Commit Graph

437 Commits

Author SHA1 Message Date
nicovalencia
e8746a2375 Add rss to the list of reserved post titles/slugs.
closes #1880
- added `rss` to core/server/models `generateSlug` reserved keywords
- added integration test for safe slug generation to core/test/integration/model/model_posts_spec.js
2014-01-07 17:30:53 -07:00
Hannah Wolfe
dcf4b1e4e4 Add update notifications
closes #1464

- adds opt-out via updateCheck:false in config.js
- update check is done on admin index, but doesn't interfere with rendering
- adds update check module, which gets the usage data, makes the request and handles the response
- adds two new settings to default-settings, one for next check time, and one for whether to show the notification
- adds a new rejectError method to errorHandling
- adds a new helper for displaying the notification

Conflicts:
	core/server/helpers/index.js
	core/test/unit/server_helpers_index_spec.js
2014-01-07 08:20:08 +00:00
Hannah Wolfe
3f9b0fa618 Disable xss santization
issue #1378
fixes #1328

- xss santization does some odd things. This isn't needed until we have multi-user support, and we are investigating better solutions.
2014-01-06 20:17:20 +00:00
Hannah Wolfe
af6137248d New URL helper - URL consistency fixes
fixes #1765
fixes #1811
issue #1833

New UrlFor functions

- moved body of url helper to config.path.urlFor, which can generate a URL for various scenarios
- urlFor can take a string (name) or object (relativeUrl: '/') as the first
  argument - this is the first step towards issue #1833
- also added config.path.urlForPost which is async and handles getting
  permalink setting
- frontend controller, ghost_head helper, cache invalidation all now use
  urlFor or urlForPost all urls should be correct and consistent

URL Consistency Improvements

- refactored invalidateCache into cacheInvalidationHeader which returns a
  promise so that url can be generated properly by urlForPost
- moved isPost from models to schema, and refactored schema to have a tables object
- deleted posts now return the whole object, not just id and slug,
  ensuring cache invalidation header can be set on delete
- frontend controller rss and archive page redirects work properly with subdirectory
- removes {{url}} helper from admin and client, and replaced with adminUrl
  helper which also uses urlFor
- in res.locals ghostRoot becomes relativeUrl, and path is removed
2014-01-06 15:15:48 +00:00
Hannah Wolfe
05dd48feb7 Improving regexes in functional tests
- being more explicit about what resources we expect to load after saving
  a post
- should prevent #1839 from failing tests
2014-01-05 21:10:48 +00:00
Hannah Wolfe
3937c1bf0e Merge pull request #1821 from schneidmaster/fix-1791
Modified github.js to ensure __ is not escaped at the beginning of a line
2014-01-04 11:13:37 -08:00
Hannah Wolfe
d51e63c7b7 Merge pull request #1840 from hswolff/fix-content-helper
Fix {{content words=“0”}} to actually return 0 words
2014-01-04 08:45:26 -08:00
Hannah Wolfe
9f17361bf5 Merge pull request #1831 from schneidmaster/fix-1827
Added handling for undefined errors and test coverage
2014-01-04 08:42:02 -08:00
Harry Wolff
0a2c8248b9 Fix {{content words=“0”}} to actually return 0 words
fixes #1796

- adds in a workaround to the weirdness that currently
exists in downsize module
- adds tests
2014-01-04 00:30:52 -05:00
Harry Wolff
ab80a132f3 Adds ability to quickly get to post’s edit page
fixes #1810

- updates frontend.single route to accept ‘edit’
as the last param

- updates controller.frontend to handle redirection
only when we would otherwise have rendered the page

- added unit tests for this behavior
2014-01-03 18:16:00 -05:00
Zach Schneider
044af51267 Added handling for undefined errors and test coverage
Fixes #1827
2014-01-03 15:07:08 -05:00
Zach Schneider
a79597d8b3 Modified github.js to ensure __ isn't escaped at beginning of line
fixes #1791
2014-01-03 09:45:40 -05:00
Hannah Wolfe
a50f5e1b9d Merge pull request #1815 from ErisDS/more-tests
Error handling simplification & test improvements
2014-01-02 18:13:27 -08:00
Harry Wolff
20055157ef Fixes admin session cookie test
- Currently the test is taking the response date
which is in UTC and passes it through moment()
which by default parses input as local time.  We
then add 12 hours to this now local time
and when compared against the response set-cookie
header the time spread is wrong.

- To fix we’re parsing the response date with
moment.utc which parses the date in UTC.
2014-01-02 21:06:23 -05:00
Hannah Wolfe
495b7b7f05 Error handling simplification & test improvements
fixes #1266

- simplifies the check for if a theme has an error template
- adds more / better tests for error handling
2014-01-02 21:03:37 +00:00
Hannah Wolfe
1925fa0196 Cache control headers & query string asset management
closes #1470
issue #1405

- added cache control middleware
- added defaults for all routes, assets, etc
- updated asset helper to add a query string with a timestamp hash to all assets
- added unit tests for asset and ghostScriptTags helpers
- added cache-control checks to route tests
2014-01-02 12:14:33 +00:00
Hannah Wolfe
16acba5628 Merge pull request #1805 from ErisDS/route-tests
Route tests
2014-01-01 09:05:21 -08:00
Hannah Wolfe
a697a631c2 Route tests
issue #1773

- Adds functional tests for frontend routing
- Tests the request-response contract
- Requires db access at the moment
- Tests #1790
2014-01-01 16:18:03 +00:00
Hannah Wolfe
834cb73613 Date permalinks use published date
fixes #1803

- switches date permalinks from created_at to published_at
- enforces that the post will ONLY render if the date is valid and correct
2014-01-01 15:28:59 +00:00
Hannah Wolfe
a2a606a920 Functional test debugging & improvements
issue #1702
2014-01-01 14:52:49 +00:00
Hannah Wolfe
bfe80da54a Enforce 2-digit dates in permalinks
fixes #1800

- changed permalink regex to require 4/2/2/slug
- changed url helper to enforce the same
- changed permalink toggle to set a specific state, this means the
  functional tests are independent again
- chnaged permalink toggle to wait for the settings page to load
- change as many frontend tests to not login as possible
2014-01-01 11:39:19 +00:00
Harry Wolff
91ca4a43e5 Fix routing of posts and static pages
closes #1757 and #1773

- switches routes.frontend for posts and pages
to use a regex with two capturing groups.  This removes
the need to dynamically remove an express route at a
later point, leaving the decision making to frontend
controller.

- added unit tests for all routing conditions that 
can arise for posts and pages.

- updated functional tests to also test for same thing
in unit tests

- removes old code from server/api/index that used
to fix this issue, but is no longer needed

- removed some un-needed require statements in routes/admin
2013-12-30 02:04:46 -05:00
Hannah Wolfe
e2325dc969 Don't allow a subdirectory called Ghost
fixes #1755

- adds extra validation to config loader
- adds tests for config loader and validation
2013-12-30 01:04:29 +00:00
Hannah Wolfe
ab0ecf65db Merge pull request #1785 from markberger/1777-rss-with-dated-permalinks
RSS uses correct links when dated permalinks are enabled
2013-12-29 16:52:17 -08:00
Hannah Wolfe
158b92cc55 Fixing notifications on ugly debug page
- also fixes an issue where the debug tools didn't redirect properly when Ghost was operating in a subdirectory.
2013-12-30 00:00:43 +00:00
Mark Berger
0b8fbbb68a RSS uses correct links when dated permalinks are enabled
closes #1777
- Uses coreHelpers.url to resolve post url instead of assuming it is siteUrl + post.slug
- Functional feed tests now check for content instead of just rss tags
2013-12-29 17:13:38 -05:00
Hannah Wolfe
d50354dde3 Update import tool to be safe
closes #1681

- import doesn't override user credentials
- import doesn't override theme
- import doesn't kill session
- import does refresh the settings cache
- updated tests, they now use a fixture instead of a generated export
- tests check to ensure import is safe
2013-12-29 13:23:23 +00:00
Hannah Wolfe
64cf2b1b24 Merge pull request #1759 from hswolff/fix-import-updated-at
Allows disabling of timestamps when importing posts
2013-12-28 11:41:05 -08:00
Hannah Wolfe
a8e987ec6c Shared folder asset handling
fixes #1659, fixes #1668

- removed relative asset url from css
- added asset helper to client
- updated references to shared assets
- added functional tests
2013-12-28 18:29:33 +00:00
Hannah Wolfe
755ad934bf Path, url and subdir cleanup & test
issue #1754

- remove path (it was only used once, and not needed)
- change webroot to subdir
- add unit tests for config.paths
- various other cleanup
- renamed client-side ghostRoot to subdir
- added url helper for client
2013-12-28 16:09:56 +00:00
Harry Wolff
32528de4a4 Allows disabling of timestamps when importing posts
fixes #1696

- this is a temp workaround until full fledged support
is added directly to bookshelfjs
- when importing we use the import json blob’s timestamps
as the value that’s set in the DB 
- added tests for this change
2013-12-26 15:29:16 -05:00
Hannah Wolfe
8892b755d5 Adds URL back into theme config
fixes #1749

- pass config().url into theme.update
- rename paths functions to match theme function
- adds tests for theme config
- We should probably try to eliminate passing config.url around
2013-12-26 12:15:10 +00:00
Hannah Wolfe
38e781c8da jQuery link and min map 404 fixes
fixes #1652

- removes the min map thing which doesn't work properly #551, #766, #1479
2013-12-23 21:43:13 +00:00
Michael Bradshaw
a785696115 Escape URL for use in regex 2013-12-21 14:19:23 -07:00
Hannah Wolfe
bdbeffb262 Merge pull request #1716 from ErisDS/post-order
API refactor / cleanup
2013-12-21 12:46:57 -08:00
Hannah Wolfe
545f426c37 Merge pull request #1704 from ErisDS/featured-star
Markup & style fixes for post list statuses
2013-12-21 12:37:39 -08:00
Hannah Wolfe
78737b35ff API refactor / cleanup
closes #1303

- removed where and orderBy from being passed from the API through to bookshelf, and ultimately knex
- ordering is now consistent across both front and backend, which fixes #1303
- validated / cleaned up all the API parameters
- added API tests for the status and staticPages parameters
2013-12-20 13:07:01 +00:00
Hannah Wolfe
05c603ee2c Markup & style fixes for post list statuses
fixes #1703, fixes #1712

- featured star appears immediately for both draft and published items
- featured star is never red & alignment /style is updated
- improved markup and styling of statuses in general
- added to feature tests
2013-12-20 12:29:47 +00:00
Sebastian Gierlinger
7ae543289d Fix 'dbHash' not found
closes #1685
- changed dbHash initialization from db direct access to api access
- added dbHash to default-settings.json
- added dbHash to tests
2013-12-16 11:16:06 +01:00
Hannah Wolfe
96f246533b CasperJS waitForOpaque fails more gracefully 2013-12-15 18:30:15 +00:00
Sebastian Gierlinger
05810b318c Improve Helpers
closes #1640
closes #1672
- changed to include config using require
- deleted has_tag helper
- deleted json helper
- removed fileStorage and ghostScriptTags helpers from frontend
- added fileStorage and url helper to admin
2013-12-14 17:28:54 +01:00
Seb Gotvitch
fef9b4be25 Bug fixes for partial views
closes #1203
- Update express-hbs module to the new version (0.5.2)
- Use two instance of hbs one for the theme and an other for the admin
- Template helpers are register as partial view
- Partial views of the theme are reload when the theme changed

Remove clear partial cache in handlebars

This code will be move in `express-hbs`.
This doesn't cause a problem to remove this line but it is not clean.

Remove unused hbs instance

Resolve conflict
2013-12-12 12:11:02 -05:00
Harry Wolff
9bbf400dfc Fix loading of static pages in frontend controller
fixes #1644

- Fixes bug in controller/frontend
- Created functional test for posts API to test for this bug
- Created unit tests for frontend controller
- Fixed a global variable leak in core/test/utils/fixtures/data-generator
that was leaking the DataGenerator globally
- Resolved issue that arose from fixing above bug
2013-12-09 22:38:25 -05:00
Harry Wolff
c8c02a65fa Remove ghost.js
fixes #1575
- Moves most code that was in ghost.js into ./core/server/index.js
- Creates ./core/server/config/theme.js to hold all theme configurations 
(which previously lived on ghost.blogGlobals())
- Removed ghost.server, passing it in as an argument where needed 
and allowing middleware to hold onto a reference for lazy use.
2013-12-07 10:10:02 -05:00
Hannah Wolfe
7a46c36045 Merge pull request #1627 from sebgie/issue#755
remove ghost.settings and ghost.notifications
2013-12-07 03:36:08 -08:00
Fabian Becker
1f853194ee Upgrade downsize to 0.0.4
refs #1095
- added new unicode test to excerpt helper
2013-12-06 15:43:03 +00:00
Sebastian Gierlinger
078f464197 remove ghost.settings and ghost.notifications
covers 90% of #755
- moved ghost.settings to api.settings
- moved ghost.notifications to api.notifications
- split up api/index.js to notifications.js, posts.js, settings.js,
tags.js and users.js
- added instance.globals as temp workaround for blogglobals (Known
issue: blog title and blog description are updated after restart only)
- added webroot to config() to remove `var root = ...`
- changed `e` and `url` helper to async
- updated tests
2013-12-06 09:51:35 +01:00
Sebastian Gierlinger
faeef9d209 Fix login test failure
no issue
- added timeout after login limit tests
2013-12-05 15:25:20 +01:00
Hannah Wolfe
d69e87b625 Merge pull request #1594 from halfdan/1591-excerpt-helper
Fix excerpt/content helpers
2013-11-30 10:16:26 -08:00
Hannah Wolfe
7c3031507d Merge pull request #1593 from ErisDS/app-proxy-update
Direct api access for app proxy
2013-11-30 10:15:20 -08:00
Fabian Becker
5c1091af10 Fix excerpt/content helpers
fixes #1591
- Convert quoted strings to numbers
- Update code examples
- Update helper tests
2013-11-29 18:58:58 +00:00
Hannah Wolfe
ed6455f5a4 Direct api access for app proxy
- proxy doesn't need a ghost object :)
2013-11-29 16:26:56 +00:00
Gabor Javorszky
c515e20ea3 Adds login limiter
Closes #499
* On wrong passwords, statuses: `active` -> `warn-1` -> `warn-2` -> `warn-3` -> `locked`
* On login check, if user's status is `locked`, login automatically fails and user is encouraged to reset password. Does not even bother to check for passwords.
* login attempts tell user how many attempts she has remaining in notification box
* successful login will reset status to `active`
* resetting password with forgotten password emailed token resets status to `active`
* complete with a test suite
2013-11-29 01:24:25 +00:00
Harry Wolff
37b2fd93d8 This commit removes a lot of code from ghost.js, including:
Move helper functions registerThemeHelper and registerAsyncThemeHelper
to the helpers module.
Also update the app proxy object to reflect this new code location,
and the tests to reflect that as well

Create ./sore/server/filters which houses all filter related behavior.
Was previously on the ghost singleton.
Also create the filters_spec file for testing
and update all code and tests to use new code location.

Create ./sore/server/helpers/template which houses all template related behavior.
Was previously on the ghost singleton.
Also create the helpers_template_spec file for testing
and update all code and tests to use new code location.

Move ghost.mail instance onto the mail module directly
and update related code and tests to use new location

Move Polyglot instance onto require module directly

Move ghost.availablePlugins to plugins module directly
2013-11-28 09:21:53 -05:00
Hannah Wolfe
2dd1f4a635 Test bug fix
- test should use testing config, not development config. If you run the tests whilst also running the dev server, the tests fail.
2013-11-28 12:33:02 +00:00
Hannah Wolfe
76f3730427 Bug fixes for paths / windows & tests
- removed path.join used for urls
- made sure async tests fail/timeout correctly
2013-11-28 11:21:49 +00:00
Tim Griesser
726014f59a bumping to knex 0.5 and bookshelf 0.6.1 2013-11-26 23:10:31 +00:00
Sebastian Gierlinger
e95b592028 Remove cookie from Frontend
closes #1437
closes #1472

- changed cookie to path:'/ghost'
- added conditional CSRF middleware
- added redirects for signup, signin, signout to /ghost/sign*/
2013-11-26 10:38:54 +01:00
Harry Wolff
b920662790 Create the config module, initially used
to standardise getting paths and absolute URLs.  Easy
to extend for other configurations we may need.
2013-11-25 16:35:16 -05:00
Sebastian Gierlinger
3627d48445 Fix failing casper tests
no issue
- spam test: changed waitForSelector to waitForText
- feature test: changed waitForRessource to watiForSelector
2013-11-25 16:03:54 +01:00
Fabian Becker
e210e75e97 Install in sub-directory support.
refs #527
2013-11-24 21:11:34 +00:00
Hannah Wolfe
53af625c49 Merge pull request #1247 from sebgie/bookshelf-session
Replace cookieSession with session
2013-11-24 10:43:26 -08:00
Hannah Wolfe
fd3010b07c Merge pull request #1552 from bastilian/markdown-underscores
Modified ghostdown markdown extension to allow for 4+ inline underscores
2013-11-24 09:48:47 -08:00
Sebastian Gräßl
038e0cf3c1 add test for allowing 4 underscores in markdown 2013-11-24 17:38:12 +01:00
Sebastian Gierlinger
3f2258e95b Replace cookieSession with session
- changed cookieSession to session
- added session.regenerate for login and logout
- added bookshelf session store
- added session table to database
- added import for databaseVersion 001
- added grunt task test-api
- cleanup of gruntfile to start express when needed only
- moved api tests to functional tests
2013-11-24 15:29:36 +01:00
Hannah Wolfe
80eb56edd2 Merge pull request #1539 from niedbalski/master
[Feature Request] Theme API: add has_tag helper to coreHelpers.
2013-11-24 06:19:18 -08:00
Hannah Wolfe
7db5481f92 Merge pull request #1533 from jgillich/permalinks
Add Customisable Permalinks
2013-11-23 14:29:02 -08:00
Hannah Wolfe
2701f3e664 Merge pull request #1534 from jgable/passwordReset
Improved Password Reset Tool
2013-11-23 08:44:08 -08:00
Jakob Gillich
83d047c0ba Add Customisable Permalinks 2013-11-23 17:02:17 +01:00
Harry Wolff
e76d23cb19 Make it possible to require ghost as a module. fixes #1326 2013-11-22 22:59:14 -05:00
Hannah Wolfe
7a1503cf52 Merge pull request #1415 from sebgie/import-transaction
Add transactions for import
2013-11-22 14:14:34 -08:00
Jacob Gable
34e453039b Improved Password Reset Tool
Closes #1471

- add api and User model methods for generating and validating tokens
- add routes and handlers for reset password pages
- add client styles and views for reset password form
- some basic integration tests for User model methods
2013-11-22 10:46:19 -06:00
Jorge Niedbalski
3782e26516 Added has_tag helper to coreHelpers, added has_tag unit tests. passing OK 2013-11-22 11:19:26 -03:00
Hannah Wolfe
216dd75b2c Merge pull request #1524 from jgillich/rss
Set RSS link title to blog title
2013-11-22 02:34:33 -08:00
Hannah Wolfe
6406eefae7 Merge pull request #1531 from jamesbloomer/issue-974
Allow newline when quotes are used at start of a sentence
2013-11-22 02:32:58 -08:00
Hannah Wolfe
cdf268e1d5 Merge pull request #1444 from hswolff/ghostjs-cleanup
Reduce size of server.js, moving code to their related files
2013-11-22 02:26:16 -08:00
Hannah Wolfe
c6f31ec8fd Merge pull request #1482 from jgable/appProxy
Pass proxy Ghost interface to Apps
2013-11-21 14:45:30 -08:00
jamesbloomer
b2ffc2e326 Allow newline when quotes are used at start of a sentence
closes #974
2013-11-21 13:56:43 +00:00
Sebastian Gierlinger
77ed7f8ac6 Add transactions for import
closes #837
- added transaction handling for import
- added transactions to model functions
- added simple tests for failing imports
2013-11-20 21:36:02 +01:00
Jakob Gillich
0c02161db7 Set RSS link title to blog title 2013-11-20 17:42:37 +01:00
Harry Wolff
985a23f446 Move server middleware configuration to related file 2013-11-19 21:05:57 -05:00
Hannah Wolfe
1c5a811760 Merge pull request #1449 from sebgie/issue#1398
Add schema.js
2013-11-19 11:45:53 -08:00
Hannah Wolfe
ae233f01d8 Merge pull request #1505 from halfdan/1498-lower-email
Lowercase email address.
2013-11-19 03:10:41 -08:00
Sebastian Gierlinger
639c0d0627 Add schema.js
closes #1398
closes #1399
closes #1400
- added schema.js with database version '000'
- refactored migration to use schema.js
- if new table is added to schema.js and databaseVersion is increased, table will be added
- if new table is deleted to schema.js and databaseVersion is increased, table will be deleted
- alter table from issue #1400 is delayed until knex supports column modification
- changed import pre checks to work again (will be refactored separately)
- added basic PostgreSQL support (Attention: not supported/tested)
- changed error handling in server.js
2013-11-18 15:21:15 +01:00
Fabian Becker
89201a5c84 Lowercase email address.
fixes #1498
2013-11-18 00:34:51 +00:00
Sebastian Gierlinger
fd60a12469 Fix wrong error message
closes #1466
- added status code for error object
- added test for frontend errors
2013-11-15 15:27:06 +01:00
Jacob Gable
ef9f5dc33f Pass proxy Ghost interface to Apps
Closes #1478

- Create new proxy.js that exposes createProxy method
- Pass proxy to App activate/install in lieu of Ghost instance
2013-11-14 20:36:27 -06:00
Hannah Wolfe
3235a3a3e2 Merge pull request #1442 from Decad/user-gravatar
Add users Gravatar on signup
2013-11-12 03:53:49 -08:00
Declan cook
cbe8c15dc8 Add users Gravatar on signup
When a user registers try to find their gravatar.
2013-11-11 23:45:47 +00:00
Hannah Wolfe
cd12210b0b Further grunt & test cleanup 2013-11-11 21:38:52 +00:00
Hannah Wolfe
2e64fcc5d2 Coverage report task fix for Windoze 2013-11-11 20:56:36 +00:00
Hannah Wolfe
61d693cac9 Merge pull request #1429 from germanrcuriel/add-coverage-report-with-blanket
Add Coverage report for Unit and Integration tests
2013-11-11 12:50:49 -08:00
Hannah Wolfe
15da975c06 image upload controller refactor
issue #635

- upload controller shouldn't assume fs
- filesystem module proxies all the fs work
- proxies and exposes middleware for serving images
- creating a date based path and unique filename is a base object util
- unit tests updated
2013-11-11 16:10:57 +00:00
Hannah Wolfe
778e626f85 Rename rss file to prevent errors confusing output
issue #1434

- This is a hack until we can get a PR merged into casperjs
2013-11-11 10:46:54 +00:00
Hannah Wolfe
b0c61720d9 Test file cleanup on accoutn of OCD 2013-11-11 10:37:09 +00:00
germanrcuriel
afbbee031e Add Coverage report for Unit and Integration tests
issue #361
- Added shell:coverage task to generate coverage report
- Registered test-coverage Grunt task as shortcut of shell:coverage
- Added coverage files to .gitignore
- Added require-cli and blanket to package.json
2013-11-09 18:58:27 +01:00
Harry Wolff
901d189bf0 Move middleware functions into middleware module and create associated tests
Note: this only moves middleware functions that have associated tests.
2013-11-07 23:05:51 -05:00
Sebastian Gierlinger
a137d9c93e Add X-Cache-Invalidation Tests
closes #1397
- added checks for x-cache-invalidation to api tests
2013-11-07 16:08:39 +00:00
Sebastian Gierlinger
e2cee5be66 Move API tests to /integration/
closes #1396
- moved core/test/unit/api* to core/test/integration/api/
- moved core/test/integration/model* to core/test/integration/model/
- moved core/test/unit/utils to core/test/utils
- moved core/test/unit/fixtures to core/test/utils/fixtures/
- changed gruntfile.js to execute api tests with target 'integration'
2013-11-07 14:26:47 +01:00
Fabian Becker
88d7682605 Automatically replace unicode characters with ascii characters for slugs.
fixes #1285
2013-11-05 21:00:29 +00:00
Sebastian Gierlinger
8574813660 Bugfixes for tests 2013-11-05 15:02:12 +00:00
Fabian Becker
0908ecf6b7 Run tests on MySQL and use travis-$DB environments.
refs #921
fixes #1385
2013-11-05 15:01:10 +00:00
Hannah Wolfe
5e8f3d927f Remove timeouts on tests 2013-11-04 12:26:11 +00:00
Sebastian Gierlinger
bb17e1c0e9 Add API tests
closes #1189
- added tests
- added request module
- added status codes to API calls
- fixed return values of API calls
- fixed that drafts caused an error when being deleted
- fixed X-Invalidate-Cache headers
- moved testUtils.js to utils/index.js
2013-11-03 18:13:19 +01:00
jamesbloomer
f42e977fa7 Tidy up the local file storage for images 2013-11-01 13:08:27 +00:00
Hannah Wolfe
cfe272e175 Functional tests for home and post page
closes #1373

- Note that the tests fail if you run them pre #1363, thus future proofing us from this happening again.
- Added submodule handling to travis
- Added a new test for each of the home and post pages
2013-11-01 11:33:50 +00:00
Fabian Becker
933a8c764a Separate model tests to separate tasks/directory.
refs #921
2013-11-01 09:38:42 +00:00
Hannah Wolfe
5df0acf37d Merge pull request #1361 from halfdan/update-should
Update should.js and fix tests.
2013-11-01 02:00:01 -07:00
Hannah Wolfe
2983e657a6 Unit test fixes
issue #635
2013-10-31 08:25:24 +00:00
jamesbloomer
6e44280b96 Moving file system storage to a module
issue #635

- refactored file system storage into module
- convert save to return a promise
- convert admin controller to use storage module
2013-10-31 08:25:24 +00:00
Fabian Becker
297d853ddb Update should.js and fix tests.
fixes #1360
2013-10-31 00:28:53 +00:00
cobbspur
b316e2fd70 improve layout of code to jslint standards in helpers unit tests 2013-10-29 20:16:59 +00:00
Hannah Wolfe
8a8dacb0e4 Merge pull request #1323 from ErisDS/test-fixes
Wait for menu to open in editor test
2013-10-29 04:37:41 -07:00
Jacob Gable
507174a00b Plugin API Refactor: Filter and Theme Helpers
issue #769

- Refactor doFilter to allow returning a promise from a filter handler
  and to also return a promise itself
- Move the logic out of the registerThemeHelper calls and into their own methods so
  we could test them in isolation.
- Assign the server to the ghost instance so the initPlugins method can
  get access to it.
2013-10-29 11:27:52 +00:00
Hannah Wolfe
68f78c9cc4 Merge pull request #1315 from cobbspur/suffix
added suffix to tag helper
2013-10-28 15:24:11 -07:00
Fabian Becker
798e5b1a4e Allow user to mark a post as static page
- Increased post-settings width to properly display "Static Page"
- Changed templates to display "Static Page" if set
- Added unit test for body_class helper

fixes #969
2013-10-28 22:01:03 +00:00
Hannah Wolfe
d3a61b93e9 Wait for menu to open in editor test
issue #1287

- also contains some misc cleanup
2013-10-28 22:00:17 +00:00
cobbspur
d605100709 added suffix to tag helper
closes #607

- added suffix as optional parameter to tag helper
2013-10-28 21:38:36 +00:00
Zach Geis
1f15df41ef Avoid filtering markdown code blocks
closes #1045
- Fixed markdown code block format issue.
- Added test case to verify fix.
2013-10-26 12:16:47 -05:00
Hannah Wolfe
5c33a707e9 Merge pull request #1164 from halfdan/1162-unpublished-posts
Unpublished Post should not be accessible
2013-10-25 13:18:39 -07:00
Fabian Becker
0997eae716 Remove .txt from blacklist.
fixes #1263
2013-10-25 00:15:39 +00:00
Fabian Becker
aa5c0cc620 Unpublished Post should not be accessible
fixes #1162
2013-10-24 21:29:10 +00:00
Sebastian Gierlinger
6505986f6b Move /api to /ghost/api
closes #1249
- changed routes
- changed apiRoots
2013-10-24 14:50:17 +02:00
Hannah Wolfe
80bbcf7205 Merge pull request #1239 from cobbspur/tagsprefix
adds prefix option to tag helper
2013-10-23 08:11:22 -07:00
cobbspur
b85e5b6196 adds prefix option to tag helper
closes #607

 - added prefix attributetor tags helper
 - will add prefix only if tags are present
 - adds unit tests for prefix
2013-10-22 22:57:31 +01:00
Hannah Wolfe
2d1e28335c Merge pull request #1197 from halfdan/994-image-uploads
Show proper error message when image upload fails
2013-10-22 14:40:47 -07:00
Fabian Becker
27e66f75f3 Show proper error message when image upload fails
fixes #994
2013-10-22 21:08:26 +00:00
Hannah Wolfe
15a2eacaac Merge pull request #1141 from halfdan/246-helper-tests
Improved test coverage of theme helpers.
2013-10-22 12:45:07 -07:00
Hannah Wolfe
7ddc2fa287 Merge pull request #1119 from halfdan/featured-post-button
Posts can now be featured by clicking on the star icon
2013-10-22 12:38:43 -07:00
Hannah Wolfe
e2cf362395 Merge pull request #1117 from halfdan/featured-posts
Add featured class when post is featured
2013-10-22 12:38:33 -07:00
Hannah Wolfe
5d169610ce Merge pull request #1133 from gotdibbs/Issue1124
Fixed intermittent test errors
2013-10-22 07:59:50 -07:00
Pascal Borreli
14c420c8d1 Fixed typos 2013-10-20 20:33:51 +00:00
Hannah Wolfe
accf525061 Temporarily removing API test 2013-10-20 11:02:06 +01:00
Hannah Wolfe
65dcb17117 Merge branch '0.3.3-wip'
Conflicts:
	core/client/views/blog.js
	core/server/api.js
	core/server/views/default.hbs
	package.json
2013-10-20 10:09:39 +01:00
Hannah Wolfe
491651da59 Merge pull request #2 from ErisDS/bookshelf-knex-update
Updating to bookshelf 0.5.7 & knex 0.4.11
2013-10-17 10:49:28 -07:00
Tim Griesser
13639ad8d1 Updating to bookshelf 0.5.7 & knex 0.4.11 2013-10-17 18:23:36 +01:00
Sebastian Gierlinger
90176e1f40 Security improvements
no issue
- added CSRF protection
- changed session handling to express.session
- changed session handling to change session id
- added config property useCookieSession
- added file extension check for /ghost/upload
- removed /ghost/debug/db/reset
2013-10-17 15:28:28 +02:00
Fabian Becker
dfa7793d44 Improved test coverage of theme helpers.
refs #246
2013-10-17 07:53:11 +00:00
William Dibbern
702a016547 Fixed intermittent test errors
Fixes #1124

- Updated default mocha timeout to 15 seconds. Any future tests that
depend on a timeout (and thus might be better off with a lower value)
can override the default setting which is now 15 seconds.
- Removed test-specific timeout overrides for the mocha tests.
- Fixed the editor/splitbutton tests to wait for the appropriate
selector instead of assuming the dom has been updated immediately.
Should resolve intermittent timeouts when checking the splitbutton's
applied classes.
2013-10-16 17:57:52 -05:00
Fabian Becker
9a975f5a45 Posts can now be featured by clicking on the star icon
fixes #1111
2013-10-16 19:06:03 +00:00
Fabian Becker
f4ac715f97 Add featured class when post is featured
fixes #1112
2013-10-16 11:41:49 +00:00
Fabian Becker
788987d04a Added new helper to escape URIs called 'encode'
fixes #1089
2013-10-16 09:19:26 +00:00
William Dibbern
ac33cea0a1 Clean up test database after tests
Fixes #1064

- Updated grunt config for unit and functional tests to remove the test
database after each is run.
- Cleaned up a couple of issues with the functional tests that may have
been causing travis builds to fail randomly, including: the start page
is now `about:blank` instead of whatever page the last test suite left
off at, added some checks in the logout tests to ensure they're truly
independent of the other test suites.
2013-10-14 22:39:52 -05:00
Hannah Wolfe
119b0ea430 Merge branch '0.3.2-wip'
Conflicts:
	core/client/assets/lib/uploader.js
2013-10-11 20:56:15 +01:00
jamesbloomer
9d114c7fa6 Lock down theme static directory to not serve templates, markdown and text files.
closes #942
- insert custom middleware to check for blacklisted files
- redirect to express.static if file accepted
- if not valid return next() to do nothing
- currently black listing .hbs, .txt, .md and .json
- debatable which is best, black list or white list, either one will probably need tweaks but erred on side of letting
a theme serve unknown types
2013-10-11 18:05:31 +01:00
Hannah Wolfe
c732cd2ccb Adding xss unit test
issue #938
2013-10-10 16:43:25 +01:00
Sebastian Gierlinger
6ff17c78a2 Fix filepaths for config and upload
no issue
- added appRoot to config-loader.js
- modified uploader to use correct path
- modified tests
2013-10-10 12:44:31 +02:00
Hannah Wolfe
95f9fce3be Swapping escape to sanitze
issue #938

- rather than using escape, use node-validatiors santize function which is designed for preventing xss vectors
- added listener for changes to both editor and settings page
- added more sanitization to the user model
- consistently use triple-braces when outputting blog post titles
2013-10-09 19:13:16 +01:00
Tim Griesser
c9235ccb0b Escaping several fields to prevent XSS
issue #938
- escapes post's title field
- escapes settings title, description, email
- escapes user's name field
- includes test for post title
2013-10-09 19:13:13 +01:00
William Dibbern
8ef27f0590 Refactored tests
Fixes #362

- There is no need to set the viewport on functional tests anymore
unless something other
than the default of 1280x1024 is desired.
- There is no need to invoke `casper.run` to trigger `test.done`
anymore for functional tests.
- Each test works independently of the rest; registration is handled
once for the lifetime of the test run and then login/logout can be
invoked automatically as desired.
- Mocha tests all utilize predefined, more realistic fixtures when
appropriate.
- Renamed old api tests that were really model tests as appropraite.
- Added example api test for posts.
2013-10-07 21:05:25 -05:00