Commit Graph

1099 Commits

Author SHA1 Message Date
Nazar Gargol
1b449f4f53 🐛 Fixed 500 error in webhooks API when modifying non-existing webhooks
closes #12064

- Handled permission check bug by returning 404, same way it is returned in other permissions related places when handling non-existing resource. Example - 60907a7ae4/core/server/models/relations/authors.js (L355-L358)
2020-08-03 23:08:47 +12:00
Nazar Gargol
ef6586bfdc Fixed failing members import with label associations
no issue

- When processing entries with new labels in parallel Bookshelf relations is trying to create them which caused unique key constraints to fail. To avoid the failure, all labels should be pre-created before proceeding with creating members
2020-07-28 22:37:48 +12:00
Hannah Wolfe
92446d85ea Changed member limit to be DRY & use raw query
- Member limit code was duplicated in 2 places unnecessarily
- Also used member api code that fetched members and subscriptions fully hyrated when we only need a count
- Using a raw query significantly improves performance here
2020-07-26 20:49:30 +01:00
Kevin Ansfield
14c6968388 Fixed auto-generated label not being attached to members during import
no issue

- label was being created and returned in the response OK but it was missing from the set of labels that get added to members during import
2020-07-26 18:30:58 +01:00
Fabien O'Carroll
c46475f5be Supported optionally cancelling subscriptions on delete
no-issue

This updates the Admin API Member resource to *not* cancel subscriptions
by default, and adds a `cancel` option. This can be used over HTTP by
including a `cancel=true` query parameter.
2020-07-24 16:01:06 +02:00
Kevin Ansfield
8ceabbcfba Added automatic labelling of all members added during an import
no issue

Having all members created during an import labelled with a specific "import label" is useful for later operations such as bulk delete/edit or simply recording how and when a member was created.

- automatically create a label with the date/time the members CSV import occurred and assign it to all imported members
- return the import label data in the API response so that clients can react accordingly such as automatically filtering the members list by the label once an import finishes
2020-07-22 17:52:43 +01:00
Daniel Lockyer
d261f88456 Fixed typos in webhook error message
no issue
2020-07-20 09:05:56 +01:00
Rish
90b39fbb9a Updated status and error message for newsletter email failures
refs https://github.com/TryGhost/Ghost/issues/11971

- Added statusCode from bulk email provider to API response
- Updated error messages for different bulk email(mailgun) failure states
- Added `context` to preview mail API error message with mail provider's error message
2020-07-17 13:54:09 +05:30
Nazar Gargol
a520cdad0b Added JSON Schema validations to Webhooks Admin API v3
closes #12033

- Added webhooks schemas and definitions.
- Added validation checking if integration_id is present when using session auth. This is needed to prevent orphan webhooks.
- Integrated webhook schemas into frame's validation layer.
- Added isLowerCase ajv keyword support. This is needed to be able to do isLowerCase validation using JSON Schema for webhooks.
2020-07-17 17:37:14 +12:00
Nazar Gargol
d6267340a1 Updated Content API resource ordering to be same as slugs in filter
closes #11994

- Adds support for ordering based on slug filter  that contains a slug-is-in filter. It is applied only to Content API's resources - post, page, tag, author. The order is applied in the same order in which slugs appear in the filter.
- For, example providing following  query parameter filter for any of the above resources: `?filter=slug:[kitchen-sink,bacon,chorizo]`, would filter them by these slugs and order in the same way defined in the filter
- Can be used in handlebars templates in following way: `{{#get "tags" filter="slug:[slugs,of,the,tags,in,order]"}}`
- The property conteining this new order is assigned to `autoOrder` instead of `rawOrder` intentionally. This explicit asstignment would allow distinguishing where the 'orderRaw' comes from the model or the API layer. Apart from  adding necessary context this separation makes it easier to refactor separately model layer and API specific ordering in the future
- This commit also fixes default filtering for `author` resource in Content API. The serializer was never used before as it was missing from `serializers/index.js` module.
2020-07-10 18:33:00 +12:00
Fabien O'Carroll
a3f693b472 Updated tags output serialiasation for v2 API
no-issue

This ensures that the v2 API only outputs the tag properties we specify,
and doesn't include any new fields, like the new metadata columns.
2020-07-08 15:14:40 +02:00
Fabien O'Carroll
7e5292eccc Updated tags input schema for canary API
no-issue
2020-07-08 15:14:40 +02:00
Nazar Gargol
173e3292fa Fixed integration_id handling in Webhooks Admin API
no issue

- Changes introduced to both API v3 and v2
- Makes sure to use the same integration_id as authenticated integration for the webhook's data.
-  Makde it is impossible to create orphaned webhooks using token authentication
- Allowed only parent integration to edit it's children webhooks. Throwing permission error otherwise
2020-07-08 16:54:31 +12:00
Rish
8d989bd3c3 Updated members site data to include new portal settings
no issue

- Adds new portal button settings to members site data for portal script
- Updates settings input/output serializers to handle portal icon image url
2020-07-07 14:06:04 +05:30
Daniel Lockyer
8956a9df35 Merged 3.22.2 into master
* tag '3.22.2':
  v3.22.2
  Updated Ghost-Admin to v3.22.2
  Emitted all settings events on reinit of cache (#12012)
  🐛 Updated access to be true by default in v3 API
  Hardened members subscription migration against missing data (#12009)
2020-07-06 16:19:55 +01:00
Hannah Wolfe
289c1b3e8a 🐛 Updated access to be true by default in v3 API
closes #11990

- access should be a members feature, but it was already accidentally exposed to the theme layer
- it has now been added to the API even if members is disabled
- access defaults to true, unless members is enabled
- when members is enabled, access is set to the currently logged in members' access
2020-07-06 16:04:29 +01:00
Fabien 'egg' O'Carroll
37d577fa90
Remove references to bulk email settings (#12000)
refs #10318

* Ignored bulk_email_settings when importing
* Removed custom handling for bulk_email_settings
* Removed bulk_email_settings from default-settings
* Ignored bulk_email_settings when editing settings
2020-07-03 16:30:54 +02:00
Fabien O'Carroll
957cf9fd1d Added mailgunIsConfigured prop to config API
refs #10318

This will replace the isConfig property attached to the bulk_email_settings
2020-07-03 11:48:47 +02:00
Nazar Gargol
6902f86b40 Added field mapping support for members import CSVs
no issue

- This is a precursor work allowing client to send csv to JSON
field mapping hash as a `mapping` field parameter in the incoming
request.
2020-07-02 15:18:39 +12:00
Nazar Gargol
d03f674a2f Fixed failing members import tests
refs 05f6faf846

- The logic in "Stripe" error detection depended on error's message string matching, which is not a good practice in general. Had fixed it do to exact match on "context" of the error we throw internally and left more extensive comment about why things are implemented the way they are.
2020-07-01 19:03:12 +12:00
Kevin Ansfield
9810c41dca 🐛 Fixed facebook/twitter images having relative URLS in API output
no issue

Output serializer's url util was expecting `og_image` and `twitter_image` to be top-level attributes in the `attrs` object but they are actually nested under `posts_meta`.

- updated the code to use lodash's `get/set()` so that we can work with paths for easier handling of nested objects
- fixed unit tests where the mocked data under test did not match real-world data
2020-06-30 16:40:34 +01:00
Hannah Wolfe
fa91c6c954
🐛 Moved access to an API property (#11967)
closes #11574

- the current implementation of the access property has it frontend only, and wired up only in one place
- this leaves it only available in a handful of places, e.g. can't use it in a post loop or get helper
- the current implementation also fails logically if the html content of the post is blank

This fix moves the behaviour to the API

- this ensures the field is always available no matter what context you are in
- it also updates the logic to use the same membersHasAccess logic as is used to gate the post, so it's always correct

TODO: should reconsider the location of this code
2020-06-30 14:46:46 +01:00
Rish
d5f68dbbc5 Updated serializers/model layer validation using settings type
refs https://github.com/TryGhost/Ghost/issues/10318

- Updates `boolean` serialization in v2/canary serializers to apply only for `boolean` type settings
- Updates `boolean` transformation in model layer `format`/`parse` to check on `boolean` type setting
- Removes error thrown on Read-only setting for settings edit endpoint
- Updates v2/canary input serializers to remove any Read-only settings (using RO flag) to avoid edits
- Added type/group mappings in the importer when pre-migration settings table import data is present
- Updates tests
2020-06-30 17:38:36 +05:30
Fabien O'Carroll
0a257c4b5d Updated settings api to ignore stripe_connect settings
refs #10318

These settings are only allowed to be set via the stripe_connect_integration_token key
2020-06-30 11:27:43 +02:00
Fabien 'egg' O'Carroll
ee786aaa5d
Cleaned up members & stripe settings (#11957)
* Updated members default settings

ref #10318

This pulls out the members_subscription_settings & stripe_connect_intgration settings into separate keys

* Updated usage of members_from_address

* Updated stripe_connect usage

* Updated members config to use new settings

* Updated members middleware to use isStripeConnected

* Updated members service to reload correctly

We reload the members-api instance when the related settings change, so
this makes sure we're listening to the correct settings changes

* Updated ghost_head helper to use new settings

* Updated theme middleware to use new settings

* Renamed members_allow_signup -> members_allow_free_signup

* Fixed tests after settings refactor

* Removed  from direct key settings key

* Fixed regression tests for settings api
2020-06-29 16:22:42 +02:00
Nazar Gargol
097ff9fba9 Fixed grouping error in members CSV importer
no issue

- Import error grouping wasn't working correctly when error didn't have defined context property
- The copy will be refined in final design review
2020-06-30 00:22:52 +12:00
Nazar Gargol
91e3630f36 Updated settings API v3 tests to check for correct types returned for specific keys
refs https://github.com/TryGhost/Ghost/issues/10318
refs 476fca6e5b

- Symetric change to one done in referenced commit which maps fields for API v2
2020-06-25 17:36:10 +12:00
Nazar Gargol
e394b5ad9c Added naive settings type options parameter support to settings API v2
refs TryGhost/Ghost#10318
refs 8fc526ff6

- This is symetric change to one done for v3 API (commited as 8fc526ff6)
- Added 'core' filtering for v2 API controller
2020-06-25 16:32:16 +12:00
Kevin Ansfield
e9b6e8eca7 Removed API filter of settings now correctly grouped in "core"
refs https://github.com/TryGhost/Ghost/issues/10318

- `members_public_key` and `members_private_key` are now correctly grouped under `core` which is already filtered out so we don't need the extra filter to exclude them
2020-06-24 14:55:50 +01:00
Nazar Gargol
8fc526ff6e Added back compatible support for renamed settings types
refs https://github.com/TryGhost/Ghost/issues/10318
refs 1dc0405803

- Adds 1:1 mapping for filtering options  to renamed settings "type" to "gorup"
- Ignores the name changes and any old types
- Detailsed type -> group mappings can be checked in the refereneced migration commit
2020-06-25 00:55:40 +12:00
Nazar Gargol
118b7033e0 Fixed input serializer for setting's PUT methods in Admin APIs
refs https://github.com/TryGhost/Ghost/issues/10318

- There was a copy/paste error and we didn't have a test to pick it up. Will follow up with a regression test to make sure it doesn't happen again
2020-06-24 22:11:03 +12:00
Nazar Gargol
2de1c07dd4 Renamed settings key brand.primaryColor to accent_color
refs #10318
2614565d5a

- Changes naming throughout the codebase matching the change in the
referenced commit
2020-06-24 14:18:13 +12:00
Nazar Gargol
f0a811e9fe Renamed ghost_head/ghost_foot to codeinjection_head/codeinjection_foot
refs #10318
refs 2614565d5a

- Renamed ghost_head/ghost_foot in settings to match the new names
introduced in migrations
- Above change lead to reshufling in the mappings in input/output
serializers
- Makes sure change is compatible with v2 API
2020-06-24 14:18:13 +12:00
Nazar Gargol
5f1060a8bf Renamed settings keys active_timezone to timezone
refs https://github.com/TryGhost/Ghost/issues/10318
refs 2614565d5a

- Renames to match referenced migration renames
- Fixed API responses so they are consistent with newly renamed fields
- Not returning lang and timezone keys from settings in API v2 ther rest should be returned in API v3/canary
2020-06-24 14:11:20 +12:00
Kevin Ansfield
8a817050c5
Organised default settings into new groups (#11952)
refs https://github.com/TryGhost/Ghost/issues/10318

- precursor to migrating from `settings.type` to `settings.group`
- renames `blog` type to `site`
- renames `bulk_email` type to `email`
- moves settings out of `site` (previously `blog`) into more appropriate groups such as `core` or individual feature groups
2020-06-23 20:49:08 +01:00
Nazar Gargol
b78dbfbbc2 Removed use of deprecated setting flags from the codebase
refs #10318
refs https://github.com/TryGhost/Ghost/pull/11942

- Removes force_i18n, permalinks, and members_session_secret usage from the codebase
-  We deprecated these flasgs and have not used since Ghost v2. It's good time to remove them before we introduce bigger changes to how `settings` table opeartes.
- Fixed importer test. The test was meant to check if string values were converted properly, the check agains boolean didn't make much sense in this context, so removed it.
- Following this change are going to come ralated migrations to fix existing data (see ref)
2020-06-23 11:58:19 +12:00
Nazar Gargol
93e8ee83d9 Extracted members CSV related code into @tryghost/members-csv package
no issue

- Moves out CSV parsing and serialization related code into separate package as a part of push to modularize Ghost repo.
- Next up is to remove `csv-parser` dependency from this new package
2020-06-19 19:55:47 +12:00
Nazar Gargol
fabe06c5c5 Colocated readCSV util with members input serializer
refs 5a6ce5abfe

- Allows to move files and keep the history in one go.
- 'csv-parser' will be upgraded to 'papaparse' lib in a new package
2020-06-19 18:24:51 +12:00
Nazar Gargol
5a6ce5abfe Extracted members csv input serialization logic into separate module
refs a6b5a82f09

- This is prep work for extraction into members repository.
2020-06-19 17:58:33 +12:00
Nazar Gargol
a6b5a82f09 Extracted members csv serialization logic into separate module
no issue

- This is prep work for extraction into members repository.
2020-06-19 17:23:05 +12:00
Nazar Gargol
e698f9f95c Fixed handling for grouped validation errors during members import
refs 7904c303a7

- Model's validation errors are sometimes returned as an array of errors, in those cases they should be flattened to before returning to the client. This way there is more insight into what went wrong during the import.
2020-06-19 16:34:23 +12:00
Fabien O'Carroll
4716d13d13 Added API endpoints for disconnecting Stripe
no-issue
pr: https://github.com/TryGhost/Ghost/pull/11930

- Upgraded @tryghost/members-api to 0.23.0

  This version includes a new method hasActiveStripeSubscriptions

- Added /admin/members/hasActiveStripeSubscriptions

  This can be used to determine whether or not we should allow removing
  the stripe keys.

- Added /admin/settings/stripe/connect

  This can be used to delete a Stripe Connect integration, provided
  there are not active subscriptions
2020-06-18 18:42:20 +02:00
Kevin Ansfield
95525eeadc Allowed ?formats param in Admin API post+page create/edit requests
no issue

- `?formats` is useful when you want to get `html` back from the Admin API when creating/editing posts, otherwise you're forced to make a following `GET` request
2020-06-18 13:59:01 +01:00
Kevin Ansfield
4537ccd329 🐛 Fixed embed/bookmark retrieval for sites that require cookies during redirects
no issue

- known failing case was Medium. Some *.medium.com articles triggered redirects but without cookies being stored/sent across the redirect requests it would cause an infinite redirect loop and we'd abort after 10 redirects
- use `got`'s [cookie support](https://github.com/sindresorhus/got/tree/v9.6.0#cookies) via `tough-cookie` so that we can create bookmark cards for medium.com and other sites with similar problems
2020-06-17 10:03:36 +01:00
Kevin Ansfield
e0d1763424 🐛 Fixed fallback to bookmark card when pasting localhost Ghost url
no issue

- localhost check was causing an immediate "no provider" error when fetching oembed for a localhost url and bypassing the bookmark fallback even when the configured site lives on localhost
- allow `localhost:port` through in oembed endpoints when it matches the configured url
2020-06-15 18:38:43 +01:00
Kevin Ansfield
424e43975c Allowed ?force_reload=true through on pages edit endpoint
refs 008f86fc29

- same as posts. Related functionality to handle the query param exists on the Post model
2020-06-12 19:15:19 +01:00
Kevin Ansfield
008f86fc29 Added ?force_rerender=true param to posts edit endpoint
no issue

- there are various situations where we adapt/fix/improve our mobiledoc->html output over time but we didn't have a way of updating old content without manually editing the mobiledoc and saving, or running an expensive migration to re-render all old content
- this adds a `?force_rerender=true` query param to the `PUT .../admin/posts/:id/` endpoint that allows the `html` field to be re-generated without modifying the `mobiledoc` field contents
2020-06-12 18:05:57 +01:00
Kevin Ansfield
f4d9a41d3b
Added ?paid query parameter to Admin API members browse endpoint (#11892)
no issue

- NQL does not support the relationship setup that members->stripe customer<->stripe subscriptions uses so it wasn't possible to use the `filter` param to query against having an active subscription
- adds `customQuery` bookshelf plugin that allows customisation of SQL query used in `findPage` method by individual models
- use `customQuery` in Member model to set up joins and conditionals to select free/paid members when `options.paid` is present
- allow `?paid` param through API and permitted options for member model
2020-06-12 12:12:10 +01:00
Nazar Gargol
7904c303a7 Added invalid import record errors and counts
no issue

- This new format allows to return additional metadata with failed import records. The data for invalid records is returned in following format:
```
{
    count: {count_of_invalid_records},
    errors: [{
      message:	"Members not imported. Members with duplicate Stripe customer ids are not allowed." // message field of the error
     context:	"Attempting to import members with duplicate Stripe customer ids." // context field of the error
     help:	"Remove duplicate Stripe customer ids from the import file, and re-run the import." // help field of the error
     count:	2 // count of this specific error
    }]
};
- Errors are grouped by their context fields because message fields sometimes can contain unique information like Stripe customer id, which would produce too many errors in case of bigger datasets.
2020-06-12 19:59:36 +12:00
Nazar Gargol
589d826afd Added /members/validate ednpoint to Admin API
no issue

- This endpoint is meant to be used for validation of imported members
- Main function at the moment is to validate if stripe_customer_id present in the dataset exists in connected Stripe account
2020-06-12 16:34:12 +12:00
Fabien 'egg' O'Carroll
bfc03eb120
Replaced nql-map-key-values with @nexes/nql (#11896)
closes #11008

- Updated @nexes/nql to 0.4.0

  This version exports the mapKeyValues utility function

- Replaced nql-map-key-values with @nexes/nql util fn

  Usage was found using `rg nql-map-key-values` and replaced globally.

- Deleted nql-map-key-values module in shared 

  Now that this module isn't referenced anywhere else, we can remove it,
  relying solely on the util exported by @nexes/nql
2020-06-10 19:17:25 +02:00
Fabien O'Carroll
33d1148cff Supported test mode in members_stripe_connect API
no-issue

We've added a "mode" query param to the members_stripe_connect api auth
method, allowing the client to easily switch between live and test mode.
2020-06-10 14:06:57 +02:00
Nazar Gargol
c8351720b1 Removed levtover code
refs 81fc5f8eda

- Comment was left here unintentionally
2020-06-10 14:40:33 +12:00
Nazar Gargol
81fc5f8eda Added special handling for member import with Stripe connection
no issue

- When imported member contains stripe_customer_id data but there is no Stripe configured on the Ghost instance such import should faiil. The logic is consistent with one where import fails after not being able to find customer in linked Stripe account
- Fixed import stats to show import failures instead of "duplicate" when the validation error is of "Stripe" origin
2020-06-09 23:02:38 +12:00
Nazar Gargol
dba664a200 Removed unused variable
refs 53abf79869
2020-06-09 15:31:42 +12:00
Nazar Gargol
53abf79869 Removed format-csv module in favor of papaparse
no issue

- The aim was to extract format-csv to become an external dependency. After some analysis found out that native papaparse method `unparse` was achieving the same results with a lot better test coverage and stability. Because papaparse will become Ghost's default csv processor in near future decided to integrate papaparse instead of extracting module for the format-csv module's code, which would become redundant soon anyways.
- For reference papaparse will substitute current csv-parser lib because it's better performance and maturity.
- Performance comparison can be checked here - https://github.com/Keyang/csvbench#result . At the time of writing papaparse is rougly 40% faster than csv-parser
2020-06-09 15:23:15 +12:00
Rish
bca41e1877 Allowed updating from address domain for member emails
refs https://github.com/TryGhost/Ghost/issues/11414

Confirms if the fromAddress for sending member emails is valid and accessible using magic link flow, allowing owners to update full from address including domain change.

- Extends member service to handle magic link generation and validation for email update
- Updates existing setting endpoint to not directly update from address
- Adds new endpoint to send magic link to new address
- Adds new endpoint for validating the magic link when clicked and update the new email for from address
- Adds new email template for from address update email
2020-06-09 00:06:07 +05:30
Kevin Ansfield
db68560b11 🐛 Improved error message output when oembed request fails
refs https://github.com/TryGhost/Ghost/issues/11212

- if a bookmark card fetch is performed (either directly or from fallback) and the page does not have an extractable title, return a more specific error message than "No provider found for supplied URL."
2020-06-08 15:06:00 +01:00
Kevin Ansfield
5aa6a3dbad Fixed no-shadow linting errors in oembed controllers 2020-06-08 12:52:41 +01:00
Kevin Ansfield
d8773dcc45 Allowed bookmark cards to be created without a description
no issue

- title+description was too limiting for some sites so we're relaxing the requirements to only require a title
2020-06-08 07:55:38 +01:00
Nazar Gargol
c7648737ca Added context and help message to member linking with Stripe account error
no issue

- When the customer cannot be imported because they are missing from linked Stripe account or the linked account is incorrect one, these new messages should provide a better clue about what has caused the error and how to act on it.
2020-06-06 00:06:19 +12:00
Nazar Gargol
633ba27f0e Added custom label assignment to imported members
no issue

- There is a need to be able to label certain import group of members
with custom labels. This will allow to distinguish/filter these newly
imported  members.
- Allowed `POST /members/csv/` endpoint to accept `labels`
field parameter which assigns labels to every member from imported csv.
2020-06-05 16:22:09 +12:00
Nazar Gargol
12c8b63a4a Added more specific error handling when adding duplicate labels
no issue

- Similarly to other additive api methods  (e.g. members.add) returned more specific ValidationError with contex filled in with the reason why adding did not succed.
- This change is needed for more graceful label handling when adding new members through import
2020-06-05 00:23:10 +12:00
Nazar Gargol
59c773fb04 Removed cache invalidation header when adding label through Amdin API
no issue

- Adding labels doesn't cause any content to invalidate, similarly to adding members. Unlike it's caunterpart - tags, there is no dependent "frontend" content that would become invalid
2020-06-04 23:44:19 +12:00
Fabien O'Carroll
7c188ec1eb 🐛 Fixed settings controller edit method
no-issue

This was because the API was recieving a default `null` value for the
stripe_connect_integration_token setting.

This also improves the logging for this error.
2020-06-02 19:01:19 +02:00
Kevin Ansfield
4e139ee5b4 Fixed linting 2020-06-02 14:33:43 +01:00
Kevin Ansfield
64ed246d03
Merge pull request from GHSA-4m2q-w26j-h268
no issue

- added an `externalRequest` lib
  - uses same underlying `got` module as our `request` lib
  - uses `got`'s `beforeRequest` and `beforeRedirect` hooks to perform it's own dns resolution for each url that's encountered and aborts with an error if it resolves to a private IP address block
  - includes a bypass for Ghost's configured url so that requests to it's own hostname+port are not blocked
- updated v2 and canary oembed controllers to use the `externalRequest` lib
2020-06-02 14:30:10 +01:00
Fabien O'Carroll
fc0e97593b Added membersStripeConnect controller auth method
no-issue

In order to issue a redirect we need access to the "raw" req/res
objects, which is why we must return the function which gets access to
them.

The members service is used to create the auth url and to update the
users session.
2020-06-02 15:28:42 +02:00
Fabien O'Carroll
413aa06ca5 Wired up stripe-connect module to settings API
no-issue

Uses the members service to parse a stripe_connect_integration_token
setting and set the stripe_connect_integration based on that.

This change includes ignoring the stripe_connect_integration{,_token}
settings, as the token is never saved, and the integration can only be
set by using the token.
2020-06-02 15:28:42 +02:00
Fabien O'Carroll
88b4c5571d Refactored the settings edit controller
no-issue

There was some unused code here, the variable  was never used, also we
were looping and collecting a list of errors, but only every using the
first one, so switched to the `find` method which stops iteration after
an element has matched.
2020-06-02 15:28:42 +02:00
Vikas Potluri
00c324fa4e
Moved core/server/lib/common/logging to core/shared/logging (#11857)
- Represents that logging is shared across all parts of Ghost at present
  * moved core/server/lib/common/logging to core/shared/logging
  * updated logging path for generic imports
  * updated migration and schema imports of logging
  * updated tests and index logging import
  * 🔥 removed logging from common module
  * fixed tests
2020-05-28 19:30:23 +01:00
Vikas Potluri
1bd8c18a16
Moved core/server/lib/url-utils to core/shared/url-utils (#11856)
* moved url-utils from server to shared
* updated imports of url-utils
2020-05-28 11:57:02 +01:00
Kevin Ansfield
35f8042d7b
Added ?search= param to Admin API members endpoint (#11854)
no issue

- adds `search` bookshelf plugin that calls out to an optional `searchQuery()` method on individual models to apply model-specific SQL conditions to queries
- updated the base model's `findPage()` method to use the search plugin within `findPage` calls
- added a `searchQuery` method to the `member` model that performs a basic `LIKE %query%` for both `name` and `email` columns
- allowed the `?search=` parameter to pass through in the `options` object for member browse requests
2020-05-28 10:14:02 +01:00
Vikas Potluri
e7dc5f0bb3
removed invalid require in v2 input validator (#11851) 2020-05-27 18:49:13 +01:00
Vikas Potluri
15d9a77092
Moved config from server to shared (#11850)
* moved `server/config` to `shared/config`
* updated config import paths in server to use shared
* updated config import paths in frontend to use shared
* updated config import paths in test to use shared
* updated config import paths in root to use shared
* trigger regression tests
* of course the rebase broke tests
2020-05-27 18:47:53 +01:00
Vikas Potluri
aeee302c9d
refactored 'lib/image' imports to use destructuring (#11847)
* refactored 'lib/image' imports to use destructuring
* trigger all-tests
2020-05-26 19:11:23 +01:00
Kevin Ansfield
071ab9774b
Added Admin API endpoint for basic member stats (#11840)
no issue

- moves members stats generation for the admin graph from the client to the server
- outputs a basic totals count across a requested date range of 30, 90, 365 days, or all time. See below for the response shape
- leaves heavy lifting of the counts to the SQL engines - tested on a dataset of 100k members and query performance is <100ms

```
GET /ghost/api/canary/members/stats/?days=30

{
    total: 100000,
    total_in_range: 20000,
    total_on_date: {
        '2020-04-25': 19000,
        '2020-04-26': 19500,
        // continues until today's date
    },
    new_today: 200
}
```
2020-05-26 10:38:42 +01:00
Vikas Potluri
4ac88dce10
Refactored common lib import to use destructuring (#11835)
* refactored `core/frontend/apps` to destructure common imports
* refactored `core/frontend/services/{apps, redirects, routing}` to destructure common imports
* refactored `core/frontend/services/settings` to destructure common imports
* refactored remaining `core/frontend/services` to destructure common imports
* refactored `core/server/adapters` to destructure common imports
* refactored `core/server/data/{db, exporter, schema, validation}` to destructure common imports
* refactored `core/server/data/importer` to destructure common imports
* refactored `core/server/models/{base, plugins, relations}` to destructure common imports
* refactored remaining `core/server/models` to destructure common imports
* refactored `core/server/api/canary/utils/serializers/output` to destructure common imports
* refactored remaining `core/server/api/canary/utils` to destructure common imports
* refactored remaining `core/server/api/canary` to destructure common imports
* refactored `core/server/api/shared` to destructure common imports
* refactored `core/server/api/v2/utils` to destructure common imports
* refactored remaining `core/server/api/v2` to destructure common imports
* refactored `core/frontend/meta` to destructure common imports
* fixed some tests referencing `common.errors` instead of `@tryghost/errors`
   - Not all of them need to be updated; only updating the ones that are
causing failures
* fixed errors import being shadowed by local scope
2020-05-22 19:22:20 +01:00
Fabien O'Carroll
4c3bd0e2e9 Added stripeDirect config to admin api w/ default
no-issue

The flag currently defaults to `true` as we are still using stripe
direct. We expose it on the admin api config endpoint so that the
Ghost-Admin client can use it to conditionally render
2020-05-20 16:47:58 +02:00
Kevin Ansfield
0eec876cb1 Removed separate reset/forced-reset emails and updated email copy
refs https://github.com/TryGhost/Ghost/pull/11790

- reduced complexity by sticking to one email for both normal reset and forced reset (locked staff accounts)
- exposed `siteTitle` for use in any email templates
- updated email copy to be suitable for both types of password reset
2020-05-06 13:20:11 +01:00
Naz
c84866dda7
Improved password reset and session invalidation for "locked" users (#11790)
- Fixed session invalidation for "locked" user
  - Currently Ghost API was returning 404 for users having status set to "locked". This lead the user to be stuck in Ghost-Admin with "Rousource Not Found" error message.
  - By returning 401 for non-"active" users it allows for the Ghost-Admin to redirect the user to "signin" screen where they would be instructed to reset their password

- Fixed error message returned by session API
  - Instead of returning generic 'access' denied message when error happens during `User.check` we want to return more specific error thrown inside of the method, e.g.: 'accountLocked' or 'accountSuspended'
  - Fixed messaging for 'accountLocked' i18n, which not corresponds to the
actual UI available to the end user

- Added automatic password reset email to locked users on sign-in
  - uses alternative email for required password reset so it's clear that this is a security related reset and not a user-requested reset

- Backported the auto sending of required password reset email to v2 sign-in route
  - used by 3rd party clients where the email is necessary for users to know why login is failing

Co-authored-by: Kevin Ansfield <kevin@lookingsideways.co.uk>
2020-05-05 19:37:53 +01:00
Rishabh Garg
a01bcdd2d0
Added new endpoint for refreshing api key secret (#11791)
no issue

- Adds new endpoint on integration to refresh admin/content api key secret
- Allows owner/admin to refresh their content or admin API keys for an integration via Ghost Admin
- Adds a new `refreshed` event to actions table for anytime an api_key secret is refreshed
2020-05-05 23:36:21 +05:30
Hannah Wolfe
c70c49258e Added new members/api/site endpoint
- easy way to access public settings needed for building members clients
- no auth means this is for public info only
2020-04-30 19:50:40 +01:00
Hannah Wolfe
22e13acd65 Updated var declarations to const/let and no lists
- All var declarations are now const or let as per ES6
- All comma-separated lists / chained declarations are now one declaration per line
- This is for clarity/readability but also made running the var-to-const/let switch smoother
- ESLint rules updated to match

How this was done:

- npm install -g jscodeshift
- git clone https://github.com/cpojer/js-codemod.git
- git clone git@github.com:TryGhost/Ghost.git shallow-ghost
- cd shallow-ghost
- jscodeshift -t ../js-codemod/transforms/unchain-variables.js . -v=2
- jscodeshift -t ../js-codemod/transforms/no-vars.js . -v=2
- yarn
- yarn test
- yarn lint / fix various lint errors (almost all indent) by opening files and saving in vscode
- grunt test-regression
- sorted!
2020-04-29 16:51:13 +01:00
Kevin Ansfield
1f85ef46d2 Adjusted oembed endpoints to fetch higher resolution thumbnails
no issue

- embed cards now store metadata including thumbnail urls in their payload
- we want to use this metadata to render video cards in emails
- by default oembed endpoints return fairly small thumbnail images that don't look great when blown up
- oembed supports a `maxwidth` query param that will instruct oembed providers to return larger sizes of the content if available
2020-04-29 16:44:20 +01:00
Hannah Wolfe
4e9889ea4f Updated canary admin/site endpoint again
- put brand back, but only if dev experiments is enabled
- put members plans and allowSelfSignup back, but this is temporary as they need to live elsewhere
2020-04-27 15:20:14 +01:00
Hannah Wolfe
89669cd8e9 Updated canary admin/site endpoint temporarily
- these changes are not ready for prime time
2020-04-27 12:58:09 +01:00
Rish
adde1fa01c Fixed allowSelfSignup value in site data
refs https://github.com/TryGhost/members.js/issues/6

Fixed a bug in setting `allowSelfSignup` value as public plans
2020-04-21 23:35:16 +05:30
Rish
dd377492bf Updated public site endpoint with more data
no issue

This adds new public settings - description, logo, brand - and some public member settings - plans, allowSelfSignup to the open site endpoint which will be used by members.js for data initialization
2020-04-21 23:35:16 +05:30
Kevin Ansfield
a09a6caf5f Fixed in-browser email preview showing raw replacement strings
no issue

- fixed plaintext templates being word wrapped and breaking across replacement strings
- updated `postEmailSerializer.serialize` to return the email template plus a replacements array that can be used for creating Mailgun-like recipient variable objects or more straight forward replacement
- updated email-preview API to work with the replacements data to show fallback data when previewing
2020-04-20 12:24:05 +01:00
Daniel Lockyer
8853067830 Added custom json-string format to AJV validator
no issue

- the value of `mobiledoc` when submitting a page/post via the API must
  be JSON, but we don't validate this
- this results in url-utils throwing an error, which ends up being a 500
- this commit adds a custom format to AJV to validate it is valid JSON
- also updates tests with bad JSON - 'a'
2020-04-17 11:56:20 +01:00
Daniel Lockyer
da237ca885 Returned error upon oembed catch
no issue
2020-04-15 10:35:22 +01:00
Daniel Lockyer
a769bbe86c Fixed 500 error when deleting items that don't exist
fixes #11723

- when deleting an invite/label/tag/webhook that doesn't
  exist, Ghost would throw a 500 error
- this commit catches the NotFoundError
- also rejects from model if nothing was found
- spotted in Sentry
2020-04-13 16:13:33 +01:00
Daniel Lockyer
946f7b872f Returned Promise.reject instead of throwing error
no issue

- brings in line with other code changes
2020-04-13 16:13:33 +01:00
Kevin Ansfield
ce53c602a6 Updated oembed requests to use consistent timeout and user-agent
no issue

- added the same 2sec timeout and `Ghost` user-agent header to the `rel="alternate"` oembed request that we use for the initial html page request
2020-04-07 15:29:31 +01:00
Kevin Ansfield
2642405595
Merge pull request from GHSA-q6jp-j3gg-3mxr
no issue

- backports fixes implemented in https://github.com/TryGhost/Ghost/commit/477393967 from the v3/api endpoint to the v2 endpoint
2020-04-07 11:05:48 +01:00
Daniel Lockyer
13e1ecae27 Replaced use of Bluebird return method from knex code
no issue

- Knex removed their use of several Bluebird methods, including `return`
- our code used `return`, but mostly to return null after a destroy action
- these uses have been replaced with `.then(() => null)` in order to
  continue returning null and to avoid breaking anything
2020-04-07 10:49:12 +01:00
Hannah Wolfe
b2b278a3ba Removed typo 2020-03-25 12:28:57 +00:00
Hannah Wolfe
f12238b11a Cleanup repeated module mocking utils
- mock non existant module util was defined twice
- split it out properly from the rest of the utils, update all references
- this allows us to move this util out of the codebase along with other code, e.g. the image manipulation code
2020-03-25 12:07:32 +00:00
Hannah Wolfe
8c1a0b8d0c Remove External Apps
- Apps are marked as removed in 3.0, never officially launched and have been deprecated for at least 2 years.
- We've slowly removed bits that got in our way or were insecure over time meaning they mostly didn't work
- This cleans up the remainder of the logic
- The tables should be cleaned up in a future major
2020-03-20 10:40:22 +00:00
Hannah Wolfe
bc7906a7b2 Revert "Remove Apps"
This reverts commit cbb59a57db.
2020-03-20 08:58:26 +00:00
Hannah Wolfe
cbb59a57db Remove Apps
- Apps are marked as removed in 3.0, never officially launched and have been deprecated for at least 2 years.
- We've slowly removed bits that got in our way or were insecure over time meaning they mostly didn't work
- This cleans up the remainder of the logic
- The tables should be cleaned up in a future major
2020-03-19 19:06:17 +00:00
Kevin Ansfield
0741114d11 Moved htmlToMobiledocConverter() out of renderers
no issue

- prep for extraction of various Koenig repos
- html->mobiledoc doesn't really fit into the "renderer" naming as it's more of a converter than a renderer and doesn't follow the same pattern
2020-03-19 12:18:54 +00:00
Kevin Ansfield
4949ad9214 Renamed mobiledoc converters to renderers
no issue

- matches naming with `mobiledoc-kit` nomenclature
- better matches intent for future additions of mobiledoc rendering to email/plaintext/etc
2020-03-18 18:13:25 +00:00
Fabien O'Carroll
d246a4761e Implemented externally verifiable identity tokens
no-issue

This adds two new endpoints, one at /ghost/.well-known/jwks.json for exposing
a public key, and one on the canary api /identities, which allows the
Owner user to fetch a JWT.

This token can then be used by external services to verify the domain

* Added ghost_{public,private}_key settings

    This key can be used for generating tokens for communicating with
    external services on behalf of Ghost

* Added .well-known directory to /ghost/.well-known

    We add a jwks.json file to the .well-known directory which exposes a
    public JWK which can be used to verify the signatures of JWT's created
    by Ghost

    This is added to the /ghost/ path so that it can live on the admin
    domain, rather than the frontend. This is because most of its
    uses/functions will be in relation to the admin domain.

* Improved settings model tests

    This removes hardcoded positions in favour of testing that a particular
    event wasn't emitted which is less brittle and more precise about what's
    being tested

* Fixed parent app unit tests for well-known

    This updates the parent app unit tests to check that the well-known
    route is mounted. We all change proxyquire to use `noCallThru` which
    ensures that the ubderlying modules are not required. This stops the
    initialisation logic in ./well-known erroring in tests

https://github.com/thlorenz/proxyquire/issues/215

* Moved jwt signature to a separate 'token' propery

    This structure corresponds to other resources and allows to exptend with
    additional properties in future if needed
2020-03-16 13:22:04 +01:00
Rish
318484d737 Read billing url from config and add to API
no issue
2020-03-16 13:22:04 +01:00
Nazar Gargol
53b6ad16d8 Fixed handling of empty created_at dates in member CSV imorts
no issue

- When created_at value is not provided it should be treated as an empty one instead of trying to import empty string.
- This scenario happens when the column is defined in CSV but no values are present (default parsed value is empty string '')
2020-03-09 20:12:02 +08:00
Kevin Ansfield
4773939670 🔒 Improved validation of fetched urls and responses in oembed endpoint
no issue

- prevent oembed fetching from accessing IP addresses or localhost domains
- prevent oembed endpoint from passing through fetched responses as-is
  - reject any fetched data that does not validate against the oembed spec
  - strip any unknown properties from the oembed response before returning

Credits: Nick Mykhailyshyn
2020-03-09 10:42:25 +00:00
Nazar Gargol
895b3d98e7 Refactored members csv export for bettere readability
no issue
2020-03-06 13:55:11 +08:00
Fabien O'Carroll
58187175c3
Deleted all but active sessions on password change (#11639)
closes #10323 

* Fixed usage of hasMany for user->session
* Refactored changePassword to async function
* Deleted all user sessions when password changed
* Tested for session retained after password changed
* Added the session to the frame
* Skipped the current session when changing password
2020-03-05 12:22:32 +02:00
Nazar Gargol
8f789523e3 Fixed date formatting in members CSV export
no issue

- Made date formatting coherent with the one used in API and the exporter
- Using JSON.stringify() here because that's exactly how API is getting it's formattting done atm
2020-03-04 17:41:02 +08:00
Daniel Lockyer
a851cdfc7b Handled bad URLs in oembed bookmark API
fixes #11636

- malformed URLs passed to oembed API would cause `got` or `metascraper`
  to throw an error and this would result in a 500 error from Ghost
- this commit catches the errors and returns a reasonable response
2020-03-02 14:24:26 +00:00
Naz
b0ff1e7cac
Added member login resource to Admin API (#11607)
no issue

- Adds 'GET /members/:id/signin_urls' endpoint to Admin API allowing to fetch login URL for member. This URL allows to log in as a member which is useful in situations when you need to impersonate a member (for example to debug some issue they are having)
- Added member_signin_urls permission with migrations. Only the "Owner" user can read "signin_urls" resource. Admin and other users will be denied access
2020-02-27 11:48:02 +08:00
Nazar Gargol
b9db9fa15e Allowed editing member's email
no issue

- After investigating effects of allowing editing email there were no significant blockers found, so there is no reason not to allow editing this field
2020-02-21 16:00:13 +08:00
Nazar Gargol
b5183204e9 Added missing frame parameter in member mapper
no issue

- This is not causing any bugs but the frame should always be passed in into the mapper to avoid unintended bugs
2020-02-21 10:40:41 +08:00
Nazar Gargol
a1fef1fc7c Added created_at field to accepted fields for members CSV import
no issue

- This field is usefult when importing from external sources.
- The date format should be compatible with one used internally by Ghost which is RFC 2822 compliant format
2020-02-19 19:55:32 +08:00
Kevin Ansfield
19812f53f4
Added member.avatar_image for member gravatars in themes (#11584)
refs https://github.com/TryGhost/Team/issues/243

- uses `member.toJSON()` to add a computed `avatar_image` property
  - if the member has an email address and gravatar is not disabled then we generate a gravatar url using the `?d=blank` parameter to return a transparent image if the member's email has no gravatar
2020-02-19 10:08:12 +00:00
Nazar Gargol
6db07ce34d 🐛 Fixed member CSV import setting subscribed to true as default
no issue

- When importing through CSV we should remain the defaults of 'subscribed' fields (`true` at the moment), unless it is explicitly set to `false` or `FALSE` (the latter uppercase value often comes from scpredsheets)
2020-02-18 11:34:20 +08:00
Rishabh Garg
001db05075
Added labels for Members (#11538)
no issue

* Updated sendEmailWithMagicLink syntax

* Updated label name selection from theme

* Updated migration version for labels

* Added labels to export/import of members

* Added member labels sanitization for case-insensitive duplicates

* Fixed tests

* Fixed label serialization bug on import

* Bumped @tryghost/members-api to 0.15.0

* Fixed lint

* Cleanup
2020-02-14 15:03:10 +05:30
Rish
4eeed0d32a 🐛 Fixed "undefined" values in member csv export
no issue

We missed handling `undefined` values for fields during csv export for memebrs, which causes csv entries as `undefined` for fields that don't exist. It also added need for extra handling of `undefined` entries during csv import. This PR fixes the bug by properly handling empty/undefined values in export
2020-02-12 11:03:16 +05:30
Nazar Gargol
2c52282662 Added future cleanup note
no issue

- This method was created as a shortcut and the real issue of 'undefined' values being present in CSV should be fiexed instead
2020-02-11 18:17:46 +08:00
Nazar Gargol
5caf924013 Fixed member delete method to use correct options
closes #11589

- `findOne` method in destroy method was usinng wrong options object (unlinke read method id comes from frame.options not frame.data) thus this was causing 404 errors
2020-02-11 16:35:18 +08:00
Nazar Gargol
4a79a0e753 Corrected 404 handling 2020-02-10 12:41:39 +00:00
Nazar Gargol
52635f1aa8 Basic implementation of backup retreival from file 2020-02-10 12:41:39 +00:00
Nazar Gargol
49983e799c Changed backup service signature to be able to expand it
- Will need to add a new method allowing to read an export file, so the module signature has to become an object rather than a function
2020-02-10 12:41:39 +00:00
Nazar Gargol
afe11c2b06 Added basic backup implementation for users DELETE endpoint
- The filename is returned to be able to fetch the backup on demand
- Wasn't able to limit exported tables as exporter doesn't support such functionality
2020-02-10 12:41:39 +00:00
Nazar Gargol
42f4518a63 Improved error logging for member CSV import
no issue

- Error object can be an array in case of database constrain validation errors, for this reason need to distinguish between singular objects and an array. This handling resemles the one in common error-handler - https://github.com/TryGhost/Ghost/blob/3.5.0/core/server/web/shared/middlewares/error-handler.js#L31-L33
2020-02-10 16:25:56 +08:00
Nazar Gargol
019605e9e0 Added concurency limit for member creation when importing
no issue

- When importing large batches of members we should not allow for unlimited amount of parallel requests created as this might lead to connection pool problems and reaching API rate limits (for example Stripe API is limited to 100 req/s)
2020-02-10 16:03:08 +08:00
Nazar Gargol
e57f7219e5 Added error logging for errors occuring during CSV import
no issue

- CSV import uses direct API calls which skips through logging error. This additional code should catch and record any internal errors
2020-02-07 14:33:30 +08:00
Nazar Gargol
68a36dd799 Changed members CSV export to match import format
refs c295435b41

- The import format changed the `subscribed` to `subscribed_to_emails`. Export should have the same format as import for consistency
2020-02-05 15:34:55 +08:00
Naz Gargol
c295435b41
Added new fields to members CSV import (#11539)
no issue

- New fields that are accepted through members CSV import endpoint are:
  - `subscribed_to_emails` - corresponds to `subscribed` flag in API
  - `stripe_customer_id` - links existing Stripe customer to created member
  - `complimentary_plan` - flag controlling "Complimentary" plan subscription creation for imported member

- Noteworthy exception in field naming - `subscribed_to_emails` that corresponds to `subscribed` API flag present on members resources. It's a special case of CSV format, where users can be less technical it's more explicit to what the flag does (also the same naming is applied in the Admin UI)

- Failing to either link Stripe customer or assign "Complimentary" subscription to imported member behaves in a transaction-like manner - imported record is not created in the database. This is needed to be able to retry imports when it fails for reasons like connectivity failure with Stripe or Stripe miss-configuration.

- To avoid conflicts with linking same Stripe customer to multiple members there is a special handling for duplicate `stripe_customer_id` fields. Records with duplicates are removed from imported set.
2020-02-04 13:51:24 +08:00
Naz Gargol
25f11bbf1c
Added complimentary member subscription (#11537)
no issue

- We need a way to simulate "premium" membership without any payment from members' side. For this new "Complimentary" plan is introduced
- Allows `comped` flag as an input only on `PUT /members/:id` endpoint which sets  free subscriptions based on "complimentary" plan on the member
- Added `comped` flag to members endpoint responses
- Bumped members-api to 0.12.0. This version supports new set/cancel complimentary subscription methods
2020-01-28 11:25:00 +07:00
Nazar Gargol
e9e3f58792 Refactored member controller to use model layer
refs https://github.com/TryGhost/Members/pull/105

- As members module has become a core part it makes sense to follow the same principles as in all other controllers and use the model directly instead of calling external services.
- Bumped @tryghost/members-api to 0.11.1 . New stripe-specific methods used in controllers are available starting with this version
- Exposing these new methods is a little hacky because there are no relationships setup on members_* tables. Left notes for future improvements once relations are introduced.
- We don't allow for chaging member's emails at the moment. For this reason had to modify JSON schema a little. It doesn't support OO inheritence: "This shortcoming is perhaps one of the biggest surprises of the combining operations in JSON schema: it does not behave like inheritance in an object-oriented language. " (ref. https://json-schema.org/understanding-json-schema/reference/combining.html#allof)
2020-01-15 17:52:47 +07:00
Ian Sim
6247b52367 Allowed pages to accept HTML as a source (#11422)
refs https://github.com/TryGhost/Ghost/issues/10471

- Allow page resource endpoints to accept HTML source. This behavior is the same as the post's resource introduced with e9ecf70ff7372f395b8917340805148bc764e2ef
- The functionality was most likely missed when post split into posts & pages was happening.
- Added symmetric changes to API v2.
2020-01-08 17:44:34 +01:00
Naz Gargol
97ea664d4d
🐛 Fixed empty html/plaintext fields for narrow fields parameter (#11505)
refs https://forum.ghost.org/t/plaintext-value-is-empty-using-the-api/10537

- The `plaintext`/`html` fields were empty because `visibility` attribute was not present in response body on output serialization stage. `visibility` field is always needed for content gating to work as expected 
- Added `visibility` field in the input serialization layer as it wouldn't be possible to use content gating if added on model layer through `defaultColumnsToFetch`
- Added test cases covering a bug
2020-01-08 14:43:21 +01:00
Nazar Gargol
11d1acb475 🐛 Fixed plaintext field being added as empty property when member post is requested
no issue

- Tests in previous commit uncovered a bug with unwanted field attached to
the post response
2020-01-06 14:59:30 +01:00
Rishabh Garg
160ef2976a
🏗Added host config limits for member emails (#11439)
no issue

Introduces host limits config for allowing email limits with members.
2019-12-17 19:24:27 +05:30
Rishabh Garg
fa3686bcc3
Added new brand blog setting (#11408)
no issue

Adds new `brand: {primary_color: ''}` blog setting behind dev flag for setting user-defined brand color in themes and emails.
2019-12-17 16:15:31 +05:30
Nazar Gargol
e25e847f47 Removed email related fields from API v2 responses
refs  https://github.com/TryGhost/Ghost/issues/11461

- The email feature was introduced in API v3 and is not back compatible with API v2. These fields should not appear in any v2 responses.
- Added regression tests for API v2 so that cases like this are spotted
easier in the future.
2019-12-16 20:01:38 +07:00
Rish
2d9963fbd8 Allowed comment_id and uuid in post API input
refs https://github.com/TryGhost/Ghost/pull/11462

Allows `comment_id` and `uuid` to be passed in post `add`/`edit` API calls instead of failing requests with validation error, though both properties are stripped out in serializer as we don't allow editing them.
2019-12-16 18:22:48 +05:30
Naz Gargol
bcddeeadf1
Removed redundant member manipulation proxy methods (#11423)
no issue

- This includes the interface change for members-api constructor - now accepts the member's model instead of proxy methods. These methods have been moved ton @tryghost/members-api in favor of using the model directly (ref: https://github.com/TryGhost/Members/pull/105)
- Moved error handling from the service layer to controller
- Bumped @tryghost/member-api package to 0.10.0
2019-12-06 12:04:10 +07:00
Hannah Wolfe
419e12d90a Added support for secondary navigation (#11409)
no issue

- Secondary navigation means most nav concepts are supported, e.g. header & footer, or left & right
- The UI is added separately, this PR adds supporting concepts:
  - make sure the default value is an empty array
  - add support in the API (v3 only)
  - add handling in the navigation helper
2019-12-04 11:12:02 +07:00
Rish
b9dd0d2b94 Refactored email handling to be consistent for test and newsletter emails
no issue
2019-11-26 21:41:01 +05:30
Nazar Gargol
9ff5fecbaf Fixed knex connection pool errors when scheduling a posts
no issue

- A subquery in mege service that creates email record wasn't using 'options' object needed to track transactions
2019-11-26 17:44:42 +07:00
Rish
e6f74c63db Fixed post serialization for test emails
no issue
2019-11-26 11:59:41 +05:30
Nazar Gargol
075fb76a60 Moved toJSON calls to serializer
- toJSON transformations should happen on serializer level so controllers could be called directly with it's own options internally
2019-11-25 12:04:58 +07:00
Kevin Ansfield
6a057fad99
Added /emails/:id/retry/ endpoint for retrying failed emails (#11410)
We want to allow admin users to trigger a retry of failed emails without having to go through the unpublish/republish dance.

- fixed resource identifier in email permissions migration so email permissions are added correctly
- added new email permissions migration so that beta releases can be upgraded without rollback (will be a no-op for any non-beta upgrades)
- added `/emails/:id/retry/` canary Admin API endpoint
  - follows same URL pattern as theme activation
  - only triggers mega service retry endpoint if the email has a `'failed'` status
2019-11-22 14:20:32 +00:00
Naz Gargol
c2aec69af9
Added email retry logic for failed batches (#11402)
no issue

- When whole email batch fails we want to allow retrying sending a batch when post is republished
- Refactored naming for email event handling in mega
2019-11-18 21:28:54 +07:00
Kevin Ansfield
1c8b78818f Merge branch 'master' into mega 2019-11-18 11:09:46 +00:00
Rish
baccbb4942 Updated test email to throw error for failed requests
no issue
2019-11-18 13:24:28 +05:30