Commit Graph

19 Commits

Author SHA1 Message Date
Kevin Ansfield
bf63ffe424 Moved members geolocation fetch/update into members-ssr (#151)
closes https://github.com/TryGhost/Members/issues/148

- geolocation was not being fetched/stored for paid member signup
  - magic link was being sent after Stripe webhook but we don't have an IP at that stage
  - it only worked when a magic link was requested by the browser
- moved the geolocation fetch/update to `members-ssr`
  - kept the ip geolookup and storage inside `members-api` but exposed it as a method so consumers are able to choose when it's performed
  - used the new api method in `members-ssr` when exchanging a token from the session as that is always driven by browser requests so we know we have an IP and it's likely the correct one (reliant on consumers having "trust proxy" config correct)
  - stopped storing IP addresses in the token payload (keeps links shorter)
2020-06-04 13:20:19 +01:00
Fabien O'Carroll
2a90d84e9a Added flag for disabling sign cookies
no-issue
2019-10-11 18:00:19 +07:00
Fabien O'Carroll
e6c8f77d4e Removed cookie based caching
no-issue

This was just a temporary stopgap. The correct solution is to cache in the backend
2019-10-09 10:46:55 +07:00
Fabien O'Carroll
d02bab7ea8 Made sure we throw an error for invalid session
no-issue
2019-10-02 18:19:39 +07:00
Fabien O'Carroll
957a0df658 Ensured falsy values not returned from cache cookie
no-issue
2019-09-30 12:10:29 +07:00
Fabien O'Carroll
ab4493db5f Ensured falsy values are not set as cookies
no-issue
2019-09-30 12:10:29 +07:00
Fabien O'Carroll
016422ce06 Updated members-ssr to use token from query string
no-issue

This changes the exchangeTokenForSession method to read the token from a
`token` query string, rather than from the request body.

This also includes a refactor to change MembersSSR into a class, and
document all methods with JsDoc type annotations which can be
interpreted by the typescript compiler
2019-09-16 13:58:05 +08:00
Fabien O'Carroll
458bcf41fa Stored cached member data in separate cookie
no-issue

This allows for simple trusted caching. We can still use the primary
cookie to determine whether or not a session exists, the cached cookie
can safely be deleted or ignored. This is an "progressive enhancement"
on top of the existing solution.
2019-09-09 15:51:20 +08:00
Fabien O'Carroll
198e525d59 Fixed getMemberIdentiyTokenFromSession
no-issue

This did not have the cookieConfig passed, so could not correctly parse request
2019-09-06 14:30:27 +08:00
Fabien O'Carroll
75a6ccf669 Updated members-ssr to work with members-api
no-issue

This updaes the ssr package to work with the new magic link signin method
2019-09-03 15:35:04 +08:00
Fabien O'Carroll
21123d4061 Fixed getMemberDataFromSession usage of membersApi
no-issue

Since we allow the membersApi to be a thunk - we must wrap all
references to it in a call to get
2019-07-17 18:05:38 +08:00
Fabien O'Carroll
942187f48e Added support for passing thunk for membersApi
no-issue

This is to allow support for consumers to dynamically update their
membersApi instance, for example when configuration changes, and not
have to replace the instance of members-ssr
2019-07-17 15:06:20 +08:00
Fabien O'Carroll
7e5733998e Removed request stream consumption unless required
no-issue

This is to avoid the getMemberDataFromCookie helper consuming the
request stream before other handlers can read from it.
2019-05-06 12:23:27 +02:00
Fabien O'Carroll
632fdce8b1 Added deleteSession method
no-issue

This will be used for logout
2019-04-16 12:22:55 +02:00
Fabien O'Carroll
8ae95f6d32 Updated to return Promise.reject rather than throw
no-issue

This is cleaner IMO
2019-04-16 12:22:55 +02:00
Fabien O'Carroll
eaf163cb9c Updated to use membersApi iss as expected aud
no-issue

This is because we now use specific URLs for audiences claims, e.g. for
members running locally the audience would be:

    - http://localhost:2368/ghost/api/v2/members/
2019-04-16 12:22:55 +02:00
Fabien O'Carroll
02468bfe0c Fixed cookie verification handling
no-issue

turns out the get method fails if the cookie is missing, rather than returning null
2019-04-16 12:22:55 +02:00
Fabien O'Carroll
2e40e253d6 Implemented MVP 2019-04-16 12:22:55 +02:00
Fabien O'Carroll
803b09664c Ran slimer new members-ssr 2019-04-16 12:22:55 +02:00