Commit Graph

38 Commits

Author SHA1 Message Date
Fabien "egg" O'Carroll
5a9cb1ab83 Restricted changing Subscription to archived Tier
refs https://github.com/TryGhost/Team/issues/1252
2022-01-21 14:08:31 +02:00
Thibaut Patel
ae967c449c Added EmailRecipient events to getEventTimeline
refs https://github.com/TryGhost/Team/issues/1277

- Adds 3 new requests to the `email_recipients` table in the `getEventTimeline` method
- This allows to extract new member events from the table: `email_delivered_event`, `email_opened_event`, `email_failed_event`
2022-01-18 15:53:51 +01:00
Fabien "egg" O'Carroll
74225779a2 Moved webhook handling into Stripe service
no-issue

Handling Stripe webhooks is a Stripe concern and so we're moving it into
the Stripe module.
2022-01-18 10:37:47 +02:00
Fabien "egg" O'Carroll
94d97d1168 Removed Migrations&disconnectStripe
no-issue

These have been moved the the @tryghost/members-stripe-service
2022-01-18 10:37:47 +02:00
Fabien "egg" O'Carroll
69df4b7c05 Added support for dynamic allowSelfSignup config
refs https://github.com/TryGhost/Team/issues/1257

This gets us closer to not having to reload the MembersAPI when config
is changed which will help stop bugs arising from multiple instances of
the MembersAPI being created.
2022-01-10 17:53:30 +02:00
Kevin Ansfield
381e0c1f2a Removed membersAutoLogin labs flag
refs https://github.com/TryGhost/Team/issues/1258

- feature is GA so conditionals are no longer needed
2022-01-04 14:50:24 +00:00
Sam Lord
ba2c0818e0 Use @tryghost/logging instead of injected argument 2021-12-02 14:46:58 +00:00
Fabien egg O'Carroll
cef8cadd21 Used the paid signup email when auto login is enabled
refs https://github.com/TryGhost/Team/issues/1067
refs https://github.com/TryGhost/Ghost/commit/579b3443

This will eventually be the only type of email sent from this function,
but for now is behind a feature flag for testing.
2021-12-01 13:17:23 +02:00
Fabien egg O'Carroll
985fd5bb5e Simplified interface for sending paid signup emails
refs https://github.com/TryGhost/Team/issues/1067

This decouples the contents/type of email from the webhooks service,
allowing us to easily make changes to the type of email sent, without
having to make changes to the webhooks service.
2021-12-01 13:17:23 +02:00
Fabien O'Carroll
02bf858903 Fixed behaviour of sending emails when adding member
no-issue

When adding a new member, we allow an email to be sent, and the type of
email to be chosen. This choice was being overriden by our signup email
logic - here we allow the BREAD API to have full control over which
email is sent.
2021-11-02 12:37:07 +02:00
Fabien O'Carroll
c154be4581 Included Offer information for Subscriptions
refs https://github.com/TryGhost/Team/issues/1135

We use the OffersAPI to fetch Offers, so that we can be using the same
format for Offers in all of our APIs.

We will not attach the Offer to the Subscription if either the Tier or
the Cadence do not match. This is because the Offer would no longer
apply to this Subscription.

We do however retain the data, so that a Member can still be filtered on
the Offers which they've redeemed.
2021-10-21 18:10:08 +02:00
Fabien O'Carroll
efe5164eff Wired up payments service
refs https://github.com/TryGhost/Team/issues/1166

By using the PaymentsService to fetch coupon information - we ensure
that the coupons are created if they're missing. Like in the case of a
Stripe disconnect/connect cycle.
2021-10-21 15:40:55 +02:00
Fabien O'Carroll
1ae6a2ac44 Handled Stripe Disconnect for Offers
refs https://github.com/TryGhost/Team/issues/1166

As usual we want to delete all Stripe related data on disconnect.
2021-10-21 15:40:55 +02:00
Fabien O'Carroll
c58e83c9d7 Wired up OfferRedemption storage
refs https://github.com/TryGhost/Team/issues/1132

We have to include the Offer on the metadata for the Stripe Checkout -
as Offers with a duration of 'once' will not always be present on the
Subscription after fetching it.

Once we receive the Stripe Checkout webhook we emit an event for
subscription created - the reason we use an event is because this logic
should eventually live in a Payments/Stripe module - and we'd want to
decouple it from the Members module.

The Members module is in charge of writing Offer Redemptions - rather
than the Offers module - because Offer Redemptions are "owned" by a
Member - and merely reference and Offer. Eventually Offer Redemptions
could be replaced by Subscriptions.
2021-10-18 17:26:34 +02:00
Fabien O'Carroll
5172e40646 Used OffersAPI over OfferRepository in MembersAPI
no-issue

The OfferRepository deals with domain objects in the Offers module, and
as such is not suitable for use with "external" services. This update
means that MembersAPI can deal with POJO DTOs so that there is not a
dependency on the internals of the Offers module. Just on the contract
it holds with the outside world.
2021-10-13 11:11:12 +02:00
Fabien O'Carroll
f0141f08ff Applied Offers when creating Stripe Checkout Session
refs https://github.com/TryGhost/Team/issues/1090

Instead of the hardcoded 1-day version for Offers, we can now talk
directly to the Offers repository and use the real values for Stripe
Checkout.
2021-10-06 16:12:53 +02:00
Fabien 'egg' O'Carroll
c5784da2b6 Updated MembersAPI to take StripeAPIService as dep (#338)
refs https://github.com/TryGhost/Team/issues/1083

The Offers service is going to need access to the StripeAPIService too,
so we must pull its initialisation out of this module up to the Ghost
application layer, which will allow us to pass a reference of the
StripeAPIService to wherever needs it.
2021-10-04 13:34:17 +02:00
Fabien O'Carroll
cd6e87774a Added 1-day version of Offers
refs https://github.com/TryGhost/Team/issues/1090

This 1-day version of Offers allows us to test the full flow of the
Offers feature without having to implement all of it. The focus here is
that we can pass an Offer ID when creating a Stripe Checkout session and
have it apply. Here we use hardcoded Stripe Coupons as we haven't yet
got persistence implemented for Offers & their related Stripe Coupons
2021-09-28 13:39:04 +02:00
Fabien O'Carroll
4e947a88ce Fixed security hole in email address change flow
refs https://github.com/TryGhost/Ghost/security/advisories/GHSA-65p7-pjj8-ggmr

The email address change flow was built on top of the unauthenticated
signin/signup flow. This meant that ownership of the email being changed
wasn't verified and allowed a malicious actore to change the email
address of arbitrary accounts to an email address which they controlled.

We remove the ability to change email addresses from the signin/signup
flow and instead create a dedicated, authenticated flow for changing
email address.
2021-09-22 16:49:17 +02:00
Rishabh
fe4fb78830 Cleaned up stripe-service package usage
no refs

- updates all usages of `stripe-service` package to new correct `members-stripe-service` package
2021-09-22 18:12:40 +05:30
Rishabh
3e54819469 Revert "Updated usage of stripe-service package to members-stripe-service package"
This reverts commit 7363f0769d.
2021-09-22 18:05:41 +05:30
Rishabh
7363f0769d Updated usage of stripe-service package to members-stripe-service package
refs 8b90c93a79
2021-09-22 18:02:50 +05:30
Rishabh
317caacc0e Updated ingress event handler to use new analytics ingress package
refs https://github.com/TryGhost/Team/issues/1064

- updates handling of member events to use new analytics ingress package which is responsible to ensure storage of event
2021-09-22 16:51:03 +05:30
Rishabh Garg
1f7a455374 Added @tryghost/members-analytics-ingress package (#335)
refs https://github.com/TryGhost/Team/issues/1064

This package will be used as to handle and emit ingress events on new members event endpoint - `/members/api/events`
2021-09-22 16:07:37 +05:30
Fabien O'Carroll
41bdd38237 Wired up member-analytics-service
refs https://github.com/TryGhost/Team/issues/1054

We need to instantiate the MemberAnalyticsService so that we can start
listening to events and storing them, this is the minium glue code
required to get us going.
2021-09-21 13:40:23 +02:00
Fabien 'egg' O'Carroll
528fd23874 Added ability to fetch member by identity token (#329)
refs https://github.com/TryGhost/Team/issues/1057

This method will validate a token, and then return the member associated
with it. Rather than exposing token validation and coupling consumers to
the structure of the token response data.
2021-09-17 11:25:57 +02:00
Fabien 'egg' O'Carroll
1f2750e5c0 Added browse, edit & add methods to MemberBREADService (#326)
refs https://github.com/TryGhost/Team/issues/873

This ensures that all requests to the API will include the mock
subscriptions for comped members. Allowing the Admin to correctly show
the subscription information after adding and editing members. As well
as having the correct information when navigating from the list of
members to an individual member.
2021-09-14 13:18:34 +02:00
Fabien O'Carroll
7a401e5253 Used @tryghost/stripe-service in @tryghost/members-api
no-issue

This finalises the extraction of the StripeAPIService to a separate
package!
2021-09-13 14:38:40 +02:00
Fabien O'Carroll
00e0c9d205 Fixed webhook handler check for if Stripe configured
no-issue

Previously we would not create an instance of the StripeAPIService if
Stripe was not configured, but that is not the case any more, instead we
have a configured flag on the service. The webhook route handler was not
updated to use this flag and so would attempt to handle webhooks without
having any of the required data. This would result in an uncaught error.
2021-09-08 12:27:09 +02:00
Fabien O'Carroll
67d2104190 Deleted webhooks when disconnecting from Stripe
refs https://github.com/TryGhost/Team/issues/1006

When disconnecting from Stripe, we currently do not remove the webhooks,
this will result in the webhooks from Stripe failing, and tending toward
a 100% error rate, which will ultimately result in emails from Stripe
about the failing webhook.

In order to stop all of that from happening, we should make sure that we
actively remove the webhook from Stripe when disconnecting.
2021-09-07 18:02:35 +02:00
Fabien O'Carroll
8476e7cbd7 Added disconnectStripe method to handle cleaning up
refs https://github.com/TryGhost/Team/issues/1006

As part of the work to handle cleaning up webhooks when we disconnect
from Stripe, I'm moving the logic to clear out the Stripe related data
from the database into a disconnectStripe method. This then allows us to
start handling the cleanup of webhooks via the Stripe API.
2021-09-07 16:34:08 +02:00
Fabien O'Carroll
0f4e97eae7 Updated getMemberIdentityData to use BREAD Service
refs https://github.com/TryGhost/Team/issues/986

The getMemberIdentityData is a relic of time past. Originally it was
used before we had anything like the member repository or bread
controller as a way for things inside of the Members ecosystem to get
access to member data.

This updates it to use the same interface as everything else for
fetching members so that we can rely on the shape of the data that we
consider a member.

This update will ensure that themes have access to the dummy
subscriptions created by the `read` method of the MemberBREADService.
2021-08-26 16:07:06 +02:00
Fabien O'Carroll
c17442cf4b Added memberService to members-api
no-issue

The idea of this service is to sit infront of the repository and handle
application logic which does not belong at the data layer. The exact
naming and structure is TBC but this gives us a place to start pulling
logic out of the controllers, without having to mash it all into the
repository.

Also important to note is that is does not return instances of bookshelf
models, but a JSON representation of the model, this allows us to not
leak internal implementation to consumers.
2021-08-25 21:25:19 +02:00
Fabien O'Carroll
d55e828b34 Wired up MemberProductEvents to MemberRepository
refs https://github.com/TryGhost/Team/issues/873

This handles the creation of product events when a members access to
products is changed. This can happen on creation, update, and any
changes to stripe subscriptions.

We manually workout the difference between the current products and the
new products, and add the events accordingly.
2021-08-24 14:57:04 +02:00
Rishabh
e28a19178d Added labels/products data to members identity
refs https://github.com/TryGhost/Team/issues/909
refs 3e13a6c562

`labels` and `products` data on member is needed for content gating post access for new segmented access
2021-07-22 12:52:02 +05:30
Rishabh
3e13a6c562 Removed unused data from members identity data
refs https://github.com/TryGhost/Team/issues/909

The member identity data currently attaches several extra data points to member information which is not used/needed, and causes multiple DB queries on each page load when Portal requests for member via `/members/api/member` endpoint. This change removes all the unused data points on member - `labels`, `stripe_customer`, products`, `stripe_product` cutting DB queries in half.
2021-07-22 12:28:39 +05:30
Fabien O'Carroll
caf059cd7e Added WellKnownController and exposed jwks.json
refs https://github.com/TryGhost/Team/issues/664

The well known controller is designed to handle any requests to the
/.well-known endpoint where the members app is mounted. The first and
only requirement so far is that we expose a JSON Web Key Set so that
external services are able to validate Members JWT's
2021-07-19 13:51:58 +01:00
Fabien O'Carroll
02766afedd Moved MembersAPI.js into lib
no-issue

The previous published version was broken as we only include index.js
and the lib directory in the npm package
2021-07-15 18:01:53 +01:00