Commit Graph

941 Commits

Author SHA1 Message Date
renovate[bot]
0370dd258d
Update dependency body-parser to v1.20.1 2022-10-06 21:20:56 +00:00
Simon Backx
e7378520a0
🔒 Prevented member creation when logging in (#15526)
fixes https://github.com/TryGhost/Ghost/issues/14508

This change requires the frontend to send an explicit `emailType` when sending a magic link. We default to `subscribe` (`signin` for invite only sites) for now to remain compatible with the existing behaviour.

**Problem:**
When a member tries to login and that member doesn't exist, we created a new member in the past.

- This caused the creation of duplicate accounts when members were guessing the email address they used.
- This caused the creation of new accounts when using an old impersonation token, login link or email change link that was sent before member deletion.

**Fixed:**
- Trying to login with an email address that doesn't exist will throw an error now.
- Added new and separate rate limiting to login (to prevent user enumeration). This rate limiting has a higher default limit of 8. I think it needs a higher default limit (because it is rate limited on every call instead of per email address. And it should be configurable independent from administrator rate limiting. It also needs a lower lifetime value because it is never reset.
- Updated error responses in the `sendMagicLink` endpoint to use the default error encoding middleware.
- The type (`signin`, `signup`, `updateEmail` or `subscribe`) is now stored in the magic link. This is used to prevent signups with a sign in token.

**Notes:**
- Between tests, we truncate the database, but this is not enough for the rate limits to be truly reset. I had to add a method to the spam prevention service to reset all the instances between tests. Not resetting them caused random failures because every login in every test was hitting those spam prevention middlewares and somehow left a trace of that in those instances (even when the brute table is reset). Maybe those instances were doing some in memory caching.
2022-10-05 12:42:42 +02:00
renovate[bot]
2c2ee81adb
Update Test & linting packages 2022-10-05 00:36:08 +00:00
Fabien 'egg' O'Carroll
35bc5fa08a
Fixed no-shadow lint warnings (#15520)
We're planning to change this from a warning to an error and need to
clean the codebase up before we do so.

In all of these cases the shadowing was known about and was not
causing unexpected behaviour, so the refactor consists entirely of
renaming, rather than refactoring/bug fixes.
2022-10-03 15:50:28 +01:00
Hannah Wolfe
04621b1e2e
Fixed ESLint no-shadow warnings in members-api
- I want to upgrade no-shadow to an error, but to do this I need to resolve the outstanding warnings
- This is not all the warnings, just the ones that were easy to fix
2022-10-03 12:08:55 +01:00
Rishabh Garg
e3600d70ef
Added referrer attribution from request context (#15499)
closes TryGhost/Team#2007

- uses request context to add referrer source and medium for a new member
- uses integration name as referrer medium if exists
2022-09-29 22:31:48 +05:30
Rishabh Garg
31733657a6
Updated naming for referrer attribution (#15486)
- renames `refSource`, `refMedium` and `refUrl` to `referrerSource`, `referrerMedium` and `referrerUrl` respectively for consistent naming across files and usages
2022-09-28 00:58:06 +05:30
renovate[bot]
9eb3c84a23
Updated @tryghost dependencies (#15434)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2022-09-27 08:31:35 +07:00
Rishabh
bb0d900937 Handled storing referrer information in DB
refs https://github.com/TryGhost/Team/issues/1931

- stores `referrer_source`, `referrer_medium` and `referrer_url` in event tables for new members and paid subscriptions
2022-09-21 19:32:18 +05:30
Simon Backx
b8041f0a60
Added clicks to activity feed (#15439)
closes https://github.com/TryGhost/Team/issues/1933

- Added click_events to activity feed
- Added support for parsing click_events in the frontend
- Moved url parsing (transform ready) to model layer of LinkRedirect
- Moved `getEventTimeline` method to the top of the event repository
- Added description field to parsed events in the frontend (because we need a second line)
- Fixed: member email not returned in comment_event
2022-09-21 10:25:51 +02:00
renovate[bot]
225765241c
Updated @tryghost dependencies (#15404)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2022-09-19 12:09:33 +01:00
Rishabh
54f848415a Updated stripe checkout session metadata for referrer data
- adds referrer source, medium and url to stripe checkout metadata for later storage
2022-09-19 12:29:22 +05:30
Simon Backx
972c25edc7
Wired up member attribution from email clicks (#15407)
refs https://github.com/TryGhost/Team/issues/1899

- Added `addEmailAttributionToUrl` method to MemberAttributionService. This adds both the source attribution (`rel=newsletter`) and member attribution (`?attribution_id=123&attribution_type=post`) to a URL.
- The URLHistory can now contain a new sort of items: `{type: 'post', id: 'post-id', time: 123}`.
- Updated frontend script to read `?attribution_id=123&attribution_type=post` from the URL and add it to the URLHistory + clear it from the URL.
- Wired up some external dependencies to LinkReplacementService and added some dummy code.
- Increased test coverage of attribution service
- Moved all logic that removes the subdirectory from a URL to the UrlTranslator instead of the AttributionBuilder
- The UrlTranslator now parses a URLHistoryItem to an object that can be used to build an Attribution instance
- Excluded sites with different domain from member id and attribution tracking
2022-09-14 15:50:54 -04:00
Rishabh
054833992e Wired events for triggering email alerts for subscription creation/cancellation
refs https://github.com/TryGhost/Team/issues/1865

- refactors subscription creation/cancellation to dispatch proper events which are used for email alerts
- cleanup
2022-09-10 11:06:34 +05:30
Rishabh
2fbaa7b9bc Moved member email alert trigger to member creation
closes https://github.com/TryGhost/Team/issues/1864
refs https://github.com/TryGhost/Team/issues/1881

- triggers free member email alert via event dispatch from member create method
- passes subscription/stripe data to member creation for paid members so free member alert can be ignored for them
- moves subscription created event being called from webhook controller to `linkSubscription`, allows creating subscription events for all new subscriptions instead of ones just via webhooks
2022-09-10 11:06:34 +05:30
Rishabh
4187f0da54 Updated staff service to trigger alerts via events
refs https://github.com/TryGhost/Team/issues/1865

- refactors staff service to listen to member and subscription events
- triggers email alerts based on events instead of directly calling the service
- removes staff service dependency for members api
2022-09-10 11:06:34 +05:30
Ronald Langeveld
eb6534bd7f
Replaced all 'bio' references with 'expertise' for member comments. (#15359)
closes https://github.com/TryGhost/Team/issues/1772

- The user facing side of comments recently replaced `bio` with `expertise`.
- To remain consistent we replaced all the references of `bio` with `expertise` throughout the codebase.
- This includes a database column name changing migration, within the `members` table.
- Bumped up the comments-ui version to a new minor (0.10.x) as its a breaking change.
2022-09-09 10:14:49 +02:00
Hakim Razalan
a440076a12
🐛 Fixed validation errors for duplicate members (#15362)
closes: #15292

- Remove banner error and show duplicate member validation error inline
- Add property: 'email' to member API validation error
2022-09-08 17:29:48 +01:00
Ronald Langeveld
1f177e1c17
Added optional data-attribute to enable and disable auto redirection. (#15335)
closes https://github.com/TryGhost/Ghost/issues/15104 https://github.com/TryGhost/Team/issues/1800

- On custom sign up and login forms, creators often wouldn't want their members to be redirected to that page after signing in.
- This takes a new data-attribute value (eg `data-members-autoredirect="false"`) that can be set on [custom sign up / login forms](https://ghost.org/docs/themes/members/#signup-forms) into account before parsing the referrer on the magic link URL that gets sent to the member for login.
2022-09-06 14:36:06 +02:00
Daniel Lockyer
df99e1aec3
Merged v5.12.3 into main
v5.12.3
2022-09-01 15:36:46 +01:00
Rishabh Garg
c4041e46c8
🐛 Fixed email alerts for paid members on import (#15347)
closes https://github.com/TryGhost/Team/issues/1868

- email alerts should not be sent out when paid subscriptions are created via our importer
2022-09-01 20:00:37 +05:30
Daniel Lockyer
7a2f766668
Added logging configuration option for timestamps to use the local timezone
fixes https://github.com/TryGhost/Ghost/issues/15190
refs https://github.com/TryGhost/framework/pull/76

- log output always uses UTC timestamps, but it may be desirable to
  configure logs to use the local machine timezone
- a new config option has been added to `@tryghost/logging` so you can
  switch the logs to the local timezone
- this commit bumps the package and sets the default config option to
  `false`, so it doesn't suddenly change the timezone of the logs
- docs will be updated soon but if you'd like to use the
  timezone-altered timestamps, you can set `logging.useLocalTime` to
  `true`
- credits to https://github.com/levee223 for the implementation and PR
2022-08-31 10:29:55 +01:00
Simon Backx
aec2badc6c
🐛 Fixed removing comped subscriptions for members with active subs (#15332)
fixes https://github.com/TryGhost/Team/issues/1859

**Problem:**
When for some reason a member has an active subscription (or legacy comped subscription) for product A, and a comped subscription for product B. You cannot remove comped subscription B.

**Fixed by:**
Updating the API to allow more flexible product changes on members.
- Allow the removal of (comped) products on a member, as long as that product doesn't have a related subscription
- (still) allow the addition of comped products to a member, as long as that member doesn't have other active subscriptions. This matches the existing behaviour, but now this is only checked for added products.
- Includes tests for these edge cases
2022-08-30 16:48:44 +01:00
Simon Backx
e7786ca482
🐛 Fixed removing comped subscriptions for members with active subs (#15332)
fixes https://github.com/TryGhost/Team/issues/1859

**Problem:**
When for some reason a member has an active subscription (or legacy comped subscription) for product A, and a comped subscription for product B. You cannot remove comped subscription B.

**Fixed by:**
Updating the API to allow more flexible product changes on members.
- Allow the removal of (comped) products on a member, as long as that product doesn't have a related subscription
- (still) allow the addition of comped products to a member, as long as that member doesn't have other active subscriptions. This matches the existing behaviour, but now this is only checked for added products.
- Includes tests for these edge cases
2022-08-30 17:36:52 +02:00
Elijah
3c94812ee5
Added missing return in create-stripe-update-session
no issue

- Return was missing for `res.end` if an invalid subscription_id was passed
- Added explicit `text/plain` `Content-Type` headers to error messages to avoid MIME sniffing

Signed-off-by: Elijah Conners <business@elijahpepe.com>
Co-authored-by: Simon Backx <simon@ghost.org>
2022-08-29 14:02:58 +02:00
Rishabh Garg
1bf70bf3c6
Stored geolocation for member on creation (#15320)
refs https://github.com/TryGhost/Team/issues/1826

Geolocation was prev. loaded after member was created and updated on existing member. this was mostly due to historical context where we couldn't store data on magic link token.
Since email alerts go out at the time of member creation, this flow missed out on attaching member's location to email. 
This change -

- stores request ip when a member asks for magic link in the token
- loads request ip from token when member uses magic link, and for new members loads their geolocation and stores it with member creation
2022-08-26 00:45:34 +05:30
Rishabh
4ac1a2c21e Added paid subscription cancel email alert
refs TryGhost/Team#1826

- triggers paid subscription cancellation alert for staff users
- passes tier and subscription information for the email - loads tier info from DB for the subscription tier
2022-08-25 19:53:02 +05:30
Rishabh
216eeb9d71 Added paid subscription start email alert
refs TryGhost/Team#1826

- triggers paid subscription start email via staff service
2022-08-25 19:53:02 +05:30
Rishabh
aeadf8a5e1 Added email alert trigger for free member signup
refs TryGhost/Team#1826

- fires email alert on free member creation after they finish signing up via checkout link
2022-08-25 19:53:02 +05:30
Naz
8892a60948 Renamed verification threshold parameter
refs https://github.com/TryGhost/Toolbox/issues/387

- There will three distinct verification limits soon. To keep the naming clear "configThreshold" would be too generic/confusing to use.
- Introduced jsdoc descriptions for the "source" parameter, which will be corelating with each new config parameter ("apiTriggerThreshold", "importTriggerThreshold", "adminTriggerThreshold", etc.). This should give a better visibility into parameters we are dealing in this area.
2022-08-25 14:26:44 +08:00
Simon Backx
f124d142c9 Added member attributions to activity feed (#15283)
refs https://github.com/TryGhost/Team/issues/1833
refs https://github.com/TryGhost/Team/issues/1834

We've added the attribution property to subscription and signup events when the
flag is enabled. The attributions resource is fetched by creating multiple relations
on the model, rather than polymorphic as we ran into issues with that as they can't
be nullable/optional.

The parse-member-event structure has been updated to make it easier to work with,
specifically `getObject` is only used when the event is clickable, and there is now a 
join property which makes it easier to join the action and the object.
2022-08-24 11:17:28 -04:00
Fabien "egg" O'Carroll
3c431bd8da Revert "Added member attributions to activity feed (#15283)"
This reverts commit e986b78458.

The tests were not passing for the PR and it was erroneously
merged into main
2022-08-24 11:01:47 -04:00
renovate[bot]
fce4b26601 Update dependency @types/jsonwebtoken to v8.5.9 2022-08-24 16:54:58 +02:00
Simon Backx
e986b78458
Added member attributions to activity feed (#15283)
refs https://github.com/TryGhost/Team/issues/1833
refs https://github.com/TryGhost/Team/issues/1834

We've added the attribution property to subscription and signup events when the
flag is enabled. The attributions resource is fetched by creating multiple relations
on the model, rather than polymorphic as we ran into issues with that as they can't
be nullable/optional.

The parse-member-event structure has been updated to make it easier to work with,
specifically `getObject` is only used when the event is clickable, and there is now a 
join property which makes it easier to join the action and the object.
2022-08-24 10:11:25 -04:00
Naz
02a0fd5a32 Fixed source attribution for staff token API requests
closes https://github.com/TryGhost/Toolbox/issues/386

- When the API request was made using staff token the source attribution was "user" instead of "api". Misattribution caused ripple effects in  limit service.
- The fix also adds a new combination of data available on the  `req` object - both `user` and `api_key` can be present when the request is done using a staff (user) token. Having both pieces of data on the request object gives more context for business logic, did not find a good reason to keep it "pure" with either `api_key` or `user` property.
2022-08-23 14:38:46 +08:00
Naz
6121451b5d Reused _resolveContextSource method in member update
refs https://github.com/TryGhost/Toolbox/issues/386

- Reusing tontext mapping logic to improve maintainability. It seems like the `update` method was not updated properly or intentionally was left out from  'import' source as that should not ever happen theoretically. Probably the latter is most likely.
- My reasoning on reusing same context to source mapping is: it is better to attribute an appropriate "import" source here. Who knows, maybe we'll have logic in the future where the importer updates instead of skipping existing members. It would not make sense to attribute the source to 'member' in that case, amirite?
- This refactor also makes maintainability of this code way easier
2022-08-23 14:38:46 +08:00
Naz
32343a7adb Extracted context to source mapping logic
refs https://github.com/TryGhost/Toolbox/issues/386

- Before changing the mapping logic it needs to become testable!
2022-08-23 14:38:46 +08:00
Simon Backx
0943daad72
Added member attribution to member details page (#15266)
refs https://github.com/TryGhost/Team/issues/1817

Co-authored-by: James Morris <moreofmorris@users.noreply.github.com>
2022-08-19 16:39:18 -04:00
Rishabh
c19d2d8712 Updated subscription flow to only attach single tier to member
refs https://github.com/TryGhost/Team/issues/1728

- previously, we allowed a member to be mapped to multiple tiers simultaneously as an edge case, in case they managed to signup via another subscription
- since this was always an edge case and not supported, to simplify the flows going forward now that complimentary members can also upgrade, in case of an active subscription we'll always just attach the associated tier to member and remove all other tiers mapped to it
2022-08-19 20:55:31 +05:30
Rishabh
6f2066517b Allowed comped members to go through checkout flow
refs https://github.com/TryGhost/Team/issues/1728

- allows comped members to go through the stripe checkout flow and become a paid member
2022-08-19 20:55:31 +05:30
Simon Backx
da24d13601
Added member attribution events and storage (#15243)
refs https://github.com/TryGhost/Team/issues/1808
refs https://github.com/TryGhost/Team/issues/1809
refs https://github.com/TryGhost/Team/issues/1820
refs https://github.com/TryGhost/Team/issues/1814

### Changes in `member-events` package

- Added MemberCreatedEvent (event, not model)
- Added SubscriptionCreatedEvent (event, not model) 

### Added `member-attribution` package (new)

- Added the AttributionBuilder class which is able to convert a url history to an attribution object (exposed as getAttribution on the service itself, which handles the dependencies)
```
[{
    "path": "/",
    "time": 123
}]
```
to
```
{
    "url": "/",
    "id": null,
    "type": "url"
}
```

- event handler listens for MemberCreatedEvent and SubscriptionCreatedEvent and creates the corresponding models in the database.

### Changes in `members-api` package

- Added urlHistory to `sendMagicLink` endpoint body + convert the urlHistory to an attribution object that is stored in the tokenData of the magic link (sent by Portal in this PR: https://github.com/TryGhost/Portal/pull/256).
- Added urlHistory to `createCheckoutSession` endpoint + convert the urlHistory to attribution keys that are saved in the Stripe Session metadata (sent by Portal in this PR: https://github.com/TryGhost/Portal/pull/256).

- Added attribution data property to member repository's create method (when a member is created)
- Dispatch MemberCreatedEvent with attribution

###  Changes in `members-stripe-service` package (`ghost/stripe`)

- Dispatch SubscriptionCreatedEvent in WebhookController on subscription checkout (with attribution from session metadata)
2022-08-18 17:38:42 +02:00
Daniel Lockyer
f51226e5fb Organized package dependencies
- cleaned up unused dependencies
- adds missing dependencies that are used in the code
- this should help us be more explicit about the dependencies a package
  uses
2022-08-18 11:55:49 +02:00
Daniel Lockyer
54aa9f016b Fixed full Admin test suite running during unit tests
- because of how the npm scripts were set up, we were running the full
  Admin integration tests during the unit tests phase of CI
- this commit renames the majority of `test` to `test:unit` in the
  package.json files, and aliases `test` to `test:unit`
- special packages like Admin have no-op'd `test:unit` scripts so we
  don't end up running its tests
2022-08-15 15:34:52 +02:00
Rishabh
52e3ae2058 Handled mapping offer to subscription for free trials
refs https://github.com/TryGhost/Team/issues/1726

Free trial offers don't have a Stripe coupon created for them, as the trial is directly added to checkout session. So for mapping a subscription to offer, we pass the offer id directly from checkout metadata to link the subscription in backend with right offer data. This also handles the case where the offer id against a subscription can get overwritten for a subsequent subscription event, as the sub event from Stripe doesn't has the trial offer info.

- handles storing an offer id for a subscription
- updates member detail in Admin to show the offer info for a subscription
2022-08-11 12:03:38 +05:30
Rishabh
843bbfa55d Handled stripe setup for free trial offers
refs https://github.com/TryGhost/Team/issues/1726

- free trial offers don't need a stripe coupon created for them
- checkout sessions for free trial offers ignore stripe coupon and directly pass the trial days value
- trial days of an offer take precedence over trial days added as default to a tier
2022-08-11 11:04:39 +05:30
Simon Backx
82a3133ace
Added replies/likes count and limited replies to comments (#15206)
refs https://github.com/TryGhost/Team/issues/1723

- Added count.replies to comments
- Added replies endpoint
- Limited returned replies to 3.
- Replaced likes_count with count.likes in comments
- Instead of fetching all the likes of a comment to determine the total count, we'll now use count.likes
- Instead of fetching all the likes of a comment to determine whether a member liked a comment, we'll now use count.liked (which returns the amount of likes of the current member, being 0 or 1). This is mapped to `liked` to make it more natural to work with.

The `members.test.snap` file changed because we no longer include `liked: false` if we didn't fetch the liked relation. And in the comments events of the activity feed the liked property is therefore removed.

These changes requires an update to the `bookshelf-include-count` plugin:
- Updated to also work for nested relations
- This moves the count queries from the `bookshelf-include-count` plugin to the `countRelations` method of each model.
- Updated to keep the counts after saving a model (crud.edit didn't return the counts before)
2022-08-10 16:12:35 +02:00
Daniel Lockyer
6dde5e40e3
Updated Eslint ECMAScript compatibility to 2022
refs https://github.com/TryGhost/Toolbox/issues/345

- this commit bumps `eslint-plugin-ghost`, which bumps compatiblity to
  2022
- this also removes a lot of the manually-added
  `parserOptions.ecmaVersion` that we had in imported packages, in favor
  of the value set in `eslint-plugin-ghost`
2022-08-09 15:51:40 +02:00
Fabien 'egg' O'Carroll
453f828aa7
Restricted existing prices to those that are active (#15195)
Without this check, an inactive price in our database will just be
reactivated each time it is required. This can cause issues when
prices have been deleted.

By adding this constraint to the query, we will create a new price in
Stripe and our database when attempting to use an inactive price, this
is particularly useful when trying to fix problems caused by Stripe
prices being deleted.
2022-08-08 16:18:07 +01:00
Simon Backx
eb4d882bb2 Fixed whitespace in bio not removed
fixes https://github.com/TryGhost/Team/issues/1755
2022-08-05 17:10:56 +02:00
Rishabh Garg
5704ac061e
Handled storing of trial start/end info for subscription (#15161)
refs https://github.com/TryGhost/Team/issues/1724

With free trials, members can start subscriptions with a trial period. This change stores the information about trial start and end date for every subscription so it can be shown on Admin/Portal for member.

- adds new `trial_start_at` column for storing trial start date on Stripe subscription. Will in most cases match the start of subscription date.
- adds new `trial_end_at` column for storing trial end date on Stripe subscription.
- wires storing trial start and end values on stripe subscription
2022-08-05 17:50:40 +05:30
Rishabh
b03ec721a2 Handled trial days on creating new tier
refs https://github.com/TryGhost/Team/issues/1724

- saves trial days in DB when creating a new tier
2022-08-05 17:33:09 +05:30
Rishabh
54860d2b64 Wired trial days to stripe checkout session
refs https://github.com/TryGhost/Team/issues/1724

- wires trial days stored on a tier to stripe checkout session creation
- removes deprecated `trial_from_plan` if trial days is set
2022-08-05 17:23:40 +05:30
Simon Backx
bac8f4b8db
Added bio to members api (#15168)
refs https://github.com/TryGhost/Team/issues/1716

- Adds the bio field to the API output
- Allow setting bio when updating the member
- Includes new E2E tests for the members API that were missing
2022-08-04 15:51:23 +02:00
Daniel Lockyer
a9cffd9550
Pinned all dependencies
- we should pin all dependencies so we know what is getting shipped in
  the application
2022-07-27 08:44:50 +02:00
Simon Backx
5235d67fed
Added comment events to activity feed (#15064)
refs https://github.com/TryGhost/Team/issues/1709

- New event type `comment_event` (comments and replies of a member in the activity feed)
- Includes member, post and parent relation by default
- Added new output mapper for ActivityFeed events

**Changes to `Comment` model:**
* **Only limit comment fetched to root comments when not authenticated as a user:** 
`enforcedFilters` is applied to all queries, which is a problem because for the activity feed we also need to fetch comments which have a parent_id that is not null (`Member x replied to a comment`). The current filter in the model is specifically for the members API, not the admin API (so checking the user should fix that, not sure if that is a good pattern but couldn’t find a better alternative).
* **Only set default relations for comments when withRelated is empty or not set:**
`defaultRelations`: Right now, for every fetch it would force all these relations. But we don’t need all those relations for the activity feed; So I updated the pattern to only set the default relations when it is empty (which we also do on a couple of other places and seems like a good pattern). I also updated the comments-ui frontend to not send ?include
2022-07-25 17:48:23 +02:00
Simon Backx
31a4135fec
Added members.last_commented_at and last_seen_at update when commenting (#15088)
refs https://github.com/TryGhost/Team/issues/1717

- Updates last_commented_at and last_seen_at (only once a day)
- Used the LastSeenAtUpdater, so we can combine updating last_commented_at and last_seen_at in one query + used same pattern
- Updated comments service to await emails in order to make E2E tests more stable (as we don't have any method to await emails and test emails otherwise). This removed the email sending logic from the `onCreated` hook of the model.
2022-07-25 17:35:46 +02:00
Daniel Lockyer
61125d7605
Removed repository from component package.json files
refs https://github.com/TryGhost/Toolbox/issues/354

- these repository links made sense when they were in different repos
  and published to NPM but we don't publish these packages any more
- this commit deletes those keys from the files
2022-07-25 11:15:16 +02:00
Daniel Lockyer
17bf358b47
Pinned internal packages
- we're going to be pinning all dependencies within the monorepo
- this shouldn't change anything anyway because we're using the same
  version across all packages
2022-07-21 16:35:19 +02:00
renovate[bot]
d228144c27 Pin dependencies 2022-07-21 16:27:57 +02:00
Daniel Lockyer
2c59f5342b
Switched away from using @nexes packages
- we renamed the scope to `@tryghost` a while back, and published new
  versions, but these packages seem to have been missed during the
  rename
2022-07-21 12:38:09 +02:00
Daniel Lockyer
03cb00e7fb
Unified some package scripts
- reworked lint script to follow the format of others
- deleted posttest linting from members-ssr
2022-07-21 09:51:16 +02:00
Daniel Lockyer
d5874e29a3
Removed members-api posttest linting step
- we don't need to run linting after testing, as this is done separately
  and upon a `git push` anyway
2022-07-21 09:30:07 +02:00
Daniel Lockyer
9ec83a6e21
Disabled publishing for Members packages
- we don't want to publish these anymore so this commit disables the
  ability to
- also fixes up a missing version that wasn't reset
2022-07-21 09:26:04 +02:00
Daniel Lockyer
376ee24600
Switched to unversioned Members packages
- these packages are split apart for local development, but will be
  bundled into Ghost when publishing
- therefore, these packages won't be published so we are resetting the
  versions to make them cleaner
2022-07-21 09:15:29 +02:00
renovate[bot]
206df11f27 Update dependency @types/node-jose to v1.1.10 2022-07-20 18:08:02 +02:00
renovate[bot]
bc4aebf163 Update Test & linting packages 2022-07-19 18:55:22 +00:00
Fabien "egg" O'Carroll
0ff47d4b51 Published new versions
- @tryghost/magic-link@1.1.0
 - @tryghost/members-api@8.3.0
 - @tryghost/members-stripe-service@0.10.6
2022-07-15 11:03:57 +01:00
Fabien 'egg' O'Carroll
f3130d9538 Passed request referrer to magic link service (#408)
refs https://github.com/TryGhost/Team/issues/1174

This paves the way for Ghost to be able to redirect to the referrer
page when dealign with signup magic links. We pass the referrer for
all types of magic links however, to allow extension of this
functionality in the future.

We've also removed the concept of `requestSrc` which has been unused
for a while now.
2022-07-15 11:02:58 +01:00
Naz
ef1c4764d3 Published new versions
- @tryghost/members-api@8.2.1
2022-07-14 16:15:02 +01:00
Naz
08b49a3475 Updated method signatures and added JSDocs
refs https://github.com/TryGhost/Team/issues/1674

- While preparing the changes had a look around and made small refactors to understand the codebase a little better. In general it's best to keep the method parameters as small and precise as possible instead of passing around a "bag-of-all-the-things" like "data" around
2022-07-15 03:12:35 +12:00
Naz
05105e1173 Updated method signatures and added JSDocs
refs https://github.com/TryGhost/Team/issues/1674

- While preparing the changes had a look around and made small refactors to understand the codebase a little better. In general it's best to keep the method parameters as small and precise as possible instead of passing around a "bag-of-all-the-things" like "data" around
2022-07-14 12:54:58 +01:00
Naz
2a7166ffc3 Fixed typo 2022-07-14 12:10:18 +01:00
Simon Backx
3ecff41a11 Published new versions
- @tryghost/members-api@8.2.0
2022-07-07 14:15:06 +02:00
Simon Backx
011c7cb0a2 Added support for updating member enable_comment_notifications
refs https://github.com/TryGhost/Team/issues/1664

This makes it possible for members to update their comment notification preferences
2022-07-07 14:14:02 +02:00
renovate[bot]
a0294c65b2 Update dependency nock to v13.2.8 2022-06-30 19:55:09 +00:00
Renovate Bot
c9e60ac690 Update dependency nock to v13.2.7 2022-06-15 03:52:01 +00:00
Renovate Bot
f1118ead35 Update dependency nock to v13.2.6 2022-06-03 18:48:31 +00:00
Fabien "egg" O'Carroll
1256dea36e Published new versions
- @tryghost/members-api@8.1.3
2022-06-01 10:43:47 +01:00
Fabien 'egg' O'Carroll
8e2c600612 Fixed checkout session creation for existing members (#403)
refs https://github.com/TryGhost/Team/issues/1526

We weren't using the `req.body.customerEmail` to load a member and
check their existing tiers, this meant that existing members which
were signed out and attempted to create a stripe checkout session were
able to.
2022-06-01 10:40:52 +01:00
Simon Backx
5bef2a1068 Published new versions
- @tryghost/members-api@8.1.2
 - @tryghost/members-importer@0.5.16
2022-05-25 13:15:17 +02:00
Simon Backx
b8e43ba675 Removed usage of membersActivityFeed flag
refs https://github.com/TryGhost/Team/issues/1616
2022-05-25 10:37:49 +02:00
Simon Backx
9b0259dc6f Removed usage of dashboardV5 feature flag
refs https://github.com/TryGhost/Team/issues/1616
2022-05-25 10:29:55 +02:00
Simon Backx
14a7d1f00f Cleaned up multipleProducts and multipleNewsletters flags 2022-05-25 10:25:02 +02:00
Naz
0c83a60578 Published new versions
- @tryghost/members-api@8.1.1
2022-05-23 18:59:02 +08:00
Naz
9756094ae2 🐛 Fixed signing key mismatching in JWT/JWKS
refs https://github.com/TryGhost/Team/issues/1640
closes https://github.com/TryGhost/Members/pull/401/
refs https://forum.ghost.org/t/ghost-jwt-question-possible-bug/30210

- Without `keyid` parameter some of the clien libraries were not able to match the signin key to verify JWT
- Missing `keyid` parameter allows to indicate the key used to secure JWS (as per https://www.rfc-editor.org/rfc/rfc7515#section-4.1.4) and resolves the automatic matching issue on the client.
- The `kid` parameter was left in claims to avoid accidental breaking changes.
2022-05-23 18:45:08 +08:00
Naz
900f7951b7 Added test coverage for JWKS token verification
refs https://github.com/TryGhost/Team/issues/1640

- Adds coverage for token verification based on public key exposed through the `/.well-known/jwks.json` endpoint
2022-05-23 17:59:33 +08:00
Naz
9e96916a6d Added basic test coverage for the token service
refs https://github.com/TryGhost/Team/issues/1640

- This is groundwork before fixing the referenced bug
2022-05-23 15:59:18 +08:00
Simon Backx
6243b99181 Published new versions
- @tryghost/members-api@8.1.0
2022-05-20 12:26:44 +02:00
Simon Backx
62c992c8e3 Improved bulk unsubscribe operation to use member_id column (#400)
refs https://ghost.slack.com/archives/C02G9E68C/p1652980792270029

When bulk unsubscribing members, the number of deleted newsletter relations are returned instead of the number of members with newsletters that were cleared. This update deletes newsletter relations on member_id, so we can return the count of members instead of newsletter relations that were deleted.

Tests in https://github.com/TryGhost/Ghost/pull/14871
2022-05-20 12:25:58 +02:00
Rishabh
f6d9b965db Published new versions
- @tryghost/members-api@8.0.1
2022-05-18 13:13:51 +05:30
Rishabh
63a859587b Fixed checkout session creation with just offer id
- In case of an offer id present in stripe checkout session, the cadence and tier id values can be null
- this fixes the invalid 400 thrown on missing cadence value while creating stripe checkout session for offer
2022-05-18 13:12:40 +05:30
Fabien "egg" O'Carroll
c41f067ea8 Published new versions
- @tryghost/domain-events@0.1.14
 - @tryghost/express-dynamic-redirects@0.2.13
 - @tryghost/magic-link@1.0.26
 - @tryghost/member-analytics-service@0.1.16
 - @tryghost/member-events@0.4.6
 - @tryghost/members-analytics-ingress@0.1.17
 - @tryghost/members-api@8.0.0
 - @tryghost/members-csv@1.2.15
 - @tryghost/members-events-service@0.4.3
 - @tryghost/members-importer@0.5.14
 - @tryghost/members-ssr@1.0.28
 - @tryghost/members-offers@0.11.6
 - @tryghost/members-payments@0.3.6
 - @tryghost/members-stripe-service@0.10.5
 - @tryghost/verification-trigger@0.2.5
2022-05-16 19:29:05 +01:00
Fabien 'egg' O'Carroll
676fca7077 Updated Frontend API to work with Tier & Cadence (#399)
refs https://github.com/TryGhost/Team/issues/1575

Since we are not exposing the underlying Price data anymore, we need to
update the API to work with Tier and Cadence.
2022-05-16 19:27:23 +01:00
Renovate Bot
a599830920 Update dependency c8 to v7.11.3 2022-05-16 05:20:36 +00:00
Matt Hanley
5c682d6f37 Published new versions
- @tryghost/members-api@7.0.2
2022-05-12 09:48:58 +01:00
Matt Hanley
f0798578c4 Fixed issue with filter transform not applying to bulk operations 2022-05-12 09:44:30 +01:00
Aileen Nowak
152a2ea41f Published new versions
- @tryghost/domain-events@0.1.13
 - @tryghost/express-dynamic-redirects@0.2.12
 - @tryghost/magic-link@1.0.25
 - @tryghost/member-analytics-service@0.1.15
 - @tryghost/member-events@0.4.5
 - @tryghost/members-analytics-ingress@0.1.16
 - @tryghost/members-api@7.0.1
 - @tryghost/members-csv@1.2.14
 - @tryghost/members-events-service@0.4.2
 - @tryghost/members-importer@0.5.13
 - @tryghost/members-ssr@1.0.27
 - @tryghost/members-offers@0.11.5
 - @tryghost/members-payments@0.3.5
 - @tryghost/members-stripe-service@0.10.4
 - @tryghost/verification-trigger@0.2.4
2022-05-10 11:40:41 -04:00
Aileen Nowak
376db4d085 Removed duplicate usage of importer source
no issue

- Setting a dedicated source for imported members was already done with 455778662c
- This unifies the same source but keeps the usage of context setting on init alive
2022-05-10 10:53:19 -04:00
Renovate Bot
7af0eb6fdf Update dependency sinon to v14 2022-05-09 04:41:01 +00:00
Fabien "egg" O'Carroll
e7e7036f61 Published new versions
- @tryghost/members-api@7.0.0
2022-05-04 10:58:01 +01:00