Commit Graph

101 Commits

Author SHA1 Message Date
Sebastian Gierlinger
c8e8da4780 oAuth
closes #2759
closes #3027

- added oauth2orize library for server side oAuth handling
- added ember-simple-auth library for admin oAuth handling
- added tables for client, accesstoken and refreshtoken
- implemented RFC6749 4.3 Ressouce Owner Password Credentials Grant
- updated api tests with oAuth
- removed session, authentication is now token based

Known issues:
- Restore spam prevention #3128
- Signin after Signup #3125
- Signin validation #3125

**Attention**
- oldClient doesn't work with this PR anymore, session authentication
was
removed
2014-06-30 14:58:10 +02:00
Sebastian Gierlinger
1db0431e4d User API changes
closes #2822
- added destroy user method
- added remove user permission
- added API end point for get reset token
- added API end point for reset password
- added API end point for change password
2014-06-20 11:15:01 +02:00
Sebastian Gierlinger
a3665cd917 Merge pull request #2980 from jgable/lazyLoadDefaultSettings
Lazy load default settings
2014-06-17 21:52:34 +02:00
Jacob Gable
d37be6f098 Lazy load default settings
Closes #2061

- Lazy load the defaultSettings value in Settings model
- Populate individual defaults before read/edit
- Populate all defaults before first browse call
- Remove populateDefaults calls from init code
2014-06-17 10:36:47 -05:00
Jason Williams
9a9593536d Update when.js dependency to version 3.2.3 2014-06-16 04:11:22 +00:00
Hannah Wolfe
8eb602fd10 Merge pull request #2931 from sebgie/issue#2354
Allow schema changes
2014-06-13 20:05:56 +02:00
Sebastian Gierlinger
c09c20ad8d Allow schema changes
closes #2354
refs #1641

- added addUnique()
- added dropUnique()
- added addColumn() -> needed for #2330
- dropColumn() is missing due to lack of knex support
- further cleanup of the migrations module
2014-06-12 17:25:55 +02:00
jomahoney
c57bec7906 Change DB backup location
closes #2887
- Stores content files under /content/data/
2014-06-11 21:16:21 +01:00
Tim Griesser
f87e0d364d Bumping to Knex 0.6.12, Bookshelf 0.7.1 2014-06-10 17:07:53 -04:00
Jason Williams
d9c45b4967 Fix export of data during database migration
Closes #2927
-refactor exporter to export tables that exist in the
 database instead of keying off of schema.js
-move some shared database utility functions into their
 own module
2014-06-09 21:07:21 +00:00
William Dibbern
07df9911ce Export backup prior to migration
Closes #847
- Added logic to export database to the `core\server\data\` folder prior
to beginning a migration.
- Factored out versioning logic from migration to prevent circular
references
2014-05-31 18:56:09 -05:00
lennerd
bebafdc9a9 Refactore slug API for generating tag and post slugs.
Closes #2601
- Removed slug generation from the post API
- Added new, self-contained slug API
- Fixed slug permissions in the fixtures files
- Added a HTTP route for the new API method
- Added integrational tests
2014-05-26 10:07:05 +02:00
Hannah Wolfe
c02ebb0dcf Refactor API arguments
closes #2610, refs #2697

- cleanup API index.js, and add docs
- all API methods take consistent arguments: object & options
- browse, read, destroy take options, edit and add take object and options
- the context is passed as part of options, meaning no more .call
  everywhere
- destroy expects an object, rather than an id all the way down to the model layer
- route params such as :id, :slug, and :key are passed as an option & used
  to perform reads, updates and deletes where possible - settings / themes
  may need work here still
- HTTP posts api can find a post by slug
- Add API utils for checkData
2014-05-15 10:41:05 +01:00
Hannah Wolfe
4c0010db45 Merge pull request #2673 from halfdan/2592-tags-api
Implements new Themes JSON API
2014-05-14 16:31:36 +01:00
Sebastian Gierlinger
d1149a927b Fix validation
- fixed validation that broke when introducing error classes
- added a test
2014-05-14 15:30:46 +02:00
Fabian Becker
628654961a Implements new Themes JSON API
closes #2592
- Add themes browse/read endpoint
- Add new permissions for themes (only admin by default)
- Add integration tests
2014-05-14 11:23:42 +02:00
Sebastian Gierlinger
fd0f5a5028 Add distinct error classes
closes #2690
- added new error classes
- moved errorhandling.js to /errors/index.js
- changed API errors to use new classes
- updated tests
2014-05-09 12:11:29 +02:00
Sebastian Gierlinger
39e654e9c3 Change error message response
closes #2643
- added error type
- added error property for validations
- wrapped errors in an array
- returns multiple errors for validation
- updated tests and admin
2014-05-05 15:51:21 +02:00
Jacob Gable
7e9880ce8d Settings API Primary Document refactor
Closes #2606

- Refactor settings api responses to { settings: [ ] } format
- Update all code using api.settings to handle new response format
- Update test stubs to return new format
- Update client site settings model to parse new format into one object of key/value pairs
- Refactor to include all setting values
- Remove unused settingsCollection method
- Update settingsCache to store all attributes
- Update settingsResult to send all attributes
- Remove unnecessary when() wraps
- Reject if editing a setting that doesn't exist
- Reject earlier if setting key is empty
- Update tests with new error messages
- Use setting.add instead of edit that was incorrectly adding
- Update importer to properly import activePlugins and installedPlugins
- Update expected setting result fields
- Fix a weird situation where hasOwnProperty didn't exist 🤷
2014-04-30 23:15:27 -05:00
Sebastian Gierlinger
0bdfadd9d6 Changed boolean handling
closes #2638
- replaced format() with parse() to convert values when fetched
- changed validation from integer to boolean
- added checks to tests
2014-04-25 09:55:53 +02:00
Sebastian Gierlinger
61e94a6e8b Use current user in models
closes #2058
- fixed apiContext as suggested in the issue
- added user to options object for models
- added api.users.register() for public registration
- changed models to use options.user for created_by, updated_by,
author_id and published_by
- added override to session model to avoid created_by and updated_by
values
- added user (id: 1) to tests
- added user (id: 1) for registration
- added user (id: 1) for import, fixtures and default settings
- added user (id: 1) for user update
- added user (id: 1) for settings update (dbHash, installedApps, update
check)
- updated bookshelf to version 0.6.8
2014-04-16 18:20:09 +02:00
Fabian Becker
b8e8f63e44 Adds additional fields to apps schema.
fixes #2356
- Adds slug, version and status fields to apps schema
- Added fields to data generator
2014-04-16 18:16:10 +02:00
Sebastian Gierlinger
c0dc8e95d2 Add new permissions to fixtures
closes #2325
- added new permissions
- added relation to user roles
- added updateFixtures to migrateUp
- removed validation per model to fix tests
2014-04-16 18:16:10 +02:00
Fabian Becker
41cef386bc Implements Models & Data API for Apps
closes #2138
- Adds new models for AppField and AppSetting
- Removed permitted attributes from App model (handled by base)
- Added reference from Post to AppFields
- Added fixture data to DataGenerator
- Added integration tests for Apps, AppSettings, AppFields
- Added import for Apps
- Added app_fields to default fixtures
2014-04-16 18:14:56 +02:00
Fabian Becker
7b003beb17 Schema additions for apps.
fixes #2102
- Added app_settings, app_fields, app_fields_relations tables
2014-04-16 18:06:39 +02:00
Jacob Gable
9369dd3bf7 Add app permission checking to canThis
- Pass permissions loading to buildObjectTypeHandlers to eliminate
shared state
- Load both app and user permissions to check
- Check app permissions if present
- Create apps table and App model
- Move effectiveUserPermissions to permissions/effective
- Change permissable interface to take context; user and app.
- Add unit tests for app canThis checks and effective permissions
2014-04-16 18:06:39 +02:00
Mark Stacey
65b0968f40 Change validation for posts 'page' attribute.
issue #2305
- changed validation for 'page' to expect '0' or '1', rather than 'true' or
  'false'
- Added a 'can change a post to static page' test
- Added a 'can change a static page to a post' test
2014-03-04 17:59:00 -03:30
Jonathan Johnson
e4bb6d08cc Update validator to 3.4.0
Closes #1379

- Convert to new api usage for both server-side and client-side
- Provide way require a negative response for boolean methods in
  default-settings.json
- Add field validation functional tests
  - Settings (General)
    - Title length validation
    - Description length validation
    - postsPerPage, numeric, min, max
  - Settings (User)
    - Bio Length validation
    - Location length validation
    - Url validation
  - Login
    - Email validation
  - Editor
    - Title required validation
2014-03-04 13:54:24 -07:00
Fabian Becker
1a9e91f120 Replace JSLint with JSHint.
closes #2277
- Added ES6 linting to core/client/
- Fix typeof array comparison
2014-03-04 15:47:39 +00:00
Hannah Wolfe
708ba6f8b0 Merge pull request #2220 from sebgie/issue#1401
Add validation from schema.js
2014-02-28 23:04:04 +00:00
Sebastian Gierlinger
ae06239834 Fix problems from importing 0.4.0 file
fixes #2244
- added mysql ‚true’/‚false‘ values as ‚0‘/‚1‘
- removed all core settings from import
2014-02-25 20:15:32 +01:00
Sebastian Gierlinger
ac7f4f05c4 Add validation from schema.js
closes #1401
- added data/validation/index.js
- added generic validation for length
- added generic validation for nullable
- added validations object to schema.js for custom validation
- removed pyramid of doom from api/db.js
2014-02-19 18:32:23 +01:00
Fabian Becker
1124d9e4c0 Helper updates for Tag Pages
fixes #2112
refs #1833

- modified config.urlFor to handle tag pages

- modified {{#tags}} handlebars helper to autolink to
  tag pages. Additional autolink="false" parameter can
  be used to deactivate autolinking

- modified url handlebars helper to handle tags

- added isTag function to schema

- added unit test for additional urlFor functionality

- added unit test for {{#tags}} helper modifications

- added unit test for url handlebards helper
2014-02-13 18:32:08 +01:00
Harry Wolff
b066e732dd Adds support for additional permalink structures
fixes #2057

- uses express’ Route object to create RegExp’s
 that we use to check the incoming path
- refactored structure of fronted controller single
 tests to be easier to read
- amend regex to incorporate new allowed permalink
 structure
2014-02-10 12:07:43 -05:00
John-David Dalton
6eab7b3f92 Replace underscore with lodash. 2014-02-06 14:08:34 +00:00
Hannah Wolfe
199a92d9cb Merge branch '0.4-maintenance'
Conflicts:
	core/server/config/paths.js
	core/test/unit/config_spec.js
2014-01-26 16:11:02 +00:00
John O'Nolan
7ebd104f3f Rename 'plugins' to 'apps'
Fixes #1988
2014-01-21 15:45:27 +07:00
Hannah Wolfe
2aa7288777 Merge pull request #1948 from sebgie/issue#1932-1
Fix display update notification
2014-01-20 07:24:02 -08:00
Sebastian Gierlinger
03cbc89a53 Fix posts.html and posts.markdown field type
closes #1947
- added fieldtype: medium for posts.html
- changed fieldtype: medium for posts.markdown
- added method to fix databases created with wrong field type
- added tests for database version 002
2014-01-15 14:29:23 +01:00
Sebastian Gierlinger
fd4f3051e6 Fix display update notification
closes #1932

- added showUpdateNotification with version check
- added temp workaround for boolean values in database
- changed default value from false to null
- updated tests
2014-01-14 20:46:36 +01:00
Hannah Wolfe
dcf4b1e4e4 Add update notifications
closes #1464

- adds opt-out via updateCheck:false in config.js
- update check is done on admin index, but doesn't interfere with rendering
- adds update check module, which gets the usage data, makes the request and handles the response
- adds two new settings to default-settings, one for next check time, and one for whether to show the notification
- adds a new rejectError method to errorHandling
- adds a new helper for displaying the notification

Conflicts:
	core/server/helpers/index.js
	core/test/unit/server_helpers_index_spec.js
2014-01-07 08:20:08 +00:00
Paul
b90752114e fix table scan for pg migrations 2014-01-06 16:32:20 -03:00
Hannah Wolfe
af6137248d New URL helper - URL consistency fixes
fixes #1765
fixes #1811
issue #1833

New UrlFor functions

- moved body of url helper to config.path.urlFor, which can generate a URL for various scenarios
- urlFor can take a string (name) or object (relativeUrl: '/') as the first
  argument - this is the first step towards issue #1833
- also added config.path.urlForPost which is async and handles getting
  permalink setting
- frontend controller, ghost_head helper, cache invalidation all now use
  urlFor or urlForPost all urls should be correct and consistent

URL Consistency Improvements

- refactored invalidateCache into cacheInvalidationHeader which returns a
  promise so that url can be generated properly by urlForPost
- moved isPost from models to schema, and refactored schema to have a tables object
- deleted posts now return the whole object, not just id and slug,
  ensuring cache invalidation header can be set on delete
- frontend controller rss and archive page redirects work properly with subdirectory
- removes {{url}} helper from admin and client, and replaced with adminUrl
  helper which also uses urlFor
- in res.locals ghostRoot becomes relativeUrl, and path is removed
2014-01-06 15:15:48 +00:00
Hannah Wolfe
d50354dde3 Update import tool to be safe
closes #1681

- import doesn't override user credentials
- import doesn't override theme
- import doesn't kill session
- import does refresh the settings cache
- updated tests, they now use a fixture instead of a generated export
- tests check to ensure import is safe
2013-12-29 13:23:23 +00:00
Harry Wolff
32528de4a4 Allows disabling of timestamps when importing posts
fixes #1696

- this is a temp workaround until full fledged support
is added directly to bookshelfjs
- when importing we use the import json blob’s timestamps
as the value that’s set in the DB 
- added tests for this change
2013-12-26 15:29:16 -05:00
Hannah Wolfe
c518e14bfb Merge pull request #1687 from sebgie/issue#1685
Fix 'dbHash' not found
2013-12-20 04:36:44 -08:00
John O'Nolan
fd2a2ad037 Update Ghost logo image fixture 2013-12-19 15:21:26 +00:00
Nick Pfisterer
f7e63eecaa Update default fixture to give better direction
closes #1561
- altered perspective of intro paragraph to reading from the blog
instead of from the content page
- added copy directing users to sign in to the admin area at /ghost/ and
edit the post before reading the 'Getting Started' section
- this should give the Markdown lessons better context and avoid users
getting confused as to what 'the left hand panel of Ghost' is
2013-12-16 18:18:35 -08:00
Sebastian Gierlinger
7ae543289d Fix 'dbHash' not found
closes #1685
- changed dbHash initialization from db direct access to api access
- added dbHash to default-settings.json
- added dbHash to tests
2013-12-16 11:16:06 +01:00
Fabian Becker
0169f47752 Fix failing migration.reset for Postgres.
refs #1333
2013-11-26 23:10:31 +00:00