Commit Graph

3192 Commits

Author SHA1 Message Date
Renovate Bot
3f9278943c Update dependency @tryghost/root-utils to v0.3.6 2021-10-14 10:03:34 +02:00
Renovate Bot
a3d202fee1 Update dependency @tryghost/logging to v0.2.2 2021-10-14 10:03:26 +02:00
Renovate Bot
2a58e72d10 Update dependency @tryghost/nodemailer to v0.3.5 2021-10-14 10:03:12 +02:00
Renovate Bot
7499641843
Update dependency sanitize-html to v2.5.2 2021-10-13 19:23:34 +00:00
Thibaut Patel
dc4694d8d3 Added a gscan check to prevent the declaration of unused custom theme setting
ref 136e02adfd
ref https://github.com/TryGhost/Team/issues/1105

- Custom theme settings are defined in package.json, this rule triggers an error if a defined rule doesn't appear in any handlebars templates.
2021-10-13 18:30:58 +02:00
Daniel Lockyer
64f2aa2af5
Updated @tryghost/metrics dependency
no issue

- this adds in some missing dependencies of `@tryghost/metrics`
2021-10-13 14:48:05 +02:00
Fabien O'Carroll
7722780539 Restricted archived Offers from being used for Checkout
refs https://github.com/TryGhost/Team/issues/1133

This updates the MembersAPI Checkout Session handling to 403 if an
attempt is made to create a Checkout Session using an archived Offer.
2021-10-13 11:23:05 +02:00
Fabien O'Carroll
a441825c3f Passed MembersAPI the OffersAPI over OfferRepository
no-issue

The MembersAPI using the OfferRepository coupled it to the internals of
the Offers Module - instead we pass the "external" API - so that we can
change the internals, and not have to update the MembersAPI's usage.
2021-10-13 11:17:32 +02:00
Naz
dbdf7160bf Simplified DynamicRedirectManager's constructor
refs https://linear.app/tryghost/issue/CORE-84/have-a-look-at-the-eggs-redirects-refactor-branch

- This simplification allows to make the test for dependent services a lot more readable without a need to stub urlUtils
2021-10-13 10:04:55 +02:00
Fabien O'Carroll
b1914758b8 Added support for filter Offers by status
refs https://github.com/TryGhost/Team/issues/1131

This will allow Ghost Admin to display separate lists of active and
archived Offers! We must pass the options through so that the
OffersService is able to handle the filter passed in the request.
2021-10-12 18:39:25 +02:00
Thibaut Patel
836b5b4a0e Added a gscan check to make sure the match helper on custom settings of type select is used against specified options
refs 056928f7b9
refs https://github.com/TryGhost/Team/issues/1105
2021-10-12 18:35:02 +02:00
Fabien O'Carroll
dc3dad4524 Added initial support for Offer status
refs https://github.com/TryGhost/Team/issues/1131

This updates the Offers Service to include the `status` of an Offer,
which will be either 'active' or 'archived'. It also allows setting the
`status` of an Offer to one of these two values when adding & editing
Offers.
2021-10-12 17:15:26 +02:00
Sam Lord
a535cfdf16 Added metric-shipping to monitor boot-time
no issue
Boot-time metrics are really valuable for understanding how releases affect the performance of Ghost. The new @tryghost/metrics package lets us ship these metrics to different sources using the same configuration framework as @tryghost/logging introduced.
2021-10-12 15:01:50 +01:00
Thibaut Patel
f8b19f286a Added gscan checks for custom themes settings
refs https://github.com/TryGhost/Team/issues/1105

- checks package.json for the config.custom object shape
- checks for unknown custom theme settings
2021-10-12 14:52:50 +02:00
Renovate Bot
c5459db52e
Update dependency keypair to v1.0.4 2021-10-11 21:11:01 +00:00
Naz
421c71d4db Added debug output to the email analytics jobs
closes https://linear.app/tryghost/issue/CORE-91/add-email-analytics-job-unstalling-mechanism

- Additional debug stagements should give better visibility into what's going on with the internal services fetching email events.
- To see all email analytics related outputs use following DEBUG value:

DEBUG=@tryghost/email-analytics-provider-mailgun:email-analytics*
2021-10-11 19:11:23 +02:00
Renovate Bot
6dcad04dcc Update dependency @lodder/grunt-postcss to v3.1.0 2021-10-11 14:31:54 +02:00
Renovate Bot
361184fc1c
Update metascraper to v5.24.9 2021-10-11 09:05:09 +00:00
Kevin Ansfield
c33b596e9c
Added API tests for custom theme settings (#13519)
refs https://github.com/TryGhost/Team/issues/1104

- bumped `@tryghost/custom-theme-settings-service` so it throws a more appropriate `ValidationError` when setting keys don't exist or a select value is not known
- changed the custom theme settings service to have a `.init()` method which creates an instance of the service under `.api` so that we're able to create the instance at a particular point in the boot process when we know the models have been initialised
  - there were problems in tests because the service was being initialised through the require chain before models were initialised through the boot process
- fixed incorrect `camelCase` of resource name in API responses
2021-10-08 16:18:49 +01:00
Daniel Lockyer
7ad6dec0e0 v4.18.0 2021-10-08 16:00:26 +01:00
Daniel Lockyer
a6833077a7 Optimized database integrity check
refs 838fe54628

- see referenced commit for majority of context but in short,
  knex-migrator was doing a DB query per migration folder
- in Ghost, we currently have 79 folders, which results in 79
  queries during boot... owch
- the bump to knex-migrator in this commit uses a smarter method of
  grouping together the DB entries in 1 query, resulting in a drop of 79
  queries -> 1 query
2021-10-08 15:06:46 +01:00
Fabien O'Carroll
d9bcd4ec82 Fixed Stripe Checkout for Offers with monthly Cadence
no-issue

We were incorrectly checking the Offer Cadence and sending Members to
the yearly checkout.
2021-10-08 15:22:51 +02:00
Fabien O'Carroll
955621fa21 Removed requirement for Offer description field
refs https://github.com/TryGhost/Team/issues/1083

This field is not required but was previously causing API errors when
missing, the bump to members-offers removes this requirement.
2021-10-08 12:44:14 +02:00
Fabien O'Carroll
999cff35cf Supported repeating Offers for monthly Cadence
refs https://github.com/TryGhost/Team/issues/1083

Offers with a "repeating" duration will repeat for a number of months.
These offers are restricted to the monthly Cadence. This updates the
members-offers module to add support for them.
2021-10-08 12:15:11 +02:00
Fabien O'Carroll
817b2a3b0b Fixed Offers not sending back currency
refs https://github.com/TryGhost/Team/issues/1083

Offers should send back their currency when they are for a fixed amount
- this was missing that.
2021-10-08 11:43:40 +02:00
Renovate Bot
ff62a07142 Update dependency passport to v0.5.0 2021-10-08 10:32:41 +01:00
Renovate Bot
d9e426df0e Update dependency c8 to v7.10.0 2021-10-08 10:29:55 +01:00
renovate[bot]
47ffefe93e
Update dependency @tryghost/custom-theme-settings-service to v0.1.0 (#13512)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-10-07 23:07:20 +01:00
Fabien O'Carroll
15466b33ee Fixed durations for coupons created for Offers
refs https://github.com/TryGhost/Team/issues/1083

Previously we were not forwarding the Offer duration to Stripe.
2021-10-07 19:03:05 +02:00
renovate[bot]
ab9fc8e848
Supported fixed-amount & forever Offers
refs https://github.com/TryGhost/Team/issues/1083

The @tryghost/members-offers package has been updated to add support for 
more Offer durations and types

Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-10-07 18:57:54 +02:00
Renovate Bot
7555020a49 Pin dependency @tryghost/express-dynamic-redirects to 0.1.0 2021-10-07 16:52:23 +01:00
renovate[bot]
f8dd0b3d56
Ensured Offer codes are slugified
refs https://github.com/TryGhost/Team/issues/1083

As Offer codes are used in redirects we must ensure they're URL safe
2021-10-07 16:10:46 +02:00
Naz
10a24393d0 🐛 Fixed alert notifications being sent out to non-active users
refs https://linear.app/tryghost/issue/CORE-63/restrict-update-service-notifications-to-active-admins

- It only makes sense to notify active users about a notification of 'alert' or any other type really.
2021-10-06 22:34:25 +02:00
Renovate Bot
f3efd9834a
Update dependency @sentry/node to v6.13.3 2021-10-06 17:34:22 +00:00
Fabien O'Carroll
6220406716 Added support for Offers with Stripe Checkout
refs https://github.com/TryGhost/Team/issues/1090

This updates the Members & Offers modules to provide support for using
Offers in Stripe Checkout.

Members module now needs a handle to the Offers module repository, and
as such we have had to reorder the services boot order.
2021-10-06 17:24:39 +02:00
Hannah Wolfe
726db1c0ec
Added integration test config & moved db-driven tests
- some tests are necessarily driven from the db
- these are like unit tests, except they only make sense if using the db - else you have to stub too much to make them worthwhile
- for these rare but important cases, we have the clear concept of integration tests
2021-10-06 13:51:24 +01:00
Hannah Wolfe
624414e0c1
Moved server e2e tests to own folder
- We have a bunch of important server-related e2e tests
- Make these clear in their own folder
- "server" is everything that isn't the api or the frontend - kind of a catch-all concept
2021-10-06 12:55:37 +01:00
Hannah Wolfe
1dec3d56b1
Renamed our acceptance tests to "e2e"
- These are end-to-end tests, make it clearer what they are and what they are supposed to do
2021-10-06 12:40:52 +01:00
Fabien O'Carroll
3742a4afb7 Added Offers service
refs https://github.com/TryGhost/Team/issues/1083

This adds the Offers service which will allow us to build out an Admin
API to communicate with it. As well as wiring up the redirects to the
site app.
2021-10-06 12:33:19 +02:00
Renovate Bot
4f406318a9 Update dependency coffeescript to v2.6.1 2021-10-05 09:29:46 +01:00
Renovate Bot
9e7a789575 Update dependency postcss to v8.3.9 2021-10-05 08:35:08 +01:00
Daniel Lockyer
0ec6b425ee
Merged v4.17.1 into main
v4.17.1
2021-10-05 08:33:42 +01:00
Daniel Lockyer
a145c7b1b8 v4.17.1 2021-10-05 08:31:40 +01:00
Fabien O'Carroll
cda041d424 Moved StripeAPIService to its own service
refs https://github.com/TryGhost/Team/issues/1083

The Offers service is going to need access to the StripeAPIService too,
so we need to move it out of the @tryghost/members-api module and make
it accessible to both.
2021-10-04 19:28:19 +02:00
Renovate Bot
2acbf9fb50 Update dependency @tryghost/zip to v1.1.17 2021-10-04 16:40:06 +01:00
Renovate Bot
ada99d3e9d Update dependency @tryghost/package-json to v1.0.5 2021-10-04 16:12:35 +01:00
Renovate Bot
7941bfcafa Update dependency @tryghost/vhost-middleware to v1.0.18 2021-10-04 16:10:38 +01:00
Renovate Bot
d6347d80b3 Update dependency @tryghost/security to v0.2.12 2021-10-04 16:10:26 +01:00
Renovate Bot
18a6f536a1 Update dependency @tryghost/job-manager to v0.8.10 2021-10-04 16:08:02 +01:00
Renovate Bot
e24adb436b Update dependency @tryghost/session-service to v0.1.27 2021-10-04 16:05:54 +01:00
Renovate Bot
da0d97449f Update dependency @tryghost/promise to v0.1.12 2021-10-04 16:05:40 +01:00
Renovate Bot
e657527fa8 Update dependency @tryghost/mw-session-from-token to v0.1.25 2021-10-04 16:03:58 +01:00
Renovate Bot
682bb1cb1e Update dependency @tryghost/limit-service to v0.6.4 2021-10-04 16:03:40 +01:00
Renovate Bot
79f778c469 Update dependency @tryghost/errors to v0.2.16 2021-10-04 16:03:27 +01:00
Renovate Bot
9412515e98 Update dependency @tryghost/image-transform to v1.0.16 2021-10-04 16:00:43 +01:00
Renovate Bot
55f951f58f Update dependency @tryghost/constants to v0.1.11 2021-10-04 16:00:34 +01:00
Renovate Bot
ed069d51d3 Update dependency @tryghost/bootstrap-socket to v0.2.12 2021-10-04 16:00:27 +01:00
Renovate Bot
e53bafb1aa Update dependency @tryghost/adapter-manager to v0.2.17 2021-10-04 16:00:18 +01:00
Kevin Ansfield
28fb6f2939 Fixed errors when syncing theme settings
no issue

- bumped `@tryghost/custom-theme-settings-service`
- fixes errors when a previously seen theme setting has been removed from the theme when syncing
- fixes settings for non-active theme being deleted/updated instead of just settings for the current theme
2021-10-04 12:17:41 +01:00
Renovate Bot
c2ea67b2ff
Update metascraper to v5.24.8 2021-10-04 00:23:21 +00:00
Daniel Lockyer
e0f6d59046 v4.17.0 2021-10-01 16:00:30 +01:00
Fabien O'Carroll
ea42fac527 Charged payment for Subscription upgrades immediately
refs https://github.com/TryGhost/Team/issues/1075

This includes changes to how we handle upgrading subscriptions to ensure
that members are immediately charged for upgrades. This fixes a flaw
where upgrading would not be charged until the end of the current
billing cycle, essentially giving free upgraded access for a period of
time.
2021-10-01 13:22:19 +02:00
Renovate Bot
ef20a564a1 Update dependency @tryghost/email-analytics-provider-mailgun to v1.0.2 2021-10-01 11:25:19 +01:00
Renovate Bot
64124b9cea Update dependency @tryghost/email-analytics-service to v1.0.2 2021-10-01 10:48:19 +01:00
Renovate Bot
dedfebfdca Update dependency @tryghost/constants to v0.1.10 2021-10-01 10:19:16 +01:00
Renovate Bot
12451d413d Update dependency @tryghost/errors to v0.2.15 2021-10-01 09:54:05 +01:00
Renovate Bot
795cf55c11 Update dependency @tryghost/image-transform to v1.0.15 2021-10-01 09:53:58 +01:00
Renovate Bot
e28b87c836 Update dependency @tryghost/package-json to v1.0.4 2021-10-01 09:53:49 +01:00
Renovate Bot
1e749d78d8 Update dependency @tryghost/session-service to v0.1.26 2021-10-01 09:53:43 +01:00
Renovate Bot
47a582b51c Update dependency @tryghost/vhost-middleware to v1.0.17 2021-10-01 09:53:23 +01:00
Renovate Bot
55ee3ea1c6 Update dependency @tryghost/mw-session-from-token to v0.1.24 2021-10-01 08:41:24 +01:00
Renovate Bot
7be5e861c7 Update dependency @tryghost/security to v0.2.11 2021-10-01 08:41:01 +01:00
Renovate Bot
612a202525 Update dependency @tryghost/promise to v0.1.11 2021-10-01 08:40:52 +01:00
Renovate Bot
4ac27cd889 Update dependency @tryghost/bootstrap-socket to v0.2.11 2021-10-01 08:40:14 +01:00
Renovate Bot
a98b1e8541 Update dependency @tryghost/adapter-manager to v0.2.16 2021-10-01 08:40:09 +01:00
Renovate Bot
99fdfe8ec8 Update dependency @tryghost/config-url-helpers to v0.1.2 2021-10-01 08:40:01 +01:00
Renovate Bot
568dfc7d34 Update dependency @tryghost/tpl to v0.1.5 2021-10-01 08:39:16 +01:00
Renovate Bot
656237a7cf Update dependency @tryghost/zip to v1.1.16 2021-10-01 08:39:07 +01:00
Renovate Bot
07a7c0ea4c Update dependency @tryghost/limit-service to v0.6.3 2021-10-01 08:38:51 +01:00
Renovate Bot
9642635ca9 Update dependency @tryghost/job-manager to v0.8.9 2021-10-01 08:38:40 +01:00
renovate[bot]
1b6253e140
Update dependency @tryghost/members-importer to v0.3.3 (#13372)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-09-29 10:58:10 +02:00
Kevin Ansfield
59adb9a9cb Added route for updating custom theme settings
refs https://github.com/TryGhost/Team/issues/1070

- bumped `@tryghost/custom-theme-settings-service` for access to `.updateSettings()`
- added `PUT /custom_theme_settings` route that delegates to `customThemeSettingsService.updateSettings()` to perform the db and cache updates
- invalidates the cache in Ghost because a theme setting change will mean the front-end output will change
2021-09-28 16:09:39 +01:00
Daniel Lockyer
1e5f28727d
🐛 Fixed mail config not respecting disabled secure connections
refs https://forum.ghost.org/t/un-noticed-email-config-change-in-4-15-16/25869/6
refs https://linear.app/tryghost/issue/CORE-66/fixed-secureconnection-alias-for-nodemailer

- `secureConnection` was removed in Nodemailer 1.0.2 in favor of
  `secure` but we're locked into supporting it because a lot of
  our users will have it in their config
- I attempted to alias it to keep compatibility but I did this
  incorrectly and only handled the cases where it was set to `true`
- this meant users who had disabled secure connections were seeing SSL
  warnings because the library was trying to connect via SSL to a
  non-SSL endpoint
- the aliasing is fixed in `@tryghost/nodemailer` 0.3.3 and so this
  commit bumps the package in Ghost
2021-09-28 15:19:36 +01:00
renovate[bot]
9797787c4b
Update dependency @tryghost/magic-link to v1.0.13 (#13370)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-09-28 16:09:07 +02:00
renovate[bot]
135bb6a4a4
Update dependency @tryghost/members-csv to v1.1.7 (#13371)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-09-28 16:08:50 +02:00
renovate[bot]
7044fd459e
Update dependency @tryghost/members-ssr to v1.0.14 (#13373)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-09-28 15:44:06 +02:00
Fabien O'Carroll
b22050c037 Added initial support for Offers 1-day version
refs https://github.com/TryGhost/Team/issues/1090

This updates the members-api to allow passing an Offer ID when creating
a Stripe Checkout Session. This will be used for the 1-day version of
Offers.
2021-09-28 15:10:27 +02:00
Renovate Bot
328a88087b
Update metascraper to v5.24.7 2021-09-27 21:15:26 +00:00
Renovate Bot
85c46b4eda Update dependency postcss to v8.3.8 2021-09-27 13:00:59 +01:00
Kevin Ansfield
2947db0e6b
Added API endpoint for browsing custom theme settings (#13362)
refs https://github.com/TryGhost/Team/issues/1070

- bumped `@tryghost/custom-theme-settings-service` to get access to `.listSettings()` method
- added GET `/api/canary/admin/theme_settings/` route behind `'customThemeSettings'` feature flag that uses the custom theme settings service to return settings resources that are a combination of the theme-provided definition and the saved value
2021-09-27 11:31:47 +01:00
Renovate Bot
91a6917563
Update dependency mocha to v9.1.2 2021-09-27 03:11:58 +00:00
Daniel Lockyer
a3f46708e2
v4.16.0 2021-09-23 16:04:57 +01:00
Kevin Ansfield
04dd409243
Added syncing and theme exposure of custom theme settings (#13354)
refs https://github.com/TryGhost/Team/issues/1070

- added `@tryghost/custom-theme-settings-service` as a dependency
- `core/server/services/custom-theme-settings` creates an instance of the new service passing in the model used for storing the setting keys/values and a cache instance
- requiring `core/shared/services/custom-theme-settings-cache` creates a cache instance, it has no dependencies so can be required anywhere and the first require will initialize the shared instance
- updated the theme activation bridge to trigger the theme settings service to sync the newly activated theme settings and populate the cache
- updated theme validation to pass `labs` through as an option so that we get custom theme settings back as part of the checked theme as that's what is passed to the custom theme settings service
2021-09-23 12:44:39 +01:00
Renovate Bot
cecec3d253 Update dependency @tryghost/email-analytics-service to v1.0.1 2021-09-23 12:39:32 +01:00
Fabien O'Carroll
91907cd900 Bumped @tryghost/members-api for security patch
refs https://github.com/TryGhost/Ghost/commit/944c2cc9af

The original fix for this happened off of `main` on a separate branch for
v4.15.1 - the same was the case for the @tryghost/members-api package.

Because work happened on both packages in `main`, since the versions
that were patched, we needed to rebump the dependency here to include
the changes.
2021-09-23 12:18:08 +02:00
Daniel Lockyer
57664696a4 v4.15.1
-----BEGIN PGP SIGNATURE-----
 
 iHUEABYIAB0WIQTqYa7kNs8D7Oo9dgLSEYbwtHKVrQUCYUxOIgAKCRDSEYbwtHKV
 reO6AQCL2mFdVLBwRbpVQa2Zs9RlYKk88ivLRMpAZPPiElNblQEAqt710wrVbMwm
 hOOWbWdFpPOWCrop9zhO8GJSPeNpJw0=
 =Ff3M
 -----END PGP SIGNATURE-----
gpgsig -----BEGIN PGP SIGNATURE-----
 
 iHUEABYIAB0WIQTqYa7kNs8D7Oo9dgLSEYbwtHKVrQUCYUxTawAKCRDSEYbwtHKV
 ra28AQCcambctLCH70Sc7SJmexojA5k6Ti0p3pwOktWY/WygZQEAlMEHSDw89wdY
 3U8R8zY1d1MeXqj51Op95sTYwiDAjg8=
 =HoUL
 -----END PGP SIGNATURE-----

Merged v4.15.1 into main

v4.15.1
2021-09-23 11:13:56 +01:00
Daniel Lockyer
94d3f556e6
v4.15.1 2021-09-23 10:51:30 +01:00
Fabien O'Carroll
944c2cc9af
🔒 Fixed member email change vulnerability
refs https://github.com/TryGhost/Ghost/security/advisories/GHSA-65p7-pjj8-ggmr

This updates the signup/signin flow for members to no longer support the
email address change flow - which had missing authentication. It has
been replaced with a dedicated email change flow, and Portal has been
updated to use it.
2021-09-23 10:49:30 +01:00
Renovate Bot
8560aa6b34 Update dependency @tryghost/email-analytics-provider-mailgun to v1.0.1 2021-09-23 10:09:38 +01:00
Daniel Lockyer
20870aa2fa
🐛 Fixed sending emails via SES or non-standard SMTP config
fixes https://linear.app/tryghost/issue/CORE-45/

- this commit fixes two email related issues:
    - SES transport: the auth mechanism was set up wrong and so none of
      the requests would go through. This now follows the docs on https://nodemailer.com/transports/ses/
    - SMTP transport: the latest versions of Nodemailer don't seem to
      allow overriding of options if a service is present. I've filed
      https://github.com/nodemailer/nodemailer/issues/1327 but in the
      mean time, I assign the options back to the transporter object
      to ensure they always get applied
- I've fixed this in our `@trghost/nodemailer` package and so this commit
  bumps that here
2021-09-23 10:08:43 +01:00
Renovate Bot
592ac2dcb7
Update dependency @tryghost/update-check-service to v0.2.2 2021-09-23 10:08:43 +01:00
Renovate Bot
701d5555a2
Update dependency glob to v7.2.0 2021-09-23 01:03:51 +00:00
Renovate Bot
5da0caf9cc Update dependency @tryghost/package-json to v1.0.3 2021-09-22 19:17:29 +01:00
Renovate Bot
99c776aa10 Update dependency @tryghost/constants to v0.1.9 2021-09-22 19:17:20 +01:00
Renovate Bot
c52d1bbe37 Update dependency @tryghost/job-manager to v0.8.8 2021-09-22 19:17:12 +01:00
Renovate Bot
9c64228e13 Update dependency @tryghost/mw-session-from-token to v0.1.23 2021-09-22 19:17:05 +01:00
Renovate Bot
ee67df704e Update dependency @tryghost/vhost-middleware to v1.0.16 2021-09-22 19:16:58 +01:00
Renovate Bot
cabb7c779b Update dependency @tryghost/security to v0.2.10 2021-09-22 19:16:45 +01:00
Renovate Bot
a8fb066c71 Update dependency @tryghost/limit-service to v0.6.2 2021-09-22 18:02:34 +01:00
Renovate Bot
e6845237e0 Update dependency @tryghost/image-transform to v1.0.14 2021-09-22 18:02:09 +01:00
Renovate Bot
ca798ccb73 Update dependency @tryghost/errors to v0.2.14 2021-09-22 18:02:00 +01:00
Renovate Bot
cd008a6d48 Update dependency @tryghost/config-url-helpers to v0.1.1 2021-09-22 18:01:50 +01:00
Renovate Bot
db907f88f2 Update dependency @tryghost/bootstrap-socket to v0.2.10 2021-09-22 18:01:44 +01:00
Renovate Bot
0c4e119483 Update dependency @tryghost/adapter-manager to v0.2.15 2021-09-22 18:01:38 +01:00
Renovate Bot
be47f78293 Update dependency @tryghost/promise to v0.1.10 2021-09-22 18:01:17 +01:00
Renovate Bot
27ce353222 Update dependency @tryghost/session-service to v0.1.25 2021-09-22 18:01:07 +01:00
Renovate Bot
db2c7b64dd Update dependency @tryghost/tpl to v0.1.4 2021-09-22 18:00:59 +01:00
Renovate Bot
40fd068229 Update dependency @tryghost/zip to v1.1.15 2021-09-22 18:00:40 +01:00
Renovate Bot
23bece59a9 Update dependency @tryghost/update-check-service to v0.2.2 2021-09-22 16:31:51 +01:00
Rishabh
4c4efc3a3a Added member analytics events handling
refs https://github.com/TryGhost/Team/issues/1064
refs https://github.com/TryGhost/Team/issues/1056
refs https://github.com/TryGhost/Team/issues/1054
refs https://github.com/TryGhost/Team/issues/1055

- adds handling for new member analytic events including new ingress endpoint
- introduces member-analytics packages and code
2021-09-22 18:21:10 +05:30
renovate[bot]
e9e9d90ec4
Update dependency @tryghost/members-ssr to v1.0.13 (#13332)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-09-22 11:33:14 +02:00
renovate[bot]
bbe6a0a933
Update dependency @tryghost/magic-link to v1.0.12 (#13331)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-09-22 11:32:59 +02:00
Renovate Bot
c8afdac0c9 Update dependency postcss to v8.3.7 2021-09-22 10:01:09 +01:00
Renovate Bot
ebf13f07a0
Update dependency @sentry/node to v6.13.2 2021-09-21 16:32:20 +00:00
Renovate Bot
7c1192fc20
Update dependency @sentry/node to v6.13.1 2021-09-20 18:46:49 +00:00
Renovate Bot
9615d76ff3
Update dependency @sentry/node to v6.13.0 2021-09-20 15:08:22 +00:00
Daniel Lockyer
8a534c5b14
🐛 Fixed sending emails via SES or non-standard SMTP config
fixes https://linear.app/tryghost/issue/CORE-45/

- this commit fixes two email related issues:
    - SES transport: the auth mechanism was set up wrong and so none of
      the requests would go through. This now follows the docs on https://nodemailer.com/transports/ses/
    - SMTP transport: the latest versions of Nodemailer don't seem to
      allow overriding of options if a service is present. I've filed
      https://github.com/nodemailer/nodemailer/issues/1327 but in the
      mean time, I assign the options back to the transporter object
      to ensure they always get applied
- I've fixed this in our `@trghost/nodemailer` package and so this commit
  bumps that here
2021-09-20 15:53:44 +01:00
Renovate Bot
12f59e7ec0 Update dependency coffeescript to v2.6.0 2021-09-20 08:04:52 +01:00
Daniel Lockyer
7ffa5414b5
v4.15.0 2021-09-17 16:58:45 +01:00
Daniel Lockyer
93e4b2eafd 🔒 Fixed remote command injection when using sendmail email transport
refs https://github.com/TryGhost/Ghost/security/advisories/GHSA-wfrj-qqc2-83cm
refs https://github.com/advisories/GHSA-48ww-j4fc-435p

- a vulnerability in `nodemailer` means that the `sendmail` transport is
  vulnerable to command injection for flags passed to the `sendmail`
  binary
- updating to the latest version of Nodemailer required creating
  `@tryghost/nodemailer`, which is a wrapper around Nodemailer and
  several plugins that used to be in the core
- this commit switches to using that package, and fixes up some small
  code + test changes
2021-09-17 16:46:51 +01:00
Hannah Wolfe
ac82554f3e
Added command for finding slow regression tests
- A tiny tool to help us prioritise killing regression tests
2021-09-17 13:35:41 +01:00
Renovate Bot
3eb41d3e36 Update dependency @tryghost/root-utils to v0.3.4 2021-09-15 08:44:13 +01:00
Renovate Bot
fc66c6621f Update dependency @tryghost/logging to v0.1.7 2021-09-15 08:44:04 +01:00
Renovate Bot
b6c8a8efdf Update dependency @tryghost/validator to v0.1.5 2021-09-15 08:43:53 +01:00
Renovate Bot
3e7f9cd54c Update dependency @tryghost/request to v0.1.5 2021-09-14 18:30:37 +01:00
Renovate Bot
ac7f92b8d5 Update dependency @tryghost/debug to v0.1.5 2021-09-14 18:30:22 +01:00
Renovate Bot
50dfe20369 Update dependency @tryghost/bookshelf-plugins to v0.3.1 2021-09-14 17:51:14 +01:00
Renovate Bot
18945ef805 Update dependency @tryghost/version to v0.1.4 2021-09-14 17:50:46 +01:00
Renovate Bot
fb452d739a
Update dependency sanitize-html to v2.5.1 2021-09-14 14:56:18 +00:00
Daniel Lockyer
d4adae775e v4.14.0
-----BEGIN PGP SIGNATURE-----
 
 iHUEABYIAB0WIQTqYa7kNs8D7Oo9dgLSEYbwtHKVrQUCYUB7mgAKCRDSEYbwtHKV
 rYTGAP9dggMBUTq6+2yLyYHChVMqLez2WS/XmgTdC4mc2tsZzgD+J2/zhRObGYX0
 d54Y39pAw7rPV8Z8md9nCm9olPpE4AM=
 =w206
 -----END PGP SIGNATURE-----
gpgsig -----BEGIN PGP SIGNATURE-----
 
 iHUEABYIAB0WIQTqYa7kNs8D7Oo9dgLSEYbwtHKVrQUCYUB8kwAKCRDSEYbwtHKV
 rTGVAP4wqFwWwQUFUXX4tLbvcLKQalvHQI3soLFneAzZT1M3DQEAtWO+crkH2auN
 Agt8ND2ndlIzsyGxYywliajBfbQVZwM=
 =nFhH
 -----END PGP SIGNATURE-----

Merged v4.14.0 into main

v4.14.0
2021-09-14 11:42:21 +01:00
Daniel Lockyer
48a906b879
v4.14.0 2021-09-14 11:38:18 +01:00
Renovate Bot
5251d1e559
Update dependency analytics-node to v5.1.0 2021-09-13 22:22:11 +00:00
Renovate Bot
66a705930c
Update metascraper to v5.24.6 2021-09-13 08:35:39 +00:00
Kevin Ansfield
a277ff5bf4 Bumped @tryghost/kg-* dependencies
no issue

- includes bump to minimum version of `markdown-it` for consistency between Ghost and Admin markdown rendering
2021-09-13 09:34:18 +01:00
Daniel Lockyer
0c7c34ff67 Updated bookshelf-relations dependency to 2.2.0 2021-09-10 16:59:11 +01:00
Daniel Lockyer
7b93efddd0 Updated bookshelf dependency to 1.2.0 2021-09-10 16:59:11 +01:00
Renovate Bot
74c43bcea5 Update dependency c8 to v7.9.0 2021-09-10 11:25:21 +01:00
Daniel Lockyer
10fa1283ca Updated ghost-storage-base to v0.0.6
no issue

- this package has been bumped to support Node 12 + 14
- AFAICT I added it to the Renovate list back when we had some timezone
  issues with moment, but we've since pinned the version of moment so we
  shouldn't experience that now
- therefore this commit also removes it from the Renovate ignore list
2021-09-09 10:15:26 +01:00
Renovate Bot
c05432889a
Update dependency sanitize-html to v2.5.0 2021-09-08 21:18:14 +00:00
Fabien O'Carroll
07e595b9aa Fixed webhook handler when Stripe is not connected
no-issue

The webhook handler did not correctly check for whether or not Stripe
was connected, and would attempt to handle webhooks anyway, resulting in
errors due to missing Stripe config. This fixes the handler to exit
early.
2021-09-08 12:41:20 +02:00
Renovate Bot
0bb14c115b Update dependency @tryghost/members-importer to v0.3.2 2021-09-08 10:34:07 +02:00
Fabien O'Carroll
fd574f527c Removed webhooks when disconnecting stripe
refs https://github.com/TryGhost/Team/issues/1006

The @tryghost/members-api module has been updated to remove webhooks
from Stripe when disconnecting. This will ensure that we do not leave
around old/invalid webhooks that will not be handled and generate
errors.
2021-09-07 18:58:25 +02:00
Fabien 'egg' O'Carroll
cd89c7e427
Used @tryghost/members-api Stripe disconnect logic (#13290)
refs https://github.com/TryGhost/Team/issues/1006

Moving the logic of disconnecting Stripe into the members-api module
decouples the Ghost API from the Members API internals. This method can
now be updated independently of Ghost, to implement the deletion of
webhooks from Stripe.
2021-09-07 18:25:53 +02:00
Fabien 'egg' O'Carroll
ae844db60b
Fixed handling of Complimentary Stripe subscriptions (#13289)
refs https://github.com/TryGhost/Team/issues/995

Since we reintroduced the comped status, we did not update the
subscription handling to correctly set members to a status of comped
when they were on a 'Complimentary' plan. This meant that 'comped' members
had a status of 'paid'. The changes to @tryghost/members-api ensure that
handling subscriptions going forward will not result in this error.

Since we handle the Complimentary plan correctly now, we do not need to
manually check for the existence of one, we can instead rely on the
status to set the `comped` flag.
2021-09-07 11:31:47 +01:00
renovate[bot]
677dc1a59b
Update dependency @tryghost/members-csv to v1.1.6 (#13273)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-09-06 16:16:10 +01:00
renovate[bot]
a8902bd1f8
Update dependency @tryghost/members-ssr to v1.0.12 (#13275)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-09-06 16:16:01 +01:00
renovate[bot]
b8b9707ddb
Update dependency @tryghost/magic-link to v1.0.11 (#13272)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-09-06 16:15:46 +01:00
Renovate Bot
f34a862526 Update dependency @tryghost/helpers to v1.1.52 2021-09-06 12:32:34 +01:00
Renovate Bot
b89967f9fb Update dependency @tryghost/logging to v0.1.6 2021-09-06 12:32:26 +01:00
Daniel Lockyer
5d700c6a79 v4.13.0
-----BEGIN PGP SIGNATURE-----
 
 iHUEABYIAB0WIQTqYa7kNs8D7Oo9dgLSEYbwtHKVrQUCYTX5vAAKCRDSEYbwtHKV
 rensAP9Oicx5z/VxT+24aUZye7ZAGKtixkcAD5t8mHL2sVOYtAEArmbbWcY7QObf
 e3xUbOTujGOkYdirKrnc4jSqhpPypAM=
 =IYQa
 -----END PGP SIGNATURE-----
gpgsig -----BEGIN PGP SIGNATURE-----
 
 iHUEABYIAB0WIQTqYa7kNs8D7Oo9dgLSEYbwtHKVrQUCYTX7TgAKCRDSEYbwtHKV
 reiOAQCp6medOlKFGD3uq9v/umvOn7+XQeKLQ0ELxXR80X/YrQD+Nych2u4kdHdC
 d060V9Bj1sNRcuuztwqJZx+iFg+jvwk=
 =wCw4
 -----END PGP SIGNATURE-----

Merged v4.13.0 into main

v4.13.0
2021-09-06 12:28:04 +01:00
Daniel Lockyer
8458e14b05
v4.13.0 2021-09-06 12:21:32 +01:00
Fabien O'Carroll
31fafcb936
Fixed errors when creating complimentary subscriptions
no-issue

The ProductRepository changed to require the options parameter which is
not passed when created complimentary subscriptions. This updates the
code to no longer require the options parameter and instead provide a
default.
2021-09-06 12:04:25 +01:00
Fabien O'Carroll
dd2def277c Fixed errors when creating complimentary subscriptions
no-issue

The ProductRepository changed to require the options parameter which is
not passed when created complimentary subscriptions. This updates the
code to no longer require the options parameter and instead provide a
default.
2021-09-06 12:55:20 +02:00
Renovate Bot
7851e4ce52
Update dependency oembed-parser to v1.4.8 2021-09-03 03:32:36 +00:00
Fabien O'Carroll
a39dd7255d Fixed updating products inside of a transaction
no-issue

When updating products we make many reads and writes to the database,
some of these reads were not happening inside of a transaction which was
causing issues when loading the members setting page. This bumps the
@tryghost/members-api dependency to ensure that all of the database
operations happen inside of the transaction
2021-09-01 19:14:21 +02:00
Naz
4f78bf01a2 Moved default settings population test to regression suite
closes https://github.com/TryGhost/Team/issues/860
refs 5405b6ca7c

- The slow test was running slow because it's not a "unit test" it is testing much more. Moved it to a correct suite - regression which simplified the logic a lot (no need to mock db calls).
- Brought back the 2000ms limit as the bottleneck has been solved
2021-09-01 15:23:57 +04:00
renovate[bot]
f52d0136ef
Update dependency @tryghost/kg-mobiledoc-html-renderer to v5.1.1 (#13251)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-09-01 09:12:09 +01:00
renovate[bot]
2f2939ec1b
Update dependency @tryghost/color-utils to v0.1.2 (#13269)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-09-01 09:11:21 +01:00
Naz
5405b6ca7c Temporarily lifted unit test timeout threshold
refs https://github.com/TryGhost/Team/issues/860

- Lifting it slightly just so the timeout doesn't waste team's time on false-positive failures. A follow up commit should put the threshold back to the original value and solve the slow test
2021-09-01 11:12:17 +04:00
Naz
75744041c1 Allowed for a 'sent' status in canary Admin Post API
refs https://github.com/TryGhost/Team/issues/892

- When a published email-only post is edited on the client it sends through a "sent" status over to the backend over PUT endpoint. It's a valid new status that should be accepted by the validation
2021-09-01 10:55:13 +04:00
Renovate Bot
966f167fd9
Update dependency @sentry/node to v6.12.0 2021-08-31 16:25:51 +00:00
Renovate Bot
ac57c1b364
Update dependency mocha to v9.1.1 2021-08-30 00:13:33 +00:00
Fabien O'Carroll
b895b87add Errored when creating products if any error occurs
refs https://github.com/TryGhost/Team/issues/982

When creating a Product with invalid data for Stripe, e.g. a price of
one gazillion dollars - the Stripe API requests would fail, but we would
end up with a broken product created in the database. This updates
@tryghost/members-api to wrap these calls in a database transaction, and
will roll back any operations if one of them fails.
2021-08-26 20:10:31 +02:00
Fabien 'egg' O'Carroll
9a1417c8b9
Exposed dummy subscriptions to theme layer (#13257)
refs https://github.com/TryGhost/Team/issues/986

This updates the @tryghost/members-api module to return the full member
object from getMemberIdentityData, which is used to populate req.member
used by themes to construct the `@member` template data.

The full object is read from the service which handles all additional
properties and logic for retrieving members, including the dummy
subscriptions for comped members.
2021-08-26 16:03:32 +01:00
Fabien O'Carroll
e05fa6af38 Fixed subscription handling to remove old products
refs https://github.com/TryGhost/Team/issues/979

This bump to @tryghost/members-api includes a fix for handling a
subscription updating to a new price. Previously we would add the new
product to the member, but the old one would still be attached. Now we
check that there are no other active subscriptions for the product
associated with the old price, and remove it.
2021-08-26 15:55:22 +02:00
Fabien O'Carroll
76311484df Added dummy subscription to comped members
refs https://github.com/TryGhost/Team/issues/873

This includes the update to @tryghost/members-api which includes the new
MemberBREADService which is used to handle the logic for controller
methods outside of the controller.

With it, we've introduced the concept of a dummy subscription for comped
members. This gives API consumers a way to get the created_at date for a
comped members access to a product.
2021-08-26 15:28:55 +02:00
Daniel Lockyer
c7f45f5580 Renamed coverage:unit command to cov:unit
no issue

- this is slightly quicker to type and cleaner to read
2021-08-26 15:06:45 +02:00
Daniel Lockyer
070a6ac13c Configured c8 to use all source files
no issue

- by default, `c8` will only show stats for files that were loaded during execution
- this means the coverage stats are too high because we're not taking
  into account all the files not loaded by tests
- this commit append the `--all` flag to `c8` which fixes this
2021-08-26 15:06:45 +02:00
renovate[bot]
b2aa2dd7e1
Update dependency @tryghost/members-importer to v0.3.1 (#13231)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-08-25 13:43:13 +01:00
Renovate Bot
789773ae8a Update dependency nock to v13.1.3 2021-08-25 12:08:30 +02:00
Kevin Ansfield
5e83d87ab9 Updated email-cta card rendering to match editor
refs https://github.com/TryGhost/Team/issues/1007

- bumped `@tryghost/kg-default-cards` with updated rendering
  - aligns text as well as button
  - has single payload toggle for divider display
  - adds toggle for button display
- bumps other @tryghost/kg-*` packages that had minor dependency bumps
2021-08-24 18:10:07 +01:00
Fabien O'Carroll
3a6e71a2b6 Wired up MemberProductEvents to member product changes
refs https://github.com/TryGhost/Team/issues/873

This version of @tryghost/members-api handles creating
MemberProductEvents when a member is created, updated or has their
subscription updated. This populates the members_product_events table
and can be used to determine when a member was given access to a
product, which is useful with the concept of comped access to a product,
where we do not have a subscription as a record.
2021-08-24 15:22:10 +02:00
renovate[bot]
2ed9529fa0
Update dependency @tryghost/members-csv to v1.1.5 (#13246)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-08-24 14:17:02 +01:00
renovate[bot]
734f1c4422
Update dependency @tryghost/members-ssr to v1.0.11 (#13247)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-08-24 11:55:51 +02:00
renovate[bot]
0cc64fc5f2
Update dependency @tryghost/magic-link to v1.0.10 (#13245)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-08-24 11:55:42 +02:00
Renovate Bot
17fd1b3c7d Update dependency nock to v13.1.2 2021-08-24 11:17:28 +02:00
Fabien O'Carroll
e71114bb8f Added Members bulk actions endpoint
refs https://github.com/TryGhost/Team/issues/946

This adds the initial bulk actions endpoint used for the members
filtering feature. The idea is to eventually move bulk destroy into this
endpoint to and provide a consistent interface for applying bulk actions
to members.

The @tryghost/members-api package has been bumped to include the new
bulkEdit method.

The sinon.restore in tests was moved to an afterEach so that stubs did
not effect other tests.
2021-08-23 16:38:21 +02:00
renovate[bot]
4266bb751f
Update dependency @tryghost/magic-link to v1.0.9 (#13237)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-08-23 11:06:21 +01:00
renovate[bot]
47f89f56c8
Update dependency @tryghost/members-csv to v1.1.4 (#13238)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-08-23 10:35:10 +01:00
renovate[bot]
6ca8eb2d23
Update dependency @tryghost/members-ssr to v1.0.10 (#13239)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-08-23 10:35:03 +01:00
Naz
7f09beb2a8 Moved email list check to GA
refs https://github.com/TryGhost/Team/issues/906

- The feature has moved to GA from behind alpha flag. It's skipping the beta phase as it's not needed in this specific situation
2021-08-20 18:07:31 +04:00
Daniel Lockyer
70bea3ddf8 Added c8 coverage to unit tests
no issue

- coverage allows us to see how much of our code we're hitting in tests
  and it's time we started to get visibility on this in Ghost
- we can then make informed decisions on which well-tested internal libraries
  can be pulled out into their own packages
- this commit:
  - adds the c8 dev dependency to Ghost
  - prepends the `test:unit` command with c8 with the `text-summary` reporter
  - adds a `coverage:unit` command to get the `text` report
    - you can do `yarn coverage:unit --reporter html` to get a HTML report etc
  - uses this new test coverage reporter command in CI tests
2021-08-20 12:42:11 +02:00
Renovate Bot
53c5cd5428
Update dependency mocha to v9.1.0 2021-08-20 08:16:37 +00:00
Renovate Bot
b1fa774a56 Update dependency cssnano to v5.0.8 2021-08-19 10:40:51 +01:00
Naz
2f2fe16944 Added floating threshold to member import
closes https://github.com/TryGhost/Team/issues/958

- The change allows to dynamically adjust import threshold based on current member count
2021-08-18 18:39:43 +04:00
Renovate Bot
858a8d685a Update dependency supertest to v6.1.6 2021-08-18 08:45:42 +01:00
Daniel Lockyer
fa19ef7f0b v4.12.1
-----BEGIN PGP SIGNATURE-----
 
 iHQEABYIAB0WIQTqYa7kNs8D7Oo9dgLSEYbwtHKVrQUCYRviGQAKCRDSEYbwtHKV
 rfxSAPi1I0TdH6rbtpNCqaAmm0kAShomDM0IOajwm2bSwFIGAQDYgzablHFGAhv7
 fsFe7t66zHs2fGZ7jakF+vC/NEsMBw==
 =ci9A
 -----END PGP SIGNATURE-----
gpgsig -----BEGIN PGP SIGNATURE-----
 
 iHUEABYIAB0WIQTqYa7kNs8D7Oo9dgLSEYbwtHKVrQUCYRvi/wAKCRDSEYbwtHKV
 rdv+AP9sExkMA4Yqn13vs8Lh6vApLi5BmAYipbVZr7/htx9XVAEA2sd4iQBLvS7H
 KRxwT/4YMvT985cdPrsYL39hRa0ltwc=
 =dpmX
 -----END PGP SIGNATURE-----

Merged v4.12.1 into main

v4.12.1
2021-08-17 17:25:28 +01:00
Daniel Lockyer
b482f76d62
v4.12.1 2021-08-17 17:21:45 +01:00
Daniel Lockyer
f8aa065891 v4.12.0
-----BEGIN PGP SIGNATURE-----
 
 iHUEABYIAB0WIQTqYa7kNs8D7Oo9dgLSEYbwtHKVrQUCYRuK8QAKCRDSEYbwtHKV
 rXv7AP9tKQEpGwis3ZjVpWcE7EWkYfrwzTmTGnFMAOrqeCPlNQEAyaROjVd2qiGc
 xzHsLOu8fIHjhlbQtkbc0fh4ZMiZ2gw=
 =kec3
 -----END PGP SIGNATURE-----
gpgsig -----BEGIN PGP SIGNATURE-----
 
 iHUEABYIAB0WIQTqYa7kNs8D7Oo9dgLSEYbwtHKVrQUCYRuL4wAKCRDSEYbwtHKV
 rdLcAQCYNn+jTXH+QaBu2XBPLfwQltXuhTKe0oMoZA8YUFtC1gEA3tGWtXgZNIGH
 BoG+GubHsjSAxpMnxZjQ2dbaUMlZiQo=
 =xy1l
 -----END PGP SIGNATURE-----

Merged v4.12.0 into main

v4.12.0
2021-08-17 11:13:49 +01:00
Daniel Lockyer
019161cad3
v4.12.0 2021-08-17 11:09:53 +01:00
Renovate Bot
e4d9c8daf2
Update metascraper to v5.24.2 2021-08-16 11:12:26 +00:00
Renovate Bot
67cf73074b Update dependency supertest to v6.1.5 2021-08-13 14:14:53 +01:00
Renovate Bot
4fe0535236 Update dependency @tryghost/members-csv to v1.1.3 2021-08-13 14:14:23 +01:00
Renovate Bot
13e148bf08 Update dependency @tryghost/magic-link to v1.0.8 2021-08-13 14:14:16 +01:00
Renovate Bot
762b7a467e Update dependency @tryghost/members-ssr to v1.0.9 2021-08-13 14:14:08 +01:00
Fabien O'Carroll
e208b1a8f3 Updated bulkDestroy method to handle search correctly
no-issue

The first implementation of bulkDestroy did not pass the search option
unless the filter was also passed. This was incorrect and has been
fixed.
2021-08-13 13:35:58 +02:00
Fabien 'egg' O'Carroll
235597a5e4
Refactored Members controller bulkDestroy (#13221)
no-issue

This moves the logic out of the controller and into the members-api
member repository. Removing complexity from the controllers and
out into services is desirable to reduce code in the Ghost codebase
and move logic into modules which can be tested easier.
2021-08-12 15:26:25 +01:00
Renovate Bot
19fd16649a
Update dependency express-jwt to v6.1.0 2021-08-11 22:56:50 +00:00
Renovate Bot
8623e8de8b Update dependency knex to v0.21.21 2021-08-10 17:33:28 +01:00
Renovate Bot
6719aa4e57
Update metascraper to v5.24.1 2021-08-09 11:56:34 +00:00
Renovate Bot
b17bbe3ead
Update dependency multer to v1.4.3 2021-08-09 10:32:38 +00:00
Renovate Bot
5c8fe195d6
Update dependency @sentry/node to v6.11.0 2021-08-06 14:30:33 +00:00
Renovate Bot
b20c88b3e3 Update dependency @tryghost/html-to-mobiledoc to v0.7.17 2021-08-06 13:31:28 +01:00
Renovate Bot
1a89986323 Update dependency @tryghost/social-urls to v0.1.26 2021-08-06 11:39:14 +01:00
Renovate Bot
6c3836e9c9 Update dependency @tryghost/validator to v0.1.4 2021-08-06 11:39:00 +01:00
Renovate Bot
f698b7785a Update dependency @tryghost/color-utils to v0.1.1 2021-08-06 08:53:33 +01:00
Renovate Bot
8d73386cf7 Update dependency @tryghost/request to v0.1.4 2021-08-06 08:53:26 +01:00
Renovate Bot
7cddaeb081 Update dependency @tryghost/logging to v0.1.5 2021-08-06 08:53:08 +01:00
Renovate Bot
43902f6673 Update dependency @tryghost/helpers to v1.1.51 2021-08-06 08:23:09 +01:00
Renovate Bot
948b674d85 Update dependency @tryghost/debug to v0.1.4 2021-08-06 08:23:03 +01:00
Renovate Bot
7297323e25 Pin dependency @tryghost/color-utils to v0.1.0 2021-08-06 08:22:46 +01:00
Renovate Bot
4210480c78 Update dependency @tryghost/root-utils to v0.3.3 2021-08-06 08:22:31 +01:00
Renovate Bot
cd98ad6de4 Update dependency @tryghost/string to v0.1.20 2021-08-06 08:22:22 +01:00
Renovate Bot
81c86efa84 Update dependency @tryghost/url-utils to v2.0.2 2021-08-06 08:22:17 +01:00
Renovate Bot
61f1aa4bf2 Update dependency @tryghost/version to v0.1.3 2021-08-06 08:21:59 +01:00
Naz
9081877996 Added ability to modify email_only property in post resource
https://github.com/TryGhost/Team/issues/893

- The package bump allows to validate the post's `email_only`  property
2021-08-05 19:44:35 +12:00
Fabien 'egg' O'Carroll
758497839b
Updated @tryghost/bookshelf-plugins & @nexes/nql (#13212)
refs https://github.com/TryGhost/Team/issues/944

This updates both libraries to include support for custom foreign keys
on relations, as well as relations with a "virtual" table, defined by a
query.

This will allow us to filter members based on aggregates of their
events, as well as on properties of their stripe subscriptions which are
linked not by the `id` column but by thir external stripe id, e.g. `customer_id`.
2021-08-04 17:01:23 +01:00
Fabien 'egg' O'Carroll
424f621414
Moved NQL relations and expansions into the models (#13204)
refs https://github.com/TryGhost/framework/pull/19

The @tryghost/bookshelf-filter plugin no longer bundles hardcoded
relations and expansion definitions, instead leaving it up to the
library consumer to implement.

This PR adds the preexisting relations and expansions to the relevant
models, in order to preserve our existing filtering functionality.
2021-08-04 15:30:53 +01:00
Daniel Lockyer
5cce9818eb v4.11.0
-----BEGIN PGP SIGNATURE-----
 
 iHUEABYIAB0WIQTqYa7kNs8D7Oo9dgLSEYbwtHKVrQUCYQk0mQAKCRDSEYbwtHKV
 raAxAQCWNrrS6ixKZlzFkjv8opyMQ1b0HV25NBjg8rAkD8YRVQEAsvUM2Vu/G0+Y
 mbb7qeWAzK1L8tNP686Khc84TbeSBQY=
 =NBs1
 -----END PGP SIGNATURE-----
gpgsig -----BEGIN PGP SIGNATURE-----
 
 iHUEABYIAB0WIQTqYa7kNs8D7Oo9dgLSEYbwtHKVrQUCYQk1CAAKCRDSEYbwtHKV
 rcPcAP9eW3OIVa5eO05BTVt7Dgi6sqLkry7AKU1KA6yWANJS4wEAi+EygDpPjxXu
 HTIkCXAJRV8VAKPHbO6ESUcqtMTEOAc=
 =PoHi
 -----END PGP SIGNATURE-----

Merged v4.11.0 into main

v4.11.0
2021-08-03 13:22:26 +01:00
Daniel Lockyer
0035d45a31
v4.11.0 2021-08-03 13:20:41 +01:00
Kevin Ansfield
db4a596d92 Added top/bottom divider and button alignment support to email-cta card
refs https://github.com/TryGhost/Team/issues/928

- bumped `kg-default-cards` which adds necessary output to the rendered `email-cta` card
2021-08-02 15:31:45 +01:00
Renovate Bot
4a4f98ffe2
Update metascraper to v5.24.0 2021-08-02 10:20:50 +00:00
Renovate Bot
deb971dad6
Update metascraper to v5.23.3 2021-08-02 00:21:03 +00:00
Renovate Bot
cb46e14c9c
Update dependency eslint to v7.32.0 2021-07-30 23:58:43 +00:00
Kevin Ansfield
dbbf80bc6a Fixed "undefined" appearing in email-cta cards when no content is provided
refs https://github.com/TryGhost/Team/issues/928

- bumped version of `kg-default-cards` which includes a fix
2021-07-29 15:47:48 +01:00
Kevin Ansfield
eb92610df2 Added accent color button styles to labs email template
refs https://github.com/TryGhost/Team/issues/928

- duplicated email template so email-cta changes can go into the labs version
- added `accentContrastColor` to template settings for using white/black depending on the accent color
- added `.gh-btn-accent` styles to the email template (email-cta card already uses those for the button)
2021-07-29 15:25:09 +01:00
Kevin Ansfield
152702c27b Fixed error when rendering email-cta card with button and no contents
refs https://github.com/TryGhost/Team/issues/928

- bumped `kg-default-cards` to version with a fix for `payload.html` being `undefined`
- bumped other `kg-*` packages to that had sub-dependency bumps
2021-07-29 14:39:25 +01:00
Naz
5fd1ed5bcb Added an escalation email when import triggers a limit
refs https://github.com/TryGhost/Team/issues/912

- When the improt acceedes the threshold for the first time we need a way to notify configured escalationAddress to verify the instance owner's email address.
2021-07-29 20:30:30 +12:00
Renovate Bot
9d60936c56
Update metascraper to v5.23.1 2021-07-27 16:07:05 +00:00
Kevin Ansfield
82032fb7c2 Added first pass at email-cta card button rendering in emails
refs https://github.com/TryGhost/Team/issues/927

- bumped `@tryghost/kg-default-cards` to version with button output when rendering
- bumped `@tryghost/kg-card-factory` and `@tryghost/kg-markdown-html-renderer` as they had (unrelated) sub-dependency updates
2021-07-27 17:05:38 +01:00
Renovate Bot
b5334fe831
Update dependency sinon to v11.1.2 2021-07-27 12:52:52 +00:00
Renovate Bot
91ab07d0d1
Update metascraper to v5.23.0 2021-07-26 12:02:57 +00:00
Daniel Lockyer
04b5a1c6c5 v4.10.2
-----BEGIN PGP SIGNATURE-----
 
 iHUEABYIAB0WIQTqYa7kNs8D7Oo9dgLSEYbwtHKVrQUCYP6iagAKCRDSEYbwtHKV
 rR/dAPsGjY89fheicUdZfWbVUGunIQAKCYWj4sNMR5ZJbFQ8IAD8Dbx5XLR1IYmX
 7uzjx7ayuHt+o9jJkaRFGpETIRln4w0=
 =JY+u
 -----END PGP SIGNATURE-----
gpgsig -----BEGIN PGP SIGNATURE-----
 
 iHUEABYIAB0WIQTqYa7kNs8D7Oo9dgLSEYbwtHKVrQUCYP6kDQAKCRDSEYbwtHKV
 rVJ1AQCDiGWEJNVItQbPoAURACUtQPtg8GH1O62We+LUNdKQ5gEA2+snzZAi9fag
 60k5eyYxcB4JOwSVLIS19FcybgnhuAg=
 =1a74
 -----END PGP SIGNATURE-----

Merged v4.10.2 into main

v4.10.2
2021-07-26 13:01:12 +01:00
Daniel Lockyer
570bc67790
v4.10.2 2021-07-26 12:54:18 +01:00
Renovate Bot
149101a87b Update dependency gscan to v4.2.1 2021-07-26 11:15:15 +01:00
Renovate Bot
75f6e733d1
Update dependency mocha to v9.0.3 2021-07-26 00:07:06 +00:00
Naz
a7dd7bb64b Added email verification limit check
refs https://github.com/TryGhost/Team/issues/912

- When the import threshold is reached we want to trigger an "email" limit. See details in the refed issue
2021-07-23 20:37:29 +04:00
Daniel Lockyer
dcca28a45b v4.10.1
-----BEGIN PGP SIGNATURE-----
 
 iHUEABYIAB0WIQTqYa7kNs8D7Oo9dgLSEYbwtHKVrQUCYPmn5QAKCRDSEYbwtHKV
 rZ7GAP44uQbWr4HFW7cAdEBG3YRDA5EC7S0uy2fdizzxuvPr2AEAqpU51eOpUPgm
 SY43m3su6G2QUoMMUJEt6HJ0xzH4FQU=
 =Qvoa
 -----END PGP SIGNATURE-----
gpgsig -----BEGIN PGP SIGNATURE-----
 
 iHUEABYIAB0WIQTqYa7kNs8D7Oo9dgLSEYbwtHKVrQUCYPmoNQAKCRDSEYbwtHKV
 rY8SAQDDoVnCn5KBFk7F4pMBEsH9CV5olF1URJf5wShFdVZrpwD/bNOf/kN/xn1R
 X2SMUaG4uZav969eRRU36h3Ky64Hdw4=
 =2WgO
 -----END PGP SIGNATURE-----

Merged v4.10.1 into main

v4.10.1
2021-07-22 18:17:34 +01:00
Daniel Lockyer
eec8273147
v4.10.1 2021-07-22 18:16:20 +01:00
Thibaut Patel
bdb6e950db
🐛 Fixed GScan errors when handling partials with undefined names
refs 81b89e9289

- The mark-used-partials util was recording `undefined` partials, it's not anymore
- Also fixed the `normalizePath` function that was breaking when given `undefined`
- This solves the two ends of a bug that prevented some Ghost instances to boot due to a theme with dynamic partials
- this commit bumps GScan to the fixed version
2021-07-22 18:12:43 +01:00