c8cbbc4eb6
refs #9150 - Moves the password length fn from `models/user` to `data/validation` where the other validator functions live. - Added password validation rules. Password rules added: - Disallow obviously bad passwords: '1234567890', 'qwertyuiop', 'asdfghjkl;' and 'asdfghjklm' for example - Disallow passwords that contain the words 'password' or 'ghost' - Disallow passwords that match the user's email address - Disallow passwords that match the blog domain or blog title - Disallow passwords that include 50% or more of the same characters: 'aaaaaaaaaa', '1111111111' and 'ababababab' for example. - Password validation returns an `Object` now, that includes an `isValid` and `message` property to differentiate between the two error messages (password too short or password insecure). - Use a catch predicate in `api/authentication` on `passwordReset`, so the correct `ValidationError` will be thrown during the password reset flow rather then an `UnauthorizedError`. - When in setup flow, the blog title is not available yet from `settingsCache`. We therefore supply it from the received form data in the user model `setup` method to have it accessible for the validation. |
||
|---|---|---|
| .github | ||
| content | ||
| core | ||
| .editorconfig | ||
| .gitignore | ||
| .gitmodules | ||
| .jscsrc | ||
| .jshintrc | ||
| .npmignore | ||
| .travis.yml | ||
| Gruntfile.js | ||
| index.js | ||
| LICENSE | ||
| MigratorConfig.js | ||
| package.json | ||
| PRIVACY.md | ||
| README.md | ||
| SECURITY.md | ||
| yarn.lock | ||
The project is maintained by a non-profit organisation called the Ghost Foundation, along with an amazing group of independent contributors. We're trying to make publishing software that changes the shape of online journalism.
- Ghost.org
- Supported Node Versions
- Latest Release
- Help & Support
- Theme Docs
- API Docs
- Contributing Guide
- Developer Blog
- Self-hoster Docs
NOTE: If you’re stuck, can’t get something working or need some help, please head on over and join our Slack community rather than opening an issue.
Hosting a live Ghost site
The easiest way to deploy Ghost is with our official Ghost(Pro) managed service. You can have a fresh instance up and running in a couple of clicks with a worldwide CDN, backups, security and maintenance all done for you.
Not only will it save you hours of maintenance per month, but all revenue goes to the Ghost Foundation, which funds the maintenance and further development of Ghost itself. So you’ll be supporting open source software and getting a great service at the same time! Talk about win/win. 🏆
Self-Hosters
Other options are also available if you prefer playing around with servers by yourself, of course. The freedom of choice is in your hands.
Theme Developers
If you are developing a Ghost theme for your own site or creating themes for others to use we recommend installing Ghost on your own local machine. Luckily we have a brand new Ghost CLI to make this really easy 😄
Contributors & Advanced Developers
For anyone wishing to contribute to Ghost or to hack/customise core files we recommend following our development setup guides:
Staying Up to Date
When a new version of Ghost comes out, you'll want to look over these upgrade instructions for what to do next.
You can talk to other Ghost users and developers in our public Slack team (it's pretty awesome).
New releases are announced on the dev blog. You can subscribe by email or follow @TryGhost_Dev on Twitter, if you prefer your updates bite-sized and facetious. 🎷🐢
Copyright & License
Copyright (c) 2013-2017 Ghost Foundation - Released under the MIT license. Ghost and the Ghost Logo are trademarks of Ghost Foundation Ltd. Please see our trademark policy for info on acceptable usage.