Commit Graph

1175 Commits

Author SHA1 Message Date
Fabien O'Carroll
4e947a88ce Fixed security hole in email address change flow
refs https://github.com/TryGhost/Ghost/security/advisories/GHSA-65p7-pjj8-ggmr

The email address change flow was built on top of the unauthenticated
signin/signup flow. This meant that ownership of the email being changed
wasn't verified and allowed a malicious actore to change the email
address of arbitrary accounts to an email address which they controlled.

We remove the ability to change email addresses from the signin/signup
flow and instead create a dedicated, authenticated flow for changing
email address.
2021-09-22 16:49:17 +02:00
Rishabh
21fbaff41b Published new versions
- @tryghost/members-api@1.37.5
2021-09-22 18:13:43 +05:30
Rishabh
fe4fb78830 Cleaned up stripe-service package usage
no refs

- updates all usages of `stripe-service` package to new correct `members-stripe-service` package
2021-09-22 18:12:40 +05:30
Rishabh
aa0b95528e Published new versions
- @tryghost/members-api@1.37.4
 - @tryghost/members-stripe-service@0.1.0
2021-09-22 18:09:11 +05:30
Rishabh
c21a77cd01 Removed tests temporarily to publish new stripe package
no refs
2021-09-22 18:08:30 +05:30
Rishabh
3e54819469 Revert "Updated usage of stripe-service package to members-stripe-service package"
This reverts commit 7363f0769d.
2021-09-22 18:05:41 +05:30
Rishabh
7363f0769d Updated usage of stripe-service package to members-stripe-service package
refs 8b90c93a79
2021-09-22 18:02:50 +05:30
Rishabh
8b90c93a79 Renamed stripe-service package to members-stripe-service
no refs

- the package `@tryghost/stripe-service` was already published and used in a different context, so this package was never able to get published and the references in Members package are incorrectly pointing to wrong package
- renames the package in members context
2021-09-22 18:00:47 +05:30
Rishabh
dacb1d6fa0 Published new versions
- @tryghost/member-analytics-service@0.1.1
 - @tryghost/members-analytics-ingress@0.1.2
 - @tryghost/members-api@1.37.3
2021-09-22 17:21:49 +05:30
Rishabh
e1d96b5086 Updated missing packages
no refs

- cleans up package usage across new members packages
2021-09-22 17:18:39 +05:30
Rishabh
1c25665e7e Published new versions
- @tryghost/members-api@1.37.2
2021-09-22 16:57:30 +05:30
Rishabh
85db4aa8bd Removed unused packages from members-api
no refs

Cleans up unused package dependencies on members-api
2021-09-22 16:56:28 +05:30
Rishabh
411345ed42 Published new versions
- @tryghost/members-analytics-ingress@0.1.1
 - @tryghost/members-api@1.37.1
2021-09-22 16:53:59 +05:30
Rishabh
37001c539d Fixed lint
no refs
2021-09-22 16:52:40 +05:30
Rishabh
317caacc0e Updated ingress event handler to use new analytics ingress package
refs https://github.com/TryGhost/Team/issues/1064

- updates handling of member events to use new analytics ingress package which is responsible to ensure storage of event
2021-09-22 16:51:03 +05:30
Rishabh
07d65c4741 Added missing package dependencies
no refs

- the package dependencies of modules we use in `members-api` got missed with previous changes, updating
2021-09-22 16:24:54 +05:30
Rishabh
6c109b1080 Published new versions
- @tryghost/members-analytics-ingress@0.1.0
 - @tryghost/members-api@1.37.0
2021-09-22 16:21:27 +05:30
Rishabh Garg
1f7a455374 Added @tryghost/members-analytics-ingress package (#335)
refs https://github.com/TryGhost/Team/issues/1064

This package will be used as to handle and emit ingress events on new members event endpoint - `/members/api/events`
2021-09-22 16:07:37 +05:30
Fabien O'Carroll
71b3a62c79 Published new versions
- @tryghost/domain-events@0.1.1
 - @tryghost/magic-link@1.0.12
 - @tryghost/member-analytics-service@0.1.0
 - @tryghost/member-events@0.2.0
 - @tryghost/members-api@1.36.0
 - @tryghost/members-ssr@1.0.13
2021-09-21 18:42:13 +02:00
Fabien O'Carroll
d12f7cd152 Added listeners for remaining events
refs https://github.com/TryGhost/Team/issues/1054

This adds the missing listeners for the rest of the analytics events
we'd like to capture.
2021-09-21 18:39:17 +02:00
Fabien O'Carroll
9fca7ce8f3 Added missing events for analytics
refs https://github.com/TryGhost/Team/issues/1054

In order to listen to events we must define them! This adds the missing
events that we need to listen to for member analytics.
2021-09-21 18:39:17 +02:00
Fabien O'Carroll
41bdd38237 Wired up member-analytics-service
refs https://github.com/TryGhost/Team/issues/1054

We need to instantiate the MemberAnalyticsService so that we can start
listening to events and storing them, this is the minium glue code
required to get us going.
2021-09-21 13:40:23 +02:00
Fabien O'Carroll
ed6d305fb2 Renamed components of member-analytic-service
no-issue

This removes the concept of "Module" which simplifies the code
2021-09-21 13:33:38 +02:00
Fabien O'Carroll
216d27371a Added initial member-analytics-service
refs https://github.com/TryGhost/Team/issues/1054

This is the initial pass at the analytics service which listens to
events and then handles persisting them via the repository

refs https://github.com/TryGhost/Team/issues/1055

This also adds the analytic event repository which handles persisting
the events.
2021-09-21 13:24:28 +02:00
renovate[bot]
1c4b51ee53 Update dependency @types/node to v14.17.17 (#277)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-09-21 11:23:56 +02:00
renovate[bot]
af32755cbc Update dependency @types/nodemailer to v6.4.4 (#276)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-09-20 13:53:52 +02:00
renovate[bot]
b695e10e3f Pin dependency @babel/eslint-parser to 7.15.4 (#330)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-09-20 13:52:36 +02:00
Fabien O'Carroll
bdd030cce5 Published new versions
- @tryghost/domain-events@0.1.0
 - @tryghost/member-events@0.1.0
 - @tryghost/members-api@1.35.0
2021-09-17 15:25:14 +02:00
Fabien O'Carroll
3f9af4f554 Added @tryghost/member-events
refs https://github.com/TryGhost/Team/issues/1054

This will hold all of the event definitions used in members so that they
can be used across packages.
2021-09-17 15:22:08 +02:00
Fabien O'Carroll
6c01ff2a3d Added @tryghost/domain-events package
refs https://github.com/TryGhost/Team/issues/1054

This package will be used as a singleton for listenig and sending events
throughout the members application.
2021-09-17 15:22:08 +02:00
Fabien 'egg' O'Carroll
528fd23874 Added ability to fetch member by identity token (#329)
refs https://github.com/TryGhost/Team/issues/1057

This method will validate a token, and then return the member associated
with it. Rather than exposing token validation and coupling consumers to
the structure of the token response data.
2021-09-17 11:25:57 +02:00
Fabien O'Carroll
d99e0acf1a Published new versions
- @tryghost/members-api@1.34.0
2021-09-14 13:22:21 +02:00
Fabien 'egg' O'Carroll
1f2750e5c0 Added browse, edit & add methods to MemberBREADService (#326)
refs https://github.com/TryGhost/Team/issues/873

This ensures that all requests to the API will include the mock
subscriptions for comped members. Allowing the Admin to correctly show
the subscription information after adding and editing members. As well
as having the correct information when navigating from the list of
members to an individual member.
2021-09-14 13:18:34 +02:00
Fabien O'Carroll
81f19f4991 Published new versions
- @tryghost/members-api@1.33.0
2021-09-13 14:47:49 +02:00
Fabien O'Carroll
7a401e5253 Used @tryghost/stripe-service in @tryghost/members-api
no-issue

This finalises the extraction of the StripeAPIService to a separate
package!
2021-09-13 14:38:40 +02:00
Fabien O'Carroll
0615da1b45 Published new versions
- @tryghost/stripe-service@0.1.0
2021-09-13 14:37:27 +02:00
Fabien O'Carroll
7e082b7eb5 Added @tryghost/stripe-service
no-issue

This pulls out the StripeService from the @tryghost/members-api package.

The idea is to break the @tryghost/members-api package into smaller
modules, with the hope to make it easier to maintain and reason about.
2021-09-13 14:35:57 +02:00
Fabien O'Carroll
eed346e4ec Published new versions
- @tryghost/members-api@1.32.1
2021-09-08 12:39:51 +02:00
Fabien O'Carroll
00e0c9d205 Fixed webhook handler check for if Stripe configured
no-issue

Previously we would not create an instance of the StripeAPIService if
Stripe was not configured, but that is not the case any more, instead we
have a configured flag on the service. The webhook route handler was not
updated to use this flag and so would attempt to handle webhooks without
having any of the required data. This would result in an uncaught error.
2021-09-08 12:27:09 +02:00
Fabien O'Carroll
a072d19385 Published new versions
- @tryghost/members-api@1.32.0
2021-09-07 18:26:36 +02:00
Fabien O'Carroll
67d2104190 Deleted webhooks when disconnecting from Stripe
refs https://github.com/TryGhost/Team/issues/1006

When disconnecting from Stripe, we currently do not remove the webhooks,
this will result in the webhooks from Stripe failing, and tending toward
a 100% error rate, which will ultimately result in emails from Stripe
about the failing webhook.

In order to stop all of that from happening, we should make sure that we
actively remove the webhook from Stripe when disconnecting.
2021-09-07 18:02:35 +02:00
Fabien O'Carroll
2d394b3a2e Published new versions
- @tryghost/members-api@1.31.0
2021-09-07 16:51:25 +02:00
Fabien O'Carroll
8476e7cbd7 Added disconnectStripe method to handle cleaning up
refs https://github.com/TryGhost/Team/issues/1006

As part of the work to handle cleaning up webhooks when we disconnect
from Stripe, I'm moving the logic to clear out the Stripe related data
from the database into a disconnectStripe method. This then allows us to
start handling the cleanup of webhooks via the Stripe API.
2021-09-07 16:34:08 +02:00
Fabien O'Carroll
ae1f905766 Published new versions
- @tryghost/members-api@1.29.3
2021-09-06 13:10:42 +02:00
Fabien O'Carroll
b6e4eae272 Fixed comped members having a status of 'paid'
refs https://github.com/TryGhost/Team/issues/995

Since we reintroduced the comped status, we did not update the
subscription handling to correctly set members to a status of comped
when they were on a 'Complimentary' plan.
2021-09-06 13:06:30 +02:00
Fabien O'Carroll
dbae9f3233 Published new versions
- @tryghost/members-api@1.29.2
2021-09-06 12:50:25 +02:00
Fabien O'Carroll
66143dbb7c Updated options parameter to be optional
no-issue

Since updating the product repository to force transactions, the options
parameter was used in every call, meaning it wasn't optional any more,
which broke usage. This updates the parameter to have a default so that
existing usage still works.
2021-09-06 12:47:19 +02:00
Fabien O'Carroll
537c9cb02d Published new versions
- @tryghost/magic-link@1.0.11
 - @tryghost/members-api@1.29.1
 - @tryghost/members-csv@1.1.6
 - @tryghost/members-importer@0.3.2
 - @tryghost/members-ssr@1.0.12
2021-09-01 19:12:44 +02:00
Fabien O'Carroll
3b94ba7dce Fixed update method not using transaction for reads
no-issue

Since we run our product repository methods in transactions now we must
ensure that all database interations in the method use the transaction.
This adds the missing options to the reading of existing prices so that
they happen inside of the transaction.
2021-09-01 19:10:12 +02:00
Renovate Bot
b0133b3c2e Update dependency mocha to v9.1.1 2021-08-31 07:43:26 +00:00