Commit Graph

81 Commits

Author SHA1 Message Date
Katharina Irrgang
fb044e6d88
Bumped sinon from 4.4.6 to 7.3.2 (#10400)
refs #9389

- https://github.com/sinonjs/sinon/blob/master/CHANGELOG.md

Breaking changes for Ghost:

- no need to create a sandbox anymore, each file get's it's own sandbox
- just require sinon and use this sandbox
- you can still create separate sandboxes with .createSandbox
- reset single stubs: use .resetHistory instead of .reset

This is a global replace for any sandbox creation.

---

From https://sinonjs.org/releases/v7.2.3/sandbox/

> Default sandbox
> Since sinon@5.0.0, the sinon object is a default sandbox. Unless you have a very advanced setup or need a special configuration, you probably want to just use that one.
2019-01-21 17:53:44 +01:00
Nazar Gargol
c3e22b6ab9 🐛 Fixed forced page filter not being respected in Content API
closes https://github.com/TryGhost/Ghost/issues/10395, https://github.com/TryGhost/Ghost/issues/10390

- The grouping was introduced due to a flasy conjunction of last filter in 'or' group with enforced page filter, due to this the rest of filters in the 'or' group were bypassed
- Additional grouping added here increases the possiblity of https://github.com/NexesJS/NQL-Lang/issues/7 bug happening
2019-01-21 13:26:45 +00:00
Dexter Leng
da71b61bcf 🐛Deleted associated roles_users rows when user is destroyed (#10243)
closes #8843
2019-01-21 12:36:13 +01:00
kirrg001
26d0f48561 Renamed getValidAdminKey to getValidAdminToken for admin api v2 test area
no issue
2019-01-18 19:11:51 +01:00
kirrg001
1126997244 Added easy way to enable admin api key authentication
refs #9865

- small refactoring to make both session and admin api key handling similar
- admin api key authentication is still disabled, but easy to enable
- added proof test how to authenticate using admin api keys
2019-01-18 18:57:58 +01:00
kirrg001
de7ba3cd85 Corrected content api test key
no issue

- we reduced the key length
2019-01-18 17:54:08 +01:00
kirrg001
fbe2829b93 Added test helper for admin api v2: getValidAdminKey
no issue
2019-01-18 17:54:08 +01:00
Naz Gargol
1a4497fc9a
🐛 Fixed default resource ordering in Content API (#10371)
refs https://github.com/TryGhost/Ghost/issues/10354

- Added ordering on input serialization layer for posts, pages, tags, and authors
- At the moment ordering is dependent on DB engine which will be resolved with https://github.com/TryGhost/Ghost/issues/6104
2019-01-15 12:21:04 +00:00
Katharina Irrgang
3924acd152
🗑Deprecated ghost_head & ghost_foot in favour of codeinjection_* for Settings API v2 (#10380)
closes #10373

- ghost_head & ghost_foot are deprecated from now on
- we want to remove them in v3
- this short fix is dirty (!)
- we return codeinjection_* for admin & content api
- this is a consistentency change e.g. posts return `post.codeinjection_*`
- need to raise a decoupling refactoring issue for the code comments
2019-01-15 13:03:17 +01:00
Fabien O'Carroll
cf1e4aa593
💡 Disabled v0.1 Public API by default (#10372)
refs #10364
2019-01-15 11:09:34 +01:00
Fabien O'Carroll
76bb40b7c0
Added clause in validation for include to not error (#10350)
* Added clause in validation for include to not error

refs #10337

Here we forgo erroring when an invalid property for include is sent, and
instead remove the invalid properties.

* Fixed authors test

* Fixed validators tests
2019-01-08 12:29:15 +01:00
Hannah Wolfe
954ca8c48f Removed unused visiiblity fields from Content API
refs #10337

- Trying to make the API output as clean as possible,
- We can add these back later if we start using them
2019-01-08 10:00:27 +00:00
Hannah Wolfe
da17b2c82b Settings API should return null instead of ""
refs #10345

- We are standardising on returning null from the Content API for any empty values
2019-01-07 15:02:24 +00:00
Naz Gargol
4177548a84
Migrated redirects controller to API v2 (#10053)
refs #9866

- Migrated redirect routes to use new redirect controller
2019-01-07 11:32:53 +00:00
kirrg001
5548bbb2c1 Removed post.status from Content API v2 response
refs #10335

- only used for the preview feature, which does not remove the status field
2019-01-05 12:11:27 +01:00
kirrg001
a8dc29e794 Reverted page and status not being returned from Content API v2
refs https://github.com/TryGhost/Ghost/issues/10335

- temporary till Monday!!
2019-01-04 20:18:11 +01:00
Katharina Irrgang
30a0b1794a
Added calculated excerpt field to Content API v2 (#10326)
closes #10062

- return `post.excerpt` for Content API v2
- do not use `downsize`, because we might want to get rid of it if we drop v0.1 (downsize does not create good excerpts)
- simple substring of the plaintext field
2019-01-04 19:00:45 +01:00
Hannah Wolfe
5d977f23d4 Added Settings endpoint to V2 Content API
refs #10318

- This settings endpoint returns the commonly used, public information from our settings.
- The values are whitelisted each with a custom name for returning from the endpoint
2019-01-04 12:17:32 +00:00
Hannah Wolfe
ef98c65040
Clean v2 Content API (#10329)
* Removed unused fields from v2 Content API

- We want to ship the v2 Content API as clean and lean as we can
- Many fields in the DB aren't actually used, we shouldn't return these values
- Other values aren't useful outside of Admin clients, and shouldn't be returned either

Fields removed:
- tags: created_at, updated_at, parent
- authors: locale, accessibility, tour
- posts: locale, author status, page
2019-01-04 11:21:21 +00:00
Naz Gargol
d3f3b3dc20
Added plugin based author and public tag models in API v2 (#10284)
refs #10124

- Author model returns only users that have published non-page posts
- Added a public controller for tags (should be extracted to separate Content API controller https://github.com/TryGhost/Ghost/issues/10106)
- Made resource configuration dynamic based on current theme engine
- This needs a follow-up PR with fixes to the problems described in the PR
2019-01-03 20:30:35 +01:00
kirrg001
789a3c0715 Removed x_by fields from API v2 response
refs #10286

- v2 no longer exposes x_by fields (published_by, updated_by, created_by)
- we will add a brand new concept called activity stream/actions soon
2019-01-03 16:38:52 +01:00
kirrg001
254a460462 Refactored expected API properties
no issue

- we need to maintain the expected properties per API version
- each API version can return a different result
- move the expected properties to the local utility and call global test helper
2019-01-03 16:38:52 +01:00
Nazar Gargol
6797da599b Added functional test for import endpoint in API v2
no issue

- This change is a follow up to this bugfix https://github.com/TryGhost/Ghost/pull/10299
- Added default export JSON to keep the state of db test suite intact
- Small typo fixe that noticed while debugging
2019-01-02 14:10:25 +01:00
Naz Gargol
aa8e75914d
Migrated db controller to API v2 (#10051)
refs #9866

- Migrated db import/export routes to use new db controller
2018-12-17 14:45:09 +01:00
Fabien O'Carroll
43ce1f02c1
Fixed broken spam prevention test (#10281)
* Fixed broken spam prevention test

closes #10280

* Improved spam prevention test
2018-12-13 18:44:32 +07:00
Katharina Irrgang
9d7c3bd726
🐛 Fixed all known filter limitations (#10159)
refs #10105, closes #10108, closes https://github.com/TryGhost/Ghost/issues/9950, refs https://github.com/TryGhost/Ghost/issues/9923, refs https://github.com/TryGhost/Ghost/issues/9916, refs https://github.com/TryGhost/Ghost/issues/9574, refs https://github.com/TryGhost/Ghost/issues/6345, refs https://github.com/TryGhost/Ghost/issues/6309, refs https://github.com/TryGhost/Ghost/issues/6158, refs https://github.com/TryGhost/GQL/issues/16

- removed GQL dependency
- replaced GQL with our brand new NQL implementation
- fixed all known filter limitations
- GQL suffered from some underlying filter bugs, which NQL tried to fix
- the bugs were mostly in how we query the database for relation filtering
- the underlying problem was caused by a too simple implementation of querying the relations
- mongo-knex has implemented a more robust and complex filtering mechanism for relations
- replaced logic in our bookshelf filter plugin
- we pass the custom, default and override filters from Ghost to NQL, which then are getting parsed and merged into a mongo JSON object. The mongo JSON is getting attached by mongo-knex.

NQL: https://github.com/NexesJS/NQL
mongo-knex: https://github.com/NexesJS/mongo-knex
2018-12-11 11:53:40 +01:00
Fabien O'Carroll
0bf5dd212a Added members related db changes and models
refs #10213
2018-12-11 11:53:55 +07:00
Rishabh Garg
bf295a96a8
Added configuration controller to v2 API (#10056)
refs #10060
2018-12-04 09:27:36 +05:30
Sumedh Nimkarde
8b816af1c2 🐛 Fixed invalid imported subscribers count (#10229)
closes #9987

- Fixed the count of invalid records when importing single column csv of subscribers
2018-12-03 20:45:55 +01:00
Fabien O'Carroll
8046f4d437
🐛 Fix last seen for users (#10141)
* Added updateLastSeen method to user model

refs #10138

* Refactor codebase to use user.updateLastSeen

refs #10138

This is to ensure all updates go via the same method, meaning any
specific logic can be handled in one place, it also helps with grepping
the codebase to find where this occurs

* Created updateUserLastSeen middleware for v2 admin

refs #10138

This is intended to be used with the v2 admin api and _possibly_ the
content api, to give us an accruate report on thelast time a user access
a ghost instance.

* Wired updateUserLastSeen up to v2 Admin API

closes #10138

* Fixed broken test for v2 admin api

no-issue

This test was broken because it was incorrectly testing for a method to
be called exactly once - this was irrelevant to the functionality being
tested for.

* Updated user check method to set status to active

no-issue

* Debounced the updateUserLastSeen middlware an hour

no-issue

* Resolved some PR comments
2018-11-13 18:27:10 +07:00
Katharina Irrgang
ff6bf5f318 Renamed /users to /authors for Content API V2 (#10096)
refs #10061

- Made /authors endpoint available in Content API V2
2018-11-07 15:29:37 +01:00
Rishabh Garg
3b8621e19c Added slack controller to v2 API (#10086)
refs #10060

- Added slack controller to v2 admin API
- Added new API test for slack API controller
2018-11-06 23:20:43 +01:00
Naz Gargol
ec03b3cfc5
Content API v2 date formatting (#10095)
closes #10065 

- Added UTC offset to dates returned by Content API
- Added test checking new format is compatible with Admin API
- Refactored output serializer mapping logic
2018-11-06 16:12:12 +01:00
Katharina Irrgang
1b9c61eed1
Returned relative paths in html for Content API V2 by default (#10091)
refs #10083

- you can send `?absolute_urls=true` and Ghost will also transform the paths in the content (this is optional/conditional)
2018-11-05 18:07:45 +01:00
Rishabh Garg
94b3735c6e Added oembed controller to v2 api (#10057)
refs #9866

- Added oembed controller to v2 API
2018-11-02 09:32:26 +01:00
kirrg001
8d12c8908f 🐛 Fixed missing filename when exporting subscribers csv
closes #10075

- the filename was missing
2018-10-27 18:39:39 +02:00
Fabien O'Carroll
f9da6c7eed
Refactored spam prevention tests to use promises (#10036)
closes #7470

This refactors the spam prevention tests to all return promises,
hopefully making it easier to see where a test timeout might occur, it
also refactors the tests to remove the count state, which made it hard
to follow exactly what was happening or being tested.
2018-10-23 17:34:39 +07:00
Kevin Ansfield
71f0c08a34
Added edit webhook route to v2 Admin API (#10033)
no issue
- webhooks UI requires the ability to edit webhooks
- added `edit` permission for `webhook`
- added `edit` method to v2 webhook controller
- added `PUT /webhooks/:id` route to v2 Admin API routes
2018-10-19 18:35:55 +01:00
kirrg001
759c25d03e Fixed read posts/pages for v2
refs #9866

- read does not support `filter`
2018-10-19 10:40:47 +02:00
kirrg001
cbf2817e39 Added missing read pages endpoint
refs #9866

- the endpoints were missing
- the site app needs pages.read for v2
2018-10-18 19:41:07 +02:00
Fabien O'Carroll
17feb14e4a Added HTTP BREAD for integrations resource (#9985)
refs #9865

* Added generic messaging for resource not found
* Ensured integration model uses transaction for writes
* Created POST /integrations endpoint
* Created GET /integrations/:id endpoint
* Created GET /integrations endpoint
* Created PUT /integrations/:id endpoint
* Created DELETE /integrations/:id endpoint
2018-10-18 14:03:56 +01:00
Fabien O'Carroll
e865d2218c 🐛 Fixed pagination/duplicate posts and users appearing in admin area (#10031)
closes #10029

- allowed page option for users, posts, & tags browse 
  - The page query param was not forwarding to the query, meaning that when the admin client requested the next page of users or posts, it would receive the first page again.
2018-10-18 10:05:51 +01:00
Nazar Gargol
49a729f77f Excluded sessions table from exporter (#9961)
refs #9865

- Made sessions table to be skipped during the export process
2018-10-17 18:29:24 +07:00
Rishabh Garg
c638863cb9 Updated webhooks schema and add relation (#10018)
* Extended webhooks schema/model and connected with integrations

refs #9942

- Updated webhooks schema with new columns - name, integration_id, secret, last_triggered_at, api_version
- Updated webhooks and integration model to map relationships
- Updated schema hash
- Updated test utils to exclude new webhooks columns for response comparison

* Added migration script for new webhooks columns

refs #9942

- Added migration script in 2.3 to add new columns to webhooks

* Updated schema hash

* Updated maxLength for api_version in schema

* Removed concurrency value from migration script

* Added defaults for webhooks model

* Added status field to webhooks for last trigger status

* Updated schema hash

* Fixed tests with status field

* Removed concurrency value in migration script

* Cleanup

* Updated schema with new fields

 - last_triggered_status, last_triggered_error
2018-10-17 18:17:13 +07:00
kirrg001
6084330868 Corrected functional users v2 test case
no issue

- just noticed that this test was sending the incorrect body data
2018-10-16 18:20:47 +02:00
Nazar Gargol
d582c06eee Optimized usage of urls in API v2
refs #9866

- Extracted url decoration logic to utility in output serializers in posts, pages, users, and tags
- Added test cases for url usage by child object (tags of posts)
2018-10-16 13:02:04 +02:00
Nazar Gargol
9fd9186557
🐛 Fixed 'url' attribute miscalculation when when requested as the only part of fields filter (#9969)
closes #9962

- Fixed the bug with url being set to /404 when id was not present on the model
- Added a functional test to cover this bug
- Refactored url decorating methods to be more clear about the nature of passed parameters
2018-10-15 14:47:56 +02:00
Fabien O'Carroll
3db102a776
Added API Key auth middleware to v2 content API (#10005)
* Added API Key auth middleware to v2 content API

refs #9865

- add `auth.authenticate.authenticateContentApiKey` middleware
  - accepts `?key=` query param, sets `req.api_key` if it's a known Content API key
- add `requiresAuthorizedUserOrApiKey` authorization middleware
  - passes if either `req.user` or `req.api_key` exists
- update `authenticatePublic` middleware stack for v2 content routes

* Fixed functional content api tests

no-issue

This fixes the functional content api tests so they use the content api
auth.

* Fixed context check and removed skip

* Updated cors middleware for content api

* Removed client_id from frame.context

no-issue

The v2 api doesn't have a notion of clients as we do not use oauth for it

* Fixed tests for posts input serializer
2018-10-15 16:23:34 +07:00
Nazar Gargol
76f4a4bb03
Enforced non-page posts only to be returned by /posts endpoint from Content API (#10002)
refs #9866

- Added logic ensuring page filter is always set to false in posts endpoint for Content API
- Added functional tests to pages and posts
- Added absolute_url logic in pages controller
2018-10-13 00:48:49 +02:00
Katharina Irrgang
981ad28283
Changed tags content api to v2 (#10004)
refs #9866
2018-10-13 00:11:48 +02:00