Commit Graph

118 Commits

Author SHA1 Message Date
Fabien O'Carroll
26e2cb98e9 Removed environment checks from webhook service
refs https://github.com/TryGhost/Team/issues/598
refs https://github.com/TryGhost/Ghost/commit/5cdf910e

Since we have included these checks in the Ghost codebase we do not need
to run them here.
2021-05-20 12:11:43 +01:00
Fabien O'Carroll
ee32528006 Populated members_{monthly,yearly}_price_id settings
refs https://github.com/TryGhost/Team/issues/698

As this migration relies on the `stripe_prices` table being populated,
it can not be in a standard versioned migration in Ghost core.
2021-05-19 15:16:15 +01:00
Fabien O'Carroll
15b535fd45 Removed unused stripe-plans service
no-issue

This module is no longer used!
2021-05-10 19:21:41 +01:00
Kevin Ansfield
2f7664e1a8 Added labels and products to fetched member identity data (#271)
refs https://github.com/TryGhost/Team/issues/581
refs https://github.com/TryGhost/Team/issues/582

Content gating in Ghost is being expanded from basic public/members/free/paid to allowing full NQL queries. To facilitate quick matching of a member to the visibility query we need details of the associated labels and products alongside the basic member data.
2021-05-10 11:46:34 +01:00
Kevin Ansfield
ca473fc273 🐛 Fixed potential member data loss when assigning geolocation data
no issue

- `setMemberGeolocationFromIp()` was passing a raw model instance through to `users.update()` rather than a data object causing the `model.edit()` call to overwrite existing data such as labels because `modelInstance.labels` is a function rather than an array
- removed unnecessary `withRelated: ['labels']` as it's not necessary for the update, member data is fetched again with all necessary includes by `getMemberIdentityData()` before returning
2021-05-10 11:24:10 +01:00
Rishabh
1dd2c4f656 Added prices object to logged in member's identity data
refs https://github.com/TryGhost/Team/issues/637

As we move away from `plan` data to `prices`, this change updates member identity data to include `prices` object in subscriptions object to get the price data for subscription instead of relying on `plan` data.
2021-05-06 15:27:01 +05:30
Rishabh
aa640ada5e Added migration for stripe plans to custom prices
refs https://github.com/TryGhost/Team/issues/637

- Adds one-off migration that reads from current `stripe_plans data` for a price, and ensures that the corresponding price is present in `stripe_prices` table at start.
- Currently, the portal_plans setting is used to determine the prices available to Portal for showing on Signup or Subscription change screen. The values allowed in portal_plans currently only allow [free, monthly, yearly] , which needs to be updated now to store price ids of available prices instead. Uses above migration to populate `portal_plans` with ids instead of names.
2021-05-04 21:52:51 +05:30
Rishabh
3a27d1bd0c Updated APIs to use price ids
refs https://github.com/TryGhost/Team/issues/637

All the APIs that currently work with price names needs to be updated to work with price ids instead to work with custom prices/products. This change updates APIs to work with Price IDs in `checkout` , `updateSubscription` and other APIs/methods.
2021-05-04 21:52:51 +05:30
Rishabh Garg
bee619c123 Updated link subscription to handle missing stripe data (#262)
refs https://github.com/TryGhost/Team/issues/619

On linking a stripe subscription to a member, this change -

- Adds missing stripe price or stripe product from subscription to DB
  - Missing Stripe price is attached to the first Ghost Product if no matching Product exists
- Updates usage from plan to price in the `linkSubscription` method
- Updates products associated with a member based on active subscriptions
2021-04-20 17:21:16 +05:30
Fabien 'egg' O'Carroll
dc0e5b0ec8 Wired up ProductRepository to members-api
refs https://github.com/TryGhost/Team/issues/616

Working with ProductRepository as a separate package was more trouble
than it was worth, so it's been moved into members-api. We expose the
product repository so that Ghost Admin API can access it.
2021-04-19 15:09:28 +01:00
Rishabh Garg
836b7f235e Populate stripe prices and products for existing customers (#258)
refs https://github.com/TryGhost/Team/issues/586

On Ghost Boot, as part of configuring Stripe, this populates stripe products and prices for existing stripe customers in the newly created `stripe_prices` and `stripe_products` table, which allows us to map existing customers to default Ghost product and on current prices. The population script on boot is only run if we find -

- A Ghost Product
- No rows in `stripe_products`
- No rows in `stripe_prices`
- One or more rows in `members_stripe_customers_subscriptions`
2021-04-12 20:38:01 +05:30
Fabien 'egg' O'Carroll
3ed10ecdf6 Added tests for updateSubscription
refs https://github.com/TryGhost/Team/issues/530

The RouterController was a grab bag of all controller methods, making it
difficult to mock & test. This adds a MemberController with a smaller
API - making it easier to test.
2021-03-25 12:19:01 +00:00
Fabien O'Carroll
9be1d2de4f Updated invoice webhook handling for payment events
no-issue

1. We do not want to store payment events for payments of 0 value
2. Stripe webhooks can arrive and be processed "out of order", which can
   result in us attempting to add a payment event for a member which
   does not yet exist. The change here will 404 in such (edge) cases, so
   that Stripe will retry the webhook at a later point, when the Member
   has been created, allowing us to store the payment event.
2021-03-10 17:15:16 +00:00
Fabien 'egg' O'Carroll
e1b3b38bcd Added initial support for event timelines
refs https://github.com/TryGhost/Ghost/issues/12602

This adds initial support for sitewide event timelines
2021-02-23 11:21:48 +00:00
Fabien 'egg' O'Carroll
9081298517 Added initial support for Member events (#241)
refs https://github.com/TryGhost/Ghost/issues/12602

* Added Event Repository
** Added method for MRR over time
** Added method for newsletter subscriptions over time
** Added method for gross volume over time
** Added method for status segment size over time
* Captured login events
* Captured newsletter subscription/unsubscription
* Captured email address change events
* Captured paid subscription events
* Captured payment events
* Captured status events
2021-02-23 11:21:48 +00:00
Fabien 'egg' O'Carroll
02685e3d3c Threw "fatal" errors for non-prod usage of live Stripe data (#236)
refs https://github.com/TryGhost/Ghost/issues/12448

The `fatal` property will allow Ghost to determine whether or not it should kill the process
2021-02-23 11:21:11 +00:00
Fabien 'egg' O'Carroll
ef9cb0862c Passed default URLs when creating checkout session (#235)
* Passed default URLs when creating checkout session

no-issue

This fixes a bug when a checkout session is created without passing
custom redirect URLs
2021-01-27 15:19:09 +00:00
Fabien O'Carroll
6412cfe3c6 Fixed error responses when missing data
no-issue

We should error early when recieving a request that does not contain the
required data.
2021-01-19 10:42:41 +00:00
Fabien 'egg' O'Carroll
e3ef01932f Refactor members-api (#231)
no-issue

This refactors the members-api module so that it is easier to test going forward,
as well as easier to understand & navigate. The Stripe API no longer contains
storage code, this is all handled via the member repository. And we have dedicated
services for webhooks, and stripe plans initialisation.
2021-01-18 13:55:40 +00:00
Fabien O'Carroll
d70aab83f6 Updated linkStripeCustomer to error rather than silently fail
no-issue

This allows the importer to surface errors when linking members to customers
2020-12-04 10:10:59 +00:00
Fabien O'Carroll
05d5310343 Updated members-api to allow passing options to models
no-issue

This allows us to do multiple operations within a db transaction, which
will be used for the importer to ensure atomic inserts
2020-12-04 10:10:59 +00:00
Fabien 'egg' O'Carroll
da00444961 Added support for cancellation_reason (#221)
refs https://github.com/TryGhost/Ghost/issues/12403

Adds support for sending a cancellation_reason when cancelling a plan and store the reason on the Subscription metadata
2020-11-23 16:28:35 +00:00
Rish
0ec84d1948 Fixed lint
no refs
2020-10-29 17:54:18 +05:30
Rish
2c2d639838 Fixed magic link type for member email update
no issue

- In case of a member updating their email, the `updateEmail` type was overridden with `signup` or `signin` without the force option. The fix forces the correct email type for when member requests to update their email.
2020-10-29 17:53:07 +05:30
Rish
18fa6ead56 Allowed requestSrc in stripe checkout metadata flow
refs https://github.com/TryGhost/Ghost/issues/12253

Allows reading `requestSrc` from Stripe checkout flow metadata to send signup emails with customized action param when requesting from Portal
2020-10-29 12:12:15 +05:30
Rish
216aeb572e Added request source option for magic link url
no issue

refs https://github.com/TryGhost/Ghost/issues/12253

Currently, Ghost uses standard query params like action, success and stripe for all actions and redirects to a site for member events. This needed to be extended to allow for portal specific query params so it doesn't overlap with specific theme handling or custom notifications.

The change here adds an extra option - `requestSrc` - which can be passed when using magic link API to send a link which is passed down to `getSigninURL`, and allows the `action` param to configured to `portal-action` when magic links are sent from Portal
2020-10-29 11:59:01 +05:30
Rish
6ccdea6632 Removed magic link email for upgrade checkout
no issue

Previously, we were sending a magic link email to signup in case a logged-in member upgrades to a paid account, as we didn't check for logged in status while sending the magic link and always sent one on finishing checkout. Since Portal allows members to upgrade their account from free, it doesn't make sense to send another email to signup after completing checkout.

The fix here adds a metadata `checkoutType` to checkout session creation which can be passed in with `upgrade` value to denote an existing member is upgrading and doesn't need an email.
2020-10-29 11:59:01 +05:30
Rishabh Garg
c996c7b576 Added unpaid and past_due subscription status as paid member (#211)
refs https://github.com/TryGhost/Ghost/issues/12256 , https://github.com/TryGhost/Ghost/issues/12255

Currently when listing subscriptions for Members, we were only showing the subscriptions which have a status of trialing or active.

Based on discussion, the `unpaid` and `past_due` states on Stripe also represent owner's intention of considering a subscription as active instead of `cancelled`, so we allow any subscriptions under these 2 states to be also listed for a member and consider them as `paid`.

- Subscriptions will go into a past_due state if the payment is missed, this should be considered a grace period where the member still has access.

- After this the subscriptions will either go to the unpaid or the cancelled state - this can be configured on an account by account basis in the Stripe dashboard. `unpaid` is considered as an intention to keep the subscription to allow for re-activation later.
2020-10-27 15:15:23 +05:30
Fabien 'egg' O'Carroll
aa228e9eb9 Created member with name on checkout completion (#209)
refs https://github.com/TryGhost/Ghost/issues/12270

Previously we would create the member, and then update their name from
stripe data, this mean that webhooks would be sent _without_ a name,
despite us possibly having the information to provide one.

Here we've updated the creation of members to include the name attached
to the default billing method, this will ensure that webhooks are sent
with all availiable information.
2020-10-19 12:44:01 +01:00
Matt Hanley
4359517e75 Added Stripe webhook listener for subscription created event (#208)
no-issue

Subscription created events are required for migrating Stripe subscriptions from
alternative platforms, which involves creating a new subscription for a customer
(outside of Ghost) before cancelling the original subscription.
2020-10-15 16:25:36 +05:30
Rish
d3bc625c35 🐛 Fixed email update magic link not working
no issue

- Email update magic link was not sent out for sites which did not allow self signup as it didn't find the member on new email, which is expected.
- Updates sending magic link check in case an old email is found to correctly trigger update email
2020-10-15 16:19:41 +05:30
Fabien O'Carroll
feaf73f7d2 Fixed a bug with setting geolocation
no-issue

We were passing a string rather than an object to find the member to set
the geolocation on, this was causing us to always find the same member
each time, and so newer members would never have their geolocation set.
2020-09-28 16:57:51 +01:00
Fabien O'Carroll
d2bb50a436 Refactored async function to throw errors
no-issue

There's no need to return rejected promises in an async function as
thrown errors will behave the same, this just makes it a little cleaner.
2020-09-28 13:06:59 +01:00
Fabien O'Carroll
c0ac7b6b37 Updated getMagicLink usage
no-issue

This updates the call to getMagicLink to correctly pass tokenData
2020-09-18 17:43:42 +01:00
Fabien O'Carroll
0d14e33436 Updated members-api to accept a TokenProvider
no-issue

This paves the way for Ghost to be able to pass in a custom token
provider which will handle the shortening of tokens and making them
single use.
2020-09-18 16:37:32 +01:00
Fabien O'Carroll
97ceb13d42 Moved JWTTokenProvider to lib and exported from index
no-issue

This brings the module in line with our current package standards.
2020-09-18 13:20:12 +01:00
Fabien O'Carroll
0723a1f9ed Updated members-api to work with new magic-link class
no-issue

The MagicLink class now accepts a TokenProvider rather than a secret
2020-09-18 12:42:31 +01:00
Fabien 'egg' O'Carroll
6957c2725b Refactored magic-link to be more generic (#202)
no-issue

This removes the concept of `subject` & `payload` from the function
signatures, making the implementation a little more generic, and less
JWT centric.

We also replace getUserFromToken and getPayloadFromToken with a single
method getDataFromToken, which will contain all the necessary data.

* Updated members-api to use new magic-link module

This updates the usage of magic-link to work with the new interface

* Fixed labels not saving for new members

Due to how bookshelf-relations works, we must fetch the labels before
saving a member, otherwise the labels are all deleted.

* Used a proper class rather than constructor function

This just moves the code to a more modern standard

* Updated methods to be async

This prepares us for a future where token generation and validation may
require access to storage and thus be an asyncronous operation
2020-09-17 15:42:01 +01:00
Fabien 'egg' O'Carroll
117309b4e8 Used models internally and for exported API (#195)
no-issue

Using models internally and in the exported API means that we avoid expensive
`toJSON` calls, which affects performance when looping through large lists of
members. It also allows us to take advantage of the new relations used in the
models.

The addition of "ByID" methods for linking stripe customers and setting
complimentary subscriptions allows bulk imports to avoid the overhead of creating
a model for each members, instead passing an id string. n.b. currently the impl
_does_ still create models, but it makes it easier to optimise and refactor in the 
future.
2020-08-12 12:57:28 +01:00
Fabien 'egg' O'Carroll
e7484638e3 Ensured that we do not insert orphaned rows (#190)
no-issue

Previously we would blindly put subscriptions into the database when we
received a webhook, which could result in orphaned rows that were not
linked to a customer (and by extension a member)

This updates the logic so that we will only add subscriptions if we have
a record of their customer.

Customers are only added during a checkout.session.completed webhook, at
which point a member is guarunteed, but for formailty and safety against
changes in the flow, the logic has been applied to inserting customers
too.
2020-07-24 15:39:01 +02:00
Rish
f792148ce8 Updated magic link email to use custom status code for failures
refs https://github.com/TryGhost/Team/issues/342

- Send magic link middleware was not using custom status code from error and sending 500
- Updates error code to be picked from err object if present, or fallback to 500 as before otherwise
2020-07-22 16:07:21 +05:30
Fabien 'egg' O'Carroll
9f1b9d6156 Used mode to determine flow for checkout session (#184)
no-issue

This fixes a problem when subscribing to a Plan (Price) with a default
trial period. We also add logging to add a little more information about
which flow we're entering.

Subscriptions that are started with a trial have a `setup_intent`
present on the Checkout Session object, which was incorrectly causing us
to determine that we are in a "setup" flow and attempt to update a
customers card details.

We now use the `mode` property of the Checkout Session to determine
whether we are handling a new Subscription, or if we are in a "setup"
flow and should update the Customer's card details.
2020-07-21 12:03:16 +02:00
Fabien O'Carroll
c30ffba75a Revert "Used mode to determine flow for checkout session (#184)"
no-issue

Reverting so that changesets can be released independently

This reverts commit d41e5f3b55.
2020-07-21 12:01:07 +02:00
Fabien 'egg' O'Carroll
d41e5f3b55 Used mode to determine flow for checkout session (#184)
no-issue

This fixes a problem when subscribing to a Plan (Price) with a default
trial period. We also add logging to add a little more information about
which flow we're entering.

Subscriptions that are started with a trial have a `setup_intent`
present on the Checkout Session object, which was incorrectly causing us
to determine that we are in a "setup" flow and attempt to update a
customers card details.

We now use the `mode` property of the Checkout Session to determine
whether we are handling a new Subscription, or if we are in a "setup"
flow and should update the Customer's card details.
2020-07-21 11:50:10 +02:00
Fabien 'egg' O'Carroll
ac923af0f7 Refactored webhook creation (#175)
no-issue

* Refactored model dependencies
  This groups all of the model depenencies into a single models object,
  and renames the models with more concise identifiers

* Fixed spacing
* Added webhook support to metadata
* Refactored stripe configure to have better logging
* Refactored webhook creation to reuse existing webhook
* Installed @types/stripe
2020-07-09 16:40:48 +02:00
Rish
1acf7d40be 🐛 Fixed incorrect payload creation for magic link token
no issue

- The extra payload added to magic link token included `name`, `labels` and `oldEmail`
- Refactor in commit [here](bf63ffe424 (diff-9f9ef757543bb9a90baba0d3bea76a83L157-R169)) changed the `body` variable assignment causing the payload objection creation to not include the extra data from request body
- Updates `body` to `req.body` to use correct data from request
2020-07-08 21:48:12 +05:30
Fabien 'egg' O'Carroll
ae9870993a Added hasActiveStripeSubscriptions method (#169)
no-issue

This can be used by Ghost to determine if the Stripe keys can be deleted
2020-06-18 18:01:04 +02:00
Rish
11e2732d50 Handled error for stripe checkout rejection
refs https://github.com/TryGhost/members.js/issues/38

- In case of incomplete Stripe setup like Account name, checkout session creation fails and throws error, which was not being handled and 200 returned after long timeout
- This change catches the error and returns correct status along with message for clients to handle it downstream
2020-06-10 16:29:48 +05:30
Kevin Ansfield
bf63ffe424 Moved members geolocation fetch/update into members-ssr (#151)
closes https://github.com/TryGhost/Members/issues/148

- geolocation was not being fetched/stored for paid member signup
  - magic link was being sent after Stripe webhook but we don't have an IP at that stage
  - it only worked when a magic link was requested by the browser
- moved the geolocation fetch/update to `members-ssr`
  - kept the ip geolookup and storage inside `members-api` but exposed it as a method so consumers are able to choose when it's performed
  - used the new api method in `members-ssr` when exchanging a token from the session as that is always driven by browser requests so we know we have an IP and it's likely the correct one (reliant on consumers having "trust proxy" config correct)
  - stopped storing IP addresses in the token payload (keeps links shorter)
2020-06-04 13:20:19 +01:00
Rishabh Garg
e9b7dacb2e Updated magic link flow to allow changing member's email (#161)
refs https://github.com/TryGhost/members.js/issues/30

- Updates `sendMagicLink` middleware to allow adding old email address to payload. Checks for if new email address already exists in db before creating magic link, throws error in case of duplicate email.
- Updates magic link parsing for data to check if the intention is to update email address and update member's email to new email address in case its allowed.
- Return session data from magic link using the new email address
2020-05-28 19:37:03 +05:30