.org link (#8555)
refs #7421
2017-06-08 20:34:20 +01:00
Katharina Irrgang
ce7d731d8f 📖 Update Ghost bootstrap logs (#8531)
refs #7421

Change Alpha wording to beta wording for the bootstrap logs.
2017-06-08 20:32:55 +01:00
Kevin Ansfield
f675a962cf 📖 new default post content (#8548)
closes #8542
- updates default post fixtures
- adds default logo and cover images to settings fixtures
- update tests due to coupling to dev/prod fixtures
2017-06-08 16:36:14 +01:00
Katharina Irrgang
d6d343865b 🎨 show clearer error for wrong content path (#8535)
no issue
2017-06-07 16:31:01 +07:00
Katharina Irrgang
216db60e74 🔥 config: remove print error stack option (#8528)
no issue

Stack printing was removed for now.
The config options weren't cleaned up correctly.
2017-06-07 15:02:19 +07:00
Hannah Wolfe
3996b5debb 🐷 💄 Tiny theme-related improvements (#8532)
refs #8530

- display theme name for non-fatal errors
- minor wording tweak
- remove duplicate lodash require
- use the shiny new calculated property syntax
2017-06-06 13:33:18 +02:00
kirrg001
8680099765 🎨 gscan 1.1.0 & optimisations
refs #8222

- differentiate between errors and fatal errors
- use gscan errors in theme middleware
- Adds a new `error()` method to `currentActiveTheme` constructor which will return the errors we receive from gscan
- In middleware, if a theme couldn't be activated because it's invalid, we'll fetch the erros and send them to our error handler. We also use a new property `hideStack` to control, if the stack (in dev mode and if available) should be shown or the gscan errors (in prod mode, or in dev if no stack error)
- In our error handler we use this conditional to send a new property `gscan` to our error theme
- In `error.hbs` we'll iterate through possible `gscan` error objects and render them.
- remove stack printing
- stack for theme developers in development mode doesn't make sense
- stack in production doesn't make sense
- the stack is usually hard to read
- if you are developer you can read the error stack on the server log
- utils.packages: transform native error into Ghost error
- use `onlyFatalErrors` for gscan format and differeniate fatal errors vo.2
- optimise bootstrap error handling
- transform theme is missing into an error
- add new translation key
- show html tags for error.hbs template: rule
2017-06-06 13:07:50 +07:00
Katharina Irrgang
a61e6e7cc2 🐛 fix settings cache (#8506)
closes #8505

- cache.get(..) auto converted "1" to integer
2017-06-04 17:52:22 +07:00
David Wolfe
b081ae34b5 🎨 Support LTS imports (#8498)
refs #8141

- update importer for LTS fields
- optimise for LTS export fixtures
- add image/language test for LTS import
- ensure post image is mapped to feature_image
- create mobiledoc values from markdown and html
- if mobiledoc is null, use markdown or html to create a mobiledoc markdown card
- update import mapping to use locale
- defaultLang in settings now maps to default_locale
- language for post and user models now maps to locale
- posts are not always loaded in correct same order so we select the posts we want to validate
- ensure if mobiledoc field is not in export we can still import from markdown
- map last_login to last_seen
- for users the importer maps last_login to last_seen
- add warning for legacyActiveTheme
- for export with old activeTheme key provide a warning that theme is not installed
- add importer test for LTS user long email
- add a test for LTS export where email address could be longer than alpha
- fix for importer date tests on mysql
- use valueOf in moment to compare times stored in different formats
- ignore warnings for not found settings in import
- use a flag to ignore NotFound Entries for settings during import
2017-06-04 11:53:00 +02:00
Katharina Irrgang
9023ff0b68 😝 replace removeSync by sync (#8513)
refs #8510

- nothing to see here!
2017-06-01 19:11:50 +07:00
kirrg001
78ac63d8ad 🎨 add cache control configurations into the default config
refs #7488

- cache control can be overridden if needed
2017-05-31 16:12:11 +01:00
kirrg001
e3ef3103a1 🎨 internalApps -> apps.internal
refs #7488

- simply rename the config usage
- we might want to add `apps.external` later
2017-05-31 16:12:11 +01:00
Katharina Irrgang
18b71f32b1 🎨 rename language to locale and use en as default locale (#8490)
no issue
- this PR references indirecty to https://github.com/TryGhost/Ghost/pull/8437
- i would like to have the settings change already in place before we release the beta
- the i18n feature is able to change the locale of Ghost
- most i18n libraries use locale
- adding/changing settings doesn't require a migration file, but it can make the database a bit messy (because you can end up with default_locale and lang)
- furthermore we agreed that the default locale for Ghost should be simply `en`, not `en_US` or `en_GB`
2017-05-31 16:05:49 +01:00
Kevin Ansfield
85496f409a 🔥 remove posts.markdown field (#8497)
closes #8479

- removes `markdown` field from schema
- removes `legacyMarkdown` converter
- updates tests to work with `mobiledoc` field instead of `markdown` and adapt for mobiledoc HTML output where necessary
2017-05-31 16:46:29 +02:00
Hannah Wolfe
3e60941054 Add ?formats param to Posts API (#8305)
refs #8275
- Adds support for `formats` param
- Returns `html` by default
- Can optionally return other formats by providing a comma-separated list
2017-05-30 11:40:39 +01:00
Katharina Irrgang
25c4e5025a 🔥 revert: force admin url redirect (#8493)
refs #8152
- as long as OAuth is disabled, we can revert the url redirection (see comment)
- the redirect only happens if you configure a specific `admin.url`
- add another test case, which was missing
2017-05-30 10:19:14 +01:00
John O'Nolan
476caa5c2f 🎨 Update fixtures: Ghost owner (#8460)
no issue

- use a better name for default user pre-setup
- make it clear that this email address is an example, not real
2017-05-29 19:25:19 +02:00
Katharina Irrgang
925d72198c 🐛 Ensure post tags sort order is correct when importing (#8481)
refs #6967, refs #5422

- imports posts tags by post id and sort order
- test: fix order problem (sqlite)
2017-05-23 19:12:08 +01:00
Katharina Irrgang
1f37ff6053 🎨 refactor the importer (#8473)
refs #5422

- we can support null titles after this PR if we want
- user model: fix getAuthorRole
- user model: support adding roles by name
- we support this for roles as well, this makes it easier when importing related user roles (because usually roles already exists in the database and the related id's are wrong e.g. roles_users)
- base model: support for null created_at or updated_at values
- post or tag slugs are always safe strings
- enable an import of a null slug, no need to crash or to cover this on import layer
- add new DataImporter logic
    - uses a class inheritance mechanism to achieve an easier readability and maintenance
    - schema validation (happens on model layer) was ignored
    - allow to import unknown user id's (see https://github.com/TryGhost/Ghost/issues/8365)
    - most of the duplication handling happens on model layer (we can use the power of unique fields and errors from the database)
- the import is splitted into three steps:
  - beforeImport
    --> prepares the data to import, sorts out relations (roles, tags), detects fields (for LTS)
  - doImport
    --> does the actual import
  - afterImport
    --> updates the data after successful import e.g. update all user reference fields e.g. published_by (compares the imported data with the current state of the database)
- import images: markdown can be null
- show error message when json handler can't parse file
- do not request gravatar if email is null
- return problems/warnings after successful import
- optimise warnings in importer
- do not return warnings for role duplications, no helpful information
- error handler: return context information of error
- we show the affected json entries as one line in the UI
- show warning for: detected duplicated tag
- schema validation: fix valueMustBeBoolean translation
- remove context property from json parse error
2017-05-23 17:18:13 +01:00
Ryan McCarvill
957f51e677 🐝 Allow unbalanced HTML in markdown card. (#8320)
no issue

The simpledom interpreter that the Mobiledoc DOM renderer uses does not allow for unbalanced or incorrect HTML such as that which is entered by a user.

This PR adds a step where the HTML is sanitised and balanced before being passed to simpledom.

- use latest jsdom (+pin version), update yarn.lock, add comments
- don't use node-4 incompatible shorthand method definition
- grab <body> content rather than document content
- update markdown card specs to match markdown-it behaviour
- revert to jsdom 9.12.0 for node 4.x support, close window to free memory
- moved 3rd party libs into render function
2017-05-23 16:15:32 +02:00
Katharina Irrgang
b22151ac92 🎨 do not ping slack if we import content (#8476)
closes #7275

- forward options for events (post model only for now)
2017-05-22 17:24:59 +09:00
Aileen Nowak
c7bbaffec3 ️ Throw clear error message when config.url has no protocol (#8466)
closes #8449

- throw a more clear error message
2017-05-21 18:00:11 +02:00
Kevin Ansfield
5d868d14ad replace custom showdown fork with markdown-it (#8451)
refs https://github.com/TryGhost/Ghost-Admin/pull/690, closes #1501, closes #2093, closes #4592, closes #4627, closes #4659, closes #5039, closes #5237, closes #5587, closes #5625, closes #5632, closes #5822, closes #5939, closes #6840, closes #7183, closes #7536

- replace custom showdown fork with markdown-it
- swaps showdown for markdown-it when rendering markdown
- match existing header ID behaviour
- allow headers without a space after the #s
- add duplicate header ID handling
- remove legacy markdown spec
- move markdown-it setup into markdown-converter util
- update mobiledoc specs to match markdown-it newline behaviour
- update data-generator HTML to match markdown-it newline behaviour
- fix Post "converts html to plaintext" test
- update rss spec to match markdown-it newline behaviour
- close almost all related showdown bugs
2017-05-15 18:48:14 +02:00
Aileen Nowak
3bae41ccff 🎨 Use svg icons in default templates (#8343)
refs #8107

- replace icon fonts in server side rendered default templates with svgs
2017-05-15 13:43:58 +02:00
Rei
e066094044 🐛 https image urls if accessed over SSL (#8373)
closes #8372

- https image urls if accessed over SSL (fix secure option for images)
2017-05-15 13:09:48 +02:00
Aileen Nowak
1b965fab95 🎨 Move scheduling and storage in adapters/ (#8435)
no issue

Move `core/server/scheduling` to `core/server/adapters/scheduling` and
`core/server/storage` to `core/server/adapters/storage`
2017-05-15 12:52:01 +02:00
Katharina Irrgang
9bea2077cf 🐛 ensure import of scheduled posts works (#8454)
closes #8354

- i thought about transforming scheduled posts into drafts on export, but this has two disadvantages:
  1. existing exports with scheduled posts won't import
  2. if you schedule a post for next week and you export/import earlier, the post is back to draft
- by this we ensure that we can simply import the post back to a scheduled post
- if the published_at is already in the past, the scheduler will care and instantly publish the post
2017-05-12 15:11:52 +02:00
Katharina Irrgang
524cc4c343 🐛 escape blog title for mail header (#8453)
closes #8436

- this is how the from field looks like "blog title <owner@blog.com>"
- so if you set your blog title with double quotes, it throws a syntax error from the smtp library
2017-05-12 15:09:45 +02:00
Katharina Irrgang
37e28cb6ef 🐛 fix updated_at is null (#8434)
closes #8426

- if you import posts with updated_at=null, you are not able to save this post anymore
- i am not sure how this is even possible, but maybe there is a case where updated_at can be null
2017-05-12 12:36:26 +01:00
Kevin Ansfield
c71cf643e2 update default post to use a single markdown card (#8448)
no issue

- now that we've switched to using a SimpleMDE based editor in Ghost-Admin the default post needs to match the expected single-markdown-card format
2017-05-12 10:08:45 +02:00
Katharina Irrgang
7549473a86 🚑 Disable remote authentication (#8346)
closes #8342
- extend auth validation to deny auth type "ghost" for now
- skip some tests
2017-04-24 18:56:49 +01:00
Katharina Irrgang
2300219016 🎨 optimise error handling (#8378)
no issue
- if you start Ghost and you theme is invalid, you only get a warning, but no reason
- furthermore, if any error is thrown in Ghost, which is not a custom Ignition error, we take care that the error message to inherit from shows up
2017-04-24 18:46:10 +01:00
Katharina Irrgang
4e2474a018 🎨 settings inconsistency (#8381)
no issue
- replace camelCase settings keys with underscore_case for consistency
- discussed here https://github.com/TryGhost/Ghost-Admin/pull/661#discussion_r112939982
2017-04-24 18:41:00 +01:00
Katharina Irrgang
76bd4fdef6 🙀 Image field naming & new img_url helper (#8364)
* 🙀  change database schema for images
    - rename user/post/tag images
    - contains all the required changes from the schema change

* Refactor helper/meta data
    - rename cover to cover_image
    - also rename default settings to match the pattern
    - rename image to profile_image for user
    - rename image to feature_image for tags/posts

* {{image}} >>> {{img_url}}
    - rename
    - change the functionality
    - attr is required
    - e.g. {{img_url feature_image}}

* gscan 1.0.0
    - update yarn.lock

* Update casper reference: 1.0-changes
    - see 5487b4da8d
2017-04-24 18:21:47 +01:00
Katharina Irrgang
c93f03b87e post update collision detection (#8328) (#8362)
closes #5599

If two users edit the same post, it can happen that they override each others content or post settings. With this change this won't happen anymore.

 Update collision for posts
- add a new bookshelf plugin to detect these changes
- use the `changed` object of bookshelf -> we don't have to create our own diff
- compare client and server updated_at field
- run editing posts in a transaction (see comments in code base)

🙀  update collision for tags
- `updateTags` for adding posts on `onCreated` - happens after the post was inserted
   --> it's "okay" to attach the tags afterwards on insert
   --> there is no need to add collision for inserting data
   --> it's very hard to move the updateTags call to `onCreating`, because the `updateTags` function queries the database to look up the affected post
- `updateTags` while editing posts on `onSaving` - all operations run in a transactions and are rolled back if something get's rejected

- Post model edit: if we push a transaction from outside, take this one

  introduce options.forUpdate
- if two queries happening in a transaction we have to signalise knex/mysql that we select for an update
- otherwise the following case happens:
  >> you fetch posts for an update
  >> a user requests comes in and updates the post (e.g. sets title to "X")
  >> you update the fetched posts, title would get overriden to the old one

use options.forUpdate and protect internal post updates: model listeners
- use a transaction for listener updates
- signalise forUpdate
- write a complex test

use options.forUpdate and protect internal post updates: scheduling
- publish endpoint runs in a transaction
- add complex test
- @TODO: right now scheduling api uses posts api, therefor we had to extend the options for api's
  >> allowed to pass transactions through it
  >> but these are only allowed if defined from outside {opts: [...]}
  >> so i think this is fine and not dirty
  >> will wait for opinions
  >> alternatively we have to re-write the scheduling endpoint to use the models directly
2017-04-19 14:53:23 +01:00
Aileen Nowak
482ea12a08 🎨 New default favicon.ico (#8351)
no issue

- new default `favicon.ico`
- design has changed
2017-04-19 11:03:38 +02:00
Katharina Irrgang
f2fd075075 🎨 fix previos/current date comparison (isEqual in bookshelf) (#8357)
no issue

- client dates are sent as ISO format (moment(..).format())
- server dates are in JS Date format
  >> when bookshelf fetches data from the database, all dates are transformed into JS dates
  >> see `parse` helper function
- Bookshelf updates the model with the client data via Bookshelf's `set` function
- therefor Bookshelf uses a simple `isEqual` function from lodash to detect changes
- .previous(attr) and .get(attr) return false
- that has the concequence that dates are always marked as "changed"
- internally we use our `hasDateChanged` if we have to compare previous/updated dates
- but Bookshelf is not in our control for this case
2017-04-19 10:59:09 +02:00
Katharina Irrgang
f7393686f8 🐛 UTC offset for scheduled posts when changing timezone (#8356)
no issue

- the UTC offset diff of the current and previous timezone must switch
- i have added more tests and more example case descriptions to understand why
2017-04-19 10:26:33 +02:00
Aileen Nowak
e19e91044d 🙇 Blog icon utils and publisher.logo for JSON-LD (#8297)
refs #8221, closes #7688, refs #7558

🙇  Improve meta data publisher logo behaviour
This is a follow-up PR for #8285.

Reasons: The code changes of #8285 caused error messages when falling back to the default `favicon.ico`, as the `image-size` tool doesn't support `ico` files.

This PR takes the logic to decide which logo needs to be listed in our schema into a new fn `blog_logo.js`. There we have now three decisions:
1. If we have a publication **logo**, we'll take that one
2. If we have no publication logo, but an **icon** we'll use this one.
3. If we have none of the above things, we fall back to our default `favicon.ico`

Additional, we're hard coding image dimensions for whenever the logo is an `.ico` file and built and extra decision to not call `image-size` when the dimension are already given.

I will create another follow-up PR, which checks the extension type for the file and offers it as a util.

🛠  Blog icon util

refs #7688

Serve functionality around the blog icon in its own util:
- getIconDimensions -> async function that takes the filepath of on ico file and returns its dimensions
- isIcoImageType -> returns true if file has `.ico` extension
- getIconType -> returns icon-type (`x-icon` or `png`)
- getIconUrl -> returns the absolut or relativ URL for the favicon: `[subdirectory or not]favicon.[ico or png]`

📖  Get .ico sizes for meta data & logo improvement

refs #7558
refs #8221

Use the new `blogIconUtil` in meta data to fetch the dimensions of `.ico` files.

Improvements for `publisher.logo`: We're now returning a hard-coded 'faked' image dimensions value to render an `imageObject` and prevent error our schema (Google structured data). As soon as an image (`.ico` or non-`.ico`) is too large, but - in case of non-`.ico` - a square format, be set the image-dimensions to 60px width and height. This reduces the chances of getting constantly error messages from Googles' webmaster tools.

- add getIconPath util
2017-04-11 18:32:06 +02:00
Katharina Irrgang
049b6d9874 add issued_by column to access token (#8284)
closes #6626

- see https://github.com/TryGhost/Ghost/issues/6626#issuecomment-291445977
- adding this column could make our lives easier in the future
2017-04-11 13:12:14 +01:00
Aileen Nowak
a3387adb99 🐝 Add image property to rss (#8289)
refs #7688

Adds an image property to our generated rss data, which links to the favicon (has to be `.png` reg. http://www.rssboard.org/rss-2-0-1#ltimagegtSubelementOfLtchannelgt).
2017-04-11 13:54:52 +02:00
Aileen Nowak
d9d182f7ba 🎨 Blog icon improvements (#8260)
refs #7688

- blog icon error message
- change default favicon to 60px
2017-04-11 13:40:17 +02:00
Hannah Wolfe
06fc5f4508 Autofill plaintext field on save (#8304)
refs #8275

- If the HTML field has changed, update the plaintext field
- Use html-to-text to generate a plaintext version of the HTML which retains some structure
- Add a couple of tests - although there's much to do here!
2017-04-11 10:55:36 +02:00
Aileen Nowak
4ba5cc862a 🐛 Blog icon improvements (#8298)
refs #7688

- renders the correct `/favicon.ico` or `/favcicon.png` in `{{ghost_head}}`
- removes an regex issue in `serve-favicon`
2017-04-10 12:04:46 +01:00
Hannah Wolfe
a413d70313 Asset amends (#8294)
refs #8221

🔥 Remove ghost=true concept from asset url helper

 💯 Introduce CSS minification with cssnano
- add new grunt-cssnano dependency
- wire up grunt task to minify public/ghost.css

🎨 Rename minification config & hash params
- Change minifyInProduction -> hasMinFile
  - this means this asset should have a .min file available
- Change minifyAssets -> useMinFiles
  - this means that in this env we want to serve .min files if available

🎨 Update public/ghost.css to serve .min for prod
- add the new `hasMinFile` property

🎨 Move minified asset handling to asset_url util
- this logic should be in the util, not the asset helper
- updated tests

📖 Error handler always needs asset helper
- this removes the TODO and adds a more sensible comment
- we also need to update our theme documentation around error templates

🔥 Don't use asset helper in ghost head
- use getAssetUrl util instead!
- removed TODO

📖 Update proxy docs
🎨 Simplify asset helper & add tests
- this refactor is a step prior to moving this from metadata to being a url util
- needed to skip some new tests

🐛 Add missing handler for css file
2017-04-10 11:30:21 +02:00
Aileen Nowak
f0f3c2f2a7 👋🏼 Don't use ghosticon.jpg from admin assets (#8285)
refs #8221

Use our default `favicon.ico` instead of `ghosticon.jpg` which is served from the admins' assets.
Adds additionally fake image dimensions for our json-ld data to satisfy Google.
2017-04-07 14:07:47 +01:00
Aileen Nowak
83f084608f 💁🏻 Moveshared/ to server/public (#8273)
refs #8221

Instead of serving our shared assets from a `shared/` folder, we move the file, which are used server side to `server/public`.
Adds a new `config.paths` entry: `publicFilePath` and renames the middleware to serve the files to reflect the changes.
Adds `404-ghost.png` images to be used by the server side rendered default template `error.hbs`.
2017-04-07 13:21:41 +01:00
Katharina Irrgang
be5b58432b 🎨 change location of adapters (#8286)
closes #7687

- change location from content/storage or content/scheduling to content/adapters/storage or content/adapters/scheduling
- i have added a @TODO to https://github.com/TryGhost/Ghost/issues/7421 to check if both adapter types needs an update in the documentation
2017-04-07 10:53:38 +01:00
Katharina Irrgang
59a8911830 🐛 fix hasDateChanged (#8291)
no issue
- i don't know if this never worked or has worked and something changed in bookshelf
- but this fixes: saving the content (no change for published_at) of a scheduled post within the 2minutes window
- add `beforeWrite` option to hasDateChanged helper, see comment
- use previous for `beforeWrite` operations
- add a test and fix some other small issues in the scheduler tests
2017-04-06 17:49:59 +01:00
Katharina Irrgang
38fe4d2842 🐛 subscriber: sanitize email vol. 2 (#8280)
no issue


🐛  subscriber: sanitize email vol. 2
- ensure email get's sanitized for every error case

🐛  validator.isEmptyOrURL doesn't accept non strings
- otherwise it shows a weird error message in the client

  new tests for subscriber app
- routing tests

* change tests for Ghost 1.0
* it took me 15min to find this 😡
2017-04-05 22:02:16 +01:00
Katharina Irrgang
64d2a94073 🐛 fix image size timeout (#8283)
closes #8041

- destroy socket is required, see https://nodejs.org/api/http.html#http_server_settimeout_msecs_callback
- optimise error messages in general
- make timeouts configureable
2017-04-05 21:58:26 +01:00
Katharina Irrgang
1bcd25fdbf 🎨 delete all content: do not delete subscribers (#8282)
closes #7875
2017-04-05 21:57:41 +01:00
Katharina Irrgang
587ff6f026 🎨 change last_login to last_seen (#8259)
refs #8258

* 🎨  change last_login to last_seen

- rename the column
- a change in Ghost-Admin is required as well

* test utils: revert export examples

* revert line breaks
2017-04-05 20:45:55 +01:00
Hannah Wolfe
9b3c3943ef Add new plaintext field (#8276)
refs #8275

- this PR only adds the field for now, so we can merge this along with other DB changes
2017-04-05 21:28:13 +02:00
Hannah Wolfe
4b49f39e55 📖 Change the welcome to ghost fixture to be mobiledoc (#8277)
refs #8275

- this switches over the fixture to be mobiledoc based. Most of the content was to do with markdown so it has been replaced with placeholder text
- content will be replaced via #8275
2017-04-05 21:16:28 +02:00
Aileen Nowak
581ff67499 🐛 correct favicon redirects with subdirectory (#8274)
refs #7688, #8221 

Use our url util `urlFor` to ensure, the redirect includes the subdirectory, if set up.
2017-04-05 15:28:52 +01:00
Katharina Irrgang
817b8d09ca 😱 🎨 Refactor storage adapter (#8229)
refs #7687

There are four main changes in this PR:

we have outsourced the base storage adapter to npm, because for storage developers it's annoying to inherit from a script within Ghost
we hacked theme storage handling into the default local storage adapter - this was reverted, instead we have added a static theme storage here
use classes instead of prototyping
optimise the storage adapter in general - everything is explained in each commit

----

* rename local-file-store to LocalFileStorage

I would like to keep the name pattern i have used for scheduling.
If a file is a class, the file name reflects the class name.
We can discuss this, if concerns are raised.

* Transform LocalFileStorage to class and inherit from new base

- inherit from npm ghost-storage-base
- rewrite to class
- no further refactoring, happens later

* Rename core/test/unit/storage/local-file-store_spec.js -> core/test/unit/storage/LocalFileStorage_spec.js

* Fix wrong require in core/test/unit/storage/LocalFileStorage_spec.js

* remove base storage and test

- see https://github.com/kirrg001/Ghost-Storage-Base
- the test has moved to this repo as well

* Use npm ghost-storage-base in storage/index.js

* remove the concept of getStorage('themes')

This concept was added when we added themes as a feature.
Back then, we have changed the local storage adapter to support images and themes.
This has added some hacks into the local storage adapters.
We want to revert this change and add a simple static theme storage.

Will adapt the api/themes layer in the next commits.

* Revert LocalFileStorage

- revert serve
- revert delete

* add storagePath as property to LocalFileStorage

- define one property which holds the storage path
- could be considered to pass from outside, but found that not helpful, as other storage adapters do not need this property
- IMPORTANT: save has no longer a targetDir option, because this was used to pass the alternative theme storage path
- IMPORTANT: exists has now an alternative targetDir, this makes sense, because
  - you can either ask the storage exists('my-file') and it will look in the base storage path
  - or you pass a specific path where to look exists('my-file', /path/to/dir)

* LocalFileStorage: get rid of store pattern

- getUniqueFileName(THIS)
- this doesn't make sense, instances always have access to this by default

* Add static theme storage

- inherits from the local file storage, because they both operate on the file system
- IMPORTANT: added a TODO to consider a merge of themes/loader and themes/storage
- but will be definitely not part of this PR

* Use new static theme storage in api/themes

- storage functions are simplified!

* Add https://github.com/kirrg001/Ghost-Storage-Base as dependency

- tarball for now, as i am still testing
- will release if PR review get's accepted

* Adapt tests and jscs/jshint

* 🐛  fix storage.read in favicon utility

- wrong implementation of error handling

* 🎨  optimise error messages for custom storage adapter errors

* little renaming in the storage utlity

- purpose is to have access to the custom storage instance and to the custom storage class
- see next commit why

* optimise instanceof base storage

- instanceof is always tricky in javascript
- if multiple modules exist, it can happen that instanceof is false

* fix getTargetDir

- the importer uses the `targetDir` option to ensure that images land in the correct folder

* ghost-storage-base@0.0.1 package.json dependency
2017-04-05 15:10:34 +01:00
Hannah Wolfe
243b387063 Helper Proxy & single express-hbs instance (#8225)
refs #8126, #8221, #8223

 New 'Proxy' for all helper requires
- this is not currently enforced, but could be, much like apps
- the proxy object is HUGE
- changed date to use SafeString, this should have been there anyway
- use the proxy for all helpers, including those in apps 😁

 🎨 Single instance of hbs for theme + for errors
- we now have theme/engine instead of requiring express-hbs everywhere
- only error-handler still also requires express-hbs, this is so that we can render errors without extra crud
- TODO: remove the asset helper after #8126 IF it is not needed, or else remove the TODO

🎨 Cleanup visibility utils
🎨 Clean up the proxy a little bit
🚨 Unskip test as it now works!
🎨 Minor amends as per comments
2017-04-04 18:07:35 +02:00
Katharina Irrgang
d4836af18a 🐛 fix owner user slug (#8263)
closes #8067

- this is only a bug present for remote authentication
- right now the remote service does not return the name of the user
- depends on an internal PR
- force regenerating the slug on setup
- override name for signin or invite if needed
2017-04-04 14:56:04 +01:00
Katharina Irrgang
fd75fcdd36 🎨 change default auth strategy for development mode (#8252)
no issue

- we would like to switch to password strategy when developing
- this can be overridden by a custom development configuration
2017-04-04 11:55:05 +01:00
Aileen Nowak
e06547ae78 Split css server templates (#8234)
closes #8126

* Remove default template dependency on client side CSS

See Issue #8126

Adds these files under /shared
- normalizer.css
- error.css
- extracted.css (for subscribers.css and private.css)

Also makes these files available as public static content

* Remove default template dependency on client CSS

closes #8126
needs e3acd3c

This is a replacement PR of #8217 (thanks @TienSFU25 for the whole work 🤗), because these changes are needed urgently and blocking other work.

Adds a new `ghost.css` file in `/core/shared/` to be used for server side template rendering (`error.hbs`, `subscribe.hbs` and `private.hbs`).
2017-04-04 10:06:38 +01:00
Katharina Irrgang
e9438c650d 🐛 fix get helper: public api labs (#8255)
no issue
2017-04-03 17:42:50 +01:00
Hannah Wolfe
0fff91c860 🐛 Fix the config for compression (#8226)
refs #7488

- This has always been documented as top-level "compress", and yet the code references server.compress
- Should be top level
2017-04-03 10:58:07 +02:00
Kevin Ansfield
c9e0c252f0 grunt dev admin livereload (#8176)
refs https://github.com/TryGhost/Ghost/issues/8161, requires https://github.com/TryGhost/Ghost-Admin/pull/590
- adds a development-only route to the admin app that redirects to ember-cli's livereload script
- updates Gruntfile `watch` task to pass the `live-reload-base-url` param with subdirectory support
- updates Gruntfile `bgShell:client` task to filter potentially confusing output from `ember serve`
  - removes `Livereload server on http://localhost:49153`
  - removes `Serving on http://localhost:4200/`

With this and the required Ghost-Admin PR, when using `grunt dev` the admin screen will refresh any time a file is changed. It will also allow client tests to be run simultaneously by visiting http://localhost:4200/tests
2017-03-30 13:27:07 +01:00