Commit Graph

1153 Commits

Author SHA1 Message Date
Sam Lord
3c5cf21274 Added email verification trigger package
refs: https://github.com/TryGhost/Toolbox/issues/166

New package handles the email verification workflow to prevent spammers. It currently handles MembersSubscribeEvent to detect potential abuse of the API to add members, and exposes methods for checking the threshold / starting the verification process for use by other areas of the code (at the moment - just member imports).

The import package no longer needs to handle anything related to verification since it can be handled in the wrapper function in Ghost, and the API package doesn't need to do anything other than dispatch the new event.
2022-01-27 10:57:51 +00:00
Fabien "egg" O'Carroll
65543b4e8f Published new versions
- @tryghost/members-api@4.8.2
 - @tryghost/members-stripe-service@0.6.5
2022-01-26 22:26:58 +02:00
Fabien "egg" O'Carroll
fc5ff5c9e4 Fixed sending emails to paid signups
refs https://github.com/TryGhost/Team/issues/1293

We were referencing the incorrect method from the members-api which
would fail to send the email.
2022-01-26 22:25:07 +02:00
Thibaut Patel
bde49ccb0c Published new versions
- @tryghost/members-api@4.8.1
2022-01-25 16:44:55 +01:00
Thibaut Patel
0acf2f060c Fixed eslint warnings in events.js
no ref

- There were 12 `no-shadow` warnings, renaming the right variables fixed them.
2022-01-25 16:44:29 +01:00
Thibaut Patel
b76c056d33 Removed de-duplication of events in getEventTimeline
refs https://github.com/TryGhost/Team/issues/1277

- When a user signs-up, two events are created, the code was only keeping one of these events.
- This was introduce in commit 58c9c1c649 when the only usage of the function was to extract the 5 most recent events. Any duplication was creating too much noise.
- This was creating issues now that we introduce event filtering. Some `newsletter_event` events would appear from nowhere we we were filtering-out `signup_event` events.
- We removed the deduplication when the `membersActivityFeed` flag is enabled.
2022-01-25 16:38:25 +01:00
Thibaut Patel
18f095d2fb Published new versions
- @tryghost/members-api@4.8.0
2022-01-25 12:21:15 +01:00
Thibaut Patel
d7673bb1ef Moved the event filtering to the database queries
refs https://github.com/TryGhost/Team/issues/1277

- In `getEventTimeline` we filter to only perform the relevant queries, passing to each query function the filters (subset of NQL)
- In each query function, we rewrite the filters to adapt them to the internal data shape.
- We need to do this rewrite to allow API consumers to create filters based on the output on the API instead of the internal data structure.
- Added partial unit tests as there is a lot of repetition between the query functions.
2022-01-25 12:20:34 +01:00
Thibaut Patel
1370682a60 Added a function to parse a NQL subset
refs https://github.com/TryGhost/Team/issues/1277

- This will allow to filter events within `getEventTimeline`
- The subset of NQL has the following rules:
  - Only one level of filters, now parenthesis allowed
  - Only three filter keys allowed
  - No `or` allowed outside of the bracket notation (this is allowed: `type:-[email_opened_event,email_failed_event]` but this isn't: `type:1,data.created_at:1`)
- The return is an object with a NQL filter by allowed filter key
2022-01-24 18:53:14 +01:00
Fabien "egg" O'Carroll
e4e28aae3d Published new versions
- @tryghost/members-api@4.7.1
 - @tryghost/members-stripe-service@0.6.4
2022-01-24 17:37:08 +02:00
Fabien "egg" O'Carroll
560d1f72d8 Fixed reference to sendMagicLink
no-issue

This was referencing the wrong object to get the sendMagicLink method.
2022-01-24 17:35:51 +02:00
Fabien "egg" O'Carroll
d9c571b76b Published new versions
- @tryghost/members-api@4.7.0
2022-01-24 13:14:22 +02:00
Fabien "egg" O'Carroll
7950de49ac Removed archived Tiers from Portal display
refs https://github.com/TryGhost/Team/issues/1252

Although we filter out archived tiers from being shown in Portal - we
must also persist this information, so that when they are unarchived,
they continue to not be shown in Portal.

Unfortunately this information is stored in a setting, rather than on
the Tier object itself, two things to consider for the future are:
1. Representing the display value on the Tier object in the API
2. Updating the DB tables to allow storing the display value on the Tier
2022-01-24 13:13:48 +02:00
Fabien "egg" O'Carroll
3eed15d21a Published new versions
- @tryghost/members-api@4.6.0
2022-01-24 11:47:09 +02:00
Fabien "egg" O'Carroll
73f8db0e37 Restricted Members from being given archived Tiers
refs https://github.com/TryGhost/Team/issues/1252
2022-01-24 11:45:54 +02:00
Thibaut Patel
bb1d5de381 Published new versions
- @tryghost/domain-events@0.1.6
 - @tryghost/magic-link@1.0.17
 - @tryghost/member-analytics-service@0.1.7
 - @tryghost/members-analytics-ingress@0.1.8
 - @tryghost/members-api@4.5.0
 - @tryghost/members-ssr@1.0.19
 - @tryghost/members-offers@0.10.6
 - @tryghost/members-payments@0.1.8
2022-01-21 17:57:25 +01:00
Thibaut Patel
c65a9e0bb2 Moved the getEventTimeline filtering in memory
refs https://github.com/TryGhost/Team/issues/1277

- Doing a filtered DB query wasn't a good solution because we query several tables with different shapes.
- Filtering in memory is done with the NQL library
- Removed the side-effect of changing options.filter for each query, now that options.filter will already contain NQL
- The filtering is done in the reduce function to avoid looping one more time over the in-memory events
2022-01-21 17:56:15 +01:00
renovate[bot]
90efe73e5b Update dependency keypair to v1.0.4 [SECURITY] (#339)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2022-01-21 16:00:22 +02:00
renovate[bot]
3b30c71235 Update dependency @babel/eslint-parser to v7.16.5 (#331)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2022-01-21 15:59:03 +02:00
renovate[bot]
4d77c41858 Update dependency @types/cookies to v0.7.7 (#293)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2022-01-21 15:58:23 +02:00
renovate[bot]
01eea3a81e Update dependency @types/node-jose to v1.1.8 (#290)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2022-01-21 15:58:07 +02:00
renovate[bot]
d3dbc81bd3 Update dependency @types/jsonwebtoken to v8.5.8 (#287)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2022-01-21 15:57:51 +02:00
Thibaut Patel
1bcfe04384 Published new versions
- @tryghost/members-api@4.4.1
2022-01-21 14:04:35 +01:00
Thibaut Patel
5ff5301b1d Fixed the getEventTimeline filtering in case there is no defined filter
refs https://github.com/TryGhost/Team/issues/1277

- `(undefined)` isn't valid NQL so we make sure options.filter is defined
2022-01-21 14:03:33 +01:00
Fabien "egg" O'Carroll
57c865ab82 Published new versions
- @tryghost/members-api@4.4.0
2022-01-21 14:09:45 +02:00
Fabien "egg" O'Carroll
5a9cb1ab83 Restricted changing Subscription to archived Tier
refs https://github.com/TryGhost/Team/issues/1252
2022-01-21 14:08:31 +02:00
Thibaut Patel
2a1fe514cf Published new versions
- @tryghost/members-api@4.3.0
2022-01-21 11:16:58 +01:00
Thibaut Patel
3ad8d9ab8b Added the option to filter events from getEventTimeline
refs https://github.com/TryGhost/Team/issues/1277

- Added the pre-existing framework filters to each event query.
- Made sure we aren't modifying the original `options.filter` to avoid side-effects between event queries.
2022-01-21 11:16:24 +01:00
Fabien "egg" O'Carroll
2661ddcde2 Restricted signing up with archived Tiers
refs https://github.com/TryGhost/Team/issues/1252
2022-01-21 11:13:23 +02:00
Fabien "egg" O'Carroll
883945886c Published new versions
- @tryghost/domain-events@0.1.5
 - @tryghost/express-dynamic-redirects@0.2.4
 - @tryghost/magic-link@1.0.16
 - @tryghost/member-analytics-service@0.1.6
 - @tryghost/member-events@0.3.3
 - @tryghost/members-analytics-ingress@0.1.7
 - @tryghost/members-api@4.2.0
 - @tryghost/members-csv@1.2.3
 - @tryghost/members-importer@0.4.1
 - @tryghost/members-ssr@1.0.18
 - @tryghost/members-offers@0.10.5
 - @tryghost/members-payments@0.1.7
 - @tryghost/members-stripe-service@0.6.3
2022-01-20 17:49:29 +02:00
Fabien "egg" O'Carroll
f7a1aac926 Removed stripe_prices from Products API
refs https://github.com/TryGhost/Team/issues/713

This is a hangover from the multiple products feature and is no longer used.
2022-01-20 17:47:50 +02:00
Fabien "egg" O'Carroll
c59a42c87b Added support for the active flag to Products API
refs https://github.com/TryGhost/Team/issues/1252

This will be used to archive and unarchive Tiers. There is a restriction
on archiving "free" Tiers because our current system expects only one,
and it should always be active.
2022-01-20 17:47:50 +02:00
Renovate Bot
233bb828fa Pin dependencies 2022-01-20 15:42:33 +00:00
Renovate Bot
10b1f62807 Update dependency nock to v13.2.2 2022-01-20 14:30:17 +00:00
Renovate Bot
a2bcff314f Update dependency c8 to v7.11.0 2022-01-20 14:30:04 +00:00
Fabien "egg" O'Carroll
aa8dca50eb Published new versions
- @tryghost/members-api@4.1.4
 - @tryghost/members-stripe-service@0.6.2
2022-01-20 11:00:25 +02:00
Fabien "egg" O'Carroll
ab215fb96a Added missing default parameter for opts
no-issue

The `opts` parameter is optional but there was no default defined, this
was causing errors when trying to read the forceCreate property if opts
was not passed.
2022-01-20 10:58:34 +02:00
Thibaut Patel
49fe3cf84b Published new versions
- @tryghost/members-api@4.1.3
2022-01-19 11:48:22 +01:00
Thibaut Patel
de0dc7a9a0 Added the full related email in email recipient events
refs https://github.com/TryGhost/Team/issues/1277

- Prevents the admin from doing extra api calls to retrieve the email records
2022-01-19 11:47:35 +01:00
Thibaut Patel
f22efd5abc Published new versions
- @tryghost/members-api@4.1.2
2022-01-19 09:56:29 +01:00
Thibaut Patel
83fe60cb66 🐛 Fixed the email recipient events in getEventTimeline
refs https://github.com/TryGhost/Team/issues/1277

- The members weren't included in the serialized version of the new events
- Some properties weren't using the bookshelf `get` method as they should have
2022-01-19 09:55:02 +01:00
Thibaut Patel
182a5ed993 Published new versions
- @tryghost/members-api@4.1.1
2022-01-18 19:03:12 +01:00
Thibaut Patel
a7098aee46 Added members to all member events in getEventTimeline
refs https://github.com/TryGhost/Team/issues/1277

- This makes the three new email recipient events similar to the preexisting events
2022-01-18 19:02:44 +01:00
Thibaut Patel
682cdb8c2d Published new versions
- @tryghost/members-api@4.1.0
2022-01-18 15:54:57 +01:00
Thibaut Patel
ae967c449c Added EmailRecipient events to getEventTimeline
refs https://github.com/TryGhost/Team/issues/1277

- Adds 3 new requests to the `email_recipients` table in the `getEventTimeline` method
- This allows to extract new member events from the table: `email_delivered_event`, `email_opened_event`, `email_failed_event`
2022-01-18 15:53:51 +01:00
Fabien "egg" O'Carroll
f11e1e411d Published new versions
- @tryghost/members-api@4.0.1
 - @tryghost/members-stripe-service@0.6.1
2022-01-18 11:20:09 +02:00
Fabien "egg" O'Carroll
f488438ad0 Added check for Stripe config before migrations
no-issue

This stops us from attempting to run the migrations if Stripe has not
been configured.
2022-01-18 11:18:08 +02:00
Fabien "egg" O'Carroll
0e955fc84f Published new versions
- @tryghost/members-api@4.0.0
 - @tryghost/members-stripe-service@0.6.0
2022-01-18 10:40:05 +02:00
Fabien "egg" O'Carroll
74225779a2 Moved webhook handling into Stripe service
no-issue

Handling Stripe webhooks is a Stripe concern and so we're moving it into
the Stripe module.
2022-01-18 10:37:47 +02:00
Fabien "egg" O'Carroll
94d97d1168 Removed Migrations&disconnectStripe
no-issue

These have been moved the the @tryghost/members-stripe-service
2022-01-18 10:37:47 +02:00