npm - ghost - Versions diffs - 6.40.0 → 6.41.0 - Mend

ghost 6.40.0 → 6.41.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (184) hide show

package/core/server/services/users.js CHANGED Viewed

@@ -56,24 +56,37 @@ class Users {
         this.assignTagToUserPosts = this.assignTagToUserPosts.bind(this);
     }
-    async resetAllPasswords(frameOptions) {
-        return this.models.Base.transaction(async (t) => {
-            frameOptions.transacting = t;
-            // Reset all passwords
-            const users = await this.models.User.findAll(frameOptions);
-            for (const user of users) {
-                await user.save({
-                    status: 'locked' // Prevent signins before password reset
-                }, frameOptions);
+    /**
+     * Lock every user and invalidate their password.
+     *
+     * Locked users hit `PasswordResetRequiredError` on their next signin
+     * attempt; the session endpoint catches that, generates a reset token,
+     * and emails the user *in context of their own signin*. That avoids
+     * blasting unsolicited "your password has been reset" emails to people
+     * who are not actively signing in, while still funnelling everyone
+     * through a fresh password before they regain access.
+     *
+     * @param {Object} frameOptions
+     * @returns {Promise<{count: number}>}
+     */
+    async lockAll(frameOptions) {
+        const lockUsers = async (txOptions) => {
+            // Every staff user has their password rotated. user.lock()
+            // preserves `inactive` status for suspended users so they remain
+            // on the suspended-signin path; everyone else transitions to
+            // `locked` and hits the reset-on-signin flow.
+            const users = await this.models.User.findAll(txOptions);
+            for (const user of users.models) {
+                await user.lock(txOptions);
             }
+            return users.models;
+        };
-            //Send all password resets
-            for (const user of users) {
-                const token = await this.auth.passwordreset.generateToken(user.get('email'), this.apiSettings, t);
-                await this.auth.passwordreset.sendResetNotification(token, this.apiMail);
-            }
-        });
+        const users = frameOptions.transacting
+            ? await lockUsers(frameOptions)
+            : await this.models.Base.transaction(t => lockUsers({...frameOptions, transacting: t}));
+        return {count: users.length};
     }
     async assignTagToUserPosts({id, context, transacting}) {

package/core/server/web/api/endpoints/admin/middleware.js CHANGED Viewed

@@ -23,12 +23,16 @@ const tokenPermissionCheck = function tokenPermissionCheck(req, res, next) {
     // CASE: user is requesting with staff token, check blocklist, else skip to permission system
     // Staff tokens have a user_id associated with them, integration tokens don't
     if (req.api_key?.get('user_id')) {
-        // Check if staff token is trying to access blocked endpoints
+        // Express matches routes case-insensitively but req.path preserves the
+        // original case. Normalise before comparing so a mixed-case URL can't
+        // slip past the blocklist while still routing to the lowercase handler.
         // Match both with and without trailing slash since Express routes accept both
-        const isDeleteAllContent = req.method === 'DELETE' && (req.path === '/db/' || req.path === '/db');
-        const isTransferOwnership = req.method === 'PUT' && (req.path === '/users/owner/' || req.path === '/users/owner');
+        const path = req.path.toLowerCase();
+        const isDeleteAllContent = req.method === 'DELETE' && (path === '/db/' || path === '/db');
+        const isTransferOwnership = req.method === 'PUT' && (path === '/users/owner/' || path === '/users/owner');
+        const isResetAuthentication = req.method === 'POST' && (path === '/authentication/reset/' || path === '/authentication/reset');
-        if (isDeleteAllContent || isTransferOwnership) {
+        if (isDeleteAllContent || isTransferOwnership || isResetAuthentication) {
             return next(new errors.NoPermissionError({
                 message: tpl(messages.staffTokenBlocked)
             }));

package/core/server/web/api/endpoints/admin/routes.js CHANGED Viewed

@@ -306,7 +306,7 @@ module.exports = function apiRoutes() {
     router.post('/authentication/setup', http(api.authentication.setup));
     router.put('/authentication/setup', mw.authAdminApi, http(api.authentication.updateSetup));
     router.get('/authentication/setup', http(api.authentication.isSetup));
-    router.post('/authentication/global_password_reset', mw.authAdminApi, http(api.authentication.resetAllPasswords));
+    router.post('/authentication/reset', mw.authAdminApi, http(api.authentication.reset));
     // ## Images
     router.post('/images/upload',

package/core/shared/config/defaults.json CHANGED Viewed

@@ -34,6 +34,11 @@
             "settings": {},
             "imageSizes": {},
             "gscan": {}
+        },
+        "redirects": {
+            "active": "FileStore",
+            "FileStore": {},
+            "S3RedirectsStore": {}
         }
     },
     "storage": {

package/core/shared/labs.js CHANGED Viewed

@@ -25,7 +25,8 @@ const GA_FEATURES = [
     'explore',
     'commentModeration',
     'featurebaseFeedback',
-    'giftSubscriptions'
+    'giftSubscriptions',
+    'dangerZoneResetAuth'
 ];
 // These features are considered publicly available and can be enabled/disabled by users

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "ghost",
-  "version": "6.40.0",
+  "version": "6.41.0",
   "description": "The professional publishing platform",
   "author": "Ghost Foundation",
   "homepage": "https://ghost.org",

package/core/built/admin/assets/minus-DPrXh11r.js DELETED Viewed

	@@ -1 +0,0 @@
1	- import{aq as o}from"./index-CFEzD2_M.js";const s=[["path",{d:"M5 12h14",key:"1ays0h"}]],c=o("minus",s);export{c as M};

package/core/server/services/custom-redirects/gcs-store.ts DELETED Viewed

@@ -1,117 +0,0 @@
-import {
-    CopyObjectCommand,
-    GetObjectCommand,
-    HeadObjectCommand,
-    NoSuchKey,
-    NotFound,
-    PutObjectCommand,
-    S3Client
-} from '@aws-sdk/client-s3';
-import tpl from '@tryghost/tpl';
-import * as errors from '@tryghost/errors';
-import {parseJson} from './redirect-config-parser';
-import {getBackupRedirectsFilePath} from './utils';
-import type {RedirectConfig, RedirectsStore} from './types';
-const DEFAULT_KEY = 'redirects.json';
-const messages = {
-    missingBucket: 'GCSStore requires a bucket name',
-    missingClient: 'GCSStore requires an S3 client',
-    missingResponseBody: 'S3 GetObject returned no body'
-};
-export interface GCSStoreOptions {
-    bucket: string;
-    s3Client: S3Client;
-    getBackupKey?: (key: string) => string;
-}
-/**
- * Implements RedirectsStore against an S3-compatible bucket. Reads and
- * writes a single JSON object at the configured key, keeping a
- * timestamped server-side copy of the previous contents on each
- * overwrite.
- */
-export class GCSStore implements RedirectsStore {
-    private readonly client: S3Client;
-    private readonly bucket: string;
-    private readonly getBackupKey: (key: string) => string;
-    constructor(options: GCSStoreOptions) {
-        if (!options.bucket) {
-            throw new errors.IncorrectUsageError({
-                message: tpl(messages.missingBucket)
-            });
-        }
-        if (!options.s3Client) {
-            throw new errors.IncorrectUsageError({
-                message: tpl(messages.missingClient)
-            });
-        }
-        this.bucket = options.bucket;
-        this.client = options.s3Client;
-        this.getBackupKey = options.getBackupKey || getBackupRedirectsFilePath;
-    }
-    async getAll(): Promise<RedirectConfig[]> {
-        let body: string;
-        try {
-            const response = await this.client.send(new GetObjectCommand({
-                Bucket: this.bucket,
-                Key: DEFAULT_KEY
-            }));
-            if (!response.Body) {
-                throw new errors.InternalServerError({
-                    message: tpl(messages.missingResponseBody)
-                });
-            }
-            body = await response.Body.transformToString('utf-8');
-        } catch (err) {
-            if (this._isNotFound(err)) {
-                return [];
-            }
-            throw err;
-        }
-        return parseJson(body);
-    }
-    async replaceAll(redirects: RedirectConfig[]): Promise<void> {
-        if (await this._canonicalExists()) {
-            await this.client.send(new CopyObjectCommand({
-                Bucket: this.bucket,
-                Key: this.getBackupKey(DEFAULT_KEY),
-                CopySource: `${this.bucket}/${DEFAULT_KEY}`
-            }));
-        }
-        await this.client.send(new PutObjectCommand({
-            Bucket: this.bucket,
-            Key: DEFAULT_KEY,
-            Body: JSON.stringify(redirects),
-            ContentType: 'application/json'
-        }));
-    }
-    private async _canonicalExists(): Promise<boolean> {
-        try {
-            await this.client.send(new HeadObjectCommand({
-                Bucket: this.bucket,
-                Key: DEFAULT_KEY
-            }));
-            return true;
-        } catch (err) {
-            if (this._isNotFound(err)) {
-                return false;
-            }
-            throw err;
-        }
-    }
-    private _isNotFound(err: unknown): boolean {
-        return err instanceof NotFound || err instanceof NoSuchKey;
-    }
-}

package/core/server/services/post-scheduling/post-scheduler-service.js DELETED Viewed

@@ -1,126 +0,0 @@
-const moment = require('moment');
-const errors = require('@tryghost/errors');
-const logging = require('@tryghost/logging');
-const urlUtils = require('../../../shared/url-utils');
-const {getSignedAdminToken} = require('../../adapters/scheduling/utils');
-const SCHEDULED_RESOURCES = ['post', 'page'];
-class PostSchedulerService {
-    constructor({apiUrl, internalKeys, adapter, events} = {}) {
-        if (!apiUrl) {
-            throw new errors.IncorrectUsageError({message: 'post-scheduling: no apiUrl was provided'});
-        }
-        if (!internalKeys) {
-            throw new errors.IncorrectUsageError({message: 'post-scheduling: no internalKeys was provided'});
-        }
-        this.apiUrl = apiUrl;
-        this.adapter = adapter;
-        this.internalKeys = internalKeys;
-        adapter.run();
-        SCHEDULED_RESOURCES.forEach((resource) => {
-            events.on(`${resource}.scheduled`, async (model) => {
-                try {
-                    const key = await internalKeys.get('ghost-scheduler');
-                    adapter.schedule(this.normalize({model, apiUrl, key, resourceType: resource}));
-                } catch (err) {
-                    logging.error({
-                        event: {name: 'post-scheduling.schedule.error'},
-                        err,
-                        resource,
-                        id: model.get('id')
-                    }, 'Failed to schedule resource');
-                }
-            });
-            /** We want to do reschedule as (unschedule + schedule) due to how token(+url) is generated
-             * We want to first remove existing schedule by generating a matching token(+url)
-             * followed by generating a new token(+url) for the new schedule
-            */
-            events.on(`${resource}.rescheduled`, async (model) => {
-                try {
-                    const key = await internalKeys.get('ghost-scheduler');
-                    adapter.unschedule(this.normalize({model, apiUrl, key, resourceType: resource}, 'unscheduled'));
-                    adapter.schedule(this.normalize({model, apiUrl, key, resourceType: resource}));
-                } catch (err) {
-                    logging.error({
-                        event: {name: 'post-scheduling.reschedule.error'},
-                        err,
-                        resource,
-                        id: model.get('id')
-                    }, 'Failed to reschedule resource');
-                }
-            });
-            events.on(`${resource}.unscheduled`, async (model) => {
-                try {
-                    const key = await internalKeys.get('ghost-scheduler');
-                    adapter.unschedule(this.normalize({model, apiUrl, key, resourceType: resource}, 'unscheduled'));
-                } catch (err) {
-                    logging.error({
-                        event: {name: 'post-scheduling.unschedule.error'},
-                        err,
-                        resource,
-                        id: model.get('id')
-                    }, 'Failed to unschedule resource');
-                }
-            });
-        });
-    }
-    /**
-     * Re-issue every queued schedule. On boot the caller passes the resources
-     * loaded from the DB. For key rotation, the caller additionally passes
-     * `previousKey` so unschedule URLs reproduce the entries the adapter
-     * already has (signed under the previous secret); schedule URLs are
-     * reissued under the current secret.
-     *
-     * @param {Object} scheduledResources - {post: [...], page: [...]}
-     * @param {Object} [opts]
-     * @param {{id: string, secret: string}} [opts.previousKey]
-     */
-    async reschedule(scheduledResources, {previousKey} = {}) {
-        const currentKey = await this.internalKeys.get('ghost-scheduler');
-        const unscheduleKey = previousKey ?? currentKey;
-        for (const resourceType of Object.keys(scheduledResources)) {
-            for (const model of scheduledResources[resourceType]) {
-                this.adapter.unschedule(
-                    this.normalize({model, apiUrl: this.apiUrl, key: unscheduleKey, resourceType}),
-                    {bootstrap: true}
-                );
-                this.adapter.schedule(
-                    this.normalize({model, apiUrl: this.apiUrl, key: currentKey, resourceType})
-                );
-            }
-        }
-    }
-    /**
-     * @description Normalize model data into scheduler notation.
-     * @param {Object} options
-     * @return {Object}
-     */
-    normalize({model, apiUrl, resourceType, key}, event = '') {
-        const resource = `${resourceType}s`;
-        const publishedAt = (event === 'unscheduled') ? model.previous('published_at') : model.get('published_at');
-        const signedAdminToken = getSignedAdminToken({publishedAt, apiUrl, key});
-        let url = `${urlUtils.urlJoin(apiUrl, 'schedules', resource, model.get('id'))}/?token=${signedAdminToken}`;
-        return {
-            // NOTE: The scheduler expects a unix timestamp.
-            time: moment(publishedAt).valueOf(),
-            url: url,
-            extra: {
-                httpMethod: 'PUT',
-                oldTime: model.previous('published_at') ? moment(model.previous('published_at')).valueOf() : null
-            }
-        };
-    }
-}
-module.exports = PostSchedulerService;