Commit Graph

1124 Commits

Author SHA1 Message Date
Kevin Ansfield
d064eda229 Add configuration/private endpoint and settings for Unsplash (#8895)
refs #8859

- adds new `configuration/private` endpoint for exposing config that should not be accessible without authentication
- adds `unsplashAPI` to private config
- adds empty `unsplash` config to default settings
2017-08-15 15:59:16 +01:00
Hannah Wolfe
bd41dba35b 🦄 Channels: Stored config in res.locals not req (#8884)
refs #5091

- This tiny refactor opens the door for using channel config inside of helpers
- This means that ghost_head, and the next_post/prev_post helpers can be context aware
2017-08-14 10:21:24 +07:00
Aileen Nowak
cfbb7f6c6b Facebook and Twitter data per post feature (#8827)
closes #8334

- adds title, image and description to structured data to be rendered as open graph and twitter data.
- if meta title and description for a post exists already, the custom structured data will overwrite those for `og:` and `twitter:` data. `JSON-LD` (Schema.org`) is not affected and will stay the same.
- adds tests
- adds new og and twitter fields to schema incl. migration
2017-08-03 15:48:39 +04:00
Sam Wilskey
d73133d74b 🐛 Fixed keeping user inactive during user import (#8738)
closes #8651

- inactive users are suspended users or the owner user on blog setup
- added a check to see if user is inactive in import
- passes all tests
2017-08-03 13:21:37 +04:00
Katharina Irrgang
8f39d6cb5f Code Injection per Post feature (#8820)
no issue

- add 1.4 database migration to add two new fields to the database (use type text, because of max row size)
- handle global code injection vs. post code injection
- add tests
2017-08-02 13:38:19 +04:00
Katharina Irrgang
c9e3f8b180 🐛 Fix ghost update with migrations (#8810)
no issue

- if you backup your database and you are in the middle of a transaction, the transaction was not fully forwarded
- we were running into a pool error in knex
2017-08-01 17:27:13 +04:00
Kevin Ansfield
4da94a287f 📝 Correct typos in default welcome posts (#8807)
closes #8806
- `omellete` -> `omelette`
- `sleak` -> `sleek`
2017-08-01 13:04:08 +04:00
Katharina Irrgang
7845617607 Custom Post Excerpt Feature (#8792)
closes #8793

- 1.3 post excerpt migration
  - add 1.3 migration to add `excerpt` to post schema

NOTE:
    - knex-migrator relies on the package.json safe version
    - so right now Ghost is on 1.2
    - the migration script is for 1.3
    - if you pull down the PR (or if we merge this PR into master), you have to run `knex-migrator migrate --v 1.3 --force`
    - knex-migrator will tell you what you have todo

- Bump dependencies
  - knex-migrator@2.1.3
- Soft limit for custom_excerpt
- Extended {{excerpt}} to use custom excerpt
   - when a `custom_excerpt` field exists, the `{{excerpt}}` helper will output this and fall back to autogenerated excerpt if not.
- Refactored behaviour of (meta) description
   - html tag `<meta name="description" />` for posts, tags and author doesn't get rendered if not provided.
        - fallback for `author.bio` removed
        - fallback for `tag.description` removed
   - structured data and schema.org for `post` context takes the following order to render description fields:
        1. custom excerpt
        2. meta description
        3. automated excerpt (50 words)
    - updated and added tests to reflect the changes
2017-08-01 12:39:34 +04:00
Katharina Irrgang
b003a6c173 🐛 fix transfer ownership (#8784)
closes #8781

- when the ownership get's transferred, the id of the new owner is not '1' anymore
- we previously added a database rule, which signalises if the blog is setup or not, see 827aa15757 (diff-7a2fe80302d7d6bf67f97cdccef1f71fR542)
- this database rule is based on the owner id being '1', which is wrong when you transfer ownership
- we should keep in mind, that the owner id being '1' is only the default Ghost setup, but it can change
- blog is setup if the owner is locked
2017-07-31 13:37:37 +04:00
John O'Nolan
0b5de14900 🎨 Improved SEO meta titles for paginated archives (#8785)
closes #8575
2017-07-31 13:13:06 +04:00
Hannah Wolfe
353e11dafb Primary tag (#8669)
refs #8668

- return primary tag from Post API
- support primary tag in URL
2017-07-31 13:00:03 +04:00
John O'Nolan
4333604480 Fix fixture typo 2017-07-31 12:43:58 +04:00
Katharina Irrgang
3462f07f58 🎨 take the latest attached role when importing (#8765)
refs #8756

- there was a bug in one of the last LTS releases, which produced duplicated attached roles to users
- we want to prevent that on import and take the latest created based on the autoincrement id
2017-07-27 13:25:01 +04:00
John O'Nolan
0698be503a Site description fixture update (#8763)
No issue
2017-07-27 12:26:31 +04:00
Katharina Irrgang
ce3830f8a9 🚓 disqus comments (#8762)
closes #8760

- we have to remember the old post id's when migrating a blog from LTS to 1.0
- otherwise we would break disqus comments, because they rely on the post id
- this should fix the discovered situation
2017-07-27 11:55:23 +04:00
Katharina Irrgang
5ff7574324 🐛 user was not imported, but the importer tries to correct the reference (#8722)
no issue

- this is usually an edge case, but i investigated because i thought that the importer is broken
- the importer logic is build like this:
   - it creates a transaction
   - this transactions runs through:
      - beforeImport
      - doImport
      - afterImport
   - afterImport corrects user references and if a user could not be imported, we have to protect that
       NOTE: we could create two transactions to be more correct, but building this had no priority because of edge cases only
             having two transactions would solve: you first add the data (error or success), then you correct the data
   - usually a user can be always imported (!), but there are a few edge cases (e.g. multiple roles attached)
2017-07-21 09:59:18 +01:00
Katharina Irrgang
59d7302da5 🐛 import invalid dates (#8712)
closes #8703, closes #8015

- add sanitize fn to importer
- check wether an imported date is a valid date
- if not, print a warning
2017-07-20 11:24:23 +01:00
Katharina Irrgang
90fc7a6c06 🐛 respect owner user id references when importing (#8693)
closes #8691 

There was a condition added when i've refactored the importer.

> if (models.User.isOwnerUser(obj[key])) {

This condition is absolutely wrong! If you import an owner user, this owner user get's imported as administrator. But the original owner user id reference must be updated as well, so that the reference points to the new administrator id ✌🏻
2017-07-20 11:11:56 +01:00
Katharina Irrgang
35f12273ee 🔥 remove beta mentioning's (#8673)
no issue

- preparation for rc.1
2017-07-11 14:05:55 +01:00
John O'Nolan
cb2f754472 Update welcome post fixture (#8672)
Closes #8620

Info about how to delete the default Ghost user and all of the welcome posts along with it
2017-07-10 20:38:03 +07:00
Hannah Wolfe
6a45ca2605 🐛 Honour labs defaults on import (#8667)
closes #8601

- This makes sure that when you do an import, you still get the LATEST
  default settings for labs. Even if you had a different value before.
- LTS -> 1.0 is an upgrade, and Public API should be on by default, even if you
  had deliberately turned it off before.
- Cheeky test added
2017-07-09 14:31:53 +02:00
Aileen Nowak
827aa15757 Add new fixture Ghost Author (#8638)
refs #8620

Adds a new Ghost Author user, which is the author of the new welcome blog posts. The user is set to active, so the author slug works (otherwise it would render a 404, when user is suspended). Furthermore, there's one little fix in the user model, which was checking only for `active` user to decide the signup or setup process for the UI. Adding one more conditional to check if the found active user is also the owner, prevents to get redirected to sign in.
2017-07-06 00:18:27 +02:00
Hannah Wolfe
2058127dc5 Enable Public API by default (#8600)
closes #8601 

- this doesn't take the feature out of beta, but does enable it by default
- no need to enable the public api in the test anymore
- because public api is enabled by default
2017-06-20 10:10:49 +07:00
David Wolfe
bc301463c7 Fix sitemap for author permalink (#8585)
refs #8494
- include author in postgenerator for sitemap
2017-06-15 18:25:18 +01:00
Aileen Nowak
57f8367cdf 🐛 Add published_at to post model fixtures (#8573)
closes #8562
- before we create our model fixtures, we assign a `published_at` property with a difference of 1 second for each blog post, so the `prev_post` and `next_post` helpers work correctly
2017-06-13 10:27:42 +01:00
Katharina Irrgang
f5ef8dbb52 📖 replace any support.ghost.org link (#8555)
refs #7421
2017-06-08 20:34:20 +01:00
Kevin Ansfield
f675a962cf 📖 new default post content (#8548)
closes #8542
- updates default post fixtures
- adds default logo and cover images to settings fixtures
- update tests due to coupling to dev/prod fixtures
2017-06-08 16:36:14 +01:00
David Wolfe
b081ae34b5 🎨 Support LTS imports (#8498)
refs #8141

- update importer for LTS fields
- optimise for LTS export fixtures
- add image/language test for LTS import
- ensure post image is mapped to feature_image
- create mobiledoc values from markdown and html
- if mobiledoc is null, use markdown or html to create a mobiledoc markdown card
- update import mapping to use locale
- defaultLang in settings now maps to default_locale
- language for post and user models now maps to locale
- posts are not always loaded in correct same order so we select the posts we want to validate
- ensure if mobiledoc field is not in export we can still import from markdown
- map last_login to last_seen
- for users the importer maps last_login to last_seen
- add warning for legacyActiveTheme
- for export with old activeTheme key provide a warning that theme is not installed
- add importer test for LTS user long email
- add a test for LTS export where email address could be longer than alpha
- fix for importer date tests on mysql
- use valueOf in moment to compare times stored in different formats
- ignore warnings for not found settings in import
- use a flag to ignore NotFound Entries for settings during import
2017-06-04 11:53:00 +02:00
kirrg001
78ac63d8ad 🎨 add cache control configurations into the default config
refs #7488

- cache control can be overridden if needed
2017-05-31 16:12:11 +01:00
Katharina Irrgang
18b71f32b1 🎨 rename language to locale and use en as default locale (#8490)
no issue
- this PR references indirecty to https://github.com/TryGhost/Ghost/pull/8437
- i would like to have the settings change already in place before we release the beta
- the i18n feature is able to change the locale of Ghost
- most i18n libraries use locale
- adding/changing settings doesn't require a migration file, but it can make the database a bit messy (because you can end up with default_locale and lang)
- furthermore we agreed that the default locale for Ghost should be simply `en`, not `en_US` or `en_GB`
2017-05-31 16:05:49 +01:00
Kevin Ansfield
85496f409a 🔥 remove posts.markdown field (#8497)
closes #8479

- removes `markdown` field from schema
- removes `legacyMarkdown` converter
- updates tests to work with `mobiledoc` field instead of `markdown` and adapt for mobiledoc HTML output where necessary
2017-05-31 16:46:29 +02:00
Hannah Wolfe
3e60941054 Add ?formats param to Posts API (#8305)
refs #8275
- Adds support for `formats` param
- Returns `html` by default
- Can optionally return other formats by providing a comma-separated list
2017-05-30 11:40:39 +01:00
John O'Nolan
476caa5c2f 🎨 Update fixtures: Ghost owner (#8460)
no issue

- use a better name for default user pre-setup
- make it clear that this email address is an example, not real
2017-05-29 19:25:19 +02:00
Katharina Irrgang
925d72198c 🐛 Ensure post tags sort order is correct when importing (#8481)
refs #6967, refs #5422

- imports posts tags by post id and sort order
- test: fix order problem (sqlite)
2017-05-23 19:12:08 +01:00
Katharina Irrgang
1f37ff6053 🎨 refactor the importer (#8473)
refs #5422

- we can support null titles after this PR if we want
- user model: fix getAuthorRole
- user model: support adding roles by name
- we support this for roles as well, this makes it easier when importing related user roles (because usually roles already exists in the database and the related id's are wrong e.g. roles_users)
- base model: support for null created_at or updated_at values
- post or tag slugs are always safe strings
- enable an import of a null slug, no need to crash or to cover this on import layer
- add new DataImporter logic
    - uses a class inheritance mechanism to achieve an easier readability and maintenance
    - schema validation (happens on model layer) was ignored
    - allow to import unknown user id's (see https://github.com/TryGhost/Ghost/issues/8365)
    - most of the duplication handling happens on model layer (we can use the power of unique fields and errors from the database)
- the import is splitted into three steps:
  - beforeImport
    --> prepares the data to import, sorts out relations (roles, tags), detects fields (for LTS)
  - doImport
    --> does the actual import
  - afterImport
    --> updates the data after successful import e.g. update all user reference fields e.g. published_by (compares the imported data with the current state of the database)
- import images: markdown can be null
- show error message when json handler can't parse file
- do not request gravatar if email is null
- return problems/warnings after successful import
- optimise warnings in importer
- do not return warnings for role duplications, no helpful information
- error handler: return context information of error
- we show the affected json entries as one line in the UI
- show warning for: detected duplicated tag
- schema validation: fix valueMustBeBoolean translation
- remove context property from json parse error
2017-05-23 17:18:13 +01:00
Katharina Irrgang
b22151ac92 🎨 do not ping slack if we import content (#8476)
closes #7275

- forward options for events (post model only for now)
2017-05-22 17:24:59 +09:00
Aileen Nowak
1b965fab95 🎨 Move scheduling and storage in adapters/ (#8435)
no issue

Move `core/server/scheduling` to `core/server/adapters/scheduling` and
`core/server/storage` to `core/server/adapters/storage`
2017-05-15 12:52:01 +02:00
Kevin Ansfield
c71cf643e2 update default post to use a single markdown card (#8448)
no issue

- now that we've switched to using a SimpleMDE based editor in Ghost-Admin the default post needs to match the expected single-markdown-card format
2017-05-12 10:08:45 +02:00
Katharina Irrgang
4e2474a018 🎨 settings inconsistency (#8381)
no issue
- replace camelCase settings keys with underscore_case for consistency
- discussed here https://github.com/TryGhost/Ghost-Admin/pull/661#discussion_r112939982
2017-04-24 18:41:00 +01:00
Katharina Irrgang
76bd4fdef6 🙀 Image field naming & new img_url helper (#8364)
* 🙀  change database schema for images
    - rename user/post/tag images
    - contains all the required changes from the schema change

* Refactor helper/meta data
    - rename cover to cover_image
    - also rename default settings to match the pattern
    - rename image to profile_image for user
    - rename image to feature_image for tags/posts

* {{image}} >>> {{img_url}}
    - rename
    - change the functionality
    - attr is required
    - e.g. {{img_url feature_image}}

* gscan 1.0.0
    - update yarn.lock

* Update casper reference: 1.0-changes
    - see 5487b4da8d
2017-04-24 18:21:47 +01:00
Aileen Nowak
e19e91044d 🙇 Blog icon utils and publisher.logo for JSON-LD (#8297)
refs #8221, closes #7688, refs #7558

🙇  Improve meta data publisher logo behaviour
This is a follow-up PR for #8285.

Reasons: The code changes of #8285 caused error messages when falling back to the default `favicon.ico`, as the `image-size` tool doesn't support `ico` files.

This PR takes the logic to decide which logo needs to be listed in our schema into a new fn `blog_logo.js`. There we have now three decisions:
1. If we have a publication **logo**, we'll take that one
2. If we have no publication logo, but an **icon** we'll use this one.
3. If we have none of the above things, we fall back to our default `favicon.ico`

Additional, we're hard coding image dimensions for whenever the logo is an `.ico` file and built and extra decision to not call `image-size` when the dimension are already given.

I will create another follow-up PR, which checks the extension type for the file and offers it as a util.

🛠  Blog icon util

refs #7688

Serve functionality around the blog icon in its own util:
- getIconDimensions -> async function that takes the filepath of on ico file and returns its dimensions
- isIcoImageType -> returns true if file has `.ico` extension
- getIconType -> returns icon-type (`x-icon` or `png`)
- getIconUrl -> returns the absolut or relativ URL for the favicon: `[subdirectory or not]favicon.[ico or png]`

📖  Get .ico sizes for meta data & logo improvement

refs #7558
refs #8221

Use the new `blogIconUtil` in meta data to fetch the dimensions of `.ico` files.

Improvements for `publisher.logo`: We're now returning a hard-coded 'faked' image dimensions value to render an `imageObject` and prevent error our schema (Google structured data). As soon as an image (`.ico` or non-`.ico`) is too large, but - in case of non-`.ico` - a square format, be set the image-dimensions to 60px width and height. This reduces the chances of getting constantly error messages from Googles' webmaster tools.

- add getIconPath util
2017-04-11 18:32:06 +02:00
Katharina Irrgang
049b6d9874 add issued_by column to access token (#8284)
closes #6626

- see https://github.com/TryGhost/Ghost/issues/6626#issuecomment-291445977
- adding this column could make our lives easier in the future
2017-04-11 13:12:14 +01:00
Aileen Nowak
a3387adb99 🐝 Add image property to rss (#8289)
refs #7688

Adds an image property to our generated rss data, which links to the favicon (has to be `.png` reg. http://www.rssboard.org/rss-2-0-1#ltimagegtSubelementOfLtchannelgt).
2017-04-11 13:54:52 +02:00
Aileen Nowak
4ba5cc862a 🐛 Blog icon improvements (#8298)
refs #7688

- renders the correct `/favicon.ico` or `/favcicon.png` in `{{ghost_head}}`
- removes an regex issue in `serve-favicon`
2017-04-10 12:04:46 +01:00
Hannah Wolfe
a413d70313 Asset amends (#8294)
refs #8221

🔥 Remove ghost=true concept from asset url helper

 💯 Introduce CSS minification with cssnano
- add new grunt-cssnano dependency
- wire up grunt task to minify public/ghost.css

🎨 Rename minification config & hash params
- Change minifyInProduction -> hasMinFile
  - this means this asset should have a .min file available
- Change minifyAssets -> useMinFiles
  - this means that in this env we want to serve .min files if available

🎨 Update public/ghost.css to serve .min for prod
- add the new `hasMinFile` property

🎨 Move minified asset handling to asset_url util
- this logic should be in the util, not the asset helper
- updated tests

📖 Error handler always needs asset helper
- this removes the TODO and adds a more sensible comment
- we also need to update our theme documentation around error templates

🔥 Don't use asset helper in ghost head
- use getAssetUrl util instead!
- removed TODO

📖 Update proxy docs
🎨 Simplify asset helper & add tests
- this refactor is a step prior to moving this from metadata to being a url util
- needed to skip some new tests

🐛 Add missing handler for css file
2017-04-10 11:30:21 +02:00
Aileen Nowak
f0f3c2f2a7 👋🏼 Don't use ghosticon.jpg from admin assets (#8285)
refs #8221

Use our default `favicon.ico` instead of `ghosticon.jpg` which is served from the admins' assets.
Adds additionally fake image dimensions for our json-ld data to satisfy Google.
2017-04-07 14:07:47 +01:00
Aileen Nowak
83f084608f 💁🏻 Moveshared/ to server/public (#8273)
refs #8221

Instead of serving our shared assets from a `shared/` folder, we move the file, which are used server side to `server/public`.
Adds a new `config.paths` entry: `publicFilePath` and renames the middleware to serve the files to reflect the changes.
Adds `404-ghost.png` images to be used by the server side rendered default template `error.hbs`.
2017-04-07 13:21:41 +01:00
Katharina Irrgang
587ff6f026 🎨 change last_login to last_seen (#8259)
refs #8258

* 🎨  change last_login to last_seen

- rename the column
- a change in Ghost-Admin is required as well

* test utils: revert export examples

* revert line breaks
2017-04-05 20:45:55 +01:00
Hannah Wolfe
9b3c3943ef Add new plaintext field (#8276)
refs #8275

- this PR only adds the field for now, so we can merge this along with other DB changes
2017-04-05 21:28:13 +02:00
Hannah Wolfe
4b49f39e55 📖 Change the welcome to ghost fixture to be mobiledoc (#8277)
refs #8275

- this switches over the fixture to be mobiledoc based. Most of the content was to do with markdown so it has been replaced with placeholder text
- content will be replaced via #8275
2017-04-05 21:16:28 +02:00
Katharina Irrgang
817b8d09ca 😱 🎨 Refactor storage adapter (#8229)
refs #7687

There are four main changes in this PR:

we have outsourced the base storage adapter to npm, because for storage developers it's annoying to inherit from a script within Ghost
we hacked theme storage handling into the default local storage adapter - this was reverted, instead we have added a static theme storage here
use classes instead of prototyping
optimise the storage adapter in general - everything is explained in each commit

----

* rename local-file-store to LocalFileStorage

I would like to keep the name pattern i have used for scheduling.
If a file is a class, the file name reflects the class name.
We can discuss this, if concerns are raised.

* Transform LocalFileStorage to class and inherit from new base

- inherit from npm ghost-storage-base
- rewrite to class
- no further refactoring, happens later

* Rename core/test/unit/storage/local-file-store_spec.js -> core/test/unit/storage/LocalFileStorage_spec.js

* Fix wrong require in core/test/unit/storage/LocalFileStorage_spec.js

* remove base storage and test

- see https://github.com/kirrg001/Ghost-Storage-Base
- the test has moved to this repo as well

* Use npm ghost-storage-base in storage/index.js

* remove the concept of getStorage('themes')

This concept was added when we added themes as a feature.
Back then, we have changed the local storage adapter to support images and themes.
This has added some hacks into the local storage adapters.
We want to revert this change and add a simple static theme storage.

Will adapt the api/themes layer in the next commits.

* Revert LocalFileStorage

- revert serve
- revert delete

* add storagePath as property to LocalFileStorage

- define one property which holds the storage path
- could be considered to pass from outside, but found that not helpful, as other storage adapters do not need this property
- IMPORTANT: save has no longer a targetDir option, because this was used to pass the alternative theme storage path
- IMPORTANT: exists has now an alternative targetDir, this makes sense, because
  - you can either ask the storage exists('my-file') and it will look in the base storage path
  - or you pass a specific path where to look exists('my-file', /path/to/dir)

* LocalFileStorage: get rid of store pattern

- getUniqueFileName(THIS)
- this doesn't make sense, instances always have access to this by default

* Add static theme storage

- inherits from the local file storage, because they both operate on the file system
- IMPORTANT: added a TODO to consider a merge of themes/loader and themes/storage
- but will be definitely not part of this PR

* Use new static theme storage in api/themes

- storage functions are simplified!

* Add https://github.com/kirrg001/Ghost-Storage-Base as dependency

- tarball for now, as i am still testing
- will release if PR review get's accepted

* Adapt tests and jscs/jshint

* 🐛  fix storage.read in favicon utility

- wrong implementation of error handling

* 🎨  optimise error messages for custom storage adapter errors

* little renaming in the storage utlity

- purpose is to have access to the custom storage instance and to the custom storage class
- see next commit why

* optimise instanceof base storage

- instanceof is always tricky in javascript
- if multiple modules exist, it can happen that instanceof is false

* fix getTargetDir

- the importer uses the `targetDir` option to ensure that images land in the correct folder

* ghost-storage-base@0.0.1 package.json dependency
2017-04-05 15:10:34 +01:00
Hannah Wolfe
243b387063 Helper Proxy & single express-hbs instance (#8225)
refs #8126, #8221, #8223

 New 'Proxy' for all helper requires
- this is not currently enforced, but could be, much like apps
- the proxy object is HUGE
- changed date to use SafeString, this should have been there anyway
- use the proxy for all helpers, including those in apps 😁

 🎨 Single instance of hbs for theme + for errors
- we now have theme/engine instead of requiring express-hbs everywhere
- only error-handler still also requires express-hbs, this is so that we can render errors without extra crud
- TODO: remove the asset helper after #8126 IF it is not needed, or else remove the TODO

🎨 Cleanup visibility utils
🎨 Clean up the proxy a little bit
🚨 Unskip test as it now works!
🎨 Minor amends as per comments
2017-04-04 18:07:35 +02:00
Aileen Nowak
e06547ae78 Split css server templates (#8234)
closes #8126

* Remove default template dependency on client side CSS

See Issue #8126

Adds these files under /shared
- normalizer.css
- error.css
- extracted.css (for subscribers.css and private.css)

Also makes these files available as public static content

* Remove default template dependency on client CSS

closes #8126
needs e3acd3c

This is a replacement PR of #8217 (thanks @TienSFU25 for the whole work 🤗), because these changes are needed urgently and blocking other work.

Adds a new `ghost.css` file in `/core/shared/` to be used for server side template rendering (`error.hbs`, `subscribe.hbs` and `private.hbs`).
2017-04-04 10:06:38 +01:00
Hannah Wolfe
3416c05064 Posts per page as theme-config (#8149)
closes #8131

- Remove ppp from default-settings.json
- Remove ppp from meta (unused?\!)
-  Basic concept of theme config
- use theme config ppp setting
-  Make @config.posts_per_page helper available
- rather than @blog.posts_per_page, we now have @config.posts_per_page
- 🚨 Test updates
- Adding TODO note
2017-03-14 18:03:36 +01:00
Hannah Wolfe
b2f1d0559b Themes API activation permissions & validation (#8104)
refs #8093

 Add activate theme permission
- add permission to activate themes
- update tests
- also: update tests for invites
TODO: change how the active theme setting is updated to reduce extra permissions

 Move theme validation to gscan
- add a new gscan validation method and use it for upload
- update activate endpoint to do validation also using gscan
- change to using SettingsModel instead of API so that we don't call validation or permissions on the settings API
- remove validation from the settings model
- remove the old validation function
- add new invalid theme message to translations & remove a bunch of theme validation related unused keys

📖  Planned changes

🚨 Tests for theme activation API endpoint
🐛 Don't allow deleting the active theme

🚫 Prevent activeTheme being set via settings API
- We want to control how this happens in future.
- We still want to store the information in settings, via the model.
- We just don't want to be able to change this info via the settings edit endpoint

🐛  Fix warnings for uploads & add for activations
- warnings for uploads were broken in f8b498d
- fix the response + adds tests to cover that warnings are correctly returned
- add the same response to activations + more tests
- activations now return a single theme object - the theme that was activated + any warnings

🎨 Improve how we generate theme API responses
- remove the requirement to pass in the active theme!
- move this to a specialist function, away from the list

🎨 Do not load gscan on boot
2017-03-13 12:44:44 +01:00
Katharina Irrgang
27f17c973d 🎨 handle case: sync email after logout (#8097)
no issue

If the user changes the email in the remote auth service and executes a logout directly afterwards, the user would lock himself out of his blog, because the email sync happens once per hour right now.
For that case, we have to store the ghost auth id.
2017-03-08 14:31:22 +00:00
Katharina Irrgang
27e659a21e 🐛 export database read settings from database (#8103)
* 🐛  export database read settings from database

no issue

- the backup script uses the export database lib and is broken if knex-migrator is called via shell, the settings cache is not loaded
- i have changed the export database lib to read the settings key directly from the db

* use get('value')
2017-03-08 10:26:57 +00:00
Hannah Wolfe
a5ab2ffc13 🔥 🎨 No more updateSettingsCache (#8090)
no issue

🔥 Remove unnecessary cache update
🎨 simplify updateSettingsCache()
🎨 Simplify readSettingsResult
- although this is more code, it's now much clearer what happens in the two cases
🎨 Don't use readSettingResult for edit
🎨 Simplify updateSettingsCache further
🔥 Remove now unused readSettingsResult
🎨 Change populateDefault to return all
🎨 Move the findAll call out of updateSettingsCache
🔥 Remove updateSettingsCache!!
🎨 Restructure init & finish up settingsCache
- move initialisation into settingsCache.init AT LAST
- change settingCache to use cloneDeep, so that the object can't be modified outside of the functions
- add lots of docs to settings cache
🎨 Cleanup db api endpoints
🔥 Don't populate settings in migrations
2017-03-02 23:00:01 +01:00
Hannah Wolfe
690ff05588 🔥 🎨 Themes & settings misc cleanup (#8061)
no issue

🔥 remove unused loadThemes API method
🚨 Add tests for themes.readOne
🔥 Don't update settings cache for imports
- this isn't needed as of #8057
- settings.edit fires an event, that will result in the update happening automatically
🎨 Move validation to themes
- slowly collecting all theme-related code together
🔥 Reduce DEBUG output
- all this info is a bit tooooo much!
2017-02-27 23:30:49 +01:00
Hannah Wolfe
63723aa36a 🎨 Move settings cache & cleanup settings API (#8057)
closes #8037

🔥 Remove API-level default settings population
- This is a relic!
- We ALWAYS populate defaults on server start therefore this code could never run.
- This was a lot of complicated code that wasn't even needed!!

🎨 Move settings cache
- Move settings cache to be its own thing
- Update all references
- Adds TODOs for further cleanup

🎨 Create settings initialisation step
- Create new settings library, which will eventually house more code
- Unify the interface for initialising settings (will be more useful later)
- Reduce number of calls to updateSettingsCache
2017-02-27 16:53:04 +01:00
Hannah Wolfe
fe90cf2be2 Theme loading part 1 (#7989)
no issue

*  Add new server start & stop events
* 🔥 Get rid of unused availableApps concept
- when we need an API endpoint for a list of apps, we'll build one 😝
*  Move theme loading into a module
- move loading from API method to a module method and use as needed
- wire up read one vs read all as per LTS
- read one (the active theme) on boot, and read the rest after
- fudge validation - this isn't all that helpful
* Settings API tests need to preload themes
- this used to automatically happen as part of loading settings
- now we need to trigger this to happen specifically for this test
2017-02-22 00:26:19 +01:00
Hannah Wolfe
348e4c2a95 Miscellaneous code cleanup (#8031)
no issue

- 🔥 Remove duplicated file
- 💄 🐷  Cleanup double slashes
- 💄 🐷 Remove duplicate require
2017-02-21 10:39:09 +01:00
Katharina Irrgang
2e1d7fcc42 🚨 database: change hard limits and field types (#7932)
refs #7432

🚨  database: change hard limits and field types

- we went over all schema fields and decided to decrease/increase the hard limits
- the core goal is to have more flexibility in the future
- we reconsidered string vs. text

There are 5 groups:

- small strings: 50 characters
    - static strings
    - status, visibility, language, role name, permission name, client name etc.
- medium strings: 191 characters
    - all unique fields or fields which can be unique in the future
    - slug, tokens, user name, password, tag name, email
- large strings: 1000-2000 characters
    - these fields need to be very flexible
    - these fields get a soft limit attached (in a different PR)
    - post title, meta title, meta description, urls
- medium text: 64kb characters
    - bio, settings, location, tour
- long text: 1000000000 chars
    - html, amp, mobiledoc, markdown

🙄  sort_order for tests

- sort order was not set for the tests, so it was always 0
- mysql could return a different result

in my case:
- field length 156 returned the following related tags ["bacon", "kitchen"]
- field length 157 returned the following related tags ["kitchen", "kitchen"]

Change client.secret to 191

Tweak field lengths

- Add 24 char limit for ids
- Limited fields are the exact length they need
- Unified 1000 and 2000 char string classes to all be 2000
- Changed descriptions to be either 2000, except user & tag which is text 65535 as these may be used to store HTML later?!
- Updated tests

🛠  Update importer tests

- The old 001-003 tests are kind of less relevant now.
- Rather than worrying about past versions of the data structure, we should check that the importer only imports what we consider to be valid data
- I've changed the tests to treat the title-length check as a length-validation check, rather than a test for each of the old versions

🔥 Remove foreign key from subscribers.post_id

- There's no real need to have an index on this column, it just makes deleting posts hard.
- Same as created_by type columns, we can reference ids without needing keys/indexes
2017-02-17 23:20:59 +01:00
Hannah Wolfe
b00d9fee6d 🎨 ⏱ Cleanup / optimise the server.init() function (#7985)
refs #2182

* 🔥 Remove unused options from server init
- this is left over from old code and is now unused

* 🎨 Move knex-migrator check to db health

- Move complex check function into own module
- Call module from server/index.js
- This just improves the readability of server/index.js

* 🔥 Remove old comments

- These comments all make no sense now!

* 🎨 ⏱ Move model init out of promise chain

- Model.init() does not return a promise
- Therefore, we can move it to the top of the init function, outside of the promise change
- This should be a minor optimisation, and again improves readability /clarity of what's happening

*  ⁉️ Move DBHash init / first run to Settings model

- this structure is left over from when we had code we executed on the first run of Ghost
- the implementation used the API to initialise one setting before populateDefaults is called
- this had lots of dependencies - the whole model, API, and permissions structure had to be initialised for it to work
- the new implementation is simpler, it captures the dbHash getting initialised during populateDefaults()
- it also adds an event, so we can do first-run code later if we really want to (or maybe apps can?!)
- perhaps this is hiding behaviour, and there's a nicer way to do it, but populateDefaults seems like a sane place to populate a default setting 😁

* ⏱ Optimise require order so config is first

- the first require to config will cause the files to be read etc
- this ensures that it happens early, and isn't confusingly timed as part of loading a different module

* 🎨 Simplify settings model changes
2017-02-17 17:44:34 +01:00
Katharina Irrgang
d9707eb57c public client registration: remember auth url (#7994)
no issue

- we have to remember the auth url in Ghost
- if Ghost starts for the first time, it registers a public client in the defined auth service
- if you change the auth service, Ghost won't recognize
- if Ghost doesn't recognize, you will see a client does not exist error in Ghost Admin
2017-02-14 12:41:28 +00:00
Katharina Irrgang
f3d16352b1 🎨 😎 config env usages (#7929)
refs #7488

- remove all ugly env checks
- rather use config properties
- replace process.env.NODE_ENV by config.get('env')
2017-02-03 18:25:39 +00:00
Katharina Irrgang
2a52af1d99 🔥 remove imageRelPath (#7927)
refs #7488

- remove imageRelPath
- instead add a static image prefix to the url helper
2017-02-03 14:42:05 +00:00
Katharina Irrgang
0201c431d7 🔥 do not store settings in config (#7924)
* 🎨  🔥  do not store settings in config and make settings cache easier available

- remove remembering settings value in theme config
- if we need a cache value, we are asking the settings cache directly
- instead of settings.getSettingSync we use settings.cache.get

- added TODO:
  - think about moving the settings cache out of api/settings
  - we could create a folder named cache cache/settings
  - this settings cache listens on model changes for settings
  - decoupling

* 🔥  remove timezone from config

- no need to store in overrides config and in defaults settings

* 🎨  context object helper

- replace config.get('theme') by settings cache

* 🎨  replace config.get('theme') by settings.cache.get

* 🎨  adapt tests

* fixes from comments
2017-02-03 13:15:11 +00:00
Katharina Irrgang
16f5d1fdaf 🎨 add urlFor('admin') and increase usage of urlFor helper (#7935)
refs #7488

- to be able to refactor the url configuration in ghost, we need to go step by step making this possible
- reduce the usage of forceAdminSSL
- add a urlFor('admin') helper, which returns the admin url + path e.g. http://my-blog.com/blog/ghost
- increase usage of urlFor helper
- do not expose getBaseUrl, use urlFor('home') (home === blog)
2017-02-02 18:51:35 +00:00
Vivek Kannan
5507adadf1 Import from LTS blogs now properly adds tags to posts. (#7926)
closes #7866

- Importer now uses Javascript's Map instead of the normal object to ensure that tags are properly associated with their corresponding posts.
2017-01-31 17:50:44 +01:00
Aileen Nowak
d2f2888da0 Favicon URI (#7700)
closes #7688

- Use `/favicon.ico` and `/favicon.png` in blog app. Depending on type of storage (custom upload = local file storage), serves either from storage adapter with `read()` method or reads the bytes via `fs`.
- Redirects requests for `favicon.ico` to `favicon.png` if custom `png` icon is uploaded and vice versa.
- Redirect requests for `favicon.png` to `favicon.ico` if default icon is used (in `core/shared`).
- Changes the `{{asset}}` helper for favicon to not serve from theme assets anymore. It will either be served the custom blog-icon or the default one.
- The `{{@blog.icon}}` helper renders the url of the **uploaded** blog icon. It won't render the default icon.
2017-01-26 18:01:19 +00:00
Katharina Irrgang
584bd15b76 🔥 remove database version (#7894)
refs #7489

- as we are now using a different migration approach (knex-migrator), we don't need to remember the database version anymore
- it was once used to check the state of a database and based on it we decided to migrate or not
- with knex-migrator everything depends on the migration table entries and the current ghost version you are on
- on current master the leftover usage is to add the db version when exporting the database, which can be replaced by reading the ghost version
- removing this solves also an interesting migration case with knex-migrator:
  - you are on 1.0
  - you update to 1.1, but 1.1 has no migrations
  - the db version would remain in 1.0
  - because the db version was only updated when knex migrator executed a migration
2017-01-26 12:12:00 +00:00
Katharina Irrgang
c070c9722d 🐛 re-run init migrations protection (#7899)
no issue

- if re-running the init scripts (for example: you lost the init rows in the migrations table), then it was throwing errors
- 1. the owner slug and email can change -> no match and it tried to reinsert the user with id 1, which failed
- 2. querying an inactive user is not allowed, because the user model protects against it
2017-01-25 22:08:09 +01:00
Katharina Irrgang
0424c6675c 🐛 fix backup database (#7898)
refs #7489

The require path for the db backup was wrong. The before hook could not execute db backup.
Furthermore, i have replaced the logging in the backup script.
2017-01-25 20:34:31 +01:00
Katharina Irrgang
2d19ae2c6c 🔥 😎 remove old migrations (#7887)
refs #7489

- remove old migration code
- this logic was sourced out to knex-migrator
2017-01-25 13:47:49 +00:00
Aileen Nowak
ca521e234f 🐷 Rename 'favicon' to 'icon' (#7888)
refs TryGhost/Ghost#7688

Just renames `favicon` to `icon` as our usage for it will not be for favicon purposes only.
2017-01-25 11:02:02 +01:00
Katharina Irrgang
78eacb19e9 🛠 use Ignition for logging/errors (#7869)
no issue

- we started implementing logging and error handling in Ghost
- later we outsourced both into a module
- use the module now in Ghost
- this commit basically just removes the logging and error implementation and uses Ignition
2017-01-23 11:04:01 +00:00
Aileen Nowak
7cb57bff3d Find favicon in Ghost (#7713)
refs #7688

Adds logic in theme settings api to either serve an uploaded favicon and give it the type `upload` or use the default settings `default`, which will serve the favicon from our shared directory.

TODOs for #7688:
- [X] Figure out, which favicon should be used (uploaded or default) -> this PR
- [ ] Serve and redirect the favicon for any browser requests, incl. redirects
- [ ] Upload favicon via `general/settings` and implement basic admin validations -> [WIP] TryGhost/Ghost-Admin#397
- [ ] Built server side validations
2017-01-23 10:13:52 +01:00
Aileen Nowak
2f3081fa9f Make AMP optional (#7830)
closes #7769

Because Google AMP is bitching around and shows errors in Googles' webmaster tools for missing post images and blog icons, we decided to make AMP optional. It will be enabled by default, but can be disabled in general settings. Once disabled, the `amp` route doesn't work anymore.

This PR contains the back end changes for Ghost-alpha:
- Adds `amp` to settings table incl default setting `true`
- Adds `amp` value to our settings cache
- Changes the route handling of AMP app to check for the `amp` setting first.
- Adds tests to check the route handling and ghost_head output
- Includes changes to `post-lookup.js` as done by @kirrg001 in #7842
2017-01-17 16:40:06 +01:00
Katharina Irrgang
5210271474 🐛 import subscribers (#7834)
closes #7748

- logic for import of subscribers was just missing
2017-01-10 19:38:20 +00:00
Katharina Irrgang
8031102596 🎨 escape sameAs for structured data (#7833)
closes #7832

- escape output for json-ld
2017-01-10 12:21:37 +00:00
Aileen Nowak
7cd13e6122 🔑 Update Validator to 6.2.1 (#7823)
no issue

Uses new version of [validator](https://github.com/chriso/validator.js) which checks also for in URL embedded script tags.
2017-01-10 13:05:25 +01:00
Marc Bachmann
353330bb8a chore(package): update uuid to version 3.0.0 (#7742) 2017-01-04 17:10:29 +01:00
Katharina Irrgang
7eb316b786 replace auto increment id's by object id (#7495)
* 🛠  bookshelf tarball, bson-objectid

* 🎨  schema changes

- change increment type to string
- add a default fallback for string length 191 (to avoid adding this logic to every single column which uses an ID)
- remove uuid, because ID now represents a global resource identifier
- keep uuid for post, because we are using this as preview id
- keep uuid for clients for now - we are using this param for Ghost-Auth

*   base model: generate ObjectId on creating event

- each new resource get's a auto generate ObjectId
- this logic won't work for attached models, this commit comes later

* 🎨  centralised attach method

When attaching models there are two things important two know

1. To be able to attach an ObjectId, we need to register the `onCreating` event the fetched model!This is caused by the Bookshelf design in general. On this target model we are attaching the new model.
2. We need to manually fetch the target model, because Bookshelf has a weird behaviour (which is known as a bug, see see https://github.com/tgriesser/bookshelf/issues/629). The most important property when attaching a model is `parentFk`, which is the foreign key. This can be null when fetching the model with the option `withRelated`. To ensure quality and consistency, the custom attach wrapper always fetches the target model manual. By fetching the target model (again) is a little performance decrease, but it also has advantages: we can register the event, and directly unregister the event again. So very clean code.

Important: please only use the custom attach wrapper in the future.

* 🎨  token model had overriden the onCreating function because of the created_at field

- we need to ensure that the base onCreating hook get's triggered for ALL models
- if not, they don't get an ObjectId assigned
- in this case: be smart and check if the target model has a created_at field

* 🎨  we don't have a uuid field anymore, remove the usages

- no default uuid creation in models
- i am pretty sure we have some more definitions in our tests (for example in the export json files), but that is too much work to delete them all

* 🎨  do not parse ID to Number

- we had various occurances of parsing all ID's to numbers
- we don't need this behaviour anymore
- ID is string
- i will adapt the ID validation in the next commit

* 🎨  change ID regex for validation

- we only allow: ID as ObjectId, ID as 1 and ID as me
- we need to keep ID 1, because our whole software relies on ID 1 (permissions etc)

* 🎨  owner fixture

- roles: [4] does not work anymore
- 4 means -> static id 4
- this worked in an auto increment system (not even in a system with distributed writes)
- with ObjectId we generate each ID automatically (for static and dynamic resources)
- it is possible to define all id's for static resources still, but that means we need to know which ID is already used and for consistency we have to define ObjectId's for these static resources
- so no static id's anymore, except of: id 1 for owner and id 0 for external usage (because this is required from our permission system)
- NOTE: please read through the comment in the user model


* 🎨  tests: DataGenerator and test utils

First of all: we need to ensure using ObjectId's in the tests. When don't, we can't ensure that ObjectId's work properly.
This commit brings lot's of dynamic into all the static defined id's.
In one of the next commits, i will adapt all the tests.

* 🚨  remove counter in Notification API

- no need to add a counter
- we simply generate ObjectId's (they are auto incremental as well)
- our id validator does only allow ObjectId as id,1 and me

* 🎨  extend contextUser in Base Model

- remove isNumber check, because id's are no longer numbers, except of id 0/1
- use existing isExternalUser
- support id 0/1 as string or number

*   Ghost Owner has id 1

- ensure we define this id in the fixtures.json
- doesn't matter if number or string

* 🎨  functional tests adaptions

- use dynamic id's

* 🎨  fix unit tests

* 🎨  integration tests adaptions

* 🎨  change importer utils

- all our export examples (test/fixtures/exports) contain id's as numbers
- fact: but we ignore them anyway when inserting into the database, see https://github.com/TryGhost/Ghost/blob/master/core/server/data/import/utils.js#L249
- in 0e6ed957cd (diff-70f514a06347c048648be464819503c4L67) i removed parsing id's to integers
- i realised that this ^ check just existed, because the userIdToMap was an object key and object keys are always strings!
- i think this logic is a little bit complicated, but i don't want to refactor this now
- this commit ensures when trying to find the user, the id comparison works again
- i've added more documentation to understand this logic ;)
- plus i renamed an attribute to improve readability

* 🎨  Data-Generator: add more defaults to createUser

- if i use the function DataGenerator.forKnex.createUser i would like to get a full set of defaults

* 🎨  test utils: change/extend function set for functional tests

- functional tests work a bit different
- they boot Ghost and seed the database
- some functional tests have mis-used the test setup
- the test setup needs two sections: integration/unit and functional tests
- any functional test is allowed to either add more data or change data in the existing Ghost db
- but what it should not do is: add test fixtures like roles or users from our DataGenerator and cross fingers it will work
- this commit adds a clean method for functional tests to add extra users

* 🎨  functional tests adaptions

- use last commit to insert users for functional tests clean
- tidy up usage of testUtils.setup or testUtils.doAuth

* 🐛  test utils: reset database before init

- ensure we don't have any left data from other tests in the database when starting ghost

* 🐛  fix test (unrelated to this PR)

- fixes a random failure
- return statement was missing

* 🎨  make changes for invites
2016-11-17 09:09:11 +00:00
Katharina Irrgang
3d3101ad0e 🐛 invite permissions for Editor (#7724)
closes #7723

- editor role had no permissions assigned for invites
2016-11-16 13:49:55 +00:00
Katharina Irrgang
0f855c538e 🎨 invites roles table into a field on the invites table (#7705)
* 🎨  schema change

- simply role_id attribute

* 🎨  update invite model

- remove all methods we don't need
- ensure we remove the relation from the model
- ensure we do not allow to call withRelated

* 🎨  adapt api changes

* 🎨  adapt auth module

* 🎨  adapt tests

* 🎨  better error handling

* schema update
2016-11-16 09:33:44 +00:00
Aileen Nowak
06061d5d6c 💄 Improve URL consistency, Part 1: urlJoin (#7668)
refs #7666

Use urlJoin for more consistency instead of concatenating url strings.
2016-11-14 14:38:55 +00:00
Hannah Wolfe
4a2ddbe2ae Merge pull request #7701 from kirrg001/1.0.0-dev/fix-brute-schema
🐛  fix brute
2016-11-14 14:34:31 +00:00
kirrg001
424f7fba0d 🎨 use bigInteger as type for brute schema
- i thought of keeping our schema, because it might be less confusing
- it's basically the same config brute-knex uses as default
- see last commit why we are using this type definition
2016-11-10 11:50:23 +01:00
Katharina Irrgang
b48031fa0e 🎨 unique constraint for permission and role name (#7674)
refs #7494,  refs #7495 

I saw tests adding permissions and roles twice. (see screenshots)
That happened because the setup in the test was mis-used and there is no restriction for static resources to create duplicates.
With this PR i suggest to make name unique.
2016-11-09 15:02:49 +00:00
Katharina Irrgang
48387e4ffd 🎨 tidy up static id (owner, internal, external) usages (#7675)
refs #7494, refs #7495 

This PR is an extracted clean up feature of #7495.
We are using everywhere static id checks (userId === 0 or userId === 1).
This PR moves the static values into the Base model.
This makes it 1. way more readable and 2. we can change the id's in a central place.

I changed the most important occurrences - no tests are touched (yet!).

The background is: when changing from auto increment id (number) to ObjectId's (string) we still need to support id 1 and 0, because Ghost relies on these two static id's.
I would like to support using both: 0/1 as string and 0/1 as number.

1 === owner/internal
0 === external

Another important change:
User Model does not longer define the contextUser method, because i couldn't find a reason?
I looked in Git history, see 6e48275160
2016-11-09 15:01:07 +00:00
kirrg001
974c6071e8 🐛 fix brute schema
no issue

- brute-knex uses timestamp type, see https://github.com/llambda/brute-knex/blob/master/index.js
- so we also defined timestamp type
- see http://stackoverflow.com/questions/9192027/invalid-default-value-for-create-date-timestamp-field
- see http://stackoverflow.com/questions/35237278/mysql-invalid-default-value-for-timestamp-when-no-default-value-is-given
- mysql does not allow a second timestamp without default value
- we have to options: define a default value or allow null or use dateTime
- let's use dateTime, as 1. we are using it for all our dates in Ghost and 2. it's recommended
- read here http://www.sqlteam.com/article/timestamps-vs-datetime-data-types
- there are some difference, i think the most important difference is that TIMESTAMP changes if the tz changes in your database
- lifetime is timestamp not a bigInteger, this was a mistake i think (see https://github.com/llambda/brute-knex/blob/master/index.js#L115)
2016-11-09 12:14:26 +01:00
Katharina Irrgang
0a744c2781 🎨 public client registration updates (#7690)
* 🎨  use updateClient function to update redirectUri

refs #7654

* 🎨  name instead of clientName
* 🎨  config.get('theme:title') for client name

- initial read can happen from config

*   register public client: client name and description

- no update yet
- for initial client creation
- we forward title/description to Ghost Auth
- TODO: use settings-cache when merged

*   store blog_uri in db
* 🎨  passport logic changes

- use updateClient instead of changeCallbackURL
- be able to update: blog title, blog description, redirectUri and blogUri
- remove retries, they get implemented in passport-ghost soon
- reorder logic a bit

* 🛠  passport-ghost 1.2.0

* 🎨  tests: extend DataGenerator createClient

- set some defaults

* 🎨  tests

- extend tests
- 👻

*   run auth.init in background

- no need to block the bootstrap process
- if client can't be registered, you will see an error
- ensure Ghost-Admin renders correctly

* 🛠   passport-ghost 1.3.0

- retries

* 🎨  use client_uri in Client Schema

- adapt changes
- use blog_uri only when calling the passport-ghost instance
- Ghost uses the client_uri notation to improve readability

*   read blog title/description from settings cache

* 🚨  Ghost Auth returns email instead of email_address

- adapt Ghost
2016-11-08 14:21:25 +00:00
David Wolfe
68af2145a1 Replace memory spam prevention with brute-express (#7579)
no issue

- removes count from user checks model
- uses brute express brute with brute-knex adaptor to store persisted data on spam prevention
- implement brute force protection for password/token exchange, password resets and private blogging
2016-11-08 12:33:19 +01:00
Katharina Irrgang
bae0de6cd5 knex-migrator v2 (#7605)
* 🎨  knex-migrator reset

[ci skip]

*   add migration example

- hooks
- 1.0

[ci skip]

* 🛠  knex-migrator tarball

- remove when released

[ci skip]

* 🎨  jscs/jshint

* 🕵🏻 do not drop the database connection when running tests

- please read the comments in the commit

* 🔥  remove example migration

* 🛠  knex-migrator 0.1.0

* 🛠  knex-migrator 0.1.1

- fix a single test to ensure we catch the error

* 🛠  knex-migrator 0.1.2

* 🎨  make tests green

- added my keyword: kate-migrations
- i will go over all TODO's when removing the old migrations code

* 🛠  knex-migrator update

* 🛠  knex-migrator 0.2.0
2016-11-07 11:39:49 +00:00
Hannah Wolfe
9a7ebeef1c Use moment-timezone when using .tz() (#7653)
refs #7449, refs #7514, refs #7643

- We've had a couple of issues raised, and a few people in #help all report the same error:
> Cannot read property 'zone' of undefined
When starting Ghost.

I'm not sure why this seems to work sometimes, and not others, however it would seem that we
should require moment-timezone anywhere we want to use timezone features.

This PR fixes the LOC shown in #7449 as the problem line + I searched for any other potential problems
2016-10-31 14:44:24 +01:00
Katharina Irrgang
8d8d7bdb26 knex migrator (#7565)
refs #7489
- remove sephiroth
- use knex migrator npm
- goodbye bootup script
- 🎨  update README
- 🎨  knex migrator @ 0.0.2
2016-10-17 13:50:29 +01:00
Katharina Irrgang
869a35c97d migrations: seeding is part of init db task (#7545)
* 🎨  move heart of fixtures to schema folder and change user model

- add fixtures.json to schema folder
- add fixture utils to schema folder
- keep all the logic!

--> FIXTURE.JSON
- add owner user with roles

--> USER MODEL
- add password as default
- findAll: allow querying inactive users when internal context (defaultFilters)
- findOne: do not remove values from original object!
- add: do not remove values from original object!

* 🔥  remove migrations key from default_settings.json

- this was a temporary invention for an older migration script
- sephiroth keep alls needed information in a migration collection

* 🔥   add code property to errors

- add code property to errors
- IMPORTANT: please share your opinion about that
- this is a copy paste behaviour of how node is doing that (errno, code etc.)
- so code specifies a GhostError

* 🎨  change error handling in versioning

- no need to throw specific database errors anymore (this was just a temporary solution)
- now: we are throwing real DatabaseVersionErrors
- specified by a code
- background: the versioning unit has not idea about seeding and population of the database
- it just throws what it knows --> database version does not exist or settings table does not exist

* 🎨  sephiroth optimisations

- added getPath function to get the path to init scripts and migration scripts
- migrationPath is still hardcoded (see TODO)
- tidy up database naming to transacting

*   migration init scripts are now complete

- 1. add tables
- 2. add fixtures
- 3. add default settings

* 🎨  important: make bootup script smaller!

- remove all TODO'S except of one
- no seeding logic in bootup script anymore 🕵🏻

*   sephiroth: allow params for init command

- param: skip (do not run this script)
- param: only (only run this script)
- very simple way

* 🎨  adapt tests and test env

- do not use migrate.populate anymore
- use sephiroth instead
- jscs/jshint

* 🎨  fix User model status checks
2016-10-12 16:18:57 +01:00
Katharina Irrgang
677502813e 🎨 replace process.env.NODE_ENV usages by config.get('env') (#7544)
closes #6629

- i had the case that in gravatar process.env.NODE_ENV was undefined and indexOf of undefined crashe my application
- so always use config to read current env
2016-10-11 13:53:52 +01:00
Katharina Irrgang
9fad7f1d69 use migration runner for init db (#7502)
refs #7489

* 🎨  protect error when creating owner
* 🎨  reset migration table
- temporary solution, see TODO's
* 🎨  use sephiroth in bootUp script
- do not populate the database
- ask sephiroth for database state
- do seeding manually (this will be removed in next seeding PR)
* 🎨  rewrite createTableIfNotExists because it causes error when running twice
- see knex issue
- hasTable and createTable
- indexes can cause trouble when calling them twice
* 🎨  tests: populate db in test env
- when forking db
- when starting ghost()
- this basically affects only the functional tests
* 🎨  server spec test adaption
- we now throw an error when database is not populated, instead of populating the database
* 🎨   migration spec adaption
- reset database now deletes migration table
- we will move the reset script into sephiroth and then we make it pretty
* 🎨  error creation adaption in bootUp
* 🎨  fixes
- sephiroth error handling
- fix tests
2016-10-11 13:37:11 +01:00
Hannah Wolfe
59e2694acf Misc Middleware cleanup (#7526)
* 💄 Combine slashes & uncapitalise middleware

- these bits of middleware belong together
- ideally they should be optimised

* 🎨 Move ghostLocals out of themeHandler

GhostLocals sets several important values which are needed for every part of the application,
admin, api and theme. Therefore, it doesn't make sense for it to be bundled in the themeHandler.

* 🐛 Fix the uncapitalise middleware

- Updated to make correct use of req.baseUrl, req.path, req.url & req.originalUrl
- Updated the tests to actually cover our weird cases

* 🎨 Move ghostVersion logic out of config

* 💄 Group static / asset-related middleware together

* 🔥 Remove /shared/ asset handling

- The 5 files which are located in `/shared/` are all handled by individual calls to `serveSharedFile`
- Therefore this code is redundant
2016-10-10 21:14:32 +02:00
Katharina Irrgang
8d9414e8ba 🎨 optimise sephiroth error handling (#7531)
refs #7489
2016-10-10 18:31:32 +01:00
Katharina Irrgang
c4fa34224f Migration runner - first iteration (#7501)
refs #7489
- add independent migratio runner
- add init script
- this is not connected to Ghost yet, but next PR will
2016-10-10 13:27:31 +01:00
Hannah Wolfe
63094d3cc7 Move internal tags out of labs (#7519)
closes #6165

- internal tags has been in labs for a couple of months, we've fixed some bugs & are ready to ship
- removes all code that tests for the labs flag
- also refactors the various usage of the visibility filter into a single util
- all the tests still pass!!!
- this marks #6165 as closed because I think the remaining UI tasks will be handled as part of a larger piece of work
2016-10-10 09:51:03 +01:00
Hannah Wolfe
c74f65683e 🎨 Change asset path to /ghost/assets (#7504)
closes #7503

- Update this server-side to serve assets from ghost/assets
- a Ghost-Admin PR changes the client to always request them from there
2016-10-07 17:05:36 -05:00
Katharina Irrgang
f9561eed29 🎨 use nullable(false) for knex schema builder (#7511)
refs #7470
2016-10-07 10:17:39 +01:00
Katharina Irrgang
e2e83a0f7b Migration: New database versioning (#7499)
refs #7489

- new database versioning scheme which is based upon the Ghost version, and so easier to reason about
- massive refactor of all the version related code 

Summary of changes:

*   new error: DatabaseNotSeeded
* 🎨  change versioning module
  - versioning is based on Ghost Version
* 🎨  change bootUp file
  - add big picture description
  - version error get's trigger from versioning module
* 🎨  default setting for database version is null
  - very important change: this is caused by the big picture
  - see bootUp description
  - the database version get's set by the seed script later
  - db version is by default null
  - 1. population happens (we ensure that this has finished, by checking if each table exists)   
  - 2. seeds happening (we ensure that seeds happend if database version is set to X.X)
* 🎨  temporary change for population logic
  - set database version after population happens
  - ensure population of default settings happend before
  - both: get's removed in next iteration
* 🎨  adapt tests && mark TODO's
* 🎨  err instance checking
2016-10-06 14:50:55 +01:00
Katharina Irrgang
d81bc91bd2 Error creation (#7477)
refs #7116, refs #2001

- Changes the way Ghost errors are implemented to benefit from proper inheritance
- Moves all error definitions into a single file
- Changes the error constructor to take an options object, rather than needing the arguments to be passed in the correct order.
- Provides a wrapper so that any errors that haven't already been converted to GhostErrors get converted before they are displayed.

Summary of changes:

* 🐛  set NODE_ENV in config handler
*   add GhostError implementation (core/server/errors.js)
  - register all errors in one file
  - inheritance from GhostError
  - option pattern
* 🔥  remove all error files
*   wrap all errors into GhostError in case of HTTP
* 🎨  adaptions
  - option pattern for errors
  - use GhostError when needed
* 🎨  revert debug deletion and add TODO for error id's
2016-10-06 13:27:35 +01:00
Katharina Irrgang
32700a0e5a 🔥 remove all migration files (#7498)
refs #7489
- a simple PR to remove all the old migration files
- remove related tests
2016-10-05 19:57:32 +01:00
Katharina Irrgang
1882278b5b 🎨 configurable logging with bunyan (#7431)
- 🛠  add bunyan and prettyjson, remove morgan

-   add logging module
  - GhostLogger class that handles setup of bunyan
  - PrettyStream for stdout

-   config for logging
  - @TODO: testing level fatal?

-   log each request via GhostLogger (express middleware)
  - @TODO: add errors to output

- 🔥  remove errors.updateActiveTheme
  - we can read the value from config

- 🔥  remove 15 helper functions in core/server/errors/index.js
  - all these functions get replaced by modules:
    1. logging
    2. error middleware handling for html/json
    3. error creation (which will be part of PR #7477)

-   add express error handler for html/json
  - one true error handler for express responses
  - contains still some TODO's, but they are not high priority for first implementation/integration
  - this middleware only takes responsibility of either rendering html responses or return json error responses

- 🎨  use new express error handler in middleware/index
  - 404 and 500 handling

- 🎨  return error instead of error message in permissions/index.js
  - the rule for error handling should be: if you call a unit, this unit should return a custom Ghost error

- 🎨  wrap serve static module
  - rule: if you call a module/unit, you should always wrap this error
  - it's always the same rule
  - so the caller never has to worry about what comes back
  - it's always a clear error instance
  - in this case: we return our notfounderror if serve static does not find the resource
  - this avoid having checks everywhere

- 🎨  replace usages of errors/index.js functions and adapt tests
  - use logging.error, logging.warn
  - make tests green
  - remove some usages of logging and throwing api errors -> because when a request is involved, logging happens automatically

- 🐛  return errorDetails to Ghost-Admin
  - errorDetails is used for Theme error handling

- 🎨  use 500er error for theme is missing error in theme-handler

- 🎨  extend file rotation to 1w
2016-10-04 16:33:43 +01:00
Hannah Wolfe
e40290af5d 🎨 Use GhostAuth name and example emails (#7475)
refs #7452

- remove references to 'patronus' in favour of GhostAuth, Note: this will require databases to be deleted ;)
- remove email addresses from test data
2016-10-03 15:11:43 +01:00
Katharina Irrgang
1867e1a75e 🎨 run database population in transaction (#7448)
* 🎨  run database population in transaction

refs #6574, refs #7432

- create transaction for creating tables
- if an error occurs or a container get's destroyed before population finishes, transaction is rolled back

* 🎨  simplify transaction creation and test
2016-09-30 14:05:17 +01:00
Katharina Irrgang
6473c9e858 Ghost OAuth (#7451)
issue #7452

Remote oauth2 authentication with Ghost.org.

This PR supports:

- oauth2 login or local login
- authentication on blog setup
- authentication on invite
- normal authentication
- does not contain many, many tests, but we'll improve in the next alpha weeks
2016-09-30 12:45:59 +01:00
kirrg001
d0356a257e 🐛 fix circular dependency in new bootUp script
closes #7440
2016-09-27 12:18:45 +02:00
kirrg001
b79a18ca8f 🎨 Separate invites from user
refs #7420
- remove invite logic from user
- add invite model and adapt affected logic for inviting team members
2016-09-26 11:08:43 +02:00
Hannah Wolfe
264661ee09 🐛 Refresh assetHash on theme override (#7430)
closes #7423

- Extend our dirty theme override cache clear hack to also reset the asset hash
_ This brings alpha into line with the LTS branch
- This still needs a rewrite for Ghost 1.0.0 🙄
2016-09-23 13:05:44 +02:00
Katharina Irrgang
32a5982430 utf8mb4 support (#7409)
closes #5519, closes #6197

- default encoding is utf8mb4 instead of utf8
- support emojis
- read here why: http://dev.mysql.com/doc/refman/5.7/en/innodb-restrictions.html
- read here why: https://dev.mysql.com/doc/refman/5.5/en/charset-unicode-conversion.html
2016-09-20 15:59:34 +01:00
Hannah Wolfe
9a520f39fb 🎨 Preparation for going alpha (#7404)
- Don't let people start Ghost Alpha with non-alpha databases.
- Provide a new welcome message for development mode (a little bit of positive reinforcment)
- Provide a RED WARNING when in production mode (will still be used for developing, but we can ignore)
- Change package.json to 1.0.0-alpha.0, we won't relelase this, will bump to .1 for release
2016-09-20 15:59:34 +01:00
kirrg001
8115d83782 🔥 remove postgres support
refs #1333, refs #5878, refs #5321
2016-09-20 15:59:34 +01:00
kirrg001
231fea4766 🎨 adaption from master merge
no issue
[ci skip]
2016-09-20 15:59:34 +01:00
kirrg001
6a97873f98 🎨 🔦 refactor content paths (images, apps, themes, storage, scheduling)
refs #6982
- create config util fn: getContentPath
- we can later let the user change the folder names in contentPath
- get rid of custom/default storage paths

[ci skip]
2016-09-20 15:59:34 +01:00
kirrg001
f4bee50e86 🎨 create assetHash if not available in asset_url helper
refs #6982
- was before generated in ConfigManager

[ci skip]
2016-09-20 15:59:34 +01:00
kirrg001
34e48dc49a 🎨 🔦 do not append isPostgreSQL to config
refs #6982
- we cannot add functions to nconf

[ci skip]
2016-09-20 15:59:34 +01:00
kirrg001
0ae0a0b490 🎨 change how we get and set config
refs #6982
- a replace for all config usages
- always use config.get or config.set
- this a pure replacement, no logic has changed

[ci skip]
2016-09-20 15:59:34 +01:00
kirrg001
0b2940d587 🎨 add getSubdir and getProtectedSlugs
refs #6982

- do not add the subdir property as static config value
- create functions to read subdir and protected slugs on runtime
2016-09-20 15:59:34 +01:00
Katharina Irrgang
c8119eee1f 🎨 source out url utils from ConfigManager (#7347)
refs #6982
2016-09-20 15:59:34 +01:00
Hannah Wolfe
a791b43f1e 🐛 😱 Fixing extract-zip derp-moment
There are no words for this!
2016-09-14 22:47:41 +01:00
David Wolfe
1cf0b940ad Do not show internal tags in RSS feed (#7385)
closes #7367

- checks tags are visibile if internal tags are enabled in labs
- dirty quick update to tests
2016-09-14 19:14:08 +01:00
Hannah Wolfe
de66a61f59 hides internal tags from displaying in meta data (#7379)
closes #7348

- only filter keywords if the internal tag lab feature is turned on
2016-09-14 17:33:24 +00:00
Katharina Irrgang
774a662fb2 🐛 re-run migration for sqlite/pg (#7323)
closes #7192

- add 008 migration
- added script to re-run 006/01
- re-run 006/01 migration for postgres in any timezone (transform formats only)
- re-run 006/01 migration for sqlite (transform formats only)
- rely on format checks for sqlite, do not check server TZ
2016-09-14 17:52:45 +01:00
Aileen Nowak
b598656ff1 Use migration to add AMP column in posts table (#7370)
no issue

Uses migration to '008' to add an `amp` column to the `posts` table.
2016-09-14 16:02:35 +01:00
Katharina Irrgang
5f4da361aa 🐛 fix 006 transform dates for sqlite server offset 0 (#7322)
refs #7192, refs #7248, refs #7351
2016-09-14 11:19:39 +01:00
Ryan McCarvill
98a17d5116 fix: Empty Sitemap.xml (#7354)
closes #7341
2016-09-14 10:44:08 +02:00
Hannah Wolfe
761d963893 💄 Output overall from -> to version during migration (#7329)
no issue

- Migrations weren't clear what version the database was
2016-09-06 13:59:54 +02:00
Katharina Irrgang
2142a9c587 🐛 fix direct blog migration and permission fixture options (#7320)
* 🐛 fix direct update

closes #7297
- move sitemap initialisation into sitemap handler
- initialise sitemap on first request to sitemap

* 🐛 fix how we pass options to migration files

refs #7317
- clone options when passing them into the migration/fixture files
- do not use default sequence, because it does not clone the arguments
2016-09-06 13:16:32 +02:00
Aileen Nowak
f7129a0e39 🎨 Util to convert relative urls in absolute (#7264)
no issue

This PR takes the existing function `processUrls` in `data/xml/rss` and refactors it to be a stand-alone util.
The change is needed, as this functionality will be accessed from `apps/amp` to convert relative URLs.
2016-08-25 07:09:40 +01:00
Hannah Wolfe
5739411c51 🐛 Ensure sitemap items are valid (#7261)
closes #7186

- Add a concept of validity to each generator
- Refactor base generator to handle invalid (empty) nodes for both events & the initial generation
- Update the tests a bit, to fix some bugs in the tests
- Ensure the homepage is always present
2016-08-25 07:13:08 +02:00
Katharina Irrgang
a91e54cf1a feature: theme upload/download/delete (#7209)
refs #7204

- added 3 new themes permissions
- change core/client
- add theme upload/download logic
- extended local file storage to serve zips
- added gscan dependency
- add ability to handle the express response within the api layer
- restrict theme upload to local file storage
- added 007 migration
2016-08-23 13:07:25 +01:00
Aileen Nowak
a5c29dfc34 [FEATURE] AMP (#7229)
closes #6588, #7095

* `ImageObject` with image dimensions (#7152, #7151, #7153)
- Returns meta data as promise
    - returns a new Promise from meta data
    - uses `Promise.props()` to resolve `getClient()` and `getMetaData()`

- Adds 'image-size' util
The util returns an object like this
```
{
    height: 50,
    url: 'http://myblog.com/images/cat.jpg',
    width: 50
};
```
if the dimensions can be fetched and rejects with error, if not.
In case we get a locally stored image or a not complete url (like `//www.gravatar.com/andsoon`), we add the protocol to the incomplete one and use `urlFor()` to get the absolute URL. If the request fails or `image-size` is not able to read the file, we reject with error.
- adds 'image-size' module to dependencies
- adds `getImageSizeFromUrl` function that returns image dimensions

- In preparation of AMP support and to improve our schema.org JSON-LD and structured data, I made the following changes:
    - Changes the following properties to be `Objects`, which have a `url` property by default and a `dimensions` property, if `width` and `height` are available:
        - `metaData.coverImage`
        - `metaData.authorImage`
        - `metaData.blog.logo`
    - Checks cache by calling `getCachedImageSizeFromUrl`. If image dimensions were fetched already, returns them from cache instead of fetching them again.
    - If we have image dimensions on hand, the output in our JSON-LD changes from normal urls to be full `ImageObjects`. Applies to all images and logos.
    - Special case for `publisher.logo` as it has size restrictions: if the image doesn't fulfil the restrictions (<=600 width and <=60 height), we simply output the url instead, so like before.
    - Adds new property for schema.org JSON-LD: `mainEntityOfPage` as an Object.
    - Adds additional Open Graph data (if we have the image size): `og:image:width` and `og:image:height`
    - Adds/updates tests

* AMP router and controller (#7171, #7157)
Implements AMP in `/apps/`:
- renders `amp.hbs` if route is `/:slug/amp/`
- updates `setResponseContext` to set context to `['amp', 'post']` for a amp post and `['amp', 'page']` for a page, but will not render amp template for a page
- updates `context_spec`
- registers 'amp' as new internal app
- adds the `amp.hbs` template to `core/server/apps/amp` which will be the default template for AMP posts.
- adds `isAmpURL` to `post-lookup`

* 🎨 Use `context` in meta as array (#7205)
Instead of reading the first value of the context array, we're checking if it includes certain context values.
This is a preparation change for AMP, where the context will be delivered as `['amp', 'post']`.

*  AMP helpers (#7174, #7216, #7215, #7223)
- Adds AMP helpers `{{amp_content}}`, `{{amp_component}}` and  `{{amp_ghost_head}}` to support AMP:
- `{{amp_content}}`:
    - Adds `Amperize` as dependency
    - AMP app uses new helper `{{amp_content}}` to render AMP HTML
    - `Amperize` transforms regular HTML into AMP HTML
    - Adds test for `{{amp_content}}` helper
    - Adds 'Sanitize-HTML` as dependendy
    - After the HTML get 'amperized' we still might have some HTML tags, which are prohibited in AMP HTML, so we use `sanitize-html` to remove those. With every update, `Amperize` gets and it is able to transform more HTML tags, they valid AMP HTML tags (e. g. `video` and `amp-video`) and will therefore not be removed.
- `{{amp_ghost_head}}`:
    - registers `{{amp_ghost_head}}` helper, but uses `{{ghost_head}}` code
    - uses `{{amp_ghost_head}}` in `amp.hbs` instead of `{{ghost_head}}`
- `{{ghost_head}}`:
    - Render `amphtml` link in metadata for post, which links to the amp post (`getAmpUrl`)
    - Updates all test in metadata to support `amp` context
    - Changes context conditionals to work with full array instead of first array value
    - Adds conditionals, so no additional javascript gets rendered in `{{ghost_head}}`
    - Removes trailing `/amp/` in URLs, so only `amphtml` link on regular post renders it
    - Adds a conditional, so no code injection will be included, for an `amp` context.
- `{{amp_components}}`:
    - AMP app uses new helper `{{amp_components}}` to render necessary script tags for AMP extended components as `amp-iframe`, `amp-anime` and `amp-form`
    - Adds test for `{{amp_components}}`
2016-08-22 18:49:27 +02:00
Katharina Irrgang
663b410fd4 feature: upload validation middleware (#7208)
no issue

- Source out validation logic into a upload validation middleware for all upload types (csv, image, subscribers). This unit can be later used for Ghost 1.0 as a pre validation core unit. 
- More usage of route tests than controller tests. These are use case tests, a use case only changes if the product changes
2016-08-18 20:25:51 +01:00
Misha Wakerman
634956e7db Removes internal tags from sitemap (#7199)
closes #7186
2016-08-13 07:00:43 -06:00
Katharina Irrgang
c6f1a8de13 fix: refresh settings cache for migration 006 (#7147)
no issue
- refresh settings cache after 006/001 migration fixture
2016-07-26 13:53:17 +01:00
Katharina Irrgang
e5a0471c9d improvement: set activeTimezone when transforming dates (#7142)
no issue
- sets `settings.activeTimezone` to best-guess based on current server time when performing the timezones migration in order to prevent unexpected changes in timezone when upgrading
2016-07-26 12:05:39 +01:00
Katharina Irrgang
c9dc367bf0 improvement: validate timezones (#7143)
no issue
- add isTimezone to schema validation
2016-07-26 10:23:20 +01:00
Katharina Irrgang
417b9b6b7c fix: enable maintenance mode only if there is an upgrade to perform (#7129)
refs #7125
- create isDatabaseOutOfDate fn for initial migration update checks
- only set maintenance.enabled to true if migration needs to happen
2016-07-26 09:56:07 +01:00
Vijay Kandy
f2d09df512 Support for custom notifications (#7077)
closes #5071

- Send application/json requests to UpdateCheck service. New UpdateCheck service accepts JSON request
- If UpdateCheck service respponse has messages[] array, iterate over the array and create custom notifications intended for current version
- Save custom notification if its not already in the store AND its uuid is not in seenNotifications array
- When a custom notification is dismissed, store its uuid in seenNotifications array
- setup test fixtures to trigger tests properly
- api_notification_spec test to ensure custom notification can be added to store and added to seenNotifications when dismissed
- update_check_spec test to ensure custom notification can be displayed for a specific Ghost version
- added test to ensure messages meant for other versions don't create notifications
2016-07-22 14:02:10 +01:00
Katharina Irrgang
748c664b78 feature: maintenance mode (#7019)
closes #6976
- add maintenance mode when running migrations
- refactor update/populate migrations
2016-07-15 17:22:41 +01:00
Katharina Irrgang
6e1bd2838e improvement: migrations (#7000)
closes #6972, #6574

- run each database version as top level transaction
- run migrations in correct order
2016-07-14 11:59:42 +01:00
Gergely Nemeth
447cc0cd2e fix(twitter-card): use proper image tag (#7025) 2016-06-29 18:04:43 -06:00
Austin Burdine
44537bd15f deps: lodash@4.13.1
closes #6911
- update lodash to v4
- remove lodash.tostring override
- remove lodash from greenkeeper ignore
2016-06-11 13:13:55 -06:00
Aileen Nowak
1487df9b30 Adds UTC as select option to timezones select list
no issue

- adds '(GMT) UTC' as select option to available Timezones
- changes default value for active Timezone to 'Etc/UTC'
2016-06-10 15:19:16 +02:00
Sebastian Gierlinger
88dc7b3e99 Merge pull request #6929 from ErisDS/event-test-fix
Add removal for event listeners, fixes test error
2016-06-10 11:53:34 +02:00
kirrg001
901c9d75a0 improvement: improve db/connection.js readability 2016-06-10 07:08:02 +02:00
Hannah Wolfe
f489d7df72 xmlrpc + slack init() -> listen() & fixup tests
no issue

- changes xmlrcp & slack `init` function to be `listen`
- update the code to use `listen` instead of `init`
- changes the tests to make sure that event listeners are not wired up
- adds 100% test coverage

Since we added slack event listeners, the xmlrpc event tests have been throwing an error:
 > Unhandled rejection Error
See: http://puu.sh/phvjZ.png

This is because both xmlrpc & slack are listening to `post.published` events.
xmlrpc didn't require any extra stubbing, but the slack listener did
By turning the listeners off after the tests, we reset the environment to not impact the next event test

We probably need to do more work like this to improve the systems around event handling and
make them more robust
2016-06-09 15:38:19 +01:00
Aileen Nowak
66bf66de4e Timezone select list without DST
refs #6933

Some hard timezones of the hard coded list where shown (`label`-property) with a `GMT`-offset incl. DST. All offsets are now without DST.
Removes `offset` property as it is not used and `Greenwich Mean Time` from label.
2016-06-09 10:35:22 +02:00
Hannah Wolfe
80a79172c4 Revert "Revert "Force UTC at process level"" 2016-06-03 09:06:18 +01:00
Hannah Wolfe
78e693f469 Revert "Force UTC at process level" 2016-06-02 14:38:02 +01:00
kirrg001
ec176c243a Force UTC at process level
issues #6406 #6399
- all dates are stored as UTC with this commit
- use moment.tz.setDefault('UTC')
- add migration file to recalculate local datetimes to UTC
- store all dates in same format into our three supported databases
- add option to remeber migrations inside settings (core)
- support DST offset for migration
- ensure we force UTC in test env
- run whole migration as transaction
- extend: Settings.findOne function
2016-06-02 13:23:09 +02:00
Hannah Wolfe
45226bcaaa Merge pull request #6889 from kirrg001/improvement/general
improvement: general fixes
2016-06-01 07:58:00 +01:00
kirrg001
c9fbf01521 improvement: general fixes
- add NODE_LEVEL to print errors while running tests
- try/catch while parsing translations file
- run setup/teardown as promise or callback
- some general error improvements
2016-06-01 07:07:20 +02:00
Aileen Nowak
38a261daac timezones: Always use the timezone of blog setting
closes #6406
- adding timeZone Service to get the offset (=timezone reg. moment-timezone) overall available
- new publishedAtOffset date as CP using timeZone service and moment-timezone to calculate offset incl. DST
- removing timezone-obj transform as it became obsolete with moment-timezone
- reading timezones from configuration/timezones api endpoint
- adding a moment-utc transform to only work with utc times in backend
- when switching the timezone in the select box, the user will be shown the local time of the selected timezone
- added clock service to show actual time ticking below select box
- default timezone is '(GMT) Greenwich Mean Time : Dublin, Edinburgh, London'
- if no timezone is saved in the settings yet, the default value will be used
- showing local time in 'Publish Date' when it's a draft and no actual publishedAt value exists
- Removed the format 'DD MMM YY @ HH:mm (UTC Z)' which resolves to '01 Jan 16 @ 14:00 (UTC +02:00)'
- Changing the date.js helper in core/server for moment-timezone
- Fix timezone select: updates `selectedTimezone` to return the matching object from `availableTimezones`
- Including timezones in test for date-helper
- update to moment-timezone 0.5.1
- moving form-group of 'selectTimezone' further up so
- Tests:
	- Set except for clock service in test env
	- adding fixtures to mirage
	- adding 'service.ajax' to navigation-test.js
	- adding 'service:ghostPaths' to navigation-test.js
- Code improvements
- Changing clockservice to ES6
2016-05-20 13:59:45 +02:00
Hannah Wolfe
6737427ce9 Don't clobber blog.logo in metadata
- Ghost logo suddenly appearing was raised as an issue in slack
- This copies the blog object, so that the logo doesn't get overridden
2016-05-18 19:21:45 +01:00
Sebastian Gierlinger
d92897c109 Merge pull request #6849 from ErisDS/schema-https
Switch to using https for schema.org
2016-05-18 09:32:50 +02:00
Hannah Wolfe
5948277a95 Merge pull request #6848 from ErisDS/twitter-facebook
Improvements to twitter & facebook handling
2016-05-17 20:59:15 +01:00
Hannah Wolfe
f3de80ebe9 Switch to using https for schema.org
closes #6846

- Using http causes mixed content warnings, using https does not
- Both http & https validate according to Google's validator
2016-05-17 19:32:03 +01:00
Aileen Nowak
6dbf610c8f Fixes error in validation
closes #6826

- refactors the validation of facebook and twitter input field in `general.js` and `user.js` controller
	- Example validations for facebook:
		- `facebook.com/username` will be corrected to the full URL
		- `user` will show error `Your Page name is not a valid Facebook Page name' for `general.js` and `Your Username is not a valid Facebook Username` for `user.js` as the username in facebook has to be at least 5 characters long
		- `twitter.com/username` will be autocorrected to the valid facebook URL incl. the `username`
	- Example validations for twitter:
		- `twitter.com/user_` will be corrected to the full URL
                - `user:99` will show error `Your Username is not a valid Twitter Username`
                - `facebook.com/username` will be autocorrected to the valid twitter URL incl. the `username`
- updates both acceptance tests
- adds further validation for facebook pages in general settings and user. Submitting a url which incl. `/page/` or `/pages/` will now accept any username followed incl. further `/`.
- adds a custom transform `facebook-url-user` which will extract the username (if it's a facebook page, incl. `pages/`) to store only this in the backend
- uses the `twitter-url-user` transform now also for user
2016-05-17 17:44:23 +01:00
Hannah Wolfe
29c9e8b147 Update structured data for fb & twitter usernames
refs #6534

- twitter & facebook fields are changing to store usernames only
- use the new social url util to generate urls where necessary
- update tests
2016-05-17 16:40:09 +01:00
kirrg001
9c9283e0c9 fix: ensure import works when user id is 0 2016-05-16 20:47:44 +02:00
Hannah Wolfe
c4d3bd7cd2 Fix errors in JSON-LD output
refs #6534

- don't output publisher for the 'People' type on the author page
- change publisher to a full 'Organisation' for the 'Article' type on posts

Note:
Google's structured data validator also wants image & publisher.logo inside of Article to be full 'ImageObject's.
Currently, it output's an error for them: 'The attribute itemtype has an invalid value.'
However, the spec on Schema.org says a url is valid: https://schema.org/Article,
which is slightly different to Google's spec here: https://developers.google.com/structured-data/rich-snippets/articles#article_markup_properties

Ideally, we would output a full 'ImageObject', however we don't currently have the width & height info required.
Therefore, I think what we have is valid strictly speaking, but we should aim to fix this when we have better image tools.
2016-05-13 15:13:11 +02:00
Aileen Nowak
a018b1bbd2 Prevents sameAs property to be filled with null
no issue

- minor optical fix for schema.org metadata
- sameAs property was showing `null` value in array, if no data was provided
- instead of showing `null`, it will be empty, if no data (author website, facebook or twitter) it will be an empty array
2016-05-13 13:56:30 +02:00
Hannah Wolfe
c41c09ef97 Subscribers: Migrations for new table + perms
refs #6301

- add new subscribers table with tests
- add permissions for subscribers endpoint
- minor improvments to test code
2016-05-11 10:28:10 +02:00
Aileen Nowak
b7bd6d9968 Structured Data 3.0
closes #6534
- new input fields in general settings incl. validation
- facebook and twitter as new models in settings.js
- adds values for facebook and twitter to default-settings.js
- adds blog helpers for facebook and twittter
- rather than saving the whole URL, the Twitter username incl. '@' will be extracted from URL and saved in the settings. The User will still input the full URL. After saving the blog setting, the stored Twitter username will be parsed again as the full URL and available in the input field. A custom transform is used for this.
- adding meta fields to be rendered in {{ghost_head}}:
	- '<meta property="article:publisher" content="https://www.facebook.com/page" />' and
	- '<meta name="twitter:site" content="@user"/>'
- adds facebook and twitter to unit test for structured data
- adds unit test for general settings
- adds acceptance test for new input fields in general settings
- adds a custom transform for twitter model to save only the username to the server
- adds unit test for transform
2016-05-08 17:43:59 +02:00
Aileen Nowak
35ecaee6d3 Slack integration
closes #6584
- Frontend Changes:
	- adds 'Apps' to Navigation Menu
	- adds 'Slack' as nested page to Apps
	- adds `apps.css`
	- adds `slack-integration` model and uses `slack-settings` custom transform to parse JSON file
	- adds validation for `slack` model
	- adds fixtures and `slack/test` API endpoint to Mirage
	- adds acceptance tests for `apps-test` and `slack-test`
	- adds unit tests for `slack-settings` and `slack-integration`
- Backend Changes:
	- adds API endpoint `slack/test` to send Test Notification
	- adds default-values for slack model
	- sends payload to slack:
		- text: the url of the blogpost / test message
		- icon_url: url to ghost logo
		- username: Ghost
	- adds `slack/index.js` to send webhook to slack if
		- a new post is published (if slack webhook url is saved in settings)
		- user clicks on 'Send Test Notification' in UI
	- adds `slack.init()` to `server.index.js` to add event listener
	- adds unit test for `slack/index`
2016-05-08 12:49:15 +02:00
kirrg001
6238dbc784 fix brace mistake in 005/01-update-ghost-client-secrets.js 2016-05-07 16:19:38 +02:00
Joerg Henning
0f3cb44227 deps: validator@5.1.0
closes #6462

- monkey-patch validator.extends() since it was dropped by validator @5.0.0
- coerce input to string prior to validation (custom toString func)
- need to handle boolean validation based on column type not isIn()
- use `lodash.tostring` to convert input values to strings
2016-04-19 09:39:12 +08:00
Hannah Wolfe
5884fe0323 Add permissions models & relations for clients
refs #6301, #4176

Add migration for:
- 5 new client permissions
- 15 relations between the admin, editor & author role and the 5 new permissions
- updates to tests to show that permissions get updated properly
2016-04-14 19:02:56 +01:00
Hannah Wolfe
8b9734ea31 Add new ghost-scheduler client
refs #6301, #6399

- new scheduler client will be used by any web app that handles time and calls back to the scheduling API at the right time
- new scheduler client will need to be confidential, rather than public, hence the 'web' type instead of 'ua'
- adds validation to client type that it must have a type of 'ua', 'web', or 'native'
2016-04-14 19:02:49 +01:00
Hannah Wolfe
739977a368 Add social media columns to users
refs #6301, #6534

- adds facebook and twitter columns, which should contain urls
2016-04-14 18:59:15 +01:00
Hannah Wolfe
2685970d96 Add mobiledoc column to posts
refs #6301, #6255

- new, extra-long, column for storing mobiledoc content format
2016-04-14 18:59:15 +01:00
Hannah Wolfe
e7cc18d5fb Add visibility column to posts, tags and users
refs #6301, #6165

- visibility is added as a new column on posts, tags and users.
- has a relevant default value for each table
2016-04-14 18:59:14 +01:00
Hannah Wolfe
b4ae469c12 Drop hidden column from tags table
refs #6301

- column is not used and we'll be adding a visibility column to serve the intended purpose
2016-04-14 18:59:14 +01:00
Hannah Wolfe
f08fe28834 Move fixClientSecret to 005 fixture migration
refs  #6301

- move the temporary `fixClientSecret` function from migration.init into being a proper fixture migration task
- update the tests accordingly
2016-04-14 18:59:14 +01:00
Hannah Wolfe
fa8555bda2 Initial commit of 005 version
refs #6301

- bump the default version & update corresponding test
- add empty task folders for 005 data & fixture migrations
- update tests to cover the new 005 upgrades
2016-04-14 18:59:13 +01:00
Hannah Wolfe
a96a74c5a1 Improve code for handling fixture migrations
refs #6301, #4176

- always check existence of items before attempting to create them, in order to prevent duplicates
- provide stats on how many object creations are expected vs done
- split out and improve fixture utils tests (100% covers utils)
2016-04-10 19:02:22 +01:00
Jason Williams
5f8ef26eb3 Merge pull request #6654 from ErisDS/fixture-population
Improve fixture population code
2016-04-02 09:04:24 -05:00
Hannah Wolfe
d16433085f Improve fixtures & population code
refs #6301

- The order of model fixtures matters, so they should be in an array
- By splitting out the population code into a utils file, it'll be possible to use this to do updates as well
- This should make it much easier to do permissions updates in future
2016-03-31 11:48:44 +01:00
cobbspur
5102637b8e Add structured data to static pages
refs #6534

- adds structured data on static pages
- selects post context object for static pages
- updates tests
2016-03-30 12:57:13 +01:00
Jason Williams
dde27f4dcf Merge pull request #6638 from ErisDS/knex-config
Make it possible to override `useNullAsDefault`
2016-03-25 10:17:01 -05:00
Hannah Wolfe
681e9f9f51 Data & fixture migration cleanup
refs #6621, #6622

- remove unneeded `return new Promise.resolve()` lines
- reduce code in tests
- improve quality of tests checking that all task functions are executed
- add missing test coverage
2016-03-24 22:24:57 +00:00
Hannah Wolfe
57271878c0 Make it possible to override useNullAsDefault
refs #6623, #6637

- this was supposed to be in the original
2016-03-24 16:34:48 +00:00
Hannah Wolfe
8c74f55b36 Disable knex useNullAsDefault warning
refs #6623

- automatically set useNullAsDefault to false for sqlite3 so that we don't get a warning
- we should *not* be relying on the behaviour of interpretting undefined anywhere, so it is correct that an error should be output if this happens so that we can fix the bad behaviour
2016-03-24 12:49:06 +00:00
Hannah Wolfe
84f387785a Migration messaging improvements
refs #6301

- fix messages that joined with comma and therefore missed outputting version no
- change `logInfo` to `logger` that has both an info and a warn method
- add new warn method to errors
- add a warn message everytime a migration (data or fixture) gets skipped over
- update logger everywhere, including tests
- update tests to check logger.warn gets called
2016-03-22 09:59:22 +00:00
Hannah Wolfe
9030620b23 Ensure fixture operations only run if needed
refs #6301

- Make sure that every fixture operation has a check to ensure that it hasn't already run
- E.g. The update of sort_order on posts_tags should only happen if there are no values which aren't a zero
  - This makes sure that we don't accidentally overwrite data on FORCE_MIGRATE
- No need to try to set settings types if they are already correct
- Only update the admin client if it needs it, else we're regenerating secrets each time
2016-03-21 18:15:01 +00:00
Sebastian Gierlinger
ea9c8235fa Merge pull request #6609 from ErisDS/new-db-upgrade
Rewrite DB update to be explicit
2016-03-21 16:14:59 +01:00
Hannah Wolfe
5f2c913fc1 Clean up paginated URL generation
refs #5091, #6612

- unify getNextUrl & getPrevUrl into getPaginatedUrl
- ensure that it can generate a prev, next or exact page no url
- ensure that it can figure out the base url
- use the same code from the page_url helper
- refactor the tests to ensure there's 100% coverage

Following on from #6612, this ensures that pagination always works regardless of whether the channel is default or custom
2016-03-20 22:35:00 +00:00
Hannah Wolfe
0ad93c3df2 Rewrite DB update to be explicit
refs #6301

- Replace builder & automated database upgrade with a set of explicit tasks
- Ensure the tasks can only happen if they need to
- Remove some duplicate code between fixture & db upgrades (more to do)
- Add tests
2016-03-17 21:17:19 +00:00
Sebastian Gierlinger
0c483a0997 Merge pull request #6599 from ErisDS/migrations-split
Split migrations/index.js & add tests
2016-03-15 13:47:44 +01:00
Hannah Wolfe
2cfee3812f Split migrations/index.js & add tests
refs #6301

- changes createTable to use createTableIfNotExists, this is consistent with deletion
- splits out backup, reset, update and populate functions from migration/index into their own files
- moves the wrapped function for populatingDefaultSettings to fixtures.ensureDefaultSettings
- moves `modelOptions` down to the fixture files that actually use it
- adds test coverage for backup, reset and populate, but not for update as that needs refactoring
2016-03-15 10:11:33 +00:00
Hannah Wolfe
81deb88263 Improve getDatabaseVersion & versioning tests
refs #6301

- `currentVersion` was leftover from before the first public release of Ghost!
- simplified the code for `getDatabaseVersion`
- improved & made consistent how errors are handled in `getDatabaseVersion`
- migration error handling updated to reflect the changes in `getDatabaseVersion`
- added tests for both `getDatabaseVersion` and `setDatabaseVersion`
2016-03-14 17:11:04 +00:00
Hannah Wolfe
9309adc511 Exporter cleanup & tests
refs #6301

- change knex getter def to be configurable, else it is not testable
- remove exportPath and lang from config - neither are used
- add client_trusted_domains to tables which shouldn't be exported as there are no clients in the export
- change export signature to be an object with `doExport` function consistent with import & easier to test
- cleanup export code so it is clearer, easier to read & to test:
  - use mapSeries instead of sequence
  - use Promise.props instead of Promise.join
  - split functionality into smaller functions
- add test coverage
2016-03-12 19:01:25 +00:00
Sebastian Gierlinger
21770c53da Merge pull request #6572 from ErisDS/data005-part1-fixpastfixtures
Data 005 - Part 1 - Fix Past Fixtures (refactor & test fixture migrations)
2016-03-07 11:26:30 +01:00
Hannah Wolfe
b2659d0cbb Refactor & test fixture migrations
refs #6301

Fixtures:
- Removed all the old (and now broken) 003 fixture upgrades
- Split the 004 fixture upgrade tasks out, each into their own file
- Improved the versioning code that figured out which upgrades we should do
- Added lots of test coverage to make sure all the fixtures are still being run correctly.

Permissions fixtures:
- Changed the code that was populating permissions fixtures to be more automated & based only on what is in the permissions.json file.
- Added lots of test coverage to make sure all the permissions are still being created correctly.

Merging the two things:
- Merged the content of permissions.json and fixtures.json into fixtures.json, but using the new structure from permissions.json.
- Changed to use the new automated model & relation creation for all fixtures, not just permissions.
- The only thing that can't be auto-populated just now is the owner creation, I think that's important enough to do separately.
- There were (so far) never any permission updates, so code for updating fixtures stays the same through the merge.
- This results in two clear code paths: populate (fill out a brand new DB) and update (make any changes since the last version)

Test coverage is now 100% across both updates and populations.
2016-03-03 09:03:37 +00:00
JT Turner
3db9913191 deps: bluebird@3.1.2
closes #6361
- Updated bluebird dependency to latest 3.1.2.
- Updated update check to handle promises not resolving to arrays.
- Reviewed all other promise code and it looks good.
- Updated code using settle to use the new reflect function.
2016-03-01 14:47:23 -06:00
Aileen Nowak
e347f95f15 Including timezones API in configuration endpoint
refs #6406
- endpoint configuration/timezones refers to timezones.json file in data
- added route for endpoint in api.js to use method read in configuration.js
2016-02-24 16:44:01 +02:00
Sebastian Gierlinger
6b852c11d8 Merge pull request #6553 from ErisDS/slack-unfurls
Strutured data: Slack Unfurls & published_at fix
2016-02-22 20:17:04 +01:00
Sebastian Gierlinger
37ef512a19 Merge pull request #6543 from ErisDS/fixture-i18n
Remove i18n from migration output
2016-02-22 09:49:55 +01:00
Sebastian Gierlinger
8d6ec8555c Merge pull request #6544 from ErisDS/client-secret
Move client secret logic into the model
2016-02-22 09:49:05 +01:00
Hannah Wolfe
dcc8bcc4f1 Strutured data: Slack Unfurls & published_at fix
refs #6534

- fixes a bug where published_at was incorrectly falling back to the created_at date
- updated meta index to get author name
- add written by & filed under labels + data if the values are present (only on posts/pages)
- updated tests
2016-02-22 01:45:00 +01:00
Hannah Wolfe
10fc320cc8 Rename confusing 'context' variables
no issue
- In Ghost, 'context' means the page or section of a blog we're currently within
when rendering a theme, e.g. 'post' or 'tag' or 'home'.
- In handlebars 'context' refers to the blob of JSON that is tied to a template.
- These two uses of the word 'context' have gotten very confusing, so I've removed all usage of 'context' within the Ghost handlebars helpers, EXCEPT where they actually refer to the current context (e.g. the is helper)
2016-02-21 22:07:15 +00:00
Hannah Wolfe
bbf5763756 Remove i18n from migration output
refs #5345

- As discussed in #5345, this is effectively debug output.
- It currently only appears on the console, and console output should be in English
- If we add a UI later, this should be translated, but console/debug output should not
2016-02-19 12:23:19 +00:00
Hannah Wolfe
003c8d5462 Move client secret logic into the model
refs #6301

- Move secret generation logic to the model defaults, so there's no need to handle this in fixtures
- Tested upgrades from 003 & fresh installs -> all is well
2016-02-18 20:33:37 +00:00
Hannah Wolfe
d7b9eb6176 Fix facebook/twitter/schema description
refs #6534

- this is an initial fix for having no description at all unless a meta description is provided
- we may need to tweak the lengths / provide different lengths for different values in future
2016-02-18 12:11:46 +00:00
Hannah Wolfe
7c47249ac7 Merge pull request #6501 from cobbspur/backup
Backup database before deletion
2016-02-14 13:57:26 +00:00
cobbspur
8025325b15 Backup database before deletion
No issue

- a json object is now created when a user deletes content in labs
2016-02-14 09:04:53 +00:00
Hannah Wolfe
1c85650108 Move db connection out of config
refs #5047

- database connections are not configuration
2016-02-12 13:56:23 +00:00
Hannah Wolfe
4ba0a745df Adding drop-column migration handling
refs #6301, #6165

- Adds detection and processing for column deletions
2016-02-09 12:11:49 +00:00
Sebastian Gierlinger
819116465e Merge pull request #6388 from ErisDS/schema-rejig
Reorganise & Rename server/data/ folder internals
2016-02-08 11:19:40 +01:00
JT Turner
06d91ce046 Refactored ghost head helper
closes #6186
- Refactored ghost head helper to use the new metadata functions.
- Fix issue where tag should output description if missing meta description.
- Add test for tag description.
- Updated tests to look for author urls with a tailing backslash
- Fix author to output meta description first and then bio if missing.
2016-02-04 22:18:51 -08:00
Hannah Wolfe
1ad7a91f4d Reorganise & rename server/data/ folder internals
refs #6301

- In the migration folder, commands.js changed to builder.js to resolve conflict with the 'commands' inside data/utils/clients/.
- a new data/schema/ folder has been added to hold all the code related to the database schema
- data/utils/clients have been moved to data/schema/clients
- data/utils/index.js has become data/schema/commands.js
- data/schema.js has been split, the definition of the DB schema stays put, the additional checks have moved to data/schema/checks.js
- data/validation/index.js has become data/schema/versioning.js
- data/fixtures has moved to data/migration/fixtures
- data/default-settings.json has moved to data/schema/default-settings.json
2016-02-04 20:39:15 +00:00
Hannah Wolfe
08e5848d4a Fix cache-control header for sitemaps
no issue

- sitemaps were getting max-age=undefined as they were depending on the wrong utils folder
- test + fix included
2016-01-25 17:56:05 +00:00
JT Turner
1f4c01d207 Started moving meta data fetching to functions.
issue #6186
- Moved asset helper logic to a asset url function.
- Created author image function to be used in ghost_head helper.
- Created author url function to be used in the ghost_head helper.
- Created canonical url function to be used in the ghost_head helper.
- Moved meta_description helper logic to a function.
- Moved excerpt helper logic to a function.
- Created an index in data/meta to be used in ghost_head helper to get all data.
- Created keyword function to be used in the ghost_head helper.
- Created modified data function to be used in the ghost_head helper.
- Created next url function to be used in the ghost_head helper.
- Created ogType function to be used in the ghost_head helper.
- Created previous url function to be used in the ghost_head helper.
- Created published data function to be used in the ghost_head helper.
- Created rss url function to be used in the ghost_head helper.
- Created schema function to be used in the ghost_head helper.
- Created structured data function to be used in the ghost_head helper.
- Moved meta_title helper logic to a title function.
- Moved url helper logic to a url function.
- Wrote tests for all the new functions

This is just the first step. I plan on refactoring the ghost head to use these new functions.
2016-01-23 13:58:21 -08:00
Hannah Wolfe
1b5b6cf6e3 Merge pull request #6314 from halfdan/6287-import
Only import tables defined in core/server/data/schema.js
2016-01-19 15:22:24 +00:00
Hannah Wolfe
4a7a19c86a Merge pull request #6070 from kevinkucharczyk/harvesting-server-side-strings
Harvest server side strings
2016-01-12 20:04:53 +00:00
Fabian Becker
2770def8f1 Only import tables defined in core/server/data/schema.js
fixes #6287
2016-01-11 11:56:18 +01:00
Jacob Gable
d1348d709f Refactor RSS Image node generation
fixes #6292

- Added createImageNodeFromDatum to BaseSiteMapGenerator
- Refactor some defaults code that was unnecessary
- Add tests for posts, tags, users and posts with images
2016-01-05 21:25:52 -08:00
rfpe
7abcc43907 Harvest server side strings
closes #5617
- Replace all hard-coded server-side strings with i18n translations
2015-12-19 12:12:16 +01:00
Hannah Wolfe
e84b7f3217 Cache permalinks & postsPerPage on config.theme
no issue

- Cache the permalinks & postsPerPage settings on the config.theme object
- Use the config.theme cache to reference these items throughout the frontend of a blog
- Removes the need for workarounds and extra code to handle async fetches
- Makes these values accessible to all themes, which is very useful now we have the API stuff
2015-12-15 08:16:53 +00:00
Hannah Wolfe
8c355349b3 No more soft 404s in pagination
closes #6201

- redirects for page/1/ or rss/1/ are now 301s
- any other invalid page now 404s
2015-12-10 15:00:02 +00:00
Hannah Wolfe
395079cd2f Unify code for picking a template to render with
refs #5091

- 100% coverage for new frontend/templates file
- new module handles the logic for determining which template to render with
2015-12-01 12:05:46 +08:00
Hannah Wolfe
ff7517b801 Switch RSS to use new filter param
refs #5943, #5091

- split out channel config
- use config.theme instead of api calls to grab title & desc
- wrap rss call in a function which sets channel config for RSS feeds
- change rss `getData` function to use the new multiple-query-handling fetchData functionality
- make sure channelConfig is set in all tests
2015-10-27 10:00:51 +00:00
vdemedes
05f44c4c64 Add readThemes() utility to get a list of themes
refs #5923
- add read-themes module to get a list of themes
- replace readDirectory() usage with readThemes(), where only themes are needed
- test read-themes
- test read-directory
- test validate-themes
- test parse-package-json
- add tempfile testing utility to generate temporary paths
2015-10-13 15:54:41 +02:00
vdemedes
20fec74c73 Refactor require-tree and split it into models
closes #5492
- remove core/server/require-tree.js and split it into modules
- add read-directory module to recursively read directories
- add validate-themes module to scan themes and return errors/warnings
- add parse-package-json module to parse json and validate requirements
- rewrite core/server/models/index.js to manually require models
2015-10-12 17:48:37 +02:00
Hannah Wolfe
0764c775a7 Revert to using findAll for internal tools
refs #5909, #4577

- removes accidental '.only' which was hiding issues with the findAll changes
- deleteAllContent and importer still need to use a hard 'findAll' as findPage({limit: 'all'}) doesn't have the same behaviour
2015-10-10 17:07:10 +01:00
Hannah Wolfe
eed6879845 Merge pull request #5892 from yanntech/fix/pg-upgrade
Public is the default schema but if you use different name your are
2015-10-08 08:54:12 +01:00
Yann Verry
eb5a03c8d8 Ghost can now handle a different schema than the default 'public' in PostgreSQL
closes #5891
- use CURRENT_SCHEMA() instead of 'public'
- remove the WHERE condition
2015-10-06 18:19:23 +02:00
Delgermurun
a501711e71 Remove findAll from models that has findPage
closes #4577
- removed findAll from Post and User
- refactored deleteAllContent and data importer
2015-10-02 18:01:35 +08:00
John O'Nolan
1add453733 Remove forum mentions 2015-09-29 13:10:04 +02:00
Hannah Wolfe
77447fc42d Merge pull request #5876 from sebgie/issue#5872
Fix client.secret for new installs
2015-09-27 13:50:36 +01:00
Sebastian Gierlinger
a87715f688 Fix client.secret for new installs
closes #5872
- added random secret for new databases
- added temporary fix for existing databases
- secret is still static (`not_available`) during tests
- fixed fork mechanism to keep active environment (never change
NODE_ENV!!!)
2015-09-25 21:03:33 +02:00
Hannah Wolfe
545bea0eaf Return a single 422 error for invalid values
refs #5808

- Fix the API to return a single 422 error when an invalid value is passed
- Only affects Browse, and not Read at present due to differences in how they are handled
- Frontend was changed to always 404 in #5851
- Adds tests to ensure all cases are covered
2015-09-25 10:30:49 +01:00
Hannah Wolfe
0aea83f7d9 Don't eager load relations on tag update
closes #5810

- switch from using bookshelf's eager loading, to loading separately
- should resolve the TOO MANY SQL VARIABLES error
2015-09-17 09:59:46 +01:00
Hannah Wolfe
449def7234 Switch to using sequence for updating tags
no issue

- makes upgrading very large numbers of posts & tags more reliable
2015-09-04 09:22:16 +01:00
Hannah Wolfe
b422d9d32c Use sequence for migrations instead of Promise.all
no issue

- ensures that all migrations complete before the next one begins
2015-09-03 12:09:58 +01:00
Hannah Wolfe
b2204f404d Insert new info post fixture for upgrades
no issue

- Inserts an extra post fixture into the DB only when upgrading
- Post fixture is a draft and will appear at the top of the list
2015-09-02 16:59:37 +01:00
Hannah Wolfe
a3f107da8e Maintain tag order for posts
refs #5727, #5602

- Add new 'order' column to posts_tags table
- Migrate all existing posts_tags to have a correct value for 'order'
- Rewrite updateTags to not remove all tags, and to correctly maintain order
- Add transaction support for tag operations
- Many tests
2015-09-02 16:39:34 +01:00
Sebastian Gierlinger
f22796ff7d Add dynamic client_id/client_secret
no issue
- added ghost-admin client_id to admin
- added ghost-admin client_secret to admin
- added client.read() api endpoint
- added random generation of client_secret to migration
- removed addClientSecret method
- updated tests
2015-09-02 16:39:34 +01:00
Hannah Wolfe
6926e20478 Fix upgrade path from really old versions
closes #5692, refs felixrieseberg/Ghost-Azure#1

- fix broken promise code
- fix incorrect handling of hash in user.add which causes 'Error: Invalid salt version 2' if owner user fixture is not present
2015-09-02 16:39:13 +01:00
Hannah Wolfe
95e6b0a59d Add migration to modify badly formatted tags
refs #5685, #5709

- cycle through all tags, removing leading commas and trim spaces
- if the string is empty, change to 'tag' - the slug base for this model
- if there is a change, save it
2015-09-02 13:39:23 +01:00
Hannah Wolfe
114696f7e2 Change type for private blog settings
refs #5614 and #5503

- update private blog type, including update to settings.edit
- switch order of populate settings & update fixtures + populate all settings

Private blog settings should not be returned by public endpoints
therefore they need a type which is not `blog` or `theme`.
`core` doesn't suit either, as those settings don't usually have UI
To resolve this, I created a new type `private` which can be used
for any setting which has a UI but should not be public data
2015-09-02 13:39:23 +01:00
Sebastian Gierlinger
d215983d53 Update client fixtures
closes 4184
- update ghost-admin client
- add ghost-frontend client
2015-09-02 13:39:23 +01:00
Joe Cannatti
6938216984 Add tour field to User
closes #5171

- adds tour field to user model
- Bump Schema version
- Update tests
2015-09-02 13:39:22 +01:00
Austin Burdine
6c5fea40ca Remove auto-inclusion of jQuery via ghost_foot
closes #5298
- remove all harcoded instances of jQuery throughout the front-end of the blog
- add migration function to add cdn link to ghost_foot code injection when migrating up from version 003
- migration version bump
2015-09-02 13:39:22 +01:00
Sebastian Gierlinger
52e35a282b Add table columns for OAuth
closes #4174
- added trusted domains
- removed unique constraint from secret
2015-09-02 13:39:22 +01:00
Samuel Goodwin
48601e6f49 Add the needed table columns for client Oauth.
closes #4174
- Added columns to client table in schema.js
- Bumped database version in default-settings.json
- Updated tests to support new schema version
2015-09-02 13:39:21 +01:00
Kevin Ansfield
32ff18ccb0 Validate tag names don't start with commas
closes #5685
- Adds client and server-side validation for tag names starting with commas
- Trim tag names before adding in PSM (tag attributes are already trimmed before saving in TSM)
2015-08-24 16:55:30 +01:00
hwdsl2
14dd95faf2 RSS Fix: Do not convert protocol relative URLs
closes #5567
- Fixed an issue with protocol relative URLs in the RSS feed
- Such URLs should be kept as-is and not prefixed with baseUrl
- Added corresponding test to cover this case
2015-07-21 23:16:04 -05:00
Sebastian Gierlinger
4a89c6ac3e Merge pull request #5516 from ErisDS/issue-2758-api-opts
API Option Handling
2015-07-20 21:19:13 +02:00
Fabian Becker
4500b14989 Use previousAttributes when model is destroyed
fixes #5589
2015-07-20 14:41:40 +02:00
Hannah Wolfe
e044136503 API Option Handling
refs #2758

- add a set of default options to utils
- update validation function to only pass through permitted options
- pass permitted options into validate where necessary
- setup basic validation for each known option, and generic validation for the remainder
- change slug to treat 'name' as data, rather than an option
2015-07-14 18:20:27 +01:00
Fabian Becker
88a7cdbc3d Add rss.item filter 2015-07-14 09:40:31 +02:00
Hannah Wolfe
34b22eefa2 Use urlJoin in RSS + test coverage
refs #1833

- move RSS tests to be in rss_spec.js
- improve RSS test coverage
- fix a bug with RSS title generation for tag RSS feeds
- replace custom code in processUrls with urlJoin
2015-06-10 09:18:52 +01:00
Jason Williams
8196133bc7 Merge pull request #5377 from ErisDS/url-refactor
Refactor URL usage
2015-06-06 09:50:20 -05:00
Jason Williams
60e160d169 Merge pull request #5361 from ErisDS/fix-contexts
Fix context setup (remove dep on req.route.path)
2015-06-03 16:28:16 -05:00
Jason Williams
8c0bc6cea5 Merge pull request #5366 from ErisDS/anon-middleware
Ensure middleware functions are named
2015-06-03 16:26:56 -05:00
Hannah Wolfe
2700bfa4cc Refactor URL builder
refs #1833

- Refactor url generation to use a base urlJoin method
- urlJoin handles slash de-duping and subdir de-duping
- fixes sitemap xml option
2015-06-02 21:50:17 +01:00
Jason Williams
f233d97ce3 Merge pull request #5372 from ErisDS/char-fix
Removing non utf-8 char
2015-06-02 10:45:53 -05:00
Hannah Wolfe
7eacd2876d Ensure middleware functions are named
refs #5091

- adds names to all middleware functions, for debugging purposes
2015-06-02 14:49:18 +01:00
Hannah Wolfe
f5d4d4d378 Removing non utf-8 char
no issue

- I noticed this in CodeClimate, it was reporting errors for this file because of a dodgy char.
- Removed it and named the functions whilst I was in there :)
2015-06-02 09:56:02 +01:00
Hannah Wolfe
eb9d924e1b Merge pull request #5306 from acburdine/remove-email
Removes "email" from settings
2015-06-02 09:44:21 +01:00
Sem
72569de3c3 Fixed fixture. Code wasn't formatted. 2015-05-30 05:25:51 +02:00
Hannah Wolfe
cc00c6c64a Fix context setup (remove dep on req.route.path)
refs #5344

- As a result of #5344, context are pretty broken.
- This PR removes all dependence on req.route.path, and uses res.locals.relativeUrl
- res.locals.relativeUrl is used for many things and is dependable
2015-05-29 09:16:04 +01:00
Hannah Wolfe
f6aa46e446 Frontend route refactor / cleanup
refs #5091

- This is step one of several steps towards ending up with dynamic routes for channels
- Refactoring this way makes the similarities between all the routes clearer to see
2015-05-27 11:17:15 +01:00
Hannah Wolfe
097642865d Adding author as a permalink option
closes #3858

- ensures that permalinks can be validated if author is set
2015-05-24 20:33:32 +01:00
Austin Burdine
e69c8c89ac remove settings email
closes #5299
- removes settings/general email field from both client and server side
- fixes tests to reflect removal of email
2015-05-22 15:23:31 -06:00
cobbspur
261a862da1 Prevent multiple owner creation via importer
closes #4778

 - If import contains an owner that does not match original owner they are downgraded to admin
 - Change error message for locked users to more generic message to account for imported users
 - Adds duplicated user test
 - Process Roles and maps import roles to db roles
 - reduces export files in test fixtures

temp commit
2015-05-15 10:12:30 +01:00
Fabian Miiro
575d2489a6 Changed the text showing the "Quote" feature to not feature spellcheck errors. closes #5194 2015-05-06 22:20:48 +01:00
Austin Burdine
2865662ee5 added password protection
closes #4993
- brings password protection to the frontend of blogs
- adds testing for password protection
- upgrades bcrypt-js to 2.1.0
2015-04-30 23:44:43 -05:00
Jason Williams
dae66d00be Upgrade grunt-jscs to fix whitespace linting.
No issue.
- grunt-jscs@1.8.0
- Fix formatting
2015-04-30 16:14:19 -05:00
Wilhansen Li
d02bcbacc2 Provide secure post links if RSS accessed over SSL 2015-04-24 18:20:38 +08:00
Hannah Wolfe
e26e83d40a Refactor to remove author.email from API
refs #2330

- Pass through `options` to all toJSON calls on posts, tags, and users
- Use options.context.user to determine whether it's OK to return user.email
- Remove author.email handling code from frontend.js
2015-04-17 22:27:04 +01:00
Hannah Wolfe
8d1e729f30 RSS Refactor with cache
refs #5091, refs #2263

- Move rss handling out of the frontend controller and into its own module
- Separate the code into logical blocks
- Wrap the generation code in a in-memory cache to prevent it being regenerated on every request
2015-04-10 21:32:14 +01:00
Hannah Wolfe
196bbfce18 Refactor sitemaps to use centralised events
fixes #5104, refs #4348, #2263

- Create a centralised event module
- Hook it up for posts, pages, tags and users
- Use it in sitemaps instead of direct method calls
- Use it for xmlrpc calls
- Check events are fired in model tests
- Update sitemap tests to work with new code
- Fix a bug where invited users were appearing in sitemaps
- Move sitemaps and xmlrpc into a directory together
2015-04-05 19:32:18 +01:00
Pascal Borreli
13838fff9d Fixed typos 2015-03-17 17:43:53 +00:00
Matt Enlow
2f04e85130 Merge pull request #4954 from halfdan/express
Upgrade express.js to 4.12
2015-02-26 07:50:37 -07:00
Fabian Becker
e7246a4ef3 Upgrade express.js to 4.12
no ref
- Fix deprecation warnings
2015-02-26 08:28:37 +01:00
Jason Williams
515abc3080 Simplify navigation item reordering 2015-02-25 17:26:25 +00:00
Hannah Wolfe
10d68386b1 Remove odd duplication from permissions.json 2015-02-22 18:26:32 +00:00
Hannah Wolfe
9668ed71ca Merge pull request #4848 from chilts/i4792-assign-higher-priority-in-sitemaps-to-featured-posts
Assign a higher priority to featured posts in the sitemap
2015-02-17 21:05:51 +00:00
Paul Adam Davis
68eb6b67b0 Drag & Drop Navigation Reordering
Closes #4540

- Implements drag & drop to reorder navigation items
- Adds a `sort` property to navigation items
- Adds a tiny library to enable touch events for drag & drop. It hooks onto jQuery UI.
- Sort nav items before being saved
- Adds `settings-view-navigation` to route for body class
2015-02-12 17:02:46 +00:00
Marcos Ojeda
6f457768a2 Update urlFor to handle 'nav' contexts
needed for #4852
Before this, calling `{{url}}` with a nav context from #4541 would
output `/`. This adds a check in `urlFor` that looks for keys in a
nav context object, namely `slug`, `current`, `label`, & `url`.

This change allows for a url to pass through if used in a nav context.

* adds `schema.isNav()`
* adds tests to `url_spec.js`
* handles absolute urls correctly even if `absolute=true`
2015-01-31 09:29:53 -08:00
Andrew Chilton
7f9d10a62d Assign a higher priority to featured posts in the sitemap
Closes #4792
- Made priority be 0.8 (as it currently is) for standard posts
- Made featured posts have a priority of 0.9
- Split the current test into two to check both above scenarios
2015-01-24 21:19:14 +13:00
Jason Williams
d5d7919d26 Assume datetime in import filename is UTC
No issue.
- Add missing catch handlers to async tests.
2015-01-18 21:20:51 +00:00
Jason Williams
a007ae1442 Connect Navigation page to live data
Closes #4539
2015-01-14 21:24:08 +00:00
Paul Adam Davis
6cc5a58b68 Navigation UI Ember Integration
Closes #4537

- Adds Navigation to the Settings menu
- Adds a `navigationUI` config flag (redirects if not an editor or author)
2015-01-11 20:04:01 +00:00
Hannah Wolfe
fbdabce086 Add markdown file handler to importer
closes #4691

- adds a file handler for markdown file (.md and .markdown)
- handles titles and featured images
- gets status, date, and slug from the filename
- has a test suite
2015-01-09 20:04:56 +00:00
Jason Williams
7f753acff1 Merge pull request #4752 from ErisDS/importer-updates
Image Importer Improvements
2015-01-05 10:39:35 -06:00
Jason Williams
05877124ae Remove unneeded promises and fix tests 2015-01-04 21:05:31 +00:00
Jason Williams
7c7dbb911c Merge pull request #4750 from ErisDS/labs-thing
Labs page checkboxes
2015-01-04 13:44:47 -06:00
Hannah Wolfe
add4c6b078 Image Importer Improvements
ref #4608, #4609, #4690

- fix errors with cleaning up files
- improve handling of base directories, and introduce a simple valid format for zips (must contain importable files or folders, and may contain up to one base directory)
- vastly improve test coverage
2015-01-02 22:54:40 +00:00
Paul Adam Davis
cc6f698053 Start of labs
issue #4409
2015-01-02 15:58:36 +00:00
Hannah Wolfe
ba3d4b3689 Add support for importing images
closes #4608, #4609

- image handler loads in any image files & figures out where they'll get stored
- image importer has a preprocessor which replaces image paths in
  pertinent spots of post, tag and user models
- image importer stores images, keeping the path where it makes sense
- basic test for the preprocessor
2014-12-21 01:58:35 +00:00
Hannah Wolfe
3c9273ed37 Data importer improvements and fixes
refs #4605, #4479

- Removes versioning from the importer
- Fixes an issue with SQLITE errors not being thrown properly for posts
- Ensures that posts have a created_at date
- Makes sure that the API wrapper is properly handled
2014-12-18 19:50:53 +00:00
Hannah Wolfe
20710b9eba Refactor importer with tests
refs #4605

- Move as much code as possible out of the DB API
- Split the importer into 2 concepts, code which handles different
  filetypes and code which takes the content of files and imports it into
  Ghost in some way
- Split the import process into 4 steps, load the file into a useful
  format, preprocess the data, do the import, generate a report
- Reporting is currently a no-op
- Adds a basic level of testing
2014-12-17 18:22:39 +00:00
cobbspur
4ca87f6336 Fixes sitemap image errors
closes #4591

- switches to using author cover image
- adds a protocol of http if using a protocol relative url
2014-12-14 23:03:40 +00:00
Jacob Gable
ef16c67a15 Sort newest to oldest in sitemap files
Closes #4611

Refactored generateXmlFromNodes to pull the urlElements itself from
sorted values in the lookup

Added some checks to existing unit tests to validate ordering.
2014-12-09 12:41:31 -08:00
Hannah Wolfe
2ef77d69de Sitemaps correctly filter draft posts
fixes #4612

- adds missing line of code to remove draft posts
- adds tests to check drafts aren't added
2014-12-09 17:27:12 +00:00
Paul Adam Davis
4e6c867183 Change sitemap root location
Closes #4590

- Removes `-index` from the root sitemap
- Removes redirects (which send sitemap.xml to sitemap-index.xml)
- Adjust tests
2014-12-07 11:59:43 +00:00
Sebastian Gierlinger
32959b2269 Merge pull request #4578 from ErisDS/pr-3489
Code Injection PR 3489 rebased and updated
2014-12-04 15:16:37 +01:00
Hannah Wolfe
818085f18c Add XSL for Sitemaps
fixes #4555

- There's no easy way to declare an XSL with the node xml module, so I
  needed to move the declarations to both be strings
- Ideally the code to serve the XSL would also be inside the sitemap
  module, but I think we need to refactor a bit to get there easily
- Added the XSL from #4559, with minor amends to make the tables and urls
  display correctly
2014-12-04 09:38:09 +00:00
Sebastian Gierlinger
319887c77b Merge pull request #4573 from ErisDS/limit-all-sitemaps
Add limit=all consistently to users, posts & tags
2014-12-04 09:45:33 +01:00
Stefan Baumgartner
60effc1b51 adds code injection admin frontend implementation, handlebar helpers + settings
escaping handlebars
2014-12-04 04:16:08 +00:00
Hannah Wolfe
9b146e59bb Add limit=all consistently to users, posts & tags
refs #623, #4348

- this fixes sitemaps to list all posts, pages, tags and users
- makes the API behave consistently across all paginated resources
2014-12-03 18:46:26 +00:00
Sebastian Gierlinger
9b8141bb08 Merge pull request #4530 from ErisDS/issue-4498
API - no more m-2-m relation ids by default
2014-12-02 20:49:47 +01:00
Hannah Wolfe
4cb909542a API - no more m-2-m relation ids by default
closes #4498

- remove toJSON code which returns only IDs from objects
- don't auto-include tags & fields in post responses
- don't auto-include roles in user responses
- fix #allthethings that made assumptions about the auto-includes, or otherwise were only working because of the auto-include
2014-12-02 19:24:44 +00:00
Jacob Gable
2cfa18475a Generate sitemap files
Closes #623

- Add basic init and eventing scaffold
- Add sitemap-index.xml generation
- Broke out generators to individual files, added request handler
- Add page, author and tag xml files; add index mapping
- Add SiteMapManager unit tests
- Add Generators tests
- Cache invalidation headers for sitemap-*.xml
- Redirect sitemap.xml to index and rename to sitemap-index
- Handle page convert and publish/draft changes
- Add very basic functional test for route existence
- Add cache headers to sitemap routes
2014-11-30 10:49:45 -08:00
Jason Williams
b31fec6e2f Fix updateConfigTheme method.
No Issue
- Fix exception being thrown when updateConfigTheme called before
  settingsCache fully populated.
- Remove unnecessary check in a conditional in the migration command
  builder.
2014-11-20 14:54:37 +00:00
Jacob Gable
5de5cfe7a1 Remove duplicate posts and tags on import
Issue #806

- Modify sanitize to check for duplicate posts and tags
- Update posts_tags when referencing removed duplicate tags
- Return both data and problems from importData
- Add tests for duplicate posts and tags with fixtures
2014-10-27 18:20:32 -05:00
Jason Williams
696fbaaee4 Follow symlinks when resolving theme paths.
Closes #4225
- If a theme is symlinked in the themes directory, follow
  the symlink so that the theme object is populated correctly.
- Only do the fallback loading of theme data in the validations
  module if it doesn't exist in config.
2014-10-02 13:37:18 +00:00
Fabian Becker
4cc1f509ac Ignore unknown setting keys on import
fixes #4059
- Ignore NotFound setting keys
2014-09-18 12:48:18 +00:00
Harry Wolff
469aaa398c Add jscs task to grunt file and clean up files to adhere to jscs rules.
resolves #1920

- updates all files to conform to style settings.
2014-09-17 21:44:29 -04:00
Fabian Becker
7830d68000 Fix Markdown help modal table positioning
no ref
- Fix top spacing of markdown table
- Fix width of table and left align table head
- Fix grammar, whitespace in getting-started post
2014-09-15 09:56:54 +02:00
Hannah Wolfe
e0924f866a Merge pull request #3912 from halfdan/3909-config-api
Remove permissions from configuration API
2014-09-02 20:29:09 +01:00
Fabian Becker
c0adf5894f Remove permissions from configuration API
closes #3909
- Remove permissions from configuration API
- Remove permission setup from integration test
- Remove permissions from permissions.json
2014-09-02 15:48:32 +00:00
Fabian Becker
33a6b3d6a6 Add alternative names for pg
refs #3864
- map alternative valid pg names to pg
2014-09-01 21:29:12 +00:00
Fabian Becker
688b3914e4 Implements new Configuration API
closes #3619
- adds new permissions for configuration API
- adds integration tests
- adds configuration API for reading allowed values
2014-08-31 20:54:17 +00:00
Jason Williams
35e2387541 Run import run operations in order.
Closes #1977, Refs #3473
- Ensure that import operations are run in sequence.
  Previously the operations were started in order but subsequent
  ops were allowed to begin before the previous finished, which would
  result in out-of-order execution.
- Fix bug in attach() where a model property was being passed in
  instead of a transaction object.  If the call was made when a
  transaction was in process, it could cause bookshelf/knex to
  hang and never finish the transaction.
2014-08-28 00:21:13 +00:00
Hannah Wolfe
93e4cfdadf Merge pull request #3855 from felixrieseberg/iss3844-importer
Importer: Sanitize UUIDs
2014-08-26 16:51:49 +01:00
Felix Rieseberg
6fe93f6a50 Importer: Sanitize UUIDs
Closes #3844
- Before importing, all data is checked for incorrect UUIDs. If check
fails, data is sanitized and outfitted with correct UUIDS.
- Scaffolding allows for easy implementation of additional
sanitization, should that be required in the future.
- Test included, old tests updated.
2014-08-23 18:02:23 -07:00
Jason Williams
07ad400ee0 Replace the when promise library with bluebird.
Closes #968
2014-08-23 17:15:40 +00:00
Jason Williams
e03d503add Ignore tables with pg_ prefix in pg getTables.
Closes #3825
- Fixes an issue where a PostgreSQL extension may create
  a public table and it gets caught up in the migration process.
2014-08-20 14:20:18 +00:00
Hannah Wolfe
260d9562e4 Merge pull request #3670 from felixrieseberg/iss3641
Validation fix for number of posts/page
2014-08-15 18:27:14 +01:00
Felix Rieseberg
f19c2be6fe Validation fix for number of posts/page
closes #3641
- Reworded error messages, remove “please” (credits go to @YouriAckx)
2014-08-13 12:08:09 -07:00
Hannah Wolfe
2d2e61676d MU Importer - Assign objects correctly
fixes #3716

- change the importer to not override any user details
- only set published_by if it is not already set
- import users before anything else
- process the import and map user ids to existing users
- test fix - owner should have owner role
- test fix - catch invalid success in importer
2014-08-10 14:49:23 +01:00
Hannah Wolfe
e01046df11 Don't require protocol for website
fixes #3657

- we didn't require this previously, and adding it causes issues
2014-08-08 14:15:49 +01:00
Hannah Wolfe
756368721e Update importer for MU
closes #3285

- remove apps stuff for now
- if there is a single user, behave the same as before, overriding
  non-critical properties of the single owner user
- if there are multiple users, import them like normal resource
2014-07-31 23:14:57 +01:00
Hannah Wolfe
a04562b349 Merge pull request #3478 from halfdan/fix-pgsql
Fixing pg build.
2014-07-31 20:55:21 +01:00
Hannah Wolfe
a13f460acb Merge pull request #3485 from jaswilli/migration
Fix naming of export file during migration
2014-07-31 20:55:12 +01:00
Jason Williams
8936b82014 Fix naming of export file during migration
No Issue
- The method that generates a filename for the export during
  a migration returns a promise, not the filename directly,
  so the export file was being named [object Object].
2014-07-31 16:22:05 +00:00
Fabian Becker
640f4c2915 Fixing pg build.
refs #2499
- Properly reference pg client
- Fix broken sql queries
2014-07-31 12:52:57 +00:00
Jacob Gable
69b871a754 Make importer more robust for tags
Closes #3242

- Add checks for valid fields in tags and posts
- Add unit test with empty tag export data file
- Add unit test with empty post export data file
2014-07-30 22:33:45 -05:00
Sebastian Gierlinger
ded6aa6ac0 Transfer ownership end point
closes #3426
- added transfer ownership endpoint
- added owner to roles.permissible
- manually removed owner from roles.browse
- removed hard coded author role
- fixed tests that were passing due to hard coded author role
- added testUtils.setup(‚roles‘)
2014-07-30 17:40:30 +02:00
Jacob Gable
0b34ad84cb Fix lazy loading of settings
Closes #3281

- Add the missing return to populateDefault
- Wrap defaultSetting in [] when passing to readSettingsResult
- Populate default value of dbHash in parseDefaultSettings
- Modify migrations.init to only load databaseVersion for export_spec test
- Fix spacing in test util file and null reference error in test
- Uncomment user tests (but add .skip) and remove settings from testUtils.setup()
2014-07-29 10:43:38 -05:00
Hannah Wolfe
0ffc5e6d47 Improve importer error messaging
closes #3274

- Ensure that validation errors are always handled by moving them into the
  importer
- Ensure that db errors are handled consistently across sqlite and mysql
- Change the errors to be output in a table, with a short failure notification
- Add tests for 003 importing bad files
2014-07-29 12:02:18 +01:00
John O'Nolan
b6b32ab570 Five posts per page 2014-07-24 17:43:48 +01:00
Hannah Wolfe
337713ce63 Refactor fixture use in tests
no issue

- Refactor all integration tests to specify and load ONLY the fixtures
  they require to run, rather than initialising the whole kit-and-kaboodle
  for every single test which takes FOREVER.
- Refactor the route tests to share a doAuth function, and also specify
  additional fixtures required
- Move import and export unit tests, which are actually integration tests
  (they touch the DB)
- Comment out most of the permissions unit tests for now as they need more
  stubs/mocks so as to not touch the DB

Still todo:

- prevent default DB initialisation in route tests, and specify all
  fixtures requires as per the integration tests
- fix up the unit/permissions_spec
2014-07-23 05:04:50 +01:00
Harry Wolff
be37070fb6 This aims to speed up both the ghost application and tests by
migration from usage of config() to just an object of config.

no relevant issue

- Change 'loadConfig' task to 'ensureConfig' to more accurately reflect
what it is actually doing.  Its sole purpose is to make sure a `config.js`
 file exists, and as such the name now reflects that purpose.

- Update config/index.js to export the ghostConfig object directly
so that it can be accessed from other modules

- Update all references of config(). to config.
This was a blind global find all and replace, treat it as such.

- Fixes to tests to support new config access method

- Allow each test to still work when invoked invidually
2014-07-22 22:37:44 -04:00
Hannah Wolfe
c0732292ac Merge pull request #3331 from ErisDS/issue-3076
Author pages
2014-07-21 20:57:06 +01:00
Gabor Javorszky
80f9023020 Added /roles/ API endpoint
Closes #3196

* adds `/roles/` endpoint
* is given the current user as context
* wraps everything in a canthis.browse.role
* gets all the available roles (should "Owner" be filtered out?)
* optional parameter: `permission=assign`. Gets all roles authenticated user could assign
* if we're not signed in, gives a "please sign in" (standard) error
* if we're signed in, but user is not in the context, gives a "there was no user in the context" error
* if the user is an "Author", gives a "there are no available roles to assign" error
* implemented hacky filter because when.js produces heisenbugs past 3.2.3 (when.filter not available)
* added extra fixtures to `permissions.json`. Might need a migration.

Caveats:

* there are no tests
* for some reason the setup functional test was failing for me locally
2014-07-21 15:02:25 +01:00
Hannah Wolfe
44cfcb6b01 Caching db config in migration utils 2014-07-21 13:25:53 +01:00
Hannah Wolfe
b7aa09f439 Author helpers
closes #3077

- expend urlFor to handle /author/ urls
- update author helper to output a link
2014-07-20 17:57:59 +01:00
Hannah Wolfe
9575b25711 switched parent_id for parent
fixes #3333
2014-07-20 16:39:56 +01:00
Hannah Wolfe
82742fc233 Export 003
closes #3284

- ensure token tables aren't exported
- cleanup filename
- failed export throws internal server error
2014-07-19 22:38:21 +01:00
Hannah Wolfe
c9b24b0a9b Merge pull request #3321 from ErisDS/issue-2600-fin
Wrap up schema amends for 003
2014-07-19 00:19:14 +01:00
Hannah Wolfe
67de186893 Merge pull request #3319 from ErisDS/issue-3275
Extending context concept to models
2014-07-19 00:13:19 +01:00
Hannah Wolfe
8fc1b03ea7 Wrap up schema amends for 003
closes #2600

- adds 2 new columns to tags, for the soon-to-land tag management UI
- fixes validation for the active bool in app_fields
- adds missing return to addColumn command
- cleanup in addTableColumn util
2014-07-18 19:33:36 +01:00
Hannah Wolfe
6e48275160 Extending context concept to models
fixes #3275, fixes #3290, ref #3086, ref #3084

- Ensure that we use the current logged in user and not just user 1 when
- removing hard coded user: 1 except where absolutely necessary
- passing context, rather than user to models
- base model has a new function to determine what id to use for created_by etc
2014-07-18 15:32:56 +01:00
Fabian Becker
5cd5f8cca9 Schema changes for Apps
refs #2465
- Add active field to app_fields
- Adjust data generator for app fields
2014-07-18 12:39:14 +00:00
Hannah Wolfe
b46aa2b576 FORCE_MIGRATION ensures fixtures are added
refs #2600, refs #3296
2014-07-17 13:54:03 +01:00
Hannah Wolfe
ce06ad412a Adding and renaming permissions
refs #3283, refs #2739, refs #3096

- Renames permissions which didn't follow bread
- Adds permissions for notifications, mail and tags

Still todo:

- wire up the new permissions where they are needed
- add permissions for roles
2014-07-17 12:32:25 +01:00
Hannah Wolfe
eed2ac728c Hacky FORCE_MIGRATION env var
refs #2600

One day in the future it would be nice to have a CLI for Ghost
In the meantime, lets have an easy way to force migrations to run
This is for development, or dead end situations only
It will at least do a DB backup ;)
2014-07-16 19:20:26 +01:00
Hannah Wolfe
0a2c72648d Merge pull request #3270 from ErisDS/migrations
Migration improvements
2014-07-15 17:00:59 +01:00
Hannah Wolfe
3ff9146d9e Server side cleanup
- remove sessions
- remove all references to csrf
- create a shared base model for the 2 types of token
2014-07-14 21:50:12 +01:00
Hannah Wolfe
34eb5c84fb Migration improvements
refs #2600

- fixed issue with defaults not being populated on upgrade
- added logging to all actions in the migration process to help debugging
  in future
- did a little bit of refactoring
2014-07-14 21:12:02 +01:00
Jason Williams
ef1858b6c7 Fix validations on user settings page
Closes #3271
- Change validations on both server and client to allow the
  Website field to be empty or a valid URL.
- Add new schema validation helper isEmptyOrURL.
- Remove duplicate call to UserValidator in the save action
  of the SettingsUser controller.
- User.last_login and User.created_at are already Moment objects
  so Moment#fromNow can be called on them directly.
2014-07-14 18:12:57 +00:00
Hannah Wolfe
0565027900 Refactoring fixtures
refs #2600, refs #2379

Refactoring fixtures to make permission management a little easier
- Separate fixtures into JSON file and split permissions fixtures from other fixtures
- make fixture migrations more robust by fetching objects, not relying on
  ids and checking before adding
- changed owner fixture slightly to remove any confusion between the 'Owner' role and 'Ghost Owner' user.
- moved 003 fixture versions out of config into logic, possibly not a good
  idea
- refactored permissions fixtures and added permissions_roles fixtures to
  make it easier to read / add
2014-07-14 15:52:47 +01:00
Hannah Wolfe
ef1207cc0d Merge pull request #3213 from hswolff/lazy-load-models
Preparation for lazy loading of models
2014-07-11 15:29:46 +01:00
Jason Williams
4ef4d0f97a Fix handling of async db calls in fixtures
Closes #3167
- Change fixture loading methods to keep track of promises
  returned from async database calls so that aggregators function
  correctly.
2014-07-11 02:39:06 +00:00
Harry Wolff
cddd23f926 Only reference model properties through the models module.
This frees us up to enforce one single point of access, thus paving
the way towards allowing us to initialize the models at are request,
and not when it's require().

addresses #2170
2014-07-10 08:04:32 -04:00
Harry Wolff
e3520feeec Move creation of knex instance to config module
addresses #2170
2014-07-10 08:00:24 -04:00
Hannah Wolfe
b69b5e7638 Merge pull request #3230 from jaswilli/issue-3226
Fix active theme selector.  Add validation to API.
2014-07-10 12:52:01 +01:00
Sebastian Gierlinger
5e4fae6f11 Add owner fixture
closes #3073
- added fixture for owner role
- added fixture for initial user (new db)
- added conversion administrator -> owner (existing db)
- changed tests to take over owner user
- removed some functional tests until /setup works with owner user
2014-07-10 12:00:51 +02:00
Jason Williams
fddf2ee42f Fix active theme selector. Add validation to API.
Closes #3226
- Remove dependent property from the computed content property
  that is used to build the active theme selector.
- Add validation to the Settings model so that it rejects
  attempts to set an activeTheme that is not installed.
2014-07-09 22:14:33 +00:00
Jason Williams
13229fb6a4 Fix server-side validation
Closes #3122
-Fix validation so that all values are validated instead
 of just values that evaluate to true.
-Ensure validation methods consistently return promises
 and switch error handling from try/catch to promise.catch
 to get rid of unhandled rejection warnings.
-Add 0 and 1 to list of acceptable values in boolean validation.
2014-07-03 14:57:57 +00:00
Sebastian Gierlinger
c8e8da4780 oAuth
closes #2759
closes #3027

- added oauth2orize library for server side oAuth handling
- added ember-simple-auth library for admin oAuth handling
- added tables for client, accesstoken and refreshtoken
- implemented RFC6749 4.3 Ressouce Owner Password Credentials Grant
- updated api tests with oAuth
- removed session, authentication is now token based

Known issues:
- Restore spam prevention #3128
- Signin after Signup #3125
- Signin validation #3125

**Attention**
- oldClient doesn't work with this PR anymore, session authentication
was
removed
2014-06-30 14:58:10 +02:00
Sebastian Gierlinger
1db0431e4d User API changes
closes #2822
- added destroy user method
- added remove user permission
- added API end point for get reset token
- added API end point for reset password
- added API end point for change password
2014-06-20 11:15:01 +02:00
Sebastian Gierlinger
a3665cd917 Merge pull request #2980 from jgable/lazyLoadDefaultSettings
Lazy load default settings
2014-06-17 21:52:34 +02:00
Jacob Gable
d37be6f098 Lazy load default settings
Closes #2061

- Lazy load the defaultSettings value in Settings model
- Populate individual defaults before read/edit
- Populate all defaults before first browse call
- Remove populateDefaults calls from init code
2014-06-17 10:36:47 -05:00
Jason Williams
9a9593536d Update when.js dependency to version 3.2.3 2014-06-16 04:11:22 +00:00
Hannah Wolfe
8eb602fd10 Merge pull request #2931 from sebgie/issue#2354
Allow schema changes
2014-06-13 20:05:56 +02:00
Sebastian Gierlinger
c09c20ad8d Allow schema changes
closes #2354
refs #1641

- added addUnique()
- added dropUnique()
- added addColumn() -> needed for #2330
- dropColumn() is missing due to lack of knex support
- further cleanup of the migrations module
2014-06-12 17:25:55 +02:00
jomahoney
c57bec7906 Change DB backup location
closes #2887
- Stores content files under /content/data/
2014-06-11 21:16:21 +01:00
Tim Griesser
f87e0d364d Bumping to Knex 0.6.12, Bookshelf 0.7.1 2014-06-10 17:07:53 -04:00
Jason Williams
d9c45b4967 Fix export of data during database migration
Closes #2927
-refactor exporter to export tables that exist in the
 database instead of keying off of schema.js
-move some shared database utility functions into their
 own module
2014-06-09 21:07:21 +00:00
William Dibbern
07df9911ce Export backup prior to migration
Closes #847
- Added logic to export database to the `core\server\data\` folder prior
to beginning a migration.
- Factored out versioning logic from migration to prevent circular
references
2014-05-31 18:56:09 -05:00
lennerd
bebafdc9a9 Refactore slug API for generating tag and post slugs.
Closes #2601
- Removed slug generation from the post API
- Added new, self-contained slug API
- Fixed slug permissions in the fixtures files
- Added a HTTP route for the new API method
- Added integrational tests
2014-05-26 10:07:05 +02:00
Hannah Wolfe
c02ebb0dcf Refactor API arguments
closes #2610, refs #2697

- cleanup API index.js, and add docs
- all API methods take consistent arguments: object & options
- browse, read, destroy take options, edit and add take object and options
- the context is passed as part of options, meaning no more .call
  everywhere
- destroy expects an object, rather than an id all the way down to the model layer
- route params such as :id, :slug, and :key are passed as an option & used
  to perform reads, updates and deletes where possible - settings / themes
  may need work here still
- HTTP posts api can find a post by slug
- Add API utils for checkData
2014-05-15 10:41:05 +01:00
Hannah Wolfe
4c0010db45 Merge pull request #2673 from halfdan/2592-tags-api
Implements new Themes JSON API
2014-05-14 16:31:36 +01:00
Sebastian Gierlinger
d1149a927b Fix validation
- fixed validation that broke when introducing error classes
- added a test
2014-05-14 15:30:46 +02:00
Fabian Becker
628654961a Implements new Themes JSON API
closes #2592
- Add themes browse/read endpoint
- Add new permissions for themes (only admin by default)
- Add integration tests
2014-05-14 11:23:42 +02:00
Sebastian Gierlinger
fd0f5a5028 Add distinct error classes
closes #2690
- added new error classes
- moved errorhandling.js to /errors/index.js
- changed API errors to use new classes
- updated tests
2014-05-09 12:11:29 +02:00
Sebastian Gierlinger
39e654e9c3 Change error message response
closes #2643
- added error type
- added error property for validations
- wrapped errors in an array
- returns multiple errors for validation
- updated tests and admin
2014-05-05 15:51:21 +02:00
Jacob Gable
7e9880ce8d Settings API Primary Document refactor
Closes #2606

- Refactor settings api responses to { settings: [ ] } format
- Update all code using api.settings to handle new response format
- Update test stubs to return new format
- Update client site settings model to parse new format into one object of key/value pairs
- Refactor to include all setting values
- Remove unused settingsCollection method
- Update settingsCache to store all attributes
- Update settingsResult to send all attributes
- Remove unnecessary when() wraps
- Reject if editing a setting that doesn't exist
- Reject earlier if setting key is empty
- Update tests with new error messages
- Use setting.add instead of edit that was incorrectly adding
- Update importer to properly import activePlugins and installedPlugins
- Update expected setting result fields
- Fix a weird situation where hasOwnProperty didn't exist 🤷
2014-04-30 23:15:27 -05:00
Sebastian Gierlinger
0bdfadd9d6 Changed boolean handling
closes #2638
- replaced format() with parse() to convert values when fetched
- changed validation from integer to boolean
- added checks to tests
2014-04-25 09:55:53 +02:00
Sebastian Gierlinger
61e94a6e8b Use current user in models
closes #2058
- fixed apiContext as suggested in the issue
- added user to options object for models
- added api.users.register() for public registration
- changed models to use options.user for created_by, updated_by,
author_id and published_by
- added override to session model to avoid created_by and updated_by
values
- added user (id: 1) to tests
- added user (id: 1) for registration
- added user (id: 1) for import, fixtures and default settings
- added user (id: 1) for user update
- added user (id: 1) for settings update (dbHash, installedApps, update
check)
- updated bookshelf to version 0.6.8
2014-04-16 18:20:09 +02:00
Fabian Becker
b8e8f63e44 Adds additional fields to apps schema.
fixes #2356
- Adds slug, version and status fields to apps schema
- Added fields to data generator
2014-04-16 18:16:10 +02:00
Sebastian Gierlinger
c0dc8e95d2 Add new permissions to fixtures
closes #2325
- added new permissions
- added relation to user roles
- added updateFixtures to migrateUp
- removed validation per model to fix tests
2014-04-16 18:16:10 +02:00
Fabian Becker
41cef386bc Implements Models & Data API for Apps
closes #2138
- Adds new models for AppField and AppSetting
- Removed permitted attributes from App model (handled by base)
- Added reference from Post to AppFields
- Added fixture data to DataGenerator
- Added integration tests for Apps, AppSettings, AppFields
- Added import for Apps
- Added app_fields to default fixtures
2014-04-16 18:14:56 +02:00
Fabian Becker
7b003beb17 Schema additions for apps.
fixes #2102
- Added app_settings, app_fields, app_fields_relations tables
2014-04-16 18:06:39 +02:00
Jacob Gable
9369dd3bf7 Add app permission checking to canThis
- Pass permissions loading to buildObjectTypeHandlers to eliminate
shared state
- Load both app and user permissions to check
- Check app permissions if present
- Create apps table and App model
- Move effectiveUserPermissions to permissions/effective
- Change permissable interface to take context; user and app.
- Add unit tests for app canThis checks and effective permissions
2014-04-16 18:06:39 +02:00
Mark Stacey
65b0968f40 Change validation for posts 'page' attribute.
issue #2305
- changed validation for 'page' to expect '0' or '1', rather than 'true' or
  'false'
- Added a 'can change a post to static page' test
- Added a 'can change a static page to a post' test
2014-03-04 17:59:00 -03:30
Jonathan Johnson
e4bb6d08cc Update validator to 3.4.0
Closes #1379

- Convert to new api usage for both server-side and client-side
- Provide way require a negative response for boolean methods in
  default-settings.json
- Add field validation functional tests
  - Settings (General)
    - Title length validation
    - Description length validation
    - postsPerPage, numeric, min, max
  - Settings (User)
    - Bio Length validation
    - Location length validation
    - Url validation
  - Login
    - Email validation
  - Editor
    - Title required validation
2014-03-04 13:54:24 -07:00
Fabian Becker
1a9e91f120 Replace JSLint with JSHint.
closes #2277
- Added ES6 linting to core/client/
- Fix typeof array comparison
2014-03-04 15:47:39 +00:00
Hannah Wolfe
708ba6f8b0 Merge pull request #2220 from sebgie/issue#1401
Add validation from schema.js
2014-02-28 23:04:04 +00:00
Sebastian Gierlinger
ae06239834 Fix problems from importing 0.4.0 file
fixes #2244
- added mysql ‚true’/‚false‘ values as ‚0‘/‚1‘
- removed all core settings from import
2014-02-25 20:15:32 +01:00
Sebastian Gierlinger
ac7f4f05c4 Add validation from schema.js
closes #1401
- added data/validation/index.js
- added generic validation for length
- added generic validation for nullable
- added validations object to schema.js for custom validation
- removed pyramid of doom from api/db.js
2014-02-19 18:32:23 +01:00
Fabian Becker
1124d9e4c0 Helper updates for Tag Pages
fixes #2112
refs #1833

- modified config.urlFor to handle tag pages

- modified {{#tags}} handlebars helper to autolink to
  tag pages. Additional autolink="false" parameter can
  be used to deactivate autolinking

- modified url handlebars helper to handle tags

- added isTag function to schema

- added unit test for additional urlFor functionality

- added unit test for {{#tags}} helper modifications

- added unit test for url handlebards helper
2014-02-13 18:32:08 +01:00
Harry Wolff
b066e732dd Adds support for additional permalink structures
fixes #2057

- uses express’ Route object to create RegExp’s
 that we use to check the incoming path
- refactored structure of fronted controller single
 tests to be easier to read
- amend regex to incorporate new allowed permalink
 structure
2014-02-10 12:07:43 -05:00
John-David Dalton
6eab7b3f92 Replace underscore with lodash. 2014-02-06 14:08:34 +00:00
Hannah Wolfe
199a92d9cb Merge branch '0.4-maintenance'
Conflicts:
	core/server/config/paths.js
	core/test/unit/config_spec.js
2014-01-26 16:11:02 +00:00
John O'Nolan
7ebd104f3f Rename 'plugins' to 'apps'
Fixes #1988
2014-01-21 15:45:27 +07:00
Hannah Wolfe
2aa7288777 Merge pull request #1948 from sebgie/issue#1932-1
Fix display update notification
2014-01-20 07:24:02 -08:00
Sebastian Gierlinger
03cbc89a53 Fix posts.html and posts.markdown field type
closes #1947
- added fieldtype: medium for posts.html
- changed fieldtype: medium for posts.markdown
- added method to fix databases created with wrong field type
- added tests for database version 002
2014-01-15 14:29:23 +01:00
Sebastian Gierlinger
fd4f3051e6 Fix display update notification
closes #1932

- added showUpdateNotification with version check
- added temp workaround for boolean values in database
- changed default value from false to null
- updated tests
2014-01-14 20:46:36 +01:00
Hannah Wolfe
dcf4b1e4e4 Add update notifications
closes #1464

- adds opt-out via updateCheck:false in config.js
- update check is done on admin index, but doesn't interfere with rendering
- adds update check module, which gets the usage data, makes the request and handles the response
- adds two new settings to default-settings, one for next check time, and one for whether to show the notification
- adds a new rejectError method to errorHandling
- adds a new helper for displaying the notification

Conflicts:
	core/server/helpers/index.js
	core/test/unit/server_helpers_index_spec.js
2014-01-07 08:20:08 +00:00
Paul
b90752114e fix table scan for pg migrations 2014-01-06 16:32:20 -03:00
Hannah Wolfe
af6137248d New URL helper - URL consistency fixes
fixes #1765
fixes #1811
issue #1833

New UrlFor functions

- moved body of url helper to config.path.urlFor, which can generate a URL for various scenarios
- urlFor can take a string (name) or object (relativeUrl: '/') as the first
  argument - this is the first step towards issue #1833
- also added config.path.urlForPost which is async and handles getting
  permalink setting
- frontend controller, ghost_head helper, cache invalidation all now use
  urlFor or urlForPost all urls should be correct and consistent

URL Consistency Improvements

- refactored invalidateCache into cacheInvalidationHeader which returns a
  promise so that url can be generated properly by urlForPost
- moved isPost from models to schema, and refactored schema to have a tables object
- deleted posts now return the whole object, not just id and slug,
  ensuring cache invalidation header can be set on delete
- frontend controller rss and archive page redirects work properly with subdirectory
- removes {{url}} helper from admin and client, and replaced with adminUrl
  helper which also uses urlFor
- in res.locals ghostRoot becomes relativeUrl, and path is removed
2014-01-06 15:15:48 +00:00
Hannah Wolfe
d50354dde3 Update import tool to be safe
closes #1681

- import doesn't override user credentials
- import doesn't override theme
- import doesn't kill session
- import does refresh the settings cache
- updated tests, they now use a fixture instead of a generated export
- tests check to ensure import is safe
2013-12-29 13:23:23 +00:00
Harry Wolff
32528de4a4 Allows disabling of timestamps when importing posts
fixes #1696

- this is a temp workaround until full fledged support
is added directly to bookshelfjs
- when importing we use the import json blob’s timestamps
as the value that’s set in the DB 
- added tests for this change
2013-12-26 15:29:16 -05:00
Hannah Wolfe
c518e14bfb Merge pull request #1687 from sebgie/issue#1685
Fix 'dbHash' not found
2013-12-20 04:36:44 -08:00
John O'Nolan
fd2a2ad037 Update Ghost logo image fixture 2013-12-19 15:21:26 +00:00
Nick Pfisterer
f7e63eecaa Update default fixture to give better direction
closes #1561
- altered perspective of intro paragraph to reading from the blog
instead of from the content page
- added copy directing users to sign in to the admin area at /ghost/ and
edit the post before reading the 'Getting Started' section
- this should give the Markdown lessons better context and avoid users
getting confused as to what 'the left hand panel of Ghost' is
2013-12-16 18:18:35 -08:00
Sebastian Gierlinger
7ae543289d Fix 'dbHash' not found
closes #1685
- changed dbHash initialization from db direct access to api access
- added dbHash to default-settings.json
- added dbHash to tests
2013-12-16 11:16:06 +01:00
Fabian Becker
0169f47752 Fix failing migration.reset for Postgres.
refs #1333
2013-11-26 23:10:31 +00:00
Sebastian Gierlinger
3f2258e95b Replace cookieSession with session
- changed cookieSession to session
- added session.regenerate for login and logout
- added bookshelf session store
- added session table to database
- added import for databaseVersion 001
- added grunt task test-api
- cleanup of gruntfile to start express when needed only
- moved api tests to functional tests
2013-11-24 15:29:36 +01:00
Hannah Wolfe
7db5481f92 Merge pull request #1533 from jgillich/permalinks
Add Customisable Permalinks
2013-11-23 14:29:02 -08:00
Jakob Gillich
83d047c0ba Add Customisable Permalinks 2013-11-23 17:02:17 +01:00
Sebastian Gierlinger
77ed7f8ac6 Add transactions for import
closes #837
- added transaction handling for import
- added transactions to model functions
- added simple tests for failing imports
2013-11-20 21:36:02 +01:00
Sebastian Gierlinger
639c0d0627 Add schema.js
closes #1398
closes #1399
closes #1400
- added schema.js with database version '000'
- refactored migration to use schema.js
- if new table is added to schema.js and databaseVersion is increased, table will be added
- if new table is deleted to schema.js and databaseVersion is increased, table will be deleted
- alter table from issue #1400 is delayed until knex supports column modification
- changed import pre checks to work again (will be refactored separately)
- added basic PostgreSQL support (Attention: not supported/tested)
- changed error handling in server.js
2013-11-18 15:21:15 +01:00
Sebastian Gierlinger
8574813660 Bugfixes for tests 2013-11-05 15:02:12 +00:00
Hannah Wolfe
0db907ada2 Bump grunt-jslint and fix issues 2013-11-01 12:12:01 +00:00
Sebastian Gierlinger
c558cb7648 Add validation for importer
closes #952
- moved api.js to api/index.js
- added api/db.js for import and export functions
- moved /ghost/debug/db/export to GET /api/v0.1/db
- moved /ghost/debug/db/import to POST /api/v0.1/db
- removed /ghost/debug/db/reset
- added validation for import
- added constraints object to migration
2013-10-23 19:42:55 +01:00
Hannah Wolfe
65dcb17117 Merge branch '0.3.3-wip'
Conflicts:
	core/client/views/blog.js
	core/server/api.js
	core/server/views/default.hbs
	package.json
2013-10-20 10:09:39 +01:00
Tim Griesser
13639ad8d1 Updating to bookshelf 0.5.7 & knex 0.4.11 2013-10-17 18:23:36 +01:00
Hannah Wolfe
b5c5d531d1 Fix for unhandled promise on fresh db startup
issue #977

- As of the addition of when/monitor/console we now get errors about unhandled promises
- This fixes one which appeared when starting up without a DB
2013-10-09 16:58:50 +01:00
Hannah Wolfe
ee8d8102db Merge pull request #923 from ErisDS/0.3.1-wip-mysql
0.3.1 wip mysql
2013-09-27 05:04:45 -07:00
Hannah Wolfe
71711c1fd2 Drop tables in correct order
issue #858

- unit tests now run for MySQL
2013-09-27 11:54:09 +01:00
Hannah Wolfe
6369eb20be Remove broken image from fixture
issue #866

- this fixes the problem inside the fixture
2013-09-27 09:18:02 +01:00
John O'Nolan
d1957958e3 Cleanup indentation and quotes
Aligns all requirements vertically for easier reading + adds single quote standard consistently throughout Ghost, except in long strings.
2013-09-26 15:06:31 +01:00
Hannah Wolfe
02a02054e8 Handle duplicate tags on import
closes #890

- importer only adds tags which don't exist.
- added back the import unit tests - these are basic for now
2013-09-25 11:30:59 +01:00
Hannah Wolfe
f68633df20 Adding missing return to MySQL exporter
closes #888
2013-09-25 09:38:03 +01:00
Hannah Wolfe
0c545d5f2e Cleanup 2013-09-19 08:51:01 +01:00
Hannah Wolfe
5528423636 Client & Server side validation for posts per page
closes #839

- caused a 500 error
2013-09-19 07:55:37 +01:00
Hannah Wolfe
fe5df2b0d1 Updated Welcome to Ghost fixture
closes #790
2013-09-19 05:59:33 +01:00
Hannah Wolfe
eb6856dac3 Removing Temporary importer 2013-09-18 23:24:26 +01:00
Hannah Wolfe
571333bb5d Temporary Importer
- seems my very late night commit was a bit screwed.
2013-09-18 15:03:29 +01:00
Hannah Wolfe
e0edb6455d Temporary Importer
closes #735

 - make sure the importer gets loaded
 - additional preprocessing to ensure data can be loaded
 - removed old importers
2013-09-18 04:20:21 +01:00
Jacob Gable
6c0ddb4124 Importer for 003 Schema
- Add new 003.js in import based on 000.js
- Change importPosts and importUsers from the 000.js for new / default values
- Add language setting to black list
2013-09-18 04:20:17 +01:00
Hannah Wolfe
425328b4af Standard Importer
closes #734

- use models instead of knex so that we know we get correct data
- preprocesses post_tags, adds the right tags back to the posts

TODO

- deduplicate posts (if they have the same title and slug?)
2013-09-17 18:42:06 +01:00
Hannah Wolfe
117f70dcfd Merge pull request #752 from sebgie/settingsapi
Add setting filter
2013-09-15 09:53:23 -07:00
Hannah Wolfe
8d038b8bf2 One exporter to rule them all
closes #733

- Exporter will read meta data to determine the tables which are present and export all data from those tables
- Exporter figures out which version to export, rather than requiring that information
- deleted old exporters
2013-09-15 17:04:42 +01:00
Sebastian Gierlinger
bd8db968ea Add setting filter
closes #172
- added type to ghost.settings()
- added /api/settings?type=<filter>
- added availableThemes to settingsCache
- removed cachedSettingsRequestHandler
- removed /api/themes (including front end)
- changed activePlugins to type "plugin" in default-settings.json
2013-09-15 18:04:01 +02:00
Hannah Wolfe
71a92194ca Improved error messaging
closes #748

- Removed the alpha software warning
- Better error message output for the whole app - can now specify an error, a context, and a help message
- Improved invalid node version, start and stop messaging
- Listens for Ctrl+C and exits nicely
- Minor improvements to handling and errors with old DBs (temporary)
2013-09-15 13:52:58 +01:00
Hannah Wolfe
02436645fe Migration adds fixtures on first run only
closes #731, closes #732

- fixtures are imported using the models, rather than knex
- migration treats fresh installs differently
- migration throws errors for un-initialisable databases
- small amount of extra code to deal with old DBs still using currentVersion & give them a nice error message
2013-09-15 00:22:13 +01:00
Hannah Wolfe
b902f8109c Renaming default to defaultValue as default is reserved 2013-09-14 22:39:31 +01:00
Hannah Wolfe
9fcc0a6ed6 Renamed currentVersion setting to databaseVersion to avoid confusion with software version 2013-09-14 22:13:59 +01:00
Hannah Wolfe
d968495996 Mass renaming of things
Conflicts:
	core/client/views/settings.js
	core/server/models/user.js
2013-09-14 21:56:07 +01:00
Hannah Wolfe
d587a845d4 Set migrations to use new 000 schema
issue #632

- removed old schemas
- updated base model to reflect all of the consistent behaviours and properties across the models
- updated all models to match the new schema

TODO

- no fixtures are currently loaded except settings
- need to rename properties across the codebase
2013-09-14 20:01:46 +01:00
Hannah Wolfe
72229fa8ea Adding the new schema - it doesn't do anything yet
issue #632

- shiny new 000 file contains the new much more detailed schema
2013-09-14 19:17:41 +01:00
Hannah Wolfe
70824a247f Merge branch 'migrations-003' into new-version
Conflicts:
	.gitignore
	config.example.js
	core/server/models/post.js
	package.json
2013-09-14 19:15:04 +01:00
Hannah Wolfe
0b1ffcd1f5 Updating settings types
- issue #573, issue #632
2013-09-14 19:04:41 +01:00
Adam Howard
3823d10c35 Restructure default-settings.json and add validations to important settings. 2013-09-14 14:29:27 +01:00
Sebastian Gierlinger
8d16b20c49 Remove path from activeTheme
no issue
- obvious
2013-09-11 19:51:56 +02:00
Hannah Wolfe
687d7ed72d Changing icon setting to cover in defaults
issue #571

- forgot to do this
2013-09-10 20:05:35 +01:00
Sebastian Gierlinger
d9fb23496c Clean up config (non-env based settings)
closes #625
- removed defaultLang, forceI18n and activePlugins from config
- added values to default-settings.json
- updated to use values from settings
2013-09-06 18:46:50 +01:00
Sebastian Gierlinger
27ba9289d6 Add setting for posts per page
closes #593
- added default setting of 6 posts per page
- added posts per page to settings page
- added limit to frontend.js (setting does not change API behavior)
2013-09-05 14:56:09 +02:00
Hannah Wolfe
5bae29a0db Merge branch 'master' into migrations-003
Conflicts:
	core/server/data/migration/index.js
	core/server/models/post.js
2013-09-05 12:40:43 +01:00
Adam Howard
e24b5c3382 Proper settings infrastructure, allowing new features without compromising old data.
On server load, check for settings which have not been set, and apply a default value to the settings table from a JSON file.
2013-09-03 22:56:34 +01:00
William Dibbern
4f2421fac7 MySQL Support
Closes #364
- Confirmed integration with local mysql installation works.
- Updated fixtures and migration with appropriate schema-conforming
values.
- Updated schema with appropriate defaults and nullable columns.
- Updated fixDates function on model base to appropriately deserialize
values coming from SQLite now that dates are stored as actual DateTime
objects/ISO strings.
- Updated default language to be 'en_US'.
2013-08-19 17:25:02 -05:00
John O'Nolan
8762f531a7 Removed my personal information from fixtures as Ghost is starting to get deployed more frequently now for testing purposes.
Don't want random test sites accidentally ranking in search engines for my name.
2013-08-10 15:42:54 +02:00
Hannah Wolfe
338109c762 Data models import, export, and reset for 002
- added line to index.js to set node_env to development if it is not set
 - fixed a small bug with the persistent notifications and used them on debug page from server side
 - added 002 files to manage export and import for 002
 - 002 import is somewhat smarter than 001, merging settings (except version), replacing user & clearing primary keys
 - added reset to models and migration, which does the down operation the same way that init does the up operation
 - import and reset clear session & redirect to login / signup
 - additional unit tests
2013-08-05 13:56:30 +01:00
ErisDS
2a5e7ad516 Data model additions for post tags, custom data and uploads
closes #171, closes #314, closes #315

- added settings for blog logo and icon
- all other settings will need to be added as needed as it's impossible to guess what the default value should be
- added tables for post tags
- added tables for post custom data
- added location column to users
- fixeed minor bug in migrations
2013-08-05 13:56:30 +01:00
Jacob Gable
9393a956f4 Magnificent Migrations of Magical Majesty 2013-08-05 13:56:30 +01:00
ErisDS
b3b296f003 New fixture
- added new getting started fixture
- closes issue #13
2013-07-11 23:10:19 +01:00
Hannah Wolfe
30b4eb07f7 App restructure - closes #245
- This is a first pass at getting a more logical structure. The focus is on moving from admin/frontend to client/server.
- The location of the databases is highly important, this isn't expected to change again
In the future
- client/assets should probably become public/
- more stuff should be shared (helpers etc)
- cleanup some confusion around tpl and views
2013-07-11 20:23:34 +01:00