refs https://github.com/TryGhost/Team/issues/1174
refs https://github.com/TryGhost/Members/pull/408
When logged out members navigate a site and want to interact with, for example
comments, they are redirected to the homepage after sign-in with the magic link,
this is disorientating, and means they then need to navigate back to the content
they were interacting with.
This change means that sign-in's will be redirected to the page from which they
were initiated, allowing a more streamlined flow for logged out members wanting
to add comments.
We've restricted the redirect to URI's which are on the same domain as the site,
and we also do a relative redirect, this is to ensure that a malicious actor does not
send magic links which redirect off-site and leak authentication details
closes https://github.com/TryGhost/Team/issues/1674
- The comped flag in Members API unintentionally stopped working when v3 API was dropped with the release of Ghost v5. The flag is deprecated but should be back-compatible for now - we don't want to break integratons like Zapier.
- To properly deprecate the flag we need to plan it's removal and start signalling about it through the version headers
Co-authored-by: Simon Backx <simon@ghost.org>
refs https://github.com/TryGhost/Team/issues/1174
This paves the way for Ghost to be able to redirect to the referrer
page when dealign with signup magic links. We pass the referrer for
all types of magic links however, to allow extension of this
functionality in the future.
We've also removed the concept of `requestSrc` which has been unused
for a while now.
closes https://github.com/TryGhost/Team/issues/1623
The offers API endpoint had it's own custom serializer pattern, which didn't fit well with how the API is meant to work.
- refactored the offer data format returned by internal api controller to match other controllers
- removed custom serializer for offers, instead adds a mapper to follow consistent pattern for all apis
- adds explicit allowlist for offers content API data
refs https://github.com/TryGhost/Team/issues/1674
- While preparing the changes had a look around and made small refactors to understand the codebase a little better. In general it's best to keep the method parameters as small and precise as possible instead of passing around a "bag-of-all-the-things" like "data" around
refs https://github.com/TryGhost/Team/issues/1674
- While preparing the changes had a look around and made small refactors to understand the codebase a little better. In general it's best to keep the method parameters as small and precise as possible instead of passing around a "bag-of-all-the-things" like "data" around
ref https://github.com/TryGhost/Team/issues/1667
Introducing 2 new helper handlebars tags, `{{total_members}}` and `{{total_paid_members}}` ideal for Member Sites who want to display these metrics to incentivise users to upgrade.
refs https://github.com/TryGhost/Team/issues/1676
- Added maxAge option to content API
- Added maxAge to members API
- Added maxAge to frontend site preflights (probably not used, but it was configured, so added to be sure)
- Added config option to change default maxAge of preflight requests
refs https://github.com/TryGhost/Team/issues/1673
When a user switches plan, the paid subscribers delta chart on the dashboard displays the change as a cancellation plus a new subscription. This display is misleading and confusing - instead, plan changes should be excluded from the paid subscribers delta chart.
To accomplish this, we added new properties to the API (signups and cancellations) that can be used to exclude plan changes in the statistics.
Changes in `@tryghost/stats-service`: d0dd218fc7
Related admin changes: https://github.com/TryGhost/Admin/pull/2425
refs TryGhost/Toolbox#340
refs TryGhost#13451
- Fixed the snapshot files which had to include new fields like "comment_notifications" as well as other properties that came along with the hacky solution to the webhook's auhor inclusion bug
- Also documented the "roles" being included inconsistently across different events - it's a BUG and should be looked into one day when we care enough.
closes https://github.com/TryGhost/Toolbox/issues/340
closes https://github.com/TryGhost/Ghost/issues/13451
- Webhook subscribers were receiving post request payloads without `authors` and `primary_author` properties.
- The behavior was due to missing "originalOptions" property that is needed to correctly serialize the model to json on the model layer.
- A more holistic approach would be to pass the options somehow along with the model with the event. This would require a deeper rework though
As part of the updates to auth cookies we switched to SameSite=None
which requires an SSL connection. Local development, and some
production sites do not use SSL and so the cookie is invalid and a
session is unable to be created with the browser.
As part of the updates to auth cookies we switched to SameSite=None
which requires an SSL connection. Local development, and some
production sites do not use SSL and so the cookie is invalid and a
session is unable to be created with the browser.
closes https://github.com/TryGhost/Ghost/issues/15008
- To improve searchability of the posts written by a removed user we are adding an internal tag to all the posts the user was an author or a co-author of
- This improvement should make managing and disovering deleted user's post way easier
- added `Gruntfile.js` - this file is only for development
- added `ghost-*.tgz` - this avoid packaging other packaged Ghost
archives
- added `!core/frontend/src/admin-auth/*.html` - this re-adds the Admin Auth
HTML file that would otherwise be excluded from the build
refs https://github.com/TryGhost/Team/issues/1665
- bumps new search feature to GA from alpha
- allows sites to trigger new built-in search feature via `data-ghost-search` attribute or navigation link( `#/search` )
The copyStatic method relies on the dest directory existing, which is
done created the minify method. We've reordered the calls to fix the
issue, but we're still left with the copyStatic method being dependent
on the minify method. Adding the `@private` jsdoc tag removes these
from the public interface, so that the dependency is encapsulated in
this module via the `load` method.
We've also awaited the result of the copyStatic method to avoid
dangling promises.
refs https://github.com/TryGhost/Team/issues/1664
- ensures source files are copied to the correct place and minified on boot and when frontend src files are changed in development
refs https://github.com/TryGhost/Team/issues/1664
These changes are required for Portal to be able to edit the member notification preferences for comments, and to be able to know whether comments are enabled for the site.