75bb53f065
fixes https://github.com/TryGhost/Product/issues/3738 https://www.notion.so/ghost/Member-Session-Invalidation-13254316f2244c34bcbc65c101eb5cc4 - Adds the transient_id column to the members table. This defaults to email, to keep it backwards compatible (not logging out all existing sessions) - Instead of using the email in the cookies, we now use the transient_id - Updating the transient_id means invalidating all sessions of a member - Adds an endpoint to the admin api to log out a member from all devices - Added the `all` body property to the DELETE session endpoint in the members API. Setting it to true will sign a member out from all devices. - Adds a UI button in Admin to sign a member out from all devices - Portal 'sign out of all devices' will not be added for now Related changes (added because these areas were affected by the code changes): - Adds a serializer to member events / activity feed endpoints - all member fields were returned here, so the transient_id would also be returned - which is not needed and bloats the API response size (`transient_id` is not a secret because the cookies are signed) - Removed `loadMemberSession` from public settings browse (not used anymore + bad pattern) Performance tests on site with 50.000 members (on Macbook M1 Pro): - Migrate: 6s (adding column 4s, setting to email is 1s, dropping nullable: 1s) - Rollback: 2s |
||
|---|---|---|
| .. | ||
| app | ||
| config | ||
| lib | ||
| mirage | ||
| public/assets | ||
| tests | ||
| .editorconfig | ||
| .ember-cli | ||
| .eslintignore | ||
| .eslintrc.js | ||
| .lint-todo | ||
| .lint-todorc.js | ||
| .template-lintrc.js | ||
| .watchmanconfig | ||
| ember-cli-build.js | ||
| ember-cli-update.json | ||
| jsconfig.json | ||
| package.json | ||
| README.md | ||
| testem.js | ||
Ghost-Admin
This is the home of the Ember.js-based Admin app that ships with Ghost.
Running tests
Build and run tests once:
TZ=UTC yarn test
Note the TZ=UTC environment variable which is currently required to get tests working if your system timezone doesn't match UTC.
If you are serving the admin app (e.g., when running yarn serve, or when running yarn dev in the main Ghost project), you can also run the tests in your browser by going to http://localhost:4200/tests.
This has the additional benefit that you can use await this.pauseTest() in your tests to temporarily pause tests (best to also add this.timeout(0); to avoid timeouts). This allows you to inspect the DOM in your browser to debug tests. You can resume tests by running resumeTest() in your browser console.
Writing tests
When writing tests and not using the http://localhost:4200/tests browser tests, it can be easier to have a separate watching build that builds the project for the test environment (this drastically reduces the time you have to wait when running tests):
yarn build --environment=test -w -o="dist-test"
After that, you can easily run tests locally:
Run all tests:
TZ=UTC yarn test 1 --path="dist-test"
To have a cleaner output:
TZ=UTC yarn test 1 --reporter dot --path="dist-test"
This shows a dot (.) for every successful test, and F for every failed test. At the end, it will only show the output of the failed tests.
To run a specific test file:
TZ=UTC yarn test 1 --reporter dot --path="dist-test" -mp=tests/acceptance/settings/newsletters-test.js
Hint: you can easily copy the path of a test in VSCode by right clicking on the test file and choosing Copy Relative Path.
To have a full list of the available options, run
ember exam --help
Copyright & License
Copyright (c) 2013-2023 Ghost Foundation - Released under the MIT license. Ghost and the Ghost Logo are trademarks of Ghost Foundation Ltd. Please see our trademark policy for info on acceptable usage.