Commit Graph

518 Commits

Author SHA1 Message Date
Rishabh
f5aae1e2c5 Updated playwright tests for portal member upgrade
refs https://github.com/TryGhost/Team/issues/2371

- updated setup to ensure single tier for testing single tier flows
- updated portal test to use utils and new data test ids
2022-12-08 21:09:19 +05:30
Simon Backx
08206f367f Removed publishing spec only test 2022-12-08 15:30:27 +01:00
Simon Backx
7c6e9c6ecf Added Playwright tests for scheduled post emails
refs https://github.com/TryGhost/Team/issues/2371

- Added some more utility methods to the Publishing spec
- Added tests for scheduled pusblish+send and send flows
2022-12-08 15:24:37 +01:00
Kevin Ansfield
f2e1d77a0f Fixed linter error 2022-12-08 14:02:27 +00:00
Simon Backx
80258cd396 Added Playwright tests for publishing post with email
refs https://github.com/TryGhost/Team/issues/2371

- Adds a test for publishing and sending
- Adds a test for email only sending
- Updated some util methods in the publishing spec to remove the dependency on the post bookmark (which is not present for email only posts)
2022-12-08 14:38:12 +01:00
Sam Lord
3449c49c10 Tidy up the mocking utility for Mailgun
no issue
Moved the mocking into the Playwright specific codebase, since this will only be used in browser based testing
2022-12-08 13:01:35 +00:00
Sam Lord
249802d62b Added mailgun mock to allow publishing workflow to run
no issue
2022-12-08 13:01:35 +00:00
Naz
4c6a86eca4 Added mocked Mailgun client to browser test env
refs https://github.com/TryGhost/Ghost/pull/15959

- To be able to test and intercept emails we need a mock in test environment - avoids making calls to the Mailgun API
2022-12-08 13:01:35 +00:00
Sodbileg Gansukh
3d6753a54a Added create comped member test
refs https://github.com/TryGhost/Team/issues/2371

A member can be granted a comp in admin, that account should be able to access paid content.
2022-12-08 20:59:12 +08:00
Fabien "egg" O'Carroll
0f9ed54a6f Tested upgrading to a paid subscription from comped
refs https://github.com/TryGhost/Team/issues/2371

Note that the "Choose" button is "Continue" when running this test
standalone so currently it needs to run with the full suite.
2022-12-08 19:54:56 +07:00
Kevin Ansfield
88c8bf7dbc Added compedPlan option to createMember test util
refs https://github.com/TryGhost/Team/issues/2371

Usage:

```
await createTier(page, {name: 'Silver', monthlyPrice: 5, yearlyPrice: 50});
await createMember(page, {email: 'silver@example.com', compedPlan: 'Silver'});
```
2022-12-08 12:17:31 +00:00
Kevin Ansfield
1f22edb47c Removed errant page.pause() 2022-12-08 12:09:54 +00:00
Kevin Ansfield
4eeaca7ab8 Extracted openPostSettingsMenu and setPostVisibility test utils
refs https://github.com/TryGhost/Team/issues/2371

- extracting the re-used actions to utils allows tests to be self-descriptive rather than relying on comments and keeps the selectors and related actions in one place to help refactoring if/when they change
2022-12-08 12:02:22 +00:00
James Morris
e44f10bc5d Updated Playwright test: Sign up for paid plan via portal - single tier
refs https://github.com/TryGhost/Team/issues/2371

- Includes new data-test-* attributes
- Includes better checking of paid tier from member
2022-12-08 11:54:32 +00:00
Kevin Ansfield
9d434b8105 Removed errant page.pause() 2022-12-08 11:27:47 +00:00
Peter Zimon
8e9245bb91 Added archive offers test
refs. https://github.com/TryGhost/Team/issues/2371

- Test for archived offers should be moved to ‘Archived’ view of the offer list in Admin, and the offer URL should redirect to the site's homepage for logged out visitors
2022-12-08 12:21:52 +01:00
Kevin Ansfield
df72182e2d
Further attempt to fix update-published-post test in CI (#15964)
refs https://github.com/TryGhost/Team/issues/2371

- bumped timeout between saving and refreshing to account for slower
speeds in CI
- increased specificity for the frontend text comparisons so the output
when failing is smaller and easier to parse
2022-12-08 10:36:33 +00:00
James Morris
991b60a342 Added the Playwright test: Sign up for paid plan via portal - single tier 2022-12-08 10:23:35 +00:00
Simon Backx
641364876c Added Playwright test to unschedule a post
refs https://github.com/TryGhost/Team/issues/2371

- Schedule and unschedule a post
- Also includes some extra status checks
2022-12-08 11:13:54 +01:00
Rishabh
ae3d85d2c4 Added playwright test for paid member switching plans
refs https://github.com/TryGhost/Team/issues/2371

- tests that a paid member can switch between monthly and yearly plans after logging in
2022-12-08 15:35:41 +05:30
Kevin Ansfield
7371addbc5 Another attempt to fix update-published-post test in CI
refs https://github.com/TryGhost/Team/issues/2371

- the 100ms timeout was enough for local tests to pass but was still failing on CI
- bumped to 200ms and skipped the creation of a new paragraph to reduce what the editor is doing
2022-12-08 09:59:20 +00:00
Kevin Ansfield
8ddf1f0215 Fixed update-published-post Playwright test
refs https://github.com/TryGhost/Team/issues/2371

- added timeout between clicking the editor and starting to type otherwise some of the typing events could be missed causing a mismatch in actual vs expected output
2022-12-08 09:39:05 +00:00
Ronald Langeveld
3e62764a64 Added csv validation, members export Playwright test
ref https://github.com/TryGhost/Team/issues/2371

- updated Member exports with csv validation
- added member fixtures to be loaded into Ghost to ensure filtering
  works correctly when downloading / exporting members csv.
2022-12-08 16:33:27 +07:00
Simon Backx
c1fc0d8888 Added Playwright test to schedule a Page
refs https://github.com/TryGhost/Team/issues/2371

Schedule a page and check if it is only published at the scheduled time.
2022-12-08 10:25:30 +01:00
Simon Backx
0dbc10a41a Added Playwright test for publishing a page
refs https://github.com/TryGhost/Team/issues/2371

Publish a page and verify that the page is published.
2022-12-08 10:24:35 +01:00
Naz
739bda9bb8
Fixed publishing type selectors in playwright
refs https://github.com/TryGhost/Team/issues/2371

- The "data-test-*" selectors in playwright did not work with publishing channel selectors. This is a quick hack to enable working around it
2022-12-08 14:38:59 +07:00
Ronald Langeveld
9a99b81ea4 Added Playwright test for filtered members export
ref https://github.com/TryGhost/Team/issues/2371

- Added test for exporting a set of filtered members
2022-12-08 13:20:29 +07:00
Fabien "egg" O'Carroll
939e3ce96f Fixed suppression list handling of spam complaint events
refs https://github.com/TryGhost/Team/issues/2351

We were storing all suppressions with a reason of bounced, rather than
spam for spam complaint events.
2022-12-08 13:02:36 +07:00
Fabien "egg" O'Carroll
5749a17910 Cleaned up EmailEventStorage tests
This ensures that services aren't required before boot, so that they are
initialised in the correct order.
2022-12-08 13:02:36 +07:00
Fabien "egg" O'Carroll
9736d942e1 Unsubscribed Members from newsletters when their email is suppressed
refs https://github.com/TryGhost/Team/issues/2367

This ensures that a Member is not considered subscribed to any emails, so that
counts for newsletter recipients are correct. Eventually we will filter members
on their email suppression status but this is not implemented yet.
2022-12-08 13:02:36 +07:00
Ronald Langeveld
7567997dbf Added Playwright test for member exports
ref https://github.com/TryGhost/Team/issues/2371

- Tests whether a CSV can be exported with all members
2022-12-08 12:27:41 +07:00
Sanne de Vries
0ebb3cbefe Added Playwright "Post visibility" tests
Refs https://github.com/TryGhost/Team/issues/2371

- Tests whether the post access selection of public, members, or paid-members matches the expected post visibility on the frontend.
2022-12-08 11:26:44 +07:00
Kevin Ansfield
460b031969 Added additional post setting changes to e2e published post update test
refs https://github.com/TryGhost/Team/issues/2371

- tests both the post body and settings in the PSM take effect when saving
2022-12-07 18:18:48 +00:00
Rishabh
e24a67b882 Fixed member upgrade portal playwright test
refs b6db85a5d6

- portal upgrade test used duplicate email which caused the member creation to fail
- also updates the tier selection for checkout
2022-12-07 22:45:12 +05:30
Simon Backx
b615c9f7d2
Added post scheduling Playwright test and loosened time restrictions (#15960)
refs https://github.com/TryGhost/Team/issues/2371

- Adds a test that schedules a post 5 seconds in the future and waits
for it to be published
- Reduced the time restrictions for scheduling: 
    - The minimum time in the frontend is now 5 seconds in the future (came
from 5 minutes in the future)
    - The time picker now suggests 10 minutes in the future instead of the
minimum scheduling time (came from 5 minutes)
    - In the backend, a post will be allowed to be scheduled if it is at
least 2 minutes in the past (came from 2 minutes in the future)
    - The scheduler will publish a post if it is at least 5 minutes in the
past, and maximum 5 minutes in the future (came from 2 minutes)
2022-12-07 17:29:36 +01:00
Djordje Vlaisavljevic
2464d45b4a Added playwright test for creating additional tier
refs TryGhost/Team#2371

- Tests that an additional tier can be created and that it'll appear in portal settings unselected by default
2022-12-07 17:26:11 +01:00
Rishabh Garg
b6db85a5d6
Added playwright test for free member upgrade via portal (#15961)
refs https://github.com/TryGhost/Team/issues/2371

- tests that a free member can upgrade to a paid tier via stripe checkout and the payment details are reflected in portal and member detail page on admin
2022-12-07 21:41:55 +05:30
Hannah Wolfe
205664f75f
Updated Playwright createTier util to be repeatable
- we have to close the premium tier list after creating a tier, else we can't create another one
2022-12-07 14:32:26 +00:00
Kevin Ansfield
3bd9e2ecfe
Added Playwright "Update published post" test (#15958)
refs https://github.com/TryGhost/Team/issues/2371

- tests modifying the content of a published post
- extracted publish flow into a `publishPost` function that returns a new browser page object with the newly created post loaded
2022-12-07 14:13:23 +00:00
Ronald Langeveld
5bd82bc6d7 Added Playwright test for Member Impersonation
ref https://github.com/TryGhost/Team/issues/2371

- tests whether an impersonation link gets generated as well as whether
  the link authenticates the user on a new page.
2022-12-07 19:26:23 +07:00
Simon Backx
31855ba75a Added Playwright publish only test
refs https://github.com/TryGhost/Team/issues/2371

Test publishing flow for publish only posts.
2022-12-07 12:03:56 +01:00
Sam Lord
d6072ea0e8 Record tests using same setup as the test runner
no issue
2022-12-07 10:59:45 +00:00
Ronald Langeveld
8c41807978 Added Playwright test for deleting members from Admin.
ref https://github.com/TryGhost/Team/issues/2371

- This test will delete the previously added and editor member, returning the initial member state with no members.
2022-12-07 17:00:36 +07:00
Daniel Lockyer
1e27dd638f
Added Playwright check that Offer redemption count was incremented
refs https://github.com/TryGhost/Team/issues/2369

- this checks whether the Offer redemption count is set to 1, which
  would be indicative that the Offer was successfully counted as
  redeemed
2022-12-07 16:52:58 +07:00
Ronald Langeveld
1a879f9550 Added label and unsubscribe toggle on members test.
ref https://github.com/TryGhost/Team/issues/2371

- Editing members requires Label prefilled before the test runs so we can test making changes to that data.
2022-12-07 15:45:00 +07:00
Ronald Langeveld
f5bc7353b0 Added Playwright test for editing a member in admin
ref https://github.com/TryGhost/Team/issues/2371

- tests for editing a member inside admin
2022-12-07 13:02:48 +07:00
Ronald Langeveld
d60c50751b Added playwright test for creating a new member in admin
ref https://www.notion.so/ghost/Critical-Paths-980dd089c3e74a6fbc619271f5a9ce42

- this test will add a new member via the admin.
- it also tests to ensure the added member is displayed after heading back to the members list page.
2022-12-07 12:35:16 +07:00
Daniel Lockyer
d64d8c0ddd
Added Playwright test for creating and using a free-trial Offer
refs https://www.notion.so/ghost/Critical-Paths-980dd089c3e74a6fbc619271f5a9ce42

- this test will create a free-trial Offer and go through Stripe
  checkout, ensuring the member is created as paid
- also changes some utils to support creating the free-trial offer vs
  just a discounted Offer
2022-12-07 11:29:05 +07:00
Daniel Lockyer
41e1f0b568
Removed workaround for Members modal bug
refs 3817f583fa

- this should no longer be needed because the underlying bug was fixed
  and the modal should no longer show
2022-12-07 10:51:44 +07:00
Daniel Lockyer
16f3ba573b
Updated ghost_head snapshots
refs de97d90cf9

- this should have been updated when I deleted some extraneous config
  that was lurking in the testing config files
2022-12-07 10:24:44 +07:00
Daniel Lockyer
570b697b4a
Fixed double slashes in Stripe webhook URL
- `getSiteUrl` already returns a trailing slash so we shouldn't add
  another one in the path
2022-12-07 10:18:21 +07:00
Naz
6ef5e6a7e0 Fixed local environment for playwright tests
refs https://github.com/TryGhost/Toolbox/issues/479

- this includes a handful of improvements to get Playwright working on a
  local environment including:
  - adding `testing-browser` environment so we don't nuke `development`
    environments, and makes all the necessary changes to get Ghost to
    behave when this is running
  - stopped running one global instance of Ghost as this doesn't provide
    a clean environment
  - copies a few default fixtures that are needed for the new
    environment
2022-12-07 09:44:05 +07:00
Daniel Lockyer
d04abc90b4
Added test group names
- this helps differentiate between the different tests we have available
2022-12-06 19:18:16 +07:00
Daniel Lockyer
97e5ca1de6
Extracted Playwright tests into separate files
- we should start to keep tests grouped by their area, so first we split
  by Admin tests and then Portal tests, and within that we split into
  setup/Tiers/Offers etc
2022-12-06 19:08:09 +07:00
Elena Baidakova
62681037f0
Added email_suppression property to response for PUT api/member method (#15946)
closes TryGhost/Team#2359
- Keep the same response structure for `api/member` GET and PUT methods
2022-12-06 13:51:26 +04:00
Ghost CI
54b693a359 Merged v5.25.1 into main 2022-12-06 05:14:41 +00:00
Simon Backx
c47891c3f6
🐛 Fixed setting delivered_at to null after hard bounce (#15942)
refs https://ghost.slack.com/archives/C02G9E68C/p1670075366333929?thread_ts=1669963540.980309&cid=C02G9E68C

When we receive a permanent bounce/failure, we set delivered_at to null.
But we don't want to lose this information.

Instead we should be able to handle recipients that both have failed_at
and delivered_at set.
2022-12-06 10:26:54 +05:30
Naz
879aad263d
Added email verification trigger test
refs https://github.com/TryGhost/Toolbox/issues/476

- The email verification trigger and host settings related bugs have been a cause of bugs in past releases.  The admin client verification source did not have any test coverage in the past.
- The members test suite size is getting out of hand. This test is quite verbose, because of the state it's trying to check.
- In the future we should consider splitting up Member API (and probably other) test suites into smaller pieces.
2022-12-05 18:24:28 +07:00
Naz
e170f293e3
Extracted sleep method to e2e framework module
no issue

- The sleep method has been used in 8 modules reimplementing the same thing over and over again. It's usually a sign of async event processing outside of the request/response loop. It's good to have a single point of implementation for a "hack" like this, so we could track it easier and address the even processing delay in a more optimal way centrally if it ever becomes a bottleneck
2022-12-05 17:26:29 +07:00
Sam Lord
00d223991d Improved browser test CI integration
refs: https://github.com/TryGhost/Toolbox/issues/481
2022-12-02 17:04:04 +00:00
Sam Lord
7bfe5db716 Ensure tests pass when pointing at a remote server
no issue

This will need some work, since we are introducing a 500ms delay to wait for a network request to return. Ideally the tier expander should eventually populate itself.
2022-12-02 17:04:04 +00:00
Sam Lord
47526bc175 Fixed Portal test in browser suite
no issue
2022-12-02 17:04:04 +00:00
Sam Lord
40903c3136 Fixed browser-based tests in local context
no issue

Local tests can now setup Stripe during the global setup process, and the webhook server is run out-of-process.
Running tests in CI against localhost will use environment variables to setup Stripe.
Providing a test URL will avoid setting up Stripe and will assume that it is already done.
2022-12-02 17:04:04 +00:00
Daniel Lockyer
bc0b1f6adc Added CI for running Playwright tests
🚧
2022-12-02 17:04:04 +00:00
Sam Lord
668e523ab4 Allow playwright tests to run locally and remotely
no issue

This commit allows tests to run remotely by replacing selectors with production-suitable ones (no [data-test...]).

It also allows running locally with Stripe webhooks by adding a new global setup function.
2022-12-02 17:04:04 +00:00
Simon Backx
ea72934c41
Improved email concurrency sending (#15923)
no issue

Send 10 batches at the same time
2022-12-02 15:30:02 +01:00
Simon Backx
2a3a72e4d5
Added email debug API (#15915)
fixes https://github.com/TryGhost/Team/issues/2346

- Adds email batch browse endpoint
- Adds email recipient failures browse endpoint
- Adds new fixtures and E2E tests for the new API
- Added support for snapshot tests to have 'nullable' types.
2022-12-02 09:44:32 +01:00
Simon Backx
4c166e11df
Added E2E tests for batch sending (#15910)
refs https://github.com/TryGhost/Team/issues/2339

- Includes a new pattern in the job manager that allows us to properly
await jobs.
- Added new convenience mocking methods to stub settings
- Tests the main flows for bulk sending:
    - Sending in multiple batches
    - Sending to multiple segments
    - Handling a failed batch and retrying that batch
- Fixes bug in batch generation (ordering not working)

In a different PR I'll add more detailed tests.
2022-12-01 13:43:49 +01:00
Fabien "egg" O'Carroll
c0e91c73d3 Added unique constraint to email_spam_complaint_events table
We can fetch the same event multiple times from Mailgun so we need to
be able to protect against inserting duplicate events in the
database. This will allow us to catch duplicate errors on insert when
handling complaint events.
2022-12-01 17:27:02 +07:00
Fabien "egg" O'Carroll
f9fdee1b28 Wired up storage of EmailSpamComplaintEvents
refs https://github.com/TryGhost/Team/issues/2337

This also removes the code which unsubscribes members from newsletters because
that is not the spec of the feature.
2022-12-01 17:26:59 +07:00
Simon Backx
d8187123af
Added storage for email failures (#15901)
fixes https://github.com/TryGhost/Team/issues/2332

Saves events in the database and collects error information.

Do note that we can emit the same events multiple times, and as a result
out of order. That means we should correctly handle that a delivered
event might be fired after a permanent failure. So a delivered event is
ignored if the email is already marked as failed. Also delivered_at is
reset to null when we receive a permanent failure.
2022-12-01 10:00:53 +01:00
Naz
80decf8303
Fixed invalid query strings in tests
closes https://github.com/TryGhost/Team/issues/2324

- It seemed like the "limit" query parameter did not work properly returning multiple entries from the endpoint. In reality the whole query string was ignored because of an error in the "filter" part of the query ^_^
2022-11-30 13:31:06 +07:00
Naz
65d910f43b
Increased timeout for the import job test
refs 9fe1274fbe

- Temporary fix to let the CI pass the test. Needs investigation into why MySQL is so much slower comparing to SQLite
2022-11-30 13:25:18 +07:00
Naz
9fe1274fbe
Fixed member import job test
refs https://github.com/TryGhost/Team/issues/2326

-  The job takes considerably longer to run with MySQL, so needed a longer sleep time. It's a temporary fix to unblock a broken build. We should investigate why the job takes so long to run on MySQL
2022-11-30 11:15:12 +07:00
Naz
fc9f8aebc1
Fixed ci test runs
refs 3e0ec26408

- The refed commit excluded integration/regression test suites from CI test runs by accident
2022-11-30 10:39:32 +07:00
Kevin Ansfield
457c672c6a
Added URL transform for image cards in Lexical documents (#15890)
refs https://github.com/TryGhost/Team/issues/2225

- updated the `formatOnWrite` transform map for posts to include the new `nodes` and `transformMap` options used by `urlUtils` for transforming node payload data
- added `nodes` to the `lexicalLib` module that pulls in our default nodes to be passed in to the URL transform utilities
- added `urlTransformMap` to the `lexicalLib` module that maps transform type and data type to URL transform utility functions that accept a single URL argument
2022-11-29 16:57:01 +00:00
Fabien "egg" O'Carroll
ba5b8ea33d Added email_spam_complaint_events table and model
refs https://github.com/TryGhost/Team/issues/2318

As with our other events, we've disabled destroy and edit static methods
on the bookshelf model.
2022-11-29 18:13:12 +07:00
Fabien "egg" O'Carroll
83be54af42 Added suppressions table and model
refs https://github.com/TryGhost/Team/issues/2317

This table is used for persisting the email suppression list.
We don't have a member_id column because emails, not members are suppressed.
2022-11-29 18:12:24 +07:00
Simon Backx
f5045b9bf7
Added email renderer implementation draft (#15877)
fixes https://github.com/TryGhost/Team/issues/2308

- Still has some missing pieces, but mostly works.
- Uses new handlebars template for emails
- When sending emails with the new email stability flag enabled, one
test email is now sent via the default smtp ghost mailer.
2022-11-29 11:27:17 +01:00
Simon Backx
f4fdb4fa6c
Added new email event processor (#15879)
fixes https://github.com/TryGhost/Team/issues/2310

This moves the processing of the events from the event-processor to a
new email-event-processor in the email-service package.

- The `EmailEventProcessor` only translates events from
providerId/emailId to their known emailId, memberId and recipientId, and
dispatches the corresponding events.
- Since `EmailEventProcessor` runs in a separate worker thread, we can't
listen for the dispatched events on the main thread. To accomplish this
communication, the events dispatched from the `EmailEventProcessor`
class are 'posted' via the postMessage method and redispatched on the
main thread.
- A new `EmailEventStorage` class reacts to the email events and stores
it in the database. This code mostly corresponds to the (now deleted)
subclass of the old `EmailEventProcessor`
- Updating a members last_seen_at timestamp has moved to the
lastSeenAtUpdater.
- Email events no longer store `ObjectID` because these are not
encodable across threads via postMessage
- Includes new E2E tests that test the storage of all supported Mailgun
events. Note that in these tests we run the processing on the main
thread instead of on a separate thread (couldn't do this because
stubbing is not possible across threads)

There are some missing pieces that will get added in later PRs (this PR
focuses on porting the existing functionality):
- Handling temporary failures/bounces
- Capturing the error messages of bounce events
2022-11-29 11:15:19 +01:00
Rishabh
64ac47f4ef Added table to store email recipient failures
refs https://github.com/TryGhost/Team/issues/2291

When sending out mails to individual recipients, its possible that recipient gets a temporary or permanent failure for receiving the mail. Temporary failures can generally get resolved after a bit when the recipient’s mail server accepts the email, unlike permanent failures. For both customer visibility and easier debugging on what went wrong while delivering to a particular recipient, we’ll store the permanent/temporary failure for a recipient.

- migration adds a new table that stores the failure information for the recipients
2022-11-29 15:19:36 +05:30
Ghost CI
4a3ac50a82 Merged v5.24.2 into main 2022-11-28 17:36:37 +00:00
Simon Backx
6e72767a50
Fixed verification trigger not working for large imports (#15887)
fixes https://github.com/TryGhost/Team/issues/2326

When importing more than 500 members, we didn't testImportThreshold at
the right time. It was called too early because the importing job was
not awaited. This also adds an E2E test for this case.
2022-11-28 18:22:10 +01:00
Elena Baidakova
1b784b5ec5
Added events to Post Analytics page (#15886)
closes TryGhost/Team#2313
- Added Sent event to Post analytics and Members feed. Now post can be
Sent or Received or Bounced.
- Excluded Delivered event from Sent filter on backend.
2022-11-28 17:43:35 +04:00
Naz
60d066b243
🔒 Disabled editable relations by default
refs https://github.com/TryGhost/Ghost/security/advisories/GHSA-9gh8-wp53-ccc6
refs https://github.com/TryGhost/Toolbox/issues/465

- Bookshelf relations allows us to edit relational records by default, which was used liberally in the codebase.
- Not having a clear track record of editable relations left the model layer prone to triggering unwanted nested saves and created a vulnerability where members were able to edit newsletter settings.
- With explicit editable relations it's easier to keep track of relations having editable access to related records. Makes the relational data modification pattern safer to use too.
- Anyone running 5.x should update to 5.24.1

Credits: Dave McDaniel and other members of [Cisco Talos](https://talosintelligence.com/vulnerability_reports)
2022-11-28 18:40:26 +07:00
Naz
22738b1b50 🔒 Disabled editable relations by default
refs https://github.com/TryGhost/Ghost/security/advisories/GHSA-9gh8-wp53-ccc6
refs https://github.com/TryGhost/Toolbox/issues/465

- Bookshelf relations allows us to edit relational records by default, which was used liberally in the codebase.
- Not having a clear track record of editable relations left the model layer prone to triggering unwanted nested saves and created a vulnerability where members were able to edit newsletter settings.
- With explicit editable relations it's easier to keep track of relations having editable access to related records. Makes the relational data modification pattern safer to use too.
- Anyone running 5.x should update to 5.24.1

Credits: Dave McDaniel and other members of [Cisco Talos](https://talosintelligence.com/vulnerability_reports)
2022-11-28 18:39:39 +07:00
Sam Lord
8b80233ae6 Added sample Portal test to PlayWright suite
refs: https://github.com/TryGhost/Toolbox/issues/479
2022-11-24 17:47:04 +00:00
Sam Lord
6fe5023e91 Added working Playwright tests
refs: https://github.com/TryGhost/Toolbox/issues/479
2022-11-24 15:11:40 +00:00
Hannah Wolfe
62cd52ff98 Improved Sentry server side error reporting
refs: https://github.com/TryGhost/Team/issues/1121
refs: 54574025e0

- The previous change to fall back to a generic error on the server side is resulting in lots of much less useful Sentry reports
- For unexpected errors, change what's sent to Sentry back to context
- This is done by adding a specific code, so we don't have to match on a string that might change
- Also add the error type, id, code & statusCode as tags to the events - these are searchable structured data
- Adding code as a tag also makes it possible to find all errors that showed the generic message
2022-11-23 12:37:24 +00:00
Hannah Wolfe
36b80f2dda Updated sentry to use @tryghost/version
- As demonstrated by my comments in the boot file, I thought sentry was already depending on the version package
- IMO it's undesirable to require package.json directly esp when we have a tool setup and ready for tis
- Added a bunch of tests to show that Sentry does roughly what we think
2022-11-23 12:37:24 +00:00
Elena Baidakova
8d9d22e5a7
Added member API for removing email from suppression list (#15867)
closes TryGhost/Team#2306
2022-11-23 14:41:00 +04:00
Simon Backx
4b4592630f
Added new email batch sending service (#15865)
fixes https://github.com/TryGhost/Team/issues/2284

New batch sending flow (still WIP). Logs the sent emails instead of actually sending them. Unit tests are coming in later commits.
2022-11-23 11:33:44 +01:00
Rishabh
5780fc2a93 Added new source and source type columns to emails table
refs https://github.com/TryGhost/Team/issues/2280

We are moving away from storing html and plaintext on email and instead will store the email data in source and source_type columns which allows us to store the email in other formats like mobiledoc and lexical. Storing in those formats allows greater flexibility for later html generation

- adds new `source` column that stores `mobiledoc`/`lexical`/`html` data for a newsletter
- adds new `source_type` column that stores one of `mobiledoc`/`lexical`/`html` to identify type of source
2022-11-23 15:04:11 +05:30
Rishabh Garg
d3267dd5b0
Added columns to store error information for email batches (#15859)
closes https://github.com/TryGhost/Team/issues/2290

Currently, if the whole batch of email fails to send we don’t capture
any errors directly tied to the batch. This makes it hard to debug which
and why a batch failed when debugging email errors. Going forward we'll
store the error information for a failing email batch directly that
allows easier debugging for batch.

- `error_status_code` : Captures statusCode returned by Mailgun,
available in error.status from the example batch error
- `error_message` : Captures short error message from Mailgun and
status, available in context object of batch error
- `error_data` : Captures while whole error json for a batch. As
mentioned in pitch, this will be huge data and we’ll figure out long
term how to best use this.
2022-11-23 13:13:49 +05:30
Sam Lord
f6870fa846 Added browser-based testing framework
refs: https://github.com/TryGhost/Toolbox/issues/479

Framework includes:
* command to run tests
* command to record tests
* mechanism for starting and stopping Ghost before and after each suite of tests
* mechanism for loading fixtures into Ghost before starting tests
* sample test for controlling Ghost Admin
2022-11-22 14:12:34 +00:00
Simon Backx
44f189b56a
Added email service package (#15849)
fixes https://github.com/TryGhost/Team/issues/2282

Added a new email service package that is used when the email stability
flag is enabled. Currently not yet implemented so will throw an error
for all entry points (if flag enabled).

Removed usage of `labs.isSet.bind` across the code, because that breaks
the stubbing of labs by `mockManager.mockLabsEnabled` and
`mockManager.mockLabsDisabled`. `flag => labs.isSet(flag)` should be
used instead.

All email depending tests now disable the `emailStability` feature flag
to keep the tests passing + make sure we still run all the tests for the
old flow while the email stability package is being built.
2022-11-21 10:29:53 +01:00
Simon Backx
5c2f0b9a4b
Removed getCreatedEvents and added verification trigger test (#15832)
refs https://github.com/TryGhost/Team/issues/2266

This removes the deprecated `getCreatedEvents` method in the event
repository and adds tests to the verification trigger to see if we don't
break anything.

Changes extracted from https://github.com/TryGhost/Ghost/pull/15831
2022-11-18 15:05:15 +01:00
Simon Backx
2220686113 Sped up comments and feedback tests by reusing Ghost app instance
refs https://ghost.slack.com/archives/C02G9E68C/p1668777066462859

Added a duplicate method to the mmebers agent, so we can reuse the same app instance and options, whenever we need multiple agents (each with their own cookies).
2022-11-18 14:58:35 +01:00
Fabien 'egg' O'Carroll
8283de99c8
Wired up EmailSuppressionList to Members Admin API (#15848)
refs https://github.com/TryGhost/Team/issues/2268

The approach of using the service to lead email suppression data as
opposed to bookshelf relations allows us to wire things up without
having implemented the database. The getBulkSuppressionData allows us to
do this without much of a DB performance hit.
2022-11-18 16:28:13 +07:00
Ronald Langeveld
08232bd538
Cleaned up GA Flags (#15762)
closes https://github.com/TryGhost/Team/issues/2126

- Cleaned up the following GA flags: `newsletterPaywall`, `freeTrial`, `compExpiring`, `searchHelper`, `emailAlerts`, `fixNewsletterLinks`.
2022-11-18 16:09:25 +07:00