Commit Graph

277 Commits

Author SHA1 Message Date
Hannah Wolfe
ef1207cc0d Merge pull request #3213 from hswolff/lazy-load-models
Preparation for lazy loading of models
2014-07-11 15:29:46 +01:00
Sebastian Gierlinger
8c2258dc4c Move setup to API
closes #3136
- moved setup to authentication API
- added `POST /ghost/api/v0.1/authentication/setup` to execute the
setup process
- added `GET /ghost/api/v0.1/authentication/setup` to check if blog is
already set up (needed for #3145)
- removed unused methods from api/users.js
2014-07-11 14:17:09 +02:00
Hannah Wolfe
49b08c3bdc Merge pull request #3236 from sebgie/issue#3074
Setup hijacks owner user
2014-07-10 21:52:41 +01:00
Sebastian Gierlinger
215badc663 Setup hijacks owner user
closes #3074
- user generated by fixture is hijacked
- user is updated with name, email, password, slug and status
- creates new user if db is migrated but no user exists
- previously removed tests are back
2014-07-10 19:29:51 +02:00
Harry Wolff
cddd23f926 Only reference model properties through the models module.
This frees us up to enforce one single point of access, thus paving
the way towards allowing us to initialize the models at are request,
and not when it's require().

addresses #2170
2014-07-10 08:04:32 -04:00
Harry Wolff
e3520feeec Move creation of knex instance to config module
addresses #2170
2014-07-10 08:00:24 -04:00
Hannah Wolfe
b69b5e7638 Merge pull request #3230 from jaswilli/issue-3226
Fix active theme selector.  Add validation to API.
2014-07-10 12:52:01 +01:00
Sebastian Gierlinger
5e4fae6f11 Add owner fixture
closes #3073
- added fixture for owner role
- added fixture for initial user (new db)
- added conversion administrator -> owner (existing db)
- changed tests to take over owner user
- removed some functional tests until /setup works with owner user
2014-07-10 12:00:51 +02:00
Jason Williams
fddf2ee42f Fix active theme selector. Add validation to API.
Closes #3226
- Remove dependent property from the computed content property
  that is used to build the active theme selector.
- Add validation to the Settings model so that it rejects
  attempts to set an activeTheme that is not installed.
2014-07-09 22:14:33 +00:00
Sebastian Gierlinger
035fb04d34 closes #3197
- added role to user obj (only returned from the user endpoint)
- added `/users/?include=roles` and
`/users/?include=roles,roles.permissions` query parameters
- added and updated tests
2014-07-08 18:00:59 +02:00
Jason Williams
05d199f9b4 Check datatype for date format conversion
Closes #3199
-If datatype is dateTime convert to javascript Date object when
 retrieved from the database.
-Add tests to make sure models and internal API are using Date
 objects for dateTime fields.
-Add tests to make sure the HTTP API is returning ISO 8601
 date strings for dateTime fields.
2014-07-05 19:15:32 +00:00
Hannah Wolfe
8b2edf7e56 Merge pull request #3192 from sebgie/issue#3081
Allow user to accept invitation
2014-07-04 23:18:47 +01:00
Sebastian Gierlinger
84cfd529ed Allow user to accept invitation
closes #3081
- added route `/ghost/api/v0.1/authentication/invitation`
- added accept invitation
- added signup with token
- removed check() from users api
- fixed promise in resetPassword()
2014-07-03 17:06:07 +02:00
Jason Williams
13229fb6a4 Fix server-side validation
Closes #3122
-Fix validation so that all values are validated instead
 of just values that evaluate to true.
-Ensure validation methods consistently return promises
 and switch error handling from try/catch to promise.catch
 to get rid of unhandled rejection warnings.
-Add 0 and 1 to list of acceptable values in boolean validation.
2014-07-03 14:57:57 +00:00
Sebastian Gierlinger
79a80b67ac Invite user API
closes #3080
- added users.invite() to add user from email with random password
- added `GET /ghost/api/v0.1/users/` to invite users and resend
invitations
- removed one user limit
- added global utils for uid generation
- changed some „“ to ‚‘
2014-07-02 16:22:18 +02:00
Sebastian Gierlinger
c8e8da4780 oAuth
closes #2759
closes #3027

- added oauth2orize library for server side oAuth handling
- added ember-simple-auth library for admin oAuth handling
- added tables for client, accesstoken and refreshtoken
- implemented RFC6749 4.3 Ressouce Owner Password Credentials Grant
- updated api tests with oAuth
- removed session, authentication is now token based

Known issues:
- Restore spam prevention #3128
- Signin after Signup #3125
- Signin validation #3125

**Attention**
- oldClient doesn't work with this PR anymore, session authentication
was
removed
2014-06-30 14:58:10 +02:00
Fabian Becker
72156c7f89 New setup screen for blog installation.
fixes #3072
- Change router to handle /ember/setup/
- Adjust doSignup to also handle setup
- Adjust tests and add new where necessary
- Add setup controller, setup validation, setup route
- Adjust casper emberSetup to handle new setup
2014-06-26 15:31:44 +02:00
Fabian Becker
3d2205195d Generate slug when adding new app.
No issue
- Remove duplicate code from model_posts_spec.
- Add slug generation to app model
- Test slug generation on app model
2014-06-24 22:20:35 +00:00
Hannah Wolfe
28d10a9e2f Merge pull request #2995 from sebgie/issue#2822
User API changes
2014-06-20 18:39:33 +01:00
Sebastian Gierlinger
22c05da93a Fix limit parameter
closes #3004
- parseInt for limit parameter
2014-06-20 14:28:01 +02:00
Sebastian Gierlinger
1db0431e4d User API changes
closes #2822
- added destroy user method
- added remove user permission
- added API end point for get reset token
- added API end point for reset password
- added API end point for change password
2014-06-20 11:15:01 +02:00
Sebastian Gierlinger
a3665cd917 Merge pull request #2980 from jgable/lazyLoadDefaultSettings
Lazy load default settings
2014-06-17 21:52:34 +02:00
Jacob Gable
d37be6f098 Lazy load default settings
Closes #2061

- Lazy load the defaultSettings value in Settings model
- Populate individual defaults before read/edit
- Populate all defaults before first browse call
- Remove populateDefaults calls from init code
2014-06-17 10:36:47 -05:00
Jason Williams
9a9593536d Update when.js dependency to version 3.2.3 2014-06-16 04:11:22 +00:00
Tim Griesser
f87e0d364d Bumping to Knex 0.6.12, Bookshelf 0.7.1 2014-06-10 17:07:53 -04:00
Jason Williams
bb4a0a3540 Update slug API to work with additional types
Closes #2866
-update slug API to handle users and apps in addition to
 posts and tags
-update existing tests
-add new functional tests for slug endpoint on http api
2014-06-04 05:54:03 +00:00
Jason Williams
669f7f8b0c Fix content preview actions and add tests
Closes #2798
-fetch full model for active post in Backbone content preview view
-remove unnecessary type check in Models.Post.saving
-add functional tests for all post settings menu actions in editor screen
-add functional tests for all post actions in content preview
 screen for posts with and without tags
2014-05-23 20:54:02 +00:00
Hannah Wolfe
c02ebb0dcf Refactor API arguments
closes #2610, refs #2697

- cleanup API index.js, and add docs
- all API methods take consistent arguments: object & options
- browse, read, destroy take options, edit and add take object and options
- the context is passed as part of options, meaning no more .call
  everywhere
- destroy expects an object, rather than an id all the way down to the model layer
- route params such as :id, :slug, and :key are passed as an option & used
  to perform reads, updates and deletes where possible - settings / themes
  may need work here still
- HTTP posts api can find a post by slug
- Add API utils for checkData
2014-05-15 10:41:05 +01:00
Jacob Gable
0dc6dc29a7 Add apps permissable checks in posts and users
Closes #2738

- Re-introduce the TargetModel.permissable interface check in the
regular permission flow path
- Pass loadedPermissions, hasUserPermission and hasAppPermission to
permissable interface to reduce logic necessary
- Refactor recursive call to pass original arguments but with actual
model
- Refactor canThis(this.user) use in api/posts.js to just canThis(this)
2014-05-14 09:22:25 -05:00
Jason Williams
954cb1a59e updateTags refactor
closes #2720
-refactor Models.Posts.updateTags method to reduce complexity
2014-05-12 21:03:26 +00:00
Sebastian Gierlinger
fd0f5a5028 Add distinct error classes
closes #2690
- added new error classes
- moved errorhandling.js to /errors/index.js
- changed API errors to use new classes
- updated tests
2014-05-09 12:11:29 +02:00
David Arvelo
87cda81c84 Sanitize models' attributes/options before passing to bookshelf/knex
closes #2653
- enforce strict whitelists for model methods
- create a class method that reports a model method's valid options
- create a class method that filters a model's valid attributes from data
- create a class method that filters valid options from a model method's options hash
2014-05-06 23:02:49 -04:00
Sebastian Gierlinger
b98709b3ce Refactor omit of password
- remove password in toJSON() instead of filtering every occurrence of
user
- changed faulty error type ‚NotFound‘ to ‚NoPermission‘
2014-05-06 12:14:58 +02:00
Hannah Wolfe
31fc84cefb Consistency in model method naming
- The API has the BREAD naming for methods
- The model now has findAll, findOne, findPage (where needed), edit, add and destroy, meaning it is similar but with a bit more flexibility
- browse, read, update, create, and delete, which were effectively just aliases, have all been removed.
- added jsDoc for the model methods
2014-05-06 00:36:42 +01:00
Sebastian Gierlinger
39e654e9c3 Change error message response
closes #2643
- added error type
- added error property for validations
- wrapped errors in an array
- returns multiple errors for validation
- updated tests and admin
2014-05-05 15:51:21 +02:00
Hannah Wolfe
f2071eedb2 Move user API to primary document format
closes #2593

- added new format to user API methods
- changed all places where the user api was used
- updated tests and added more coverage
- little bit of cleanup in utils/api
2014-05-02 20:50:44 +01:00
Jacob Gable
7e9880ce8d Settings API Primary Document refactor
Closes #2606

- Refactor settings api responses to { settings: [ ] } format
- Update all code using api.settings to handle new response format
- Update test stubs to return new format
- Update client site settings model to parse new format into one object of key/value pairs
- Refactor to include all setting values
- Remove unused settingsCollection method
- Update settingsCache to store all attributes
- Update settingsResult to send all attributes
- Remove unnecessary when() wraps
- Reject if editing a setting that doesn't exist
- Reject earlier if setting key is empty
- Update tests with new error messages
- Use setting.add instead of edit that was incorrectly adding
- Update importer to properly import activePlugins and installedPlugins
- Update expected setting result fields
- Fix a weird situation where hasOwnProperty didn't exist 🤷
2014-04-30 23:15:27 -05:00
Sebastian Gierlinger
e1bbc60467 Additional objects
closes #2620
- moved aspect -> filters
- updated tests
- fixed inconsistency in pagination object
2014-04-27 19:34:44 +02:00
Sebastian Gierlinger
1e62400465 Add include parameter for posts API
closes #2609
- added include parameter to api.posts.*
- changed toJSON to omit objects that are not included
- added include parameter to admin
- added include parameter to frontend.js
- updated tests
- removed duplicate code from posts model

**Known Issue:** It is not possible to attach a tag using an ID.
2014-04-27 18:58:34 +02:00
Sebastian Gierlinger
0bdfadd9d6 Changed boolean handling
closes #2638
- replaced format() with parse() to convert values when fetched
- changed validation from integer to boolean
- added checks to tests
2014-04-25 09:55:53 +02:00
Andrew Schwartzmeyer
31d0014130 Adding public to reserved slugs
See this [tweet](https://twitter.com/TryGhost/status/459069697930330112)

Also see the new [Wiki page](https://github.com/TryGhost/Ghost/wiki/Reserved-Slugs)
2014-04-23 14:21:39 -07:00
Jacob Gable
a9cc252b45 Invalidate cache header only for published posts
Closes #1563

- Add new updatedAttributes() functionality to base models
- Update Post.edit(...) to pass along _updatedAttributes values
- Update Post.delete to set statusChanged to true
- Add checking for statusChanged to cacheInvalidationHeader()
- Update route tests that check for cache invalidation header
2014-04-23 09:28:45 -05:00
Hannah Wolfe
9bf02c9e8c Merge pull request #2641 from alarobric/feature/2607TagParentRelation
Tag API response to use parent rather than parent_id
2014-04-23 12:47:37 +01:00
Alan Richards
5877e7d211 Tag API response to use parent rather than parent_id
Closes #2607
- added toJSON method to tag model
- parent_id attribute is replaced by parent
- integration tests will expect parent as an attribute
2014-04-22 23:46:53 -07:00
Alan Richards
686aec7ab5 Post API response to use author not author_id
Closes #2608
- added toJSON method override for post model
- in the event no expanded author relation is present the id will be used
- removed author_id from expected response JSON for posts.
- updated integration tests to check for existence or not of author and author_id
2014-04-22 02:13:33 -07:00
Hannah Wolfe
3eb284e4b5 Update & grunt-groc and fix docs errors
issue #2622

- Updated grunt-groc to 0.4.5
- Fixed the few places which made the docs fail to generate
- There is still a mix of styles
2014-04-21 19:04:20 +01:00
Sebastian Gierlinger
32ea948675 Post response move pagination -> meta
closes #2604
- moved ‚pagination‘ to ‚meta‘ property
- added response test for pagination property
- changed ‚next‘ and ‚prev‘ to be set to null and exist on every
response
- removed unnecessary call to API for RSS author
2014-04-19 17:03:20 +02:00
Sebastian Gierlinger
e47e9c62d0 Add permissions to API
closes #2264
- added permissions check to db, users and posts
- added register method to users
- added doesUserExist method to users
- added user from session to internal calls
- changed permissible to overwrite canThis
- removed action map and action type from permissable method
2014-04-16 18:22:22 +02:00
Sebastian Gierlinger
61e94a6e8b Use current user in models
closes #2058
- fixed apiContext as suggested in the issue
- added user to options object for models
- added api.users.register() for public registration
- changed models to use options.user for created_by, updated_by,
author_id and published_by
- added override to session model to avoid created_by and updated_by
values
- added user (id: 1) to tests
- added user (id: 1) for registration
- added user (id: 1) for import, fixtures and default settings
- added user (id: 1) for user update
- added user (id: 1) for settings update (dbHash, installedApps, update
check)
- updated bookshelf to version 0.6.8
2014-04-16 18:20:09 +02:00
Sebastian Gierlinger
c0dc8e95d2 Add new permissions to fixtures
closes #2325
- added new permissions
- added relation to user roles
- added updateFixtures to migrateUp
- removed validation per model to fix tests
2014-04-16 18:16:10 +02:00
Fabian Becker
41cef386bc Implements Models & Data API for Apps
closes #2138
- Adds new models for AppField and AppSetting
- Removed permitted attributes from App model (handled by base)
- Added reference from Post to AppFields
- Added fixture data to DataGenerator
- Added integration tests for Apps, AppSettings, AppFields
- Added import for Apps
- Added app_fields to default fixtures
2014-04-16 18:14:56 +02:00
Jacob Gable
9369dd3bf7 Add app permission checking to canThis
- Pass permissions loading to buildObjectTypeHandlers to eliminate
shared state
- Load both app and user permissions to check
- Check app permissions if present
- Create apps table and App model
- Move effectiveUserPermissions to permissions/effective
- Change permissable interface to take context; user and app.
- Add unit tests for app canThis checks and effective permissions
2014-04-16 18:06:39 +02:00
Sebastian Gierlinger
9321289c1d Move post API to primary document format
closes #2580
- added new format to post API methods
- added post object parsing and wrapping to admin
- removed unused ‚user‘ object from API response
- updated tests
2014-04-16 12:09:03 +02:00
Matt Enlow
f8d90f1cc6 Added populate last login time
closes #2515
- sets last_login when user is saved if user status changed to active
- added integration test in user Basic Operations
2014-03-27 12:29:43 -06:00
Hannah Wolfe
2f097ce906 Merge pull request #2498 from sebgie/duplicate-tags
Deduplicate upper-/lowercase tags for posts
2014-03-25 13:30:44 +00:00
Hannah Wolfe
438cbab68e Ensure generateSlug gets transaction for tags
fixes #2460

- add transacting to tag saving
- add same to users while we're here
2014-03-25 11:14:17 +00:00
Hannah Wolfe
1fbe4d0be7 Merge pull request #2497 from sebgie/issue#2492
Fix delete button
2014-03-24 18:47:25 +00:00
Sebastian Gierlinger
a3aba2d504 Deduplicate upper-/lowercase tags for posts
server side check for #2478
- added check for duplicate tags in post model
2014-03-24 19:08:06 +01:00
Sebastian Gierlinger
b83fc25613 Fix delete button
closes #2492
- added when.all() to wait until all posts are deleted before deleting
tags
- added a test
2014-03-24 14:49:23 +01:00
Hannah Wolfe
13b65cecb9 Redirect feed -> rss
closes #2261

- reserved 'feed' in the list of reserved keywords for slugs
- added a 301 redirect from /feed/ to /rss/
- added a route test, and realised that standard express redirects don't get the right headers
- fixed the headers across all 301 redirects & added tests for the admin redirects
- removed the redirect from /ghost/login/ to /ghost/signin/ as this happens automatically if you're logged out, and isn't very useful if you're logged in as it just redirects again to /ghost/
2014-03-24 09:46:39 +00:00
Hannah Wolfe
a0dff19b7a Customise slug base name for different models
fixes #2480

- when the santisation of a slug results in an empty string, we use a basename instead.
- this was 'post' and is now the table name for the model, minus the trailing 's'
- this isn't massively robust but works as a temporary fix
2014-03-23 18:52:25 +00:00
Hannah Wolfe
2f159cb7df Merge pull request #2435 from halfdan/2148-rpc
Add XML-RPC ping
2014-03-20 19:14:23 +00:00
Fabian Becker
9e7469e3ea Add XML-RPC ping
closes #2148
- Added core/server/xmlrpc.js
- Hook into post::saved to ping when a published post gets saved
- Added node package to hook into http requests
2014-03-20 17:53:32 +00:00
Hannah Wolfe
c02fd70c63 Improving the showdown extensions
fixes #2381

- renamed the ghost extensions
- added new html tests
2014-03-20 17:08:13 +00:00
Hannah Wolfe
d8f724d94d Removing typography extension
issue #2312

- The typography extension is still interfering in HTML blocks, reference style links and other bits and pieces it probably shouldn't be :(
- We'll add it back when it's ready.
2014-03-20 13:22:28 +00:00
Fabian Becker
428fb94278 Fixes random pg failures.
fixes #2075
- Updates knex to latest version
- Fixes expected value in page test
- Change fixture insertion to be sequential
- Add orderBy to insertMorePostsTags fixture helper
2014-03-17 10:54:31 +00:00
Harry Wolff
3e21940b18 Add promise to ghost startup process to allow
hooking into when ghost has finished loading

addresses item 9 in #2078
and makes progress on #2182

- has files that startup ghost return a promise
 that is resolved once ghost has finished loading
- moves getSocket into config file
- removes models.reset() as it's not used anywhere
- update functions in server startup
- remove unused version hash variable
2014-03-11 11:41:45 -04:00
Jonathan Johnson
e4bb6d08cc Update validator to 3.4.0
Closes #1379

- Convert to new api usage for both server-side and client-side
- Provide way require a negative response for boolean methods in
  default-settings.json
- Add field validation functional tests
  - Settings (General)
    - Title length validation
    - Description length validation
    - postsPerPage, numeric, min, max
  - Settings (User)
    - Bio Length validation
    - Location length validation
    - Url validation
  - Login
    - Email validation
  - Editor
    - Title required validation
2014-03-04 13:54:24 -07:00
Fabian Becker
cd74b0e232 Switch to bower for client assets.
fixes #2272
- Remove libraries from shared/vendor
- Remove libraries from client/assets/vendor
- Add bower to package.json and postinstall
- Add bower.json with dependencies
- Add scripts from bower_components to concat/uglify
- Fix tests
- Serve jquery from /ghost/built/theme/
2014-03-04 20:09:26 +00:00
Fabian Becker
1a9e91f120 Replace JSLint with JSHint.
closes #2277
- Added ES6 linting to core/client/
- Fix typeof array comparison
2014-03-04 15:47:39 +00:00
Hannah Wolfe
708ba6f8b0 Merge pull request #2220 from sebgie/issue#1401
Add validation from schema.js
2014-02-28 23:04:04 +00:00
Andy
b49f10c33d Add support for typographically-correct punctuation
Closes #1795
- Added typography.js Showdown extension
- Updated RSS test to support new typographic quotes
2014-02-28 09:44:08 +00:00
Sebastian Gierlinger
b1c35a9b6c Fix importer adds the same tags to every post
fixes #2234
- updateTags used tags that were overwritten by an async operation
2014-02-21 22:54:56 +01:00
Sebastian Gierlinger
ac7f4f05c4 Add validation from schema.js
closes #1401
- added data/validation/index.js
- added generic validation for length
- added generic validation for nullable
- added validations object to schema.js for custom validation
- removed pyramid of doom from api/db.js
2014-02-19 18:32:23 +01:00
Sebastian Gierlinger
ea6c601b01 Improvements for models
#closes #1655
- removed models as parameter for bookshelf-session
- changed to read permittedAttributes from schema.js
- changed updateTags to be executed at saved event
- added validate to execute after saving event
- added test for published_at = null (see #2015)
- fixed typo in general.hbs
2014-02-19 14:57:26 +01:00
Harry Wolff
9ab4b7d4d5 Adds tag pages
fixes #2111

- modified Post model to support a tag query
  param that will filter the desired post collection
  to only include posts that contain the requested tag

- in the updated Post model it includes the Tag model
  under a nested object called 'aspects'

- added tests for updated Post model, updating
  test utils to add more posts_tags relations

- adds two new routes to frontend,
  one for initial tag page,
  another to page that tag page

- for tag pages the array of posts
  is exposed to the view similarly
  to the homepeage

- on the tag view page the information
  for the tag is also accessible
  for further theme usage

- the tag view page supports a hierarchy of
  views, it'll first attempt to use a tag.hbs
  file if it exists, otherwise fall back
  to the default index.hbs file

- modified pageUrl and pagination helper
  to have it be compatible with tag paging

- added unit tests for frontend controller

- added unit tests for handlebar helper modifications

- add functional tests for new tag routes
2014-02-18 15:10:02 -05:00
John-David Dalton
6eab7b3f92 Replace underscore with lodash. 2014-02-06 14:08:34 +00:00
Sebastian Gierlinger
d28bf3de4c Improve password reset token
no issue
- added check that a combination of email + expires is rejected after
10 attempts
- changed comparison to time independent method

Thanks to @chiiph for reporting this issue!
2014-01-30 13:00:30 +00:00
Hannah Wolfe
5e97bcb950 Merge pull request #2036 from xuduo35/0.4-maintenance
bug caused by unidecode's bug
2014-01-27 13:45:42 -08:00
Hannah Wolfe
7049d0f338 Improvement for published posts with no published_at
issue #2015

- this is another little workaround / improvement to try to reduce the number of people who end up with a published post with no published_at set
- I assume we need to complete #1655 to fix this properly
2014-01-26 12:05:27 +00:00
Xie JinBin
1d1caada6b bug caused by unidecode's bug
close #1986
- remove URL reserved chars after unidecode, because unidecode will produce some URL reserved chars.
2014-01-26 19:31:19 +08:00
Hannah Wolfe
39b9c1cf6b Merge pull request #1927 from schneidmaster/fix-1907
Fixed issue with adding multiple new tags to a post
2014-01-20 06:04:59 -08:00
Hannah Wolfe
6098b83152 Adding case-insensitive User.getByEmail method
fixes #1498

- emails are no longer converted to lowercase, local mailbox can validly
  be mixed case
- getByEmail uses JS to compare emails to ensure we can support unicode
- tests that users can be retrieved by their email address with case
  insensitivity
2014-01-15 10:39:40 +00:00
Zach Schneider
fa7bd62857 Fixed issue with adding multiple new tags to a post
Fixes #1907

Refactored `updateTags` to correct a loop issue where the `insert`
method was mistakingly being passed rather than `update`, triggering a
duplicate PK SQL error.
2014-01-13 09:29:40 -05:00
nicovalencia
e8746a2375 Add rss to the list of reserved post titles/slugs.
closes #1880
- added `rss` to core/server/models `generateSlug` reserved keywords
- added integration test for safe slug generation to core/test/integration/model/model_posts_spec.js
2014-01-07 17:30:53 -07:00
Harry Wolff
a1f64d2f1f Extending halfdan’s work for UX settings improvements
#1351

- prevent a new post (not saved on server) from
updating its slug/date to the server

- fix jshint

- add back creation of a posts slug upon a post creation

- update for rebasing

- hide ability to ‘delete this post’ from post settings
menu when a post hasn’t yet been saved to the server
2014-01-06 21:33:24 -05:00
Fabian Becker
11c8d234f7 New Post UX behaviour.
refs #1351
- Make generateSlug a static method on base model
- Change client behaviour (unfinished)
- Add new getSlug API method
2014-01-06 21:05:17 -05:00
Hannah Wolfe
3f9b0fa618 Disable xss santization
issue #1378
fixes #1328

- xss santization does some odd things. This isn't needed until we have multi-user support, and we are investigating better solutions.
2014-01-06 20:17:20 +00:00
Hannah Wolfe
af6137248d New URL helper - URL consistency fixes
fixes #1765
fixes #1811
issue #1833

New UrlFor functions

- moved body of url helper to config.path.urlFor, which can generate a URL for various scenarios
- urlFor can take a string (name) or object (relativeUrl: '/') as the first
  argument - this is the first step towards issue #1833
- also added config.path.urlForPost which is async and handles getting
  permalink setting
- frontend controller, ghost_head helper, cache invalidation all now use
  urlFor or urlForPost all urls should be correct and consistent

URL Consistency Improvements

- refactored invalidateCache into cacheInvalidationHeader which returns a
  promise so that url can be generated properly by urlForPost
- moved isPost from models to schema, and refactored schema to have a tables object
- deleted posts now return the whole object, not just id and slug,
  ensuring cache invalidation header can be set on delete
- frontend controller rss and archive page redirects work properly with subdirectory
- removes {{url}} helper from admin and client, and replaced with adminUrl
  helper which also uses urlFor
- in res.locals ghostRoot becomes relativeUrl, and path is removed
2014-01-06 15:15:48 +00:00
Lev Gimelfarb
a0ace7a324 Fixing 404 on page view when using PostgreSQL
closes #1801
- adding fixBools method to `server/models/base.js` to convert bools to 1/0 to be consistent with MySQL & sqlite3 data providers (based on @ErisDS recommendation)
- this in turn fixes the check in `server/controllers/frontend.js`, which does an explicit `post.page === 0` comparison (in pgsql this is a `boolean`, since the schema declares it as "bool" in `server/data/schema.js`, but MySQL/sqlite3 don't have concept of Boolean, only an integer or bit)
- any model retrieved from persistence will pass through this (possible future refactoring is to combine fixBools & fixDates into one "canonicalize()" to have a single loop pass)
2014-01-05 10:10:43 -05:00
Hannah Wolfe
4bac1e3672 Fix gravatar retrieval
fixes #1778

- use http for initial request, store url with no schema
2014-01-01 18:10:55 +00:00
Hannah Wolfe
64cf2b1b24 Merge pull request #1759 from hswolff/fix-import-updated-at
Allows disabling of timestamps when importing posts
2013-12-28 11:41:05 -08:00
Harry Wolff
32528de4a4 Allows disabling of timestamps when importing posts
fixes #1696

- this is a temp workaround until full fledged support
is added directly to bookshelfjs
- when importing we use the import json blob’s timestamps
as the value that’s set in the DB 
- added tests for this change
2013-12-26 15:29:16 -05:00
Sebastian Gierlinger
691c8cd5a9 Delete all content (posts and tags)
closes #1445
- added delete button to ‚ugly debug tools‘
- added api call to delete all content
- added /db to cache invalidation routes
2013-12-25 01:05:20 +01:00
Harry Walter
7b390e73e6 Correctly order posts in admin and frontend
issue #1303
2013-12-24 11:18:32 +00:00
Hannah Wolfe
78737b35ff API refactor / cleanup
closes #1303

- removed where and orderBy from being passed from the API through to bookshelf, and ultimately knex
- ordering is now consistent across both front and backend, which fixes #1303
- validated / cleaned up all the API parameters
- added API tests for the status and staticPages parameters
2013-12-20 13:07:01 +00:00
Sebastian Gierlinger
05ca5edeeb Remove fixed scheme from gravatar url
no issue
- removed scheme from gravatar url

Reason:
Gravatar supports ssl and the fixed scheme will cause ‚insecure
content‘ warnings.
2013-12-17 17:21:00 +01:00
Gabor Javorszky
c515e20ea3 Adds login limiter
Closes #499
* On wrong passwords, statuses: `active` -> `warn-1` -> `warn-2` -> `warn-3` -> `locked`
* On login check, if user's status is `locked`, login automatically fails and user is encouraged to reset password. Does not even bother to check for passwords.
* login attempts tell user how many attempts she has remaining in notification box
* successful login will reset status to `active`
* resetting password with forgotten password emailed token resets status to `active`
* complete with a test suite
2013-11-29 01:24:25 +00:00
Harry Wolff
89154ad997 Restore support for using ghost as a npm module fixes #1326 2013-11-27 17:39:14 +00:00
Tim Griesser
726014f59a bumping to knex 0.5 and bookshelf 0.6.1 2013-11-26 23:10:31 +00:00
Sebastian Gierlinger
3f2258e95b Replace cookieSession with session
- changed cookieSession to session
- added session.regenerate for login and logout
- added bookshelf session store
- added session table to database
- added import for databaseVersion 001
- added grunt task test-api
- cleanup of gruntfile to start express when needed only
- moved api tests to functional tests
2013-11-24 15:29:36 +01:00
danschumann
4eaf544ad7 Update base.js
No longer need `|| 'development'`, since it is defaulted in the top index.   If we did need `|| 'development'` here, we'd need it on the next line too, otherwise it breaks.
2013-11-23 22:29:08 -08:00
Hannah Wolfe
2701f3e664 Merge pull request #1534 from jgable/passwordReset
Improved Password Reset Tool
2013-11-23 08:44:08 -08:00
Jacob Gable
34e453039b Improved Password Reset Tool
Closes #1471

- add api and User model methods for generating and validating tokens
- add routes and handlers for reset password pages
- add client styles and views for reset password form
- some basic integration tests for User model methods
2013-11-22 10:46:19 -06:00
Sebastian Gierlinger
77ed7f8ac6 Add transactions for import
closes #837
- added transaction handling for import
- added transactions to model functions
- added simple tests for failing imports
2013-11-20 21:36:02 +01:00
Fabian Becker
89201a5c84 Lowercase email address.
fixes #1498
2013-11-18 00:34:51 +00:00
Declan cook
cbe8c15dc8 Add users Gravatar on signup
When a user registers try to find their gravatar.
2013-11-11 23:45:47 +00:00
Fabian Becker
88d7682605 Automatically replace unicode characters with ascii characters for slugs.
fixes #1285
2013-11-05 21:00:29 +00:00
Sebastian Gierlinger
bb17e1c0e9 Add API tests
closes #1189
- added tests
- added request module
- added status codes to API calls
- fixed return values of API calls
- fixed that drafts caused an error when being deleted
- fixed X-Invalidate-Cache headers
- moved testUtils.js to utils/index.js
2013-11-03 18:13:19 +01:00
Ben Gladwell
69d3a1460d Remove unparam:true from jslint config in Gruntfile.js
issue #1365
- added /*jslint unparam:true*/ to functions where absolutely necessary
- added /*jslint unparam:true*/ to functions in which keeping parameter
  list added clarity to the underlying api, even when those parameters
  are not currently used
- removed unused parameters in a few places
2013-10-31 14:02:34 -04:00
Fabian Becker
798e5b1a4e Allow user to mark a post as static page
- Increased post-settings width to properly display "Static Page"
- Changed templates to display "Static Page" if set
- Added unit test for body_class helper

fixes #969
2013-10-28 22:01:03 +00:00
Hannah Wolfe
5c33a707e9 Merge pull request #1164 from halfdan/1162-unpublished-posts
Unpublished Post should not be accessible
2013-10-25 13:18:39 -07:00
Fabian Becker
aa5c0cc620 Unpublished Post should not be accessible
fixes #1162
2013-10-24 21:29:10 +00:00
Hannah Wolfe
ca6bc7525d Merge pull request #1238 from jgable/exposeKnex
Store the Bookshelf instance on the Bookshelf module
2013-10-24 08:18:29 -07:00
Fabian Becker
1af17725fc Replace nodejs-bcrypt with bcryptjs
* https://github.com/shaneGirish/bcrypt-nodejs
* https://github.com/dcodeIO/bcrypt.js
2013-10-23 15:43:45 +00:00
b1nd
8f74eb0b83 Added server validation for location field 2013-10-22 23:00:12 +01:00
Jacob Gable
34343e893d Store the Bookshelf instance on the Bookshelf module
- Assigns the ghostBookshelf instance to the Bookshelf.ghost property
2013-10-22 15:32:46 -05:00
Hannah Wolfe
4480d3bd02 Merge pull request #1088 from jacobian/postgres-fix
Fix #896 - work around errors in pagination under Postgresql.
2013-10-22 07:08:15 -07:00
Pascal Borreli
14c420c8d1 Fixed typos 2013-10-20 20:33:51 +00:00
Tim Griesser
13639ad8d1 Updating to bookshelf 0.5.7 & knex 0.4.11 2013-10-17 18:23:36 +01:00
Jacob Kaplan-Moss
2acb546028 Fix #896 - work around errors in pagination under Postgresql. 2013-10-15 11:09:08 -05:00
Hannah Wolfe
95f9fce3be Swapping escape to sanitze
issue #938

- rather than using escape, use node-validatiors santize function which is designed for preventing xss vectors
- added listener for changes to both editor and settings page
- added more sanitization to the user model
- consistently use triple-braces when outputting blog post titles
2013-10-09 19:13:16 +01:00
Tim Griesser
c9235ccb0b Escaping several fields to prevent XSS
issue #938
- escapes post's title field
- escapes settings title, description, email
- escapes user's name field
- includes test for post title
2013-10-09 19:13:13 +01:00
Hannah Wolfe
d544b4aebb Custom destroy method for posts
issue #858

- correctly handles detaching tags before deleting the post
2013-09-27 11:56:20 +01:00
Hannah Wolfe
e6b779330f Correctly test for an empty Tag array
issue #858

- fixes syntax errors in mysql
2013-09-27 11:55:02 +01:00
John O'Nolan
d1957958e3 Cleanup indentation and quotes
Aligns all requirements vertically for easier reading + adds single quote standard consistently throughout Ghost, except in long strings.
2013-09-26 15:06:31 +01:00
Hannah Wolfe
0c545d5f2e Cleanup 2013-09-19 08:51:01 +01:00
Hannah Wolfe
32d1076d35 Correct validation message for short passwords
closes #833
2013-09-19 08:41:04 +01:00
Hannah Wolfe
83e655701c Post settings menu tweaks
closes #782, #783

- delete button hidden until ID
- publish date works before publish
2013-09-17 11:51:24 +01:00
Hannah Wolfe
8c26249d46 Adding extra paths to not allow slugs for 2013-09-17 01:48:56 +01:00
William Dibbern
4b8806ec1d Infinite Scroll Pagination for content screen
Fixes #258

- Modified post collection to have default values for paging.
- Added scroll handler to content view to check for more posts and load
as appropriate.
- Sanitized result from server-side post paging, ensure page # is
returned as an integer.
- Added a functional test stub.
2013-09-15 18:34:23 -05:00
Hannah Wolfe
8d038b8bf2 One exporter to rule them all
closes #733

- Exporter will read meta data to determine the tables which are present and export all data from those tables
- Exporter figures out which version to export, rather than requiring that information
- deleted old exporters
2013-09-15 17:04:42 +01:00
Hannah Wolfe
71a92194ca Improved error messaging
closes #748

- Removed the alpha software warning
- Better error message output for the whole app - can now specify an error, a context, and a help message
- Improved invalid node version, start and stop messaging
- Listens for Ctrl+C and exits nicely
- Minor improvements to handling and errors with old DBs (temporary)
2013-09-15 13:52:58 +01:00
Hannah Wolfe
b902f8109c Renaming default to defaultValue as default is reserved 2013-09-14 22:39:31 +01:00
Hannah Wolfe
d968495996 Mass renaming of things
Conflicts:
	core/client/views/settings.js
	core/server/models/user.js
2013-09-14 21:56:07 +01:00
Hannah Wolfe
d587a845d4 Set migrations to use new 000 schema
issue #632

- removed old schemas
- updated base model to reflect all of the consistent behaviours and properties across the models
- updated all models to match the new schema

TODO

- no fixtures are currently loaded except settings
- need to rename properties across the codebase
2013-09-14 20:01:46 +01:00
Hannah Wolfe
70824a247f Merge branch 'migrations-003' into new-version
Conflicts:
	.gitignore
	config.example.js
	core/server/models/post.js
	package.json
2013-09-14 19:15:04 +01:00
Hannah Wolfe
0b1ffcd1f5 Updating settings types
- issue #573, issue #632
2013-09-14 19:04:41 +01:00
Hannah Wolfe
3fab1f708a Merge pull request #728 from skattyadz/default-settings-validations
Conflicts:
	Gruntfile.js
	core/server.js
	core/server/data/default-settings.json
	core/test/unit/admin_spec.js
2013-09-14 14:37:52 +01:00
Adam Howard
3823d10c35 Restructure default-settings.json and add validations to important settings. 2013-09-14 14:29:27 +01:00
Sebastian Gierlinger
35a32279d9 Clean up config (drop 'env')
closes #628
- removed .env from config.js
- ghost.config() returns correct config for NODE_ENV
- removed .env[process.env.NODE_ENV]
- updated tests
- deleted users.hbs, plugins.hbs, appearance.hbs (forgot to delete in PR #649)
2013-09-14 13:14:00 +01:00
Hannah Wolfe
486b2406b1 Merge pull request #722 from ericterpstra/370-post-settings-permalink
Added post-settings menu with edit permalink field
2013-09-13 14:31:49 -07:00
Hannah Wolfe
420986de62 Updating tag saving logic to never save duplicates 2013-09-13 21:38:53 +01:00
ericterpstra
e2bc5257a6 Added post-settings menu with edit permalink field
closes #370
- Added new Backbone view for post settings menu
- Moved sass styles to global.scss for post settings menu items
- Added field to change post slug (permalink) using existing slug
  validation
2013-09-13 12:36:38 -05:00
Hannah Wolfe
01f6551bf2 Small model update for tags and users
- tags are now created with uuid & timestamps
- user role is no longer a model, just a join done with attach
2013-09-13 15:06:17 +01:00
Adam Howard
f6b86a98ff Fix bug preventing tags from being saved when a Post is created.
Fixes #658
2013-09-13 14:30:22 +01:00
Sebastian Gierlinger
212521712d Clean up config (drop 'env')
closes #628
- removed .env from config.js
- ghost.config() returns correct config for NODE_ENV
- removed .env[process.env.NODE_ENV]
- updated tests
- deleted users.hbs, plugins.hbs, appearance.hbs (forgot to delete in PR #649)
2013-09-12 15:25:58 +01:00
Hannah Wolfe
bbbfed9921 Temporary aliasing on the User model
issue #389

- Output only aliases (saving data with these keys won't work) gives us the right names in the theme API
2013-09-09 15:25:20 +01:00
Hannah Wolfe
5bae29a0db Merge branch 'master' into migrations-003
Conflicts:
	core/server/data/migration/index.js
	core/server/models/post.js
2013-09-05 12:40:43 +01:00
Adam Howard
e24b5c3382 Proper settings infrastructure, allowing new features without compromising old data.
On server load, check for settings which have not been set, and apply a default value to the settings table from a JSON file.
2013-09-03 22:56:34 +01:00