no issue
- many "The automatic session initialization is deprecated" were shown in test output due to an old method of initializing the session service
- switched to explicit session setup in the application route's `beforeModel` hook
- https://github.com/simplabs/ember-simple-auth/issues/2314
refs https://github.com/TryGhost/Team/issues/1121
- adds error reporting for `notifications.showAlert()` in addition to `notifications.showAPIError()` because the former is used for some handled errors but will still show the undesired red error bar
- adds `shown_to_user` tag to all reported errors. Only errors that result in the red error bar will be reported with the tag as `true`, there may still be cases where we display errors outside of the red error bar but those wouldn't make it to Sentry either, we'll need a full audit of Admin source to find those situations and handle the reporting manually
- adds `ghost` context to errors that are shown in the red bar
- `ghost_error_code` - code returned from the API or passed manually through the `notifications.showAPIError()` options argument. Will be filled in once the error message has been audited+approved
- `displayed_message` - the full error message displayed to the user. Admin combines multiple attributes from the error details so it's useful to see what we actually show
- `full_error` - the actual API error response or a client-side generated error object
- `source` - whether the red bar came from `.showAlert()` or `.showAPIError()`, useful for tracking down where errors originated
no issue
- Lapsed trials and subscriptions will set the site's hosting config to `forceUpgrade` in which case a Ghost(Pro) site does not have a valid subscription or trial
- In this state we need to redirect all routes for all staff users to `/#/pro` to ensure the subscription can be put back into an active state
- This commit tackles
- Route update on startup on the application route level
- Catching and redirecting all transition (utils routes)
- Fetching the owner user to pass this information to the Ghost(Pro) app for better communication to non-owner staff users
- Allowing non-owner users in the force upgrade state to transition to the `/#/pro` route
no issue
- Grammarly is a suspect in some reported editor errors but it's usage hasn't been available inside of Sentry to know for sure
- when the grammarly extension is present it adds a `data-gr-ext-installed` data attribute to the `body` element, we now use that to add a `grammarly: true/false` tag to error reports so we can more easily track down the cause of editor bugs
refs https://github.com/TryGhost/Team/issues/884
Drop-to-upload functionality was lost in the first version of the new feature image uploader inside the main editor area, this adds it back in.
- fixed dropzone flickering issue by switching the event listeners to the capture rather than bubble phase so we can indicate a drag is occurring on the body without each individual drag/drop handler needing to know about it
- moved the event handler init/cleanup to the `ui` service
- moved the event handler init call to the application service as it no longer requires auth to have occurred for access to the labs flag setting
- removed the `featureImgDragDrop` labs flag
refs https://github.com/TryGhost/Team/issues/884
- add `[data-user-is-dragging]` to `body` element when any drag is occurring so that we can make drop zones active
- added dropzone and drop handling to feature image component
no issue
Having `session.user` return a promise made dealing with it in components difficult because you always had to remember it returned a promise rather than a model and had to handle the async behaviour. It also meant that you couldn't use any current user properties directly inside getters which made refactors to Glimmer/Octane idioms harder to reason about.
`session.user` was a cached computed property so it really made no sense for it to be a promise - it was loaded on first access and then always returned instantly but with a fulfilled promise rather than the underlying model.
Refactoring to a synchronous property that is loaded as part of the authentication flows (we load the current user to check that we're logged in - we may as well make use of that!) means one less thing to be aware of/remember and provides a nicer migration process to Glimmer components. As part of the refactor, the auth flows and pre-load of required data across other services was also simplified to make it easier to find and follow.
- refactored app setup and `session.user`
- added `session.populateUser()` that fetches a user model from the current user endpoint and sets it on `session.user`
- removed knowledge of app setup from the `cookie` authenticator and moved it into = `session.postAuthPreparation()`, this means we have the same post-authentication setup no matter which authenticator is used so we have more consistent behaviour in tests which don't use the `cookie` authenticator
- switched `session` service to native class syntax to get the expected `super()` behaviour
- updated `handleAuthentication()` so it populate's `session.user` and performs post-auth setup before transitioning (handles sign-in after app load)
- updated `application` route to remove duplicated knowledge of app preload behaviour that now lives in `session.postAuthPreparation()` (handles already-authed app load)
- removed out-of-date attempt at pre-loading data from setup controller as that's now handled automatically via `session.handleAuthentication`
- updated app code to not treat `session.user` as a promise
- predominant usage was router `beforeModel` hooks that transitioned users without valid permissions, this sets us up for an easier removal of the `current-user-settings` mixin in the future
refs https://github.com/TryGhost/Team/issues/723
- if the `/site/` API returns a `sentry_dsn` then we configure Sentry for error reporting as soon as we've loaded the initial unauthenticated data
- once we're authenticated and we have the full Ghost version available, override the Sentry event processor to use the full release
- updated `notifications.showAlert()` which is our fallback for API errors that shows the red banner at the top - these are the errors we're most interested in getting visibility for and reducing
refs https://github.com/TryGhost/Admin/pull/1901
Ember has deprecated mixins in preparation for 4.0 and `ember-simple-auth` has now done the same in 3.1.0.
- removed all imports of Ember Simple Auth mixins
- moved authenticated and invalidated handling from application route to session service
- moved server-notification loading from application route to session service
- updated `AuthenticatedRoute` to use the session service directly rather than authenticated route mixin
- added `UnauthenticatedRoute` that incorporates the behaviour from our overridden `UnauthenticatedRouteMixin` and switches to using the session service directly
refs 10b48b1d6d
refs 1531712d92
- the tour feature is no longer used so all associated code can be removed
- removes `liquid-tether` dependency as it was only used by the tour throbbers/popovers
no issue
- adds `whats-new` service that fetches the changelog from ghost.org and exposes the latest changelog entries
- trigger a background fetch of the changelog from ghost.org when first loading the admin when logged in, or after signing in
- adds a "What's new" menu item next to the user popup menu
- adds an indicator to the user menu button and what's new menu item if there are unseen changelog entries
- closing the changelog modal will update the "last seen date", clearing both indicators
closes https://github.com/TryGhost/Ghost/issues/10995
- when first loading the site preview, if private mode is enabled submit the login form in the background to get the cookie before loading the iframe
- refactors post-authentication preloading to ensure it occurs before post-authentication route hooks are called
- adds `showSuccess` attribute to `<GhTaskButton>` so that when set to `false` it can stay in the running state after "success" to avoid state change flashes whilst waiting for a transition
no issue
- moved `document-title` Route extension's functionality into the `ui` service
- updates the title each time the router service emits a route changed event
- `ui.updateDocumentTitle()` can now be called directly from components rather than the confusing `this.send('updateDocumentTitle')` bubbling behaviour
- refactored the `titleToken` implementation to use the now-formalised `RouteInfo`'s `metadata` field (https://github.com/emberjs/rfcs/blob/master/text/0398-RouteInfo-Metadata.md#appendix-a)
no refs.
- added "View site" as the first and default menu item in navigation bar to be able to browse the site without leaving the Admin
- rearranged left sidebar items according to new structure (moved Labs down to bottom)
- removed "View site" from publication main menu because it's become redundant
- added Night shift toggle in line with Labs menu to be able quickly access it
no issue
- ran [es5-getter-ember-codemod](https://github.com/rondale-sc/es5-getter-ember-codemod)
- [es5 getters RFC](https://github.com/emberjs/rfcs/blob/master/text/0281-es5-getters.md)
- updates the majority of `object.get('property')` with `object.property` with exceptions:
- `.get('nested.property')` - it's not possible to determine if this is relying on "safe" path chaining for when `nested` doesn't exist
- `.get('config.x')` and `.get('settings.x')` - both our `config` and `settings` services are proxy objects which do not support es5 getters
- this PR is not exhaustive, there are still a number of places where `.get('service.foo')` and similar could be replaced but it gets us a long way there in a quick and automated fashion
no issue
- `/config/` can only be requested when authenticated
- updated `/config/` mock to look for an Authentication header and return a 403 if it's missing
- updated `ajax` service to add an `Authentication` header when authenticated in testing env (cookies are not present when testing)
- updated `config` service to add `fetchUnauthenticated()` and `fetchAuthenticated()` methods in addition to `.fetch()`
- updated `application` route to only fetch authenticated config when authenticated
- updated `signin` controller to correctly fetch config after sign-in
no issue
- bump green (patch) deps
- bump ember-fetch
- bump ember-simple-auth
- bump broccoli-asset-rev
- bump ember-ajax
- bump yarn.lock sub-dependencies
Only a partial dependency upgrade but fixes production build error that was introduced in https://github.com/TryGhost/Ghost-Admin/pull/1044 so merging as-is.
refs #9865
- removed all `oauth2` and token-based ESA auth
- added new `cookie` authenticator which handles session creation
- updated the session store to extend from the `ephemeral` in-memory store and to restore by fetching the currently logged in user and using the success/failure state to indicate authentication state
- ESA automatically calls this `.restore()` method on app boot
- the `session` service caches the current-user query so there's no unnecessary requests being made for the "logged in" state
- removed the now-unnecessary token refresh and logout routines from the `application` route
- removed the now-unnecessary token refresh routines from the `ajax` service
- removed `access_token` query param from iframe file downloaders
- changed Ember Data adapters and `ghost-paths` to use the `/ghost/api/v2/admin/` namespace
closes https://github.com/TryGhost/Ghost/issues/9603
- don't add a `setTitle` method on the router and instead call `window.document.title` directly so that we don't have to access `Route#router` (throws deprecation) or `Route#_router` (private and may break without notice)
refs https://github.com/TryGhost/Ghost/issues/9571
- use `replaceWith` rather than `transitionTo` so that the back button still works and doesn't immediately throw you back to the 404 page
- use the new `router` service to avoid deprecation notices
- update the regex replacements to work with `#` urls
no issue
- disabled Ember Simple Auth's default token revocation
- we trigger session invalidation on a 401 which means our token isn't valid so the revoke requests will also fail
- renamed application route's `invalidateSession` to `logout` in order to distinguish it from any ESA methods
- added the token revocation requests to this action, we can be fairly sure at this point that the current tokens will be valid so the requests will succeed
- added check to `ajax.handleResponse` so that we don't invalidate the session for requests to external services
- removed pointless assertion from the ajax integration test
refs https://github.com/TryGhost/Ghost/issues/9314
* added save button for contributor
* hide tag filter & redirect to posts.index if post is published
* update editor controller test to need session service
closes https://github.com/TryGhost/Ghost/issues/9394
- add `application-error.hbs` template so that we show an error screen for errors during app boot
- track the application route loading state so that we can fall back to the default error handling for errors that usually only show an alert
refs https://github.com/TryGhost/Ghost/issues/5071
Upgrade messages are now shown on the About screen rather than as alerts. Notifications that are marked as `top` or `custom` are still shown as alerts to allow for certain upgrade messages to be given more visibility.
- remove old `upgrade-notification` service
- update the `upgrade-status` service:
- add a `message` property that contains an upgrade notification if any exists
- add a `handleUpgradeNotification` method that accepts a Notification model instance and extracts the `notification.message` property into a html safe string for use in templates
- when loading server notifications during app boot, pass notifications that aren't marked as `top` or `custom` to the new `handleUpgradeNotification` method
- update the `about.hbs` template to pull the upgrade message from the `upgradeStatus` service
no issue
The markdown help link was removed from the sidebar so the only link to toggle the markdown help modal is now the markdown editor yet we we still had a more general implementation with a confusing pass-through of closure actions.
- move the markdown modal toggle and display into the `{{gh-markdown-editor}}` component
no issue
- upgrade `ember-ajax` to 3.0.0
- `ember-ajax` [now passes the payload through directly](https://github.com/ember-cli/ember-ajax/releases/tag/v3.0.0) rather than trying to normalize it so all our error handling needed to be updated
closes https://github.com/TryGhost/Ghost/issues/6458
- swap `ember-sortable` for `ember-drag-drop` in navigation UI
- extract PSM tag input into new `{{gh-psm-tags-input}}`
- add new `{{gh-token-input}}` that wraps `ember-power-select` and `ember-drag-drop` to replicate the previous selectize based tags input
- enhance `{{gh-psm-tags-input}}` behaviour to highlight selected primary tag and show "primary/internal" in selected tag titles
- 🔥 remove `selectize`
- 🔥 remove `jquery-ui`
- 🔥 remove unused `{{gh-navigation}}` component
no issue
Automated tools, code generators, and editor integrations are increasingly standardising on the import style used in `ember-modules-codemod`. Our import style differed a little with regards to service/controller injection imports which meant we were starting to see inconsistent naming.
no issue
- add eslint-plugin-ember, configure no-old-shims rule
- run `eslint --fix` on `app`, `lib`, `mirage`, and `tests` to move imports to the new module imports
- further cleanup of Ember globals usage
- remove event-dispatcher initializer now that `canDispatchToEventManager` is deprecated
closes https://github.com/TryGhost/Ghost/issues/8859, requires https://github.com/TryGhost/Ghost/pull/8895
- adds Unsplash app to app settings
- enable/disable toggle
- validation and testing of Unsplash App ID
- Unsplash App ID field hidden if provided via Ghost config
- adds `fetchPrivate` method to `config` service to pull config that requires authentication and updates authentication routines to fetch private config
- adds Unsplash buttons to editor toolbar and `{{gh-image-uploader}}`
- only present when Unsplash app is enabled
- opens Unsplash image selector when clicked
- `{{gh-image-uploader}}` has a new `allowUnsplash` attribute to control display of the unsplash button on a per-uploader basis
- adds Unsplash image selector (`{{gh-unsplash}}`)
- uses new `unsplash` service to handle API requests and maintain state
- search
- infinite scroll
- zoom image
- insert image
- download image
- adds `{{gh-scroll-trigger}}` that will fire an event when the component is rendered into or enters the visible screen area via scrolling
- updates `ui` service
- adds `isFullscreen` property and updates `gh-editor` so that it gets set/unset when toggling editor fullscreen mode
- adds `hasSideNav` and `isSideNavHidden` properties
- updates `media-queries` service so that it fires an event each time a breakpoint is entered/exited
- removes the need for observers in certain circumstances
no issue
- moves general UI state control such as menu display, autonav, settings menu, etc into a `ui` service for easier use within components
- no longer required to jump through hoops passing state and actions down from application controller into components
- removes indirect "route" actions in favour of calling actions/methods directly on the `ui` service
refs https://github.com/TryGhost/Ghost/issues/8616
- only refresh tokens on boot if we last refreshed more than 24hrs ago - this should prevent rapidly changing access/refresh tokens when opening new admin tabs or refreshing whilst other tabs are open
- fix token refresh test which was testing it's own behaviour instead of the applications 🙈
This may not be the full solution to the session issues but it closes one potential culprit and should at least reduce token churn which can only help track down the real cause.
refs https://github.com/TryGhost/Ghost/issues/5168
- adds a `tour` service that handles syncing and management of tour throbbers & content
- adds a `gh-tour-item` component that handles the display of a throbber and it's associated popover when clicked
- uses settings API endpoint to populate viewed tour items on app boot/signin
- adds `liquid-tether@2.0.3` dependency for attaching throbbers and popups
- adds initial tour contents
no issue
- adds `eslint-plugin-sort-imports-es6-autofix` dependency
- implements ESLint's base `sort-imports` rule but has a distinction in that `import {foo} from 'bar';` is considered `multiple` rather than `single`
- fixes ESLint's autofix behaviour so `eslint --fix` will actually fix the sort order
- updates all unordered import rules by using `eslint --fix`
With the increased number of `import` statements since Ember+ecosystem started moving towards es6 modules I've found it frustrating at times trying to search through randomly ordered import statements. Recently I've been sorting imports manually when I've added new code or touched old code so I thought I'd add an ESLint rule to codify it.
no issue
- adds `settings` service that acts as a proxy to the singular settings model with methods to fetch and reload, also prevents accidentally loading only some settings types which has caused problems in the past
- updates app boot, signin, and signup processes to fetch settings ensuring that any part of the app can grab settings synchronously if needed
- removes `timeZone` service, it's no longer needed as we can grab `settings.activeTimezone` directly
- replaces all store queries for the settings model with appropriate `settings` methods
- refactors `apps/*` routes/controllers, they had become a little convoluted with the way they were dealing with settings and the new service helped to clean that up
no issue
- updates `oauth2-ghost` authenticator to reflect the fact that `makeRequest` now returns a ember-ajax and matches the `oauth2` authenticator behaviour
- handle `UnauthorizedError` errors in application route's error handler to avoid tests breaking from unhandled exceptions
no issue
- add functionality for night mode feature flag using alternate
stylesheets
- modify lazy loader service to work with alternate stylesheets
- update feature service to use user accessibility property & add tests
refs https://github.com/TryGhost/Ghost/issues/5202
- refresh the access token after a successful authenticated application boot so that the session lifetime is continually extended
no issue
- switch `jscs` and `jshint` inline config to `eslint` config
- fix eslint errors, predominantly in tests where the config now the main app config more closely
refs TryGhost/Ghost#7628 (issue), refs TryGhost/Ghost#7631 (required)
- update `config` service to fetch from public configuration endpoint
- add `beforeModel` to `application` route to fetch config and pause further processing until the request is complete
- remove `<meta name="env-*">` tags from generated `default.hbs` and internal testing `index.html`
- add mirage config to simulate configuration endpoint and helper to simulate enabled oauth config
- update `ghost-oauth2` torii provider to use auth server URL from server-provided config
