Commit Graph

916 Commits

Author SHA1 Message Date
Fabien O'Carroll
121b7d200f Improved Members security and performance (#10511)
no-issue

* Corrected function names for rpc methods

* Updated gateway to store tokens locally

* Fixed lint

* Added hardcoded 30 minute expiry for member tokens

* Added default contentApiAccess config;

* Updated validateAudience method

This is required for security, we need to restrict which domains can access
tokens meant for the content api
2019-05-07 17:35:17 +02:00
Fabien O'Carroll
eb94871b6c Added upgrade page to members auth (#10513)
no-issue
2019-05-07 17:35:17 +02:00
Zimo
3b7d35ed0a Applying basic styles to members popups
no issue
2019-05-07 17:35:17 +02:00
Rish
a06d924493 Updated members modal UI structure
no issue
2019-05-07 17:35:17 +02:00
Rishabh Garg
beeedf7005 Updated signup page for members (#10493)
no issue

* Added new subscribe page with stripe integration
2019-05-07 17:35:17 +02:00
Fabien O'Carroll
464caaf5df Updated product hashseed to be hardcoded (#10484)
no-issue
2019-05-07 17:35:17 +02:00
Fabien O'Carroll
cd674fb470 Added config endpoint to Member API (#10467)
no-issue

* Added getPublicConfig method to stripe payment processor
* Added getPublicConfig method to subscriptions service
* Added initial config endpoint for members api
* Added getConfig method to members gateway
2019-05-07 17:35:17 +02:00
Fabien O'Carroll
88b9f25541 Added initial subscription support with stripe to Members API (#10460)
These changes introduce a new "service" to the members api, which handles getting and creating subscriptions.

This is wired up to get subscription information when creating tokens, and attaching information to the token, so that the Content API can allow/deny access. 

Behind the subscription service we have a Stripe "payment processor", this holds the logic for creating subscriptions etc... in Stripe.

The logic for getting items out of stripe uses a hash of the relevant data as the id to search for, this allows us to forgo keeping stripe data in a db, so that this feature can get out quicker.
2019-05-07 17:35:17 +02:00
Fabien O'Carroll
e1ba916ce6 Refactored auth pages for future flows (#10458)
no-issue

* Used camelCase for gateway method calls
* Added some components for building blocks of forms
* Added input specific components
* Added Form component
    This handles collecting the data to submit and sharing state between forms
* Added Pages component to handle urls
* Added the pages for the popup
* Added MembersProvider component
    This is designed to give its children access to gateway methods
* Added Modal component
    This wraps the pages and handles dispatching form submissions to the members gateway
* Refactored index.js to use new components/pages
* Fixed default page from Signup -> Signin
2019-05-07 17:35:17 +02:00
Rishabh Garg
0b2d70d617 Added new admin API for members (#10435)
no issue

- Added read and browse admin API for members
2019-05-07 17:35:17 +02:00
Rish
740209e2e4 Fixed console getting cleared on dev start
closes https://github.com/TryGhost/Ghost/issues/10409

- Removed `clearConsole` on preact cli
2019-05-07 17:35:17 +02:00
Fabien O'Carroll
5ffdfe9875 Refactored members for management api (#10408)
no-issue
2019-05-07 17:35:17 +02:00
Rish
7ef520c2ea Fixed error handling for members reset password
no-issue

- Both input and form error was shown on submitting reset-password form
- Does not submit form anymore in case of validation errors
2019-05-07 17:35:17 +02:00
Peter Zimon
8d87eedcb4 Members auth ui refinements (#10279)
* Update mobile modal animations
* Member popup input error and placeholder refinements
* Adding close animation to members auth popups
* Improve members auth dialog
* Refine members reset password design
2019-05-07 17:35:17 +02:00
Fabien O'Carroll
99aeda5909 Removed ssoOriginCheck from signout endpoint (#10277)
no-issue

the ssoOriginCheck exists to ensure that we only allow signin/signup to
be called from the specified auth page, this is a very minor security
feature in that it forces signins to go via the page you've designated.
signout however does not need this protection as the call to signout
completely bypasses any UI (this is the same for the call to /token)
2019-05-07 17:35:17 +02:00
Fabien O'Carroll
b219e26ea6 Added members lib module (#10260)
* Added members library inc. gateway

refs #10213

* Added the auth pages and build steps for them

refs #10213

* Cleaned up logs

* Updated gruntfile to run yarn for member auth

* Design refinements on members popups

* UI refinements

* Updated backend call to trigger only if frontend validation passes

* Design refinements for error messages

* Added error message for email failure

* Updated request-password-reset to not attempt to send headers twice

* Updated preact publicPath to relative path

* Build auth pages on init
2019-05-07 17:35:17 +02:00