refs #9865
- removed all `oauth2` and token-based ESA auth
- added new `cookie` authenticator which handles session creation
- updated the session store to extend from the `ephemeral` in-memory store and to restore by fetching the currently logged in user and using the success/failure state to indicate authentication state
- ESA automatically calls this `.restore()` method on app boot
- the `session` service caches the current-user query so there's no unnecessary requests being made for the "logged in" state
- removed the now-unnecessary token refresh and logout routines from the `application` route
- removed the now-unnecessary token refresh routines from the `ajax` service
- removed `access_token` query param from iframe file downloaders
- changed Ember Data adapters and `ghost-paths` to use the `/ghost/api/v2/admin/` namespace
no issue
- after un-nesting the built-in integration routes they no longer had the automatic redirect for non-admins
- added our non-admin redirect behaviour to all of the integration routes
- added our non-admin redirect behaviour to the Zapier route which didn't even have an authenticated redirect previously
- added acceptance test for Zapier route so verify the new behaviour
- wrapped the Zapier widget `<script>` tag in an "is testing" conditional so that the external script doesn't get loaded during tests
no issue
- integrations index screen no longer needs to reload the settings cache
- individual built-in integration routes should handle their own reloading if necessary (eg, zapier doesn't need any settings so doesn't need a delay or loading template)
- built-in integration routes are no longer nested and so need their own loading templates
no issue
- moves integration routes around to match ember's concept of nested routes (nested routes reflect nested UI not nested URLs)
- sets us up for having a `settings.integrations.new` modal route that sits on top of the index screen
no issue
- old static html design files no longer work because they haven't kept up with changes in app and css structure and no longer represent directions that Ghost is moving towards
- removed in a single commit so that it's still possible to retrieve later if needed
no issue
- we were throttling word count updates but not taking into consideration the editor components could have been destroyed by the time the throttle timeout occurred
closes https://github.com/TryGhost/Ghost/issues/9868
- moved submit action to the `<form>` which allowed removal of the per-input enter key handlers
- changed submit button to trigger the form submit
- improved markup for password managers
- linked labels with inputs
- changed button to a "submit" type and linked it with the form
- added hidden email input at the bottom of the form in case password managers do not take disabled inputs into account
no issue
- PasswordValidator was only adding a function to the base class but it introduced a confusing inheritance hierarchy that's easier to reason about when it's a mixin instead
- swapped the `this.properties =` and `this._super()` calls in the `init` function of `new-user` so that the default can actually be applied
- previously the BaseValidator `init` method was doing `this.properties = []` which meant the default fallback in extended classes wouldn't work
closes https://github.com/TryGhost/Ghost/issues/9852
- Ember was throwing an error because we weren't using `.set` to set properties on the editor component which halted execution whilst the component cards were being re-rendered
closes https://github.com/TryGhost/Ghost/issues/9825
- the <code>`</code> key on German keyboard layouts is a dead key and so does not trigger the typical keyboard events our editor relies on
- added custom keyboard event listeners to watch for specific keyboard event sequences triggered by using the dead key + spacebar to insert a <code>`</code>
- trigger text input handlers when we detect a <code>`</code> insertion
- Linux unfortunately does not trigger events that can be used to track the sequence so this will not work there although it is easier to set up keyboard layouts without dead keys on Linux
- moved modifier key tracking into global event handlers from ember event handlers
- reduce confusion from duplicated event handling
- allows modifier key handlers to fire when keys are pressed without the editor element having focus
no issue
- added `onUploadStart` action to `{{gh-uploader}}` that is triggered when individual files start uploading
- will not be triggered for any files that fail client-side validation
- changed `{{koenig-card-gallery}}` to only add images to the local gallery display when the uploader starts an upload
no issue
- moved all payload building into single function
- only put fully valid images into mobiledoc
- extracted image data reading and width/height reading into a separate function
- fixed re-ordering when deleting an image
no issue
- stubbed `ghostPaths` service did not have the expected `ghostPaths.assetRoot` property that the `gh-profile-image` component started calling `.replace` on in adb0508d2f
refs https://github.com/TryGhost/Ghost/issues/9724
- removed 1px white border on embed card click overlay so that it doesn't cover borders used by certain embeds such as Instagram and Facebook posts
no issue
- dropping IE11 support meant that babel/uglifyjs was able to be clever and inline the image URLs variables directly into the template strings which was then breaking the fingerprint asset rewriting resulting in files having hashes but file references in the JS not having the hash
- removing use of template strings to build the default image URLs prevents the inlining behaviour, letting the asset fingerprint plugin do it's thing correctly
refs https://github.com/TryGhost/Ghost/issues/9724
- `formatMarkdown` was previously changed to return a SafeString but that meant any direct usage of the helper had to account for not dealing with a basic String type
- changed `formatMarkdown` to return a basic String
- modified helper usage of `{{sanitize-html}}` to use triple-curlies
