c84866dda7
- Fixed session invalidation for "locked" user - Currently Ghost API was returning 404 for users having status set to "locked". This lead the user to be stuck in Ghost-Admin with "Rousource Not Found" error message. - By returning 401 for non-"active" users it allows for the Ghost-Admin to redirect the user to "signin" screen where they would be instructed to reset their password - Fixed error message returned by session API - Instead of returning generic 'access' denied message when error happens during `User.check` we want to return more specific error thrown inside of the method, e.g.: 'accountLocked' or 'accountSuspended' - Fixed messaging for 'accountLocked' i18n, which not corresponds to the actual UI available to the end user - Added automatic password reset email to locked users on sign-in - uses alternative email for required password reset so it's clear that this is a security related reset and not a user-requested reset - Backported the auto sending of required password reset email to v2 sign-in route - used by 3rd party clients where the email is necessary for users to know why login is failing Co-authored-by: Kevin Ansfield <kevin@lookingsideways.co.uk> |
||
|---|---|---|
| .github | ||
| content | ||
| core | ||
| test | ||
| .editorconfig | ||
| .eslintignore | ||
| .eslintrc.json | ||
| .gitattributes | ||
| .gitignore | ||
| .gitmodules | ||
| .npmignore | ||
| config.development.json | ||
| Gruntfile.js | ||
| index.js | ||
| LICENSE | ||
| MigratorConfig.js | ||
| package.json | ||
| PRIVACY.md | ||
| README.md | ||
| renovate.json | ||
| SECURITY.md | ||
| yarn.lock | ||
Ghost.org |
Features |
Showcase |
Forum |
Documentation |
Contributing |
Twitter
The easiest way to deploy Ghost is with our official Ghost(Pro) managed service. You can have a fresh instance up and running in a couple of clicks with a worldwide CDN, backups, security and maintenance all done for you.
Not only will it save you hours of maintenance per month, but all revenue goes to the Ghost Foundation, which funds the maintenance and further development of Ghost itself. So you’ll be supporting open source software and getting a great service! Alternatively if you'd like to support us, we're very grateful to all our backers on Open Collective ❤️
If you prefer to run on your own infrastructure, we also provide 1-off installs and managed support and maintenance plans via Ghost(Valet) - which can save a substantial amount of developer time and resources.
Quickstart Install
If you want to run your own instance of Ghost, in most cases the best way is to use our CLI tool
$ npm install ghost-cli -g
Then, if installing locally add the local flag to get up and running in under a minute - Local install docs
$ ghost install local
or on a server run the full install, including automatic SSL setup using LetsEncrypt - Production install docs
$ ghost install
Check out our official documentation for more information about our recommended hosting stack & properly upgrading Ghost, plus everything you need to develop your own Ghost themes or work with our API.
Getting Help
You can find answers to a huge variety of questions, along with a large community of helpful developers over on the Ghost forum - replies are generally very quick. Ghost(Pro) customers also have access to 24/7 email support.
To stay up to date with all the latest news and product updates, make sure you subscribe to our blog — or you can always follow us on Twitter, if you prefer your updates bite-sized and facetious. 🎷🐢
Contributors & Advanced Developers
For anyone wishing to contribute to Ghost or to hack/customise core files we recommend following our full development setup guides: General Contributor Guide | Developer Setup Instructions | Admin Client development guide
Copyright & License
Copyright (c) 2013-2020 Ghost Foundation - Released under the MIT license. Ghost and the Ghost Logo are trademarks of Ghost Foundation Ltd. Please see our trademark policy for info on acceptable usage.