refs https://github.com/TryGhost/Ghost/issues/14101
- `{{action}}` is deprecated and should be replaced with `{{on}}` and `{{fn}}` with direct use of methods
- switched to calling `ui.setMainClass` action directly
no issue
- initial set up ready for testing use of react components (specifically an editor component for this experiment) inside of Admin
- added `react-editor` route
- duplicated all editor screen files and updated route references where necessary
refs https://github.com/TryGhost/Ghost/issues/14983
The url field of tags is read dynamically from the url service, rather than
from the database. The lookup requires the id of the tag, which was missing
from the model when asking for explicit fields which didn't include id. By
adding the id as a default column to fetch, we know for sure that we will always
have the necessary data to read the url.
no issue
- This adds the possibility to format AVIF files in Ghost if requested.
- This format is supported in Sharp
- Provides smaller file sizes than webp
refs https://github.com/TryGhost/Team/issues/584
- No longer uses a API URL + redirect inside verification emails. This is replaced by a new route (`/settings/members/?verifyEmail=token`) that does the API request and shows a modal.
- Removed update button when changing support email address in the Portal settings
- Added `_meta` attribute to settings (uses same pattern as newsletters model)
- When updating the `membersSupportAddress` setting (via the normal edit endpoint), the `sent_email_verification` meta property will get set by the API. When this new property is present, we'll show a warning that the support address requires verification.
refs https://github.com/TryGhost/Team/issues/584
The current support email verification flow uses an API endpoint as verification URL inside the emails. This is a bad pattern, and also has the side effect that it shows a JSON error if something goes wrong.
To fix this, this commit updates the whole flow to use the same pattern as newsletters:
- You can update the `members_support_address` setting directly via the edit endpoint of settings.
- Changes to that (and future 'guarded' email properties) are blocked and generate verification emails automatically.
- When an email verification has been sent, the meta property `sent_email_verification` is set.
Other changes:
- Underlying, the implementation of email verificaton has moved from the (old) members service to the settings BREAD service. This makes it easier to add extra email addresses in settings later on that are not related to 'members'.
- Now you can update the `members_support_address` by updating the settings directly, so the `updateMembersEmail` endpoint has been deprecated and is mapped to the new behaviour.
- The SingleUseTokenProvider threw a `UnauthorizedError` error if a token was expired or invalid. Those errors are caught by the admin app, and causes it to do a page reload (making the error message and modals invisible). To fix that, I've swapped it with a validation error.
Future changes:
- Existing emails that have been sent 24h before this change is applied, still use the `validateMembersEmailUpdate` API endpoint. This endpoint has not been removed for now, to not break those emails. In a future release, we should remove this.
Changes to admin: https://github.com/TryGhost/Admin/pull/2426
refs https://github.com/TryGhost/Team/issues/1174
refs https://github.com/TryGhost/Members/pull/408
When logged out members navigate a site and want to interact with, for example
comments, they are redirected to the homepage after sign-in with the magic link,
this is disorientating, and means they then need to navigate back to the content
they were interacting with.
This change means that sign-in's will be redirected to the page from which they
were initiated, allowing a more streamlined flow for logged out members wanting
to add comments.
We've restricted the redirect to URI's which are on the same domain as the site,
and we also do a relative redirect, this is to ensure that a malicious actor does not
send magic links which redirect off-site and leak authentication details
closes https://github.com/TryGhost/Team/issues/1674
- The comped flag in Members API unintentionally stopped working when v3 API was dropped with the release of Ghost v5. The flag is deprecated but should be back-compatible for now - we don't want to break integratons like Zapier.
- To properly deprecate the flag we need to plan it's removal and start signalling about it through the version headers
Co-authored-by: Simon Backx <simon@ghost.org>
refs https://github.com/TryGhost/Team/issues/1174
This paves the way for Ghost to be able to redirect to the referrer
page when dealign with signup magic links. We pass the referrer for
all types of magic links however, to allow extension of this
functionality in the future.
We've also removed the concept of `requestSrc` which has been unused
for a while now.
- when you have a date column in a table, dates with 2 digits vs 1
digit cause the vertical alignment to be all over the place
- this commit fixes the date formatting for those entries to be zero-padded
closes https://github.com/TryGhost/Team/issues/1662
- the on-blur action for the language input was modifying the language property in the payload object directly which meant that the mobiledoc `save` call was missing and all the associated editor behaviour for serializing and saving the update was lost
- switched to modern action syntax and a proper action on the backing component so we're saving the change correctly
closes https://github.com/TryGhost/Team/issues/1623
The offers API endpoint had it's own custom serializer pattern, which didn't fit well with how the API is meant to work.
- refactored the offer data format returned by internal api controller to match other controllers
- removed custom serializer for offers, instead adds a mapper to follow consistent pattern for all apis
- adds explicit allowlist for offers content API data
refs https://github.com/TryGhost/Team/issues/1674
- While preparing the changes had a look around and made small refactors to understand the codebase a little better. In general it's best to keep the method parameters as small and precise as possible instead of passing around a "bag-of-all-the-things" like "data" around
No ref
- Updated modal default state to make it look more clickable
- Updated the Casper upload error state design
- Changed the 'try again' button to directly open the finder rather than only resetting the modal
refs https://github.com/TryGhost/Team/issues/1674
- While preparing the changes had a look around and made small refactors to understand the codebase a little better. In general it's best to keep the method parameters as small and precise as possible instead of passing around a "bag-of-all-the-things" like "data" around
ref https://github.com/TryGhost/Team/issues/1667
Introducing 2 new helper handlebars tags, `{{total_members}}` and `{{total_paid_members}}` ideal for Member Sites who want to display these metrics to incentivise users to upgrade.
refs https://github.com/TryGhost/Team/issues/1676
- Added maxAge option to content API
- Added maxAge to members API
- Added maxAge to frontend site preflights (probably not used, but it was configured, so added to be sure)
- Added config option to change default maxAge of preflight requests
no issue
- the modal instance on `this.top` inside the background click handler is not always a direct instance so we need to check both `.options` and `._options` when looking for the desired click ignore behaviour
