refs https://github.com/TryGhost/Team/issues/1133
This updates the MembersAPI Checkout Session handling to 403 if an
attempt is made to create a Checkout Session using an archived Offer.
no-issue
The MembersAPI using the OfferRepository coupled it to the internals of
the Offers Module - instead we pass the "external" API - so that we can
change the internals, and not have to update the MembersAPI's usage.
refs https://github.com/TryGhost/Team/issues/1131
This will allow Ghost Admin to display separate lists of active and
archived Offers! We must pass the options through so that the
OffersService is able to handle the filter passed in the request.
refs https://github.com/TryGhost/Team/issues/1131
This updates the Offers Service to include the `status` of an Offer,
which will be either 'active' or 'archived'. It also allows setting the
`status` of an Offer to one of these two values when adding & editing
Offers.
no issue
Boot-time metrics are really valuable for understanding how releases affect the performance of Ghost. The new @tryghost/metrics package lets us ship these metrics to different sources using the same configuration framework as @tryghost/logging introduced.
closes https://linear.app/tryghost/issue/CORE-91/add-email-analytics-job-unstalling-mechanism
- Additional debug stagements should give better visibility into what's going on with the internal services fetching email events.
- To see all email analytics related outputs use following DEBUG value:
DEBUG=@tryghost/email-analytics-provider-mailgun:email-analytics*
refs https://github.com/TryGhost/Team/issues/1104
- bumped `@tryghost/custom-theme-settings-service` so it throws a more appropriate `ValidationError` when setting keys don't exist or a select value is not known
- changed the custom theme settings service to have a `.init()` method which creates an instance of the service under `.api` so that we're able to create the instance at a particular point in the boot process when we know the models have been initialised
- there were problems in tests because the service was being initialised through the require chain before models were initialised through the boot process
- fixed incorrect `camelCase` of resource name in API responses
refs 838fe54628
- see referenced commit for majority of context but in short,
knex-migrator was doing a DB query per migration folder
- in Ghost, we currently have 79 folders, which results in 79
queries during boot... owch
- the bump to knex-migrator in this commit uses a smarter method of
grouping together the DB entries in 1 query, resulting in a drop of 79
queries -> 1 query
refs https://github.com/TryGhost/Team/issues/1083
This field is not required but was previously causing API errors when
missing, the bump to members-offers removes this requirement.
refs https://github.com/TryGhost/Team/issues/1083
Offers with a "repeating" duration will repeat for a number of months.
These offers are restricted to the monthly Cadence. This updates the
members-offers module to add support for them.
refs https://github.com/TryGhost/Team/issues/1083
The @tryghost/members-offers package has been updated to add support for
more Offer durations and types
Co-authored-by: Renovate Bot <bot@renovateapp.com>
refs https://github.com/TryGhost/Team/issues/1090
This updates the Members & Offers modules to provide support for using
Offers in Stripe Checkout.
Members module now needs a handle to the Offers module repository, and
as such we have had to reorder the services boot order.
- some tests are necessarily driven from the db
- these are like unit tests, except they only make sense if using the db - else you have to stub too much to make them worthwhile
- for these rare but important cases, we have the clear concept of integration tests
- We have a bunch of important server-related e2e tests
- Make these clear in their own folder
- "server" is everything that isn't the api or the frontend - kind of a catch-all concept
refs https://github.com/TryGhost/Team/issues/1083
This adds the Offers service which will allow us to build out an Admin
API to communicate with it. As well as wiring up the redirects to the
site app.
refs https://github.com/TryGhost/Team/issues/1083
The Offers service is going to need access to the StripeAPIService too,
so we need to move it out of the @tryghost/members-api module and make
it accessible to both.
no issue
- bumped `@tryghost/custom-theme-settings-service`
- fixes errors when a previously seen theme setting has been removed from the theme when syncing
- fixes settings for non-active theme being deleted/updated instead of just settings for the current theme
refs https://github.com/TryGhost/Team/issues/1075
This includes changes to how we handle upgrading subscriptions to ensure
that members are immediately charged for upgrades. This fixes a flaw
where upgrading would not be charged until the end of the current
billing cycle, essentially giving free upgraded access for a period of
time.
refs https://github.com/TryGhost/Team/issues/1070
- bumped `@tryghost/custom-theme-settings-service` for access to `.updateSettings()`
- added `PUT /custom_theme_settings` route that delegates to `customThemeSettingsService.updateSettings()` to perform the db and cache updates
- invalidates the cache in Ghost because a theme setting change will mean the front-end output will change
refs https://forum.ghost.org/t/un-noticed-email-config-change-in-4-15-16/25869/6
refs https://linear.app/tryghost/issue/CORE-66/fixed-secureconnection-alias-for-nodemailer
- `secureConnection` was removed in Nodemailer 1.0.2 in favor of
`secure` but we're locked into supporting it because a lot of
our users will have it in their config
- I attempted to alias it to keep compatibility but I did this
incorrectly and only handled the cases where it was set to `true`
- this meant users who had disabled secure connections were seeing SSL
warnings because the library was trying to connect via SSL to a
non-SSL endpoint
- the aliasing is fixed in `@tryghost/nodemailer` 0.3.3 and so this
commit bumps the package in Ghost
refs https://github.com/TryGhost/Team/issues/1090
This updates the members-api to allow passing an Offer ID when creating
a Stripe Checkout Session. This will be used for the 1-day version of
Offers.
refs https://github.com/TryGhost/Team/issues/1070
- bumped `@tryghost/custom-theme-settings-service` to get access to `.listSettings()` method
- added GET `/api/canary/admin/theme_settings/` route behind `'customThemeSettings'` feature flag that uses the custom theme settings service to return settings resources that are a combination of the theme-provided definition and the saved value
refs https://github.com/TryGhost/Team/issues/1070
- added `@tryghost/custom-theme-settings-service` as a dependency
- `core/server/services/custom-theme-settings` creates an instance of the new service passing in the model used for storing the setting keys/values and a cache instance
- requiring `core/shared/services/custom-theme-settings-cache` creates a cache instance, it has no dependencies so can be required anywhere and the first require will initialize the shared instance
- updated the theme activation bridge to trigger the theme settings service to sync the newly activated theme settings and populate the cache
- updated theme validation to pass `labs` through as an option so that we get custom theme settings back as part of the checked theme as that's what is passed to the custom theme settings service
refs https://github.com/TryGhost/Ghost/commit/944c2cc9af
The original fix for this happened off of `main` on a separate branch for
v4.15.1 - the same was the case for the @tryghost/members-api package.
Because work happened on both packages in `main`, since the versions
that were patched, we needed to rebump the dependency here to include
the changes.
refs https://github.com/TryGhost/Ghost/security/advisories/GHSA-65p7-pjj8-ggmr
This updates the signup/signin flow for members to no longer support the
email address change flow - which had missing authentication. It has
been replaced with a dedicated email change flow, and Portal has been
updated to use it.
fixes https://linear.app/tryghost/issue/CORE-45/
- this commit fixes two email related issues:
- SES transport: the auth mechanism was set up wrong and so none of
the requests would go through. This now follows the docs on https://nodemailer.com/transports/ses/
- SMTP transport: the latest versions of Nodemailer don't seem to
allow overriding of options if a service is present. I've filed
https://github.com/nodemailer/nodemailer/issues/1327 but in the
mean time, I assign the options back to the transporter object
to ensure they always get applied
- I've fixed this in our `@trghost/nodemailer` package and so this commit
bumps that here
fixes https://linear.app/tryghost/issue/CORE-45/
- this commit fixes two email related issues:
- SES transport: the auth mechanism was set up wrong and so none of
the requests would go through. This now follows the docs on https://nodemailer.com/transports/ses/
- SMTP transport: the latest versions of Nodemailer don't seem to
allow overriding of options if a service is present. I've filed
https://github.com/nodemailer/nodemailer/issues/1327 but in the
mean time, I assign the options back to the transporter object
to ensure they always get applied
- I've fixed this in our `@trghost/nodemailer` package and so this commit
bumps that here
refs https://github.com/TryGhost/Ghost/security/advisories/GHSA-wfrj-qqc2-83cm
refs https://github.com/advisories/GHSA-48ww-j4fc-435p
- a vulnerability in `nodemailer` means that the `sendmail` transport is
vulnerable to command injection for flags passed to the `sendmail`
binary
- updating to the latest version of Nodemailer required creating
`@tryghost/nodemailer`, which is a wrapper around Nodemailer and
several plugins that used to be in the core
- this commit switches to using that package, and fixes up some small
code + test changes
no issue
- this package has been bumped to support Node 12 + 14
- AFAICT I added it to the Renovate list back when we had some timezone
issues with moment, but we've since pinned the version of moment so we
shouldn't experience that now
- therefore this commit also removes it from the Renovate ignore list
no-issue
The webhook handler did not correctly check for whether or not Stripe
was connected, and would attempt to handle webhooks anyway, resulting in
errors due to missing Stripe config. This fixes the handler to exit
early.
