Commit Graph

563 Commits

Author SHA1 Message Date
Renovate Bot
c13be723e6 Update dependency mocha to v9.1.2 2021-09-28 07:42:20 +00:00
Fabien O'Carroll
2d68442af1 Published new versions
- @tryghost/members-api@1.38.1
2021-09-23 11:16:44 +02:00
Fabien O'Carroll
e93d092766 Fixed handling of invalid tokens when changing email
no-issue

Without a return after ending the response, the code will continue to
attempt to send emails and then send another response which results in
an uncaught error.
2021-09-23 11:12:23 +02:00
Fabien O'Carroll
9031602406 Published new versions
- @tryghost/members-api@1.38.0
2021-09-22 16:50:02 +02:00
Fabien O'Carroll
4e947a88ce Fixed security hole in email address change flow
refs https://github.com/TryGhost/Ghost/security/advisories/GHSA-65p7-pjj8-ggmr

The email address change flow was built on top of the unauthenticated
signin/signup flow. This meant that ownership of the email being changed
wasn't verified and allowed a malicious actore to change the email
address of arbitrary accounts to an email address which they controlled.

We remove the ability to change email addresses from the signin/signup
flow and instead create a dedicated, authenticated flow for changing
email address.
2021-09-22 16:49:17 +02:00
Rishabh
21fbaff41b Published new versions
- @tryghost/members-api@1.37.5
2021-09-22 18:13:43 +05:30
Rishabh
fe4fb78830 Cleaned up stripe-service package usage
no refs

- updates all usages of `stripe-service` package to new correct `members-stripe-service` package
2021-09-22 18:12:40 +05:30
Rishabh
aa0b95528e Published new versions
- @tryghost/members-api@1.37.4
 - @tryghost/members-stripe-service@0.1.0
2021-09-22 18:09:11 +05:30
Rishabh
c21a77cd01 Removed tests temporarily to publish new stripe package
no refs
2021-09-22 18:08:30 +05:30
Rishabh
3e54819469 Revert "Updated usage of stripe-service package to members-stripe-service package"
This reverts commit 7363f0769d.
2021-09-22 18:05:41 +05:30
Rishabh
7363f0769d Updated usage of stripe-service package to members-stripe-service package
refs 8b90c93a79
2021-09-22 18:02:50 +05:30
Rishabh
dacb1d6fa0 Published new versions
- @tryghost/member-analytics-service@0.1.1
 - @tryghost/members-analytics-ingress@0.1.2
 - @tryghost/members-api@1.37.3
2021-09-22 17:21:49 +05:30
Rishabh
1c25665e7e Published new versions
- @tryghost/members-api@1.37.2
2021-09-22 16:57:30 +05:30
Rishabh
85db4aa8bd Removed unused packages from members-api
no refs

Cleans up unused package dependencies on members-api
2021-09-22 16:56:28 +05:30
Rishabh
411345ed42 Published new versions
- @tryghost/members-analytics-ingress@0.1.1
 - @tryghost/members-api@1.37.1
2021-09-22 16:53:59 +05:30
Rishabh
37001c539d Fixed lint
no refs
2021-09-22 16:52:40 +05:30
Rishabh
317caacc0e Updated ingress event handler to use new analytics ingress package
refs https://github.com/TryGhost/Team/issues/1064

- updates handling of member events to use new analytics ingress package which is responsible to ensure storage of event
2021-09-22 16:51:03 +05:30
Rishabh
07d65c4741 Added missing package dependencies
no refs

- the package dependencies of modules we use in `members-api` got missed with previous changes, updating
2021-09-22 16:24:54 +05:30
Rishabh
6c109b1080 Published new versions
- @tryghost/members-analytics-ingress@0.1.0
 - @tryghost/members-api@1.37.0
2021-09-22 16:21:27 +05:30
Rishabh Garg
1f7a455374 Added @tryghost/members-analytics-ingress package (#335)
refs https://github.com/TryGhost/Team/issues/1064

This package will be used as to handle and emit ingress events on new members event endpoint - `/members/api/events`
2021-09-22 16:07:37 +05:30
Fabien O'Carroll
71b3a62c79 Published new versions
- @tryghost/domain-events@0.1.1
 - @tryghost/magic-link@1.0.12
 - @tryghost/member-analytics-service@0.1.0
 - @tryghost/member-events@0.2.0
 - @tryghost/members-api@1.36.0
 - @tryghost/members-ssr@1.0.13
2021-09-21 18:42:13 +02:00
Fabien O'Carroll
41bdd38237 Wired up member-analytics-service
refs https://github.com/TryGhost/Team/issues/1054

We need to instantiate the MemberAnalyticsService so that we can start
listening to events and storing them, this is the minium glue code
required to get us going.
2021-09-21 13:40:23 +02:00
Fabien O'Carroll
bdd030cce5 Published new versions
- @tryghost/domain-events@0.1.0
 - @tryghost/member-events@0.1.0
 - @tryghost/members-api@1.35.0
2021-09-17 15:25:14 +02:00
Fabien 'egg' O'Carroll
528fd23874 Added ability to fetch member by identity token (#329)
refs https://github.com/TryGhost/Team/issues/1057

This method will validate a token, and then return the member associated
with it. Rather than exposing token validation and coupling consumers to
the structure of the token response data.
2021-09-17 11:25:57 +02:00
Fabien O'Carroll
d99e0acf1a Published new versions
- @tryghost/members-api@1.34.0
2021-09-14 13:22:21 +02:00
Fabien 'egg' O'Carroll
1f2750e5c0 Added browse, edit & add methods to MemberBREADService (#326)
refs https://github.com/TryGhost/Team/issues/873

This ensures that all requests to the API will include the mock
subscriptions for comped members. Allowing the Admin to correctly show
the subscription information after adding and editing members. As well
as having the correct information when navigating from the list of
members to an individual member.
2021-09-14 13:18:34 +02:00
Fabien O'Carroll
81f19f4991 Published new versions
- @tryghost/members-api@1.33.0
2021-09-13 14:47:49 +02:00
Fabien O'Carroll
7a401e5253 Used @tryghost/stripe-service in @tryghost/members-api
no-issue

This finalises the extraction of the StripeAPIService to a separate
package!
2021-09-13 14:38:40 +02:00
Fabien O'Carroll
eed346e4ec Published new versions
- @tryghost/members-api@1.32.1
2021-09-08 12:39:51 +02:00
Fabien O'Carroll
00e0c9d205 Fixed webhook handler check for if Stripe configured
no-issue

Previously we would not create an instance of the StripeAPIService if
Stripe was not configured, but that is not the case any more, instead we
have a configured flag on the service. The webhook route handler was not
updated to use this flag and so would attempt to handle webhooks without
having any of the required data. This would result in an uncaught error.
2021-09-08 12:27:09 +02:00
Fabien O'Carroll
a072d19385 Published new versions
- @tryghost/members-api@1.32.0
2021-09-07 18:26:36 +02:00
Fabien O'Carroll
67d2104190 Deleted webhooks when disconnecting from Stripe
refs https://github.com/TryGhost/Team/issues/1006

When disconnecting from Stripe, we currently do not remove the webhooks,
this will result in the webhooks from Stripe failing, and tending toward
a 100% error rate, which will ultimately result in emails from Stripe
about the failing webhook.

In order to stop all of that from happening, we should make sure that we
actively remove the webhook from Stripe when disconnecting.
2021-09-07 18:02:35 +02:00
Fabien O'Carroll
2d394b3a2e Published new versions
- @tryghost/members-api@1.31.0
2021-09-07 16:51:25 +02:00
Fabien O'Carroll
8476e7cbd7 Added disconnectStripe method to handle cleaning up
refs https://github.com/TryGhost/Team/issues/1006

As part of the work to handle cleaning up webhooks when we disconnect
from Stripe, I'm moving the logic to clear out the Stripe related data
from the database into a disconnectStripe method. This then allows us to
start handling the cleanup of webhooks via the Stripe API.
2021-09-07 16:34:08 +02:00
Fabien O'Carroll
ae1f905766 Published new versions
- @tryghost/members-api@1.29.3
2021-09-06 13:10:42 +02:00
Fabien O'Carroll
b6e4eae272 Fixed comped members having a status of 'paid'
refs https://github.com/TryGhost/Team/issues/995

Since we reintroduced the comped status, we did not update the
subscription handling to correctly set members to a status of comped
when they were on a 'Complimentary' plan.
2021-09-06 13:06:30 +02:00
Fabien O'Carroll
dbae9f3233 Published new versions
- @tryghost/members-api@1.29.2
2021-09-06 12:50:25 +02:00
Fabien O'Carroll
66143dbb7c Updated options parameter to be optional
no-issue

Since updating the product repository to force transactions, the options
parameter was used in every call, meaning it wasn't optional any more,
which broke usage. This updates the parameter to have a default so that
existing usage still works.
2021-09-06 12:47:19 +02:00
Fabien O'Carroll
537c9cb02d Published new versions
- @tryghost/magic-link@1.0.11
 - @tryghost/members-api@1.29.1
 - @tryghost/members-csv@1.1.6
 - @tryghost/members-importer@0.3.2
 - @tryghost/members-ssr@1.0.12
2021-09-01 19:12:44 +02:00
Fabien O'Carroll
3b94ba7dce Fixed update method not using transaction for reads
no-issue

Since we run our product repository methods in transactions now we must
ensure that all database interations in the method use the transaction.
This adds the missing options to the reading of existing prices so that
they happen inside of the transaction.
2021-09-01 19:10:12 +02:00
Renovate Bot
b0133b3c2e Update dependency mocha to v9.1.1 2021-08-31 07:43:26 +00:00
Fabien O'Carroll
c782b3d2c9 Published new versions
- @tryghost/members-api@1.29.0
2021-08-26 20:07:08 +02:00
Fabien O'Carroll
82506e1599 Passed transaction to all model methods
refs https://github.com/TryGhost/Team/issues/982

These calls to the edit method were missing the transaction option from
the parent which meant that they ran outside of the transaction and
would cause the method to timeout.
2021-08-26 20:04:06 +02:00
Fabien O'Carroll
dd4d6aeae5 Wrapped product repo methods in transactions
refs https://github.com/TryGhost/Team/issues/982

This ensures that we will not commit any rows to the database if
something is to go wrong with a Stripe API request.
2021-08-26 20:03:16 +02:00
Fabien O'Carroll
dc79f04989 Published new versions
- @tryghost/members-api@1.28.0
2021-08-26 16:16:00 +02:00
Fabien O'Carroll
ec8dbf2890 Added products as default relation when fetching members
no-issue

As subscriptions are a default relation, and we now require products to
populate subscriptions for comped members, we need to include products
by default when reading members.
2021-08-26 16:10:13 +02:00
Fabien O'Carroll
0f4e97eae7 Updated getMemberIdentityData to use BREAD Service
refs https://github.com/TryGhost/Team/issues/986

The getMemberIdentityData is a relic of time past. Originally it was
used before we had anything like the member repository or bread
controller as a way for things inside of the Members ecosystem to get
access to member data.

This updates it to use the same interface as everything else for
fetching members so that we can rely on the shape of the data that we
consider a member.

This update will ensure that themes have access to the dummy
subscriptions created by the `read` method of the MemberBREADService.
2021-08-26 16:07:06 +02:00
Fabien O'Carroll
fa73786c92 Published new versions
- @tryghost/members-api@1.27.3
2021-08-26 15:54:13 +02:00
Fabien O'Carroll
d3b1283241 Removed old product when subscription is updated
refs https://github.com/TryGhost/Team/issues/979

This correctly handles updates to subscriptions so that if the product a
subscription is for has changed, we will remove the previous product, if
and only if there is not another subscription which gives access to it.
2021-08-26 15:53:38 +02:00
Fabien O'Carroll
16d67203cf Published new versions
- @tryghost/members-api@1.27.2
2021-08-26 13:03:41 +02:00