Commit Graph

1225 Commits

Author SHA1 Message Date
Fabien "egg" O'Carroll
68f469c78b Fixed mock instantiation
This mock will fail by default now, which stops us from adding bad data in prod.
2023-01-20 18:49:26 +07:00
Fabien "egg" O'Carroll
833182bc7f Implemented a basic RoutingService for Mentions
refs https://github.com/TryGhost/Team/issues/2466

This initial implementation just checks that we're on the right origin and
subdomain, but should be extended to check if the URL actually resolves to a
page hosted on the site!
2023-01-20 18:49:26 +07:00
Fabien "egg" O'Carroll
5b4bc01504 Added initial inline ResourceService implementation
refs https://github.com/TryGhost/Team/issues/2465

We've restricted this to Post resources for now until we update the Mention
entity to be able to handle multiple resource types.
2023-01-20 18:49:26 +07:00
Naz
d44386dae3
Refactored resource config as a DI in Resources
refs https://github.com/TryGhost/Toolbox/issues/503
refs https://github.com/TryGhost/Toolbox/issues/406

- In Ghost 5.x we dropped multi-versioned API, which means there's no need to track resource configs dynamically as there can only be one version
- Along with removed "initResourceConfig" refactored the "config" file itself to be injected into Resource's constructor - allows for easier testing.
2023-01-20 19:47:26 +08:00
Ronald Langeveld
3061fb2b3b
Added mentions database table (#16150)
closes https://github.com/TryGhost/Team/issues/2417

- added new `mentions` database table to be able to store incoming webmentions.
- updated schema and tests to match.
2023-01-20 19:08:07 +08:00
Steve Larson
8895d22602
Added mention discovery service (#16154)
fixes https://github.com/TryGhost/Team/issues/2407

The MentionDiscoveryService fetches mentioned sites to return the webmention endpoint.
2023-01-20 11:45:48 +01:00
Fabien 'egg' O'Carroll
b1e6eb0b5e
Unsubscribed existing Members with suppressed emails (#15952)
refs https://github.com/TryGhost/Team/issues/2367

We already have existing Members which have their emails suppressed that
need to have their newsletter subscriptions removed.
2023-01-20 16:14:50 +07:00
renovate[bot]
81fe4840dd Update dependency postcss to v8.4.21 2023-01-20 09:07:51 +01:00
Simon Backx
a596acf7d2
Added MentionSendingService (#16151)
fixes https://github.com/TryGhost/Team/issues/2409

The MentionSendingService listens for post changes and sends webmentions
for outbound links in the post.
2023-01-19 17:35:10 +01:00
Fabien "egg" O'Carroll
111c5742c9 Implemented WebmentionMetadata using the oembed service
https://github.com/TryGhost/Team/issues/2458

This is an initial pass at pulling metadata from webmention sources, we've also
updated the fake data to pull from some real-world sites which implement
webmentions. We've reused the oembed service here, long term it would be nice to
pull the metadata parsing/pulling part out, so that we can have more generic
error messages.
2023-01-19 19:25:52 +07:00
Fabien "egg" O'Carroll
743da542d0 Wired up the Webmention receive endpoint to the Mentions service
refs https://github.com/TryGhost/Team/issues/2419

This is the initial stab at having everything wired up, we're not
using a queue but we are handling the processing of the Webmention
asyncrounsly so that the HTTP response can be end immediately.

We've also laid the groundwork for extending and implementing the
correct processing of Webmentions, for example checking if the target
URL exists in the system, pulling out the metadata from the Webmention
source and fetching any internal resources.
2023-01-19 18:41:49 +07:00
Fabien "egg" O'Carroll
d0d45d45bc Refactored OEmbed service into a proper service
This allows us to share the implementation with other parts of the codebase, the
specific usecase here being fetching the metadata from webmention sources, for
display in the mentions UI, which will be borrowing a lot of stuff from the
bookmark card.
2023-01-19 18:41:49 +07:00
Fabien "egg" O'Carroll
a7eeb8f628 Fixed Mention Admin API mapper
There was a typo when reading the featured image property causing it not to show
up in the API responses.
2023-01-19 18:41:49 +07:00
Fabien "egg" O'Carroll
52892e0695 Added source_site_title and source_author to Mentions Admin API
refs https://github.com/TryGhost/Team/issues/2435

We need to update the API to explicitly include the new data from our Mention
entity
2023-01-19 18:41:49 +07:00
Daniel Lockyer
f45bba21f6
Disabled autoRefresh for inserted Actions events
- we don't end up using the inserted model from Bookshelf, so we
  shouldn't be performing a SELECT on the entry
- this disables refreshing the model using Bookshelf's `autoRefresh:
  false` and allows the key through the sanitization for `add
2023-01-19 09:28:28 +01:00
Daniel Lockyer
5b2fc983c6
Added email snapshots to settings BREAD service test
refs https://github.com/TryGhost/Toolbox/issues/499

- switching to email snapshots allows us to track more of our output to check for regresssions
2023-01-18 14:19:27 +01:00
Simon Backx
4d54880113
Added error handling for ENAMETOOLONG import error (#16054)
fixes https://github.com/TryGhost/Team/issues/2200

When zipping a folder that contains files with UTF-8 characters in the filename, using the MacOS Archive Utility, the resulting zip will be missing some UTF-8 configuration bit. This breaks the unzipper, causing it to decode the filenames using the wrong encodign.

When the file names are long, and become longer than the length allowed by the OS, an ENAMETOOLONG error is thrown. This error is not handled by the importer, and causes the import to fail.

This adds a specific check for this error so we can show a clear error message to the user, that helps them to resolve the issue. We are currently unable to fix the issue on our side, because of a lack of well supported zip libraries for node.
2023-01-18 13:28:36 +01:00
Simon Backx
6c2af0793c Fixed failing Stripe webhook test
refs acf0baa8c7

Due to the bump in express-test, we now handle string bodies 'properly'. So they now pass all the Express middlewares. In the past this failing test did not really pass by the bodyParser.raw middleware,
so the content-type check on the `bodyParser.raw({type: 'application/json'})` middleware was not executed. Now it is, and the test fails because the content-type header was not set to application/json.
2023-01-18 12:05:55 +01:00
Simon Backx
acf0baa8c7 Updated express-test to 0.13.0
no issue

This includes support for uploading files in tests.
2023-01-18 11:42:42 +01:00
Simon Backx
2dc9c7dbba
🐛 Fixed suppression list data for emails with plus sign (#16140)
no issue

When fetching the suppression list data for emails with a plus sign, the
parsing of the NQL filter fails:

```at Child.applyDefaultAndCustomFilters (/Ghost/node_modules/@tryghost/bookshelf-filter/lib/bookshelf-filter.js:66:23)
[ghost] email:[simon+test@ghos
[ghost] ------------^
[ghost] Expecting 'OR', 'RBRACKET', got 'AND'
```
2023-01-18 10:17:57 +01:00
Daniel Lockyer
9ba251238a Added Content-Version header to all API requests
refs https://github.com/TryGhost/Team/issues/2400

- we've deemed it useful to start to return `Content-Version` for all
  API requests, because it becomes useful to know which version of Ghost
  a response has come from in logs
- this should also help us detect Admin<->Ghost API mismatches, which
  was the cause of a bug recently (ref'd issue)
2023-01-18 08:38:07 +01:00
Daniel Lockyer
85051199e3
Added email snapshots for API versioning tests (#16139) 2023-01-18 08:09:28 +01:00
renovate[bot]
28ed23c13e Update dependency knex to v2.4.1 2023-01-18 07:43:07 +01:00
Naz
967dd7d244
Added deprecation notice to mockManager's sentEmailCount
refs https://github.com/TryGhost/Toolbox/issues/499

- The mockManager's sentEmailCount is left here to avoid breaking many tests that already depend on this method. With future improvements to email snapshot tests this method should not be used. Instead, emailMockReceiver's own sentEmailCount method should be used directly.
2023-01-18 12:55:45 +08:00
Simon Backx
87be76ebb3 Added externalAttribution feature flag
fixes https://github.com/TryGhost/Team/issues/2430
2023-01-17 15:15:32 +01:00
Simon Backx
34d4e5c8d0
Added logging to webmention endpoint (#16137)
closes https://github.com/TryGhost/Team/issues/2424

Adds the new webmention endpoint, responds with the correct statuscode
and empty body at `https://site.ghost/webmentions/receive/`.

Also updates the head link tag to the new endpoint location. We don't
use /webmention because that could conflict with post slugs.
2023-01-17 14:26:43 +01:00
Daniel Lockyer
48dda23554
Reverted "Added version information to log lines"
refs https://github.com/TryGhost/Toolbox/issues/501

- this reverts commit f2116357b7
- something with Elasticsearch is causing high CPU usage, so this commit
  reverts that for now
2023-01-17 13:20:47 +01:00
Fabien "egg" O'Carroll
008d83ad08 Fixed the Mention mapper
This had some leftover code in that shouldn't have been merged.
2023-01-17 17:06:22 +07:00
Fabien "egg" O'Carroll
1babf6126a Added initial basic Mentions implementation
refs https://github.com/TryGhost/Team/issues/2416

This extends the mock API to use a more formal pattern of moving our
entity code into a separate package, and use the service/repository
patterns we've been work toward.

The repository is currently in memory, this allows us to start using
the API without having to make commitments to the database structure.

We've also injected a single fake webmention for testing. I'd expect
the Mention object to change a lot from this initial definition as we
gain more information about the type of data we expect to see.
2023-01-17 17:01:20 +07:00
renovate[bot]
3d79d10ddf Update dependency mysql2 to v3.0.1 2023-01-17 08:22:53 +01:00
Fabien 'egg' O'Carroll
a8a279d667
Wired up mock Mentions Admin API (#16134)
refs https://github.com/TryGhost/Team/issues/2416

This doesn't even return a Mention in the correct format at the moment,
but it's just to get an endpoint there, behind a flag and returning data
so that we can start playing with the API and having it hooked up the
the Admin.

The next step will be fleshing this out further and defining the
services and repository to back it, as well as updating the Admin so that
we can fetch mentions to display in the UI
2023-01-17 12:39:32 +07:00
Naz
112ab23968
Removed direct use of @tryghost/jest-snapshot
refs https://github.com/TryGhost/Toolbox/issues/499
refs 6bcc47a0ad

- Using module directly caused issues with snapshots manager instance initialization (mocha hooks did not apply to a correct instance)
- See refed commit for more
2023-01-17 12:50:49 +08:00
Naz
1f6b2b4d5e
Added email content testing capabilities
refs https://github.com/TryGhost/Toolbox/issues/499

- Outgoing emails have been a weak point of Ghost's stability recently. The concept of "emailMockReceiver" similarly to "webhookMockReceiver", allows to test side-effects like outgoing emails.
- This is a first iteration which should lay groundwork for testing all outgoing emails in the future
- The change adds a new concept of "email mock receiver" which is very similar to how the "webhook mock receiver" works. The email mock receiver exposes two methods to record and verify snapshots:
- matchHTMLSnapshot - records and verifies only the HTML content of the outgoint email
- matchMetadataSnapshot - records and verifies all the non-HTML properties sent along an email content, e.g.: to address, plaintext, subject, etc.
- What's missing is matching content based on dynamic content like dates, links with JWT tokens, etc.
2023-01-17 12:50:49 +08:00
Steve Larson
9199547bfe add webmentions feature flag
refs #2406
Adding the alpha feature flag so we can begin testing.
2023-01-16 15:03:36 -06:00
renovate[bot]
e95cff2ef4 Update dependency glob to v8.1.0 2023-01-16 09:59:45 +01:00
renovate[bot]
15c6fbb12a Update dependency html-validate to v7.13.1 2023-01-16 09:57:58 +01:00
Ghost CI
460d2dc339 v5.30.1 2023-01-16 05:35:14 +00:00
Fabien 'egg' O'Carroll
a30bbd5c69
Added webmention endpoint discovery link to ghost_head (#16126)
We've wrapped both changes in a try/catch to make sure this has no
adverse affects. The endpoint currently doesn't exist - we're only
adding this to get an idea of how much traffic we'll expect to see.

Long term we'll want to read the endpoint from the webmention service.
2023-01-16 12:32:04 +07:00
renovate[bot]
9dda708305
Update dependency eslint to v8.32.0 2023-01-16 00:19:30 +00:00
Ghost CI
2884521195 v5.30.0 2023-01-13 16:00:44 +00:00
Rishabh Garg
7d060e5edb
Bumped email stability flag to beta (#16116)
- allows email stability to be turned on without developer experiments enabled
2023-01-13 20:30:15 +05:30
renovate[bot]
a990769e31 Update dependency jwks-rsa to v3.0.1 2023-01-13 14:07:10 +01:00
Fabien 'egg' O'Carroll
14f282d640
Improved newsletter delivery rates and email suppression handling
This introduces the new suppressions feature which will automatically
unsubscribe members from newsletters when their email is added to the
suppression list in Mailgun, this is usually due to emails either
permanently bouncing to the address, or the member making a spam
complaint.

Both Members and Admins are able to see that the email has been added to
the list, and Members are be able to request their email be removed from
the list via Portal.

Overall this feature should improve delivery rates of newsletters and
improve the rating of the domain you're sending from.
2023-01-13 15:46:57 +07:00
Naz
c2b18f0c87
🔥 Removed support for {{lang}} helper
refs https://github.com/TryGhost/Toolbox/issues/497
refs https://github.com/TryGhost/Toolbox/issues/406

- Removes {{lang}} helper which has been completely deprecated since Ghost 5.0. When using the helper in themes with 5.x backend the output will be empty
2023-01-13 13:12:53 +07:00
Rishabh Garg
755e031017
Fixed hidden free tier in Portal settings (#16072)
closes https://github.com/TryGhost/Team/issues/2338

If a site has the Free tier hidden from the Portal, and subsequently the Stripe connection is disconnected, this produces a dead-end state where no new members can sign up and the Free tier cannot be reactivated again in Portal settings as its hidden. This change -

- enables free tier toggle to be always shown on site irrespective of Stripe connection
2023-01-12 19:29:17 +05:30
renovate[bot]
bb2ffee69d Update dependency @playwright/test to v1.29.2 2023-01-12 11:35:22 +01:00
Sam Lord
f2116357b7 Added version information to log lines
refs: https://github.com/TryGhost/Toolbox/issues/502

Updated to @tryghost/logging@2.4.0 to allow metadata to be logged
2023-01-12 10:34:23 +00:00
Daniel Lockyer
9b38bd9509
🐛 Fixed ECONNRESET error when connecting to Azure MySQL DB
fixes https://github.com/TryGhost/Ghost/issues/14990

- there was a bug in `mysql2` [1] when connecting to Azure DBs, but this was
  subsequently fixed, so this commit bumps the package in Ghost and
  `knex-migrator`, where this was also bumped
- of note, this release includes https://github.com/sidorares/node-mysql2/pull/1666 and
  https://github.com/sidorares/node-mysql2/pull/1751, which are very interesting

[1]: https://github.com/sidorares/node-mysql2/pull/1438
2023-01-12 10:46:09 +01:00
Rishabh
28bea791dd Added playwright tests for portal links
refs https://github.com/TryGhost/Team/issues/2371
2023-01-12 13:02:41 +05:30
Simon Backx
8a2303413d Restricted email-service package to 100% test coverage
fixes https://github.com/TryGhost/Team/issues/2339

The email service is now fully covered by tests, and this commit also forces the test coverage to remain 100% after future changes.
2023-01-11 13:54:26 +01:00
Ronald Langeveld
0e2d1b3afd
Added redeemed offers filtering for members (#16071)
closes https://github.com/TryGhost/Team/issues/2011

- Gives publishers the ability to filter members based on which offer they used (redeemed) when they subscribed for a paid membership.
- On the offers page, the redemption count number links to a the members page with the filter already applied making it easy to have insight on which members used the offer / coupon.
2023-01-11 20:13:09 +08:00
Elena Baidakova
1aae5ba2eb
Added e2e tests for default tier (#16103)
refs TryGhost/Team#2371
2023-01-11 15:44:34 +04:00
Elena Baidakova
a3f7188369
Added e2e tests for archive/unarchive tiers (#16101)
refs TryGhost/Team#2371
2023-01-11 13:53:07 +04:00
Daniel Lockyer
f8fe009f9f
Merged v5.29.0 into main 2023-01-11 09:30:13 +01:00
Ghost CI
d8e3f29a76 v5.29.0 2023-01-11 08:23:41 +00:00
Fabien "egg" O'Carroll
1e393472dd Truncated suppressions table
We have been adding emails to the suppressions table which are not on
the suppression list in Mailgun due to a misunderstanding of how
Mailgun handles 5xx error codes.
2023-01-11 15:14:08 +07:00
Fabien "egg" O'Carroll
9fe3555897 Updated MailgunEmailSuppressionList to only handle previous bounces
We're seeing behaviour from Mailgun where permanent failures with a
5xx error code are not being added to their internal suppression list,
which is resulting in the Ghost list becoming out of sync with
Mailgun.

Rather than adding emails to the suppression list when Mailgun does,
we're instead going to add emails _after_ Mailgun does, by waiting for
an error code which tells us the email is already on the suppression
list.

Those codes are 605 for previous bounces and 607 for previous spam complaints.
2023-01-11 15:13:57 +07:00
renovate[bot]
a795359c1a Update dependency html-validate to v7.12.2 2023-01-11 09:13:56 +01:00
Fabien "egg" O'Carroll
8005e8a641 Truncated suppressions table
We have been adding emails to the suppressions table which are not on
the suppression list in Mailgun due to a misunderstanding of how
Mailgun handles 5xx error codes.
2023-01-11 15:10:39 +07:00
Fabien "egg" O'Carroll
49af26279d Updated MailgunEmailSuppressionList to only handle previous bounces
We're seeing behaviour from Mailgun where permanent failures with a
5xx error code are not being added to their internal suppression list,
which is resulting in the Ghost list becoming out of sync with
Mailgun.

Rather than adding emails to the suppression list when Mailgun does,
we're instead going to add emails _after_ Mailgun does, by waiting for
an error code which tells us the email is already on the suppression
list.

Those codes are 605 for previous bounces and 607 for previous spam complaints.
2023-01-11 15:10:39 +07:00
Elena Baidakova
9c664c8d02
Added data attributes to admin/tiers (#16095)
refs TryGhost/Team#2371
2023-01-11 11:35:55 +04:00
renovate[bot]
b86eaf8e71
Update dependency nock to v13.3.0 2023-01-10 21:36:44 +00:00
Simon Backx
117afb232c Improved stability of batch sending test
refs https://github.com/TryGhost/Ghost/actions/runs/3884901582/jobs/6628075997

The 'Doesn't include members created after the email in the batches' test sometimes failed randomly because of timing. This change ensures a strict timing.
2023-01-10 17:12:56 +01:00
Simon Backx
9ca2e3f183 🐛 Fixed storing email recipient failures
fixes https://github.com/TryGhost/Team/issues/2398

There was an error when fetching the existing email recipient failure. It ended up matching all recipient failures. The result was that only one failure was stored in the database.
2023-01-10 15:41:42 +01:00
Rishabh
7a74ec8daa Updated playwright tests to use updated data ids
refs https://github.com/TryGhost/Team/issues/2371

- cleans up and adds comments for portal playwright tests
- updates data test attributes for portal trigger and popup selectors for consistency
- updates data attribute usage for offers
2023-01-10 13:33:12 +05:30
Rishabh
628b80778f Updated create tier playwright util for all archived tiers
refs https://github.com/TryGhost/Team/issues/2371

- in case all tiers are archived before new tier is created, the add tier section can be collapsed and will need to be opened first before going through add tier flow
2023-01-10 09:34:21 +05:30
renovate[bot]
b3a6f74c0b
Update dependency luxon to v3.2.1 [SECURITY] 2023-01-09 16:38:57 +00:00
Elena Baidakova
69d4a96fb8
🎨 Add ability to send test email with chosen newsletter (#15783)
closes TryGhost/Team#1897

-
[Design](https://www.figma.com/file/RpEbPA7H7VHLtXjt3YyB2t/Multiple-Newsletters-Preview?node-id=0%3A1&t=YkDXy063OkCrAI4a-0)
-
[Discussion](https://ghost.slack.com/archives/C019B1K4FAM/p1667924062808939)
2023-01-09 17:48:30 +04:00
Elena Baidakova
5b5f4cdd3f
🐛 Fixed feedback buttons for dark mode (#16091)
refs TryGhost/Team#2396
2023-01-09 16:40:42 +04:00
Sanne de Vries
edbc1a5839 Revert "Updated copy for email sending failure error message"
This reverts commit 3046e30802.
2023-01-06 19:24:32 +01:00
Sanne de Vries
3046e30802 Updated copy for email sending failure error message
No ref
2023-01-06 19:14:46 +01:00
renovate[bot]
608d4eb6d2 Update dependency knex to v2.4.0 2023-01-06 19:11:14 +01:00
Ghost CI
ab26c474f1 v5.28.0 2023-01-06 16:00:44 +00:00
Simon Backx
26635f192f Added visible theme errors in admin
fixes https://github.com/TryGhost/Team/issues/2393
2023-01-06 15:51:34 +01:00
Simon Backx
3ddc85781c Fixed theme warnings not passed when installing theme
refs 6593c3e4a6

In development mode, we didn't pass the warnings when installing a theme. So the warnings were not visible with the fatal errors.
2023-01-06 15:26:54 +01:00
Simon Backx
f6e463ea43 Fixed missing awaits in publishing Playwright test
no issue
2023-01-06 14:18:54 +01:00
Rishabh
54b27f7d55 Fixed offers playwright test for redemption count
- updates check of redemption count using data test attributes to avoid unreliable member count check
2023-01-06 18:39:38 +05:30
Simon Backx
7b3712a15b
Added visible theme errors in admin (#16081)
refs https://github.com/TryGhost/Team/issues/2393

- During boot and loading the active theme, we now cache the result of
the gscan validation. Cache configuration can happen in
`adapters.cache.gscan`
- We now also return non-fatal errors when activating or adding a theme.
- When the `themeErrorsNotification` feature flag is on, we fetch the
active theme (which includes the validation information) when loading
admin
- If the currently active theme has errors, we show an error
notification that can open the error modal
- Added a new endpoint: `/ghost/api/admin/themes/active/` that returns
the result of the last gscan validation of the active theme. If no cache
is available, it will run a new gscan validation.
- Added new permissions for the active action/endpoint (author, editor,
administrator)
2023-01-06 13:44:27 +01:00
Naz
a37bd19f74
ℹ️ Bumped gscan to 4.36.0
closes https://github.com/TryGhost/Toolbox/issues/497

- The classification of fatal/non-fatal errors has been updated to only be fatal when causing page renders with 5xx or 4xx responses.
- Some of the rules checking Ghost 5.x compatibility have been relaxed to only be "error" with the gscan version bump
- You can find more details on which exact rules were relaxed in the gscan's commit log - https://github.com/TryGhost/gscan/compare/v4.35.1...v4.36.0
2023-01-06 18:05:07 +07:00
Naz
3e209218d7
Made resource mismatch error more specific
refs https://github.com/TryGhost/Toolbox/issues/497

- During gscan fatal error downgrade to non-fatal some of the deprecated helpers were a bit vague to debug with no information on which exact "resource" was invalid
- Added resource name to the log for clarity. Should make life easier when debugging potential get helper misuses
2023-01-06 18:05:07 +07:00
Naz
8911af150a
Removed "code" property from global error variable
refs https://github.com/TryGhost/Toolbox/issues/406
refs b2a3e03ef3

- The "code" property in the global "error" variable (accessible via {{error.*}}) has been long deprecated - time to go, bye!
- When {{code}} or {{error.code}} helpers are used in the templates they will output an empty string from now on. Use {{statusCode}} instead!
2023-01-06 18:05:07 +07:00
renovate[bot]
1c64b8a8fc Update dependency html-validate to v7.12.1 2023-01-06 11:58:57 +01:00
Sam Lord
36e7e79eec Improved Playwright test, selector for redemption count
no issue

Selector for redemption count was not ideal - this makes it more specific & clear.
2023-01-06 10:56:19 +00:00
Rishabh
30c9dfd68d Fixed failing playwright test to remove member labels
- the test was using incorrect test state that was copied over from adding label test
- also adds guard for empty newsletters in member filters as in some cases it might not exist as found by test
2023-01-06 16:17:34 +05:30
Ronald Langeveld
e52f29231f Added Playwright test - remove labels from members
ref https://github.com/TryGhost/Team/issues/2371

- check that a fitered list of members can have a label removed from
  them at once.
2023-01-06 14:36:13 +08:00
Ghost CI
adbf6427ae v5.27.0 2023-01-05 16:22:40 +00:00
Simon Backx
cf5c64f96b
🐛 Fixed batches can have an empty "to" field (#16064)
fixes https://github.com/TryGhost/Team/issues/2246

This solution adds some retries when fetching the recipients for a
batch. For an unknown reason the recipients can be empty (while they
aren't in the database). This should fix the issue for now until we find
more information about the root cause.
2023-01-05 15:29:03 +01:00
Peter Zimon
84cdf0c46c Added static version of theme errors notification
refs. https://github.com/TryGhost/Team/issues/2393

- a labs flag had to be created so we avoid working in branches
- permanent notification toast was added to make theme errors more discoverable
- static modal was needed to hold theme error details
2023-01-05 11:38:17 +01:00
Fabien "egg" O'Carroll
953f3856a8 Handled EmailBounceEvent with 605 error code
When Mailgun fails to deliver an email to an address because the
address has already bounced before, it gives us a permanent fail event
with a 605 error code rather than a 5xx one. Because we want to
"backfill" our suppressions data with previously bounced email
addresses, we want to handle this specific error code.

We may update this logic in the future based on new information from
Mailgun with respect to their 6xx error codes and the
meanings/underlying cause of theme.

This also moves the tests which check for whether or not emails are
suppressed into their own fail so that we do not pollute the event
storage tests, and adds more tests cases.

We also fix a leaky sinon stub which we were not resetting in the email
event storage tests
2023-01-05 17:11:37 +07:00
Fabien "egg" O'Carroll
2d9114450c Fixed email_recipients fixtures for tests
The email_recipient fixtures were using duplicate and mismatched email addresses
rather than having them correctly map to the Members, which is required for testing
email suppressions.
2023-01-05 17:11:06 +07:00
Simon Backx
913ad18b71
Added DomainEvents.allSettled utility method (#16075)
no issue

With the increased usage of DomainEvents, it gets harder to build
reliable tests without having to resort to timeouts. This utility method
allows us to wait for all events to be processed before continuing with
the test.

This change should speed up tests and make them more reliable.

It only adds extra code when running tests and shouldn't impact
production.
2023-01-04 14:30:35 +01:00
Rishabh
45ab2586b0 Fixed free trial messaging shown for invite-only sites in portal
refs https://github.com/TryGhost/Team/issues/2361

- bumps portal with fix for free trial messaging shown on invite-only sites
2023-01-04 17:15:25 +05:30
Rishabh
f5aa07a095 🐛 Removed free trial message shown on portal for invite only sites
closes https://github.com/TryGhost/Team/issues/2361

If a free trial tier existed on site and its set to 'Invite only' in membership settings, the free trial copy still showed on portal.

- removes free trial copy from portal if site is invite only
- adds playwright test to make sure free trial copy is not shown for invite only sites
2023-01-04 17:11:55 +05:30
Daniel Lockyer
1af31bab1a ℹ️ Added support for Node 18
refs https://github.com/TryGhost/Toolbox/issues/488

- Node 18 is now LTS so we're adding support for it
- this adds Node 18.12.1 (the latest security release) to our supported
  ranges and CI
2023-01-04 11:27:39 +01:00
Daniel Lockyer
aa08fc72e7 Updated Koenig packages
refs https://github.com/TryGhost/Toolbox/issues/488

- these packages add support for Node 18 and drop support for Node 12
2023-01-04 11:27:39 +01:00
Fabien 'egg' O'Carroll
50e99e013c
Added migrations to drop and recreate the suppressions table (#16070)
There are currently two issues with the suppressions table:
  - We have some incorrect rows
  - We have missing UNIQUE constraints

We want to completely wipe the tables and start fresh, as well as make
sure that the UNIQUE constraints are added, so we drop the table
completely, and then re-add it, which should result in an empty
suppressions table with all expected constraints.

We've also renamed the `email_address` column to `email` to match our
`users` & `members` tables
2023-01-04 17:26:57 +07:00
Simon Backx
819d0d884c
Improved email verification required checks (#16060)
fixes https://github.com/TryGhost/Team/issues/2366
refs https://ghost.slack.com/archives/C02G9E68C/p1670232405014209

Probem described in issue.

In the old MEGA flow:
- The `email_verification_required` check is now repeated inside the job

In the new email service flow:
- The `email_verification_required` is now checked (didn't happen
before)
- When generating the email batch recipients, we only include members
that were created before the email was created. That way it is
impossible to avoid limit checks by inserting new members between
creating an email and sending an email.
- We don't need to repeat the check inside the job because of the above
changes

Improved handling of large imports:
- When checking `email_verification_required`, we now also check if the
import threshold is reached (a new method is introduced in
vertificationTrigger specifically for this usage). If it is, we start
the verification progress. This is required for long running imports
that only check the verification threshold at the very end.
- This change increases the concurrency of fastq to 3 (refs
https://ghost.slack.com/archives/C02G9E68C/p1670232405014209). So when
running a long import, it is now possible to send emails without having
to wait for the import. Above change makes sure it is not possible to
get around the verification limits.

Refactoring:
- Removed the need to use `updateVerificationTrigger` by making
thresholds getters instead of fixed variables.
- Improved awaiting of members import job in regression test
2023-01-04 11:22:12 +01:00
renovate[bot]
c9221525bc Update dependency gscan to v4.35.1 2023-01-04 11:13:01 +01:00
Fabien 'egg' O'Carroll
e78612bb66
Fixed MailgunEmailSuppressionList adding non-5xx failures to the list
The MailgunEmailSuppression list was incorrectly adding emails
to the suppression list for permanent failure events which have
an error code outside of the 5xx range.
2023-01-04 17:03:52 +07:00
Simon Backx
789e2c96c0
🐛 Fixed SingleUseTokens being cleared on boot (#15999)
fixes https://github.com/TryGhost/Team/issues/1996

**Issue**
Our Magic links are valid for 24 hours. After first usage, the token
lives for a further 10 minutes, so that in the case of email servers or
clients that "visit" links, the token can still be used.

The implementation of the 10 minute window uses setTimeout, meaning if
the process is interrupted, the 10 minute window is ignored completely,
and the token will continue to live for the remainder of it's 24 hour
validity period. To prevent that, the tokens are cleared on boot at the
moment.

**Solution**

To remove the boot clearing logic, we need to make sure the tokens are
only valid for 10 minutes after first use even during restarts.

This commit adds 3 new fields to the SingleUseToken model:
- updated_at: for storing the last time the token was changed/used). Not
really used atm.
- first_used_at: for storing the first time the token was used
- used_count: for storing the number of times the token has been used

Using these fields:
- A token can only be used 3 times
- A token is only valid for 10 minutes after first use, even if the
server restarts in between
- A token is only valid for 24 hours after creation (not changed)

We now also delete expired tokens in a separate job instead of on boot /
in a timeout.
2023-01-04 09:49:39 +01:00