Commit Graph

6382 Commits

Author SHA1 Message Date
Kevin Ansfield
3d7cb90e52 Updated Ghost-Admin to 2.9.0 2018-12-17 14:25:24 +00:00
Aileen Nowak
506d013f25
Ability to not send welcome email (#10293)
no issue

- We need to be able to not send the welcome email if needed
- Intruduces a new possible config setting `sendWelcomeEmail` which is set to `true` by default
2018-12-17 15:02:47 +01:00
Naz Gargol
aa8e75914d
Migrated db controller to API v2 (#10051)
refs #9866

- Migrated db import/export routes to use new db controller
2018-12-17 14:45:09 +01:00
Katharina Irrgang
5d2ab19881
Removed invitedBy from admin API: invitation endpoint (#10291)
refs #10286

- we want to deprecate all `x_by` fields
- we would like to get rid of all usages to be able to easily remove the fields in the future
- `invitedBy` is not used in the admin client
2018-12-17 14:16:39 +01:00
Katharina Irrgang
799857b77a 🐛 Fixed URL is not a constructor for Node v6 (#10289)
closes #10287
2018-12-17 17:23:45 +05:30
Naz Gargol
aca887a35d
Added async file header handling for API v2 (#10292)
refs #9866
2018-12-17 12:47:19 +01:00
Greg Hart
261a8234e9 Added Slack username option. (#10285)
refs #9735.
2018-12-14 18:57:32 +07:00
汪磊
2645ff05a0 🐛 Removed duplicate shortcut icon link (#10254)
no issue

{{amp_ghost_head}} already provides this
2018-12-14 16:59:06 +07:00
汪磊
7419566756 🐛Fixed multiple authors for amp (#10253)
no issue

- refs: gscan `GS001-DEPR-AUTHBL`
- the amp page always printed a single author only
2018-12-14 10:19:51 +01:00
Peter Zimon
42e013cfae
Members auth ui refinements (#10279)
* Update mobile modal animations
* Member popup input error and placeholder refinements
* Adding close animation to members auth popups
* Improve members auth dialog
* Refine members reset password design
2018-12-14 09:57:08 +01:00
Fabien O'Carroll
7dd2b04343 Removed ssoOriginCheck from signout endpoint (#10277)
no-issue

the ssoOriginCheck exists to ensure that we only allow signin/signup to
be called from the specified auth page, this is a very minor security
feature in that it forces signins to go via the page you've designated.
signout however does not need this protection as the call to signout
completely bypasses any UI (this is the same for the call to /token)
2018-12-14 12:26:31 +05:30
Fabien O'Carroll
2d92793b3f
Cleaned up image manipulator (#10282)
no-issue

* Added InternalServerError to resizeImage

* Added a redirect to original image if sharp is missing

* Improved naming - safeMethod -> method

* Updated process method to follow same sharp check pattern

* Refactor safety wrapper into makeSafe function

* Moved generic manipulation error to makeSafe function

* Refactored unsafeProcess to use unsafeResizeImage

* Removed CRAZY catch
2018-12-14 11:54:52 +07:00
Fabien O'Carroll
7099dd45a5
Supported dynamic image resizing for LocalFileStorage(#10184)
refs #10181 

* Added initial handleImageSizes middleware

* Implemented saveRaw method on local file storage

* Wired up handleImageSizes middleware

* Implemented delete for LocalFileStorage

* Removed delete method from theme Storage class

* Deleted sizes directory when theme is activated

* Ensured that smaller images are not enlarged

* Renamed sizes -> size

* Exited middleware as early as possible

* Called getStorage as late as possible

* Updated image sizes middleware to handle dimension paths

* Revert "Deleted sizes directory when theme is activated"

This reverts commit 9204dfcc73a6a79d597dbf23651817bcbfc59991.

* Revert "Removed delete method from theme Storage class"

This reverts commit b45fdb405a05faeaf4bd87e977c4ac64ff96b057.

* Revert "Implemented delete for LocalFileStorage"

This reverts commit a587cd6bae45b68a293b2d5cfd9b7705a29e7bfa.

* Fixed typo

Co-Authored-By: allouis <fabien@allou.is>

* Redirected to original image if no image_sizes config

* Refactored redirection because rule of three

* Updated comments

* Added rubbish tests

* Added @TODO comment for handleImageSizes tests

* Added safeResizeImage method to image manipulator

* Used image manipulator lib in image_size middleware
2018-12-13 20:25:24 +07:00
Todd Justin York
2860ddeb3b Switched to using safe string for navigation slug (#10267)
closes 10258

- we should use consistent tooling for generating slugs across the whole of Ghost
2018-12-13 12:30:56 +00:00
Fabien O'Carroll
c2275ed131
Added size attribute support to img_url helper (#10182)
refs #10181 

Adds support to request a size in the img_url helper using syntax like:
    <img src="{{img_url profile_image size="small"}}"/>

Requires the image_sizes config to be defined in the themes package.json
2018-12-13 19:14:08 +07:00
Dexter Leng
8c3d29edb2 🐛 Striped invisible unicode characters from slugs (#10252)
refs #9826

- Striped invisible characters from slug based on regexp pulled directly from XRegExp library, similarly to the approach taken in 9eef2616e4 (diff-50bf43eef863952813617ae9997538d0R4)
2018-12-13 13:06:59 +01:00
Fabien O'Carroll
43ce1f02c1
Fixed broken spam prevention test (#10281)
* Fixed broken spam prevention test

closes #10280

* Improved spam prevention test
2018-12-13 18:44:32 +07:00
Hannah Wolfe
7cce71d997
🐛 Fixed get helper when API v0.1 is disabled (#10270)
closes #10266

- the Public API labs flag refers to the v0.1 API only
- if it is disabled, the v0.1 API should be disabled
- if the theme is using v2 API, then the get helper should be available regardless
2018-12-12 15:38:35 +00:00
kirrg001
bb9e901457 Updated Ghost-Admin to 2.8.0 2018-12-11 14:25:52 +01:00
Fabien O'Carroll
5cb053412f
Updated member lib/auth service to use origin of site url (#10271)
no-issue
2018-12-11 19:45:03 +07:00
Katharina Irrgang
9d7c3bd726
🐛 Fixed all known filter limitations (#10159)
refs #10105, closes #10108, closes https://github.com/TryGhost/Ghost/issues/9950, refs https://github.com/TryGhost/Ghost/issues/9923, refs https://github.com/TryGhost/Ghost/issues/9916, refs https://github.com/TryGhost/Ghost/issues/9574, refs https://github.com/TryGhost/Ghost/issues/6345, refs https://github.com/TryGhost/Ghost/issues/6309, refs https://github.com/TryGhost/Ghost/issues/6158, refs https://github.com/TryGhost/GQL/issues/16

- removed GQL dependency
- replaced GQL with our brand new NQL implementation
- fixed all known filter limitations
- GQL suffered from some underlying filter bugs, which NQL tried to fix
- the bugs were mostly in how we query the database for relation filtering
- the underlying problem was caused by a too simple implementation of querying the relations
- mongo-knex has implemented a more robust and complex filtering mechanism for relations
- replaced logic in our bookshelf filter plugin
- we pass the custom, default and override filters from Ghost to NQL, which then are getting parsed and merged into a mongo JSON object. The mongo JSON is getting attached by mongo-knex.

NQL: https://github.com/NexesJS/NQL
mongo-knex: https://github.com/NexesJS/mongo-knex
2018-12-11 11:53:40 +01:00
Fabien O'Carroll
48923ac327
Wired members service up to api and app (#10262)
* Updated auth service members middleware

refs #10213

* Wired up members api router to the ghost api endpoints

refs #10213

* Created members app for the static pages

refs #10213

* Wired up the members app

refs #10213
2018-12-11 15:18:07 +07:00
Fabien O'Carroll
0b58f4cf62
Added members service to create instance of members lib (#10261)
refs #10213 

* Added members service to create instance of members lib
2018-12-11 14:57:01 +07:00
Fabien O'Carroll
a5ea34900b
Added members lib module (#10260)
* Added members library inc. gateway

refs #10213

* Added the auth pages and build steps for them

refs #10213

* Cleaned up logs

* Updated gruntfile to run yarn for member auth

* Design refinements on members popups

* UI refinements

* Updated backend call to trigger only if frontend validation passes

* Design refinements for error messages

* Added error message for email failure

* Updated request-password-reset to not attempt to send headers twice

* Updated preact publicPath to relative path

* Build auth pages on init
2018-12-11 13:47:44 +07:00
Fabien O'Carroll
0bf5dd212a Added members related db changes and models
refs #10213
2018-12-11 11:53:55 +07:00
Fabien O'Carroll
dcfaecfe92
🐛 Added CORS support to the v2 Content API (#10257)
no-issue

When trying to use /api/v2/content from a different domain, the requests
were failing with CORS errors. This doesn't use the shared cors middleware,
because it should be open to all hosts, and not locked down via our
whitelist or trusted domains.
2018-12-11 11:44:12 +07:00
kirrg001
7af2802e14 Added validation for null|undefined values for required keys
closes #10071
2018-12-10 16:33:39 +01:00
kirrg001
ccd9541f75 Replaced hardcoded translation in shared input validator
no issue

- re-use existing keys
2018-12-10 16:33:39 +01:00
kirrg001
812e533554 Corrected incorrect syntax for required propierties
no issue
2018-12-10 16:33:39 +01:00
kirrg001
11f0f1c314 Fixed incorrect validation message for required values
no issue

- the message always showed: `Validation (FieldIsRequired) failed for key`
2018-12-10 16:33:39 +01:00
Nazar Gargol
da7fdfeae6 Extracted trimAndLowerCase utility to shared utility module
refs #9866
2018-12-10 13:56:42 +01:00
Fabien O'Carroll
b0f9218026 Updated Ghost-Admin to 2.7.1 2018-12-05 14:28:11 +07:00
Fabien O'Carroll
06c976cde0 Updated Ghost-Admin to 2.7.0 2018-12-04 21:10:16 +07:00
Naz Gargol
5cc441e720
🐛 Fixed contributors being able to delete draft posts as co-author (#10239)
closes #10238

- The user of contributor role should not be allowed editing a post while not being a primary author
2018-12-04 13:31:02 +01:00
Rishabh Garg
bf295a96a8
Added configuration controller to v2 API (#10056)
refs #10060
2018-12-04 09:27:36 +05:30
Rish
033ddf1b43 🐛 Fixed site changed webhook not triggered for scheduled posts
closes #10226

- Middleware emits site-changed event used to trigger webhook, was configured to v2 admin api only.
- Change allows all versions of api to emit event in case of cache invalidation
2018-12-04 09:39:41 +07:00
Sumedh Nimkarde
8b816af1c2 🐛 Fixed invalid imported subscribers count (#10229)
closes #9987

- Fixed the count of invalid records when importing single column csv of subscribers
2018-12-03 20:45:55 +01:00
Katharina Irrgang
fc21b25895
🐛Fixed auto redirect for extra data queries on post and page resources (#9828)
closes #9791

- we only made use of the redirect middleware, who detects if a redirect should happen, for taxonomies (tags, authors)
- `data: page.team` will now redirect too
- `data: post.team` will now redirect too
- you can disable the redirect using the long form
2018-12-03 20:31:48 +01:00
cotko
65a66ac007 Included relations if static resource is post | page (#10148)
refs #10082

- this is a requirement if a static route represents a single resource

e.g. `data: page.team`

- the page resource will no longer live on it's original static url
- instead, it now lives somewhere else
- that means the whole site needs to act the same than the original static url
  - the resource does not contain any relations
  - we don't forward the correct context (page, post, user?)
- we override the `include` property for now
  - need to wait for more use cases or bug reports for this controller
- more changes will follow asap
2018-12-03 19:26:21 +01:00
Fabien O'Carroll
ed77192457 Renamed API -> Api for v2 auth logic (#10142)
closes #10120
2018-12-03 18:08:57 +01:00
Dilan Guneratne
6bc658be9b 🐛Removed user reference warning from importer report if post is a draft (#10169)
refs #9584

- The Importer checks if a user reference is null. But if the post is a draft and published_by is null, we should ignore the user reference detection.
- This change will avoid showing an incorrect user reference warning in the importer report for draft posts.
2018-12-03 17:48:03 +01:00
Kacper Duras
7c1840f025 🐛 Fixed edit permission of the common article by multiple authors (#10214)
closes #10212
2018-12-03 17:44:23 +01:00
Rish
909972092f Updated Ghost-Admin to 2.6.2 2018-11-27 18:33:56 +05:30
anaplian
c539d39875 🐛 Fixed missing 404 for unknown API routes (#10070)
closes #10020

* Append trailing slash to version path
2018-11-26 16:35:38 +07:00
Katharina Irrgang
e48c28b98f 🐛 Protected Ghost blog against invalid uploaded routes.yaml (#10100)
* 🐛  Protected Ghost blog against invalid uploaded routes.yaml

no issue

- e.g. you upload `filter:tag=this is a wrong filter value`
- ask the url service if it has finished it's work to ensure the upload was successful
- wait 5 seconds till Ghost will bring back the last uploaded valid version

* fixed test
2018-11-26 16:28:22 +07:00
Nazar Gargol
1424179345 Updated Ghost-Admin to 2.6.1 2018-11-20 18:21:48 +01:00
Rishabh Garg
e2e5353ea9
Updated error message log and lastTriggeredError for webhook requests (#10147)
closes #10145

- Updated lastTriggeredError message in case of failure
- Removed GhostError in case of request failure and added proper warning
2018-11-20 12:13:35 +05:30
Fabien O'Carroll
db34297a74
Added string size comment to schema.js (#10179)
no-issue
2018-11-19 17:29:31 +07:00
Katharina Irrgang
090a936e16
Moved raw order for author filtering to correct place (#10166) (#10171)
refs #10105

- ordering !== filtering
2018-11-15 16:17:51 +01:00
Katharina Irrgang
e89a27f3ab
Replaced options.where GQL statements with filter notation (#10160)
refs #10105

- `options.where` is an older deprecated logic
- before the filter language was invented, Ghost generates statements for knex
- if we want to replace GQL with NQL, we can't generate these statements
- they are not understood from NQL, because NQL uses mongo JSON
- go through usages and rewrite the statements
- invent `extraFilters` for now
- we need to keep the support for `status` or `staticPages` for now (API requirement)
- IMO both shortcuts in the extra filters should be removed in the future

This commit is required for https://github.com/TryGhost/Ghost/pull/10159!
2018-11-15 15:53:24 +01:00
Katharina Irrgang
2e81852b22
Moved raw order for tag filtering to correct place (#10166)
refs #10105

- ordering !== filtering
2018-11-15 15:27:31 +01:00
Fabien O'Carroll
95ba6a55ec
Checked options.include when filtering tags (#10163)
no-issue
2018-11-14 17:54:15 +07:00
Rishabh Garg
b2201d4179 Removed formats from private posts in content api (#10154)
closes #10118

All behind a members labs switch for now

* Added filter for member only content

* Updated frame context

* Cleaned up members content check

* Cleanup

* Cleanup

* Ensured members filtering works without include=tags

* Protected against missing query

* Fixed usage of include vs withRelated

* Moved includeTags logic for members behind members flag to use tags

* Cleanup

* Update input serializer dependency

Co-Authored-By: rishabhgrg <zrishabhgarg@gmail.com>

* Added some explanations
2018-11-14 14:32:14 +07:00
Kevin Ansfield
c8c4842ba8 Updated Ghost-Admin to 2.6.0 2018-11-13 12:51:06 +00:00
Nazar Gargol
28a686a936 🐛 Fixed image optimisation for input image being smaller than optimized one
closes #10144

- When the input image is well optimized and has smaller byte size than the processed one it's still being used
- Bumped sharp version to have access to `size` property
2018-11-13 13:19:31 +01:00
Fabien O'Carroll
8046f4d437
🐛 Fix last seen for users (#10141)
* Added updateLastSeen method to user model

refs #10138

* Refactor codebase to use user.updateLastSeen

refs #10138

This is to ensure all updates go via the same method, meaning any
specific logic can be handled in one place, it also helps with grepping
the codebase to find where this occurs

* Created updateUserLastSeen middleware for v2 admin

refs #10138

This is intended to be used with the v2 admin api and _possibly_ the
content api, to give us an accruate report on thelast time a user access
a ghost instance.

* Wired updateUserLastSeen up to v2 Admin API

closes #10138

* Fixed broken test for v2 admin api

no-issue

This test was broken because it was incorrectly testing for a method to
be called exactly once - this was irrelevant to the functionality being
tested for.

* Updated user check method to set status to active

no-issue

* Debounced the updateUserLastSeen middlware an hour

no-issue

* Resolved some PR comments
2018-11-13 18:27:10 +07:00
Rishabh Garg
75f243a3a2
Added migration for webhook permissions_roles fixtures (#10153)
closes #10152

- Added new migration for webhook permissions_roles relations
2018-11-13 14:35:37 +05:30
cotko
002a135962 🐛Fixed order being ignored in routes.yaml file (#10146)
no issue
2018-11-12 20:24:12 +01:00
Sumedh Nimkarde
f3e9218ee3 🎨 Modified slack webhook payload, added info about published post (#9850)
closes #8936

- Modified the slack webhook payload to provide more info about a published post
2018-11-12 13:04:50 +01:00
Rishabh Garg
f2b44322a3
Enabled members lab setting for developer experiment flag (#10132)
closes #10114
 
* Members lab enabled to be always true behind developer experiments flag

* Members lab set to true for themes behind developer experiments flag

Note: This change uses hard-coded labs value for members based on enableDeveloperExperiments flag, ideal implementation for later is to pick those value from settings.
2018-11-09 17:12:21 +05:30
Fabien O'Carroll
f660b6a77b
Wired up Members auth to the Content API auth (#10129)
closes #10113
2018-11-08 16:57:42 +07:00
Fabien O'Carroll
93781a0e78 🚧 Authorized Content API requests with req.member
closes #10111

The members labs setting is required to be set for req.member to be
considered valid authorization
2018-11-08 13:34:29 +07:00
Fabien O'Carroll
2e922808e8 ♻ Updated naming for Content API specific middleware
no-issue

This is because the Content API will eventually be accessed not just
from Content API keys. The addition of a Content API specific
authorization middleware is because:
1. content api should not authorize based on req.user
2. content api will need separate authorization than admin api
2018-11-08 13:34:29 +07:00
Fabien O'Carroll
7323258415 🚧 Added req.member to the v2 api context object
closes #10112
2018-11-08 13:32:41 +07:00
Fabien O'Carroll
2a6e9aac55 🚧 Created members auth middleware
closes #10110
2018-11-08 13:32:09 +07:00
kirrg001
9f165bbef8 Updated Ghost-Admin to 2.5.0 2018-11-07 16:19:44 +01:00
John O'Nolan
9f7295853f Changed casper.ghost.org to static.ghost.org references (#10109)
no issue

Assets moved from gh-pages to https://github.com/tryghost/static and hostname changed, redirects already in place. Can be tested on https://demo.ghost.io (image should all work fine, try visiting one directly to verify redirect works)
2018-11-07 15:50:38 +01:00
Katharina Irrgang
ff6bf5f318 Renamed /users to /authors for Content API V2 (#10096)
refs #10061

- Made /authors endpoint available in Content API V2
2018-11-07 15:29:37 +01:00
Rishabh Garg
3b8621e19c Added slack controller to v2 API (#10086)
refs #10060

- Added slack controller to v2 admin API
- Added new API test for slack API controller
2018-11-06 23:20:43 +01:00
Naz Gargol
ec03b3cfc5
Content API v2 date formatting (#10095)
closes #10065 

- Added UTC offset to dates returned by Content API
- Added test checking new format is compatible with Admin API
- Refactored output serializer mapping logic
2018-11-06 16:12:12 +01:00
Rishabh Garg
7b38986316 Removed mobiledoc format from Content API V2 response (#10098)
closes #10097

- removed formats `mobiledoc` option directly in post input serializer for v2 Content API
2018-11-06 14:39:16 +01:00
kirrg001
46c806358b Extended resource lookup in {{get}} helper
refs #10061

- prep task to add authors for content API
2018-11-06 14:08:13 +01:00
Rishabh Garg
3345618731
Added helper to check for content API (#10104)
no issue

* Added helper to check if API called is content API
2018-11-06 17:36:22 +05:30
kirrg001
22911b5812 Fixed frame context being empty
no issue
2018-11-06 14:44:06 +05:30
kirrg001
514eb22077 Removed TODO in CollectionRouter
no issue

- this is an old TODO
2018-11-05 21:21:19 +01:00
kirrg001
65f6f64f91 Removed configuration endpoint from Content API V2
no issue

- we are not aware of a use case for this endpoint currently
2018-11-05 18:49:46 +01:00
Katharina Irrgang
1b9c61eed1
Returned relative paths in html for Content API V2 by default (#10091)
refs #10083

- you can send `?absolute_urls=true` and Ghost will also transform the paths in the content (this is optional/conditional)
2018-11-05 18:07:45 +01:00
Rishabh Garg
94b3735c6e Added oembed controller to v2 api (#10057)
refs #9866

- Added oembed controller to v2 API
2018-11-02 09:32:26 +01:00
Fabien O'Carroll
eef55a304e Updated Ghost-Admin to 2.4.0 2018-10-30 19:26:41 +07:00
Fabien O'Carroll
b4096f412c
Handled error from express-session middleware (#10084)
no-issue
2018-10-30 16:16:33 +07:00
Fabien O'Carroll
923969b38c
Removed user_id constraint when upserting session (#10085)
no-issue

This is to stop an issue when creating a session, if you already have an existing session
2018-10-30 16:15:48 +07:00
Katharina Irrgang
4bd211b42a Added Node v10 Support (#10058)
* Added Node v10 Support

no issue

Signed-off-by: kirrg001 <katharina.irrgang@googlemail.com>

* Bump amperize to version 0.3.8

no issue

* Bump mysql to version 2.16.0

no issue

- mysql 2.15.0 uses a deprecated notation for timers
- e.g. timers.unenroll()

* Bump sub dependencies

no issue

- e.g. knex-migrator used mysql 2.15.0

* Bump dependencies

no issue

* Replaced `new Buffer` with `Buffer.from`

no issue

- Buffer() is deprecated due to security and usability issues.
- https://nodejs.org/en/docs/guides/buffer-constructor-deprecation/
2018-10-30 15:45:51 +07:00
Katharina Irrgang
781f5523bf Removed logic for migration script (2.0/6-replace-fixture-posts.js) (#10081)
no issue

- we've reconsidered replacing the fixture posts
- this PR removes the logic from this script
2018-10-30 12:50:19 +07:00
Nazar Gargol
308b9ddd40 Fixed sanitization issue in subscribers
no issue

- Added sanitization to subscribed_url & subscribed_referrer fields when rendering error state

Credits: Antony Garand
2018-10-29 12:52:42 +01:00
Miguel Piedrafita
b8fff2321c Parsed nconf env values (#10077)
closes #10073, closes #8940

- see https://github.com/TryGhost/Ghost/issues/10073#issuecomment-433637006 and https://github.com/TryGhost/Ghost/issues/8940#issuecomment-418302189
2018-10-28 20:06:44 +01:00
kirrg001
8d12c8908f 🐛 Fixed missing filename when exporting subscribers csv
closes #10075

- the filename was missing
2018-10-27 18:39:39 +02:00
kirrg001
5f7401051c 🐛 Fixed pagination for subscribers
closes #10074

- the `page` option was missing
2018-10-27 18:27:35 +02:00
Hannah Wolfe
275d82199f 🐛 Fixed cardWidth being lost on 2.0 imports (#10068)
no issue

- When importing Ghost 2.0 blogs into 2.0 blogs...
- The Koenig image card would lose it's cardWidth setting,
- because it'd be overridden by the imageStyle setting, which was null
- The importer previous _only_ kept the width if importing 1.0 blogs
2018-10-26 11:30:39 +02:00
root@andrea:~#
3f91a9e8a2 Corrected 'Content-Length' header by using Buffer.byteLength (#10055)
Closes #10041
1. Why is this change neccesary?
String.prototype.length returns the number of code units in the string (number
of characters) while Buffer.byteLength returns the actual byte length of a
string.

2. How does it address the issue?
Places that use String.prototype.length to calculate Content-Length
were switched to Buffer.byteLength instead.
2018-10-25 09:18:36 +07:00
Fabien O'Carroll
7fafa1e152 Fixed mail api usage of the notifcations api
closes #10047

Requiring in the api module correctly wraps the notification api and
exposes it as a function.
2018-10-24 13:18:51 +05:30
Fabien O'Carroll
1c21153b85
Refactored request unit tests to return promises (#10045)
refs #7470

These tests had a random failure on travis for Node v6 w/ sqlite. I
figured I would update them to return promises, and remove state, to
make debugging easier, and hopefully fix any issues.
2018-10-24 12:14:44 +07:00
Fabien O'Carroll
f9da6c7eed
Refactored spam prevention tests to use promises (#10036)
closes #7470

This refactors the spam prevention tests to all return promises,
hopefully making it easier to see where a test timeout might occur, it
also refactors the tests to remove the count state, which made it hard
to follow exactly what was happening or being tested.
2018-10-23 17:34:39 +07:00
Rish
5cb0103ac8 Updated Ghost-Admin to 2.3.0 2018-10-22 15:41:19 +05:30
Kevin Ansfield
71f0c08a34
Added edit webhook route to v2 Admin API (#10033)
no issue
- webhooks UI requires the ability to edit webhooks
- added `edit` permission for `webhook`
- added `edit` method to v2 webhook controller
- added `PUT /webhooks/:id` route to v2 Admin API routes
2018-10-19 18:35:55 +01:00
Rishabh Garg
e2d0b2e543 Updated webhook request header and last triggered error mssg (#10035)
refs #9942

- Added error message if unknown status code on request failure
- Added event to payload
2018-10-19 14:11:03 +01:00
kirrg001
99a2f3ba3a Fixed read pages with user access
refs #9866

- we still serve pages via /posts with user access
- we only differentiate this behaviour for the content api
2018-10-19 10:54:05 +02:00
kirrg001
759c25d03e Fixed read posts/pages for v2
refs #9866

- read does not support `filter`
2018-10-19 10:40:47 +02:00
Rishabh Garg
8ad951d7f3
Added new site.changed event and webhook trigger service (#10019)
refs #9942

* Added new middleware to trigger events

* Refactored webhooks service
- added new trigger service, moved listen service to its own file
- started listening to new site.changed event
- cleaned up trigger service to work with new webhook fields
- cleaned up tests
- removed redundant trigger method in v0.1 controller
2018-10-19 00:01:30 +05:30
kirrg001
45b8e6b66a Added TODO to controllers/entry.js
refs #9866
2018-10-18 19:41:07 +02:00
kirrg001
e302be2749 Changed preview controller to support v0.1 and v2
refs #9866

- invent preview api, but only used internally
  - the idea of a preview api is definitiely reaslistic and came up in the past a couple of times
- by that we don't have to differentiate between pages or posts controller
- still support v0.1
- preview controller is not registered for http, only internal handling
2018-10-18 19:41:07 +02:00
kirrg001
dcf6c0483c Extended {{get}} helper to query "pages"
refs #9866

- only possible with v2
2018-10-18 19:41:07 +02:00
kirrg001
12ff70497f Changed entry lookup helper to respect the resource type
refs #9866

- the entry helper is used for static pages and post lookups
- now that we support changing the api version, we have to respect the resource type
- for v2: we ask the pages controller for static pages
- in v0.1: pages and posts lived on the same route
- we are talking about the content API (!) - not admin api
2018-10-18 19:41:07 +02:00
kirrg001
803a325ade Renamed post-lookup to entry-lookup
refs #9866

- the static pages router uses the entry controller
- and the entry controller uses the lookup helper
- the lookup helper needs to either fetch static pages or posts
- v2 uses pages and posts controller
2018-10-18 19:41:07 +02:00
kirrg001
d8a7edd9aa Added TODO's for entry and preview controller
refs #9866
2018-10-18 19:41:07 +02:00
kirrg001
cbf2817e39 Added missing read pages endpoint
refs #9866

- the endpoints were missing
- the site app needs pages.read for v2
2018-10-18 19:41:07 +02:00
kirrg001
8caf8009ae Added TODO to amp_content
refs #9866

- this can be removed if we drop v0.1
2018-10-18 19:41:07 +02:00
kirrg001
15f6c2421c Fixed entry controller to handle v2 and v0.1 url response
refs #9866

- v2 returns absolute urls
- v0.1 returns relative urls
- this is a little ugly, but don't know how else to solve currently
2018-10-18 19:41:07 +02:00
kirrg001
640290c31b Updated blog site components to respect the api version
refs #9866

- the api call must be dynamic based on the api version information
2018-10-18 19:41:07 +02:00
kirrg001
3f9d0f51f5 Changed how we determine if a resource is owned by an url generator
refs #9601

- api v2 returns absolute urls
- api v0.1 returns relative urls
- it's easier if we compare by id
2018-10-18 19:41:07 +02:00
kirrg001
987e41e8d6 Attached api version to res.locals context
refs #9866

- each request get's the ghost api version attached
- this makes it possible to access the version in all steps (routing, theme helpers)
2018-10-18 19:41:07 +02:00
kirrg001
1f55c90037 Supported reading ghost api engine
refs #9866

- we fallback to v0.1 by default
- we support different formats
- this opens the box to switch the ghost api version for the whole blog site
- i had to add a different notation for overrides.json, because the structure is not optimal (i only want the versions, not the shortcuts)
2018-10-18 19:41:07 +02:00
Fabien O'Carroll
17feb14e4a Added HTTP BREAD for integrations resource (#9985)
refs #9865

* Added generic messaging for resource not found
* Ensured integration model uses transaction for writes
* Created POST /integrations endpoint
* Created GET /integrations/:id endpoint
* Created GET /integrations endpoint
* Created PUT /integrations/:id endpoint
* Created DELETE /integrations/:id endpoint
2018-10-18 14:03:56 +01:00
Kevin Ansfield
62a222c445 Updated Ghost-Admin to 2.2.4 2018-10-18 12:29:28 +01:00
Rishabh Garg
915d5612a1 🐛 Fixed relative image URLs becoming absolute URLs on save (#10025)
closes #10024

- Updated input serializers for posts/tags/users to handle absolute urls conversion

-------
1. Ghost stores relative images urls
2. API V2 returns images with absolute urls
3. Ghost-Admin sends absolute urls back on any save e.g. update user

**Current behavior**: This will override the relative image path in db to absolute, which in turn won't get updated in future if domain or protocol changes for e.g.
**Fix**: On save/update, input serializers converts any absolute image url paths back to relative if the base URL from image fields matches the configured URL
2018-10-18 12:18:47 +01:00
Fabien O'Carroll
e865d2218c 🐛 Fixed pagination/duplicate posts and users appearing in admin area (#10031)
closes #10029

- allowed page option for users, posts, & tags browse 
  - The page query param was not forwarding to the query, meaning that when the admin client requested the next page of users or posts, it would receive the first page again.
2018-10-18 10:05:51 +01:00
Fabien O'Carroll
ae71f2deca Added spam prevention for v2 sessions (#10030)
no-issue

- Added spam prevention to POST /session
  - This blocks repeated requests the the /session endpoint preventing brute
force password attacks
- Updated session controller to reset brute middleware
  - This updates the session controller to reset the brute force protection
on a successful login. This is required so that a user is not locked out
forever :o!!
2018-10-18 09:58:29 +01:00
Nazar Gargol
fd958addb6 Migrated update check to use api v2
refs #9866

- Switched update checker to api v2
- Updated and cleaned up the corresponding test suite
- Updated the frame pipeline to respect context passed in with Frame instance
- Exposed 'active' verison from api index module
2018-10-18 00:13:31 +02:00
Nazar Gargol
734bcc9040 Removed obsolete 'testing-pg' env variable
no issue
2018-10-18 00:13:31 +02:00
Nazar Gargol
49a729f77f Excluded sessions table from exporter (#9961)
refs #9865

- Made sessions table to be skipped during the export process
2018-10-17 18:29:24 +07:00
Rishabh Garg
c638863cb9 Updated webhooks schema and add relation (#10018)
* Extended webhooks schema/model and connected with integrations

refs #9942

- Updated webhooks schema with new columns - name, integration_id, secret, last_triggered_at, api_version
- Updated webhooks and integration model to map relationships
- Updated schema hash
- Updated test utils to exclude new webhooks columns for response comparison

* Added migration script for new webhooks columns

refs #9942

- Added migration script in 2.3 to add new columns to webhooks

* Updated schema hash

* Updated maxLength for api_version in schema

* Removed concurrency value from migration script

* Added defaults for webhooks model

* Added status field to webhooks for last trigger status

* Updated schema hash

* Fixed tests with status field

* Removed concurrency value in migration script

* Cleanup

* Updated schema with new fields

 - last_triggered_status, last_triggered_error
2018-10-17 18:17:13 +07:00
Fabien O'Carroll
4f1866a263
Allowed for repeated query parameters for arrays (#10021)
no-issue

There are a few libraries, including node core that when given an array
for a query parameter will encode it as repeated query params. e.g.

```
{someParam: ['a', 'b']}
// becomes
'?someParam=a&someParam=b'
```

This adds a check for the value to stop us 500ing on repeated keys and
to add easier interop with http clients
2018-10-17 13:43:32 +07:00
Kevin Ansfield
2e5f3dc55a Updated Ghost-Admin to 2.2.3 2018-10-16 17:38:23 +01:00
kirrg001
6084330868 Corrected functional users v2 test case
no issue

- just noticed that this test was sending the incorrect body data
2018-10-16 18:20:47 +02:00
kirrg001
15a8951bc7 Respected hasUserPermissions & hasAppPermissions in invite model
no issue

- the permission service expects from the permissible function to respect the input values
  - hasUserPermissions
  - hasAppPermissions
2018-10-16 18:00:05 +02:00
kirrg001
14a1bdbcf6 Removed invite before adding in v2
refs #9866

- the logic in v2 was missing
- it exists in v0.1
2018-10-16 17:26:24 +02:00
kirrg001
a65702df1d Extended api/index.js to export all available api versions
refs #9866
2018-10-16 16:03:32 +02:00
Nazar Gargol
d582c06eee Optimized usage of urls in API v2
refs #9866

- Extracted url decoration logic to utility in output serializers in posts, pages, users, and tags
- Added test cases for url usage by child object (tags of posts)
2018-10-16 13:02:04 +02:00
Fabien O'Carroll
2fbc5aa257
Added apiImpl.data to apiOptions for serialisation (#10016)
no-issue

This is to give serializers access to the expected data properties so
that can be used for filtering.
2018-10-16 16:51:50 +07:00
Rishabh Garg
51dde1e38c
Refactored config to handle direct calls for specific version (#10012)
refs #9866

- Refactored overrides config to include direct version configs(v0.1, v2), supported versions map to direct version
- Refactored `getApiPath` to handle direct versions as well as mappings of supported version
2018-10-16 15:20:51 +05:30
Fabien O'Carroll
3a70cdb2b6
Updated Integration model to use generateSlug (#10009)
no-issue

This ensures that slugs are stripped of illegal characters, and that we
do not create duplicates.
2018-10-16 12:25:54 +07:00
Nazar Gargol
9fd9186557
🐛 Fixed 'url' attribute miscalculation when when requested as the only part of fields filter (#9969)
closes #9962

- Fixed the bug with url being set to /404 when id was not present on the model
- Added a functional test to cover this bug
- Refactored url decorating methods to be more clear about the nature of passed parameters
2018-10-15 14:47:56 +02:00
Fabien O'Carroll
561c4b208d
Removed OPTIONS cors middleware from content api (#10013)
no-issue

The content API only supports GET requests so has no need for cors
middleware on OPTIONS. This also removes the router.del helper as it's
not used
2018-10-15 18:47:31 +07:00
Fabien O'Carroll
943e1c872c
Removed POST /subscribers from v2 content api (#10010)
no-issue

The content api is for serving read-only content only. This route does
not belong here.
2018-10-15 16:28:23 +07:00
Fabien O'Carroll
3db102a776
Added API Key auth middleware to v2 content API (#10005)
* Added API Key auth middleware to v2 content API

refs #9865

- add `auth.authenticate.authenticateContentApiKey` middleware
  - accepts `?key=` query param, sets `req.api_key` if it's a known Content API key
- add `requiresAuthorizedUserOrApiKey` authorization middleware
  - passes if either `req.user` or `req.api_key` exists
- update `authenticatePublic` middleware stack for v2 content routes

* Fixed functional content api tests

no-issue

This fixes the functional content api tests so they use the content api
auth.

* Fixed context check and removed skip

* Updated cors middleware for content api

* Removed client_id from frame.context

no-issue

The v2 api doesn't have a notion of clients as we do not use oauth for it

* Fixed tests for posts input serializer
2018-10-15 16:23:34 +07:00
Fabien O'Carroll
856af02e08
Updated ApiKey onSaving to forward options (#9994)
refs #9865

We require models to forward options on, so that any transactions continue to work
2018-10-14 16:54:10 +07:00
Nazar Gargol
76f4a4bb03
Enforced non-page posts only to be returned by /posts endpoint from Content API (#10002)
refs #9866

- Added logic ensuring page filter is always set to false in posts endpoint for Content API
- Added functional tests to pages and posts
- Added absolute_url logic in pages controller
2018-10-13 00:48:49 +02:00
Katharina Irrgang
981ad28283
Changed tags content api to v2 (#10004)
refs #9866
2018-10-13 00:11:48 +02:00
Katharina Irrgang
c907237540
Changed users content api to v2 (#10003)
refs #9866
2018-10-13 00:11:16 +02:00
Katharina Irrgang
4aaff31890
Added users ctrl to v2 (#10001)
refs #9866
2018-10-12 23:27:30 +02:00
Katharina Irrgang
1ee4d53bfe
Added tags ctrl to v2 (#10000)
refs #9866
2018-10-12 23:10:43 +02:00
Nazar Gargol
310526b6c5 Added upload controller to v1 (#9997)
refs #9866
2018-10-12 22:41:39 +02:00
Nazar Gargol
544289dc89 Added test coverage for subscriber controller API v0.1
refs #9866
2018-10-12 22:27:37 +02:00
Nazar Gargol
cfea6375ab Added subscribers controller to v2
refs #9866
2018-10-12 22:27:37 +02:00
kirrg001
0338ba56c0 Added removal of null values in v2
refs #9866

- also moved id mismatch to global validator
- this is not specific to posts
2018-10-12 21:46:16 +02:00
kirrg001
976699336b Allowed columns options for findAll
no issue

- otherwise you can't filter the query
2018-10-12 21:13:20 +02:00
kirrg001
adc5b18fb7 Added invites ctrl to v2
refs #9866
2018-10-12 21:13:20 +02:00
kirrg001
1472035137 Added mail ctrl to v2
refs #9866
2018-10-12 21:13:20 +02:00
kirrg001
9f2d68a027 Added notifications ctrl to v2
refs #9866
2018-10-12 21:13:20 +02:00
kirrg001
b899a6fec8 Added settings ctrl to v2
refs #9866
2018-10-12 21:13:20 +02:00
kirrg001
8b54cfea81 Supported status code as function
refs #9866
2018-10-12 21:13:20 +02:00