Commit Graph

41 Commits

Author SHA1 Message Date
Fabien "egg" O'Carroll
69df4b7c05 Added support for dynamic allowSelfSignup config
refs https://github.com/TryGhost/Team/issues/1257

This gets us closer to not having to reload the MembersAPI when config
is changed which will help stop bugs arising from multiple instances of
the MembersAPI being created.
2022-01-10 17:53:30 +02:00
Kevin Ansfield
381e0c1f2a Removed membersAutoLogin labs flag
refs https://github.com/TryGhost/Team/issues/1258

- feature is GA so conditionals are no longer needed
2022-01-04 14:50:24 +00:00
Fabien egg O'Carroll
2e7bb3e67e Handled EENVELOPE errors when generating magic link
refs https://github.com/TryGhost/Team/issues/1259

These errors are thrown by nodemailer and can occur when an invalid
email address is used. Without special handling these cause a 500 error.
2021-12-16 09:25:32 +02:00
Sam Lord
ba2c0818e0 Use @tryghost/logging instead of injected argument 2021-12-02 14:46:58 +00:00
Fabien O'Carroll
47a7bd8555 Disabled auto-login when a success url is provided
refs https://github.com/TryGhost/Team/issues/1067

The auto-login behaviour obliterates the concept of a success URL,
because the Member is redirected in a logged in state, to the welcome
URL - rather than a logged out state to the success URL.

In order to not disrupt existing flows, we disable auto login if a
success URL is provided.
2021-11-05 10:18:43 +02:00
Fabien O'Carroll
a9871f1ab9 Removed references to Offers labs flag
refs https://github.com/TryGhost/Team/issues/1115

This flag is now enabled by default - so we can clean up all uses of it.
2021-11-03 16:13:11 +02:00
Fabien O'Carroll
81868c1850 Added alpha version of auto-login for Members
refs https://github.com/TryGhost/Team/issues/1067

This is the MVP for auto-login of Members, it does not support custom
redirects, and will always just redirect to the same place that the
signin & signup links do. Behind a feature flag whilst we iron out the
functionality.
2021-11-03 10:57:28 +02:00
Fabien O'Carroll
e78b2f80bc Fixed issues with checkout when not using coupon
no-issue

We were incorrectly checking for the existence of a coupon id - instead
we simplify the signature, and make sure the check is correct.
2021-10-21 18:06:36 +02:00
Fabien O'Carroll
efe5164eff Wired up payments service
refs https://github.com/TryGhost/Team/issues/1166

By using the PaymentsService to fetch coupon information - we ensure
that the coupons are created if they're missing. Like in the case of a
Stripe disconnect/connect cycle.
2021-10-21 15:40:55 +02:00
Fabien O'Carroll
c58e83c9d7 Wired up OfferRedemption storage
refs https://github.com/TryGhost/Team/issues/1132

We have to include the Offer on the metadata for the Stripe Checkout -
as Offers with a duration of 'once' will not always be present on the
Subscription after fetching it.

Once we receive the Stripe Checkout webhook we emit an event for
subscription created - the reason we use an event is because this logic
should eventually live in a Payments/Stripe module - and we'd want to
decouple it from the Members module.

The Members module is in charge of writing Offer Redemptions - rather
than the Offers module - because Offer Redemptions are "owned" by a
Member - and merely reference and Offer. Eventually Offer Redemptions
could be replaced by Subscriptions.
2021-10-18 17:26:34 +02:00
Fabien O'Carroll
53d24e501d Fixed Stripe Checkout using Offers
refs https://github.com/TryGhost/Members/commit/5172e40646

When we updated to use the OffersAPI instead of OfferRepository this was
missed, and we were passing blank coupon to Stripe Checkout. This should
eventually be replaced with a call like `getCoupon(offerId)` from a
payments service.
2021-10-14 12:02:39 +02:00
Fabien O'Carroll
9e7891fef7 Restricted archived Offers from being used
refs https://github.com/TryGhost/Team/issues/1133

An archived Offer is intended to be disabled from a redemption point of
view. This ensures that we do not allow Stripe Checkout Sessions to be
created for them.
2021-10-13 11:19:35 +02:00
Fabien O'Carroll
5172e40646 Used OffersAPI over OfferRepository in MembersAPI
no-issue

The OfferRepository deals with domain objects in the Offers module, and
as such is not suitable for use with "external" services. This update
means that MembersAPI can deal with POJO DTOs so that there is not a
dependency on the internals of the Offers module. Just on the contract
it holds with the outside world.
2021-10-13 11:11:12 +02:00
Fabien O'Carroll
afa5363dd4 Fixed Stripe Checkout for monthly Offers
refs https://github.com/TryGhost/Members/commit/504fb1bf

Since we updated the Offer to use Value Objects, we needed to update the
usage here too.
2021-10-08 15:19:59 +02:00
Fabien O'Carroll
f0141f08ff Applied Offers when creating Stripe Checkout Session
refs https://github.com/TryGhost/Team/issues/1090

Instead of the hardcoded 1-day version for Offers, we can now talk
directly to the Offers repository and use the real values for Stripe
Checkout.
2021-10-06 16:12:53 +02:00
Fabien O'Carroll
cd6e87774a Added 1-day version of Offers
refs https://github.com/TryGhost/Team/issues/1090

This 1-day version of Offers allows us to test the full flow of the
Offers feature without having to implement all of it. The focus here is
that we can pass an Offer ID when creating a Stripe Checkout session and
have it apply. Here we use hardcoded Stripe Coupons as we haven't yet
got persistence implemented for Offers & their related Stripe Coupons
2021-09-28 13:39:04 +02:00
Fabien O'Carroll
e93d092766 Fixed handling of invalid tokens when changing email
no-issue

Without a return after ending the response, the code will continue to
attempt to send emails and then send another response which results in
an uncaught error.
2021-09-23 11:12:23 +02:00
Fabien O'Carroll
4e947a88ce Fixed security hole in email address change flow
refs https://github.com/TryGhost/Ghost/security/advisories/GHSA-65p7-pjj8-ggmr

The email address change flow was built on top of the unauthenticated
signin/signup flow. This meant that ownership of the email being changed
wasn't verified and allowed a malicious actore to change the email
address of arbitrary accounts to an email address which they controlled.

We remove the ability to change email addresses from the signin/signup
flow and instead create a dedicated, authenticated flow for changing
email address.
2021-09-22 16:49:17 +02:00
Rishabh
fe4fb78830 Cleaned up stripe-service package usage
no refs

- updates all usages of `stripe-service` package to new correct `members-stripe-service` package
2021-09-22 18:12:40 +05:30
Rishabh
3e54819469 Revert "Updated usage of stripe-service package to members-stripe-service package"
This reverts commit 7363f0769d.
2021-09-22 18:05:41 +05:30
Rishabh
7363f0769d Updated usage of stripe-service package to members-stripe-service package
refs 8b90c93a79
2021-09-22 18:02:50 +05:30
Rishabh
37001c539d Fixed lint
no refs
2021-09-22 16:52:40 +05:30
Rishabh
317caacc0e Updated ingress event handler to use new analytics ingress package
refs https://github.com/TryGhost/Team/issues/1064

- updates handling of member events to use new analytics ingress package which is responsible to ensure storage of event
2021-09-22 16:51:03 +05:30
Rishabh Garg
1f7a455374 Added @tryghost/members-analytics-ingress package (#335)
refs https://github.com/TryGhost/Team/issues/1064

This package will be used as to handle and emit ingress events on new members event endpoint - `/members/api/events`
2021-09-22 16:07:37 +05:30
Fabien O'Carroll
7a401e5253 Used @tryghost/stripe-service in @tryghost/members-api
no-issue

This finalises the extraction of the StripeAPIService to a separate
package!
2021-09-13 14:38:40 +02:00
Fabien O'Carroll
caf059cd7e Added WellKnownController and exposed jwks.json
refs https://github.com/TryGhost/Team/issues/664

The well known controller is designed to handle any requests to the
/.well-known endpoint where the members app is mounted. The first and
only requirement so far is that we expose a JSON Web Key Set so that
external services are able to validate Members JWT's
2021-07-19 13:51:58 +01:00
Rishabh
aa19008651 Fixed incorrect import path
no refs
2021-07-14 20:01:29 +05:30
Fabien O'Carroll
d51fdc3f4a Moved code out of index.js in directories
refs https://github.com/TryGhost/Team/issues/879
2021-07-14 14:17:38 +01:00
Fabien O'Carroll
e39016423e Removed calls to console.log
refs https://github.com/TryGhost/Team/issues/879
2021-07-14 12:05:07 +01:00
Fabien O'Carroll
dd8376dd90 Restricted Stripe Checkout to members without products
refs https://github.com/TryGhost/Team/issues/858

Replacing the check for subscriptions with products ensures that Stripe
Checkout is not able to be opened by comped members.
2021-07-06 12:59:32 +01:00
Daniel Lockyer
21ec26ea08 Removed used of ghost-ignition dependency
no issue

- we're killing off `ghost-ignition` in favor of explicit packages
  containing its individual components
- this commit switches the Members repo to using the
  `@tryghost/ignition-errors` and `@tryghost/debug` dependencies,
  updates the code with relevant changes and removes the `ghost-ignition`
  dependency
2021-06-29 21:43:05 +01:00
Rishabh
3a27d1bd0c Updated APIs to use price ids
refs https://github.com/TryGhost/Team/issues/637

All the APIs that currently work with price names needs to be updated to work with price ids instead to work with custom prices/products. This change updates APIs to work with Price IDs in `checkout` , `updateSubscription` and other APIs/methods.
2021-05-04 21:52:51 +05:30
Fabien O'Carroll
a302ff1597 Added support for smart_cancel options
https://github.com/TryGhost/Team/issues/530

This option will check to see if a subscription is in an unpaid or past
due state, and if so, will cancel the subscription immediately, rather
than cancelling at the period end.
2021-03-30 10:36:45 +01:00
Fabien 'egg' O'Carroll
3ed10ecdf6 Added tests for updateSubscription
refs https://github.com/TryGhost/Team/issues/530

The RouterController was a grab bag of all controller methods, making it
difficult to mock & test. This adds a MemberController with a smaller
API - making it easier to test.
2021-03-25 12:19:01 +00:00
Fabien 'egg' O'Carroll
2fb6708944 🐛 Fixed issues when updating payment method (#247)
refs https://github.com/TryGhost/Team/issues/479

* Fixed updating payment method for canceled subscriptions

Stripe considers canceled subscriptions as non-existent, so any attempts
to update them will fail with a 404 not found. Prior to this change we
were attempting to update *all* subscriptions for a customer, including
those which were canceled. This would cause an error and the loop to
break.

* 🐛 Fixed errors for members with multiple active customers

Members with multiple active customers would have their first active
customer found updated with the new payment method. We would then
iterate through *all* active subscription, and attempt to update their
payment method. If a subscription was not owned by the customer that was
just updated, it would error and cause the loop to break out.

* Added ability to update a specific subscription's payment method

In order to remove ambiguity we add the ability to update the payment
method for a specific subscription. This will remove room for errors as
we will not have to worry about if a subscription belong to the customer
or not.
2021-02-23 11:19:21 +00:00
Rish
4b4a990e1d Fixed default urls for checkout session
no-issue
related to ef9cb0862c

In the last patch which fixes the bug for not passing custom redirect urls when a checkout session is created, we missed updating the case where a logged in member tries to update the subscription.
2021-02-01 10:24:16 +05:30
Fabien 'egg' O'Carroll
ef9cb0862c Passed default URLs when creating checkout session (#235)
* Passed default URLs when creating checkout session

no-issue

This fixes a bug when a checkout session is created without passing
custom redirect URLs
2021-01-27 15:19:09 +00:00
Fabien O'Carroll
a8782054ba Fixed Stripe Checkout displaying member email
no-issue
2021-01-26 11:26:57 +00:00
Fabien O'Carroll
0268bee13e Fixed checks for if Stripe is configured
no-issue
2021-01-26 11:26:28 +00:00
Fabien O'Carroll
6412cfe3c6 Fixed error responses when missing data
no-issue

We should error early when recieving a request that does not contain the
required data.
2021-01-19 10:42:41 +00:00
Fabien 'egg' O'Carroll
e3ef01932f Refactor members-api (#231)
no-issue

This refactors the members-api module so that it is easier to test going forward,
as well as easier to understand & navigate. The Stripe API no longer contains
storage code, this is all handled via the member repository. And we have dedicated
services for webhooks, and stripe plans initialisation.
2021-01-18 13:55:40 +00:00