Commit Graph

478 Commits

Author SHA1 Message Date
Rish
167811c5fd Updated stripe checkout to store member name from metadata
refs TryGhost/members.js#29

- Uses the metadata option in stripe checkout flow to add member's name on creation via anonymous checkout flow
- Allows clients like memebrs.js to pass member's info like name from checkout signup flow
2020-05-19 13:54:25 +05:30
Rish
2f90c97629 Added metadata option to stripe checkout session
refs TryGhost/members.js#29

- Allows passing metadata to checkout session API
- Metadata is passed to stripe's checkout session on creation and read back from webhook event
- Allows clients like members.js to pass custom info like member name to Stripe flow
2020-05-19 13:54:25 +05:30
Rishabh Garg
b015a08c43 Added plan update option to stripe subscription update API (#154)
no issue

- Current update stripe subscription API calls only allowed cancelling a plan
- This change adds option to pass plan's nickname as `planName` in request to update subscription to new plan
- Checks if plan name is valid and updates stripe subscription to new plan at default prorate behavior
2020-05-19 12:59:39 +05:30
Renovate Bot
508daa5956 Update dependency @types/jsonwebtoken to v8.5.0 2020-05-13 20:14:37 +00:00
Renovate Bot
aa44de5d91 Update dependency @types/node to v12.12.39 2020-05-13 02:16:27 +00:00
Renovate Bot
61a630e6d2 Update dependency @types/node to v12.12.38 2020-05-05 20:15:38 +00:00
Rish
ef9fa8e623 Published new versions
- @tryghost/magic-link@0.4.4
 - @tryghost/members-api@0.18.3
 - @tryghost/members-ssr@0.7.7
2020-04-30 16:08:09 +05:30
Rish
fac6c3d97e Added ability to prefill customer email for anonymous checkouts
refs https://github.com/TryGhost/members.js/issues/10

- Allows passing an additional `customerEmail` value to our checkout creation API
- This value is used to pass `customer_email` option to stripe's checkout session - https://stripe.com/docs/api/checkout/sessions/create#create_checkout_session-customer_email.

The `customer_email` allows pre-filling the customer's email field in case of an anonymous checkout as customer doesn't exist already, and also ensures the stripe subscription is created with same email address as given by user during signup flow.
2020-04-30 16:01:22 +05:30
Renovate Bot
2c14a337ad Update dependency jsdom to v15.2.1 2020-04-27 15:15:52 +00:00
Renovate Bot
13a1ff1451 Update dependency @types/node to v12.12.37 2020-04-22 03:15:54 +00:00
Rish
66e106e3ac Published new versions
- @tryghost/magic-link@0.4.3
 - @tryghost/members-api@0.18.2
 - @tryghost/members-ssr@0.7.6
2020-04-21 15:32:00 +05:30
Rish
ab3fe634f4 🐛 Fixed incorrect logging for geolocation error
no issue

We were using incorrect method for logging in geolocation warning - `this.logging.warn(err)` - as `this.logging` doesn't exist in this file. Updated to use correct logging method.
2020-04-21 15:28:13 +05:30
Renovate Bot
dbb041e214 Update dependency @types/node to v12.12.36 2020-04-17 21:38:50 +00:00
Nazar Gargol
07cb94d57e Published new versions
- @tryghost/magic-link@0.4.2
 - @tryghost/members-api@0.18.1
 - @tryghost/members-ssr@0.7.5
2020-04-17 14:09:59 +12:00
Nazar Gargol
42b839c3b4 Removed substack-ghost-csv-converter package
- substack-ghost-csv-converter has been moved to more appropriate
repository - TryGhost/migrate
(2be64543bd)
2020-04-16 17:20:01 +12:00
Renovate Bot
5d687a3548 Update dependency @types/node to v12.12.35 2020-04-08 20:35:00 +00:00
Renovate Bot
280f4ea7cb Update dependency @types/jsonwebtoken to v8.3.9 2020-04-07 03:15:52 +00:00
Renovate Bot
09f79b10ac Update dependency @types/node to v12.12.34 2020-03-31 00:07:17 +00:00
Renovate Bot
d6897df163 Update dependency @types/node to v12.12.33 2020-03-30 23:20:06 +00:00
Renovate Bot
aa086e8728 Update dependency @types/node to v12.12.32 2020-03-27 18:15:22 +00:00
Renovate Bot
65d1040aad Update dependency @types/node to v12.12.31 2020-03-25 07:18:47 +00:00
Renovate Bot
7fe71fd23c Update dependency @tryghost/pretty-cli to v1.2.4 2020-03-20 21:17:51 +00:00
Renovate Bot
8057564a34 Update dependency mocha to v7.1.1 2020-03-18 10:16:37 +00:00
Renovate Bot
808aa8f9a3 Update dependency nock to v12.0.3 2020-03-17 12:25:52 +00:00
Renovate Bot
f628708317 Update Test & linting packages 2020-03-17 03:20:46 +00:00
Renovate Bot
f341891fd2 Pin dependency nock to 12.0.0 2020-03-17 02:15:32 +00:00
Renovate Bot
3b4317b988 Update dependency @types/nodemailer to v6.4.0 2020-03-13 05:30:18 +00:00
Renovate Bot
650d578ef8 Update dependency @types/jsonwebtoken to v8.3.8 2020-03-13 04:32:42 +00:00
Renovate Bot
a3f34c5905 Update dependency @types/node to v12.12.30 2020-03-13 02:33:25 +00:00
Nazar Gargol
95ab4e7b51 Published new versions
- @tryghost/members-api@0.18.0
2020-03-04 11:36:06 +08:00
Nazar Gargol
076e328f20 Added currency and currency_symbol properties to plans
no issue

- Adding these properties allows specifying which currency is currently used on member's plan.
- Supported currencies list: USD, AUD, CAD, GBP, EUR
- They were chosen based on the most used/requested currencies within Ghost
- With adding multiple available currencies that can be setup also had to add handling of Stripes limitation of having single currency per paying customer
2020-03-04 11:33:19 +08:00
Kevin Ansfield
7fb1c2e07e Published new versions
- @tryghost/members-api@0.17.0
2020-02-27 10:35:43 +00:00
Kevin Ansfield
615a482c48 Store geolocation data during member signup/signin (#128)
requires f38d490886

- adds `lib/geolocation.js` with `getGeolocationFromIP()` function which uses https://geojs.io to lookup geolocation data from an IPv4 or IPv6 address
- updates `create/updateMember()` functions to work with a `geolocation` property in the passed in object
  - if `geolocation` is `undefined` when updating a member do not reset any existing property
- updates `sendMagicLink` middleware to extract the IP address from the request and stores it as part of the token payload
- updates `getMemberDataFromMagicLinkToken()` method to extract the IP address from the token payload and perform a geolocation lookup if we have an IP address and a matching member does not already have geolocation data
2020-02-27 10:29:36 +00:00
Nazar Gargol
fb7fa87c3b Published new versions
- @tryghost/members-api@0.16.2
2020-02-27 17:09:59 +08:00
Nazar Gargol
9a783f9f0c Revert "Added precaution to avoid creating multiple Complimentary plans"
This reverts commit 5f0d2168f3.

After discussing the best approach to multipe currency problem would be
to allow creating multiple "Complimentary" plans. All security related
checks should stay strictly based on name and would not cause issues.
2020-02-27 16:55:03 +08:00
Nazar Gargol
fbe153cc97 Published new versions
- @tryghost/members-api@0.16.1
2020-02-27 13:53:46 +08:00
Nazar Gargol
5f0d2168f3 Added precaution to avoid creating multiple Complimentary plans
refs https://github.com/TryGhost/Ghost-Admin/pull/1430

- When the client creates a complimentary plan with other currency than USD we should not allow for it to avoid creating a mess in the Stripe plans
2020-02-27 13:53:05 +08:00
Nazar Gargol
71395fcfcb Published new versions
- @tryghost/members-api@0.16.0
2020-02-26 12:11:21 +08:00
Naz
b34b7bfa9c Added middleware to handle billing updates (#122)
refs https://github.com/TryGhost/Ghost/pull/11571 

- Allows updating members billing information through Stripe's setup intent (stripe.com/docs/payments/checkout/subscriptions/updating#set)
- Accepts 2 new parameter to handle redirects specific to billing update.
2020-02-26 12:09:09 +08:00
Nazar Gargol
56c4c664c2 Published new versions
- @tryghost/members-api@0.15.1
2020-02-17 16:26:50 +08:00
Nazar Gargol
13773cbeb4 Removed "Complimentary" subscription edit limitation
no issue

- There is no need to treat complimentary subscriptions in different way to regular subscription on the client.
2020-02-17 16:25:41 +08:00
Rish
cf6b9501ca Published new versions
- @tryghost/magic-link@0.4.1
 - @tryghost/members-api@0.15.0
2020-02-12 16:44:08 +05:30
Rishabh Garg
789462aa5f Added labels to member signup flow (#124)
no issue

refs https://github.com/TryGhost/Ghost/pull/11538
2020-02-12 16:42:49 +05:30
Nazar Gargol
5e2256833c Published new versions
- @tryghost/members-api@0.14.2
2020-02-11 14:04:12 +08:00
Nazar Gargol
a669cda605 Added fallback plan nickname to inteval instead of empty string
no issue

- On model layer in Ghost empty string is always converted to `null` for not nullable fields, which wasn't letting the value through to the database
- Current solution is a stopgap to fix imports of cyclic plans without nicknames. Ideally nickname field should become nullable in the future so this logic can be simplified
2020-02-11 14:02:40 +08:00
Nazar Gargol
38bfef2b83 Published new versions
- @tryghost/members-api@0.14.1
2020-02-10 19:01:34 +08:00
Naz
f2a7790cc9 Added plan nickname fallback to empty string (#126)
no issue

- This solves a problem when connected Stripe plan doesn't have plan `nickname` filled out (possible with older versions of Stripe API)
- Defaulting to empty string instead of creating a migration because SQLite doesn't support `ALTER ... MODIFY` syntax and thus knex can't altter the table that easy
- "Marks the column as an alter / modify, instead of the default add. Note: This only works in .alterTable() and is not supported by SQlite or Amazon Redshift. Alter is not done incrementally over older column type so if you like to add notNull and keep the old default value, the alter statement must contain both .notNull().defaultTo(1).alter(). If one just tries to add .notNull().alter() the old default value will be dropped." (ref. https://knexjs.org/#Chainable)
2020-02-10 18:59:52 +08:00
Nazar Gargol
6de6a15376 Published new versions
- @tryghost/magic-link@0.4.0
 - @tryghost/members-api@0.14.0
2020-02-06 18:04:18 +08:00
Naz
2a51a478fc Exposed getMagicLink method (#123)
refs https://github.com/TryGhost/Ghost/pull/11573

- Adds `getMagicLink` method to members-api which can be used to generate a signin link for the member
2020-02-06 17:08:39 +08:00
Nazar Gargol
133d1ece06 Published new versions
- @tryghost/substack-ghost-csv-converter@0.1.0
2020-02-04 14:08:39 +08:00
Naz Gargol
d0f8cd9e78 Added Substack to Ghost CSV converter package (#121)
refs https://github.com/TryGhost/Ghost/pull/11539

- The script helps to migrate CSV exports from Substack to Ghost-compatible ones
2020-02-04 14:03:29 +08:00
Nazar Gargol
e4637ac56f Published new versions
- @tryghost/members-api@0.13.0
2020-01-28 19:01:14 +07:00
Naz Gargol
96aea55270 Added ability to link member to existing stripe customer (#120)
refs https://github.com/TryGhost/Ghost/pull/11539

- Method needed to allow linking existing Stripe customers and subscriptions with members
2020-01-28 19:00:28 +07:00
Nazar Gargol
cf0d52c2da Published new versions
- @tryghost/members-api@0.12.0
2020-01-27 12:35:37 +07:00
Naz Gargol
28d3a37824 Added "complimentary" subscription handling (#118)
refs https://github.com/TryGhost/Ghost/pull/11537

- Adds ability to assign and cancel "complimentary" type of subscriptions to the member
- The functionality is needed to be able to provide free premium plans for members (e.g. family members, trials, gifts)
- When member already has an active paid subscription and complimentary one is applied the old one is upgraded. Proration is not given
- When deleting a subscription we need to update localy stored records right away to be albe to reflect the change in the UI. This behavior will also be in line with how subscriptions updates/creates are handled
- Blocked any client update for complimentary subscription. We should prevent non authenticated clients from upgrading/subscribing themselves to "complimentary" plan.
2020-01-27 12:34:22 +07:00
Nazar Gargol
89b78a883d Published new versions
- @tryghost/members-api@0.11.4
2020-01-22 12:54:34 +07:00
Nazar Gargol
726ffaf1f8 🐛 Fixed creation of extra customer when updating plans
no issue

- `customers` property contains an array of customer for which 'for..of' syntax is more appropriate
- Bug was causing creation of multiple customers in Stripe when new checkout session was initiated for existing customer
- Discussed in https://github.com/TryGhost/Members/pull/90/files#r368889289
2020-01-22 12:53:27 +07:00
Nazar Gargol
92b3cc3758 Published new versions
- @tryghost/members-api@0.11.3
2020-01-20 15:59:38 +07:00
Nazar Gargol
6c7139b1fe Fixed preexisting member name check
refs 1dc0b36b56

- The name can also be 'null' so the check should take that into account
2020-01-20 15:51:06 +07:00
Rish
47f5ca6625 Published new versions
- @tryghost/members-api@0.11.2
2020-01-20 13:32:20 +05:30
Rishabh Garg
a1ad80f6ac 🐛 Fixed incorrect fetch of empty stripe subscriptions (#116)
no issue

refs e19e06f9b3

While refactoring user CRUD for Ghost core, we inadvertently changed the members subscriptions object returned by nesting the value as object. This also broke the deserialization in Ghost-Admin for members subscription object [here](https://github.com/TryGhost/Ghost-Admin/blob/master/app/transforms/member-subscription.js#L9).
2020-01-20 13:28:59 +05:30
Nazar Gargol
1dc0b36b56 Updated checkout session to record member name
no issue

- When the customer has provided a name on the card during checkout it should be recorded for convenience as members' name
2020-01-20 13:25:17 +07:00
Nazar Gargol
be207f98e7 Published new versions
- @tryghost/members-api@0.11.1
2020-01-15 15:40:54 +07:00
Naz Gargol
e19e06f9b3 Refactored user CRUD to be usable by Ghost core (#113)
refs https://github.com/TryGhost/Members/pull/105

- It's a follow up to a series of refactorings in the module mostly discussed in refed PR
- The sendEmailWithMagicLink and destroyStripeSubscriptions were exposed through members API so that Ghost  could call it from the controller level
2020-01-15 15:35:15 +07:00
Nazar Gargol
46f6ce8db3 Removed console.log statement in favor of common logger
no issue

- Using console is a very bad practice and probably was left here by mistake. Using common logging instead
2020-01-13 19:16:51 +07:00
Nazar Gargol
3b14e7c1fa Removed redundant empty string handling logic in users module
no issue

- Since the Member model started to be used the logic handling empty strings -> null conversion is now handled in the core here https://github.com/TryGhost/Ghost/blob/8fd1e81/core/server/models/base/index.js#L492-L499
2020-01-13 18:49:25 +07:00
Nazar Gargol
911d5a27fe Published new versions
- @tryghost/magic-link@0.3.3
 - @tryghost/members-api@0.11.0
 - @tryghost/members-ssr@0.7.4
2020-01-13 15:54:59 +07:00
Nazar Gargol
08fbcf25ec Extracted metadata get/set methods into internal metadata module
no issue

- This is the refactor similar to what has been done with Memeber model being passed in directly in the constructor
- Relevent discussion here https://github.com/TryGhost/Members/pull/105#pullrequestreview-324254267
2020-01-13 15:45:22 +07:00
John O'Nolan
a122aa0119 2020 2020-01-07 19:06:08 +00:00
Nazar Gargol
ef3de2a295 Published new versions
- @tryghost/members-api@0.10.2
2019-12-12 15:27:45 +07:00
Naz Gargol
ff5fceafc8 Added subscription update middleware (#107)
refs #https://github.com/TryGhost/Ghost/pull/11434

- Added method to allow updating single subscription. Only `cancel_at_period_end` field can be updated. 
- Middleware is needed to allow Ghost Core to cancel/uncancel member's subscription. 
- Relies on the request containing identity information to be able to verify if subscription belongs to the user
- When member could not be identified by the identity information present in the request we should throw instead of continuing processing
- Handling and messaging inspired by https://github.com/TryGhost/Ghost/blob/3.1.1/core/server/services/mega/mega.js#L132
- When the user initiates subscription cancellation we can safely mark the subscription as canceled so that it's not shown in the interface on subsequent request. Otherwise, we end up in a situation where we still return the subscription in the period until Stripe triggers the webhook.
- Added boolean coercion for cancel_at_period_end parameter. If anything but boolean is passed to Stripe API it throws an error.  Coercing the value on our side is a gives a better dev experience
2019-12-12 15:19:36 +07:00
Fabien O'Carroll
94ef530b3c Fixed bug in cancelAllSubscriptions
no-issue

We filter out previously cancelled subscriptions, but used the wrong string "cancelled" instead of "canceled"
https://stripe.com/docs/billing/lifecycle#subscription-states
2019-12-09 15:55:37 +02:00
Fabien O'Carroll
231218c4e6 Published new versions
- @tryghost/members-api@0.10.1
2019-12-09 14:31:12 +02:00
Fabien O'Carroll
7db503b13b Fixed local webhooks when using localhost urls
no-issue

When using localhost urls the call to `create` will error and end in teh
catch block - so we need to use the environment variable there, too.

Introduced in 0149dd8f
2019-12-09 14:29:59 +02:00
Nazar Gargol
fe462ae706 Published new versions
- @tryghost/members-api@0.10.0
2019-12-06 13:29:27 +07:00
Naz Gargol
3060e11a4e Changed members-api constructor to accept Member model directly (#105)
no issue

- As members have become a part of Ghost core there is no need to proxy methods like this anymore and we can allow members-api to work on the model directly
- Methods come from Ghost core: https://github.com/TryGhost/Ghost/blob/cc39786/core/server/services/members/api.js#L11-L110
2019-12-05 18:16:18 +07:00
Naz Gargol
0149dd8f4d Added priority to webhook secret if present in env (#103)
no issue

- When debugging Stripe with using: `stripe listen \
  --forward-to http://ghost.local/members/webhooks/stripe/` this priority is nice to have so that Ghost process can be initialized using WEBHOOK_SECRET env variable
- It was not working in current form because Stripe recognized `ghost.local` as a valid domain and didn't throw any errors
- Removed unneeded secret assignment in a catch statement. It is redundant with the new implementation
2019-11-25 13:15:28 +07:00
Fabien O'Carroll
9da1a18770 Published new versions
- @tryghost/magic-link@0.3.2
 - @tryghost/members-api@0.9.0
 - @tryghost/members-ssr@0.7.3
2019-11-05 18:22:07 +07:00
Renovate Bot
297425402b Update dependency @types/nodemailer to v6.2.2 2019-11-05 16:53:53 +07:00
Renovate Bot
b1fe580834 Update dependency @types/jsonwebtoken to v8.3.5 2019-11-05 16:53:39 +07:00
Fabien O'Carroll
19148dab4e Included subscription information when listing members
no-issue
2019-11-05 16:12:20 +07:00
Renovate Bot
2ce0c5a992 Update Test & linting packages 2019-11-01 13:40:10 +07:00
Renovate Bot
7684ad51c4 Update Node.js to 12 2019-11-01 13:40:00 +07:00
Fabien O'Carroll
a35d947413 Published new versions
- @tryghost/magic-link@0.3.1
 - @tryghost/members-api@0.8.3
 - @tryghost/members-ssr@0.7.2
2019-10-30 15:24:07 +07:00
Fabien O'Carroll
7a3c99886d Added logging for failed webhook verification
no-issue

This gives us some more information about the secret used
2019-10-30 14:40:16 +07:00
Renovate Bot
f233d5fc71 Update dependency cookies to ^0.8.0 2019-10-14 12:38:53 +07:00
Renovate Bot
97c9567744 Update dependency @types/node to v12.7.12 2019-10-14 12:38:19 +07:00
Fabien O'Carroll
123fc7dcd5 Published new versions
- @tryghost/members-ssr@0.7.1
2019-10-11 18:01:21 +07:00
Fabien O'Carroll
2a90d84e9a Added flag for disabling sign cookies
no-issue
2019-10-11 18:00:19 +07:00
Fabien O'Carroll
ebbf4e69f9 Published new versions
- @tryghost/magic-link@0.3.0
 - @tryghost/members-api@0.8.2
2019-10-11 12:03:51 +07:00
Fabien O'Carroll
47ed334597 Updated use of magic-link module to pass subject
no-issue

This takes advantage of magic-links smaller tokens
2019-10-11 11:58:23 +07:00
Fabien O'Carroll
4c4d5aab91 Removed the need for audience and issuer claim
no-issue

This is unecessary as this is a closes system, the tokens are issued and
intended for the same service, using the same secret
2019-10-11 11:58:23 +07:00
Fabien O'Carroll
483654a4b6 Removed user object from magic links
no-issue

This means magic link will rely solely on the `sub` claim for identifying the user
2019-10-11 11:58:23 +07:00
Fabien O'Carroll
d248c909d9 Updated usage of magic-link, passing secret
no-issue
2019-10-11 11:58:23 +07:00
Fabien O'Carroll
7a512f992b Updated to use HS256 signatures for tokens
no-issue

This makes the tokens a little more acceptable in plaintext emails
2019-10-11 11:58:23 +07:00
Fabien O'Carroll
5d2e20fbb7 Published new versions
- @tryghost/magic-link@0.2.2
 - @tryghost/members-api@0.8.1
2019-10-10 20:21:23 +07:00
Fabien O'Carroll
e04898cb3d Pass getSubject option to MagicLink module
no-issue
2019-10-10 20:20:46 +07:00
Fabien O'Carroll
2de53f8571 Support custom subject line with getSubject option
no-issue
2019-10-10 20:20:46 +07:00
Fabien O'Carroll
1e8bac111f Pass email to getHTML and getSubject
no-issue

This will allow email templates to include the recipient
2019-10-10 20:20:46 +07:00
Fabien O'Carroll
2c4732b46d Published new versions
- @tryghost/magic-link@0.2.1
 - @tryghost/members-api@0.8.0
 - @tryghost/members-ssr@0.7.0
2019-10-09 10:51:35 +07:00