1
0
mirror of https://github.com/TryGhost/Ghost.git synced 2024-12-22 18:31:57 +03:00
Commit Graph

933 Commits

Author SHA1 Message Date
Fabien O'Carroll
5fc0646d5e Published new versions
- @tryghost/members-api@1.22.0
2021-07-19 13:58:43 +01:00
Fabien O'Carroll
caf059cd7e Added WellKnownController and exposed jwks.json
refs https://github.com/TryGhost/Team/issues/664

The well known controller is designed to handle any requests to the
/.well-known endpoint where the members app is mounted. The first and
only requirement so far is that we expose a JSON Web Key Set so that
external services are able to validate Members JWT's
2021-07-19 13:51:58 +01:00
Rishabh
97be7ca3db Published new versions
- @tryghost/members-api@1.21.0
2021-07-19 17:23:50 +05:30
Rishabh
069accdbe8 Fixed stripe migration to avoid complimentary prices as monthly/yearly price
closes https://github.com/TryGhost/Team/issues/778

- cleans up the stripe migration to add default monthly/yearly prices for sites, which had a possibility of using complimentary (0 amount prices) in edge cases
- adds missing return in the same migration for an unlikely failure to parse stripe plans
2021-07-19 16:20:12 +05:30
Fabien O'Carroll
ceec3efe6a Published new versions
- @tryghost/magic-link@1.0.7
 - @tryghost/members-api@1.20.3
 - @tryghost/members-ssr@1.0.7
2021-07-15 18:19:11 +01:00
Fabien O'Carroll
128ce5db9a Published new versions
- @tryghost/members-api@1.20.2
2021-07-15 18:08:17 +01:00
Fabien O'Carroll
15915a6040 Fixed index.js require
no-issue
2021-07-15 18:06:45 +01:00
Fabien O'Carroll
fe668113b1 Published new versions
- @tryghost/members-api@1.20.1
2021-07-15 18:03:59 +01:00
Fabien O'Carroll
02766afedd Moved MembersAPI.js into lib
no-issue

The previous published version was broken as we only include index.js
and the lib directory in the npm package
2021-07-15 18:01:53 +01:00
Fabien O'Carroll
d59051c104 Published new versions
- @tryghost/magic-link@1.0.6
 - @tryghost/members-api@1.20.0
 - @tryghost/members-csv@1.1.2
 - @tryghost/members-ssr@1.0.6
2021-07-15 16:34:02 +01:00
Fabien O'Carroll
d427e72b1c Fixed created_at dates for member event objects
refs https://github.com/TryGhost/Team/issues/542

Importing members with a created_at date will incorrectly create events
for the member for the date of the import. This updates our event
handling to use either the passed created_at date, or in the case of
subscriptions the start_date of the subscription. We're using start_date
for subscriptions rather than created, as this is more accurate because
start_date works correctly for backdated subscriptions in Stripe.
2021-07-15 15:20:16 +01:00
Rishabh
aad662267c Added migration to remove invalid subscriptions
closes https://github.com/TryGhost/Team/issues/660

All subscriptions in Ghost are expected to have a corresponding price details in `stripe_price` table, which is used to determine the Stripe price a subscription is on. In some edge cases, specially before we started deleted old Stripe data during Stripe disconnect, it's possible that a subscription exists in DB without having a corresponding Stripe price in the DB. These subscriptions are not active for the connected Stripe account, and are save to remove. Going forward, all existing subscriptions with connected account will be removed when disconnecting stripe so we shouldn't have invalid subscriptions in DB in future.

The goal of this migration is to clean all such subscriptions from the DB to avoid any issues around missing price with invalid subscriptions.
2021-07-14 20:12:39 +05:30
Rishabh
aa19008651 Fixed incorrect import path
no refs
2021-07-14 20:01:29 +05:30
Fabien O'Carroll
3e1084905e Removed usage of raw Error class
refs https://github.com/TryGhost/Team/issues/879
2021-07-14 14:17:38 +01:00
Fabien O'Carroll
d51fdc3f4a Moved code out of index.js in directories
refs https://github.com/TryGhost/Team/issues/879
2021-07-14 14:17:38 +01:00
Fabien O'Carroll
13943e9746 Moved MembersAPI out of index.js
refs https://github.com/TryGhost/Team/issues/879
2021-07-14 14:17:38 +01:00
Renovate Bot
223ee56647 Update Test & linting packages 2021-07-14 14:12:12 +01:00
Fabien O'Carroll
e39016423e Removed calls to console.log
refs https://github.com/TryGhost/Team/issues/879
2021-07-14 12:05:07 +01:00
Fabien O'Carroll
6083e4825f Removed trailing commas from .eslintrc.js
refs https://github.com/TryGhost/Team/issues/879
2021-07-14 12:04:46 +01:00
Fabien O'Carroll
8af799bdc9 Published new versions
- @tryghost/members-api@1.19.0
2021-07-06 13:47:38 +01:00
Fabien O'Carroll
dd8376dd90 Restricted Stripe Checkout to members without products
refs https://github.com/TryGhost/Team/issues/858

Replacing the check for subscriptions with products ensures that Stripe
Checkout is not able to be opened by comped members.
2021-07-06 12:59:32 +01:00
Fabien O'Carroll
9841a33c83 Published new versions
- @tryghost/members-api@1.18.1
2021-07-06 11:54:12 +01:00
Fabien O'Carroll
12a3ae77cf Fixed creating members without products
refs https://github.com/TryGhost/Team/issues/790

We were missing a check for the existence of memberData.products before
attempting to read the length property from it, which can result in an
Uncaught TypeError
2021-07-06 11:52:08 +01:00
Fabien O'Carroll
7545e67f2c Published new versions
- @tryghost/magic-link@1.0.5
 - @tryghost/members-api@1.18.0
 - @tryghost/members-csv@1.1.1
 - @tryghost/members-ssr@1.0.5
2021-07-06 11:18:01 +01:00
Fabien O'Carroll
631e78631f Updated linkSubscription to handle comped status
refs https://github.com/TryGhost/Team/issues/790

When linking a subscription to a member we must also update their
status. We could be in one of many states, so we start with the initial
values of either 'free' or 'comped' based on whether the member has any
products. We then make sure to updated the status to 'paid' if we find
any active subscriptions associated with the member, otherwise we leave
it as the initial value.
2021-07-06 11:14:49 +01:00
Fabien O'Carroll
8d8d886705 Supported comped status for create/update methods
refs https://github.com/TryGhost/Team/issues/790

Both creating and updating members only ever need to explicitly set
either the 'comped' or 'free' status as these methods do not deal with
Stripe. When updating a member if the products are not changing, we do
not attempt to change the status either.
2021-07-06 11:14:49 +01:00
Renovate Bot
7f71e28392 Update dependency nock to v13.1.0 2021-06-29 21:43:45 +01:00
Daniel Lockyer
21ec26ea08 Removed used of ghost-ignition dependency
no issue

- we're killing off `ghost-ignition` in favor of explicit packages
  containing its individual components
- this commit switches the Members repo to using the
  `@tryghost/ignition-errors` and `@tryghost/debug` dependencies,
  updates the code with relevant changes and removes the `ghost-ignition`
  dependency
2021-06-29 21:43:05 +01:00
Fabien O'Carroll
5ea642c8c1 Published new versions
- @tryghost/members-api@1.17.0
2021-06-29 15:14:10 +01:00
Fabien O'Carroll
1fbbdcfc2e Included benefits with products when writing
refs https://github.com/TryGhost/Team/issues/806

This allows API consumers to not need to pass an `includes` for benefits
when creating or updating products.
2021-06-29 15:06:35 +01:00
Fabien O'Carroll
4ea7cdc8fe Published new versions
- @tryghost/members-api@1.16.0
2021-06-24 17:13:56 +01:00
Fabien O'Carroll
57233f7295 Updated ProductRepository to support benefits
refs https://github.com/TryGhost/Team/issues/806

We need to explicitly pass data through to the model layer so that the
benefits relation can be handled.
2021-06-24 16:53:56 +01:00
Fabien O'Carroll
45c3de71d6 Published new versions
- @tryghost/magic-link@1.0.4
 - @tryghost/members-api@1.15.0
 - @tryghost/members-ssr@1.0.4
2021-06-16 18:25:48 +01:00
Fabien O'Carroll
83d25f71f4 Restricted Members to only one Product
refs https://github.com/TryGhost/Team/issues/748

This ensures that you cannot add more than one product to a Member.

However it does allow a Member which already exists with more than one
Product to continue using the API. This is to account for edgecases such
as a Member going through the Stripe flow twice and ending up with
multiple subscriptions for multiple products
2021-06-16 15:50:42 +01:00
Fabien O'Carroll
54c3340503 Used tpl & errors packages in MemberRepository
no-issue

Cleaning up this file to be adhere with our new standard for errors.
2021-06-16 15:50:42 +01:00
Fabien O'Carroll
5ad0c624e3 Required no active subscriptions when modifying products
refs https://github.com/TryGhost/Team/issues/748

This ensures that a member cannot be attached to a product directly if
they have active subscriptions.
2021-06-16 15:50:42 +01:00
Fabien O'Carroll
9079a9b9e0 Fixed products being removed when canceling subscriptions
refs https://github.com/TryGhost/Team/issues/748

Previously when a change happened to a subscription the member's
products would be reset purely based on the subscriptions. Since we now
support setting products outside of subscriptions, we must make sure
than a change to a subscription will only affect the product for which
the subscription was for
2021-06-16 15:50:42 +01:00
Fabien O'Carroll
5a74c614c5 Updated event storage to use sharedOptions
no-issue

This makes sure that DB operations can be performed in the same
transaction
2021-06-16 15:50:42 +01:00
Fabien O'Carroll
d064a1ea82 Checked existing subscriptions when updating products
refs https://github.com/TryGhost/Team/issues/748

This ensures that products are not removed from members who have an
active subscription for them.
2021-06-16 15:50:42 +01:00
Fabien O'Carroll
11067c4b08 Updated create & update to accept products
refs https://github.com/TryGhost/Team/issues/748

This allows us to start modifying products directly in order to give
complimentary access without using Stripe
2021-06-16 15:50:42 +01:00
Renovate Bot
f6e12a3da7 Update dependency ghost-ignition to v4.6.3 2021-06-15 18:28:07 +00:00
Fabien O'Carroll
30f835b511 Published new versions
- @tryghost/members-api@1.14.0
2021-06-10 17:15:55 +01:00
Fabien O'Carroll
a4dcb66080 Updated cancelSubscription to take member id
refs https://github.com/TryGhost/Team/issues/775

Exposing this to the Admin API means that we want to be able to cancel
by id, not just email. The same pattern from editSubscription has been
used.
2021-06-10 17:10:58 +01:00
Rishabh
b2fccb2e34 Published new versions
- @tryghost/members-api@1.13.1
2021-06-04 17:18:06 +05:30
Rishabh
d37a470f20 Removed redundant portal plans setting migration
refs 7d8e18c802

Since we have now gone back to using `monthly` / `yearly` named values in portal plan settings instead of price ids, the old portal plan migration which was converting named values to ids is now redundant. Moreoever, the old migration is incorrectly resetting the `portal_plans` setting to `[free]` by removing the paid plans as its not found in `stripePlans` setting anymore.
2021-06-04 17:15:05 +05:30
Rishabh
daeacfbd89 Removed setting existing legacy prices to inactive
refs fd40e04105

The current implementation of setting legacy prices as inactive has a bug where it also sets the active price to inactive if only one of monthly/yearly price is edited while the other is not changed. This is a temporary reversal till we can narrow down the issue and fix to correctly set legacy plans to inactive.
2021-06-04 12:20:22 +05:30
Rishabh
7d8e18c802 Added migration to revert portal_plans setting to named values
closes https://github.com/TryGhost/Team/issues/753

Currently, the portal_plans setting is storing price ids for active monthly/yearly prices for the default product, which was done to allow multiple prices in Portal. Since we only want to limit the prices for a Product to monthly/yearly, we are reverting the earlier migration and only store the available prices as monthly / yearly in portal setting instead of ids. Its also in sync with the approach in theme/API where we use named prices for monthly/yearly instead of price id list.
2021-06-04 12:14:57 +05:30
Fabien O'Carroll
bf4467753a Published new versions
- @tryghost/members-api@1.13.0
2021-06-03 14:46:02 +01:00
Fabien O'Carroll
fd40e04105 Handled monthly and yearly prices in product repo
refs https://github.com/TryGhost/Team/issues/712

This allows prices to be created and assigned to a product as the
default monthly or yearly price.
2021-06-03 14:45:36 +01:00
Fabien O'Carroll
601d40320e Published new versions
- @tryghost/members-api@1.12.0
 - @tryghost/members-csv@1.0.1
2021-06-02 09:57:04 +01:00
Fabien O'Carroll
f660405937 Populated {monthly,yearly}_price_id from settings
refs https://github.com/TryGhost/Team/issues/711

As this migration relies on the settings being populated, it cannot be a
standard migration in Ghost core, as the settings are populated by these
code migrations.
2021-06-02 09:04:54 +01:00
Fabien O'Carroll
c84d7c7c10 Published new versions
- @tryghost/members-api@1.11.1
2021-05-24 17:42:33 +01:00
Fabien O'Carroll
a126764dcd Updated error message for Stripe not connected
refs https://github.com/TryGhost/Team/issues/704

This improves the error messaging by explaining exactly what the problem
is and including a link to our documentation
2021-05-24 17:41:49 +01:00
Fabien O'Carroll
bac55fcfb7 Published new versions
- @tryghost/magic-link@1.0.3
 - @tryghost/members-api@1.11.0
 - @tryghost/members-ssr@1.0.3
2021-05-24 10:34:04 +01:00
Fabien O'Carroll
6fb7b46f39 Uninstalled jsdom
no-issue

This package is no longer used
2021-05-24 10:32:26 +01:00
Renovate Bot
bc99b1810d Update dependency nock to v13 2021-05-24 10:23:22 +01:00
Renovate Bot
26e3834d59 Pin dependency @types/node-jose to 1.1.6 2021-05-24 10:22:07 +01:00
Fabien O'Carroll
40012160ed Errored when Stripe connection is missing and used
refs https://github.com/TryGhost/Team/issues/704

Currently when attempting to create stripe_prices without a Stripe
connection, it will fail silently. This is an issue when initially
configuring Members as the Stripe connection can take some time to be
established. By erroring we allow the client to be notifed that the
connection does not yet exist, so that it can be retried later.
2021-05-24 10:19:55 +01:00
Fabien O'Carroll
7ba838cf4c Published new versions
- @tryghost/members-api@1.10.0
2021-05-20 17:38:21 +01:00
Fabien O'Carroll
98fe7785d6 Handled week & day interval for calculating MRR
refs https://github.com/TryGhost/Team/issues/635

It's possible that we have subscriptions in the system which have been
created externally, and so using an interval of week or day. This change
ensures that we handle the mrr_delta for these subscriptions correctly.
2021-05-20 16:56:14 +01:00
Fabien O'Carroll
f3ecb44e08 Updated migration to use getPrice method
refs https://github.com/TryGhost/Team/issues/657

Since we have removed the getPlan method we need to update the migration
which is the last piece of code which used it. Prices are backwards
compatible with Plans - so this will continue to work as expected.
2021-05-20 15:35:58 +01:00
Fabien O'Carroll
1b628a1637 Refactored Token Service to use async/await
refs https://github.com/TryGhost/Team/issues/657

- Removes the use of "plans" from token service - method wasn't used
- Updates to use async/await so the code is clearer
- Install types for the node-jose module
- Install types for the jsonwebtoken module
2021-05-20 15:18:46 +01:00
Fabien O'Carroll
10b40dfd16 Added comment for deprecation of plan_from_trial
refs https://github.com/TryGhost/Team/issues/657

We must still use the "plan" approach of creating Checkout Sessions so
that we are able to maintain our current functionality of setting the
free trial from the one associated with the Plan/Price used for the
Checkout Session.

In future we would handle free trials internally in Ghost and apply them
on a subscription-by-subscription basis.
2021-05-20 15:15:33 +01:00
Fabien O'Carroll
16b984e2f6 Fixed types for StripeAPIService
no-issue
2021-05-20 15:15:24 +01:00
Fabien O'Carroll
162722b9d3 Removed unused plan related code
refs https://github.com/TryGhost/Team/issues/657

This code is no longer used since we got rid of the StripePlans service
2021-05-20 15:14:24 +01:00
Fabien O'Carroll
98e6ba8028 Published new versions
- @tryghost/members-api@1.9.0
2021-05-20 12:13:13 +01:00
Fabien O'Carroll
26e2cb98e9 Removed environment checks from webhook service
refs https://github.com/TryGhost/Team/issues/598
refs https://github.com/TryGhost/Ghost/commit/5cdf910e

Since we have included these checks in the Ghost codebase we do not need
to run them here.
2021-05-20 12:11:43 +01:00
Fabien O'Carroll
0d3014a87a Published new versions
- @tryghost/members-api@1.8.0
2021-05-19 15:28:17 +01:00
Fabien O'Carroll
ee32528006 Populated members_{monthly,yearly}_price_id settings
refs https://github.com/TryGhost/Team/issues/698

As this migration relies on the `stripe_prices` table being populated,
it can not be in a standard versioned migration in Ghost core.
2021-05-19 15:16:15 +01:00
Fabien O'Carroll
81d96bbdd3 Published new versions
- @tryghost/members-api@1.7.0
2021-05-17 14:52:46 +01:00
Fabien O'Carroll
25d3d42427 Removed use of 'comped' status for Members
refs https://github.com/TryGhost/Team/issues/693

With the new system of Custom Products, the concept of Complimentary is
not longer a thing, and will instead be handled by explicitly creating
prices with no amount. This means that the 'comped' status for members
will be replaced with 'paid'.
2021-05-17 13:06:41 +01:00
Fabien O'Carroll
3beb1b21e7 Published new versions
- @tryghost/members-api@1.6.1
2021-05-11 12:06:56 +01:00
Fabien O'Carroll
d5269d8a9a Fixed finding newly created zero-amount price
no-issue

The condition in the find statement was incorrecly referring to the
subscription rather than the price for the subscription.
2021-05-11 10:58:41 +01:00
Fabien O'Carroll
12d4e42bb1 Published new versions
- @tryghost/members-api@1.6.0
2021-05-10 20:18:43 +01:00
Fabien O'Carroll
d32e44c73b Mapped Stripe Product name to Product name
closes https://github.com/TryGhost/Team/issues/682

This ensures that the Stripe Product name is updated during the
migrations of an existing site and any future updates to the Product
name.
2021-05-10 19:21:41 +01:00
Fabien O'Carroll
15b535fd45 Removed unused stripe-plans service
no-issue

This module is no longer used!
2021-05-10 19:21:41 +01:00
Fabien O'Carroll
45d338730c Updated webhook service to work with multiple products
no-issue

Since we do not necessarily have a single stripe product anymore, we
should be checking if an invoice webhook is for a stripe product which
we know about. We use the Products repository to search our database for
one.
2021-05-10 19:21:41 +01:00
Fabien O'Carroll
a3f7f3d1a0 Updated setComplimentary to work with new system
closes https://github.com/TryGhost/Team/issues/650

Despite the fact we're getting rid of the concept of Complimentary, we
must maintain backwards compatibility for the `comped` flag in the Admin
API & the importer. This flag is handled via the `setComplimentary`
method, which has been updated to work with the new system.
2021-05-10 19:21:32 +01:00
Kevin Ansfield
cdd52917fd Published new versions
- @tryghost/members-api@1.5.0
2021-05-10 12:07:00 +01:00
Kevin Ansfield
2f7664e1a8 Added labels and products to fetched member identity data ()
refs https://github.com/TryGhost/Team/issues/581
refs https://github.com/TryGhost/Team/issues/582

Content gating in Ghost is being expanded from basic public/members/free/paid to allowing full NQL queries. To facilitate quick matching of a member to the visibility query we need details of the associated labels and products alongside the basic member data.
2021-05-10 11:46:34 +01:00
Kevin Ansfield
ca473fc273 🐛 Fixed potential member data loss when assigning geolocation data
no issue

- `setMemberGeolocationFromIp()` was passing a raw model instance through to `users.update()` rather than a data object causing the `model.edit()` call to overwrite existing data such as labels because `modelInstance.labels` is a function rather than an array
- removed unnecessary `withRelated: ['labels']` as it's not necessary for the update, member data is fetched again with all necessary includes by `getMemberIdentityData()` before returning
2021-05-10 11:24:10 +01:00
Renovate Bot
40aabc7539 Update dependency node-jose to v2 2021-05-07 18:08:16 +01:00
Fabien O'Carroll
f2123d07db Added support for un/archiving Prices
https://github.com/TryGhost/Team/issues/665

We update both Stripe and our database based on the `active` flag for
existing stripe prices.
2021-05-07 17:01:00 +01:00
Rishabh
1dd2c4f656 Added prices object to logged in member's identity data
refs https://github.com/TryGhost/Team/issues/637

As we move away from `plan` data to `prices`, this change updates member identity data to include `prices` object in subscriptions object to get the price data for subscription instead of relying on `plan` data.
2021-05-06 15:27:01 +05:30
Rishabh
aa640ada5e Added migration for stripe plans to custom prices
refs https://github.com/TryGhost/Team/issues/637

- Adds one-off migration that reads from current `stripe_plans data` for a price, and ensures that the corresponding price is present in `stripe_prices` table at start.
- Currently, the portal_plans setting is used to determine the prices available to Portal for showing on Signup or Subscription change screen. The values allowed in portal_plans currently only allow [free, monthly, yearly] , which needs to be updated now to store price ids of available prices instead. Uses above migration to populate `portal_plans` with ids instead of names.
2021-05-04 21:52:51 +05:30
Rishabh
460dd09f8b Added description to product repository
refs https://github.com/TryGhost/Team/issues/586
refs https://github.com/TryGhost/Ghost/commit/b4d9ee0b

The `products` and `stripe_prices` were missing a description
column which will be used by Portal to display information about the
products and prices
2021-05-04 21:52:51 +05:30
Rishabh
3a27d1bd0c Updated APIs to use price ids
refs https://github.com/TryGhost/Team/issues/637

All the APIs that currently work with price names needs to be updated to work with price ids instead to work with custom prices/products. This change updates APIs to work with Price IDs in `checkout` , `updateSubscription` and other APIs/methods.
2021-05-04 21:52:51 +05:30
Fabien O'Carroll
fabff2e7e1 Published new versions
- @tryghost/members-api@1.4.0
2021-04-26 17:18:24 +01:00
Fabien O'Carroll
4e98c62b71 Fixed update method for Products repository
no-issue

When updating a Product we can pass existing Stripe Prices, these will
either be adding to the database, or updated if they already exist. When
updating them we were attemping to use the `id` passed in the update,
which is not necessarily included. Instead we should use the `id` of the
StripePrice which we have already retrieved from the database.
2021-04-26 17:15:17 +01:00
Fabien O'Carroll
20e5dcc91d Added createSubscription method to member repo
refs https://github.com/TryGhost/Team/issues/616

This is a generic method for adding a subscription to a member for a
particular price/product pair. This will be used in the Admin for e.g.
giving complimentary subscriptions.
2021-04-23 17:34:04 +01:00
Rishabh Garg
a08690363e Updated product repo to allow editing price names ()
refs https://github.com/TryGhost/Team/issues/616

For existing prices linked to a Product, we only allow site owners/admins to edit their nickname and nothing else. This change handles the update in Ghost, but needs extension to update the name in Stripe as well.
2021-04-23 21:46:07 +05:30
Rish
4c7860483e Published new versions
- @tryghost/members-api@1.3.2
2021-04-22 21:53:08 +05:30
Rishabh Garg
42ade8fd12 Updated customer fetch from Stripe to include subscriptions ()
closes https://github.com/TryGhost/Team/issues/628
refs 9010a62d54

Following up on last commit, this moves up the expansion of Stripe customer fetch to always include `subscriptions` by default in api service so we don't accidentally miss it.
2021-04-22 21:51:01 +05:30
Rish
9010a62d54 🐛 Fixed members importer failing to link paid subscriptions
no refs

The latest version of Stripe doesn't return the `subscriptions` object on `Customer` resource by default and needs an extra param to do so. As we recently updated Members to use the latest Stripe version, the importer tries to fetch all subscriptions of a customer to map in Ghost but was failing due to missing `subscriptions` data. Fix updates the Stripe API to include `subscriptions` by default in response.
2021-04-22 21:22:23 +05:30
Rish
881077ad9d Published new versions
- @tryghost/members-api@1.3.1
2021-04-22 11:50:32 +05:30
Rish
c612b4d194 Ignored missing plans on Stripe for update
refs https://github.com/TryGhost/Team/issues/591

It's possible to have sites which still have subscriptions in their DB from old Stripe accounts, most likely added when we allowed Stripe Direct, as those subscriptions were not cleaned up. While populating plans and products for existing subscriptions, we want to ignore these old subscriptions which are not part of current Stripe account.
2021-04-22 11:49:08 +05:30
Rish
25a1f7d0b4 Published new versions
- @tryghost/magic-link@1.0.2
 - @tryghost/members-api@1.3.0
 - @tryghost/members-ssr@1.0.2
2021-04-20 17:23:04 +05:30
Rishabh Garg
bee619c123 Updated link subscription to handle missing stripe data ()
refs https://github.com/TryGhost/Team/issues/619

On linking a stripe subscription to a member, this change -

- Adds missing stripe price or stripe product from subscription to DB
  - Missing Stripe price is attached to the first Ghost Product if no matching Product exists
- Updates usage from plan to price in the `linkSubscription` method
- Updates products associated with a member based on active subscriptions
2021-04-20 17:21:16 +05:30
Fabien 'egg' O'Carroll
dc0e5b0ec8 Wired up ProductRepository to members-api
refs https://github.com/TryGhost/Team/issues/616

Working with ProductRepository as a separate package was more trouble
than it was worth, so it's been moved into members-api. We expose the
product repository so that Ghost Admin API can access it.
2021-04-19 15:09:28 +01:00
Renovate Bot
bd3b3738e5 Update dependency ghost-ignition to v4.6.2 2021-04-19 05:22:28 +00:00
Rishabh Garg
836b7f235e Populate stripe prices and products for existing customers ()
refs https://github.com/TryGhost/Team/issues/586

On Ghost Boot, as part of configuring Stripe, this populates stripe products and prices for existing stripe customers in the newly created `stripe_prices` and `stripe_products` table, which allows us to map existing customers to default Ghost product and on current prices. The population script on boot is only run if we find -

- A Ghost Product
- No rows in `stripe_products`
- No rows in `stripe_prices`
- One or more rows in `members_stripe_customers_subscriptions`
2021-04-12 20:38:01 +05:30
Fabien O'Carroll
3f6498c12f Published new versions
- @tryghost/members-api@1.2.0
 - @tryghost/product-repository@0.1.1
2021-04-12 15:31:32 +01:00
Rishabh Garg
72e097cdc2 Updated Stripe major version and types ()
refs https://github.com/TryGhost/Team/issues/593

- Bumps `stripe` node library major version to v8 - 8.142
- Bumps default Stripe version to latest - '2020-08-27'
- Updated webhook Stripe version to latest - '2020-08-27'
- Removes `@types/stripe` in favor of first-class types support in `stripe` lib directly
- Updates types across files
2021-04-09 21:11:16 +05:30
Rish
6a05d55e5d Published new versions
- @tryghost/magic-link@1.0.1
 - @tryghost/members-api@1.1.1
 - @tryghost/members-ssr@1.0.1
2021-04-06 18:44:44 +05:30
Rish
d4488b5e59 🐛 Fixed incorrect mrr delta calculation
refs https://github.com/TryGhost/Team/issues/595

For a canceled subscription, the desired MRR delta is to reduce by negative of original amount, but our logic was incorrectly reducing it by double which led to big gap between real MRR and one shown on Dashboard.

- Fixes calculation for MRR change for canceled subscriptions
2021-04-06 18:42:55 +05:30
Renovate Bot
d5c893ca5b Update dependency ghost-ignition to v4.6.1 2021-03-31 14:45:04 +00:00
Fabien O'Carroll
bd80fa6fde Published new versions
- @tryghost/members-api@1.1.0
2021-03-30 12:18:36 +01:00
Fabien O'Carroll
999acc60d7 Added support for updating subscription by id
no-issue

The Admin API uses a Member id rather than email to update
subscriptions, this ensures that we provide an interface that will
continue to work with the Admin API
2021-03-30 11:00:41 +01:00
Fabien O'Carroll
e2a46863d8 Updated MemberRepostitory with subscription methods
https://github.com/TryGhost/Team/issues/530

These are required by the smart_cancel functionality
2021-03-30 10:36:49 +01:00
Fabien O'Carroll
a302ff1597 Added support for smart_cancel options
https://github.com/TryGhost/Team/issues/530

This option will check to see if a subscription is in an unpaid or past
due state, and if so, will cancel the subscription immediately, rather
than cancelling at the period end.
2021-03-30 10:36:45 +01:00
Fabien O'Carroll
c1f5216646 Updated members-api tests to use 'dot' reporter
no-issue

This makes it much easier to see which tests have failed & why
2021-03-30 10:36:45 +01:00
Fabien O'Carroll
48ad254df3 Added tests for smart_cancel param
refs https://github.com/TryGhost/Team/issues/530
2021-03-30 10:36:17 +01:00
Fabien 'egg' O'Carroll
3ed10ecdf6 Added tests for updateSubscription
refs https://github.com/TryGhost/Team/issues/530

The RouterController was a grab bag of all controller methods, making it
difficult to mock & test. This adds a MemberController with a smaller
API - making it easier to test.
2021-03-25 12:19:01 +00:00
Fabien O'Carroll
0629791824 Published new versions
- @tryghost/magic-link@1.0.0
 - @tryghost/members-api@1.0.0
 - @tryghost/members-csv@1.0.0
 - @tryghost/members-ssr@1.0.0
2021-03-10 17:23:30 +00:00
Rish
cac4ca14ff Added check for plan nickname to exist
no-issue

When seeding the database with fake members & stripe data, it's possible
to create stripe plans without a nickname. Similarly some other services
do not have a nickname on their plans. This ensures that we do not error
when working with these plans.
2021-03-10 17:15:16 +00:00
Fabien O'Carroll
907ccd9f34 Fixed creating events within transaction
no-issue

If we are to perform the `linkSubscription` method inside of a
transaction, the addition of the paid subscription events would happen
outside of the transaction, and cause errors. This ensures that we pass
the options object (containing the transaction) to the models calls to
add paid subscription events
2021-03-10 17:15:16 +00:00
Fabien O'Carroll
9be1d2de4f Updated invoice webhook handling for payment events
no-issue

1. We do not want to store payment events for payments of 0 value
2. Stripe webhooks can arrive and be processed "out of order", which can
   result in us attempting to add a payment event for a member which
   does not yet exist. The change here will 404 in such (edge) cases, so
   that Stripe will retry the webhook at a later point, when the Member
   has been created, allowing us to store the payment event.
2021-03-10 17:15:16 +00:00
Renovate Bot
5506406dbf Update dependency ghost-ignition to v4.5.4 2021-03-08 02:15:38 +00:00
Fabien O'Carroll
1602aa2d98 Published new versions
- @tryghost/members-api@1.0.0-rc.5
2021-03-05 13:03:31 +00:00
Fabien O'Carroll
d662003fdb Updated status events to happen before subscribed events
no-issue

Given that status events are used to determine signup events,
they should be the first event for a member.
2021-03-05 12:59:05 +00:00
Fabien O'Carroll
58c9c1c649 Cleaned newsletter subscription events from timeline
refs https://github.com/TryGhost/Team/issues/469

In order to reduce noise, we want to only display newsletter
subscription events which are not likely to be the result of a member
signup. The approach we've taken is to remove any newsletter
subscription (not unsubscription) event, if when sorted in chronological
order, it is to reside next to a signup event for the same member.

An improvement to this approach might be to add some kind of transaction
id  to events which would allow us to group together events which should
be considered to have happened simultaneously.
2021-03-05 12:59:05 +00:00
Fabien O'Carroll
e003c10e8b Added signup_events to the event timeline
refs https://github.com/TryGhost/Team/issues/469

Signup events are captured by status changes with no `from_status`, this
means that the member did not have a status (did not exist) before this
change.
2021-03-05 12:59:05 +00:00
Fabien O'Carroll
c8eb50bf57 Fixed ordering of event timelime
refs https://github.com/TryGhost/Team/issues/469

We order the set of all events by created_at, but were not fetching the
individual events with the same order applies, this resulted in
incorrect results.
2021-03-05 12:57:50 +00:00
Fabien O'Carroll
095c624172 🐛 Fixed cancelling subscriptions when destroying
refs https://github.com/TryGhost/Ghost/issues/12711

We must wait for the stripeSubscriptions relation to be loaded before
attempting to loop through them. As well as this we should use `upsert`
so that we can edit a subscription record by `subscription_id`, rather
than the (internal) `id`
2021-03-03 13:15:13 +00:00
Fabien O'Carroll
8b4e5f9a92 Published new versions
- @tryghost/members-api@1.0.0-rc.4
 - @tryghost/members-csv@1.0.0-rc.2
2021-02-23 17:48:22 +00:00
Fabien O'Carroll
17175c87cc Fixed bug with calculating MRR and Volume
no-issue

This was not accessing the correct data when summing the deltas
2021-02-23 17:45:52 +00:00
Fabien O'Carroll
7e2e85d531 Published new versions
- @tryghost/members-api@1.0.0-rc.3
 - @tryghost/members-csv@1.0.0-rc.1
2021-02-23 11:21:48 +00:00
Fabien 'egg' O'Carroll
e1b3b38bcd Added initial support for event timelines
refs https://github.com/TryGhost/Ghost/issues/12602

This adds initial support for sitewide event timelines
2021-02-23 11:21:48 +00:00
Fabien O'Carroll
7cde72c820 Published new versions
- @tryghost/members-api@1.0.0-rc.2
2021-02-23 11:21:48 +00:00
Rish
65cf639603 Fixed incorrect member id in status event
no refs

The member id assigned when creating a new status event on member creation was incorrectly using `data.id` instead of `member.id`, which was undefined causing a validation error.
2021-02-23 11:21:48 +00:00
Fabien O'Carroll
d93f7095f6 Published new versions
- @tryghost/members-api@1.0.0-rc.1
 - @tryghost/members-csv@1.0.0-rc.0
2021-02-23 11:21:48 +00:00
Fabien 'egg' O'Carroll
9081298517 Added initial support for Member events ()
refs https://github.com/TryGhost/Ghost/issues/12602

* Added Event Repository
** Added method for MRR over time
** Added method for newsletter subscriptions over time
** Added method for gross volume over time
** Added method for status segment size over time
* Captured login events
* Captured newsletter subscription/unsubscription
* Captured email address change events
* Captured paid subscription events
* Captured payment events
* Captured status events
2021-02-23 11:21:48 +00:00
Rish
b8a17f2be0 Revert "Removed unused upsertCustomer method"
This reverts commit b261c1d61e06e35657741de888fd651329101d69.
upsertCustomer method is used to overwrite customer when checkout session is completed.
2021-02-23 11:21:48 +00:00
Fabien O'Carroll
f504b98e02 Published new versions
- @tryghost/members-api@1.0.0-rc.0
2021-02-23 11:21:44 +00:00
Fabien 'egg' O'Carroll
02685e3d3c Threw "fatal" errors for non-prod usage of live Stripe data ()
refs https://github.com/TryGhost/Ghost/issues/12448

The `fatal` property will allow Ghost to determine whether or not it should kill the process
2021-02-23 11:21:11 +00:00
Fabien O'Carroll
1932d56890 Updated linkSubscription to ensure flag is synced 2021-02-23 11:21:11 +00:00
Fabien O'Carroll
f9dbeafbbb Added helper for determining active subscriptions 2021-02-23 11:21:11 +00:00
Fabien O'Carroll
02990ce7e5 Removed unused upsertCustomer method 2021-02-23 11:21:11 +00:00
Fabien O'Carroll
5cae43b032 Published new versions
- @tryghost/members-api@0.37.11
2021-02-23 11:20:28 +00:00
Fabien 'egg' O'Carroll
2fb6708944 🐛 Fixed issues when updating payment method ()
refs https://github.com/TryGhost/Team/issues/479

* Fixed updating payment method for canceled subscriptions

Stripe considers canceled subscriptions as non-existent, so any attempts
to update them will fail with a 404 not found. Prior to this change we
were attempting to update *all* subscriptions for a customer, including
those which were canceled. This would cause an error and the loop to
break.

* 🐛 Fixed errors for members with multiple active customers

Members with multiple active customers would have their first active
customer found updated with the new payment method. We would then
iterate through *all* active subscription, and attempt to update their
payment method. If a subscription was not owned by the customer that was
just updated, it would error and cause the loop to break out.

* Added ability to update a specific subscription's payment method

In order to remove ambiguity we add the ability to update the payment
method for a specific subscription. This will remove room for errors as
we will not have to worry about if a subscription belong to the customer
or not.
2021-02-23 11:19:21 +00:00
Fabien O'Carroll
0d97bd7dd6 Published new versions
- @tryghost/magic-link@0.6.7
 - @tryghost/members-api@0.37.10
 - @tryghost/members-ssr@0.8.11
2021-02-22 14:02:54 +00:00
Fabien O'Carroll
8f333cc38b 🐛 Fixed comp plans for members w/ active subscriptions
refs https://github.com/TryGhost/Team/issues/475

The subscription object here is a database model rather than an
ISubscription from the stripe library, and we need to 1) use the `get`
method to read attributes and 2) read the `subscription_id` attribute,
as the `id` is our internal one.
2021-02-22 14:00:24 +00:00
Renovate Bot
6a7aaf0397 Update dependency ghost-ignition to v4.4.4 2021-02-19 21:24:49 +00:00
Fabien O'Carroll
1ffe8bc71c Published new versions
- @tryghost/members-api@0.37.9
2021-02-17 17:13:30 +00:00
Fabien 'egg' O'Carroll
274412b051 Fixed webhook handling for Checkout Sessions ()
no-issue

Fetching relations via the model returns a promise, and this was missing
the `await` keyword. We also need to `get` the subscription_id attribute
as we're working with models rather than subscription objects.
2021-02-17 17:12:45 +00:00
Daniel Lockyer
ccf9517698 Published new versions
- @tryghost/members-api@0.37.8
2021-02-11 18:27:12 +00:00
Fabien 'egg' O'Carroll
991b6e92a3 Ensured latest subscription data is always stored ()
no-issue

If we receive webhooks out of order, e.g. a
`customer.subscription.updated` with a status of 'active', followed by a
`customer.subscription.created` with a status of 'incomplete'. We would
overwrite the correct value with data from the "older" webhook. This
ensures that we always fetch the latest data from the Stripe API before
storing in the database.
2021-02-11 17:43:36 +00:00
Rish
8b3cd5499c Published new versions
- @tryghost/magic-link@0.6.6
 - @tryghost/members-api@0.37.7
 - @tryghost/members-ssr@0.8.10
2021-02-01 10:25:11 +05:30
Rish
4b4a990e1d Fixed default urls for checkout session
no-issue
related to ef9cb0862c

In the last patch which fixes the bug for not passing custom redirect urls when a checkout session is created, we missed updating the case where a logged in member tries to update the subscription.
2021-02-01 10:24:16 +05:30
Renovate Bot
f823334b15 Update dependency ghost-ignition to v4.4.3 2021-01-28 17:28:39 +00:00
Fabien O'Carroll
27ebd70302 Published new versions
- @tryghost/members-api@0.37.6
 - @tryghost/members-csv@0.4.4
2021-01-27 15:21:43 +00:00
Fabien 'egg' O'Carroll
ef9cb0862c Passed default URLs when creating checkout session ()
* Passed default URLs when creating checkout session

no-issue

This fixes a bug when a checkout session is created without passing
custom redirect URLs
2021-01-27 15:19:09 +00:00
Fabien O'Carroll
9ff229b8c2 Published new versions
- @tryghost/members-api@0.37.5
2021-01-26 12:16:05 +00:00
Fabien O'Carroll
0c6b92be45 Fixed Stripe Checkout for non-members
no-issue

We needed to check for  being
2021-01-26 12:14:56 +00:00
Fabien O'Carroll
8d9340534d Published new versions
- @tryghost/magic-link@0.6.5
 - @tryghost/members-api@0.37.4
 - @tryghost/members-csv@0.4.3
 - @tryghost/members-ssr@0.8.9
2021-01-26 12:02:58 +00:00
Rish
0d7c06b5a8 Fixed customer not fetched for billing update
no issue

The logic to fetch member for a checkout session was incorrectly creating a new customer instead of finding an existing one, so the member's billing details was not getting updated.
2021-01-26 17:25:40 +05:30
Fabien O'Carroll
a8782054ba Fixed Stripe Checkout displaying member email
no-issue
2021-01-26 11:26:57 +00:00
Fabien O'Carroll
0268bee13e Fixed checks for if Stripe is configured
no-issue
2021-01-26 11:26:28 +00:00
Fabien O'Carroll
c885e024ae Published new versions
- @tryghost/magic-link@0.6.4
 - @tryghost/members-api@0.37.3
 - @tryghost/members-ssr@0.8.8
2021-01-25 13:21:34 +00:00
Fabien O'Carroll
77b328bf11 Fixed bug with reapplying complimentary subscriptions
no-issue

We should have been checking for the existence of active subscriptions
in order to update them
2021-01-25 13:20:31 +00:00
Renovate Bot
40ef97e6d3 Update dependency ghost-ignition to v4.4.2 2021-01-25 01:37:03 +00:00
Fabien O'Carroll
a9c74e6ade Published new versions
- @tryghost/members-api@0.37.2
2021-01-22 15:18:45 +00:00
Fabien O'Carroll
693cc53138 Ensured transactions are passed correctly
no-issue
2021-01-22 15:15:31 +00:00
Fabien O'Carroll
0b8fc40cf3 Published new versions
- @tryghost/members-api@0.37.1
2021-01-19 10:43:41 +00:00
Fabien O'Carroll
6412cfe3c6 Fixed error responses when missing data
no-issue

We should error early when recieving a request that does not contain the
required data.
2021-01-19 10:42:41 +00:00
Fabien O'Carroll
07fea2c68c Published new versions
- @tryghost/magic-link@0.6.3
 - @tryghost/members-api@0.37.0
 - @tryghost/members-csv@0.4.2
 - @tryghost/members-ssr@0.8.7
2021-01-18 16:51:19 +00:00
Fabien 'egg' O'Carroll
e3ef01932f Refactor members-api ()
no-issue

This refactors the members-api module so that it is easier to test going forward,
as well as easier to understand & navigate. The Stripe API no longer contains
storage code, this is all handled via the member repository. And we have dedicated
services for webhooks, and stripe plans initialisation.
2021-01-18 13:55:40 +00:00
Renovate Bot
af13570076 Update dependency ghost-ignition to v4.3.0 2021-01-14 17:05:36 +00:00
Fabien O'Carroll
b9bffadb68 Published new versions
- @tryghost/members-api@0.36.0
 - @tryghost/members-csv@0.4.0
2020-12-04 10:11:55 +00:00
Fabien O'Carroll
3abb0c543b Updated setComplimentarySubscription to error without a Stripe connection
no-issue

This allows the consumer (e.g. the importer) to surfaces errors when importing comped members
2020-12-04 10:10:59 +00:00
Fabien O'Carroll
d70aab83f6 Updated linkStripeCustomer to error rather than silently fail
no-issue

This allows the importer to surface errors when linking members to customers
2020-12-04 10:10:59 +00:00
Fabien O'Carroll
05d5310343 Updated members-api to allow passing options to models
no-issue

This allows us to do multiple operations within a db transaction, which
will be used for the importer to ensure atomic inserts
2020-12-04 10:10:59 +00:00
Fabien O'Carroll
bd1173ef9f Published new versions
- @tryghost/magic-link@0.6.2
 - @tryghost/members-api@0.35.0
 - @tryghost/members-csv@0.3.3
 - @tryghost/members-ssr@0.8.6
2020-11-23 16:53:10 +00:00
Fabien 'egg' O'Carroll
ecd5bb2c01 Stored cancellation reason in local database ()
refs https://github.com/TryGhost/Ghost/issues/12403
refs https://github.com/TryGhost/Ghost/pull/12405

This smol change means that we keep our local cancellation_reason column in sync with what we set in Stripe metadata
2020-11-23 16:50:03 +00:00
Fabien 'egg' O'Carroll
da00444961 Added support for cancellation_reason ()
refs https://github.com/TryGhost/Ghost/issues/12403

Adds support for sending a cancellation_reason when cancelling a plan and store the reason on the Subscription metadata
2020-11-23 16:28:35 +00:00
Renovate Bot
5879193940 Update dependency ghost-ignition to v4.2.4 2020-11-05 12:04:34 +00:00
Renovate Bot
a4d2dcaa8c Update dependency ghost-ignition to v4.2.3 2020-11-02 01:05:58 +00:00
Rish
ed1a1ae049 Published new versions
- @tryghost/members-api@0.34.2
2020-10-29 17:55:00 +05:30
Rish
0ec84d1948 Fixed lint
no refs
2020-10-29 17:54:18 +05:30
Rish
2c2d639838 Fixed magic link type for member email update
no issue

- In case of a member updating their email, the `updateEmail` type was overridden with `signup` or `signin` without the force option. The fix forces the correct email type for when member requests to update their email.
2020-10-29 17:53:07 +05:30
Rish
06f9eb6dfe Published new versions
- @tryghost/magic-link@0.6.1
 - @tryghost/members-api@0.34.1
 - @tryghost/members-csv@0.3.2
2020-10-29 12:38:06 +05:30
Rish
18fa6ead56 Allowed requestSrc in stripe checkout metadata flow
refs https://github.com/TryGhost/Ghost/issues/12253

Allows reading `requestSrc` from Stripe checkout flow metadata to send signup emails with customized action param when requesting from Portal
2020-10-29 12:12:15 +05:30
Rish
216aeb572e Added request source option for magic link url
no issue

refs https://github.com/TryGhost/Ghost/issues/12253

Currently, Ghost uses standard query params like action, success and stripe for all actions and redirects to a site for member events. This needed to be extended to allow for portal specific query params so it doesn't overlap with specific theme handling or custom notifications.

The change here adds an extra option - `requestSrc` - which can be passed when using magic link API to send a link which is passed down to `getSigninURL`, and allows the `action` param to configured to `portal-action` when magic links are sent from Portal
2020-10-29 11:59:01 +05:30
Rish
6ccdea6632 Removed magic link email for upgrade checkout
no issue

Previously, we were sending a magic link email to signup in case a logged-in member upgrades to a paid account, as we didn't check for logged in status while sending the magic link and always sent one on finishing checkout. Since Portal allows members to upgrade their account from free, it doesn't make sense to send another email to signup after completing checkout.

The fix here adds a metadata `checkoutType` to checkout session creation which can be passed in with `upgrade` value to denote an existing member is upgrading and doesn't need an email.
2020-10-29 11:59:01 +05:30
Rish
5bcf180163 Published new versions
- @tryghost/members-api@0.34.0
2020-10-27 15:20:47 +05:30
Rishabh Garg
c996c7b576 Added unpaid and past_due subscription status as paid member ()
refs https://github.com/TryGhost/Ghost/issues/12256 , https://github.com/TryGhost/Ghost/issues/12255

Currently when listing subscriptions for Members, we were only showing the subscriptions which have a status of trialing or active.

Based on discussion, the `unpaid` and `past_due` states on Stripe also represent owner's intention of considering a subscription as active instead of `cancelled`, so we allow any subscriptions under these 2 states to be also listed for a member and consider them as `paid`.

- Subscriptions will go into a past_due state if the payment is missed, this should be considered a grace period where the member still has access.

- After this the subscriptions will either go to the unpaid or the cancelled state - this can be configured on an account by account basis in the Stripe dashboard. `unpaid` is considered as an intention to keep the subscription to allow for re-activation later.
2020-10-27 15:15:23 +05:30
Fabien O'Carroll
4463b7471f Published new versions
- @tryghost/members-api@0.33.3
2020-10-19 12:44:44 +01:00
Fabien 'egg' O'Carroll
aa228e9eb9 Created member with name on checkout completion ()
refs https://github.com/TryGhost/Ghost/issues/12270

Previously we would create the member, and then update their name from
stripe data, this mean that webhooks would be sent _without_ a name,
despite us possibly having the information to provide one.

Here we've updated the creation of members to include the name attached
to the default billing method, this will ensure that webhooks are sent
with all availiable information.
2020-10-19 12:44:01 +01:00
Rish
73982ab4ff Published new versions
- @tryghost/members-api@0.33.2
2020-10-15 16:29:35 +05:30
Matt Hanley
4359517e75 Added Stripe webhook listener for subscription created event ()
no-issue

Subscription created events are required for migrating Stripe subscriptions from
alternative platforms, which involves creating a new subscription for a customer
(outside of Ghost) before cancelling the original subscription.
2020-10-15 16:25:36 +05:30
Rish
2544212ff7 Published new versions
- @tryghost/members-api@0.33.1
2020-10-15 16:20:41 +05:30
Rish
d3bc625c35 🐛 Fixed email update magic link not working
no issue

- Email update magic link was not sent out for sites which did not allow self signup as it didn't find the member on new email, which is expected.
- Updates sending magic link check in case an old email is found to correctly trigger update email
2020-10-15 16:19:41 +05:30
Fabien O'Carroll
5129c0d9fc Published new versions
- @tryghost/members-api@0.33.0
2020-10-05 17:19:08 +01:00
Fabien 'egg' O'Carroll
8efc4c7016 Removed old webhook cleanup code ()
no-issue

This is no longer necessary anymore, it would delete all webhooks which
matched the current webhook handler URL, which is undesirable
2020-10-05 09:21:20 +01:00
Fabien O'Carroll
4a15ee6852 Published new versions
- @tryghost/members-api@0.32.0
2020-09-28 16:59:50 +01:00
Fabien O'Carroll
f41f366b5a Updated customer when member email is changed
refs: https://github.com/TryGhost/Ghost/issues/12055

This ensures that newsletters and billing related emails are all sent to
the same address
2020-09-28 16:57:51 +01:00
Fabien O'Carroll
b189584f98 Added method to to update customer email address
refs: https://github.com/TryGhost/Ghost/issues/12055

This will be used by the users module when updating a members email
address to keep the Stripe Customer email in sync.
2020-09-28 16:57:51 +01:00
Fabien O'Carroll
feaf73f7d2 Fixed a bug with setting geolocation
no-issue

We were passing a string rather than an object to find the member to set
the geolocation on, this was causing us to always find the same member
each time, and so newer members would never have their geolocation set.
2020-09-28 16:57:51 +01:00
Fabien O'Carroll
d2bb50a436 Refactored async function to throw errors
no-issue

There's no need to return rejected promises in an async function as
thrown errors will behave the same, this just makes it a little cleaner.
2020-09-28 13:06:59 +01:00
Fabien O'Carroll
6e96f44f39 Published new versions
- @tryghost/members-api@0.31.0
2020-09-21 11:54:15 +01:00
Kristian Freeman
6ec7eeae33 Added support for promo codes in Stripe Checkout ()
no-issue

This commit adds support for Stripe's newly-added promotional code
parameter when creating a new Stripe Checkout session.

ref: https://stripe.com/docs/payments/checkout/set-up-a-subscription#coupons
2020-09-21 11:53:36 +01:00
Fabien O'Carroll
016e05b234 Published new versions
- @tryghost/members-api@0.30.1
2020-09-18 17:44:22 +01:00
Fabien O'Carroll
c0ac7b6b37 Updated getMagicLink usage
no-issue

This updates the call to getMagicLink to correctly pass tokenData
2020-09-18 17:43:42 +01:00
Fabien O'Carroll
7b63fd6862 Published new versions
- @tryghost/members-api@0.30.0
2020-09-18 17:02:27 +01:00
Fabien O'Carroll
0d14e33436 Updated members-api to accept a TokenProvider
no-issue

This paves the way for Ghost to be able to pass in a custom token
provider which will handle the shortening of tokens and making them
single use.
2020-09-18 16:37:32 +01:00
Fabien O'Carroll
42c2468314 Published new versions
- @tryghost/magic-link@0.6.0
 - @tryghost/members-api@0.29.0
2020-09-18 13:23:54 +01:00
Fabien O'Carroll
97ceb13d42 Moved JWTTokenProvider to lib and exported from index
no-issue

This brings the module in line with our current package standards.
2020-09-18 13:20:12 +01:00
Fabien O'Carroll
e38dbc1e6e Published new versions
- @tryghost/magic-link@0.5.0
 - @tryghost/members-api@0.28.3
 - @tryghost/members-csv@0.3.1
2020-09-18 12:43:56 +01:00
Fabien O'Carroll
0723a1f9ed Updated members-api to work with new magic-link class
no-issue

The MagicLink class now accepts a TokenProvider rather than a secret
2020-09-18 12:42:31 +01:00
Fabien 'egg' O'Carroll
6957c2725b Refactored magic-link to be more generic ()
no-issue

This removes the concept of `subject` & `payload` from the function
signatures, making the implementation a little more generic, and less
JWT centric.

We also replace getUserFromToken and getPayloadFromToken with a single
method getDataFromToken, which will contain all the necessary data.

* Updated members-api to use new magic-link module

This updates the usage of magic-link to work with the new interface

* Fixed labels not saving for new members

Due to how bookshelf-relations works, we must fetch the labels before
saving a member, otherwise the labels are all deleted.

* Used a proper class rather than constructor function

This just moves the code to a more modern standard

* Updated methods to be async

This prepares us for a future where token generation and validation may
require access to storage and thus be an asyncronous operation
2020-09-17 15:42:01 +01:00
Nazar Gargol
a578ae4076 Published new versions
- @tryghost/members-api@0.28.2
2020-08-24 18:31:02 +12:00
Nazar Gargol
30f758e297 🐛 Fixed create and update user methods to account for created_at and subscribed fields
refs https://github.com/TryGhost/Ghost/issues/12156

- During the refactor - 117309b4e8 (diff-3daeef67d07a2a0f94c89a86cafcede9R44), `subscribed` and `created_at` fields have been overlooked. All fields accepted by Ghost's `POST /members` and `PUT /members/:id` should be supported
2020-08-24 18:29:03 +12:00
Rish
56b9f4d350 Published new versions
- @tryghost/members-api@0.28.1
2020-08-21 16:12:31 +05:30
Rish
1fe75532e5 🐛 Fixed incorrect stripe method for cancelling subscriptions
refs https://github.com/TryGhost/Ghost/issues/12150

- `destroy` method was using incorrect cancel subscriptions method - stripe.cancelStripeSubscriptions - which doesn't exist
- Fixes call with intended method - `stripe.cancelAllSubscriptions` - to cancel all subscriptions
2020-08-21 16:11:24 +05:30
Rish
838ec6bb26 Published new versions
- @tryghost/members-api@0.28.0
2020-08-20 14:26:39 +05:30
Rishabh Garg
0dad6d147f Added update subscription method to members api ()
refs 

- Adds new `updateSubscription` method to members-api which allows updating individual subscription for a member
- New method only allows toggling of cancellation at period end for a subscription at the moment
2020-08-20 14:24:29 +05:30
Fabien O'Carroll
1625bc94c4 Published new versions
- @tryghost/members-api@0.27.2
2020-08-18 11:29:02 +01:00
Fabien O'Carroll
66b099222f Fixed throttling of Stripe API requests
no-issue

This ensures any requests during exponential backoff are correctly rate
limited too
2020-08-18 11:28:15 +01:00
Fabien O'Carroll
f8a705448b Published new versions
- @tryghost/members-api@0.27.1
2020-08-18 10:39:56 +01:00
Fabien O'Carroll
2d347cd5fd Fixed LeakyBucket params for test and live mode
no-issue

These were the wrong way round initially, and not caught when testing
with live api keys
2020-08-18 10:38:26 +01:00
Fabien O'Carroll
4fb68c6b19 Published new versions
- @tryghost/members-api@0.27.0
2020-08-17 17:37:23 +01:00
Fabien 'egg' O'Carroll
c7ea226d9e Updated stripe module for the bulk importer ()
no-issue

* Added LeakyBucket rate limiting for all Stripe requests
* Added createCustomer method
* Added createComplimentarySubscription method
* Replaced getStripeCustomer with getCustomer
* Exported createStripeCustomer & createComplimentarySubscription
2020-08-17 17:35:18 +01:00
Nazar Gargol
8cc8cc7acc Published new versions
- @tryghost/members-api@0.26.0
 - @tryghost/members-csv@0.3.0
2020-08-17 18:00:44 +12:00
Fabien 'egg' O'Carroll
117309b4e8 Used models internally and for exported API ()
no-issue

Using models internally and in the exported API means that we avoid expensive
`toJSON` calls, which affects performance when looping through large lists of
members. It also allows us to take advantage of the new relations used in the
models.

The addition of "ByID" methods for linking stripe customers and setting
complimentary subscriptions allows bulk imports to avoid the overhead of creating
a model for each members, instead passing an id string. n.b. currently the impl
_does_ still create models, but it makes it easier to optimise and refactor in the 
future.
2020-08-12 12:57:28 +01:00
Daniel Lockyer
85800c57f7 Published new versions
- @tryghost/magic-link@0.4.13
 - @tryghost/members-api@0.25.2
 - @tryghost/members-ssr@0.8.5
2020-08-11 09:10:32 +01:00
Daniel Lockyer
56ef95c397 Updated ghost-ignition dependency
- this will resolve the lodash warnings when running `yarn audit`
2020-08-11 09:08:54 +01:00
Fabien O'Carroll
043609b194 Published new versions
- @tryghost/members-api@0.25.1
2020-07-24 15:40:35 +02:00
Fabien 'egg' O'Carroll
e7484638e3 Ensured that we do not insert orphaned rows ()
no-issue

Previously we would blindly put subscriptions into the database when we
received a webhook, which could result in orphaned rows that were not
linked to a customer (and by extension a member)

This updates the logic so that we will only add subscriptions if we have
a record of their customer.

Customers are only added during a checkout.session.completed webhook, at
which point a member is guarunteed, but for formailty and safety against
changes in the flow, the logic has been applied to inserting customers
too.
2020-07-24 15:39:01 +02:00
Fabien O'Carroll
20e3b6cc8a Published new versions
- @tryghost/magic-link@0.4.12
 - @tryghost/members-api@0.25.0
 - @tryghost/members-ssr@0.8.4
2020-07-24 13:48:27 +02:00
Fabien O'Carroll
d63484e99a Handled subscription deletion errors with logging
refs https://github.com/TryGhost/Ghost/issues/11557

If a subscription failed to delete, we would error and bailout of the
process, this updates it to log the error so that site owners have a
record of the error in the logs, but also to continue through the rest
of the subscriptions.
2020-07-24 13:46:38 +02:00
Fabien O'Carroll
b435d6a8c1 Renamed destroyStripeSubscriptions to cancelStripeSubscriptions
no-issue

Destroy is terminology we usually use for the model layer and was a
little confusing without context, this method is used in one place so
it's a low effort cleanup with minimal repercussions
2020-07-24 13:46:38 +02:00
Renovate Bot
8137d5aa72 Update dependency mocha to v6.2.3 2020-07-23 13:04:38 +00:00
Rish
f23503e35c Published new versions
- @tryghost/members-api@0.24.5
2020-07-22 16:08:35 +05:30
Rish
f792148ce8 Updated magic link email to use custom status code for failures
refs https://github.com/TryGhost/Team/issues/342

- Send magic link middleware was not using custom status code from error and sending 500
- Updates error code to be picked from err object if present, or fallback to 500 as before otherwise
2020-07-22 16:07:21 +05:30
Fabien O'Carroll
763153d110 Published new versions
- @tryghost/members-api@0.24.4
2020-07-22 12:28:43 +02:00
Fabien 'egg' O'Carroll
bf38d836d4 Updated webhooks cleanup to handle all older webhooks ()
refs https://github.com/TryGhost/Ghost/issues/12074

Some sites may have had duplicate webhooks created due to a race
condition. This updates the members-api to cleanup _all_ webhooks before
starting, allowing it to create webhooks on a fresh slate, and removing
possible causes of 401 errors due to incorrect webhook secrets.
2020-07-22 12:27:48 +02:00
Fabien O'Carroll
cdfa31af1a Published new versions
- @tryghost/members-api@0.24.3
2020-07-21 13:45:34 +02:00
Fabien 'egg' O'Carroll
d1cd0fe80e Caught & handled 'resource_already_exists' errors ()
refs https://github.com/TryGhost/Ghost/issues/12065

This protects us against multiple instances of the members-api being
started simultaneously and race conditions where inbetween the initial
"GET" of a plan which returns empty, and the "POST" of a plan to create
it, another instance has already created it.
2020-07-21 13:40:49 +02:00
Fabien O'Carroll
8c73c4a42b Published new versions
- @tryghost/members-api@0.24.2
2020-07-21 12:03:41 +02:00
Fabien 'egg' O'Carroll
9f1b9d6156 Used mode to determine flow for checkout session ()
no-issue

This fixes a problem when subscribing to a Plan (Price) with a default
trial period. We also add logging to add a little more information about
which flow we're entering.

Subscriptions that are started with a trial have a `setup_intent`
present on the Checkout Session object, which was incorrectly causing us
to determine that we are in a "setup" flow and attempt to update a
customers card details.

We now use the `mode` property of the Checkout Session to determine
whether we are handling a new Subscription, or if we are in a "setup"
flow and should update the Customer's card details.
2020-07-21 12:03:16 +02:00
Fabien O'Carroll
9dc22b2bb2 Published new versions
- @tryghost/magic-link@0.4.11
 - @tryghost/members-api@0.24.1
 - @tryghost/members-ssr@0.8.3
2020-07-21 12:02:36 +02:00
Fabien O'Carroll
c30ffba75a Revert "Used mode to determine flow for checkout session ()"
no-issue

Reverting so that changesets can be released independently

This reverts commit d41e5f3b55.
2020-07-21 12:01:07 +02:00
Fabien 'egg' O'Carroll
d41e5f3b55 Used mode to determine flow for checkout session ()
no-issue

This fixes a problem when subscribing to a Plan (Price) with a default
trial period. We also add logging to add a little more information about
which flow we're entering.

Subscriptions that are started with a trial have a `setup_intent`
present on the Checkout Session object, which was incorrectly causing us
to determine that we are in a "setup" flow and attempt to update a
customers card details.

We now use the `mode` property of the Checkout Session to determine
whether we are handling a new Subscription, or if we are in a "setup"
flow and should update the Customer's card details.
2020-07-21 11:50:10 +02:00
Fabien 'egg' O'Carroll
400dba62a9 Added cleanup on startup for old webhooks ()
refs https://github.com/TryGhost/Ghost/issues/12061

Due to a bug in Ghost webhooks are now created with a trailing "/" which
meant that the previous webhooks to that (without a slash) was never
removed.

This results in users receiving emails from stripe about failed webhook
delivery, which is not good at all.

This fix lists out the webhooks and finds (if present) the webhook which
matches the current URL, minus the trailing slash. If found it will then
attempt to delete that webhook thus stopping the emails from Stripe.

I've added a note to remove this code as it should only ever need to run
once, and can be removed for the Ghost release after these changes.
2020-07-20 17:54:22 +02:00
renovate[bot]
adf66ce1ae Pin dependency @types/stripe to 7.13.24 ()
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2020-07-10 16:37:24 +02:00
renovate[bot]
0687210bfc Update dependency ghost-ignition to v4 ()
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2020-07-10 16:36:33 +02:00
Fabien O'Carroll
f2a8387bdb Published new versions
- @tryghost/members-api@0.24.0
2020-07-09 17:36:06 +02:00
Fabien 'egg' O'Carroll
ac923af0f7 Refactored webhook creation ()
no-issue

* Refactored model dependencies
  This groups all of the model depenencies into a single models object,
  and renames the models with more concise identifiers

* Fixed spacing
* Added webhook support to metadata
* Refactored stripe configure to have better logging
* Refactored webhook creation to reuse existing webhook
* Installed @types/stripe
2020-07-09 16:40:48 +02:00
Rish
68dbfb707d Published new versions
- @tryghost/members-api@0.23.2
2020-07-08 21:50:30 +05:30
Rish
1acf7d40be 🐛 Fixed incorrect payload creation for magic link token
no issue

- The extra payload added to magic link token included `name`, `labels` and `oldEmail`
- Refactor in commit [here](bf63ffe424 (diff-9f9ef757543bb9a90baba0d3bea76a83L157-R169)) changed the `body` variable assignment causing the payload objection creation to not include the extra data from request body
- Updates `body` to `req.body` to use correct data from request
2020-07-08 21:48:12 +05:30
Nazar Gargol
5b909735fd Published new versions
- @tryghost/magic-link@0.4.10
 - @tryghost/members-api@0.23.1
 - @tryghost/members-csv@0.2.1
 - @tryghost/members-ssr@0.8.2
2020-07-08 20:23:05 +12:00
Fabien O'Carroll
1b51ed7a5d Published new versions
- @tryghost/members-api@0.23.0
2020-06-18 18:03:46 +02:00
Fabien 'egg' O'Carroll
ae9870993a Added hasActiveStripeSubscriptions method ()
no-issue

This can be used by Ghost to determine if the Stripe keys can be deleted
2020-06-18 18:01:04 +02:00
Hannah Wolfe
aa0b02b75e Published new versions
- @tryghost/members-api@0.22.0
2020-06-12 17:11:14 +01:00
Hannah Wolfe
ebaf9538b6 Adding INR currency support
- We have many customers asking for INR as there are special rules in Stripe for this currency
- As well as a desire for local-selling
- Meaning it's not valid to use e.g. USD instead
2020-06-12 08:58:49 +01:00
Nazar Gargol
7872355962 Published new versions
- @tryghost/members-api@0.21.0
2020-06-12 15:36:07 +12:00
Nazar Gargol
d83525b54b Added stripe customer fetching method to member's API
no issue

- This method is needed to be able to validate if customer exist in configured Stripe account before attempting to link one with local member.
2020-06-12 15:35:16 +12:00
Rish
a136e5f839 Published new versions
- @tryghost/magic-link@0.4.9
 - @tryghost/members-api@0.20.1
 - @tryghost/members-ssr@0.8.1
2020-06-10 16:32:14 +05:30
Rish
11e2732d50 Handled error for stripe checkout rejection
refs https://github.com/TryGhost/members.js/issues/38

- In case of incomplete Stripe setup like Account name, checkout session creation fails and throws error, which was not being handled and 200 returned after long timeout
- This change catches the error and returns correct status along with message for clients to handle it downstream
2020-06-10 16:29:48 +05:30
Kevin Ansfield
88146dc3a3 Published new versions
- @tryghost/magic-link@0.4.8
 - @tryghost/members-api@0.20.0
 - @tryghost/members-ssr@0.8.0
2020-06-04 13:27:14 +01:00
Kevin Ansfield
bf63ffe424 Moved members geolocation fetch/update into members-ssr ()
closes https://github.com/TryGhost/Members/issues/148

- geolocation was not being fetched/stored for paid member signup
  - magic link was being sent after Stripe webhook but we don't have an IP at that stage
  - it only worked when a magic link was requested by the browser
- moved the geolocation fetch/update to `members-ssr`
  - kept the ip geolookup and storage inside `members-api` but exposed it as a method so consumers are able to choose when it's performed
  - used the new api method in `members-ssr` when exchanging a token from the session as that is always driven by browser requests so we know we have an IP and it's likely the correct one (reliant on consumers having "trust proxy" config correct)
  - stopped storing IP addresses in the token payload (keeps links shorter)
2020-06-04 13:20:19 +01:00
Rish
8891777681 Published new versions
- @tryghost/members-api@0.19.0
2020-05-28 20:37:29 +05:30
Rishabh Garg
e9b7dacb2e Updated magic link flow to allow changing member's email ()
refs https://github.com/TryGhost/members.js/issues/30

- Updates `sendMagicLink` middleware to allow adding old email address to payload. Checks for if new email address already exists in db before creating magic link, throws error in case of duplicate email.
- Updates magic link parsing for data to check if the intention is to update email address and update member's email to new email address in case its allowed.
- Return session data from magic link using the new email address
2020-05-28 19:37:03 +05:30
Daniel Lockyer
730ddc2ae6 Published new versions
- @tryghost/magic-link@0.4.7
 - @tryghost/members-api@0.18.7
 - @tryghost/members-ssr@0.7.10
2020-05-25 13:11:54 +01:00
Fabien O'Carroll
24e13651a8 Published new versions
- @tryghost/members-api@0.18.6
2020-05-25 13:38:11 +02:00
Fabien 'egg' O'Carroll
48260dedba Used plans trial by default for checkout sessions ()
no-issue

Without this flag the checkout session will ignore any default trial periods
attached to the plan. Now we are able to give basic support for trials, by
attaching a trial period in Stripe Dashboard
2020-05-21 10:14:36 +02:00
Rish
ce72aa40a0 Published new versions
- @tryghost/magic-link@0.4.6
 - @tryghost/members-api@0.18.5
 - @tryghost/members-ssr@0.7.9
2020-05-20 14:34:40 +05:30
Rish
d5d2cc5137 Added name from magic link token to member creation
refs https://github.com/TryGhost/members.js/issues/26

- Allows magic link tokens to pass member name on signup
- Uses member name from magic link token to assign member name during creation
2020-05-20 14:33:15 +05:30
Rish
23e343d3b4 Published new versions
- @tryghost/magic-link@0.4.5
 - @tryghost/members-api@0.18.4
 - @tryghost/members-ssr@0.7.8
2020-05-19 22:03:56 +05:30
Rish
a1f29d8ede Updated member update method
no issue

- Makes passing `name` and `note` field in member update data as optional instead of making them undefined
- Allows email to be updated
- Adds stripe subscriptions list to updated member's response data to make update consistent with get method
2020-05-19 20:35:36 +05:30
Rish
167811c5fd Updated stripe checkout to store member name from metadata
refs 

- Uses the metadata option in stripe checkout flow to add member's name on creation via anonymous checkout flow
- Allows clients like memebrs.js to pass member's info like name from checkout signup flow
2020-05-19 13:54:25 +05:30
Rish
2f90c97629 Added metadata option to stripe checkout session
refs 

- Allows passing metadata to checkout session API
- Metadata is passed to stripe's checkout session on creation and read back from webhook event
- Allows clients like members.js to pass custom info like member name to Stripe flow
2020-05-19 13:54:25 +05:30
Rishabh Garg
b015a08c43 Added plan update option to stripe subscription update API ()
no issue

- Current update stripe subscription API calls only allowed cancelling a plan
- This change adds option to pass plan's nickname as `planName` in request to update subscription to new plan
- Checks if plan name is valid and updates stripe subscription to new plan at default prorate behavior
2020-05-19 12:59:39 +05:30
Rish
ef9fa8e623 Published new versions
- @tryghost/magic-link@0.4.4
 - @tryghost/members-api@0.18.3
 - @tryghost/members-ssr@0.7.7
2020-04-30 16:08:09 +05:30
Rish
fac6c3d97e Added ability to prefill customer email for anonymous checkouts
refs https://github.com/TryGhost/members.js/issues/10

- Allows passing an additional `customerEmail` value to our checkout creation API
- This value is used to pass `customer_email` option to stripe's checkout session - https://stripe.com/docs/api/checkout/sessions/create#create_checkout_session-customer_email.

The `customer_email` allows pre-filling the customer's email field in case of an anonymous checkout as customer doesn't exist already, and also ensures the stripe subscription is created with same email address as given by user during signup flow.
2020-04-30 16:01:22 +05:30
Renovate Bot
2c14a337ad Update dependency jsdom to v15.2.1 2020-04-27 15:15:52 +00:00
Rish
66e106e3ac Published new versions
- @tryghost/magic-link@0.4.3
 - @tryghost/members-api@0.18.2
 - @tryghost/members-ssr@0.7.6
2020-04-21 15:32:00 +05:30
Rish
ab3fe634f4 🐛 Fixed incorrect logging for geolocation error
no issue

We were using incorrect method for logging in geolocation warning - `this.logging.warn(err)` - as `this.logging` doesn't exist in this file. Updated to use correct logging method.
2020-04-21 15:28:13 +05:30
Nazar Gargol
07cb94d57e Published new versions
- @tryghost/magic-link@0.4.2
 - @tryghost/members-api@0.18.1
 - @tryghost/members-ssr@0.7.5
2020-04-17 14:09:59 +12:00
Renovate Bot
808aa8f9a3 Update dependency nock to v12.0.3 2020-03-17 12:25:52 +00:00
Renovate Bot
f628708317 Update Test & linting packages 2020-03-17 03:20:46 +00:00
Renovate Bot
f341891fd2 Pin dependency nock to 12.0.0 2020-03-17 02:15:32 +00:00
Nazar Gargol
95ab4e7b51 Published new versions
- @tryghost/members-api@0.18.0
2020-03-04 11:36:06 +08:00
Nazar Gargol
076e328f20 Added currency and currency_symbol properties to plans
no issue

- Adding these properties allows specifying which currency is currently used on member's plan.
- Supported currencies list: USD, AUD, CAD, GBP, EUR
- They were chosen based on the most used/requested currencies within Ghost
- With adding multiple available currencies that can be setup also had to add handling of Stripes limitation of having single currency per paying customer
2020-03-04 11:33:19 +08:00
Kevin Ansfield
7fb1c2e07e Published new versions
- @tryghost/members-api@0.17.0
2020-02-27 10:35:43 +00:00
Kevin Ansfield
615a482c48 Store geolocation data during member signup/signin ()
requires f38d490886

- adds `lib/geolocation.js` with `getGeolocationFromIP()` function which uses https://geojs.io to lookup geolocation data from an IPv4 or IPv6 address
- updates `create/updateMember()` functions to work with a `geolocation` property in the passed in object
  - if `geolocation` is `undefined` when updating a member do not reset any existing property
- updates `sendMagicLink` middleware to extract the IP address from the request and stores it as part of the token payload
- updates `getMemberDataFromMagicLinkToken()` method to extract the IP address from the token payload and perform a geolocation lookup if we have an IP address and a matching member does not already have geolocation data
2020-02-27 10:29:36 +00:00
Nazar Gargol
fb7fa87c3b Published new versions
- @tryghost/members-api@0.16.2
2020-02-27 17:09:59 +08:00
Nazar Gargol
9a783f9f0c Revert "Added precaution to avoid creating multiple Complimentary plans"
This reverts commit 5f0d2168f3.

After discussing the best approach to multipe currency problem would be
to allow creating multiple "Complimentary" plans. All security related
checks should stay strictly based on name and would not cause issues.
2020-02-27 16:55:03 +08:00
Nazar Gargol
fbe153cc97 Published new versions
- @tryghost/members-api@0.16.1
2020-02-27 13:53:46 +08:00
Nazar Gargol
5f0d2168f3 Added precaution to avoid creating multiple Complimentary plans
refs https://github.com/TryGhost/Ghost-Admin/pull/1430

- When the client creates a complimentary plan with other currency than USD we should not allow for it to avoid creating a mess in the Stripe plans
2020-02-27 13:53:05 +08:00
Nazar Gargol
71395fcfcb Published new versions
- @tryghost/members-api@0.16.0
2020-02-26 12:11:21 +08:00
Naz
b34b7bfa9c Added middleware to handle billing updates ()
refs https://github.com/TryGhost/Ghost/pull/11571 

- Allows updating members billing information through Stripe's setup intent (stripe.com/docs/payments/checkout/subscriptions/updating#set)
- Accepts 2 new parameter to handle redirects specific to billing update.
2020-02-26 12:09:09 +08:00
Nazar Gargol
56c4c664c2 Published new versions
- @tryghost/members-api@0.15.1
2020-02-17 16:26:50 +08:00
Nazar Gargol
13773cbeb4 Removed "Complimentary" subscription edit limitation
no issue

- There is no need to treat complimentary subscriptions in different way to regular subscription on the client.
2020-02-17 16:25:41 +08:00
Rish
cf6b9501ca Published new versions
- @tryghost/magic-link@0.4.1
 - @tryghost/members-api@0.15.0
2020-02-12 16:44:08 +05:30
Rishabh Garg
789462aa5f Added labels to member signup flow ()
no issue

refs https://github.com/TryGhost/Ghost/pull/11538
2020-02-12 16:42:49 +05:30
Nazar Gargol
5e2256833c Published new versions
- @tryghost/members-api@0.14.2
2020-02-11 14:04:12 +08:00
Nazar Gargol
a669cda605 Added fallback plan nickname to inteval instead of empty string
no issue

- On model layer in Ghost empty string is always converted to `null` for not nullable fields, which wasn't letting the value through to the database
- Current solution is a stopgap to fix imports of cyclic plans without nicknames. Ideally nickname field should become nullable in the future so this logic can be simplified
2020-02-11 14:02:40 +08:00
Nazar Gargol
38bfef2b83 Published new versions
- @tryghost/members-api@0.14.1
2020-02-10 19:01:34 +08:00
Naz
f2a7790cc9 Added plan nickname fallback to empty string ()
no issue

- This solves a problem when connected Stripe plan doesn't have plan `nickname` filled out (possible with older versions of Stripe API)
- Defaulting to empty string instead of creating a migration because SQLite doesn't support `ALTER ... MODIFY` syntax and thus knex can't altter the table that easy
- "Marks the column as an alter / modify, instead of the default add. Note: This only works in .alterTable() and is not supported by SQlite or Amazon Redshift. Alter is not done incrementally over older column type so if you like to add notNull and keep the old default value, the alter statement must contain both .notNull().defaultTo(1).alter(). If one just tries to add .notNull().alter() the old default value will be dropped." (ref. https://knexjs.org/#Chainable)
2020-02-10 18:59:52 +08:00
Nazar Gargol
6de6a15376 Published new versions
- @tryghost/magic-link@0.4.0
 - @tryghost/members-api@0.14.0
2020-02-06 18:04:18 +08:00
Naz
2a51a478fc Exposed getMagicLink method ()
refs https://github.com/TryGhost/Ghost/pull/11573

- Adds `getMagicLink` method to members-api which can be used to generate a signin link for the member
2020-02-06 17:08:39 +08:00
Nazar Gargol
e4637ac56f Published new versions
- @tryghost/members-api@0.13.0
2020-01-28 19:01:14 +07:00
Naz Gargol
96aea55270 Added ability to link member to existing stripe customer ()
refs https://github.com/TryGhost/Ghost/pull/11539

- Method needed to allow linking existing Stripe customers and subscriptions with members
2020-01-28 19:00:28 +07:00
Nazar Gargol
cf0d52c2da Published new versions
- @tryghost/members-api@0.12.0
2020-01-27 12:35:37 +07:00
Naz Gargol
28d3a37824 Added "complimentary" subscription handling ()
refs https://github.com/TryGhost/Ghost/pull/11537

- Adds ability to assign and cancel "complimentary" type of subscriptions to the member
- The functionality is needed to be able to provide free premium plans for members (e.g. family members, trials, gifts)
- When member already has an active paid subscription and complimentary one is applied the old one is upgraded. Proration is not given
- When deleting a subscription we need to update localy stored records right away to be albe to reflect the change in the UI. This behavior will also be in line with how subscriptions updates/creates are handled
- Blocked any client update for complimentary subscription. We should prevent non authenticated clients from upgrading/subscribing themselves to "complimentary" plan.
2020-01-27 12:34:22 +07:00
Nazar Gargol
89b78a883d Published new versions
- @tryghost/members-api@0.11.4
2020-01-22 12:54:34 +07:00
Nazar Gargol
726ffaf1f8 🐛 Fixed creation of extra customer when updating plans
no issue

- `customers` property contains an array of customer for which 'for..of' syntax is more appropriate
- Bug was causing creation of multiple customers in Stripe when new checkout session was initiated for existing customer
- Discussed in https://github.com/TryGhost/Members/pull/90/files#r368889289
2020-01-22 12:53:27 +07:00
Nazar Gargol
92b3cc3758 Published new versions
- @tryghost/members-api@0.11.3
2020-01-20 15:59:38 +07:00
Nazar Gargol
6c7139b1fe Fixed preexisting member name check
refs 1dc0b36b56

- The name can also be 'null' so the check should take that into account
2020-01-20 15:51:06 +07:00
Rish
47f5ca6625 Published new versions
- @tryghost/members-api@0.11.2
2020-01-20 13:32:20 +05:30
Rishabh Garg
a1ad80f6ac 🐛 Fixed incorrect fetch of empty stripe subscriptions ()
no issue

refs e19e06f9b3

While refactoring user CRUD for Ghost core, we inadvertently changed the members subscriptions object returned by nesting the value as object. This also broke the deserialization in Ghost-Admin for members subscription object [here](https://github.com/TryGhost/Ghost-Admin/blob/master/app/transforms/member-subscription.js#L9).
2020-01-20 13:28:59 +05:30
Nazar Gargol
1dc0b36b56 Updated checkout session to record member name
no issue

- When the customer has provided a name on the card during checkout it should be recorded for convenience as members' name
2020-01-20 13:25:17 +07:00
Nazar Gargol
be207f98e7 Published new versions
- @tryghost/members-api@0.11.1
2020-01-15 15:40:54 +07:00
Naz Gargol
e19e06f9b3 Refactored user CRUD to be usable by Ghost core ()
refs https://github.com/TryGhost/Members/pull/105

- It's a follow up to a series of refactorings in the module mostly discussed in refed PR
- The sendEmailWithMagicLink and destroyStripeSubscriptions were exposed through members API so that Ghost  could call it from the controller level
2020-01-15 15:35:15 +07:00
Nazar Gargol
46f6ce8db3 Removed console.log statement in favor of common logger
no issue

- Using console is a very bad practice and probably was left here by mistake. Using common logging instead
2020-01-13 19:16:51 +07:00
Nazar Gargol
3b14e7c1fa Removed redundant empty string handling logic in users module
no issue

- Since the Member model started to be used the logic handling empty strings -> null conversion is now handled in the core here https://github.com/TryGhost/Ghost/blob/8fd1e81/core/server/models/base/index.js#L492-L499
2020-01-13 18:49:25 +07:00
Nazar Gargol
911d5a27fe Published new versions
- @tryghost/magic-link@0.3.3
 - @tryghost/members-api@0.11.0
 - @tryghost/members-ssr@0.7.4
2020-01-13 15:54:59 +07:00
Nazar Gargol
08fbcf25ec Extracted metadata get/set methods into internal metadata module
no issue

- This is the refactor similar to what has been done with Memeber model being passed in directly in the constructor
- Relevent discussion here https://github.com/TryGhost/Members/pull/105#pullrequestreview-324254267
2020-01-13 15:45:22 +07:00
Nazar Gargol
ef3de2a295 Published new versions
- @tryghost/members-api@0.10.2
2019-12-12 15:27:45 +07:00
Naz Gargol
ff5fceafc8 Added subscription update middleware ()
refs #https://github.com/TryGhost/Ghost/pull/11434

- Added method to allow updating single subscription. Only `cancel_at_period_end` field can be updated. 
- Middleware is needed to allow Ghost Core to cancel/uncancel member's subscription. 
- Relies on the request containing identity information to be able to verify if subscription belongs to the user
- When member could not be identified by the identity information present in the request we should throw instead of continuing processing
- Handling and messaging inspired by https://github.com/TryGhost/Ghost/blob/3.1.1/core/server/services/mega/mega.js#L132
- When the user initiates subscription cancellation we can safely mark the subscription as canceled so that it's not shown in the interface on subsequent request. Otherwise, we end up in a situation where we still return the subscription in the period until Stripe triggers the webhook.
- Added boolean coercion for cancel_at_period_end parameter. If anything but boolean is passed to Stripe API it throws an error.  Coercing the value on our side is a gives a better dev experience
2019-12-12 15:19:36 +07:00
Fabien O'Carroll
94ef530b3c Fixed bug in cancelAllSubscriptions
no-issue

We filter out previously cancelled subscriptions, but used the wrong string "cancelled" instead of "canceled"
https://stripe.com/docs/billing/lifecycle#subscription-states
2019-12-09 15:55:37 +02:00
Fabien O'Carroll
231218c4e6 Published new versions
- @tryghost/members-api@0.10.1
2019-12-09 14:31:12 +02:00
Fabien O'Carroll
7db503b13b Fixed local webhooks when using localhost urls
no-issue

When using localhost urls the call to `create` will error and end in teh
catch block - so we need to use the environment variable there, too.

Introduced in 0149dd8f
2019-12-09 14:29:59 +02:00
Nazar Gargol
fe462ae706 Published new versions
- @tryghost/members-api@0.10.0
2019-12-06 13:29:27 +07:00
Naz Gargol
3060e11a4e Changed members-api constructor to accept Member model directly ()
no issue

- As members have become a part of Ghost core there is no need to proxy methods like this anymore and we can allow members-api to work on the model directly
- Methods come from Ghost core: https://github.com/TryGhost/Ghost/blob/cc39786/core/server/services/members/api.js#L11-L110
2019-12-05 18:16:18 +07:00
Naz Gargol
0149dd8f4d Added priority to webhook secret if present in env ()
no issue

- When debugging Stripe with using: `stripe listen \
  --forward-to http://ghost.local/members/webhooks/stripe/` this priority is nice to have so that Ghost process can be initialized using WEBHOOK_SECRET env variable
- It was not working in current form because Stripe recognized `ghost.local` as a valid domain and didn't throw any errors
- Removed unneeded secret assignment in a catch statement. It is redundant with the new implementation
2019-11-25 13:15:28 +07:00
Fabien O'Carroll
9da1a18770 Published new versions
- @tryghost/magic-link@0.3.2
 - @tryghost/members-api@0.9.0
 - @tryghost/members-ssr@0.7.3
2019-11-05 18:22:07 +07:00
Fabien O'Carroll
19148dab4e Included subscription information when listing members
no-issue
2019-11-05 16:12:20 +07:00
Renovate Bot
2ce0c5a992 Update Test & linting packages 2019-11-01 13:40:10 +07:00
Fabien O'Carroll
a35d947413 Published new versions
- @tryghost/magic-link@0.3.1
 - @tryghost/members-api@0.8.3
 - @tryghost/members-ssr@0.7.2
2019-10-30 15:24:07 +07:00
Fabien O'Carroll
7a3c99886d Added logging for failed webhook verification
no-issue

This gives us some more information about the secret used
2019-10-30 14:40:16 +07:00
Renovate Bot
f233d5fc71 Update dependency cookies to ^0.8.0 2019-10-14 12:38:53 +07:00
Fabien O'Carroll
ebbf4e69f9 Published new versions
- @tryghost/magic-link@0.3.0
 - @tryghost/members-api@0.8.2
2019-10-11 12:03:51 +07:00
Fabien O'Carroll
47ed334597 Updated use of magic-link module to pass subject
no-issue

This takes advantage of magic-links smaller tokens
2019-10-11 11:58:23 +07:00
Fabien O'Carroll
d248c909d9 Updated usage of magic-link, passing secret
no-issue
2019-10-11 11:58:23 +07:00
Fabien O'Carroll
5d2e20fbb7 Published new versions
- @tryghost/magic-link@0.2.2
 - @tryghost/members-api@0.8.1
2019-10-10 20:21:23 +07:00
Fabien O'Carroll
e04898cb3d Pass getSubject option to MagicLink module
no-issue
2019-10-10 20:20:46 +07:00
Fabien O'Carroll
2c4732b46d Published new versions
- @tryghost/magic-link@0.2.1
 - @tryghost/members-api@0.8.0
 - @tryghost/members-ssr@0.7.0
2019-10-09 10:51:35 +07:00
Fabien O'Carroll
2d058d8a47 Refactored updateSubscription to fetch payment info
no-issue
2019-10-09 10:48:57 +07:00
Fabien O'Carroll
5a0adce65d Inverted active check for subscriptions
no-issue

This is more explicit about what we consider to be an active subscription
2019-10-09 10:46:55 +07:00
Fabien O'Carroll
5a17327a93 Improved error logging for webhook handling
no-issue
2019-10-09 10:46:55 +07:00
Fabien O'Carroll
310972f73c Updated signatures for get/set metadata
no-issue
2019-10-09 10:46:55 +07:00
Fabien O'Carroll
4c4cc90d05 Added the extra events to the stripe webhook
no-issue

* customer.subscription.deleted - when a subscription is cancelled
* customer.subscription.updated - when a subscription status/plan changes
* invoice.payment_succeeded - when a subscription has successfully renew
* invoice.payment.failed - when a subscription has failed to renew
2019-10-09 10:46:55 +07:00
Fabien O'Carroll
6fc6718735 Renamed addCustomerToMember to updateCustomer
no-issue
2019-10-09 10:46:55 +07:00
Fabien O'Carroll
8829b545a9 Updated handleStripeWebhook middleware
no-issue

This adds the handlers for the new events we want to listen to
2019-10-09 10:46:55 +07:00
Fabien O'Carroll
68d65c905a Added webhook handlers for subscription lifecycle events
no-issue

We will need these to keep our metadata in sync with stripe
2019-10-09 10:46:55 +07:00
Fabien O'Carroll
6806505a4c Updated stripe to store and retrieve from metadata
no-issue

This means that we will not have to make api requests to find out the
customers subscriptions
2019-10-09 10:46:55 +07:00
Fabien O'Carroll
d11a0db726 Refactored some private methods for stripe
no-issue

This is to expose a clearer contract with the outside world
2019-10-09 10:46:55 +07:00
Fabien O'Carroll
3d7c28a7f9 Published new versions
- @tryghost/members-api@0.7.7
2019-10-06 21:19:23 +07:00
Fabien O'Carroll
d6cb2ca796 Defaulted allowSelfSignup to true
no-issue

This is to keep backwards compatibility
2019-10-06 21:18:09 +07:00
Fabien O'Carroll
1208b41b9f Added allowSelfSignup options to auth config
no-issue

This flag is used to allow the sendMagicLink middleware to send an email
to members which do not yet exist. When this flag is set to false, the
only way to create members, would be via the stripe webook, or via the
`create` method exposed on the `members` object
2019-10-06 21:18:09 +07:00
Fabien O'Carroll
a643b3ff1f Sent "signup" emails when member created via stripe
no-issue

This is the correct email to send, as they are a new member
2019-10-06 21:18:09 +07:00
Fabien O'Carroll
355dd8b501 Corrected logic to send signin/signup emails
no-issue

This ensures that existing members recieve "signin" emails and new
members recieve "signup" (or "subscribe") emails
2019-10-06 21:18:09 +07:00
Fabien O'Carroll
3550452cd5 Published new versions
- @tryghost/members-api@0.7.6
2019-10-03 17:23:21 +07:00
Fabien O'Carroll
dd566b3d29 Added support for custome success/cancel urls
no-issue

This will allow clients to customise where they are redirecting to after
the stripe checkout session is exited.
2019-10-03 17:22:29 +07:00
Fabien O'Carroll
88832fa923 Published new versions
- @tryghost/members-api@0.7.5
 - @tryghost/members-ssr@0.6.0
2019-10-02 18:21:10 +07:00
Fabien O'Carroll
a6adfdd92c Protected against missing member for id token
no-issue

If a cookie still exists after a member has been deleted we can have
some strange requests, this just ensures that we check for existence.
2019-10-02 18:19:39 +07:00
Fabien O'Carroll
af25cfb619 Added interval, currency and last4 to stripe data
no-issue

This is attached to each "stripe item" belonging to a member
2019-10-02 18:19:39 +07:00
Fabien O'Carroll
3861bf253c Added options to stripe retrieve request
no-issue

This will allow us to expand sub objects when talking to stripe
2019-10-02 18:19:39 +07:00
Fabien O'Carroll
17a141f271 Published new versions
- @tryghost/members-api@0.7.4
2019-10-02 15:16:32 +07:00
Fabien O'Carroll
018471c07c Fixed usage of updateMember to use id correctly
no-issue
2019-10-02 15:15:20 +07:00
Fabien O'Carroll
e54b61297c Published new versions
- @tryghost/members-api@0.7.3
2019-10-02 15:06:10 +07:00
Fabien O'Carroll
071a54be7d Called cancelAllSubscriptions when destroying member
no-issue
2019-10-02 15:05:12 +07:00
Fabien O'Carroll
6fe46a79f3 Added cancelAllSubscriptions method
no-issue

This gets all subscriptions, filters out ones which have already been
cancelled and cancels the rest
2019-10-02 15:05:12 +07:00
Fabien O'Carroll
18aeed905a Refactored getActiveSubscriptions to getSubscriptions
no-issue
2019-10-02 15:05:12 +07:00
Fabien O'Carroll
ea5503f58d Published new versions
- @tryghost/members-api@0.7.2
2019-10-02 13:52:10 +07:00
Fabien O'Carroll
561493bfb2 Added debugs and improved getCustomer handling
no-issue

This adds more debugs so we can follow what's happening and also adds
better handing for failures when getting a customer from stripe
2019-10-02 13:47:37 +07:00
Fabien O'Carroll
1c3e563ad7 Improved logging for members-api
no-issue

This allows the logger to be passed in, and configures stripe to have access to it
2019-10-02 13:47:37 +07:00
Fabien O'Carroll
80f1155590 Ensured we do not create multiple webhooks on boot
no-issue

This updates the initialisation logic to fetch all webhooks (we use
limit: 100, and there are currently a max of 16 webhooks in stripe) and
find one with the corrct url. Once found, delete that webhook. We then
attempt to create a new one, and log out any errors (this is to allow
for local development, creating a webhook with a local url is expected
to fail)
2019-10-02 13:47:37 +07:00
Fabien O'Carroll
48cb8d14da Wrapped getCustomer in try catch
no-issue

This protects against live/test mode poisoned databases
2019-10-02 13:47:37 +07:00
Fabien O'Carroll
d1b29fd0b7 Added list and update stripe requests
no-issue

These will be used for listing and updating webhooks on configuration
2019-10-02 13:47:37 +07:00
Fabien O'Carroll
11a5a9ac69 Published new versions
- @tryghost/members-api@0.7.1
2019-10-01 17:48:31 +07:00
Fabien O'Carroll
0b5a70dcf4 Added default options param for users#create
no-issue

This allows create to have an optional second parameter, so that it
doesn't error when called with just data.
2019-10-01 17:42:22 +07:00
Fabien O'Carroll
d85ea20ad2 Published new versions
- @tryghost/magic-link@0.2.0
 - @tryghost/members-api@0.7.0
2019-10-01 14:47:27 +07:00
Fabien O'Carroll
ece58fe9fd Pass through getText and getHTML function from mail
no-issue

This will allow consumers of this module to customise the content of emails
2019-10-01 14:46:17 +07:00
Fabien O'Carroll
b852de95c8 Updated members-api to pass the emailType to magic-link
no-issue

This will allow requests to send the correct email
2019-10-01 14:46:17 +07:00
Fabien O'Carroll
5170c7c1d4 Published new versions
- @tryghost/magic-link@0.1.4
 - @tryghost/members-api@0.6.2
 - @tryghost/members-ssr@0.5.2
2019-10-01 11:21:07 +07:00
Fabien O'Carroll
8422a2f28d Fixed signature for listMembers call
no-issue
2019-10-01 11:02:54 +07:00
Renovate Bot
ab023e1df9 Update Test & linting packages 2019-09-30 01:35:30 +00:00
Fabien O'Carroll
f966907c78 Published new versions
- @tryghost/members-api@0.6.1
2019-09-26 17:14:08 +07:00
Fabien O'Carroll
530390124b Added flag to create member for sending email
no-issue

This allows us to give more functionality to consumers, with a smaller
API (rather than exposing the methods for sending a magic-link email)
2019-09-26 17:11:17 +07:00
Fabien O'Carroll
ff0dc6a168 Published new versions
- @tryghost/magic-link@0.1.3
 - @tryghost/members-api@0.6.0
 - @tryghost/members-ssr@0.5.1
2019-09-25 17:13:00 +07:00
Fabien O'Carroll
acf01e9065 Updated members-api to export POJO
no-issue

Previously members-api exported a pre configured express router with the
paths and handlers defined. This did not allow for much control from the
parent application. This replaces this pattern by exposing middlewares,
which the parent application can mount where it sees fit.
2019-09-25 16:53:08 +07:00
Fabien O'Carroll
d67ad13057 Updated handler for checkout to not require member
no-issue

This will allow the flow to start from the frontend.
2019-09-25 16:53:08 +07:00
Fabien O'Carroll
f7630ec05b Updated createCheckoutSession to work w/o member
no-issue

This will allow us to do a payment first flow, in which a payment is
taken, before creating a member
2019-09-25 16:53:08 +07:00
Fabien O'Carroll
0527304376 Updated stripe to setAppInfo and apiVersion
no-issue
2019-09-25 11:35:58 +07:00
Fabien O'Carroll
6722d3bc8a Ensured member is not linked to customer twice
no-issue

Edge case but easy to solve - so we dun it
2019-09-25 11:20:02 +07:00
Fabien O'Carroll
db42b35e9f Added handler for checkout.session.completed
no-issue

This will link the customer from the checkout session to the member with
the same email
2019-09-25 11:20:02 +07:00
Fabien O'Carroll
ed4dfd8d54 Updated users module to use getActiveSubscriptions
no-issue

This offloads some stripe specific logic into the stripe module
2019-09-25 11:20:02 +07:00
Fabien O'Carroll
314fd6a540 Added method for getting active subscriptions
no-issue
2019-09-25 11:20:02 +07:00
Fabien O'Carroll
a92d5f064b Added method for getting stripe customer for member
no-issue

This finds the first active customer that is linked to the member, and
created and links a new customer if a viable one does not exist.
2019-09-25 11:20:02 +07:00
Fabien O'Carroll
69abbc6fa2 Added method for linking customer to member
no-issue

Uses the metadata storage passed into stripe
2019-09-25 11:20:02 +07:00
Fabien O'Carroll
9beb496bd1 Passed in metadata getter/setter to stripe
no-issue

This will be used to store information such as customer id
2019-09-25 11:20:02 +07:00
Fabien O'Carroll
644fd71d4f Removed unused getPublicConfig method from stripe
no-issue

Don't use it you lose it!
2019-09-25 11:20:02 +07:00
Fabien O'Carroll
373f67a117 Added getCustomer method to stripe
no-issue

This uses the stripeRequests module directly since the customers api was
removed.
2019-09-25 11:20:02 +07:00
Fabien O'Carroll
2849c647d6 Added parseWebhook method to stripe
no-issue

This uses the webhook secret and stripe module to validate the signature
and parse the body into an object
2019-09-25 11:20:02 +07:00
Fabien O'Carroll
343fcecfff Updated stripe to create webhook on boot configure
no-issue

This will allow us to a) have an endpoint to receive webhooks and b) get
hold of the webhook secret to validate the signature.
2019-09-25 11:20:02 +07:00
Fabien O'Carroll
4dc42709c3 Removed superfluous stripe api modules
no-issue

This removes the subscription api as we are using stripe checkout to
generate those

This removes the customers api as we no longer need the deterministic
api for it
2019-09-25 11:20:02 +07:00
Fabien O'Carroll
216ab072b4 Refactored users module to wrap all methods
no-issue

This also adds initial support for `update` user - which is not used
2019-09-25 11:20:02 +07:00
Fabien O'Carroll
f7b61e901d Removed body-parser from router middleware
no-issue

Validating stripe webhooks requires the body as a buffer, so we can no
longer parse json body by default
2019-09-25 11:20:02 +07:00
Fabien O'Carroll
58cb25fe86 Published new versions
- @tryghost/magic-link@0.1.2
 - @tryghost/members-api@0.5.3
 - @tryghost/members-browser-auth@0.2.3
 - @tryghost/members-gateway-api@0.1.7
 - @tryghost/members-ssr@0.5.0
 - @tryghost/members-theme-bindings@0.2.6
2019-09-16 14:01:13 +08:00
Fabien O'Carroll
8b54a91b60 Published new versions
- @tryghost/members-api@0.5.2
2019-09-15 11:50:11 +08:00
Fabien O'Carroll
de0baded13 Logged error when sending email ()
no-issue
2019-09-15 11:48:11 +08:00
Fabien O'Carroll
b834c70559 Published new versions
- @tryghost/magic-link@0.1.1
 - @tryghost/members-api@0.5.1
 - @tryghost/members-auth-pages@1.1.3
 - @tryghost/members-browser-auth@0.2.2
 - @tryghost/members-gateway-api@0.1.6
 - @tryghost/members-gateway-protocol@0.1.4
 - @tryghost/members-ssr@0.4.0
 - @tryghost/members-theme-bindings@0.2.5
2019-09-09 15:53:10 +08:00
Fabien O'Carroll
d741cd9fba Returned fully hydrated member object when creating member
no-issue
2019-09-09 15:51:20 +08:00
Renovate Bot
84f9e69a50 Update dependency sinon to v7.4.2 2019-09-09 13:57:00 +08:00
Fabien O'Carroll
cb3cedd9df Published new versions
- @tryghost/members-api@0.5.0
 - @tryghost/members-ssr@0.3.1
2019-09-06 14:56:19 +08:00
Fabien O'Carroll
4ead495b45 Ensured that destroying member removes stripe customer
no-issue

This also mean sthe subscription will be cancelled
2019-09-06 14:30:27 +08:00
Fabien O'Carroll
ec3948287f Added subscription data when fetching member 2019-09-06 14:30:27 +08:00
Fabien O'Carroll
4f1bc288c5 Added support for stripe checkout payments 2019-09-06 14:30:27 +08:00
Fabien O'Carroll
61561a5af6 Added stripe payments module 2019-09-06 14:30:27 +08:00
Fabien O'Carroll
7376a333c2 Removed lib/subscriptions
no-issue

This is no longer used
2019-09-06 14:30:27 +08:00
Fabien O'Carroll
1c5ba6056a Removed lib/cookies
no-issue

This is no longer used
2019-09-06 14:30:27 +08:00
Fabien O'Carroll
8bfcc37ad4 Removed lib/util
no-issue

This is no longer used
2019-09-06 14:30:27 +08:00
Fabien O'Carroll
64738adfc0 Removed gateway
no-issue

This is no longer needed
2019-09-06 14:30:27 +08:00
Fabien O'Carroll
95ed945f6d Published new versions
- @tryghost/members-api@0.4.1
 - @tryghost/members-auth-pages@1.1.2
2019-09-05 11:01:48 +08:00
Fabien O'Carroll
ffd20f74f0 Exported members from members-api
no-issue

This allows consumers of the service to fetch members with payment info
2019-09-05 11:00:46 +08:00
Fabien O'Carroll
33ff98f789 Published new versions
- @tryghost/magic-link@0.1.0
 - @tryghost/members-api@0.4.0
 - @tryghost/members-auth-pages@1.1.1
 - @tryghost/members-browser-auth@0.2.1
 - @tryghost/members-gateway-api@0.1.5
 - @tryghost/members-gateway-protocol@0.1.3
 - @tryghost/members-ssr@0.3.0
 - @tryghost/members-theme-bindings@0.2.4
2019-09-03 18:25:17 +08:00
Fabien O'Carroll
d9fd07ef7f Fixed getMemberIdentityData method
no-issue

The users.get method expects an object with email prop
2019-09-03 18:21:04 +08:00
Fabien O'Carroll
af6c897a14 Updated members-api to use magic-link
no-issue

This removes a *lot* of funtionality, stripping the members-api module
to *only* handle the magic link signin flow.
2019-09-03 15:35:04 +08:00
Renovate Bot
6276c82888 Update dependency sinon to v7.4.1 2019-08-12 05:28:29 +00:00
Renovate Bot
017c24992f Roll back dependency sinon to 7.3.2 2019-08-12 00:30:26 +00:00
Renovate Bot
b8ae86a8ea Update dependency sinon to v7.4.0 2019-08-05 01:28:22 +00:00
Renovate Bot
97d34b2aa1 Update dependency mocha to v6.2.0 2019-07-22 01:28:44 +00:00
Fabien O'Carroll
283c5fea58 Published new versions
- @tryghost/members-api@0.3.0
2019-07-17 18:23:25 +08:00
Fabien O'Carroll
1fb969ad36 Refactored to improve logging and error handling
* Installed stripe@7.4.0

refs 

We were relying on stripe being installed in Ghost, this moves the dep
to the correct package.

* Created exponentialBackoff wrapper for stripe api

refs 

https://stripe.com/docs/testing#rate-limits The stripe docs suggest to
use exponential backoff when recieving a rate limit error. This wrapper
will wrap stripe api calls, and retry them after 1s,2s,4s,8s,16s until
eventually failing. This gives a total of 5 retries over 31s.

* Added wrappers around the stripe api calls

refs 

* Ensured all calls to stripe api go via exp backoff

refs 

* Scaffolding out the error handling for stripe api

* Forwarding all errors

* Refactored stripe api into modules

* Ensured the ready promise object is not replaced

* Added logging setup

- Sets up common logger structure with custom logger passed through

* Ensure logger is kept in module state

* Renamed updateLogger to setLogger

* Removed `logger` param and exposed setLogger method

* Ensured different ids used for test mode

* Ensure setLogger works for prototype methods

* Removed reconfigureSettings method

* Updated payment processer service to keep static ready promise

* Added eventemitter to member api instance to handle errors

* Moved logging of errors to http level
2019-07-17 18:20:13 +08:00
Fabien O'Carroll
20c60e4de3 Published new versions
- @tryghost/members-api@0.2.0
 - @tryghost/members-browser-auth@0.1.3
 - @tryghost/members-gateway-api@0.1.4
 - @tryghost/members-theme-bindings@0.2.2
2019-07-09 15:39:16 +08:00
Fabien O'Carroll
34f7b2c7d6 Updated members-api to export a router instance
no-issue

This was the original design, to make it easy to incorporate into
another application, but the URL structure in Ghost did not allow for
it, we've since learnt that the URL structure _should_ be how it is
here, so we can export a router with both the auth endpoints and the
static files for the gateway
2019-07-09 15:23:11 +08:00
Fabien O'Carroll
f220ee10c7 Published new versions
- @tryghost/members-api@0.1.2
 - @tryghost/members-auth-pages@0.2.2
 - @tryghost/members-browser-auth@0.1.2
 - @tryghost/members-gateway-api@0.1.3
 - @tryghost/members-gateway-protocol@0.1.2
 - @tryghost/members-theme-bindings@0.2.0
2019-06-25 14:22:42 +07:00
Renovate Bot
ca998d0529 Update dependency jsdom to v15.1.1 2019-06-03 01:27:16 +00:00
Renovate Bot
32a13bf561 Update dependency jsdom to v15.1.0 2019-05-13 02:30:08 +00:00
Fabien O'Carroll
4633ea06e4 Published new versions
- @tryghost/members-api@0.1.1
 - @tryghost/members-auth-pages@0.1.2
2019-05-07 17:40:25 +02:00
Fabien O'Carroll
ac847dbecd Added default test dir and eslintrc
no-issue
2019-05-07 17:35:17 +02:00
Fabien O'Carroll
986791d091 Added package.json and deps for members-api
no-issue
2019-05-07 17:35:17 +02:00
Fabien O'Carroll
9e65199f14 Updated require paths for local modules
no-issue
2019-05-07 17:35:17 +02:00
Fabien O'Carroll
7ec3f61e71 Refactored directory structure
no-issue

This is to better fit the index.js, lib model
2019-05-07 17:35:17 +02:00
Fabien O'Carroll
7b6e73e093 Refactored lib/members to remove unused router
no-issue

Also exposes the getPublicKeys method
2019-05-07 17:35:17 +02:00
Fabien O'Carroll
2c9130a244 Removed serving of auth pages from lib/members
no-issue
2019-05-07 17:35:17 +02:00
Fabien O'Carroll
bf156b0b79 Removed auth pages from lib/members
no-issue

These have been moved to https://github.com:TryGhost/Members
2019-05-07 17:35:17 +02:00
Zimo
5101735f9d Updated members payment failed copy and style
no-issue
2019-05-07 17:35:17 +02:00
Fabien O'Carroll
79f31b7323 Updated token generation to use plans on member
no-issue

This is to remove duplication of logic, that now lives solely in the
getMember method
2019-05-07 17:35:17 +02:00
Fabien O'Carroll
239237f402 Updated getMember to return plans
no-issue

Plans are distinct from subscriptions, as in theory a subscription could
have many plans. These moves the construction of the plans array into
the getMember function so that every consumer has access to the same
data.
2019-05-07 17:35:17 +02:00
Rish
618f7e35cc Updated signup flow to handle invalid payments
no issue
2019-05-07 17:35:17 +02:00
Fabien O'Carroll
371a0698a6 Fixed bug with deleting members after config change 2019-05-07 17:35:17 +02:00
Fabien O'Carroll
c1a85e8bc3 Updated members auth pages to use gateway-protocol ()
no-issue

This swaps out a hand copied library with the published one on npm
2019-05-07 17:35:17 +02:00
Zimo
9e53c6332a Added close event on member pages background click 2019-05-07 17:35:17 +02:00
Peter Zimon
540977fcb8 Members refine buttons ()
* Members: disabled signup button during signup

* Members: disabled non-Stripe signup button during signup

* Members: added check to Log in button logged in state
2019-05-07 17:35:17 +02:00
Zimo
d63127bcdc Updated mobile styles for members upgrade screen 2019-05-07 17:35:17 +02:00
Fabien O'Carroll
ac9daac9f2 Fixed subscription issue with null coupons
no-issue

Coupons were being sent as null to the api, so we support non required fields
2019-05-07 17:35:17 +02:00
Fabien O'Carroll
6e37c50ce7 Added default disabled state of false to FormInput
no-issue
2019-05-07 17:35:17 +02:00
Fabien O'Carroll
43d65d0709 Removed unused onClick handler in StripeSubscribePage
no-issue
2019-05-07 17:35:17 +02:00
Fabien O'Carroll
c1c13379c7 Added coupon support to StripeSubscribePage
no-issue

Only shows the (disabled) input when a coupon is available
2019-05-07 17:35:17 +02:00
Fabien O'Carroll
9a5abbbde2 Cleaned up render{Subscribe,Upgrade}Page
no-issue

- ensured promises are returned
- removed unused prop
2019-05-07 17:35:17 +02:00
Fabien O'Carroll
016e29c5a8 Added CouponInput component
no-issue

This can be used in the subscribe pages to pass coupon info through
2019-05-07 17:35:17 +02:00
Fabien O'Carroll
e0225b8b54 Added support for disabled form elements
no-issue

This can be used for a coupon input in future
2019-05-07 17:35:17 +02:00
Fabien O'Carroll
fbe6ba4b49 Updated members api and gateway to pass coupo
no-issue

This will allow the auth pages and members sdk to pass coupons through
to the api.
2019-05-07 17:35:17 +02:00
Fabien O'Carroll
f99d66d8b9 Passed coupon from metadata through to stripe
no-issue

This will allow us to send through coupons from the api layer and have
stripe handle the rest :)
2019-05-07 17:35:17 +02:00
Rish
b00c82d3a6 Added spinner on member signup pages
no issue
2019-05-07 17:35:17 +02:00
Rish
0fbc808ff9 Updated member signin page to show logged in status
no issue
2019-05-07 17:35:17 +02:00
Zimo
8cb3c1510d Added fade in for signup complete page 2019-05-07 17:35:17 +02:00
Peter Zimon
43adc432f5 Members refinements ()
* Updated close animation speed for members pages
* Updated responsive styles for members mobile screens 
* Adding spinner CSS to members pages
* Adding members signup complete page
2019-05-07 17:35:17 +02:00
Fabien O'Carroll
10bfe05b39 Updated theme layer to use members-ssr ()
* Removed support for cookies in members auth middleware

no-issue

The members middleware will no longer be supporting cookies, the cookie
will be handled by a new middleware specific for serverside rendering,
more informations can be found here:

https://paper.dropbox.com/doc/Members-Auth-II-4WP4vF6coMqDYbSMIajo5

* Removed members auth middleware from site app

no-issue

The site app no longer needs the members auth middleware as it doesn't
support cookies, and will be replaced by ssr specific middleware.

https://paper.dropbox.com/doc/Members-Auth-II-4WP4vF6coMqDYbSMIajo5

* Added comment for session_secret setting

no-issue

We are going to have multiple concepts of sessions, so adding a comment
here to be specific that this is for the Ghost Admin client

* Added theme_session_secret setting dynamic default

no-issue

Sessions for the theme layer will be signed, so we generate a random hex
string to use as a signing key

* Added getPublicConfig method

* Replaced export of httpHandler with POJO apiInstance

no-issue

This is mainly to reduce the public api, so it's easier to document.

* Renamed memberUserObject -> members

no-issue

Simplifies the interface, and is more inline with what we would want to export as an api library.

* Removed use of require options inside members

no-issue

This was too tight of a coupling between Ghost and Members

* Simplified apiInstance definition

no-issue

* Added getMember method to members api

* Added MembersSSR instance to members service

* Wired up routes for members ssr

* Updated members auth middleware to use getPublicConfig

* Removed publicKey static export from members service

* Used real session secret

no-issue

* Added DELETE /members/ssr handler

no-issue

This allows users to log out of the theme layer

* Fixed missing code property

no-issue

Ignition uses the statusCode property to forward status codes to call sites

* Removed superfluous error middleware

no-issue

Before we used generic JWT middleware which would reject, now the
middleware catches it's own error and doesn't error, thus this
middleware is unecessary.

* Removed console.logs

no-issue

* Updated token expirty to hardcoded 20 minutes

no-issue

This returns to our previous state of using short lived tokens, both for
security and simplicity.

* Removed hardcoded default member settings

no-issue

This is no longer needed, as defaults are in default-settings.json

* Removed stripe from default payment processor

no-issue

* Exported `getSiteUrl` method from url utils

no-issue

This keeps inline with newer naming conventions

* Updated how audience access control works

no-issue

Rather than being passed a function, members api now receives an object
which describes which origins have access to which audiences, and how
long those tokens should be allowed to work for. It also allows syntax
for default tokens where audience === origin requesting it. This can be
set to undefined or null to disable this functionality.

{
    "http://site.com": {
        "http://site.com": {
            tokenLength: '5m'
        },
        "http://othersite.com": {
            tokenLength: '1h'
        }
    },
    "*": {
        tokenLength: '30m'
    }
}

* Updated members service to use access control feature

no-issue

This also cleans up a lot of unecessary variable definitions, and some
other minor cleanups.

* Added status code to auth pages html response

no-issue

This was missing, probably default but better to be explicit

* Updated gateway to have membersApiUrl from config

no-issue

Previously we were parsing the url, this was not very safe as we can
have Ghost hosted on a subdomain, and this would have failed.

* Added issuer to public config for members

no-issue

This can be used to request SSR tokens in the client

* Fixed path for gateway bundle

no-issue

* Updated settings model tests

no-issue

* Revert "Removed stripe from default payment processor"

This reverts commit 1d88d9b6d73a10091070bcc1b7f5779d071c7845.

* Revert "Removed hardcoded default member settings"

This reverts commit 9d899048ba7d4b272b9ac65a95a52af66b30914a.

* Installed @tryghost/members-ssr

* Fixed tests for settings model
2019-05-07 17:35:17 +02:00
Rish
345d69102a Updated subscription data in member request
no issue

- Added subscription amount to member subscription data
2019-05-07 17:35:17 +02:00
Rishabh Garg
daf5a41af0 Added Admin API for deleting members ()
no issue

- Added new API to delete members
- Added methods to handle e2e member deletion
- Deleting member via Admin leads to
  - Removal of member from payment processor and cancelling all active subscriptions immediately
  - Removal of member information from DB
2019-05-07 17:35:17 +02:00
Rish
bc889ae9a0 Refactored members auth flow with dynamic settings
no issue

- Updated members auth flow UI
- Updated members settings and routing to be dynamic
2019-05-07 17:35:17 +02:00
Fabien O'Carroll
25aac1359d Added support for serverside rendering of members content ()
no-issue

- Added member auth middleware to siteApp
- Passed member as context in routing service
- set Cache-Control: private for member requests
- fucked up some tests
- Added member as global template variable
- Updated tokens to have expiry of subscription_period_end
2019-05-07 17:35:17 +02:00
Fabien O'Carroll
121b7d200f Improved Members security and performance ()
no-issue

* Corrected function names for rpc methods

* Updated gateway to store tokens locally

* Fixed lint

* Added hardcoded 30 minute expiry for member tokens

* Added default contentApiAccess config;

* Updated validateAudience method

This is required for security, we need to restrict which domains can access
tokens meant for the content api
2019-05-07 17:35:17 +02:00
Fabien O'Carroll
eb94871b6c Added upgrade page to members auth ()
no-issue
2019-05-07 17:35:17 +02:00
Zimo
3b7d35ed0a Applying basic styles to members popups
no issue
2019-05-07 17:35:17 +02:00
Rish
a06d924493 Updated members modal UI structure
no issue
2019-05-07 17:35:17 +02:00
Rishabh Garg
beeedf7005 Updated signup page for members ()
no issue

* Added new subscribe page with stripe integration
2019-05-07 17:35:17 +02:00
Fabien O'Carroll
464caaf5df Updated product hashseed to be hardcoded ()
no-issue
2019-05-07 17:35:17 +02:00
Fabien O'Carroll
cd674fb470 Added config endpoint to Member API ()
no-issue

* Added getPublicConfig method to stripe payment processor
* Added getPublicConfig method to subscriptions service
* Added initial config endpoint for members api
* Added getConfig method to members gateway
2019-05-07 17:35:17 +02:00
Fabien O'Carroll
88b9f25541 Added initial subscription support with stripe to Members API ()
These changes introduce a new "service" to the members api, which handles getting and creating subscriptions.

This is wired up to get subscription information when creating tokens, and attaching information to the token, so that the Content API can allow/deny access. 

Behind the subscription service we have a Stripe "payment processor", this holds the logic for creating subscriptions etc... in Stripe.

The logic for getting items out of stripe uses a hash of the relevant data as the id to search for, this allows us to forgo keeping stripe data in a db, so that this feature can get out quicker.
2019-05-07 17:35:17 +02:00
Fabien O'Carroll
e1ba916ce6 Refactored auth pages for future flows ()
no-issue

* Used camelCase for gateway method calls
* Added some components for building blocks of forms
* Added input specific components
* Added Form component
    This handles collecting the data to submit and sharing state between forms
* Added Pages component to handle urls
* Added the pages for the popup
* Added MembersProvider component
    This is designed to give its children access to gateway methods
* Added Modal component
    This wraps the pages and handles dispatching form submissions to the members gateway
* Refactored index.js to use new components/pages
* Fixed default page from Signup -> Signin
2019-05-07 17:35:17 +02:00
Rishabh Garg
0b2d70d617 Added new admin API for members ()
no issue

- Added read and browse admin API for members
2019-05-07 17:35:17 +02:00
Rish
740209e2e4 Fixed console getting cleared on dev start
closes https://github.com/TryGhost/Ghost/issues/10409

- Removed `clearConsole` on preact cli
2019-05-07 17:35:17 +02:00
Fabien O'Carroll
5ffdfe9875 Refactored members for management api ()
no-issue
2019-05-07 17:35:17 +02:00
Rish
7ef520c2ea Fixed error handling for members reset password
no-issue

- Both input and form error was shown on submitting reset-password form
- Does not submit form anymore in case of validation errors
2019-05-07 17:35:17 +02:00
Peter Zimon
8d87eedcb4 Members auth ui refinements ()
* Update mobile modal animations
* Member popup input error and placeholder refinements
* Adding close animation to members auth popups
* Improve members auth dialog
* Refine members reset password design
2019-05-07 17:35:17 +02:00
Fabien O'Carroll
99aeda5909 Removed ssoOriginCheck from signout endpoint ()
no-issue

the ssoOriginCheck exists to ensure that we only allow signin/signup to
be called from the specified auth page, this is a very minor security
feature in that it forces signins to go via the page you've designated.
signout however does not need this protection as the call to signout
completely bypasses any UI (this is the same for the call to /token)
2019-05-07 17:35:17 +02:00
Fabien O'Carroll
b219e26ea6 Added members lib module ()
* Added members library inc. gateway

refs 

* Added the auth pages and build steps for them

refs 

* Cleaned up logs

* Updated gruntfile to run yarn for member auth

* Design refinements on members popups

* UI refinements

* Updated backend call to trigger only if frontend validation passes

* Design refinements for error messages

* Added error message for email failure

* Updated request-password-reset to not attempt to send headers twice

* Updated preact publicPath to relative path

* Build auth pages on init
2019-05-07 17:35:17 +02:00