0
Fork 0
mirror of https://github.com/TryGhost/Ghost.git synced 2025-03-11 02:12:21 -05:00
Commit graph

7018 commits

Author SHA1 Message Date
Fabien O'Carroll
a6fa0bc043 Updated member.plans to member.stripe.subscriptions
no-issue

This is to support the new format in which stripe information is
returned from the members-api module.
2019-09-26 11:35:44 +07:00
Fabien O'Carroll
97bf329ee2 Passed appInfo to members-api stripe instance
no-issue
2019-09-26 11:35:44 +07:00
Kevin Ansfield
d69440bd4f
Update dependency @tryghost/url-utils to 0.4.0 (#11156)
no issue

- updates usage of `htmlRelativeToAbsolute` to avoid unnecessary duplication of "home" url fetching (the UrlUtils instance already has that information)
2019-09-25 12:35:59 +01:00
Naz Gargol
d54be917d1
Added name column back to members table (#11151)
refs 294f3769cb

- We have a need for name field now :)
- This time `name` is nullable !
2019-09-25 10:44:50 +02:00
Fabien O'Carroll
c9b4fa4a09 Updated Member model to handle stripe_info property
no-issue

This maps the stripe_info property to the MemberStripeInfo model, so
that we can update the member model, and correctly add/edit rows in the
members-stripe-info table.
2019-09-25 10:05:30 +07:00
Fabien O'Carroll
e54adfd30d Added MemberStripeInfo model
no-issue

Simple model to allow us to do relations with the Member model
2019-09-25 10:05:30 +07:00
Fabien O'Carroll
fd1db4ffac Added migration for members-stripe-info table
no-issue
2019-09-25 10:05:30 +07:00
Fabien O'Carroll
6859e9a9a1 Added members-stripe-info table
no-issue

This will be used to store stripe specific information for members

customer_id has a max length of 255 https://stripe.com/docs/upgrades

member_id is not unique as we cannot ensure that a member doesn't have
more than one customer object associated with them. e.g. if they signup
twice, or if they cancel, and signup again, creating a new customer.

We probably won't handle this case to begin with, but we will keep the
data intact.
2019-09-25 10:05:30 +07:00
Fabien O'Carroll
e078cb5612 Removed unused password logic from Member model
no-issue
2019-09-25 10:05:30 +07:00
Nazar Gargol
1ae491b567 Updated Ghost-Admin to 2.31.1 2019-09-23 17:13:25 +02:00
Nazar Gargol
3712e6e01c Bumped gscan to 2.9.0 2019-09-23 16:48:21 +02:00
Hannah Wolfe
36db3ce66f Added tests for x-request-id handling
refs 0107ac848

- added unit tests for middleware added yesterday
2019-09-23 07:34:59 +01:00
Hannah Wolfe
0107ac848a Improved x-request-id handling
- Currently, we create a request ID for internal use if one isn't set & this is used in logs
- If a custom request ID is set via X-Request-ID header, this gets logged, however, we don't return this with the response
- Means that a custom ID gets lost on the way back out, and makes tracing requests through a system trickier
- This change ensures that if X-Request-ID is set on the request, it is also set on the response so that requests can be properly traced
- It's easy to set this in e.g. nginx so that the feature becomes available - Ghost doens't need to do this
- Note: also split request id handling out into new middleware
2019-09-22 18:23:45 +01:00
Fabien O'Carroll
24e730fa25 Updated members-ssr middleware to async functions
no-issue

Also updates to use Object.assign rather than req.member = value to get
around false positives from eslint:

  * https://github.com/eslint/eslint/issues/11899
2019-09-17 11:05:06 +08:00
Fabien O'Carroll
162ff4e0bf Removed POST signin functionality
no-issue

This is no longer needed as we can signin with a GET now
2019-09-17 11:05:06 +08:00
Fabien O'Carroll
73bc3ec388 Added a middleware to handle signin via a GET
no-issue

This also adds a basic check before handing of to the members-ssr
module, this should make logs a little less noisy and only log warnings
if a token was passed and that token was invalid/incorrect.
2019-09-17 11:05:06 +08:00
Fabien O'Carroll
0e60b5dea4 Updated members service usage of members-ssr@0.5.0
no-issue

members-ssr@0.5.0 changed the `membersApi` param with `getMembersApi`
2019-09-17 11:05:06 +08:00
Fabien O'Carroll
531e217b82 Protected members middleware with a labs check
no-issue

This would have been creating a lot of noisy logs for sites without
members enabled.
2019-09-17 11:05:06 +08:00
Fabien O'Carroll
a3940ef9db Simplified urlUtils require path
no-issue

This was previously going to a parent directory which was shared by both modules
2019-09-17 11:05:06 +08:00
Fabien O'Carroll
359d89d897 Logged out members signin link in development
no-issue

This makes it easier to test locally when mail config hasn't been setup
2019-09-16 09:33:45 +08:00
Fabien O'Carroll
e881caab76 Included specific member props in theme service
no-issue

This simplifies the @member prop in themes, and includes a subscribed
property
2019-09-10 17:29:04 +08:00
Fabien O'Carroll
00604bf522 Ensured events are not fired whilst being handled
no-issue

This _should_ stop double firing of API requests
2019-09-10 17:29:04 +08:00
Fabien O'Carroll
ebd42440a2 Added support for data-members-signout
no-issue

This will cause the session to be destroyed when clicking on element
with data-members-signout attr
2019-09-10 17:29:04 +08:00
Fabien O'Carroll
e59d56fe92 Improved error handling for members.js
no-issue

This now allows for an element with the data-members-error to be added
as the child of a data-members-form or data-members-plan and will be
populated with the error message when appropriate.
2019-09-10 17:29:04 +08:00
Fabien O'Carroll
9d9dae5da4 Ensure that dataset is read from correct element
no-issue

This fixes a problem where the click event is fired from a child of the element
2019-09-10 17:29:04 +08:00
Fabien O'Carroll
84dac3ddb3 Renamed button to el
no-issue
2019-09-10 17:29:04 +08:00
Fabien O'Carroll
1a92fb8619 Added loading class to data-members elements
no-issue

This is so that developers can confitionally render state based on if
the request is currently in progress
2019-09-10 17:29:04 +08:00
Kevin Ansfield
e8188f8f6b Updated Ghost-Admin to 2.31.0 2019-09-09 17:47:56 +01:00
Kevin Ansfield
ba3c26ef5c
🐛 Fixed "View site" screen in admin on private sites with separate admin url (#11098)
closes https://github.com/TryGhost/Ghost/issues/11078

Problem:
- the admin client makes an XHR request to the `/private/` endpoint when a private site is configured
- when a separate admin URL is configured this was causing 500 errors in the admin client because missing CORS headers on the endpoint was causing browsers to abort the request
- browsers will also look at the CORS headers on any resources that are the result of a redirect and abort the request if they do not allow cross-origin requests, this means allowing all requests on `/private/` is not enough

Solution:
- uses the `cors` middleware with a dynamic options function for the whole of the front-end site app
- dynamic options function allows the following requests through:
  - same-origin (browsers and non-browser agents will not send an `Origin` header)
  - origin is `localhost` or `127.0.0.1` with any protocol and port
  - origin matches the configured `url` hostname+port on any protocol
  - origin matches the configured `admin:url` hostname+port on any protocol
2019-09-09 17:42:55 +01:00
Kevin Ansfield
88659e5a52 Switched private login brute errors to correct error status code
no issue

- when too many login attempts were detected for the `/private/` form we were throwing 500 errors instead of the more appropriate 429 error that we use everywhere else for "too many request" type errors
2019-09-09 16:02:21 +01:00
Kevin Ansfield
be71afa07d Fixed regression tests expecting relative URLs for admin redirects
no issue

- @tryghost/url-utils was bumped to 0.3.1 which fixed admin redirects returning relative rather than absolute URLs
- updates tests that were expecting relative URLs rather than absolute URLs
2019-09-09 15:52:26 +01:00
Hannah Wolfe
708927335b Added error handling for weird handlebars syntax
refs #10496

- handlebars if and unless helpers throw weird, unhelpful syntax errors
- for now, catch these errors and do something helpful with them
2019-09-09 13:03:04 +01:00
Hannah Wolfe
9abffe4396 Added guard to asset helper for missing paths
refs #10496

- currently {{asset this/is/not/a.string}} would throw a 500 error
- this commit changes that to make it throw a sensible 400 + incorrect usage error
2019-09-09 13:02:45 +01:00
Fabien O'Carroll
b8fc0d2bd1
Cached member data in ghost-members-ssr-cache cookie (#11096)
no-issue

* Installed @tryghost/members-ssr@0.4.0
  This now supports caching of the data returned by the members-api

* Renamed cookies set by members-ssr
  As discussed with @ErisDS I have prefixed these cookies with `ghost`
2019-09-09 17:39:46 +08:00
Hannah Wolfe
a4464d0137 Return correct error codes from storage adapter
no issue

- malformed paths such as http://localhost:2368/content/images/2018/02/%c0%af were throwing 500 errors, instead of 500 errors
- this code catches the error and handles it correctly
2019-09-06 17:40:55 +01:00
Fabien O'Carroll
78505f86ef
Updated members.js & members.min.js (#11082)
no-issue

* Converted member.js to es5
* Updated member.min.js
2019-09-06 16:07:46 +08:00
Fabien O'Carroll
f63577fa4f
Implemented stripe checkout handling for members
no-issue

* Installed members-api@0.5.0 members-ssr@0.3.1
* Supported multiple members-forms
* Used members canary api
* Added GET handler to /members/ssr for id token
The identity token will be used to ensure that a payment is linked to the correct member
* Added stripe.js to ghost_head when members enabled
* Added basic support for linking to stripe checkout
* Removed listener to title and icon settings changes
* Added stripe subscription config
2019-09-06 15:14:21 +08:00
Fabien O'Carroll
49672a1e4d Updated members service to use magic-link signin
no-issue
2019-09-05 11:14:50 +08:00
Fabien O'Carroll
edca4138ff Updated getMember to return null rather than throw
no-issue

This allows members code to remove try/catch statements without having
to pass the Ghost/bookshelf specific `require: false` option
2019-09-05 11:14:50 +08:00
Fabien O'Carroll
294f3769cb Removed name and password columns from members table
no-issue

We have no need for these right now and it is easier to drops the
columns, rather than to modify the name column to nullable
2019-09-05 11:14:50 +08:00
Fabien O'Carroll
7382967613 Added createColumnMigration helper
no-issue
2019-09-05 11:14:50 +08:00
Kevin Ansfield
7d330013ba Updated Ghost-Admin to 2.30.2 2019-08-28 11:39:00 +01:00
Kevin Ansfield
49c517db20 Updated Ghost-Admin to 2.30.1 2019-08-27 19:44:36 +01:00
Rishabh Garg
44a5da22b9 🐛 Fixed wrong icon being pulled into bookmark cards for some sites (#11055)
no issue

Current metascraper rule for fetching page metadata in case of bookmark card gives preference to publisher logo over icon tags. This PR updates giving first preference to icon link tags followed by logo.
2019-08-27 19:32:26 +01:00
Rish
a66746f110 Updated Ghost-Admin to 2.30.0 2019-08-27 21:01:30 +05:30
Rishabh Garg
c2aa62083c Added support for bookmark card (#11024)
requires https://github.com/TryGhost/Ghost-Admin/pull/1293

- updates `oembed` endpoint behaviour
  - if an oembed provider is not found then we use `metascraper` to populate a metadata object
  - when metadata is returned rather than an oembed response the payload will look like this:
    ```json
    {
        "url": "...",
        "type": "bookmark",
        "metadata": {
            "url": "...",
            "title": "...",
            "description": "...",
            "author": "...",
            "publisher": "...",
            "thumbnail": "...",
            "icon": "..."
        }
    }
    ```
- adds a `bookmark` card which generates output for the bookmark card:
  ```html
  <figure class="kg-card kg-bookmark-card">
    <a href="[URL]" class="kg-bookmark-container">
      <div class="kg-bookmark-content">
        <div class="kg-bookmark-title">[TITLE]</div>
        <div class="kg-bookmark-description">[DESCRIPTION]</div>
        <div class="kg-bookmark-metadata">
          <img src="[ICON]" class="kg-bookmark-icon">
          <span class="kg-bookmark-author">[AUTHOR]</span>
          <span class="kg-bookmark-publisher">[PUBLISHER]</span>
        </div>
      </div>
      <div class="kg-bookmark-thumbnail">
        <img src="[THUMBNAIL]">
      </div>
    </a>
  </figure>
  ```
  - if a particular bit of data does not exist then the associated html element will not be present
2019-08-27 15:01:02 +01:00
Nazar Gargol
16c3785b52 🐛 Fixed lack of space in excerpt generated from paragraphs
closes #10531

- Adds space when encountering closing </p> and <br> tags
- The mobiledoc-to-html conversion produces these tags in this exact
syntax, so there is no need to account for more cases like additional spaces or alternative syntax like  <br />
- Added test cases that cover spacing use-casei
- Changed some existing tests to contain more close-to-real-world markup
- The downside of this approach is generating multiple spaces in case there are empty paragraphs in the markup. The same concern is true for current "new line" substitution:
> excerpt.replace(/(\r\n|\n|\r)+/gm, ' ')
but it never has been a concern as in real world when multiple spaces are used inside of the `<p>` tag they are rendered as single space.
2019-08-26 18:05:14 +02:00
Rish
849e07d4ff Updated Ghost-Admin to 2.29.1 2019-08-22 07:31:35 +05:30
Rishabh Garg
51b5197418
Revert "Removed defaultColumnsToFetch from models (#11010)" (#11045)
refs #11043

This reverts commit 45e971b63e due to above issue.
2019-08-21 23:56:35 +05:30
Kevin Ansfield
d1e24ef99a Updated Ghost-Admin to 2.29.0 2019-08-20 15:38:58 +01:00