npm - apostrophe - Versions diffs - 3.4.0 → 3.7.0 - Mend

apostrophe 3.4.0 → 3.7.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (87) hide show

package/modules/@apostrophecms/template/lib/custom-tags/render.js CHANGED Viewed

@@ -98,9 +98,8 @@ module.exports = (self) => {
       const source = info.body();
       const input = createRenderInput(info);
-      const req = context.env.opts.req;
+      const req = context.ctx.__req;
       const env = self.getEnv(req, context.env.opts.module);
-      input.apos = self.templateApos;
       // attach the render caller as a function
       // it's just a string, but we keep
@@ -108,6 +107,11 @@ module.exports = (self) => {
       input.rendercaller = rendercaller;
       const result = await require('util').promisify((s, args, callback) => {
+        args = {
+          ...self.getRenderArgs(req, {}, context.env.opts.module),
+          // Parameters to fragments are top level, they are not in `data`
+          ...args
+        };
         return env.renderString(s, args, callback);
       })(source, input);
       return result;

package/modules/@apostrophecms/ui/index.js CHANGED Viewed

@@ -1,6 +1,7 @@
 module.exports = {
   options: {
-    alias: 'ui'
+    alias: 'ui',
+    widgetMargin: '20px 0'
   },
   icons: {
     'earth-icon': 'Earth',
@@ -21,7 +22,10 @@ module.exports = {
         if (req.data.user && req.data.user.aposThemePrimary) {
           theme.primary = req.data.user.aposThemePrimary;
         }
-        return { theme };
+        return {
+          theme,
+          widgetMargin: self.options.widgetMargin
+        };
       }
     };
   }

package/modules/@apostrophecms/ui/ui/apos/components/AposButton.vue CHANGED Viewed

@@ -1,5 +1,9 @@
 <template>
-  <span v-apos-tooltip="tooltip" class="apos-button__wrapper">
+  <span
+    v-apos-tooltip="tooltip"
+    class="apos-button__wrapper"
+    :class="{ 'apos-button__wrapper--block': modifiers.includes('block') }"
+  >
     <component
       :is="href ? 'a' : 'button'"
       v-on="href ? {} : {click: click}"
@@ -332,6 +336,9 @@ export default {
         color: var(--a-base-5);
       }
     }
+    .apos-button__label {
+      line-height: var(--a-line-tall);
+    }
   }
   .apos-button--subtle {
@@ -395,8 +402,6 @@ export default {
     box-sizing: border-box;
     display: block;
     width: 100%;
-    height: 47px;
-    max-width: 400px;
   }
   .apos-button--icon-right {
@@ -574,6 +579,10 @@ export default {
     padding: 3px;
   }
+  .apos-button--uppercase .apos-button__label {
+    text-transform: uppercase;
+  }
   .apos-button--inline {
     padding: 0;
     &, &[disabled], &:hover, &:active, &:focus {
@@ -605,6 +614,10 @@ export default {
     display: inline-block;
   }
+  .apos-button__wrapper--block {
+    display: block;
+  }
   @keyframes animateGradient {
     0% {
       background-position: 0% 50%;

package/modules/@apostrophecms/ui/ui/apos/components/AposCellContextMenu.vue CHANGED Viewed

@@ -64,7 +64,7 @@ export default {
   .apos-table__cell-field--context-menu__content {
     @include apos-transition();
     display: inline-block;
-    opacity: 0;
+    opacity: 0.3;
     &.apos-is-visible {
       opacity: 1;
     }

package/modules/@apostrophecms/ui/ui/apos/components/AposIndicator.vue CHANGED Viewed

@@ -7,6 +7,7 @@
     <component
       :is="icon"
       :size="iconSize"
+      :title="title ? title : ''"
       class="apos-indicator__icon"
       :fill-color="iconColor"
     />
@@ -30,6 +31,10 @@ export default {
       type: [ String, Object, Boolean ],
       default: false
     },
+    title: {
+      type: [ String, Boolean ],
+      default: false
+    },
     iconColor: {
       type: String,
       default: 'currentColor'

package/modules/@apostrophecms/ui/ui/apos/lib/i18next.js CHANGED Viewed

@@ -10,11 +10,20 @@ export default {
   install(Vue, options) {
     const i18n = options.i18n;
+    const fallbackLng = [ i18n.defaultLocale ];
+    // In case the default locale also has inadequate admin UI phrases
+    if (fallbackLng[0] !== 'en') {
+      fallbackLng.push('en');
+    }
     i18next.init({
       lng: i18n.locale,
-      fallbackLng: i18n.defaultLocale,
+      fallbackLng,
       resources: {},
-      debug: i18n.debug
+      debug: i18n.debug,
+      interpolation: {
+        escapeValue: false
+      }
     });
     for (const [ ns, phrases ] of Object.entries(i18n.i18n[i18n.locale])) {
@@ -25,6 +34,11 @@ export default {
         i18next.addResourceBundle(i18n.defaultLocale, ns, phrases, true, true);
       }
     }
+    if ((i18n.locale !== 'en') && (i18n.defaultLocale !== 'en')) {
+      for (const [ ns, phrases ] of Object.entries(i18n.i18n.en)) {
+        i18next.addResourceBundle('en', ns, phrases, true, true);
+      }
+    }
     // Like standard i18next $t, but also with support
     // for just one object argument with at least a `key`

package/modules/@apostrophecms/ui/ui/apos/scss/global/_tables.scss CHANGED Viewed

@@ -5,7 +5,7 @@
 .apos-table__header {
   margin-bottom: $spacing-base;
-  padding: 12.5px 4.5px;
+  padding: 12.5px 15px;
   border-bottom: 1px solid var(--a-base-8);
   color: var(--a-base-3);
   text-align: left;
@@ -52,12 +52,13 @@ span.apos-table__header-label:hover {
   @include apos-transition(all, 0.05s);
 }
 .apos-table__cell {
-  padding: 5px;
+  padding: 5px 15px;
   border-bottom: 1px solid var(--a-base-10);
 }
 .apos-table__cell--context-menu  {
-  width: 40px;
+  padding-right: 0;
+  padding-left: 0;
 }
 .apos-table__cell-field--context-menu  {

package/modules/@apostrophecms/ui/ui/apos/scss/global/_theme.scss CHANGED Viewed

@@ -78,6 +78,9 @@
   --a-line-base: 1;
   --a-line-tall: 1.3;
   --a-line-tallest: 1.6;
+  // Admin styles
+  --a-widget-margin: 0;
 }
 .apos-theme-dark {

package/modules/@apostrophecms/ui/ui/apos/scss/global/_widgets.scss ADDED Viewed

@@ -0,0 +1,3 @@
+[data-apos-area] [data-apos-area] {
+  margin: var(--a-widget-margin);
+}

package/modules/@apostrophecms/ui/ui/apos/scss/global/import-all.scss CHANGED Viewed

@@ -9,4 +9,5 @@
 @import './_scrollbars';
 @import './_utilities';
 @import './_tables';
-@import './_tooltips';
+@import './_tooltips';
+@import './_widgets';

package/modules/@apostrophecms/user/index.js CHANGED Viewed

@@ -185,6 +185,19 @@ module.exports = {
           if (![ 'guest', 'editor', 'contributor', 'admin' ].includes(doc.role)) {
             throw self.apos.error('invalid', 'The role property of a user must be guest, editor, contributor or admin');
           }
+        },
+        async invalidatePriorLogins(req, doc, options) {
+          const effectiveUserId = req.user && req.user._id;
+          // Invalidate prior login sessions if the password field changes or
+          // the user is newly marked as disabled.
+          if (doc._id && doc._passwordUpdated && (effectiveUserId !== doc._id)) {
+            // Invalidate old sessions
+            doc.loginInvalidBefore = Date.now();
+            // Just delete old bearer tokens
+            return self.apos.login.bearerTokens.removeMany({
+              userId: doc._id
+            });
+          }
         }
       },
       // Reflect email and username changes in the safe after deduplicating in the piece
@@ -347,6 +360,13 @@ module.exports = {
       // alone and `safeUser` is not updated.
       //
       // Called automatically by `hashSecrets`, above.
+      //
+      // The secret property itself is immediately deleted from doc
+      // to avoid any risk of accidentally storing it in cleartext.
+      // However there is a way to detect that it was updated:
+      // if `secret` is `password`, then the `_passwordUpdated` temporary
+      // property is set to true. This provides a way to take additional
+      // actions stemming from this change in a `beforeSave` handler, etc.
       async hashSecret(doc, safeUser, secret) {
         if (!doc[secret]) {
@@ -355,6 +375,7 @@ module.exports = {
         const hash = await require('util').promisify(self.pw.hash)(doc[secret]);
         delete doc[secret];
         safeUser[secret + 'Hash'] = hash;
+        doc[`_${secret}Updated`] = true;
       },
       // Verify the given password by checking it against the

package/modules/@apostrophecms/util/index.js CHANGED Viewed

@@ -414,7 +414,7 @@ module.exports = {
           return self.insensitiveSortCompare(a[property], b[property]);
         });
       },
-      // Copmpare two strings in a case-insensitive way, returning -1, 0 or 1, suitable for use with sort().
+      // Compare two strings in a case-insensitive way, returning -1, 0 or 1, suitable for use with sort().
       // If the two strings represent numbers, compare them as numbers for a natural sort order
       // when comparing strings like '4' and '10'.
       insensitiveSortCompare(a, b) {
@@ -858,7 +858,7 @@ module.exports = {
         return _.startCase(o);
       },
-      // check if something is a function (as opposd to property)
+      // check if something is a function (as opposed to property)
       isFunction: function(o) {
         return (typeof o === 'function');
       },

package/modules/@apostrophecms/util/ui/src/http.js CHANGED Viewed

@@ -150,10 +150,12 @@ export default () => {
     if (options.busy) {
       if (!busyActive[busyName]) {
         busyActive[busyName] = 0;
-        apos.bus.$emit('busy', {
-          active: true,
-          name: busyName
-        });
+        if (apos.bus) {
+          apos.bus.$emit('busy', {
+            active: true,
+            name: busyName
+          });
+        }
       }
       // keep track of nested calls
       busyActive[busyName]++;
@@ -240,10 +242,12 @@ export default () => {
         busyActive[busyName]--;
         if (!busyActive[busyName]) {
           // if no nested calls, disable the "busy" state
-          apos.bus.$emit('busy', {
-            active: false,
-            name: busyName
-          });
+          if (apos.bus) {
+            apos.bus.$emit('busy', {
+              active: false,
+              name: busyName
+            });
+          }
         }
       }
     });

package/modules/@apostrophecms/widget-type/index.js CHANGED Viewed

@@ -156,7 +156,7 @@ module.exports = {
         self.schema = self.apos.schema.compose({
           addFields: self.apos.schema.fieldsToArray(`Module ${self.__meta.name}`, self.fields),
           arrangeFields: self.apos.schema.groupsToArray(self.fieldsGroups)
-        });
+        }, self);
         const forbiddenFields = [
           '_id',
           'type'

package/modules/@apostrophecms/widget-type/ui/apos/components/AposWidgetEditor.vue CHANGED Viewed

@@ -19,6 +19,7 @@
               :schema="schema"
               :value="docFields"
               @input="updateDocFields"
+              @validate="triggerValidate"
               :following-values="followingValues()"
               :conditional-fields="conditionalFields()"
               ref="schema"

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "apostrophe",
-  "version": "3.4.0",
+  "version": "3.7.0",
   "description": "The Apostrophe Content Management System.",
   "main": "index.js",
   "scripts": {
@@ -112,7 +112,7 @@
     "vue": "^2.6.14",
     "vue-click-outside-element": "^1.0.13",
     "vue-loader": "^15.9.6",
-    "vue-material-design-icons": "^4.9.0",
+    "vue-material-design-icons": "~4.12.1",
     "vue-style-loader": "^4.1.2",
     "vue-template-compiler": "^2.6.14",
     "vuedraggable": "^2.24.3",
@@ -127,7 +127,7 @@
     "eslint-loader": "^4.0.2",
     "eslint-plugin-node": "^11.1.0",
     "eslint-plugin-vue": "^7.9.0",
-    "mocha": "^7.1.2",
+    "mocha": "^9.1.2",
     "nyc": "^15.1.0",
     "replace-in-file": "^6.1.0",
     "vue-eslint-parser": "^7.1.1",

package/test/extra_node_modules/improve-global/index.js ADDED Viewed

@@ -0,0 +1,7 @@
+module.exports = {
+  improve: '@apostrophecms/global',
+  options: {
+    testGlobalLevelLoaded: true,
+    testGlobalLevel: true
+  }
+};

package/test/extra_node_modules/improve-piece-type/index.js ADDED Viewed

@@ -0,0 +1,7 @@
+module.exports = {
+  improve: '@apostrophecms/piece-type',
+  options: {
+    testPieceTypeLevelLoaded: true,
+    testPieceTypeLevel: true
+  }
+};

package/test/improve-overrides.js ADDED Viewed

@@ -0,0 +1,30 @@
+const t = require('../test-lib/test.js');
+const assert = require('assert');
+describe('Improve Overrides', function() {
+  this.timeout(t.timeout);
+  it('"improve" should work, but project level should override it', async function() {
+    let apos;
+    try {
+      apos = await t.create({
+        root: module,
+        modules: {
+          'improve-piece-type': {},
+          'improve-global': {}
+        }
+      });
+      assert(apos.global.options.verifyProjectLevelLoaded);
+      assert.strictEqual(apos.user.options.testPieceTypeLevelLoaded, true);
+      assert.strictEqual(apos.user.options.testPieceTypeLevel, true);
+      assert.strictEqual(apos.global.options.testPieceTypeLevelLoaded, true);
+      assert.strictEqual(apos.global.options.testPieceTypeLevel, false);
+      assert.strictEqual(apos.global.options.testGlobalLevelLoaded, true);
+      assert.strictEqual(apos.global.options.testGlobalLevel, false);
+    } finally {
+      t.destroy(apos);
+    }
+  });
+});

package/test/login.js CHANGED Viewed

@@ -161,4 +161,187 @@ describe('Login', function() {
     assert(page.match(/logged out/));
   });
+  it('Changing a user\'s password should invalidate sessions for that user', async function() {
+    const jar = apos.http.jar();
+    // establish session
+    let page = await apos.http.get(
+      '/',
+      {
+        jar
+      }
+    );
+    assert(page.match(/logged out/));
+    await apos.http.post(
+      '/api/v1/@apostrophecms/login/login',
+      {
+        method: 'POST',
+        body: {
+          username: 'HarryPutter',
+          password: 'crookshanks',
+          session: true
+        },
+        jar
+      }
+    );
+    page = await apos.http.get(
+      '/',
+      {
+        jar
+      }
+    );
+    assert(page.match(/logged in/));
+    const req = apos.task.getReq();
+    let user = await apos.user.find(req, {
+      username: 'HarryPutter'
+    }).toObject();
+    assert(user);
+    user.password = 'VeryPasswordManySecure🐶';
+    await apos.user.update(req, user);
+    page = await apos.http.get(
+      '/',
+      {
+        jar
+      }
+    );
+    assert(!page.match(/logged in/));
+    assert(page.match(/logged out/));
+    // Make sure we can come back from that
+    await apos.http.post(
+      '/api/v1/@apostrophecms/login/login',
+      {
+        method: 'POST',
+        body: {
+          username: 'HarryPutter',
+          password: 'VeryPasswordManySecure🐶',
+          session: true
+        },
+        jar
+      }
+    );
+    page = await apos.http.get(
+      '/',
+      {
+        jar
+      }
+    );
+    assert(page.match(/logged in/));
+    // So we do not have a stale _passwordUpdated flag
+    user = await apos.user.find(req, {
+      _id: user._id
+    }).toObject();
+    // Unrelated writes to user should not invalidate sessions
+    user.title = 'Extra Cool Putter';
+    await apos.user.update(req, user);
+    page = await apos.http.get(
+      '/',
+      {
+        jar
+      }
+    );
+    assert(page.match(/logged in/));
+    // Marking a user account as disabled should invalidate sessions
+    user.disabled = true;
+    await apos.user.update(req, user);
+    page = await apos.http.get(
+      '/',
+      {
+        jar
+      }
+    );
+    assert(page.match(/logged out/));
+    // Restore access for next test
+    user.disabled = false;
+    await apos.user.update(req, user);
+  });
+  it('Changing a user\'s password should invalidate bearer tokens for that user', async function() {
+    // Log in
+    let response = await apos.http.post('/api/v1/@apostrophecms/login/login', {
+      body: {
+        username: 'HarryPutter',
+        password: 'VeryPasswordManySecure🐶'
+      }
+    });
+    assert(response.token);
+    let token = response.token;
+    // For verification: can't do this without an admin bearer token
+    await apos.http.get(
+      '/api/v1/@apostrophecms/user',
+      {
+        headers: {
+          Authorization: `Bearer ${token}`
+        }
+      }
+    );
+    const req = apos.task.getReq();
+    const user = await apos.user.find(req, {
+      username: 'HarryPutter'
+    }).toObject();
+    assert(user);
+    user.password = 'AnotherLovelyPassword';
+    await apos.user.update(req, user);
+    let failed = false;
+    try {
+      await apos.http.get(
+        '/api/v1/@apostrophecms/user',
+        {
+          headers: {
+            Authorization: `Bearer ${token}`
+          }
+        }
+      );
+      // Should NOT work
+      assert(false);
+    } catch (e) {
+      failed = true;
+      assert.strictEqual(e.status, 401);
+    }
+    assert(failed);
+    // Make sure we can come back from that
+    response = await apos.http.post('/api/v1/@apostrophecms/login/login', {
+      body: {
+        username: 'HarryPutter',
+        password: 'AnotherLovelyPassword'
+      }
+    });
+    assert(response.token);
+    token = response.token;
+    await apos.http.get(
+      '/api/v1/@apostrophecms/user',
+      {
+        headers: {
+          Authorization: `Bearer ${token}`
+        }
+      }
+    );
+  });
 });

package/test/modules/@apostrophecms/global/index.js ADDED Viewed

@@ -0,0 +1,8 @@
+module.exports = {
+  options: {
+    verifyProjectLevelLoaded: true,
+    // Verify we can override these
+    testPieceTypeLevel: false,
+    testGlobalLevel: false
+  }
+};

package/test/modules/fragment-all/views/aux-test.html ADDED Viewed

@@ -0,0 +1,7 @@
+{% extends data.outerLayout %}
+{% import "fragment.html" as fragment %}
+{% block main %}
+{% render fragment.auxTest('Gee Whiz') %}
+{% endblock %}

package/test/modules/fragment-all/views/fragment.html CHANGED Viewed

@@ -28,3 +28,8 @@
 {% fragment _print(text) %}
   {{ text }}
 {% endfragment %}
+{% fragment auxTest(s) %}
+  {{ apos.util.slugify(s) }}
+  {{ __t('apostrophe:modifyOrDelete') }}
+{% endfragment %}

package/test/moog.js CHANGED Viewed

@@ -237,6 +237,53 @@ describe('moog', function() {
       assert(myObject.extended(5) === 20);
     });
+    it('should support inheriting field group fields rather than requiring all fields to be restated', async function() {
+      const moog = require('../lib/moog.js')({});
+      moog.define('myObject', {
+        cascades: [ 'fields' ],
+        fields: {
+          add: {
+            one: { type: 'string' },
+            two: { type: 'string' },
+            three: { type: 'string' }
+          },
+          group: {
+            basics: {
+              fields: [ 'one', 'two', 'three' ]
+            }
+          }
+        }
+      });
+      moog.define('myObject', {
+        fields: {
+          add: {
+            four: { type: 'string' },
+            five: { type: 'string' }
+          },
+          group: {
+            basics: {
+              fields: [ 'four', 'five' ]
+            },
+            other: {
+              fields: [ 'one' ]
+            }
+          }
+        }
+      });
+      const myObject = await moog.create('myObject', {});
+      assert(myObject);
+      assert(myObject.fieldsGroups);
+      assert(!myObject.fieldsGroups.basics.fields.includes('one'));
+      assert(myObject.fieldsGroups.other.fields.includes('one'));
+      assert(myObject.fieldsGroups.basics.fields.includes('two'));
+      assert(myObject.fieldsGroups.basics.fields.includes('three'));
+      assert(myObject.fieldsGroups.basics.fields.includes('four'));
+      assert(myObject.fieldsGroups.basics.fields.includes('five'));
+    });
     // ==================================================
     // `redefine` AND `isDefined`
     // ==================================================