Commit Graph

29408 Commits

Author SHA1 Message Date
Simon Backx
4534b693e4
Added test that validates output HTML of email template (#15365)
refs https://github.com/TryGhost/Team/issues/1871

This commit adds a test to the serialize method of `post-emaiserializer`. It checks whether the generated email HTML is valid and standard HTML5 and that all properties are escaped.

To do this validation, I depend on the new `html-validate` dev dependency. Just parsing the HTML with a HTML parser is not enough to guarantee that the HTML is okay.

Apart from that this fixes:
- Removed the sanitizeHTML method and replaced it with normal HTML escaping. We don't want to allow any HTML in the escaped fields. Whereas `sanitizeHTML` still allows valid HTML, but we don't want that and want the same behaviour as on the site. E.g., a post with a title `All your need to know about the <br /> tag` should actually render the same title and non-html content, being `All your need to know about the &lt;br /&gt; tag`
- The file, nft and audio card didn't (always) escape the injected HTML fields (new version @tryghost/kg-default-cards) 
- `@tryghost/string` is bumped because it contains the new escapeHtml method
2022-09-08 10:11:01 +02:00
Fabien "egg" O'Carroll
11cbfcb0b6 Removed unused parent property from tag model
The Posts API does not strip unknown properties when dealing with relations,
which meant that tags were being sent up with a `parent` property which would
always cause the model to be considered "changed". This resulted in the update
methods being called, and leading to unexpected behaviour.

Whilst this change does fix things for the History feature, the correct fix is
to update the admin-api-schema, or the input serializers such that they only
allow through known and allowed properties.
2022-09-07 22:33:17 +01:00
Daniel Lockyer
04e3ee9f10 Added property cleaning to tag relations on pages + posts
refs https://github.com/TryGhost/Ghost/pull/15375

- we currently pass all properties for the `tags` property of a
  `page`/`post` body down further into Ghost, which is causing issues
  because it's handling properties it doesn't expect
- this is showing up because it's triggering save history events for
  tags when a post is edited
- this commit introduces a clean util which has an allowlist of
  properties allows on tag relations
- this list was taken from the schema: 128f8fb006/packages/admin-api-schema/lib/schemas/posts.json (L214-L227)
2022-09-07 22:28:56 +01:00
renovate[bot]
290a5f2ceb Update dependency ember-concurrency to v2.3.6 2022-09-07 20:28:46 +01:00
Kevin Ansfield
4ce3d58e34 Fixed linting
refs aa53a1c71f

- missed some cleanup when replacing tests
2022-09-07 17:57:15 +01:00
Kevin Ansfield
aa53a1c71f 🐛 Fixed error when deleting tag and missing slugs on tags list
no issue

- fixes error that left the confirmation modal in place when deleting a tag by ensuring we return `true` in the task used by the confirm button, if we return the transition object it trips the "failed" state because the `/tags` route aborts and refreshes when transitioning to it
- fixes missing attached posts count in the tag delete confirmation modal by using the correct `tag.count.posts` attribute in the conditional
- fixes missing slugs in the tags list by using the properties on `@tag` rather than expecting a separate `@slug` argument
- replaced the skipped tags acceptance tests with an updated tests that match the recent redesign
2022-09-07 17:51:56 +01:00
Simon Backx
74ecde73db
Moved attribution event handler to events service (#15379)
fixes https://github.com/TryGhost/Team/issues/1821

This change moves all the event storage logic to one new place: the event storage class in the MembersEventsService, which is initialised in a new members events service wrapper.

Apart from this, this includes some improvements:
- Removed DomainEvents from the constructor arguments to the subscribe method (to make it more clear where to subscribe to and decrease dependencies)
- LastSeenAtUpdater doesn't subscribe in the constructor any longer (removes unclear side effect)
- Moved LastSeenAtUpdater initialisation to new members events service wrapper
- Added missing tests to LastSeenAtUpdater to assure that the MembersEventsService package has 100% coverage.
2022-09-07 16:41:59 +02:00
renovate[bot]
4438a72095 Update dependency concurrently to v7.4.0 2022-09-07 13:44:35 +01:00
renovate[bot]
3d76c89660 Update dependency @playwright/test to v1.25.2 2022-09-07 13:10:11 +01:00
Sanne de Vries
224cee8fa6 Updated Explore feed on dashboard
No issue
2022-09-07 13:07:14 +01:00
renovate[bot]
5812e491d2 Update dependency uuid to v9 2022-09-07 13:06:48 +01:00
Djordje Vlaisavljevic
88c0cca873 Fixed code highlighting in code injection in dark mode
no issue
2022-09-07 12:18:26 +02:00
renovate[bot]
fa1861aad3 Update dependency ember-concurrency to v2.3.5 2022-09-07 07:39:10 +01:00
Kevin Ansfield
10946a56b2
🐛 Fixed product card images causing very wide emails in Outlook (#15374)
closes https://github.com/TryGhost/Team/issues/1873

- bumps `@tryghost/kg-default-cards` which amends the product card rendering to output adjusted `width` and `height` attributes and a resized `src` attribute on the `<img>` element
2022-09-06 19:36:19 +01:00
Daniel Lockyer
4a6f57b105
Merged v5.13.2 into main
v5.13.2
2022-09-06 16:45:52 +01:00
Ghost CI
d71efb128f v5.13.2 2022-09-06 16:32:05 +01:00
Fabien 'egg' O'Carroll
f7a58ecafc
🐛 Fixed OpenSea NFT OEmbeds (#15372)
refs https://github.com/TryGhost/Team/issues/1879

OpenSea updated their URL format for NFTs after adding support for Solana
which broke our regex, this updates to support the new format.
2022-09-06 11:29:35 -04:00
Simon Backx
8b4d5504e8
Moved (un)like endpoint code to comments service (#15371)
fixes https://github.com/TryGhost/Team/issues/1861

- Moved like and unlike endpoint handling to comments service and controller
- Moved small part of report logic to comments controller
- Added proper 401 authentication error when not authenticated as member
2022-09-06 17:20:55 +02:00
Daniel Lockyer
914775d55f
Fixed creating release branches
- we didn't clone the repo at the point when we were running a git
  command, so that failed
- switched to a different method of checking out `main` and then
  checking out the most recent tag
2022-09-06 15:46:49 +01:00
Daniel Lockyer
e80ab4fc46
Added support for latest when creating release branches
- this should allow us to run the job without any manual effort, because
  it'll choose the latest tag for the patch release
2022-09-06 15:39:10 +01:00
Sanne de Vries
cbccd400c6 Updated Explore section on dashboard
No issue
2022-09-06 14:59:33 +01:00
Aileen Nowak
beaf7464c6 Replaced Staff Picks with Explore feed
no issue

- Deleted staff picks
- Added Explore Feed Dashboard resource
- Added styles and svgs
- Moved "What's New" resource into a split box with community box
2022-09-06 13:46:38 +00:00
Ronald Langeveld
1f177e1c17
Added optional data-attribute to enable and disable auto redirection. (#15335)
closes https://github.com/TryGhost/Ghost/issues/15104 https://github.com/TryGhost/Team/issues/1800

- On custom sign up and login forms, creators often wouldn't want their members to be redirected to that page after signing in.
- This takes a new data-attribute value (eg `data-members-autoredirect="false"`) that can be set on [custom sign up / login forms](https://ghost.org/docs/themes/members/#signup-forms) into account before parsing the referrer on the magic link URL that gets sent to the member for login.
2022-09-06 14:36:06 +02:00
Daniel Lockyer
b226b03f09
Renamed Audit Log to History
refs https://github.com/TryGhost/Toolbox/issues/356

- this commit updates the route to `/settings/history` and moves all the
  files to their new name so we can avoid further cleanup down the line
2022-09-06 11:49:29 +01:00
Daniel Lockyer
a3abb60395
Updated master branch links to main
- we switched the branch names a while back but these were never updated
2022-09-06 11:49:29 +01:00
Naz
920a3aeb4c
Fixed adapter-related unit test
refs 37dd187fe6
refs c36575627d/ghost/core/core/server/data/importer/handlers/image.js (L16)

- The tests were failing because they were stubbing a "generic" adapter, instead of the one which the module under test was using (see referenced code to see what I mean)
2022-09-06 18:46:32 +08:00
Naz
c36575627d
Fixed unit test
refs 37dd187fe6

- The referenced commit lacked cleanup after module removal
2022-09-06 18:11:22 +08:00
Ronald Langeveld
dac3fff90f
🐛 Fixed incorrect member count on sidebar (#15330)
refshttps://github.com/TryGhost/Team/issues/1738

- Changed sidebar member count to use new API endpoint data.
- Added separate function for getting member count.
- changed `_fetchCountsTask` to use new `/stats/member_count/` endpoint
- updated @task to calculate total members from endpoint data.
2022-09-06 12:08:16 +02:00
Naz
d0c45cbe9e
Increased adapter manager test coverage
refs https://github.com/TryGhost/Toolbox/issues/384

- Boyscouting while having the context loaded. Getting to those 100% coverages one day!
2022-09-06 17:51:57 +08:00
Naz
a96a7340c0
Added JSDoc to adapter options resolver
refs https://github.com/TryGhost/Toolbox/issues/384

- Added jsdoc for intellisence/typechecking
- Cleaned up the naming of returned values to resemble the usecases a bit better
2022-09-06 17:51:57 +08:00
Naz
28791bd6bf
Fixed typo 2022-09-06 17:51:57 +08:00
Naz
67df9a6105
Removed unused adapterType variable
refs https://github.com/TryGhost/Toolbox/issues/384

- The adapter manager can parse the adapter type internally from the "type:feature" syntax, so there's no need to pass it around.
2022-09-06 17:51:57 +08:00
Naz
1fc8c8d671
Added more explicit adapter config syntax
refs https://github.com/TryGhost/Toolbox/issues/384

- Existing adapter config was based on the notion there can only be one configuration per one adapter class. With adapter cache now allowing instantiating multiple adapter instances with the same base class it opened up a possibility to have shared configuration for a base class and then extend/override it in "feature" configurations (see tests in this commit for specific examples)
2022-09-06 17:51:57 +08:00
Naz
37dd187fe6
Added adapter caching based on features
refs https://github.com/TryGhost/Toolbox/issues/384

- Adapter cache was not able to store multiple object instances derived from same Base class. This created a need to create boilerplate "shell" classes inheriting from the Base class, e.g.: ImageSizeCacheSyncInMemory etc.
- Having feature-based adapter instance caching in the adapter manager allows to simplify configuration and reuse the "base class" instead of creating artificial "shell" classes.
- For example with this change both image sizes and settings caches will create separate cache instances deriving from default "Memory" class. Less code, less configuration!
2022-09-06 17:51:57 +08:00
Naz
0f86a05ed4
Added ":" syntax to adapter manager
refs https://github.com/TryGhost/Toolbox/issues/384

- The syntax using a colon ":" separator has been successfully used to enable multiple adapters. The adapter manager can benefit from same convention to enable more elastic adapter cache - have multiple instances of adapters from same base class
2022-09-06 17:51:57 +08:00
Naz
2f2033e7c5
Improved adapter manager JSDoc
refs https://github.com/TryGhost/Toolbox/issues/384

- The config is an optional parameter as not all class constructors necessarily have have to have configuration values
2022-09-06 17:51:57 +08:00
Naz
a0d0c38aaf
Fixed typo complementary -> complimentary 2022-09-06 17:51:56 +08:00
Peter Zimon
ca8bfc397c Fixed linting error 2022-09-06 11:25:54 +02:00
Hakim Razalan
2ffd76b994
🐛 Fixed archived tiers appearing in Portal Links UI (#15351)
closes #15293

- added additional active:true filter to tier fetching query to filter only get paid and active tiers.
2022-09-06 10:25:19 +01:00
Hannah Wolfe
db6fb2d6d0
Removed unused fixture tasks
- these old concepts aren't used anymore
2022-09-06 10:18:55 +01:00
Peter Zimon
cb644b3fd7 Restructured Audit log IA
refs. https://github.com/TryGhost/Toolbox/issues/356

- renamed page to “History” now to make it less technical
- moved the history page out to the Advanced section in Settings to increase discoverability
- moved the About section from General settings to a modal because that technical data was not connected to General settings
2022-09-06 11:18:07 +02:00
Daniel Lockyer
e0f86cb1cb
Merged v5.13.1 into main
v5.13.1
2022-09-06 10:12:54 +01:00
Ghost CI
da1997d96e v5.13.1 2022-09-06 09:53:23 +01:00
Rishabh
a8368a261c 🐛 Fixed paid subscription alert showing incorrect offer amount
closes https://github.com/TryGhost/Team/issues/1876

- the offer portion of new paid subscription alert was showing the wrong amount as the value is denoted in cents and needs conversion
- the value shown was 100x as the actual amount needs to be transformed (X/100)
2022-09-06 14:04:21 +05:30
Daniel Lockyer
79368f565f
Fixed Tier events being created when Posts are edited
refs https://github.com/TryGhost/Team/issues/1875

- due to an misbehavior in our model layer, when `tiers` is set on a Post, it'll
  trigger a save of the Tier, and this produces an extra event in the
  `actions` table
- mapping the Tier(s) to just the ID prevents bookshelf-relations from
  editing the Tier and thus prevents the extra event
- also fixed tests which were implicitly assuming supplying a slug to a
  post would create the product
2022-09-05 17:19:27 +01:00
Peter Zimon
a27342c8ae Added link to membership for tiers in Audit log
refs. https://github.com/TryGhost/Toolbox/issues/356

- link to Membership settings was missing for tier related events
2022-09-05 16:20:26 +02:00
Peter Zimon
5a83b77202 Updated copy in Audit log
refs. https://github.com/TryGhost/Toolbox/issues/356

- the term 'products' was used in the Audit log list which was inconsistent with the rest of the UI ('tiers')
2022-09-05 16:09:10 +02:00
Peter Zimon
0e156d2d68 Refined Audit log
refs. https://github.com/TryGhost/Toolbox/issues/356

- member label was too granular and small piece of information to justify a complete "Member" category, so we ignored to fetch the member label related events for now and removed the "Member" category from the filter list
- the term "users" wasn't consistent with the rest of the UI, changed it to "staff"
2022-09-05 16:01:36 +02:00
Daniel Lockyer
064e91fb2d
Added pull_request event type to label actions workflow triggers
refs https://github.com/TryGhost/Toolbox/issues/381

- we want to start collecting events from pull requests so we can label
  and reply upon certain events
- this adds the `closed` and `labeled` events to the workflow triggers
2022-09-05 11:53:46 +01:00
renovate[bot]
167f2d577a
Update dependency ember-concurrency to v2.3.4 (#15357)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2022-09-05 10:56:21 +01:00