no-issue
This simplifies the handling of updating redirects for a code, and
doesn't affect our application layer because we never have the need to
change a code twice.
In future this should be replaced with events at the domain level - so
that we do not have to track changed properties and instead a redirect
service can listen to events, which would be dispatched on a successful
save by the repository.
refs https://github.com/TryGhost/Team/issues/1083
We combine the duration and duration_in_months into a single value
object which can be validated together, meaning we will never have
properties which are out of sync (e.g. forever durations with 2 months).
no-issue
Since we changed the type from "amount" to "fixed" the logic to send
back the currency was not working. This updates it to use the correct
values.
refs https://github.com/TryGhost/Team/issues/1083
We now allow creating offers for a fixed amount, rather than a
percentage. These require a currency to be passed as a fixed amount is
meaningless without one.
refs https://github.com/TryGhost/Team/issues/1083
Instead of Offers being hardcoded to the "once" duration this will allow
Admins to start creating offers of variable durations.
no-issue
This adds the concept of "Value Objects" to an Offers properties,
allowing us to move validation out and ensure that an Offer will only
ever have valid properties, without having to duplicate checks - or
leave them to the persistent layer. This means we can fail early, as
well as write unit tests for all of our validation.
refs https://github.com/TryGhost/Team/issues/1090
When creating a Stripe Checkout Session for an Offer - we need access to
the underlying Stripe Coupon. Exposing it here allows consumers of the
OfferRepository access.
refs https://github.com/TryGhost/Team/issues/1090
Instead of the hardcoded 1-day version for Offers, we can now talk
directly to the Offers repository and use the real values for Stripe
Checkout.
refs https://github.com/TryGhost/Team/issues/1090
When creating checkout session we will need to be able to look up Offers
from the OfferRepository. This exposes the repository so that it can be
passed as a dependency elsewhere.
refs https://github.com/TryGhost/Team/issues/1083
The Offers service is going to need access to the StripeAPIService too,
so we must pull its initialisation out of this module up to the Ghost
application layer, which will allow us to pass a reference of the
StripeAPIService to wherever needs it.
refs https://github.com/TryGhost/Team/issues/1075
Without this flag, payment for upgrading to a more expensive plan will
be taken at the end of the current billing cycle, which could be a year
from the date of the switch - this would effectively give free access to
more expensive prices.
refs https://github.com/TryGhost/Team/issues/1091
The Offers feature needs to be able to add and remove redirects to Ghost
- which is very similar to the custom redirects functionality. Here we've
pulled out the core of the dynamic redirect part of custom redirects so
that it can be used by both features and have code shared between them.
refs https://github.com/TryGhost/Team/issues/1090
This 1-day version of Offers allows us to test the full flow of the
Offers feature without having to implement all of it. The focus here is
that we can pass an Offer ID when creating a Stripe Checkout session and
have it apply. Here we use hardcoded Stripe Coupons as we haven't yet
got persistence implemented for Offers & their related Stripe Coupons
refs https://github.com/TryGhost/Team/issues/1090
This allows us to create Stripe Coupons and use them with Stripe
Checkout from the members-api module whilst we develop the Offers
feature.
no-issue
Without a return after ending the response, the code will continue to
attempt to send emails and then send another response which results in
an uncaught error.
refs https://github.com/TryGhost/Ghost/security/advisories/GHSA-65p7-pjj8-ggmr
The email address change flow was built on top of the unauthenticated
signin/signup flow. This meant that ownership of the email being changed
wasn't verified and allowed a malicious actore to change the email
address of arbitrary accounts to an email address which they controlled.
We remove the ability to change email addresses from the signin/signup
flow and instead create a dedicated, authenticated flow for changing
email address.
no refs
- the package `@tryghost/stripe-service` was already published and used in a different context, so this package was never able to get published and the references in Members package are incorrectly pointing to wrong package
- renames the package in members context
refs https://github.com/TryGhost/Team/issues/1054
In order to listen to events we must define them! This adds the missing
events that we need to listen to for member analytics.
refs https://github.com/TryGhost/Team/issues/1054
We need to instantiate the MemberAnalyticsService so that we can start
listening to events and storing them, this is the minium glue code
required to get us going.
refs https://github.com/TryGhost/Team/issues/1057
This method will validate a token, and then return the member associated
with it. Rather than exposing token validation and coupling consumers to
the structure of the token response data.
refs https://github.com/TryGhost/Team/issues/873
This ensures that all requests to the API will include the mock
subscriptions for comped members. Allowing the Admin to correctly show
the subscription information after adding and editing members. As well
as having the correct information when navigating from the list of
members to an individual member.
no-issue
This pulls out the StripeService from the @tryghost/members-api package.
The idea is to break the @tryghost/members-api package into smaller
modules, with the hope to make it easier to maintain and reason about.
no-issue
Previously we would not create an instance of the StripeAPIService if
Stripe was not configured, but that is not the case any more, instead we
have a configured flag on the service. The webhook route handler was not
updated to use this flag and so would attempt to handle webhooks without
having any of the required data. This would result in an uncaught error.
refs https://github.com/TryGhost/Team/issues/1006
When disconnecting from Stripe, we currently do not remove the webhooks,
this will result in the webhooks from Stripe failing, and tending toward
a 100% error rate, which will ultimately result in emails from Stripe
about the failing webhook.
In order to stop all of that from happening, we should make sure that we
actively remove the webhook from Stripe when disconnecting.
refs https://github.com/TryGhost/Team/issues/1006
As part of the work to handle cleaning up webhooks when we disconnect
from Stripe, I'm moving the logic to clear out the Stripe related data
from the database into a disconnectStripe method. This then allows us to
start handling the cleanup of webhooks via the Stripe API.
refs https://github.com/TryGhost/Team/issues/995
Since we reintroduced the comped status, we did not update the
subscription handling to correctly set members to a status of comped
when they were on a 'Complimentary' plan.
no-issue
Since updating the product repository to force transactions, the options
parameter was used in every call, meaning it wasn't optional any more,
which broke usage. This updates the parameter to have a default so that
existing usage still works.