Commit Graph

450 Commits

Author SHA1 Message Date
Naz
05105e1173 Updated method signatures and added JSDocs
refs https://github.com/TryGhost/Team/issues/1674

- While preparing the changes had a look around and made small refactors to understand the codebase a little better. In general it's best to keep the method parameters as small and precise as possible instead of passing around a "bag-of-all-the-things" like "data" around
2022-07-14 12:54:58 +01:00
Naz
2a7166ffc3 Fixed typo 2022-07-14 12:10:18 +01:00
Simon Backx
011c7cb0a2 Added support for updating member enable_comment_notifications
refs https://github.com/TryGhost/Team/issues/1664

This makes it possible for members to update their comment notification preferences
2022-07-07 14:14:02 +02:00
Fabien 'egg' O'Carroll
8e2c600612 Fixed checkout session creation for existing members (#403)
refs https://github.com/TryGhost/Team/issues/1526

We weren't using the `req.body.customerEmail` to load a member and
check their existing tiers, this meant that existing members which
were signed out and attempted to create a stripe checkout session were
able to.
2022-06-01 10:40:52 +01:00
Simon Backx
b8e43ba675 Removed usage of membersActivityFeed flag
refs https://github.com/TryGhost/Team/issues/1616
2022-05-25 10:37:49 +02:00
Simon Backx
9b0259dc6f Removed usage of dashboardV5 feature flag
refs https://github.com/TryGhost/Team/issues/1616
2022-05-25 10:29:55 +02:00
Simon Backx
14a7d1f00f Cleaned up multipleProducts and multipleNewsletters flags 2022-05-25 10:25:02 +02:00
Naz
9756094ae2 🐛 Fixed signing key mismatching in JWT/JWKS
refs https://github.com/TryGhost/Team/issues/1640
closes https://github.com/TryGhost/Members/pull/401/
refs https://forum.ghost.org/t/ghost-jwt-question-possible-bug/30210

- Without `keyid` parameter some of the clien libraries were not able to match the signin key to verify JWT
- Missing `keyid` parameter allows to indicate the key used to secure JWS (as per https://www.rfc-editor.org/rfc/rfc7515#section-4.1.4) and resolves the automatic matching issue on the client.
- The `kid` parameter was left in claims to avoid accidental breaking changes.
2022-05-23 18:45:08 +08:00
Simon Backx
62c992c8e3 Improved bulk unsubscribe operation to use member_id column (#400)
refs https://ghost.slack.com/archives/C02G9E68C/p1652980792270029

When bulk unsubscribing members, the number of deleted newsletter relations are returned instead of the number of members with newsletters that were cleared. This update deletes newsletter relations on member_id, so we can return the count of members instead of newsletter relations that were deleted.

Tests in https://github.com/TryGhost/Ghost/pull/14871
2022-05-20 12:25:58 +02:00
Rishabh
63a859587b Fixed checkout session creation with just offer id
- In case of an offer id present in stripe checkout session, the cadence and tier id values can be null
- this fixes the invalid 400 thrown on missing cadence value while creating stripe checkout session for offer
2022-05-18 13:12:40 +05:30
Fabien 'egg' O'Carroll
676fca7077 Updated Frontend API to work with Tier & Cadence (#399)
refs https://github.com/TryGhost/Team/issues/1575

Since we are not exposing the underlying Price data anymore, we need to
update the API to work with Tier and Cadence.
2022-05-16 19:27:23 +01:00
Matt Hanley
f0798578c4 Fixed issue with filter transform not applying to bulk operations 2022-05-12 09:44:30 +01:00
Aileen Nowak
376db4d085 Removed duplicate usage of importer source
no issue

- Setting a dedicated source for imported members was already done with 455778662c
- This unifies the same source but keeps the usage of context setting on init alive
2022-05-10 10:53:19 -04:00
Fabien 'egg' O'Carroll
b717c90b22 Removed hasActiveStripeSubscriptions method (#396)
refs https://github.com/TryGhost/Team/issues/1147

This endpoint is no longer used in 5.0
2022-05-04 10:56:47 +01:00
Simon Backx
eb8cf49f40 Fixed updating non-existing member internal error (#395)
refs https://github.com/TryGhost/Team/issues/1580

- When you tried to update a member that doesn't exist, an internal error was thrown
- It should throw a 'not found' error instead
- Optimized when to fetch the initialMember

Tests for 4.x in https://github.com/TryGhost/Ghost/pull/14657
Tests for 5.x in https://github.com/TryGhost/Ghost/pull/14658
2022-05-03 16:38:55 +02:00
Fabien "egg" O'Carroll
4bda71e464 Ignored last_seen_at in BREAD service
refs https://github.com/TryGhost/Members/commit/8a40d8e76

This is needed so that the API cannot edit this read only field.
2022-05-02 19:09:47 +01:00
Simon Backx
8a40d8e76b Fixed member webhooks (#394)
refs https://github.com/TryGhost/Team/issues/1577

The call to `edit` was not loading the newsletter relations which is needed
by the serializer used by the webhooks service.

Co-authored-by: Fabien "egg" O'Carroll <fabien@allou.is>
2022-05-02 19:07:30 +01:00
Simon Backx
ae10696e95 Fixed issue with new members always subscribing to defaults
no issue

The member was updated when setting the geolocation, but that also included setting subscribed to true.
2022-04-28 13:16:30 +02:00
Simon Backx
3cb138ea25 Fixed events not having same created_at as members
refs https://github.com/TryGhost/Ghost/pull/14621
refs https://ghost.slack.com/archives/C02G9E68C/p1651126990299689?thread_ts=1651072733.859939&cid=C02G9E68C

- Events didn't always have the same created_at as created members
- This caused a test to fail randomly in the main repo
2022-04-28 09:29:41 +02:00
Aileen Nowak
ea237ebcee Used designated source importer for members event table
no issue

Using a designated source for members being added within the `importer` context will better describe the source in our members event table. It's more consistent with the usage of the other possible sources.
2022-04-27 15:27:19 -04:00
Aileen Nowak
dd702f6ef8 Allow setting context for members importer and use correct source
no issue

When importing members, the members-importer isn't aware of the context and therefore falls back to use `member` as a source in members event table. This makes it impossible to determine imported members from others.
- Added an `context` property to the options in the members-importer constructor
- Checked for `importer` context when creating member events and assigned the source `admin` to it
2022-04-27 15:27:19 -04:00
Simon Backx
f051f9aeeb Fixed bulk unsubscribe
refs https://github.com/TryGhost/Team/issues/1567

- Deletes the newsletter relations instead of setting subscribed to false
- Depends on these changes: https://github.com/TryGhost/Ghost/pull/14610
2022-04-27 19:03:33 +02:00
Simon Backx
27f48e743b Fixed linting error 2022-04-26 19:33:12 +02:00
Simon Backx
a82d0f499d Added mapping from member subscribed to newsletters on edit/create
refs https://github.com/TryGhost/Team/issues/1545

- When editing or creating a member with the subscribed property, it is mapped to the corresponding newletters value
- Defaults to all active newsletters with visibility = members and subscribe_on_signup = true
- Tests in https://github.com/TryGhost/Ghost/pull/14583
2022-04-26 19:28:05 +02:00
Simon Backx
2b01997629 Added newsletter relation to activity feed
refs https://github.com/TryGhost/Team/issues/1478

Makes sure the newsletter relation is returned in the activity feed for susbcribe events (aka newsletter events).
Tests in https://github.com/TryGhost/Ghost/pull/14585
2022-04-26 14:18:34 +02:00
Simon Backx
6a6cc28e3d Added newsletter information in member subscribe events
refs https://github.com/TryGhost/Team/issues/1478

- When creating or editing a member, we'll add the newsletter ids to the subscribe events
- When susbcribing to multiple newsletters, we'll create multiple subscribe events
- When removing newsletters from a member, we'll create one or more subscribe events
- Tests in https://github.com/TryGhost/Ghost/pull/14579
2022-04-26 08:59:59 +02:00
Simon Backx
7fa442516c Updated member bread service to return member subscription offers from offer_id column (#392)
refs https://github.com/TryGhost/Team/issues/1520

- Instead of doing the matching of the offers and subscriptions by looking at the offer redemptions, we can now look at the offer_id from subscriptions.
- This also fixes an issue where we don't attach the offer object to subscriptions in the members' browse method
- Updated browse behaviour to match the read behaviour of members (product relation needs to get loaded because it is missing in member.products if the subscription is expired).

Tests in https://github.com/TryGhost/Ghost/pull/14515
2022-04-20 11:10:41 +02:00
Simon Backx
41e0aa17ff Updated offer_id matching logic to use stripe_coupon_id instead of metadata (#390)
refs https://github.com/TryGhost/Team/issues/1519

- Removed offer metadata again from offer (added in one of the previous commits)
- Added `getByStripeCouponId` method in offer repository (required to find an offer based on the stripe_coupon_id)
- Match discounts from Stripe based on the stripe_coupon_id instead of metadata
2022-04-19 11:21:48 +02:00
Simon Backx
f74b00fea6 Stored offer_id in subscriptions (#389)
refs https://github.com/TryGhost/Team/issues/1519

- Added offer repository dependency to member repository (offerAPI didn't work because it creates a new transaction that resulted in a deadlock during tests)
- Store the offer id from the Stripe subscription metadata in the subscription (only if the discount is still active)
- Also added the offer id to the metadata for a Stripe coupon, this will make adding and removing coupons a bit more foolproof
- Prefer the usage of the offer metadata from a coupon if it is present
- When no discount is applied to a subscription, it always sets the offer id to null, even when the metadata still contains the offer
- The offer_id remains stored when a subscription is canceled/expired
2022-04-19 09:15:33 +02:00
Rishabh
f9ce2d9064 Updated default newsletter subscriptions for member
refs https://github.com/TryGhost/Team/issues/1469

Previously, members were subscribed to all available newsletters by default when added. This change updates the default newsletters subscription for member to take into account newsletter preferences for auto opt-in as well as visibility.
2022-04-14 21:10:58 +05:30
Sam Lord
455778662c Email verification for imports based on 30 days of import
refs: https://github.com/TryGhost/Toolbox/issues/293

Things needed to create this:
* MemberSubscriptionEvent now has an import source
* Importer now creates events with this type
* Verification trigger logic changed to use 30 day window of imports
2022-04-13 17:35:30 +01:00
Simon Backx
fab8a182d1 Updated mrr_delta to use stored mrr and consider forever offers (#387)
* Updated member mrr_delta calculation to use stored mrr

refs https://github.com/TryGhost/Team/issues/1456

Simplifies the calculation of MRR deltas, which will make it easier to update MRR to include offers and cancellations in the future.

* Adjusted MRR and MRR delta calculation to consider "forever" duration offers

refs https://github.com/TryGhost/Team/issues/1451

Uses the discount information from Stripe to calculate the MRR (this was the easiest way to include it + also supports manually created discounts from users)
2022-04-13 15:46:43 +02:00
Rishabh
54a6fe9a62 Handled newsletters preference for free members signup
refs https://github.com/TryGhost/Team/issues/1490

With multiple newsletters, free members can choose their newsletter subscription preference while signing up.
This change -
- includes newsletters data in magic link token creation
- attaches newsletter data to new members created via magic link
2022-04-13 15:00:31 +05:30
Fabien "egg" O'Carroll
4c7a7027a9 Fixed storage of MRR Events type
This was incorrectly attempting to store the `name` column which was
renamed to `type`
2022-04-12 11:17:39 +01:00
Simon Backx
da4df59ba9 Save MRR to subscriptions (#386)
refs https://github.com/TryGhost/Team/issues/1456

- Sets the `mrr` column correctly when updating a subscription
- We can use this value in the future to have an improved calculation of mrr_delta, but we first need to have the migration in place
- Updated missing cancelled -> canceled
2022-04-12 11:19:09 +02:00
Fabien 'egg' O'Carroll
027332b80e Updated MRR events (#385)
refs https://github.com/TryGhost/Team/issues/1454

Updates the MRR events to store the type column for existing events, this
includes expired events.

---

refs https://github.com/TryGhost/Team/issues/1302

Creates MRR events when the cancelled status of a subscription has changes

---

refs https://github.com/TryGhost/Team/issues/1453

Updates the cancelled MRR Event logic to make a negative MRR delta, this
is behind a flag so everything can be release at once

Co-authored-by: Simon Backx <simon@ghost.org>
2022-04-12 11:06:11 +02:00
Fabien 'egg' O'Carroll
1c017c7b7d Used FOR UPDATE lock for linkSubscription reads (#383)
refs https://github.com/TryGhost/Team/issues/1248
refs https://github.com/TryGhost/Team/issues/1302

This fixes the issue with duplicate subscriptions being inserted because
concurrent calls to linkSubscription did not have rows locked.

It is also required to make sure we do not create duplicate cancellation events.
2022-04-07 15:12:55 +01:00
Rishabh
45080a0ab2 Handled default newsletter subscription for new members
refs https://github.com/TryGhost/Team/issues/1469

When a new member signs up on the site, by default they should get subscribed to all newsletters. A new member can get added via different ways (stripe webhook, admin add, free signup), so this change updates the base member repository which gets used irrespective of how member is added to ensure default newsletters are always included for new member.
If a member already has a custom newsletters list attached, we don't change anything.
2022-04-06 15:41:02 +05:30
Rishabh
b3ed042265 Allowed updating newsletter data for a member
refs https://github.com/TryGhost/Team/issues/1469

- allows editing multiple newsletter subscriptions for a member
2022-04-04 20:07:37 +05:30
Rishabh
ad226f85b3 Added newsletter data to member BREAD service
refs https://github.com/TryGhost/Team/issues/1469

With multiple newsletters, members can now have one or more newsletter subscriptions that is attached to them. This change updates the member BREAD service to handle attaching newsletter data to member, based on the newsletter flag.

- if newsletter flag is disabled, add/edit methods delete any newsletter data attached to member
- sets `newsletters` as a default relation for read/browse methods so a member always has newsletter data attached to them
2022-04-04 20:07:37 +05:30
Simon Backx
aaff165a21 Fixed 'labels is not defined on the model' error (#378)
no issue

- When a new member is added via the API, with a stripe_customer_id, the member bread service is passed also with a default option: `withRelated: ['labels']`.
- This option is passed along to the member repository, and further and is also passed when loading relations that don't have a relationship called 'labels'.
- This results in a `labels is not defined on the model` error when you try to create a new member with a stripe customer id.
- Test that found this issue will be added to the Ghost repo.
2022-03-31 16:15:53 +02:00
Kevin Ansfield
e8b8fef985 🐛 Fixed member responses not including complimentary subs when canceled subs exist
refs https://github.com/TryGhost/Team/issues/1141

- when a member had canceled subscriptions the check we have to match products to subscriptions to determine whether to insert the hardcoded complimentary subscription was incorrectly matching against the canceled subscriptions
- updated to match only active subscriptions
2022-03-18 10:47:24 +00:00
Thibaut Patel
8b7d9281d3 Added MemberCancelEvent
refs https://github.com/TryGhost/Team/issues/1302

- This event is triggered on subscription cancellation
2022-03-11 22:44:28 +01:00
Thibaut Patel
a0001df1ad Added the product name property in member reads
refs https://github.com/TryGhost/Team/issues/1141

- The goal is to retrieve the product name for canceled subscriptions
- The property is located at `member.subscriptions.price.product.name`
- We can't easily get the full product as products are retrieved using a join through `members_products`, and there is only a `members_products` row when the subscription is active
2022-03-10 09:50:10 +01:00
Fabien 'egg' O'Carroll
480a22d6ac Fixed visibility changes in product repository (#375)
refs https://github.com/TryGhost/Team/issues/1387

First, this default value didn't make sense as it was written when we
had a boolean visible column, second, we don't need to add defaults here
- this implementation is super tied to the models anyway, so we may as
well rely on the model defaults - if we do pull it out similar to
Offers, then it may make sense to add a default there.

We also update the JSDoc to match the updated data structure.
2022-03-07 14:09:07 +00:00
Fabien "egg" O'Carroll
9658306a19 Allowed Tier visibility to be set via repository
refs https://github.com/TryGhost/Team/issues/1387

This will allow the API to set the visibility property for Tiers.
2022-03-07 11:42:51 +00:00
Hannah Wolfe
3dcf85d5e4 Ensured correct usage of @tryghost/errors everywhere
refs: 23b383bedf

- @tryghost/error constructors take an object, not a string - the expectation is that message, context & help should all be set
- This does the bare minimum and just ensures message is set correctly
2022-02-15 12:30:36 +00:00
Fabien "egg" O'Carroll
6ce441f760 Moved the last of the Stripe config out of Members
refs https://github.com/TryGhost/Team/issues/1322

We no longer restart the Members service based on the Stripe service
being updated, which meant that if it was initially configured with
missing URL's and later Stripe connected, it would not get the new
config until a server restart. This moves the last of Stripe config into
the Stripe service, so that all things concerning Stripe can be handled
in one place and updated together.
2022-02-15 10:57:40 +02:00
Fabien "egg" O'Carroll
d7d7806dcf Protected against null value for subscription.plan
no-issue

This will only occur when Subscriptions have manually been modified in
Stripe to no longer have a single price.
2022-02-09 11:28:26 +02:00
Fabien "egg" O'Carroll
26045ecf24 Added validation to prices for Tiers
refs https://github.com/TryGhost/Team/issues/1319

Rather than allowing our code to attempt to speak with Stripe and error
there, we opt to fail fast and throw validation errors so that our API
will respond with a 422, the existing pattern for validation errors.
2022-02-09 10:16:24 +02:00
Rishabh
972d29cae6 Fixed incorrect id passed while updating setting
no refs

- a typo led to whole setting object passed to setting update method instead of just the id
2022-02-04 18:23:24 +05:30
Sam Lord
bf9070f945 Add API verification trigger with new filter
no issue

Previous API verification trigger didn't work because the way filters work also changed. Re-implemented with a new filter.
2022-02-03 15:02:33 +00:00
Thibaut Patel
90faa71cfe 🐛 Fixed typo in getEventTimeline
refs 13a9962ade

- The typo was half-fixed in the commit 13a9962ade
- This fixes the call, restoring the feature
2022-02-02 13:08:15 +01:00
Fabien 'egg' O'Carroll
73418e8749 Ran Comped subscriptions in transaction (#360)
no-issue

We were incorrectly mixing transactional and non-transactional
operations. An e2e test in Ghost will be merged shortly which caught
this problem.
2022-02-01 17:05:22 +02:00
Thibaut Patel
13a9962ade 🐛 Fixed the order of events returned by getEventTimeline
refs https://github.com/TryGhost/Team/issues/1299

- Convert `created_at` to the right column in each function query
- Renamed the misspelled `getEmailDeliveredEvents` function
- Updated existing unit tests to cover the order
2022-02-01 15:47:15 +01:00
Thibaut Patel
da22b31302 🐛 Added the missing payment_event event in getEventTimeline
refs https://github.com/TryGhost/Team/issues/1297

- The function querying for this event type was simply never called.
2022-02-01 11:14:48 +01:00
Fabien "egg" O'Carroll
7b5c248541 Added tier property to subscriptions
refs https://github.com/TryGhost/Team/issues/1168

This allows Tiers to be read from subscriptions for the purposes or
redirecting to the welcome_page_url
2022-02-01 11:42:15 +02:00
Fabien "egg" O'Carroll
f1cb661094 Revert "Removed stripe_prices from Products API"
This reverts commit f7a1aac926.

The stripe_prices was nto used by the HTTP API, but it was used for
Complimentary subscriptions.
2022-01-31 12:52:12 +02:00
Fabien "egg" O'Carroll
72d57c7645 Allowed welcome_page_url to be set on Tier creation
refs https://github.com/TryGhost/Team/issues/1168
2022-01-27 16:35:23 +02:00
Fabien "egg" O'Carroll
c50e6358dc Allow welcome_page_url to be set on Tiers
refs https://github.com/TryGhost/Team/issues/1168
2022-01-27 16:33:17 +02:00
Sam Lord
3c5cf21274 Added email verification trigger package
refs: https://github.com/TryGhost/Toolbox/issues/166

New package handles the email verification workflow to prevent spammers. It currently handles MembersSubscribeEvent to detect potential abuse of the API to add members, and exposes methods for checking the threshold / starting the verification process for use by other areas of the code (at the moment - just member imports).

The import package no longer needs to handle anything related to verification since it can be handled in the wrapper function in Ghost, and the API package doesn't need to do anything other than dispatch the new event.
2022-01-27 10:57:51 +00:00
Thibaut Patel
0acf2f060c Fixed eslint warnings in events.js
no ref

- There were 12 `no-shadow` warnings, renaming the right variables fixed them.
2022-01-25 16:44:29 +01:00
Thibaut Patel
b76c056d33 Removed de-duplication of events in getEventTimeline
refs https://github.com/TryGhost/Team/issues/1277

- When a user signs-up, two events are created, the code was only keeping one of these events.
- This was introduce in commit 58c9c1c649 when the only usage of the function was to extract the 5 most recent events. Any duplication was creating too much noise.
- This was creating issues now that we introduce event filtering. Some `newsletter_event` events would appear from nowhere we we were filtering-out `signup_event` events.
- We removed the deduplication when the `membersActivityFeed` flag is enabled.
2022-01-25 16:38:25 +01:00
Thibaut Patel
d7673bb1ef Moved the event filtering to the database queries
refs https://github.com/TryGhost/Team/issues/1277

- In `getEventTimeline` we filter to only perform the relevant queries, passing to each query function the filters (subset of NQL)
- In each query function, we rewrite the filters to adapt them to the internal data shape.
- We need to do this rewrite to allow API consumers to create filters based on the output on the API instead of the internal data structure.
- Added partial unit tests as there is a lot of repetition between the query functions.
2022-01-25 12:20:34 +01:00
Thibaut Patel
1370682a60 Added a function to parse a NQL subset
refs https://github.com/TryGhost/Team/issues/1277

- This will allow to filter events within `getEventTimeline`
- The subset of NQL has the following rules:
  - Only one level of filters, now parenthesis allowed
  - Only three filter keys allowed
  - No `or` allowed outside of the bracket notation (this is allowed: `type:-[email_opened_event,email_failed_event]` but this isn't: `type:1,data.created_at:1`)
- The return is an object with a NQL filter by allowed filter key
2022-01-24 18:53:14 +01:00
Fabien "egg" O'Carroll
7950de49ac Removed archived Tiers from Portal display
refs https://github.com/TryGhost/Team/issues/1252

Although we filter out archived tiers from being shown in Portal - we
must also persist this information, so that when they are unarchived,
they continue to not be shown in Portal.

Unfortunately this information is stored in a setting, rather than on
the Tier object itself, two things to consider for the future are:
1. Representing the display value on the Tier object in the API
2. Updating the DB tables to allow storing the display value on the Tier
2022-01-24 13:13:48 +02:00
Fabien "egg" O'Carroll
73f8db0e37 Restricted Members from being given archived Tiers
refs https://github.com/TryGhost/Team/issues/1252
2022-01-24 11:45:54 +02:00
Thibaut Patel
c65a9e0bb2 Moved the getEventTimeline filtering in memory
refs https://github.com/TryGhost/Team/issues/1277

- Doing a filtered DB query wasn't a good solution because we query several tables with different shapes.
- Filtering in memory is done with the NQL library
- Removed the side-effect of changing options.filter for each query, now that options.filter will already contain NQL
- The filtering is done in the reduce function to avoid looping one more time over the in-memory events
2022-01-21 17:56:15 +01:00
Thibaut Patel
5ff5301b1d Fixed the getEventTimeline filtering in case there is no defined filter
refs https://github.com/TryGhost/Team/issues/1277

- `(undefined)` isn't valid NQL so we make sure options.filter is defined
2022-01-21 14:03:33 +01:00
Fabien "egg" O'Carroll
5a9cb1ab83 Restricted changing Subscription to archived Tier
refs https://github.com/TryGhost/Team/issues/1252
2022-01-21 14:08:31 +02:00
Thibaut Patel
3ad8d9ab8b Added the option to filter events from getEventTimeline
refs https://github.com/TryGhost/Team/issues/1277

- Added the pre-existing framework filters to each event query.
- Made sure we aren't modifying the original `options.filter` to avoid side-effects between event queries.
2022-01-21 11:16:24 +01:00
Fabien "egg" O'Carroll
2661ddcde2 Restricted signing up with archived Tiers
refs https://github.com/TryGhost/Team/issues/1252
2022-01-21 11:13:23 +02:00
Fabien "egg" O'Carroll
f7a1aac926 Removed stripe_prices from Products API
refs https://github.com/TryGhost/Team/issues/713

This is a hangover from the multiple products feature and is no longer used.
2022-01-20 17:47:50 +02:00
Fabien "egg" O'Carroll
c59a42c87b Added support for the active flag to Products API
refs https://github.com/TryGhost/Team/issues/1252

This will be used to archive and unarchive Tiers. There is a restriction
on archiving "free" Tiers because our current system expects only one,
and it should always be active.
2022-01-20 17:47:50 +02:00
Thibaut Patel
de0dc7a9a0 Added the full related email in email recipient events
refs https://github.com/TryGhost/Team/issues/1277

- Prevents the admin from doing extra api calls to retrieve the email records
2022-01-19 11:47:35 +01:00
Thibaut Patel
83fe60cb66 🐛 Fixed the email recipient events in getEventTimeline
refs https://github.com/TryGhost/Team/issues/1277

- The members weren't included in the serialized version of the new events
- Some properties weren't using the bookshelf `get` method as they should have
2022-01-19 09:55:02 +01:00
Thibaut Patel
a7098aee46 Added members to all member events in getEventTimeline
refs https://github.com/TryGhost/Team/issues/1277

- This makes the three new email recipient events similar to the preexisting events
2022-01-18 19:02:44 +01:00
Thibaut Patel
ae967c449c Added EmailRecipient events to getEventTimeline
refs https://github.com/TryGhost/Team/issues/1277

- Adds 3 new requests to the `email_recipients` table in the `getEventTimeline` method
- This allows to extract new member events from the table: `email_delivered_event`, `email_opened_event`, `email_failed_event`
2022-01-18 15:53:51 +01:00
Fabien "egg" O'Carroll
74225779a2 Moved webhook handling into Stripe service
no-issue

Handling Stripe webhooks is a Stripe concern and so we're moving it into
the Stripe module.
2022-01-18 10:37:47 +02:00
Fabien "egg" O'Carroll
94d97d1168 Removed Migrations&disconnectStripe
no-issue

These have been moved the the @tryghost/members-stripe-service
2022-01-18 10:37:47 +02:00
Fabien "egg" O'Carroll
8dee8752d3 Moved Stripe migrations into Stripe package
refs https://github.com/TryGhost/Team/issues/1257

This will allow us to run the Stripe migrations without rebooting the
Members service.
2022-01-18 10:25:37 +02:00
Rishabh Garg
ca18f140c4 Handled new type column for tiers (#356)
refs https://github.com/TryGhost/Team/issues/1037

Tiers have a new `type` column to differentiate between `free` and `paid` tiers. This change -

- sets type as paid for all new tiers created, as `free` tier is created by default
- excludes any price/stripe data change for free tier
- updates all usages of default product to fetch the first paid product from the products list in DB instead of just the first product it finds.
2022-01-17 23:02:02 +05:30
Fabien "egg" O'Carroll
cacc74f3b4 Added "api" source to MemberSubscribedEvents
refs https://github.com/TryGhost/Team/issues/1275

We want to be able to track where member subscriptions came from, so
that we can use the information to reduce spam imports of members.

We were missing information when members were uploaded via the Admin
API, and setting the source to 'member' be default - this fixes that
both when creating members and when updating their subscription status.
2022-01-14 12:19:43 +02:00
Fabien "egg" O'Carroll
a7588e3c6b Fixed transactions for linkSubscription
no-issue

This was missed when transactions were implemented for this method.
2022-01-10 17:53:30 +02:00
Fabien "egg" O'Carroll
1c108bce95 Updated migrations to run in transactions
no-issue

Running these in a transaction ensures that they do not partially execute or run
into race conditions with simultaneous operations via the API.
2022-01-10 17:53:30 +02:00
Fabien "egg" O'Carroll
69df4b7c05 Added support for dynamic allowSelfSignup config
refs https://github.com/TryGhost/Team/issues/1257

This gets us closer to not having to reload the MembersAPI when config
is changed which will help stop bugs arising from multiple instances of
the MembersAPI being created.
2022-01-10 17:53:30 +02:00
Kevin Ansfield
381e0c1f2a Removed membersAutoLogin labs flag
refs https://github.com/TryGhost/Team/issues/1258

- feature is GA so conditionals are no longer needed
2022-01-04 14:50:24 +00:00
Fabien egg O'Carroll
2e7bb3e67e Handled EENVELOPE errors when generating magic link
refs https://github.com/TryGhost/Team/issues/1259

These errors are thrown by nodemailer and can occur when an invalid
email address is used. Without special handling these cause a 500 error.
2021-12-16 09:25:32 +02:00
Sam Lord
7f6d3a3178 members-api: Switch from GhostError to ConflictError
no issue
2021-12-06 16:57:19 +00:00
Sam Lord
ba2c0818e0 Use @tryghost/logging instead of injected argument 2021-12-02 14:46:58 +00:00
Fabien egg O'Carroll
c99ebe589d Responded with 409 when we have DB conflicts
refs https://github.com/TryGhost/Team/issues/789

We are still having issues with duplicate subscriptions being inserted,
despite running our code in transactions. For now we will catch these
errors and response ot Stripe with a 409 so that it'll retry later - and
it stops us from throwing 500's
2021-12-01 20:44:21 +02:00
Rishabh
43642216c8 Cleaned up fix for 500 errors on invalid Stripe subscription webhooks
no refs

- moves up check for invalid subscription before making any DB requests to fail fast
2021-12-01 20:26:33 +05:30
Rishabh Garg
dec16bd27c 🐛 Fixed 500 webhook errors for subscription with multiple prices (#350)
closes https://github.com/TryGhost/Team/issues/1238

- previously returned 500 errors when a subscription had multiple prices due to external tampering on Stripe directly
- instead now returns 400 Bad Request error when subscriptions don't have right number of prices
2021-12-01 20:09:55 +05:30
Fabien egg O'Carroll
cef8cadd21 Used the paid signup email when auto login is enabled
refs https://github.com/TryGhost/Team/issues/1067
refs https://github.com/TryGhost/Ghost/commit/579b3443

This will eventually be the only type of email sent from this function,
but for now is behind a feature flag for testing.
2021-12-01 13:17:23 +02:00
Fabien egg O'Carroll
985fd5bb5e Simplified interface for sending paid signup emails
refs https://github.com/TryGhost/Team/issues/1067

This decouples the contents/type of email from the webhooks service,
allowing us to easily make changes to the type of email sent, without
having to make changes to the webhooks service.
2021-12-01 13:17:23 +02:00
Fabien egg O'Carroll
188423b1ed Removed Subscriptions without Prices from BREAD API
refs https://github.com/TryGhost/Team/issues/1243

It's possible to get into strange states where a subscription in Ghost
doesn't have an associated Price. This then has knock on effects because
we're dealing with data in an undefined state. Rather than add guards
against this throughout the entire stack, we stop returning it from the
BREAD API. It might be worth considering removing these subscriptions
from the response of the repository, but for now this is the most
minimal change that fixes the problem.
2021-12-01 10:45:50 +02:00
Fabien O'Carroll
b20f5a8b1f Updated linkSubscription to call method in transaction
no-issue

This was missing the options object which would force the DB call to be
run inside the same transaction as the rest
2021-11-09 11:19:05 +02:00
Fabien O'Carroll
2fcafcc8dc Removed coupons from subscriptions when the price changes
refs https://github.com/TryGhost/Team/issues/1092
refs https://github.com/TryGhost/Team/issues/1135

This was missed in the initial due to the issue tracking the task being
superceded, and the task not being copied across to the superceding
issue.

A new method to remove coupons has been added, as opposed to updating
the existing change subscription price method, because the removal of a
coupon is not the concern of an auxillary stripe service, but a busines
concern that should be explicit in the members-api codebase.
2021-11-09 11:12:13 +02:00
Fabien O'Carroll
47a7bd8555 Disabled auto-login when a success url is provided
refs https://github.com/TryGhost/Team/issues/1067

The auto-login behaviour obliterates the concept of a success URL,
because the Member is redirected in a logged in state, to the welcome
URL - rather than a logged out state to the success URL.

In order to not disrupt existing flows, we disable auto login if a
success URL is provided.
2021-11-05 10:18:43 +02:00
Fabien O'Carroll
a9871f1ab9 Removed references to Offers labs flag
refs https://github.com/TryGhost/Team/issues/1115

This flag is now enabled by default - so we can clean up all uses of it.
2021-11-03 16:13:11 +02:00
Fabien O'Carroll
81868c1850 Added alpha version of auto-login for Members
refs https://github.com/TryGhost/Team/issues/1067

This is the MVP for auto-login of Members, it does not support custom
redirects, and will always just redirect to the same place that the
signin & signup links do. Behind a feature flag whilst we iron out the
functionality.
2021-11-03 10:57:28 +02:00
Fabien O'Carroll
635c2614a3 Fixed errors for non-subscription invoices
refs https://github.com/TryGhost/Team/issues/887

Our invoice webhook handling code assumed that every invoice would be
for a subscription, but that is not the case. There are valid use-cases
of using the same Stripe account in order to sell items with a one-off
purchase. Here we update the handling to ignore all invoices which are
not for subscriptions.
2021-11-02 15:34:02 +02:00
Fabien O'Carroll
02bf858903 Fixed behaviour of sending emails when adding member
no-issue

When adding a new member, we allow an email to be sent, and the type of
email to be chosen. This choice was being overriden by our signup email
logic - here we allow the BREAD API to have full control over which
email is sent.
2021-11-02 12:37:07 +02:00
Fabien O'Carroll
68163863c2 Removed invoice.payment_failed webhook handling
refs https://github.com/TryGhost/Team/issues/885

This webhook isn't used and can cause issues when Checkout Sessions are
completed but with a failed payment. Removing it will remove those
errors.
2021-10-25 14:31:44 +02:00
Fabien O'Carroll
ed8a3ca27c Updated browse to not include products by default
no-issue

The Members API does not currently include 'products' by default when
browsing. This ensures the functionality is maintained.
2021-10-25 13:34:20 +02:00
Fabien O'Carroll
c154be4581 Included Offer information for Subscriptions
refs https://github.com/TryGhost/Team/issues/1135

We use the OffersAPI to fetch Offers, so that we can be using the same
format for Offers in all of our APIs.

We will not attach the Offer to the Subscription if either the Tier or
the Cadence do not match. This is because the Offer would no longer
apply to this Subscription.

We do however retain the data, so that a Member can still be filtered on
the Offers which they've redeemed.
2021-10-21 18:10:08 +02:00
Fabien O'Carroll
e78b2f80bc Fixed issues with checkout when not using coupon
no-issue

We were incorrectly checking for the existence of a coupon id - instead
we simplify the signature, and make sure the check is correct.
2021-10-21 18:06:36 +02:00
Fabien O'Carroll
efe5164eff Wired up payments service
refs https://github.com/TryGhost/Team/issues/1166

By using the PaymentsService to fetch coupon information - we ensure
that the coupons are created if they're missing. Like in the case of a
Stripe disconnect/connect cycle.
2021-10-21 15:40:55 +02:00
Fabien O'Carroll
1ae6a2ac44 Handled Stripe Disconnect for Offers
refs https://github.com/TryGhost/Team/issues/1166

As usual we want to delete all Stripe related data on disconnect.
2021-10-21 15:40:55 +02:00
Fabien O'Carroll
8051015bb8 Fixed race condition when linking subscriptions
no-issue

Without forcing linkSubscription to run inside a transaction - it's
possible to have race conditions where it is called twice, and attempt
to insert duplicate rows into the database.
2021-10-18 17:26:34 +02:00
Fabien O'Carroll
c58e83c9d7 Wired up OfferRedemption storage
refs https://github.com/TryGhost/Team/issues/1132

We have to include the Offer on the metadata for the Stripe Checkout -
as Offers with a duration of 'once' will not always be present on the
Subscription after fetching it.

Once we receive the Stripe Checkout webhook we emit an event for
subscription created - the reason we use an event is because this logic
should eventually live in a Payments/Stripe module - and we'd want to
decouple it from the Members module.

The Members module is in charge of writing Offer Redemptions - rather
than the Offers module - because Offer Redemptions are "owned" by a
Member - and merely reference and Offer. Eventually Offer Redemptions
could be replaced by Subscriptions.
2021-10-18 17:26:34 +02:00
Fabien 'egg' O'Carroll
9e3136cdbc Fixed incomplete subscription flow (#341)
refs https://github.com/TryGhost/Team/issues/1156

Because we were only attempting to add the product to the members if the
subscription was new AND active - we would not add it for incomplete
subscriptions transitioning to active.

Instead we always attempt to add the product to a member for an active
subscription - it doesn't matter if it's a new one. We later have logic
to filter out duplicate products if the member already has access to the
product.
2021-10-18 14:25:28 +02:00
Fabien O'Carroll
53d24e501d Fixed Stripe Checkout using Offers
refs https://github.com/TryGhost/Members/commit/5172e40646

When we updated to use the OffersAPI instead of OfferRepository this was
missed, and we were passing blank coupon to Stripe Checkout. This should
eventually be replaced with a call like `getCoupon(offerId)` from a
payments service.
2021-10-14 12:02:39 +02:00
Fabien O'Carroll
9e7891fef7 Restricted archived Offers from being used
refs https://github.com/TryGhost/Team/issues/1133

An archived Offer is intended to be disabled from a redemption point of
view. This ensures that we do not allow Stripe Checkout Sessions to be
created for them.
2021-10-13 11:19:35 +02:00
Fabien O'Carroll
5172e40646 Used OffersAPI over OfferRepository in MembersAPI
no-issue

The OfferRepository deals with domain objects in the Offers module, and
as such is not suitable for use with "external" services. This update
means that MembersAPI can deal with POJO DTOs so that there is not a
dependency on the internals of the Offers module. Just on the contract
it holds with the outside world.
2021-10-13 11:11:12 +02:00
Fabien O'Carroll
afa5363dd4 Fixed Stripe Checkout for monthly Offers
refs https://github.com/TryGhost/Members/commit/504fb1bf

Since we updated the Offer to use Value Objects, we needed to update the
usage here too.
2021-10-08 15:19:59 +02:00
Fabien O'Carroll
f0141f08ff Applied Offers when creating Stripe Checkout Session
refs https://github.com/TryGhost/Team/issues/1090

Instead of the hardcoded 1-day version for Offers, we can now talk
directly to the Offers repository and use the real values for Stripe
Checkout.
2021-10-06 16:12:53 +02:00
Fabien 'egg' O'Carroll
c5784da2b6 Updated MembersAPI to take StripeAPIService as dep (#338)
refs https://github.com/TryGhost/Team/issues/1083

The Offers service is going to need access to the StripeAPIService too,
so we must pull its initialisation out of this module up to the Ghost
application layer, which will allow us to pass a reference of the
StripeAPIService to wherever needs it.
2021-10-04 13:34:17 +02:00
Fabien O'Carroll
cd6e87774a Added 1-day version of Offers
refs https://github.com/TryGhost/Team/issues/1090

This 1-day version of Offers allows us to test the full flow of the
Offers feature without having to implement all of it. The focus here is
that we can pass an Offer ID when creating a Stripe Checkout session and
have it apply. Here we use hardcoded Stripe Coupons as we haven't yet
got persistence implemented for Offers & their related Stripe Coupons
2021-09-28 13:39:04 +02:00
Fabien O'Carroll
e93d092766 Fixed handling of invalid tokens when changing email
no-issue

Without a return after ending the response, the code will continue to
attempt to send emails and then send another response which results in
an uncaught error.
2021-09-23 11:12:23 +02:00
Fabien O'Carroll
4e947a88ce Fixed security hole in email address change flow
refs https://github.com/TryGhost/Ghost/security/advisories/GHSA-65p7-pjj8-ggmr

The email address change flow was built on top of the unauthenticated
signin/signup flow. This meant that ownership of the email being changed
wasn't verified and allowed a malicious actore to change the email
address of arbitrary accounts to an email address which they controlled.

We remove the ability to change email addresses from the signin/signup
flow and instead create a dedicated, authenticated flow for changing
email address.
2021-09-22 16:49:17 +02:00
Rishabh
fe4fb78830 Cleaned up stripe-service package usage
no refs

- updates all usages of `stripe-service` package to new correct `members-stripe-service` package
2021-09-22 18:12:40 +05:30
Rishabh
3e54819469 Revert "Updated usage of stripe-service package to members-stripe-service package"
This reverts commit 7363f0769d.
2021-09-22 18:05:41 +05:30
Rishabh
7363f0769d Updated usage of stripe-service package to members-stripe-service package
refs 8b90c93a79
2021-09-22 18:02:50 +05:30
Rishabh
37001c539d Fixed lint
no refs
2021-09-22 16:52:40 +05:30
Rishabh
317caacc0e Updated ingress event handler to use new analytics ingress package
refs https://github.com/TryGhost/Team/issues/1064

- updates handling of member events to use new analytics ingress package which is responsible to ensure storage of event
2021-09-22 16:51:03 +05:30
Rishabh Garg
1f7a455374 Added @tryghost/members-analytics-ingress package (#335)
refs https://github.com/TryGhost/Team/issues/1064

This package will be used as to handle and emit ingress events on new members event endpoint - `/members/api/events`
2021-09-22 16:07:37 +05:30
Fabien O'Carroll
41bdd38237 Wired up member-analytics-service
refs https://github.com/TryGhost/Team/issues/1054

We need to instantiate the MemberAnalyticsService so that we can start
listening to events and storing them, this is the minium glue code
required to get us going.
2021-09-21 13:40:23 +02:00
Fabien 'egg' O'Carroll
528fd23874 Added ability to fetch member by identity token (#329)
refs https://github.com/TryGhost/Team/issues/1057

This method will validate a token, and then return the member associated
with it. Rather than exposing token validation and coupling consumers to
the structure of the token response data.
2021-09-17 11:25:57 +02:00
Fabien 'egg' O'Carroll
1f2750e5c0 Added browse, edit & add methods to MemberBREADService (#326)
refs https://github.com/TryGhost/Team/issues/873

This ensures that all requests to the API will include the mock
subscriptions for comped members. Allowing the Admin to correctly show
the subscription information after adding and editing members. As well
as having the correct information when navigating from the list of
members to an individual member.
2021-09-14 13:18:34 +02:00
Fabien O'Carroll
7a401e5253 Used @tryghost/stripe-service in @tryghost/members-api
no-issue

This finalises the extraction of the StripeAPIService to a separate
package!
2021-09-13 14:38:40 +02:00
Fabien O'Carroll
00e0c9d205 Fixed webhook handler check for if Stripe configured
no-issue

Previously we would not create an instance of the StripeAPIService if
Stripe was not configured, but that is not the case any more, instead we
have a configured flag on the service. The webhook route handler was not
updated to use this flag and so would attempt to handle webhooks without
having any of the required data. This would result in an uncaught error.
2021-09-08 12:27:09 +02:00
Fabien O'Carroll
67d2104190 Deleted webhooks when disconnecting from Stripe
refs https://github.com/TryGhost/Team/issues/1006

When disconnecting from Stripe, we currently do not remove the webhooks,
this will result in the webhooks from Stripe failing, and tending toward
a 100% error rate, which will ultimately result in emails from Stripe
about the failing webhook.

In order to stop all of that from happening, we should make sure that we
actively remove the webhook from Stripe when disconnecting.
2021-09-07 18:02:35 +02:00
Fabien O'Carroll
8476e7cbd7 Added disconnectStripe method to handle cleaning up
refs https://github.com/TryGhost/Team/issues/1006

As part of the work to handle cleaning up webhooks when we disconnect
from Stripe, I'm moving the logic to clear out the Stripe related data
from the database into a disconnectStripe method. This then allows us to
start handling the cleanup of webhooks via the Stripe API.
2021-09-07 16:34:08 +02:00
Fabien O'Carroll
b6e4eae272 Fixed comped members having a status of 'paid'
refs https://github.com/TryGhost/Team/issues/995

Since we reintroduced the comped status, we did not update the
subscription handling to correctly set members to a status of comped
when they were on a 'Complimentary' plan.
2021-09-06 13:06:30 +02:00
Fabien O'Carroll
66143dbb7c Updated options parameter to be optional
no-issue

Since updating the product repository to force transactions, the options
parameter was used in every call, meaning it wasn't optional any more,
which broke usage. This updates the parameter to have a default so that
existing usage still works.
2021-09-06 12:47:19 +02:00
Fabien O'Carroll
3b94ba7dce Fixed update method not using transaction for reads
no-issue

Since we run our product repository methods in transactions now we must
ensure that all database interations in the method use the transaction.
This adds the missing options to the reading of existing prices so that
they happen inside of the transaction.
2021-09-01 19:10:12 +02:00
Fabien O'Carroll
82506e1599 Passed transaction to all model methods
refs https://github.com/TryGhost/Team/issues/982

These calls to the edit method were missing the transaction option from
the parent which meant that they ran outside of the transaction and
would cause the method to timeout.
2021-08-26 20:04:06 +02:00
Fabien O'Carroll
dd4d6aeae5 Wrapped product repo methods in transactions
refs https://github.com/TryGhost/Team/issues/982

This ensures that we will not commit any rows to the database if
something is to go wrong with a Stripe API request.
2021-08-26 20:03:16 +02:00
Fabien O'Carroll
ec8dbf2890 Added products as default relation when fetching members
no-issue

As subscriptions are a default relation, and we now require products to
populate subscriptions for comped members, we need to include products
by default when reading members.
2021-08-26 16:10:13 +02:00
Fabien O'Carroll
0f4e97eae7 Updated getMemberIdentityData to use BREAD Service
refs https://github.com/TryGhost/Team/issues/986

The getMemberIdentityData is a relic of time past. Originally it was
used before we had anything like the member repository or bread
controller as a way for things inside of the Members ecosystem to get
access to member data.

This updates it to use the same interface as everything else for
fetching members so that we can rely on the shape of the data that we
consider a member.

This update will ensure that themes have access to the dummy
subscriptions created by the `read` method of the MemberBREADService.
2021-08-26 16:07:06 +02:00
Fabien O'Carroll
d3b1283241 Removed old product when subscription is updated
refs https://github.com/TryGhost/Team/issues/979

This correctly handles updates to subscriptions so that if the product a
subscription is for has changed, we will remove the previous product, if
and only if there is not another subscription which gives access to it.
2021-08-26 15:53:38 +02:00
Fabien O'Carroll
83d4b5f834 Handled missing data in read method bread service
refs https://github.com/TryGhost/Team/issues/873

The `get` method of the member repository will return null when no
member is found - we must ensure that we don't attempt to call toJSON!

It is also possible for a member to not have any products, in which case
we should not attempt to iterate over them, and we can return early.
2021-08-26 12:58:39 +02:00
Fabien O'Carroll
3a91687b08 Used current time for created_at for missing events
refs https://github.com/TryGhost/Team/issues/873

This is an unexpected state, but possible if the alpha version of tier
has been enabled previous to the events being added.
2021-08-26 11:52:53 +02:00
Fabien O'Carroll
86f5879432 Added dummy subscriptions for comped members
refs https://github.com/TryGhost/Team/issues/873

This adds a dummy subscription for each product that a member has
without an associated stripe subscription. It allows clients to deal
with things like a created date for comped members.
2021-08-25 21:26:04 +02:00
Fabien O'Carroll
c17442cf4b Added memberService to members-api
no-issue

The idea of this service is to sit infront of the repository and handle
application logic which does not belong at the data layer. The exact
naming and structure is TBC but this gives us a place to start pulling
logic out of the controllers, without having to mash it all into the
repository.

Also important to note is that is does not return instances of bookshelf
models, but a JSON representation of the model, this allows us to not
leak internal implementation to consumers.
2021-08-25 21:25:19 +02:00
Fabien O'Carroll
d55e828b34 Wired up MemberProductEvents to MemberRepository
refs https://github.com/TryGhost/Team/issues/873

This handles the creation of product events when a members access to
products is changed. This can happen on creation, update, and any
changes to stripe subscriptions.

We manually workout the difference between the current products and the
new products, and add the events accordingly.
2021-08-24 14:57:04 +02:00
Fabien O'Carroll
4b219626eb Fixed usage of bson-objectid
no-issue

Calling ObjectId doesn't return a string a but an ObjectId object.
Whilst this object is cast to a string via the toJSON and toString
methods, this is not enough for MySQL. Instead we should explicitly cast
this to a string ourselves and the application level.
2021-08-23 14:46:53 +02:00
Fabien 'egg' O'Carroll
4a8ec62317 Added bulkEdit method to MemberRepository
refs https://github.com/TryGhost/Team/issues/946

This adds the bulk edit method which handles bulk edit operations to members
to be used by the filtering feature. They have been combined into a single method
as that is how they are exposed to the API. This is definitely a candidate for a
refactor in the form of a service in front of the repository.
2021-08-16 19:05:48 +01:00
Fabien O'Carroll
6540fd0cd0 Updated bulkDestroy method to handle model updates
refs https://github.com/TryGhost/Ghost/commit/1dd52075

- Fixes bulkDestroy being passed the context
- Fixes passing options.search to the model layer
- Updates return value since the changes in referenced commit
2021-08-13 13:23:01 +02:00