Commit Graph

537 Commits

Author SHA1 Message Date
Hannah Wolfe
02ca986ed7 🎨 Improve theme validation error messaging (#7253)
refs #7204

- Adds a new ThemeValidationError class
- This error has a top level message, but will also contain all the individual errors within the `errorDetails` property
- Updated the API error handling to return `errorDetails` if it is present
2016-08-24 14:45:54 +02:00
Katharina Irrgang
a91e54cf1a feature: theme upload/download/delete (#7209)
refs #7204

- added 3 new themes permissions
- change core/client
- add theme upload/download logic
- extended local file storage to serve zips
- added gscan dependency
- add ability to handle the express response within the api layer
- restrict theme upload to local file storage
- added 007 migration
2016-08-23 13:07:25 +01:00
Jesse Dijkstra
f546a5ce1d Remove open redirect by removing double slashes from redirects (#7247)
no issue

Double slashes are treated as a HTTP calls as specified in [RFC1801](http://www.ietf.org/rfc/rfc1808.txt). Because of this behaviour the uncapitalise created an open redirect. By removing double slashes in the path we ensure open redirects cannot be created.

As an example, please click the following URL: https://dev.ghost.org///Google.com/.

This issue  has been reported by pentesters of our product [LearningSpaces.io](http://learningspaces.io).
2016-08-23 13:47:59 +02:00
Aileen Nowak
a5c29dfc34 [FEATURE] AMP (#7229)
closes #6588, #7095

* `ImageObject` with image dimensions (#7152, #7151, #7153)
- Returns meta data as promise
    - returns a new Promise from meta data
    - uses `Promise.props()` to resolve `getClient()` and `getMetaData()`

- Adds 'image-size' util
The util returns an object like this
```
{
    height: 50,
    url: 'http://myblog.com/images/cat.jpg',
    width: 50
};
```
if the dimensions can be fetched and rejects with error, if not.
In case we get a locally stored image or a not complete url (like `//www.gravatar.com/andsoon`), we add the protocol to the incomplete one and use `urlFor()` to get the absolute URL. If the request fails or `image-size` is not able to read the file, we reject with error.
- adds 'image-size' module to dependencies
- adds `getImageSizeFromUrl` function that returns image dimensions

- In preparation of AMP support and to improve our schema.org JSON-LD and structured data, I made the following changes:
    - Changes the following properties to be `Objects`, which have a `url` property by default and a `dimensions` property, if `width` and `height` are available:
        - `metaData.coverImage`
        - `metaData.authorImage`
        - `metaData.blog.logo`
    - Checks cache by calling `getCachedImageSizeFromUrl`. If image dimensions were fetched already, returns them from cache instead of fetching them again.
    - If we have image dimensions on hand, the output in our JSON-LD changes from normal urls to be full `ImageObjects`. Applies to all images and logos.
    - Special case for `publisher.logo` as it has size restrictions: if the image doesn't fulfil the restrictions (<=600 width and <=60 height), we simply output the url instead, so like before.
    - Adds new property for schema.org JSON-LD: `mainEntityOfPage` as an Object.
    - Adds additional Open Graph data (if we have the image size): `og:image:width` and `og:image:height`
    - Adds/updates tests

* AMP router and controller (#7171, #7157)
Implements AMP in `/apps/`:
- renders `amp.hbs` if route is `/:slug/amp/`
- updates `setResponseContext` to set context to `['amp', 'post']` for a amp post and `['amp', 'page']` for a page, but will not render amp template for a page
- updates `context_spec`
- registers 'amp' as new internal app
- adds the `amp.hbs` template to `core/server/apps/amp` which will be the default template for AMP posts.
- adds `isAmpURL` to `post-lookup`

* 🎨 Use `context` in meta as array (#7205)
Instead of reading the first value of the context array, we're checking if it includes certain context values.
This is a preparation change for AMP, where the context will be delivered as `['amp', 'post']`.

*  AMP helpers (#7174, #7216, #7215, #7223)
- Adds AMP helpers `{{amp_content}}`, `{{amp_component}}` and  `{{amp_ghost_head}}` to support AMP:
- `{{amp_content}}`:
    - Adds `Amperize` as dependency
    - AMP app uses new helper `{{amp_content}}` to render AMP HTML
    - `Amperize` transforms regular HTML into AMP HTML
    - Adds test for `{{amp_content}}` helper
    - Adds 'Sanitize-HTML` as dependendy
    - After the HTML get 'amperized' we still might have some HTML tags, which are prohibited in AMP HTML, so we use `sanitize-html` to remove those. With every update, `Amperize` gets and it is able to transform more HTML tags, they valid AMP HTML tags (e. g. `video` and `amp-video`) and will therefore not be removed.
- `{{amp_ghost_head}}`:
    - registers `{{amp_ghost_head}}` helper, but uses `{{ghost_head}}` code
    - uses `{{amp_ghost_head}}` in `amp.hbs` instead of `{{ghost_head}}`
- `{{ghost_head}}`:
    - Render `amphtml` link in metadata for post, which links to the amp post (`getAmpUrl`)
    - Updates all test in metadata to support `amp` context
    - Changes context conditionals to work with full array instead of first array value
    - Adds conditionals, so no additional javascript gets rendered in `{{ghost_head}}`
    - Removes trailing `/amp/` in URLs, so only `amphtml` link on regular post renders it
    - Adds a conditional, so no code injection will be included, for an `amp` context.
- `{{amp_components}}`:
    - AMP app uses new helper `{{amp_components}}` to render necessary script tags for AMP extended components as `amp-iframe`, `amp-anime` and `amp-form`
    - Adds test for `{{amp_components}}`
2016-08-22 18:49:27 +02:00
Katharina Irrgang
356d6ea031 fix: error handling when login via test env (#7228)
no issue
- add error protection for login via test env
- extend route test: users_spec to get login with a different user working
2016-08-19 12:02:07 +01:00
Katharina Irrgang
97e955a55e fix: choose user when login from test env (#7213)
no issue

- pass userIndex when do testUtils.auth
2016-08-19 07:32:01 +01:00
Katharina Irrgang
663b410fd4 feature: upload validation middleware (#7208)
no issue

- Source out validation logic into a upload validation middleware for all upload types (csv, image, subscribers). This unit can be later used for Ghost 1.0 as a pre validation core unit. 
- More usage of route tests than controller tests. These are use case tests, a use case only changes if the product changes
2016-08-18 20:25:51 +01:00
Austin Burdine
58bb111c56 ensure static page edit route redirects to editor (#7169)
closes #7168
- double check that page matches the page format in post-lookup
- add tests
2016-08-08 09:42:04 +02:00
Austin Burdine
4305790151
fix test 301 issue 2016-07-19 14:03:24 -06:00
Katharina Irrgang
748c664b78 feature: maintenance mode (#7019)
closes #6976
- add maintenance mode when running migrations
- refactor update/populate migrations
2016-07-15 17:22:41 +01:00
Katharina Irrgang
1b3e1df641 fix: date permalink test (#7047)
closes #7044
2016-06-28 11:14:39 -06:00
kirrg001
250d571fe6 improvement: jshint/jscs
no issue
- add mocha option to jshintrc, no need to define globals in files anymore
- call client grunt commands in case of jshint/jscs
2016-06-17 22:59:47 +02:00
“kirrg001”
1421c92ba5 post-scheduling
refs #6413
- PUT endpoint to publish a post/page for the scheduler
- fn endpoint to get all scheduled posts (with from/to query params) for the scheduler
- hardcoded permission handling for scheduler client
- fix event bug: unscheduled
- basic structure for scheduling
- post scheduling basics
- offer easy option to change adapter
- integrate the default scheduler adapter
- update scheduled posts when blog TZ changes
- safety check before scheduler can publish a post (not allowed to publish in the future or past)
- add force flag to allow publishing in the past
- invalidate cache header for /schedules/posts/:id
2016-06-14 10:52:13 +02:00
kirrg001
b057c2fc16 improvement: rename and extend test utils fixture functions
no issue
- rename insertPosts to insertPostsAndTags
- add insertPosts
- extend insertOne to choose index
2016-06-10 07:14:21 +02:00
Hannah Wolfe
20f4166cc5 Version matching middleware
refs #6949

- Adds a new VersionMismatchError with status 400 (bad request)
- Adds middleware that checks the X-Ghost-Version header if it is provided
- If it is not provided, the middleware does nothing
- If it is provided, and the versions match, the middleware does nothing
- If it is provided, and the versions don't match, the middleware returns a VersionMismatchError
- Includes both unit and a functional test to prove the middleware works alone and as part of the whole system
2016-06-09 17:08:44 +01:00
Hannah Wolfe
80a79172c4 Revert "Revert "Force UTC at process level"" 2016-06-03 09:06:18 +01:00
Hannah Wolfe
78e693f469 Revert "Force UTC at process level" 2016-06-02 14:38:02 +01:00
kirrg001
ec176c243a Force UTC at process level
issues #6406 #6399
- all dates are stored as UTC with this commit
- use moment.tz.setDefault('UTC')
- add migration file to recalculate local datetimes to UTC
- store all dates in same format into our three supported databases
- add option to remeber migrations inside settings (core)
- support DST offset for migration
- ensure we force UTC in test env
- run whole migration as transaction
- extend: Settings.findOne function
2016-06-02 13:23:09 +02:00
kirrg001
ff132fd934 timezones: support permalinks based on current timezone
issue #6406
- redirect date permalink if timezone changed
- create permalinks based on blog TZ
- post-lookup fn is now more generic
2016-05-20 18:14:19 +02:00
Jason Williams
7559bb7b26 Fix test conflicts
Closes #6710
- Restore config to baseline before testing.
- Don't mutate fixture data.
2016-04-13 11:27:26 -05:00
Hannah Wolfe
6b74e1a34a Dev tooling clean up
- remove old casper.js tests
- cleanup mochacli groups that are less useful than `grunt test:path`
- improve inline Gruntfile.js docs
- fixup coverage for new internal apps
- add new coverage-all task which works for all our tests
- reverse order of master-warn messages to make this clearer
- remove bluebird from greenkeeper ignores
2016-04-13 13:21:33 +01:00
Jason Williams
23c162796a Relax origin checking in auth middleware
Refs #6642
- Do not send CORS headers on an invalid "origin"
  header, but otherwise allow the response to
  proceed normally. This enforces CORS for the browser
  but does not blow up non-CORS requests.
2016-03-31 10:58:52 -05:00
Jason Williams
136bdbd9ff Return http status 204 on deletes
Closes #2871
- Refactor api http handlers.
- Update tests.
- Remove special handling of responses in ember adapter.
2016-03-22 11:42:48 -05:00
Hannah Wolfe
2386a69f9d Always override database config + exit tests on error
refs #6354, #6495 & #6599

- don't allow config.database to be merged, instead, override it always
- make sure that route tests call done even when they error
2016-03-14 15:39:59 +00:00
Hannah Wolfe
a59cfc70a1 Serve immediate 404 for static files (no fallthru)
closes #5887

- make use of the new 'fallthrough' option which landed in express-static 1.10.0
- change local-file-store and middleware serving `/public/` and `/shared/` files to use the new `fallthrough: false` option
- 404s are now served directly, without slashes or uncapitalise getting triggered
2016-02-21 19:17:27 +00:00
Cameron Viner
8fd272476b Removed uneeded jshint comments in order to cleanup the tests
closes #6505
-Removed all of the /*jshint expr:true*/ comments from the tests
-Removed all of the should.equal(true, true) statements from the tests
-Removed should from the greenkeeper ignores
2016-02-17 12:52:43 +00:00
Hannah Wolfe
13c1742eb9 Make frontend routing dynamic & driven by channels
refs #5091

- Move renderChannel to own file
- Update channel config to have get/list methods
- Move main routes to be generated based on the list of channels
- Move RSS routes to be subroutes of channels
- Move redirect301 to be a shared util
- Add full test coverage
- Split frontend route tests into frontend & channels
2016-02-15 15:57:20 +00:00
Cameron Viner
faba83d5dc deps: should@8.2.1
closes #6448
-upgraded should.js to the latest version (8.2.1)
-Changed the tests so that they comply with the breaking changes introduced in the new version of should.js
-Installs the package should-http so should.be.json() can be used
-Installs the package should-sinon so that should.be.calledOnce() can be used
2016-02-09 13:39:10 +00:00
Jason Williams
2528ce5304 deps: supertest@1.1.0
Closes #6449
- supertest now includes a `.then()` method and as a
  result, only one of either .then or .end may be called on
  a request object.
2016-02-07 13:10:27 -06:00
Hannah Wolfe
08e5848d4a Fix cache-control header for sitemaps
no issue

- sitemaps were getting max-age=undefined as they were depending on the wrong utils folder
- test + fix included
2016-01-25 17:56:05 +00:00
Kevin Ansfield
da0a0c559b Move user/cover image files used in admin team area into the client folder
no issue
- fixes potential "mixed content" warnings if non-admin urls are redirected
2016-01-14 16:26:48 +00:00
Hannah Wolfe
4a7a19c86a Merge pull request #6070 from kevinkucharczyk/harvesting-server-side-strings
Harvest server side strings
2016-01-12 20:04:53 +00:00
JT Turner
e4c52a6915 Fix urlFor to handle secure correctly
issue #6270
- Exposed getBaseUrl on the config class.
- Fix formatting config index as array was more then 140 characters long.
- Updated getBaseUrl to handle secure by replacing http with https if true.
- Fixed ghost_head helper to output canonical base url no https.
- Fixed ghost_head helper to set secure correctly for the rss link.
- Fixed navigation helper to pass secure in each nav item, so that urlFor can u$
- Fixed {{url}} to pass secure correctly to config.urlFor.
- Fixed test to use urlSSL over https besides for canonical.
- Add tests for {{url}} and to make sure they output https for absolute and secure.
- Update twitter and og url to use the canonical url.
2016-01-11 19:40:30 -08:00
rfpe
7abcc43907 Harvest server side strings
closes #5617
- Replace all hard-coded server-side strings with i18n translations
2015-12-19 12:12:16 +01:00
Hannah Wolfe
8c355349b3 No more soft 404s in pagination
closes #6201

- redirects for page/1/ or rss/1/ are now 301s
- any other invalid page now 404s
2015-12-10 15:00:02 +00:00
Brandon Hops
0a06af02d5 Remove unused base_test.js 2015-11-28 18:46:13 -08:00
Austin Burdine
67a6b4c07b allow api requests to be made with the access token as a query parameter
closes #6040
- adds check for access token query parameter in auth middleware
2015-11-12 11:26:18 -06:00
Alex Cusack
6b94390cd7 remove console log for passing test 2015-11-09 10:51:37 -08:00
Sebastian Gierlinger
ddf9874fa1 Disallow staticPages from public API
refs #5151
- disable staticPages parameter for calls without authentication
2015-11-04 10:03:27 +01:00
Hannah Wolfe
8db90bae73 Merge pull request #5984 from sebgie/issue#5941
Move Public API behind labs flag
2015-11-02 16:15:50 +00:00
Kevin Ansfield
92123e427f Use tag slugs in URLs for tag management and add front-end edit redirect
refs #5845
- adds custom adapter for tags so that `store.queryRecord('tag', {slug: 'tag-slug'})` hits the `/tags/slug/tag-slug` endpoint instead of `/tags/?slug=tag-slug`
- updates tag management screens to use tag slugs instead of IDs
- adds `/tag/:slug/edit` redirect to front-end
2015-11-02 14:56:59 +00:00
Sebastian Gierlinger
bf65c136ce Move Public API behind labs flag
closes #5941
- added UI to labs page
- added method to determine if full authentication is required
- updated public_api tests to enable public api first
2015-11-02 14:18:58 +01:00
Sebastian Gierlinger
de147ba044 Merge pull request #6030 from ErisDS/mini-refactor
Don't use api to lookup theme in frontend controller
2015-11-02 14:14:59 +01:00
Hannah Wolfe
5f7add087d Merge pull request #5969 from kevinansfield/routable-tags
Routable tags
2015-11-01 15:34:33 +00:00
Hannah Wolfe
d6fb21fa28 Don't use api to lookup theme in frontend controller
no issue

- small fix, we already have the info, no need to look it up again
2015-10-30 19:02:06 +00:00
cobbspur
d0d126eba7 Ensure public api can uses limit parameter
No Issue

- removes client id and secret after authentication
- adds tests to check default limit, all and integer
2015-10-29 15:36:54 +00:00
Kevin Ansfield
bc346d2a42 Routable tags
refs #5845
- Updates tag settings screen to match content screen behaviour. Each now tag has it's own route that is link-able from other areas of the app
- Updates a number of places where jQuery event handler code was not wrapped in Ember's run loop
2015-10-27 12:48:41 +00:00
Hannah Wolfe
b8a3415726 Remove featured, tag, author & role API params
refs #5943

- removed featured, tag and author parameters from posts API
   - featured was only used in tests
- removed role filter from users API
   - role was only used in tests
- fixed up the tests, skipping those that don't quite work yet
2015-10-27 10:53:51 +00:00
Hannah Wolfe
e9035fde4e Switch frontend controller to use new filter param
refs #5943, #5091

- updated fetch-data to handle multiple api queries
- using named keys for queries so that the names of items in the result are correct (tag instead of tags etc)
- updated channel configs in frontend controller
- removed old filter code from frontend controller
- added test coverage for fetch-data and format-response
- fixes / removes tests which are broken by the refactor
2015-10-26 09:40:19 +00:00
Sebastian Gierlinger
f48dfb09cf Public API
refs #4180
closes #4181
- added client and user authentication
- added authenticatePublic/authenticatePrivate as workaround for
missing permissions
- added domain validation
- added CORS header for valid clients
- merged authenticate.js and client-auth.js into auth.js
- removed middleware/api-error-handlers.js
- removed authentication middleware
- added and updated tests
2015-10-22 15:28:47 +02:00
Hannah Wolfe
106dcb77be deps: rss@1.2.0
- Required test fix, as newline has been removed from the end of the <?xml decl
2015-10-16 17:53:22 +01:00
Kevin Ansfield
ff73f1af92 deps: grunt-jscs@2.1.0
no issue
- update grunt-jscs dependency
- fix deprecated `validateJSDoc` configuration
- fix numerous linting errors, including:
  - use of future-reserved `public` and `private` variable names
  - use of `[]` instead of dot-notation (especially `express['static']` and `cacheRules['x']`)
  - extra spaces in `const { run } = Ember` style constructs

One issue that did become apparent is that there are conflicting rules that prevent the use of object function shorthand such that both of these:

```
{ myFunc() {} }
{ myFunc () {} }
```

are called out due to either the missing or the extra space before the `(`
2015-10-12 19:21:16 +01:00
Hannah Wolfe
26231d5bd3 Fix /author/ pages crashing & permit /tag/
fixes #5905

- update context patterns to correctly match author & tag pages
- remove 'tag' and 'tags' from reserved slugs - we'll handle this in terms of overrides in future
2015-10-10 14:52:23 +01:00
Hannah Wolfe
62acd48c6b Merge pull request #5920 from kevinansfield/fix-upload-autoscroll
Fix preview scroll jump when adding/removing images
2015-10-07 12:46:56 +01:00
Kevin Ansfield
a0ec07f797 Ember-cli, Ember, & Ember Data 1.13.x upgrades
closes #5630
- upgrade ember-cli to latest version
- upgrade ember to latest 1.13.x release
- upgrade ember data to latest 1.13.x release
    - update custom adapters and serialisers for new internal JSON-API compatible formats [(docs)][1]
    - update all store queries to use new standardised query methods [(docs)][2]
    - add ember-data-filter addon ready for store.filter removal in ember-data 2.0 [(docs)][3]
- remove use of prototype extensions for computed properties and observers
- consolidate pagination into a single route mixin and simplify configuration

[1]: http://emberjs.com/blog/2015/06/18/ember-data-1-13-released.html#toc_transition-to-the-new-jsonserializer-and-restserializer-apis
[2]: http://emberjs.com/blog/2015/06/18/ember-data-1-13-released.html#toc_simplified-find-methods
[3]: http://emberjs.com/blog/2015/06/18/ember-data-1-13-released.html#toc_ds-store-filter-moved-to-an-addon
2015-10-06 16:09:05 +01:00
Kevin Ansfield
746fd237fe Fix preview scroll jump when adding/removing images
closes #5917
- fixes duplication of dropzone event handlers by filtering for an added data-attribute
- avoid running dropzone code if only scrollPosition attr changes
- fix scroll position jump when adding/removing images by only adjusting preview scroll position when editor scroll position changes
2015-10-06 14:47:06 +01:00
Hannah Wolfe
545bea0eaf Return a single 422 error for invalid values
refs #5808

- Fix the API to return a single 422 error when an invalid value is passed
- Only affects Browse, and not Read at present due to differences in how they are handled
- Frontend was changed to always 404 in #5851
- Adds tests to ensure all cases are covered
2015-09-25 10:30:49 +01:00
Sebastian Gierlinger
63f09687bb Merge pull request #5870 from ErisDS/uncapitalise-subdir
Uncapitalise respects subdirectories & no encoding
2015-09-25 10:29:36 +02:00
Hannah Wolfe
8895f41ee2 Uncapitalise respects subdirectories & no encoding
no issue

- Uncapitalise was dropping the subdirectory when redirecting - so the base url has been added where present
- Uncapitalise was also working differently in node 0.10 and 0.12 - so the path is decoded before testing for uppercase
- Adds some test coverage
2015-09-24 18:52:30 +01:00
Kevin Ansfield
cdd6cf7d3e Fix over-sized editor pane widths
closes #5804, supersedes and closes #5820
- adds a fixed width that flexbox can expand from to prevent flexbox content dictating the width (see https://github.com/TryGhost/Ghost/issues/5804#issuecomment-141416812)
- adds a hack to the casperjs tests reverting the CSS change because phantomjs and flexbox don't get along
2015-09-24 18:46:13 +01:00
Hannah Wolfe
07e18cbdff Merge pull request #5863 from acburdine/author-edit
Add `/author/:slug/edit/` route to frontend
2015-09-24 08:42:55 +01:00
Austin Burdine
61705cf5f4 add author edit route
no issue
- adds front-end author edit route that redirects to the edit author page
- adds tests for edit route
2015-09-23 08:33:09 -05:00
Nazar Gargol
fd7e118ed5 Returns 404 page instead of crashing a server whenever special characters are used for tag filtering
closes #5808
refs #5816
- adds additional filtering any 'slug' containing content in `renderChannel` for frontend
- adds test for invalid characters in tag slug
2015-09-20 22:47:34 +02:00
Sebastian Gierlinger
f22796ff7d Add dynamic client_id/client_secret
no issue
- added ghost-admin client_id to admin
- added ghost-admin client_secret to admin
- added client.read() api endpoint
- added random generation of client_secret to migration
- removed addClientSecret method
- updated tests
2015-09-02 16:39:34 +01:00
Kevin Ansfield
871ba32343 Basic post/user search
refs #5343, #5652
- implements basic post and user search using selectize input
- queries minimal API endpoint and refreshes results on search input focus if results are older than 60 seconds
2015-08-31 22:47:26 +01:00
Hannah Wolfe
0e7968c573 Merge pull request #5709 from kevinansfield/tag-name-comma-validation
Validate leading commas in tag names
2015-08-28 19:03:31 +01:00
cobbspur
9bf4a39e83 Add loading spinner to forgot button on signin page
refs #5652

- replaces basic forgot? button on signin page with spin button
- replaces {{input with gh-input}}
2015-08-28 17:20:03 +01:00
Kevin Ansfield
624893456e Set a minimum spin time of 1 second for gh-spin-button
refs #5652, #5719
- adds a timeout to `gh-spin-button` so the spinner is always shown for at least 1 second

As a stopgap solution before #5719 can be implemented it was decided to keep the button spinning for a minimum time, even if the associated action completes quickly. Discussion can be found at https://ghost.slack.com/archives/dev/p1440670418004358
2015-08-27 22:16:01 +01:00
Kevin Ansfield
5d572bda0d Fix invite user validation issues in signup
refs #5652
- wrap emails input in `{{gh-form-group}}` component to give element success/error classes
- pull validation messages into submit button
- clean up validation related aspects of step three controller
2015-08-27 14:05:52 +01:00
cobbspur
78d8b7e1d8 Change reset page errors to match sign-in page
No Issue

- Takes the inline validation messages and displays below form
- Removes unnecessary gh-error-message components from signin and reset pages
 - Returns error messages to sign-in validations
2015-08-26 12:00:37 +01:00
Kevin Ansfield
32ff18ccb0 Validate tag names don't start with commas
closes #5685
- Adds client and server-side validation for tag names starting with commas
- Trim tag names before adding in PSM (tag attributes are already trimmed before saving in TSM)
2015-08-24 16:55:30 +01:00
John O'Nolan
d1e5a8d89c Merge pull request #5702 from kevinansfield/zelda-signin-updates
Fixes for sign-in error handling
2015-08-24 08:00:13 +02:00
Hannah Wolfe
7fa468d9ea Merge pull request #5682 from kevinansfield/tags-v4
Replace the current tag input with a selectize based input
2015-08-21 21:34:06 +01:00
Kevin Ansfield
90d75b2189 Fixes for sign-in error handling
issue #5652, closes #5641
- removes inline errors for empty fields
- separate validation routines for sign-in and forgot password
- highlight fields with errors when trying to submit
2015-08-21 19:38:44 +01:00
Kevin Ansfield
dd9aa0f873 Add inline error handling when creating/editing tag
closes #5684
- add inline error checking and display to tag name & meta data fields
- add tests for tags screen
2015-08-21 18:06:52 +01:00
Kevin Ansfield
c9d053b950 Replace the current tag input with a selectize based input
issue #3800, closes #5648
- uses ember-cli-selectize addon for the tag editing functionality in the PSM
2015-08-20 14:40:56 +01:00
Hannah Wolfe
4c96fba67f Merge pull request #5633 from acburdine/spin-buttons
Add spin buttons
2015-08-10 19:06:32 +01:00
Austin Burdine
748895ce77 add spin-button component & implement it
closes #3928
- adds spin-button component & styles
- implements spin-button in places where buttons trigger async tasks
2015-08-10 09:43:50 -06:00
Austin Burdine
2c5d2d6a2d reimplement tag editing component for posts
refs #3800
- remove old tag editor code
- reimplement tag editor as an ember component
- add tag editor component to PSM
2015-08-10 07:22:37 -06:00
Kevin Ansfield
1bcd7fd333 Replace validation notifications with inline validations
issue #5409 & #5336

- update settings/general
- update signin
- update signup
- update edit user
- update reset password
- update setup/three
- remove `formatErrors` function from validationEngine mixin (it's no longer needed as inline validations should handle this instead)
2015-07-28 12:26:34 +01:00
Kevin Ansfield
7ac6ebb920 Refactor notifications service & components
issue #5409

- change persistent/passive notification status to alert/notification
- replace showSuccess/Info/Warn/Error with showNotification/showAlert
- fix and clean up notification/alert components
2015-07-28 12:26:11 +01:00
Fabian Becker
50d4f02388 Fix signin test (run setup properly)
fixes #5536
2015-07-15 12:31:02 +02:00
Jason Williams
3135fb9761 Refactor role selects; pause transition if saving
Refs #5501
- Switch role select dropdowns from gh-select based components to
  gh-select-native.
- Prevent transition out of editor while there is an in-flight save.
2015-07-09 12:10:00 -05:00
Austin Burdine
ea13133218 [TEMPORARY] commented out failing tests
refs #5501
- comments out failing tests until they can get fixed
2015-07-09 11:05:36 -04:00
Hannah Wolfe
dc06deaa29 Merge pull request #5453 from cobbspur/teampermissions
Change permissions for team area
2015-07-06 20:54:29 +01:00
Austin Burdine
d0c151be70 adds inline errors to validation
closes #5336
- creates gh-form-group component to handle form group status
- refactors current validation methods to work on a per-property basis
- adds gh-error-message component to render error message
- removes (comments out) tests that pertain to the old notifications until the new inline validation is added
2015-07-05 14:02:06 -04:00
cobbspur
ba80e6ebaa Change permissions for team area
closes #5434

- remove transition away from team page to user page of authors
- hide invite button from authors
- hide invited users from authors
- adjusted gh-user-can and renamed to gh-user-can-admin
- hide password reset on owners profile from administrators
- hide input field for owner email from administrators pending api fix
- fix up tests
2015-07-03 20:06:45 +01:00
cobbspur
8a8e90e9a2 Take Trashcan off of url screen for image uploader
closes #5433
- add gh-input class to inputs
- stop the incorrect addition of trash can on url page
- fix trigger of upload success to show loading in editor
- fix duplicate url field for images outside of editor when there is no file storage
2015-06-23 13:14:04 +01:00
Jason Williams
1cd703f775 Merge pull request #5451 from cobbspur/userRoutes
Move users routes out of settings & change to team
2015-06-18 14:20:06 -05:00
cobbspur
f67147a685 Move users routes out of settings & change to team
issue #5434

- move users routes/views/controllers out of settings
- rename users team
- update nav-menu.hbs
- remove legacy routes
- fix up tests
2015-06-18 19:46:46 +01:00
Kevin Ansfield
db558e38ea Provide a more intuitive error message on sign-in for missing email
issue 4651#issuecomment-112141801
- display "Please enter an email" validation message rather than "Invalid Email" when no email is entered
2015-06-17 22:56:38 +01:00
Jason Williams
b6cbd2d4bd Merge pull request #5427 from ErisDS/api-reshuffle
API mini-cleanup + 405 errors
2015-06-15 10:26:11 -05:00
Jason Williams
225dc84367 Merge pull request #5417 from ErisDS/rss-url
Use urlJoin in RSS + test coverage
2015-06-15 10:23:41 -05:00
Fabian Becker
b15f1daf5a Throw 405 - Method not allowed for api routes
closes #2757
- New error MethodNotAllowed
- Throw 405 if valid path but invalid method is used is apiRouter
- Adds api base tests
2015-06-15 09:43:39 +01:00
Matt Enlow
df1c04b8d8 Remove legacy mobile view logic
No issue
- Move editor-base-view mixin into editor/edit view
- Also deletes mobile views and modifies files that were using it
- Helps pave the way for Ember 2.0, where views do not exist
2015-06-14 14:42:21 -07:00
Hannah Wolfe
34b22eefa2 Use urlJoin in RSS + test coverage
refs #1833

- move RSS tests to be in rss_spec.js
- improve RSS test coverage
- fix a bug with RSS title generation for tag RSS feeds
- replace custom code in processUrls with urlJoin
2015-06-10 09:18:52 +01:00
Jason Williams
6c9682cdd9 Make sure done() is called from before hooks 2015-06-09 22:46:26 -05:00
Joe Wegner
75faf0109d invite users after signing up during setup
closes #5338
- moves skip link to below the submit button
- makes the submit button better represent form status
- posts notifications based on success/failure of notifications
- goes to the invite page after user creation
- actually sends invites!

functional tests passing for onboarding invitations

cleanup for linitng

remove unreachable return

access the notifications service better

use link-to instead of an anchor with an action

failed user creations get caught, and bubble as errors

a slew of other cleanup stuff via jason
2015-06-09 11:50:24 -07:00
Hannah Wolfe
541de8bc68 Merge pull request #5384 from JohnONolan/zelditor
Content management & editor refactor
2015-06-08 16:22:29 +01:00
cobbspur
3f5ac66e47 Fix up tests post-changes to content and editor screen
No Issue

- some tests removed
- other tests commented out pending tags adding to psm
2015-06-08 14:53:53 +01:00
John O'Nolan
93b0505d68 Fixup broken error page styles 2015-06-08 12:14:58 +01:00
Hannah Wolfe
2d5a731022 Improvements for debugging transient test failures
refs #4483

- update PSM test to see if it works better this way
- ensure every assertion has a message, so that it's clearer what is failing
2015-06-03 18:12:20 +01:00
Sebastian Gierlinger
a7555d7497 Merge pull request #5316 from ErisDS/onboarding-zelda
First pass at user onboarding screens
2015-05-27 17:23:40 +02:00
Jason Williams
5018f2fb9e Clean up Ember router map
No Issue
- Switch resources to routes.
- No longer nest "settings" routes so the router reflects
  the way the templates are rendered.
- Remove renderTemplate override from settings routes.
- Remove unneeded routes, controllers, and views.
- Adjust users page so that infinite scroll loading of users works
  and markup remains the same for Zelda styling.
2015-05-26 16:12:12 -05:00
Hannah Wolfe
064a22e7d2 First pass at user onboarding screens
refs #5315

- split setup into 3 screens
- add gravatar fetching
- add download counter
- add button handling for invite users
2015-05-25 17:43:12 +01:00
cobbspur
c3bb7cb396 Fix route for About page
No Issue

- Routes,  views and controllers updated for about page
- fix up tests and add redirect check
2015-05-25 17:06:17 +01:00
cobbspur
2e5caeb9c1 Fix-up remaining functional tests
No Issue

- signup, signin and setup tests
- fixup other files for code styles
2015-05-22 20:13:54 +01:00
cobbspur
dd20790bd9 Fix image uploader and update tests
No Issue

- fixes removal of url link on image uploader
- fixes functional tests for editor and content
2015-05-22 19:05:17 +01:00
cobbspur
2c2f9693d2 Add UI link classes
No Issue

- Adds contextual classnames to Nav Bar links
- Various test updates

TODO
- Increase test coverage for new admin UI
- Fix up Caspertests for new Admin UI
2015-05-22 19:05:15 +01:00
John O'Nolan
3bf189ec67 First pass - strip mixins 2015-05-22 19:02:09 +01:00
Jason Williams
7e89413037 Merge pull request #5301 from ErisDS/issue-5288
Use absolute frontend URL in admin
2015-05-20 16:27:31 -05:00
Hannah Wolfe
e088859a38 Use absolute frontend URL in admin
closes #5288

- use the config.blogURL as the frontend URL from the admin
- we know this is given to us without a trailing slash, so it's 100% safe to hard code this
- TODO: make all of the url generation a lot nicer i.e. #1833
2015-05-20 21:45:19 +01:00
Sebastian Gierlinger
c6176e4d38 Merge pull request #5292 from ErisDS/preview-cache-invalidate
Cache invalidate for previews
2015-05-20 09:31:28 +02:00
Hannah Wolfe
e5cc169bf7 Removing really old admin comments
refs #1773
2015-05-19 19:03:41 +01:00
Hannah Wolfe
023755c566 Cache invalidate for previews
no issue

- draft updates now need to affect the preview route
2015-05-19 18:32:00 +01:00
Adrian Estrada
107c9602c1 API: Adding featured filter option to posts.browse
Closes #5152
- Adds `featured` filter option to posts.browse method modifying the model to take it too
2015-05-13 16:18:50 -05:00
Jason Williams
dae66d00be Upgrade grunt-jscs to fix whitespace linting.
No issue.
- grunt-jscs@1.8.0
- Fix formatting
2015-04-30 16:14:19 -05:00
Matt Enlow
433956c102 Add post preview via uuid (/p/:uuid)
Refs #5097

- All drafts will show a preview link (this needs real css)
- Published posts will redirect
- prev/next post helpers only activate on published posts
- Powered by ~10 pints between the two of us (@ErisDS, @novaugust)
2015-04-30 11:57:37 +01:00
Sebastian Gierlinger
fdcb67d3cc Rename error.type to error.errorType
closes #5178
- renamed error.type to error.errorType
2015-04-22 22:29:45 +02:00
Hannah Wolfe
6d04ead9f2 Switch test coverage to use Istanbul
closes #4644

- Switch from using blanket to istanbul
- Rename some test files for consistency (and so that they will run)
2015-04-19 15:54:05 +01:00
Sebastian Gierlinger
a11822c80d Merge pull request #5144 from ErisDS/cache-update
Cache invalidation can no longer be so clever
2015-04-16 17:38:29 +02:00
Paul Adam Davis
9ea2f5535e Show correct type in publish button
Closes #5138

Shows the correct type (post or page)  in the publish button
2015-04-15 11:13:38 +01:00
Hannah Wolfe
1b585f213c Cache invalidation can no longer be so clever
no issue

With the introduction of the prev/next helpers (and soon, get helper) we can no longer make any assumptions
about exactly which pages need to be cleared from the cache when a post is published/unpublished.
2015-04-14 16:34:34 +01:00
Hannah Wolfe
14134fb4b0 Add media:content support to RSS
refs #2263, #4888

- Adds media:content element to Ghost Rt pSS feeds containing the post cover image if one is available
- Removes the prepending of the image to the `<description>` field
- Keeps the prepending of the image in `<content:encoded>`
2015-04-06 18:47:10 +01:00
Matt Enlow
242388f743 Merge pull request #5065 from ErisDS/rss-2263
Improve RSS feed
2015-04-04 07:55:33 -06:00
Hannah Wolfe
79d213436e Improve RSS feed
refs #2263

- Switch content type back to text/xml
- Use content:encode for full content
- Use meta description or first 50 words of content for description
2015-04-03 19:00:00 +01:00
Hannah Wolfe
68f32772d2 Improve the forgotten password flow
- if the user has filled out their email already when they hit 'forgotten password' then automatically  fill out and submit the form
- this will look better when we have spinners on the buttons
2015-04-03 17:32:18 +01:00
Hannah Wolfe
5db6fc4f18 No more CodeMirror
closes #4368, fixes #1240 (spellcheck), fixes #4974 & fixes #4983 (caret positioning bugs)

- Drop CodeMirror in favour of a plain text area
- Use rangyinputs to handle selections cross-browser
- Create an API for interacting with the textarea
- Replace marker manager with a much simpler image manager
- Reimplement shortcuts, including some bug fixes
2015-03-17 14:32:55 +00:00
Jason Williams
5b72a0eb18 fix routes test. ember-mocha@0.4.2 2015-03-11 12:37:42 -06:00
John O'Nolan
461834f96d Introduce new help menu 2015-03-09 11:53:40 +02:00
Hannah Wolfe
cde1842750 Check ids match on edit
no issue

- It should not be possible to provide a different ID in the object being edited to that provided in the URL
- We now send the id to check object to ensure there is a match

Credits: Matteo Beccaro
2015-02-28 16:25:37 +00:00
Eugene Kulabuhov
0e2709c42f [API] Retrieve next and previous post
closes #4262
- implementation based on #1545
- added integration test. Modified mocked posts because code requires published_at timestamps to be different.
- fixed 2 broken tests that depended on mocked posts to have "new Date()" as their timestamps
- added checks to only query db if next/previous post requested
2015-01-13 12:49:16 +00:00
Jason Williams
ac5d98e656 Merge pull request #4748 from rwjblue/remove-proxying
Remove ObjectController proxying behavior.
2015-01-02 15:18:15 -06:00
Jason Williams
9d82c2e360 Update test-related dependencies
No Issue
- nock@0.52.4
- should@4.4.2
    .eql no longer does type coercion.
- sinon@1.12.2
- supertest@0.15.0
2015-01-02 15:49:58 +00:00
Robert Jackson
a1ed9adf92
Remove ObjectController proxying behavior.
Ember.ObjectController (and Ember.ArrayController) will be deprecated in
Ember 1.11 (and removed from core in Ember 2.0). The reasoning is
detailed in the Ember 2.0 RFC.

This PR does the following:

* Updates templates/controllers/views to explicitly reference model
  properties (instead of relying on proxying behavior).
* Clearly delineate where certain properties are being set or retrieved
  from (for example it was not clear exactly where `scratch` and
  `titleScratch` were stored).
* Remove usage of `Ember.ObjectController`.
* Add JSCS rule to prevent future PR's from adding regressions.
2015-01-01 21:51:20 -05:00
Jason Williams
730e7ebcfa Adjust about page tests
No Issue
- Wait for list item element to appear before starting tests
  to make sure template partial has been rendered.
- Remove test for 20 list items as it's possible that there
  could be fewer than 20 contributors for during the window.
  Instead just test to make sure the list has at least one item.
2014-12-25 17:35:11 +00:00
Jason Williams
728e21424c Adjust casperjs test.
No Issue
- Keeping the tag entry input focused after sendKeys seems to
  make the test more reliable.
2014-12-18 20:22:48 +00:00
Jason Williams
56e4798dcf Update to Ember 1.9.0.
No Issue
- Ember@1.9.0
- Handlebars@2.0.0
- grunt-ember-templates@0.5.0-alpha
2014-12-10 16:24:20 +00:00
Paul Adam Davis
4e6c867183 Change sitemap root location
Closes #4590

- Removes `-index` from the root sitemap
- Removes redirects (which send sitemap.xml to sitemap-index.xml)
- Adjust tests
2014-12-07 11:59:43 +00:00
Paul Adam Davis
3b87aa2895 About Page Tests
Closes #4508

Tests for:

- Version number is a number
- Database type is an allowed 1 of 3
- There are 20 contributors
- First contributor has an image tag and image src exists, alt tag, title tag, href to github
2014-12-05 14:40:59 +00:00
Sebastian Gierlinger
9b8141bb08 Merge pull request #4530 from ErisDS/issue-4498
API - no more m-2-m relation ids by default
2014-12-02 20:49:47 +01:00
Hannah Wolfe
4cb909542a API - no more m-2-m relation ids by default
closes #4498

- remove toJSON code which returns only IDs from objects
- don't auto-include tags & fields in post responses
- don't auto-include roles in user responses
- fix #allthethings that made assumptions about the auto-includes, or otherwise were only working because of the auto-include
2014-12-02 19:24:44 +00:00
Jacob Gable
2cfa18475a Generate sitemap files
Closes #623

- Add basic init and eventing scaffold
- Add sitemap-index.xml generation
- Broke out generators to individual files, added request handler
- Add page, author and tag xml files; add index mapping
- Add SiteMapManager unit tests
- Add Generators tests
- Cache invalidation headers for sitemap-*.xml
- Redirect sitemap.xml to index and rename to sitemap-index
- Handle page convert and publish/draft changes
- Add very basic functional test for route existence
- Add cache headers to sitemap routes
2014-11-30 10:49:45 -08:00
Jason Williams
86cb690474 Merge pull request #4518 from ErisDS/rss-fixes
Change RSS content type & use absolute URL in meta
2014-11-28 13:07:07 -06:00
Hannah Wolfe
6f0bca8d57 Merge pull request #4522 from felixrieseberg/iss4487
Dynamic Titles in Ghost Admin
2014-11-28 19:06:44 +00:00
Felix Rieseberg
7c4381c812 Dynamic Titles in Ghost Admin
- Every route can set a title token that is combined with the blog’s
title, resulting in titles like ‘Content - Test Blog’.
- Subroutes are supported (‘Settings - General - Test Blog’)
- The blog’s name is applied to and taken from the `config` object to
spare Ember a REST call via `store.find(‘settings’)`.
- Tests have been changed to test for the new titles.
- The initially proposed solution
(https://github.com/paddle8/ember-document-title) doesn’t play nice
with EAK, which is why I went with this solution
(https://gist.github.com/machty/8413411) by Ember.JS core dev @Machty.
2014-11-27 15:41:00 -08:00
Hannah Wolfe
31ae0c6923 Change RSS content type & use absolute URL in meta
no issue

- changes the content type for the RSS feeds from text/xml to
  application/rss+xml
- changes the link rel=alternate tag to use an absolute URL for the feed
  in the blog meta data
2014-11-24 22:33:49 +00:00
Hannah Wolfe
cb726d57ef Adding comprehensive subdirectory route tests
closes #2230, refs #4477, #4476

- Test that subdirectories route correctly no matter how they're specified
2014-11-24 08:28:34 +00:00
Hannah Wolfe
50f8b29bdd Fix issue with editor and images
ref #4459

- move initMarkers back to its original home
- add new test that a post with an image can be edited
2014-11-17 21:55:12 +00:00
Paul Adam Davis
f8282ad22f Refactor component styles
Continues on from #4401

- Reformats the Sass to match our new style (property order, comments, & white space)
- Changes the modal container to a class from an ID (and adjust tests)
2014-11-13 11:28:22 +00:00