Commit Graph

71 Commits

Author SHA1 Message Date
Rish
11e2732d50 Handled error for stripe checkout rejection
refs https://github.com/TryGhost/members.js/issues/38

- In case of incomplete Stripe setup like Account name, checkout session creation fails and throws error, which was not being handled and 200 returned after long timeout
- This change catches the error and returns correct status along with message for clients to handle it downstream
2020-06-10 16:29:48 +05:30
Kevin Ansfield
bf63ffe424 Moved members geolocation fetch/update into members-ssr (#151)
closes https://github.com/TryGhost/Members/issues/148

- geolocation was not being fetched/stored for paid member signup
  - magic link was being sent after Stripe webhook but we don't have an IP at that stage
  - it only worked when a magic link was requested by the browser
- moved the geolocation fetch/update to `members-ssr`
  - kept the ip geolookup and storage inside `members-api` but exposed it as a method so consumers are able to choose when it's performed
  - used the new api method in `members-ssr` when exchanging a token from the session as that is always driven by browser requests so we know we have an IP and it's likely the correct one (reliant on consumers having "trust proxy" config correct)
  - stopped storing IP addresses in the token payload (keeps links shorter)
2020-06-04 13:20:19 +01:00
Rishabh Garg
e9b7dacb2e Updated magic link flow to allow changing member's email (#161)
refs https://github.com/TryGhost/members.js/issues/30

- Updates `sendMagicLink` middleware to allow adding old email address to payload. Checks for if new email address already exists in db before creating magic link, throws error in case of duplicate email.
- Updates magic link parsing for data to check if the intention is to update email address and update member's email to new email address in case its allowed.
- Return session data from magic link using the new email address
2020-05-28 19:37:03 +05:30
Rish
d5d2cc5137 Added name from magic link token to member creation
refs https://github.com/TryGhost/members.js/issues/26

- Allows magic link tokens to pass member name on signup
- Uses member name from magic link token to assign member name during creation
2020-05-20 14:33:15 +05:30
Rish
167811c5fd Updated stripe checkout to store member name from metadata
refs TryGhost/members.js#29

- Uses the metadata option in stripe checkout flow to add member's name on creation via anonymous checkout flow
- Allows clients like memebrs.js to pass member's info like name from checkout signup flow
2020-05-19 13:54:25 +05:30
Rish
2f90c97629 Added metadata option to stripe checkout session
refs TryGhost/members.js#29

- Allows passing metadata to checkout session API
- Metadata is passed to stripe's checkout session on creation and read back from webhook event
- Allows clients like members.js to pass custom info like member name to Stripe flow
2020-05-19 13:54:25 +05:30
Rishabh Garg
b015a08c43 Added plan update option to stripe subscription update API (#154)
no issue

- Current update stripe subscription API calls only allowed cancelling a plan
- This change adds option to pass plan's nickname as `planName` in request to update subscription to new plan
- Checks if plan name is valid and updates stripe subscription to new plan at default prorate behavior
2020-05-19 12:59:39 +05:30
Rish
fac6c3d97e Added ability to prefill customer email for anonymous checkouts
refs https://github.com/TryGhost/members.js/issues/10

- Allows passing an additional `customerEmail` value to our checkout creation API
- This value is used to pass `customer_email` option to stripe's checkout session - https://stripe.com/docs/api/checkout/sessions/create#create_checkout_session-customer_email.

The `customer_email` allows pre-filling the customer's email field in case of an anonymous checkout as customer doesn't exist already, and also ensures the stripe subscription is created with same email address as given by user during signup flow.
2020-04-30 16:01:22 +05:30
Rish
ab3fe634f4 🐛 Fixed incorrect logging for geolocation error
no issue

We were using incorrect method for logging in geolocation warning - `this.logging.warn(err)` - as `this.logging` doesn't exist in this file. Updated to use correct logging method.
2020-04-21 15:28:13 +05:30
Kevin Ansfield
615a482c48 Store geolocation data during member signup/signin (#128)
requires f38d490886

- adds `lib/geolocation.js` with `getGeolocationFromIP()` function which uses https://geojs.io to lookup geolocation data from an IPv4 or IPv6 address
- updates `create/updateMember()` functions to work with a `geolocation` property in the passed in object
  - if `geolocation` is `undefined` when updating a member do not reset any existing property
- updates `sendMagicLink` middleware to extract the IP address from the request and stores it as part of the token payload
- updates `getMemberDataFromMagicLinkToken()` method to extract the IP address from the token payload and perform a geolocation lookup if we have an IP address and a matching member does not already have geolocation data
2020-02-27 10:29:36 +00:00
Naz
b34b7bfa9c Added middleware to handle billing updates (#122)
refs https://github.com/TryGhost/Ghost/pull/11571 

- Allows updating members billing information through Stripe's setup intent (stripe.com/docs/payments/checkout/subscriptions/updating#set)
- Accepts 2 new parameter to handle redirects specific to billing update.
2020-02-26 12:09:09 +08:00
Nazar Gargol
13773cbeb4 Removed "Complimentary" subscription edit limitation
no issue

- There is no need to treat complimentary subscriptions in different way to regular subscription on the client.
2020-02-17 16:25:41 +08:00
Rishabh Garg
789462aa5f Added labels to member signup flow (#124)
no issue

refs https://github.com/TryGhost/Ghost/pull/11538
2020-02-12 16:42:49 +05:30
Naz
2a51a478fc Exposed getMagicLink method (#123)
refs https://github.com/TryGhost/Ghost/pull/11573

- Adds `getMagicLink` method to members-api which can be used to generate a signin link for the member
2020-02-06 17:08:39 +08:00
Naz Gargol
28d3a37824 Added "complimentary" subscription handling (#118)
refs https://github.com/TryGhost/Ghost/pull/11537

- Adds ability to assign and cancel "complimentary" type of subscriptions to the member
- The functionality is needed to be able to provide free premium plans for members (e.g. family members, trials, gifts)
- When member already has an active paid subscription and complimentary one is applied the old one is upgraded. Proration is not given
- When deleting a subscription we need to update localy stored records right away to be albe to reflect the change in the UI. This behavior will also be in line with how subscriptions updates/creates are handled
- Blocked any client update for complimentary subscription. We should prevent non authenticated clients from upgrading/subscribing themselves to "complimentary" plan.
2020-01-27 12:34:22 +07:00
Nazar Gargol
6c7139b1fe Fixed preexisting member name check
refs 1dc0b36b56

- The name can also be 'null' so the check should take that into account
2020-01-20 15:51:06 +07:00
Nazar Gargol
1dc0b36b56 Updated checkout session to record member name
no issue

- When the customer has provided a name on the card during checkout it should be recorded for convenience as members' name
2020-01-20 13:25:17 +07:00
Naz Gargol
e19e06f9b3 Refactored user CRUD to be usable by Ghost core (#113)
refs https://github.com/TryGhost/Members/pull/105

- It's a follow up to a series of refactorings in the module mostly discussed in refed PR
- The sendEmailWithMagicLink and destroyStripeSubscriptions were exposed through members API so that Ghost  could call it from the controller level
2020-01-15 15:35:15 +07:00
Nazar Gargol
08fbcf25ec Extracted metadata get/set methods into internal metadata module
no issue

- This is the refactor similar to what has been done with Memeber model being passed in directly in the constructor
- Relevent discussion here https://github.com/TryGhost/Members/pull/105#pullrequestreview-324254267
2020-01-13 15:45:22 +07:00
Naz Gargol
ff5fceafc8 Added subscription update middleware (#107)
refs #https://github.com/TryGhost/Ghost/pull/11434

- Added method to allow updating single subscription. Only `cancel_at_period_end` field can be updated. 
- Middleware is needed to allow Ghost Core to cancel/uncancel member's subscription. 
- Relies on the request containing identity information to be able to verify if subscription belongs to the user
- When member could not be identified by the identity information present in the request we should throw instead of continuing processing
- Handling and messaging inspired by https://github.com/TryGhost/Ghost/blob/3.1.1/core/server/services/mega/mega.js#L132
- When the user initiates subscription cancellation we can safely mark the subscription as canceled so that it's not shown in the interface on subsequent request. Otherwise, we end up in a situation where we still return the subscription in the period until Stripe triggers the webhook.
- Added boolean coercion for cancel_at_period_end parameter. If anything but boolean is passed to Stripe API it throws an error.  Coercing the value on our side is a gives a better dev experience
2019-12-12 15:19:36 +07:00
Naz Gargol
3060e11a4e Changed members-api constructor to accept Member model directly (#105)
no issue

- As members have become a part of Ghost core there is no need to proxy methods like this anymore and we can allow members-api to work on the model directly
- Methods come from Ghost core: https://github.com/TryGhost/Ghost/blob/cc39786/core/server/services/members/api.js#L11-L110
2019-12-05 18:16:18 +07:00
Fabien O'Carroll
47ed334597 Updated use of magic-link module to pass subject
no-issue

This takes advantage of magic-links smaller tokens
2019-10-11 11:58:23 +07:00
Fabien O'Carroll
d248c909d9 Updated usage of magic-link, passing secret
no-issue
2019-10-11 11:58:23 +07:00
Fabien O'Carroll
e04898cb3d Pass getSubject option to MagicLink module
no-issue
2019-10-10 20:20:46 +07:00
Fabien O'Carroll
5a17327a93 Improved error logging for webhook handling
no-issue
2019-10-09 10:46:55 +07:00
Fabien O'Carroll
310972f73c Updated signatures for get/set metadata
no-issue
2019-10-09 10:46:55 +07:00
Fabien O'Carroll
8829b545a9 Updated handleStripeWebhook middleware
no-issue

This adds the handlers for the new events we want to listen to
2019-10-09 10:46:55 +07:00
Fabien O'Carroll
6806505a4c Updated stripe to store and retrieve from metadata
no-issue

This means that we will not have to make api requests to find out the
customers subscriptions
2019-10-09 10:46:55 +07:00
Fabien O'Carroll
d11a0db726 Refactored some private methods for stripe
no-issue

This is to expose a clearer contract with the outside world
2019-10-09 10:46:55 +07:00
Fabien O'Carroll
d6cb2ca796 Defaulted allowSelfSignup to true
no-issue

This is to keep backwards compatibility
2019-10-06 21:18:09 +07:00
Fabien O'Carroll
1208b41b9f Added allowSelfSignup options to auth config
no-issue

This flag is used to allow the sendMagicLink middleware to send an email
to members which do not yet exist. When this flag is set to false, the
only way to create members, would be via the stripe webook, or via the
`create` method exposed on the `members` object
2019-10-06 21:18:09 +07:00
Fabien O'Carroll
a643b3ff1f Sent "signup" emails when member created via stripe
no-issue

This is the correct email to send, as they are a new member
2019-10-06 21:18:09 +07:00
Fabien O'Carroll
355dd8b501 Corrected logic to send signin/signup emails
no-issue

This ensures that existing members recieve "signin" emails and new
members recieve "signup" (or "subscribe") emails
2019-10-06 21:18:09 +07:00
Fabien O'Carroll
dd566b3d29 Added support for custome success/cancel urls
no-issue

This will allow clients to customise where they are redirecting to after
the stripe checkout session is exited.
2019-10-03 17:22:29 +07:00
Fabien O'Carroll
a6adfdd92c Protected against missing member for id token
no-issue

If a cookie still exists after a member has been deleted we can have
some strange requests, this just ensures that we check for existence.
2019-10-02 18:19:39 +07:00
Fabien O'Carroll
1c3e563ad7 Improved logging for members-api
no-issue

This allows the logger to be passed in, and configures stripe to have access to it
2019-10-02 13:47:37 +07:00
Fabien O'Carroll
ece58fe9fd Pass through getText and getHTML function from mail
no-issue

This will allow consumers of this module to customise the content of emails
2019-10-01 14:46:17 +07:00
Fabien O'Carroll
b852de95c8 Updated members-api to pass the emailType to magic-link
no-issue

This will allow requests to send the correct email
2019-10-01 14:46:17 +07:00
Fabien O'Carroll
530390124b Added flag to create member for sending email
no-issue

This allows us to give more functionality to consumers, with a smaller
API (rather than exposing the methods for sending a magic-link email)
2019-09-26 17:11:17 +07:00
Fabien O'Carroll
acf01e9065 Updated members-api to export POJO
no-issue

Previously members-api exported a pre configured express router with the
paths and handlers defined. This did not allow for much control from the
parent application. This replaces this pattern by exposing middlewares,
which the parent application can mount where it sees fit.
2019-09-25 16:53:08 +07:00
Fabien O'Carroll
d67ad13057 Updated handler for checkout to not require member
no-issue

This will allow the flow to start from the frontend.
2019-09-25 16:53:08 +07:00
Fabien O'Carroll
db42b35e9f Added handler for checkout.session.completed
no-issue

This will link the customer from the checkout session to the member with
the same email
2019-09-25 11:20:02 +07:00
Fabien O'Carroll
9beb496bd1 Passed in metadata getter/setter to stripe
no-issue

This will be used to store information such as customer id
2019-09-25 11:20:02 +07:00
Fabien O'Carroll
216ab072b4 Refactored users module to wrap all methods
no-issue

This also adds initial support for `update` user - which is not used
2019-09-25 11:20:02 +07:00
Fabien O'Carroll
f7b61e901d Removed body-parser from router middleware
no-issue

Validating stripe webhooks requires the body as a buffer, so we can no
longer parse json body by default
2019-09-25 11:20:02 +07:00
Fabien O'Carroll
de0baded13 Logged error when sending email (#62)
no-issue
2019-09-15 11:48:11 +08:00
Fabien O'Carroll
d741cd9fba Returned fully hydrated member object when creating member
no-issue
2019-09-09 15:51:20 +08:00
Fabien O'Carroll
ec3948287f Added subscription data when fetching member 2019-09-06 14:30:27 +08:00
Fabien O'Carroll
4f1bc288c5 Added support for stripe checkout payments 2019-09-06 14:30:27 +08:00
Fabien O'Carroll
ffd20f74f0 Exported members from members-api
no-issue

This allows consumers of the service to fetch members with payment info
2019-09-05 11:00:46 +08:00