TryGhost/Ghost
1
0
Fork 0
mirror of https://github.com/TryGhost/Ghost.git synced 2024-12-22 02:11:44 +03:00
Code Issues Projects Releases Wiki Activity
3d68cd4544
Ghost/ghost/core/test/e2e-frontend/members.test.js

600 lines
24 KiB
JavaScript
Raw Normal View History

Added the `last_seen_at` update on member page view refs https://github.com/TryGhost/Team/issues/1306 - This adds a `MemberPageViewEvent` event when a page is viewed by a member (post/page/tag/author/...) - Integrates the `LastSeenAtUpdater` service that listens to the `MemberPageViewEvent` events to update `member.last_seen_at` - Follows the latest testing recommendation (end to end test + testing for side-effects)
2022-02-24 12:33:24 +03:00
const assert = require('assert');
Extracted members-specific middleware from site app module (#11405) no issue - In order to keep site/app.js module tidy and less coupled with members module we need to extract some of the functionality where it belongs conceptually - Added "members enabled check" middleware to stripe webhook endpoint - Reshuffled members middleware so that siteApp is in control of mounting points. This is meant to be a more explicit way to see which endpoints are being handled by members middleware - Extracted member-specific public file middleware - Unified use of `labs.member` alias method. Done for code style consistency - Added basic members' test suite. This is a base we could work from when more modifications are needed - Removed route handler for unexisting members file "members-theme-bindings.js". Calling this route otherwise causes a 500. Looks like a leftover from 49672a1e4d268683feb67a574429b910417100c1
2019-11-21 06:01:24 +03:00
const should = require('should');
const sinon = require('sinon');
const supertest = require('supertest');
🐛 Fixed complimentary members' content gating (#12761) no issue Comped members were not able to view paid-member content because content gating was only looking for `member.status === 'paid'` which doesn't take into consideration members on a "complimentary" plan. - added front-end acceptance tests for member access to posts - updated content-gating check to take comped members into consideration
2021-03-15 09:13:48 +03:00
const moment = require('moment');
🐛 Fixed public/members.js request path - removed trailing slash typo - moved tests out of regression & renamed
2020-04-27 14:44:00 +03:00
const testUtils = require('../utils');
const configUtils = require('../utils/configUtils');
Moved settings/cache to shared/settings-cache - This is part of the quest to separate the frontend and server & get rid of all the places where there are cross-requires - At the moment the settings cache is one big shared cache used by the frontend and server liberally - This change doesn't really solve the fundamental problems, as we still depend on events, and requires from inside frontend - However it allows us to control the misuse slightly better by getting rid of restricted requires and turning on that eslint ruleset
2021-06-30 16:56:57 +03:00
const settingsCache = require('../../core/shared/settings-cache');
Added the `last_seen_at` update on member page view refs https://github.com/TryGhost/Team/issues/1306 - This adds a `MemberPageViewEvent` event when a page is viewed by a member (post/page/tag/author/...) - Integrates the `LastSeenAtUpdater` service that listens to the `MemberPageViewEvent` events to update `member.last_seen_at` - Follows the latest testing recommendation (end to end test + testing for side-effects)
2022-02-24 12:33:24 +03:00
const DomainEvents = require('@tryghost/domain-events');
const {MemberPageViewEvent} = require('@tryghost/member-events');
const models = require('../../core/server/models');
Added homepage redirect for unsubscribe urls refs https://github.com/TryGhost/Team/issues/1495 With multiple newsletters, members are allowed to manage their newsletter pref via email unsubscribe link with member uuid. Since Portal is now taking over handling unsubscribe for members, we don't need to keep the current `/unsubscribe` page as Portal can load the member's newsletter pref on site home page directly. The redirect change is only enabled behind the `multipleNewslettersUI` flag as its in beta.
2022-04-28 11:03:07 +03:00
const {mockManager} = require('../utils/e2e-framework');
Added member endpoints for managing newsletter subscriptions (#14624) refs TryGhost/Team#1495 With multiple newsletters, members are allowed to manage their newsletter pref via email unsubscribe link with member uuid. Since Portal needs to manage member's newsletter pref via their UUID, we need new endpoints on members that allow fetch/update of newsletter subscriptions via only uuid. The endpoints return only limited data for a member that are needed for the UI. - adds endpoint to fetch newsletter subscriptions for member via uuid - adds endpoint to update newsletter subscriptions for member via uuid
2022-04-28 14:44:17 +03:00
const DataGenerator = require('../utils/fixtures/data-generator');
Extracted members-specific middleware from site app module (#11405) no issue - In order to keep site/app.js module tidy and less coupled with members module we need to extract some of the functionality where it belongs conceptually - Added "members enabled check" middleware to stripe webhook endpoint - Reshuffled members middleware so that siteApp is in control of mounting points. This is meant to be a more explicit way to see which endpoints are being handled by members middleware - Extracted member-specific public file middleware - Unified use of `labs.member` alias method. Done for code style consistency - Added basic members' test suite. This is a base we could work from when more modifications are needed - Removed route handler for unexisting members file "members-theme-bindings.js". Calling this route otherwise causes a 500. Looks like a leftover from 49672a1e4d268683feb67a574429b910417100c1
2019-11-21 06:01:24 +03:00
Used consistent patterns in acceptance tests - use testUtils.startGhost() directly - use async+await for tests - simplify tests down using expect(fn) to make them more readable - don't require config directly - removed TODO which is no longer valid - All this is essentially ground work before introducing a better framework for running acceptance tests
2021-05-27 19:50:14 +03:00
function assertContentIsPresent(res) {
res.text.should.containEql('<h2 id="markdown">markdown</h2>');
}
function assertContentIsAbsent(res) {
res.text.should.not.containEql('<h2 id="markdown">markdown</h2>');
}
Fixed the typo refs https://github.com/TryGhost/Ghost/commit/e9bfc4ef01f212f7125d448ba84a09193a0f6735 - Did a typo in the find and replace... and now correcting a typo of a typo -_-
2022-08-04 17:36:40 +03:00
describe('Front-end members behavior', function () {
Extracted members-specific middleware from site app module (#11405) no issue - In order to keep site/app.js module tidy and less coupled with members module we need to extract some of the functionality where it belongs conceptually - Added "members enabled check" middleware to stripe webhook endpoint - Reshuffled members middleware so that siteApp is in control of mounting points. This is meant to be a more explicit way to see which endpoints are being handled by members middleware - Extracted member-specific public file middleware - Unified use of `labs.member` alias method. Done for code style consistency - Added basic members' test suite. This is a base we could work from when more modifications are needed - Removed route handler for unexisting members file "members-theme-bindings.js". Calling this route otherwise causes a 500. Looks like a leftover from 49672a1e4d268683feb67a574429b910417100c1
2019-11-21 06:01:24 +03:00
let request;
✨ Added support for gating content by member labels and products (#12946) refs https://github.com/TryGhost/Team/issues/581 closes https://github.com/TryGhost/Team/issues/582 Emails can now be sent to members with specific associated labels or products by specifying an NQL string. We want to bring the same members segment feature to content by allowing `visibility` to be an NQL filter string on top of the `public/members/paid` special-case strings. As an example it's possible to set `posts.visibility` to `label:vip` to make a post available only to those members with the `vip` label. - removed enum validations for `visibility` so it now accepts any string or `null` - bumped `@tryghost/admin-api-schema` for API-level validation changes - added nql validation to API input validators by running the visibility query against the members model - added transform of NQL to special-case visibility values when saving post model - ensures there's a single way of representing "members" and "paid" where NQL gives multiple ways of representing the same segment - useful for keeping theme-level checks such as `{{#has visibility="paid"}}` working as expected - updated content-gating to parse nql from post's visibility and use it to query the currently logged in member to see if there's a match - bumped @tryghost/members-api to include label and product data when loading member
2021-05-10 21:32:11 +03:00
async function loginAsMember(email) {
🔒 Prevented member creation when logging in (#15526) fixes https://github.com/TryGhost/Ghost/issues/14508 This change requires the frontend to send an explicit `emailType` when sending a magic link. We default to `subscribe` (`signin` for invite only sites) for now to remain compatible with the existing behaviour. **Problem:** When a member tries to login and that member doesn't exist, we created a new member in the past. - This caused the creation of duplicate accounts when members were guessing the email address they used. - This caused the creation of new accounts when using an old impersonation token, login link or email change link that was sent before member deletion. **Fixed:** - Trying to login with an email address that doesn't exist will throw an error now. - Added new and separate rate limiting to login (to prevent user enumeration). This rate limiting has a higher default limit of 8. I think it needs a higher default limit (because it is rate limited on every call instead of per email address. And it should be configurable independent from administrator rate limiting. It also needs a lower lifetime value because it is never reset. - Updated error responses in the `sendMagicLink` endpoint to use the default error encoding middleware. - The type (`signin`, `signup`, `updateEmail` or `subscribe`) is now stored in the magic link. This is used to prevent signups with a sign in token. **Notes:** - Between tests, we truncate the database, but this is not enough for the rate limits to be truly reset. I had to add a method to the spam prevention service to reset all the instances between tests. Not resetting them caused random failures because every login in every test was hitting those spam prevention middlewares and somehow left a trace of that in those instances (even when the brute table is reset). Maybe those instances were doing some in memory caching.
2022-10-05 13:42:42 +03:00
// Member should exist, because we are signin in
await models.Member.findOne({email}, {require: true});
✨ Added support for gating content by member labels and products (#12946) refs https://github.com/TryGhost/Team/issues/581 closes https://github.com/TryGhost/Team/issues/582 Emails can now be sent to members with specific associated labels or products by specifying an NQL string. We want to bring the same members segment feature to content by allowing `visibility` to be an NQL filter string on top of the `public/members/paid` special-case strings. As an example it's possible to set `posts.visibility` to `label:vip` to make a post available only to those members with the `vip` label. - removed enum validations for `visibility` so it now accepts any string or `null` - bumped `@tryghost/admin-api-schema` for API-level validation changes - added nql validation to API input validators by running the visibility query against the members model - added transform of NQL to special-case visibility values when saving post model - ensures there's a single way of representing "members" and "paid" where NQL gives multiple ways of representing the same segment - useful for keeping theme-level checks such as `{{#has visibility="paid"}}` working as expected - updated content-gating to parse nql from post's visibility and use it to query the currently logged in member to see if there's a match - bumped @tryghost/members-api to include label and product data when loading member
2021-05-10 21:32:11 +03:00
// membersService needs to be required after Ghost start so that settings
// are pre-populated with defaults
const membersService = require('../../core/server/services/members');
🔒 Prevented member creation when logging in (#15526) fixes https://github.com/TryGhost/Ghost/issues/14508 This change requires the frontend to send an explicit `emailType` when sending a magic link. We default to `subscribe` (`signin` for invite only sites) for now to remain compatible with the existing behaviour. **Problem:** When a member tries to login and that member doesn't exist, we created a new member in the past. - This caused the creation of duplicate accounts when members were guessing the email address they used. - This caused the creation of new accounts when using an old impersonation token, login link or email change link that was sent before member deletion. **Fixed:** - Trying to login with an email address that doesn't exist will throw an error now. - Added new and separate rate limiting to login (to prevent user enumeration). This rate limiting has a higher default limit of 8. I think it needs a higher default limit (because it is rate limited on every call instead of per email address. And it should be configurable independent from administrator rate limiting. It also needs a lower lifetime value because it is never reset. - Updated error responses in the `sendMagicLink` endpoint to use the default error encoding middleware. - The type (`signin`, `signup`, `updateEmail` or `subscribe`) is now stored in the magic link. This is used to prevent signups with a sign in token. **Notes:** - Between tests, we truncate the database, but this is not enough for the rate limits to be truly reset. I had to add a method to the spam prevention service to reset all the instances between tests. Not resetting them caused random failures because every login in every test was hitting those spam prevention middlewares and somehow left a trace of that in those instances (even when the brute table is reset). Maybe those instances were doing some in memory caching.
2022-10-05 13:42:42 +03:00
const signinLink = await membersService.api.getMagicLink(email, 'signin');
✨ Added support for gating content by member labels and products (#12946) refs https://github.com/TryGhost/Team/issues/581 closes https://github.com/TryGhost/Team/issues/582 Emails can now be sent to members with specific associated labels or products by specifying an NQL string. We want to bring the same members segment feature to content by allowing `visibility` to be an NQL filter string on top of the `public/members/paid` special-case strings. As an example it's possible to set `posts.visibility` to `label:vip` to make a post available only to those members with the `vip` label. - removed enum validations for `visibility` so it now accepts any string or `null` - bumped `@tryghost/admin-api-schema` for API-level validation changes - added nql validation to API input validators by running the visibility query against the members model - added transform of NQL to special-case visibility values when saving post model - ensures there's a single way of representing "members" and "paid" where NQL gives multiple ways of representing the same segment - useful for keeping theme-level checks such as `{{#has visibility="paid"}}` working as expected - updated content-gating to parse nql from post's visibility and use it to query the currently logged in member to see if there's a match - bumped @tryghost/members-api to include label and product data when loading member
2021-05-10 21:32:11 +03:00
const signinURL = new URL(signinLink);
// request needs a relative path rather than full url with host
const signinPath = `${signinURL.pathname}${signinURL.search}`;
// perform a sign-in request to set members cookies on superagent
await request.get(signinPath)
.expect(302)
Used consistent patterns in acceptance tests - use testUtils.startGhost() directly - use async+await for tests - simplify tests down using expect(fn) to make them more readable - don't require config directly - removed TODO which is no longer valid - All this is essentially ground work before introducing a better framework for running acceptance tests
2021-05-27 19:50:14 +03:00
.expect((res) => {
✨ Added support for gating content by member labels and products (#12946) refs https://github.com/TryGhost/Team/issues/581 closes https://github.com/TryGhost/Team/issues/582 Emails can now be sent to members with specific associated labels or products by specifying an NQL string. We want to bring the same members segment feature to content by allowing `visibility` to be an NQL filter string on top of the `public/members/paid` special-case strings. As an example it's possible to set `posts.visibility` to `label:vip` to make a post available only to those members with the `vip` label. - removed enum validations for `visibility` so it now accepts any string or `null` - bumped `@tryghost/admin-api-schema` for API-level validation changes - added nql validation to API input validators by running the visibility query against the members model - added transform of NQL to special-case visibility values when saving post model - ensures there's a single way of representing "members" and "paid" where NQL gives multiple ways of representing the same segment - useful for keeping theme-level checks such as `{{#has visibility="paid"}}` working as expected - updated content-gating to parse nql from post's visibility and use it to query the currently logged in member to see if there's a match - bumped @tryghost/members-api to include label and product data when loading member
2021-05-10 21:32:11 +03:00
const redirectUrl = new URL(res.headers.location, testUtils.API.getURL());
should.exist(redirectUrl.searchParams.get('success'));
redirectUrl.searchParams.get('success').should.eql('true');
});
}
Refactored acceptance tests to use async-await - refactoring the acceptance tests to use async-await removes all the Promise chaining we had, and streamlines the coding styles we have across the code so test files are more alike
2020-11-30 17:25:22 +03:00
before(async function () {
Enabled Members for all sites (#12582) no-issue This removes all references to the members labs setting, any code that was run conditionally behind this flag now runs unconditionally. * Removed usage of Members labs flag * Removed tests for Members disabled * Added dynamic keypair generation for when setting is missing
2021-01-28 21:07:45 +03:00
const originalSettingsCacheGetFn = settingsCache.get;
Extracted members-specific middleware from site app module (#11405) no issue - In order to keep site/app.js module tidy and less coupled with members module we need to extract some of the functionality where it belongs conceptually - Added "members enabled check" middleware to stripe webhook endpoint - Reshuffled members middleware so that siteApp is in control of mounting points. This is meant to be a more explicit way to see which endpoints are being handled by members middleware - Extracted member-specific public file middleware - Unified use of `labs.member` alias method. Done for code style consistency - Added basic members' test suite. This is a base we could work from when more modifications are needed - Removed route handler for unexisting members file "members-theme-bindings.js". Calling this route otherwise causes a 500. Looks like a leftover from 49672a1e4d268683feb67a574429b910417100c1
2019-11-21 06:01:24 +03:00
Enabled Members for all sites (#12582) no-issue This removes all references to the members labs setting, any code that was run conditionally behind this flag now runs unconditionally. * Removed usage of Members labs flag * Removed tests for Members disabled * Added dynamic keypair generation for when setting is missing
2021-01-28 21:07:45 +03:00
sinon.stub(settingsCache, 'get').callsFake(function (key, options) {
if (key === 'labs') {
return {members: true};
}
Extracted members-specific middleware from site app module (#11405) no issue - In order to keep site/app.js module tidy and less coupled with members module we need to extract some of the functionality where it belongs conceptually - Added "members enabled check" middleware to stripe webhook endpoint - Reshuffled members middleware so that siteApp is in control of mounting points. This is meant to be a more explicit way to see which endpoints are being handled by members middleware - Extracted member-specific public file middleware - Unified use of `labs.member` alias method. Done for code style consistency - Added basic members' test suite. This is a base we could work from when more modifications are needed - Removed route handler for unexisting members file "members-theme-bindings.js". Calling this route otherwise causes a 500. Looks like a leftover from 49672a1e4d268683feb67a574429b910417100c1
2019-11-21 06:01:24 +03:00
🐛 Fixed @price template data to work with price helper (#12764) closes https://github.com/TryGhost/Team/issues/545 The price helper requires an object with amount & currency properties to work correctly. This updates the @price data object to expose these. In order to maintain backward compatibility with using the @price data as primitive number values, we add a valueOf method which returns the legacy dollar amount value. This means you can use {{price @price.monthly}} OR {{@price.monthly}} - the second of which will output the dollar amount. A new theme fixture was added to test both usages of the @price data
2021-03-18 19:13:10 +03:00
if (key === 'active_theme') {
Renamed & cleaned up price data test theme fixture refs: https://github.com/TryGhost/Toolbox/issues/168 - Having large theme fixtures makes tests run slower, so we're working to reduce them - This fixture was a full copy of a very old version of Casper, but all we needed was a handful of files so that the tests can run - This theme is also used for testing members, not just price data so I've renamed it for clarity - The remaining files is the bare minimum we need to test these features
2022-01-24 12:52:25 +03:00
return 'members-test-theme';
🐛 Fixed @price template data to work with price helper (#12764) closes https://github.com/TryGhost/Team/issues/545 The price helper requires an object with amount & currency properties to work correctly. This updates the @price data object to expose these. In order to maintain backward compatibility with using the @price data as primitive number values, we add a valueOf method which returns the legacy dollar amount value. This means you can use {{price @price.monthly}} OR {{@price.monthly}} - the second of which will output the dollar amount. A new theme fixture was added to test both usages of the @price data
2021-03-18 19:13:10 +03:00
}
Enabled Members for all sites (#12582) no-issue This removes all references to the members labs setting, any code that was run conditionally behind this flag now runs unconditionally. * Removed usage of Members labs flag * Removed tests for Members disabled * Added dynamic keypair generation for when setting is missing
2021-01-28 21:07:45 +03:00
return originalSettingsCacheGetFn(key, options);
Extracted members-specific middleware from site app module (#11405) no issue - In order to keep site/app.js module tidy and less coupled with members module we need to extract some of the functionality where it belongs conceptually - Added "members enabled check" middleware to stripe webhook endpoint - Reshuffled members middleware so that siteApp is in control of mounting points. This is meant to be a more explicit way to see which endpoints are being handled by members middleware - Extracted member-specific public file middleware - Unified use of `labs.member` alias method. Done for code style consistency - Added basic members' test suite. This is a base we could work from when more modifications are needed - Removed route handler for unexisting members file "members-theme-bindings.js". Calling this route otherwise causes a 500. Looks like a leftover from 49672a1e4d268683feb67a574429b910417100c1
2019-11-21 06:01:24 +03:00
});
Improved performance of `prepareContentFolder` function fixes https://github.com/TryGhost/Toolbox/issues/150 - up until now, the test framework has copied all theme fixtures to the test directory when it boots Ghost - the vast majority of tests don't need all the themes, so this is quite a wasteful operation - this commit disables copying all themes by default, and provides the `copyThemes` boot option to enable this - also adds a `copySettings` option, and defaults `redirectsFile` to false to further reduce the number of file copies
2022-01-04 14:53:07 +03:00
await testUtils.startGhost({
copyThemes: true
});
Added member endpoints for managing newsletter subscriptions (#14624) refs TryGhost/Team#1495 With multiple newsletters, members are allowed to manage their newsletter pref via email unsubscribe link with member uuid. Since Portal needs to manage member's newsletter pref via their UUID, we need new endpoints on members that allow fetch/update of newsletter subscriptions via only uuid. The endpoints return only limited data for a member that are needed for the UI. - adds endpoint to fetch newsletter subscriptions for member via uuid - adds endpoint to update newsletter subscriptions for member via uuid
2022-04-28 14:44:17 +03:00
await testUtils.initFixtures('newsletters', 'members:newsletters');
🐛 Fixed @price template data to work with price helper (#12764) closes https://github.com/TryGhost/Team/issues/545 The price helper requires an object with amount & currency properties to work correctly. This updates the @price data object to expose these. In order to maintain backward compatibility with using the @price data as primitive number values, we add a valueOf method which returns the legacy dollar amount value. This means you can use {{price @price.monthly}} OR {{@price.monthly}} - the second of which will output the dollar amount. A new theme fixture was added to test both usages of the @price data
2021-03-18 19:13:10 +03:00
request = supertest.agent(configUtils.config.get('url'));
Enabled Members for all sites (#12582) no-issue This removes all references to the members labs setting, any code that was run conditionally behind this flag now runs unconditionally. * Removed usage of Members labs flag * Removed tests for Members disabled * Added dynamic keypair generation for when setting is missing
2021-01-28 21:07:45 +03:00
});
after(function () {
sinon.restore();
});
Extracted members-specific middleware from site app module (#11405) no issue - In order to keep site/app.js module tidy and less coupled with members module we need to extract some of the functionality where it belongs conceptually - Added "members enabled check" middleware to stripe webhook endpoint - Reshuffled members middleware so that siteApp is in control of mounting points. This is meant to be a more explicit way to see which endpoints are being handled by members middleware - Extracted member-specific public file middleware - Unified use of `labs.member` alias method. Done for code style consistency - Added basic members' test suite. This is a base we could work from when more modifications are needed - Removed route handler for unexisting members file "members-theme-bindings.js". Calling this route otherwise causes a 500. Looks like a leftover from 49672a1e4d268683feb67a574429b910417100c1
2019-11-21 06:01:24 +03:00
🐛 Fixed complimentary members' content gating (#12761) no issue Comped members were not able to view paid-member content because content gating was only looking for `member.status === 'paid'` which doesn't take into consideration members on a "complimentary" plan. - added front-end acceptance tests for member access to posts - updated content-gating check to take comped members into consideration
2021-03-15 09:13:48 +03:00
describe('Member routes', function () {
Enabled Members for all sites (#12582) no-issue This removes all references to the members labs setting, any code that was run conditionally behind this flag now runs unconditionally. * Removed usage of Members labs flag * Removed tests for Members disabled * Added dynamic keypair generation for when setting is missing
2021-01-28 21:07:45 +03:00
it('should error serving webhook endpoint without any parameters', async function () {
await request.post('/members/webhooks/stripe')
.expect(400);
Extracted members-specific middleware from site app module (#11405) no issue - In order to keep site/app.js module tidy and less coupled with members module we need to extract some of the functionality where it belongs conceptually - Added "members enabled check" middleware to stripe webhook endpoint - Reshuffled members middleware so that siteApp is in control of mounting points. This is meant to be a more explicit way to see which endpoints are being handled by members middleware - Extracted member-specific public file middleware - Unified use of `labs.member` alias method. Done for code style consistency - Added basic members' test suite. This is a base we could work from when more modifications are needed - Removed route handler for unexisting members file "members-theme-bindings.js". Calling this route otherwise causes a 500. Looks like a leftover from 49672a1e4d268683feb67a574429b910417100c1
2019-11-21 06:01:24 +03:00
});
Fixed e2e-framework to correctly compare headers refs https://github.com/TryGhost/Toolbox/issues/209 refs https://github.com/TryGhost/Toolbox/issues/210 - Fixed request header processing by the e2e-framework where it failed to lowercase incoming header keys. This bug made it harder to test code paths which involve header checking, e.g. following code: `req.headers['stripe-signature']` would not get a correct value if the header was specified as Stripe-Signature - Additional output to the status code assertions was added - this allows to have more context when an invalid response code comes back in a test.
2022-02-15 14:38:45 +03:00
it('should fail processing a webhook endpoint with stripe header', async function () {
await request.post('/members/webhooks/stripe')
.set('Stripe-Signature', 'test-invalid-signature')
.expect(401);
});
Fixed tests for logged out member session response refs https://github.com/TryGhost/Ghost/commit/24b2a8246109a3a154151a37529ead635c65e02c
2021-07-30 08:14:19 +03:00
it('should return no content for invalid token passed in session', async function () {
Enabled Members for all sites (#12582) no-issue This removes all references to the members labs setting, any code that was run conditionally behind this flag now runs unconditionally. * Removed usage of Members labs flag * Removed tests for Members disabled * Added dynamic keypair generation for when setting is missing
2021-01-28 21:07:45 +03:00
await request.get('/members/api/session')
Fixed tests for logged out member session response refs https://github.com/TryGhost/Ghost/commit/24b2a8246109a3a154151a37529ead635c65e02c
2021-07-30 08:14:19 +03:00
.expect(204);
Enabled Members for all sites (#12582) no-issue This removes all references to the members labs setting, any code that was run conditionally behind this flag now runs unconditionally. * Removed usage of Members labs flag * Removed tests for Members disabled * Added dynamic keypair generation for when setting is missing
2021-01-28 21:07:45 +03:00
});
it('should return no content when removing member sessions', async function () {
await request.del('/members/api/session')
.expect(204);
});
it('should error for invalid member token on member data endpoint', async function () {
await request.get('/members/api/member')
Updated tests for member endpoint refs https://github.com/TryGhost/Team/issues/560 refs https://github.com/TryGhost/Ghost/commit/196cdafe6b68fc5b1412b03a7ab91897eebbe702 Last commit updated the response status for member endpoint - `/members/api/member` - from 401 to 204. This change updates the test to handle new response code.
2021-05-13 13:05:14 +03:00
.expect(204);
Enabled Members for all sites (#12582) no-issue This removes all references to the members labs setting, any code that was run conditionally behind this flag now runs unconditionally. * Removed usage of Members labs flag * Removed tests for Members disabled * Added dynamic keypair generation for when setting is missing
2021-01-28 21:07:45 +03:00
});
it('should error for invalid data on member magic link endpoint', async function () {
await request.post('/members/api/send-magic-link')
.expect(400);
});
Extracted members-specific middleware from site app module (#11405) no issue - In order to keep site/app.js module tidy and less coupled with members module we need to extract some of the functionality where it belongs conceptually - Added "members enabled check" middleware to stripe webhook endpoint - Reshuffled members middleware so that siteApp is in control of mounting points. This is meant to be a more explicit way to see which endpoints are being handled by members middleware - Extracted member-specific public file middleware - Unified use of `labs.member` alias method. Done for code style consistency - Added basic members' test suite. This is a base we could work from when more modifications are needed - Removed route handler for unexisting members file "members-theme-bindings.js". Calling this route otherwise causes a 500. Looks like a leftover from 49672a1e4d268683feb67a574429b910417100c1
2019-11-21 06:01:24 +03:00
Enabled Members for all sites (#12582) no-issue This removes all references to the members labs setting, any code that was run conditionally behind this flag now runs unconditionally. * Removed usage of Members labs flag * Removed tests for Members disabled * Added dynamic keypair generation for when setting is missing
2021-01-28 21:07:45 +03:00
it('should error for invalid data on members create checkout session endpoint', async function () {
await request.post('/members/api/create-stripe-checkout-session')
.expect(400);
});
Fixed failing checkout session creation for offers (#14855) - checkout session creation was failing when setup with `offerId` instead of `tierId` and `cadence` - updates `members-api` to ignore cadence check to allow creation using `offerId` present in request
2022-05-18 12:40:07 +03:00
//TODO: Remove 500 expect once tests are wired up with Stripe
it('should not throw 400 for using offer id on members create checkout session endpoint', async function () {
await request.post('/members/api/create-stripe-checkout-session')
.send({
offerId: '62826b1b6dccb3e3e997ebd4',
identity: null,
metadata: {
name: 'Jamie Larsen'
},
cancelUrl: 'https://example.com/blog/?stripe=cancel',
customerEmail: 'jamie@example.com',
tierId: null,
cadence: null
})
.expect(500);
});
Enabled Members for all sites (#12582) no-issue This removes all references to the members labs setting, any code that was run conditionally behind this flag now runs unconditionally. * Removed usage of Members labs flag * Removed tests for Members disabled * Added dynamic keypair generation for when setting is missing
2021-01-28 21:07:45 +03:00
it('should error for invalid data on members create update session endpoint', async function () {
await request.post('/members/api/create-stripe-update-session')
.expect(400);
});
Extracted members-specific middleware from site app module (#11405) no issue - In order to keep site/app.js module tidy and less coupled with members module we need to extract some of the functionality where it belongs conceptually - Added "members enabled check" middleware to stripe webhook endpoint - Reshuffled members middleware so that siteApp is in control of mounting points. This is meant to be a more explicit way to see which endpoints are being handled by members middleware - Extracted member-specific public file middleware - Unified use of `labs.member` alias method. Done for code style consistency - Added basic members' test suite. This is a base we could work from when more modifications are needed - Removed route handler for unexisting members file "members-theme-bindings.js". Calling this route otherwise causes a 500. Looks like a leftover from 49672a1e4d268683feb67a574429b910417100c1
2019-11-21 06:01:24 +03:00
Added missing `return` in create-stripe-update-session no issue - Return was missing for `res.end` if an invalid subscription_id was passed - Added explicit `text/plain` `Content-Type` headers to error messages to avoid MIME sniffing Signed-off-by: Elijah Conners <business@elijahpepe.com> Co-authored-by: Simon Backx <simon@ghost.org>
2022-08-29 15:02:58 +03:00
it('should error for invalid subscription id on members create update session endpoint', async function () {
const membersService = require('../../core/server/services/members');
const email = 'test-member-create-update-session@email.com';
await membersService.api.members.create({email});
const token = await membersService.api.getMemberIdentityToken(email);
await request.post('/members/api/create-stripe-update-session')
.send({
identity: token,
subscription_id: 'invalid'
})
.expect(404)
.expect('Content-Type', 'text/plain;charset=UTF-8')
.expect((res) => {
res.text.should.eql('Could not find subscription invalid');
});
});
Enabled Members for all sites (#12582) no-issue This removes all references to the members labs setting, any code that was run conditionally behind this flag now runs unconditionally. * Removed usage of Members labs flag * Removed tests for Members disabled * Added dynamic keypair generation for when setting is missing
2021-01-28 21:07:45 +03:00
it('should error for invalid data on members subscription endpoint', async function () {
await request.put('/members/api/subscriptions/123')
.expect(400);
Extracted members-specific middleware from site app module (#11405) no issue - In order to keep site/app.js module tidy and less coupled with members module we need to extract some of the functionality where it belongs conceptually - Added "members enabled check" middleware to stripe webhook endpoint - Reshuffled members middleware so that siteApp is in control of mounting points. This is meant to be a more explicit way to see which endpoints are being handled by members middleware - Extracted member-specific public file middleware - Unified use of `labs.member` alias method. Done for code style consistency - Added basic members' test suite. This is a base we could work from when more modifications are needed - Removed route handler for unexisting members file "members-theme-bindings.js". Calling this route otherwise causes a 500. Looks like a leftover from 49672a1e4d268683feb67a574429b910417100c1
2019-11-21 06:01:24 +03:00
});
Added member endpoints for managing newsletter subscriptions (#14624) refs TryGhost/Team#1495 With multiple newsletters, members are allowed to manage their newsletter pref via email unsubscribe link with member uuid. Since Portal needs to manage member's newsletter pref via their UUID, we need new endpoints on members that allow fetch/update of newsletter subscriptions via only uuid. The endpoints return only limited data for a member that are needed for the UI. - adds endpoint to fetch newsletter subscriptions for member via uuid - adds endpoint to update newsletter subscriptions for member via uuid
2022-04-28 14:44:17 +03:00
it('should error for fetching member newsletters with missing uuid', async function () {
await request.get('/members/api/member/newsletters')
.expect(400);
});
it('should error for fetching member newsletters with invalid uuid', async function () {
await request.get('/members/api/member/newsletters?uuid=abc')
.expect(404);
});
it('should error for updating member newsletters with missing uuid', async function () {
await request.put('/members/api/member/newsletters')
.expect(400);
});
it('should error for updating member newsletters with invalid uuid', async function () {
await request.put('/members/api/member/newsletters?uuid=abc')
.expect(404);
});
it('should fetch and update member newsletters with valid uuid', async function () {
const memberUUID = DataGenerator.Content.members[0].uuid;
// Can fetch newsletter subscriptions
const getRes = await request.get(`/members/api/member/newsletters?uuid=${memberUUID}`)
.expect(200);
const getJsonResponse = getRes.body;
should.exist(getJsonResponse);
getJsonResponse.should.have.properties(['email', 'uuid', 'status', 'name', 'newsletters']);
getJsonResponse.should.not.have.property('id');
getJsonResponse.newsletters.should.have.length(1);
// Can update newsletter subscription
Fixed validation for Members API newsletters endpoint refs https://github.com/TryGhost/Toolbox/issues/465 refs https://github.com/TryGhost/SDK/blob/31546a6fd36f44eed2610025f11b9bef579c851b/packages/admin-api-schema/lib/schemas/members.json#L93-L103 - Updated Members API newsletter validation to match the subset of Admin API's members validation schema.
2022-11-07 13:18:36 +03:00
const originalNewsletters = getJsonResponse.newsletters;
🔒 Disabled editable relations by default refs https://github.com/TryGhost/Ghost/security/advisories/GHSA-9gh8-wp53-ccc6 refs https://github.com/TryGhost/Toolbox/issues/465 - Bookshelf relations allows us to edit relational records by default, which was used liberally in the codebase. - Not having a clear track record of editable relations left the model layer prone to triggering unwanted nested saves and created a vulnerability where members were able to edit newsletter settings. - With explicit editable relations it's easier to keep track of relations having editable access to related records. Makes the relational data modification pattern safer to use too. - Anyone running 5.x should update to 5.24.1 Credits: Dave McDaniel and other members of [Cisco Talos](https://talosintelligence.com/vulnerability_reports)
2022-11-10 13:29:28 +03:00
const originalNewsletterName = originalNewsletters[0].name;
originalNewsletters[0].name = 'cannot change me';
Fixed validation for Members API newsletters endpoint refs https://github.com/TryGhost/Toolbox/issues/465 refs https://github.com/TryGhost/SDK/blob/31546a6fd36f44eed2610025f11b9bef579c851b/packages/admin-api-schema/lib/schemas/members.json#L93-L103 - Updated Members API newsletter validation to match the subset of Admin API's members validation schema.
2022-11-07 13:18:36 +03:00
Added member endpoints for managing newsletter subscriptions (#14624) refs TryGhost/Team#1495 With multiple newsletters, members are allowed to manage their newsletter pref via email unsubscribe link with member uuid. Since Portal needs to manage member's newsletter pref via their UUID, we need new endpoints on members that allow fetch/update of newsletter subscriptions via only uuid. The endpoints return only limited data for a member that are needed for the UI. - adds endpoint to fetch newsletter subscriptions for member via uuid - adds endpoint to update newsletter subscriptions for member via uuid
2022-04-28 14:44:17 +03:00
const res = await request.put(`/members/api/member/newsletters?uuid=${memberUUID}`)
.send({
newsletters: []
})
.expect(200);
const jsonResponse = res.body;
should.exist(jsonResponse);
jsonResponse.should.have.properties(['email', 'uuid', 'status', 'name', 'newsletters']);
jsonResponse.should.not.have.property('id');
jsonResponse.newsletters.should.have.length(0);
Fixed validation for Members API newsletters endpoint refs https://github.com/TryGhost/Toolbox/issues/465 refs https://github.com/TryGhost/SDK/blob/31546a6fd36f44eed2610025f11b9bef579c851b/packages/admin-api-schema/lib/schemas/members.json#L93-L103 - Updated Members API newsletter validation to match the subset of Admin API's members validation schema.
2022-11-07 13:18:36 +03:00
const resRestored = await request.put(`/members/api/member/newsletters?uuid=${memberUUID}`)
.send({
newsletters: originalNewsletters
})
.expect(200);
const restoreJsonResponse = resRestored.body;
should.exist(restoreJsonResponse);
restoreJsonResponse.should.have.properties(['email', 'uuid', 'status', 'name', 'newsletters']);
restoreJsonResponse.should.not.have.property('id');
restoreJsonResponse.newsletters.should.have.length(1);
🔒 Disabled editable relations by default refs https://github.com/TryGhost/Ghost/security/advisories/GHSA-9gh8-wp53-ccc6 refs https://github.com/TryGhost/Toolbox/issues/465 - Bookshelf relations allows us to edit relational records by default, which was used liberally in the codebase. - Not having a clear track record of editable relations left the model layer prone to triggering unwanted nested saves and created a vulnerability where members were able to edit newsletter settings. - With explicit editable relations it's easier to keep track of relations having editable access to related records. Makes the relational data modification pattern safer to use too. - Anyone running 5.x should update to 5.24.1 Credits: Dave McDaniel and other members of [Cisco Talos](https://talosintelligence.com/vulnerability_reports)
2022-11-10 13:29:28 +03:00
// @NOTE: this seems like too much exposed information, needs a review
restoreJsonResponse.newsletters[0].should.have.properties([
'id',
'uuid',
'name',
'description',
'feedback_enabled',
'slug',
'sender_name',
'sender_email',
'sender_reply_to',
'status',
'visibility',
'subscribe_on_signup',
'sort_order',
'header_image',
'show_header_icon',
'show_header_title',
'title_font_category',
'title_alignment',
'show_feature_image',
'body_font_category',
'footer_content',
'show_badge',
'show_header_name',
Added `show_post_title_section` column to newsletters table (#16397) fixes https://github.com/TryGhost/Team/issues/2706 Only includes the migration. The setting is not used at the moment, but will be enabled by default.
2023-03-14 11:48:13 +03:00
'show_post_title_section',
Added `show_comment_cta` column to newsletter table (#16401) fixes https://github.com/TryGhost/Team/issues/2707 Adds the new column for storing whether we need to show a comment CTA in emails. Enabled by default.
2023-03-14 17:03:02 +03:00
'show_comment_cta',
Added `show_subscription_details` column to newsletter table (#16403) fixes https://github.com/TryGhost/Team/issues/2708 Adds `show_subscription_details` column to newsletter table. Disabled by default.
2023-03-15 13:53:45 +03:00
'show_subscription_details',
🔒 Disabled editable relations by default refs https://github.com/TryGhost/Ghost/security/advisories/GHSA-9gh8-wp53-ccc6 refs https://github.com/TryGhost/Toolbox/issues/465 - Bookshelf relations allows us to edit relational records by default, which was used liberally in the codebase. - Not having a clear track record of editable relations left the model layer prone to triggering unwanted nested saves and created a vulnerability where members were able to edit newsletter settings. - With explicit editable relations it's easier to keep track of relations having editable access to related records. Makes the relational data modification pattern safer to use too. - Anyone running 5.x should update to 5.24.1 Credits: Dave McDaniel and other members of [Cisco Talos](https://talosintelligence.com/vulnerability_reports)
2022-11-10 13:29:28 +03:00
'created_at',
'updated_at'
]);
should.equal(restoreJsonResponse.newsletters[0].name, originalNewsletterName);
Added member endpoints for managing newsletter subscriptions (#14624) refs TryGhost/Team#1495 With multiple newsletters, members are allowed to manage their newsletter pref via email unsubscribe link with member uuid. Since Portal needs to manage member's newsletter pref via their UUID, we need new endpoints on members that allow fetch/update of newsletter subscriptions via only uuid. The endpoints return only limited data for a member that are needed for the UI. - adds endpoint to fetch newsletter subscriptions for member via uuid - adds endpoint to update newsletter subscriptions for member via uuid
2022-04-28 14:44:17 +03:00
});
Enabled Members for all sites (#12582) no-issue This removes all references to the members labs setting, any code that was run conditionally behind this flag now runs unconditionally. * Removed usage of Members labs flag * Removed tests for Members disabled * Added dynamic keypair generation for when setting is missing
2021-01-28 21:07:45 +03:00
it('should serve theme 404 on members endpoint', async function () {
await request.get('/members/')
.expect(404)
.expect('Content-Type', 'text/html; charset=utf-8');
Extracted members-specific middleware from site app module (#11405) no issue - In order to keep site/app.js module tidy and less coupled with members module we need to extract some of the functionality where it belongs conceptually - Added "members enabled check" middleware to stripe webhook endpoint - Reshuffled members middleware so that siteApp is in control of mounting points. This is meant to be a more explicit way to see which endpoints are being handled by members middleware - Extracted member-specific public file middleware - Unified use of `labs.member` alias method. Done for code style consistency - Added basic members' test suite. This is a base we could work from when more modifications are needed - Removed route handler for unexisting members file "members-theme-bindings.js". Calling this route otherwise causes a 500. Looks like a leftover from 49672a1e4d268683feb67a574429b910417100c1
2019-11-21 06:01:24 +03:00
});
Enabled Members for all sites (#12582) no-issue This removes all references to the members labs setting, any code that was run conditionally behind this flag now runs unconditionally. * Removed usage of Members labs flag * Removed tests for Members disabled * Added dynamic keypair generation for when setting is missing
2021-01-28 21:07:45 +03:00
it('should redirect invalid token on members endpoint', async function () {
await request.get('/members/?token=abc&action=signup')
.expect(302)
.expect('Location', '/?action=signup&success=false');
Extracted members-specific middleware from site app module (#11405) no issue - In order to keep site/app.js module tidy and less coupled with members module we need to extract some of the functionality where it belongs conceptually - Added "members enabled check" middleware to stripe webhook endpoint - Reshuffled members middleware so that siteApp is in control of mounting points. This is meant to be a more explicit way to see which endpoints are being handled by members middleware - Extracted member-specific public file middleware - Unified use of `labs.member` alias method. Done for code style consistency - Added basic members' test suite. This is a base we could work from when more modifications are needed - Removed route handler for unexisting members file "members-theme-bindings.js". Calling this route otherwise causes a 500. Looks like a leftover from 49672a1e4d268683feb67a574429b910417100c1
2019-11-21 06:01:24 +03:00
});
});
🐛 Fixed complimentary members' content gating (#12761) no issue Comped members were not able to view paid-member content because content gating was only looking for `member.status === 'paid'` which doesn't take into consideration members on a "complimentary" plan. - added front-end acceptance tests for member access to posts - updated content-gating check to take comped members into consideration
2021-03-15 09:13:48 +03:00
Added homepage redirect for unsubscribe urls refs https://github.com/TryGhost/Team/issues/1495 With multiple newsletters, members are allowed to manage their newsletter pref via email unsubscribe link with member uuid. Since Portal is now taking over handling unsubscribe for members, we don't need to keep the current `/unsubscribe` page as Portal can load the member's newsletter pref on site home page directly. The redirect change is only enabled behind the `multipleNewslettersUI` flag as its in beta.
2022-04-28 11:03:07 +03:00
describe('Unsubscribe', function () {
afterEach(function () {
mockManager.restore();
});
it('should redirect with uuid and action param', async function () {
await request.get('/unsubscribe/?uuid=XXX')
.expect(302)
.expect('Location', 'http://127.0.0.1:2369/?uuid=XXX&action=unsubscribe');
});
it('should pass through an optional newsletter param', async function () {
await request.get('/unsubscribe/?uuid=XXX&newsletter=YYY')
.expect(302)
.expect('Location', 'http://127.0.0.1:2369/?uuid=XXX&newsletter=YYY&action=unsubscribe');
});
it('should reject when missing a uuid', async function () {
await request.get('/unsubscribe/')
.expect(400);
});
});
🐛 Fixed complimentary members' content gating (#12761) no issue Comped members were not able to view paid-member content because content gating was only looking for `member.status === 'paid'` which doesn't take into consideration members on a "complimentary" plan. - added front-end acceptance tests for member access to posts - updated content-gating check to take comped members into consideration
2021-03-15 09:13:48 +03:00
describe('Content gating', function () {
let publicPost;
let membersPost;
let paidPost;
let membersPostWithPaywallCard;
✨ Added support for gating content by member labels and products (#12946) refs https://github.com/TryGhost/Team/issues/581 closes https://github.com/TryGhost/Team/issues/582 Emails can now be sent to members with specific associated labels or products by specifying an NQL string. We want to bring the same members segment feature to content by allowing `visibility` to be an NQL filter string on top of the `public/members/paid` special-case strings. As an example it's possible to set `posts.visibility` to `label:vip` to make a post available only to those members with the `vip` label. - removed enum validations for `visibility` so it now accepts any string or `null` - bumped `@tryghost/admin-api-schema` for API-level validation changes - added nql validation to API input validators by running the visibility query against the members model - added transform of NQL to special-case visibility values when saving post model - ensures there's a single way of representing "members" and "paid" where NQL gives multiple ways of representing the same segment - useful for keeping theme-level checks such as `{{#has visibility="paid"}}` working as expected - updated content-gating to parse nql from post's visibility and use it to query the currently logged in member to see if there's a match - bumped @tryghost/members-api to include label and product data when loading member
2021-05-10 21:32:11 +03:00
let labelPost;
let productPost;
🐛 Fixed complimentary members' content gating (#12761) no issue Comped members were not able to view paid-member content because content gating was only looking for `member.status === 'paid'` which doesn't take into consideration members on a "complimentary" plan. - added front-end acceptance tests for member access to posts - updated content-gating check to take comped members into consideration
2021-03-15 09:13:48 +03:00
before(function () {
publicPost = testUtils.DataGenerator.forKnex.createPost({
slug: 'free-to-see',
visibility: 'public',
published_at: moment().add(15, 'seconds').toDate() // here to ensure sorting is not modified
});
membersPost = testUtils.DataGenerator.forKnex.createPost({
slug: 'thou-shalt-not-be-seen',
visibility: 'members',
published_at: moment().add(45, 'seconds').toDate() // here to ensure sorting is not modified
});
paidPost = testUtils.DataGenerator.forKnex.createPost({
slug: 'thou-shalt-be-paid-for',
visibility: 'paid',
published_at: moment().add(30, 'seconds').toDate() // here to ensure sorting is not modified
});
membersPostWithPaywallCard = testUtils.DataGenerator.forKnex.createPost({
slug: 'thou-shalt-have-a-taste',
visibility: 'members',
mobiledoc: '{"version":"0.3.1","markups":[],"atoms":[],"cards":[["paywall",{}]],"sections":[[1,"p",[[0,[],0,"Free content"]]],[10,0],[1,"p",[[0,[],0,"Members content"]]]]}',
html: '<p>Free content</p><!--members-only--><p>Members content</p>',
published_at: moment().add(5, 'seconds').toDate()
});
✨ Added support for gating content by member labels and products (#12946) refs https://github.com/TryGhost/Team/issues/581 closes https://github.com/TryGhost/Team/issues/582 Emails can now be sent to members with specific associated labels or products by specifying an NQL string. We want to bring the same members segment feature to content by allowing `visibility` to be an NQL filter string on top of the `public/members/paid` special-case strings. As an example it's possible to set `posts.visibility` to `label:vip` to make a post available only to those members with the `vip` label. - removed enum validations for `visibility` so it now accepts any string or `null` - bumped `@tryghost/admin-api-schema` for API-level validation changes - added nql validation to API input validators by running the visibility query against the members model - added transform of NQL to special-case visibility values when saving post model - ensures there's a single way of representing "members" and "paid" where NQL gives multiple ways of representing the same segment - useful for keeping theme-level checks such as `{{#has visibility="paid"}}` working as expected - updated content-gating to parse nql from post's visibility and use it to query the currently logged in member to see if there's a match - bumped @tryghost/members-api to include label and product data when loading member
2021-05-10 21:32:11 +03:00
labelPost = testUtils.DataGenerator.forKnex.createPost({
slug: 'thou-must-be-labelled-vip',
visibility: 'label:vip',
published_at: moment().toDate()
});
productPost = testUtils.DataGenerator.forKnex.createPost({
slug: 'thou-must-have-default-product',
visibility: 'product:default-product',
published_at: moment().toDate()
});
🐛 Fixed complimentary members' content gating (#12761) no issue Comped members were not able to view paid-member content because content gating was only looking for `member.status === 'paid'` which doesn't take into consideration members on a "complimentary" plan. - added front-end acceptance tests for member access to posts - updated content-gating check to take comped members into consideration
2021-03-15 09:13:48 +03:00
return testUtils.fixtures.insertPosts([
publicPost,
membersPost,
paidPost,
✨ Added support for gating content by member labels and products (#12946) refs https://github.com/TryGhost/Team/issues/581 closes https://github.com/TryGhost/Team/issues/582 Emails can now be sent to members with specific associated labels or products by specifying an NQL string. We want to bring the same members segment feature to content by allowing `visibility` to be an NQL filter string on top of the `public/members/paid` special-case strings. As an example it's possible to set `posts.visibility` to `label:vip` to make a post available only to those members with the `vip` label. - removed enum validations for `visibility` so it now accepts any string or `null` - bumped `@tryghost/admin-api-schema` for API-level validation changes - added nql validation to API input validators by running the visibility query against the members model - added transform of NQL to special-case visibility values when saving post model - ensures there's a single way of representing "members" and "paid" where NQL gives multiple ways of representing the same segment - useful for keeping theme-level checks such as `{{#has visibility="paid"}}` working as expected - updated content-gating to parse nql from post's visibility and use it to query the currently logged in member to see if there's a match - bumped @tryghost/members-api to include label and product data when loading member
2021-05-10 21:32:11 +03:00
membersPostWithPaywallCard,
labelPost,
productPost
🐛 Fixed complimentary members' content gating (#12761) no issue Comped members were not able to view paid-member content because content gating was only looking for `member.status === 'paid'` which doesn't take into consideration members on a "complimentary" plan. - added front-end acceptance tests for member access to posts - updated content-gating check to take comped members into consideration
2021-03-15 09:13:48 +03:00
]);
});
describe('as non-member', function () {
Used consistent patterns in acceptance tests - use testUtils.startGhost() directly - use async+await for tests - simplify tests down using expect(fn) to make them more readable - don't require config directly - removed TODO which is no longer valid - All this is essentially ground work before introducing a better framework for running acceptance tests
2021-05-27 19:50:14 +03:00
it('can read public post content', async function () {
await request
🐛 Fixed complimentary members' content gating (#12761) no issue Comped members were not able to view paid-member content because content gating was only looking for `member.status === 'paid'` which doesn't take into consideration members on a "complimentary" plan. - added front-end acceptance tests for member access to posts - updated content-gating check to take comped members into consideration
2021-03-15 09:13:48 +03:00
.get('/free-to-see/')
.expect(200)
Used consistent patterns in acceptance tests - use testUtils.startGhost() directly - use async+await for tests - simplify tests down using expect(fn) to make them more readable - don't require config directly - removed TODO which is no longer valid - All this is essentially ground work before introducing a better framework for running acceptance tests
2021-05-27 19:50:14 +03:00
.expect(assertContentIsPresent);
🐛 Fixed complimentary members' content gating (#12761) no issue Comped members were not able to view paid-member content because content gating was only looking for `member.status === 'paid'` which doesn't take into consideration members on a "complimentary" plan. - added front-end acceptance tests for member access to posts - updated content-gating check to take comped members into consideration
2021-03-15 09:13:48 +03:00
});
Used consistent patterns in acceptance tests - use testUtils.startGhost() directly - use async+await for tests - simplify tests down using expect(fn) to make them more readable - don't require config directly - removed TODO which is no longer valid - All this is essentially ground work before introducing a better framework for running acceptance tests
2021-05-27 19:50:14 +03:00
it('cannot read members post content', async function () {
await request
🐛 Fixed complimentary members' content gating (#12761) no issue Comped members were not able to view paid-member content because content gating was only looking for `member.status === 'paid'` which doesn't take into consideration members on a "complimentary" plan. - added front-end acceptance tests for member access to posts - updated content-gating check to take comped members into consideration
2021-03-15 09:13:48 +03:00
.get('/thou-shalt-not-be-seen/')
.expect(200)
Used consistent patterns in acceptance tests - use testUtils.startGhost() directly - use async+await for tests - simplify tests down using expect(fn) to make them more readable - don't require config directly - removed TODO which is no longer valid - All this is essentially ground work before introducing a better framework for running acceptance tests
2021-05-27 19:50:14 +03:00
.expect(assertContentIsAbsent);
🐛 Fixed complimentary members' content gating (#12761) no issue Comped members were not able to view paid-member content because content gating was only looking for `member.status === 'paid'` which doesn't take into consideration members on a "complimentary" plan. - added front-end acceptance tests for member access to posts - updated content-gating check to take comped members into consideration
2021-03-15 09:13:48 +03:00
});
✨ Added support for gating content by member labels and products (#12946) refs https://github.com/TryGhost/Team/issues/581 closes https://github.com/TryGhost/Team/issues/582 Emails can now be sent to members with specific associated labels or products by specifying an NQL string. We want to bring the same members segment feature to content by allowing `visibility` to be an NQL filter string on top of the `public/members/paid` special-case strings. As an example it's possible to set `posts.visibility` to `label:vip` to make a post available only to those members with the `vip` label. - removed enum validations for `visibility` so it now accepts any string or `null` - bumped `@tryghost/admin-api-schema` for API-level validation changes - added nql validation to API input validators by running the visibility query against the members model - added transform of NQL to special-case visibility values when saving post model - ensures there's a single way of representing "members" and "paid" where NQL gives multiple ways of representing the same segment - useful for keeping theme-level checks such as `{{#has visibility="paid"}}` working as expected - updated content-gating to parse nql from post's visibility and use it to query the currently logged in member to see if there's a match - bumped @tryghost/members-api to include label and product data when loading member
2021-05-10 21:32:11 +03:00
Used consistent patterns in acceptance tests - use testUtils.startGhost() directly - use async+await for tests - simplify tests down using expect(fn) to make them more readable - don't require config directly - removed TODO which is no longer valid - All this is essentially ground work before introducing a better framework for running acceptance tests
2021-05-27 19:50:14 +03:00
it('cannot read paid post content', async function () {
await request
🐛 Fixed complimentary members' content gating (#12761) no issue Comped members were not able to view paid-member content because content gating was only looking for `member.status === 'paid'` which doesn't take into consideration members on a "complimentary" plan. - added front-end acceptance tests for member access to posts - updated content-gating check to take comped members into consideration
2021-03-15 09:13:48 +03:00
.get('/thou-shalt-be-paid-for/')
.expect(200)
Used consistent patterns in acceptance tests - use testUtils.startGhost() directly - use async+await for tests - simplify tests down using expect(fn) to make them more readable - don't require config directly - removed TODO which is no longer valid - All this is essentially ground work before introducing a better framework for running acceptance tests
2021-05-27 19:50:14 +03:00
.expect(assertContentIsAbsent);
🐛 Fixed complimentary members' content gating (#12761) no issue Comped members were not able to view paid-member content because content gating was only looking for `member.status === 'paid'` which doesn't take into consideration members on a "complimentary" plan. - added front-end acceptance tests for member access to posts - updated content-gating check to take comped members into consideration
2021-03-15 09:13:48 +03:00
});
Used consistent patterns in acceptance tests - use testUtils.startGhost() directly - use async+await for tests - simplify tests down using expect(fn) to make them more readable - don't require config directly - removed TODO which is no longer valid - All this is essentially ground work before introducing a better framework for running acceptance tests
2021-05-27 19:50:14 +03:00
it('cannot read label-only post content', async function () {
await request
✨ Added support for gating content by member labels and products (#12946) refs https://github.com/TryGhost/Team/issues/581 closes https://github.com/TryGhost/Team/issues/582 Emails can now be sent to members with specific associated labels or products by specifying an NQL string. We want to bring the same members segment feature to content by allowing `visibility` to be an NQL filter string on top of the `public/members/paid` special-case strings. As an example it's possible to set `posts.visibility` to `label:vip` to make a post available only to those members with the `vip` label. - removed enum validations for `visibility` so it now accepts any string or `null` - bumped `@tryghost/admin-api-schema` for API-level validation changes - added nql validation to API input validators by running the visibility query against the members model - added transform of NQL to special-case visibility values when saving post model - ensures there's a single way of representing "members" and "paid" where NQL gives multiple ways of representing the same segment - useful for keeping theme-level checks such as `{{#has visibility="paid"}}` working as expected - updated content-gating to parse nql from post's visibility and use it to query the currently logged in member to see if there's a match - bumped @tryghost/members-api to include label and product data when loading member
2021-05-10 21:32:11 +03:00
.get('/thou-must-be-labelled-vip/')
.expect(200)
Used consistent patterns in acceptance tests - use testUtils.startGhost() directly - use async+await for tests - simplify tests down using expect(fn) to make them more readable - don't require config directly - removed TODO which is no longer valid - All this is essentially ground work before introducing a better framework for running acceptance tests
2021-05-27 19:50:14 +03:00
.expect(assertContentIsAbsent);
✨ Added support for gating content by member labels and products (#12946) refs https://github.com/TryGhost/Team/issues/581 closes https://github.com/TryGhost/Team/issues/582 Emails can now be sent to members with specific associated labels or products by specifying an NQL string. We want to bring the same members segment feature to content by allowing `visibility` to be an NQL filter string on top of the `public/members/paid` special-case strings. As an example it's possible to set `posts.visibility` to `label:vip` to make a post available only to those members with the `vip` label. - removed enum validations for `visibility` so it now accepts any string or `null` - bumped `@tryghost/admin-api-schema` for API-level validation changes - added nql validation to API input validators by running the visibility query against the members model - added transform of NQL to special-case visibility values when saving post model - ensures there's a single way of representing "members" and "paid" where NQL gives multiple ways of representing the same segment - useful for keeping theme-level checks such as `{{#has visibility="paid"}}` working as expected - updated content-gating to parse nql from post's visibility and use it to query the currently logged in member to see if there's a match - bumped @tryghost/members-api to include label and product data when loading member
2021-05-10 21:32:11 +03:00
});
🐛 Fixed complimentary members' content gating (#12761) no issue Comped members were not able to view paid-member content because content gating was only looking for `member.status === 'paid'` which doesn't take into consideration members on a "complimentary" plan. - added front-end acceptance tests for member access to posts - updated content-gating check to take comped members into consideration
2021-03-15 09:13:48 +03:00
Used consistent patterns in acceptance tests - use testUtils.startGhost() directly - use async+await for tests - simplify tests down using expect(fn) to make them more readable - don't require config directly - removed TODO which is no longer valid - All this is essentially ground work before introducing a better framework for running acceptance tests
2021-05-27 19:50:14 +03:00
it('cannot read product-only post content', async function () {
await request
✨ Added support for gating content by member labels and products (#12946) refs https://github.com/TryGhost/Team/issues/581 closes https://github.com/TryGhost/Team/issues/582 Emails can now be sent to members with specific associated labels or products by specifying an NQL string. We want to bring the same members segment feature to content by allowing `visibility` to be an NQL filter string on top of the `public/members/paid` special-case strings. As an example it's possible to set `posts.visibility` to `label:vip` to make a post available only to those members with the `vip` label. - removed enum validations for `visibility` so it now accepts any string or `null` - bumped `@tryghost/admin-api-schema` for API-level validation changes - added nql validation to API input validators by running the visibility query against the members model - added transform of NQL to special-case visibility values when saving post model - ensures there's a single way of representing "members" and "paid" where NQL gives multiple ways of representing the same segment - useful for keeping theme-level checks such as `{{#has visibility="paid"}}` working as expected - updated content-gating to parse nql from post's visibility and use it to query the currently logged in member to see if there's a match - bumped @tryghost/members-api to include label and product data when loading member
2021-05-10 21:32:11 +03:00
.get('/thou-must-have-default-product/')
.expect(200)
Used consistent patterns in acceptance tests - use testUtils.startGhost() directly - use async+await for tests - simplify tests down using expect(fn) to make them more readable - don't require config directly - removed TODO which is no longer valid - All this is essentially ground work before introducing a better framework for running acceptance tests
2021-05-27 19:50:14 +03:00
.expect(assertContentIsAbsent);
🐛 Fixed complimentary members' content gating (#12761) no issue Comped members were not able to view paid-member content because content gating was only looking for `member.status === 'paid'` which doesn't take into consideration members on a "complimentary" plan. - added front-end acceptance tests for member access to posts - updated content-gating check to take comped members into consideration
2021-03-15 09:13:48 +03:00
});
Added the `last_seen_at` update on member page view refs https://github.com/TryGhost/Team/issues/1306 - This adds a `MemberPageViewEvent` event when a page is viewed by a member (post/page/tag/author/...) - Integrates the `LastSeenAtUpdater` service that listens to the `MemberPageViewEvent` events to update `member.last_seen_at` - Follows the latest testing recommendation (end to end test + testing for side-effects)
2022-02-24 12:33:24 +03:00
it('doesn\'t generate a MemberPageView event', async function () {
const spy = sinon.spy();
DomainEvents.subscribe(MemberPageViewEvent, spy);
await request
.get('/free-to-see/')
.expect(200)
.expect(assertContentIsPresent);
assert(spy.notCalled, 'A page view from a non-member shouldn\'t generate a MemberPageViewEvent event');
});
✨ Added support for gating content by member labels and products (#12946) refs https://github.com/TryGhost/Team/issues/581 closes https://github.com/TryGhost/Team/issues/582 Emails can now be sent to members with specific associated labels or products by specifying an NQL string. We want to bring the same members segment feature to content by allowing `visibility` to be an NQL filter string on top of the `public/members/paid` special-case strings. As an example it's possible to set `posts.visibility` to `label:vip` to make a post available only to those members with the `vip` label. - removed enum validations for `visibility` so it now accepts any string or `null` - bumped `@tryghost/admin-api-schema` for API-level validation changes - added nql validation to API input validators by running the visibility query against the members model - added transform of NQL to special-case visibility values when saving post model - ensures there's a single way of representing "members" and "paid" where NQL gives multiple ways of representing the same segment - useful for keeping theme-level checks such as `{{#has visibility="paid"}}` working as expected - updated content-gating to parse nql from post's visibility and use it to query the currently logged in member to see if there's a match - bumped @tryghost/members-api to include label and product data when loading member
2021-05-10 21:32:11 +03:00
});
describe('as free member', function () {
before(async function () {
await loginAsMember('member1@test.com');
});
🐛 Fixed complimentary members' content gating (#12761) no issue Comped members were not able to view paid-member content because content gating was only looking for `member.status === 'paid'` which doesn't take into consideration members on a "complimentary" plan. - added front-end acceptance tests for member access to posts - updated content-gating check to take comped members into consideration
2021-03-15 09:13:48 +03:00
Used consistent patterns in acceptance tests - use testUtils.startGhost() directly - use async+await for tests - simplify tests down using expect(fn) to make them more readable - don't require config directly - removed TODO which is no longer valid - All this is essentially ground work before introducing a better framework for running acceptance tests
2021-05-27 19:50:14 +03:00
it('can read public post content', async function () {
await request
🐛 Fixed complimentary members' content gating (#12761) no issue Comped members were not able to view paid-member content because content gating was only looking for `member.status === 'paid'` which doesn't take into consideration members on a "complimentary" plan. - added front-end acceptance tests for member access to posts - updated content-gating check to take comped members into consideration
2021-03-15 09:13:48 +03:00
.get('/free-to-see/')
.expect(200)
Used consistent patterns in acceptance tests - use testUtils.startGhost() directly - use async+await for tests - simplify tests down using expect(fn) to make them more readable - don't require config directly - removed TODO which is no longer valid - All this is essentially ground work before introducing a better framework for running acceptance tests
2021-05-27 19:50:14 +03:00
.expect(assertContentIsPresent);
🐛 Fixed complimentary members' content gating (#12761) no issue Comped members were not able to view paid-member content because content gating was only looking for `member.status === 'paid'` which doesn't take into consideration members on a "complimentary" plan. - added front-end acceptance tests for member access to posts - updated content-gating check to take comped members into consideration
2021-03-15 09:13:48 +03:00
});
Used consistent patterns in acceptance tests - use testUtils.startGhost() directly - use async+await for tests - simplify tests down using expect(fn) to make them more readable - don't require config directly - removed TODO which is no longer valid - All this is essentially ground work before introducing a better framework for running acceptance tests
2021-05-27 19:50:14 +03:00
it('can read members post content', async function () {
await request
🐛 Fixed complimentary members' content gating (#12761) no issue Comped members were not able to view paid-member content because content gating was only looking for `member.status === 'paid'` which doesn't take into consideration members on a "complimentary" plan. - added front-end acceptance tests for member access to posts - updated content-gating check to take comped members into consideration
2021-03-15 09:13:48 +03:00
.get('/thou-shalt-not-be-seen/')
.expect(200)
Used consistent patterns in acceptance tests - use testUtils.startGhost() directly - use async+await for tests - simplify tests down using expect(fn) to make them more readable - don't require config directly - removed TODO which is no longer valid - All this is essentially ground work before introducing a better framework for running acceptance tests
2021-05-27 19:50:14 +03:00
.expect(assertContentIsPresent);
🐛 Fixed complimentary members' content gating (#12761) no issue Comped members were not able to view paid-member content because content gating was only looking for `member.status === 'paid'` which doesn't take into consideration members on a "complimentary" plan. - added front-end acceptance tests for member access to posts - updated content-gating check to take comped members into consideration
2021-03-15 09:13:48 +03:00
});
Used consistent patterns in acceptance tests - use testUtils.startGhost() directly - use async+await for tests - simplify tests down using expect(fn) to make them more readable - don't require config directly - removed TODO which is no longer valid - All this is essentially ground work before introducing a better framework for running acceptance tests
2021-05-27 19:50:14 +03:00
it('cannot read paid post content', async function () {
await request
🐛 Fixed complimentary members' content gating (#12761) no issue Comped members were not able to view paid-member content because content gating was only looking for `member.status === 'paid'` which doesn't take into consideration members on a "complimentary" plan. - added front-end acceptance tests for member access to posts - updated content-gating check to take comped members into consideration
2021-03-15 09:13:48 +03:00
.get('/thou-shalt-be-paid-for/')
.expect(200)
Used consistent patterns in acceptance tests - use testUtils.startGhost() directly - use async+await for tests - simplify tests down using expect(fn) to make them more readable - don't require config directly - removed TODO which is no longer valid - All this is essentially ground work before introducing a better framework for running acceptance tests
2021-05-27 19:50:14 +03:00
.expect(assertContentIsAbsent);
🐛 Fixed complimentary members' content gating (#12761) no issue Comped members were not able to view paid-member content because content gating was only looking for `member.status === 'paid'` which doesn't take into consideration members on a "complimentary" plan. - added front-end acceptance tests for member access to posts - updated content-gating check to take comped members into consideration
2021-03-15 09:13:48 +03:00
});
✨ Added support for gating content by member labels and products (#12946) refs https://github.com/TryGhost/Team/issues/581 closes https://github.com/TryGhost/Team/issues/582 Emails can now be sent to members with specific associated labels or products by specifying an NQL string. We want to bring the same members segment feature to content by allowing `visibility` to be an NQL filter string on top of the `public/members/paid` special-case strings. As an example it's possible to set `posts.visibility` to `label:vip` to make a post available only to those members with the `vip` label. - removed enum validations for `visibility` so it now accepts any string or `null` - bumped `@tryghost/admin-api-schema` for API-level validation changes - added nql validation to API input validators by running the visibility query against the members model - added transform of NQL to special-case visibility values when saving post model - ensures there's a single way of representing "members" and "paid" where NQL gives multiple ways of representing the same segment - useful for keeping theme-level checks such as `{{#has visibility="paid"}}` working as expected - updated content-gating to parse nql from post's visibility and use it to query the currently logged in member to see if there's a match - bumped @tryghost/members-api to include label and product data when loading member
2021-05-10 21:32:11 +03:00
Used consistent patterns in acceptance tests - use testUtils.startGhost() directly - use async+await for tests - simplify tests down using expect(fn) to make them more readable - don't require config directly - removed TODO which is no longer valid - All this is essentially ground work before introducing a better framework for running acceptance tests
2021-05-27 19:50:14 +03:00
it('cannot read label-only post content', async function () {
await request
✨ Added support for gating content by member labels and products (#12946) refs https://github.com/TryGhost/Team/issues/581 closes https://github.com/TryGhost/Team/issues/582 Emails can now be sent to members with specific associated labels or products by specifying an NQL string. We want to bring the same members segment feature to content by allowing `visibility` to be an NQL filter string on top of the `public/members/paid` special-case strings. As an example it's possible to set `posts.visibility` to `label:vip` to make a post available only to those members with the `vip` label. - removed enum validations for `visibility` so it now accepts any string or `null` - bumped `@tryghost/admin-api-schema` for API-level validation changes - added nql validation to API input validators by running the visibility query against the members model - added transform of NQL to special-case visibility values when saving post model - ensures there's a single way of representing "members" and "paid" where NQL gives multiple ways of representing the same segment - useful for keeping theme-level checks such as `{{#has visibility="paid"}}` working as expected - updated content-gating to parse nql from post's visibility and use it to query the currently logged in member to see if there's a match - bumped @tryghost/members-api to include label and product data when loading member
2021-05-10 21:32:11 +03:00
.get('/thou-must-be-labelled-vip/')
.expect(200)
Used consistent patterns in acceptance tests - use testUtils.startGhost() directly - use async+await for tests - simplify tests down using expect(fn) to make them more readable - don't require config directly - removed TODO which is no longer valid - All this is essentially ground work before introducing a better framework for running acceptance tests
2021-05-27 19:50:14 +03:00
.expect(assertContentIsAbsent);
✨ Added support for gating content by member labels and products (#12946) refs https://github.com/TryGhost/Team/issues/581 closes https://github.com/TryGhost/Team/issues/582 Emails can now be sent to members with specific associated labels or products by specifying an NQL string. We want to bring the same members segment feature to content by allowing `visibility` to be an NQL filter string on top of the `public/members/paid` special-case strings. As an example it's possible to set `posts.visibility` to `label:vip` to make a post available only to those members with the `vip` label. - removed enum validations for `visibility` so it now accepts any string or `null` - bumped `@tryghost/admin-api-schema` for API-level validation changes - added nql validation to API input validators by running the visibility query against the members model - added transform of NQL to special-case visibility values when saving post model - ensures there's a single way of representing "members" and "paid" where NQL gives multiple ways of representing the same segment - useful for keeping theme-level checks such as `{{#has visibility="paid"}}` working as expected - updated content-gating to parse nql from post's visibility and use it to query the currently logged in member to see if there's a match - bumped @tryghost/members-api to include label and product data when loading member
2021-05-10 21:32:11 +03:00
});
Used consistent patterns in acceptance tests - use testUtils.startGhost() directly - use async+await for tests - simplify tests down using expect(fn) to make them more readable - don't require config directly - removed TODO which is no longer valid - All this is essentially ground work before introducing a better framework for running acceptance tests
2021-05-27 19:50:14 +03:00
it('cannot read product-only post content', async function () {
await request
✨ Added support for gating content by member labels and products (#12946) refs https://github.com/TryGhost/Team/issues/581 closes https://github.com/TryGhost/Team/issues/582 Emails can now be sent to members with specific associated labels or products by specifying an NQL string. We want to bring the same members segment feature to content by allowing `visibility` to be an NQL filter string on top of the `public/members/paid` special-case strings. As an example it's possible to set `posts.visibility` to `label:vip` to make a post available only to those members with the `vip` label. - removed enum validations for `visibility` so it now accepts any string or `null` - bumped `@tryghost/admin-api-schema` for API-level validation changes - added nql validation to API input validators by running the visibility query against the members model - added transform of NQL to special-case visibility values when saving post model - ensures there's a single way of representing "members" and "paid" where NQL gives multiple ways of representing the same segment - useful for keeping theme-level checks such as `{{#has visibility="paid"}}` working as expected - updated content-gating to parse nql from post's visibility and use it to query the currently logged in member to see if there's a match - bumped @tryghost/members-api to include label and product data when loading member
2021-05-10 21:32:11 +03:00
.get('/thou-must-have-default-product/')
.expect(200)
Used consistent patterns in acceptance tests - use testUtils.startGhost() directly - use async+await for tests - simplify tests down using expect(fn) to make them more readable - don't require config directly - removed TODO which is no longer valid - All this is essentially ground work before introducing a better framework for running acceptance tests
2021-05-27 19:50:14 +03:00
.expect(assertContentIsAbsent);
✨ Added support for gating content by member labels and products (#12946) refs https://github.com/TryGhost/Team/issues/581 closes https://github.com/TryGhost/Team/issues/582 Emails can now be sent to members with specific associated labels or products by specifying an NQL string. We want to bring the same members segment feature to content by allowing `visibility` to be an NQL filter string on top of the `public/members/paid` special-case strings. As an example it's possible to set `posts.visibility` to `label:vip` to make a post available only to those members with the `vip` label. - removed enum validations for `visibility` so it now accepts any string or `null` - bumped `@tryghost/admin-api-schema` for API-level validation changes - added nql validation to API input validators by running the visibility query against the members model - added transform of NQL to special-case visibility values when saving post model - ensures there's a single way of representing "members" and "paid" where NQL gives multiple ways of representing the same segment - useful for keeping theme-level checks such as `{{#has visibility="paid"}}` working as expected - updated content-gating to parse nql from post's visibility and use it to query the currently logged in member to see if there's a match - bumped @tryghost/members-api to include label and product data when loading member
2021-05-10 21:32:11 +03:00
});
});
describe('as free member with vip label', function () {
Added the `last_seen_at` update on member page view refs https://github.com/TryGhost/Team/issues/1306 - This adds a `MemberPageViewEvent` event when a page is viewed by a member (post/page/tag/author/...) - Integrates the `LastSeenAtUpdater` service that listens to the `MemberPageViewEvent` events to update `member.last_seen_at` - Follows the latest testing recommendation (end to end test + testing for side-effects)
2022-02-24 12:33:24 +03:00
const email = 'vip@test.com';
✨ Added support for gating content by member labels and products (#12946) refs https://github.com/TryGhost/Team/issues/581 closes https://github.com/TryGhost/Team/issues/582 Emails can now be sent to members with specific associated labels or products by specifying an NQL string. We want to bring the same members segment feature to content by allowing `visibility` to be an NQL filter string on top of the `public/members/paid` special-case strings. As an example it's possible to set `posts.visibility` to `label:vip` to make a post available only to those members with the `vip` label. - removed enum validations for `visibility` so it now accepts any string or `null` - bumped `@tryghost/admin-api-schema` for API-level validation changes - added nql validation to API input validators by running the visibility query against the members model - added transform of NQL to special-case visibility values when saving post model - ensures there's a single way of representing "members" and "paid" where NQL gives multiple ways of representing the same segment - useful for keeping theme-level checks such as `{{#has visibility="paid"}}` working as expected - updated content-gating to parse nql from post's visibility and use it to query the currently logged in member to see if there's a match - bumped @tryghost/members-api to include label and product data when loading member
2021-05-10 21:32:11 +03:00
before(async function () {
Added the `last_seen_at` update on member page view refs https://github.com/TryGhost/Team/issues/1306 - This adds a `MemberPageViewEvent` event when a page is viewed by a member (post/page/tag/author/...) - Integrates the `LastSeenAtUpdater` service that listens to the `MemberPageViewEvent` events to update `member.last_seen_at` - Follows the latest testing recommendation (end to end test + testing for side-effects)
2022-02-24 12:33:24 +03:00
await loginAsMember(email);
✨ Added support for gating content by member labels and products (#12946) refs https://github.com/TryGhost/Team/issues/581 closes https://github.com/TryGhost/Team/issues/582 Emails can now be sent to members with specific associated labels or products by specifying an NQL string. We want to bring the same members segment feature to content by allowing `visibility` to be an NQL filter string on top of the `public/members/paid` special-case strings. As an example it's possible to set `posts.visibility` to `label:vip` to make a post available only to those members with the `vip` label. - removed enum validations for `visibility` so it now accepts any string or `null` - bumped `@tryghost/admin-api-schema` for API-level validation changes - added nql validation to API input validators by running the visibility query against the members model - added transform of NQL to special-case visibility values when saving post model - ensures there's a single way of representing "members" and "paid" where NQL gives multiple ways of representing the same segment - useful for keeping theme-level checks such as `{{#has visibility="paid"}}` working as expected - updated content-gating to parse nql from post's visibility and use it to query the currently logged in member to see if there's a match - bumped @tryghost/members-api to include label and product data when loading member
2021-05-10 21:32:11 +03:00
});
Added the `last_seen_at` update on member page view refs https://github.com/TryGhost/Team/issues/1306 - This adds a `MemberPageViewEvent` event when a page is viewed by a member (post/page/tag/author/...) - Integrates the `LastSeenAtUpdater` service that listens to the `MemberPageViewEvent` events to update `member.last_seen_at` - Follows the latest testing recommendation (end to end test + testing for side-effects)
2022-02-24 12:33:24 +03:00
it('generates a MemberPageView event', async function () {
const spy = sinon.spy();
DomainEvents.subscribe(MemberPageViewEvent, spy);
// Reset last_seen_at property
let member = await models.Member.findOne({email});
await models.Member.edit({last_seen_at: null}, {id: member.get('id')});
member = await models.Member.findOne({email});
assert.equal(member.get('last_seen_at'), null, 'The member shouldn\'t have a `last_seen_at` property set before this test.');
await request
.get('/free-to-see/')
.expect(200)
.expect(assertContentIsPresent);
assert(spy.calledOnce, 'A page view from a member should generate a MemberPageViewEvent event');
member = await models.Member.findOne({email});
assert.notEqual(member.get('last_seen_at'), null, 'The member should have a `last_seen_at` property after having visited a page while logged-in.');
});
🐛 Fixed complimentary members' content gating (#12761) no issue Comped members were not able to view paid-member content because content gating was only looking for `member.status === 'paid'` which doesn't take into consideration members on a "complimentary" plan. - added front-end acceptance tests for member access to posts - updated content-gating check to take comped members into consideration
2021-03-15 09:13:48 +03:00
});
describe('as paid member', function () {
Added the `last_seen_at` update on member page view refs https://github.com/TryGhost/Team/issues/1306 - This adds a `MemberPageViewEvent` event when a page is viewed by a member (post/page/tag/author/...) - Integrates the `LastSeenAtUpdater` service that listens to the `MemberPageViewEvent` events to update `member.last_seen_at` - Follows the latest testing recommendation (end to end test + testing for side-effects)
2022-02-24 12:33:24 +03:00
const email = 'paid@test.com';
🐛 Fixed complimentary members' content gating (#12761) no issue Comped members were not able to view paid-member content because content gating was only looking for `member.status === 'paid'` which doesn't take into consideration members on a "complimentary" plan. - added front-end acceptance tests for member access to posts - updated content-gating check to take comped members into consideration
2021-03-15 09:13:48 +03:00
before(async function () {
🔒 Prevented member creation when logging in (#15526) fixes https://github.com/TryGhost/Ghost/issues/14508 This change requires the frontend to send an explicit `emailType` when sending a magic link. We default to `subscribe` (`signin` for invite only sites) for now to remain compatible with the existing behaviour. **Problem:** When a member tries to login and that member doesn't exist, we created a new member in the past. - This caused the creation of duplicate accounts when members were guessing the email address they used. - This caused the creation of new accounts when using an old impersonation token, login link or email change link that was sent before member deletion. **Fixed:** - Trying to login with an email address that doesn't exist will throw an error now. - Added new and separate rate limiting to login (to prevent user enumeration). This rate limiting has a higher default limit of 8. I think it needs a higher default limit (because it is rate limited on every call instead of per email address. And it should be configurable independent from administrator rate limiting. It also needs a lower lifetime value because it is never reset. - Updated error responses in the `sendMagicLink` endpoint to use the default error encoding middleware. - The type (`signin`, `signup`, `updateEmail` or `subscribe`) is now stored in the magic link. This is used to prevent signups with a sign in token. **Notes:** - Between tests, we truncate the database, but this is not enough for the rate limits to be truly reset. I had to add a method to the spam prevention service to reset all the instances between tests. Not resetting them caused random failures because every login in every test was hitting those spam prevention middlewares and somehow left a trace of that in those instances (even when the brute table is reset). Maybe those instances were doing some in memory caching.
2022-10-05 13:42:42 +03:00
// Member should exist, because we are signin in
await models.Member.findOne({email}, {require: true});
🐛 Fixed complimentary members' content gating (#12761) no issue Comped members were not able to view paid-member content because content gating was only looking for `member.status === 'paid'` which doesn't take into consideration members on a "complimentary" plan. - added front-end acceptance tests for member access to posts - updated content-gating check to take comped members into consideration
2021-03-15 09:13:48 +03:00
// membersService needs to be required after Ghost start so that settings
// are pre-populated with defaults
const membersService = require('../../core/server/services/members');
🔒 Prevented member creation when logging in (#15526) fixes https://github.com/TryGhost/Ghost/issues/14508 This change requires the frontend to send an explicit `emailType` when sending a magic link. We default to `subscribe` (`signin` for invite only sites) for now to remain compatible with the existing behaviour. **Problem:** When a member tries to login and that member doesn't exist, we created a new member in the past. - This caused the creation of duplicate accounts when members were guessing the email address they used. - This caused the creation of new accounts when using an old impersonation token, login link or email change link that was sent before member deletion. **Fixed:** - Trying to login with an email address that doesn't exist will throw an error now. - Added new and separate rate limiting to login (to prevent user enumeration). This rate limiting has a higher default limit of 8. I think it needs a higher default limit (because it is rate limited on every call instead of per email address. And it should be configurable independent from administrator rate limiting. It also needs a lower lifetime value because it is never reset. - Updated error responses in the `sendMagicLink` endpoint to use the default error encoding middleware. - The type (`signin`, `signup`, `updateEmail` or `subscribe`) is now stored in the magic link. This is used to prevent signups with a sign in token. **Notes:** - Between tests, we truncate the database, but this is not enough for the rate limits to be truly reset. I had to add a method to the spam prevention service to reset all the instances between tests. Not resetting them caused random failures because every login in every test was hitting those spam prevention middlewares and somehow left a trace of that in those instances (even when the brute table is reset). Maybe those instances were doing some in memory caching.
2022-10-05 13:42:42 +03:00
const signinLink = await membersService.api.getMagicLink(email, 'signin');
🐛 Fixed complimentary members' content gating (#12761) no issue Comped members were not able to view paid-member content because content gating was only looking for `member.status === 'paid'` which doesn't take into consideration members on a "complimentary" plan. - added front-end acceptance tests for member access to posts - updated content-gating check to take comped members into consideration
2021-03-15 09:13:48 +03:00
const signinURL = new URL(signinLink);
// request needs a relative path rather than full url with host
const signinPath = `${signinURL.pathname}${signinURL.search}`;
// perform a sign-in request to set members cookies on superagent
await request.get(signinPath)
.expect(302)
.then((res) => {
const redirectUrl = new URL(res.headers.location, testUtils.API.getURL());
should.exist(redirectUrl.searchParams.get('success'));
redirectUrl.searchParams.get('success').should.eql('true');
});
});
Used consistent patterns in acceptance tests - use testUtils.startGhost() directly - use async+await for tests - simplify tests down using expect(fn) to make them more readable - don't require config directly - removed TODO which is no longer valid - All this is essentially ground work before introducing a better framework for running acceptance tests
2021-05-27 19:50:14 +03:00
it('can read public post content', async function () {
await request
🐛 Fixed complimentary members' content gating (#12761) no issue Comped members were not able to view paid-member content because content gating was only looking for `member.status === 'paid'` which doesn't take into consideration members on a "complimentary" plan. - added front-end acceptance tests for member access to posts - updated content-gating check to take comped members into consideration
2021-03-15 09:13:48 +03:00
.get('/free-to-see/')
.expect(200)
Used consistent patterns in acceptance tests - use testUtils.startGhost() directly - use async+await for tests - simplify tests down using expect(fn) to make them more readable - don't require config directly - removed TODO which is no longer valid - All this is essentially ground work before introducing a better framework for running acceptance tests
2021-05-27 19:50:14 +03:00
.expect(assertContentIsPresent);
🐛 Fixed complimentary members' content gating (#12761) no issue Comped members were not able to view paid-member content because content gating was only looking for `member.status === 'paid'` which doesn't take into consideration members on a "complimentary" plan. - added front-end acceptance tests for member access to posts - updated content-gating check to take comped members into consideration
2021-03-15 09:13:48 +03:00
});
Used consistent patterns in acceptance tests - use testUtils.startGhost() directly - use async+await for tests - simplify tests down using expect(fn) to make them more readable - don't require config directly - removed TODO which is no longer valid - All this is essentially ground work before introducing a better framework for running acceptance tests
2021-05-27 19:50:14 +03:00
it('can read members post content', async function () {
await request
🐛 Fixed complimentary members' content gating (#12761) no issue Comped members were not able to view paid-member content because content gating was only looking for `member.status === 'paid'` which doesn't take into consideration members on a "complimentary" plan. - added front-end acceptance tests for member access to posts - updated content-gating check to take comped members into consideration
2021-03-15 09:13:48 +03:00
.get('/thou-shalt-not-be-seen/')
.expect(200)
Used consistent patterns in acceptance tests - use testUtils.startGhost() directly - use async+await for tests - simplify tests down using expect(fn) to make them more readable - don't require config directly - removed TODO which is no longer valid - All this is essentially ground work before introducing a better framework for running acceptance tests
2021-05-27 19:50:14 +03:00
.expect(assertContentIsPresent);
🐛 Fixed complimentary members' content gating (#12761) no issue Comped members were not able to view paid-member content because content gating was only looking for `member.status === 'paid'` which doesn't take into consideration members on a "complimentary" plan. - added front-end acceptance tests for member access to posts - updated content-gating check to take comped members into consideration
2021-03-15 09:13:48 +03:00
});
Used consistent patterns in acceptance tests - use testUtils.startGhost() directly - use async+await for tests - simplify tests down using expect(fn) to make them more readable - don't require config directly - removed TODO which is no longer valid - All this is essentially ground work before introducing a better framework for running acceptance tests
2021-05-27 19:50:14 +03:00
it('can read paid post content', async function () {
await request
🐛 Fixed complimentary members' content gating (#12761) no issue Comped members were not able to view paid-member content because content gating was only looking for `member.status === 'paid'` which doesn't take into consideration members on a "complimentary" plan. - added front-end acceptance tests for member access to posts - updated content-gating check to take comped members into consideration
2021-03-15 09:13:48 +03:00
.get('/thou-shalt-be-paid-for/')
.expect(200)
Used consistent patterns in acceptance tests - use testUtils.startGhost() directly - use async+await for tests - simplify tests down using expect(fn) to make them more readable - don't require config directly - removed TODO which is no longer valid - All this is essentially ground work before introducing a better framework for running acceptance tests
2021-05-27 19:50:14 +03:00
.expect(assertContentIsPresent);
🐛 Fixed complimentary members' content gating (#12761) no issue Comped members were not able to view paid-member content because content gating was only looking for `member.status === 'paid'` which doesn't take into consideration members on a "complimentary" plan. - added front-end acceptance tests for member access to posts - updated content-gating check to take comped members into consideration
2021-03-15 09:13:48 +03:00
});
✨ Added support for gating content by member labels and products (#12946) refs https://github.com/TryGhost/Team/issues/581 closes https://github.com/TryGhost/Team/issues/582 Emails can now be sent to members with specific associated labels or products by specifying an NQL string. We want to bring the same members segment feature to content by allowing `visibility` to be an NQL filter string on top of the `public/members/paid` special-case strings. As an example it's possible to set `posts.visibility` to `label:vip` to make a post available only to those members with the `vip` label. - removed enum validations for `visibility` so it now accepts any string or `null` - bumped `@tryghost/admin-api-schema` for API-level validation changes - added nql validation to API input validators by running the visibility query against the members model - added transform of NQL to special-case visibility values when saving post model - ensures there's a single way of representing "members" and "paid" where NQL gives multiple ways of representing the same segment - useful for keeping theme-level checks such as `{{#has visibility="paid"}}` working as expected - updated content-gating to parse nql from post's visibility and use it to query the currently logged in member to see if there's a match - bumped @tryghost/members-api to include label and product data when loading member
2021-05-10 21:32:11 +03:00
Used consistent patterns in acceptance tests - use testUtils.startGhost() directly - use async+await for tests - simplify tests down using expect(fn) to make them more readable - don't require config directly - removed TODO which is no longer valid - All this is essentially ground work before introducing a better framework for running acceptance tests
2021-05-27 19:50:14 +03:00
it('cannot read label-only post content', async function () {
await request
✨ Added support for gating content by member labels and products (#12946) refs https://github.com/TryGhost/Team/issues/581 closes https://github.com/TryGhost/Team/issues/582 Emails can now be sent to members with specific associated labels or products by specifying an NQL string. We want to bring the same members segment feature to content by allowing `visibility` to be an NQL filter string on top of the `public/members/paid` special-case strings. As an example it's possible to set `posts.visibility` to `label:vip` to make a post available only to those members with the `vip` label. - removed enum validations for `visibility` so it now accepts any string or `null` - bumped `@tryghost/admin-api-schema` for API-level validation changes - added nql validation to API input validators by running the visibility query against the members model - added transform of NQL to special-case visibility values when saving post model - ensures there's a single way of representing "members" and "paid" where NQL gives multiple ways of representing the same segment - useful for keeping theme-level checks such as `{{#has visibility="paid"}}` working as expected - updated content-gating to parse nql from post's visibility and use it to query the currently logged in member to see if there's a match - bumped @tryghost/members-api to include label and product data when loading member
2021-05-10 21:32:11 +03:00
.get('/thou-must-be-labelled-vip/')
.expect(200)
Used consistent patterns in acceptance tests - use testUtils.startGhost() directly - use async+await for tests - simplify tests down using expect(fn) to make them more readable - don't require config directly - removed TODO which is no longer valid - All this is essentially ground work before introducing a better framework for running acceptance tests
2021-05-27 19:50:14 +03:00
.expect(assertContentIsAbsent);
✨ Added support for gating content by member labels and products (#12946) refs https://github.com/TryGhost/Team/issues/581 closes https://github.com/TryGhost/Team/issues/582 Emails can now be sent to members with specific associated labels or products by specifying an NQL string. We want to bring the same members segment feature to content by allowing `visibility` to be an NQL filter string on top of the `public/members/paid` special-case strings. As an example it's possible to set `posts.visibility` to `label:vip` to make a post available only to those members with the `vip` label. - removed enum validations for `visibility` so it now accepts any string or `null` - bumped `@tryghost/admin-api-schema` for API-level validation changes - added nql validation to API input validators by running the visibility query against the members model - added transform of NQL to special-case visibility values when saving post model - ensures there's a single way of representing "members" and "paid" where NQL gives multiple ways of representing the same segment - useful for keeping theme-level checks such as `{{#has visibility="paid"}}` working as expected - updated content-gating to parse nql from post's visibility and use it to query the currently logged in member to see if there's a match - bumped @tryghost/members-api to include label and product data when loading member
2021-05-10 21:32:11 +03:00
});
🐛 Fixed welcome pages not working for "subscribe" links (#14176) - Fixed test fixtures so that members with subscriptions also have products/tiers - Fixed test fixtures so that default&free tiers can be updated for tests - Added tests for the signin functionality and welcome page redirects - Extended `setupStripe` to setup other Members settings - this needs some more thought around how we proceed
2022-02-20 17:02:42 +03:00
it('can read product-only post content', async function () {
Used consistent patterns in acceptance tests - use testUtils.startGhost() directly - use async+await for tests - simplify tests down using expect(fn) to make them more readable - don't require config directly - removed TODO which is no longer valid - All this is essentially ground work before introducing a better framework for running acceptance tests
2021-05-27 19:50:14 +03:00
await request
✨ Added support for gating content by member labels and products (#12946) refs https://github.com/TryGhost/Team/issues/581 closes https://github.com/TryGhost/Team/issues/582 Emails can now be sent to members with specific associated labels or products by specifying an NQL string. We want to bring the same members segment feature to content by allowing `visibility` to be an NQL filter string on top of the `public/members/paid` special-case strings. As an example it's possible to set `posts.visibility` to `label:vip` to make a post available only to those members with the `vip` label. - removed enum validations for `visibility` so it now accepts any string or `null` - bumped `@tryghost/admin-api-schema` for API-level validation changes - added nql validation to API input validators by running the visibility query against the members model - added transform of NQL to special-case visibility values when saving post model - ensures there's a single way of representing "members" and "paid" where NQL gives multiple ways of representing the same segment - useful for keeping theme-level checks such as `{{#has visibility="paid"}}` working as expected - updated content-gating to parse nql from post's visibility and use it to query the currently logged in member to see if there's a match - bumped @tryghost/members-api to include label and product data when loading member
2021-05-10 21:32:11 +03:00
.get('/thou-must-have-default-product/')
.expect(200)
🐛 Fixed welcome pages not working for "subscribe" links (#14176) - Fixed test fixtures so that members with subscriptions also have products/tiers - Fixed test fixtures so that default&free tiers can be updated for tests - Added tests for the signin functionality and welcome page redirects - Extended `setupStripe` to setup other Members settings - this needs some more thought around how we proceed
2022-02-20 17:02:42 +03:00
.expect(assertContentIsPresent);
✨ Added support for gating content by member labels and products (#12946) refs https://github.com/TryGhost/Team/issues/581 closes https://github.com/TryGhost/Team/issues/582 Emails can now be sent to members with specific associated labels or products by specifying an NQL string. We want to bring the same members segment feature to content by allowing `visibility` to be an NQL filter string on top of the `public/members/paid` special-case strings. As an example it's possible to set `posts.visibility` to `label:vip` to make a post available only to those members with the `vip` label. - removed enum validations for `visibility` so it now accepts any string or `null` - bumped `@tryghost/admin-api-schema` for API-level validation changes - added nql validation to API input validators by running the visibility query against the members model - added transform of NQL to special-case visibility values when saving post model - ensures there's a single way of representing "members" and "paid" where NQL gives multiple ways of representing the same segment - useful for keeping theme-level checks such as `{{#has visibility="paid"}}` working as expected - updated content-gating to parse nql from post's visibility and use it to query the currently logged in member to see if there's a match - bumped @tryghost/members-api to include label and product data when loading member
2021-05-10 21:32:11 +03:00
});
Added the `last_seen_at` update on member page view refs https://github.com/TryGhost/Team/issues/1306 - This adds a `MemberPageViewEvent` event when a page is viewed by a member (post/page/tag/author/...) - Integrates the `LastSeenAtUpdater` service that listens to the `MemberPageViewEvent` events to update `member.last_seen_at` - Follows the latest testing recommendation (end to end test + testing for side-effects)
2022-02-24 12:33:24 +03:00
it('generates a MemberPageView event', async function () {
const spy = sinon.spy();
DomainEvents.subscribe(MemberPageViewEvent, spy);
// Reset last_seen_at property
let member = await models.Member.findOne({email});
await models.Member.edit({last_seen_at: null}, {id: member.get('id')});
member = await models.Member.findOne({email});
assert.equal(member.get('last_seen_at'), null, 'The member shouldn\'t have a `last_seen_at` property set before this test.');
await request
.get('/free-to-see/')
.expect(200)
.expect(assertContentIsPresent);
assert(spy.calledOnce, 'A page view from a member should generate a MemberPageViewEvent event');
member = await models.Member.findOne({email});
assert.notEqual(member.get('last_seen_at'), null, 'The member should have a `last_seen_at` property after having visited a page while logged-in.');
});
🐛 Fixed complimentary members' content gating (#12761) no issue Comped members were not able to view paid-member content because content gating was only looking for `member.status === 'paid'` which doesn't take into consideration members on a "complimentary" plan. - added front-end acceptance tests for member access to posts - updated content-gating check to take comped members into consideration
2021-03-15 09:13:48 +03:00
});
✨ Added support for gating content by member labels and products (#12946) refs https://github.com/TryGhost/Team/issues/581 closes https://github.com/TryGhost/Team/issues/582 Emails can now be sent to members with specific associated labels or products by specifying an NQL string. We want to bring the same members segment feature to content by allowing `visibility` to be an NQL filter string on top of the `public/members/paid` special-case strings. As an example it's possible to set `posts.visibility` to `label:vip` to make a post available only to those members with the `vip` label. - removed enum validations for `visibility` so it now accepts any string or `null` - bumped `@tryghost/admin-api-schema` for API-level validation changes - added nql validation to API input validators by running the visibility query against the members model - added transform of NQL to special-case visibility values when saving post model - ensures there's a single way of representing "members" and "paid" where NQL gives multiple ways of representing the same segment - useful for keeping theme-level checks such as `{{#has visibility="paid"}}` working as expected - updated content-gating to parse nql from post's visibility and use it to query the currently logged in member to see if there's a match - bumped @tryghost/members-api to include label and product data when loading member
2021-05-10 21:32:11 +03:00
describe('as comped member', function () {
before(async function () {
await loginAsMember('comped@test.com');
});
🐛 Fixed complimentary members' content gating (#12761) no issue Comped members were not able to view paid-member content because content gating was only looking for `member.status === 'paid'` which doesn't take into consideration members on a "complimentary" plan. - added front-end acceptance tests for member access to posts - updated content-gating check to take comped members into consideration
2021-03-15 09:13:48 +03:00
Used consistent patterns in acceptance tests - use testUtils.startGhost() directly - use async+await for tests - simplify tests down using expect(fn) to make them more readable - don't require config directly - removed TODO which is no longer valid - All this is essentially ground work before introducing a better framework for running acceptance tests
2021-05-27 19:50:14 +03:00
it('can read public post content', async function () {
await request
🐛 Fixed complimentary members' content gating (#12761) no issue Comped members were not able to view paid-member content because content gating was only looking for `member.status === 'paid'` which doesn't take into consideration members on a "complimentary" plan. - added front-end acceptance tests for member access to posts - updated content-gating check to take comped members into consideration
2021-03-15 09:13:48 +03:00
.get('/free-to-see/')
.expect(200)
Used consistent patterns in acceptance tests - use testUtils.startGhost() directly - use async+await for tests - simplify tests down using expect(fn) to make them more readable - don't require config directly - removed TODO which is no longer valid - All this is essentially ground work before introducing a better framework for running acceptance tests
2021-05-27 19:50:14 +03:00
.expect(assertContentIsPresent);
🐛 Fixed complimentary members' content gating (#12761) no issue Comped members were not able to view paid-member content because content gating was only looking for `member.status === 'paid'` which doesn't take into consideration members on a "complimentary" plan. - added front-end acceptance tests for member access to posts - updated content-gating check to take comped members into consideration
2021-03-15 09:13:48 +03:00
});
Used consistent patterns in acceptance tests - use testUtils.startGhost() directly - use async+await for tests - simplify tests down using expect(fn) to make them more readable - don't require config directly - removed TODO which is no longer valid - All this is essentially ground work before introducing a better framework for running acceptance tests
2021-05-27 19:50:14 +03:00
it('can read members post content', async function () {
await request
🐛 Fixed complimentary members' content gating (#12761) no issue Comped members were not able to view paid-member content because content gating was only looking for `member.status === 'paid'` which doesn't take into consideration members on a "complimentary" plan. - added front-end acceptance tests for member access to posts - updated content-gating check to take comped members into consideration
2021-03-15 09:13:48 +03:00
.get('/thou-shalt-not-be-seen/')
.expect(200)
Used consistent patterns in acceptance tests - use testUtils.startGhost() directly - use async+await for tests - simplify tests down using expect(fn) to make them more readable - don't require config directly - removed TODO which is no longer valid - All this is essentially ground work before introducing a better framework for running acceptance tests
2021-05-27 19:50:14 +03:00
.expect(assertContentIsPresent);
🐛 Fixed complimentary members' content gating (#12761) no issue Comped members were not able to view paid-member content because content gating was only looking for `member.status === 'paid'` which doesn't take into consideration members on a "complimentary" plan. - added front-end acceptance tests for member access to posts - updated content-gating check to take comped members into consideration
2021-03-15 09:13:48 +03:00
});
Used consistent patterns in acceptance tests - use testUtils.startGhost() directly - use async+await for tests - simplify tests down using expect(fn) to make them more readable - don't require config directly - removed TODO which is no longer valid - All this is essentially ground work before introducing a better framework for running acceptance tests
2021-05-27 19:50:14 +03:00
it('can read paid post content', async function () {
await request
🐛 Fixed complimentary members' content gating (#12761) no issue Comped members were not able to view paid-member content because content gating was only looking for `member.status === 'paid'` which doesn't take into consideration members on a "complimentary" plan. - added front-end acceptance tests for member access to posts - updated content-gating check to take comped members into consideration
2021-03-15 09:13:48 +03:00
.get('/thou-shalt-be-paid-for/')
.expect(200)
Used consistent patterns in acceptance tests - use testUtils.startGhost() directly - use async+await for tests - simplify tests down using expect(fn) to make them more readable - don't require config directly - removed TODO which is no longer valid - All this is essentially ground work before introducing a better framework for running acceptance tests
2021-05-27 19:50:14 +03:00
.expect(assertContentIsPresent);
🐛 Fixed complimentary members' content gating (#12761) no issue Comped members were not able to view paid-member content because content gating was only looking for `member.status === 'paid'` which doesn't take into consideration members on a "complimentary" plan. - added front-end acceptance tests for member access to posts - updated content-gating check to take comped members into consideration
2021-03-15 09:13:48 +03:00
});
✨ Added support for gating content by member labels and products (#12946) refs https://github.com/TryGhost/Team/issues/581 closes https://github.com/TryGhost/Team/issues/582 Emails can now be sent to members with specific associated labels or products by specifying an NQL string. We want to bring the same members segment feature to content by allowing `visibility` to be an NQL filter string on top of the `public/members/paid` special-case strings. As an example it's possible to set `posts.visibility` to `label:vip` to make a post available only to those members with the `vip` label. - removed enum validations for `visibility` so it now accepts any string or `null` - bumped `@tryghost/admin-api-schema` for API-level validation changes - added nql validation to API input validators by running the visibility query against the members model - added transform of NQL to special-case visibility values when saving post model - ensures there's a single way of representing "members" and "paid" where NQL gives multiple ways of representing the same segment - useful for keeping theme-level checks such as `{{#has visibility="paid"}}` working as expected - updated content-gating to parse nql from post's visibility and use it to query the currently logged in member to see if there's a match - bumped @tryghost/members-api to include label and product data when loading member
2021-05-10 21:32:11 +03:00
Used consistent patterns in acceptance tests - use testUtils.startGhost() directly - use async+await for tests - simplify tests down using expect(fn) to make them more readable - don't require config directly - removed TODO which is no longer valid - All this is essentially ground work before introducing a better framework for running acceptance tests
2021-05-27 19:50:14 +03:00
it('cannot read label-only post content', async function () {
await request
✨ Added support for gating content by member labels and products (#12946) refs https://github.com/TryGhost/Team/issues/581 closes https://github.com/TryGhost/Team/issues/582 Emails can now be sent to members with specific associated labels or products by specifying an NQL string. We want to bring the same members segment feature to content by allowing `visibility` to be an NQL filter string on top of the `public/members/paid` special-case strings. As an example it's possible to set `posts.visibility` to `label:vip` to make a post available only to those members with the `vip` label. - removed enum validations for `visibility` so it now accepts any string or `null` - bumped `@tryghost/admin-api-schema` for API-level validation changes - added nql validation to API input validators by running the visibility query against the members model - added transform of NQL to special-case visibility values when saving post model - ensures there's a single way of representing "members" and "paid" where NQL gives multiple ways of representing the same segment - useful for keeping theme-level checks such as `{{#has visibility="paid"}}` working as expected - updated content-gating to parse nql from post's visibility and use it to query the currently logged in member to see if there's a match - bumped @tryghost/members-api to include label and product data when loading member
2021-05-10 21:32:11 +03:00
.get('/thou-must-be-labelled-vip/')
.expect(200)
Used consistent patterns in acceptance tests - use testUtils.startGhost() directly - use async+await for tests - simplify tests down using expect(fn) to make them more readable - don't require config directly - removed TODO which is no longer valid - All this is essentially ground work before introducing a better framework for running acceptance tests
2021-05-27 19:50:14 +03:00
.expect(assertContentIsAbsent);
✨ Added support for gating content by member labels and products (#12946) refs https://github.com/TryGhost/Team/issues/581 closes https://github.com/TryGhost/Team/issues/582 Emails can now be sent to members with specific associated labels or products by specifying an NQL string. We want to bring the same members segment feature to content by allowing `visibility` to be an NQL filter string on top of the `public/members/paid` special-case strings. As an example it's possible to set `posts.visibility` to `label:vip` to make a post available only to those members with the `vip` label. - removed enum validations for `visibility` so it now accepts any string or `null` - bumped `@tryghost/admin-api-schema` for API-level validation changes - added nql validation to API input validators by running the visibility query against the members model - added transform of NQL to special-case visibility values when saving post model - ensures there's a single way of representing "members" and "paid" where NQL gives multiple ways of representing the same segment - useful for keeping theme-level checks such as `{{#has visibility="paid"}}` working as expected - updated content-gating to parse nql from post's visibility and use it to query the currently logged in member to see if there's a match - bumped @tryghost/members-api to include label and product data when loading member
2021-05-10 21:32:11 +03:00
});
🐛 Fixed welcome pages not working for "subscribe" links (#14176) - Fixed test fixtures so that members with subscriptions also have products/tiers - Fixed test fixtures so that default&free tiers can be updated for tests - Added tests for the signin functionality and welcome page redirects - Extended `setupStripe` to setup other Members settings - this needs some more thought around how we proceed
2022-02-20 17:02:42 +03:00
it('can read product-only post content', async function () {
Used consistent patterns in acceptance tests - use testUtils.startGhost() directly - use async+await for tests - simplify tests down using expect(fn) to make them more readable - don't require config directly - removed TODO which is no longer valid - All this is essentially ground work before introducing a better framework for running acceptance tests
2021-05-27 19:50:14 +03:00
await request
✨ Added support for gating content by member labels and products (#12946) refs https://github.com/TryGhost/Team/issues/581 closes https://github.com/TryGhost/Team/issues/582 Emails can now be sent to members with specific associated labels or products by specifying an NQL string. We want to bring the same members segment feature to content by allowing `visibility` to be an NQL filter string on top of the `public/members/paid` special-case strings. As an example it's possible to set `posts.visibility` to `label:vip` to make a post available only to those members with the `vip` label. - removed enum validations for `visibility` so it now accepts any string or `null` - bumped `@tryghost/admin-api-schema` for API-level validation changes - added nql validation to API input validators by running the visibility query against the members model - added transform of NQL to special-case visibility values when saving post model - ensures there's a single way of representing "members" and "paid" where NQL gives multiple ways of representing the same segment - useful for keeping theme-level checks such as `{{#has visibility="paid"}}` working as expected - updated content-gating to parse nql from post's visibility and use it to query the currently logged in member to see if there's a match - bumped @tryghost/members-api to include label and product data when loading member
2021-05-10 21:32:11 +03:00
.get('/thou-must-have-default-product/')
.expect(200)
🐛 Fixed welcome pages not working for "subscribe" links (#14176) - Fixed test fixtures so that members with subscriptions also have products/tiers - Fixed test fixtures so that default&free tiers can be updated for tests - Added tests for the signin functionality and welcome page redirects - Extended `setupStripe` to setup other Members settings - this needs some more thought around how we proceed
2022-02-20 17:02:42 +03:00
.expect(assertContentIsPresent);
✨ Added support for gating content by member labels and products (#12946) refs https://github.com/TryGhost/Team/issues/581 closes https://github.com/TryGhost/Team/issues/582 Emails can now be sent to members with specific associated labels or products by specifying an NQL string. We want to bring the same members segment feature to content by allowing `visibility` to be an NQL filter string on top of the `public/members/paid` special-case strings. As an example it's possible to set `posts.visibility` to `label:vip` to make a post available only to those members with the `vip` label. - removed enum validations for `visibility` so it now accepts any string or `null` - bumped `@tryghost/admin-api-schema` for API-level validation changes - added nql validation to API input validators by running the visibility query against the members model - added transform of NQL to special-case visibility values when saving post model - ensures there's a single way of representing "members" and "paid" where NQL gives multiple ways of representing the same segment - useful for keeping theme-level checks such as `{{#has visibility="paid"}}` working as expected - updated content-gating to parse nql from post's visibility and use it to query the currently logged in member to see if there's a match - bumped @tryghost/members-api to include label and product data when loading member
2021-05-10 21:32:11 +03:00
});
});
describe('as member with product', function () {
before(async function () {
await loginAsMember('with-product@test.com');
});
Used consistent patterns in acceptance tests - use testUtils.startGhost() directly - use async+await for tests - simplify tests down using expect(fn) to make them more readable - don't require config directly - removed TODO which is no longer valid - All this is essentially ground work before introducing a better framework for running acceptance tests
2021-05-27 19:50:14 +03:00
it('can read product-only post content', async function () {
await request
✨ Added support for gating content by member labels and products (#12946) refs https://github.com/TryGhost/Team/issues/581 closes https://github.com/TryGhost/Team/issues/582 Emails can now be sent to members with specific associated labels or products by specifying an NQL string. We want to bring the same members segment feature to content by allowing `visibility` to be an NQL filter string on top of the `public/members/paid` special-case strings. As an example it's possible to set `posts.visibility` to `label:vip` to make a post available only to those members with the `vip` label. - removed enum validations for `visibility` so it now accepts any string or `null` - bumped `@tryghost/admin-api-schema` for API-level validation changes - added nql validation to API input validators by running the visibility query against the members model - added transform of NQL to special-case visibility values when saving post model - ensures there's a single way of representing "members" and "paid" where NQL gives multiple ways of representing the same segment - useful for keeping theme-level checks such as `{{#has visibility="paid"}}` working as expected - updated content-gating to parse nql from post's visibility and use it to query the currently logged in member to see if there's a match - bumped @tryghost/members-api to include label and product data when loading member
2021-05-10 21:32:11 +03:00
.get('/thou-must-have-default-product/')
.expect(200)
Used consistent patterns in acceptance tests - use testUtils.startGhost() directly - use async+await for tests - simplify tests down using expect(fn) to make them more readable - don't require config directly - removed TODO which is no longer valid - All this is essentially ground work before introducing a better framework for running acceptance tests
2021-05-27 19:50:14 +03:00
.expect(assertContentIsPresent);
✨ Added support for gating content by member labels and products (#12946) refs https://github.com/TryGhost/Team/issues/581 closes https://github.com/TryGhost/Team/issues/582 Emails can now be sent to members with specific associated labels or products by specifying an NQL string. We want to bring the same members segment feature to content by allowing `visibility` to be an NQL filter string on top of the `public/members/paid` special-case strings. As an example it's possible to set `posts.visibility` to `label:vip` to make a post available only to those members with the `vip` label. - removed enum validations for `visibility` so it now accepts any string or `null` - bumped `@tryghost/admin-api-schema` for API-level validation changes - added nql validation to API input validators by running the visibility query against the members model - added transform of NQL to special-case visibility values when saving post model - ensures there's a single way of representing "members" and "paid" where NQL gives multiple ways of representing the same segment - useful for keeping theme-level checks such as `{{#has visibility="paid"}}` working as expected - updated content-gating to parse nql from post's visibility and use it to query the currently logged in member to see if there's a match - bumped @tryghost/members-api to include label and product data when loading member
2021-05-10 21:32:11 +03:00
});
🐛 Fixed complimentary members' content gating (#12761) no issue Comped members were not able to view paid-member content because content gating was only looking for `member.status === 'paid'` which doesn't take into consideration members on a "complimentary" plan. - added front-end acceptance tests for member access to posts - updated content-gating check to take comped members into consideration
2021-03-15 09:13:48 +03:00
});
});
Extracted members-specific middleware from site app module (#11405) no issue - In order to keep site/app.js module tidy and less coupled with members module we need to extract some of the functionality where it belongs conceptually - Added "members enabled check" middleware to stripe webhook endpoint - Reshuffled members middleware so that siteApp is in control of mounting points. This is meant to be a more explicit way to see which endpoints are being handled by members middleware - Extracted member-specific public file middleware - Unified use of `labs.member` alias method. Done for code style consistency - Added basic members' test suite. This is a base we could work from when more modifications are needed - Removed route handler for unexisting members file "members-theme-bindings.js". Calling this route otherwise causes a 500. Looks like a leftover from 49672a1e4d268683feb67a574429b910417100c1
2019-11-21 06:01:24 +03:00
});
Reference in New Issue Copy Permalink