From 4a5079085ab0c1047cd63a6b2ce143f04f494edd Mon Sep 17 00:00:00 2001 From: Fabien 'egg' O'Carroll Date: Mon, 6 Jul 2020 12:18:13 +0200 Subject: [PATCH 1/5] Hardened members subscription migration against missing data (#12009) closes #11993 We had some issues with some databases being in an unexpected state this check for each property before using it add uses defaults when it is missing. --- ...05-migrate-members-subscription-settings.js | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) diff --git a/core/server/data/migrations/versions/3.22/05-migrate-members-subscription-settings.js b/core/server/data/migrations/versions/3.22/05-migrate-members-subscription-settings.js index bd501ae8c6..4bda1c7533 100644 --- a/core/server/data/migrations/versions/3.22/05-migrate-members-subscription-settings.js +++ b/core/server/data/migrations/versions/3.22/05-migrate-members-subscription-settings.js @@ -42,23 +42,25 @@ module.exports = { .where('key', 'members_subscription_settings') .first(); - if (!membersSubscriptionSettingsJSON) { + if (!membersSubscriptionSettingsJSON || !membersSubscriptionSettingsJSON.value) { logging.warn(`Could not find members_subscription_settings - using default values`); return; } const membersSubscriptionSettings = JSON.parse(membersSubscriptionSettingsJSON.value); - const membersFromAddress = membersSubscriptionSettings.fromAddress; - const membersAllowSelfSignup = membersSubscriptionSettings.allowSelfSignup; + const membersFromAddress = typeof membersSubscriptionSettings.fromAddress === 'string' ? membersSubscriptionSettings.fromAddress : 'noreply'; + const membersAllowSelfSignup = typeof membersSubscriptionSettings.allowSelfSignup === 'boolean' ? membersSubscriptionSettings.allowSelfSignup : true; - const stripe = membersSubscriptionSettings.paymentProcessors[0]; + const stripe = membersSubscriptionSettings && membersSubscriptionSettings.paymentProcessors && membersSubscriptionSettings.paymentProcessors[0]; - const stripeDirectSecretKey = stripe.config.secret_token; - const stripeDirectPublishableKey = stripe.config.public_token; - const stripeProductName = stripe.config.product.name; + const stripeConfig = stripe && stripe.config || {}; - const stripePlans = stripe.config.plans.map((plan) => { + const stripeDirectSecretKey = stripeConfig.secret_token || ''; + const stripeDirectPublishableKey = stripeConfig.public_token || ''; + const stripeProductName = stripeConfig.product && stripeConfig.product.name || 'Ghost Members'; + + const stripePlans = (stripeConfig.plans || []).map((plan) => { return Object.assign(plan, { amount: plan.amount || 0 }); From 289c1b3e8a5c03b868dde1a76f62661197e302d4 Mon Sep 17 00:00:00 2001 From: Hannah Wolfe Date: Mon, 6 Jul 2020 13:00:15 +0100 Subject: [PATCH 2/5] =?UTF-8?q?=F0=9F=90=9B=20Updated=20access=20to=20be?= =?UTF-8?q?=20true=20by=20default=20in=20v3=20API?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit closes #11990 - access should be a members feature, but it was already accidentally exposed to the theme layer - it has now been added to the API even if members is disabled - access defaults to true, unless members is enabled - when members is enabled, access is set to the currently logged in members' access --- .../canary/utils/serializers/output/utils/post-gating.js | 7 +++++++ test/api-acceptance/content/utils.js | 2 ++ test/regression/api/canary/content/posts_spec.js | 7 +++---- test/regression/api/canary/content/utils.js | 2 ++ test/regression/api/v3/content/posts_spec.js | 7 +++---- test/regression/api/v3/content/utils.js | 2 ++ 6 files changed, 19 insertions(+), 8 deletions(-) diff --git a/core/server/api/canary/utils/serializers/output/utils/post-gating.js b/core/server/api/canary/utils/serializers/output/utils/post-gating.js index d73f41e5e3..92c14e4546 100644 --- a/core/server/api/canary/utils/serializers/output/utils/post-gating.js +++ b/core/server/api/canary/utils/serializers/output/utils/post-gating.js @@ -3,6 +3,12 @@ const labs = require('../../../../../../services/labs'); // @TODO: reconsider the location of this - it's part of members and adds a property to the API const forPost = (attrs, frame) => { + // CASE: Access always defaults to true, unless members is enabled and the member does not have access + if (!Object.prototype.hasOwnProperty.call(frame.options, 'columns') || (frame.options.columns.includes('access'))) { + attrs.access = true; + } + + // Handle members being enabled if (labs.isSet('members')) { const memberHasAccess = membersService.contentGating.checkPostAccess(attrs, frame.original.context.member); @@ -18,6 +24,7 @@ const forPost = (attrs, frame) => { attrs.access = memberHasAccess; } } + return attrs; }; diff --git a/test/api-acceptance/content/utils.js b/test/api-acceptance/content/utils.js index b4a654c678..7e56248ecf 100644 --- a/test/api-acceptance/content/utils.js +++ b/test/api-acceptance/content/utils.js @@ -29,6 +29,8 @@ const expectedProperties = { // .without('page') // v2 returns a calculated excerpt field .concat('excerpt') + // Access is a calculated property in >= v3 + .concat('access') // returns meta fields from `posts_meta` schema .concat( ..._(schema.posts_meta).keys().without('post_id', 'id') diff --git a/test/regression/api/canary/content/posts_spec.js b/test/regression/api/canary/content/posts_spec.js index dd7bf5a371..6fea281264 100644 --- a/test/regression/api/canary/content/posts_spec.js +++ b/test/regression/api/canary/content/posts_spec.js @@ -227,7 +227,6 @@ describe('api/canary/content/posts', function () { let publicPost; let membersPost; let paidPost; - let contentGatingFields = ['access']; before(function () { // NOTE: ideally this would be set through Admin API request not a stub @@ -291,7 +290,7 @@ describe('api/canary/content/posts', function () { should.exist(jsonResponse.posts); const post = jsonResponse.posts[0]; - localUtils.API.checkResponse(post, 'post', contentGatingFields, null); + localUtils.API.checkResponse(post, 'post', null, null); post.slug.should.eql('thou-shalt-not-be-seen'); post.html.should.eql(''); }); @@ -309,7 +308,7 @@ describe('api/canary/content/posts', function () { should.exist(jsonResponse.posts); const post = jsonResponse.posts[0]; - localUtils.API.checkResponse(post, 'post', contentGatingFields, null); + localUtils.API.checkResponse(post, 'post', null, null); post.slug.should.eql('thou-shalt-be-paid-for'); post.html.should.eql(''); }); @@ -348,7 +347,7 @@ describe('api/canary/content/posts', function () { should.exist(jsonResponse.posts); localUtils.API.checkResponse(jsonResponse, 'posts'); jsonResponse.posts.should.have.length(14); - localUtils.API.checkResponse(jsonResponse.posts[0], 'post', contentGatingFields, null); + localUtils.API.checkResponse(jsonResponse.posts[0], 'post', null, null); localUtils.API.checkResponse(jsonResponse.meta.pagination, 'pagination'); _.isBoolean(jsonResponse.posts[0].featured).should.eql(true); diff --git a/test/regression/api/canary/content/utils.js b/test/regression/api/canary/content/utils.js index 3b0df72970..4fac2a65ca 100644 --- a/test/regression/api/canary/content/utils.js +++ b/test/regression/api/canary/content/utils.js @@ -28,6 +28,8 @@ const expectedProperties = { .without('type') // canary returns a calculated excerpt field .concat('excerpt') + // Access is a calculated property in >= v3 + .concat('access') // returns meta fields from `posts_meta` schema .concat( ..._(schema.posts_meta).keys().without('post_id', 'id') diff --git a/test/regression/api/v3/content/posts_spec.js b/test/regression/api/v3/content/posts_spec.js index ba333e4b81..e551284474 100644 --- a/test/regression/api/v3/content/posts_spec.js +++ b/test/regression/api/v3/content/posts_spec.js @@ -227,7 +227,6 @@ describe('api/v3/content/posts', function () { let publicPost; let membersPost; let paidPost; - let contentGatingFields = ['access']; before(function () { // NOTE: ideally this would be set through Admin API request not a stub @@ -291,7 +290,7 @@ describe('api/v3/content/posts', function () { should.exist(jsonResponse.posts); const post = jsonResponse.posts[0]; - localUtils.API.checkResponse(post, 'post', contentGatingFields, null); + localUtils.API.checkResponse(post, 'post', null, null); post.slug.should.eql('thou-shalt-not-be-seen'); post.html.should.eql(''); }); @@ -309,7 +308,7 @@ describe('api/v3/content/posts', function () { should.exist(jsonResponse.posts); const post = jsonResponse.posts[0]; - localUtils.API.checkResponse(post, 'post', contentGatingFields, null); + localUtils.API.checkResponse(post, 'post', null, null); post.slug.should.eql('thou-shalt-be-paid-for'); post.html.should.eql(''); }); @@ -348,7 +347,7 @@ describe('api/v3/content/posts', function () { should.exist(jsonResponse.posts); localUtils.API.checkResponse(jsonResponse, 'posts'); jsonResponse.posts.should.have.length(14); - localUtils.API.checkResponse(jsonResponse.posts[0], 'post', contentGatingFields, null); + localUtils.API.checkResponse(jsonResponse.posts[0], 'post', null, null); localUtils.API.checkResponse(jsonResponse.meta.pagination, 'pagination'); _.isBoolean(jsonResponse.posts[0].featured).should.eql(true); diff --git a/test/regression/api/v3/content/utils.js b/test/regression/api/v3/content/utils.js index c50d0571fa..5895ad0fc9 100644 --- a/test/regression/api/v3/content/utils.js +++ b/test/regression/api/v3/content/utils.js @@ -28,6 +28,8 @@ const expectedProperties = { .without('type') // v3 returns a calculated excerpt field .concat('excerpt') + // Access is a calculated property in >= v3 + .concat('access') // returns meta fields from `posts_meta` schema .concat( ..._(schema.posts_meta).keys().without('post_id', 'id') From 8b6ec4d922a6859e60956cc5a8f308bd7719c5c2 Mon Sep 17 00:00:00 2001 From: Fabien 'egg' O'Carroll Date: Mon, 6 Jul 2020 17:09:43 +0200 Subject: [PATCH 3/5] Emitted all settings events on reinit of cache (#12012) closes #12003 There are a few parts of Ghost that rely on the settings events being emitted anytime a setting is changed, so that the data is kept in sync. When a setting is renamed in a migration essentially what happens is that the settings value is changed from a default value to its actual value, but this does no emit an event. Anything that is initialised before migrations have run that relies on the events to keep it up to date will have stale data - e.g. the themes i18n service. This change ensures that when we `reinit` after migrations have been run, we emit events for every setting to tell the rest of Ghost that it has changed. --- core/server/services/settings/index.js | 19 +++++++++---------- 1 file changed, 9 insertions(+), 10 deletions(-) diff --git a/core/server/services/settings/index.js b/core/server/services/settings/index.js index 3c4991fbe4..7f1e77876b 100644 --- a/core/server/services/settings/index.js +++ b/core/server/services/settings/index.js @@ -6,18 +6,17 @@ const models = require('../../models'); const SettingsCache = require('./cache'); module.exports = { - init: function init() { - // Update the defaults - return models.Settings.populateDefaults() - .then((settingsCollection) => { - // Initialise the cache with the result - // This will bind to events for further updates - SettingsCache.init(settingsCollection); - }); + async init() { + const settingsCollection = await models.Settings.populateDefaults(); + SettingsCache.init(settingsCollection); }, - reinit: function reinit() { + async reinit() { SettingsCache.shutdown(); - return this.init(); + const settingsCollection = await models.Settings.populateDefaults(); + SettingsCache.init(settingsCollection); + for (const model of settingsCollection.models) { + model.emitChange(model.attributes.key + '.' + 'edited', {}); + } } }; From f007a76ed56fa91803140401f7e5bbdb9bcd0712 Mon Sep 17 00:00:00 2001 From: Daniel Lockyer Date: Mon, 6 Jul 2020 16:17:13 +0100 Subject: [PATCH 4/5] Updated Ghost-Admin to v3.22.2 --- core/client | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/core/client b/core/client index 08cfd215fd..52fe1b452a 160000 --- a/core/client +++ b/core/client @@ -1 +1 @@ -Subproject commit 08cfd215fd2d609e57ec3f634e546b3ca9f9aa2e +Subproject commit 52fe1b452ad2a2713dd5d0c1a3b3776bd3bee9f1 From ae80f742d3b175964c12cd8651eeaa28b44dace2 Mon Sep 17 00:00:00 2001 From: Daniel Lockyer Date: Mon, 6 Jul 2020 16:17:13 +0100 Subject: [PATCH 5/5] v3.22.2 --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index 620d2d26ff..0cd4d36028 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "ghost", - "version": "3.22.1", + "version": "3.22.2", "description": "The professional publishing platform", "author": "Ghost Foundation", "homepage": "https://ghost.org",