Daniel Lockyer
d1c58466b5
Updated repository links
...
no issue
- this repo changes from `master` to `main` a while back, but the
repository links needed updating too
2021-10-01 14:34:06 +01:00
Naz
8f4c4f66b5
Published new versions
...
- @tryghost/adapter-manager@0.2.16
- @tryghost/bootstrap-socket@0.2.11
- @tryghost/config-url-helpers@0.1.2
- @tryghost/constants@0.1.10
- @tryghost/errors@0.2.15
- @tryghost/image-transform@1.0.15
- @tryghost/job-manager@0.8.9
- @tryghost/limit-service@0.6.3
- @tryghost/moleculer-service-from-class@0.2.19
- @tryghost/mw-session-from-token@0.1.24
- @tryghost/package-json@1.0.4
- @tryghost/pretty-cli@1.2.20
- @tryghost/promise@0.1.11
- @tryghost/release-utils@0.6.17
- @tryghost/security@0.2.11
- @tryghost/session-service@0.1.26
- @tryghost/settings-path-manager@0.1.0
- @tryghost/tpl@0.1.5
- @tryghost/vhost-middleware@1.0.17
- @tryghost/zip@1.1.16
2021-09-30 19:23:46 +02:00
Renovate Bot
81bb6465fb
Update dependency mocha to v9.1.2
2021-09-27 01:04:25 +00:00
Renovate Bot
4a1da452e9
Update Test & linting packages
2021-09-22 14:29:23 +00:00
Naz
b428648665
Published new versions
...
- @tryghost/adapter-manager@0.2.15
- @tryghost/bootstrap-socket@0.2.10
- @tryghost/config-url-helpers@0.1.1
- @tryghost/constants@0.1.9
- @tryghost/errors@0.2.14
- @tryghost/image-transform@1.0.14
- @tryghost/job-manager@0.8.8
- @tryghost/limit-service@0.6.2
- @tryghost/moleculer-service-from-class@0.2.18
- @tryghost/mw-session-from-token@0.1.23
- @tryghost/package-json@1.0.3
- @tryghost/pretty-cli@1.2.19
- @tryghost/promise@0.1.10
- @tryghost/release-utils@0.6.16
- @tryghost/security@0.2.10
- @tryghost/session-service@0.1.25
- @tryghost/tpl@0.1.4
- @tryghost/vhost-middleware@1.0.16
- @tryghost/zip@1.1.15
2021-09-22 11:59:35 +02:00
Renovate Bot
ff5ee78825
Update dependency c8 to v7.9.0
2021-09-10 04:03:35 +00:00
Renovate Bot
2b7e2676eb
Update dependency c8 to v7.8.0
2021-07-28 17:56:14 +00:00
Daniel Lockyer
f918398779
Added c8 test coverage to all packages
...
refs https://github.com/TryGhost/Team/issues/870
- using `c8` allows us to see test coverage for all packages in the repo
- this commit adds `c8` as a dev dependency and prepends the `mocha`
command with `c8` so it runs on all tests
2021-07-14 11:26:06 +01:00
Hannah Wolfe
b06e2a4577
Published new versions
...
- @tryghost/adapter-manager@0.2.13
- @tryghost/bootstrap-socket@0.2.9
- @tryghost/constants@0.1.8
- @tryghost/errors@0.2.12
- @tryghost/image-transform@1.0.12
- @tryghost/job-manager@0.8.7
- @tryghost/limit-service@0.6.1
- @tryghost/moleculer-service-from-class@0.2.16
- @tryghost/mw-session-from-token@0.1.21
- @tryghost/package-json@0.1.2
- @tryghost/pretty-cli@1.2.18
- @tryghost/promise@0.1.9
- @tryghost/release-utils@0.6.15
- @tryghost/security@0.2.9
- @tryghost/session-service@0.1.23
- @tryghost/tpl@0.1.0
- @tryghost/vhost-middleware@1.0.15
- @tryghost/zip@1.1.14
2021-06-09 12:10:10 +01:00
Renovate Bot
c72d090c97
Update dependency mocha to v9
2021-06-09 09:58:44 +00:00
Renovate Bot
80b56b8976
Update dependency sinon to v11
2021-05-24 22:37:15 +00:00
Daniel Lockyer
098801de2c
Published new versions
...
- @tryghost/adapter-manager@0.2.12
- @tryghost/errors@0.2.11
- @tryghost/image-transform@1.0.11
- @tryghost/job-manager@0.8.4
- @tryghost/limit-service@0.4.2
- @tryghost/moleculer-service-from-class@0.2.15
- @tryghost/mw-session-from-token@0.1.19
- @tryghost/pretty-cli@1.2.17
- @tryghost/promise@0.1.8
- @tryghost/release-utils@0.6.14
- @tryghost/security@0.2.8
- @tryghost/session-service@0.1.20
- @tryghost/zip@1.1.12
2021-04-19 10:25:57 +01:00
Renovate Bot
3184ca584d
Pin dependencies
2021-04-16 12:28:10 +00:00
Daniel Lockyer
713cbd3cc4
Unpinned all dependencies
...
no issue
- this Utils repo contains libraries, whose dependencies should not be
pinned in order to reduce multiple versions of the same package
appearing for consumers
2021-04-16 13:06:54 +01:00
Renovate Bot
bc2b3aa6d1
Update dependency @tryghost/string to v0.1.17
2021-04-15 10:42:52 +01:00
Naz
e11c0f43cf
Published new versions
...
- @tryghost/adapter-manager@0.2.10
- @tryghost/bootstrap-socket@0.2.8
- @tryghost/constants@0.1.7
- @tryghost/errors@0.2.10
- @tryghost/image-transform@1.0.10
- @tryghost/job-manager@0.8.2
- @tryghost/limit-service@0.4.0
- @tryghost/moleculer-service-from-class@0.2.13
- @tryghost/mw-session-from-token@0.1.17
- @tryghost/pretty-cli@1.2.16
- @tryghost/promise@0.1.7
- @tryghost/release-utils@0.6.13
- @tryghost/security@0.2.7
- @tryghost/session-service@0.1.18
- @tryghost/vhost-middleware@1.0.14
- @tryghost/zip@1.1.11
2021-04-07 13:47:32 +12:00
Renovate Bot
01a3e89ef5
Update dependency sinon to v10
2021-04-02 01:16:56 +00:00
Renovate Bot
8fc2a06351
Update dependency lodash to v4.17.21
2021-04-01 22:14:30 +00:00
Renovate Bot
ff22540ef2
Update Test & linting packages
2021-04-01 09:44:12 +00:00
Naz
0e951cad36
Published new versions
...
- @tryghost/adapter-manager@0.2.9
- @tryghost/bootstrap-socket@0.2.7
- @tryghost/constants@0.1.6
- @tryghost/errors@0.2.9
- @tryghost/image-transform@1.0.9
- @tryghost/job-manager@0.8.0
- @tryghost/moleculer-service-from-class@0.2.12
- @tryghost/mw-session-from-token@0.1.16
- @tryghost/pretty-cli@1.2.15
- @tryghost/promise@0.1.6
- @tryghost/release-utils@0.6.12
- @tryghost/security@0.2.6
- @tryghost/session-service@0.1.17
- @tryghost/vhost-middleware@1.0.13
- @tryghost/zip@1.1.10
2021-02-22 19:13:32 +13:00
Renovate Bot
9399866e95
Update dependency mocha to v8.3.0
2021-02-11 19:30:19 +00:00
Daniel Lockyer
d8f529ef78
Published new versions
...
- @tryghost/adapter-manager@0.2.8
- @tryghost/bootstrap-socket@0.2.6
- @tryghost/constants@0.1.5
- @tryghost/errors@0.2.8
- @tryghost/image-transform@1.0.8
- @tryghost/job-manager@0.7.2
- @tryghost/moleculer-service-from-class@0.2.11
- @tryghost/mw-session-from-token@0.1.15
- @tryghost/pretty-cli@1.2.14
- @tryghost/promise@0.1.5
- @tryghost/release-utils@0.6.11
- @tryghost/security@0.2.5
- @tryghost/session-service@0.1.16
- @tryghost/vhost-middleware@1.0.12
- @tryghost/zip@1.1.9
2021-02-09 11:54:13 +00:00
John O'Nolan
61109d57a0
2021
2021-01-25 16:20:43 +00:00
Renovate Bot
4531b94d6b
Update dependency sinon to v9.2.4
2021-01-25 00:43:01 +00:00
Daniel Lockyer
c4e2208158
Published new versions
...
- @tryghost/adapter-manager@0.2.7
- @tryghost/bootstrap-socket@0.2.5
- @tryghost/constants@0.1.4
- @tryghost/errors@0.2.7
- @tryghost/image-transform@1.0.7
- @tryghost/job-manager@0.7.1
- @tryghost/moleculer-service-from-class@0.2.10
- @tryghost/mw-session-from-token@0.1.14
- @tryghost/pretty-cli@1.2.13
- @tryghost/promise@0.1.4
- @tryghost/release-utils@0.6.10
- @tryghost/security@0.2.4
- @tryghost/session-service@0.1.15
- @tryghost/vhost-middleware@1.0.11
- @tryghost/zip@1.1.8
2021-01-12 16:43:48 +00:00
Daniel Lockyer
f6d5480c4f
Renamed TryGhost/Ghost-Utils
links to TryGhost/Utils
...
no issue
- this repository has been renamed so this commit just brings all the
links inline with this change
2021-01-12 16:40:16 +00:00
Renovate Bot
70dff36657
Update dependency sinon to v9.2.3
2021-01-06 15:05:05 +00:00
Naz
2528f7978a
Published new versions
...
- @tryghost/adapter-manager@0.2.5
- @tryghost/bootstrap-socket@0.2.4
- @tryghost/constants@0.1.3
- @tryghost/errors@0.2.6
- @tryghost/image-transform@1.0.6
- @tryghost/job-manager@0.6.0
- @tryghost/moleculer-service-from-class@0.2.9
- @tryghost/mw-session-from-token@0.1.13
- @tryghost/pretty-cli@1.2.12
- @tryghost/promise@0.1.3
- @tryghost/release-utils@0.6.9
- @tryghost/security@0.2.3
- @tryghost/session-service@0.1.14
- @tryghost/zip@1.1.7
2020-12-14 17:36:18 +13:00
Renovate Bot
c3e3935c6d
Update dependency sinon to v9.2.2
2020-12-11 12:43:04 +00:00
Naz
06bc47678b
Published new versions
...
- @tryghost/adapter-manager@0.2.1
- @tryghost/job-manager@0.3.0
- @tryghost/mw-session-from-token@0.1.10
- @tryghost/security@0.2.2
- @tryghost/session-service@0.1.11
- @tryghost/zip@1.1.6
2020-11-19 18:17:14 +13:00
Renovate Bot
25bc90e615
Update dependency @tryghost/string to v0.1.14
2020-11-10 10:50:57 +00:00
Naz
9abbe60e10
Published new versions
...
- @tryghost/adapter-manager@0.2.0
- @tryghost/bootstrap-socket@0.2.3
- @tryghost/constants@0.1.2
- @tryghost/errors@0.2.5
- @tryghost/image-transform@1.0.5
- @tryghost/job-manager@0.1.2
- @tryghost/moleculer-service-from-class@0.2.7
- @tryghost/mw-session-from-token@0.1.9
- @tryghost/pretty-cli@1.2.11
- @tryghost/promise@0.1.2
- @tryghost/release-utils@0.6.8
- @tryghost/security@0.2.1
- @tryghost/session-service@0.1.10
- @tryghost/vhost-middleware@1.0.10
- @tryghost/zip@1.1.5
2020-11-05 17:38:41 +13:00
Renovate Bot
3802972c71
Update dependency mocha to v8.2.1
2020-11-02 23:07:13 +00:00
Renovate Bot
afd2b07d9f
Update dependency sinon to v9.2.1
2020-10-28 09:04:46 +00:00
Renovate Bot
05eb5b4cdc
Update dependency @tryghost/string to v0.1.13
2020-10-21 10:06:12 +01:00
Renovate Bot
22c32fee0d
Update dependency mocha to v8.2.0
2020-10-16 21:24:13 +00:00
Renovate Bot
38af1013b7
Update dependency sinon to v9.2.0
2020-10-06 19:10:59 +00:00
Renovate Bot
09a5f584c3
Update dependency @tryghost/string to v0.1.12
2020-09-30 03:05:47 +00:00
Renovate Bot
a7e0e73f16
Update dependency sinon to v9.1.0
2020-09-29 22:07:11 +00:00
Nazar Gargol
1f73b85e5e
Published new versions
...
- @tryghost/adapter-manager@0.1.11
- @tryghost/bootstrap-socket@0.2.2
- @tryghost/constants@0.1.1
- @tryghost/errors@0.2.4
- @tryghost/image-transform@1.0.4
- @tryghost/job-manager@0.1.1
- @tryghost/moleculer-service-from-class@0.2.6
- @tryghost/mw-session-from-token@0.1.8
- @tryghost/pretty-cli@1.2.10
- @tryghost/promise@0.1.1
- @tryghost/release-utils@0.6.7
- @tryghost/security@0.2.0
- @tryghost/session-service@0.1.9
- @tryghost/vhost-middleware@1.0.9
- @tryghost/zip@1.1.4
2020-09-22 15:36:49 +12:00
Nazar Gargol
d33b377c6a
Corrected "declared in uppper scope" linting errors
2020-09-22 15:33:30 +12:00
Nazar Gargol
07972312ed
Extended resetToken.compare return result with reason for comparison failure
...
refs https://github.com/TryGhost/Ghost/issues/11878
- To be able to identify the reason behind comparison failure on more granular level (like token expiration) had to provide additional information in return result for falsy token comparisons
2020-09-22 15:31:15 +12:00
Nazar Gargol
54f9ff24c2
Extended test coverage for tokens module
...
refs https://github.com/TryGhost/Ghost/issues/11878
- There are multiple reasons why the token can be invalid. This coverage is meant cover these reasons and pave the way for introduction of more rganular errors causing the invlid token
2020-09-22 13:17:07 +12:00
Renovate Bot
0633b9a7fe
Update dependency mocha to v8.1.3
2020-08-28 21:05:06 +00:00
Renovate Bot
155daf42c8
Update dependency mocha to v8.1.2
2020-08-25 20:08:54 +00:00
Renovate Bot
e5ba7185ee
Update dependency lodash to v4.17.20
2020-08-13 17:20:11 +00:00
Renovate Bot
cfa076f739
Update dependency @tryghost/string to v0.1.11
2020-08-13 09:25:00 +00:00
Daniel Lockyer
dcc269b9a9
Published new versions
...
- @tryghost/security@0.1.0
2020-08-11 13:49:57 +01:00
Daniel Lockyer
ccf0f074c7
Added missing dependencies for new @tryghost/security package
2020-08-11 13:47:34 +01:00
Daniel Lockyer
ec0ed397d9
Moved test files to correct name
...
- `yarn test` will look for files matching `*.test.js`, so this commit
fixes the name for the tests
2020-08-11 13:45:21 +01:00
Daniel Lockyer
14a53f696e
Populated index.js with exports to package components
...
- pulled lib/index.js up to root and fixed paths
2020-08-11 13:38:44 +01:00
Daniel Lockyer
aa1c597e71
Removed template test file
...
- real tests have been pulled in so we don't need this
2020-08-11 13:35:40 +01:00
Daniel Lockyer
ff9e980fcb
Merged security files and history from TryGhost/Ghost
...
* included commits:
Updated var declarations to const/let and no lists
Move tests from core to root (#11700 )
Updated to use slugify method from SDK for safe string
Added Node v10 Support (#10058 )
Dynamic Routing: Added migration for routes.yaml file (#9692 )
Fixed missing Bluebird require in `security/password.js` (#9624 )
🔥 Drop Node v4 Support
Added unit tests for models.Invite.add
Added lib.security.password lib
Moved unique identifier generation to lib/security
Moved tokens, url safe and safe string utility to lib/security
2020-08-11 13:30:09 +01:00
Daniel Lockyer
82a698ec0b
Created @tryghost/security package
2020-08-11 13:29:32 +01:00
Hannah Wolfe
36675b6494
Updated var declarations to const/let and no lists
...
- All var declarations are now const or let as per ES6
- All comma-separated lists / chained declarations are now one declaration per line
- This is for clarity/readability but also made running the var-to-const/let switch smoother
- ESLint rules updated to match
How this was done:
- npm install -g jscodeshift
- git clone https://github.com/cpojer/js-codemod.git
- git clone git@github.com:TryGhost/Ghost.git shallow-ghost
- cd shallow-ghost
- jscodeshift -t ../js-codemod/transforms/unchain-variables.js . -v=2
- jscodeshift -t ../js-codemod/transforms/no-vars.js . -v=2
- yarn
- yarn test
- yarn lint / fix various lint errors (almost all indent) by opening files and saving in vscode
- grunt test-regression
- sorted!
2020-04-29 16:51:13 +01:00
Hannah Wolfe
b57ecbcc4a
Move tests from core to root ( #11700 )
...
- move all test files from core/test to test/
- updated all imports and other references
- all code inside of core/ is then application code
- tests are correctly at the root level
- consistent with other repos/projects
Co-authored-by: Kevin Ansfield <kevin@lookingsideways.co.uk>
2020-03-30 16:26:47 +01:00
Rish
58084ac96e
Updated to use slugify method from SDK for safe string
...
refs #10618
- Updated lib safe string security method
2019-05-07 15:33:07 +05:30
Katharina Irrgang
7fb0b96f3e
Added Node v10 Support ( #10058 )
...
* Added Node v10 Support
no issue
Signed-off-by: kirrg001 <katharina.irrgang@googlemail.com>
* Bump amperize to version 0.3.8
no issue
* Bump mysql to version 2.16.0
no issue
- mysql 2.15.0 uses a deprecated notation for timers
- e.g. timers.unenroll()
* Bump sub dependencies
no issue
- e.g. knex-migrator used mysql 2.15.0
* Bump dependencies
no issue
* Replaced `new Buffer` with `Buffer.from`
no issue
- Buffer() is deprecated due to security and usability issues.
- https://nodejs.org/en/docs/guides/buffer-constructor-deprecation/
2018-10-30 15:45:51 +07:00
Katharina Irrgang
7d9e2a21ad
Dynamic Routing: Added migration for routes.yaml file ( #9692 )
...
refs #9601
- the home.hbs behaviour for the index collection (`/`) is hardcoded in Ghost
- we would like to migrate all existing routes.yaml files
- we only replace the file if the contents of the routes.yaml file equals the old routes.yaml format (with home.hbs as template)
- updated README of settings folder
- if we don't remove the home.hbs template from the default routes.yaml file, home.hbs will be rendered for any page of the index collection
- the backwards compatible behaviour was different
- only render home.hbs for page 1
- remember: the default routes.yaml file reflects how Ghost was working without dynamic routing
2018-06-22 20:28:01 +02:00
Ivan Akulov
e9d1d34739
Fixed missing Bluebird require in security/password.js
( #9624 )
...
no issue
2018-05-28 23:01:01 +02:00
kirrg001
c19a0c9942
🔥 Drop Node v4 Support
...
no issue
- support ends today
- see https://github.com/nodejs/Release
- removed `use strict`
2018-05-01 14:06:18 +02:00
kirrg001
a0ee411e6e
Added unit tests for models.Invite.add
...
no issue
- replaced token creation by `lib.common.security`
- added unit tests for adding invites
- allow a different invite status for internal access
2018-04-25 11:56:45 +02:00
kirrg001
5d1a4418bd
Added lib.security.password lib
...
no issue
- move password hashing and password comparison to lib/security/password
- added two unit test
- FYI: password hashing takes ~100ms
- we could probably mock password hashing in certain cases when unit testing
2018-02-15 21:13:04 +01:00
kirrg001
72911862e7
Moved unique identifier generation to lib/security
...
refs #9178
2017-12-14 13:52:20 +01:00
kirrg001
411ce69006
Moved tokens, url safe and safe string utility to lib/security
...
refs #9178
- we could now also move any crypto usages to lib/security, but no priority
- the main goal is to tidy up our utils folder
2017-12-14 13:38:00 +01:00