TryGhost/Ghost
1
0
Fork 0
mirror of https://github.com/TryGhost/Ghost.git synced 2024-12-19 00:11:49 +03:00
Code Issues Projects Releases Wiki Activity
a8083960d8
Ghost/ghost/core
History
Simon Backx 17ec1e8937
Added email address alignment protections (#19094) 
ref GRO-54
fixes GRO-63
fixes GRO-62
fixes GRO-69

When the config `hostSettings:managedEmail:enabled` is enabled, or the
new flag (`newEmailAddresses`) is enabled for self-hosters, we'll start
to check the from addresses of all outgoing emails more strictly.

- Current flow: nothing changes if the managedEmail config is not set or
the `newEmailAddresses` feature flag is not set
- When managedEmail is enabled: never allow to send an email from any
chosen email. We always use `mail.from` for all outgoing emails. Custom
addresses should be set as replyTo instead. Changing the newsletter
sender_email is not allowed anymore (and ignored if it is set).
- When managedEmail is enabled with a custom sending domain: if a from
address doesn't match the sending domain, we'll default to mail.from and
use the original as a replyTo if appropriate and only when no other
replyTo was set. A newsletter sender email addresss can only be set to
an email address on this domain.
- When `newEmailAddresses` is enabled: self hosters are free to set all
email addresses to whatever they want, without verification. In addition
to that, we stop making up our own email addresses and send from
`mail.from` by default instead of generating a `noreply`+ `@` +
`sitedomain.com` address

A more in depth example of all cases can be seen in
`ghost/core/test/integration/services/email-addresses.test.js`

Includes lots of new E2E tests for most new situations. Apart from that,
all email snapshots are changed because the from and replyTo addresses
are now included in snapshots (so we can see unexpected changes in the
future).

Dropped test coverage requirement, because tests were failing coverage
locally, but not in CI

Fixed settings test that set the site title to an array - bug tracked in
GRO-68
2023-11-23 10:25:30 +01:00
..
content Added tests to AdminX framework package (#19022) 2023-11-20 11:00:51 +00:00
core Added email address alignment protections (#19094) 2023-11-23 10:25:30 +01:00
test Added email address alignment protections (#19094) 2023-11-23 10:25:30 +01:00
.c8rc.e2e.json Split CI database tests into separate types 2023-05-22 19:34:17 +02:00
.c8rc.json Added email address alignment protections (#19094) 2023-11-23 10:25:30 +01:00
.eslintignore Updated .eslintignore list for core 2022-10-10 15:12:52 +07:00
.eslintrc.js Updated linting and migration comment to improve practices 2023-06-26 15:29:37 +02:00
.npmignore Moved monobundle into monorepo 2023-11-13 13:30:38 +01:00
config.development.json Converted Ghost repo into a monorepo 2022-07-20 16:41:05 +02:00
ghost.js Added browser-based testing framework 2022-11-22 14:12:34 +00:00
index.js Configured New Relic to load earlier in the process 2023-08-30 11:47:50 +02:00
jsconfig.json Deleted reference to core/admin 2022-08-03 16:28:41 +02:00
loggingrc.js Added version information to log lines 2023-01-20 13:18:44 +01:00
MigratorConfig.js Added eslint rule for file naming convention 2023-05-09 12:34:34 -04:00
monobundle.js Moved monobundle into monorepo 2023-11-13 13:30:38 +01:00
newrelic.js Configured New Relic integration within Ghost core 2023-08-29 09:30:25 +01:00
package.json Merge tag 'v5.74.2' 2023-11-22 14:53:42 +00:00
playwright.config.js Parallelise browser tests 2023-10-13 11:42:39 +00:00