Commit Graph

20 Commits

Author SHA1 Message Date
Simon Backx
819d0d884c
Improved email verification required checks (#16060)
fixes https://github.com/TryGhost/Team/issues/2366
refs https://ghost.slack.com/archives/C02G9E68C/p1670232405014209

Probem described in issue.

In the old MEGA flow:
- The `email_verification_required` check is now repeated inside the job

In the new email service flow:
- The `email_verification_required` is now checked (didn't happen
before)
- When generating the email batch recipients, we only include members
that were created before the email was created. That way it is
impossible to avoid limit checks by inserting new members between
creating an email and sending an email.
- We don't need to repeat the check inside the job because of the above
changes

Improved handling of large imports:
- When checking `email_verification_required`, we now also check if the
import threshold is reached (a new method is introduced in
vertificationTrigger specifically for this usage). If it is, we start
the verification progress. This is required for long running imports
that only check the verification threshold at the very end.
- This change increases the concurrency of fastq to 3 (refs
https://ghost.slack.com/archives/C02G9E68C/p1670232405014209). So when
running a long import, it is now possible to send emails without having
to wait for the import. Above change makes sure it is not possible to
get around the verification limits.

Refactoring:
- Removed the need to use `updateVerificationTrigger` by making
thresholds getters instead of fixed variables.
- Improved awaiting of members import job in regression test
2023-01-04 11:22:12 +01:00
Simon Backx
5c2f0b9a4b
Removed getCreatedEvents and added verification trigger test (#15832)
refs https://github.com/TryGhost/Team/issues/2266

This removes the deprecated `getCreatedEvents` method in the event
repository and adds tests to the verification trigger to see if we don't
break anything.

Changes extracted from https://github.com/TryGhost/Ghost/pull/15831
2022-11-18 15:05:15 +01:00
Hannah Wolfe
dfffa309a8
Improved member importer error handling (#15843)
refs: https://github.com/TryGhost/Team/issues/1121

- This makes several key changes to the way errors are handled in the member importer, to ensure that we only show error messages to users that we wrote.
- Fundamentally, we no longer trust all API errors, and instead only trust a set of very specific API errors. Anything outside of that is replaced with a generic error message.
- Also switches the server-side error generated for email verification (which can throw during member import) to be a HostLimitError, as that is a more appropriate class.
- Note: there are many other parts of Ghost admin that need a similar overhaul, and a similar change we need to introduce server side to fully resolve the underlying issue of bubbling up code errors to the UI.
2022-11-17 19:41:39 +00:00
Fabien "egg" O'Carroll
f761bd36b4
Fixed verification trigger usage of Event Repository
refs https://github.com/TryGhost/Team/issues/2192

The method signatures of the Event Repository have been updated to
take mongo filter objects, but this call-site was not updated.

Long term we should really be using NQL filter strings for our
filtering API and the mongo filter objects should be an implementation
detail, however we don't have time right now to rectify this.
2022-11-01 13:00:42 +07:00
Naz
5e9d1d3178 Swapped member limit verification trigger event
closes https://github.com/TryGhost/Toolbox/issues/399

- The MemberCreatedEvent event is more accurate representation of the limit nature - counting the number of members created. The previous MemberSubscribeEvent was slightly hacky solution because a member could be subscribed/unsubscribed multiple times and distorting the limit counts.
2022-10-07 09:20:29 +08:00
Naz
113e2a6515 Improved verification email copy
refs https://github.com/TryGhost/Toolbox/issues/387

- Copy improvement afte a review
2022-08-29 12:18:46 +08:00
Naz
6e76fcc36a Parameterized api sourced verification threshold
refs https://github.com/TryGhost/Toolbox/issues/387

- The limit values should be as configurable as possible to adjust verification thresholds dinamically per-usecase. This solves a problem of doing a separate version release when we need to adjust the verification thresholds.
- Before this "importThreshold" was the same concept as "apiThreshold", which makes it hard&confusing to reason about and hard to parameterize each specific case.
2022-08-25 17:07:10 +08:00
Naz
7e3b8ff404 Added email verification trigger for admin requests
refs https://github.com/TryGhost/Toolbox/issues/387

- When members are added through the Admin client they have to be a part of instance validation process to prevent service misuse.
2022-08-25 14:26:44 +08:00
Naz
7cae68baaa Renamed trigger amount variable
refs https://github.com/TryGhost/Toolbox/issues/387

- Similar reasoning as to previous renames - the variables were named with a single trigger source in mind and now would be confusing with multiple verification trigger sources.
2022-08-25 14:26:44 +08:00
Naz
1e96ef849f Renamed verification parameters
refs https://github.com/TryGhost/Toolbox/issues/387

- The "amountImported" was to specific to one verification trigger source. There can be multiple sources that start the verification process.
- Changed `startVerificationProcess` method signature to reflect it's a private method that's only used internally - exposed for testing purposes only.
2022-08-25 14:26:44 +08:00
Naz
8892a60948 Renamed verification threshold parameter
refs https://github.com/TryGhost/Toolbox/issues/387

- There will three distinct verification limits soon. To keep the naming clear "configThreshold" would be too generic/confusing to use.
- Introduced jsdoc descriptions for the "source" parameter, which will be corelating with each new config parameter ("apiTriggerThreshold", "importTriggerThreshold", "adminTriggerThreshold", etc.). This should give a better visibility into parameters we are dealing in this area.
2022-08-25 14:26:44 +08:00
Naz
243aa9c834 Refactored member subscribe handler generic
refs https://github.com/TryGhost/Toolbox/issues/387

- I'm about to add  another event source -  "admin". Before doing that made the method more parameter dependent, so it can handle limit triggering logic from multiple source and based on multiple configuration parameters.
2022-08-25 14:26:44 +08:00
Naz
5934794d86 Refactored verification trigger constructor
refs https://github.com/TryGhost/Toolbox/issues/387

- The constructor should be light initialization logic only. Putting business logic into constructor is quite dirty and not really testable!
2022-08-24 14:06:22 +08:00
Daniel Lockyer
a9b011ad4b Avoided loading newsletter subscription events if threshold is Infinity
- if the threshold is Infinity, we shouldn't be loading the newsletter
  subscription events because we are saying there is no threshold
- the code has a quick path to avoid comparing the values, but it still
  loads the events upfront
- this commit moves the quick path up to return earlier
- this has the nice side-effect of producing 100% coverage on this
  package
2022-08-01 09:23:04 +02:00
Sam Lord
455778662c Email verification for imports based on 30 days of import
refs: https://github.com/TryGhost/Toolbox/issues/293

Things needed to create this:
* MemberSubscriptionEvent now has an import source
* Importer now creates events with this type
* Verification trigger logic changed to use 30 day window of imports
2022-04-13 17:35:30 +01:00
Sam Lord
20a37bdcd6 Verification trigger: Wrap values in NQL in single quotes
no issue
2022-02-04 11:54:48 +00:00
Sam Lord
dbad2fc0a6 Add API source when verification triggered from API events
no issue

This allows the message to be changed when sending an email to the host administrator about an increase in API usage to add members.
2022-02-03 15:03:47 +00:00
Sam Lord
bf9070f945 Add API verification trigger with new filter
no issue

Previous API verification trigger didn't work because the way filters work also changed. Re-implemented with a new filter.
2022-02-03 15:02:33 +00:00
Fabien 'egg' O'Carroll
96cd96a4f6 Removed API verification logic (#362)
no-issue

There is a bug in the event repository code where filters are not
correctly applied, this results in the api verification being extremely
trigger happy. For now we're removing the logic, with the plan to revert
this commit once the event repository is fixed.
2022-02-02 17:06:31 +02:00
Sam Lord
3c5cf21274 Added email verification trigger package
refs: https://github.com/TryGhost/Toolbox/issues/166

New package handles the email verification workflow to prevent spammers. It currently handles MembersSubscribeEvent to detect potential abuse of the API to add members, and exposes methods for checking the threshold / starting the verification process for use by other areas of the code (at the moment - just member imports).

The import package no longer needs to handle anything related to verification since it can be handled in the wrapper function in Ghost, and the API package doesn't need to do anything other than dispatch the new event.
2022-01-27 10:57:51 +00:00