Commit Graph

116 Commits

Author SHA1 Message Date
Fabien O'Carroll
cb72835af1 Removed support for id specific permissions
ref ENG-728
ref https://linear.app/tryghost/issue/ENG-728

This is not used anywhere, and makes the code more complicated, it's a good
step toward simplifying permissions and pulling them out of the database.
2024-03-21 00:21:40 +07:00
Aileen Booker
f16d9802d0 Added ability to pass minThreshold for Milestone Slack notifications
closes ENG-632

- This listens to a new property in the `milestones` config to set a minimum value of Milestones we wanna use the Slack notification service for
2024-03-14 12:06:43 -04:00
Aileen Booker
c4912665e5 Removed DomainEventsAnalytics
closes CA-11

- Segment events in Ghost core are not used currently
2024-01-30 13:58:22 -04:00
Simon Backx
7d0be3f1a9
Improved sending email addresses for self-hosters (#19617)
ref https://github.com/TryGhost/Ghost/issues/12802
fixes DMA-27

- You can choose any support and newsletter email address in the UI
without verification (as long as your SMTP-server / Mailgun can send
from it)
- All emails will use the mail.from config as the from address as a
default:
- Staff notification emails no longer use the made up ghost@domain email
address
    - Newsletters no longer default to 'noreply@domain' 
- Member related emails (signin/signup/comment notifications...) will
continue to be send from the chosen support address (Portal settings →
Account page), but will now default to the mail.from config instead of
noreply@domain if no support address is set.
2024-01-30 11:21:08 +01:00
Simon Backx
eb063f7a40
Fixed clearing invalid sender_email when changing newsletter sender_reply_to (#19555)
fixes PROD-102

When a newsletter has a sender_email stored in the database that Ghost
is not allowed to send from, we no longer return it as sender_email in
the API. Instead we return it as the sender_reply_to. That way the
expected behaviour is shown correctly in the frontend and the API result
also makes more sense.

In addition to that, when a change is made to a newsletters reply_to
address we'll clear any invalid sender_email values in that newsletter.
That makes sure we can clear the sender_reply_to value instead of
keeping the current fallback to sender_email if that one is stored.

On top of that, this change correclty updates the browse endpoint to use
the newsletter service instead of directly using the model.
2024-01-23 16:10:11 +01:00
Aileen Booker
75874151fd Removed ModelEventsAnalytics
refs https://linear.app/tryghost/issue/BIZ-6/[wip]-update-segment-events

- With the removal of the `integration.added` event, we have no more model events remaining to listen to for our analytics
- Removal of the function entirely seems the easier and more straightforward way
2024-01-18 10:29:56 -04:00
Aileen Booker
e4b9305e2a Removed unneeded analytics for model events
refs https://linear.app/tryghost/issue/BIZ-6/[wip]-update-segment-events

- Removed model events to listen to: `post.published`, `page.published`, and `theme.uploaded` in segment service,  as we're not actively using those.
- Updated tests to reflect the changes (from 4 events to 1 model event)
2024-01-18 10:29:56 -04:00
Michael Barrett
1263cf148e
Updated Sentry env to use PRO_ENV when available (#19441)
refs
[ARCH-33](https://linear.app/tryghost/issue/ARCH-33/fix-sentry-environment)

To ensure that we are correctly identifying the environment that data is
being sent to Sentry from, we can use the `PRO_ENV` environment variable
if it is available. This will be set to `production` in production and
`staging` in staging. If `PRO_ENV` is not available, we will fall back
to retrieving the environment from config (`env`)
2024-01-05 12:10:39 +00:00
Simon Backx
3687feca07
Updated support email address verification for DMARC changes (#19147)
fixes GRO-71

- Current flow: unchanged
- New managed flow: verification required
- New managed flow with custom sending domain: only verification
required for different domains
- Self hosters (feature flag): no verification required
2023-11-28 15:06:58 +01:00
Simon Backx
17ec1e8937
Added email address alignment protections (#19094)
ref GRO-54
fixes GRO-63
fixes GRO-62
fixes GRO-69

When the config `hostSettings:managedEmail:enabled` is enabled, or the
new flag (`newEmailAddresses`) is enabled for self-hosters, we'll start
to check the from addresses of all outgoing emails more strictly.

- Current flow: nothing changes if the managedEmail config is not set or
the `newEmailAddresses` feature flag is not set
- When managedEmail is enabled: never allow to send an email from any
chosen email. We always use `mail.from` for all outgoing emails. Custom
addresses should be set as replyTo instead. Changing the newsletter
sender_email is not allowed anymore (and ignored if it is set).
- When managedEmail is enabled with a custom sending domain: if a from
address doesn't match the sending domain, we'll default to mail.from and
use the original as a replyTo if appropriate and only when no other
replyTo was set. A newsletter sender email addresss can only be set to
an email address on this domain.
- When `newEmailAddresses` is enabled: self hosters are free to set all
email addresses to whatever they want, without verification. In addition
to that, we stop making up our own email addresses and send from
`mail.from` by default instead of generating a `noreply`+ `@` +
`sitedomain.com` address

A more in depth example of all cases can be seen in
`ghost/core/test/integration/services/email-addresses.test.js`

Includes lots of new E2E tests for most new situations. Apart from that,
all email snapshots are changed because the from and replyTo addresses
are now included in snapshots (so we can see unexpected changes in the
future).

Dropped test coverage requirement, because tests were failing coverage
locally, but not in CI

Fixed settings test that set the site title to an array - bug tracked in
GRO-68
2023-11-23 10:25:30 +01:00
Simon Backx
986296cac9 🐛 Fixed unsubscribe button requiring manual action + wrong confirmation
fixes https://github.com/TryGhost/Product/issues/4118

The newsletter uuids were not passed when fetching all the members current newsletters. Therefore, Portals logic broke to remove all newsletters that matched the uuid that was passed to the unsubscribe link. No newsletters were removed, still the notification toast said that the member was unsubscribed from the newsletter.
2023-11-08 15:05:47 +01:00
Michael Barrett
213e54aa71
Fixed error caused by uploading empty redirects YAML file (#18820)
no refs

Fixed error caused by uploading empty redirects YAML file:

```
Cannot read properties of undefined (reading '302')
```

This error was occurring due to `yaml.load` returning `undefined` when
the provided yaml file was empty. I've made the check on the return
value of `yaml.load` stricter (i.e we only want an `object`) to prevent
this error from occurring.
2023-11-02 08:17:52 +00:00
Jono M
81d2fa09da
Redesigned Admin settings (#18545)
refs https://github.com/TryGhost/Product/issues/3832

Last piece of cleanup, removing the old feature flag. See
https://github.com/TryGhost/Ghost/pull/18360 for the commit that
actually switched over the routes.
2023-10-10 07:37:01 +01:00
Steve Larson
dcb9bfa7fc
Support twitter embeds using x as host (#18550)
closes TryGhost/Product#4017
- fixed users reporting x.com not creating twitter embed
2023-10-09 15:55:26 -05:00
Daniel Lockyer
500507ff21 Moved labs unit test to correct folder
refs https://github.com/TryGhost/DevOps/issues/72

- labs.js is in the shared folder, so I've moved it to the corresponding
  folder to make understanding the tests easier
2023-09-25 11:24:32 +02:00
Ronald Langeveld
851504030c
Added Support Email verification modals to Admin X (#18152)
refs
https://www.notion.so/ghost/df5bdea8f7ea4aca9d25eceb6a1bf34c?v=be2f15b6b58b4c27a0e11374282bead0&p=163762d9513a4e6dbd60c28e19228fdc&pm=s

- Added a modal to confirm that the new support email has been verified.
- to achieve that a couple of adjustments had to be made
- Updated the RoutingProvider to handle routes with query params.
- Added a new useQueryParams hook to grab query params where needed.
- wired up the email verification api.
- added feature flags / labs logic to the core package with the new URL and updated test.

---

<!-- Leave the line below if you'd like GitHub Copilot to generate a
summary from your commit -->
<!--
copilot:summary
-->
### <samp>🤖 Generated by Copilot at 3ff8add</samp>

This pull request adds email verification functionality for the support
email address in the portal settings. It fixes a bug in the routing
provider, adds a new API function, a new custom hook, and a new modal
component to handle the verification process. It also updates the
settings query with the verified email address.
2023-09-15 16:00:24 +07:00
Simon Backx
841e52ccfe
Added donations API (#17495)
refs https://github.com/TryGhost/Product/issues/3648

- Refactored Members API RouterController.createCheckoutSession: Split the method into smaller parts so we can reuse individual parts for the upcoming donation checkout session.
- Wired up donation checkout creation
- Added donation events
2023-07-31 16:00:52 +00:00
Aileen Booker
eb303ec221 Fixed Segment event named wrong 2023-07-24 15:49:33 +01:00
Naz
382d7fa25f Removed unused collections repositories
no issue

- These repositories were leftover from first phases of collections development. Not needed any longer as we have more specialized bookshelf repositories in the core code
2023-07-14 14:20:37 +08:00
Michael Barrett
6f5baca849
Add endpoint to record mail events (#16990)
refs https://github.com/TryGhost/Team/issues/3319
2023-06-23 12:22:01 +01:00
Hannah Wolfe
6161f94910
Updated to use assert/strict everywhere (#17047)
refs: https://github.com/TryGhost/Toolbox/issues/595

We're rolling out new rules around the node assert library, the first of which is enforcing the use of assert/strict. This means we don't need to use the strict version of methods, as the standard version will work that way by default.

This caught some gotchas in our existing usage of assert where the lack of strict mode had unexpected results:
- Url matching needs to be done on `url.href` see aa58b354a4
- Null and undefined are not the same thing,  there were a few cases of this being confused
- Particularly questionable changes in [PostExporter tests](c1a468744b) tracked [here](https://github.com/TryGhost/Team/issues/3505).
- A typo see eaac9c293a

Moving forward, using assert strict should help us to catch unexpected behaviour, particularly around nulls and undefineds during implementation.
2023-06-21 09:56:59 +01:00
Aileen Booker
d27bb8f075 Added new Stripe events to DomainEventsAnalytics
no issue

- We need to send information about Stripe being enabled or disabled in live mode to analytics
- This hooks up the Domain events listeners in the analytics service and processes this information accordingly
2023-06-14 08:18:19 -04:00
Daniel Lockyer
af8c0dc7a5 Prevented registering multiple Slack event listeners
refs https://github.com/TryGhost/Toolbox/issues/592

- in tests, we boot Ghost over and over
- this inits all the services each time
- it turns out that the Slack event listener is registered 80+ times
- to prevent this, we can check if it has already been registered, like
  we do with webhooks: 4639396c3a/ghost/core/core/server/services/webhooks/listen.js (L67-L69)
- not sure about this pattern in general, but it's something we can
  review in coming weeks
2023-06-12 15:04:11 +02:00
Fabien 'egg' O'Carroll
92172aca8e
Wired up collections to posts endpoint (#16945)
- Added support for `include=collections` to the Posts Admin API behind a flag
- Refactored some of the collections work to support it
2023-06-07 15:06:15 +02:00
Aileen Booker
9372124d61 Decouple sentry from analytics events handlers by expecting general exception handler
no issue

- The class should not rely on being passed a specific dependency, but rather needs to communicate with types what structure and method it needs to function correctly.
- Replaced the specific dependency to `sentry` with a generic definition of what is expected.
2023-06-07 09:00:49 -04:00
Aileen Booker
5db1950090 Added tests ModelEventsAnalytics
no issue

- Added full unit tests for `ModelEventsAnalytics` class
2023-06-07 09:00:49 -04:00
Aileen Booker
6efc1cce82 Added JSDoc types and inject more deps for DomainEventsAnalytics
no issue
2023-06-07 09:00:49 -04:00
Aileen Booker
591ca2c9bf Added first test structure for ModelEventsAnalytics
no issue

- The added `ModelEventsAnalytics` class didn't have tests before the refactor. Added unit tests to verify functionality.
2023-06-07 09:00:49 -04:00
Aileen Booker
9b27804276 Added tests for DomainEventsAnalytics
no issue

- Added unit tests for newly added `DomainEventsAnalytics` class to verify intended functionality
2023-06-07 09:00:49 -04:00
Aileen Booker
2c4d9e2776 First pass on adding domainevents to segment service
no issue

- In order to listen to `DomainEvents` for `MilestoneCreatedEvents` we need to add a `DomainEvents` listener and handler to the Segment analytics service.
- For better readability and to be more consistent with how code is currently written in Ghost, I refactored the service index file and split the two types of event listener into separate classes which is much cleaner and easier to test.
2023-06-07 09:00:49 -04:00
Naz
bdbd9327d9
Added built-in automatic featured collection
refs https://github.com/TryGhost/Team/issues/3376

- When the Ghost instance is initialized it has to have a set of built-in collections. With these changes Ghost starts with a "featured posts" collection - available to be used right away.
2023-06-06 12:41:37 +07:00
Naz
87df8754ee Moved bookshelf posts repository to core
refs https://github.com/TryGhost/Team/issues/3260

- Moved the posts bookshelf repository into core codebase where it should belong.
2023-05-31 22:55:35 +07:00
Michael Barrett
cde30eb469
🐛 Fixed issue where single letter product slugs cause 500 error (#16821)
refs https://github.com/TryGhost/Team/issues/3224

When a product has a slug that is a single letter, checking if a user
had access to view a post associated with that product would cause a 500
error. The underlying cause of this issue is
https://github.com/TryGhost/NQL/issues/20 This fix circumvents this
issue by providing a value that the nql lexer will not error out on
2023-05-18 09:38:30 +01:00
Fabien "egg" O'Carroll
08597b47ba Added unit test for TiersRepository
We were completely missing tests for this, and the new logic pushed us under
the coverage threshold.
2023-05-12 16:38:32 -04:00
Fabien "egg" O'Carroll
6ab862568c Used TierRepository in serializers
We want to cache access to Tiers, and it's easier to do that in the
TierRepository. So we update a heavy user of Tiers to use the Tier
service so it can take adv of caching. The serializers are a big
offender for making calls to fetch Tiers.
2023-05-12 16:38:32 -04:00
Fabien "egg" O'Carroll
104f84f252 Added eslint rule for file naming convention
As discussed with the product team we want to enforce kebab-case file names for
all files, with the exception of files which export a single class, in which
case they should be PascalCase and reflect the class which they export.

This will help find classes faster, and should push better naming for them too.

Some files and packages have been excluded from this linting, specifically when
a library or framework depends on the naming of a file for the functionality
e.g. Ember, knex-migrator, adapter-manager
2023-05-09 12:34:34 -04:00
naz
70ae3efd5c
Update email mock receive (#16578)
refs TryGhost/Team#2691

- The bump adds possibility to make email's html/text snapshots with dynamic content. The breaking change here is with separate "matchPlaintextSnapshot" method extracted out of "matchMetadataSnapshot" to handle dynamic content in "text" part of the sent email.
2023-04-06 17:24:23 +02:00
Rishabh
ace4d17b3e Updated unit tests for frontend member data 2023-04-04 23:51:45 +05:30
Simon Backx
d0042b550a
Fixed redirecting back to account home after sign in in Portal (#16487)
refs https://github.com/TryGhost/Team/issues/2674

When going to /#/portal/account when not signed in, you are redirected
to the login page. But once signed in, you aren't redirected back to the
account page. This fixes this issue by adding an extra and optional
redirect parameter when requesting a magic token via email.

This new parameter allows to override the default behaviour of using the
Referer HTTP header, which doesn't include the hash/fragment part of the
URL.

The referrer is already restricted to only allow redirects to the site,
not external URLs.
2023-04-04 18:07:37 +02:00
Aileen Nowak
37383fde90 Moved Milestone emails to GA
- Moves Milestone emails from public beta to GA Moved Milestone emails to GA

- Moves Milestone emails from public beta to GA Moved Milestone emails to GA

- Moves Milestone emails from public beta to GA Moved Milestone emails to GA

- Moves Milestone emails from public beta to GA Moved Milestone emails to GA

- Moves Milestone emails from public beta to GA Moved Milestone emails to GA

- Moves Milestone emails from public beta to GA Moved Milestone emails to GA

- Moves Milestone emails from public beta to GA Moved Milestone emails to GA

- Moves Milestone emails from public beta to GA Moved Milestone emails to GA

- Moves Milestone emails from public beta to GA
2023-03-23 17:35:23 +00:00
Sam Lord
47d9b4a51d Fixed errors being logged by unit tests
refs: https://github.com/TryGhost/Toolbox/issues/389
2023-03-22 16:25:23 +00:00
Aileen Booker
8d290c4560
Milestone emails templates and sending implementation (#16318)
refs
https://www.notion.so/ghost/Marketing-Milestone-email-campaigns-1d2c9dee3cfa4029863edb16092ad5c4?pvs=4

- Added email template for milestones with using a configuration file
for different member milestone values, as we're sending different
content for each one
- Implement sending the email to users who have
`milestone-notifications` enabled, currently still behind a flag

Co-authored-by: Peter Zimon <peter.zimon@gmail.com>
2023-03-21 13:39:40 +00:00
Simon Backx
a5dff4207e Moved posts service to its own package
fixes https://github.com/TryGhost/Team/issues/2778

It is easier to add extra classes using the latest patterns if it has its own package.
2023-03-20 16:06:42 +01:00
Sanne de Vries
1b0adcf4ab Fixed missing stub for DNS in GhostMailer Direct tests
- without this, Node will try and resolve the domain name but local DNS
  resolvers can take a while to timeout, which causes the tests to timeout
- `nodemailer-direct-transport` calls `dns.resolveMx`, so if we stub that
  function and return an empty array, we can avoid any real DNS lookups
2023-03-17 18:16:30 +01:00
Simon Backx
a6654b5e6c Updated GhostMailer Direct unit tests to async await style
no issue

Tests were timing out for some users, probably because not all errors are caught.
2023-03-17 17:34:01 +01:00
Daniel Lockyer
89493893d1 Removed all unused variables from test files
- this cleans up all imports or variables that aren't currently being used
- this really helps keep the tests clean by only allowing what is needed
- I've left `should` as an exemption for now because we need to clean up
  how it is used
2023-03-10 14:29:55 +01:00
Simon Backx
3d89dbb775 Fixed whistelisted domains in Playwright tests and network connectivity
no issue

- Nock doesn't support multiple calls to enableNetConnect -> only the last one counts. This fixes that issue.
- Some tests interacted directly with nock instead of using the mockManager to restore everything.
2023-03-08 12:40:21 +01:00
Simon Backx
38de815d98
Removed old email flow (#16349)
fixes https://github.com/TryGhost/Team/issues/2611

The old email flow is no longer used since we introduced the email stability flow. This commit removes the related code and tests. The general test coverage decreased a bit as a result, because the old email flow probably had a high test coverage. The new flow is in separate packages, so it couldn't contribute to a higher test coverage (but it does have 100% unit test coverage).
2023-03-07 16:08:40 +01:00
Simon Backx
f50224f445
Improved network access and mocking in tests (#16371)
refs https://github.com/TryGhost/Team/issues/2667

Some tests still accessed the internet. Now network access is disabled
by default. This change also introduces two helper methods related to
networking (mocking Slack and Mailgun).

This fixes two unreliable tests:
- Staff service was accessing a Slack test API -> timeout possible
- MentionSendingService was trying to send webmentions for every post
publish/change -> possible timeouts and job issues
2023-03-07 13:20:28 +01:00
Sam Lord
472e52a536 Made URL class warn on duplicate URLs in the test suite
refs: https://github.com/TryGhost/Toolbox/issues/389

Instead of logging errors, this will warn when adding a duplicate URL in the test environment.

At the moment, this is happening a lot in the test suite. While we also need to fix the root cause of this so we're not erroring in the product, it's a massive amount of spam in the logs when running the test suite which could prevent us from finding other errors which are causing issues.
2023-03-03 18:25:53 +00:00