Commit Graph

784 Commits

Author SHA1 Message Date
Thibaut Patel
c471ae11d4 Added oauth login and invitation acceptance
issue https://github.com/TryGhost/Team/issues/614

- Users who have a password can directly sign-in via oauth
- User who are logged-in get their password disabled
- Users accepting an invitation get their password disabled
- The way we disable password is by setting it to a long random password
2021-04-21 19:36:27 +02:00
Daniel Lockyer
e9b21fdbd1 Updated bson-objectid calls to match API change
refs c873899e49

- as of `bson-objectid` v2.0.0, this library exports the function
  to generate an ObjectID directly, and then you need to use `.toHexString()`
  to get the 24 character hex string - 6696f27d82
- this commit removes all uses of `.generate()` and replaces with this
  change
2021-04-21 16:23:52 +01:00
Hannah Wolfe
bf0823c9a2 Moved hbs engine into new theme engine service
- This is the beginning of splitting up the theme service into:
   - Storage components used by the API (should be a server service)
   - Theme engine & rendering components used by the frontend (this new engine service)
   - The code to activate a theme which is shared code where the API & frontend need to communicate
- This is needed because currently the frontend theme service is required and used by the API, creating tight coupling.
- In my quest to truly separate the API and frontend, this is one of many battles that needs winning
2021-04-19 20:03:30 +01:00
Kevin Ansfield
5c41c67ffc Set @labs.members to false when members_signup_acess == 'none'
refs https://github.com/TryGhost/Team/issues/579

- setting `members_signup_access` to `'none'` effectively disables all built-in members functions on the front-end so setting `@labs.members` to `false` allows themes to react accordingly
- `@labs.members` keeps backwards compatibility with pre-4.0 versions where themes were using it to toggle member-related functionality
2021-04-19 18:28:51 +01:00
Kevin Ansfield
fff6a04c54
Migrated members_allow_free_signup setting to members_signup_access (#12886)
refs https://github.com/TryGhost/Team/issues/579

Currently the members signup setting is explicitly yes/no to allowing free members signup, with the implication that when set to "no" members is still active but members have to be created via Stripe or the admin API.

This change renames the setting and changes its type to allow more than a binary option.

- migration to create/update the new setting based on the old value
  - free signup = "all", no free signup = "invite"; matches the current UI for this setting
- rename setting everywhere it's used/tested against
- modify `getAllowSelfSignup()` used to configure members packages to only return `true` when the new setting is set to `'all'` to match behaviour to the older setting
- update importer to rename the setting when importing from an older Ghost version
2021-04-19 16:36:30 +01:00
Thibaut Patel
92b96a152c Fixed the previous commit
commit 375c71fc6a
2021-04-16 18:05:13 +02:00
Thibaut Patel
375c71fc6a 🔒 Added a way to hide the secret settings once they are set
issue https://github.com/TryGhost/Team/issues/621
2021-04-16 17:05:16 +02:00
Rish
2c0d3b9b37 Added price and product models to members service
refs https://github.com/TryGhost/Team/issues/586

- Passes new Product, Stripe Price and Stripe Product models to members API service
- Allows members service to populate the tables for existing plans and products
2021-04-12 21:53:59 +05:30
Naz
b10cc5f62d Blocked webhooks when integration limit is in place
https://github.com/TryGhost/Team/issues/599

- When custom integration limit is enabled all webhooks belonging to integrations have to be disabled as well. The result is the webhook would stop working and to discover that a user would need to navigate to Admin UI (this changes is yet to come, see refed issue)
2021-04-10 00:48:46 +12:00
Naz
cb0807d07a Blocked requests from integrations when integration limit is in place
https://github.com/TryGhost/Team/issues/599

- When custom integration limit is enabled all requests from existing integrations should not be accepted. With the exception of internal integrations like backup and scheduler
2021-04-10 00:45:26 +12:00
Naz
edd0e26a78 Fixed limits realoding during soft Ghost restart
refs https://github.com/TryGhost/Team/issues/599

- This is a precursor change to tests which verify the hostSettings limits are working correctly
- Bumped limits-service version which allows for multiple calls of loadLimits on the same service instance
2021-04-10 00:08:17 +12:00
Naz
b677927322 Refactored api key auth to use async/await syntax
https://github.com/TryGhost/Team/issues/599

- Before introducing limit checks into this codebase rewrote the code to use async/await for more clarity and less nesting
2021-04-07 16:52:26 +12:00
Naz
42a3197f6d Updated dependency @tryghost/limit-service to v0.4.0
refs https://github.com/TryGhost/Team/issues/510

- This version bump includes follwing interface improvements of the limit-service package: passing in errors as a parameter to "loadLimits" and allowing for custom "currentCountQuery" method implementations per limit
2021-04-07 15:31:52 +12:00
Rish
eb2b98a087 Fixed incorrect subdomain check
refs 2e81aa17fb

Incomplete push in the last commit with missing conditional check :/
2021-03-24 23:33:49 +05:30
Rish
2e81aa17fb 🏗 Removed www subdomain from default newsletter/support address
refs https://github.com/TryGhost/Team/issues/397

The default newsletter/support email address for a site is currently setup as noreply@DOMAIN , which means for a custom domain setup with www the email address becomes noreply@www.somesite.com which is not the expected behavior normally. This removes the `www` subdomain if present for those email addresses, but doesn't change any other subdomain
2021-03-24 23:31:00 +05:30
Rishabh Garg
82bb466316
Removed hardcoded accent color fallbacks (#12813)
refs https://github.com/TryGhost/Team/issues/536

From 4.0, we ensure and require that accent colour is always set. This change removes hardcoded accent color fallbacks to avoid confusion as well as cause accidental fallback that is undesired causing themes to look different
2021-03-24 18:25:26 +05:30
Peter Zimon
6d853ff43f Fixed email preheaders
- removed member import related preheader from invite, reset password and welcome emails
2021-03-23 09:49:33 +01:00
Rishabh Garg
738c8ac70d
🐛 Fixed Admin redirect for newsletter/support email update (#12810)
closes https://github.com/TryGhost/Team/issues/570

When site owner/admin updates their newsletter/support email address from settings, they receive an email with confirmation link which on success takes them to Ghost Admin on email settings screen with a toast about success. Since the path for email settings in Ghost Admin changed in v4, the fix updates the redirect link to new Admin settings URL.
2021-03-23 11:24:07 +05:30
Naz
81a54a70bc Fixed failing notification update for non-major version
refs 4dc413d6a1

- Fixed failing test cases which were designed to check non-major upgrade messages. There's no clear use cases for those, but still worth keeping such case in mind
2021-03-23 18:02:52 +13:00
Naz
4dc413d6a1 🐛 Fixed upgrade notification showing post-upgrade
closes https://github.com/TryGhost/Team/issues/564
refs https://github.com/TryGhost/Ghost/issues/10236

- The notification to upgrade to new 4.0 Ghost version was still visible to users after upgrading the instance to 4.0. This was caused by notification filtering not taking into account 3.x or 4.x versions.
- The fix filters out notifications that detect a major version notification using `x.0 is now available` pattern and compares current version to that major. This should future proof the issue from happening in Ghost 5.0 (but a proper holistic fix is preferable!)
2021-03-23 16:42:46 +13:00
Naz
265026d73d Added JSDoc to notifications service's constructor
refs https://github.com/TryGhost/Team/issues/564
refs https://github.com/TryGhost/Ghost/issues/10236
2021-03-23 15:22:14 +13:00
Peter Zimon
2d69c32481 Fixed member import email heading spacing 2021-03-22 18:15:11 +01:00
Peter Zimon
b3b6a603af
New logo in Admin (#12768)
refs https://github.com/TryGhost/Team/issues/547

- replaced link to static/squircle to orb
2021-03-18 17:27:27 +00:00
Kevin Ansfield
19d5448101
🐛 Fixed complimentary members' content gating (#12761)
no issue

Comped members were not able to view paid-member content because content gating was only looking for `member.status === 'paid'` which doesn't take into consideration members on a "complimentary" plan.

- added front-end acceptance tests for member access to posts
- updated content-gating check to take comped members into consideration
2021-03-15 19:13:48 +13:00
Peter Zimon
30bc751237 Updated 'Powered by' badge ref to 4.0 repo 2021-03-10 16:02:00 +01:00
Peter Zimon
acf6e235c7 Updated squircle ref to 4.0 repo 2021-03-10 15:53:59 +01:00
Hannah Wolfe
d51fcd072e Added new member limit & removed old
refs: https://github.com/TryGhost/Team/issues/510

- The current member limit was implemented as a member-specific concept
- The new limit service is much more generic, here we are swapping old for new
- The updated concept here is blocking all publishing, not just email sending, when a site is over its member limit
- To determine that we are publishing a post, we must be in the model layer. The code has been moved to the permissible function which makes sense as this is a permissions error that we are throwing
- I've left the extra check for email retries in, in case there is some loophole here (but we may wish to change it)
2021-03-04 18:16:34 +00:00
Hannah Wolfe
26f56626ce Updated host config to correctly use camelCase
refs https://github.com/TryGhost/Team/issues/510

- When the host config was introduced it was incorrectly introduced as host_settings instead of hostSettings
- All other Ghost config uses camelCase, so changing this now before it becomes a problem
- Note: Also removed some rogue return awaits that don't make sense. It's not possible to hit that case, but cleaning up anyway
2021-03-04 11:39:32 +00:00
Naz
41c93f982d Added 'locale' property to public settings
refs https://github.com/TryGhost/Team/issues/509

- During 3.x we standardised on "lang" instead of "default_locale" for the site setting, which was an assumption based on an earlier change to @site.lang to make <html lang="@site.lang"> read nicer. This was a mistake as the field represents more than "lang" its a "locale". With this changeset we introduce a transition to use "locale" name for the value instead of "lang"
- Adds `@site.locale" value in as well as new 'locale' property in Content API's response
- "lang" will be considered as deprecated starting with API v4 and will be dropped completely with API v5
2021-03-04 16:00:02 +13:00
Naz
c2a3297f5d Restructured public settings cache hash
refs https://github.com/TryGhost/Team/issues/509

- Flipping around key/newKey pair allows to map multiple keys to the same field in the settings
- This becomes handy when there's a need to deprecate a field. For example, we are about to introduce a 'locale' setting which would need to map to 'lang' db key, with current structure it's impossible to have many:1 mapping because it's impossible to have duplicate keys in the JS object ("hash")
2021-03-04 15:24:08 +13:00
Hannah Wolfe
edb626af18 Added custom integration feature limit
refs: https://github.com/TryGhost/Team/issues/510

- in the case that host config is provided, prevents the creation of custom integrations
2021-03-03 20:15:49 +00:00
Peter Zimon
a1aa18e5b2 Minor email copy updates 2021-03-03 17:42:28 +01:00
Peter Zimon
3064addcb5 Refined email template spacings 2021-03-03 17:34:35 +01:00
Peter Zimon
f71cc4e7b0 Updated email styles
- updated welcome, password reset and invitation email styles to match with 4.0 changes
2021-03-03 17:15:37 +01:00
Hannah Wolfe
c7b843471f Added limit service
refs: https://github.com/TryGhost/Team/issues/510

- added and wired up the new limit service, which is a lazy-loaded service
- this handles the case that there are host limits set in config, and wraps all the logic needed for detecting exceeded limits & throwing limit errors
- expects limits to be set in config under `host_settings.limits`
- supported limits are managed in the limit service, outside of core
2021-03-03 13:43:05 +00:00
Fabien 'egg' O'Carroll
b7a092a24a
🐛 Stopped Ghost crashing when sending bulk emails (#12718)
refs https://github.com/TryGhost/Ghost/issues/12610
refs https://github.com/mailgun/mailgun-js-boland/blob/v0.22.0/lib/request.js#L285-L333

The mailgun domain is used by the mailgun API to construct the URL for
the API. e.g for a domain of "mg.example.com" the URL for the API
messages would look like:

https://api.mailgun.net/v3/mg.example.com/messages

One weird thing about the mailgun API is that if the path does not map
to an API endpoint, then instead of a 404, we get a 200, with a body of
"Mailgun Magnificent API".

The `mailgun-js` library which we use, expects a JSON response, and will
return a body of undefined if it does not get one.

This all resulted in us trying to read the property `id` of an undefined
`body` variable. The fix here is to reject the containing Promise, if
there is no body. So that the default error handling will kick in.
2021-03-03 09:34:44 +00:00
Naz
b17a965c88 Switched members services to use v4 API
refs https://github.com/TryGhost/Team/issues/513

- Bumping version as this is now the latest stable API.
- The change might cause this particular side effect (acceptable for major version): if a member requests a login URL when the instance is on 3.x version and site owner upgrades do 4.x before member authenticates through login link, the login will fail and the member will have to request a new login URL.
2021-03-03 14:42:03 +13:00
Kevin Ansfield
e177e7e1b5 Fixed analytics require error
refs a06064b115

- fixed incorrect path in require for base email analytics service
2021-03-02 08:26:42 +00:00
Kevin Ansfield
a06064b115 Fixed email analytics require error
refs https://github.com/TryGhost/Ghost/pull/12541
refs https://github.com/TryGhost/Ghost/pull/12689

- the analytics job had been switched to create it's own instance of EmailAnalyticsService to avoid requiring logging but the analytics extraction branch was created before this change and wasn't picked up when merging
- pulled `queries` option object into a separate file for re-use
- updated `fetchLatest` job to conform to extracted library interface
2021-03-02 08:22:11 +00:00
Kevin Ansfield
11802ebee0
Extracted email analytics library code to external packages (#12541)
closes https://github.com/TryGhost/Team/issues/493

- all functionality except that directly related to Ghost's database and business logic now lives in external packages
  - @tryghost/email-analytics-service
  - @tryghost/email-analytics-provider-mailgun
2021-03-02 07:26:33 +00:00
Naz
9a6bfd0e71 Switched default API version for JWT
refs https://github.com/TryGhost/Ghost/issues/12716

- This change is made to avoid using now deprecated 'v2' API anywhere in the codebase.
- Switching to 'v4' should not cause sideeffects as this parameter is always present within the URL when Admin API is used
2021-03-02 15:19:33 +13:00
Naz
b3542e9176 Added JSDocs to MEGA service
refs d5cf0fc03e

- Makes sure required `apiVerson` parameter in MEGA is visible and easy to discover
2021-03-02 14:32:43 +13:00
Naz
d5cf0fc03e Bumped MEGA related serialization code to use v4 API
refs https://github.com/TryGhost/Ghost/issues/12716

- The code in serializePostModel was broken and always defaulted to 'v3'!  It refered to non-existent `model.get('api_version')` there's no such field in posts model! Changed the implementation so that the API version is passed in as a parameter to the method instead
- The style of providing "defaults" everywhere creates a need for future maintenance when we bump the version e.g in Ghost v5. Maybe reworking these methods to require a passed version and throwing an error instead would be more maintainable long-term?
2021-03-02 14:31:01 +13:00
Naz
72f25a7099 Bumped webhook API defaults to v4
refs https://github.com/TryGhost/Ghost/issues/12716

- The default API in Ghost v4 will be `'v4'`. When a new webhook is created or any data passes through serialization it should assume `v4` as a fallback if not specified.
2021-03-02 12:31:52 +13:00
Fabien O'Carroll
24afc5d4ff Fixed status code for unauthenticated requests
refs https://github.com/TryGhost/Team/issues/498

Requests to fetch the data of the logged in member made without a
session cookie were responsing with 400 Bad Request. This was incorrect
and always should have been a 401 Unauthorized.
2021-03-01 16:19:28 +00:00
Fabien O'Carroll
41d9610aef Removed warning logging from members 'middleware'
refs https://github.com/TryGhost/Team/issues/498

This was filling up logs with less than useful information - for every
single request made by a non-member to the frontend. Be gone!
2021-03-01 16:05:34 +00:00
Fabien O'Carroll
3eb8b91a6b Fixed paid flag on members
refs https://github.com/TryGhost/Ghost/issues/12602

As part of the member events, we added a third status of 'comped'.
Members with a status of 'comped' should still be considered paid, so
this fixes the definition of the paid flag to take that into account.
2021-02-25 14:26:41 +00:00
Fabien 'egg' O'Carroll
714e081efc
Removed hardcoded currency symbols (#12700)
refs https://github.com/TryGhost/Team/issues/473
refs https://github.com/TryGhost/Admin/commit/638e5027

We no longer want to maintain a list of currency symbols now that we support 100+ currencies,
so we will be relying on the `{{price}}` helper in themes and `Intl.NumberFormat` elsewhere.
2021-02-25 09:49:07 +00:00
Thibaut Patel
da7859c5e7 🐛 Fixed ENOTFOUND error handling on NodeJS >=13
no issue
2021-02-23 19:37:03 +01:00
Kevin Ansfield
08e1268aed
Added migration to remove surrounding <> in email_batches.provider_id (#12673)
refs https://github.com/TryGhost/Team/issues/221#issuecomment-759105424

- Mailgun responds to an email send with a provider id in the format `<x@y.com>` but everywhere else it's used in their API it uses the format `x@y.com`
- updates email batch save to strip the brackets, and migration removes brackets from existing records so we no longer have to add special handling for the stored id any time we use it
2021-02-23 08:48:21 +00:00