Commit Graph

12774 Commits

Author SHA1 Message Date
Thibaut Patel
c471ae11d4 Added oauth login and invitation acceptance
issue https://github.com/TryGhost/Team/issues/614

- Users who have a password can directly sign-in via oauth
- User who are logged-in get their password disabled
- Users accepting an invitation get their password disabled
- The way we disable password is by setting it to a long random password
2021-04-21 19:36:27 +02:00
Hannah Wolfe
c02b0a19ac Used new default API version in theme engines
refs: 9f50e941eb
refs: bf0823c9a2

- Still working towards splitting the theme service into logical components
- The engine defaults were required in the index file, in a way that creates tight coupling across what would otherwise
be distinct components
- Also meant there was another hardcoded 'v4' in the codebase
- This fixes both issues by depending on the value from config
- Currently this adds Yet Another Config Require, but it should be fine for now until we have a new pattern for the frontend
- Note: We only care about the ghost-api engine, we used to care about both ghost and ghost-api. Now that there is only one there was no need for the more complex code structures
2021-04-21 18:08:17 +01:00
Daniel Lockyer
e9b21fdbd1 Updated bson-objectid calls to match API change
refs c873899e49

- as of `bson-objectid` v2.0.0, this library exports the function
  to generate an ObjectID directly, and then you need to use `.toHexString()`
  to get the 24 character hex string - 6696f27d82
- this commit removes all uses of `.generate()` and replaces with this
  change
2021-04-21 16:23:52 +01:00
Renovate Bot
6745546538 Update dependency bson-objectid to v2 2021-04-21 16:23:52 +01:00
Hannah Wolfe
9f50e941eb Added default API version to config
refs: https://github.com/TryGhost/Team/issues/527
refs: bf0823c9a2

- We have default API versions littered all over the codebase. When we updated to Ghost v4 we realised just how many and how much of a pain in the ass this is to manage.
- This creates a config value we can use. It's in overrides for the time being because we usually default to that until there is a usecase for it being overridable. If there is one, cool, change it!
- The main motivation for adding this now and only using it in boot and urlUtils is as part of work to decouple the theme service into logical compontents, because the engines system inside of themes has its own default, and this is one cause of tight coupling
- Expectation is that we'll slowly roll out use of the new default, hopefully without requiring config in any additional places (e.g. passing the version in from the boot file)
2021-04-21 14:57:07 +01:00
Hannah Wolfe
c687df21e1 Moved theme config to new theme engine service
refs: bf0823c9a2

- continuing the work of splitting up the theme service into logical components
2021-04-21 14:21:32 +01:00
Hannah Wolfe
ef4e4e8cc0 Moved handlebars utils to new theme engine service
refs: bf0823c9a2

- continuing the work of splitting up the theme service into logical components
2021-04-21 14:21:32 +01:00
Renovate Bot
dd09a4500d
Update dependency knex-migrator to v4.0.4 2021-04-21 11:47:41 +00:00
Renovate Bot
87e747ebb0 Update dependency @tryghost/image-transform to v1.0.11 2021-04-21 12:11:15 +01:00
Kevin Ansfield
074e8b1292
Added @site.signup_url data property for themes (#12893)
refs https://github.com/TryGhost/Team/issues/579

- when members signup is enabled returns `#/portal` otherwise returns feedly subscription URL
- allows for themes to have subscription buttons without condititionals, eg `<a href="{{@site.signup_url}}">Subscribe</a>`
2021-04-21 12:10:09 +01:00
Daniel Lockyer
4fa4dc8034
v4.3.0 2021-04-21 09:10:24 +01:00
Daniel Lockyer
602e8feee4
Updated Ghost-Admin to v4.3.0 2021-04-21 09:10:24 +01:00
Hannah Wolfe
db79176724 Used themeService as var name everywhere [again]
refs 08fbcf1d90

- I didn't quite finish this commit before, and also forgot to write a proper commit message 🙈
- Having the theme service required and referenced in lots of different ways contributes to it being very hard to refactor and break down into smaller pieces
- This is just one simple nice-to-have so we can search the codebase for references more easily
2021-04-20 19:16:52 +01:00
Hannah Wolfe
307e035796 Fixed incorrect require path in theme tests
- At some point we have updated the path that should be required to get helpers, but missed updating the path in this test
- When run with the full suite, the test still passed, but when run independently it threw the error loadCoreHelpers is not a function
- This is to do with some interaction with the middleware_spec.js tests
- I'm working on breaking all this down so hopefully will get rid of any further weird test independence issues
2021-04-20 19:16:52 +01:00
Renovate Bot
87b702f5d2
Update dependency @sentry/node to v6.3.0 2021-04-20 15:59:09 +00:00
Fabien 'egg' O'Carroll
5b936c052f
Added Default Product fixture (#12892)
refs https://github.com/TryGhost/Team/issues/619

As part of the Custom Products work, we are linking members to products
when updating their subscriptions. This requires that we have at least
one product in the database. For existing sites that are using Members
this is handled by the v4.3 03 migration. But for new sites we must
include a fixture.

Also fixes the tests to not reply on the order of the fixtures
2021-04-20 16:39:27 +01:00
Hannah Wolfe
cc736a3eef
Update CONTRIBUTING.md 2021-04-20 15:44:18 +01:00
Fabien O'Carroll
050580e5ab Supported products include for Members Admin API
refs https://github.com/TryGhost/Team/issues/616

This allows us to check which products a Member has access to, without
having to check the subscriptions array.
2021-04-20 13:04:51 +01:00
Fabien O'Carroll
d7b6a48226 Added Products API to Admin API
refs https://github.com/TryGhost/Team/issues/616

This is a basic scaffold of the API to get things moving.

The input serializer is so that the controller logic does not need to
know about the json-api shape of the input data.

The output serializer is an adaptation of the members one.
2021-04-20 13:04:51 +01:00
Rish
ffe24a728c Bumped @tryghost/members-api to 1.3.0
refs https://github.com/TryGhost/Team/issues/619

- Bumps `@tryghost/members-api` to `1.3.0` which adds a one-off migration to populate missing stripe prices and products
- Bumps patch versions on `@trghost/members-ssr` and `@tryghost/magic-link` to 1.02
2021-04-20 17:32:07 +05:30
renovate[bot]
63e42199be
Updated JSON schema for Products & Members Admin API
refs https://github.com/TryGhost/Team/issues/616

This adds the schema for the Products Admin API to be used as the input
validation, and adds support for the `products` property on the Members
Admin API

Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-04-20 12:22:55 +01:00
Rishabh Garg
48a2d24497
Added stripe_price_id column to subscriptions table (#12881)
refs https://github.com/TryGhost/Team/issues/586

- Adds new `stripe_price_id` column to subscriptions table to store stripe price ids with `index`
- Populates `stripe_price_id` column value to current `plan_id` making the `plan_*` values redundant
- Updates tests
2021-04-20 16:37:59 +05:30
Rishabh Garg
5da4ae90b2
Added cascade delete for stripe products and prices (#12891)
refs https://github.com/TryGhost/Team/issues/586

If a product inside Ghost is deleted, we want to cascade delete all associated Stripe products and prices as they always need to refer back to a ghost product and will hang without any reason otherwise. This change adds cascade delete for products -> stripe_products -> stripe_prices to avoid broken states
2021-04-20 15:24:52 +05:30
Hannah Wolfe
bf0823c9a2 Moved hbs engine into new theme engine service
- This is the beginning of splitting up the theme service into:
   - Storage components used by the API (should be a server service)
   - Theme engine & rendering components used by the frontend (this new engine service)
   - The code to activate a theme which is shared code where the API & frontend need to communicate
- This is needed because currently the frontend theme service is required and used by the API, creating tight coupling.
- In my quest to truly separate the API and frontend, this is one of many battles that needs winning
2021-04-19 20:03:30 +01:00
Hannah Wolfe
08fbcf1d90 Used themeService as var name everywhere 2021-04-19 19:41:13 +01:00
Kevin Ansfield
5c41c67ffc Set @labs.members to false when members_signup_acess == 'none'
refs https://github.com/TryGhost/Team/issues/579

- setting `members_signup_access` to `'none'` effectively disables all built-in members functions on the front-end so setting `@labs.members` to `false` allows themes to react accordingly
- `@labs.members` keeps backwards compatibility with pre-4.0 versions where themes were using it to toggle member-related functionality
2021-04-19 18:28:51 +01:00
Kevin Ansfield
4a8352c418 Disabled portal and stripe in {{ghost_head}} when signup access is none
refs https://github.com/TryGhost/Team/issues/579

- skips insertion of members-related scripts and styles when `members_signup_access` setting is set to `'none'`
- adds `id="gh-members-styles"` to the inserted style script tag for reference in tests and JS
2021-04-19 17:27:37 +01:00
Kevin Ansfield
fff6a04c54
Migrated members_allow_free_signup setting to members_signup_access (#12886)
refs https://github.com/TryGhost/Team/issues/579

Currently the members signup setting is explicitly yes/no to allowing free members signup, with the implication that when set to "no" members is still active but members have to be created via Stripe or the admin API.

This change renames the setting and changes its type to allow more than a binary option.

- migration to create/update the new setting based on the old value
  - free signup = "all", no free signup = "invite"; matches the current UI for this setting
- rename setting everywhere it's used/tested against
- modify `getAllowSelfSignup()` used to configure members packages to only return `true` when the new setting is set to `'all'` to match behaviour to the older setting
- update importer to rename the setting when importing from an older Ghost version
2021-04-19 16:36:30 +01:00
Renovate Bot
5fedb44e0b Update dependency @nexes/nql to v0.5.2 2021-04-19 15:32:22 +01:00
Daniel Lockyer
3421269ee7 Updated tmp dependency to v0.2.1
no issue

- `tmp` 0.1.0 was broken and I added `tmp` to the Renovate ignore list
  to stop it creating PRs - 082160106a
- 0.2.1 is fixed again so we can merge the update and remove it from the
  list
2021-04-19 15:13:55 +01:00
Daniel Lockyer
2fbbf9999d Bumped selected dependencies to unpin sub-dependencies
no issue

- we've been unpinning dependencies in our libraries to remove
  duplicates
- this commit bumps packages from the Utils repo and NQL, all of which
  contain changes to unpin their own dependencies
2021-04-19 11:07:11 +01:00
Renovate Bot
a789e05af4
Update dependency gscan to v4.0.2 2021-04-16 16:49:09 +00:00
Daniel Lockyer
ea4b1a6ebf
Merged v4.2.2 into main
v4.2.2
2021-04-16 17:46:14 +01:00
Daniel Lockyer
452ab7ebe6
v4.2.2 2021-04-16 17:44:15 +01:00
Daniel Lockyer
d57b9552bb
Updated Ghost-Admin to v4.2.2 2021-04-16 17:44:15 +01:00
Thibaut Patel
714bbceed9
🔒 Added a way to hide the secret settings once they are set
issue https://github.com/TryGhost/Team/issues/621
2021-04-16 17:20:33 +01:00
Thibaut Patel
92b96a152c Fixed the previous commit
commit 375c71fc6a
2021-04-16 18:05:13 +02:00
Thibaut Patel
375c71fc6a 🔒 Added a way to hide the secret settings once they are set
issue https://github.com/TryGhost/Team/issues/621
2021-04-16 17:05:16 +02:00
Renovate Bot
a7db331f57
Update dependency ghost-ignition to v4.6.2 2021-04-16 13:05:00 +00:00
Daniel Lockyer
41000f4653
Updated selected Utils packages to unpin dependencies
no issue

- I recently unpinned dependencies in the Utils monorepo so we can avoid
  multiple versions of the same package
- this commit bumps all the packages that I published, that do not have
  other changes. Other team members should merge these
2021-04-16 13:59:15 +01:00
Hannah Wolfe
fafbc8ef0a Added Caddyfile to .gitignore
- Allows for using caddy locally for development and testing with ssl
2021-04-16 12:32:37 +01:00
Renovate Bot
54644e2840 Update dependency @tryghost/html-to-mobiledoc to v0.7.14 2021-04-16 10:49:57 +01:00
Renovate Bot
f4a129b7a9
Update dependency express-hbs to v2.3.5 2021-04-16 09:01:28 +00:00
Daniel Lockyer
d01d8988e2 Updated tests to reflect jwks-rsa v2 changes
refs https://github.com/auth0/node-jwks-rsa/blob/master/CHANGELOG.md#200---2021-03-01

- `jwks-rsa` switches from callbacks to async-await and so we need to
  change the tests to reflect this
- this commit moves from `getSigningKey` containing a callback to it
  being part of the async-await flow
2021-04-16 09:58:47 +01:00
Renovate Bot
7c7f46cbf1 Update dependency jwks-rsa to v2 2021-04-16 09:58:47 +01:00
naz
d964224312
Added settings keys to store OAuth related data (#12879)
refs https://github.com/TryGhost/Team/issues/618

- The `oauth_client_id` and `oauth_client_secret` are placeholders to store OAuths related data.
- The flag for `oauth_enabled` or anything along those lines was not added intentionally in favour of checking if the `oauth_client_id` & `oauth_client_secret` are null.
2021-04-16 10:02:21 +02:00
Renovate Bot
8fbcf26d08 Update dependency @tryghost/helpers to v1.1.42 2021-04-15 16:59:26 +01:00
Renovate Bot
43afc8020d Update dependency @tryghost/session-service to v0.1.19 2021-04-15 16:39:44 +01:00
Renovate Bot
44e7df59f3
Update dependency knex-migrator to v4.0.3 2021-04-15 15:06:28 +00:00
Renovate Bot
8f60bc0a57 Update dependency sqlite3 to v5 2021-04-15 16:03:39 +01:00