TryGhost/Ghost
1
0
Fork 0
mirror of https://github.com/TryGhost/Ghost.git synced 2024-11-11 18:35:22 +03:00
Code Issues Projects Releases Wiki Activity

Added validation for Tier prices

Browse Source 
refs https://github.com/TryGhost/Team/issues/1319
refs https://github.com/TryGhost/Team/issues/521

This updates the members-api to explicitly validate Tier prices rather
than deferring to Stripe and using whichever errors they throw.
This commit is contained in:
Fabien 'egg' O'Carroll 2022-02-09 11:04:58 +02:00 committed by GitHub
parent b1c2b923ce
commit 88786f768b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 74 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
package.json
View File

@ -80,7 +80,7 @@
"@tryghost/limit-service": "1.0.9", "@tryghost/limit-service": "1.0.9",
"@tryghost/logging": "2.0.3", "@tryghost/logging": "2.0.3",
"@tryghost/magic-link": "1.0.17", "@tryghost/magic-link": "1.0.17",
"@tryghost/members-api": "4.8.13", "@tryghost/members-api": "4.8.14",
"@tryghost/members-importer": "0.5.0", "@tryghost/members-importer": "0.5.0",
"@tryghost/members-offers": "0.10.6", "@tryghost/members-offers": "0.10.6",
"@tryghost/members-ssr": "1.0.19", "@tryghost/members-ssr": "1.0.19",

69
test/e2e-api/admin/products.test.js Normal file
View File

@ -0,0 +1,69 @@
const should = require('should');
const sinon = require('sinon');
const labs = require('../../../core/shared/labs');
const {agentProvider, fixtureManager} = require('../../utils/e2e-framework');
describe('Tiers API', function () {
let agent;
before(async function () {
agent = await agentProvider.getAdminAPIAgent();
await fixtureManager.init('members');
await agent.loginAsOwner();
});
beforeEach(function () {
sinon.stub(labs, 'isSet').withArgs('multipleProducts').returns(false);
const stripeService = require('../../../core/server/services/stripe');
stripeService.api._configured = true;
});
afterEach(function () {
sinon.restore();
const stripeService = require('../../../core/server/services/stripe');
stripeService.api._configured = false;
});
it('Errors when price is non-integer', async function () {
const tier = {
name: 'Blah',
monthly_price: {
amount: 99.99
}
};
await agent
.post('/products/')
.body({products: [tier]})
.expectStatus(422);
});
it('Errors when price is negative', async function () {
const tier = {
name: 'Blah',
monthly_price: {
amount: -100
}
};
await agent
.post('/products/')
.body({products: [tier]})
.expectStatus(422);
});
it('Errors when price is too large', async function () {
const tier = {
name: 'Blah',
monthly_price: {
amount: Number.MAX_SAFE_INTEGER
}
};
await agent
.post('/products/')
.body({products: [tier]})
.expectStatus(422);
});
});

8
yarn.lock
View File

@ -1848,10 +1848,10 @@
"@tryghost/domain-events" "^0.1.6" "@tryghost/domain-events" "^0.1.6"
"@tryghost/member-events" "^0.3.4" "@tryghost/member-events" "^0.3.4"
"@tryghost/members-api@4.8.13": "@tryghost/members-api@4.8.14":
version "4.8.13" version "4.8.14"
resolved "https://registry.yarnpkg.com/@tryghost/members-api/-/members-api-4.8.13.tgz#080a460ad154d7bb4965f4fb577479d4e19018ed" resolved "https://registry.yarnpkg.com/@tryghost/members-api/-/members-api-4.8.14.tgz#45d94467992c609dafa8b19bffc5a658ced475c7"
integrity sha512-IIr1O3Yi52bBVV0aO/TxCwGD/JCHv7TT82PuCUt74b6Bq0IvCWz7iQXT80s2Sn8sTofhmIqzYLsSATYlhvJ79Q== integrity sha512-Ogq4BS8PjRjrEA6QeTnAd+Jq2JnjluePQJaVSLI1pTY7BoTghYwxvcmlFdJE4zx0KXtQoVeZbQg3UQbQhtKF8g==
dependencies: dependencies:
"@nexes/nql" "^0.6.0" "@nexes/nql" "^0.6.0"
"@tryghost/debug" "^0.1.2" "@tryghost/debug" "^0.1.2"