Commit Graph

296 Commits

Author SHA1 Message Date
Fabien O'Carroll
6722d3bc8a Ensured member is not linked to customer twice
no-issue

Edge case but easy to solve - so we dun it
2019-09-25 11:20:02 +07:00
Fabien O'Carroll
db42b35e9f Added handler for checkout.session.completed
no-issue

This will link the customer from the checkout session to the member with
the same email
2019-09-25 11:20:02 +07:00
Fabien O'Carroll
ed4dfd8d54 Updated users module to use getActiveSubscriptions
no-issue

This offloads some stripe specific logic into the stripe module
2019-09-25 11:20:02 +07:00
Fabien O'Carroll
314fd6a540 Added method for getting active subscriptions
no-issue
2019-09-25 11:20:02 +07:00
Fabien O'Carroll
a92d5f064b Added method for getting stripe customer for member
no-issue

This finds the first active customer that is linked to the member, and
created and links a new customer if a viable one does not exist.
2019-09-25 11:20:02 +07:00
Fabien O'Carroll
69abbc6fa2 Added method for linking customer to member
no-issue

Uses the metadata storage passed into stripe
2019-09-25 11:20:02 +07:00
Fabien O'Carroll
9beb496bd1 Passed in metadata getter/setter to stripe
no-issue

This will be used to store information such as customer id
2019-09-25 11:20:02 +07:00
Fabien O'Carroll
644fd71d4f Removed unused getPublicConfig method from stripe
no-issue

Don't use it you lose it!
2019-09-25 11:20:02 +07:00
Fabien O'Carroll
373f67a117 Added getCustomer method to stripe
no-issue

This uses the stripeRequests module directly since the customers api was
removed.
2019-09-25 11:20:02 +07:00
Fabien O'Carroll
2849c647d6 Added parseWebhook method to stripe
no-issue

This uses the webhook secret and stripe module to validate the signature
and parse the body into an object
2019-09-25 11:20:02 +07:00
Fabien O'Carroll
343fcecfff Updated stripe to create webhook on boot configure
no-issue

This will allow us to a) have an endpoint to receive webhooks and b) get
hold of the webhook secret to validate the signature.
2019-09-25 11:20:02 +07:00
Fabien O'Carroll
4dc42709c3 Removed superfluous stripe api modules
no-issue

This removes the subscription api as we are using stripe checkout to
generate those

This removes the customers api as we no longer need the deterministic
api for it
2019-09-25 11:20:02 +07:00
Fabien O'Carroll
216ab072b4 Refactored users module to wrap all methods
no-issue

This also adds initial support for `update` user - which is not used
2019-09-25 11:20:02 +07:00
Fabien O'Carroll
f7b61e901d Removed body-parser from router middleware
no-issue

Validating stripe webhooks requires the body as a buffer, so we can no
longer parse json body by default
2019-09-25 11:20:02 +07:00
Fabien O'Carroll
58cb25fe86 Published new versions
- @tryghost/magic-link@0.1.2
 - @tryghost/members-api@0.5.3
 - @tryghost/members-browser-auth@0.2.3
 - @tryghost/members-gateway-api@0.1.7
 - @tryghost/members-ssr@0.5.0
 - @tryghost/members-theme-bindings@0.2.6
2019-09-16 14:01:13 +08:00
Fabien O'Carroll
8b54a91b60 Published new versions
- @tryghost/members-api@0.5.2
2019-09-15 11:50:11 +08:00
Fabien O'Carroll
de0baded13 Logged error when sending email (#62)
no-issue
2019-09-15 11:48:11 +08:00
Fabien O'Carroll
b834c70559 Published new versions
- @tryghost/magic-link@0.1.1
 - @tryghost/members-api@0.5.1
 - @tryghost/members-auth-pages@1.1.3
 - @tryghost/members-browser-auth@0.2.2
 - @tryghost/members-gateway-api@0.1.6
 - @tryghost/members-gateway-protocol@0.1.4
 - @tryghost/members-ssr@0.4.0
 - @tryghost/members-theme-bindings@0.2.5
2019-09-09 15:53:10 +08:00
Fabien O'Carroll
d741cd9fba Returned fully hydrated member object when creating member
no-issue
2019-09-09 15:51:20 +08:00
Renovate Bot
84f9e69a50 Update dependency sinon to v7.4.2 2019-09-09 13:57:00 +08:00
Fabien O'Carroll
cb3cedd9df Published new versions
- @tryghost/members-api@0.5.0
 - @tryghost/members-ssr@0.3.1
2019-09-06 14:56:19 +08:00
Fabien O'Carroll
4ead495b45 Ensured that destroying member removes stripe customer
no-issue

This also mean sthe subscription will be cancelled
2019-09-06 14:30:27 +08:00
Fabien O'Carroll
ec3948287f Added subscription data when fetching member 2019-09-06 14:30:27 +08:00
Fabien O'Carroll
4f1bc288c5 Added support for stripe checkout payments 2019-09-06 14:30:27 +08:00
Fabien O'Carroll
61561a5af6 Added stripe payments module 2019-09-06 14:30:27 +08:00
Fabien O'Carroll
7376a333c2 Removed lib/subscriptions
no-issue

This is no longer used
2019-09-06 14:30:27 +08:00
Fabien O'Carroll
1c5ba6056a Removed lib/cookies
no-issue

This is no longer used
2019-09-06 14:30:27 +08:00
Fabien O'Carroll
8bfcc37ad4 Removed lib/util
no-issue

This is no longer used
2019-09-06 14:30:27 +08:00
Fabien O'Carroll
64738adfc0 Removed gateway
no-issue

This is no longer needed
2019-09-06 14:30:27 +08:00
Fabien O'Carroll
95ed945f6d Published new versions
- @tryghost/members-api@0.4.1
 - @tryghost/members-auth-pages@1.1.2
2019-09-05 11:01:48 +08:00
Fabien O'Carroll
ffd20f74f0 Exported members from members-api
no-issue

This allows consumers of the service to fetch members with payment info
2019-09-05 11:00:46 +08:00
Fabien O'Carroll
33ff98f789 Published new versions
- @tryghost/magic-link@0.1.0
 - @tryghost/members-api@0.4.0
 - @tryghost/members-auth-pages@1.1.1
 - @tryghost/members-browser-auth@0.2.1
 - @tryghost/members-gateway-api@0.1.5
 - @tryghost/members-gateway-protocol@0.1.3
 - @tryghost/members-ssr@0.3.0
 - @tryghost/members-theme-bindings@0.2.4
2019-09-03 18:25:17 +08:00
Fabien O'Carroll
d9fd07ef7f Fixed getMemberIdentityData method
no-issue

The users.get method expects an object with email prop
2019-09-03 18:21:04 +08:00
Fabien O'Carroll
af6c897a14 Updated members-api to use magic-link
no-issue

This removes a *lot* of funtionality, stripping the members-api module
to *only* handle the magic link signin flow.
2019-09-03 15:35:04 +08:00
Renovate Bot
6276c82888 Update dependency sinon to v7.4.1 2019-08-12 05:28:29 +00:00
Renovate Bot
017c24992f Roll back dependency sinon to 7.3.2 2019-08-12 00:30:26 +00:00
Renovate Bot
b8ae86a8ea Update dependency sinon to v7.4.0 2019-08-05 01:28:22 +00:00
Renovate Bot
97d34b2aa1 Update dependency mocha to v6.2.0 2019-07-22 01:28:44 +00:00
Fabien O'Carroll
283c5fea58 Published new versions
- @tryghost/members-api@0.3.0
2019-07-17 18:23:25 +08:00
Fabien O'Carroll
1fb969ad36 Refactored to improve logging and error handling
* Installed stripe@7.4.0

refs #38

We were relying on stripe being installed in Ghost, this moves the dep
to the correct package.

* Created exponentialBackoff wrapper for stripe api

refs #38

https://stripe.com/docs/testing#rate-limits The stripe docs suggest to
use exponential backoff when recieving a rate limit error. This wrapper
will wrap stripe api calls, and retry them after 1s,2s,4s,8s,16s until
eventually failing. This gives a total of 5 retries over 31s.

* Added wrappers around the stripe api calls

refs #38

* Ensured all calls to stripe api go via exp backoff

refs #38

* Scaffolding out the error handling for stripe api

* Forwarding all errors

* Refactored stripe api into modules

* Ensured the ready promise object is not replaced

* Added logging setup

- Sets up common logger structure with custom logger passed through

* Ensure logger is kept in module state

* Renamed updateLogger to setLogger

* Removed `logger` param and exposed setLogger method

* Ensured different ids used for test mode

* Ensure setLogger works for prototype methods

* Removed reconfigureSettings method

* Updated payment processer service to keep static ready promise

* Added eventemitter to member api instance to handle errors

* Moved logging of errors to http level
2019-07-17 18:20:13 +08:00
Fabien O'Carroll
20c60e4de3 Published new versions
- @tryghost/members-api@0.2.0
 - @tryghost/members-browser-auth@0.1.3
 - @tryghost/members-gateway-api@0.1.4
 - @tryghost/members-theme-bindings@0.2.2
2019-07-09 15:39:16 +08:00
Fabien O'Carroll
34f7b2c7d6 Updated members-api to export a router instance
no-issue

This was the original design, to make it easy to incorporate into
another application, but the URL structure in Ghost did not allow for
it, we've since learnt that the URL structure _should_ be how it is
here, so we can export a router with both the auth endpoints and the
static files for the gateway
2019-07-09 15:23:11 +08:00
Fabien O'Carroll
f220ee10c7 Published new versions
- @tryghost/members-api@0.1.2
 - @tryghost/members-auth-pages@0.2.2
 - @tryghost/members-browser-auth@0.1.2
 - @tryghost/members-gateway-api@0.1.3
 - @tryghost/members-gateway-protocol@0.1.2
 - @tryghost/members-theme-bindings@0.2.0
2019-06-25 14:22:42 +07:00
Renovate Bot
ca998d0529 Update dependency jsdom to v15.1.1 2019-06-03 01:27:16 +00:00
Renovate Bot
32a13bf561 Update dependency jsdom to v15.1.0 2019-05-13 02:30:08 +00:00
Fabien O'Carroll
4633ea06e4 Published new versions
- @tryghost/members-api@0.1.1
 - @tryghost/members-auth-pages@0.1.2
2019-05-07 17:40:25 +02:00
Fabien O'Carroll
ac847dbecd Added default test dir and eslintrc
no-issue
2019-05-07 17:35:17 +02:00
Fabien O'Carroll
986791d091 Added package.json and deps for members-api
no-issue
2019-05-07 17:35:17 +02:00
Fabien O'Carroll
9e65199f14 Updated require paths for local modules
no-issue
2019-05-07 17:35:17 +02:00
Fabien O'Carroll
7ec3f61e71 Refactored directory structure
no-issue

This is to better fit the index.js, lib model
2019-05-07 17:35:17 +02:00
Fabien O'Carroll
7b6e73e093 Refactored lib/members to remove unused router
no-issue

Also exposes the getPublicKeys method
2019-05-07 17:35:17 +02:00
Fabien O'Carroll
2c9130a244 Removed serving of auth pages from lib/members
no-issue
2019-05-07 17:35:17 +02:00
Fabien O'Carroll
bf156b0b79 Removed auth pages from lib/members
no-issue

These have been moved to https://github.com:TryGhost/Members
2019-05-07 17:35:17 +02:00
Zimo
5101735f9d Updated members payment failed copy and style
no-issue
2019-05-07 17:35:17 +02:00
Fabien O'Carroll
79f31b7323 Updated token generation to use plans on member
no-issue

This is to remove duplication of logic, that now lives solely in the
getMember method
2019-05-07 17:35:17 +02:00
Fabien O'Carroll
239237f402 Updated getMember to return plans
no-issue

Plans are distinct from subscriptions, as in theory a subscription could
have many plans. These moves the construction of the plans array into
the getMember function so that every consumer has access to the same
data.
2019-05-07 17:35:17 +02:00
Rish
618f7e35cc Updated signup flow to handle invalid payments
no issue
2019-05-07 17:35:17 +02:00
Fabien O'Carroll
371a0698a6 Fixed bug with deleting members after config change 2019-05-07 17:35:17 +02:00
Fabien O'Carroll
c1a85e8bc3 Updated members auth pages to use gateway-protocol (#10695)
no-issue

This swaps out a hand copied library with the published one on npm
2019-05-07 17:35:17 +02:00
Zimo
9e53c6332a Added close event on member pages background click 2019-05-07 17:35:17 +02:00
Peter Zimon
540977fcb8 Members refine buttons (#10692)
* Members: disabled signup button during signup

* Members: disabled non-Stripe signup button during signup

* Members: added check to Log in button logged in state
2019-05-07 17:35:17 +02:00
Zimo
d63127bcdc Updated mobile styles for members upgrade screen 2019-05-07 17:35:17 +02:00
Fabien O'Carroll
ac9daac9f2 Fixed subscription issue with null coupons
no-issue

Coupons were being sent as null to the api, so we support non required fields
2019-05-07 17:35:17 +02:00
Fabien O'Carroll
6e37c50ce7 Added default disabled state of false to FormInput
no-issue
2019-05-07 17:35:17 +02:00
Fabien O'Carroll
43d65d0709 Removed unused onClick handler in StripeSubscribePage
no-issue
2019-05-07 17:35:17 +02:00
Fabien O'Carroll
c1c13379c7 Added coupon support to StripeSubscribePage
no-issue

Only shows the (disabled) input when a coupon is available
2019-05-07 17:35:17 +02:00
Fabien O'Carroll
9a5abbbde2 Cleaned up render{Subscribe,Upgrade}Page
no-issue

- ensured promises are returned
- removed unused prop
2019-05-07 17:35:17 +02:00
Fabien O'Carroll
016e29c5a8 Added CouponInput component
no-issue

This can be used in the subscribe pages to pass coupon info through
2019-05-07 17:35:17 +02:00
Fabien O'Carroll
e0225b8b54 Added support for disabled form elements
no-issue

This can be used for a coupon input in future
2019-05-07 17:35:17 +02:00
Fabien O'Carroll
fbe6ba4b49 Updated members api and gateway to pass coupo
no-issue

This will allow the auth pages and members sdk to pass coupons through
to the api.
2019-05-07 17:35:17 +02:00
Fabien O'Carroll
f99d66d8b9 Passed coupon from metadata through to stripe
no-issue

This will allow us to send through coupons from the api layer and have
stripe handle the rest :)
2019-05-07 17:35:17 +02:00
Rish
b00c82d3a6 Added spinner on member signup pages
no issue
2019-05-07 17:35:17 +02:00
Rish
0fbc808ff9 Updated member signin page to show logged in status
no issue
2019-05-07 17:35:17 +02:00
Zimo
8cb3c1510d Added fade in for signup complete page 2019-05-07 17:35:17 +02:00
Peter Zimon
43adc432f5 Members refinements (#10689)
* Updated close animation speed for members pages
* Updated responsive styles for members mobile screens 
* Adding spinner CSS to members pages
* Adding members signup complete page
2019-05-07 17:35:17 +02:00
Fabien O'Carroll
10bfe05b39 Updated theme layer to use members-ssr (#10676)
* Removed support for cookies in members auth middleware

no-issue

The members middleware will no longer be supporting cookies, the cookie
will be handled by a new middleware specific for serverside rendering,
more informations can be found here:

https://paper.dropbox.com/doc/Members-Auth-II-4WP4vF6coMqDYbSMIajo5

* Removed members auth middleware from site app

no-issue

The site app no longer needs the members auth middleware as it doesn't
support cookies, and will be replaced by ssr specific middleware.

https://paper.dropbox.com/doc/Members-Auth-II-4WP4vF6coMqDYbSMIajo5

* Added comment for session_secret setting

no-issue

We are going to have multiple concepts of sessions, so adding a comment
here to be specific that this is for the Ghost Admin client

* Added theme_session_secret setting dynamic default

no-issue

Sessions for the theme layer will be signed, so we generate a random hex
string to use as a signing key

* Added getPublicConfig method

* Replaced export of httpHandler with POJO apiInstance

no-issue

This is mainly to reduce the public api, so it's easier to document.

* Renamed memberUserObject -> members

no-issue

Simplifies the interface, and is more inline with what we would want to export as an api library.

* Removed use of require options inside members

no-issue

This was too tight of a coupling between Ghost and Members

* Simplified apiInstance definition

no-issue

* Added getMember method to members api

* Added MembersSSR instance to members service

* Wired up routes for members ssr

* Updated members auth middleware to use getPublicConfig

* Removed publicKey static export from members service

* Used real session secret

no-issue

* Added DELETE /members/ssr handler

no-issue

This allows users to log out of the theme layer

* Fixed missing code property

no-issue

Ignition uses the statusCode property to forward status codes to call sites

* Removed superfluous error middleware

no-issue

Before we used generic JWT middleware which would reject, now the
middleware catches it's own error and doesn't error, thus this
middleware is unecessary.

* Removed console.logs

no-issue

* Updated token expirty to hardcoded 20 minutes

no-issue

This returns to our previous state of using short lived tokens, both for
security and simplicity.

* Removed hardcoded default member settings

no-issue

This is no longer needed, as defaults are in default-settings.json

* Removed stripe from default payment processor

no-issue

* Exported `getSiteUrl` method from url utils

no-issue

This keeps inline with newer naming conventions

* Updated how audience access control works

no-issue

Rather than being passed a function, members api now receives an object
which describes which origins have access to which audiences, and how
long those tokens should be allowed to work for. It also allows syntax
for default tokens where audience === origin requesting it. This can be
set to undefined or null to disable this functionality.

{
    "http://site.com": {
        "http://site.com": {
            tokenLength: '5m'
        },
        "http://othersite.com": {
            tokenLength: '1h'
        }
    },
    "*": {
        tokenLength: '30m'
    }
}

* Updated members service to use access control feature

no-issue

This also cleans up a lot of unecessary variable definitions, and some
other minor cleanups.

* Added status code to auth pages html response

no-issue

This was missing, probably default but better to be explicit

* Updated gateway to have membersApiUrl from config

no-issue

Previously we were parsing the url, this was not very safe as we can
have Ghost hosted on a subdomain, and this would have failed.

* Added issuer to public config for members

no-issue

This can be used to request SSR tokens in the client

* Fixed path for gateway bundle

no-issue

* Updated settings model tests

no-issue

* Revert "Removed stripe from default payment processor"

This reverts commit 1d88d9b6d73a10091070bcc1b7f5779d071c7845.

* Revert "Removed hardcoded default member settings"

This reverts commit 9d899048ba7d4b272b9ac65a95a52af66b30914a.

* Installed @tryghost/members-ssr

* Fixed tests for settings model
2019-05-07 17:35:17 +02:00
Rish
345d69102a Updated subscription data in member request
no issue

- Added subscription amount to member subscription data
2019-05-07 17:35:17 +02:00
Rishabh Garg
daf5a41af0 Added Admin API for deleting members (#10673)
no issue

- Added new API to delete members
- Added methods to handle e2e member deletion
- Deleting member via Admin leads to
  - Removal of member from payment processor and cancelling all active subscriptions immediately
  - Removal of member information from DB
2019-05-07 17:35:17 +02:00
Rish
bc889ae9a0 Refactored members auth flow with dynamic settings
no issue

- Updated members auth flow UI
- Updated members settings and routing to be dynamic
2019-05-07 17:35:17 +02:00
Fabien O'Carroll
25aac1359d Added support for serverside rendering of members content (#10522)
no-issue

- Added member auth middleware to siteApp
- Passed member as context in routing service
- set Cache-Control: private for member requests
- fucked up some tests
- Added member as global template variable
- Updated tokens to have expiry of subscription_period_end
2019-05-07 17:35:17 +02:00
Fabien O'Carroll
121b7d200f Improved Members security and performance (#10511)
no-issue

* Corrected function names for rpc methods

* Updated gateway to store tokens locally

* Fixed lint

* Added hardcoded 30 minute expiry for member tokens

* Added default contentApiAccess config;

* Updated validateAudience method

This is required for security, we need to restrict which domains can access
tokens meant for the content api
2019-05-07 17:35:17 +02:00
Fabien O'Carroll
eb94871b6c Added upgrade page to members auth (#10513)
no-issue
2019-05-07 17:35:17 +02:00
Zimo
3b7d35ed0a Applying basic styles to members popups
no issue
2019-05-07 17:35:17 +02:00
Rish
a06d924493 Updated members modal UI structure
no issue
2019-05-07 17:35:17 +02:00
Rishabh Garg
beeedf7005 Updated signup page for members (#10493)
no issue

* Added new subscribe page with stripe integration
2019-05-07 17:35:17 +02:00
Fabien O'Carroll
464caaf5df Updated product hashseed to be hardcoded (#10484)
no-issue
2019-05-07 17:35:17 +02:00
Fabien O'Carroll
cd674fb470 Added config endpoint to Member API (#10467)
no-issue

* Added getPublicConfig method to stripe payment processor
* Added getPublicConfig method to subscriptions service
* Added initial config endpoint for members api
* Added getConfig method to members gateway
2019-05-07 17:35:17 +02:00
Fabien O'Carroll
88b9f25541 Added initial subscription support with stripe to Members API (#10460)
These changes introduce a new "service" to the members api, which handles getting and creating subscriptions.

This is wired up to get subscription information when creating tokens, and attaching information to the token, so that the Content API can allow/deny access. 

Behind the subscription service we have a Stripe "payment processor", this holds the logic for creating subscriptions etc... in Stripe.

The logic for getting items out of stripe uses a hash of the relevant data as the id to search for, this allows us to forgo keeping stripe data in a db, so that this feature can get out quicker.
2019-05-07 17:35:17 +02:00
Fabien O'Carroll
e1ba916ce6 Refactored auth pages for future flows (#10458)
no-issue

* Used camelCase for gateway method calls
* Added some components for building blocks of forms
* Added input specific components
* Added Form component
    This handles collecting the data to submit and sharing state between forms
* Added Pages component to handle urls
* Added the pages for the popup
* Added MembersProvider component
    This is designed to give its children access to gateway methods
* Added Modal component
    This wraps the pages and handles dispatching form submissions to the members gateway
* Refactored index.js to use new components/pages
* Fixed default page from Signup -> Signin
2019-05-07 17:35:17 +02:00
Rishabh Garg
0b2d70d617 Added new admin API for members (#10435)
no issue

- Added read and browse admin API for members
2019-05-07 17:35:17 +02:00
Rish
740209e2e4 Fixed console getting cleared on dev start
closes https://github.com/TryGhost/Ghost/issues/10409

- Removed `clearConsole` on preact cli
2019-05-07 17:35:17 +02:00
Fabien O'Carroll
5ffdfe9875 Refactored members for management api (#10408)
no-issue
2019-05-07 17:35:17 +02:00
Rish
7ef520c2ea Fixed error handling for members reset password
no-issue

- Both input and form error was shown on submitting reset-password form
- Does not submit form anymore in case of validation errors
2019-05-07 17:35:17 +02:00
Peter Zimon
8d87eedcb4 Members auth ui refinements (#10279)
* Update mobile modal animations
* Member popup input error and placeholder refinements
* Adding close animation to members auth popups
* Improve members auth dialog
* Refine members reset password design
2019-05-07 17:35:17 +02:00
Fabien O'Carroll
99aeda5909 Removed ssoOriginCheck from signout endpoint (#10277)
no-issue

the ssoOriginCheck exists to ensure that we only allow signin/signup to
be called from the specified auth page, this is a very minor security
feature in that it forces signins to go via the page you've designated.
signout however does not need this protection as the call to signout
completely bypasses any UI (this is the same for the call to /token)
2019-05-07 17:35:17 +02:00
Fabien O'Carroll
b219e26ea6 Added members lib module (#10260)
* Added members library inc. gateway

refs #10213

* Added the auth pages and build steps for them

refs #10213

* Cleaned up logs

* Updated gruntfile to run yarn for member auth

* Design refinements on members popups

* UI refinements

* Updated backend call to trigger only if frontend validation passes

* Design refinements for error messages

* Added error message for email failure

* Updated request-password-reset to not attempt to send headers twice

* Updated preact publicPath to relative path

* Build auth pages on init
2019-05-07 17:35:17 +02:00