Commit Graph

1762 Commits

Author SHA1 Message Date
Jason Williams
0fc152b2ad Fix up users API so admin role can edit owner
No Issue.
- Make sure that a user with the Admin role can edit the Owner.
- Add test for behavior.
2015-01-20 21:34:24 +00:00
Jason Williams
7578d674ae Fixup finding user by role name
No Issue.
- Build up query object to lookup a user by the name of a role.  Return
  user with "roles" objects included.
- Add test for findOne by role.
2015-01-20 18:31:17 +00:00
Jason Williams
d5d7919d26 Assume datetime in import filename is UTC
No issue.
- Add missing catch handlers to async tests.
2015-01-18 21:20:51 +00:00
Mark Stosberg
770317b834 Refactor: Make checkSSL unit-testable and add unit tests for it.
- Code was moved to core/server/middleware/middleware.js, which is the
  home for unit-testable middleware.

- Functional code coverage for this code also exists at:
  test/functional/routes/admin_test.js
2015-01-18 13:44:50 -05:00
Josh Vanderwillik
094d6dfc38 Make HTTPS compatible with a Ghost module
closes #4434
- Change an incorrect redirect
2015-01-17 21:23:31 -05:00
Jason Williams
1c07273f5a Update grunt-jscs dependency
No Issue
- grunt-jscs@1.2.0
- Clean up some instances of multiple spaces.
- Remove jscs:disable for regexes now that jscs better supports them.
2015-01-16 18:06:20 +00:00
Jason Williams
aee472eb65 Check all users when generating slug
No Issue
- Set 'status: all` when calling generateSlug from the user model
  so that all user slugs are checked for duplicates instead of
  only active users.
2015-01-16 06:56:53 +00:00
Matt Enlow
3982e0f871 Merge pull request #4804 from jaswilli/issue-4539
Connect Navigation page to live data
2015-01-14 15:45:04 -07:00
Jason Williams
a007ae1442 Connect Navigation page to live data
Closes #4539
2015-01-14 21:24:08 +00:00
Sebastian Gierlinger
023a37b074 Merge pull request #4772 from ekulabuhov/4262_NextPrevPostWIP
[API] Retrieve next and previous post
2015-01-14 10:32:07 +01:00
Eugene Kulabuhov
0e2709c42f [API] Retrieve next and previous post
closes #4262
- implementation based on #1545
- added integration test. Modified mocked posts because code requires published_at timestamps to be different.
- fixed 2 broken tests that depended on mocked posts to have "new Date()" as their timestamps
- added checks to only query db if next/previous post requested
2015-01-13 12:49:16 +00:00
Hannah Wolfe
0cb3483bc0 Merge pull request #4694 from PaulAdamDavis/navigation-ember
Navigation UI Ember Integration
2015-01-13 09:31:32 +00:00
Paul Adam Davis
6cc5a58b68 Navigation UI Ember Integration
Closes #4537

- Adds Navigation to the Settings menu
- Adds a `navigationUI` config flag (redirects if not an editor or author)
2015-01-11 20:04:01 +00:00
Jason Williams
be462d8d94 Merge pull request #4781 from ErisDS/has-tag-fix
Fix has helper tag matching
2015-01-11 13:01:55 -06:00
Hannah Wolfe
3f34162fd9 Fix has helper tag matching
fixes #4780
2015-01-09 21:52:23 +00:00
Hannah Wolfe
283deb2461 Fix email sending fail when blog title has a comma
no issue

- We send emails from Blog Title <ghost@blog-url.com>, but it should be from "Blog Title" <ghost@blog-url.com>
- It worked fine without quotes unless you have a comma in your Blog Title in which case different mail systems get confused in different ways
2015-01-09 21:34:24 +00:00
Jason Williams
7501b4478d Merge pull request #4692 from ErisDS/markdown-importer
Add markdown file handler to importer
2015-01-09 14:44:46 -06:00
Hannah Wolfe
fbdabce086 Add markdown file handler to importer
closes #4691

- adds a file handler for markdown file (.md and .markdown)
- handles titles and featured images
- gets status, date, and slug from the filename
- has a test suite
2015-01-09 20:04:56 +00:00
Jeremiah Hoyet
bbe3ceb025 Fixed issue where Gravatars with rating higher than G would cause a 404 error.
closes #4770
- Check for Gravatar now allows the highest rating for images
- Defaults to silhouette in the event a user deletes their Gravatar
- Allows highest rating for Gravatars (x), since Ghost should have no opinion on image ratings.
2015-01-08 19:34:28 -05:00
Hannah Wolfe
1f22d8c28c Move tag management from behind config/labs flags
issue #4248

- tag management is ready for release, this takes the training wheels off :)
- remove config flag
- remove labs checkbox and related code
2015-01-06 18:56:42 +00:00
Jason Williams
7f753acff1 Merge pull request #4752 from ErisDS/importer-updates
Image Importer Improvements
2015-01-05 10:39:35 -06:00
Jason Williams
05877124ae Remove unneeded promises and fix tests 2015-01-04 21:05:31 +00:00
Jason Williams
7c7dbb911c Merge pull request #4750 from ErisDS/labs-thing
Labs page checkboxes
2015-01-04 13:44:47 -06:00
Hannah Wolfe
3310dba9ea Merge pull request #4738 from jaswilli/socket-perms
Allow socket permissions to be set from config
2015-01-03 19:41:27 +00:00
Hannah Wolfe
add4c6b078 Image Importer Improvements
ref #4608, #4609, #4690

- fix errors with cleaning up files
- improve handling of base directories, and introduce a simple valid format for zips (must contain importable files or folders, and may contain up to one base directory)
- vastly improve test coverage
2015-01-02 22:54:40 +00:00
Paul Adam Davis
cc6f698053 Start of labs
issue #4409
2015-01-02 15:58:36 +00:00
Jason Friedrich
bc74c89e76 Update excerpt helper to properly filter HTML footnotes
closes #4741
- updated regexp to properly filter out footnotes without removing too much text
- happened only when a link was used before a footnote
- old regexp was too 'greedy' and removed regular link together with the footnote
- new regexp uses a more specific <a> tag
2015-01-01 06:45:06 +01:00
Jason Williams
6c1287c3a2 Allow socket permissions to be set from config
Closes #4478
2014-12-31 15:28:04 +00:00
Jason Williams
0dc0d37888 Change url and image into synchronous helpers
Closes #3961
2014-12-29 18:44:15 +00:00
Jason Williams
f6736049c3 Fix up HTTP API handler
No Issue
- Add Location header for tags.
- Ensure Location header has trailing slash.
- Remove unnecessary promises/async.
2014-12-28 05:27:29 +00:00
Jason Williams
d59f873aec Update dependencies
No Issue
- bluebird@2.4.2
- body-parser@1.10.0
- busboy@0.2.9
- connect-slashes@1.3.0 (remove base path option which is no
  longer needed)
- fs-extra@0.13.0
- glob@0.4.2
- passport@0.2.1
- passport-oauth2-client-password@0.1.2
- grunt-jscs@1.1.0
2014-12-25 00:22:45 +00:00
Jason Williams
2c66430dba Merge pull request #4690 from ErisDS/image-importer
Add support for importing images
2014-12-24 17:08:13 -06:00
Hannah Wolfe
a54b5c4af1 Merge pull request #4698 from jaswilli/tag-dup-slugs
Run tag add operations in sequence
2014-12-22 10:00:05 +00:00
Hannah Wolfe
7f4539e67e Merge pull request #4693 from cobbspur/metatags
Updated meta helpers to use tag meta data if present
2014-12-22 09:56:11 +00:00
Jason Williams
633cf1385a Run tag add operations in sequence
Closes #4697
- Run tag add operations in sequence instead of in parallel
  since generateSlug will hand out duplicate slugs until one of
  them is committed to the database.
- Add test.
- Misc cleanup of method parameter names and jshint hints.
2014-12-22 00:41:10 +00:00
cobbspur
32059812a9 Updated meta helpers to use tag meta data if present
No issue

- Tag Meta title and description override default response
- Tag Meta title present on all pages
- Tag Meta description available only on first page
 - Updates tests
2014-12-21 11:39:49 +00:00
Hannah Wolfe
ba3d4b3689 Add support for importing images
closes #4608, #4609

- image handler loads in any image files & figures out where they'll get stored
- image importer has a preprocessor which replaces image paths in
  pertinent spots of post, tag and user models
- image importer stores images, keeping the path where it makes sense
- basic test for the preprocessor
2014-12-21 01:58:35 +00:00
Jason Williams
591fa349aa Finish up post count support in tags API
Refs #4521
- Handle 'include' query param in tags API.
- Add post_count support when fetching a tag with findOne.
- Remove post_count from options.include after processing.
- Extra database query no longer used to fetch post_count.
2014-12-19 21:46:34 +00:00
Hannah Wolfe
6af0b83b7c Merge pull request #4670 from jaswilli/model-opt
Optimize model class methods
2014-12-19 21:19:01 +00:00
Hannah Wolfe
e6227e7a24 Merge pull request #4674 from delgermurun/post-sort
Add 'id' to post sort fields. So there is no longer equally sorted posts.
2014-12-19 21:05:45 +00:00
Jason Williams
5c6d45f258 Optimize model class methods
No Issue
- Reorder promise chains to defer database queries until they
  are needed.
- Execute database queries that are not dependent on each other in
  parallel instead of sequentially.
- Reduce the number of variables used to hold state across multiple
  promise blocks.
- Do not go async unless necessary.
2014-12-19 00:54:22 +00:00
Hannah Wolfe
8ceb896e96 Merge pull request #4654 from ekulabuhov/4521_TagPostCount
[API] Return post count for each tag
2014-12-19 00:17:36 +00:00
Eugene Kulabuhov
539accf69f [API] Return post count for each tag
closes #4521
- if '?include=post_count' present, query db for tag/post_count information
  and append it to returned JSON
- fixed linter errors
- added integration test
- parsing to int as knex (or PostGres driver) is returning bigint as strings
- iterating through a smaller collection to avoid exception
2014-12-18 23:54:18 +00:00
Hannah Wolfe
3c9273ed37 Data importer improvements and fixes
refs #4605, #4479

- Removes versioning from the importer
- Fixes an issue with SQLITE errors not being thrown properly for posts
- Ensures that posts have a created_at date
- Makes sure that the API wrapper is properly handled
2014-12-18 19:50:53 +00:00
Jason Williams
68df133d65 Merge pull request #4646 from ErisDS/importer-refactor
Refactor importer with tests
2014-12-18 13:24:11 -06:00
Hannah Wolfe
1b37ba5753 Merge pull request #4676 from jaswilli/pg-update
Update pg package and convert data to correct type
2014-12-18 16:50:01 +00:00
Jason Williams
3ad68526cb Update pg package and convert data to correct type
No Issue
- Switch 'pg.js' package for 'pg' as the native bindings are
  now an optional add-on to pg and pg.js has been deprecated.
- pg@4.1.1
- Set the driver's parser to automatically convert integer data
  returned from postgres into a javascript integer.
2014-12-18 14:58:20 +00:00
Delgermurun
afdb3a948d Add 'id' to post sort fields. So there is no longer equally sorted posts.
closes #4648
- Add id to order by fields on posts API
- Order by id on posts controller
2014-12-18 11:34:26 +08:00
Hannah Wolfe
20710b9eba Refactor importer with tests
refs #4605

- Move as much code as possible out of the DB API
- Split the importer into 2 concepts, code which handles different
  filetypes and code which takes the content of files and imports it into
  Ghost in some way
- Split the import process into 4 steps, load the file into a useful
  format, preprocess the data, do the import, generate a report
- Reporting is currently a no-op
- Adds a basic level of testing
2014-12-17 18:22:39 +00:00
cobbspur
cbcda2faf8 Provide absolute blog url in sitemap
No issue

- Adds {{blog-url}} to sitemap.xsl
- Replaces all occurences of {{blog-url}} with absolute bkog url
2014-12-17 14:55:27 +00:00
cobbspur
7d79016af5 stop middleware converting favicon to string
closes #4658

- adds conditional to prevent favicon being processed as a string
2014-12-16 20:22:31 +00:00
Hannah Wolfe
a0db21d3ec Merge pull request #4629 from cobbspur/postpreview
Add view post link on published and updated posts
2014-12-15 13:28:47 +00:00
cobbspur
53d12a9659 Add view post link on published and updated posts
closes #1756

- adds a post url link to 'post updated' and 'post published' in editor
- adds join function in ghost paths
- adds a '/' detection to makeRoute method
- adds test for join function
2014-12-15 12:18:47 +00:00
Hannah Wolfe
9bb3be49d5 Merge pull request #4636 from cobbspur/sitemap
Fixes sitemap image errors
2014-12-14 23:27:04 +00:00
cobbspur
4ca87f6336 Fixes sitemap image errors
closes #4591

- switches to using author cover image
- adds a protocol of http if using a protocol relative url
2014-12-14 23:03:40 +00:00
cobbspur
9a0dc0be58 Adds complete url for Sitemap in robots.txt
closes #4589

- Adds {{blog-url}} to robots.txt
- Replaces {{blog-url}} with blog.url from config
2014-12-13 18:01:28 +00:00
Hannah Wolfe
35ee121761 Merge pull request #4628 from sebgie/issue#4624
Password change MU
2014-12-12 10:07:34 +00:00
Sebastian Gierlinger
40c78493a3 Password change MU
closes #4624
- added user_id to password reset request
- hide old password field
- updated changePassword method to check permissions
- updated changePassword method to work without oldPassword
- fixed bug for errors shown as [Object object]
2014-12-11 21:23:07 +01:00
Sebastian Gierlinger
f531ef19f8 Merge pull request #4626 from ErisDS/issue-4607
Add support for zip import
2014-12-11 20:52:04 +01:00
Sebastian Gierlinger
1626a8f292 Merge pull request #4529 from cobbspur/permalink
Return computed url with post object
2014-12-11 10:30:41 +01:00
Hannah Wolfe
6ff51ad44e Add support for zip import
fixes #4607

- moves file checks from db and upload API endpoints to api utils
- adds code to accept and then extract a zip and pull out a JSON file
- zip handling requires a lot of dependencies - this needs a good refactor
2014-12-10 20:21:06 +00:00
cobbspur
cd5d87ddf2 Return computed url with post object
closes #4445

- post model gets permalink format
- post model queries urlPathForPost to return computed url
- url helper modified to use post url
- urlForPost method abolished and replaced where necessary
- updated tests
2014-12-10 17:23:02 +00:00
Jacob Gable
ef16c67a15 Sort newest to oldest in sitemap files
Closes #4611

Refactored generateXmlFromNodes to pull the urlElements itself from
sorted values in the lookup

Added some checks to existing unit tests to validate ordering.
2014-12-09 12:41:31 -08:00
Hannah Wolfe
2ef77d69de Sitemaps correctly filter draft posts
fixes #4612

- adds missing line of code to remove draft posts
- adds tests to check drafts aren't added
2014-12-09 17:27:12 +00:00
Paul Adam Davis
4e6c867183 Change sitemap root location
Closes #4590

- Removes `-index` from the root sitemap
- Removes redirects (which send sitemap.xml to sitemap-index.xml)
- Adjust tests
2014-12-07 11:59:43 +00:00
Sebastian Gierlinger
658dea9e6b Merge pull request #4580 from ErisDS/footnote-excerpt
Strip footnotes from excerpts
2014-12-04 17:24:56 +01:00
Hannah Wolfe
591d653b36 Strip footnotes from excerpts
fixes #4572

- Remove both inline and bottom footnotes from excerpt output before stripping the remaining HTML
- No more red errors, black text or bold links in codemirror, as codemirror gets confused by footnote syntax. This is a step towards the new editor which has no syntax highlighting in the editor
2014-12-04 15:28:30 +00:00
Jason Williams
de20f3af2a Match labels with element ids.
Refs #4578
- Match label "for" attributes with ids from the inputs they're
  labeling.
- Remove extra promise generation from ghost header and footer helpers.
2014-12-04 15:21:27 +00:00
Sebastian Gierlinger
32959b2269 Merge pull request #4578 from ErisDS/pr-3489
Code Injection PR 3489 rebased and updated
2014-12-04 15:16:37 +01:00
Sebastian Gierlinger
0b2541b19f Merge pull request #4575 from ErisDS/highlight
Adds markdown highlight support
2014-12-04 15:00:01 +01:00
Hannah Wolfe
9783f16e76 Adds markdown highlight support
closes #4574

- adds highlight showdown extension with tests
2014-12-04 13:37:29 +00:00
Hannah Wolfe
904918d5cc Code Injection - adds perms, shortcuts, icon, flag
refs #1993

- adds ctrl/cmd+s for save
- adds config flag
- adds icon on settings page, puts items in the right order
- sorts out permissions for all settings pages with consistent configuration
2014-12-04 13:34:44 +00:00
Hannah Wolfe
818085f18c Add XSL for Sitemaps
fixes #4555

- There's no easy way to declare an XSL with the node xml module, so I
  needed to move the declarations to both be strings
- Ideally the code to serve the XSL would also be inside the sitemap
  module, but I think we need to refactor a bit to get there easily
- Added the XSL from #4559, with minor amends to make the tables and urls
  display correctly
2014-12-04 09:38:09 +00:00
Sebastian Gierlinger
319887c77b Merge pull request #4573 from ErisDS/limit-all-sitemaps
Add limit=all consistently to users, posts & tags
2014-12-04 09:45:33 +01:00
Stefan Baumgartner
60effc1b51 adds code injection admin frontend implementation, handlebar helpers + settings
escaping handlebars
2014-12-04 04:16:08 +00:00
Jason Williams
5f9620cde0 Merge pull request #4567 from cobbspur/imagesubdir
Fix image helper for subdirectories
2014-12-03 14:39:52 -06:00
cobbspur
5f07f5503e Fix image helper for subdirectories
closes #4566

- Url created within urlFor with image context rather than calling createUrl function
2014-12-03 20:19:22 +00:00
Hannah Wolfe
9b146e59bb Add limit=all consistently to users, posts & tags
refs #623, #4348

- this fixes sitemaps to list all posts, pages, tags and users
- makes the API behave consistently across all paginated resources
2014-12-03 18:46:26 +00:00
Hannah Wolfe
13757041d9 Merge pull request #4270 from mispy/footnotes2
Footnotes extension for Showdown
2014-12-03 13:38:47 +00:00
Sebastian Gierlinger
9b8141bb08 Merge pull request #4530 from ErisDS/issue-4498
API - no more m-2-m relation ids by default
2014-12-02 20:49:47 +01:00
Hannah Wolfe
4cb909542a API - no more m-2-m relation ids by default
closes #4498

- remove toJSON code which returns only IDs from objects
- don't auto-include tags & fields in post responses
- don't auto-include roles in user responses
- fix #allthethings that made assumptions about the auto-includes, or otherwise were only working because of the auto-include
2014-12-02 19:24:44 +00:00
Hannah Wolfe
89905a8e3c Merge pull request #4560 from cobbspur/labs
Move ugly debug to Settings  Labs
2014-12-02 10:34:17 +00:00
cobbspur
edfa74f349 Move ugly debug to Settings Labs
closes #4534

- Adds new Labs route
- Wires route in settings page
- Move and rename debug templates and logic to labs
- Redirect /debug to settings/labs
2014-12-01 19:19:08 +00:00
Hannah Wolfe
c06e649ab1 Merge pull request #4554 from sebgie/issue#3872
URL safe base64 encoding
2014-12-01 16:56:14 +00:00
Sebastian Gierlinger
9ddabffa10 URL safe base64 encoding
closes #3872
- updated base64 escaping to respect + and \
- updated base64 escaping to remove = during transport
- updated tests
2014-12-01 16:59:49 +01:00
Hannah Wolfe
aa44743c67 Merge pull request #4531 from Gargol/issue-4485
Cleans up HTML data attributes on body in default.hbs
2014-12-01 10:54:19 +00:00
Hannah Wolfe
d2d9e4aea2 Merge pull request #4348 from jgable/sitemaps
Generate sitemap.xml
2014-12-01 09:28:14 +00:00
Jacob Gable
fe7e4311f1 Update getting started link
No Issue

Fixed link anchor address that was changed
2014-11-30 20:52:37 -08:00
Jacob Gable
2cfa18475a Generate sitemap files
Closes #623

- Add basic init and eventing scaffold
- Add sitemap-index.xml generation
- Broke out generators to individual files, added request handler
- Add page, author and tag xml files; add index mapping
- Add SiteMapManager unit tests
- Add Generators tests
- Cache invalidation headers for sitemap-*.xml
- Redirect sitemap.xml to index and rename to sitemap-index
- Handle page convert and publish/draft changes
- Add very basic functional test for route existence
- Add cache headers to sitemap routes
2014-11-30 10:49:45 -08:00
Nazar Gargol
df5a598718 Cleans up HTML data attributes on body in default.hbs
closes #4485

- removes data attributes used on body in default.hbs
- introduces new way to generate configuration through meta tags
- config initializer consumes configurations from the meta tags using parser
- moves blog_title helper/value to be a property in a configuration api
2014-11-29 17:09:43 +01:00
Hannah Wolfe
423f0031f6 Merge pull request #4538 from jaswilli/config
Add Ghost version to config object.
2014-11-29 16:05:04 +00:00
Jason Williams
86cb690474 Merge pull request #4518 from ErisDS/rss-fixes
Change RSS content type & use absolute URL in meta
2014-11-28 13:07:07 -06:00
Hannah Wolfe
6f0bca8d57 Merge pull request #4522 from felixrieseberg/iss4487
Dynamic Titles in Ghost Admin
2014-11-28 19:06:44 +00:00
Jason Williams
1d562c8914 Add Ghost version to config object.
No Issue
- Use Ghost version value that is already loaded instead of
  reading package.json from the filesystem and parsing it on
  every call into the configuration API.
2014-11-28 18:08:50 +00:00
Felix Rieseberg
7c4381c812 Dynamic Titles in Ghost Admin
- Every route can set a title token that is combined with the blog’s
title, resulting in titles like ‘Content - Test Blog’.
- Subroutes are supported (‘Settings - General - Test Blog’)
- The blog’s name is applied to and taken from the `config` object to
spare Ember a REST call via `store.find(‘settings’)`.
- Tests have been changed to test for the new titles.
- The initially proposed solution
(https://github.com/paddle8/ember-document-title) doesn’t play nice
with EAK, which is why I went with this solution
(https://gist.github.com/machty/8413411) by Ember.JS core dev @Machty.
2014-11-27 15:41:00 -08:00
Jason Williams
50cb92d4fd Merge pull request #4512 from sanddudu/patch-3
Fix gravatarLookup method
2014-11-25 09:56:50 -06:00
sanddudu
904727a927 Fix gravatarLookup method
Closes #4511
- Add missing "return"
- Fix error handling
2014-11-25 21:30:53 +08:00
Hannah Wolfe
31ae0c6923 Change RSS content type & use absolute URL in meta
no issue

- changes the content type for the RSS feeds from text/xml to
  application/rss+xml
- changes the link rel=alternate tag to use an absolute URL for the feed
  in the blog meta data
2014-11-24 22:33:49 +00:00
Hannah Wolfe
af7bbb83e4 Merge pull request #4091 from hswolff/remove-a-cd
Removes objectTypeModelMap to reduce circular dependency.
2014-11-24 11:59:07 +00:00
Sebastian Gierlinger
3fd6c80bb7 Merge pull request #4490 from thisishugo/url-safe-tokens
Make tokens URL safe
2014-11-21 11:30:30 +01:00
Jason Williams
b31fec6e2f Fix updateConfigTheme method.
No Issue
- Fix exception being thrown when updateConfigTheme called before
  settingsCache fully populated.
- Remove unnecessary check in a conditional in the migration command
  builder.
2014-11-20 14:54:37 +00:00
Hugo Jobling
11a0f01e25 Make tokens URL safe
Base64 encoding causes some issues when the token is URL encoded
as the = symbol is not a valid URL character. We replace any =
symbols with a - as this is valid in a URL, but is guaranteed
not to appear in a base64 string. This fix ensures that Ghost
password resets work with mail providers such as Mailgun that
add their own tracking redirects

closes #3872 (for real this time)
2014-11-20 11:38:43 +00:00
Hannah Wolfe
1079ef8aeb Merge pull request #4466 from VictorVation/url-validation
Improve validation for user.website
2014-11-17 15:43:25 +00:00
Jason Williams
da095ba551 Merge pull request #4436 from mattiascibien/issue-4232
Do not eagerly fetch relations in when finding all posts
2014-11-17 09:36:42 -06:00
Victor Szeto
2e8e2ce367 Improve validation for user.website
closes #4444
- validate URL without protocol in server and client
- when saving url, add `http://` if the url doesn't have a protocol
2014-11-17 00:40:43 -05:00
Jason Williams
e499e5dda9 Fix invalid image helper URLs when using a subdir.
No Issue
- Strip sub-directory from image paths before passing to
  config.createUrl. Since images are stored with the sub-directory
  and createUrl builds a URL with the sub-directory the result
  would be a URL that contains the sub-directory twice.
2014-11-17 05:32:51 +00:00
Jason Williams
cb544d7e81 Clean up whitespace from #4349. 2014-11-16 18:14:18 +00:00
Matt Enlow
39bf4ed9eb Merge pull request #4349 from yurynix/master
Workaround for outlook, who doesn't like quoted-printable encoding
2014-11-16 09:28:49 -07:00
Jason Williams
15fe121490 Fix gravatar request url.
Refs #4367
- 'http:' was accidentally left out when passing the gravatar
  URL into request, and request requires the full scheme to be present.
2014-11-16 04:33:33 +00:00
Hannah Wolfe
d3f70e3b24 Update showdown to showdown-ghost 0.3.4
closes #2675

- update showdown to the newly published showdown-ghost module which has a fix for the lack of language support in codeblocks
2014-11-15 16:37:35 +00:00
Sebastian Gierlinger
819a978192 Merge pull request #4406 from RaoHai/tag-endpoints
full BREAD Tag endpoints and Tag api tests
2014-11-13 19:25:36 +01:00
Mattias Cibien
8997cd0ffc Do not eagerly fetch relations in when finding all posts
fixes #4232
- do not fetch tags and fields relations in post.findAll()
2014-11-13 11:01:28 +01:00
Jason Williams
a2e670cb0b Merge pull request #4320 from felixrieseberg/iss4235
Work with case-sensitive email addresses
2014-11-12 19:35:38 -06:00
Felix Rieseberg
af1d2201b0 Work with case-sensitive email addresses
Closes #4235
2014-11-12 17:18:53 -08:00
surgesoft
d9643ed2f4 full BREAD Tag endpoints and Tag api tests
close #4263
- implemented full BREAD Tag API
- deleting a tag will also detach its relations to posts
- tests of Tag API
2014-11-13 00:44:36 +08:00
Jason Williams
9ca6a816aa Drop socket reference on close.
Closes #1976
- Prevent the unbounded memory growth caused by maintaining
  a reference to the socket object that is created on every connection.
2014-11-11 19:23:07 +00:00
Jaiden Mispy
31eea94b18 Add footnotes extension to showdown
refs 1318
- based on Markdown Extra https://michelf.ca/projects/php-markdown/extra/
- allows [^n] for automatic numbering based on sequence
2014-11-11 19:24:04 +11:00
Harry Mills
edef05339e Adds SIGTERM handling
closes #4403
- adds SIGTERM handler to match SIGINT handler
2014-11-05 15:38:35 +00:00
Jason Williams
d5f13e1510 Merge pull request #4384 from meowtec/fix-error-log
fix bug in which `logError` could not resolve an err without `message`
2014-11-04 23:20:47 -06:00
meowtec
d42703dd9f Correct logError to log err which has undefined message
closes #4384
 - if err is `object` && `err.message` isNOT `string`, let err = `An unknown error occurred.`
2014-11-05 11:03:33 +08:00
cobbspur
69d4852a6d Create Tags Management Stubs for Ember
closes #4260

- Adds "tags" route inside of the settings routes.
- Adds this route to router.js
- Links the route from the settings.hbs template
- Adds demo tags html in tag.hbs template
- Adds flag for tagsUI
2014-11-04 15:50:41 +00:00
Hannah Wolfe
67e33a65e8 Merge pull request #4317 from cobbspur/image
Created image helper with absolute url option
2014-11-03 15:21:35 +00:00
Hannah Wolfe
fe659117bc Merge pull request #4155 from jgable/importDuplicates
Remove duplicate posts and tags on import
2014-11-03 15:03:44 +00:00
Jason Williams
8249d88cdd Timeout after two seconds on gravatar lookup.
Refs #4277
- Switch from the built-in http module to request and set
  a timeout of 2 seconds on gravatar lookup requests.
- Move request package from devDependencies to dependencies.
2014-10-30 20:01:11 +00:00
Yury Michurin
198017d1a7 Workaround for outlook, who doesn't like quoted-printable encoding
For example, outlook 2013 plus would not interpert the following html
(encoded via quoted-printable encoding):
<a href=3D=22http://engineering=
.como.com/ghost/signup/MTQxNTcwNzM5MTYwN3x5dXJ5QG5peC5jby5pbHx3NVBmUUN4RGZr=
cGhKc3FPOElybXNZNWtzR0FMTU9tRFI5UlNyRWQ4SGJZPQ=3D=3D/=22 style=3D=22color:
=

The workournd forces node-mailer to user base64, which outlook understands
well.
2014-10-28 15:03:32 +02:00
cobbspur
4a56d10c86 Created image helper with absolute url option
closes #4231

- Adds {{image}} helper
- Adds image_spec test unit
- Updated {{ghost_head}} to use image helper
2014-10-28 13:14:41 +02:00
Hannah Wolfe
dbf055907a Merge pull request #4338 from felixrieseberg/iss3858
Enable :author as permalink option
2014-10-28 12:58:39 +02:00
Harry Wolff
6cbcfac72b Removes objectTypeModelMap to reduce circular dependency.
refs #2455

- also note areas where we still have lazy loading of modules.
- moves one lazy loading to non-lazy require.
2014-10-27 20:48:22 -04:00
Jacob Gable
5de5cfe7a1 Remove duplicate posts and tags on import
Issue #806

- Modify sanitize to check for duplicate posts and tags
- Update posts_tags when referencing removed duplicate tags
- Return both data and problems from importData
- Add tests for duplicate posts and tags with fixtures
2014-10-27 18:20:32 -05:00
Felix Rieseberg
c7ad09aace Enable :author as permalink option
Closes #3858
- urlPathForPost is now aware of the author’s slug, allowing for the
permalink setting to use :author
- Frontend controller only renders posts that have the specified
author, if one is given
- Extensive tests included
2014-10-25 18:15:24 -07:00
cobbspur
5aac6d6d69 Escapes strings
closes #4328

- Escapes metaTitle, metaDescription, blog url, blog title, tags
- Updates tests
- Adds test for metaTitle and metaDescription with double quotes
2014-10-24 19:22:37 +02:00
Leonard Camacho
a6a02f31ad Fix no show of default Twitter card
No issue
- change default Twitter card from content to summary
2014-10-22 20:49:06 -04:30
Jilles Soeters
090dc297eb Set link[prev/next] tag to https if urlSSL is set
The <link> tag for next/previous in the head doesn't update when the normal URL and the urlSSL change. This fixes that bug.

Fixes #4266
2014-10-17 20:27:01 +01:00
cobbspur
23e98aa8dc Adds twitter cards and schema.org to {{ghost_head}}
closes #3900

- Adds twitter cards to ghost head helper
- Adds schema json information
- Adds test with null values for post image and cover image
- Adds test for privacy flag
- Adds test for the case of no tags
- Updates test to check for twitter card and schema data
- Updates privacy.md
- Fixes issue with image urls that are linked by url rather than uploaded
2014-10-17 17:26:14 +02:00
Hannah Wolfe
d44a97405b Merge pull request #4220 from felixrieseberg/iss4211
Shorter user slugs (if possible)
2014-10-16 21:23:50 +03:00
Hannah Wolfe
2c6d43a0c0 Refactor helpers & tests into individual files
no issue

- Split theme helpers into individual files for each
- Do the same for tests
- Have utils to share some things between them
- Move assetHash onto config
2014-10-14 22:52:40 +02:00
Matt Enlow
f518782c3c Merge pull request #4269 from javorszky/iss4189
Abstracting away the deprecatedItems
2014-10-13 09:28:14 -06:00
Felix Rieseberg
7bb38f8c7b Accept Invitation: Generate Slug from Name
No issue, but ref #4211
2014-10-13 08:35:08 -04:00
Gabor Javorszky
938b098329 Abstracting away the deprecatedItems
Closes #4189

* moved `deprecatedItems` from within the function to the default config object
* addes tests
2014-10-12 23:04:39 +01:00
cobbspur
487297ff81 Added open graph tags for ghost head helper
issue #3900
- uses isPrivacyDisabled helper to see if useStructuredData has been disabled in config.js
- adds an array of promises to deal with asynchronous data
- resolves asynchronous data then adds open graph tags after canonical link
- featured image and tags are only added if present
- open graph tags only added on post and page
- adds unit test to check correct data is returned
- updates other unit tests to reflect changes
2014-10-08 15:57:49 +01:00
Jason Williams
696fbaaee4 Follow symlinks when resolving theme paths.
Closes #4225
- If a theme is symlinked in the themes directory, follow
  the symlink so that the theme object is populated correctly.
- Only do the fallback loading of theme data in the validations
  module if it doesn't exist in config.
2014-10-02 13:37:18 +00:00
Felix Rieseberg
0025f3d6de Shorter user slugs (if possible)
Closes #4211
2014-10-01 23:27:21 +02:00
John O'Nolan
12f92cd027 Merge pull request #4210 from JohnONolan/fix-copy
[WIP] Fixed email copy grammatical errors
2014-09-30 20:26:11 +02:00
Hannah Wolfe
4e58198381 Merge pull request #4188 from halfdan/1891-move
Abstract the allowed file types out of API
2014-09-29 21:31:22 +01:00
John O'Nolan
71f4b40b2e Fixed email copy grammatical errors 2014-09-29 16:04:02 +02:00
Fabian Becker
72b0a48483 Fix DB API
no ref
- Use correct error type
2014-09-28 19:38:41 +00:00
Fabian Becker
55293d0d1e Abstract the allowed file types out of API
closes #1891
- Moves contentType and extension check to config
2014-09-26 13:31:23 +00:00
Fabian Becker
1d1f24d3d4 Properly server shared files
refs #3992
- Don't use path.join for URLs
- Cache robots.txt for 1h instead of 1y
2014-09-25 14:14:20 +02:00
Hannah Wolfe
e5e7488d4d Fix cache-control header for API routes
closes #4157

- adds cache-control header back to api routes
- moves cache rules object into testUtils
- adds cache-control header test to every existing API test
2014-09-25 11:06:28 +01:00
Jason Williams
485c296c29 Merge pull request #4127 from ErisDS/msg-update
Updating messages to use errors module
2014-09-23 14:48:40 -05:00
Hannah Wolfe
0f6649cc1d Updating messages to use errors module
no issue

- only updated the messages that are errors or warnings
- changed the structure of the messages to follow the 3-arg format
2014-09-23 19:55:07 +01:00
Hannah Wolfe
d1abc6c0f2 Merge pull request #3962 from halfdan/2249-is-context
Implements is-helper
2014-09-23 17:05:13 +01:00
Hannah Wolfe
792e748e2f Merge pull request #4093 from halfdan/update-helpers
Update meta_* helpers.
2014-09-23 15:28:24 +01:00
Fabian Becker
801c5248c2 Update meta_* helpers.
no ref
- Return meta_description from post.meta_description if set
- Return meta_title either from post.title or post.meta_title if set
- Adds tests
2014-09-23 14:06:52 +02:00
Fabian Becker
aa5cf6ed3b Implements is-helper
closes #2249
- Added context to res.locals
- Added context aware is helper
- Added unit tests
2014-09-23 11:31:16 +02:00
Gabor Javorszky
1f5a378b4c Deprecated mail.fromaddress, mail.from is Title <email@address>
Closes #4018

* cleaned up `mail_spec.js`
* deprecated `mail.fromaddress`
* implemented 'Blog title <email@address.com>' format with fallbacks
* added tests to deprecation and from address, made existing ones more robust
* moved domain intuit into its own module: `GhostMailer.getDomain()`
2014-09-23 09:33:20 +01:00
Gabor Javorszky
b3820fbb31 More robust deprecation check code
Closes #4082
* reformatted code to allow for traversal
* deeper config items should be denoted like this: `object.object.object.property`.
* added tests for testing the deprecation warnings
2014-09-23 09:33:20 +01:00
Jason Williams
410dc39f3e Add checks for packages and contentPath to startup
Refs #3864
- Make sure that require() is able to resolve all dependencies
  listed in package.json.  If packages are missing halt the
  bootstrap process and display an error and help message for user.
- Check that contentPath and its subdirectories exist with the correct
  permissions.
- Check sqlite3 database file is set for read/write access.
2014-09-22 21:27:34 +00:00
Hannah Wolfe
9f7d008f47 Merge pull request #4074 from halfdan/4069-rename
Naming cleanup
2014-09-22 22:21:46 +01:00
Fabian Becker
2c3abeee03 Naming cleanup
closes #4069
- Rename everything from camelCase to lowercase + dashes
- Remove usage of `server`, `app` and `instance`
2014-09-20 21:09:16 +02:00
Fabian Becker
b7be4adede Change HTML email link to hide token
closes #3305
- Hide token in HTML email
2014-09-20 11:08:27 +00:00
Hannah Wolfe
a3093b9b42 Merge pull request #4075 from jaswilli/morgan
Adjust morgan call to avoid deprecation warning
2014-09-19 20:39:05 +01:00
Fabian Becker
3e6d11e8fa Fix ghost-ui reference
fixes #4072
- Correct reference to ghost.min.css
2014-09-19 18:31:21 +00:00
Jason Williams
12957b1918 Adjust morgan call to avoid deprecation warning
No Issue
- Change the invocation of the morgan logging package to
  conform to the new function signature introduced in
  morgan 1.2.0.
2014-09-19 16:31:22 +00:00
Hannah Wolfe
5cdb6510ae Merge pull request #4065 from jaswilli/transition
Prevent transition to signup on invalid invitation
2014-09-19 17:17:13 +01:00
Hannah Wolfe
cb9d9b748a Merge pull request #4062 from halfdan/4059-skip-not-found
Ignore unknown setting keys on import
2014-09-19 16:54:35 +01:00
Fabian Becker
0efb449103 Delay updateCheck to +24h on error
fixes #4036
- delay update check by 24h when an error happens
- set connection timeout to 10 seconds
2014-09-19 17:10:30 +02:00
Fabian Becker
9394fad6aa Have /ghost use its own express instance
closes #1961
- Refactor admin to use its own express instance
- Refactor middlewares to work with /ghost mounted admin express instance
2014-09-19 08:57:13 +00:00
Jason Williams
63546be1eb Prevent transition to signup on invalid invitation
Refs #3876
- Prevent signup page from flashing when an invalid invitation
  token is used.
- Clear sensitive information from signup controller.
- Make isInvitation API behavior consistent with other auth
  related APIs.
2014-09-19 04:52:45 +00:00
Matt Enlow
9fb038f8d3 Merge branch 'pr/3876'
* pr/3876:
  Redirect user if signup invitation isn't valid
2014-09-18 19:22:39 -06:00
Felix Rieseberg
b1c1b03015 Redirect user if signup invitation isn't valid
Closes #3565
- Added server API isInvitation (analog to isSetup), checking if an
invitation exists for a given email address.
- If the invitation is no longer valid (or didn’t exist in the first
place), the user is redirected and an error notification is shown.
2014-09-18 19:11:40 -06:00
Matt Enlow
a4de40abc6 Merge pull request #3976 from halfdan/1889-generate-slug
Cleanup reserved words in generateSlug
2014-09-18 18:54:48 -06:00
Matt Enlow
a5f4fca7b2 Merge pull request #3992 from halfdan/favicon
Let Ghost serve favicon instead of using dependency
2014-09-18 18:40:22 -06:00
Fabian Becker
4cc1f509ac Ignore unknown setting keys on import
fixes #4059
- Ignore NotFound setting keys
2014-09-18 12:48:18 +00:00
Fabian Becker
c9b0df752f Cleanup reserved words in generateSlug
closes #1889
- Adds a new filter for slugs
- Move slugs to config.slugs
2014-09-18 13:56:51 +02:00
Fabian Becker
f2fcb5b62b Let Ghost serve favicon instead of using dependency
no ref
- Remove static-favicon dependency
- Refactor robots.txt middleware to also serve favicon
- Add ETag
2014-09-18 13:51:41 +02:00
Hannah Wolfe
aad595de7d Updating express to 4.9.2 & related packages
ref #3795

- express updated to 4.9.2
- express 4.9.0 introduced res.sendStatus() to replace res.status().end()
- we no longer need express-session, connect or cookie-parser
- body-parser, busboy, compression, express-hbs, morgan, all bumped to
  latest versions as well - there doesn't seem to be any breaking changes
2014-09-18 11:50:28 +01:00
Harry Wolff
469aaa398c Add jscs task to grunt file and clean up files to adhere to jscs rules.
resolves #1920

- updates all files to conform to style settings.
2014-09-17 21:44:29 -04:00
Harry Wolff
457f360765 Updates image upload directories to be number based.
resolves #2285

- Moves to using moment.format('MM') to use the date formatting of a month
2014-09-16 13:23:29 -04:00
Paul Davis
fcab1a961b Merge pull request #4033 from halfdan/getting-typos
Fix Markdown help modal table positioning
2014-09-16 16:36:53 +01:00
Hannah Wolfe
b7fdf7d872 Merge pull request #3947 from hswolff/goodbye-config-theme
Removes config.theme and restructures how theme variables are cached
2014-09-15 21:30:44 +01:00
Hannah Wolfe
aa0d9fda46 Merge pull request #4025 from mvalipour/master
URL replacement in RSS feed mucks with content
2014-09-15 20:35:18 +01:00
Jason Williams
d93bf82795 Merge pull request #4005 from ErisDS/dbhash-first-run
Fixes the first run messages
2014-09-15 08:28:06 -05:00
Hannah Wolfe
b890f31d98 Fixes the first run messages
no issue

- Whilst testing the mail PR #3915 I noticed the first run messages aren't
  appearing because the dbHash is getting pre-populated, but there doesn't
  appear to be a reason why this is necessary
2014-09-15 09:49:25 +01:00
Fabian Becker
7830d68000 Fix Markdown help modal table positioning
no ref
- Fix top spacing of markdown table
- Fix width of table and left align table head
- Fix grammar, whitespace in getting-started post
2014-09-15 09:56:54 +02:00
Hannah Wolfe
7b71d0cbc2 Merge pull request #3948 from hswolff/refactor-storage-module
Moves storage module to use prototypes for inheritance and structure.
2014-09-14 11:16:01 +01:00
Mo Valipour
98d0954e32 Fix URL replacement in RSS feed mucking with content
closes #3983
- removed naive regex implementation
- added cheerio to project dependencies
- used cheerio to parse RSS content
- use attribute getter/setter to replace href/src attribute urls with the resolved version
2014-09-13 18:11:07 +01:00
Hannah Wolfe
5faeb2996b Merge pull request #3874 from morficus/issue-3241
adding config flags to control all items mentioned in PRIVACY.md
2014-09-13 17:23:56 +01:00
Maurice Williams
3583515e44 adding config flags to control all items mentioned in PRIVACY.md
closes #3241
- in config.js, the `privacy` attribute holds all privacy-related flags
- `privacy.userTinfoil: true` disables everything (equivalent to setting all flags to false)
- added helper function to core/server/config/index.js to checking privacy flags
- added helper function to core/server/config/index.js to show warning about deprecated items
2014-09-13 12:04:01 -04:00
Harry Wolff
66845def85 Moves storage module to use prototypes for inheritance and structure.
addresses #2852

- Moves storage modules to use prototypes and to create prototypes
that inherit from the base storage ctor.

- Makes storage/base conform to an all Promise interface.
2014-09-12 21:41:29 -04:00
Hannah Wolfe
07eaaae8bf Merge pull request #3915 from javorszky/iss1538b
Replaces sendmail with direct
2014-09-11 20:47:18 +01:00
Fabian Becker
c684ee5b38 Delete revoked tokens
closes #3758
- new API method to delete access and refresh token
- use new ember-simple-auth config to revoke tokens on logout
- new method to delete tokens by .. token
2014-09-10 20:19:52 +02:00
Hannah Wolfe
a21ce4dd55 Merge pull request #3990 from halfdan/handle-addrinuse
Handle EADDRINUSE
2014-09-09 19:16:03 +01:00
Fabian Becker
5430e72753 Handle EADDRINUSE
no ref
- Show a human readable message on EADDRINUSE
2014-09-09 20:05:11 +02:00
Hannah Wolfe
2aff9ed8eb Force apps flag to be boolean in config API
ref #3969

- it shouldn't be possible to set keys via this flag
2014-09-09 08:40:38 +01:00
Gabor Javorszky
187c486b2f Replaces sendmail with direct
Closes #1538
* rips out sendmail
* adds direct
* updates nodemailer to 0.7.1
* changes unit tests for mail
* changed integration tests for mail
* adds mail api tests
2014-09-08 20:52:10 +01:00
Matt Enlow
9c0b203dce Merge pull request #3867 from hswolff/middleware-work
Makes the Ghost application more express middleware friendly.
2014-09-08 13:43:48 -06:00
Hannah Wolfe
805f45900e Merge pull request #3902 from Chrisui/custom-tag-templates
Custom template files for custom tags
2014-09-08 20:14:48 +01:00
Chris Pearce
97946cbc14 Ability to create custom template files for custom tags. Eg. tag-design.hbs 2014-09-05 17:35:30 +01:00
Thai Phan
76f7412a75 Stop packagePath variable from being undefined 2014-09-05 22:52:24 +10:00
Jason Williams
c5b1319936 Merge pull request #3852 from ErisDS/issue-1967
Add the new body classes
2014-09-03 10:13:06 -05:00
Harry Wolff
2bb1b14ebd Removes config.theme and restructures how theme variables are cached
resolves #1789

- removes config/theme.js
- moves caching of theme variables to api/settings.js which is where the
rest of the settings cache occurs.  this removes the requirement of having
to push changes to cache, now it simply occurs alongside when settings
are changed.
- updates relevant tests.
2014-09-02 23:15:15 -04:00
Hannah Wolfe
e0924f866a Merge pull request #3912 from halfdan/3909-config-api
Remove permissions from configuration API
2014-09-02 20:29:09 +01:00
Fabian Becker
c0adf5894f Remove permissions from configuration API
closes #3909
- Remove permissions from configuration API
- Remove permission setup from integration test
- Remove permissions from permissions.json
2014-09-02 15:48:32 +00:00
Fabian Becker
33a6b3d6a6 Add alternative names for pg
refs #3864
- map alternative valid pg names to pg
2014-09-01 21:29:12 +00:00
Hannah Wolfe
17f5ce6a2c Merge pull request #3888 from felixrieseberg/iss3884-content
Return leading image for {{content words="0"}}
2014-09-01 20:13:32 +01:00
Fabian Becker
5ab8c661ec Fix regex from #3898
refs #3898
2014-09-01 15:39:53 +02:00
Sebastian Gierlinger
57b5f4da00 Merge pull request #3841 from halfdan/3619-configuration-api
Implements new Configuration API
2014-09-01 15:15:05 +02:00
Fabian Becker
a0b7941439 Restrict uncapitalise middleware for API
no ref
- Do not lowercase anything after /api/v0.1/<resource>/ to protect :key/:slug
2014-09-01 12:38:06 +00:00
Fabian Becker
688b3914e4 Implements new Configuration API
closes #3619
- adds new permissions for configuration API
- adds integration tests
- adds configuration API for reading allowed values
2014-08-31 20:54:17 +00:00
Hannah Wolfe
2a843c309e Adding Grunt tasks for Sass 2014-08-31 14:16:58 +01:00
Harry Wolff
4951f267f9 Remove shim files that were created to address #1873.
refs #1873

- Removes all shim files.
2014-08-29 17:39:54 -04:00
Harry Wolff
8bc6a6e633 Makes the Ghost application more express middleware friendly.
refs #827

- Moves ./index to use Ghost in a similar manner to how someone uses
Ghost as an npm module.
- Allows Ghost to be cleanly mounted on another express application
on any arbitrary endpoint, all you need to customize is the mount path.
2014-08-29 17:30:16 -04:00
Hannah Wolfe
1ed286d09e Merge pull request #3866 from hswolff/config-updates
Move config module to be instance based and merge bootstrap into config.
2014-08-29 21:35:56 +01:00
Felix Rieseberg
1b203dc42a Return leading image for {{content words="0"}}
Closes #3884
- This PR includes a reimplementation of Downsize@0.0.5 with `words: "0"`. It uses the same parsing methods, therefore guarunteeing identical behavior.
- Tests have been updated to be more extensive.
2014-08-28 09:51:00 -07:00
Jason Williams
35e2387541 Run import run operations in order.
Closes #1977, Refs #3473
- Ensure that import operations are run in sequence.
  Previously the operations were started in order but subsequent
  ops were allowed to begin before the previous finished, which would
  result in out-of-order execution.
- Fix bug in attach() where a model property was being passed in
  instead of a transaction object.  If the call was made when a
  transaction was in process, it could cause bookshelf/knex to
  hang and never finish the transaction.
2014-08-28 00:21:13 +00:00
Hannah Wolfe
25ad4b39fd Uncapitalise middleware should not affect tokens
no issue

- Whilst testing on next, I noticed trying to signup didn't prepopulate email addresses any more, and this is why
2014-08-26 22:30:33 +01:00
Hannah Wolfe
93e4cfdadf Merge pull request #3855 from felixrieseberg/iss3844-importer
Importer: Sanitize UUIDs
2014-08-26 16:51:49 +01:00
Sebastian Gierlinger
cab8254539 Merge pull request #3860 from ErisDS/issue-3857
Redirect uppercase routes to lowercase version
2014-08-26 12:19:52 +02:00
Sebastian Gierlinger
bb9eee9b4c Merge pull request #3865 from ErisDS/issue-3750
Delete tokens before deleting a user
2014-08-26 12:16:49 +02:00
Hannah Wolfe
5856cdd67e Merge pull request #3861 from cobbspur/metas
Added correct contextual Meta Titles and Descriptions
2014-08-24 18:58:23 +01:00
Felix Rieseberg
6fe93f6a50 Importer: Sanitize UUIDs
Closes #3844
- Before importing, all data is checked for incorrect UUIDs. If check
fails, data is sanitized and outfitted with correct UUIDS.
- Scaffolding allows for easy implementation of additional
sanitization, should that be required in the future.
- Test included, old tests updated.
2014-08-23 18:02:23 -07:00
Harry Wolff
583c7970d9 Move config module to be instance based and merge bootstrap into config.
helps with #827, otherwise no issue

- This is general code clean-up and unification.
- Merges code from bootstrap.js into config module as they were both
concerned with managing the config file and as such should be in one
location.
- Updates all relevant tests.
2014-08-23 15:54:43 -04:00
Hannah Wolfe
74c6a341be Delete tokens before deleting a user
fixes #3750

- Updated tests to create tokens for one user. This caused the tests to
  fail for MySQL exposing the bug.
- Delete user's tokens along with posts
2014-08-23 20:13:17 +01:00
Jason Williams
07ad400ee0 Replace the when promise library with bluebird.
Closes #968
2014-08-23 17:15:40 +00:00
Hannah Wolfe
6a52fc8ace Redirect uppercase routes to lowercase version
fixes #3857

- adds uncapitalise middleware which detects uppercase in req.path and
  redirects to the lowercase equivalent
- change the ghost route to a regex, just so it's consistent with other
  routes in the file
2014-08-23 17:59:58 +01:00
cobbspur
8604601027 Added correct contextual Meta Titles and Descriptions
closes #2462

- adds conditionals for pagination for index, tags and author pages
- outputs correct meta title and description according to context
- adds further unit testing
2014-08-23 17:42:05 +01:00
Hannah Wolfe
2800671bbd Add the new body classes
closes #1967

- adds paged to eventually replace archive-template
- adds page-template to eventually replace page
- changes custom page template class to be page-slug instead of
  page-template-slug
2014-08-22 10:33:35 +01:00
Josh Vanderwillik
1438278ce4 Extract starting functionality into an exported class
closes #3789
- Create a GhostServer class to manage state
- index.js now calls start on the exported server
- Alter tests to expect a GhostServer instance
2014-08-21 17:04:39 -04:00
Hannah Wolfe
3a1839dfa3 Merge pull request #3817 from felixrieseberg/iss685
Prev & Next Links for Ghost_Head
2014-08-20 20:59:55 +01:00
Felix Rieseberg
15e4dd1e9f Pre & Next Links for Ghost_Head
closes #685
- Now that we have a ‘pagination’ meta object, we can implement
SEO-friendly `next` and `prev` ref links in `<head>`.
- This implementation works uniformly for anything that supports
pagination in the current schema (posts, tags, authors)
- Regex should make the implementation future-proof for additional
pagination
2014-08-20 12:28:21 -07:00
Jason Williams
e03d503add Ignore tables with pg_ prefix in pg getTables.
Closes #3825
- Fixes an issue where a PostgreSQL extension may create
  a public table and it gets caught up in the migration process.
2014-08-20 14:20:18 +00:00
Sebastian Gierlinger
f0da28abb3 Fix broken status code
closes #3779
- added custom error classes for OAuth errors (bug was caused by
oauth2orize error classes)
- added basic tests for `/authentication/token` endpoints
2014-08-20 11:28:55 +02:00
Hannah Wolfe
f2aefd257e Removing remaining references to Polyglot
refs #3802
2014-08-19 16:36:26 +01:00
Hannah Wolfe
e6bb7c4443 Merge pull request #3802 from ErisDS/i18n
Removing prototypal i18n code
2014-08-19 15:25:40 +01:00
Hannah Wolfe
09383dc181 Merge pull request #3777 from hswolff/lazy-models
Move Models module to have an init method that sets up all models
2014-08-19 15:24:55 +01:00
Felix Rieseberg
02f11fad31 Center default user-error (404, etc.)
See #3810
- Only thing missing: <div id=“container”></div>. Added.
2014-08-18 16:45:03 -04:00
Harry Wolff
5ff2a31ce1 Move Models module to have an init method that sets up all models
resolves #2170

- creates a models.init() function that requires all other model files
and caches them.  This is opposed to the previous functionality where
when you require('./models') it would immediately require all other models.
Now it's done when you want.

- Updates all tests to reflect the new structure of the model module
2014-08-18 15:54:10 -04:00
John O'Nolan
c4b87bbfeb Content management cleanup 2014-08-17 15:01:35 +03:00
John O'Nolan
5f0bca1166 Disable Pinterest inside Ghost admin 2014-08-17 14:58:03 +03:00
Hannah Wolfe
b91dee35c4 Removing prototypal i18n code
refs #16, #17, #18, #19, #20, #21, #3801

- This code was a prototype system built when Ghost was still a prototype.
  It was never fully implemented and hasn't actually worked for ages.
- Now that the admin is in Ember, it's likely we'll need a very different
  system.
2014-08-16 17:29:54 +01:00
Hannah Wolfe
9b7be32c0c Merge pull request #3775 from felixrieseberg/iss3765
Ensure Owner's role isn't downgraded
2014-08-16 17:07:41 +01:00
Felix Rieseberg
47ba9a7385 Ensure Owner's role isn't downgraded
closes #3765
- Simple API check to ensure that the owner isn’t downgraded to a
different role (analog to the ’can’t change your own role’ check)
- Test added to ensure Owner can't be downgraded to a lower role
2014-08-15 17:44:30 -04:00
Hannah Wolfe
7f4231c83d Merge pull request #3791 from ErisDS/issue-3790
Display correct new Ghost version
2014-08-15 18:34:03 +01:00
Hannah Wolfe
260d9562e4 Merge pull request #3670 from felixrieseberg/iss3641
Validation fix for number of posts/page
2014-08-15 18:27:14 +01:00
Hannah Wolfe
52d0a83dc2 Display correct new Ghost version
closes #3790
2014-08-15 18:23:55 +01:00
Jilles Soeters
6249d28a92 Added target="_blank" to all links that go to the support page. 2014-08-15 16:46:24 +02:00
Jilles Soeters
ecdf5cec21 Open the e-mail sending support page in a new window. 2014-08-15 16:20:52 +02:00
Felix Rieseberg
f19c2be6fe Validation fix for number of posts/page
closes #3641
- Reworded error messages, remove “please” (credits go to @YouriAckx)
2014-08-13 12:08:09 -07:00
Hannah Wolfe
2aed220e9e Merge pull request #3647 from felixrieseberg/iss3644
Accept all versions of 'edit' as URL parameter
2014-08-13 18:22:18 +01:00
Hannah Wolfe
c500b41536 Filestorage helper returns string true if config is object
no issue

- else admin client gets [object Object] which is weird Please enter the commit message for your changes. Lines starting
2014-08-11 11:50:44 +01:00
Hannah Wolfe
5381db37cd Fix for bug where owner user has name owner
no issue

- in the case that the role is not being assigned, the code assumes it doesn't get a role..
2014-08-11 10:51:14 +01:00
Jason Williams
8fb3cddcf6 Update express and body-parser dependencies.
No Issue
- Upgrade to versions of these packages that use qs >= 1.0.0.
2014-08-11 05:20:31 +00:00
Hannah Wolfe
988ca127b6 Updating docs links to point to support.ghost.org 2014-08-10 23:17:40 +01:00
Sebastian Gierlinger
85a1902294 Merge pull request #3735 from ErisDS/cache-invalidation
Adding author pages to cache invalidation
2014-08-10 22:01:19 +02:00
Sebastian Gierlinger
d167bb4ff4 Merge pull request #3731 from ErisDS/issue-3724
Expose blog URL to client app
2014-08-10 20:51:45 +02:00
Hannah Wolfe
d556f4723e Adding author pages to cache invalidation 2014-08-10 19:32:46 +01:00
Hannah Wolfe
32d72d5daa Expose blog URL to client app
fixes #3724

 - provide config.url to the ember client app via a data attribute
 - create server and client side helpers to output the URL
 - wire up the client side helper
 - add a class for testing, and add tests for both the server and client side
2014-08-10 18:49:37 +01:00
Hannah Wolfe
c12b92582c Merge pull request #3722 from hswolff/rss-atom-url
Fix rss content's url to the RSS feed
2014-08-10 16:01:54 +01:00
Hannah Wolfe
2d2e61676d MU Importer - Assign objects correctly
fixes #3716

- change the importer to not override any user details
- only set published_by if it is not already set
- import users before anything else
- process the import and map user ids to existing users
- test fix - owner should have owner role
- test fix - catch invalid success in importer
2014-08-10 14:49:23 +01:00
Harry Wolff
5d70604f9b Fix rss content's url to the RSS feed
fixes #3719

- correctly sets the path to the RSS feed for tags and authors
2014-08-09 23:16:27 -04:00
Hannah Wolfe
2472637321 Merge pull request #3704 from javorszky/iss3649
Sends test email to the person who clicked on the button
2014-08-08 22:54:21 +01:00
Hannah Wolfe
4d4efe26ae Merge pull request #3702 from ErisDS/issue-3694
Switch middleware order to result in proper error
2014-08-08 22:44:30 +01:00
Gabor Javorszky
508f669a49 Sends test email to the person who clicked on the button
Closes #3649

* Small refactor of the api route for email test. We no longer need to look up the email in the settings
* Added a user model lookup based on context to the test email method.
2014-08-08 18:41:14 +01:00
Hannah Wolfe
7d37a829c3 Switch middleware order to result in proper error
fixes #3694

- Split the res.isAdmin check out into it's own thing because we need to detect whether we are in the admin, before everything else
2014-08-08 17:17:07 +01:00
David Balderston
99e77cab3c Removed Username From Initial Blog Description
closes #3631
- Removed the 'by + setupUser.name' from authentication.js
- Removed the 'by Test User' from feed_test.js
- Added a '.' to the end of each per issue comment example
2014-08-08 08:04:46 -07:00
Hannah Wolfe
918a911d3f Merge pull request #3686 from sebgie/issue#3660
Improve error handling for authentication
2014-08-08 14:25:40 +01:00
Sebastian Gierlinger
9e65b47007 Merge pull request #3695 from ErisDS/issue-3657
Don't require protocol for website
2014-08-08 15:24:25 +02:00
Hannah Wolfe
648b503cff Merge pull request #3690 from sebgie/issue#3659
Improve handling of SQLITE_READONLY
2014-08-08 14:18:29 +01:00
Hannah Wolfe
e01046df11 Don't require protocol for website
fixes #3657

- we didn't require this previously, and adding it causes issues
2014-08-08 14:15:49 +01:00
Hannah Wolfe
8d46705dbb Disable user validation and errors on login
fixes #3658

- Catch any errors from user.save() events during login
- Prevent validation from happening at all when only updating status/last_login
- Fixes a problem I introduced with errors which are arrays in logError
2014-08-08 13:12:17 +01:00
Sebastian Gierlinger
9cedd1a2b9 Imporve handling of SQLITE_READONLY
closes #3659
- added alternate context/help for SQLITE_READONY error to
errors.logError()
2014-08-08 11:16:51 +02:00
Sebastian Gierlinger
649a0872ec Improve error handling for authentication
closes #3660
- added wrapping in JSON API format to error500()
- added client side handling
2014-08-08 09:44:24 +02:00
Felix Rieseberg
8453067d70 Accept all versions of 'edit' as URL parameter
closes #3644
2014-08-06 20:07:41 -07:00
Fabian Becker
9915fb1268 Fix revoke user invite and user.destroy
fixes #3630
- Extend user adapter in ember to load users with status: all
- Fix user.destroy by loading all users with status: all
2014-08-06 16:48:18 +00:00
Hannah Wolfe
c95c9b45cb Merge pull request #3621 from sebgie/fix-refresh-token
Fix token refresh
2014-08-06 10:34:20 +01:00
Sebastian Gierlinger
3908dbdf8f Merge pull request #3620 from ErisDS/issue-3589
Cleaner spam prevention error messages
2014-08-06 11:17:29 +02:00
Sebastian Gierlinger
b2e9d21018 Fix token refresh
no issue
- spam prevention causes token refresh to return an error
2014-08-06 11:11:44 +02:00
Hannah Wolfe
e315148cc5 Cleaner spam prevention error messages
closes #3589

- Full error messages appear in stderr
- Clean error messages for user
2014-08-06 10:00:21 +01:00
Sebastian Gierlinger
1219817628 Merge pull request #3613 from ErisDS/update-notification
Improved Update Notification
2014-08-06 10:55:47 +02:00
Waleed Ali
7009d416cb Improve settings error handling
closes #3450
- Added no-permission error handling for settings edit API.
- In Authentication API integration test, updated the initOwnerUser
  function to insert the roles and user_roles for the owner user so the
  owner can edit settings after adding the no-permission error handling. I
  also added the mail send permission to the test since it's used after
  the user edits the settings.
2014-08-06 09:11:50 +01:00
Sebastian Gierlinger
22171fd058 Merge pull request #3611 from ErisDS/author-classes
Adding missing body class for author pages
2014-08-06 09:37:06 +02:00
Hannah Wolfe
03a46a0b24 Improved Update Notification
- adding a version number to the notification
- adding a link to the upgrade docs, to make this process easier.
2014-08-06 08:33:00 +01:00
Hannah Wolfe
9fb34d6b27 Merge pull request #3550 from halfdan/3542-forgotten-user
Properly show message when resetting password.
2014-08-06 02:18:30 +01:00
Hannah Wolfe
9419f9bbe4 Adding missing body class for author pages
closes #3606
2014-08-05 23:38:57 +01:00
Fabian Becker
a2d5105bcc Changing User.read API to default to active users.
refs #3542
- Properly handle forgotten screen (ember)
- Change Users API to only return active users on read
- Adjust tests
2014-08-06 00:30:48 +02:00
Hannah Wolfe
28c20cba5d Merge pull request #3596 from sebgie/issue#3518
Add owner role to setup user
2014-08-05 19:01:06 +01:00
Sebastian Gierlinger
5590628d54 Merge pull request #3600 from ErisDS/author-helper
Fix the author context block
2014-08-05 19:59:53 +02:00
Hannah Wolfe
157cf5c3b9 Fix the author context block
fixes #3599

- If the author helper is called as a block (i.e. fn is present) then
  treat it as a with call
2014-08-05 17:03:13 +01:00
Sebastian Gierlinger
766e6ff944 Add owner role to setup user
closes #3518
- added owner role to user that is added if no user is available
2014-08-05 13:48:10 +02:00
Sebastian Gierlinger
c62d7ba43e Improve spam prevention
closes #3544
- limit forgotten password requests to five requests per IP per hour
for different email addresses
- limit forgotten password requests to five requests per email address
- limit signin requests to ten failed requests per IP per hour
- removed special treatment for tests
2014-08-05 12:58:58 +02:00
Felix Rieseberg
abf251212c Descriptive error if user by mail not found.
closes #3537
- Replaced generic NotFound error with descriptive NotFoundError.
2014-08-01 18:13:33 -07:00
Jason Williams
938b183707 Sanity check page parameter used in findPage
Closes #3510
- Make sure the page parameter is does not overflow the
  integer data type.
- Added tests.
2014-08-01 14:32:38 +00:00
Hannah Wolfe
59953c6610 Merge pull request #3486 from sebgie/issue#3468
Update spam prevention
2014-08-01 00:10:50 +01:00
Sebastian Gierlinger
3792598a31 Update spam prevention
closes #3468
- added rate limit to deny more than 5 attempt every hour
- updated spam prevention to be configurable
- added config values spamTimeout, ratePeriod, rateAttempts
- added ratePeriod:1 to config.example.js to prevent functional tests
from hitting the rate limit
- commented spam test, I’ll fix it tomorrow
2014-08-01 00:58:32 +02:00
Hannah Wolfe
756368721e Update importer for MU
closes #3285

- remove apps stuff for now
- if there is a single user, behave the same as before, overriding
  non-critical properties of the single owner user
- if there are multiple users, import them like normal resource
2014-07-31 23:14:57 +01:00
Hannah Wolfe
a04562b349 Merge pull request #3478 from halfdan/fix-pgsql
Fixing pg build.
2014-07-31 20:55:21 +01:00
Hannah Wolfe
a13f460acb Merge pull request #3485 from jaswilli/migration
Fix naming of export file during migration
2014-07-31 20:55:12 +01:00
Hannah Wolfe
6413337c2f Merge pull request #3425 from jgable/fixImporter
Make importer more robust for tags
2014-07-31 20:52:51 +01:00
Sebastian Gierlinger
c5fbe2def3 Merge pull request #3479 from ErisDS/issue-3079
Complete frontend multi-user features
2014-07-31 18:52:16 +02:00
Jason Williams
8936b82014 Fix naming of export file during migration
No Issue
- The method that generates a filename for the export during
  a migration returns a promise, not the filename directly,
  so the export file was being named [object Object].
2014-07-31 16:22:05 +00:00
Hannah Wolfe
194d45fac6 Merge pull request #3480 from jaswilli/issue-3466
Update user roles in store after owner transfer
2014-07-31 15:39:48 +01:00
Hannah Wolfe
1c3cb1bb6a Merge pull request #3472 from morficus/issue-3401
custom slugging capabilities for individual user pages
2014-07-31 15:36:11 +01:00
Hannah Wolfe
f9ff78475b Complete frontend multi-user features
closes #3076

- author RSS pages
- fixes page_url / pagination helper
- add 'author' option to has helper
- tests for author pages, author rss pages and helpers
2014-07-31 15:33:52 +01:00
Jason Williams
baf9138b27 Update user roles in store after owner transfer
Closes #3466
- Transferring the owner role is now done via a separate
  endpoint and not through Ember-Data.  As a result the
  user role data needs to be updated manually.
- Updated the owner endpoint to return a response body
  containing the updated user objects.
- Updated tests.
2014-07-31 13:41:10 +00:00
Fabian Becker
640f4c2915 Fixing pg build.
refs #2499
- Properly reference pg client
- Fix broken sql queries
2014-07-31 12:52:57 +00:00
Maurice Williams
489cd08d97 custom slugging capabilities for individual user pages
closes #3401
- modifying slug-generator to be more generic
- adding slugging capabilities for /settings/users/:slug
- modified posts to use the updated slug-generator
2014-07-31 08:14:22 -04:00
Hannah Wolfe
eecbdc1693 User edit & add endpoints cleanup
- edit and add endpoints don't assume role
- edit and add endpoints cope with no role, role objects, and strings
- resend user invite was failing at one point due to no role being sent, but this shouldn't be required
- other random api cleanup
2014-07-31 12:37:48 +01:00
Jacob Gable
69b871a754 Make importer more robust for tags
Closes #3242

- Add checks for valid fields in tags and posts
- Add unit test with empty tag export data file
- Add unit test with empty post export data file
2014-07-30 22:33:45 -05:00
Gabor Javorszky
8487dada0b Implement user and related content deletion
Closes #3100

* Introduces `destroyByAuhor`, given a context and an id, it will check if context has permission to delete the user by the id, and then deletes all the content where `author_id` is id, and then deletes the user
* Does multiple checks to make sure user exists
* Added a fixture `posts:mu` that creates 4 users belonging to 4 roles, 50 posts that have authors evenly distributed, 5 tags and all 50 have one tag attached to it, evenly distributed.

Caveats / questions

* Started testing
2014-07-31 03:48:59 +01:00
Hannah Wolfe
5dc457b417 Merge pull request #3443 from halfdan/30850-users-api
Users API advanced browsing
2014-07-30 22:47:55 +01:00
Hannah Wolfe
80cbef8cdb Merge pull request #3461 from halfdan/unhandled-rejection
Fix unhandled exception
2014-07-30 22:31:19 +01:00
Hannah Wolfe
5d3788ffe6 Merge pull request #3457 from sebgie/issue#3426
Transfer ownership end point
2014-07-30 22:26:42 +01:00
Fabian Becker
29ad30bec8 Fix unhandled exception
no ref
- return result of mail.send
2014-07-30 18:45:00 +00:00
Fabian Becker
d4fdb07d9c Users API advanced browsing
closes #3085
- active and invited include multiple statuses when fetching
- adjusted data generator
2014-07-30 16:59:27 +00:00
Sebastian Gierlinger
ded6aa6ac0 Transfer ownership end point
closes #3426
- added transfer ownership endpoint
- added owner to roles.permissible
- manually removed owner from roles.browse
- removed hard coded author role
- fixed tests that were passing due to hard coded author role
- added testUtils.setup(‚roles‘)
2014-07-30 17:40:30 +02:00
Hannah Wolfe
57a5444335 User API ability to filter users by role
refs #3446

- This only covers the API changes needed for #3446
2014-07-30 15:02:25 +01:00
Hannah Wolfe
ecc8c96c03 Merge pull request #3444 from sebgie/fix-invitations
Fix Invitations
2014-07-30 13:40:23 +01:00
Hannah Wolfe
92805d70e1 Merge pull request #3424 from jgable/fixSettings
Fix lazy loading of settings
2014-07-30 13:39:46 +01:00
Hannah Wolfe
4e85ac1c94 Adding new {{title}} helper
closes #3389
2014-07-29 21:45:56 +01:00
Hannah Wolfe
e4134ccad7 Merge pull request #3438 from hswolff/home-template
Add ability to create a 'home.hbs' template file for templates
2014-07-29 17:10:47 +01:00
Hannah Wolfe
68895c70eb Merge pull request #3442 from sebgie/issue#2330
Remove email address from frontend
2014-07-29 17:10:35 +01:00
Jacob Gable
0b34ad84cb Fix lazy loading of settings
Closes #3281

- Add the missing return to populateDefault
- Wrap defaultSetting in [] when passing to readSettingsResult
- Populate default value of dbHash in parseDefaultSettings
- Modify migrations.init to only load databaseVersion for export_spec test
- Fix spacing in test util file and null reference error in test
- Uncomment user tests (but add .skip) and remove settings from testUtils.setup()
2014-07-29 10:43:38 -05:00
Sebastian Gierlinger
83e1ffca1d Fix Invitations
no issue
- added `invited-pending` when resending invitation
- promise chain was missing a return statement
- email error was masked and front end showed success notification
2014-07-29 15:35:48 +02:00
Harry Wolff
fd61b9ff2a Add ability to create a 'home.hbs' template file for templates
issue #3409

- DRYs out the controllers/frontend a little by moving common functinoality
 into its own function
- adds ability to use home.hbs template file if it exists
- adds unit tests for this functionality
2014-07-29 08:14:20 -04:00
Hannah Wolfe
0ffc5e6d47 Improve importer error messaging
closes #3274

- Ensure that validation errors are always handled by moving them into the
  importer
- Ensure that db errors are handled consistently across sqlite and mysql
- Change the errors to be output in a table, with a short failure notification
- Add tests for 003 importing bad files
2014-07-29 12:02:18 +01:00
Paul Adam Davis
503f359aab Add plural handlebars helper
Closes #3414

- Adds a helper which shows a select string deopending on the number of items provided

```
{{plural pagination.total empty='No posts' singular='% post' plural='% posts'}}
```
If `pagination.total` == 0, output 'No Posts'
If `pagination.total` == 1, outputs `1 Post`
If `pagination.total` ==  2 or more, outputs `2 Posts`

Credit to @sebgie for making this work.
2014-07-29 11:40:31 +01:00
Sebastian Gierlinger
d5747430e9 Remove email address from frontend
closes #2330
- added deletion email address from post.author in front end
- updated tests
- with some refactoring this could be done on API level
2014-07-29 11:23:02 +02:00
Maurice Williams
e30e29bf5d Implementing HTML emails
closes #3082
- no more in-line HTML strings
- adding files for "welcome", "reset password", and "invite user" emails
- added mail.generateContent() to create HTML and plain-text email content
- refactored methods that trigger emails to send both HTML and plain-text emails
2014-07-29 00:55:14 -04:00
Hannah Wolfe
9343bccb1f Merge pull request #3437 from morficus/issue-3433
Error when inviting users
2014-07-29 05:36:28 +01:00
Maurice Williams
e15fb9ed57 Error when inviting users
fixes #3433
- passing only the role ID when creating a user
- uncommenting test cases
2014-07-29 00:06:40 -04:00
Sebastian Gierlinger
e1c0c5ce98 Change refresh token expiry
no issue
- acquiring a new access token using a refresh token sets the
expiration time of the refresh token to now + 24 hrs.
- moved all occurrences of ONE_HOUR, ONE_DAY and ONE_YEAR to
`core/server/utils`
2014-07-28 15:19:49 +02:00
Hannah Wolfe
987e9277dc User edit, add & destroy perms restricted by role
closes #3096, closes #3378, refs #3100

- user.permissible updated to reflect proper permissions
- small amount of API refactoring to handle extra cases
- extensive integration testing
2014-07-28 08:32:04 +01:00
Hannah Wolfe
7714dc6ab1 Adding role API tests & fixing browse
refs #3083, refs #3196
2014-07-28 07:22:06 +01:00
Hannah Wolfe
e7dc51dc66 Improving error handling 2014-07-28 06:30:01 +01:00
Hannah Wolfe
4e3b21b7da Permissions Improvements
refs #3083, #3096

In order to implement advanced permissions based on roles for specific
actions, we need to know
what role the current context user has and also what action we are
granting permissions for:
- Permissible gets passed the action type
- Effective permissions keeps the user role and eventually passes it to
  permissible
- Fixed spelling
- Still needs tests
2014-07-28 06:29:59 +01:00
Fabian Becker
1cd2fa59bd Correct meta_title for author pages.
closes #3407
- Output correct meta_title for author pages
- Add test for meta_title for tag and author pages
2014-07-25 19:48:49 +00:00
Hannah Wolfe
85f3c192dd Merge pull request #3386 from felixrieseberg/iss3374
Signin: Proper notification if user not found
2014-07-25 08:48:49 +01:00
John O'Nolan
b6b32ab570 Five posts per page 2014-07-24 17:43:48 +01:00
Felix Rieseberg
0b39df777b Signin: Proper notification if user not found
closes #3374
- If user object is returned but undefined, we'll display a
human-readable
error notification (user model)
- If user object is returned, but the user is inactive or invited (but
not
activated), we'll display a human-readable error notification
2014-07-24 11:34:52 -04:00
Jason Williams
8a2d50b871 Improve handling of users and roles in admin
Closes #3083 Refs #3229
- Populates the dropdown list in the invite user menu with the
  list of roles a user is permitted to create.
- Users API now checks the invite user request for allowed roles.
- Change API response from 200 to 201 on successful invitation.
- Change API response from 500 to 201 when the user was created but
  the email was not sent.  The client will show a warning notification
  when it sees 'invite-pending' as the new user's status.
- Add support for "?status=all" to the /users endpoint.
- Refactor the route and controller for the /settings/users page so
  that there's only one network API call to load users instead of two.
2014-07-24 14:20:47 +00:00
Sebastian Gierlinger
fa054a8eba Fix incorrect error
closes #3373
- added check if role is already assigned
- added check for unknown fields to fixDates/fixBools
- permissions are not implemented yet, so everyone is able to edit
owner ;-)
2014-07-24 10:17:10 +02:00
Sebastian Gierlinger
1eff3d9471 Fix importer bug for IE
closes #3339
- removed check for mime type
2014-07-23 16:53:03 +02:00
Sebastian Gierlinger
17589a1afe Merge pull request #2306 from mscdex/update-busboy 2014-07-23 15:52:41 +02:00
Sebastian Gierlinger
ed39e375a2 Fix author page
no issue
- fixed: author page used config object as function
2014-07-23 09:39:51 +02:00
Hannah Wolfe
337713ce63 Refactor fixture use in tests
no issue

- Refactor all integration tests to specify and load ONLY the fixtures
  they require to run, rather than initialising the whole kit-and-kaboodle
  for every single test which takes FOREVER.
- Refactor the route tests to share a doAuth function, and also specify
  additional fixtures required
- Move import and export unit tests, which are actually integration tests
  (they touch the DB)
- Comment out most of the permissions unit tests for now as they need more
  stubs/mocks so as to not touch the DB

Still todo:

- prevent default DB initialisation in route tests, and specify all
  fixtures requires as per the integration tests
- fix up the unit/permissions_spec
2014-07-23 05:04:50 +01:00
Hannah Wolfe
63efa541bd Merge pull request #3367 from jaswilli/issue-3161
Get Ember Admin ready for production
2014-07-23 04:47:19 +01:00
Harry Wolff
be37070fb6 This aims to speed up both the ghost application and tests by
migration from usage of config() to just an object of config.

no relevant issue

- Change 'loadConfig' task to 'ensureConfig' to more accurately reflect
what it is actually doing.  Its sole purpose is to make sure a `config.js`
 file exists, and as such the name now reflects that purpose.

- Update config/index.js to export the ghostConfig object directly
so that it can be accessed from other modules

- Update all references of config(). to config.
This was a blind global find all and replace, treat it as such.

- Fixes to tests to support new config access method

- Allow each test to still work when invoked invidually
2014-07-22 22:37:44 -04:00
Jason Williams
7ae48f1dd3 Get Ember Admin ready for production
Closes #3161
- Add a config.js file for the client which is used to configure
  Ember.Application during runtime. The correct version of config.js
  is copied into place by grunt via the copy:(dev|prod) task from
  either config-dev.js or config-prod.js.
- Serve minified and production versions of libraries where applicable
  including handlebars-runtime and ember-prod.
- Bundle third party libraries into vendor.min.js.
- Bundle Ghost's Ember app and templates into ghost.min.js
- Remove all fixture data and code from the client.
2014-07-22 22:33:49 +00:00
Jason Williams
739b57e05b Update Users API to handle role objects or ids
Closes #3357
- API method User#edit now handles User objects that have either
  an array of Role ids or objects.
- Fixed error handler notification on upload modal controller.
2014-07-22 05:48:16 +00:00
Hannah Wolfe
dabc780110 Merge pull request #3343 from sebgie/issue#3087
Add edit roles
2014-07-22 01:12:26 +01:00
John O'Nolan
d60382f0f0 Trim version number in RSS feeds 2014-07-21 23:07:21 +02:00
Sebastian Gierlinger
28b03ec87e Add edit roles
refs #3087
- added ability to edit user/roles relation
- user is not allowed assign roles to himself
- only one role per user is supported atm
- added tests
2014-07-21 22:50:43 +02:00
Hannah Wolfe
c0732292ac Merge pull request #3331 from ErisDS/issue-3076
Author pages
2014-07-21 20:57:06 +01:00
Hannah Wolfe
bb70e2b294 Merge pull request #3351 from sebgie/no-inline-script
Remove inline script from default.hbs
2014-07-21 20:55:18 +01:00
Hannah Wolfe
90880469f6 Merge pull request #3337 from morficus/issue-3222
Pagination on the Users Management screen
2014-07-21 20:34:53 +01:00
Hannah Wolfe
0e168574f0 Merge pull request #3311 from javorszky/iss3196
Added /roles/ API endpoint
2014-07-21 20:34:29 +01:00
Maurice Williams
a8ca517c54 Pagination for Users Management screen
closes #3222
- implementing server-side pagination for /users API
- passing /users?limit=none will return all users
- passing /users?status=invited will filter base on user status
- creating 3 mixins (route, controller and view) to keep pagination logic DRY
- updating route, controller and view for Posts to use new mixing
- implementing infinite scrolling for Users Management screen (using new mixins)
- Users Management screen displays all invited users, but paginates active users
2014-07-21 14:03:26 -04:00
Sebastian Gierlinger
05b3606fd3 Remove inline script from default.hbs
no issue
- added config values as data attributes
- removed inline script
- removed current-user.js
2014-07-21 20:00:54 +02:00
Hannah Wolfe
88743d03c4 Merge pull request #3340 from sebgie/issue#3339
Fix file validation for importer
2014-07-21 16:00:30 +01:00
Gabor Javorszky
80f9023020 Added /roles/ API endpoint
Closes #3196

* adds `/roles/` endpoint
* is given the current user as context
* wraps everything in a canthis.browse.role
* gets all the available roles (should "Owner" be filtered out?)
* optional parameter: `permission=assign`. Gets all roles authenticated user could assign
* if we're not signed in, gives a "please sign in" (standard) error
* if we're signed in, but user is not in the context, gives a "there was no user in the context" error
* if the user is an "Author", gives a "there are no available roles to assign" error
* implemented hacky filter because when.js produces heisenbugs past 3.2.3 (when.filter not available)
* added extra fixtures to `permissions.json`. Might need a migration.

Caveats:

* there are no tests
* for some reason the setup functional test was failing for me locally
2014-07-21 15:02:25 +01:00
Hannah Wolfe
44cfcb6b01 Caching db config in migration utils 2014-07-21 13:25:53 +01:00
Sebastian Gierlinger
772d81849e Fix file validation for importer
refs #3339
- wrong call to file validation
- refs the issue because I get application/json on OSX? Is this
something Windows specific?
2014-07-20 23:07:17 +02:00
Hannah Wolfe
c2f0fd54da Merge pull request #3326 from ErisDS/issue-3309
Adding helper for invite status
2014-07-20 19:11:05 +01:00
Hannah Wolfe
4fb3b53653 Merge pull request #3334 from JohnONolan/BIGGER
Larger default gravatar images
2014-07-20 18:03:23 +01:00
Hannah Wolfe
b7aa09f439 Author helpers
closes #3077

- expend urlFor to handle /author/ urls
- update author helper to output a link
2014-07-20 17:57:59 +01:00
John O'Nolan
d10771b711 Larger default gravatar images 2014-07-20 18:50:07 +02:00
Hannah Wolfe
2d01e15a18 Author pages
refs #3076

- This is a first draft implementation, just to make it work so that we can get casper working
2014-07-20 17:49:19 +01:00
Hannah Wolfe
9575b25711 switched parent_id for parent
fixes #3333
2014-07-20 16:39:56 +01:00
Hannah Wolfe
27f980bd42 Removing console.log 2014-07-20 13:35:39 +01:00
Hannah Wolfe
5a6af020c5 Model & test cleanup 2014-07-20 09:34:30 +01:00
Hannah Wolfe
ab90c40e4e Adding helper for invite status
closes #3309, refs #3229

- adds different message depending on status
- doesn't delete the new user if the problem was an email error
- filters the 2 lists based on all statuses
2014-07-20 09:23:57 +01:00
Hannah Wolfe
82742fc233 Export 003
closes #3284

- ensure token tables aren't exported
- cleanup filename
- failed export throws internal server error
2014-07-19 22:38:21 +01:00
Hannah Wolfe
43b91f281d Merge pull request #3322 from jaswilli/check-setup
Check setup status when making API responses
2014-07-19 00:36:12 +01:00
Hannah Wolfe
c9b24b0a9b Merge pull request #3321 from ErisDS/issue-2600-fin
Wrap up schema amends for 003
2014-07-19 00:19:14 +01:00
Hannah Wolfe
67de186893 Merge pull request #3319 from ErisDS/issue-3275
Extending context concept to models
2014-07-19 00:13:19 +01:00
Jason Williams
7d3139d093 Check setup status when making API responses
Closes #3303, Closes #3299
- Check whether or not setup has been completed when deciding
  how to respond to certain API requests.
- Add tests.
2014-07-18 22:28:28 +00:00
Hannah Wolfe
8fc1b03ea7 Wrap up schema amends for 003
closes #2600

- adds 2 new columns to tags, for the soon-to-land tag management UI
- fixes validation for the active bool in app_fields
- adds missing return to addColumn command
- cleanup in addTableColumn util
2014-07-18 19:33:36 +01:00
Hannah Wolfe
6e48275160 Extending context concept to models
fixes #3275, fixes #3290, ref #3086, ref #3084

- Ensure that we use the current logged in user and not just user 1 when
- removing hard coded user: 1 except where absolutely necessary
- passing context, rather than user to models
- base model has a new function to determine what id to use for created_by etc
2014-07-18 15:32:56 +01:00
Fabian Becker
5cd5f8cca9 Schema changes for Apps
refs #2465
- Add active field to app_fields
- Adjust data generator for app fields
2014-07-18 12:39:14 +00:00
Sebastian Gierlinger
62c1ce128e Fix editing author
no issue
- author_id is converted to author for API responses but was never
converted back for requests
2014-07-18 10:48:48 +02:00
Hannah Wolfe
48cbf371a2 Merge pull request #3313 from ErisDS/improve-fixtures
FORCE_MIGRATION ensures fixtures are added
2014-07-17 18:21:44 +01:00
Hannah Wolfe
487844122d Merge pull request #3312 from ErisDS/issue-2739-2
Wire permmissions for notifications, mail and tags
2014-07-17 18:04:38 +01:00
Hannah Wolfe
cfaa6f058a Wire permmissions for notifications, mail and tags
closes #2739

- wraps the api endpoints for mail, notifications, and tags in a canThis
  check
- add internal context to internal calls
- updates tests
2014-07-17 16:44:09 +01:00
Hannah Wolfe
efa7665124 Merge pull request #3310 from sebgie/issue#3128-2
Fix tests failing because of spam protection
2014-07-17 16:41:31 +01:00
Hannah Wolfe
b46aa2b576 FORCE_MIGRATION ensures fixtures are added
refs #2600, refs #3296
2014-07-17 13:54:03 +01:00
Sebastian Gierlinger
ab456638c1 Fix tests failing because of spam protection
closes #3128 (now really)
- added express variable disableLoginLimiter
- added disableLoginLimiter to all tests that use Ghost as module and
do authentication
- fixed isSetup not working for status other than active
- removed ‚Ensure a User is Registered‘ test as this is covered by the
new setup test
2014-07-17 14:22:32 +02:00
Sebastian Gierlinger
42f461cb6d Restored spam prevention
closes #3128
- added spam prevention middleware
- restored tests
2014-07-17 14:22:07 +02:00
Hannah Wolfe
ce06ad412a Adding and renaming permissions
refs #3283, refs #2739, refs #3096

- Renames permissions which didn't follow bread
- Adds permissions for notifications, mail and tags

Still todo:

- wire up the new permissions where they are needed
- add permissions for roles
2014-07-17 12:32:25 +01:00
Hannah Wolfe
5c1a7a7349 Revert "Restore spam prevention" 2014-07-17 12:11:23 +01:00
Hannah Wolfe
7ce22416c6 Merge pull request #3296 from ErisDS/force-migrate
Hacky FORCE_MIGRATION env var
2014-07-16 20:03:03 +01:00
Hannah Wolfe
ef8c280635 Merge pull request #3282 from sebgie/issue#3128
Restore spam prevention
2014-07-16 19:39:32 +01:00
Hannah Wolfe
eed2ac728c Hacky FORCE_MIGRATION env var
refs #2600

One day in the future it would be nice to have a CLI for Ghost
In the meantime, lets have an easy way to force migrations to run
This is for development, or dead end situations only
It will at least do a DB backup ;)
2014-07-16 19:20:26 +01:00
Jason Williams
979c3f237c Prevent loading setup screen if already setup
Closes #3145
- Prevent navigation to the setup screen if Ghost setup
  has previously been completed.
- Fix templates that were incorrectly using foreach instead of each.
- Add validation for minimum password length.
- Fix up functional tests and split out tests for setup to a separate
  instance of casper because setup requires a new database.
- Add a cleanDatabase task to grunt which resets the database to
  new.
2014-07-16 15:54:42 +00:00
Sebastian Gierlinger
e4e027d17b Restored spam prevention
closes #3128
- added spam prevention middleware
- restored tests
2014-07-16 10:00:49 +02:00
Hannah Wolfe
34a0c42834 Merge pull request #3276 from sebgie/issue#3252
Move image upload to API
2014-07-15 18:09:32 +01:00
Hannah Wolfe
0a2c72648d Merge pull request #3270 from ErisDS/migrations
Migration improvements
2014-07-15 17:00:59 +01:00
Sebastian Gierlinger
2957b0175e Move image upload to API
closes #3252
- added `/ghost/api/v0.1/uploads/` endpoint
- removed upload method from `controller/admin.js`
- moved removal of temporary files from storage to endpoint (needed to
account for failed uploads)
- changed and moved tests
- Oversight: I think that we use `.otherwise()` and `.catch()` a bit
too extensive and mask the real error objects. We probably need an
error handling strategy at some point in the future.
2014-07-15 12:40:14 +02:00
Hannah Wolfe
3ff9146d9e Server side cleanup
- remove sessions
- remove all references to csrf
- create a shared base model for the 2 types of token
2014-07-14 21:50:12 +01:00
Hannah Wolfe
34eb5c84fb Migration improvements
refs #2600

- fixed issue with defaults not being populated on upgrade
- added logging to all actions in the migration process to help debugging
  in future
- did a little bit of refactoring
2014-07-14 21:12:02 +01:00
Jason Williams
ef1858b6c7 Fix validations on user settings page
Closes #3271
- Change validations on both server and client to allow the
  Website field to be empty or a valid URL.
- Add new schema validation helper isEmptyOrURL.
- Remove duplicate call to UserValidator in the save action
  of the SettingsUser controller.
- User.last_login and User.created_at are already Moment objects
  so Moment#fromNow can be called on them directly.
2014-07-14 18:12:57 +00:00
Hannah Wolfe
6cdf9e5999 Merge pull request #3238 from ErisDS/issue-2600
Refactor fixtures & fixture migrations to 003
2014-07-14 17:03:08 +01:00
Hannah Wolfe
0565027900 Refactoring fixtures
refs #2600, refs #2379

Refactoring fixtures to make permission management a little easier
- Separate fixtures into JSON file and split permissions fixtures from other fixtures
- make fixture migrations more robust by fetching objects, not relying on
  ids and checking before adding
- changed owner fixture slightly to remove any confusion between the 'Owner' role and 'Ghost Owner' user.
- moved 003 fixture versions out of config into logic, possibly not a good
  idea
- refactored permissions fixtures and added permissions_roles fixtures to
  make it easier to read / add
2014-07-14 15:52:47 +01:00
Harry Wolff
4f727ed068 Settings: Admin User Tab
closes #2422

- updated to use new change password method
- have all save settings use notifications
- create assetUrl helper for creating asset paths with subdir's properly
 prefixed
- move all url based helpers onto a url object in ghost-paths
2014-07-14 08:52:06 -04:00
Sebastian Gierlinger
db5e02da2b Add status invited-pending for users
no issue
- added status invited-pending for invited users where sending the
invitation email failed
- removed console.log() from authentication.js
2014-07-14 11:13:23 +02:00
Hannah Wolfe
a8f99df63f Merge pull request #3258 from ErisDS/model-registry
Use bookshelf's model registry plugin
2014-07-13 21:15:25 +01:00
Hannah Wolfe
b03ecd9ebc Use bookshelf's model registry plugin
Refs #2170

This removes the circular dependency problem from our models thanks to
https://github.com/tgriesser/bookshelf/issues/181
- add the registry plugin
- switch all models and collections to be registered
- switch relationships to be defined using a string, which calls from the registry
2014-07-13 18:18:25 +01:00
Jason Williams
1bf975af90 Turn on update notifications for Ember admin
Issue #3160
- Use notifications API to display available update notification.
- Remove update_notification handlebars helper as now both the
  check for an available update and the notification handling
  is run from the server's admin controller index method.
- Bind the notification's location property to a css class
  for styling.
- Refactor Ember notifications to better handle notification
  objects.  Move responsibility for css class generation onto
  the notification component.
- Refactor gh-notifications component to take a location argument
  that's used to assign a css class and filter notifications.
2014-07-11 15:02:26 +00:00
Hannah Wolfe
ef1207cc0d Merge pull request #3213 from hswolff/lazy-load-models
Preparation for lazy loading of models
2014-07-11 15:29:46 +01:00
Sebastian Gierlinger
8c2258dc4c Move setup to API
closes #3136
- moved setup to authentication API
- added `POST /ghost/api/v0.1/authentication/setup` to execute the
setup process
- added `GET /ghost/api/v0.1/authentication/setup` to check if blog is
already set up (needed for #3145)
- removed unused methods from api/users.js
2014-07-11 14:17:09 +02:00
Jason Williams
4ef4d0f97a Fix handling of async db calls in fixtures
Closes #3167
- Change fixture loading methods to keep track of promises
  returned from async database calls so that aggregators function
  correctly.
2014-07-11 02:39:06 +00:00
Hannah Wolfe
49b08c3bdc Merge pull request #3236 from sebgie/issue#3074
Setup hijacks owner user
2014-07-10 21:52:41 +01:00
Sebastian Gierlinger
215badc663 Setup hijacks owner user
closes #3074
- user generated by fixture is hijacked
- user is updated with name, email, password, slug and status
- creates new user if db is migrated but no user exists
- previously removed tests are back
2014-07-10 19:29:51 +02:00
Harry Wolff
cddd23f926 Only reference model properties through the models module.
This frees us up to enforce one single point of access, thus paving
the way towards allowing us to initialize the models at are request,
and not when it's require().

addresses #2170
2014-07-10 08:04:32 -04:00
Harry Wolff
e3520feeec Move creation of knex instance to config module
addresses #2170
2014-07-10 08:00:24 -04:00
Hannah Wolfe
b69b5e7638 Merge pull request #3230 from jaswilli/issue-3226
Fix active theme selector.  Add validation to API.
2014-07-10 12:52:01 +01:00
Hannah Wolfe
f0ce3f2d02 Merge pull request #3235 from sebgie/issue#3073
Add owner fixture
2014-07-10 12:03:47 +01:00
Sebastian Gierlinger
5e4fae6f11 Add owner fixture
closes #3073
- added fixture for owner role
- added fixture for initial user (new db)
- added conversion administrator -> owner (existing db)
- changed tests to take over owner user
- removed some functional tests until /setup works with owner user
2014-07-10 12:00:51 +02:00
Jordan Sexton
66ae7e5669 Removed duplicative and unreferenced resources section 2014-07-09 18:48:00 -05:00
Jason Williams
fddf2ee42f Fix active theme selector. Add validation to API.
Closes #3226
- Remove dependent property from the computed content property
  that is used to build the active theme selector.
- Add validation to the Settings model so that it rejects
  attempts to set an activeTheme that is not installed.
2014-07-09 22:14:33 +00:00
Hannah Wolfe
d2cc9e5046 Merge pull request #3223 from ErisDS/issue-3187
Move post slug endpoint & add endpoints for users
2014-07-09 21:21:01 +01:00
Hannah Wolfe
a593cbfb53 Move post slug endpoint & add endpoints for users
closes #3187

- move slug endpoint to post/slug/:slug
- create similar  slug and email endpoint for users
- add/update tests
2014-07-09 16:55:34 +01:00
Sebastian Gierlinger
5b0b308513 Owner has all user permissions
closes #3075
- added special treatment for role with name ‚Owner‘
2014-07-09 13:34:38 +02:00
Sebastian Gierlinger
035fb04d34 closes #3197
- added role to user obj (only returned from the user endpoint)
- added `/users/?include=roles` and
`/users/?include=roles,roles.permissions` query parameters
- added and updated tests
2014-07-08 18:00:59 +02:00
Jason Williams
05d199f9b4 Check datatype for date format conversion
Closes #3199
-If datatype is dateTime convert to javascript Date object when
 retrieved from the database.
-Add tests to make sure models and internal API are using Date
 objects for dateTime fields.
-Add tests to make sure the HTTP API is returning ISO 8601
 date strings for dateTime fields.
2014-07-05 19:15:32 +00:00
Hannah Wolfe
8b2edf7e56 Merge pull request #3192 from sebgie/issue#3081
Allow user to accept invitation
2014-07-04 23:18:47 +01:00
Sebastian Gierlinger
84cfd529ed Allow user to accept invitation
closes #3081
- added route `/ghost/api/v0.1/authentication/invitation`
- added accept invitation
- added signup with token
- removed check() from users api
- fixed promise in resetPassword()
2014-07-03 17:06:07 +02:00
Jason Williams
13229fb6a4 Fix server-side validation
Closes #3122
-Fix validation so that all values are validated instead
 of just values that evaluate to true.
-Ensure validation methods consistently return promises
 and switch error handling from try/catch to promise.catch
 to get rid of unhandled rejection warnings.
-Add 0 and 1 to list of acceptable values in boolean validation.
2014-07-03 14:57:57 +00:00
Sebastian Gierlinger
79a80b67ac Invite user API
closes #3080
- added users.invite() to add user from email with random password
- added `GET /ghost/api/v0.1/users/` to invite users and resend
invitations
- removed one user limit
- added global utils for uid generation
- changed some „“ to ‚‘
2014-07-02 16:22:18 +02:00
Kevin Ansfield
7e2e8b3376 Persistent notifications
closes #3057
- add Notification model
- update injected Notifications object to handle persistent notifications
- load server notifications on setup if logged in otherwise on successful sign-in
- changed all existing notifications.closeAll calls to closePassive
- fixed dismissable/dismissible spelling in server API & tests
- add notifications.closeNotification method so DELETE calls can be made for server-originating notifications
2014-07-01 11:36:21 +02:00
Hannah Wolfe
f70f99b5cf Replace the old admin with the ember admin
closes #3056

- Remove clientold
- Remove clientold tests
- Cleanup old admin helpers
- Remove old routes from admin and controllers from admin controller
- Comment out / remove old and broken tests
- Cleanup Gruntfile.js, bower.js, package.json etc

Still TODO:

- cleanup / add removed tests
- do we still need countable?
2014-07-01 08:33:17 +01:00
Hannah Wolfe
3a329d2198 Merge pull request #3150 from javorszky/iss2843
Made ember version of reset password work
2014-06-30 16:18:20 +01:00
Gabor Javorszky
ad2bfb511f Made ember version of reset password work
Closes #2843

* Implemnted the ember validator correctly for both reset request and actual reset (with the token)
* added reset validator
* changed the request route addresses to be `/authentication/passwordreset`
* changed the format of data to be `{ thing: [ {data } ] }`

Missing:
* notifications
* tests for these use cases
2014-06-30 14:37:49 +01:00
Sebastian Gierlinger
c8e8da4780 oAuth
closes #2759
closes #3027

- added oauth2orize library for server side oAuth handling
- added ember-simple-auth library for admin oAuth handling
- added tables for client, accesstoken and refreshtoken
- implemented RFC6749 4.3 Ressouce Owner Password Credentials Grant
- updated api tests with oAuth
- removed session, authentication is now token based

Known issues:
- Restore spam prevention #3128
- Signin after Signup #3125
- Signin validation #3125

**Attention**
- oldClient doesn't work with this PR anymore, session authentication
was
removed
2014-06-30 14:58:10 +02:00
Jason Williams
2356692fe3 Fix mail test send endpoint
Closes #3071
-Refactor api.mail.sendTest to take a "to:" parameter.
-Inject recipient address into the mail api's sendTest method
 from the route handler.
2014-06-26 22:00:31 +00:00
Fabian Becker
72156c7f89 New setup screen for blog installation.
fixes #3072
- Change router to handle /ember/setup/
- Adjust doSignup to also handle setup
- Adjust tests and add new where necessary
- Add setup controller, setup validation, setup route
- Adjust casper emberSetup to handle new setup
2014-06-26 15:31:44 +02:00
Jason Williams
39c0f219e6 Finish Debug screen for Ember admin
Closes #2847
2014-06-25 04:36:17 +00:00
Fabian Becker
3d2205195d Generate slug when adding new app.
No issue
- Remove duplicate code from model_posts_spec.
- Add slug generation to app model
- Test slug generation on app model
2014-06-24 22:20:35 +00:00
Paul Adam Davis
92fe4966c9 Remove ember-hacks.css file
No issue

- Removes `ember-hacks.css` file and move some of its styles into Ghost-UI
2014-06-24 14:49:37 +01:00
John O'Nolan
2fbac60c58 Language cleanup in update check disclosure 2014-06-24 14:59:34 +02:00
Hannah Wolfe
a42894bc9a Ember admin works with subdirectory
fixes #3047
2014-06-24 03:14:28 +01:00
Hannah Wolfe
72b3b3ceb1 Setting Ghost logo to correct URL 2014-06-24 00:24:13 +01:00
Hannah Wolfe
a11fd67ec9 Add fileStorage config to frontend
closes #2956

- adds fileStorage to config passed to ember, and then grabs it in the relevant places.
2014-06-23 23:33:14 +01:00
Hannah Wolfe
bb490e4bbd Hide settings/apps unless apps:true is in config.js
fixes #3031

- Adds an initializer for passing config to the frontend, it's not pretty but it works
- Forwards the apps route and hides the apps menu item if apps:true is not present in config.js
2014-06-23 20:27:51 +01:00
Hannah Wolfe
28d10a9e2f Merge pull request #2995 from sebgie/issue#2822
User API changes
2014-06-20 18:39:33 +01:00
Sebastian Gierlinger
22c05da93a Fix limit parameter
closes #3004
- parseInt for limit parameter
2014-06-20 14:28:01 +02:00
Sebastian Gierlinger
1db0431e4d User API changes
closes #2822
- added destroy user method
- added remove user permission
- added API end point for get reset token
- added API end point for reset password
- added API end point for change password
2014-06-20 11:15:01 +02:00
Sebastian Gierlinger
a3665cd917 Merge pull request #2980 from jgable/lazyLoadDefaultSettings
Lazy load default settings
2014-06-17 21:52:34 +02:00
Hannah Wolfe
42a5f29263 Merge pull request #2969 from jaswilli/when
Update when.js dependency to version 3.2.3
2014-06-17 20:17:17 +01:00
Jacob Gable
d37be6f098 Lazy load default settings
Closes #2061

- Lazy load the defaultSettings value in Settings model
- Populate individual defaults before read/edit
- Populate all defaults before first browse call
- Remove populateDefaults calls from init code
2014-06-17 10:36:47 -05:00
Jason Williams
a595817b8c Fix csrfSecret handling
Closes #2974
-use req.session.csrfSecret instead of _csrfSecret.
-clear username and password properties from the signin controller.
2014-06-16 20:32:51 +00:00
Fabian Becker
2bff35bcc2 Complete moveover to new Notification API format
fixes #2775
- Fix all occurences of notifications.add to use proper API format
2014-06-16 08:07:29 +00:00
Jason Williams
9a9593536d Update when.js dependency to version 3.2.3 2014-06-16 04:11:22 +00:00
Hannah Wolfe
fd8cc542b5 Merge pull request #2946 from halfdan/fix-page
Fixes static pages when permalinks are active.
2014-06-14 18:12:39 +02:00
Hannah Wolfe
8eb602fd10 Merge pull request #2931 from sebgie/issue#2354
Allow schema changes
2014-06-13 20:05:56 +02:00
Fabian Becker
21a7e3ebb2 Fixes static pages when permalinks are active.
fixes #2938
- Fix `page === 1` occurences
- Fix ember logic
2014-06-13 01:00:18 +02:00
Jason Williams
54c6dab3e2 Remove redundant function declaration 2014-06-12 19:55:04 +00:00
Hannah Wolfe
c82cea3efe Merge pull request #2939 from jomahoney/db-backup
Change DB backup location
2014-06-12 21:35:55 +02:00
Sebastian Gierlinger
c09c20ad8d Allow schema changes
closes #2354
refs #1641

- added addUnique()
- added dropUnique()
- added addColumn() -> needed for #2330
- dropColumn() is missing due to lack of knex support
- further cleanup of the migrations module
2014-06-12 17:25:55 +02:00
John O'Nolan
ec05677737 Convert support links from forum to new support site 2014-06-12 12:52:01 +02:00
jomahoney
c57bec7906 Change DB backup location
closes #2887
- Stores content files under /content/data/
2014-06-11 21:16:21 +01:00
Tim Griesser
f87e0d364d Bumping to Knex 0.6.12, Bookshelf 0.7.1 2014-06-10 17:07:53 -04:00
Jason Williams
d9c45b4967 Fix export of data during database migration
Closes #2927
-refactor exporter to export tables that exist in the
 database instead of keying off of schema.js
-move some shared database utility functions into their
 own module
2014-06-09 21:07:21 +00:00
Harry Wolff
5d028b72fb Upgrade to Express 4.0
no related issue

- Updates package.json packages, adding express middleware packages
 that have been broken into their own modules

- Updates controllers/frontend.js to use the new Layer object that Express 4.0
 has.  Requires some monkey-patching as the Layer object isn't explicitly
 surfaced, however it should be safe to do.

- Moved the setup of routes into middleware/index.js because they need to
 be added as a middleware function before the 404 and 500 handlers. This is
 no longer possible with the old app.use(app.router) as that has been removed.

- Cleaned up middleware/index.js to make it compatible with Express 4.0.

- Simplified the way themes are activated and enabled when they are activated.
 The new handling is simpler, yet should still cover all the use cases that
 previously existed.

- The entire flow of activating a theme through middleware should be a little
 more centralized, letting it be easier to read and maintain.

- Moved every routes/*.js file to use an individual express.Router() instance.
2014-06-08 17:41:25 -04:00
Gabor Javorszky
52299998e2 Removed API dependency from mailer and api/mail
Fixes #2836.

* Mailer now only handles sending email and initializing settings. Instead of adding new notifications there, it just sets flags on its own object.
* Mailer now checks for the presence of "to". If there is none, it fails. You should really pass a full mail object complete with "to", "subject" and "html", otherwise it's partial content.
* Therefore Mail API doesn't check for the existence of the "to", and doesn't get the email from settings and substitute that
* index.js now has a method that adds the notifications. I figured adding those THERE is probably better than individually in every module. It is, as the comments say, can be made extensible
2014-06-08 17:41:07 +01:00
Jason Williams
e7e6dfc3e6 Clear any existing SIGINT listeners during startup
No issue
-remove any existing listeners on the SIGINT event during
 the ghost bootstrap process.  handles an issue during testing
 where node was warning about too many listeners.
2014-06-07 15:05:33 +00:00
Hannah Wolfe
b7aca05d95 Merge pull request #2880 from halfdan/2879-socket-issue
Fix error when running Ghost with a socket
2014-06-05 13:45:01 +01:00
Hannah Wolfe
5190f1f0e4 Merge pull request #2876 from halfdan/2833-rasperize-cache
Cache invalidation for post update
2014-06-05 13:44:22 +01:00
Hannah Wolfe
42af74b073 Merge pull request #2877 from jaswilli/2866-slugs
Update slug API to work with additional types
2014-06-05 13:43:46 +01:00
Fabian Becker
f9369459db Fix error when running Ghost with a socket
fixes #2879
- Syncronously unlink old socket file
2014-06-04 18:17:32 +00:00
Fabian Becker
340192c5da Cache invalidation for post update
closes #2833
- Handle status change of post
2014-06-04 18:11:28 +00:00
Hannah Wolfe
afec0bc660 Merge pull request #2873 from jaswilli/2849-delete-posts
delete posts from post settings menu
2014-06-04 15:15:37 +01:00
Jason Williams
39967b02da Enable post deletion from Ember admin
Closes #2849
-wire up delete post action in ember admin
-refactor ember modal dialog
-override RESTAdapter.deleteRecord to workaround Ember expecting
 an empty response body on DELETEs
2014-06-04 13:19:57 +00:00
Jason Williams
bb4a0a3540 Update slug API to work with additional types
Closes #2866
-update slug API to handle users and apps in addition to
 posts and tags
-update existing tests
-add new functional tests for slug endpoint on http api
2014-06-04 05:54:03 +00:00
Hannah Wolfe
9e8e1fa37d Ember redirect to signup
closes #2779

- adds temporary code to redirect the ember admin to signup if a user doesn't exist.
- done serverside as this makes most sense?
2014-06-03 19:21:45 +01:00
Hannah Wolfe
59147bbb6d Merge pull request #2862 from morficus/master
refreshless user logout
2014-06-03 19:19:14 +01:00
Hannah Wolfe
57a5b6a188 Full pass at inline API Docs
closes #2622, ref #2125
2014-06-03 14:05:25 +01:00
Hannah Wolfe
4b6f8ce06d Mail API fixes
- The mail API endpoints weren't quite working correctly. Now working but still need love
2014-06-03 12:31:14 +01:00
Maurice Williams
6fda048827 refreshless user logout
fixes #2842
- new Ember route for signout
- new API route to allow async signout
2014-06-02 17:12:02 -04:00
Hannah Wolfe
beb078b52c Merge pull request #2841 from gotdibbs/847
Export backup prior to migration
2014-06-01 22:00:11 +01:00
jomahoney
ae330e45f6 Added error link on 404 pages
closes #2298
- added hyperlink to error templates
- added class for styling hyperlinks on error pages
2014-06-01 19:02:48 +01:00
William Dibbern
07df9911ce Export backup prior to migration
Closes #847
- Added logic to export database to the `core\server\data\` folder prior
to beginning a migration.
- Factored out versioning logic from migration to prevent circular
references
2014-05-31 18:56:09 -05:00
Connor Tumbleson
5933ee3afe escapes meta title/description
closes #2663
adds unit-test
2014-05-31 11:08:09 -05:00
Hannah Wolfe
d3c1bdb758 Merge pull request #2820 from jgable/fix403
Fix 403 errors after signup
2014-05-29 15:39:00 +01:00
Hannah Wolfe
0d04357e4e Merge pull request #2718 from jgable/emberData
Ember Data with Posts
2014-05-29 15:27:19 +01:00
Jacob Gable
5abeadf80d Ember Data with Posts
Ref #2699

- Introduce ember data dependency
- Add loadInitializers and refactor most initializers into one combined
- Add Post ember data model
- Refactor generateSlug to use title of post and ghostPaths
- Refactor post controller to not reference model.property everywhere
- Use RESTAdapter for posts, users and tags
- Setup author and tag relations in Post model
- Fix broken API calls by adding CSRF header
- Add initiaizer for csrf value
- Use actual User model for current user initializer
- Add action for setting featured post, test with actual api call
- Fix the sending of UUID's up to the server
- Refactor current-user to use ember-data store
- If a user is preloaded in the application, use pushPayload to put it
in the store
- Do a lookup on the store to get an actual User model for injection
- Fix posts/post controllerName in route/new.js
- Alter signup process to push user into ember data store
2014-05-29 07:42:51 -05:00
Jason Williams
503c407090 Clean up routes. Use new slug endpoint in admin.
refs #2814
-removed route /posts/slug/:title due to API change
-changed admin to use new slug endpoint
-removed duplicate notifications routes
2014-05-28 03:59:06 +00:00
Jacob Gable
dc58d6936a Fix 403 errors after signup
Closes #2819

- Keep around the _csrfSecret on the session after regenerating
2014-05-26 20:01:45 -05:00
lennerd
bebafdc9a9 Refactore slug API for generating tag and post slugs.
Closes #2601
- Removed slug generation from the post API
- Added new, self-contained slug API
- Fixed slug permissions in the fixtures files
- Added a HTTP route for the new API method
- Added integrational tests
2014-05-26 10:07:05 +02:00
Hannah Wolfe
51090acf54 Merge pull request #2799 from jaswilli/issue-2798
Fix content preview actions and add tests
2014-05-24 12:23:56 +03:00
Hannah Wolfe
2aad15373c Merge pull request #2780 from jgable/ember-signup
Implement signup in Ember
2014-05-24 09:29:39 +03:00
Sebastian Gierlinger
ec46dc93ec Merge pull request #2801 from ErisDS/issue-2773
correct settings.edit call signature for installedApps
2014-05-24 08:19:16 +02:00
Hannah Wolfe
4aabce4474 correct settings.edit call signature for installedApps
closes #2773

- this is left over from my refactoring work
2014-05-24 08:21:17 +02:00
Sebastian Gierlinger
217e3ed7ad Improve status codes
closes #2187
- added UnsupportedMediaTypeError (code: 415)
- added status code 201 if a new object was created
- Updated tests
2014-05-24 08:05:12 +02:00
Jason Williams
669f7f8b0c Fix content preview actions and add tests
Closes #2798
-fetch full model for active post in Backbone content preview view
-remove unnecessary type check in Models.Post.saving
-add functional tests for all post settings menu actions in editor screen
-add functional tests for all post actions in content preview
 screen for posts with and without tags
2014-05-23 20:54:02 +00:00
Jacob Gable
006aedfb84 Implement signup in Ember
Closes #2410

- Add signup action that posts to signup endpoint
- Fix nav bar showing on signup page
- Fix image link when a user hasn't set their image yet
- Redirect to the ember/signin page if requesting an ember page
2014-05-23 12:17:28 -05:00
Hannah Wolfe
11cf0ae125 Merge pull request #2791 from shindakun/assetcache
Make cache max-age on theme assets one year.
2014-05-23 19:05:49 +03:00
Hannah Wolfe
83f7cfe08b Merge pull request #2788 from jaswilli/issue-1842-tests
Add tests for handlebars core helper functions
2014-05-23 16:15:16 +03:00
Martijn Swaagman
f7d2b6bd82 [fix] always add quotes 2014-05-23 14:37:03 +02:00
Martijn Swaagman
83742837c2 [docs] absolute=true will add options.hash
Ran into this will calling the helper from a theme, tried to get the absolute url, but just providing {{url absolute}} wasn't enough. After explicitly adding `=true` it worked.
2014-05-22 21:06:26 +02:00
Steve
5f7182b7a2 Make cache max-age on theme assets one year.
closes #2790
- Added one year in ms var.
- refs: #2447
2014-05-22 07:55:38 -07:00
Jason Williams
9d16e72bb0 Add tests for handlebars core helper functions
Closes #1842
-add unit tests for core helper functions
-fix up coreHelpers.e
-clean up coreHelpers.pagination
2014-05-22 03:57:52 +00:00
Jacob Gable
42a1d55858 Improve signin
Ref #2413

- Remove fixture and use actual API
- Store and send down actual logged in user data
- Refactor isLoggedIn to use computed property on application
- After signin, update user data in dependency container
- Add CSRF to all routes and controllers via initializer
- Update authenticated route to check for user.isLoggedIn
- Add notifications for signin error
- Add notifications.showAPIError helper
- Add plumbing for refreshless signup to doSignUp in admin controller
2014-05-15 09:18:43 -05:00
Hannah Wolfe
c02ebb0dcf Refactor API arguments
closes #2610, refs #2697

- cleanup API index.js, and add docs
- all API methods take consistent arguments: object & options
- browse, read, destroy take options, edit and add take object and options
- the context is passed as part of options, meaning no more .call
  everywhere
- destroy expects an object, rather than an id all the way down to the model layer
- route params such as :id, :slug, and :key are passed as an option & used
  to perform reads, updates and deletes where possible - settings / themes
  may need work here still
- HTTP posts api can find a post by slug
- Add API utils for checkData
2014-05-15 10:41:05 +01:00
Jacob Gable
f565dd505a Fix sign up not setting user on session
No issue found

- Grab user out of api response from users[0]
2014-05-14 20:38:58 -05:00
Hannah Wolfe
f1a3f1a7a5 Merge pull request #2753 from jgable/fixPermissable
Add apps permissable checks in posts and users
2014-05-14 22:10:44 +01:00
Hannah Wolfe
692573a241 Merge pull request #2735 from shindakun/tag404
Display 404 page if tag does not exist.
2014-05-14 16:32:18 +01:00
Hannah Wolfe
4c0010db45 Merge pull request #2673 from halfdan/2592-tags-api
Implements new Themes JSON API
2014-05-14 16:31:36 +01:00
Jacob Gable
0dc6dc29a7 Add apps permissable checks in posts and users
Closes #2738

- Re-introduce the TargetModel.permissable interface check in the
regular permission flow path
- Pass loadedPermissions, hasUserPermission and hasAppPermission to
permissable interface to reduce logic necessary
- Refactor recursive call to pass original arguments but with actual
model
- Refactor canThis(this.user) use in api/posts.js to just canThis(this)
2014-05-14 09:22:25 -05:00
Sebastian Gierlinger
d1149a927b Fix validation
- fixed validation that broke when introducing error classes
- added a test
2014-05-14 15:30:46 +02:00
Fabian Becker
628654961a Implements new Themes JSON API
closes #2592
- Add themes browse/read endpoint
- Add new permissions for themes (only admin by default)
- Add integration tests
2014-05-14 11:23:42 +02:00
Gabor Javorszky
24190a186e Move mail api to json/api format
Fixes #2650
* rerouted all mail sending to api/mail
* changed request and response formats to json/api-like structure
* tested with forgotten password and new blog email
2014-05-13 17:34:37 +01:00
Hannah Wolfe
169a984372 Merge pull request #2737 from jaswilli/issue-2736-pg
Ensure settings values are strings before saving
2014-05-13 14:28:29 +01:00
Jason Williams
414890f263 Ensure settings values are strings before saving
closes #2736
-reintroduces JSON.stringify for non-string values in
 api.settings.edit
-added a regression test
2014-05-13 05:36:18 +00:00
Jason Williams
954cb1a59e updateTags refactor
closes #2720
-refactor Models.Posts.updateTags method to reduce complexity
2014-05-12 21:03:26 +00:00
Steve
eb2fdc44fb Display 404 page if tag does not exist.
closes #2667
- if tag result is '' 404 instead of rendering an empty page
- added test for /tag/asdf should 404
2014-05-12 11:30:08 -07:00
Hannah Wolfe
25ec0f3f75 Merge pull request #2719 from appleYaks/import-backward-compatible
Make DB Import backwards compatible
2014-05-11 16:17:17 +01:00
Sebastian Gierlinger
fd0f5a5028 Add distinct error classes
closes #2690
- added new error classes
- moved errorhandling.js to /errors/index.js
- changed API errors to use new classes
- updated tests
2014-05-09 12:11:29 +02:00
David Arvelo
eb18991ddb Make DB Import backwards compatible
closes #2716
- Continues to parse and allow import with the old format
- Detects the presence of the new JSON-API format and allows import
2014-05-08 20:29:45 -04:00
Hannah Wolfe
d4a6eb26a4 Merge pull request #2713 from jaswilli/startup-issues
Don't xmlrpc ping for the default Welcome to Ghost post
2014-05-08 12:24:39 +01:00
Hannah Wolfe
1c3ba536c9 Merge pull request #2706 from appleYaks/db-api-update
DB API returns JSON-API compatible objects. Export triggers 'Save As' di...
2014-05-08 11:28:02 +01:00
Jason Williams
e078cc4085 Don't xmlrpc ping for the default Welcome to Ghost post
closes #2712
-prevents xmlrpc.ping from being run before Ghost is in a valid
state
-fix a call to Object.hasOwnProperty in permissions.hasActionsMap
2014-05-08 03:50:19 +00:00
Jason Williams
027169a1d1 Fix unhandled rejected promises when using admin
closes #2707
- adjust call to api.settings.edit now that canThis is in use
2014-05-08 00:10:14 +00:00
David Arvelo
2d783ac3d4 DB API returns JSON-API compatible objects. Export triggers 'Save As' dialog.
closes #2647
- GET method returns { db: [exportedData] }
- POST, DELETE methods return { db: [] }
- 'delete all content' test updated
- Attach 'Content-Disposition' header on DB export for 'Save As' browser dialog
- Add DB API functional test for Export
2014-05-07 19:05:09 -04:00
Hannah Wolfe
d1f57a2569 Merge branch 'ember'
Conflicts:
	Gruntfile.js
	core/client/models/post.js
	core/client/models/settings.js
	core/client/models/user.js
	core/client/router.js
	package.json
2014-05-07 22:28:29 +01:00
Hannah Wolfe
ede0a937a6 Merge pull request #2701 from jgable/settingsACL2
ACL and strict rules for Settings API
2014-05-07 20:23:30 +01:00
Hannah Wolfe
e23f5c027b Merge pull request #2702 from jgable/userCanThis
Update users api canThis context
2014-05-07 17:42:44 +01:00
Jacob Gable
298077582b ACL and strict rules for Settings API
Ref #2061

- Add canThis permission checks to settings api calls
- Add strict rules about accessing core settings without internal: true
- Omit core settings in browse() call unless internal: true
- Update unit tests to call api.settings with contexts
- Add a couple unit tests for new scenarios
- Update all api.settings calls in the app to call with internal context
- Re-arrange permissions.init in server startup so config.theme.update
can access settings without permissions error
2014-05-07 10:56:03 -05:00
Hannah Wolfe
1fb958834c Merge pull request #2679 from appleYaks/sanitize-model-options
Sanitize models' attributes/options before passing to bookshelf/knex
2014-05-07 16:49:42 +01:00
David Arvelo
87cda81c84 Sanitize models' attributes/options before passing to bookshelf/knex
closes #2653
- enforce strict whitelists for model methods
- create a class method that reports a model method's valid options
- create a class method that filters a model's valid attributes from data
- create a class method that filters valid options from a model method's options hash
2014-05-06 23:02:49 -04:00
Jacob Gable
9c9cfe763a Update users api canThis context
- Update api.users methods to pass the whole context to canThis instead
of just this.user
2014-05-06 20:11:15 -05:00
Fabian Becker
2795e723e1 Move to new API format for Settings.
refs #2606
- Use new API format when updating settings from the client side
- Add additional test to test new API format
- Adjust functional tests to work with the new format
2014-05-06 19:02:55 +00:00
Sebastian Gierlinger
b98709b3ce Refactor omit of password
- remove password in toJSON() instead of filtering every occurrence of
user
- changed faulty error type ‚NotFound‘ to ‚NoPermission‘
2014-05-06 12:14:58 +02:00
Hannah Wolfe
8a4e0e27f2 Merge pull request #2687 from shindakun/expressgzip
Add gzip compression, can be enabled/disabled in config.js
2014-05-06 08:24:54 +01:00
Steve
c7459b1d9f Add gzip compression, can be disabled in config.js
Closes #1305
- added compression module
- added new server config variable: compress
- gzip enabled by default
2014-05-05 18:29:13 -07:00
Hannah Wolfe
31fc84cefb Consistency in model method naming
- The API has the BREAD naming for methods
- The model now has findAll, findOne, findPage (where needed), edit, add and destroy, meaning it is similar but with a bit more flexibility
- browse, read, update, create, and delete, which were effectively just aliases, have all been removed.
- added jsDoc for the model methods
2014-05-06 00:36:42 +01:00
Fabian Becker
2a803aecdd Proper endpoints for persistent notifications
closes #2637
- Add new get API route for all notifications
- Wrap API responses to comply with JSON-API
- Add new tests / adjust fixtures
- Adjust all occurences of passive notifications
2014-05-06 00:05:14 +02:00
Sebastian Gierlinger
39e654e9c3 Change error message response
closes #2643
- added error type
- added error property for validations
- wrapped errors in an array
- returns multiple errors for validation
- updated tests and admin
2014-05-05 15:51:21 +02:00
Jason Williams
d0931aa455 Add location header to response when new object is created
closes #2635
- add new logic to the api request handler to set a location header
  when new objects are created
- added an api context to config.urlFor() to return the root url
- added functional tests for the affected routes
2014-05-04 14:52:01 +00:00
Jason Williams
4d41e12c02 Adjust update check to handle changes in API calls
closes #2681
- fixed api calls and response parsing
- added a test to for update check
- adjusted gruntfile.js to run new update check integration test
2014-05-04 01:36:00 +00:00
lennerd
66a046b00b Return new tags when posts are created via API
closes #2680
- added include options when adding a post
- added functional and integrational tests
2014-05-03 19:24:11 +02:00
Hannah Wolfe
f2071eedb2 Move user API to primary document format
closes #2593

- added new format to user API methods
- changed all places where the user api was used
- updated tests and added more coverage
- little bit of cleanup in utils/api
2014-05-02 20:50:44 +01:00
Hannah Wolfe
ebdbf8a7aa Merge pull request #2661 from jgable/settingsPrimaryDocument
Settings API Primary Document refactor
2014-05-02 15:55:31 +01:00
Jacob Gable
7e9880ce8d Settings API Primary Document refactor
Closes #2606

- Refactor settings api responses to { settings: [ ] } format
- Update all code using api.settings to handle new response format
- Update test stubs to return new format
- Update client site settings model to parse new format into one object of key/value pairs
- Refactor to include all setting values
- Remove unused settingsCollection method
- Update settingsCache to store all attributes
- Update settingsResult to send all attributes
- Remove unnecessary when() wraps
- Reject if editing a setting that doesn't exist
- Reject earlier if setting key is empty
- Update tests with new error messages
- Use setting.add instead of edit that was incorrectly adding
- Update importer to properly import activePlugins and installedPlugins
- Update expected setting result fields
- Fix a weird situation where hasOwnProperty didn't exist 🤷
2014-04-30 23:15:27 -05:00
Jason Williams
4b46d85c26 Redirect from admin editor to frontend post view
closes #2628
- added /view/ route to the editor. if /view/ is appended to
  the url of a post being edited a redirect to the frontend
  will occur
- updated controller to check for /view/ and built the
  correct url for the post
- added test for the new route
2014-05-01 01:50:24 +00:00
Hannah Wolfe
bb75a1f96c Converting aspect -> filters for tag pages
fixes the build

- PR #2238 added an extra reference to aspect which wasn't fixed by #2652, this resolves that
2014-04-28 19:54:16 +01:00
Hannah Wolfe
c347d3fd1c Merge pull request #2652 from sebgie/issue#2620
Additional objects
2014-04-28 16:23:21 +01:00
Hannah Wolfe
3ffa552cfc Merge pull request #2238 from gimelfarb/fix-1838-admin-ssl
Support for urlSSL config option and forceAdminSSL 403 response
2014-04-28 16:20:06 +01:00
Hannah Wolfe
b82ebac44c Merge pull request #2631 from jgable/appProxyContext
AppProxy with permissions checks and app context
2014-04-28 12:17:29 +01:00
Lev Gimelfarb
a013840503 Support for urlSSL config option and forceAdminSSL 403 response
closes #1838
- adding `forceAdminSSL: {redirect: true/false}` option to allow 403 over non-SSL rather than redirect
- adding `urlSSL` option to specify SSL variant of `url`
- using `urlSSL` when redirecting to SSL (forceAdminSSL), if specified
- dynamically patching `.url` property for view engine templates to use SSL variant over HTTPS connections (pass `.secure` property as view engine data)
- using `urlSSL` in a "reset password" email, if specified
- adding unit tests to test `forceAdminSSL` and `urlSSL` options
- created a unit test utility function to dynamically fork a new instance of Ghost during the test, with different configuration options
2014-04-27 17:01:49 -04:00