Commit Graph

962 Commits

Author SHA1 Message Date
Naz
add30f3d5b Decoupled frontend routing from url service
refs https://linear.app/tryghost/issue/CORE-103/decouple-internal-frontend-code-from-url-module

- By becoming a parameter in the routing bootstrap process URL is Service no longer a "require" inside the frontend controllers but rather becomes a part of the "internal API" of the bootstrapper. This is not the end form of it, rather a step closer to decouplint routing from the URL serivce.
- The bootstrap module needs a facelift to have cleaner distinction between init/start methods. This is left for another time
2021-10-14 05:55:49 +13:00
Kevin Ansfield
7cb93be60b Added boolean as allowed custom theme setting type
refs https://github.com/TryGhost/Team/issues/1106

- updated schema validation to add `'boolean'` as an allowed `type` value
- added `format()` and `parse()` methods to `CustomThemeSetting` model to match `Settings` model behaviour for boolean-type settings
2021-10-13 17:25:32 +01:00
Fabien O'Carroll
b93e7d7f7c Added offer_redemptions table to database
refs https://github.com/TryGhost/Team/issues/1132

This will be used to store Offer Redemptions, which will be used to list
the Offers which a Member has redeemed, as well as the number of times
an Offer has been redeemed.
2021-10-13 17:37:39 +02:00
Fabien 'egg' O'Carroll
b48c16c118
Added active column to offers table (#13592)
refs https://github.com/TryGhost/Team/issues/1131

This will be used as a flag to determine whether or not an Offer is
archived or active.
2021-10-12 15:20:45 +02:00
Hannah Wolfe
4ba372d813
Removed accidentally duplicated tests
- this was a result of a bad rebase, these tests should only exist once in their new form
2021-10-11 15:19:55 +01:00
Naz
1530cb28a5 Simplified Notification's service constructor
refs https://linear.app/tryghost/issue/CORE-64/resolve-undissmissable-update-notification-banners

- There's no need to pass a whole "version object" when all we need it a string in a full version format inside the module
2021-10-11 16:04:48 +02:00
Naz
c0d59db5be Added filtering of outdated custom notifications
refs https://linear.app/tryghost/issue/CORE-64/resolve-undissmissable-update-notification-banners
refs https://github.com/TryGhost/Team/issues/754
refs https://github.com/TryGhost/Team/issues/204
refs https://github.com/TryGhost/Ghost/issues/10236

- Custom notifications coming form the update check service should not be shown beyond instance's update. Once the notification is received it's marked with the current version number. With an instance upgrade all notification with older version should be hidden.
- This improvement should also resolve the problem of major version notifications with next major update (the code associated with https://github.com/TryGhost/Ghost/issues/10236 can then be removed after 5.0.1)
2021-10-11 16:04:48 +02:00
Naz
d948be5bcb Grouped "browse" unit tests together
refs https://linear.app/tryghost/issue/CORE-64/resolve-undissmissable-update-notification-banners

- Before making changes + adding more tests to the notifications test suite grouped related "browse" tests into a describe block. Housekeeping :)
2021-10-11 16:04:48 +02:00
Naz
8737ec8888 Added createdAtVersion property to newly created notifications
refs https://linear.app/tryghost/issue/CORE-64/resolve-undissmissable-update-notification-banners

- The property is meant to track Ghost instance version the notification was received and processed at.
- This information should be useful in the future to dismiss outdated notifications
2021-10-11 23:38:40 +13:00
Naz
53ae852a0e Added checks for notification properties
refs https://linear.app/tryghost/issue/CORE-64/resolve-undissmissable-update-notification-banners

- Before introducing new properties made sure existing ones were well understood and tested in a basic way
2021-10-11 23:38:40 +13:00
Kevin Ansfield
c33b596e9c
Added API tests for custom theme settings (#13519)
refs https://github.com/TryGhost/Team/issues/1104

- bumped `@tryghost/custom-theme-settings-service` so it throws a more appropriate `ValidationError` when setting keys don't exist or a select value is not known
- changed the custom theme settings service to have a `.init()` method which creates an instance of the service under `.api` so that we're able to create the instance at a particular point in the boot process when we know the models have been initialised
  - there were problems in tests because the service was being initialised through the require chain before models were initialised through the boot process
- fixed incorrect `camelCase` of resource name in API responses
2021-10-08 16:18:49 +01:00
Aleksander Chromik
48ac52800b
Replaced i18n.t w/ tpl in core/server/lib/image (#13507)
refs: #13380

- The i18n package is deprecated. It is being replaced with the tpl package.

Co-authored-by: Aleksander Chromik <aleksander.chromik@footballco.com>
2021-10-08 15:44:13 +01:00
Hannah Wolfe
61bb4ae770
Moved parent vhost test back to regression temporarily
- this test file uses a different pattern to the other test files
- not yet sure if the pattern is terrible or genius, need to assess before moving it into a folder full of what are meant to be exemplary tests
2021-10-08 13:50:37 +01:00
Naz
e69fa71584 Added basic unit test to cover notifications' service add method
refs https://linear.app/tryghost/issue/CORE-64/resolve-undissmissable-update-notification-banners

- We aim for full unit test coverage in our libraries and services. The very basic method coverage was missing so adding it!
2021-10-07 18:18:28 +02:00
Naz
c65e62b7df Promoted email-only feature to general availability
closes https://github.com/TryGhost/Team/issues/1125
refs 3c822e0457

- Email-only is not considered a general availability feature and can be used without special flags.
- It allows to publish a new post type "email only" that only goes out as an email newletter and is available through an undescoverable URL (does not appear anywhere publicly similarly to preview posts) on the site.
2021-10-07 12:08:56 +02:00
Hannah Wolfe
8902cc85d6
Updated e2e tests to be async/await
- These test files were moved from regression, and were not up to date
- Ensured they follow the right patterns
2021-10-06 15:51:05 +01:00
Hannah Wolfe
e4074286df
Cleaned up some e2e/integration tests
- e2e tests are tests that cover critical functionality by booting ghost
- integration tests are more like unit tests, but need to initialise and use a db
- so settings shouldn't start Ghost, url service is critical and should be in integration, and preview is critical and should be in e2e
2021-10-06 14:40:39 +01:00
Hannah Wolfe
726db1c0ec
Added integration test config & moved db-driven tests
- some tests are necessarily driven from the db
- these are like unit tests, except they only make sense if using the db - else you have to stub too much to make them worthwhile
- for these rare but important cases, we have the clear concept of integration tests
2021-10-06 13:51:24 +01:00
Hannah Wolfe
624414e0c1
Moved server e2e tests to own folder
- We have a bunch of important server-related e2e tests
- Make these clear in their own folder
- "server" is everything that isn't the api or the frontend - kind of a catch-all concept
2021-10-06 12:55:37 +01:00
Hannah Wolfe
1dec3d56b1
Renamed our acceptance tests to "e2e"
- These are end-to-end tests, make it clearer what they are and what they are supposed to do
2021-10-06 12:40:52 +01:00
Hannah Wolfe
f5f24d9cbc
Removed 2 test files that weren't deleted when moved
refs: 95d27e7f5

- My IDE is messing me about today, I moved these two files into test/unit/frontend/services in 95d27e7f5
2021-10-06 12:17:26 +01:00
Hannah Wolfe
9e96b04542
Moved server unit tests into the server folder
- this is a small part of a bit of cleanup of our test files
- the goal is to make the existing tests clearer with a view to making it easier to write more tests
- this makes the test structure follow the codebase structure more closely
- eventually we will colocate the tests as we break the codebase down further
2021-10-06 12:01:09 +01:00
Hannah Wolfe
95d27e7f58
Moved frontend unit tests into their own folder
- this is a small part of a bit of cleanup of our test files
- the goal is to make the existing tests clearer with a view to making it easier to write more tests
- this makes the test structure follow the codebase structure more closely
- eventually we will colocate the frontend tests with the frontend code
2021-10-06 11:58:29 +01:00
Naz
e3b56dd99f 🐛 Fixed immediately sent email when scheduling email-only post
closes https://linear.app/tryghost/issue/CORE-78/email-only-scheduling-should-work-the-same-way-as-regular-posts

- The email was going out at the moment of scheduling an email-only post instead of respecting the scheduled time.
2021-10-05 16:42:29 +02:00
Hannah Wolfe
d724c8f95d
Fixed amp not rendering content
refs: 9d7049cd3

- I missed that the amp_content helper was meant to be async when refactoring
- I have updated our proper amp acceptance tests to catch the content not rendering as this is a regression, this should definitely have been caught
- Added missing async property to amp_content helper to fix the issue
2021-10-05 12:27:31 +01:00
Hannah Wolfe
9d7049cd3f
Refactored helper registration code into a service
- The helper registration code is "framework" code and very specific
- At the moment the "theme engine" is full of lots of disparate theme related stuff
- I'm trying to make the frontend framework code clearer and also expand it to  make it more useful
- The helper system now also exposes 3 methods allowing you to register a directory, a helper or an alias
- I've updated the codebase to use these both for our core helpers and for "apps"
2021-10-05 10:04:02 +01:00
Daniel Lockyer
0ec6b425ee
Merged v4.17.1 into main
v4.17.1
2021-10-05 08:33:42 +01:00
Fabien O'Carroll
cda041d424 Moved StripeAPIService to its own service
refs https://github.com/TryGhost/Team/issues/1083

The Offers service is going to need access to the StripeAPIService too,
so we need to move it out of the @tryghost/members-api module and make
it accessible to both.
2021-10-04 19:28:19 +02:00
Naz
5066e65e03 Added validation to redirects config
refs https://linear.app/tryghost/issue/CORE-86/fix-failing-site-instance-when-redirects-file-is-invalid
refs 260a47da83

- Added validation logic to catch redirects files having invalid RegEx expressions when they are introduced into the system (on upload)
- This way the error happening in the refed commit would have not happened as the validator would not have passed it through
- Moved up the "Router" declaration in custom-redirects as it needs to happen before any other bit of logic has a chance to throw
2021-10-04 18:32:40 +02:00
Hannah Wolfe
1bbaf65a22
Removed need for index.js in frontend/helpers
- The index.js file was actually loader code
- It was mainly used by the unit tests, which needed to be rewritten to get each helper individually
2021-10-04 16:46:01 +01:00
Naz
8f5186995d Added unit test coverage for invalid redirects config
refs https://linear.app/tryghost/issue/CORE-86/fix-failing-site-instance-when-redirects-file-is-invalid
refs 260a47da83

- Refed commit was missing a unit test coverage.
- The approach here introduces a new pattern - using `supertest` in unit tests. I've found this to be the most expressive way to test an express app which receives certain middleware dynamically. Because there are very few moving parts the test is still extremely quick to run
2021-10-04 16:44:23 +02:00
Naz
260a47da83 🐛 Fixed 500 when instance has an invalid redirects config
refs https://linear.app/tryghost/issue/CORE-86/fix-failing-site-instance-when-redirects-file-is-invalid

- The site was returning a 500 for all routes whenever an invalid redirects file was uploaded.
- The cause of this issue surfacing was this change - 0962b3ed45 (diff-10784969d51d9abb9d620625a14b31661ff3f98dbfb0ea17186186a8151bacfaL35) . Previously an instance always had some sort of a working router and when the configuration failed it still functioned as an empty redirects router. After the change no router was mounted resulting in a 500
- Test cases fixing the problem will folllow
2021-10-04 15:25:37 +02:00
Hannah Wolfe
b10802f4c6
Updated fixture hash for integrity check
refs: fe2958eb73

Commit fe2958eb73 updated fixtures without updating the integrity hash - not sure how I missed this!
2021-10-04 13:47:12 +01:00
Paul Cushing
fe2958eb73
Fixed typo "in" default About page. (#13271)
- added a missing word
2021-10-04 12:18:15 +01:00
Fabien O'Carroll
58653690bd Fixed member bulk actions acceptance tests
refs https://github.com/TryGhost/Team/issues/1077
refs https://github.com/allouis/Ghost/commit/cdbccdeba

These tests were forgotten in the update to the API.
2021-10-01 14:21:14 +02:00
Rishabh Garg
c4cfd1839a
Added offers table (#13381)
refs https://github.com/TryGhost/Team/issues/1088

- adds schema for new offers table
- adds permission fixtures for new offers table
- adds migrations for new table and permissions

Co-authored-by: Fabien O'Carroll <fabien@allou.is>
2021-10-01 12:18:33 +02:00
Naz
99a2f12cb7 Simplified yaml parser to have fewer dependencies
refs https://linear.app/tryghost/issue/CORE-35/refactor-route-and-redirect-settings
refs 5715aa2155 (diff-48644be82a9b957e5e627bf7b0f2f73cdb1d63851ffad68c7c178c5886495bb8R52-R57)

- Simplified the yaml parser implementation to take in a single parameter, this move will allove to simplify the logic in the route settings + opens a door to unify handling with redirects yaml parsing!
- We loose the "filename" from the error information but that was a generic "routes.yaml" anyway and would be thrown only when somebody uploaded a routes.yaml file (no real added value).
- The debug statement should be moved to contain related filepath+other info to the calling module instead
- An additional error handler was borrowed from the redirects yaml parsing logic that was introduced in a referenced commit - it still makes sense to keep it for routes.yaml configuration
2021-09-30 17:29:43 +02:00
Naz
1ac0ba07de Extracted yarml persed dep out of settings loader
refs https://linear.app/tryghost/issue/CORE-35/refactor-route-and-redirect-settings

- Moving internal dependencies to be injected through constructor DI for better testability. This is first step of few more to follow. Not doing it all at once as there's too many thing failing when doing a bulk refactor
2021-09-30 17:29:42 +02:00
Naz
96d075c47d Refactored settings loader to class
refs https://linear.app/tryghost/issue/CORE-35/refactor-route-and-redirect-settings

- It's a step to making the module follow class+DI pattern before fully extracting it into an external libarary
- Reminder, doing in Ghost repo instead of substituting big chunks all at once to have clear history of how the service evolved prior to the extraction into external lib!
2021-09-30 17:29:42 +02:00
Naz
a00b994e9e Renamed route loader module to settings-loader
refs https://linear.app/tryghost/issue/CORE-35/refactor-route-and-redirect-settings

- The rename was needed to make it something more generic to later fit both routes and redirects setting purposes
2021-09-30 17:29:42 +02:00
Kevin Ansfield
b8e2bb7b6d Allowed custom theme settings to be passed through preview data
refs https://github.com/TryGhost/Team/issues/1097

- added `customThemeSettingKeys` as an argument to `preview.handle()` because we can't know which keys should be allowed through up-front
- added `custom` as a supported setting in the preview header data
  - `custom` should be a JSON object containing any custom theme settings
  - we parse the object but only set properties on `@custom` that are known custom theme setting keys
  - if parsing fails or it's not an object then no custom data is set
- updated `updateLocalTemplateOptions()` to pull `.custom` off of the preview data and pass it through so it's accessible on `@custom` as an override to the saved custom data
2021-09-30 13:23:39 +01:00
Kevin Ansfield
8a17e723a1 Moved usage of preview options from globalTemplateOptions to localTemplateOptions
refs https://github.com/TryGhost/Team/issues/1097

globalTemplateOptions are supposed to be static with localTemplateOptions being merged in per-request, however the per-request preview data was being extracted and set in the global options. Comments suggest that the global data should be static and eventually updated via other means, the usage of the request object to get per-request preview data is working against that.

- adjusted the preview handler to return an object rather than changing properties by reference on a passed in object
- moved preview data fetching out of `getSiteData()` used in `updateGlobalTemplateOptions()` and into `updateLocalTemplateOptions()` so that we're not relying on the request object in `updateGlobalTemplateOptions()`
2021-09-30 12:12:55 +01:00
Kevin Ansfield
4a6bedce7b Fixed theme-engine middleware tests timing out rather than showing failed assertions
no issue

- if any of the assertions in a test failed there was no handling, instead the test just timed out with a timeout error
- wrapping the assertions in a try/catch and calling `done()` with the error object aborts the test immediately and shows a useful assertion failure message
2021-09-30 12:12:55 +01:00
Naz
d4cd1bb865 Refactored ensure settings module into a class with DI
refs https://linear.app/tryghost/issue/CORE-35/refactor-route-and-redirect-settings

- Ensure settings had only one method but would benefit from class+DI pattern before extracting it into an outside module.
- The logic is now also less coupled with "routes" and single source/destination paths. It's all configureable instead and might be reused if similar pattern is needed for example with redirect settings defaults.
2021-09-29 20:56:55 +02:00
Hannah Wolfe
fd20f90cca
Divided f/e proxy into true proxy + rendering service
- The original intention of the proxy was to collect up all the requires in our helpers into one place
- This has since been expanded and used in more places, in more ways
- In hindsight there are now multiple different types of requires in the proxy:
   - One: true frontend rendering framework requires (stuff from deep inside theme-engine)
   - Two: data manipulation/sdk stuff, belongs to the frontend, ways to process API data
   - Three: actual core stuff from Ghost, that we wish wasn't here / needs to be passed in a controlled way
- This commit pulls out One into a new rendering service, so at least that stuff is managed independently
- This draws the lines clearly between what's internal to the frontend and what isn't
- It also highlights that the theme-engine needs to be divided up / refactored so that we don't have these deep requires
2021-09-29 13:10:14 +01:00
Naz
0962b3ed45 Made custom-redirects middleware testable
refs https://linear.app/tryghost/issue/CORE-35/refactor-route-and-redirect-settings
refs 7528ec8c3b

- The way the custom redirects middleware was organized made it extremely hard to unit test it (had to stub the redirects service methods etc). With a new organization it's possible to provide needed redirects configs to the method which makes the actual redirects Router logic testable and the code less coupled with redirects services
- This was meant to be an attempt to extract more of the slow redirects regression tests, which failed. Instead found this weak spot that could be improved and gained:
- shaved 4s of time as two slow regression test cases are now gone
- there's now a base to build upon when getting more coverage for the custom redirects middleware
2021-09-28 22:00:32 +02:00
Naz
dd042d69c9 Moved routing setting hash calculation to backend
refs https://linear.app/tryghost/issue/CORE-35/refactor-route-and-redirect-settings

- These were the last bits that had to be moved out of the frontend doing route.yaml related operations
- Next steps will be refactoring a "bag of everything" into smaller modules and reducing dependencies where possible
2021-09-28 04:59:41 +13:00
Naz
95706aa37e Moved validate&yaml-parser modules to backend
refs https://linear.app/tryghost/issue/CORE-35/refactor-route-and-redirect-settings

- These modules should be colocated along with the rest of routes.yaml related modules
- They will later be extracted into external modules
2021-09-28 04:59:41 +13:00
Naz
7a91917424 Removed use of 'routes' parameter in route settings loader
refs https://linear.app/tryghost/issue/CORE-35/refactor-route-and-redirect-settings

- The only allowed route settings name is 'routes.yaml', which removes a need to parameterize the function as the location is permanent anyway
- Simplifying the function in any possible way before extracting the common bits into an external lib
2021-09-28 04:59:41 +13:00
Naz
ba964c549f Moved route settings "getter" to the backend
refs https://linear.app/tryghost/issue/CORE-35/refactor-route-and-redirect-settings

- Frontend is not meant to know about the underlying source of the "routes" configuration, so any reads/edits/validations are being moved into a backend service. This should also simplify the coupling of the backend with the frontend where the latter will get a JSON blob with all needed configuration during the boot
- Nother problem the "get" method had was hiding an underlying function it was doing - reading the file from the filesystem SYNCRONOUSLY. It might be a thing we need to do during the "web" app initialization, but there's no clear need to do this in a sync fassion during the bootup for example. Also having a more explicit name should help :)
2021-09-28 04:59:41 +13:00
Naz
484bb2eea2 Moved default-routes.yaml file to backend
refs https://linear.app/tryghost/issue/CORE-35/refactor-route-and-redirect-settings
refs c1c9bf0866

- Actions logic related to file system operations (like ensuring files exist) should be done on the backend. Now the route settings initialization logic lives on the backend it makes sense to keep the file closer to the source.
- The move is the opposite to the one refed in the commit with a
difference that the file now lives in "route-settings"
2021-09-28 04:59:41 +13:00
Naz
31e9434466 Moved route settings initialization to backend
refs https://linear.app/tryghost/issue/CORE-35/refactor-route-and-redirect-settings

- Actions logic related to file system operations (like ensuring files exist) should be done on the backend. The frontend will be receiving a unified JSON blob config without needing to know about filesystem
2021-09-28 04:59:41 +13:00
Naz
4a47e8d0a8 Changed settings loader module API signature
refs https://linear.app/tryghost/issue/CORE-35/refactor-route-and-redirect-settings

- It was not clear from the module signature/usages that the default method is executing synchronously. The change makes it explicit. Knowing if the method is synchronous is helpful to stop possible pefr bottlenecks!
2021-09-28 04:59:41 +13:00
Naz
748ea9540c Refactored routes hash to be a "single" value
refs https://linear.app/tryghost/issue/CORE-35/refactor-route-and-redirect-settings

- It's a continuation of simplifying the concept of multiple frontend settings. If there's just one file we support there should be just one hash
2021-09-28 04:59:41 +13:00
Naz
93af11bdec Simplified knowSettings usage
refs https://linear.app/tryghost/issue/CORE-35/refactor-route-and-redirect-settings

- 'knowSettings' was based on a "configurable" array of settings that might be configured in Ghost. The multitude never happened! The only setting the frontend takes care of is routes.yaml file (redirects is also kind of a setting but is a separate concept for now).
- Having just one type of file to deal with allows to simplify implementation significantly, which helps before a big refactor
2021-09-28 04:59:41 +13:00
Naz
010db90a51 Removed unused getAll settings method
refs https://linear.app/tryghost/issue/CORE-35/refactor-route-and-redirect-settings

- The getAll function was never used. No need to keep it around!
2021-09-28 04:59:41 +13:00
Naz
71e2a06b25 Reworked ensure-settings module to take in singular file path
refs https://linear.app/tryghost/issue/CORE-35/refactor-route-and-redirect-settings

- This is a micro-step towards getting rid of multiple "knownSettings" concept. Since the introduction of an array of knowSettings there was never-ever a need to handle anything but a single `routes.yaml` file. Getting rid of this concept first to have a simpler module. Next step would be getting rid of filesystem reads/writes in the "frontend"
2021-09-28 04:59:41 +13:00
Kevin Ansfield
b6d9bad6dc
Added custom theme settings browse/edit permissions for Administrators (#13361)
refs https://github.com/TryGhost/Team/issues/1070TryGhost/Team#1070

- initial implementation will only allow browse+edit via the API
2021-09-27 09:59:09 +01:00
Kevin Ansfield
57effd9585
Added custom_theme_settings table/model (#13327)
refs https://github.com/TryGhost/Team/issues/1070

- stores values of custom theme settings
  - will be merged with full settings data parsed from themes for API output
  - will be cached and made available for lookup in themes to avoid db roundtrips
- stores type of custom theme settings so we can coerce values and know if the type has changed when syncing
- records will be synced with themes upon activation
2021-09-23 11:51:18 +01:00
Daniel Lockyer
93e4b2eafd 🔒 Fixed remote command injection when using sendmail email transport
refs https://github.com/TryGhost/Ghost/security/advisories/GHSA-wfrj-qqc2-83cm
refs https://github.com/advisories/GHSA-48ww-j4fc-435p

- a vulnerability in `nodemailer` means that the `sendmail` transport is
  vulnerable to command injection for flags passed to the `sendmail`
  binary
- updating to the latest version of Nodemailer required creating
  `@tryghost/nodemailer`, which is a wrapper around Nodemailer and
  several plugins that used to be in the core
- this commit switches to using that package, and fixes up some small
  code + test changes
2021-09-17 16:46:51 +01:00
Hannah Wolfe
7d1d6ec6eb
🐛 Fixed error in sitemap with >50k posts (#13317)
closes: CORE-34
refs: https://github.com/TryGhost/Team/issues/1044

- this is a super basic fix, it adds a max nodes concept and limits the node in each sub-sitemap to 50k by default
- this will prevent the error in google console
- a better fix is in progress, but we want to at least solve the errors ASAP
2021-09-17 11:13:42 +01:00
Fabien 'egg' O'Carroll
2dca63eae2
Added temporary database table for analytic events (#13312)
refs https://github.com/TryGhost/Team/issues/1053

This table is going to be completely deleted at some point in the
future. It serves as a persistent datastore for a spike into collection
analytic events for members. We've opted for a generic table, rather
than a table for each event, so that we can push the DB to the limit in
terms of the length of the table, and find out performance issues A$AP
2021-09-17 11:15:21 +02:00
Hannah Wolfe
ba587ba882
Fixed logic bugs in match helper (#13315)
closes: CORE-33

Two bugs:
- lodash isEmpty and handlebars util isEmpty are not the same
- I literally had the truthy and falsy cases the wrong way around 🙈

Notes:
- I have, for now, copied the isEmpty util from handlebars. It's so small it doesn't seem worth trying to require the util right now, although in future it'd be nice if that was easier to do
- Adding the management for the conditional being a SafeString allows the match helper to be a subexpression of itself, I can see this pattern being useful later in combo with the any and all helpers
2021-09-17 09:47:10 +01:00
Hannah Wolfe
38c7f42baf
Improved match helper tests (#13314)
closes: CORE-32

- The match helper is a very logical helper, designed to support many many type of comparison
- The existing test pattern had gotten long and unweildy already and I'd barely scratched the surface
- Introduce a new pattern, that allows for very quickly and easily describing template strings and what their evaluation should be
- This quickly highlights how many broken cases there are right now!

Notes:
- I could have condensed the pattern further with test groups and iterating over to create describe blocks
- I feel the current implementation is the right balance between condensed and legible to make this maintainable
- I could also have used the same pattern for the block helper, but at that point I felt it more important that the logic I was testing was clear, rather than condensed
2021-09-16 17:11:10 +01:00
Naz
4744349381 Removed method complexity in integrations API controller
refs https://github.com/TryGhost/Team/issues/694
refs https://linear.app/tryghost/issue/CORE-10/tackle-integrationsjs

- The controller code is not meant to contain complex business logic.
- Added a test case checking 'PUT' endpoint for integrations to ensure
proper 'NotFound' handling. Found that previous implemenation was
buggy - threw a 500 as 'models.Integration.NotFoundError' that was removed
in previous commit didn't catch a needed error.
2021-09-16 14:23:48 +03:00
Daniel Lockyer
d4adae775e v4.14.0
-----BEGIN PGP SIGNATURE-----
 
 iHUEABYIAB0WIQTqYa7kNs8D7Oo9dgLSEYbwtHKVrQUCYUB7mgAKCRDSEYbwtHKV
 rYTGAP9dggMBUTq6+2yLyYHChVMqLez2WS/XmgTdC4mc2tsZzgD+J2/zhRObGYX0
 d54Y39pAw7rPV8Z8md9nCm9olPpE4AM=
 =w206
 -----END PGP SIGNATURE-----
gpgsig -----BEGIN PGP SIGNATURE-----
 
 iHUEABYIAB0WIQTqYa7kNs8D7Oo9dgLSEYbwtHKVrQUCYUB8kwAKCRDSEYbwtHKV
 rTGVAP4wqFwWwQUFUXX4tLbvcLKQalvHQI3soLFneAzZT1M3DQEAtWO+crkH2auN
 Agt8ND2ndlIzsyGxYywliajBfbQVZwM=
 =nFhH
 -----END PGP SIGNATURE-----

Merged v4.14.0 into main

v4.14.0
2021-09-14 11:42:21 +01:00
Kevin Ansfield
6875796417 Blocked 0.* IP addresses when making oembed requests
no issue

It was possible for authenticated/trusted admin users to make GET requests to localhost via the oembed service by crafting a redirect that used 0.0.0.0.

- added the 0.* default route/routing block to the private IP regex used to block requests when we're contacting external sites
- added an additional IP or localhost check in the oembed service when fetching bookmark card data
2021-09-14 11:35:14 +01:00
Kevin Ansfield
0294918eb9 Fixed labs service unit tests
refs d735e3a4f3
refs c7972c20a5

- the unit tests are currently tied to the labs service data rather than testing independent behaviour meaning that the test needs to be updated when the particular alpha flag they are tied to gets removed
2021-09-14 10:19:26 +01:00
Daniel Lockyer
2d639ad4a1 Replaced removed Bookshelf findWhere function
- as per https://github.com/bookshelf/bookshelf/wiki/Migrating-from-0.15.1-to-1.0.0#collectionfindwhere, the `findWhere` function was removed
- `find` can be used in combination with `matchFunc` and then checking
  the values against each other to keep the same functionality
- also updates the tests to reflect the change in number of function calls
2021-09-10 16:59:11 +01:00
Daniel Lockyer
7a3725fdbf Fixed settings tests due to Bookshelf update
- Bookshelf now seems to error out when the response is undefined and
  expects something
- this commit updates the test to the same empty response we use
  elsewhere
2021-09-10 16:59:11 +01:00
Rishabh Garg
2272f84cc9
Added beta {{products}} helper for tiers list on post (#13267)
refs https://github.com/TryGhost/Team/issues/1004

- adds new `{{products}}` helper behind `multipleProducts` flag
- `{{products}}` outputs a string with list of products that have access to specific post when used in a post context in theme
- outputs empty string when used out of a post context and without access to `visibility` property
- uses all available posts for a site via the global products data
- updates {{content}} helper cta to use this new helper to show list of tiers with access to post
2021-09-10 09:30:41 +05:30
Rishabh
c7972c20a5 Fixed alpha flag tests
refs 025eb8bd79

`mutipleProducts` has now been moved out of alpha to beta, though the alpha feature tests were still using it to verify alpha behavior. The tests are now updated to use `dashboardTwo` feature as base alpha feature instead.
2021-09-09 17:05:07 +05:30
Naz
4f78bf01a2 Moved default settings population test to regression suite
closes https://github.com/TryGhost/Team/issues/860
refs 5405b6ca7c

- The slow test was running slow because it's not a "unit test" it is testing much more. Moved it to a correct suite - regression which simplified the logic a lot (no need to mock db calls).
- Brought back the 2000ms limit as the bottleneck has been solved
2021-09-01 15:23:57 +04:00
Naz
35e23636ae Fixed 'sent' status setting when publishing a post
refs https://github.com/TryGhost/Team/issues/947

- During the work of the UI and moving `email_only` flag to publish menu it created the situation where the publishing of the post was at the same time as adding `email_only` flag, resulted in not picking up teh `sent` status as the `posts_meta` model and record were's available during save.
- Adding the incoming attribute check for email_only flag covers this situation
2021-08-26 22:25:45 +04:00
Fabien 'egg' O'Carroll
9a1417c8b9
Exposed dummy subscriptions to theme layer (#13257)
refs https://github.com/TryGhost/Team/issues/986

This updates the @tryghost/members-api module to return the full member
object from getMemberIdentityData, which is used to populate req.member
used by themes to construct the `@member` template data.

The full object is read from the service which handles all additional
properties and logic for retrieving members, including the dummy
subscriptions for comped members.
2021-08-26 16:03:32 +01:00
Fabien 'egg' O'Carroll
c7a7828b57
Gave Administrators permission to connect to Stripe (#13228)
refs https://github.com/TryGhost/Team/issues/994

This adds the permission required to connect to Stripe to the
Administrator role, as required by the linked issue.
2021-08-26 11:00:40 +01:00
Fabien O'Carroll
e71114bb8f Added Members bulk actions endpoint
refs https://github.com/TryGhost/Team/issues/946

This adds the initial bulk actions endpoint used for the members
filtering feature. The idea is to eventually move bulk destroy into this
endpoint to and provide a consistent interface for applying bulk actions
to members.

The @tryghost/members-api package has been bumped to include the new
bulkEdit method.

The sinon.restore in tests was moved to an afterEach so that stubs did
not effect other tests.
2021-08-23 16:38:21 +02:00
Fabien 'egg' O'Carroll
2f33292600
Added members_product_events table (#13236)
refs https://github.com/TryGhost/Team/issues/873

This table is to track events related to members be given or having
removed access to products. It will allow us to provide start dates for
access for complimentary members, as well as being able to track access
to products over time, either for individual members or for aggregates.
2021-08-23 16:29:15 +02:00
Fabien 'egg' O'Carroll
26c3e77640
Ordered Products by their monthly price by default (#13234)
refs https://github.com/TryGhost/Team/issues/714

In order to order products by their monthly price we need to apply a
join with the stripe_prices table when querying so we have access to the
amount column of stripe_prices.

As this ordering is core to how the tiers feature is intended to work,
we have added it as the default order. But this can be overriden by
manually passing the order option.

Also ensured that we do not create duplicate products in test fixtures
2021-08-20 14:46:06 +02:00
Naz
937d9e58d1 Switched post routing to uuid instead of slug
refs https://github.com/TryGhost/Team/issues/990

- Relying on uuid instead of slug makes the posts less discoverable and partially soves discoverability through overriden robots.txt files
2021-08-19 12:27:45 +04:00
Naz
74280cfbea Added "email post" frontend routing
refs https://github.com/TryGhost/Team/issues/953

- Emails posts should be not explorable by the rest of the frontend similarly to the draft or scheduled posts. Email posts should also keep the content gating, so that specific parts of content can still be gated based on the post's visibility setup
- A separate frontend router was chosen to implement this part of the system instead of a moutable express app due to increased complexity to introduce the latter approach.
- All "sent" email-only posts will be accessible through the `/email/:slug/` route
2021-08-13 12:09:11 +04:00
Naz
70b359923f Fixed failing unit test
refs 9bc5a279ca

- Adds a new post status introduced in the referenced commit.
2021-08-13 10:22:11 +04:00
Naz
9bc5a279ca Added a 'sent' status to post model
refs https://github.com/TryGhost/Team/issues/953

- We need to track email-only posts that have been sent out. New status was chosen as a way to differenciate such posts.
- Introducing a new "email post" type, conceptually like "page", was considered. Because there is no clear roadmap for "email post" becoming a bigger part of the product yet and a lot of uncertainty around this concept, overhead needed to introduce a new type was just too much to do at this moment. It's still a possibility in the future
2021-08-13 10:06:15 +04:00
Fabien 'egg' O'Carroll
6dba643ef9
Added ability to filter members on subscription data (#13214)
refs https://github.com/TryGhost/Team/issues/944

This will allow us to filter for members which have a canceled
subscription or for members which are currently on trial.
2021-08-12 10:10:51 +01:00
Naz
01f8737d39 Added /email/ route to robots.txt
closes https://github.com/TryGhost/Team/issues/952

- The `/email/` route will be a home for email only posts. We are adding the route preemptively to have the crowlers update their caches before the feature sees the light of The Internet
2021-08-10 13:45:53 +04:00
Naz
5967c080dc Covered current format of robots.txt with a test
closes https://github.com/TryGhost/Team/issues/952

- The format and routes used in default robots.txt is publicly tocumented and changing it can possibly cause breaking the users' usecases.
- When it's changed one should remember to update https://ghost.org/help/modifying-robots-txt/ and have a warning in the release notes describing the change
2021-08-10 13:27:08 +04:00
Naz
c9821a123a Swapped to American English spellings
refs 16728a3ef1
2021-08-09 13:35:01 +04:00
Naz
fc6aecceaa Added test coverage for /email/ frontend route
refs https://github.com/TryGhost/Team/issues/948
refs 06a6dcb2d1

- The `/email/` route feature landed in main without test coverage. This changeset gives a start to a test suite covering all things `/email/`
2021-08-09 13:35:01 +04:00
Naz
af74e0c89d Removed stray .only statement in tests
refs 06a6dcb2d1
2021-08-06 18:15:32 +04:00
Naz
06a6dcb2d1 Added an /email/ root route for email-only posts
refs https://github.com/TryGhost/Team/issues/948

- The  frontend route `/email/:uuid` is aliased to the preview as a temporary solution. It fulfills the premise of the email-only post anyway - not being accessible publicly and only shared through email.
- The tests for the new route are missing as adding them was way more problematic than I envisoned. They are in the works and will be added as a follow up commit next.
2021-08-06 18:10:19 +04:00
Naz
e2c78e0634 Removed redundant theme engine stubbing in tests
refs https://github.com/TryGhost/Team/issues/948

- When working on related problem noticed these declarations were scattered all over the place in the test without special purpose. Moved them all up into a central "once per suite" stub. Not sure if this subing is working at all, but at least it will be easier to change it once per suite in the future once someone spots a problem with this approach
2021-08-06 17:16:33 +04:00
Naz
e7ef7ab6a4 Broke down "frontend" test suite into smoller chunks
refs https://github.com/TryGhost/Team/issues/948

- While working on referenced issue came around adding tests to new top level route - '/email/' and it was pretty hard to navigate through single blob of tests. Broke them down by the area/route into separate suites for better mainteinability
2021-08-06 15:18:03 +04:00
Naz
3c822e0457 Added ability to send newsletter and not publish the post
refs https://github.com/TryGhost/Team/issues/949

- When post is marked as "email-only" we can send it out to the selected audience when publishing without making the post publicly available
- The feature is available for experimentation behind "email only" alpha flag available in labs
2021-08-06 11:57:54 +04:00
Naz
838e94e535 Added email_only property in Posts Admin API v4
https://github.com/TryGhost/Team/issues/893

- The property is only added to Admin API v4 and is invisible in all Content APIs as well as v2/v3 Posts APIs
2021-08-05 19:44:35 +12:00
Naz
755a3a320e Added email_only column to posts_meta table
closes https://github.com/TryGhost/Team/issues/893

- We need a place to store email-only flag and posts_meta is the best place for it
2021-08-05 19:44:35 +12:00
Rishabh
edca10dae7 Fixed tests for logged out member session response
refs 24b2a82461
2021-07-30 10:44:19 +05:30
Naz
2fbc1af165 Added email disabling flag to settings records
refs https://github.com/TryGhost/Team/issues/912

- We need a place to persist the email freeze state between instance restarts - settings table record is the best place for it
2021-07-29 20:30:30 +12:00
Thibaut Patel
ba4f8cc857 Added OAuth user data
issue https://github.com/TryGhost/Team/issues/614

- This allows keeping each user oauth data, to compare on future logins
2021-07-27 17:56:07 +02:00
Daniel Lockyer
04b5a1c6c5 v4.10.2
-----BEGIN PGP SIGNATURE-----
 
 iHUEABYIAB0WIQTqYa7kNs8D7Oo9dgLSEYbwtHKVrQUCYP6iagAKCRDSEYbwtHKV
 rR/dAPsGjY89fheicUdZfWbVUGunIQAKCYWj4sNMR5ZJbFQ8IAD8Dbx5XLR1IYmX
 7uzjx7ayuHt+o9jJkaRFGpETIRln4w0=
 =JY+u
 -----END PGP SIGNATURE-----
gpgsig -----BEGIN PGP SIGNATURE-----
 
 iHUEABYIAB0WIQTqYa7kNs8D7Oo9dgLSEYbwtHKVrQUCYP6kDQAKCRDSEYbwtHKV
 rVJ1AQCDiGWEJNVItQbPoAURACUtQPtg8GH1O62We+LUNdKQ5gEA2+snzZAi9fag
 60k5eyYxcB4JOwSVLIS19FcybgnhuAg=
 =1a74
 -----END PGP SIGNATURE-----

Merged v4.10.2 into main

v4.10.2
2021-07-26 13:01:12 +01:00
Kevin Ansfield
8d5e7ed695
🐛 Fixed unsubscribed members receiving email when a post is sent to all members (#13181)
refs https://github.com/TryGhost/Team/issues/935

The problem was incorrect operator precedence when multiple statements existed in the filter original filter when we transform it to enforce `subscribed:true` before sending.

- free only - subscribed:true+status:free - no issue
- paid only - subscribed:true+status:-free - no issue
- all - subscribed:true+status:-free,status:free - the ,status:free part is treated as a separate OR statement meaning the subscribed:true is not applied to it and free members that are unsubscribed will receive the email

- extracted the filter transform into a separate function so it can be unit tested
- updated the transform to use `()` for operator precedence, eg: `subscribed:true+(status:-free,status:free)`
- used transform function in `addEmail()` and `getEmailMemberRows()`
- fixed `sent/send` typo in error message
2021-07-26 12:47:03 +01:00
Naz
ac3602cced Fixed empty response when import triggers a job
refs d60d348c88

- When the import triggers a background job the meta response should contain no data otherwise the client can mistake it for completed import
2021-07-23 21:14:06 +04:00
Naz
810b052e01 Removed use of deprecated new Error() syntax
refs 2f1123d6ca
refs 6f1a3e1774

- As per refed commits, we are removing deprecated use of `new Error()` in the codebase
- Exposed few internal from commands module methods for easier testing, otherwise it was turning into neverending mocking show
2021-07-19 21:31:31 +12:00
Naz
a266c64130 Removed use of deprecated new Error() syntax
refs 2f1123d6ca
refs 6f1a3e1774

- As per refed commits, we are removing deprecated use of `new Error()` in the codebase
2021-07-19 21:31:31 +12:00
Naz
648662af93 Reverted "Moved disguised unit tests into regression test suite"
refs bf587d4055

- The change broke regression tests and due to this change being out of
scope of the cycle dicided to rever it and increase the time limit on
unit tests instead
- We should focus on refactoring moving slow unit tests in the next
cleanup period
2021-07-19 13:22:31 +04:00
Naz
bf587d4055 Moved disguised unit tests into regression test suite
no issue

- Two affected unit tests were triggering the "slow unit test" error on CI which gave a clue they were either:
- written badly
OR
- were not unit tests at all

- The latter proved to be true and the tests were moved where they belong - into the regression test suite with much more forgiving running itme constraints.
- Unit tests should run quick ALWAYS as that's the first thing that gets triggered before pushing improvements to main. Faster - better.
2021-07-19 12:04:42 +04:00
Fabien 'egg' O'Carroll
81e7d71391
Fixed created_at dates for member events on import (#13151)
refs https://github.com/TryGhost/Team/issues/542

The members-api has been updated to use the passed `created_at`
property when creating members for the status change events, as well as
using the subscription start_date for members paid subscription events

This is a duplicate of 7eb821b3f5 but
with updated dependencies.
2021-07-16 12:06:46 +01:00
Naz
8a219f4f72 Fixed slow-running external request test
refs https://github.com/TryGhost/Team/issues/860

- Slow unit tests cause longer waiting time to deliver code to main. Before this fix the test was taking a whooping 6s on average
- The main cause of the delay was a downstream's package (got) default retry logic that was taking up a lot of time. The test is meant to check a "500" response handling not a retry logic, so disabling it for this specific test makes sense
2021-07-15 15:21:33 +04:00
Naz
84d0815e47 Refactored scheduling default test to use nock
refs https://github.com/TryGhost/Team/issues/860

- `nock` has been used in other similar unit tests. It was proven to have easy to understand and use API. By not making up custom code through express/httpServer stuff we reduce the amount of boilerplate code significantly - makes tests a lot more readable
- Bonus, removes couplint dependency to "shared" express module
2021-07-15 14:07:11 +04:00
Naz
5ea8e9b926 Removed use of deprecated new Error() syntax
refs 2f1123d6ca
refs 6f1a3e1774

- As per refed commits, we are removing deprecated use of `new Error()` in the codebase
- This bit cleans up the rest of `new Error()` usage in MEGA service
2021-07-14 19:17:35 +04:00
Naz
b045112950 Renamed exposed _getEmailMemberRows in mega
no issue

- Exposing internal methods out of the module is a non-standard practice. Adding `_` prefix allows to signal that this method is not for general use.
- When mega is refactored into a proper class this method will become exposed anyways
2021-07-14 18:56:57 +04:00
Naz
f343e73c92 Removed use of deprecated new Error() syntax
refs 2f1123d6ca
refs 6f1a3e1774

- As per refed commits, we are removing deprecated use of `new Error()` in the codebase
- This bit cleans up `new Error()` usage in MEGA service
2021-07-14 18:44:25 +04:00
Naz
3b7042545a Fixed typo 2021-07-14 13:23:15 +04:00
Hannah Wolfe
6726246697
Fixed test for overriding active theme
refs: f9a3f7d955

- The test for overriding a theme (uploading a theme with the same name as the currently active theme) doesn't test the right codepath
- It incorrectly assumes uploading the same theme twice results in an override, but this is only true for the active theme
- This change splits the override test out into it's own test, and only tests overriding by changing the active theme first
- Also fixed a minor comment type whilst here
2021-07-11 20:02:32 +01:00
Rishabh
6bb10e6d4b 🐛 Fixed API errors when including member counts for labels
closes https://github.com/TryGhost/Team/issues/607

- patch was added in `bookshelf-include-count@0.1.3` to fix member counts for labels
- bumps `bookshelf-plugins` to include the patch
2021-07-09 19:51:17 +05:30
Hannah Wolfe
c29c118fcf
Moved labs utlity to shared
- This isn't really a "service" - it's a set of utilities for working with labs flags
- It's also required all over the place, and doesn't require anything that isn't shared
- Therefore, it should live in shared
2021-07-08 09:05:41 +01:00
Hannah Wolfe
8d38957bd7
Revert "Moved labs utlity to shared"
This reverts commit 782de52678.
2021-07-08 07:09:13 +01:00
Hannah Wolfe
782de52678
Moved labs utlity to shared
- This isn't really a "service" - it's a set of utilities for working with labs flags
- It's also required all over the place, and doesn't require anything that isn't shared
- Therefore, it should live in shared
2021-07-07 21:41:34 +01:00
Kevin Ansfield
69bc5a9dfd Fixed error when requesting resize of a blank image
closes https://github.com/TryGhost/Team/issues/819

- adds guard for an empty buffer when reading file from storage for resizing, if a blank image is loaded then redirect to the original file
2021-07-07 19:11:24 +01:00
Thibaut Patel
605b042a33 Update cache invalidation on several routes
issue https://github.com/TryGhost/Team/issues/859

- Added invalidation to PUT /authentication/setup
- Added invalidation to POST /db
- Added invalidation to DELETE /db
- Added invalidation to GET /slugs/:type/:name
- Removed invalidation from PUT /users/:id/token
2021-07-07 18:12:51 +02:00
Naz
dfe1089ee2 Bumped default API version export to be canary/v4
refs https://github.com/TryGhost/Team/issues/856

- The default internal version of the API is expected to be the latest one available which is v4/canary at the moment.
- There will be more information posted in the referenced issue later around how to approach the "default version", for now it's just a change to make a small step into a right direction.
2021-07-07 18:44:21 +04:00
Naz
09283bd151 Removed unused leftover spec in acceptance test suite
refs https://github.com/TryGhost/Team/issues/856

- These tests were created during work on v4 without a particular goal behind them. Because they don't do anything extra comparing to the existing tests there is no sense to keep them around
2021-07-07 13:54:49 +04:00
Hannah Wolfe
f08a55c21f
Renamed tests to .test.js & updated commands
refs: https://github.com/TryGhost/Team/issues/856
refs: https://github.com/TryGhost/Team/issues/756

- The .test.js extension is better than _spec.js as it's more obvious that it's an extension
- It also meaans we can use the --extension parameter in mocha, which should result in a better default behaviour for `yarn test`
- It also highlights that some of our tests were named incorrectly and were not (and still will not be) run (see https://github.com/TryGhost/Team/issues/856)
- Note: even with this change, `yarn test` is throwing errors, I believe because of this issue https://github.com/TryGhost/Team/issues/756
2021-07-06 20:45:01 +01:00
Hannah Wolfe
1dda2cd931
Changed to use debug not console in acceptance tests
- In an ideal world, our acceptance tests would be much, much faster
- ATM we output how much time is spent on reloading Ghost for each suite, but this is output with console
- Changed this to use DEBUG, so we don't clutter the UI normally
- Added further debug statements, and a cumulative time, so we can see where time is spent/wasted
- Added a DEBUG command for running acceptance tests with this output
- This shows us that reloading Ghost accounts for 50% of the test time
2021-07-06 20:24:49 +01:00
Hannah Wolfe
b1b09efd75
Moved loadAllThemes out of test util
- this was skipped on boot, but then called in the test utilities, but only on restart 🙈
- this means that yarn test:acceptance (i.e. running all tests) works, but if you try to run just test/api-acceptance/themes_spec.js it would fail because that uses a fresh boot not a restart/reload
- I've changed this as keeping the test using the real boot, rather than the made-up acceptance-utils tasks as much as possible is way better
2021-07-06 20:24:48 +01:00
Naz
b98854150c Added test illustrating filtering of null segments
refs https://github.com/TryGhost/Team/issues/861

- The test case illustrates that it's already possible to achieve what's described in the referenced issue (bug where the content is not filtered correctly when a single email segment card is present)
- The bug fix for a general issue should be using this parser's ability to properly filter html/plaintext content
2021-07-06 17:03:46 +04:00
Naz
2c1ae2e9af 🐛 Fixed a 500 error for incorrect fields parameter in API
refs 8a1fd1f57f
refs 5584430ddc

- The change to async/await in the original commit 558443 was causing problems in downstream dependencies (create-error package) where it was loosing a context of "this". It's not a direct dependency so I didn't go yak shaving into where exacly the context is lost.
- The fix to keep a correct context of "this" was sticking to an existing pattern using regular function returning promises. Once we need to redo them into async/await we can investigate if there's a way around create-error's context prolbem
2021-07-06 11:58:37 +04:00
Hannah Wolfe
7e6800b2b8
Improved dev tooling (#13118)
This commit achieves a few things:

- ☑️  No longer having to remember whether a command is yarn something or grunt something
- ☑️  Simplification of tools hopefully making them easier to remember and use 
- ☑️  Complete removal of the need for grunt from our test tooling

Several of the tools still use grunt under the hood, but the **entrypoint** should aways be `yarn xxx`.

- `grunt main` -> `yarn main`
- `grunt dev` -> `yarn dev`
- `grunt build` -> `yarn build`
- `grunt test:file-or-folder` -> `yarn test file-or-folder`
- `grunt test-unit` -> `yarn test:unit`
- `grunt test-acceptance` -> `yarn test:acceptance`
- `grunt test-regression` -> `yarn test:regression`
- `grunt validate` -> removed due to lack of use

There is now also `yarn test:all` to run all 3 classes of tests

This PR also reorders & restructures the Gruntfile extensively so that:

- The remaining useful commands are all at the top of the file
- Config and other blah happens after all the useful commands
- All release-only config happens in the release task at the very end of the file

---

DONE:

* Removed all references to npm/bower
* Removed all references to lint / deprecated command
* Moved debug to yarn dev:debug
* Removed all references to travis
* Removed broken help task + useless comment
* Removed unused knex-migrator and clean:test setup tasks
* Added new test commands, removed grunt validate
* Moved stubClientFiles to test utility and use in the few tests that need it
* Used mocha in yarn directly except grunt test:x
* Swapped grunt test for yarn test
* extensive cleanup and reshuffling
2021-07-05 20:02:22 +01:00
Daniel Lockyer
8a1fd1f57f
Revert "🐛 Fixed a 500 error for incorrect fields parameter in API"
- this reverts commit 5584430ddc until we
  can investigate why tests are failing
2021-07-05 17:36:44 +01:00
Naz
5584430ddc 🐛 Fixed a 500 error for incorrect fields parameter in API
closes https://github.com/TryGhost/Team/issues/817
refs 6d083ee00e/packages/bookshelf-pagination/lib/bookshelf-pagination.js (L256)

- The 500 error is not the best we can do in this situation and throwing a 400 just like we doo in a referenced commit would keep the convention
- The underlying problem of the bug is bigger - we allow the fields named the same way as relations to leak into the db query and that causes an incorrect SQL syntax. It's a bigger problem which would need a separate, holistic approach
2021-07-05 18:46:02 +04:00
Thibaut Patel
9c2cfb5d00 Added cache invalidation to the POST authentication/setup route
issue https://github.com/TryGhost/Team/issues/859
2021-07-05 16:01:25 +02:00
Rishabh
3e9a23355f Handled visibility filter in post/page API
refs https://github.com/TryGhost/Team/issues/849

As part of work for segmented post access with multiple products, the custom filter for post access is stored in `visibility` field on posts but passed with `visibility_filter` property on API. This change -

- updates input serializer of posts to transform `visibility` and `visibility_filter` properties correctly
- updates output serializer for canary to transform and send `visibility_filter` attribute with filter value
- updates output serializer for v3 to ignore any custom filter on visibility and return `paid` instead as v3 didn't have a concept of custom filter
2021-07-05 17:10:45 +05:30
Hannah Wolfe
84c2154cbe
Fixed missing renames getExcerpt -> generateExcerpt
refs: fbf0636936

- I renamed this pattern in a bunch of places, but missed a few, leaving the code messy and confusing
- This makes the naming consistent
2021-07-02 09:44:18 +01:00
Matt Hanley
4ac89c0176
Added webp image support (#13105)
refs https://github.com/TryGhost/Ghost/issues/9448
refs https://github.com/TryGhost/Ghost/issues/2591

Added API support for webp image files.
2021-07-02 09:37:54 +01:00
Naz
df5290089b Fixed lint error 2021-07-01 21:02:06 +04:00
Naz
986a7526f5 Added member partitioner based on segment
refs https://github.com/TryGhost/Team/issues/828

- Before sending out batches with members we need to partition all members based on the segment they belong to. Special segment "unsegmented" is used in case none of the segments used in the emal cards cover part of the members set (for example only free members card used when emailing all members)
2021-07-01 20:58:24 +04:00
Kevin Ansfield
1b0aa0abd8
Fixed feature_image_caption needing triple-curlies in themes (#13107)
refs https://github.com/TryGhost/Team/issues/845
refs 517d2abc5c

- updated router response formatting functions and `{{#get}}` helper response handling to make any `feature_image_caption` properties in the response a `SafeString` instance so triple-curlies are not needed when using the property in themes
2021-07-01 17:55:44 +01:00
Thibaut Patel
b94c8bcfd4 Render an email correctly according to the associated member segment
issue https://github.com/TryGhost/Team/issues/829
2021-07-01 13:36:42 +02:00
Hannah Wolfe
af4bfb8862
Changed meta filenames to correct casing
- purely for cleanliness!
- we use kebabcase by default
- tests should be kebab-case-file_spec.js (one day we want this to be .test.js)
2021-07-01 12:30:25 +01:00
Hannah Wolfe
fbf0636936
Renamed meta/excerpt meta/generate-excerpt
- This function is quite different to the others, as it generates an excerpt from HTML (truncating)
- Most functions in the meta data folder just contain content negotiation logic, like if post then feature_image else cover_image type things
- This function is more like a library and shouldn't live in Ghost, it should probably be in @tryghost/helpers
- It's definitely something we'd love to rewrite to work better tooooo
2021-07-01 11:47:29 +01:00
Hannah Wolfe
884f39d045
Moved meta + sitemap tests out of data folder
- we moved the meta folder out of data a really long time ago
- we also moved the sitemap out of data/xml into a service
- this moves the tests to roughly match
2021-06-30 17:08:28 +01:00
Hannah Wolfe
bd597db829
Moved settings/cache to shared/settings-cache
- This is part of the quest to separate the frontend and server & get rid of all the places where there are cross-requires
- At the moment the settings cache is one big shared cache used by the frontend and server liberally
- This change doesn't really solve the fundamental problems, as we still depend on events, and requires from inside frontend
- However it allows us to control the misuse slightly better by getting rid of restricted requires and turning on that eslint ruleset
2021-06-30 15:49:10 +01:00
Hannah Wolfe
3ea6df819c
Refactored SettingsCache to get events through DI
- requiring lib/common/events makes the settings cache tightly coupled to the server
- moving this up to settings index means the cache itself can be moved to a shared component/moved out of Ghost
- the index then becomes the settings manager
- questionable whether the event listeners & updater part of this shouldn't be part of a manager, independent of the actual cache 🤔
2021-06-30 15:40:41 +01:00
Hannah Wolfe
0b333765d4
Refactored shutdown and reset for settings
- shutdown removed listeners, which should really be done before adding them anyway!
- reset sets the cache back to an empty object, which was already done by init
- merge these into one reset function that fully resets the cache
- all instances of shutdown were called before an init call, and now called during init, therefore these can be removed
- acceptance utils had an instance of calling shutdown and reset together as part of stopping Ghost, reworked that to be clearer
2021-06-30 15:18:15 +01:00
Naz
bb8cf6001e Added unique filtering for segment parser
refs https://github.com/TryGhost/Team/issues/828

- When detecting email segments and later creating a member filter out of this data we only care about unique segments otherwise we'd be creating multiple batches with the same segment filter
2021-06-30 17:43:28 +04:00
Naz
e04af28efe Added segment parser logic
refs https://github.com/TryGhost/Team/issues/828

- This is experimental segment extraction logic, more to follow. Alllows to extract arrays of email segments used in the email's HTML content
2021-06-30 17:43:28 +04:00
Thibaut Patel
a792b92e94 Added member segment to email batches
issue https://github.com/TryGhost/Team/issues/826
2021-06-30 14:56:20 +02:00
Hannah Wolfe
b33b837c39
Removed unused reinit function
refs: https://github.com/TryGhost/Ghost/pull/11987
refs: 7e28802b1c
refs: 0b79abf5b2
refs: https://github.com/TryGhost/Ghost/issues/12003

- renit was added in https://github.com/TryGhost/Ghost/pull/11987
- it was then refactored out in 7e28802b1c (I think inadvertently)
- but we no longer call settings.init() before the DB is ready with the new boot proces 0b79abf5b2s
- original bugs, such as https://github.com/TryGhost/Ghost/issues/12003 could have regressed as a result of this being removed, but it is hard to reproduce
- by not initising settings before migrations, we reduce the complexity of needing to reinit them
- this commit actually just removes dead code, but I've left all the context I've found today here in this message so that it can be easily reconstructed if needed
2021-06-30 12:44:32 +01:00
Hannah Wolfe
77996d1ee4
Moved vhost arg logic out of the parent app
- Makes the logic for determining the admin and frontend vhost args independent and easier to test
- Moved the tests to specifically test the vhost utils & removed proxyquire as a dependency
- We want to breakdown the current parent app into the existing core/app.js and boot code, allowing us to decouple the backend and frontend further
- This is all part of the refactoring to separate server and frontend completely
2021-06-28 19:38:42 +01:00
Naz
58b3c47781 Fixed broken notifications/setting acceptance tests
refs d9ddc2db6a
refs https://github.com/TryGhost/Team/issues/754

- The tests were written with falsy assumptions and validation added in refed commit have uncovered it!
-  A secondary issue touched here is additional JSON object serialization that is used in the  "input serializer" -d9ddc2db6a/core/server/api/v2/utils/serializers/input/settings.js (L107-L110)
- The additional stringification should not be there at all. It covers for a mistaken internal use of Settings API where raw objects are passed around instead of serialized JSON Objects (see commets left with this changeset for details)
2021-06-28 16:48:00 +04:00
Naz
d9ddc2db6a Added extra validation for some settings of array type
refs https://github.com/TryGhost/Team/issues/754
refs a7dec233ba

- Additional validation protects from problems like the ones in refed commit from even getting through to the database.
- At the moment only used notificatons and couple more settings to ensure they are arrays when passed into the API. This is to avoid making big change in settings straight away - this is a problematic area which needs cautious approach.
- Ideally in the future the list of settings to check the "array" type (and other types) should be automatically generated based on the default-settings.json (or whatever way we define settings in the db a that moment)
- There's an ugly code-tripplication going on in this change. This is a separate topic that will be addressed once we work on API cleanup.
2021-06-28 14:26:18 +04:00
Naz
23367ee0bb Added test checking notifications are not editable through API
refs https://github.com/TryGhost/Team/issues/754

- `notifications` settings are part of a "core" group and should not be editable through non-internal API calls
2021-06-28 11:59:38 +04:00
Fabien O'Carroll
b894b2a913 Added products_benefits table
refs https://github.com/TryGhost/Team/issues/804

The associative table is used to implement the many-to-many relationship
between Products and Benefits. The `sort_order` column is needed because
a product's benefits should be orderable by an admin.
2021-06-24 17:21:01 +01:00
Fabien O'Carroll
65b2e8a0a5 Added benefits table
refs https://github.com/TryGhost/Team/issues/804

Benefits are tag-like resources which will be associated with Products.
The first iteration just requires a name for the benefit, which will be
stored as plaintext.
2021-06-24 17:21:01 +01:00
Naz
828a66748a Fixed lint errors 2021-06-24 16:36:47 +04:00
Naz
b5fb439ae7 🐛 Fixed version update indicator on about page
refs https://github.com/TryGhost/Team/issues/754
closes https://github.com/TryGhost/Ghost/issues/13088
refs a7dec233ba

- The corrupted data recovery mechanism for notifications is needed to be able to fix the data stored in `settings` table under `notifications` key. There was no validation in place, which has caused some instances to store data in unreadable/writable state
- The recovery mechanism is in place to avoid adding migrations every time we spot a broken notifications data (will be fixed by validation soon).
- The notification data is also NOT critical but valuable for system functioning properly, that's the reason why the data "healing" happens in less secure  "fire-and-forget" way
- The referenced commit is where the "bigger" problem that was causing the data corruption was at. This change is a "cleanup" after what has happened there - storing Ghost error object in `value` for `notifications` key
2021-06-24 16:33:01 +04:00
Thibaut Patel
f12f64e87b
🔒 Added a "reset all passwords" feature (#13005)
issue https://github.com/TryGhost/Team/issues/750

- Only accessible by admins
- Resets all staff users' passwords and prevents them to log-in
- Sends them a reset email password to give them back access to their account
- Closes all existing staff user sessions
2021-06-23 14:54:28 +02:00
Naz
90cc801394 Added JSDoc and unit tests for email replacement parser
refs 474e6c4c45

- The method was not easy to understand after skimming through it.
- As we are working on developing a similar pattern for upcoming similar featured created a basic test suited to see input/output relation clearly
2021-06-23 12:00:03 +04:00
Kevin Ansfield
446993a905
Added additional newsletter customisation settings (#13074)
refs https://github.com/TryGhost/Team/issues/793

New settings added for newsletter customisation options:

- `newsletter_header_image` - `null/"$url"`
- `newsletter_show_header_icon` - `"true/false"`
- `newsletter_show_header_title` - `"true/false"`
- `newsletter_title_alignment` - `"center/left"`
- `newsletter_title_font_category` - `"serif/sans_serif"`
- `newsletter_show_feature_image` - `"true/false"`

`newsletter_show_header` has been dropped because the same functionality can be achieved by setting both `newsletter_show_header_icon` and `newsletter_show_header_title` to `false`

---

- migration to convert and delete `newsletter_show_header` setting
- removed `newsletter_show_header` from default settings to ensure it doesn't get re-created
- replaced main labs template and template settings generation with the labs template
- deleted labs template
2021-06-21 13:40:40 +01:00
Hannah Wolfe
737d19c78c
Swapped out usage of stubUrlUtils for configUtils
- stubUrlUtils is now doing the same thing as our existing configUtils but is slightly harder to use
- swapped this out, and made stubUrlUtils an internal-only utility
2021-06-21 11:07:30 +01:00
Rishabh Garg
8f104f67b1
Added new portal_products setting (#13055)
refs https://github.com/TryGhost/Team/issues/768

- `portal_products` stores list of products available in Portal
- adds new `portal_products` setting to default settings
- adds migration to populate `portal_products` with current product so its available by default
- update tests
2021-06-21 14:01:50 +05:30
Hannah Wolfe
2f3d60c87e
Updated to use config-url-helpers in urlUtils 2021-06-18 21:49:28 +01:00
Hannah Wolfe
16b5d14c9c
Removed bind from internal-only config helpers
- We were using the same bind pattern for both internal-only and public helpers
- Binding helpers to config makes them available throughout the codebase
- Removing the binding doesn't make the code much more complicated, but it does make the Public API of the config module a lot clearer
2021-06-18 21:19:16 +01:00
Hannah Wolfe
93f9bc0105
Renamed config index to loader
- Renamed the file in line with our rules around index.js files
- Cleaned up some outdated code patterns
- Want to make the config module a little clearer in what it does
2021-06-16 14:42:06 +01:00
Sam Lord
3f0bab4389 Replaced request module with @tryghost/request
no issue
Part of the effort to break up Ghost into smaller, decoupled modules.
2021-06-16 13:16:15 +01:00
Sam Lord
24332c3d24 Replaced ghost-version.js with @tryghost/version
no issue
Part of the effort to break up the Ghost codebase into smaller, decoupled modules.
2021-06-16 13:16:15 +01:00
Hannah Wolfe
526993965a
Switch to @trghost/validator, remove validator
- Part of the effort to split Ghost down into smaller, decoupled pieces
- Moved out our internal validator tooling to a separate library
- Replaced all usage of our own tooling and validatorjs directly with @tryghost/validator
- Removed the validatorjs dependency and removed the renovate pin
- This gives us a consistant, smaller, clearer public API for validations
- It will eventually be used on Ghost Admin too
- This way we can start getting up to date with validator whilst not increasing build size
2021-06-16 08:11:22 +01:00
Daniel Lockyer
97c0c93959 Refactored Bookshelf CRUD functions into plugin
no issue

- we're going to pull this out into the framework monorepo but
  refactoring it here first makes it a lot easier to extract without
  losing the history
2021-06-15 18:27:43 +01:00
Sam Lord
35e51e364b Switch to @tryghost/debug, remove ghost-ignition
no issue
The only pieces of Ghost-Ignition used in Ghost were debug and
logging. Both of these modules have been superceded by the Framework
monorepo, and all usages of Ignition have now been removed, replaced
with @tryghost/debug and @tryghost/logging.
2021-06-15 17:24:22 +01:00
Daniel Lockyer
f91daffdad
Revert "Refactored Bookshelf CRUD functions into plugin"
this reverts the following until tests have been fixed:
 - e51d505abb
 - c86ac27dcf
 - 3ffba967f2
2021-06-15 16:41:14 +01:00
Sam Lord
caea330647 Change to use @tryghost/logging
no issue

Logging is now controlled by a logginrc.js file in the root of the project - and now we can just import @tryghost/logging everywhere
2021-06-15 15:59:11 +01:00
Daniel Lockyer
e51d505abb
Refactored Bookshelf CRUD functions into plugin
no issue

- we're going to pull this out into the `framework` monorepo but
  refactoring it here first makes it a lot easier to extract without
  losing the history
- note: this is very temporary and will be extracted soon
2021-06-15 15:46:33 +01:00
Hannah Wolfe
0fe8426f97
Renamed validation to validator + better public API
- renamed our internal validation library to "validator" - which is the same as the tool it wraps
- updated the public api so that validator methods are directly exposed
- this will make it a drop-in replacement for validator-js
- in turn, this allows us to pull this out into @tryghost/validator, and use our own wrapper instead of the 3rd party library
2021-06-15 15:32:36 +01:00
Hannah Wolfe
1688b17c49
Refactored + cleaned up validation tools
- General code cleanup
- Removed unused notContains rule
- Swapped custom empty rule for builtin isEmpty rule
- Dropped usage of .extend on validator, as this was removed 2 years ago!
   - This will allow us to upgrade the validator dependency to a much newer version
- Changed our internal validator module to only expose the functions we use.
   - This gives us a clearer Public API
   - It makes it easier to see if we are affected by changes in validator
   - It's still easy to add another validator, we just have to update what we require
   - We can potentially use this to make smaller builds esp for client-side usage
   - Once ripped out into a module we can use ES imports :D
- Rejigged and _slightly_ improved the tests
2021-06-15 15:17:20 +01:00
Daniel Lockyer
495ef867c2 Extracted Bookshelf plugins from Ghost to Framework repo
refs:
  - cf15f60085
  - dd20cc649b
  - ccf27f7009
  - abf146d61f
  - 2b54c92a14
  - bb029a53f6
  - 95bd7ee675
  - 9018b4df22
  - df01a6e5f4
  - d313726b34

- these plugins were in a state where they were independent enough to be
  pulled out into their own packages, which is what we did in the
  referenced commits above
- each package is named like `@tryghost/bookshelf-<plugin>`
- to avoid requiring multiple packages into Ghost, we've also created a
  wrapper package called `@tryghost/bookshelf-plugins` which re-exports
  all these plugins, so the changes in Ghost are very simple - dbebdd43b5
- this commit deletes the plugins + tests, and replaces with our new
  package with some minor code changes
2021-06-15 12:49:38 +01:00
Hannah Wolfe
4e49aeb9a0
Moved password validation into a library
- This is super specific code relating only to validating passwords.
- It's needed as a shared validator as we use other funnels to help people setup Ghost on Pro, but currently it's hard-baked into Ghost
- It's also not the greatest code. It'd be nice to be able to rework it and know that would automatically update everywhere passwords are set
2021-06-15 12:33:14 +01:00
Hannah Wolfe
d3cc85c920
Moved schema validator into the schema module
- This is a really specific piece of code related to validating models against our internal schema.js format
- This doesn't make sense without a schema.js file
- It does depend on the internal validator and validate tools - but those are used elsewhere too, and can reasonably be moved out of the codebase
- I don't see schema.js moving out of the codebase any time soon. We can move the validator but it would be a class that requires schema via DI
- For now my focus is on getting the data/validation tooling separated and making clear sense
- Improving data/schema can come later :)
2021-06-15 11:54:34 +01:00
Hannah Wolfe
c37de311ea
Split validation index into separate files
- The data/validation module is made up of several loosely related things with lots of dependencies
- Separating out the various components makes it possible to see what's what, and importantly what has complex dependencies
- validator + validate probably go togetheri in an external module, the other two files should probably have their own homes in related areas of ghost e.g. schema -> data/schema/validate.js
2021-06-14 18:18:28 +01:00
Kevin Ansfield
1bc57b584a
Added posts_meta.feature_image_{alt,caption} columns (#13030)
refs https://github.com/TryGhost/Team/issues/770

We want post feature image functionality to better match what's available inside the editor, to do that we'll need somewhere to store alt and caption meta data. `posts_meta` chosen because even though we want to make this generic for other tables in the future those tables also have a `feature_image` (or closely related) field.

- updated schema with new columns
- added migration to create columns
- cleaned new columns from API output
  - not output on v2/v3
  - conditionally output on v4/canary output based on labs flag
- bumped `@tryghost/admin-api-schema` to allow new columns through in canary API requests
  - silently clean properties from input when labs flag is disabled
  - updated acceptance tests so they fail if `admin-api-schema` is not letting the new fields through
2021-06-10 20:35:56 +01:00
Kevin Ansfield
f49f7699aa
Enabled all labs flags when testing (#13036)
no issue

Shows impact of new code behind labs flags through the existing acceptance/regression tests. Allows for existing tests to be updated to match new behaviour rather than requiring separate tests where individual flags are enabled. Should result in minimal test updating once code reaches GA.

- adds a forced `'labs:enabled'` fixture op that edits the `labs` setting to enable all flags then restarts the settings service to pick up the new setting
- modifies labs service to not remove ALPHA_FEATURE labs settings when running in a testing environment
2021-06-10 12:54:34 +01:00
Hannah Wolfe
16728a3ef1
Swapped to American English spellings
- Traditionally all of Ghost's public-facing text was written in British English
 - We're changing that to US English because that's more common
 - US English should also be used in code e.g. properties are called color not colour
 - most of these changes are in comments, but I've changed them so that we have US English in front of us always
 - fixed a few other typos I noticed whilst there
2021-06-09 16:39:06 +01:00
Naz
0f6ea35d7e Added 'alpha' feature support to labs
refs https://github.com/TryGhost/Team/issues/772

- When the feature is introduced into Ghost at it's first lifecycle stage - "alpha" the rule is to have a "enableDeveloperExperiments" flag along with labs toggle turned on before it's usagble in the codebase
- The changeset introduced a "ALPHA_KEYS" concept which should allow distinguishing alpha flags from beta flags.
2021-06-09 19:30:34 +04:00
Rishabh Garg
ba9b2ee68f
Updated monthly/yearly data in price helper (#13012)
closes https://github.com/TryGhost/Team/issues/761

With multiple products, each product can have an active monthly/yearly price, so we no longer store the monthly/yearly price ids in global settings but instead store them in product table directly. This means we need to update our global `@price` helper to also use the updated schema and use the monthly/yearly prices from product table instead of settings data.
2021-06-08 16:32:39 +05:30
Hannah Wolfe
7069cc1221 Added initial match helper
refs: https://github.com/TryGhost/Team/issues/759

- wired up a matchHelper feature flag & used the labsEnabledHelper tool to gate the helper
- added a first version of the match helper, which is intended to replace the has helper
- this is an experimental helper and may or may not make it to GA
- match is a simple comparison helper, right now it does a very basic equals or not equals comparison
- much more functionality is needed to reach parity with has
2021-06-07 21:15:05 +01:00
Naz
7a21522804 Restored labs' getAll function
refs https://github.com/TryGhost/Team/issues/757
refs 37ef40b46e/core/server/services/labs.js

- As more labs flags have been added to allowlist the `getAll` method should be returning members+all allowlisted flags
- The changeset restored the state of the method to the one reffed in the commit
2021-06-07 20:51:37 +04:00
Naz
5f45f870a0 Fixed test for settings type
refs 485a50794e
refs 3f286e8eb4

- The changes to the test were pushed at the same time as there were new ones added (see reffed commits)
2021-06-07 20:36:29 +04:00
Naz
3f286e8eb4 Removed group/type mapping in v4/canary Settings API
refs https://github.com/TryGhost/Team/issues/757

- The "type" value in settings is meant to be representing the data type stored in the "value" field. It was an overlooked bug in v4 API adding a mapper to  group->type
2021-06-07 19:47:02 +04:00
Kevin Ansfield
485a50794e Added extra newsletter settings
refs https://github.com/TryGhost/Team/issues/755

Additional customisation settings for newsletter emails are being introduced. Defaults match the existing email design.

- adds new settings
  - `newsletter_header_image` - stores URL from image upload
  - `newsletter_show_header_icon` - boolean toggle, default `true`
  - `newsletter_show_header_title` - boolean toggle, default `true`
  - `newsletter_show_feature_image` - boolean toggle, default `true`
  - `newsletter_title_alignment` - "left" or "center" selection, default "center"
  - `newsletter_title_font_category` - "serif" or "sans_serif" selection, default "sans_serif" (matches body font category selection)
2021-06-07 16:31:50 +01:00
Naz
024fd27221 Added group values to settings test
refs https://github.com/TryGhost/Team/issues/757

- Groups are meant to represent the group to which the settings key belongs and have the same value as stored in the DB. This was an evolution of v2/v3 API's "type"
- Having a fixed value for groups in a test will make it easier to track the "type" change that is about to land
2021-06-07 18:32:42 +04:00
Naz
48d36b6a48 Disallowed aditing "labs" settings in v2/v3 APIs
refs https://github.com/TryGhost/Team/issues/757

- There is no usecase for editing "labs" settings outside of canary/v4 API versions. Removing support for older versions makes the supported API surface smaller (easy maintenance).
2021-06-08 02:18:17 +12:00
Naz
d8230f3343 Added labs setting import validation
refs https://github.com/TryGhost/Team/issues/757

- Similarly to the API input serrialization importer should not pass through unknown labs keys to avoid soiling data
2021-06-08 02:18:17 +12:00
Naz
cd35358fdb Added labs setting input validation
refs https://github.com/TryGhost/Team/issues/757

- To safeguard from mise of a very permissing "object" value of the "labs" setting this change introduces an "allowlist" approach to filtering unrecognized labs flags
- Should allow maintainers to have a clear view of which labs flags are currently in use and manage them accordingly
2021-06-08 02:18:17 +12:00
Naz
8ab43b84d5 Enabled 'labs' to be accepted as a value in Settings API
refs https://github.com/TryGhost/Team/issues/757

- As labs has been added back to the settings table the APIs are reverting back to accepting it as a value
2021-06-08 02:18:17 +12:00
Naz
49ba26373d 🏗 Added "labs" setting enabling feature flags
refs https://github.com/TryGhost/Team/issues/757
refs https://github.com/TryGhost/Team/issues/332
refs ea6d656457

- We have a need a quick way to add features behind flags. The old way of "labs" is the quickest way to achieve this. It has ready tooling around it and well understood pitfalls. This change reintroduces "labs" group & key in settings table in the same shape it used to be (see reffed commit)
- Next step will be introducing very basic guard rails to protect from pitfalls previous implementation of "labs" had. This will include an allowlist based input validation for lab's object's data
-  The labs being an "object" type is an EXCEPTION. Even though it's an antipattern we aim to move away from, for now it's the lowest impact solution that will unblock the use of flags in the system. A proper solution will come at some point.
2021-06-08 02:18:17 +12:00
Hannah Wolfe
724db487a0
Swapped _.escape for proxy.escapeExpression
- we don't need to use _.escape from lodash as we already have escapeExpression from handlebars
- it's more correct to use the escape utility from our theme engine when escaping strings _for_ our theme engine!
- Note there is a minor difference between the two:
  - Lodash: &, <, >, " and '
    - refs: https://lodash.com/docs/4.17.15#escape
  - Handlebars: &, <, >, ", ', ` and =
    - refs: https://handlebarsjs.com/api-reference/utilities.html#helper-utilities

- This could cause slightly weird behaviour in themes around ` and = characters, but as it's just convering to html entities it should be fine
2021-06-04 20:07:44 +01:00
Fabien 'egg' O'Carroll
2a81d0a986
🐛 Fixed saving Members with Complimentary plans (#13008)
* 🐛 Fixed saving Members with Complimentary plans

refs https://github.com/TryGhost/Team/issues/758

Since 4.6 The Admin is using the comped flag again, rather than creating
subscriptions for zero-amount prices directly. With the `comped` flag
removed, the default state was for it to be falsy in the Admin, and when
saved would trigger the legacy comped flow, cancelling the subscription.

This reverts commit 57a176ff3d.
2021-06-03 18:28:14 +01:00
Naz
7d05da6185 Removed update check service in favor of external package
refs https://github.com/TryGhost/Team/issues/728

- The code of update check has been extracted into it's own package as a part of TryGhost/Core monorepo. This commit is a cleanup of the leftover files
2021-06-03 13:24:19 +04:00
Naz
666baf8d50 Removed GhostMailer parameter from UpdateCheckService
refs https://github.com/TryGhost/Team/issues/728

- This is continuation of the previous commit. TLDR: Passing only the necessary parameter data makes it easier to reason about what dependencies the UpdateCheckService has to deal with
- Instead of passing in a whole GhostMailer instance passing only an email sending function, which again - makes things way more manageable to reason about
- The end of refactor, next will be a move of the UpdateCheckService into a separate module in tryghost/core
2021-06-02 15:18:32 +04:00
Naz
42efa043d8 Removed ghostVersion parameter from UpdateCheckService
refs https://github.com/TryGhost/Team/issues/728

- This is continuation of the previous commit. TLDR: Passing only the necessary parameter data makes it easier to reason about what dependencies the UpdateCheckService has to deal with
- Burned ghostVersion module passing in vafor of just one additional config parameter. Now the module along with unit tests can be easily extracted out of the codebase!
2021-06-02 15:08:26 +04:00
Naz
759f6ed3ba Removed urlFor parameter from UpdateCheckService
refs https://github.com/TryGhost/Team/issues/728

- This is continuation of the previous commit. TLDR: Passing only the necessary API endpoint function makes it easier to reason about what dependencies the UpdateCheckService has to deal with
- Substituted a parameter with already existing 'siteUrl' config value. No need to duplicate work!
2021-06-02 14:37:29 +04:00
Naz
bd51dd09db Limited the API surface of the UpdateCheckService
refs https://github.com/TryGhost/Team/issues/728

- This is continuation of the previous commit. TLDR: Passing only the necessary API endpoint function makes it easier to reason about what dependencies the UpdateCheckService has to deal with
- Limited urlUtils to only one function as that's all the UpdateCheck uses. Next step will be removing the function completely as and passing a 'blogURL' as a config value (way better readability this way)
2021-06-02 14:31:07 +04:00
Naz
2e7d0a4e26 Limited the API surface of the UpdateCheckService
refs https://github.com/TryGhost/Team/issues/728

- This is continuation of the previous commit. TLDR: Passing only the necessary API endpoint function makes it easier to reason about what dependencies the UpdateCheckService has to deal with
- There are 8 different configs that NotificationService depends upon it will need some further investigation around which ones are even needed anymore and the naming is not the best. To keep the time cap at bay leaving it at what it is.
2021-06-02 14:08:29 +04:00
Naz
9992cc573e Renamed update check test suite
refs https://github.com/TryGhost/Team/issues/728

- Previous name was after the do-all-the-things mega module that have now become an "initializer" for the UpdateCheckService class. The unit tests are testing the latter, so the rename is a cleanup from the previous ways
2021-06-01 17:53:46 +04:00
Naz
dd8a974639 Moved update check tests to unit tests
refs https://github.com/TryGhost/Team/issues/728

- This is the end of the refactor for update check tests. There are no dependencies for Ghost server process to run this test suite!
- Next steps will be extracting the service to an outside module
2021-06-01 17:48:19 +04:00
Naz
f929a01036 Reworded test suite name
no issue
2021-06-01 17:35:10 +04:00
Naz
83296c5c7e Removed rewire dependency in update check tests
refs https://github.com/TryGhost/Team/issues/728

- Rewire is usually a sign of massive module that is impossible to unit test without mocking big parts of that module. With a refactored UpdateCheckService and a brand new test coverage there is no need to use rewire and leave the "smell"
2021-06-01 17:35:10 +04:00
Naz
a78e034643 Added update check notificaitons test coverage
refs https://github.com/TryGhost/Team/issues/728

- This is a continuation of the test coverage for the UpdateCheckService.
- Covers scpecial cases of notification processing within Update Check
- The refactor inside the update check service was a convenience to get rid or the Bluebird dependency completely. Also, some minor preventative code added to avoid errors from referencing undefined objects
2021-06-01 17:35:10 +04:00
Naz
e9cbf3451a Added update check data test coverage
refs https://github.com/TryGhost/Team/issues/728

- This is a continuation of the test coverage for the UpdateCheckService.
- Covers a basic check for what kind of data is sent from the service to external analytics
2021-06-01 17:35:10 +04:00
Naz
64e8d0287d Fixed config utils to return a usable instance of config
no issue

- It's sometimes needed to use the config uitl intance directly in the test. For example, like it's used in the update check tests
2021-06-01 17:35:10 +04:00
Naz
63c7d5aad1 Added test coverage from the "check" method
refs https://github.com/TryGhost/Team/issues/728

- This approach is moving away from stubbing and "rewiring" massive internal modules and instead only stubs needed dependencies for the UpdateCheckService class
- Also eliminates the need to depend on the database fixtures which should speed up test execution and move it to proper "unit test" class when the test rewrite is complete
2021-06-01 17:35:10 +04:00
Hannah Wolfe
0f42bbeac3
Moved acceptance test utils into own file
- starting and stopping Ghost is part of our rather unloved acceptance test framework
- moving them into their own file to make the different pieces clearer and also to start to make improvements
- first improvement had to happen as an aside - exposing the existingData property via a function and making the API clearer
- this was a weird thing set on module.exports, very hidden and hard to follow
- Note: stopGhost is only used once in the regression/modles/model_posts_spec.js file to make the test run fast enough...
- These tests are effectively "DB integration" tests e.g. non-unit tests because they do use the DB, they need their own framework
2021-06-01 13:17:45 +01:00
Fabien 'egg' O'Carroll
bdd7c0f821
Added {monthly,yearly}_price columns to products
refs https://github.com/TryGhost/Team/issues/710
refs https://github.com/TryGhost/Team/issues/725

Products will now have a single monthly and yearly price which will be
used throughout Themes, Portal & Admin. These columns will be used to
track the current prices for each of them, and will update anytime we
change the pricing of a product.

Due to a circular table dependency we have not added a foreign key
constraint to the new columns, this will be handled at a later date. It
is tracked in issue 725 references above
2021-06-01 09:38:15 +01:00
Hannah Wolfe
d0c54afd4e
Used consistent patterns in acceptance tests
- use testUtils.startGhost() directly
- use async+await for tests
- simplify tests down using expect(fn) to make them more readable
- don't require config directly
- removed TODO which is no longer valid
- All this is essentially ground work before introducing a better framework for running acceptance tests
2021-05-27 17:54:08 +01:00
Hannah Wolfe
52eb6c3f4b
Removed unused testUtils data
- these users are not used by any tests, therefore they can be removed
2021-05-27 17:44:08 +01:00
Hannah Wolfe
03bf1c9671
Moved useful subdir and https tests to acceptance
- These tests protect some advanced, yet important behaviour around URLs
- Moved them out of regression tests into acceptance, as we're slowly trying to clean up regression tests :)
2021-05-27 14:49:28 +01:00
Hannah Wolfe
ed5fa4d3ad
Reduced + improved subdirectory regression tests
- Checking for differences in behaviour when urls are configured with or without slashes should fall to unit testing
- Generally testing that a correctly configured subdirectory site does what's expected is an acceptance test
- Ghost's 301 to trailing slash behaviour is also well tested, and doesn't need extensive acceptance tests when using a subdir
- Instead, test that the non-subdirectory equivalent route is 404ing as expected, to check that routes are ONLY mounted on the subdir, as well as mounted at all
2021-05-27 14:49:28 +01:00
Naz
158652b117 Refactored and fixed GhostMailer unit tests
refs a1556797b6

- The test was using an outdated syntax which broke after migration to async/await in the tested funciton
- Updated test is much more readable and should handle promise rejections (async function throws) universally
2021-05-27 13:14:30 +04:00
Naz
df4df2a4aa Added admin email for UpdateChecker's alerts
refs https://github.com/TryGhost/Team/issues/726

- When UpdateCheck service sends a notification with "type: 'alert'" an email goes out to admin users with the "message" content of the notification.
- This functionality is aimed to handling critical messages like urgent instance updates
- Next step will be getting as much of the update check code extracted into a "service" and then moved out of Ghost's codebase
2021-05-27 13:12:28 +04:00
Rishabh Garg
36803a4290
🐛 Fixed incorrect @price.currency value in themes (#12987)
closes https://github.com/TryGhost/Ghost/issues/12986
refs 1345268089

As part of changes in 4.6, the default price ids for monthly/yearly prices are stored in new settings - `members_monthly_price_id`, `members_yearly_price_id` - which are used to determine current active prices for the site from list of all existing prices. While the last commit updated the prices to use the settings, the data for currency was still used from non-zero prices instead of the new settings value.

- Updated tests to check price currency
2021-05-27 10:49:35 +05:30
Rishabh Garg
1345268089
🐛 Fixed incorrect price data in themes (#12985)
closes https://github.com/TryGhost/Ghost/issues/12980
closes https://github.com/TryGhost/Team/issues/730

As part of changes in 4.6, the default price ids for monthly/yearly prices are stored in new settings - `members_monthly_price_id`, `members_yearly_price_id` - which are used to determine current active prices for the site from list of all existing prices. The `@price` helper was incorrectly still relying on the old logic for active monthly/yearly price using the first active price with matching nickname, and resulted in showing incorrect price data on the theme.

- Updated tests to check price data using settings value
2021-05-26 22:58:26 +05:30
Hannah Wolfe
bea04e437d
Upgraded no-skipped-test rule to error
refs: 895bffec1f

- Allowing tests to be skipped masks issues where people temporarily skip tests to fix later and accidentally commit
- Converting this to an error allows us to see when this happens easily
- In future, when we're done with the dance of using ESLint rules to signpost codebase improvements, we may want to downgrade this back to a warning
- This would enable us to have deliberate, temporarily skipped tests in the codebase, if there's a usecase for that with pushing to main regularly
2021-05-26 14:57:43 +01:00
Hannah Wolfe
49f20820ef
Fixed & unskipped subdirectory tests w/ new boot
refs: f1be3418d9

- Since I refactored the boot process & subsequently the test tools, I have been hitting an issue where subdirectory tests don't work if the app has already been started without a subdirectory
- Turns out it's due to the rootApp getting cached, and not replaced no matter what you do, even though if you debug it _looks_ like it's been replaced
- This makes sense as the rootApp is in a separate file and therefore subject to the node module cache and we're using const everywhere
- Therefore, I have added a single line to the test utils to destroy this cache for this file, and the tests now work perfectly
- Next: refactor the test utilities some more to make all this much, much more straightforward and easy to understand
2021-05-26 14:31:21 +01:00
Naz
e370d33378 Refactored scheduling index files into class/initializer pattern
refs https://github.com/TryGhost/Team/issues/694

- This refactor is not ideal but moves us closer to the desired form of class with injectable (and testable) parameters. Allowed to refactor the test slightly so at least we can check if schedulerd  subscribed events work and if they trigger the adapter with correct data
- Ideally the api/model calls shoudl be abstracted away as well, but that's for another time
- Also got rid of completely pointless "adapters/scheduling" unit test. All it was checking was if the "init" method was called int the passe in object
2021-05-25 22:32:41 +04:00
Fabien O'Carroll
b3aff29a3e Fixed tests for auth service mmbers auth
no-issue

These tests were previously skipped due to the NONE algorithm tests
failing. These were failing for good reason, we do NOT want the none
algorithm to be accepted. The tests have been updated to reflect that,
and unskipped.
2021-05-24 11:36:35 +01:00
Fabien O'Carroll
2b5e22524b Fixed Stripe customer model tests
no-issue

These tests were skipped out due to adding with the subscriptions
relation not working. However this functionality is redundant, as it is
not used anywhere. The tests have been updated to test that we can read
the subscriptions relation correctly.
2021-05-24 11:28:15 +01:00
Fabien O'Carroll
e106a1b137 Removed tests dependent on stripe mocking
no-issue

We no longer want to include skipped tests in the codebase. These tests
were added as placeholders until a point at which we were able to mock
Stripe.

We haven't got time during cleanup to mock Stripe so removing these
tests for now.
2021-05-24 11:26:45 +01:00
Naz
ae85b92899 Unskipped and fixed a test suite for post models' findPage
refs https://github.com/TryGhost/Team/issues/694

- Unskipping the test does not seem to be causing a failure any longer. Removed the skip as it would be causing linting errors as we tighten up the `.skip` rules
2021-05-24 22:19:17 +12:00
Naz
48d5d4c93d Refactored scheduling tests logic using async/await
refs https://github.com/TryGhost/Team/issues/694

- The previous `.then` chaining was outdated, while in this part of code did a tiny cleanup which should improve future maintenance slightly
2021-05-24 13:20:11 +04:00
Naz
ba50241fde Refactored scheduling tests setup using async/await
refs https://github.com/TryGhost/Team/issues/694

- The previous `.then` chaining was outdated and was causing 2x ghost instance initialization per test suite
- With a refactor there's only one intance initialization per suite (saves running time!) and we use more readable async/await syntax, which should make things more maintainable
2021-05-24 13:11:33 +04:00
Naz
46ef52cc7d Unskipped Schedules API tests
refs https://github.com/TryGhost/Team/issues/694

- The tests were skipped and were throwing an eslint warning, which soon will become an error.
- They were skipped initially as they used an outdated authorization mechanism. With migration to token based auth the tests are green again
2021-05-24 12:59:52 +04:00
Naz
7ea91df628 Fixed skipped test for fetching setting by group
no issue

- The test was skipped, which should not have been commited into the trunk in the first place. The checks were reworked to reflect the reality - the endpoint ignores the "group" qurey parameter
2021-05-24 11:39:14 +04:00
Hannah Wolfe
7658572a7d
Removed ancient paged routing tests
- these are slow, and we have unit tests in place to ensure that routing works correctly
2021-05-21 20:09:42 +01:00
Hannah Wolfe
9c6466c4ed
Removed other ancient skipped storge test
- My IDE "fixed" this skipped test by unskipping it without me realising when I removed the other one 🙈
2021-05-21 19:53:38 +01:00
Hannah Wolfe
b749fed5b9
Removed ancient skipped storage test
- this has been skipped for 4 years, it must not be needed :D
2021-05-21 19:48:34 +01:00
Naz
5680c93b83 Added exporter fields integrity check
refs https://github.com/TryGhost/Team/issues/610

- When either schema or default settings changes it's often forgotten to check if exporter handles updated tables/keys properly
- These tests are meant to serve as a reminder to check exporter and modify what's needed when changes are introduced into schema/default settings
2021-05-21 19:13:55 +04:00
Fabien O'Carroll
1d36afbc41 Updated dynamic whitelist from schema to static array
no-issue

This protects our tests against changes to the database schema, which
helps us decouple the API from the database, and make tests less
brittle. It also forces us to manually update the tests if we do make a
change to the API!
2021-05-19 18:49:18 +01:00
Fabien O'Carroll
5880edd722 Replaced members 'comped' status with 'paid'
refs https://github.com/TryGhost/Team/issues/693

Since we've got rid of the concept of Complimentary with the Custom
Prices work, we're removing the 'comped' status from members. This
involves a migration for existing members, a schema update for the
validation, and a bump to members-api to no longer use the 'comped'
status for new members.

We also update the aggregation of the MemberStatusEvent to consider the
'comped' status as 'paid', and that there are 0 'comped' status events
in the database.

We can consider a migration for this data in the future, either adding
new status events moving from 'comped' to 'paid', or by modifying
existing status events. However both of these are very difficulty to
write a down migration for, and might be best saved for a major version.

- @tryghost/members-api@1.7.0 is the version that includes the required
  changes, however we have already bumped to 1.8.0 in Ghost
2021-05-19 18:49:18 +01:00
Fabien O'Carroll
57a176ff3d Removed comped flag from canary Members Admin API
refs https://github.com/TryGhost/Team/issues/693

Since we no longer have a concept of "comped" we're removing the flag
from the unstable canary api.
2021-05-19 18:49:18 +01:00
Rishabh
a4c78dbf19 🐛 Fixed error on saving member with susbcriptions
closes https://github.com/TryGhost/Team/issues/699

With custom products, saving a member with subscriptions on member detail page in Admin throws errors on console, though the save is successful. This breaks the Admin as user needs to refresh the screen again to get rid of error. This change -

- updates the response on member save to return `price` object in subscription
- updates tests
2021-05-19 22:32:15 +05:30
Rishabh
4627d1c26a Added settings for monthly/yearly price ids
no refs

Since backend now allows multiple prices but we want the prices to be currently limited to monthly/yearly on UI, we need new settings to store the current monthly/yearly price by the site owner. These settings determine the active prices shown in Admin / Portal for the site till we allow all custom products/prices again.
2021-05-18 13:34:31 +05:30
Naz
02ea81fdda Removed dead code
refs d698a2b431

- This code is not needed since the switch to "allowlist" approach
2021-05-13 16:20:28 +04:00
Naz
d698a2b431 Finished refactor of content utils in acceptance suite
refs 06dd9bac59

- This is a continuation of the work started in the refed commit. In short: allowlisting response checks wherever possible
- The file is now "schema" depencency free. Should serve as an example for other test "utils" modules.
2021-05-13 16:19:33 +04:00
Naz
255b4da7a2 Removed unused test utils modules
no issue

- This is dead code!
2021-05-13 15:41:27 +04:00
Naz
d98f76b18c Refactored test utils "post" properties
refs 06dd9bac59
refs https://github.com/TryGhost/Team/issues/687

- This is a continuation of the work started in the refed commit. In short: allowlisting response checks wherever possible
2021-05-13 15:41:27 +04:00
Rishabh
c6eafeb89b Updated tests for member endpoint
refs https://github.com/TryGhost/Team/issues/560
refs 196cdafe6b

Last commit updated the response status for member endpoint  - `/members/api/member` - from 401 to 204. This change updates the test to handle new response code.
2021-05-13 15:35:14 +05:30
Naz
eb7e4bb815 🐛 Fixed frontmatter-related validation error
refs https://github.com/TryGhost/Team/issues/687

- The frontmatter field has leaked into the API layer unintentionally when it was introduced into the DB schema during 4.0 release.
- The fix add the field to "trim" list in all API. A proper validation and handling will be add per API as usecase for the field becomes clear
2021-05-13 12:14:05 +04:00
Naz
06dd9bac59 Refactored post resource Admin API test utils
refs https://github.com/TryGhost/Team/issues/687

- The approach of generating validation properties using `/server/data/schema` package's tables object is prone to leaking unwanted database fields into API responses
- This refactor takes a tiny step into direction of relying on "allowlist" approach for properties in the API response resources.
- Apart from solving the described property leak problem it also moves toward decoupling tests from `/core/server` dependencies!
2021-05-12 18:15:54 +04:00
Kevin Ansfield
c36e749820
Added support for gating content by member labels and products (#12946)
refs https://github.com/TryGhost/Team/issues/581
closes https://github.com/TryGhost/Team/issues/582

Emails can now be sent to members with specific associated labels or products by specifying an NQL string. We want to bring the same members segment feature to content by allowing `visibility` to be an NQL filter string on top of the `public/members/paid` special-case strings.

As an example it's possible to set `posts.visibility` to `label:vip` to make a post available only to those members with the `vip` label.

- removed enum validations for `visibility` so it now accepts any string or `null`
    - bumped `@tryghost/admin-api-schema` for API-level validation changes
- added nql validation to API input validators by running the visibility query against the members model
- added transform of NQL to special-case visibility values when saving post model
    - ensures there's a single way of representing "members" and "paid" where NQL gives multiple ways of representing the same segment
    - useful for keeping theme-level checks such as `{{#has visibility="paid"}}` working as expected
- updated content-gating to parse nql from post's visibility and use it to query the currently logged in member to see if there's a match
    - bumped @tryghost/members-api to include label and product data when loading member
2021-05-10 19:32:11 +01:00
Rishabh
3d9d2b7974 Fixed settings integrity spec
refs c199918465

Fixes integrity spec with last commit's change
2021-05-10 18:54:47 +05:30
Rishabh
2497af0072 Updated default description for free price
refs https://github.com/TryGhost/Team/issues/671

When turning on custom products, existing sites should have default price descriptions that match existing values for prices. This change sets the default description for Free price to match existing hardcoded value.
2021-05-10 14:19:02 +05:30
Hannah Wolfe
895bffec1f
Enabled no-skipped-tests eslint rule [warn]
- Not sure why, but this is set to off in our base plugin
- It masks issues where people have temporarily skipped tests to fix later and then forgot
- Enabling this to allow us to review all those places, but we should also try to leave it on and set to error
2021-05-07 19:24:23 +01:00