Fixed import emails not sending after members/db import with integration auth

no issue

- the syntax used for fetching owner email as a fallback when `frame.user` is missing (as is the case with integration auth) was incorrectly calling `.get('email')` immediately on the Promise returned by `.getOwnerUser()` rather than waiting for that promise to resolve, this meant the email send was erroring due to a missing `to` parameter
- fixed all instances of incorrect await syntax when using `User.getOwnerUser()` and added tests to confirm expected behaviour

Author: kevinansfield

ghost/core/core/server/api/endpoints/db.js

@@ -96,7 +96,7 @@ const controller = {
             if (frame.user) {
                 email = frame.user.get('email');
             } else {
-                email = await models.User.getOwnerUser().get('email');
+                email = (await models.User.getOwnerUser()).get('email');
             }
 
             return importer.importFromFile(frame.file, {

ghost/core/core/server/api/endpoints/members.js

@@ -428,7 +428,7 @@ const controller = {
             if (frame.user) {
                 email = frame.user.get('email');
             } else {
-                email = await models.User.getOwnerUser().get('email');
+                email = (await models.User.getOwnerUser()).get('email');
             }
 
             return membersService.processImport({

ghost/core/core/server/models/post.js

@@ -914,7 +914,7 @@ Post = ghostBookshelf.Model.extend({
             let authorId = await this.contextUser(options);
             const authorExists = await ghostBookshelf.model('User').findOne({id: authorId}, {transacting: options.transacting});
             if (!authorExists) {
-                authorId = await ghostBookshelf.model('User').getOwnerUser().get('id');
+                authorId = (await ghostBookshelf.model('User').getOwnerUser()).get('id');
             }
             ops.push(async function updateRevisions() {
                 const revisionModels = await ghostBookshelf.model('PostRevision')

ghost/core/test/e2e-api/admin/__snapshots__/posts.test.js.snap

@@ -2545,3 +2545,189 @@ Object {
   "x-powered-by": "Express",
 }
 `;
+
+exports[`Posts API With integration auth can create and update a post with revisions 1: [body] 1`] = `
+Object {
+  "posts": Array [
+    Object {
+      "authors": Any<Array>,
+      "canonical_url": null,
+      "codeinjection_foot": null,
+      "codeinjection_head": null,
+      "comment_id": Any<String>,
+      "count": Object {
+        "clicks": 0,
+        "negative_feedback": 0,
+        "positive_feedback": 0,
+      },
+      "created_at": StringMatching /\\\\d\\{4\\}-\\\\d\\{2\\}-\\\\d\\{2\\}T\\\\d\\{2\\}:\\\\d\\{2\\}:\\\\d\\{2\\}\\\\\\.000Z/,
+      "custom_excerpt": null,
+      "custom_template": null,
+      "email": null,
+      "email_only": false,
+      "email_segment": "all",
+      "email_subject": null,
+      "excerpt": "Updated content for revision testing.",
+      "feature_image": null,
+      "feature_image_alt": null,
+      "feature_image_caption": null,
+      "featured": false,
+      "frontmatter": null,
+      "id": StringMatching /\\[a-f0-9\\]\\{24\\}/,
+      "lexical": "{\\"root\\":{\\"children\\":[{\\"children\\":[{\\"detail\\":0,\\"format\\":0,\\"mode\\":\\"normal\\",\\"style\\":\\"\\",\\"text\\":\\"Updated content for revision testing.\\",\\"type\\":\\"text\\",\\"version\\":1}],\\"direction\\":\\"ltr\\",\\"format\\":\\"\\",\\"indent\\":0,\\"type\\":\\"paragraph\\",\\"version\\":1}],\\"direction\\":\\"ltr\\",\\"format\\":\\"\\",\\"indent\\":0,\\"type\\":\\"root\\",\\"version\\":1}}",
+      "meta_description": null,
+      "meta_title": null,
+      "newsletter": null,
+      "og_description": null,
+      "og_image": null,
+      "og_title": null,
+      "primary_author": Any<Object>,
+      "primary_tag": Any<Object>,
+      "published_at": StringMatching /\\\\d\\{4\\}-\\\\d\\{2\\}-\\\\d\\{2\\}T\\\\d\\{2\\}:\\\\d\\{2\\}:\\\\d\\{2\\}\\\\\\.000Z/,
+      "reading_time": 0,
+      "slug": "integration-auth-test-post",
+      "status": "published",
+      "tags": Any<Array>,
+      "tiers": Array [
+        Object {
+          "active": true,
+          "created_at": StringMatching /\\\\d\\{4\\}-\\\\d\\{2\\}-\\\\d\\{2\\}T\\\\d\\{2\\}:\\\\d\\{2\\}:\\\\d\\{2\\}\\\\\\.000Z/,
+          "currency": null,
+          "description": null,
+          "id": StringMatching /\\[a-f0-9\\]\\{24\\}/,
+          "monthly_price": null,
+          "monthly_price_id": null,
+          "name": "Free",
+          "slug": "free",
+          "trial_days": 0,
+          "type": "free",
+          "updated_at": StringMatching /\\\\d\\{4\\}-\\\\d\\{2\\}-\\\\d\\{2\\}T\\\\d\\{2\\}:\\\\d\\{2\\}:\\\\d\\{2\\}\\\\\\.000Z/,
+          "visibility": "public",
+          "welcome_page_url": null,
+          "yearly_price": null,
+          "yearly_price_id": null,
+        },
+        Object {
+          "active": true,
+          "created_at": StringMatching /\\\\d\\{4\\}-\\\\d\\{2\\}-\\\\d\\{2\\}T\\\\d\\{2\\}:\\\\d\\{2\\}:\\\\d\\{2\\}\\\\\\.000Z/,
+          "currency": "usd",
+          "description": null,
+          "id": StringMatching /\\[a-f0-9\\]\\{24\\}/,
+          "monthly_price": 500,
+          "monthly_price_id": null,
+          "name": "Default Product",
+          "slug": "default-product",
+          "trial_days": 0,
+          "type": "paid",
+          "updated_at": StringMatching /\\\\d\\{4\\}-\\\\d\\{2\\}-\\\\d\\{2\\}T\\\\d\\{2\\}:\\\\d\\{2\\}:\\\\d\\{2\\}\\\\\\.000Z/,
+          "visibility": "public",
+          "welcome_page_url": null,
+          "yearly_price": 5000,
+          "yearly_price_id": null,
+        },
+      ],
+      "title": "Integration Auth Test Post",
+      "twitter_description": null,
+      "twitter_image": null,
+      "twitter_title": null,
+      "updated_at": StringMatching /\\\\d\\{4\\}-\\\\d\\{2\\}-\\\\d\\{2\\}T\\\\d\\{2\\}:\\\\d\\{2\\}:\\\\d\\{2\\}\\\\\\.000Z/,
+      "url": Any<String>,
+      "uuid": StringMatching /\\[a-f0-9\\]\\{8\\}-\\[a-f0-9\\]\\{4\\}-\\[a-f0-9\\]\\{4\\}-\\[a-f0-9\\]\\{4\\}-\\[a-f0-9\\]\\{12\\}/,
+      "visibility": "public",
+    },
+  ],
+}
+`;
+
+exports[`Posts API can create and update a post with revisions using integration auth 1: [body] 1`] = `
+Object {
+  "posts": Array [
+    Object {
+      "authors": Any<Array>,
+      "canonical_url": null,
+      "codeinjection_foot": null,
+      "codeinjection_head": null,
+      "comment_id": Any<String>,
+      "count": Object {
+        "clicks": 0,
+        "negative_feedback": 0,
+        "positive_feedback": 0,
+      },
+      "created_at": StringMatching /\\\\d\\{4\\}-\\\\d\\{2\\}-\\\\d\\{2\\}T\\\\d\\{2\\}:\\\\d\\{2\\}:\\\\d\\{2\\}\\\\\\.000Z/,
+      "custom_excerpt": null,
+      "custom_template": null,
+      "email": null,
+      "email_only": false,
+      "email_segment": "all",
+      "email_subject": null,
+      "excerpt": "Updated content for revision testing.",
+      "feature_image": null,
+      "feature_image_alt": null,
+      "feature_image_caption": null,
+      "featured": false,
+      "frontmatter": null,
+      "id": StringMatching /\\[a-f0-9\\]\\{24\\}/,
+      "lexical": "{\\"root\\":{\\"children\\":[{\\"children\\":[{\\"detail\\":0,\\"format\\":0,\\"mode\\":\\"normal\\",\\"style\\":\\"\\",\\"text\\":\\"Updated content for revision testing.\\",\\"type\\":\\"text\\",\\"version\\":1}],\\"direction\\":\\"ltr\\",\\"format\\":\\"\\",\\"indent\\":0,\\"type\\":\\"paragraph\\",\\"version\\":1}],\\"direction\\":\\"ltr\\",\\"format\\":\\"\\",\\"indent\\":0,\\"type\\":\\"root\\",\\"version\\":1}}",
+      "meta_description": null,
+      "meta_title": null,
+      "newsletter": null,
+      "og_description": null,
+      "og_image": null,
+      "og_title": null,
+      "primary_author": Any<Object>,
+      "primary_tag": Any<Object>,
+      "published_at": StringMatching /\\\\d\\{4\\}-\\\\d\\{2\\}-\\\\d\\{2\\}T\\\\d\\{2\\}:\\\\d\\{2\\}:\\\\d\\{2\\}\\\\\\.000Z/,
+      "reading_time": 0,
+      "slug": "integration-auth-test-post",
+      "status": "published",
+      "tags": Any<Array>,
+      "tiers": Array [
+        Object {
+          "active": true,
+          "created_at": StringMatching /\\\\d\\{4\\}-\\\\d\\{2\\}-\\\\d\\{2\\}T\\\\d\\{2\\}:\\\\d\\{2\\}:\\\\d\\{2\\}\\\\\\.000Z/,
+          "currency": null,
+          "description": null,
+          "id": StringMatching /\\[a-f0-9\\]\\{24\\}/,
+          "monthly_price": null,
+          "monthly_price_id": null,
+          "name": "Free",
+          "slug": "free",
+          "trial_days": 0,
+          "type": "free",
+          "updated_at": StringMatching /\\\\d\\{4\\}-\\\\d\\{2\\}-\\\\d\\{2\\}T\\\\d\\{2\\}:\\\\d\\{2\\}:\\\\d\\{2\\}\\\\\\.000Z/,
+          "visibility": "public",
+          "welcome_page_url": null,
+          "yearly_price": null,
+          "yearly_price_id": null,
+        },
+        Object {
+          "active": true,
+          "created_at": StringMatching /\\\\d\\{4\\}-\\\\d\\{2\\}-\\\\d\\{2\\}T\\\\d\\{2\\}:\\\\d\\{2\\}:\\\\d\\{2\\}\\\\\\.000Z/,
+          "currency": "usd",
+          "description": null,
+          "id": StringMatching /\\[a-f0-9\\]\\{24\\}/,
+          "monthly_price": 500,
+          "monthly_price_id": null,
+          "name": "Default Product",
+          "slug": "default-product",
+          "trial_days": 0,
+          "type": "paid",
+          "updated_at": StringMatching /\\\\d\\{4\\}-\\\\d\\{2\\}-\\\\d\\{2\\}T\\\\d\\{2\\}:\\\\d\\{2\\}:\\\\d\\{2\\}\\\\\\.000Z/,
+          "visibility": "public",
+          "welcome_page_url": null,
+          "yearly_price": 5000,
+          "yearly_price_id": null,
+        },
+      ],
+      "title": "Integration Auth Test Post",
+      "twitter_description": null,
+      "twitter_image": null,
+      "twitter_title": null,
+      "updated_at": StringMatching /\\\\d\\{4\\}-\\\\d\\{2\\}-\\\\d\\{2\\}T\\\\d\\{2\\}:\\\\d\\{2\\}:\\\\d\\{2\\}\\\\\\.000Z/,
+      "url": Any<String>,
+      "uuid": StringMatching /\\[a-f0-9\\]\\{8\\}-\\[a-f0-9\\]\\{4\\}-\\[a-f0-9\\]\\{4\\}-\\[a-f0-9\\]\\{4\\}-\\[a-f0-9\\]\\{12\\}/,
+      "visibility": "public",
+    },
+  ],
+}
+`;

ghost/core/test/e2e-api/admin/posts.test.js

@@ -664,4 +664,73 @@ describe('Posts API', function () {
                 });
         });
     });
+
+    describe('With integration auth', function () {
+        it('can create and update a post with revisions', async function () {
+            // Use Zapier integration to test integration auth scenario
+            await agent.useZapierAdminAPIKey();
+
+            const lexical = createLexical('This is content for revision testing.');
+            const postData = {
+                title: 'Integration Auth Test Post',
+                status: 'published',
+                lexical: lexical,
+                mobiledoc: null
+            };
+
+            // Create post using integration auth - this should trigger the revision creation
+            // with author fallback to owner user when contextUser returns integration context
+            const {body} = await agent
+                .post('/posts/?formats=lexical')
+                .body({posts: [postData]})
+                .expectStatus(201);
+
+            const [postResponse] = body.posts;
+            postResponse.title.should.equal('Integration Auth Test Post');
+            postResponse.status.should.equal('published');
+            postResponse.lexical.should.equal(lexical);
+
+            // Verify the post revision was created with owner user as author
+            const ownerUser = await models.User.getOwnerUser();
+            const postRevisions = await models.PostRevision
+                .where('post_id', postResponse.id)
+                .fetchAll();
+
+            postRevisions.length.should.equal(1);
+            const revision = postRevisions.at(0);
+            revision.get('lexical').should.equal(lexical);
+            revision.get('author_id').should.equal(ownerUser.get('id'));
+
+            // Update the post to ensure revision creation works properly
+            const updatedLexical = createLexical('Updated content for revision testing.');
+            await agent
+                .put(`/posts/${postResponse.id}/?formats=lexical&save_revision=true`)
+                .body({posts: [{
+                    ...postResponse,
+                    lexical: updatedLexical
+                }]})
+                .expectStatus(200);
+
+            // Verify updated revision also has owner user as author
+            const updatedRevisions = await models.PostRevision
+                .where('post_id', postResponse.id)
+                .orderBy('created_at_ts', 'desc')
+                .fetchAll();
+
+            updatedRevisions.length.should.equal(2);
+            const latestRevision = updatedRevisions.at(0);
+            latestRevision.get('lexical').should.equal(updatedLexical);
+            latestRevision.get('author_id').should.equal(ownerUser.get('id'));
+
+            // Verify the post was updated successfully
+            await agent
+                .get(`/posts/${postResponse.id}/?formats=lexical`)
+                .expectStatus(200)
+                .matchBodySnapshot({
+                    posts: [Object.assign({}, matchPostShallowIncludes, {
+                        lexical: updatedLexical
+                    })]
+                });
+        });
+    });
 });

ghost/core/test/unit/api/endpoints/db.test.js

@@ -0,0 +1,68 @@
+const assert = require('assert/strict');
+const sinon = require('sinon');
+const models = require('../../../../core/server/models');
+const dbController = require('../../../../core/server/api/endpoints/db');
+
+describe('DB controller', function () {
+    let settingsCache, importer;
+
+    before(function () {
+        models.init();
+    });
+
+    beforeEach(function () {
+        settingsCache = require('../../../../core/shared/settings-cache');
+        importer = require('../../../../core/server/data/importer');
+
+        sinon.stub(settingsCache, 'get').withArgs('timezone').returns('UTC');
+        sinon.stub(importer, 'importFromFile').resolves({
+            db: [{data: {}}],
+            problems: []
+        });
+    });
+
+    afterEach(function () {
+        sinon.restore();
+    });
+
+    describe('importContent', function () {
+        it('uses frame.user.email when frame.user is present', async function () {
+            const mockUser = {
+                get: sinon.stub().returns('[email protected]')
+            };
+            const frame = {
+                user: mockUser,
+                file: {path: 'test.json'}
+            };
+
+            await dbController.importContent.query(frame);
+
+            // Verify the user's email was used
+            assert(mockUser.get.calledWith('email'));
+            assert(importer.importFromFile.calledWith(frame.file, sinon.match({
+                user: {email: '[email protected]'}
+            })));
+        });
+
+        it('uses owner email fallback when frame.user is missing', async function () {
+            const mockOwnerUser = {
+                get: sinon.stub().returns('[email protected]')
+            };
+            sinon.stub(models.User, 'getOwnerUser').resolves(mockOwnerUser);
+
+            const frame = {
+                user: null, // No user in frame (integration auth scenario)
+                file: {path: 'test.json'}
+            };
+
+            await dbController.importContent.query(frame);
+
+            // Verify the owner fallback path was used
+            assert(models.User.getOwnerUser.calledOnce);
+            assert(mockOwnerUser.get.calledWith('email'));
+            assert(importer.importFromFile.calledWith(frame.file, sinon.match({
+                user: {email: '[email protected]'}
+            })));
+        });
+    });
+});