Commit Graph

3171 Commits

Author SHA1 Message Date
Kevin Ansfield
59a6f040d2 Fixed custom theme settings being clobbered with duplicate-named themes
refs https://github.com/TryGhost/Team/issues/1149

Ghost allows different themes to have the same `name` value in `package.json` but gives them a custom name based on the zip file used to upload it. The custom theme settings service however was always using the package.json name meaning that when syncing a theme with a duplicate name it was overwriting the settings for all other themes.

- bumped `@tryghost/custom-theme-settings-service` which changes the `.activateTheme()` signature to accept a theme name as the first argument
- updated our calls to `.activateTheme()` to pass Ghost's known theme name as the first argument so we're always syncing with the correct `theme` field value in the `custom_theme_settings` table
2021-10-20 13:25:02 +01:00
Thibaut Patel
c273727b5f Added api validation for custom settings
refs https://github.com/TryGhost/Team/issues/1107 https://github.com/TryGhost/Team/issues/1106

- Replicates the gscan custom theme settings validation in the admin api.
2021-10-20 13:36:41 +02:00
Renovate Bot
5524509274 Update dependency nock to v13.1.4 2021-10-20 10:22:32 +02:00
Daniel Lockyer
1fd980ee9b Set global Luxon timezone override to UTC
refs https://linear.app/tryghost/issue/CORE-113/start-off-luxon-refactor

- we're planning on switching to Luxon for our date/timezone library,
  eventually replacing `moment` and `moment-timezone`
- the first step is to set the global timezone override to UTC, which is
  done in `core/server/overrides.js`
- also adds a test to ensure we're setting the timezone correctly
- this was mostly pulled from https://moment.github.io/luxon/#/zones?id=changing-the-default-zone
2021-10-20 09:19:29 +02:00
Fabien O'Carroll
d303c40248 Fixed editing Offer description via API
no-issue

We were only updating the Offer description if it was truthy - rather
than if it existing, this resulting in empty strings or null not working
correctly.
2021-10-19 11:11:02 +02:00
Thibaut Patel
2891898f94 Added a rule to forbid the custom theme setting image type to have a default
refs https://github.com/TryGhost/Team/issues/1108

- The default is something that the theme developpers should be coding in the template rather than using a default value
2021-10-19 09:41:35 +02:00
Fabien O'Carroll
c5856d04e4 Added support for redemption_count to Offers API
refs https://github.com/TryGhost/Team/issues/1132

This adds redemption_count to the Offers API so that we can display how
many times an Offer has been used. This also adds the storage mechanism
for Offer Redemptions - which ensure that everytime a Checkout Session
is completed - we will create the Offer Redemption in the database.

This means that manual usage of the underlying will not count toward the
Offer redemption count, this is considered an edge case.
2021-10-18 17:40:05 +02:00
Daniel Lockyer
f9f0fb34f2
Merged v4.19.1 into main
v4.19.1
2021-10-18 15:10:22 +02:00
Daniel Lockyer
5c5233afc0 v4.19.1 2021-10-18 14:09:17 +01:00
Fabien O'Carroll
67b517e1fb 🐛 Fixed handling of "incomplete" subscriptions
refs https://github.com/TryGhost/Team/issues/1156

When a payment fails but Stripe Checkout succeeds, a subscription is
created in the "incomplete" status. This would result in a Member not
being linked to the Product. When the subscription was later updated to
"active" or trialing - the Product would still not be added!

This updates the members-api to always link the Product to the Member
for active subscriptions - regardless of if they're new or not.
2021-10-18 14:39:28 +02:00
Renovate Bot
5d60b564af
Fixed double logging library initialization
- we have the `@tryghost/logging` library to manage logging across all
  our code
- this package is intended to be a singleton, otherwise we have multiple
  versions of logging loaded
- we sometimes have problems where dependencies also use
  `@tryghost/logging` but Ghost's yarn.lock is not regenerated to update
  this
- this means we have multiple versions of `@tryghost/logging` running
- this commit updates the dependency @tryghost/update-check-service to
  v0.2.4 to clean up the yarn.lock of multiple versions
2021-10-18 14:28:26 +02:00
Renovate Bot
c768133357 Update dependency jwks-rsa to v2.0.5 2021-10-18 08:29:43 +02:00
Daniel Lockyer
f4fb0fcbaa Improved Ghost boot time and memory usage by lazy loading routes
no issue

- right now, we mount all API endpoints (v2, v3 and canary), alongside some
  other routes, when Ghost is booting. This is wasteful because we don't
  necessarily need any of the endpoints to get Ghost up and running
- even when Admin is used, it uses `canary` so `v2` and `v3` sit in memory
- the better approach here is to lazy load these endpoints, so they only
  get mounted when needed
- this commit adds the `lazyUse` function into our Express lib,
  which takes a mount path and a module function to execute down the
  line. This gets passed to the wonderful `express-lazy-router` lib which
  detects when we're calling an unmounted module and will mount it for
  us
- from local testing, this speeds up boot time by about 18% and reduces
  initial memory usage by about 6% 🚀
2021-10-15 17:52:07 +02:00
Daniel Lockyer
cea17cfb31 v4.19.0 2021-10-15 16:23:19 +01:00
Renovate Bot
d44666fe11
Update dependency mocha to v9.1.3 2021-10-15 12:26:03 +00:00
Thibaut Patel
3d57ac4464 Moved the match helper to GA in gscan. Updated the custom theme select gscan rule to work with the updated match behavior.
refs 50134193be
refs c3b346bb1a
2021-10-14 18:45:00 +02:00
Renovate Bot
565ced555c Update dependency @tryghost/custom-theme-settings-service to v0.1.2 2021-10-14 17:11:58 +02:00
Renovate Bot
c8082c9c43 Update dependency @tryghost/metrics to v0.2.4 2021-10-14 17:11:27 +02:00
Thibaut Patel
2748ed6d0a Fixed a gscan check to force custom theme setting of type color to always have a default value
ref e6a477b3b5
2021-10-14 14:51:44 +02:00
Renovate Bot
107f519310 Update dependency @tryghost/request to v0.1.7 2021-10-14 14:41:34 +02:00
Renovate Bot
aa67e2d463 Pin dependency gscan to 4.7.0 2021-10-14 14:17:57 +02:00
Fabien O'Carroll
d3e291eea6 Fixed Offer usage with Stripe Checkout
no-issue

An update in the MembersAPI meant that coupons were not correctly being
passed to Stripe Checkout. This bump contains the fix to ensure they
are.
2021-10-14 12:09:58 +02:00
Thibaut Patel
a9be1d41c3 Added two gscan rules to validate defaults for custom theme settings of type boolean and color
ref f67fbdf2b4
2021-10-14 11:55:32 +02:00
Renovate Bot
78d322b935 Update dependency @tryghost/bookshelf-plugins to v0.3.3 2021-10-14 11:11:13 +02:00
Renovate Bot
edc12ea128 Update dependency @tryghost/version to v0.1.6 2021-10-14 11:11:01 +02:00
Renovate Bot
cfdd379ddd Update dependency @tryghost/metrics to v0.2.3 2021-10-14 10:04:49 +02:00
Renovate Bot
5438b32155 Update dependency @tryghost/debug to v0.1.8 2021-10-14 10:04:38 +02:00
Renovate Bot
7c4963b579 Update dependency @tryghost/tpl to v0.1.7 2021-10-14 10:04:08 +02:00
Renovate Bot
60adebd815 Update dependency @tryghost/validator to v0.1.7 2021-10-14 10:03:57 +02:00
Renovate Bot
3f9278943c Update dependency @tryghost/root-utils to v0.3.6 2021-10-14 10:03:34 +02:00
Renovate Bot
a3d202fee1 Update dependency @tryghost/logging to v0.2.2 2021-10-14 10:03:26 +02:00
Renovate Bot
2a58e72d10 Update dependency @tryghost/nodemailer to v0.3.5 2021-10-14 10:03:12 +02:00
Renovate Bot
7499641843
Update dependency sanitize-html to v2.5.2 2021-10-13 19:23:34 +00:00
Thibaut Patel
dc4694d8d3 Added a gscan check to prevent the declaration of unused custom theme setting
ref 136e02adfd
ref https://github.com/TryGhost/Team/issues/1105

- Custom theme settings are defined in package.json, this rule triggers an error if a defined rule doesn't appear in any handlebars templates.
2021-10-13 18:30:58 +02:00
Daniel Lockyer
64f2aa2af5
Updated @tryghost/metrics dependency
no issue

- this adds in some missing dependencies of `@tryghost/metrics`
2021-10-13 14:48:05 +02:00
Fabien O'Carroll
7722780539 Restricted archived Offers from being used for Checkout
refs https://github.com/TryGhost/Team/issues/1133

This updates the MembersAPI Checkout Session handling to 403 if an
attempt is made to create a Checkout Session using an archived Offer.
2021-10-13 11:23:05 +02:00
Fabien O'Carroll
a441825c3f Passed MembersAPI the OffersAPI over OfferRepository
no-issue

The MembersAPI using the OfferRepository coupled it to the internals of
the Offers Module - instead we pass the "external" API - so that we can
change the internals, and not have to update the MembersAPI's usage.
2021-10-13 11:17:32 +02:00
Naz
dbdf7160bf Simplified DynamicRedirectManager's constructor
refs https://linear.app/tryghost/issue/CORE-84/have-a-look-at-the-eggs-redirects-refactor-branch

- This simplification allows to make the test for dependent services a lot more readable without a need to stub urlUtils
2021-10-13 10:04:55 +02:00
Fabien O'Carroll
b1914758b8 Added support for filter Offers by status
refs https://github.com/TryGhost/Team/issues/1131

This will allow Ghost Admin to display separate lists of active and
archived Offers! We must pass the options through so that the
OffersService is able to handle the filter passed in the request.
2021-10-12 18:39:25 +02:00
Thibaut Patel
836b5b4a0e Added a gscan check to make sure the match helper on custom settings of type select is used against specified options
refs 056928f7b9
refs https://github.com/TryGhost/Team/issues/1105
2021-10-12 18:35:02 +02:00
Fabien O'Carroll
dc3dad4524 Added initial support for Offer status
refs https://github.com/TryGhost/Team/issues/1131

This updates the Offers Service to include the `status` of an Offer,
which will be either 'active' or 'archived'. It also allows setting the
`status` of an Offer to one of these two values when adding & editing
Offers.
2021-10-12 17:15:26 +02:00
Sam Lord
a535cfdf16 Added metric-shipping to monitor boot-time
no issue
Boot-time metrics are really valuable for understanding how releases affect the performance of Ghost. The new @tryghost/metrics package lets us ship these metrics to different sources using the same configuration framework as @tryghost/logging introduced.
2021-10-12 15:01:50 +01:00
Thibaut Patel
f8b19f286a Added gscan checks for custom themes settings
refs https://github.com/TryGhost/Team/issues/1105

- checks package.json for the config.custom object shape
- checks for unknown custom theme settings
2021-10-12 14:52:50 +02:00
Renovate Bot
c5459db52e
Update dependency keypair to v1.0.4 2021-10-11 21:11:01 +00:00
Naz
421c71d4db Added debug output to the email analytics jobs
closes https://linear.app/tryghost/issue/CORE-91/add-email-analytics-job-unstalling-mechanism

- Additional debug stagements should give better visibility into what's going on with the internal services fetching email events.
- To see all email analytics related outputs use following DEBUG value:

DEBUG=@tryghost/email-analytics-provider-mailgun:email-analytics*
2021-10-11 19:11:23 +02:00
Renovate Bot
6dcad04dcc Update dependency @lodder/grunt-postcss to v3.1.0 2021-10-11 14:31:54 +02:00
Renovate Bot
361184fc1c
Update metascraper to v5.24.9 2021-10-11 09:05:09 +00:00
Kevin Ansfield
c33b596e9c
Added API tests for custom theme settings (#13519)
refs https://github.com/TryGhost/Team/issues/1104

- bumped `@tryghost/custom-theme-settings-service` so it throws a more appropriate `ValidationError` when setting keys don't exist or a select value is not known
- changed the custom theme settings service to have a `.init()` method which creates an instance of the service under `.api` so that we're able to create the instance at a particular point in the boot process when we know the models have been initialised
  - there were problems in tests because the service was being initialised through the require chain before models were initialised through the boot process
- fixed incorrect `camelCase` of resource name in API responses
2021-10-08 16:18:49 +01:00
Daniel Lockyer
7ad6dec0e0 v4.18.0 2021-10-08 16:00:26 +01:00
Daniel Lockyer
a6833077a7 Optimized database integrity check
refs 838fe54628

- see referenced commit for majority of context but in short,
  knex-migrator was doing a DB query per migration folder
- in Ghost, we currently have 79 folders, which results in 79
  queries during boot... owch
- the bump to knex-migrator in this commit uses a smarter method of
  grouping together the DB entries in 1 query, resulting in a drop of 79
  queries -> 1 query
2021-10-08 15:06:46 +01:00
Fabien O'Carroll
d9bcd4ec82 Fixed Stripe Checkout for Offers with monthly Cadence
no-issue

We were incorrectly checking the Offer Cadence and sending Members to
the yearly checkout.
2021-10-08 15:22:51 +02:00
Fabien O'Carroll
955621fa21 Removed requirement for Offer description field
refs https://github.com/TryGhost/Team/issues/1083

This field is not required but was previously causing API errors when
missing, the bump to members-offers removes this requirement.
2021-10-08 12:44:14 +02:00
Fabien O'Carroll
999cff35cf Supported repeating Offers for monthly Cadence
refs https://github.com/TryGhost/Team/issues/1083

Offers with a "repeating" duration will repeat for a number of months.
These offers are restricted to the monthly Cadence. This updates the
members-offers module to add support for them.
2021-10-08 12:15:11 +02:00
Fabien O'Carroll
817b2a3b0b Fixed Offers not sending back currency
refs https://github.com/TryGhost/Team/issues/1083

Offers should send back their currency when they are for a fixed amount
- this was missing that.
2021-10-08 11:43:40 +02:00
Renovate Bot
ff62a07142 Update dependency passport to v0.5.0 2021-10-08 10:32:41 +01:00
Renovate Bot
d9e426df0e Update dependency c8 to v7.10.0 2021-10-08 10:29:55 +01:00
renovate[bot]
47ffefe93e
Update dependency @tryghost/custom-theme-settings-service to v0.1.0 (#13512)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-10-07 23:07:20 +01:00
Fabien O'Carroll
15466b33ee Fixed durations for coupons created for Offers
refs https://github.com/TryGhost/Team/issues/1083

Previously we were not forwarding the Offer duration to Stripe.
2021-10-07 19:03:05 +02:00
renovate[bot]
ab9fc8e848
Supported fixed-amount & forever Offers
refs https://github.com/TryGhost/Team/issues/1083

The @tryghost/members-offers package has been updated to add support for 
more Offer durations and types

Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-10-07 18:57:54 +02:00
Renovate Bot
7555020a49 Pin dependency @tryghost/express-dynamic-redirects to 0.1.0 2021-10-07 16:52:23 +01:00
renovate[bot]
f8dd0b3d56
Ensured Offer codes are slugified
refs https://github.com/TryGhost/Team/issues/1083

As Offer codes are used in redirects we must ensure they're URL safe
2021-10-07 16:10:46 +02:00
Naz
10a24393d0 🐛 Fixed alert notifications being sent out to non-active users
refs https://linear.app/tryghost/issue/CORE-63/restrict-update-service-notifications-to-active-admins

- It only makes sense to notify active users about a notification of 'alert' or any other type really.
2021-10-06 22:34:25 +02:00
Renovate Bot
f3efd9834a
Update dependency @sentry/node to v6.13.3 2021-10-06 17:34:22 +00:00
Fabien O'Carroll
6220406716 Added support for Offers with Stripe Checkout
refs https://github.com/TryGhost/Team/issues/1090

This updates the Members & Offers modules to provide support for using
Offers in Stripe Checkout.

Members module now needs a handle to the Offers module repository, and
as such we have had to reorder the services boot order.
2021-10-06 17:24:39 +02:00
Hannah Wolfe
726db1c0ec
Added integration test config & moved db-driven tests
- some tests are necessarily driven from the db
- these are like unit tests, except they only make sense if using the db - else you have to stub too much to make them worthwhile
- for these rare but important cases, we have the clear concept of integration tests
2021-10-06 13:51:24 +01:00
Hannah Wolfe
624414e0c1
Moved server e2e tests to own folder
- We have a bunch of important server-related e2e tests
- Make these clear in their own folder
- "server" is everything that isn't the api or the frontend - kind of a catch-all concept
2021-10-06 12:55:37 +01:00
Hannah Wolfe
1dec3d56b1
Renamed our acceptance tests to "e2e"
- These are end-to-end tests, make it clearer what they are and what they are supposed to do
2021-10-06 12:40:52 +01:00
Fabien O'Carroll
3742a4afb7 Added Offers service
refs https://github.com/TryGhost/Team/issues/1083

This adds the Offers service which will allow us to build out an Admin
API to communicate with it. As well as wiring up the redirects to the
site app.
2021-10-06 12:33:19 +02:00
Renovate Bot
4f406318a9 Update dependency coffeescript to v2.6.1 2021-10-05 09:29:46 +01:00
Renovate Bot
9e7a789575 Update dependency postcss to v8.3.9 2021-10-05 08:35:08 +01:00
Daniel Lockyer
0ec6b425ee
Merged v4.17.1 into main
v4.17.1
2021-10-05 08:33:42 +01:00
Daniel Lockyer
a145c7b1b8 v4.17.1 2021-10-05 08:31:40 +01:00
Fabien O'Carroll
cda041d424 Moved StripeAPIService to its own service
refs https://github.com/TryGhost/Team/issues/1083

The Offers service is going to need access to the StripeAPIService too,
so we need to move it out of the @tryghost/members-api module and make
it accessible to both.
2021-10-04 19:28:19 +02:00
Renovate Bot
2acbf9fb50 Update dependency @tryghost/zip to v1.1.17 2021-10-04 16:40:06 +01:00
Renovate Bot
ada99d3e9d Update dependency @tryghost/package-json to v1.0.5 2021-10-04 16:12:35 +01:00
Renovate Bot
7941bfcafa Update dependency @tryghost/vhost-middleware to v1.0.18 2021-10-04 16:10:38 +01:00
Renovate Bot
d6347d80b3 Update dependency @tryghost/security to v0.2.12 2021-10-04 16:10:26 +01:00
Renovate Bot
18a6f536a1 Update dependency @tryghost/job-manager to v0.8.10 2021-10-04 16:08:02 +01:00
Renovate Bot
e24adb436b Update dependency @tryghost/session-service to v0.1.27 2021-10-04 16:05:54 +01:00
Renovate Bot
da0d97449f Update dependency @tryghost/promise to v0.1.12 2021-10-04 16:05:40 +01:00
Renovate Bot
e657527fa8 Update dependency @tryghost/mw-session-from-token to v0.1.25 2021-10-04 16:03:58 +01:00
Renovate Bot
682bb1cb1e Update dependency @tryghost/limit-service to v0.6.4 2021-10-04 16:03:40 +01:00
Renovate Bot
79f778c469 Update dependency @tryghost/errors to v0.2.16 2021-10-04 16:03:27 +01:00
Renovate Bot
9412515e98 Update dependency @tryghost/image-transform to v1.0.16 2021-10-04 16:00:43 +01:00
Renovate Bot
55f951f58f Update dependency @tryghost/constants to v0.1.11 2021-10-04 16:00:34 +01:00
Renovate Bot
ed069d51d3 Update dependency @tryghost/bootstrap-socket to v0.2.12 2021-10-04 16:00:27 +01:00
Renovate Bot
e53bafb1aa Update dependency @tryghost/adapter-manager to v0.2.17 2021-10-04 16:00:18 +01:00
Kevin Ansfield
28fb6f2939 Fixed errors when syncing theme settings
no issue

- bumped `@tryghost/custom-theme-settings-service`
- fixes errors when a previously seen theme setting has been removed from the theme when syncing
- fixes settings for non-active theme being deleted/updated instead of just settings for the current theme
2021-10-04 12:17:41 +01:00
Renovate Bot
c2ea67b2ff
Update metascraper to v5.24.8 2021-10-04 00:23:21 +00:00
Daniel Lockyer
e0f6d59046 v4.17.0 2021-10-01 16:00:30 +01:00
Fabien O'Carroll
ea42fac527 Charged payment for Subscription upgrades immediately
refs https://github.com/TryGhost/Team/issues/1075

This includes changes to how we handle upgrading subscriptions to ensure
that members are immediately charged for upgrades. This fixes a flaw
where upgrading would not be charged until the end of the current
billing cycle, essentially giving free upgraded access for a period of
time.
2021-10-01 13:22:19 +02:00
Renovate Bot
ef20a564a1 Update dependency @tryghost/email-analytics-provider-mailgun to v1.0.2 2021-10-01 11:25:19 +01:00
Renovate Bot
64124b9cea Update dependency @tryghost/email-analytics-service to v1.0.2 2021-10-01 10:48:19 +01:00
Renovate Bot
dedfebfdca Update dependency @tryghost/constants to v0.1.10 2021-10-01 10:19:16 +01:00
Renovate Bot
12451d413d Update dependency @tryghost/errors to v0.2.15 2021-10-01 09:54:05 +01:00
Renovate Bot
795cf55c11 Update dependency @tryghost/image-transform to v1.0.15 2021-10-01 09:53:58 +01:00
Renovate Bot
e28b87c836 Update dependency @tryghost/package-json to v1.0.4 2021-10-01 09:53:49 +01:00
Renovate Bot
1e749d78d8 Update dependency @tryghost/session-service to v0.1.26 2021-10-01 09:53:43 +01:00
Renovate Bot
47a582b51c Update dependency @tryghost/vhost-middleware to v1.0.17 2021-10-01 09:53:23 +01:00
Renovate Bot
55ee3ea1c6 Update dependency @tryghost/mw-session-from-token to v0.1.24 2021-10-01 08:41:24 +01:00
Renovate Bot
7be5e861c7 Update dependency @tryghost/security to v0.2.11 2021-10-01 08:41:01 +01:00
Renovate Bot
612a202525 Update dependency @tryghost/promise to v0.1.11 2021-10-01 08:40:52 +01:00
Renovate Bot
4ac27cd889 Update dependency @tryghost/bootstrap-socket to v0.2.11 2021-10-01 08:40:14 +01:00
Renovate Bot
a98b1e8541 Update dependency @tryghost/adapter-manager to v0.2.16 2021-10-01 08:40:09 +01:00
Renovate Bot
99fdfe8ec8 Update dependency @tryghost/config-url-helpers to v0.1.2 2021-10-01 08:40:01 +01:00
Renovate Bot
568dfc7d34 Update dependency @tryghost/tpl to v0.1.5 2021-10-01 08:39:16 +01:00
Renovate Bot
656237a7cf Update dependency @tryghost/zip to v1.1.16 2021-10-01 08:39:07 +01:00
Renovate Bot
07a7c0ea4c Update dependency @tryghost/limit-service to v0.6.3 2021-10-01 08:38:51 +01:00
Renovate Bot
9642635ca9 Update dependency @tryghost/job-manager to v0.8.9 2021-10-01 08:38:40 +01:00
renovate[bot]
1b6253e140
Update dependency @tryghost/members-importer to v0.3.3 (#13372)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-09-29 10:58:10 +02:00
Kevin Ansfield
59adb9a9cb Added route for updating custom theme settings
refs https://github.com/TryGhost/Team/issues/1070

- bumped `@tryghost/custom-theme-settings-service` for access to `.updateSettings()`
- added `PUT /custom_theme_settings` route that delegates to `customThemeSettingsService.updateSettings()` to perform the db and cache updates
- invalidates the cache in Ghost because a theme setting change will mean the front-end output will change
2021-09-28 16:09:39 +01:00
Daniel Lockyer
1e5f28727d
🐛 Fixed mail config not respecting disabled secure connections
refs https://forum.ghost.org/t/un-noticed-email-config-change-in-4-15-16/25869/6
refs https://linear.app/tryghost/issue/CORE-66/fixed-secureconnection-alias-for-nodemailer

- `secureConnection` was removed in Nodemailer 1.0.2 in favor of
  `secure` but we're locked into supporting it because a lot of
  our users will have it in their config
- I attempted to alias it to keep compatibility but I did this
  incorrectly and only handled the cases where it was set to `true`
- this meant users who had disabled secure connections were seeing SSL
  warnings because the library was trying to connect via SSL to a
  non-SSL endpoint
- the aliasing is fixed in `@tryghost/nodemailer` 0.3.3 and so this
  commit bumps the package in Ghost
2021-09-28 15:19:36 +01:00
renovate[bot]
9797787c4b
Update dependency @tryghost/magic-link to v1.0.13 (#13370)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-09-28 16:09:07 +02:00
renovate[bot]
135bb6a4a4
Update dependency @tryghost/members-csv to v1.1.7 (#13371)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-09-28 16:08:50 +02:00
renovate[bot]
7044fd459e
Update dependency @tryghost/members-ssr to v1.0.14 (#13373)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-09-28 15:44:06 +02:00
Fabien O'Carroll
b22050c037 Added initial support for Offers 1-day version
refs https://github.com/TryGhost/Team/issues/1090

This updates the members-api to allow passing an Offer ID when creating
a Stripe Checkout Session. This will be used for the 1-day version of
Offers.
2021-09-28 15:10:27 +02:00
Renovate Bot
328a88087b
Update metascraper to v5.24.7 2021-09-27 21:15:26 +00:00
Renovate Bot
85c46b4eda Update dependency postcss to v8.3.8 2021-09-27 13:00:59 +01:00
Kevin Ansfield
2947db0e6b
Added API endpoint for browsing custom theme settings (#13362)
refs https://github.com/TryGhost/Team/issues/1070

- bumped `@tryghost/custom-theme-settings-service` to get access to `.listSettings()` method
- added GET `/api/canary/admin/theme_settings/` route behind `'customThemeSettings'` feature flag that uses the custom theme settings service to return settings resources that are a combination of the theme-provided definition and the saved value
2021-09-27 11:31:47 +01:00
Renovate Bot
91a6917563
Update dependency mocha to v9.1.2 2021-09-27 03:11:58 +00:00
Daniel Lockyer
a3f46708e2
v4.16.0 2021-09-23 16:04:57 +01:00
Kevin Ansfield
04dd409243
Added syncing and theme exposure of custom theme settings (#13354)
refs https://github.com/TryGhost/Team/issues/1070

- added `@tryghost/custom-theme-settings-service` as a dependency
- `core/server/services/custom-theme-settings` creates an instance of the new service passing in the model used for storing the setting keys/values and a cache instance
- requiring `core/shared/services/custom-theme-settings-cache` creates a cache instance, it has no dependencies so can be required anywhere and the first require will initialize the shared instance
- updated the theme activation bridge to trigger the theme settings service to sync the newly activated theme settings and populate the cache
- updated theme validation to pass `labs` through as an option so that we get custom theme settings back as part of the checked theme as that's what is passed to the custom theme settings service
2021-09-23 12:44:39 +01:00
Renovate Bot
cecec3d253 Update dependency @tryghost/email-analytics-service to v1.0.1 2021-09-23 12:39:32 +01:00
Fabien O'Carroll
91907cd900 Bumped @tryghost/members-api for security patch
refs https://github.com/TryGhost/Ghost/commit/944c2cc9af

The original fix for this happened off of `main` on a separate branch for
v4.15.1 - the same was the case for the @tryghost/members-api package.

Because work happened on both packages in `main`, since the versions
that were patched, we needed to rebump the dependency here to include
the changes.
2021-09-23 12:18:08 +02:00
Daniel Lockyer
57664696a4 v4.15.1
-----BEGIN PGP SIGNATURE-----
 
 iHUEABYIAB0WIQTqYa7kNs8D7Oo9dgLSEYbwtHKVrQUCYUxOIgAKCRDSEYbwtHKV
 reO6AQCL2mFdVLBwRbpVQa2Zs9RlYKk88ivLRMpAZPPiElNblQEAqt710wrVbMwm
 hOOWbWdFpPOWCrop9zhO8GJSPeNpJw0=
 =Ff3M
 -----END PGP SIGNATURE-----
gpgsig -----BEGIN PGP SIGNATURE-----
 
 iHUEABYIAB0WIQTqYa7kNs8D7Oo9dgLSEYbwtHKVrQUCYUxTawAKCRDSEYbwtHKV
 ra28AQCcambctLCH70Sc7SJmexojA5k6Ti0p3pwOktWY/WygZQEAlMEHSDw89wdY
 3U8R8zY1d1MeXqj51Op95sTYwiDAjg8=
 =HoUL
 -----END PGP SIGNATURE-----

Merged v4.15.1 into main

v4.15.1
2021-09-23 11:13:56 +01:00
Daniel Lockyer
94d3f556e6
v4.15.1 2021-09-23 10:51:30 +01:00
Fabien O'Carroll
944c2cc9af
🔒 Fixed member email change vulnerability
refs https://github.com/TryGhost/Ghost/security/advisories/GHSA-65p7-pjj8-ggmr

This updates the signup/signin flow for members to no longer support the
email address change flow - which had missing authentication. It has
been replaced with a dedicated email change flow, and Portal has been
updated to use it.
2021-09-23 10:49:30 +01:00
Renovate Bot
8560aa6b34 Update dependency @tryghost/email-analytics-provider-mailgun to v1.0.1 2021-09-23 10:09:38 +01:00
Daniel Lockyer
20870aa2fa
🐛 Fixed sending emails via SES or non-standard SMTP config
fixes https://linear.app/tryghost/issue/CORE-45/

- this commit fixes two email related issues:
    - SES transport: the auth mechanism was set up wrong and so none of
      the requests would go through. This now follows the docs on https://nodemailer.com/transports/ses/
    - SMTP transport: the latest versions of Nodemailer don't seem to
      allow overriding of options if a service is present. I've filed
      https://github.com/nodemailer/nodemailer/issues/1327 but in the
      mean time, I assign the options back to the transporter object
      to ensure they always get applied
- I've fixed this in our `@trghost/nodemailer` package and so this commit
  bumps that here
2021-09-23 10:08:43 +01:00
Renovate Bot
592ac2dcb7
Update dependency @tryghost/update-check-service to v0.2.2 2021-09-23 10:08:43 +01:00
Renovate Bot
701d5555a2
Update dependency glob to v7.2.0 2021-09-23 01:03:51 +00:00
Renovate Bot
5da0caf9cc Update dependency @tryghost/package-json to v1.0.3 2021-09-22 19:17:29 +01:00
Renovate Bot
99c776aa10 Update dependency @tryghost/constants to v0.1.9 2021-09-22 19:17:20 +01:00
Renovate Bot
c52d1bbe37 Update dependency @tryghost/job-manager to v0.8.8 2021-09-22 19:17:12 +01:00
Renovate Bot
9c64228e13 Update dependency @tryghost/mw-session-from-token to v0.1.23 2021-09-22 19:17:05 +01:00
Renovate Bot
ee67df704e Update dependency @tryghost/vhost-middleware to v1.0.16 2021-09-22 19:16:58 +01:00
Renovate Bot
cabb7c779b Update dependency @tryghost/security to v0.2.10 2021-09-22 19:16:45 +01:00
Renovate Bot
a8fb066c71 Update dependency @tryghost/limit-service to v0.6.2 2021-09-22 18:02:34 +01:00
Renovate Bot
e6845237e0 Update dependency @tryghost/image-transform to v1.0.14 2021-09-22 18:02:09 +01:00
Renovate Bot
ca798ccb73 Update dependency @tryghost/errors to v0.2.14 2021-09-22 18:02:00 +01:00
Renovate Bot
cd008a6d48 Update dependency @tryghost/config-url-helpers to v0.1.1 2021-09-22 18:01:50 +01:00
Renovate Bot
db907f88f2 Update dependency @tryghost/bootstrap-socket to v0.2.10 2021-09-22 18:01:44 +01:00
Renovate Bot
0c4e119483 Update dependency @tryghost/adapter-manager to v0.2.15 2021-09-22 18:01:38 +01:00
Renovate Bot
be47f78293 Update dependency @tryghost/promise to v0.1.10 2021-09-22 18:01:17 +01:00
Renovate Bot
27ce353222 Update dependency @tryghost/session-service to v0.1.25 2021-09-22 18:01:07 +01:00
Renovate Bot
db2c7b64dd Update dependency @tryghost/tpl to v0.1.4 2021-09-22 18:00:59 +01:00
Renovate Bot
40fd068229 Update dependency @tryghost/zip to v1.1.15 2021-09-22 18:00:40 +01:00
Renovate Bot
23bece59a9 Update dependency @tryghost/update-check-service to v0.2.2 2021-09-22 16:31:51 +01:00
Rishabh
4c4efc3a3a Added member analytics events handling
refs https://github.com/TryGhost/Team/issues/1064
refs https://github.com/TryGhost/Team/issues/1056
refs https://github.com/TryGhost/Team/issues/1054
refs https://github.com/TryGhost/Team/issues/1055

- adds handling for new member analytic events including new ingress endpoint
- introduces member-analytics packages and code
2021-09-22 18:21:10 +05:30
renovate[bot]
e9e9d90ec4
Update dependency @tryghost/members-ssr to v1.0.13 (#13332)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-09-22 11:33:14 +02:00
renovate[bot]
bbe6a0a933
Update dependency @tryghost/magic-link to v1.0.12 (#13331)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-09-22 11:32:59 +02:00
Renovate Bot
c8afdac0c9 Update dependency postcss to v8.3.7 2021-09-22 10:01:09 +01:00
Renovate Bot
ebf13f07a0
Update dependency @sentry/node to v6.13.2 2021-09-21 16:32:20 +00:00
Renovate Bot
7c1192fc20
Update dependency @sentry/node to v6.13.1 2021-09-20 18:46:49 +00:00
Renovate Bot
9615d76ff3
Update dependency @sentry/node to v6.13.0 2021-09-20 15:08:22 +00:00
Daniel Lockyer
8a534c5b14
🐛 Fixed sending emails via SES or non-standard SMTP config
fixes https://linear.app/tryghost/issue/CORE-45/

- this commit fixes two email related issues:
    - SES transport: the auth mechanism was set up wrong and so none of
      the requests would go through. This now follows the docs on https://nodemailer.com/transports/ses/
    - SMTP transport: the latest versions of Nodemailer don't seem to
      allow overriding of options if a service is present. I've filed
      https://github.com/nodemailer/nodemailer/issues/1327 but in the
      mean time, I assign the options back to the transporter object
      to ensure they always get applied
- I've fixed this in our `@trghost/nodemailer` package and so this commit
  bumps that here
2021-09-20 15:53:44 +01:00
Renovate Bot
12f59e7ec0 Update dependency coffeescript to v2.6.0 2021-09-20 08:04:52 +01:00
Daniel Lockyer
7ffa5414b5
v4.15.0 2021-09-17 16:58:45 +01:00
Daniel Lockyer
93e4b2eafd 🔒 Fixed remote command injection when using sendmail email transport
refs https://github.com/TryGhost/Ghost/security/advisories/GHSA-wfrj-qqc2-83cm
refs https://github.com/advisories/GHSA-48ww-j4fc-435p

- a vulnerability in `nodemailer` means that the `sendmail` transport is
  vulnerable to command injection for flags passed to the `sendmail`
  binary
- updating to the latest version of Nodemailer required creating
  `@tryghost/nodemailer`, which is a wrapper around Nodemailer and
  several plugins that used to be in the core
- this commit switches to using that package, and fixes up some small
  code + test changes
2021-09-17 16:46:51 +01:00
Hannah Wolfe
ac82554f3e
Added command for finding slow regression tests
- A tiny tool to help us prioritise killing regression tests
2021-09-17 13:35:41 +01:00
Renovate Bot
3eb41d3e36 Update dependency @tryghost/root-utils to v0.3.4 2021-09-15 08:44:13 +01:00
Renovate Bot
fc66c6621f Update dependency @tryghost/logging to v0.1.7 2021-09-15 08:44:04 +01:00
Renovate Bot
b6c8a8efdf Update dependency @tryghost/validator to v0.1.5 2021-09-15 08:43:53 +01:00
Renovate Bot
3e7f9cd54c Update dependency @tryghost/request to v0.1.5 2021-09-14 18:30:37 +01:00
Renovate Bot
ac7f92b8d5 Update dependency @tryghost/debug to v0.1.5 2021-09-14 18:30:22 +01:00
Renovate Bot
50dfe20369 Update dependency @tryghost/bookshelf-plugins to v0.3.1 2021-09-14 17:51:14 +01:00
Renovate Bot
18945ef805 Update dependency @tryghost/version to v0.1.4 2021-09-14 17:50:46 +01:00
Renovate Bot
fb452d739a
Update dependency sanitize-html to v2.5.1 2021-09-14 14:56:18 +00:00
Daniel Lockyer
d4adae775e v4.14.0
-----BEGIN PGP SIGNATURE-----
 
 iHUEABYIAB0WIQTqYa7kNs8D7Oo9dgLSEYbwtHKVrQUCYUB7mgAKCRDSEYbwtHKV
 rYTGAP9dggMBUTq6+2yLyYHChVMqLez2WS/XmgTdC4mc2tsZzgD+J2/zhRObGYX0
 d54Y39pAw7rPV8Z8md9nCm9olPpE4AM=
 =w206
 -----END PGP SIGNATURE-----
gpgsig -----BEGIN PGP SIGNATURE-----
 
 iHUEABYIAB0WIQTqYa7kNs8D7Oo9dgLSEYbwtHKVrQUCYUB8kwAKCRDSEYbwtHKV
 rTGVAP4wqFwWwQUFUXX4tLbvcLKQalvHQI3soLFneAzZT1M3DQEAtWO+crkH2auN
 Agt8ND2ndlIzsyGxYywliajBfbQVZwM=
 =nFhH
 -----END PGP SIGNATURE-----

Merged v4.14.0 into main

v4.14.0
2021-09-14 11:42:21 +01:00
Daniel Lockyer
48a906b879
v4.14.0 2021-09-14 11:38:18 +01:00
Renovate Bot
5251d1e559
Update dependency analytics-node to v5.1.0 2021-09-13 22:22:11 +00:00
Renovate Bot
66a705930c
Update metascraper to v5.24.6 2021-09-13 08:35:39 +00:00
Kevin Ansfield
a277ff5bf4 Bumped @tryghost/kg-* dependencies
no issue

- includes bump to minimum version of `markdown-it` for consistency between Ghost and Admin markdown rendering
2021-09-13 09:34:18 +01:00
Daniel Lockyer
0c7c34ff67 Updated bookshelf-relations dependency to 2.2.0 2021-09-10 16:59:11 +01:00
Daniel Lockyer
7b93efddd0 Updated bookshelf dependency to 1.2.0 2021-09-10 16:59:11 +01:00
Renovate Bot
74c43bcea5 Update dependency c8 to v7.9.0 2021-09-10 11:25:21 +01:00
Daniel Lockyer
10fa1283ca Updated ghost-storage-base to v0.0.6
no issue

- this package has been bumped to support Node 12 + 14
- AFAICT I added it to the Renovate list back when we had some timezone
  issues with moment, but we've since pinned the version of moment so we
  shouldn't experience that now
- therefore this commit also removes it from the Renovate ignore list
2021-09-09 10:15:26 +01:00
Renovate Bot
c05432889a
Update dependency sanitize-html to v2.5.0 2021-09-08 21:18:14 +00:00
Fabien O'Carroll
07e595b9aa Fixed webhook handler when Stripe is not connected
no-issue

The webhook handler did not correctly check for whether or not Stripe
was connected, and would attempt to handle webhooks anyway, resulting in
errors due to missing Stripe config. This fixes the handler to exit
early.
2021-09-08 12:41:20 +02:00
Renovate Bot
0bb14c115b Update dependency @tryghost/members-importer to v0.3.2 2021-09-08 10:34:07 +02:00
Fabien O'Carroll
fd574f527c Removed webhooks when disconnecting stripe
refs https://github.com/TryGhost/Team/issues/1006

The @tryghost/members-api module has been updated to remove webhooks
from Stripe when disconnecting. This will ensure that we do not leave
around old/invalid webhooks that will not be handled and generate
errors.
2021-09-07 18:58:25 +02:00
Fabien 'egg' O'Carroll
cd89c7e427
Used @tryghost/members-api Stripe disconnect logic (#13290)
refs https://github.com/TryGhost/Team/issues/1006

Moving the logic of disconnecting Stripe into the members-api module
decouples the Ghost API from the Members API internals. This method can
now be updated independently of Ghost, to implement the deletion of
webhooks from Stripe.
2021-09-07 18:25:53 +02:00
Fabien 'egg' O'Carroll
ae844db60b
Fixed handling of Complimentary Stripe subscriptions (#13289)
refs https://github.com/TryGhost/Team/issues/995

Since we reintroduced the comped status, we did not update the
subscription handling to correctly set members to a status of comped
when they were on a 'Complimentary' plan. This meant that 'comped' members
had a status of 'paid'. The changes to @tryghost/members-api ensure that
handling subscriptions going forward will not result in this error.

Since we handle the Complimentary plan correctly now, we do not need to
manually check for the existence of one, we can instead rely on the
status to set the `comped` flag.
2021-09-07 11:31:47 +01:00
renovate[bot]
677dc1a59b
Update dependency @tryghost/members-csv to v1.1.6 (#13273)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-09-06 16:16:10 +01:00
renovate[bot]
a8902bd1f8
Update dependency @tryghost/members-ssr to v1.0.12 (#13275)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-09-06 16:16:01 +01:00
renovate[bot]
b8b9707ddb
Update dependency @tryghost/magic-link to v1.0.11 (#13272)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-09-06 16:15:46 +01:00
Renovate Bot
f34a862526 Update dependency @tryghost/helpers to v1.1.52 2021-09-06 12:32:34 +01:00
Renovate Bot
b89967f9fb Update dependency @tryghost/logging to v0.1.6 2021-09-06 12:32:26 +01:00
Daniel Lockyer
5d700c6a79 v4.13.0
-----BEGIN PGP SIGNATURE-----
 
 iHUEABYIAB0WIQTqYa7kNs8D7Oo9dgLSEYbwtHKVrQUCYTX5vAAKCRDSEYbwtHKV
 rensAP9Oicx5z/VxT+24aUZye7ZAGKtixkcAD5t8mHL2sVOYtAEArmbbWcY7QObf
 e3xUbOTujGOkYdirKrnc4jSqhpPypAM=
 =IYQa
 -----END PGP SIGNATURE-----
gpgsig -----BEGIN PGP SIGNATURE-----
 
 iHUEABYIAB0WIQTqYa7kNs8D7Oo9dgLSEYbwtHKVrQUCYTX7TgAKCRDSEYbwtHKV
 reiOAQCp6medOlKFGD3uq9v/umvOn7+XQeKLQ0ELxXR80X/YrQD+Nych2u4kdHdC
 d060V9Bj1sNRcuuztwqJZx+iFg+jvwk=
 =wCw4
 -----END PGP SIGNATURE-----

Merged v4.13.0 into main

v4.13.0
2021-09-06 12:28:04 +01:00
Daniel Lockyer
8458e14b05
v4.13.0 2021-09-06 12:21:32 +01:00
Fabien O'Carroll
31fafcb936
Fixed errors when creating complimentary subscriptions
no-issue

The ProductRepository changed to require the options parameter which is
not passed when created complimentary subscriptions. This updates the
code to no longer require the options parameter and instead provide a
default.
2021-09-06 12:04:25 +01:00
Fabien O'Carroll
dd2def277c Fixed errors when creating complimentary subscriptions
no-issue

The ProductRepository changed to require the options parameter which is
not passed when created complimentary subscriptions. This updates the
code to no longer require the options parameter and instead provide a
default.
2021-09-06 12:55:20 +02:00
Renovate Bot
7851e4ce52
Update dependency oembed-parser to v1.4.8 2021-09-03 03:32:36 +00:00
Fabien O'Carroll
a39dd7255d Fixed updating products inside of a transaction
no-issue

When updating products we make many reads and writes to the database,
some of these reads were not happening inside of a transaction which was
causing issues when loading the members setting page. This bumps the
@tryghost/members-api dependency to ensure that all of the database
operations happen inside of the transaction
2021-09-01 19:14:21 +02:00
Naz
4f78bf01a2 Moved default settings population test to regression suite
closes https://github.com/TryGhost/Team/issues/860
refs 5405b6ca7c

- The slow test was running slow because it's not a "unit test" it is testing much more. Moved it to a correct suite - regression which simplified the logic a lot (no need to mock db calls).
- Brought back the 2000ms limit as the bottleneck has been solved
2021-09-01 15:23:57 +04:00
renovate[bot]
f52d0136ef
Update dependency @tryghost/kg-mobiledoc-html-renderer to v5.1.1 (#13251)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-09-01 09:12:09 +01:00
renovate[bot]
2f2939ec1b
Update dependency @tryghost/color-utils to v0.1.2 (#13269)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-09-01 09:11:21 +01:00
Naz
5405b6ca7c Temporarily lifted unit test timeout threshold
refs https://github.com/TryGhost/Team/issues/860

- Lifting it slightly just so the timeout doesn't waste team's time on false-positive failures. A follow up commit should put the threshold back to the original value and solve the slow test
2021-09-01 11:12:17 +04:00
Naz
75744041c1 Allowed for a 'sent' status in canary Admin Post API
refs https://github.com/TryGhost/Team/issues/892

- When a published email-only post is edited on the client it sends through a "sent" status over to the backend over PUT endpoint. It's a valid new status that should be accepted by the validation
2021-09-01 10:55:13 +04:00
Renovate Bot
966f167fd9
Update dependency @sentry/node to v6.12.0 2021-08-31 16:25:51 +00:00