🐛 Fixed searching for free/paid members

no issue

- when searching for paid/free members, the `members_stripe_customers`
  table would be joined into the query on `members`
- this table also has a `name` and `email` field, so both MySQL and
  SQLite would complain about ambiguous fields in the query
- the result of this would be a 500 error thrown inside Ghost, and no
  useful response to the user
- this commit explicitly chooses the `members` table to check against,
  and also adds a test for this
This commit is contained in:
Daniel Lockyer 2020-07-06 09:09:08 +01:00
parent bf80ba924f
commit f65c425786
2 changed files with 22 additions and 2 deletions

View File

@ -155,8 +155,8 @@ const Member = ghostBookshelf.Model.extend({
},
searchQuery: function searchQuery(queryBuilder, query) {
queryBuilder.where('name', 'like', `%${query}%`);
queryBuilder.orWhere('email', 'like', `%${query}%`);
queryBuilder.where('members.name', 'like', `%${query}%`);
queryBuilder.orWhere('members.email', 'like', `%${query}%`);
},
// TODO: hacky way to filter by members with an active subscription,

View File

@ -70,6 +70,26 @@ describe('Members API', function () {
});
});
it('Can search for paid members', function () {
return request
.get(localUtils.API.getApiQuery('members/?search=egon&paid=true'))
.set('Origin', config.get('url'))
.expect('Content-Type', /json/)
.expect('Cache-Control', testUtils.cacheRules.private)
.expect(200)
.then((res) => {
should.not.exist(res.headers['x-cache-invalidate']);
const jsonResponse = res.body;
should.exist(jsonResponse);
should.exist(jsonResponse.members);
jsonResponse.members.should.have.length(1);
jsonResponse.members[0].email.should.equal('paid@test.com');
localUtils.API.checkResponse(jsonResponse, 'members');
localUtils.API.checkResponse(jsonResponse.members[0], 'member', 'stripe');
localUtils.API.checkResponse(jsonResponse.meta.pagination, 'pagination');
});
});
it('Add should fail when passing incorrect email_type query parameter', function () {
const member = {
name: 'test',