Commit Graph

9207 Commits

Author SHA1 Message Date
kirrg001
a157c147af Added model.wasChanged helper
refs #10461

- helpful if you need to ask if the model was changed
- Bookshelf does not support this feature yet
- https://github.com/bookshelf/bookshelf/issues/1943
2019-02-07 22:05:07 +01:00
kirrg001
2eb1f2a507 Avoided inserting actions if nothing has changed
refs #10431

- I thought i have added this protection, but got removed via the simplification in cca3317a11
2019-02-07 20:49:35 +01:00
kirrg001
b25da62cca Ensured defaults when creating resources
no issue

- the model & api layer suffered from missing fields when creating resources
- usually there is only a handful of fields which are required to insert a resource
- the other fields are nullable and/or get defaults assigned
- the API only returned the configured default fields and the fields you have sent to the API
  - this resulted in a response with missing fields
- if you have listend on "created" event, the same happend
  - you received a model with missing fields
- we now set the undefined fields to null on purpose to ensure a full model for both cases

@NOTE:
There is no endpoint to serve webhooks (not for v0.1, not for v2).
Exposing the secret is required if an integration fetches it's api keys and it's webhooks.
The secret is currently un-used and not implemented.
2019-02-07 20:20:10 +01:00
Kevin Ansfield
52a482cba8 Version bump to 2.14.0 2019-02-07 14:35:06 +00:00
Kevin Ansfield
1331cc29e6 Updated Ghost-Admin to 2.14.0 2019-02-07 14:35:06 +00:00
Kevin Ansfield
68d73d31b2 Bumped express-hbs dependency
no issue
- express-hbs has been updated to depend on handlebars@4.0.13 which protects against a potential RCE
- Ghost itself was not vulnerable to the RCE due to protection by gscan which does not allow themes using unknown helpers to be installed/activated
2019-02-07 14:16:37 +00:00
John O'Nolan
ae5ed03488
Update admin redirects
Refs https://github.com/TryGhost/Ghost/pull/10079
2019-02-07 17:59:35 +07:00
kirrg001
1e90126760 Remembered changed fields on destroy
refs #9248
2019-02-07 11:35:00 +01:00
kirrg001
865366c7c8 Ensured consistency for event handlers in the model layer
no issue

- the event chain works like this:
  - if a model registers an event, it get's triggered, because it's stronger than the base model
- but you have to call the base model to agree on a contract, because base model implements generic logic in event handlers
- this was inconsistently used
2019-02-07 11:02:35 +01:00
Fabien O'Carroll
46bf5270df
Added initial subscription support with stripe to Members API (#10460)
These changes introduce a new "service" to the members api, which handles getting and creating subscriptions.

This is wired up to get subscription information when creating tokens, and attaching information to the token, so that the Content API can allow/deny access. 

Behind the subscription service we have a Stripe "payment processor", this holds the logic for creating subscriptions etc... in Stripe.

The logic for getting items out of stripe uses a hash of the relevant data as the id to search for, this allows us to forgo keeping stripe data in a db, so that this feature can get out quicker.
2019-02-07 10:41:39 +01:00
Fabien O'Carroll
5f66026647
Refactored auth pages for future flows (#10458)
no-issue

* Used camelCase for gateway method calls
* Added some components for building blocks of forms
* Added input specific components
* Added Form component
    This handles collecting the data to submit and sharing state between forms
* Added Pages component to handle urls
* Added the pages for the popup
* Added MembersProvider component
    This is designed to give its children access to gateway methods
* Added Modal component
    This wraps the pages and handles dispatching form submissions to the members gateway
* Refactored index.js to use new components/pages
* Fixed default page from Signup -> Signin
2019-02-07 10:39:55 +01:00
kirrg001
cca3317a11 Simplfied action trigger in base model
refs #10431

- the model layer triggers a couple of events on resource update
  e.g. post to page -> post.deleted, post.added
- the resource_type must be always "post", because "page" is not an official model (Bookshelf won't be able to resolve the resource anymore)
- the action streams looks very confusion if you see deleted and added actions when toggling the post to a static page
- therefor the easiest approach for now is to only store actions for: added, edited, deleted
- and we will add the context information asap
  - e.g. you will see that status was changed from "draft" to "published"
- we can also introduce extra published actions if we want
- relying on the internal event system right now makes things just more complicated and we want to keep it simple
2019-02-06 22:21:06 +01:00
kirrg001
dbd3832967 Allowed browse actions for integrations
refs #9865
2019-02-06 21:36:09 +01:00
kirrg001
5f4cf42c14 Fixed tests
no issue
2019-02-06 21:36:09 +01:00
kirrg001
a8e0a173c2 Redefined context.integration
no issue

- we only have access to the ID at the moment
- we really don't want to end up in the same situation as with "context.user"
2019-02-06 21:36:09 +01:00
kirrg001
68bdcfc753 Fixed model._changed for creating resources
no issue

- discovered while testing
- the events are still triggered though for posts because .authors are added on creation
2019-02-06 21:36:09 +01:00
kirrg001
2fd4cbb93b Added v2 actions endpoint
refs #10431

- added v2 endpoint with browse permissions
- context.integration was never accessible in the model layer
  - why? https://github.com/TryGhost/Ghost/issues/10099
2019-02-06 21:36:09 +01:00
kirrg001
8bb2c7d3d5 Added model implementation for actions
refs #10431

- added actions model
- added logic in event emiiter to insert actions if supported
2019-02-06 21:36:09 +01:00
kirrg001
fde31b31ba Added permissions for actions including migration
refs #10431

- migration script to add permissions for actions
- restricted to owner & admin & integration role for now
- we will add permissions for other rules too, but we need add more granular restrictions
  - e.g. contributors can only read actions for posts which he created
2019-02-06 18:59:09 +01:00
kirrg001
c127b406fc Added actions table including migration
refs 10431

- add actions table
- add migration
2019-02-06 18:59:09 +01:00
cl1ent
8a441a04ab Enabled yarn caching in .travis.yml (#10452)
no issue
2019-02-06 18:57:57 +01:00
Kevin Ansfield
c9d6ffa5ab Allowed GET /configuration/about/ for Admin API v2 with API Key auth
refs https://github.com/TryGhost/Ghost/issues/9865
- needed for Zapier
2019-02-06 14:00:29 +00:00
ShumailAhmed123
24e96dcabf Updated default-routes.yaml syntax to single template (#10459)
closes #10456
2019-02-06 14:34:57 +01:00
Aileen Nowak
93b936d2fb Added back "theme.uploaded" analytics event (#10450)
no issue

- With the changes in 79ca6c575c we removed old unused events
- The theme upload event is still used and needed to be put back
- Added the event emit right after the successful upload of the theme
- Renamed analytics events for more consistency
- We need to add the same event emitter to the v0.1 API as it's not deprecated
- emits a `theme.uploaded` event after the theme was successfully uploaded and saved
2019-02-05 17:38:40 +01:00
cl1ent
7b8bf8977c Updated line numbers in .travis.yml comment (#10451)
no-issue
2019-02-05 17:14:11 +01:00
Nazar Gargol
d482b4dd3a Version bump to 2.13.2 2019-02-05 12:11:27 +00:00
Nazar Gargol
719edc0d16 Updated Ghost-Admin to 2.13.2 2019-02-05 12:11:27 +00:00
Fabien O'Carroll
6dc47f2ff2 🐛 Fixed errors for missing sharp install
closes #10421
2019-02-05 10:14:05 +01:00
Nazar Gargol
658a65e0fc Reduced duplicated and slow regression tests
refs #9178

- Removed tests that had duplicated or already covered cases in acceptance or unit tests
- Optimized some slow tests
- Some test suite naming changes
- Imports cleanup
2019-02-05 01:20:16 +00:00
Hannah Wolfe
426c122ed1 Updated messaging around {{get}} helper access
closes #10447

- Get helper message talks about the old API, but upgrading is the best way to solve the problem
- Had to create a way to add a custom message to a labs enabled helper to achieve this
2019-02-04 17:58:35 +00:00
Hannah Wolfe
5365094dfc 🐛 Provided get helper filters access to globals
closes #10448

- using @site.lang to read posts is a valid use case for the get helper filters
- get helper filters have special treatment of anything wrapped in {{}}, in the form of resolvePaths
- resolvePaths uses some custom logic + jsonpath to find the right bit of data to inject
- this function had no handling for globals starting with `@`, and also didn't have access to them
2019-02-04 15:26:45 +00:00
kirrg001
9d8a450ede Reduced & moved acceptance tests for content API
refs #9178

- goal: only run main use cases regurlay
- the rest should run once per day
- reduced tests also
2019-02-04 15:58:18 +01:00
kirrg001
5d78d0ccfc Reduced & moved acceptance tests for admin API
refs #9178

- consistent naming pattern
- less acceptance tests
2019-02-04 15:58:06 +01:00
kirrg001
8b3336c84d Added condition to not trigger events if nothing has changed
refs #9248

- we no longer trigger events if the db was not changed
2019-02-03 13:02:31 +01:00
kirrg001
3289dc7619 Introduced model._changed
refs #9248

- Bookshelf gives access to ".changed" before the update
  - Discussion: https://github.com/bookshelf/bookshelf/issues/1943
- We also need to know what has changed after the update to be able to decide if we should trigger events
- Furthermore: Bookshelf cannot handle relation updates, it always marks relations as changed even though they did not change
- Bumped bookshelf-relations to be able to
  - know if relations were updated
  - ensure we unset relations on bookshelf's ".changed"
2019-02-03 13:02:26 +01:00
kirrg001
d44d93a19d Correct event debug logs in base model
no issue
2019-02-01 19:48:27 +01:00
Nazar Gargol
3274138ff3 Added a note on secret transformation before token verification
refs #9865

- Added some clarificatoin around why secret used for token verification has to be transformed binary decoded from hex
2019-02-01 14:04:25 +00:00
kirrg001
11c910ec8c Avoided to store empty plaintext if html does not contain any text
no issue
2019-01-31 23:14:12 +01:00
kirrg001
01419ef8b3 Added base model debug log for events
no issue
2019-01-31 23:02:48 +01:00
kirrg001
a45f76c574 Allowed subscribers for admin api v2 with api key authentication
refs #9865

- needed for Zapier
2019-01-31 22:09:14 +01:00
kirrg001
93092c8f20 Removed author from Admin API v2 output
refs #10438

- single author is deprecated and get's completely dropped in v3
2019-01-31 16:27:56 +01:00
kirrg001
7f7b477ce9 Fixed error message being unclear when admin api keys create posts without authors
refs #10438

- integrations != users
- Ghost's assumption is: if you create a post, the primary author becomes the logged in user
- we have to require authors for integrations
- short fix and needs some more thoughts later
2019-01-31 16:27:56 +01:00
Nazar Gargol
a463a56971 Changed path returned for uploads to absolute
refs #10438

- This change affects all /uploads/* and /images/* endpoints in Admin API
2019-01-31 15:02:33 +00:00
kirrg001
24a2208625 Fixed 500 when sending wrong mobiledoc structure
refs #10438
2019-01-31 13:33:05 +01:00
kirrg001
23f705d556 Added /images/ endpoints to Admin API v2
refs #10438

- make /images/ available
- we want to document this endpoint notiation, because it is more specific and fits better, because you can only upload images
- either we drop /uploads/ by the end of the project cycle or we keep both for now
- the Admin API v2 is currently undocumented and allows breaking changes in theory
2019-01-31 13:22:49 +01:00
kirrg001
b4e2187e76 Fixed tests
no issue

- hehe
2019-01-31 12:51:36 +01:00
kirrg001
99c3338ca9 💡 Recommended Node v10
no issue

- see https://docs.ghost.org/faq/node-versions/
2019-01-31 12:25:04 +01:00
kirrg001
0a4645ab09 Fixed key_authentication_spec.js
no issue

- pretty-urls only redirects GET requests currently
2019-01-31 12:24:09 +01:00
Nazar Gargol
63c6d24be1 Fixed acceptance test suite
no issue

-  Modified key authenticaton test as some of the endoints are still in development
2019-01-31 10:08:49 +00:00
Nazar Gargol
59036577af Enabled Admin API key authentication
refs #9865
2019-01-30 19:17:25 +00:00