npm - ghost - Versions diffs - 5.3.1 → 5.5.0 - Mend

ghost 5.3.1 → 5.5.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (107) hide show

package/core/server/services/members/settings.js CHANGED Viewed

@@ -1,99 +1,14 @@
-const MagicLink = require('@tryghost/magic-link');
-const {URL} = require('url');
-const path = require('path');
 const urlUtils = require('../../../shared/url-utils');
-const settingsCache = require('../../../shared/settings-cache');
-const logging = require('@tryghost/logging');
-const mail = require('../mail');
-const updateEmailTemplate = require('./emails/updateEmail');
 const SingleUseTokenProvider = require('./SingleUseTokenProvider');
 const models = require('../../models');
 const MAGIC_LINK_TOKEN_VALIDITY = 24 * 60 * 60 * 1000;
-const ghostMailer = new mail.GhostMailer();
-function createSettingsInstance(config) {
-    const {transporter, getSubject, getText, getHTML, getSigninURL} = {
-        transporter: {
-            sendMail(message) {
-                if (process.env.NODE_ENV !== 'production') {
-                    logging.warn(message.text);
-                }
-                let msg = Object.assign({
-                    from: config.getAuthEmailFromAddress(),
-                    subject: 'Update email address',
-                    forceTextContent: true
-                }, message);
-                return ghostMailer.send(msg);
-            }
-        },
-        getSubject() {
-            return `Confirm your email address`;
-        },
-        getText(url, type, email) {
-            return `
-            Hey there,
-            Please confirm your email address with this link:
-            ${url}
-            For your security, the link will expire in 24 hours time.
-            ---
-            Sent to ${email}
-            If you did not make this request, you can simply delete this message. This email address will not be used.
-            `;
-        },
-        getHTML(url, type, email) {
-            const siteTitle = settingsCache.get('title');
-            return updateEmailTemplate({url, email, siteTitle});
-        },
-        getSigninURL(token, type) {
-            const signinURL = new URL(urlUtils.urlFor('api', {type: 'admin'}, true));
-            signinURL.pathname = path.join(signinURL.pathname, '/settings/members/email/');
-            signinURL.searchParams.set('token', token);
-            signinURL.searchParams.set('action', type);
-            return signinURL.href;
-        }
-    };
-    const magicLinkService = new MagicLink({
-        transporter,
-        tokenProvider: new SingleUseTokenProvider(models.SingleUseToken, MAGIC_LINK_TOKEN_VALIDITY),
-        getSigninURL,
-        getText,
-        getHTML,
-        getSubject
-    });
-    const sendEmailAddressUpdateMagicLink = ({email, type = 'supportAddressUpdate'}) => {
-        const [,toDomain] = email.split('@');
-        let fromEmail = `noreply@${toDomain}`;
-        if (fromEmail === email) {
-            fromEmail = `no-reply@${toDomain}`;
-        }
-        magicLinkService.transporter = {
-            sendMail(message) {
-                if (process.env.NODE_ENV !== 'production') {
-                    logging.warn(message.text);
-                }
-                let msg = Object.assign({
-                    from: fromEmail,
-                    subject: 'Update email address',
-                    forceTextContent: true
-                }, message);
-                return ghostMailer.send(msg);
-            }
-        };
-        return magicLinkService.sendMagicLink({email, tokenData: {email}, subject: email, type});
-    };
+// @todo: can get removed, since this is moved to the settings bread service
+function createSettingsInstance() {
+    const oldTokenProvider = new SingleUseTokenProvider(models.SingleUseToken, MAGIC_LINK_TOKEN_VALIDITY);
     const getEmailFromToken = async ({token}) => {
-        const data = await magicLinkService.getDataFromToken(token);
+        const data = await oldTokenProvider.validate(token);
         return data.email;
     };
@@ -107,7 +22,6 @@ function createSettingsInstance(config) {
     };
     return {
-        sendEmailAddressUpdateMagicLink,
         getEmailFromToken,
         getAdminRedirectLink
     };

package/core/server/services/public-config/config.js CHANGED Viewed

@@ -18,7 +18,8 @@ module.exports = function getConfigProperties() {
         mailgunIsConfigured: !!(config.get('bulkEmail') && config.get('bulkEmail').mailgun),
         emailAnalytics: config.get('emailAnalytics'),
         hostSettings: config.get('hostSettings'),
-        tenor: config.get('tenor')
+        tenor: config.get('tenor'),
+        editor: config.get('editor')
     };
     const billingUrl = config.get('hostSettings:billing:enabled') ? config.get('hostSettings:billing:url') : '';

package/core/server/services/settings/emails/verify-email.js ADDED Viewed

@@ -0,0 +1,166 @@
+module.exports = ({email, url}) => `
+<!doctype html>
+<html>
+  <head>
+    <meta name="viewport" content="width=device-width">
+    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
+    <title>Confirm your email address</title>
+    <style>
+    /* -------------------------------------
+        RESPONSIVE AND MOBILE FRIENDLY STYLES
+    ------------------------------------- */
+    @media only screen and (max-width: 620px) {
+      table[class=body] h1 {
+        font-size: 28px !important;
+        margin-bottom: 10px !important;
+      }
+      table[class=body] p,
+            table[class=body] ul,
+            table[class=body] ol,
+            table[class=body] td,
+            table[class=body] span,
+            table[class=body] a {
+        font-size: 16px !important;
+      }
+      table[class=body] .wrapper,
+            table[class=body] .article {
+        padding: 10px !important;
+      }
+      table[class=body] .content {
+        padding: 0 !important;
+      }
+      table[class=body] .container {
+        padding: 0 !important;
+        width: 100% !important;
+      }
+      table[class=body] .main {
+        border-left-width: 0 !important;
+        border-radius: 0 !important;
+        border-right-width: 0 !important;
+      }
+      table[class=body] .btn table {
+        width: 100% !important;
+      }
+      table[class=body] .btn a {
+        width: 100% !important;
+      }
+      table[class=body] .img-responsive {
+        height: auto !important;
+        max-width: 100% !important;
+        width: auto !important;
+      }
+    }
+    /* -------------------------------------
+        PRESERVE THESE STYLES IN THE HEAD
+    ------------------------------------- */
+    @media all {
+      .ExternalClass {
+        width: 100%;
+      }
+      .ExternalClass,
+            .ExternalClass p,
+            .ExternalClass span,
+            .ExternalClass font,
+            .ExternalClass td,
+            .ExternalClass div {
+        line-height: 100%;
+      }
+      .recipient-link a {
+        color: inherit !important;
+        font-family: inherit !important;
+        font-size: inherit !important;
+        font-weight: inherit !important;
+        line-height: inherit !important;
+        text-decoration: none !important;
+      }
+      #MessageViewBody a {
+        color: inherit;
+        text-decoration: none;
+        font-size: inherit;
+        font-family: inherit;
+        font-weight: inherit;
+        line-height: inherit;
+      }
+    }
+    hr {
+      border-width: 0;
+      height: 0;
+      margin-top: 34px;
+      margin-bottom: 34px;
+      border-bottom-width: 1px;
+      border-bottom-color: #EEF5F8;
+    }
+    </style>
+  </head>
+  <body style="background-color: #F4F8FB; font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, Helvetica, Arial, sans-serif, 'Apple Color Emoji', 'Segoe UI Emoji', 'Segoe UI Symbol'; -webkit-font-smoothing: antialiased; font-size: 14px; line-height: 1.4; margin: 0; padding: 0; -ms-text-size-adjust: 100%; -webkit-text-size-adjust: 100%;">
+    <table border="0" cellpadding="0" cellspacing="0" class="body" style="border-collapse: separate; mso-table-lspace: 0pt; mso-table-rspace: 0pt; width: 100%; background-color: #F4F8FB;">
+      <tr>
+        <td style="font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, Helvetica, Arial, sans-serif, 'Apple Color Emoji', 'Segoe UI Emoji', 'Segoe UI Symbol'; font-size: 14px; vertical-align: top;">&nbsp;</td>
+        <td class="container" style="font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, Helvetica, Arial, sans-serif, 'Apple Color Emoji', 'Segoe UI Emoji', 'Segoe UI Symbol'; font-size: 14px; vertical-align: top; display: block; Margin: 0 auto; max-width: 600px; padding: 10px; width: 600px;">
+          <div class="content" style="box-sizing: border-box; display: block; Margin: 0 auto; max-width: 600px; padding: 30px 20px;">
+            <!-- START CENTERED WHITE CONTAINER -->
+            <table class="main" style="border-collapse: separate; mso-table-lspace: 0pt; mso-table-rspace: 0pt; width: 100%; background: #ffffff; border-radius: 8px;">
+              <!-- START MAIN CONTENT AREA -->
+              <tr>
+                <td class="wrapper" style="font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, Helvetica, Arial, sans-serif, 'Apple Color Emoji', 'Segoe UI Emoji', 'Segoe UI Symbol'; font-size: 14px; vertical-align: top; box-sizing: border-box; padding: 40px 50px;">
+                  <table border="0" cellpadding="0" cellspacing="0" style="border-collapse: separate; mso-table-lspace: 0pt; mso-table-rspace: 0pt; width: 100%;">
+                    <tr>
+                      <td style="font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, Helvetica, Arial, sans-serif, 'Apple Color Emoji', 'Segoe UI Emoji', 'Segoe UI Symbol'; font-size: 14px; vertical-align: top;">
+                        <p style="font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, Helvetica, Arial, sans-serif, 'Apple Color Emoji', 'Segoe UI Emoji', 'Segoe UI Symbol'; font-size: 20px; color: #15212A; font-weight: bold; line-height: 25px; margin: 0; margin-bottom: 15px;">Hey there,</p>
+                        <p style="font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, Helvetica, Arial, sans-serif, 'Apple Color Emoji', 'Segoe UI Emoji', 'Segoe UI Symbol'; font-size: 16px; color: #3A464C; font-weight: normal; margin: 0; line-height: 25px; margin-bottom: 32px;">Please confirm your email address with this link:</p>
+                        <table border="0" cellpadding="0" cellspacing="0" class="btn btn-primary" style="border-collapse: separate; mso-table-lspace: 0pt; mso-table-rspace: 0pt; width: 100%; box-sizing: border-box;">
+                          <tbody>
+                            <tr>
+                              <td align="left" style="font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, Helvetica, Arial, sans-serif, 'Apple Color Emoji', 'Segoe UI Emoji', 'Segoe UI Symbol'; font-size: 16px; vertical-align: top; padding-bottom: 35px;">
+                                <table border="0" cellpadding="0" cellspacing="0" style="border-collapse: separate; mso-table-lspace: 0pt; mso-table-rspace: 0pt; width: auto;">
+                                  <tbody>
+                                    <tr>
+                                      <td style="font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, Helvetica, Arial, sans-serif, 'Apple Color Emoji', 'Segoe UI Emoji', 'Segoe UI Symbol'; font-size: 16px; vertical-align: top; background-color: #15212A; border-radius: 5px; text-align: center;"> <a href="${url}" target="_blank" style="display: inline-block; color: #ffffff; background-color: #15212A; border: solid 1px #15212A; border-radius: 5px; box-sizing: border-box; cursor: pointer; text-decoration: none; font-size: 16px; font-weight: normal; margin: 0; padding: 9px 22px 10px; border-color: #15212A;" data-test-verify-link>Confirm email address</a> </td>
+                                    </tr>
+                                  </tbody>
+                                </table>
+                              </td>
+                            </tr>
+                          </tbody>
+                        </table>
+                        <p style="font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, Helvetica, Arial, sans-serif, 'Apple Color Emoji', 'Segoe UI Emoji', 'Segoe UI Symbol'; font-size: 16px; color: #3A464C; font-weight: normal; margin: 0; line-height: 25px; margin-bottom: 25px;">For your security, the link will expire in 24 hours time.</p>
+                        <hr/>
+                        <p style="word-break: break-all; font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, Helvetica, Arial, sans-serif, 'Apple Color Emoji', 'Segoe UI Emoji', 'Segoe UI Symbol'; font-size: 15px; color: #3A464C; font-weight: normal; margin: 0; line-height: 25px; margin-bottom: 5px;">You can also copy & paste this URL into your browser:</p>
+                        <p style="word-break: break-all; font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, Helvetica, Arial, sans-serif, 'Apple Color Emoji', 'Segoe UI Emoji', 'Segoe UI Symbol'; font-size: 14px; line-height: 21px; margin-top: 0; color: #738A94;">${url}</p>
+                      </td>
+                    </tr>
+                  </table>
+                </td>
+              </tr>
+            <!-- END MAIN CONTENT AREA -->
+            </table>
+            <!-- START FOOTER -->
+            <div class="footer" style="clear: both; Margin-top: 10px; text-align: center; width: 100%;">
+              <table border="0" cellpadding="0" cellspacing="0" style="border-collapse: separate; mso-table-lspace: 0pt; mso-table-rspace: 0pt; width: 100%;">
+                <tr>
+                  <td class="content-block" style="font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, Helvetica, Arial, sans-serif, 'Apple Color Emoji', 'Segoe UI Emoji', 'Segoe UI Symbol'; vertical-align: top; padding-bottom: 5px; padding-top: 15px; font-size: 13px; line-height: 21px; color: #738A94; text-align: center;">
+                    If you did not make this request, you can simply delete this message.<br/>This email address will not be used.
+                  </td>
+                </tr>
+                <tr>
+                  <td class="content-block" style="font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, Helvetica, Arial, sans-serif, 'Apple Color Emoji', 'Segoe UI Emoji', 'Segoe UI Symbol'; vertical-align: top; padding-bottom: 10px; padding-top: 10px; font-size: 13px; color: #738A94; text-align: center;">
+                    <span class="recipient-link" style="color: #738A94; font-size: 13px; text-align: center;">Sent to <a href="mailto:${email}" style="text-decoration: underline; color: #738A94; font-size: 13px; text-align: center;">${email}</a></span>
+                  </td>
+                </tr>
+              </table>
+            </div>
+            <!-- END FOOTER -->
+          <!-- END CENTERED WHITE CONTAINER -->
+          </div>
+        </td>
+        <td style="font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, Helvetica, Arial, sans-serif, 'Apple Color Emoji', 'Segoe UI Emoji', 'Segoe UI Symbol'; font-size: 14px; vertical-align: top;">&nbsp;</td>
+      </tr>
+    </table>
+  </body>
+</html>
+`;

package/core/server/services/settings/settings-bread-service.js CHANGED Viewed

@@ -1,8 +1,12 @@
 const _ = require('lodash');
 const tpl = require('@tryghost/tpl');
-const {NotFoundError, NoPermissionError, BadRequestError} = require('@tryghost/errors');
+const {NotFoundError, NoPermissionError, BadRequestError, IncorrectUsageError} = require('@tryghost/errors');
 const {obfuscatedSetting, isSecretSetting, hideValueIfSecret} = require('./settings-utils');
+const logging = require('@tryghost/logging');
+const MagicLink = require('@tryghost/magic-link');
+const verifyEmailTemplate = require('./emails/verify-email');
+const EMAIL_KEYS = ['members_support_address'];
 const messages = {
     problemFindingSetting: 'Problem finding setting: {key}',
     accessCoreSettingFromExtReq: 'Attempted to access core setting from external request'
@@ -13,13 +17,67 @@ class SettingsBREADService {
      *
      * @param {Object} options
      * @param {Object} options.SettingsModel
+     * @param {Object} options.mail
      * @param {Object} options.settingsCache - SettingsCache instance
+     * @param {Object} options.singleUseTokenProvider
+     * @param {Object} options.urlUtils
      * @param {Object} options.labsService - labs service instance
      */
-    constructor({SettingsModel, settingsCache, labsService}) {
+    constructor({SettingsModel, settingsCache, labsService, mail, singleUseTokenProvider, urlUtils}) {
         this.SettingsModel = SettingsModel;
         this.settingsCache = settingsCache;
         this.labs = labsService;
+        /* email verification setup */
+        this.ghostMailer = new mail.GhostMailer();
+        const {transporter, getSubject, getText, getHTML, getSigninURL} = {
+            transporter: {
+                sendMail() {
+                    // noop - overridden in `sendEmailVerificationMagicLink`
+                }
+            },
+            getSubject() {
+                // not used - overridden in `sendEmailVerificationMagicLink`
+                return `Verify email address`;
+            },
+            getText(url, type, email) {
+                return `
+                Hey there,
+                Please confirm your email address with this link:
+                ${url}
+                For your security, the link will expire in 24 hours time.
+                ---
+                Sent to ${email}
+                If you did not make this request, you can simply delete this message. This email address will not be used.
+                `;
+            },
+            getHTML(url, type, email) {
+                return verifyEmailTemplate({url, email});
+            },
+            getSigninURL(token) {
+                // @todo: need to make this more generic?
+                const adminUrl = urlUtils.urlFor('admin', true);
+                const signinURL = new URL(adminUrl);
+                signinURL.hash = `/settings/members/?verifyEmail=${token}`;
+                return signinURL.href;
+            }
+        };
+        this.magicLinkService = new MagicLink({
+            transporter,
+            tokenProvider: singleUseTokenProvider,
+            getSigninURL,
+            getText,
+            getHTML,
+            getSubject
+        });
     }
     /**
@@ -93,7 +151,7 @@ class SettingsBREADService {
      * @returns
      */
     async edit(settings, options, stripeConnectData) {
-        const filteredSettings = settings.filter((setting) => {
+        let filteredSettings = settings.filter((setting) => {
             // The `stripe_connect_integration_token` "setting" is only used to set the `stripe_connect_*` settings.
             return ![
                 'stripe_connect_integration_token',
@@ -152,9 +210,31 @@ class SettingsBREADService {
             });
         }
-        return this.SettingsModel.edit(filteredSettings, options).then((result) => {
+        // remove any email properties that are not allowed to be set without verification
+        const {filteredSettings: refilteredSettings, emailsToVerify} = await this.prepSettingsForEmailVerification(filteredSettings, getSetting);
+        const modelArray = await this.SettingsModel.edit(refilteredSettings, options).then((result) => {
             return this._formatBrowse(_.keyBy(_.invokeMap(result, 'toJSON'), 'key'), options.context);
         });
+        return this.respondWithEmailVerification(modelArray, emailsToVerify);
+    }
+    async verifyKeyUpdate(token) {
+        const data = await this.magicLinkService.getDataFromToken(token);
+        const {key, value} = data;
+        // Verify keys (in case they ever change and we have old tokens)
+        if (!EMAIL_KEYS.includes(key)) {
+            throw new IncorrectUsageError({
+                message: 'Not allowed to update this setting key via tokens'
+            });
+        }
+        return this.SettingsModel.edit({
+            key,
+            value
+        });
     }
     /**
@@ -205,6 +285,92 @@ class SettingsBREADService {
         return settings;
     }
+    /**
+     * @private
+     */
+    async prepSettingsForEmailVerification(settings, getSetting) {
+        const filteredSettings = [];
+        const emailsToVerify = [];
+        for (const setting of settings) {
+            if (EMAIL_KEYS.includes(setting.key)) {
+                const email = setting.value;
+                const key = setting.key;
+                const hasChanged = getSetting(setting).value !== email;
+                if (await this.requiresEmailVerification({email, hasChanged})) {
+                    emailsToVerify.push({email, key});
+                } else {
+                    filteredSettings.push(setting);
+                }
+            } else {
+                filteredSettings.push(setting);
+            }
+        }
+        return {filteredSettings, emailsToVerify};
+    }
+    /**
+     * @private
+     */
+    async requiresEmailVerification({email, hasChanged}) {
+        if (!email || !hasChanged || email === 'noreply') {
+            return false;
+        }
+        // TODO: check for known/verified email
+        return true;
+    }
+    /**
+     * @private
+     */
+    async respondWithEmailVerification(settings, emailsToVerify) {
+        if (emailsToVerify.length > 0) {
+            for (const {email, key} of emailsToVerify) {
+                await this.sendEmailVerificationMagicLink({email, key});
+            }
+            settings.meta = settings.meta || {};
+            settings.meta.sent_email_verification = emailsToVerify.map(v => v.key);
+        }
+        return settings;
+    }
+    /**
+     * @private
+     */
+    async sendEmailVerificationMagicLink({email, key}) {
+        const [,toDomain] = email.split('@');
+        let fromEmail = `noreply@${toDomain}`;
+        if (fromEmail === email) {
+            fromEmail = `no-reply@${toDomain}`;
+        }
+        const {ghostMailer} = this;
+        this.magicLinkService.transporter = {
+            sendMail(message) {
+                if (process.env.NODE_ENV !== 'production') {
+                    logging.warn(message.text);
+                }
+                let msg = Object.assign({
+                    from: fromEmail,
+                    subject: 'Verify email address',
+                    forceTextContent: true
+                }, message);
+                return ghostMailer.send(msg);
+            }
+        };
+        return this.magicLinkService.sendMagicLink({email, tokenData: {key, value: email}});
+    }
 }
 module.exports = SettingsBREADService;

package/core/server/services/settings/settings-service.js CHANGED Viewed

@@ -12,6 +12,9 @@ const config = require('../../../shared/config');
 const SettingsCache = require('../../../shared/settings-cache');
 const SettingsBREADService = require('./settings-bread-service');
 const {obfuscatedSetting, isSecretSetting, hideValueIfSecret} = require('./settings-utils');
+const mail = require('../mail');
+const SingleUseTokenProvider = require('../members/SingleUseTokenProvider');
+const urlUtils = require('../../../shared/url-utils');
 const ObjectId = require('bson-objectid');
@@ -19,6 +22,8 @@ const messages = {
     incorrectKeyType: 'type must be one of "direct" or "connect".'
 };
+const MAGIC_LINK_TOKEN_VALIDITY = 24 * 60 * 60 * 1000;
 /**
  * @returns {SettingsBREADService} instance of the PostsService
  */
@@ -26,7 +31,10 @@ const getSettingsBREADServiceInstance = () => {
     return new SettingsBREADService({
         SettingsModel: models.Settings,
         settingsCache: SettingsCache,
-        labsService: labs
+        labsService: labs,
+        mail,
+        singleUseTokenProvider: new SingleUseTokenProvider(models.SingleUseToken, MAGIC_LINK_TOKEN_VALIDITY),
+        urlUtils
     });
 };

package/core/server/services/stripe/service.js CHANGED Viewed

@@ -25,7 +25,15 @@ const debouncedConfigureApi = _.debounce(() => {
 module.exports = new StripeService({
     membersService,
-    models: _.pick(models, ['Product', 'StripePrice', 'StripeCustomerSubscription', 'StripeProduct', 'MemberStripeCustomer', 'Offer', 'Settings']),
+    models: _.pick(models, [
+        'Product',
+        'StripePrice',
+        'StripeCustomerSubscription',
+        'StripeProduct',
+        'MemberStripeCustomer',
+        'Offer',
+        'Settings'
+    ]),
     StripeWebhook: {
         async get() {
             return {

package/core/server/services/webhooks/serialize.js CHANGED Viewed

@@ -13,9 +13,14 @@ module.exports = (event, model) => {
         ops.push(() => {
             let frame = {options: {previous: false, context: {user: true}}};
+            // NOTE: below options are lost in the during event processing, a more holistic approach would be
+            //       to pass them somehow along with the model
             if (['posts', 'pages'].includes(docName)) {
                 frame.options.formats = ['mobiledoc', 'html', 'plaintext'];
                 frame.options.withRelated = ['tags', 'authors'];
+                model._originalOptions = {
+                    withRelated: ['tags', 'authors']
+                };
             }
             return apiShared

package/core/server/web/admin/views/default-prod.html CHANGED Viewed

@@ -8,7 +8,7 @@
     <title>Ghost Admin</title>
-<meta name="ghost-admin/config/environment" content="%7B%22modulePrefix%22%3A%22ghost-admin%22%2C%22environment%22%3A%22production%22%2C%22rootURL%22%3A%22%2F%22%2C%22locationType%22%3A%22trailing-hash%22%2C%22EmberENV%22%3A%7B%22FEATURES%22%3A%7B%7D%2C%22EXTEND_PROTOTYPES%22%3A%7B%22Date%22%3Afalse%2C%22Array%22%3Atrue%2C%22String%22%3Atrue%2C%22Function%22%3Afalse%7D%2C%22_APPLICATION_TEMPLATE_WRAPPER%22%3Afalse%2C%22_JQUERY_INTEGRATION%22%3Atrue%2C%22_TEMPLATE_ONLY_GLIMMER_COMPONENTS%22%3Atrue%7D%2C%22APP%22%3A%7B%22version%22%3A%225.3%22%2C%22name%22%3A%22ghost-admin%22%7D%2C%22ember-simple-auth%22%3A%7B%7D%2C%22moment%22%3A%7B%22includeTimezone%22%3A%22all%22%7D%2C%22%40sentry%2Fember%22%3A%7B%22disablePerformance%22%3Atrue%2C%22sentry%22%3A%7B%7D%7D%2C%22ember-cli-mirage%22%3A%7B%22usingProxy%22%3Afalse%2C%22useDefaultPassthroughs%22%3Atrue%7D%2C%22exportApplicationGlobal%22%3Afalse%2C%22ember-load%22%3A%7B%22loadingIndicatorClass%22%3A%22ember-load-indicator%22%7D%7D" />
+<meta name="ghost-admin/config/environment" content="%7B%22modulePrefix%22%3A%22ghost-admin%22%2C%22environment%22%3A%22production%22%2C%22rootURL%22%3A%22%2F%22%2C%22locationType%22%3A%22trailing-hash%22%2C%22EmberENV%22%3A%7B%22FEATURES%22%3A%7B%7D%2C%22EXTEND_PROTOTYPES%22%3A%7B%22Date%22%3Afalse%2C%22Array%22%3Atrue%2C%22String%22%3Atrue%2C%22Function%22%3Afalse%7D%2C%22_APPLICATION_TEMPLATE_WRAPPER%22%3Afalse%2C%22_JQUERY_INTEGRATION%22%3Atrue%2C%22_TEMPLATE_ONLY_GLIMMER_COMPONENTS%22%3Atrue%7D%2C%22APP%22%3A%7B%22version%22%3A%225.5%22%2C%22name%22%3A%22ghost-admin%22%7D%2C%22ember-simple-auth%22%3A%7B%7D%2C%22moment%22%3A%7B%22includeTimezone%22%3A%22all%22%7D%2C%22%40sentry%2Fember%22%3A%7B%22disablePerformance%22%3Atrue%2C%22sentry%22%3A%7B%7D%7D%2C%22ember-cli-mirage%22%3A%7B%22usingProxy%22%3Afalse%2C%22useDefaultPassthroughs%22%3Atrue%7D%2C%22exportApplicationGlobal%22%3Afalse%2C%22ember-load%22%3A%7B%22loadingIndicatorClass%22%3A%22ember-load-indicator%22%7D%7D" />
     <meta name="HandheldFriendly" content="True" />
     <meta name="MobileOptimized" content="320" />
@@ -38,7 +38,7 @@
                 <link rel="stylesheet" href="assets/vendor.min-4a6661c574707ceca220aa2e76558995.css">
-                <link rel="stylesheet" href="assets/ghost.min-e7cfbd1800f8e99b9158f74f1e39cd76.css" title="light">
+                <link rel="stylesheet" href="assets/ghost.min-a89d10b3b58c1a5ebaca68cef93a404c.css" title="light">
@@ -56,8 +56,8 @@
 <div id="ember-basic-dropdown-wormhole"></div>
-                <script src="assets/vendor.min-4076498ccd6c8412365f43b156084ed8.js"></script>
-                <script src="assets/ghost.min-f4bba3a2a5ef256b82641345505d4f0f.js"></script>
+                <script src="assets/vendor.min-cf3af99dca0c71937669305afb3686a1.js"></script>
+                <script src="assets/ghost.min-c75f224decd20f9538179d7564cd2ab4.js"></script>
 </body>
 </html>

package/core/server/web/admin/views/default.html CHANGED Viewed

@@ -8,7 +8,7 @@
     <title>Ghost Admin</title>
-<meta name="ghost-admin/config/environment" content="%7B%22modulePrefix%22%3A%22ghost-admin%22%2C%22environment%22%3A%22production%22%2C%22rootURL%22%3A%22%2F%22%2C%22locationType%22%3A%22trailing-hash%22%2C%22EmberENV%22%3A%7B%22FEATURES%22%3A%7B%7D%2C%22EXTEND_PROTOTYPES%22%3A%7B%22Date%22%3Afalse%2C%22Array%22%3Atrue%2C%22String%22%3Atrue%2C%22Function%22%3Afalse%7D%2C%22_APPLICATION_TEMPLATE_WRAPPER%22%3Afalse%2C%22_JQUERY_INTEGRATION%22%3Atrue%2C%22_TEMPLATE_ONLY_GLIMMER_COMPONENTS%22%3Atrue%7D%2C%22APP%22%3A%7B%22version%22%3A%225.3%22%2C%22name%22%3A%22ghost-admin%22%7D%2C%22ember-simple-auth%22%3A%7B%7D%2C%22moment%22%3A%7B%22includeTimezone%22%3A%22all%22%7D%2C%22%40sentry%2Fember%22%3A%7B%22disablePerformance%22%3Atrue%2C%22sentry%22%3A%7B%7D%7D%2C%22ember-cli-mirage%22%3A%7B%22usingProxy%22%3Afalse%2C%22useDefaultPassthroughs%22%3Atrue%7D%2C%22exportApplicationGlobal%22%3Afalse%2C%22ember-load%22%3A%7B%22loadingIndicatorClass%22%3A%22ember-load-indicator%22%7D%7D" />
+<meta name="ghost-admin/config/environment" content="%7B%22modulePrefix%22%3A%22ghost-admin%22%2C%22environment%22%3A%22production%22%2C%22rootURL%22%3A%22%2F%22%2C%22locationType%22%3A%22trailing-hash%22%2C%22EmberENV%22%3A%7B%22FEATURES%22%3A%7B%7D%2C%22EXTEND_PROTOTYPES%22%3A%7B%22Date%22%3Afalse%2C%22Array%22%3Atrue%2C%22String%22%3Atrue%2C%22Function%22%3Afalse%7D%2C%22_APPLICATION_TEMPLATE_WRAPPER%22%3Afalse%2C%22_JQUERY_INTEGRATION%22%3Atrue%2C%22_TEMPLATE_ONLY_GLIMMER_COMPONENTS%22%3Atrue%7D%2C%22APP%22%3A%7B%22version%22%3A%225.5%22%2C%22name%22%3A%22ghost-admin%22%7D%2C%22ember-simple-auth%22%3A%7B%7D%2C%22moment%22%3A%7B%22includeTimezone%22%3A%22all%22%7D%2C%22%40sentry%2Fember%22%3A%7B%22disablePerformance%22%3Atrue%2C%22sentry%22%3A%7B%7D%7D%2C%22ember-cli-mirage%22%3A%7B%22usingProxy%22%3Afalse%2C%22useDefaultPassthroughs%22%3Atrue%7D%2C%22exportApplicationGlobal%22%3Afalse%2C%22ember-load%22%3A%7B%22loadingIndicatorClass%22%3A%22ember-load-indicator%22%7D%7D" />
     <meta name="HandheldFriendly" content="True" />
     <meta name="MobileOptimized" content="320" />
@@ -38,7 +38,7 @@
                 <link rel="stylesheet" href="assets/vendor.min-4a6661c574707ceca220aa2e76558995.css">
-                <link rel="stylesheet" href="assets/ghost.min-e7cfbd1800f8e99b9158f74f1e39cd76.css" title="light">
+                <link rel="stylesheet" href="assets/ghost.min-a89d10b3b58c1a5ebaca68cef93a404c.css" title="light">
@@ -56,8 +56,8 @@
 <div id="ember-basic-dropdown-wormhole"></div>
-                <script src="assets/vendor.min-4076498ccd6c8412365f43b156084ed8.js"></script>
-                <script src="assets/ghost.min-f4bba3a2a5ef256b82641345505d4f0f.js"></script>
+                <script src="assets/vendor.min-cf3af99dca0c71937669305afb3686a1.js"></script>
+                <script src="assets/ghost.min-c75f224decd20f9538179d7564cd2ab4.js"></script>
 </body>
 </html>

package/core/server/web/api/endpoints/admin/routes.js CHANGED Viewed

@@ -64,8 +64,14 @@ module.exports = function apiRoutes() {
     router.get('/settings', mw.authAdminApi, http(api.settings.browse));
     router.put('/settings', mw.authAdminApi, http(api.settings.edit));
+    router.put('/settings/verifications/', mw.authAdminApi, http(api.settings.verifyKeyUpdate));
+    /** @deprecated This endpoint is part of the old email verification flow for the support email */
     router.get('/settings/members/email', http(api.settings.validateMembersEmailUpdate));
+    /** @deprecated This endpoint is part of the old email verification flow for the support email */
     router.post('/settings/members/email', mw.authAdminApi, http(api.settings.updateMembersEmail));
     router.del('/settings/stripe/connect', mw.authAdminApi, http(api.settings.disconnectStripeConnectIntegration));
     // ## Users

package/core/server/web/api/endpoints/content/routes.js CHANGED Viewed

@@ -3,11 +3,12 @@ const cors = require('cors');
 const api = require('../../../../api').endpoints;
 const http = require('../../../../api').shared.http;
 const mw = require('./middleware');
+const config = require('../../../../../shared/config');
 module.exports = function apiRoutes() {
     const router = express.Router('content api');
-    router.use(cors());
+    router.use(cors({maxAge: config.get('caching:cors:maxAge')}));
     // ## Posts
     router.get('/posts', mw.authenticatePublic, http(api.postsPublic.browse));