ref ENG-189
- A type error was flagged by Sentry where Settingscrashed where the API
data wasn't formatted correctly and the error boundary didn't kick in.
- This adds additional safety to ensure the required data exists before
attempting to render the elements.
ref https://linear.app/tryghost/issue/KTLO-1/members-spam-signups
- Some customers are seeing many spammy signups ("hundreds a day") — our
hypothesis is that bots and/or email link checkers are able to signup by
simply following the link in the email without even loading the page in
a browser.
- Currently new members signup by clicking a magic link in an email,
which is a simple GET request. When the user (or a bot) clicks that link, Ghost
creates the member and signs them in for the first time.
- This change, behind an alpha flag, requires a new member to click the
link in the email, which takes them to a new frontend route `/confirm_signup/`, then submit a form on the page which sends a POST request to the
server. If JavaScript is enabled, the form will be submitted
automatically so the only change to the user is an extra flash/redirect
before being signed in and redirected to the homepage.
- This change is behind the alpha flag `membersSpamPrevention` so we can
test it out on a few customer's sites and see if it helps reduce the
spam signups. With the flag off, the signup flow remains the same as
before.
no issue
- Keeping state of the scroll location to keep in sync with iframe
buffering caused performance issues in Safari.
- This adds a debounce to when the scroll location is updated which
fixes jerky scrolling in Safari.
ref https://linear.app/tryghost/issue/ENG-799
- recommendations were being stripped of query parameters and hash
fragments before save
- in particular, query parameters for attribution such as ?ref were not
being stored
ref https://linear.app/tryghost/issue/DES-84
- changed display to not show tabs when there's no staff users (only owner)
- automatically switch to Invites tab in the Staff section after sending an invite
- updated toast messages on failure
---------
Co-authored-by: Steve Larson <9larsons@gmail.com>
ref https://linear.app/tryghost/issue/IPC-66/onboarding-checklist-v1
- Adds a basic version of a new onboarding checklist behind the feature
flag, without incomplete/complete state logic
- Links to Design settings, Members screen and new post
- Opens amodal that we’ll use as Share modal
---------
Co-authored-by: Daniël van der Winden <danielvanderwinden@ghost.org>
no-issue
This adds the barebones of a NestJS application wired up to the Admin API
behind a feature flag, so that we can experiement with how to use Nest in the
context of Ghost
no issue
- Adds the unsplash selector as a standalone typescript package inside
the Koenig monorepo.
- Currently we have 3 versions of the Unsplash Selector. One in
Koenig-Lexical, one in AdminX and the original Ember version.
- We can now start phasing out the application coupled version of the
selector and replace it with the reusable version.
- We can now import it via npm to any React application.
- This commit removes the Unsplash components from AdminX and imports it
instead.
This is the second commit for this as the previous commit broke styles
due to normalise styles leaking into the Ember app. Disabling preflight
(https://github.com/TryGhost/Koenig/pull/1169) in Tailwind fixed it.
closes https://linear.app/tryghost/issue/ENG-739
- `props.innerRef` in `<IFrame>` was inadvertently assumed to always exist, sometimes throwing an error on render when certain popups like the profile settings modal were opened resulting in the app crashing and the whole comments block disappearing
- added a guard to ensure the ref exists before trying to set it
- updated tests so the profile modal route is tested
closes https://linear.app/tryghost/issue/ENG-721
ref https://linear.app/tryghost/issue/ENG-708
Comments-UI loads `/ghost/admin-frame/` in an iframe to check if a Staff User is authenticated in order to show moderation options. That iframe request loads a HTML page which in turn contains a script that fires off an API request that attempts to fetch the logged-in user details, resulting in a 403 "error" showing up when not authenticated. In the vast majority of cases there will be no staff user authenticated so lots of extra requests and "errors" are seen unnecessarily.
- adjusted the `/ghost/auth-frame/` endpoint to check if the request contains an Admin session cookie
- if it does, continue as before with rendering the HTML page so the script is loaded
- if it doesn't, return an empty 204 response avoiding the script request and subsequent 403-generating API request
- eliminates the 403 error being generated for all typical visitor traffic, the error should only be seen when an Admin was previously logged in but their cookie is no longer valid (either from logging out, or going past the 6month validity period)
no issue
- Adds the unsplash selector as a standalone typescript package inside
the Koenig monorepo.
- Currently we have 3 versions of the Unsplash Selector. One in
Koenig-Lexical, one in AdminX and the original Ember version.
- We can now start phasing out the application coupled version of the
selector and replace it with the reusable version.
- We can now import it via npm to any React application.
- This commit removes the Unsplash components from AdminX and imports it
instead.
no ref
- The 'Get help' button was only adding margin on the left when accessed
through account management even though it is also shown on the
unsubscribe page accessed via link.
no refs
- Tests run locally (US TZ) often always failed because the dates are
pushed to the en-GB locale. The test now forces the same TZ onto the
compared to date.
refs https://linear.app/tryghost/issue/ENG-677
- Portal was completely missing tests for `UnsubscribePage`
- `UnsubscribePage` is unique for Portal in that it needs to be able to
handle logged in and not-logged-in member state/interactions
- Various parts of Portal don't use a shared `GhostApi` instance, making
mocking all functionality impossible
- `UnsubscribePage` was updated to use `onAction` to bring it in line
with other Portal interactions while logged in
- Added checks for UI components for more precision in tests checking subscriptions within the UI
---------
Co-authored-by: Ronald Langeveld <hi@ronaldlangeveld.com>
no issue
- defers loading of `admin-auth` frame and it's API request until we are displaying some comments
- defers the frame load and API request until the comments box is scrolled into view
- eliminates the requests altogether for posts that have no comments
closes ENG-711
When an Admin is authenticated in Comments-UI we only add moderation options to the displayed comments so we don't need to pre-emptively load the `admin-auth` iframe and make the `/ghost/api/admin/users/me/` request until some comments are actually visible.
- used `state.comments.length` property to defer rendering of the admin auth frame until comments have been fetched (after box is scrolled into view) and the count is > 0
refs https://ghost.slack.com/archives/CTH5NDJMS/p1709230854358779
- Customer reported that some code they injected via the Code Injection
crashed the Preview in Ghost Settings.
- This wraps the function where the crash took place (according to
Sentry) in a try/catch to attempt to handle it gracefully.
- Added an additional Sentry log to better understand the situation
should it happen again.
refs https://linear.app/tryghost/issue/ENG-677
- UnsubscribePage is intended to be able to be used without logging in
to Portal. The app context (member state) was not synchronized when
logged in, causing conflicts in the client data vs. database.
- Now when a logged in member is found, the member object is manually
updated to reflect the API response(s).
no issue
- switches post browse requests to`/members/api/comments/post/:post_id/` to enable better cache bucketing
and invalidation
- removes `order` param from browse and replies requests
closes ENG-681
There's no need to provide an `order` param with every request in Comments-UI if the API has default ordering that matches our requirements. The order param makes logs more noisy/harder to read than they need to be so we want to get rid of it.
- modified comments API input serializer to add a default order param to the browse and replies endpoints when none is provided
- removed order param from the requests that Comments-UI makes
refs https://linear.app/tryghost/issue/ENG-676/
Now we have the case that there is no filter param, the simple string
approach fails. Instead we build up a URLSearchParams object which
makes it easier to handle conditional params & stringify it at the end.
