refs https://github.com/TryGhost/Ghost/issues/14983
The url field of tags is read dynamically from the url service, rather than
from the database. The lookup requires the id of the tag, which was missing
from the model when asking for explicit fields which didn't include id. By
adding the id as a default column to fetch, we know for sure that we will always
have the necessary data to read the url.
refs https://github.com/TryGhost/Team/issues/584
The current support email verification flow uses an API endpoint as verification URL inside the emails. This is a bad pattern, and also has the side effect that it shows a JSON error if something goes wrong.
To fix this, this commit updates the whole flow to use the same pattern as newsletters:
- You can update the `members_support_address` setting directly via the edit endpoint of settings.
- Changes to that (and future 'guarded' email properties) are blocked and generate verification emails automatically.
- When an email verification has been sent, the meta property `sent_email_verification` is set.
Other changes:
- Underlying, the implementation of email verificaton has moved from the (old) members service to the settings BREAD service. This makes it easier to add extra email addresses in settings later on that are not related to 'members'.
- Now you can update the `members_support_address` by updating the settings directly, so the `updateMembersEmail` endpoint has been deprecated and is mapped to the new behaviour.
- The SingleUseTokenProvider threw a `UnauthorizedError` error if a token was expired or invalid. Those errors are caught by the admin app, and causes it to do a page reload (making the error message and modals invisible). To fix that, I've swapped it with a validation error.
Future changes:
- Existing emails that have been sent 24h before this change is applied, still use the `validateMembersEmailUpdate` API endpoint. This endpoint has not been removed for now, to not break those emails. In a future release, we should remove this.
Changes to admin: https://github.com/TryGhost/Admin/pull/2426
refs https://github.com/TryGhost/Team/issues/1174
refs https://github.com/TryGhost/Members/pull/408
When logged out members navigate a site and want to interact with, for example
comments, they are redirected to the homepage after sign-in with the magic link,
this is disorientating, and means they then need to navigate back to the content
they were interacting with.
This change means that sign-in's will be redirected to the page from which they
were initiated, allowing a more streamlined flow for logged out members wanting
to add comments.
We've restricted the redirect to URI's which are on the same domain as the site,
and we also do a relative redirect, this is to ensure that a malicious actor does not
send magic links which redirect off-site and leak authentication details
closes https://github.com/TryGhost/Team/issues/1674
- The comped flag in Members API unintentionally stopped working when v3 API was dropped with the release of Ghost v5. The flag is deprecated but should be back-compatible for now - we don't want to break integratons like Zapier.
- To properly deprecate the flag we need to plan it's removal and start signalling about it through the version headers
Co-authored-by: Simon Backx <simon@ghost.org>
ref https://github.com/TryGhost/Team/issues/1667
Introducing 2 new helper handlebars tags, `{{total_members}}` and `{{total_paid_members}}` ideal for Member Sites who want to display these metrics to incentivise users to upgrade.
refs https://github.com/TryGhost/Team/issues/1673
When a user switches plan, the paid subscribers delta chart on the dashboard displays the change as a cancellation plus a new subscription. This display is misleading and confusing - instead, plan changes should be excluded from the paid subscribers delta chart.
To accomplish this, we added new properties to the API (signups and cancellations) that can be used to exclude plan changes in the statistics.
Changes in `@tryghost/stats-service`: d0dd218fc7
Related admin changes: https://github.com/TryGhost/Admin/pull/2425
refs TryGhost/Toolbox#340
refs TryGhost#13451
- Fixed the snapshot files which had to include new fields like "comment_notifications" as well as other properties that came along with the hacky solution to the webhook's auhor inclusion bug
- Also documented the "roles" being included inconsistently across different events - it's a BUG and should be looked into one day when we care enough.
closes https://github.com/TryGhost/Toolbox/issues/340
closes https://github.com/TryGhost/Ghost/issues/13451
- Webhook subscribers were receiving post request payloads without `authors` and `primary_author` properties.
- The behavior was due to missing "originalOptions" property that is needed to correctly serialize the model to json on the model layer.
- A more holistic approach would be to pass the options somehow along with the model with the event. This would require a deeper rework though
closes https://github.com/TryGhost/Ghost/issues/15008
- To improve searchability of the posts written by a removed user we are adding an internal tag to all the posts the user was an author or a co-author of
- This improvement should make managing and disovering deleted user's post way easier
refs https://github.com/TryGhost/Team/issues/1665
- bumps new search feature to GA from alpha
- allows sites to trigger new built-in search feature via `data-ghost-search` attribute or navigation link( `#/search` )
refs https://github.com/TryGhost/Team/issues/1664
These changes are required for Portal to be able to edit the member notification preferences for comments, and to be able to know whether comments are enabled for the site.
refs https://github.com/TryGhost/Team/issues/1664
- Added comment-like model
- Added like endpoint
- Added unlike endpoint
- Added basic tests for liking and unliking comments
- Added permissions for liking and unliking
- Added migration for permissions
refs https://github.com/TryGhost/Team/issues/1664
- the new member comments API needs members to have permissions to edit and delete their own posts
- added members as a provider, and then wired up permissible logic at the model level
refs https://github.com/TryGhost/Team/issues/1664
- `last_commented_at` - to be used for filtering members list in Admin
- `bio` - short field used to show a "title" or similar context alongside name when commenting
- `enable_comment_notifications` - setting for turning on/off email notification of comment replies
refs https://github.com/TryGhost/Team/issues/1664
- new table to handle moderation reports on comments. This is not a join table, so it is comment_reports, rather than comments_reports
refs https://github.com/TryGhost/Team/issues/1664
Field notes:
- `parent_id` - used for nested comments but will be limited to 1 level in app-level validation
- `member_id` - when a member is deleted for now the member id is kept but in the future may be removed, hence `nullable: true`
- `status` - "hidden" status will be used when a staff user hides a comment, "deleted" is used when a comment author deletes
- `html` - will store pre-sanitised html
- `edited_at` - used to show an "X edited at Y" note when displaying comments, separate to `updated_at` because changing the status would also change `updated_at` but shouldn't show the "edited at" UI
refs https://github.com/TryGhost/Team/issues/1665
- sodo search script only needs the admin url for fetching data from content api
- removes site url and updates the main url to use admin domain
* 🐛 Fixed API excerpt field issue
ref https://github.com/TryGhost/Ghost/issues/10396
This fix now allows the API user to add field `excerpt` without the need for `plaintext` as format.
Also added new tests for these functions.
* Added new logic that takes `custom_excerpt` into account if all posts gets queried.
* Removed limits in excerpt & plaintext post.
* Updated snapshot.
