refs https://github.com/TryGhost/Toolbox/issues/320
- Webhook tests are becoming a special type of tests and needed their own "home" to live in. Adding them to be a part of the e2e test command, so they are run the same way as the rest of e2e test suites
refs https://github.com/TryGhost/Toolbox/issues/320
- Following the rule of having minimum code changes in the Ghost core codebase. This module belongs to "framework" along with other testing tools anyway.
- The bump includes a noteworthy changes - the "snapshotManager" was extracted into a separate exposed property of express-test API (maybe should be even it's own separate concept eventually, for now exposing it was enough). "snapshotManager" had to be exposed to be able to pass it to the webhook mock receiver - to use same instance configured with mocha hooks. snapshotManager has to be a singleton in the system to configure snapshots correctly through mochaHooks.
refs https://github.com/TryGhost/Team/issues/1526
This adds a check for existing subscriptions for a member associated with the
email addressed used for Stripe Checkout, if any are found the Checkout Session
creation fails and responds with a 403.
We've also updated the error handling for the create-stripe-checkout-session
endpoint so that it follows the existing Ghost API patterns.
fixes https://github.com/TryGhost/Team/issues/1652
fixes https://github.com/TryGhost/Ghost/issues/13319
**Image formatting**
Added support for changing the format of images via the `handle-image-sizes` middleware (e.g. format SVG to png, jpeg, webp)
This change was required:
- Not all browsers support SVG favicons, so we need to convert them to PNGs
- We can't fit image resizing and formatting in the `serve-favicon` middleware: we need to store the resized image to avoid resizing on every request. This system was already present in the `handle-image-sizes` middleware.
To format an uploaded image:
- Original URL: https://localhost/blog/content/images/2022/05/giphy.gif
- To resize: https://localhost/blog/content/images/size/w256h256/2022/05/giphy.gif (already supported)
- To resize and format to webp: https://localhost/blog/content/images/size/w256h256/format/webp/2022/05/giphy.gif
- Animations are preserved when converting Gifs to Webp and in reverse, and also when only resizing (https://github.com/TryGhost/Ghost/issues/13319)
**Favicons**
- Custom favicons are no longer served via `/favicon.png` or `/favicon.ico` (only for default favicon), but use their full path
- Added support for uploading more image extensions in Ghost as a favicon: .jpg, .jpeg, .gif, .webp and .svg are now supported (already supported .png and .ico).
- File extensions other than jpg/jpeg, png, or ico will always get transformed to the image/png format to guarantee browser support (webp and svg images are not yet supported as favicons by all browsers).
For all image formats, other than .ico files:
- Allowed to upload images larger than 1000px in width and height, they will get cropped to 256x256px.
- Allowed uploading favicons that are not square. They will get cropped automatically.
- Allowed to upload larger files, up to 20MB (will get served at a lower file size after being resized)
For .svg files:
- The minimum size of 60x60px is no longer required.
For .ico files:
- The file size limit is increased to 200kb (coming from 100kb)
refs https://github.com/TryGhost/Team/issues/1640
- Some the clien libraries were not able to match the signin key to verify JWT when using `GET /members/.well-knonw/jwks.json` endpoint for member token verification. This issue was due to missing `keyid` parameter allows to indicate the key used to secure JWS (as per https://www.rfc-editor.org/rfc/rfc7515#section-4.1.4) and resolves the automatic matching issue on the client.
- The `kid` parameter was left in claims to avoid accidental breaking changes.
refs https://ghost.slack.com/archives/C02G9E68C/p1652980792270029
- When bulk unsubscribing members, the number of deleted newsletter relations are returned instead of the number of members with newsletters that were cleared
- Updates members-api to 8.1.0, which uses this new option to delete newsletter relations by member_id instead of the id of the relation (which allows us to fetch the number of successfully/failed member deletes) Changes: https://github.com/TryGhost/Members/pull/400
- Added tests for bulk unsubscribe and bulk delete labels (because they both use the updated bulkDestroy method)
refs https://github.com/TryGhost/Team/issues/1642
- Updated `members-csv` (dependency via `members-importer`, shouldn't this be a separate dependency too?) package to use the `tiers` field instead of the (removed) products field.
- Added basic test to see if products and labels are returned in the csv.
- checkout session creation was failing when setup with `offerId` instead of `tierId` and `cadence`
- updates `members-api` to ignore cadence check to allow creation using `offerId` present in request
Added CLI commands for REPL and timetravel functionality
- Added TimeTravel command for updating test data with a date offset
- Added REPL command for access to models and knex in development
- Added pattern for creating new CLI commands, including
- User input
- Output
- Validation of `NODE_ENV`
- TimeTravel command is in the main Ghost repo because it requires the schema
closes: https://github.com/TryGhost/Toolbox/issues/299
- core/client doesn't really make sense any more now that we don't have just a client and server folder
- this folder contains ghost admin, so admin makes waaaay more sense
refs https://github.com/TryGhost/Team/issues/1575
- Updates the admin-api-schema to reflect new data structure
- Updates members-api to allow Portal to use new data structure
- Data is only mapped at the serialised level to avoid changing the underlying implementation
- Ensure only one version of domain-events present in yarn.lock
refs https://github.com/TryGhost/Toolbox/issues/314
- Writing schema definitions will become more concise without a need to specify all valid resource properties that could be accepted by the Admin API - no need to define "strip" attribute on every known
refs https://github.com/TryGhost/Toolbox/issues/329
- Adds and improves gscan checks for use of following helpers:
- @labs.members
- @member.products
- @price
@labs.members going in favour @site.members_enabled
@member.products gone in favour of @member.subscriptions
@price and it's variations gone in favour of {{price}} + {{@member.subscriptions}}
refs https://github.com/TryGhost/Team/issues/1583
- Check limits when unarchiving newsletters
- Added tests for more scenarios
- When editing/adding newsletters, the limit check happens in the same transaction.
- `limit-service` was bumped to add transactions support
- Added transaction support for edit in newsletter service
refs https://github.com/TryGhost/Toolbox/issues/314
- The API principle guiding this change is the Robustness Principle: "be conservative in what you send, be liberal in what you accept". The API will start accepting any additional properties that are not explicitly defined in the schema for the resource and will be trimming any rogue properties that are sent in the payload
closes: https://github.com/TryGhost/Toolbox/issues/324
refs: https://github.com/TryGhost/Ghost/issues/14446
- Currently, if url is configured to http but a request is marked secure, Ghost will handle upgrading all internal URLs to https so that there are no mixed content warnings
- From 5.0 that feature is going away, in favour of strictly honouring the configured URL
- Ghost will serve URLs exactly as configured and won't upgrade http to https anymore
- This use case was common when Ghost was first built, but in 2022 the web is mostly https.
- The code needed to support the feature creates a lot of additional complexity & maintenance overhead, so removing this gives us space to do more cool and useful stuff in 2022
refs https://github.com/TryGhost/Toolbox/issues/292
- Copy improvements were done base on feedback. Makes the information in the email more concise and removes unecessary/unsecure bits like query strings.
refs https://github.com/TryGhost/Toolbox/issues/292
- Providing user-defined Integration name instead of API client's UserAgent gives a lot more control to instance administrators identifying which integration is being used incorrectly.
- It's best practice to create an Integration with a set of API keys per API client - which should be enough to identify an outdated one.
refs https://github.com/TryGhost/Toolbox/issues/292
- The version mismatch notification emails were missing a URL of the endpoint that was being accessed by an outdated integraton
- Also squeezed in a refactor simplifying APIVersionCompatibilityService initialization
- these packages have had minor code changes or dependency updates that
have forced us to publish the packages in Lerna
- this commit updates all packages in one rollup commit
- updated usage of url-utils.urlFor to work with v3
Co-authored-by: Renovate Bot <bot@renovateapp.com>
Co-authored-by: Hannah Wolfe <github.erisds@gmail.com>
refs https://github.com/TryGhost/Toolbox/issues/292
- This change allows to reuse existing pattern present in Ghost on the version mismatch service layer, where we define the contents of the sent email through email templates instead of plain text.
- Apart form templates, there's now failed request URL present in the data passed to the email template along with site title and site url
refs https://github.com/TryGhost/Team/issues/1577
The last seen at was being updated via the model rather than the
respository, which mean that the default relations were not being
loaded.
This fix updates the repository to load the newseletters relation,
updates the last seen at updated to use the repository and updates the
output serializer to handle missing newsletter relation.
We also update all packages relying on the domain-events package to
ensure that they're all using the same version.
Co-authored-by: Fabien 'egg' O'Carroll <fabien@allou.is>
refs https://github.com/TryGhost/Toolbox/issues/292
- Following the concept of having as little code in Ghost core as possible :) The email content generation is also needed to be reused in the version mismatch handling package.
- these packages contain minor code or dependency updates but we're
forced to publish them because of Lerna
- this commit rolls up all pending updates into one commit to save noise
refs https://github.com/TryGhost/Team/issues/1545
**Changes (`members-api`)**
- Compare via https://github.com/TryGhost/Members/compare/%40tryghost/members-api%406.0.0...%40tryghost/members-api%406.1.0
- Added mapping from member subscribed to newsletters on edit/create
- When editing or creating a member with the subscribed property, it is mapped to the corresponding newletters value
- Defaults to all active newsletters with visibility = members and subscribe_on_signup = true
**Tests**
- Adds test that adds a member with subscribed = true
- Adds test that adds a member with subscribed = false
- Adds test that edits a member with subscribed = true
- Adds test that edits a member with subscribed = false
- these packages contain only code changes or dependency updates but
we're force to publish new versions due to Lerna's limitations
- this commit bulk updates the packages to save having many commits
refs 58ace0af76
- please see the referenced commit above for full context but this
commit bumps `@tryghost/nodemailer`, which contains a fix for reading
credentials when using the SES mail transport
- credits to @touzoku
refs https://github.com/TryGhost/Team/issues/1478
- Moved all admin API members tests to enable the multiple newsletters flag
- Checks if the susbcribe events are added correctly when adding or removing newsletters
- Checks if susbcribe events are added for default newsletters
refs https://github.com/TryGhost/Team/issues/1524
- This enables admins in the ghost admin to have an overview of the total posts/members associated with a newsletter.
- Follows the `?include=count.x` convention used by other resources
- I had to fork this dependency to add support for Knex 2.0 but yarn is
weird and won't bump it if we use `master` because "nothing changed"
- Using a hash should force yarn to pull the changes if the hash gets
updated
refs fccee0614f
- `@tryghost/nql-lang` had `date-fns` declared as a devDependency but it
was used within the library itself
- the referenced commit moved it to `dependencies` and this commit bumps
the packages in Ghost
- we had to switch to `@vscode/sqlite3` a while back because `sqlite3`
was unmaintained
- this fork didn't come with prebuilt binaries, so everyone had to
compile them on their machine
- this brought a lot of issues with installing Ghost
- since then, the Ghost team have picked up maintenance of `sqlite3` and
Knex has switched back, so we can switch back here too
refs https://github.com/TryGhost/Toolbox/issues/280
- Email notification handling logic needs to be added to Ghost. Ideally there should be as little code landing in the core as possible - mostly data fetching and hooking modules together.
- The primary email handling logic for the `Accept-Version`/`Conent-Version` header missmatch is done in `api-version-compatibility-service` module, and the `mw-api-version-mismatch` allows to intercept request with the missmatch and call the api version compatibility service to do it's job. The mw-error-handler gives each case of client BEHIND or AHEAD of the Ghost version a unique error code, so that the versioning compatibility service has data to distinguish different cases
refs https://github.com/TryGhost/Team/issues/1520
**Changes in members repo**
Bumped to `5.12.0`, with the following changes:
- Compare differences via https://github.com/TryGhost/Members/compare/%40tryghost/members-api%405.11.1...%40tryghost/members-api%405.12.0
- Instead of doing the matching of the offers and subscriptions by looking at the offer redemptions, we can now look at the offer_id from subscriptions.
- This also fixes an issue where we don't attach the offer object to subscriptions in the members' browse method
- Updated browse behaviour to match the read behaviour of members (product relation needs to get loaded because it is missing in member.products if the subscription is expired).
**Tests**
- Includes test to see if the API correctly returns the offer object when fetching one or multiple members
- Check if the return format is the same for the read, edit and browse members admin API endpoints (offer was missing in subscriptions)
- Snapshot files have been updated because now the offer is returned in subscriptions (content length increased)
refs https://github.com/TryGhost/Team/issues/1519
**Tests:**
- Tests whether the metadata from an offer is read correctly and stored in the database
- Test that invalid offer ids are ignored
**Changes in members repository:**
- Compare changes here: https://github.com/TryGhost/Members/compare/%40tryghost/members-api%405.9.2...%40tryghost/members-api%405.11.1
- The `offer_id` column of subscriptions is set based on the coupon id from Stripe
- `getByStripeCouponId` method added in the offers repository (required to look up an offer from a stripe_coupon_id)
- the `members-payments` package was bumped twice (once for changes, once for undoing those changes, my bad). Nothing else has changed in that package.
refs https://github.com/TryGhost/Toolbox/issues/267
- Node 12 becomes EOL on April 30th so we're going to be dropping
support for it in Ghost
- this commit updates the Node engine ranges so CLI can pick this up,
and drops 12.22.1 from the CI matrix
refs https://github.com/TryGhost/Team/issues/1469
Previously, members were subscribed to all available newsletters by default when added. This change updates the default newsletters subscription for member to take into account newsletter preferences for auto opt-in(`subscribe_on_signup`) as well as `visibility`.
