4e7779b783
* 🔥 remove User model functions - validateToken - generateToken - resetPassword - all this logic will re-appear in a different way Token logic: - was already extracted as separate PR, see https://github.com/TryGhost/Ghost/pull/7554 - we will use this logic in the controller, you will see in the next commits Reset Password: Was just a wrapper for calling the token logic and change the password. We can reconsider keeping the function to call: changePassword and activate the status of the user - but i think it's fine to trigger these two actions from the controlling unit. * 🔥 remove password reset tests from User model - we already have unit tests for change password and the token logic - i will re-check at the end if any test case is missing - but for now i will just burn the tests * ✨ add token logic to controlling unit generateResetToken endpoint - the only change here is instead of calling the User model to generate a token, we generate the token via utils - we fetch the user by email, and generate a hash and return resetPassword endpoint - here we have changed a little bit more - first of all: we have added the validation check if the new passwords match - a new helper method to extract the token informations - the brute force security check, which can be handled later from the new bruteforce middleware (see TODO) - the actual reset function is doing the steps: load me the user, compare the token, change the password and activate the user - we can think of wrapping these steps into a User model function - i was not sure about it, because it is actually part of the controlling unit [ci skip] * 🎨 tidy up - jscs - jshint - naming functions - fixes * ✨ add a test for resetting the password - there was none - added a test to reset the password * 🎨 add more token tests - ensure quality - ensure logic we had * 🔥 remove compare new password check from User Model - this part of controlling unit * ✨ compare new passwords for user endpoint - we deleted the logic in User Model - we are adding the logic to controlling unit * 🐛 spam prevention forgotten can crash - no validation happend before this middleware - it just assumes that the root key is present - when we work on our API, we need to ensure that 1. pre validation happens 2. we call middlewares 3. ... * 🎨 token translation key |
||
|---|---|---|
| .github | ||
| content | ||
| core | ||
| .editorconfig | ||
| .gitignore | ||
| .gitmodules | ||
| .jscsrc | ||
| .jshintrc | ||
| .knex-migrator | ||
| .npmignore | ||
| .travis.yml | ||
| Gruntfile.js | ||
| gulpfile.js | ||
| index.js | ||
| LICENSE | ||
| package.json | ||
| PRIVACY.md | ||
| README.md | ||
| SECURITY.md | ||
The project is maintained by a non-profit organisation called the Ghost Foundation, along with an amazing group of independent contributors. We're trying to make publishing software that changes the shape of online journalism.
NOTE: If you’re stuck, can’t get something working or need some help, please head on over and join our Slack community rather than opening an issue.
Quick Start Install
First, you’ll need Node.js v4 LTS or a supported version.
- Download the latest release of Ghost
- Unzip, and fire up terminal
npm install --production- Start Ghost!
- Local environment:
npm start - On a server:
npm start --production
- Local environment:
http://localhost:2368/ghost🎉
More install docs here in case you get stuck.
Developer Install
This is for if you want to hack on Ghost core. First, you’ll need Node.js v4 LTS or a supported version. Then:
git clone git://github.com/tryghost/ghost.git
cd ghost
Install grunt
npm install -g grunt-cli
Install knex-migrator
npm install -g knex-migrator
Install Ghost
npm install
Build the things!
grunt init
Start your engines
grunt dev
Congrats! You made it. BTW you can also just npm install ghost if you're into that sort of thing. NPM aficionados can also read up on using Ghost as an NPM module. More general install docs here in case you got stuck.
Deploying Ghost
The easiest way to deploy Ghost is with our official Ghost(Pro) managed service. You can have a fresh instance up and running in a couple of clicks with a worldwide CDN, backups, security and maintenance all done for you.
Not only will it save you many hours per month, but all revenue goes to the Ghost Foundation, which funds the maintenance and further development of Ghost itself. So you’ll be supporting open source software and getting a great service at the same time! Talk about win/win. 🏆
Other options are also available if you prefer playing around with servers by yourself, of course. The freedom of choice is in your hands.
Staying Up to Date
When a new version of Ghost comes out, you'll want to look over these upgrade instructions for what to do next.
You can talk to other Ghost users and developers in our public Slack team (it's pretty awesome). We have a public meeting every Tuesday at 5:30pm UK time.
New releases are announced on the dev blog. You can subscribe by email or follow @TryGhost_Dev on Twitter, if you prefer your updates bite-sized and facetious. 🎷🐢
Copyright & License
Copyright (c) 2013-2016 Ghost Foundation - Released under the MIT license.