Commit Graph

412 Commits

Author SHA1 Message Date
Fabien 'egg' O'Carroll
c7ea226d9e Updated stripe module for the bulk importer (#196)
no-issue

* Added LeakyBucket rate limiting for all Stripe requests
* Added createCustomer method
* Added createComplimentarySubscription method
* Replaced getStripeCustomer with getCustomer
* Exported createStripeCustomer & createComplimentarySubscription
2020-08-17 17:35:18 +01:00
Nazar Gargol
8cc8cc7acc Published new versions
- @tryghost/members-api@0.26.0
 - @tryghost/members-csv@0.3.0
2020-08-17 18:00:44 +12:00
Fabien 'egg' O'Carroll
117309b4e8 Used models internally and for exported API (#195)
no-issue

Using models internally and in the exported API means that we avoid expensive
`toJSON` calls, which affects performance when looping through large lists of
members. It also allows us to take advantage of the new relations used in the
models.

The addition of "ByID" methods for linking stripe customers and setting
complimentary subscriptions allows bulk imports to avoid the overhead of creating
a model for each members, instead passing an id string. n.b. currently the impl
_does_ still create models, but it makes it easier to optimise and refactor in the 
future.
2020-08-12 12:57:28 +01:00
Daniel Lockyer
85800c57f7 Published new versions
- @tryghost/magic-link@0.4.13
 - @tryghost/members-api@0.25.2
 - @tryghost/members-ssr@0.8.5
2020-08-11 09:10:32 +01:00
Daniel Lockyer
56ef95c397 Updated ghost-ignition dependency
- this will resolve the lodash warnings when running `yarn audit`
2020-08-11 09:08:54 +01:00
Fabien O'Carroll
043609b194 Published new versions
- @tryghost/members-api@0.25.1
2020-07-24 15:40:35 +02:00
Fabien 'egg' O'Carroll
e7484638e3 Ensured that we do not insert orphaned rows (#190)
no-issue

Previously we would blindly put subscriptions into the database when we
received a webhook, which could result in orphaned rows that were not
linked to a customer (and by extension a member)

This updates the logic so that we will only add subscriptions if we have
a record of their customer.

Customers are only added during a checkout.session.completed webhook, at
which point a member is guarunteed, but for formailty and safety against
changes in the flow, the logic has been applied to inserting customers
too.
2020-07-24 15:39:01 +02:00
Fabien O'Carroll
20e3b6cc8a Published new versions
- @tryghost/magic-link@0.4.12
 - @tryghost/members-api@0.25.0
 - @tryghost/members-ssr@0.8.4
2020-07-24 13:48:27 +02:00
Fabien O'Carroll
d63484e99a Handled subscription deletion errors with logging
refs https://github.com/TryGhost/Ghost/issues/11557

If a subscription failed to delete, we would error and bailout of the
process, this updates it to log the error so that site owners have a
record of the error in the logs, but also to continue through the rest
of the subscriptions.
2020-07-24 13:46:38 +02:00
Fabien O'Carroll
b435d6a8c1 Renamed destroyStripeSubscriptions to cancelStripeSubscriptions
no-issue

Destroy is terminology we usually use for the model layer and was a
little confusing without context, this method is used in one place so
it's a low effort cleanup with minimal repercussions
2020-07-24 13:46:38 +02:00
Renovate Bot
8137d5aa72 Update dependency mocha to v6.2.3 2020-07-23 13:04:38 +00:00
Rish
f23503e35c Published new versions
- @tryghost/members-api@0.24.5
2020-07-22 16:08:35 +05:30
Rish
f792148ce8 Updated magic link email to use custom status code for failures
refs https://github.com/TryGhost/Team/issues/342

- Send magic link middleware was not using custom status code from error and sending 500
- Updates error code to be picked from err object if present, or fallback to 500 as before otherwise
2020-07-22 16:07:21 +05:30
Fabien O'Carroll
763153d110 Published new versions
- @tryghost/members-api@0.24.4
2020-07-22 12:28:43 +02:00
Fabien 'egg' O'Carroll
bf38d836d4 Updated webhooks cleanup to handle all older webhooks (#186)
refs https://github.com/TryGhost/Ghost/issues/12074

Some sites may have had duplicate webhooks created due to a race
condition. This updates the members-api to cleanup _all_ webhooks before
starting, allowing it to create webhooks on a fresh slate, and removing
possible causes of 401 errors due to incorrect webhook secrets.
2020-07-22 12:27:48 +02:00
Fabien O'Carroll
cdfa31af1a Published new versions
- @tryghost/members-api@0.24.3
2020-07-21 13:45:34 +02:00
Fabien 'egg' O'Carroll
d1cd0fe80e Caught & handled 'resource_already_exists' errors (#185)
refs https://github.com/TryGhost/Ghost/issues/12065

This protects us against multiple instances of the members-api being
started simultaneously and race conditions where inbetween the initial
"GET" of a plan which returns empty, and the "POST" of a plan to create
it, another instance has already created it.
2020-07-21 13:40:49 +02:00
Fabien O'Carroll
8c73c4a42b Published new versions
- @tryghost/members-api@0.24.2
2020-07-21 12:03:41 +02:00
Fabien 'egg' O'Carroll
9f1b9d6156 Used mode to determine flow for checkout session (#184)
no-issue

This fixes a problem when subscribing to a Plan (Price) with a default
trial period. We also add logging to add a little more information about
which flow we're entering.

Subscriptions that are started with a trial have a `setup_intent`
present on the Checkout Session object, which was incorrectly causing us
to determine that we are in a "setup" flow and attempt to update a
customers card details.

We now use the `mode` property of the Checkout Session to determine
whether we are handling a new Subscription, or if we are in a "setup"
flow and should update the Customer's card details.
2020-07-21 12:03:16 +02:00
Fabien O'Carroll
9dc22b2bb2 Published new versions
- @tryghost/magic-link@0.4.11
 - @tryghost/members-api@0.24.1
 - @tryghost/members-ssr@0.8.3
2020-07-21 12:02:36 +02:00
Fabien O'Carroll
c30ffba75a Revert "Used mode to determine flow for checkout session (#184)"
no-issue

Reverting so that changesets can be released independently

This reverts commit d41e5f3b55.
2020-07-21 12:01:07 +02:00
Fabien 'egg' O'Carroll
d41e5f3b55 Used mode to determine flow for checkout session (#184)
no-issue

This fixes a problem when subscribing to a Plan (Price) with a default
trial period. We also add logging to add a little more information about
which flow we're entering.

Subscriptions that are started with a trial have a `setup_intent`
present on the Checkout Session object, which was incorrectly causing us
to determine that we are in a "setup" flow and attempt to update a
customers card details.

We now use the `mode` property of the Checkout Session to determine
whether we are handling a new Subscription, or if we are in a "setup"
flow and should update the Customer's card details.
2020-07-21 11:50:10 +02:00
Fabien 'egg' O'Carroll
400dba62a9 Added cleanup on startup for old webhooks (#181)
refs https://github.com/TryGhost/Ghost/issues/12061

Due to a bug in Ghost webhooks are now created with a trailing "/" which
meant that the previous webhooks to that (without a slash) was never
removed.

This results in users receiving emails from stripe about failed webhook
delivery, which is not good at all.

This fix lists out the webhooks and finds (if present) the webhook which
matches the current URL, minus the trailing slash. If found it will then
attempt to delete that webhook thus stopping the emails from Stripe.

I've added a note to remove this code as it should only ever need to run
once, and can be removed for the Ghost release after these changes.
2020-07-20 17:54:22 +02:00
renovate[bot]
adf66ce1ae Pin dependency @types/stripe to 7.13.24 (#176)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2020-07-10 16:37:24 +02:00
renovate[bot]
0687210bfc Update dependency ghost-ignition to v4 (#108)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2020-07-10 16:36:33 +02:00
Fabien O'Carroll
f2a8387bdb Published new versions
- @tryghost/members-api@0.24.0
2020-07-09 17:36:06 +02:00
Fabien 'egg' O'Carroll
ac923af0f7 Refactored webhook creation (#175)
no-issue

* Refactored model dependencies
  This groups all of the model depenencies into a single models object,
  and renames the models with more concise identifiers

* Fixed spacing
* Added webhook support to metadata
* Refactored stripe configure to have better logging
* Refactored webhook creation to reuse existing webhook
* Installed @types/stripe
2020-07-09 16:40:48 +02:00
Rish
68dbfb707d Published new versions
- @tryghost/members-api@0.23.2
2020-07-08 21:50:30 +05:30
Rish
1acf7d40be 🐛 Fixed incorrect payload creation for magic link token
no issue

- The extra payload added to magic link token included `name`, `labels` and `oldEmail`
- Refactor in commit [here](bf63ffe424 (diff-9f9ef757543bb9a90baba0d3bea76a83L157-R169)) changed the `body` variable assignment causing the payload objection creation to not include the extra data from request body
- Updates `body` to `req.body` to use correct data from request
2020-07-08 21:48:12 +05:30
Nazar Gargol
5b909735fd Published new versions
- @tryghost/magic-link@0.4.10
 - @tryghost/members-api@0.23.1
 - @tryghost/members-csv@0.2.1
 - @tryghost/members-ssr@0.8.2
2020-07-08 20:23:05 +12:00
Fabien O'Carroll
1b51ed7a5d Published new versions
- @tryghost/members-api@0.23.0
2020-06-18 18:03:46 +02:00
Fabien 'egg' O'Carroll
ae9870993a Added hasActiveStripeSubscriptions method (#169)
no-issue

This can be used by Ghost to determine if the Stripe keys can be deleted
2020-06-18 18:01:04 +02:00
Hannah Wolfe
aa0b02b75e Published new versions
- @tryghost/members-api@0.22.0
2020-06-12 17:11:14 +01:00
Hannah Wolfe
ebaf9538b6 Adding INR currency support
- We have many customers asking for INR as there are special rules in Stripe for this currency
- As well as a desire for local-selling
- Meaning it's not valid to use e.g. USD instead
2020-06-12 08:58:49 +01:00
Nazar Gargol
7872355962 Published new versions
- @tryghost/members-api@0.21.0
2020-06-12 15:36:07 +12:00
Nazar Gargol
d83525b54b Added stripe customer fetching method to member's API
no issue

- This method is needed to be able to validate if customer exist in configured Stripe account before attempting to link one with local member.
2020-06-12 15:35:16 +12:00
Rish
a136e5f839 Published new versions
- @tryghost/magic-link@0.4.9
 - @tryghost/members-api@0.20.1
 - @tryghost/members-ssr@0.8.1
2020-06-10 16:32:14 +05:30
Rish
11e2732d50 Handled error for stripe checkout rejection
refs https://github.com/TryGhost/members.js/issues/38

- In case of incomplete Stripe setup like Account name, checkout session creation fails and throws error, which was not being handled and 200 returned after long timeout
- This change catches the error and returns correct status along with message for clients to handle it downstream
2020-06-10 16:29:48 +05:30
Kevin Ansfield
88146dc3a3 Published new versions
- @tryghost/magic-link@0.4.8
 - @tryghost/members-api@0.20.0
 - @tryghost/members-ssr@0.8.0
2020-06-04 13:27:14 +01:00
Kevin Ansfield
bf63ffe424 Moved members geolocation fetch/update into members-ssr (#151)
closes https://github.com/TryGhost/Members/issues/148

- geolocation was not being fetched/stored for paid member signup
  - magic link was being sent after Stripe webhook but we don't have an IP at that stage
  - it only worked when a magic link was requested by the browser
- moved the geolocation fetch/update to `members-ssr`
  - kept the ip geolookup and storage inside `members-api` but exposed it as a method so consumers are able to choose when it's performed
  - used the new api method in `members-ssr` when exchanging a token from the session as that is always driven by browser requests so we know we have an IP and it's likely the correct one (reliant on consumers having "trust proxy" config correct)
  - stopped storing IP addresses in the token payload (keeps links shorter)
2020-06-04 13:20:19 +01:00
Rish
8891777681 Published new versions
- @tryghost/members-api@0.19.0
2020-05-28 20:37:29 +05:30
Rishabh Garg
e9b7dacb2e Updated magic link flow to allow changing member's email (#161)
refs https://github.com/TryGhost/members.js/issues/30

- Updates `sendMagicLink` middleware to allow adding old email address to payload. Checks for if new email address already exists in db before creating magic link, throws error in case of duplicate email.
- Updates magic link parsing for data to check if the intention is to update email address and update member's email to new email address in case its allowed.
- Return session data from magic link using the new email address
2020-05-28 19:37:03 +05:30
Daniel Lockyer
730ddc2ae6 Published new versions
- @tryghost/magic-link@0.4.7
 - @tryghost/members-api@0.18.7
 - @tryghost/members-ssr@0.7.10
2020-05-25 13:11:54 +01:00
Fabien O'Carroll
24e13651a8 Published new versions
- @tryghost/members-api@0.18.6
2020-05-25 13:38:11 +02:00
Fabien 'egg' O'Carroll
48260dedba Used plans trial by default for checkout sessions (#158)
no-issue

Without this flag the checkout session will ignore any default trial periods
attached to the plan. Now we are able to give basic support for trials, by
attaching a trial period in Stripe Dashboard
2020-05-21 10:14:36 +02:00
Rish
ce72aa40a0 Published new versions
- @tryghost/magic-link@0.4.6
 - @tryghost/members-api@0.18.5
 - @tryghost/members-ssr@0.7.9
2020-05-20 14:34:40 +05:30
Rish
d5d2cc5137 Added name from magic link token to member creation
refs https://github.com/TryGhost/members.js/issues/26

- Allows magic link tokens to pass member name on signup
- Uses member name from magic link token to assign member name during creation
2020-05-20 14:33:15 +05:30
Rish
23e343d3b4 Published new versions
- @tryghost/magic-link@0.4.5
 - @tryghost/members-api@0.18.4
 - @tryghost/members-ssr@0.7.8
2020-05-19 22:03:56 +05:30
Rish
a1f29d8ede Updated member update method
no issue

- Makes passing `name` and `note` field in member update data as optional instead of making them undefined
- Allows email to be updated
- Adds stripe subscriptions list to updated member's response data to make update consistent with get method
2020-05-19 20:35:36 +05:30
Rish
167811c5fd Updated stripe checkout to store member name from metadata
refs TryGhost/members.js#29

- Uses the metadata option in stripe checkout flow to add member's name on creation via anonymous checkout flow
- Allows clients like memebrs.js to pass member's info like name from checkout signup flow
2020-05-19 13:54:25 +05:30
Rish
2f90c97629 Added metadata option to stripe checkout session
refs TryGhost/members.js#29

- Allows passing metadata to checkout session API
- Metadata is passed to stripe's checkout session on creation and read back from webhook event
- Allows clients like members.js to pass custom info like member name to Stripe flow
2020-05-19 13:54:25 +05:30
Rishabh Garg
b015a08c43 Added plan update option to stripe subscription update API (#154)
no issue

- Current update stripe subscription API calls only allowed cancelling a plan
- This change adds option to pass plan's nickname as `planName` in request to update subscription to new plan
- Checks if plan name is valid and updates stripe subscription to new plan at default prorate behavior
2020-05-19 12:59:39 +05:30
Rish
ef9fa8e623 Published new versions
- @tryghost/magic-link@0.4.4
 - @tryghost/members-api@0.18.3
 - @tryghost/members-ssr@0.7.7
2020-04-30 16:08:09 +05:30
Rish
fac6c3d97e Added ability to prefill customer email for anonymous checkouts
refs https://github.com/TryGhost/members.js/issues/10

- Allows passing an additional `customerEmail` value to our checkout creation API
- This value is used to pass `customer_email` option to stripe's checkout session - https://stripe.com/docs/api/checkout/sessions/create#create_checkout_session-customer_email.

The `customer_email` allows pre-filling the customer's email field in case of an anonymous checkout as customer doesn't exist already, and also ensures the stripe subscription is created with same email address as given by user during signup flow.
2020-04-30 16:01:22 +05:30
Renovate Bot
2c14a337ad Update dependency jsdom to v15.2.1 2020-04-27 15:15:52 +00:00
Rish
66e106e3ac Published new versions
- @tryghost/magic-link@0.4.3
 - @tryghost/members-api@0.18.2
 - @tryghost/members-ssr@0.7.6
2020-04-21 15:32:00 +05:30
Rish
ab3fe634f4 🐛 Fixed incorrect logging for geolocation error
no issue

We were using incorrect method for logging in geolocation warning - `this.logging.warn(err)` - as `this.logging` doesn't exist in this file. Updated to use correct logging method.
2020-04-21 15:28:13 +05:30
Nazar Gargol
07cb94d57e Published new versions
- @tryghost/magic-link@0.4.2
 - @tryghost/members-api@0.18.1
 - @tryghost/members-ssr@0.7.5
2020-04-17 14:09:59 +12:00
Renovate Bot
808aa8f9a3 Update dependency nock to v12.0.3 2020-03-17 12:25:52 +00:00
Renovate Bot
f628708317 Update Test & linting packages 2020-03-17 03:20:46 +00:00
Renovate Bot
f341891fd2 Pin dependency nock to 12.0.0 2020-03-17 02:15:32 +00:00
Nazar Gargol
95ab4e7b51 Published new versions
- @tryghost/members-api@0.18.0
2020-03-04 11:36:06 +08:00
Nazar Gargol
076e328f20 Added currency and currency_symbol properties to plans
no issue

- Adding these properties allows specifying which currency is currently used on member's plan.
- Supported currencies list: USD, AUD, CAD, GBP, EUR
- They were chosen based on the most used/requested currencies within Ghost
- With adding multiple available currencies that can be setup also had to add handling of Stripes limitation of having single currency per paying customer
2020-03-04 11:33:19 +08:00
Kevin Ansfield
7fb1c2e07e Published new versions
- @tryghost/members-api@0.17.0
2020-02-27 10:35:43 +00:00
Kevin Ansfield
615a482c48 Store geolocation data during member signup/signin (#128)
requires f38d490886

- adds `lib/geolocation.js` with `getGeolocationFromIP()` function which uses https://geojs.io to lookup geolocation data from an IPv4 or IPv6 address
- updates `create/updateMember()` functions to work with a `geolocation` property in the passed in object
  - if `geolocation` is `undefined` when updating a member do not reset any existing property
- updates `sendMagicLink` middleware to extract the IP address from the request and stores it as part of the token payload
- updates `getMemberDataFromMagicLinkToken()` method to extract the IP address from the token payload and perform a geolocation lookup if we have an IP address and a matching member does not already have geolocation data
2020-02-27 10:29:36 +00:00
Nazar Gargol
fb7fa87c3b Published new versions
- @tryghost/members-api@0.16.2
2020-02-27 17:09:59 +08:00
Nazar Gargol
9a783f9f0c Revert "Added precaution to avoid creating multiple Complimentary plans"
This reverts commit 5f0d2168f3.

After discussing the best approach to multipe currency problem would be
to allow creating multiple "Complimentary" plans. All security related
checks should stay strictly based on name and would not cause issues.
2020-02-27 16:55:03 +08:00
Nazar Gargol
fbe153cc97 Published new versions
- @tryghost/members-api@0.16.1
2020-02-27 13:53:46 +08:00
Nazar Gargol
5f0d2168f3 Added precaution to avoid creating multiple Complimentary plans
refs https://github.com/TryGhost/Ghost-Admin/pull/1430

- When the client creates a complimentary plan with other currency than USD we should not allow for it to avoid creating a mess in the Stripe plans
2020-02-27 13:53:05 +08:00
Nazar Gargol
71395fcfcb Published new versions
- @tryghost/members-api@0.16.0
2020-02-26 12:11:21 +08:00
Naz
b34b7bfa9c Added middleware to handle billing updates (#122)
refs https://github.com/TryGhost/Ghost/pull/11571 

- Allows updating members billing information through Stripe's setup intent (stripe.com/docs/payments/checkout/subscriptions/updating#set)
- Accepts 2 new parameter to handle redirects specific to billing update.
2020-02-26 12:09:09 +08:00
Nazar Gargol
56c4c664c2 Published new versions
- @tryghost/members-api@0.15.1
2020-02-17 16:26:50 +08:00
Nazar Gargol
13773cbeb4 Removed "Complimentary" subscription edit limitation
no issue

- There is no need to treat complimentary subscriptions in different way to regular subscription on the client.
2020-02-17 16:25:41 +08:00
Rish
cf6b9501ca Published new versions
- @tryghost/magic-link@0.4.1
 - @tryghost/members-api@0.15.0
2020-02-12 16:44:08 +05:30
Rishabh Garg
789462aa5f Added labels to member signup flow (#124)
no issue

refs https://github.com/TryGhost/Ghost/pull/11538
2020-02-12 16:42:49 +05:30
Nazar Gargol
5e2256833c Published new versions
- @tryghost/members-api@0.14.2
2020-02-11 14:04:12 +08:00
Nazar Gargol
a669cda605 Added fallback plan nickname to inteval instead of empty string
no issue

- On model layer in Ghost empty string is always converted to `null` for not nullable fields, which wasn't letting the value through to the database
- Current solution is a stopgap to fix imports of cyclic plans without nicknames. Ideally nickname field should become nullable in the future so this logic can be simplified
2020-02-11 14:02:40 +08:00
Nazar Gargol
38bfef2b83 Published new versions
- @tryghost/members-api@0.14.1
2020-02-10 19:01:34 +08:00
Naz
f2a7790cc9 Added plan nickname fallback to empty string (#126)
no issue

- This solves a problem when connected Stripe plan doesn't have plan `nickname` filled out (possible with older versions of Stripe API)
- Defaulting to empty string instead of creating a migration because SQLite doesn't support `ALTER ... MODIFY` syntax and thus knex can't altter the table that easy
- "Marks the column as an alter / modify, instead of the default add. Note: This only works in .alterTable() and is not supported by SQlite or Amazon Redshift. Alter is not done incrementally over older column type so if you like to add notNull and keep the old default value, the alter statement must contain both .notNull().defaultTo(1).alter(). If one just tries to add .notNull().alter() the old default value will be dropped." (ref. https://knexjs.org/#Chainable)
2020-02-10 18:59:52 +08:00
Nazar Gargol
6de6a15376 Published new versions
- @tryghost/magic-link@0.4.0
 - @tryghost/members-api@0.14.0
2020-02-06 18:04:18 +08:00
Naz
2a51a478fc Exposed getMagicLink method (#123)
refs https://github.com/TryGhost/Ghost/pull/11573

- Adds `getMagicLink` method to members-api which can be used to generate a signin link for the member
2020-02-06 17:08:39 +08:00
Nazar Gargol
e4637ac56f Published new versions
- @tryghost/members-api@0.13.0
2020-01-28 19:01:14 +07:00
Naz Gargol
96aea55270 Added ability to link member to existing stripe customer (#120)
refs https://github.com/TryGhost/Ghost/pull/11539

- Method needed to allow linking existing Stripe customers and subscriptions with members
2020-01-28 19:00:28 +07:00
Nazar Gargol
cf0d52c2da Published new versions
- @tryghost/members-api@0.12.0
2020-01-27 12:35:37 +07:00
Naz Gargol
28d3a37824 Added "complimentary" subscription handling (#118)
refs https://github.com/TryGhost/Ghost/pull/11537

- Adds ability to assign and cancel "complimentary" type of subscriptions to the member
- The functionality is needed to be able to provide free premium plans for members (e.g. family members, trials, gifts)
- When member already has an active paid subscription and complimentary one is applied the old one is upgraded. Proration is not given
- When deleting a subscription we need to update localy stored records right away to be albe to reflect the change in the UI. This behavior will also be in line with how subscriptions updates/creates are handled
- Blocked any client update for complimentary subscription. We should prevent non authenticated clients from upgrading/subscribing themselves to "complimentary" plan.
2020-01-27 12:34:22 +07:00
Nazar Gargol
89b78a883d Published new versions
- @tryghost/members-api@0.11.4
2020-01-22 12:54:34 +07:00
Nazar Gargol
726ffaf1f8 🐛 Fixed creation of extra customer when updating plans
no issue

- `customers` property contains an array of customer for which 'for..of' syntax is more appropriate
- Bug was causing creation of multiple customers in Stripe when new checkout session was initiated for existing customer
- Discussed in https://github.com/TryGhost/Members/pull/90/files#r368889289
2020-01-22 12:53:27 +07:00
Nazar Gargol
92b3cc3758 Published new versions
- @tryghost/members-api@0.11.3
2020-01-20 15:59:38 +07:00
Nazar Gargol
6c7139b1fe Fixed preexisting member name check
refs 1dc0b36b56

- The name can also be 'null' so the check should take that into account
2020-01-20 15:51:06 +07:00
Rish
47f5ca6625 Published new versions
- @tryghost/members-api@0.11.2
2020-01-20 13:32:20 +05:30
Rishabh Garg
a1ad80f6ac 🐛 Fixed incorrect fetch of empty stripe subscriptions (#116)
no issue

refs e19e06f9b3

While refactoring user CRUD for Ghost core, we inadvertently changed the members subscriptions object returned by nesting the value as object. This also broke the deserialization in Ghost-Admin for members subscription object [here](https://github.com/TryGhost/Ghost-Admin/blob/master/app/transforms/member-subscription.js#L9).
2020-01-20 13:28:59 +05:30
Nazar Gargol
1dc0b36b56 Updated checkout session to record member name
no issue

- When the customer has provided a name on the card during checkout it should be recorded for convenience as members' name
2020-01-20 13:25:17 +07:00
Nazar Gargol
be207f98e7 Published new versions
- @tryghost/members-api@0.11.1
2020-01-15 15:40:54 +07:00
Naz Gargol
e19e06f9b3 Refactored user CRUD to be usable by Ghost core (#113)
refs https://github.com/TryGhost/Members/pull/105

- It's a follow up to a series of refactorings in the module mostly discussed in refed PR
- The sendEmailWithMagicLink and destroyStripeSubscriptions were exposed through members API so that Ghost  could call it from the controller level
2020-01-15 15:35:15 +07:00
Nazar Gargol
46f6ce8db3 Removed console.log statement in favor of common logger
no issue

- Using console is a very bad practice and probably was left here by mistake. Using common logging instead
2020-01-13 19:16:51 +07:00
Nazar Gargol
3b14e7c1fa Removed redundant empty string handling logic in users module
no issue

- Since the Member model started to be used the logic handling empty strings -> null conversion is now handled in the core here https://github.com/TryGhost/Ghost/blob/8fd1e81/core/server/models/base/index.js#L492-L499
2020-01-13 18:49:25 +07:00
Nazar Gargol
911d5a27fe Published new versions
- @tryghost/magic-link@0.3.3
 - @tryghost/members-api@0.11.0
 - @tryghost/members-ssr@0.7.4
2020-01-13 15:54:59 +07:00
Nazar Gargol
08fbcf25ec Extracted metadata get/set methods into internal metadata module
no issue

- This is the refactor similar to what has been done with Memeber model being passed in directly in the constructor
- Relevent discussion here https://github.com/TryGhost/Members/pull/105#pullrequestreview-324254267
2020-01-13 15:45:22 +07:00
Nazar Gargol
ef3de2a295 Published new versions
- @tryghost/members-api@0.10.2
2019-12-12 15:27:45 +07:00
Naz Gargol
ff5fceafc8 Added subscription update middleware (#107)
refs #https://github.com/TryGhost/Ghost/pull/11434

- Added method to allow updating single subscription. Only `cancel_at_period_end` field can be updated. 
- Middleware is needed to allow Ghost Core to cancel/uncancel member's subscription. 
- Relies on the request containing identity information to be able to verify if subscription belongs to the user
- When member could not be identified by the identity information present in the request we should throw instead of continuing processing
- Handling and messaging inspired by https://github.com/TryGhost/Ghost/blob/3.1.1/core/server/services/mega/mega.js#L132
- When the user initiates subscription cancellation we can safely mark the subscription as canceled so that it's not shown in the interface on subsequent request. Otherwise, we end up in a situation where we still return the subscription in the period until Stripe triggers the webhook.
- Added boolean coercion for cancel_at_period_end parameter. If anything but boolean is passed to Stripe API it throws an error.  Coercing the value on our side is a gives a better dev experience
2019-12-12 15:19:36 +07:00
Fabien O'Carroll
94ef530b3c Fixed bug in cancelAllSubscriptions
no-issue

We filter out previously cancelled subscriptions, but used the wrong string "cancelled" instead of "canceled"
https://stripe.com/docs/billing/lifecycle#subscription-states
2019-12-09 15:55:37 +02:00
Fabien O'Carroll
231218c4e6 Published new versions
- @tryghost/members-api@0.10.1
2019-12-09 14:31:12 +02:00
Fabien O'Carroll
7db503b13b Fixed local webhooks when using localhost urls
no-issue

When using localhost urls the call to `create` will error and end in teh
catch block - so we need to use the environment variable there, too.

Introduced in 0149dd8f
2019-12-09 14:29:59 +02:00
Nazar Gargol
fe462ae706 Published new versions
- @tryghost/members-api@0.10.0
2019-12-06 13:29:27 +07:00
Naz Gargol
3060e11a4e Changed members-api constructor to accept Member model directly (#105)
no issue

- As members have become a part of Ghost core there is no need to proxy methods like this anymore and we can allow members-api to work on the model directly
- Methods come from Ghost core: https://github.com/TryGhost/Ghost/blob/cc39786/core/server/services/members/api.js#L11-L110
2019-12-05 18:16:18 +07:00
Naz Gargol
0149dd8f4d Added priority to webhook secret if present in env (#103)
no issue

- When debugging Stripe with using: `stripe listen \
  --forward-to http://ghost.local/members/webhooks/stripe/` this priority is nice to have so that Ghost process can be initialized using WEBHOOK_SECRET env variable
- It was not working in current form because Stripe recognized `ghost.local` as a valid domain and didn't throw any errors
- Removed unneeded secret assignment in a catch statement. It is redundant with the new implementation
2019-11-25 13:15:28 +07:00
Fabien O'Carroll
9da1a18770 Published new versions
- @tryghost/magic-link@0.3.2
 - @tryghost/members-api@0.9.0
 - @tryghost/members-ssr@0.7.3
2019-11-05 18:22:07 +07:00
Fabien O'Carroll
19148dab4e Included subscription information when listing members
no-issue
2019-11-05 16:12:20 +07:00
Renovate Bot
2ce0c5a992 Update Test & linting packages 2019-11-01 13:40:10 +07:00
Fabien O'Carroll
a35d947413 Published new versions
- @tryghost/magic-link@0.3.1
 - @tryghost/members-api@0.8.3
 - @tryghost/members-ssr@0.7.2
2019-10-30 15:24:07 +07:00
Fabien O'Carroll
7a3c99886d Added logging for failed webhook verification
no-issue

This gives us some more information about the secret used
2019-10-30 14:40:16 +07:00
Renovate Bot
f233d5fc71 Update dependency cookies to ^0.8.0 2019-10-14 12:38:53 +07:00
Fabien O'Carroll
ebbf4e69f9 Published new versions
- @tryghost/magic-link@0.3.0
 - @tryghost/members-api@0.8.2
2019-10-11 12:03:51 +07:00
Fabien O'Carroll
47ed334597 Updated use of magic-link module to pass subject
no-issue

This takes advantage of magic-links smaller tokens
2019-10-11 11:58:23 +07:00
Fabien O'Carroll
d248c909d9 Updated usage of magic-link, passing secret
no-issue
2019-10-11 11:58:23 +07:00
Fabien O'Carroll
5d2e20fbb7 Published new versions
- @tryghost/magic-link@0.2.2
 - @tryghost/members-api@0.8.1
2019-10-10 20:21:23 +07:00
Fabien O'Carroll
e04898cb3d Pass getSubject option to MagicLink module
no-issue
2019-10-10 20:20:46 +07:00
Fabien O'Carroll
2c4732b46d Published new versions
- @tryghost/magic-link@0.2.1
 - @tryghost/members-api@0.8.0
 - @tryghost/members-ssr@0.7.0
2019-10-09 10:51:35 +07:00
Fabien O'Carroll
2d058d8a47 Refactored updateSubscription to fetch payment info
no-issue
2019-10-09 10:48:57 +07:00
Fabien O'Carroll
5a0adce65d Inverted active check for subscriptions
no-issue

This is more explicit about what we consider to be an active subscription
2019-10-09 10:46:55 +07:00
Fabien O'Carroll
5a17327a93 Improved error logging for webhook handling
no-issue
2019-10-09 10:46:55 +07:00
Fabien O'Carroll
310972f73c Updated signatures for get/set metadata
no-issue
2019-10-09 10:46:55 +07:00
Fabien O'Carroll
4c4cc90d05 Added the extra events to the stripe webhook
no-issue

* customer.subscription.deleted - when a subscription is cancelled
* customer.subscription.updated - when a subscription status/plan changes
* invoice.payment_succeeded - when a subscription has successfully renew
* invoice.payment.failed - when a subscription has failed to renew
2019-10-09 10:46:55 +07:00
Fabien O'Carroll
6fc6718735 Renamed addCustomerToMember to updateCustomer
no-issue
2019-10-09 10:46:55 +07:00
Fabien O'Carroll
8829b545a9 Updated handleStripeWebhook middleware
no-issue

This adds the handlers for the new events we want to listen to
2019-10-09 10:46:55 +07:00
Fabien O'Carroll
68d65c905a Added webhook handlers for subscription lifecycle events
no-issue

We will need these to keep our metadata in sync with stripe
2019-10-09 10:46:55 +07:00
Fabien O'Carroll
6806505a4c Updated stripe to store and retrieve from metadata
no-issue

This means that we will not have to make api requests to find out the
customers subscriptions
2019-10-09 10:46:55 +07:00
Fabien O'Carroll
d11a0db726 Refactored some private methods for stripe
no-issue

This is to expose a clearer contract with the outside world
2019-10-09 10:46:55 +07:00
Fabien O'Carroll
3d7c28a7f9 Published new versions
- @tryghost/members-api@0.7.7
2019-10-06 21:19:23 +07:00
Fabien O'Carroll
d6cb2ca796 Defaulted allowSelfSignup to true
no-issue

This is to keep backwards compatibility
2019-10-06 21:18:09 +07:00
Fabien O'Carroll
1208b41b9f Added allowSelfSignup options to auth config
no-issue

This flag is used to allow the sendMagicLink middleware to send an email
to members which do not yet exist. When this flag is set to false, the
only way to create members, would be via the stripe webook, or via the
`create` method exposed on the `members` object
2019-10-06 21:18:09 +07:00
Fabien O'Carroll
a643b3ff1f Sent "signup" emails when member created via stripe
no-issue

This is the correct email to send, as they are a new member
2019-10-06 21:18:09 +07:00
Fabien O'Carroll
355dd8b501 Corrected logic to send signin/signup emails
no-issue

This ensures that existing members recieve "signin" emails and new
members recieve "signup" (or "subscribe") emails
2019-10-06 21:18:09 +07:00
Fabien O'Carroll
3550452cd5 Published new versions
- @tryghost/members-api@0.7.6
2019-10-03 17:23:21 +07:00
Fabien O'Carroll
dd566b3d29 Added support for custome success/cancel urls
no-issue

This will allow clients to customise where they are redirecting to after
the stripe checkout session is exited.
2019-10-03 17:22:29 +07:00
Fabien O'Carroll
88832fa923 Published new versions
- @tryghost/members-api@0.7.5
 - @tryghost/members-ssr@0.6.0
2019-10-02 18:21:10 +07:00
Fabien O'Carroll
a6adfdd92c Protected against missing member for id token
no-issue

If a cookie still exists after a member has been deleted we can have
some strange requests, this just ensures that we check for existence.
2019-10-02 18:19:39 +07:00
Fabien O'Carroll
af25cfb619 Added interval, currency and last4 to stripe data
no-issue

This is attached to each "stripe item" belonging to a member
2019-10-02 18:19:39 +07:00
Fabien O'Carroll
3861bf253c Added options to stripe retrieve request
no-issue

This will allow us to expand sub objects when talking to stripe
2019-10-02 18:19:39 +07:00
Fabien O'Carroll
17a141f271 Published new versions
- @tryghost/members-api@0.7.4
2019-10-02 15:16:32 +07:00
Fabien O'Carroll
018471c07c Fixed usage of updateMember to use id correctly
no-issue
2019-10-02 15:15:20 +07:00
Fabien O'Carroll
e54b61297c Published new versions
- @tryghost/members-api@0.7.3
2019-10-02 15:06:10 +07:00
Fabien O'Carroll
071a54be7d Called cancelAllSubscriptions when destroying member
no-issue
2019-10-02 15:05:12 +07:00
Fabien O'Carroll
6fe46a79f3 Added cancelAllSubscriptions method
no-issue

This gets all subscriptions, filters out ones which have already been
cancelled and cancels the rest
2019-10-02 15:05:12 +07:00
Fabien O'Carroll
18aeed905a Refactored getActiveSubscriptions to getSubscriptions
no-issue
2019-10-02 15:05:12 +07:00
Fabien O'Carroll
ea5503f58d Published new versions
- @tryghost/members-api@0.7.2
2019-10-02 13:52:10 +07:00
Fabien O'Carroll
561493bfb2 Added debugs and improved getCustomer handling
no-issue

This adds more debugs so we can follow what's happening and also adds
better handing for failures when getting a customer from stripe
2019-10-02 13:47:37 +07:00
Fabien O'Carroll
1c3e563ad7 Improved logging for members-api
no-issue

This allows the logger to be passed in, and configures stripe to have access to it
2019-10-02 13:47:37 +07:00
Fabien O'Carroll
80f1155590 Ensured we do not create multiple webhooks on boot
no-issue

This updates the initialisation logic to fetch all webhooks (we use
limit: 100, and there are currently a max of 16 webhooks in stripe) and
find one with the corrct url. Once found, delete that webhook. We then
attempt to create a new one, and log out any errors (this is to allow
for local development, creating a webhook with a local url is expected
to fail)
2019-10-02 13:47:37 +07:00
Fabien O'Carroll
48cb8d14da Wrapped getCustomer in try catch
no-issue

This protects against live/test mode poisoned databases
2019-10-02 13:47:37 +07:00
Fabien O'Carroll
d1b29fd0b7 Added list and update stripe requests
no-issue

These will be used for listing and updating webhooks on configuration
2019-10-02 13:47:37 +07:00
Fabien O'Carroll
11a5a9ac69 Published new versions
- @tryghost/members-api@0.7.1
2019-10-01 17:48:31 +07:00
Fabien O'Carroll
0b5a70dcf4 Added default options param for users#create
no-issue

This allows create to have an optional second parameter, so that it
doesn't error when called with just data.
2019-10-01 17:42:22 +07:00
Fabien O'Carroll
d85ea20ad2 Published new versions
- @tryghost/magic-link@0.2.0
 - @tryghost/members-api@0.7.0
2019-10-01 14:47:27 +07:00
Fabien O'Carroll
ece58fe9fd Pass through getText and getHTML function from mail
no-issue

This will allow consumers of this module to customise the content of emails
2019-10-01 14:46:17 +07:00
Fabien O'Carroll
b852de95c8 Updated members-api to pass the emailType to magic-link
no-issue

This will allow requests to send the correct email
2019-10-01 14:46:17 +07:00
Fabien O'Carroll
5170c7c1d4 Published new versions
- @tryghost/magic-link@0.1.4
 - @tryghost/members-api@0.6.2
 - @tryghost/members-ssr@0.5.2
2019-10-01 11:21:07 +07:00
Fabien O'Carroll
8422a2f28d Fixed signature for listMembers call
no-issue
2019-10-01 11:02:54 +07:00
Renovate Bot
ab023e1df9 Update Test & linting packages 2019-09-30 01:35:30 +00:00
Fabien O'Carroll
f966907c78 Published new versions
- @tryghost/members-api@0.6.1
2019-09-26 17:14:08 +07:00
Fabien O'Carroll
530390124b Added flag to create member for sending email
no-issue

This allows us to give more functionality to consumers, with a smaller
API (rather than exposing the methods for sending a magic-link email)
2019-09-26 17:11:17 +07:00
Fabien O'Carroll
ff0dc6a168 Published new versions
- @tryghost/magic-link@0.1.3
 - @tryghost/members-api@0.6.0
 - @tryghost/members-ssr@0.5.1
2019-09-25 17:13:00 +07:00
Fabien O'Carroll
acf01e9065 Updated members-api to export POJO
no-issue

Previously members-api exported a pre configured express router with the
paths and handlers defined. This did not allow for much control from the
parent application. This replaces this pattern by exposing middlewares,
which the parent application can mount where it sees fit.
2019-09-25 16:53:08 +07:00
Fabien O'Carroll
d67ad13057 Updated handler for checkout to not require member
no-issue

This will allow the flow to start from the frontend.
2019-09-25 16:53:08 +07:00
Fabien O'Carroll
f7630ec05b Updated createCheckoutSession to work w/o member
no-issue

This will allow us to do a payment first flow, in which a payment is
taken, before creating a member
2019-09-25 16:53:08 +07:00
Fabien O'Carroll
0527304376 Updated stripe to setAppInfo and apiVersion
no-issue
2019-09-25 11:35:58 +07:00
Fabien O'Carroll
6722d3bc8a Ensured member is not linked to customer twice
no-issue

Edge case but easy to solve - so we dun it
2019-09-25 11:20:02 +07:00
Fabien O'Carroll
db42b35e9f Added handler for checkout.session.completed
no-issue

This will link the customer from the checkout session to the member with
the same email
2019-09-25 11:20:02 +07:00
Fabien O'Carroll
ed4dfd8d54 Updated users module to use getActiveSubscriptions
no-issue

This offloads some stripe specific logic into the stripe module
2019-09-25 11:20:02 +07:00
Fabien O'Carroll
314fd6a540 Added method for getting active subscriptions
no-issue
2019-09-25 11:20:02 +07:00
Fabien O'Carroll
a92d5f064b Added method for getting stripe customer for member
no-issue

This finds the first active customer that is linked to the member, and
created and links a new customer if a viable one does not exist.
2019-09-25 11:20:02 +07:00
Fabien O'Carroll
69abbc6fa2 Added method for linking customer to member
no-issue

Uses the metadata storage passed into stripe
2019-09-25 11:20:02 +07:00
Fabien O'Carroll
9beb496bd1 Passed in metadata getter/setter to stripe
no-issue

This will be used to store information such as customer id
2019-09-25 11:20:02 +07:00
Fabien O'Carroll
644fd71d4f Removed unused getPublicConfig method from stripe
no-issue

Don't use it you lose it!
2019-09-25 11:20:02 +07:00
Fabien O'Carroll
373f67a117 Added getCustomer method to stripe
no-issue

This uses the stripeRequests module directly since the customers api was
removed.
2019-09-25 11:20:02 +07:00
Fabien O'Carroll
2849c647d6 Added parseWebhook method to stripe
no-issue

This uses the webhook secret and stripe module to validate the signature
and parse the body into an object
2019-09-25 11:20:02 +07:00
Fabien O'Carroll
343fcecfff Updated stripe to create webhook on boot configure
no-issue

This will allow us to a) have an endpoint to receive webhooks and b) get
hold of the webhook secret to validate the signature.
2019-09-25 11:20:02 +07:00
Fabien O'Carroll
4dc42709c3 Removed superfluous stripe api modules
no-issue

This removes the subscription api as we are using stripe checkout to
generate those

This removes the customers api as we no longer need the deterministic
api for it
2019-09-25 11:20:02 +07:00
Fabien O'Carroll
216ab072b4 Refactored users module to wrap all methods
no-issue

This also adds initial support for `update` user - which is not used
2019-09-25 11:20:02 +07:00
Fabien O'Carroll
f7b61e901d Removed body-parser from router middleware
no-issue

Validating stripe webhooks requires the body as a buffer, so we can no
longer parse json body by default
2019-09-25 11:20:02 +07:00
Fabien O'Carroll
58cb25fe86 Published new versions
- @tryghost/magic-link@0.1.2
 - @tryghost/members-api@0.5.3
 - @tryghost/members-browser-auth@0.2.3
 - @tryghost/members-gateway-api@0.1.7
 - @tryghost/members-ssr@0.5.0
 - @tryghost/members-theme-bindings@0.2.6
2019-09-16 14:01:13 +08:00
Fabien O'Carroll
8b54a91b60 Published new versions
- @tryghost/members-api@0.5.2
2019-09-15 11:50:11 +08:00
Fabien O'Carroll
de0baded13 Logged error when sending email (#62)
no-issue
2019-09-15 11:48:11 +08:00
Fabien O'Carroll
b834c70559 Published new versions
- @tryghost/magic-link@0.1.1
 - @tryghost/members-api@0.5.1
 - @tryghost/members-auth-pages@1.1.3
 - @tryghost/members-browser-auth@0.2.2
 - @tryghost/members-gateway-api@0.1.6
 - @tryghost/members-gateway-protocol@0.1.4
 - @tryghost/members-ssr@0.4.0
 - @tryghost/members-theme-bindings@0.2.5
2019-09-09 15:53:10 +08:00
Fabien O'Carroll
d741cd9fba Returned fully hydrated member object when creating member
no-issue
2019-09-09 15:51:20 +08:00
Renovate Bot
84f9e69a50 Update dependency sinon to v7.4.2 2019-09-09 13:57:00 +08:00
Fabien O'Carroll
cb3cedd9df Published new versions
- @tryghost/members-api@0.5.0
 - @tryghost/members-ssr@0.3.1
2019-09-06 14:56:19 +08:00
Fabien O'Carroll
4ead495b45 Ensured that destroying member removes stripe customer
no-issue

This also mean sthe subscription will be cancelled
2019-09-06 14:30:27 +08:00
Fabien O'Carroll
ec3948287f Added subscription data when fetching member 2019-09-06 14:30:27 +08:00
Fabien O'Carroll
4f1bc288c5 Added support for stripe checkout payments 2019-09-06 14:30:27 +08:00
Fabien O'Carroll
61561a5af6 Added stripe payments module 2019-09-06 14:30:27 +08:00
Fabien O'Carroll
7376a333c2 Removed lib/subscriptions
no-issue

This is no longer used
2019-09-06 14:30:27 +08:00
Fabien O'Carroll
1c5ba6056a Removed lib/cookies
no-issue

This is no longer used
2019-09-06 14:30:27 +08:00
Fabien O'Carroll
8bfcc37ad4 Removed lib/util
no-issue

This is no longer used
2019-09-06 14:30:27 +08:00
Fabien O'Carroll
64738adfc0 Removed gateway
no-issue

This is no longer needed
2019-09-06 14:30:27 +08:00
Fabien O'Carroll
95ed945f6d Published new versions
- @tryghost/members-api@0.4.1
 - @tryghost/members-auth-pages@1.1.2
2019-09-05 11:01:48 +08:00
Fabien O'Carroll
ffd20f74f0 Exported members from members-api
no-issue

This allows consumers of the service to fetch members with payment info
2019-09-05 11:00:46 +08:00
Fabien O'Carroll
33ff98f789 Published new versions
- @tryghost/magic-link@0.1.0
 - @tryghost/members-api@0.4.0
 - @tryghost/members-auth-pages@1.1.1
 - @tryghost/members-browser-auth@0.2.1
 - @tryghost/members-gateway-api@0.1.5
 - @tryghost/members-gateway-protocol@0.1.3
 - @tryghost/members-ssr@0.3.0
 - @tryghost/members-theme-bindings@0.2.4
2019-09-03 18:25:17 +08:00
Fabien O'Carroll
d9fd07ef7f Fixed getMemberIdentityData method
no-issue

The users.get method expects an object with email prop
2019-09-03 18:21:04 +08:00
Fabien O'Carroll
af6c897a14 Updated members-api to use magic-link
no-issue

This removes a *lot* of funtionality, stripping the members-api module
to *only* handle the magic link signin flow.
2019-09-03 15:35:04 +08:00