Commit Graph

1273 Commits

Author SHA1 Message Date
Fabien "egg" O'Carroll
f7a1aac926 Removed stripe_prices from Products API
refs https://github.com/TryGhost/Team/issues/713

This is a hangover from the multiple products feature and is no longer used.
2022-01-20 17:47:50 +02:00
Fabien "egg" O'Carroll
c59a42c87b Added support for the active flag to Products API
refs https://github.com/TryGhost/Team/issues/1252

This will be used to archive and unarchive Tiers. There is a restriction
on archiving "free" Tiers because our current system expects only one,
and it should always be active.
2022-01-20 17:47:50 +02:00
Renovate Bot
233bb828fa Pin dependencies 2022-01-20 15:42:33 +00:00
Renovate Bot
10b1f62807 Update dependency nock to v13.2.2 2022-01-20 14:30:17 +00:00
Renovate Bot
a2bcff314f Update dependency c8 to v7.11.0 2022-01-20 14:30:04 +00:00
Fabien "egg" O'Carroll
aa8dca50eb Published new versions
- @tryghost/members-api@4.1.4
 - @tryghost/members-stripe-service@0.6.2
2022-01-20 11:00:25 +02:00
Fabien "egg" O'Carroll
ab215fb96a Added missing default parameter for opts
no-issue

The `opts` parameter is optional but there was no default defined, this
was causing errors when trying to read the forceCreate property if opts
was not passed.
2022-01-20 10:58:34 +02:00
Thibaut Patel
49fe3cf84b Published new versions
- @tryghost/members-api@4.1.3
2022-01-19 11:48:22 +01:00
Thibaut Patel
de0dc7a9a0 Added the full related email in email recipient events
refs https://github.com/TryGhost/Team/issues/1277

- Prevents the admin from doing extra api calls to retrieve the email records
2022-01-19 11:47:35 +01:00
Thibaut Patel
f22efd5abc Published new versions
- @tryghost/members-api@4.1.2
2022-01-19 09:56:29 +01:00
Thibaut Patel
83fe60cb66 🐛 Fixed the email recipient events in getEventTimeline
refs https://github.com/TryGhost/Team/issues/1277

- The members weren't included in the serialized version of the new events
- Some properties weren't using the bookshelf `get` method as they should have
2022-01-19 09:55:02 +01:00
Thibaut Patel
182a5ed993 Published new versions
- @tryghost/members-api@4.1.1
2022-01-18 19:03:12 +01:00
Thibaut Patel
a7098aee46 Added members to all member events in getEventTimeline
refs https://github.com/TryGhost/Team/issues/1277

- This makes the three new email recipient events similar to the preexisting events
2022-01-18 19:02:44 +01:00
Thibaut Patel
682cdb8c2d Published new versions
- @tryghost/members-api@4.1.0
2022-01-18 15:54:57 +01:00
Thibaut Patel
ae967c449c Added EmailRecipient events to getEventTimeline
refs https://github.com/TryGhost/Team/issues/1277

- Adds 3 new requests to the `email_recipients` table in the `getEventTimeline` method
- This allows to extract new member events from the table: `email_delivered_event`, `email_opened_event`, `email_failed_event`
2022-01-18 15:53:51 +01:00
Fabien "egg" O'Carroll
f11e1e411d Published new versions
- @tryghost/members-api@4.0.1
 - @tryghost/members-stripe-service@0.6.1
2022-01-18 11:20:09 +02:00
Fabien "egg" O'Carroll
f488438ad0 Added check for Stripe config before migrations
no-issue

This stops us from attempting to run the migrations if Stripe has not
been configured.
2022-01-18 11:18:08 +02:00
Fabien "egg" O'Carroll
0e955fc84f Published new versions
- @tryghost/members-api@4.0.0
 - @tryghost/members-stripe-service@0.6.0
2022-01-18 10:40:05 +02:00
Fabien "egg" O'Carroll
74225779a2 Moved webhook handling into Stripe service
no-issue

Handling Stripe webhooks is a Stripe concern and so we're moving it into
the Stripe module.
2022-01-18 10:37:47 +02:00
Fabien "egg" O'Carroll
94d97d1168 Removed Migrations&disconnectStripe
no-issue

These have been moved the the @tryghost/members-stripe-service
2022-01-18 10:37:47 +02:00
Fabien "egg" O'Carroll
635aa8aa3f Added WebhookManager and StripeService modules
no-issue
2022-01-18 10:37:47 +02:00
Fabien "egg" O'Carroll
3a1c51672c Used @babel/eslint-parser for stripe package
no-issue

This allows us to use static members on classes.
2022-01-18 10:37:47 +02:00
Fabien "egg" O'Carroll
344102f1aa Cleaned up StripeAPI
no-issue

- Removed unused types
- Removed configure on creation feature (unused)
- Explicitly handled configuration with no config
2022-01-18 10:37:47 +02:00
Fabien "egg" O'Carroll
1b837b8ed0 Updated internals of Migrations module
no-issue

This simplifies the dependency structure.
2022-01-18 10:37:47 +02:00
Fabien "egg" O'Carroll
8dee8752d3 Moved Stripe migrations into Stripe package
refs https://github.com/TryGhost/Team/issues/1257

This will allow us to run the Stripe migrations without rebooting the
Members service.
2022-01-18 10:25:37 +02:00
Fabien "egg" O'Carroll
00ec7157a6 Renamed StripeService -> StripeAPI
no-issue

This module is going to encapsulate all of the Stripe related logic, so
I'm renaming this file to be a little more specific about what it
relates to. Essentially this module will export a Stripe Service, and
this file is just one part of that.
2022-01-18 10:25:37 +02:00
Fabien "egg" O'Carroll
c120490a00 Moved members-stripe-service -> stripe
no-issue

We are already in the Members repository so there's no need for members
in the directory name. The NPM package name however is unchanged and
still requires specificity as it is scoped to @tryghost as a whole
rather than the Members feature.
2022-01-18 10:25:37 +02:00
Rishabh
3832352c5a Published new versions
- @tryghost/members-api@3.1.0
 - @tryghost/members-importer@0.4.0
2022-01-17 23:06:21 +05:30
Rishabh Garg
ca18f140c4 Handled new type column for tiers (#356)
refs https://github.com/TryGhost/Team/issues/1037

Tiers have a new `type` column to differentiate between `free` and `paid` tiers. This change -

- sets type as paid for all new tiers created, as `free` tier is created by default
- excludes any price/stripe data change for free tier
- updates all usages of default product to fetch the first paid product from the products list in DB instead of just the first product it finds.
2022-01-17 23:02:02 +05:30
Fabien "egg" O'Carroll
fb3010384b Published new versions
- @tryghost/members-api@3.0.1
2022-01-14 12:25:34 +02:00
Fabien "egg" O'Carroll
cacc74f3b4 Added "api" source to MemberSubscribedEvents
refs https://github.com/TryGhost/Team/issues/1275

We want to be able to track where member subscriptions came from, so
that we can use the information to reduce spam imports of members.

We were missing information when members were uploaded via the Admin
API, and setting the source to 'member' be default - this fixes that
both when creating members and when updating their subscription status.
2022-01-14 12:19:43 +02:00
Fabien "egg" O'Carroll
5652f1169f Published new versions
- @tryghost/members-csv@1.2.2
 - @tryghost/members-importer@0.3.7
2022-01-11 16:28:23 +02:00
Fabien "egg" O'Carroll
b1cc2a8ea8 Fixed CSV unparsing for subscribed flag
no-issue

We have a special mapping for subscribed_to_emails -> subscribed in the
parse method, but were not mapping it in the unparse method, which meant
we were losing information during CSV imports.
2022-01-11 16:26:11 +02:00
Fabien "egg" O'Carroll
379fbc7f13 Published new versions
- @tryghost/domain-events@0.1.4
 - @tryghost/express-dynamic-redirects@0.2.3
 - @tryghost/magic-link@1.0.15
 - @tryghost/member-analytics-service@0.1.5
 - @tryghost/member-events@0.3.2
 - @tryghost/members-analytics-ingress@0.1.6
 - @tryghost/members-api@3.0.0
 - @tryghost/members-csv@1.2.1
 - @tryghost/members-importer@0.3.6
 - @tryghost/members-ssr@1.0.17
 - @tryghost/members-stripe-service@0.5.2
 - @tryghost/members-offers@0.10.4
 - @tryghost/members-payments@0.1.6
2022-01-10 17:56:12 +02:00
Fabien "egg" O'Carroll
a7588e3c6b Fixed transactions for linkSubscription
no-issue

This was missed when transactions were implemented for this method.
2022-01-10 17:53:30 +02:00
Fabien "egg" O'Carroll
1c108bce95 Updated migrations to run in transactions
no-issue

Running these in a transaction ensures that they do not partially execute or run
into race conditions with simultaneous operations via the API.
2022-01-10 17:53:30 +02:00
Fabien "egg" O'Carroll
69df4b7c05 Added support for dynamic allowSelfSignup config
refs https://github.com/TryGhost/Team/issues/1257

This gets us closer to not having to reload the MembersAPI when config
is changed which will help stop bugs arising from multiple instances of
the MembersAPI being created.
2022-01-10 17:53:30 +02:00
John O'Nolan
b7cd251d5c 2022 2022-01-06 10:09:25 +00:00
Kevin Ansfield
2c447b483b Published new versions
- @tryghost/members-api@2.8.8
2022-01-04 14:51:03 +00:00
Kevin Ansfield
381e0c1f2a Removed membersAutoLogin labs flag
refs https://github.com/TryGhost/Team/issues/1258

- feature is GA so conditionals are no longer needed
2022-01-04 14:50:24 +00:00
Fabien egg O'Carroll
e37caa3f65 Published new versions
- @tryghost/members-api@2.8.7
2021-12-16 09:27:45 +02:00
Fabien egg O'Carroll
2e7bb3e67e Handled EENVELOPE errors when generating magic link
refs https://github.com/TryGhost/Team/issues/1259

These errors are thrown by nodemailer and can occur when an invalid
email address is used. Without special handling these cause a 500 error.
2021-12-16 09:25:32 +02:00
Sam Lord
d6d4920fee Published new versions
- @tryghost/members-api@2.8.6
2021-12-06 16:57:51 +00:00
Sam Lord
7f6d3a3178 members-api: Switch from GhostError to ConflictError
no issue
2021-12-06 16:57:19 +00:00
Sam Lord
313dc933c7 Published new versions
- @tryghost/members-api@2.8.5
2021-12-06 12:47:10 +00:00
Sam Lord
859a2c4bd1 Updated @tryghost/logging to v2
refs: https://github.com/TryGhost/Toolbox/issues/146
Allows members API to log to parent process when running in a worker
2021-12-06 12:46:49 +00:00
Sam Lord
f0c1107de4 Published new versions
- @tryghost/members-api@2.8.4
 - @tryghost/members-ssr@1.0.16
 - @tryghost/members-stripe-service@0.5.1
2021-12-02 14:52:59 +00:00
Sam Lord
ba2c0818e0 Use @tryghost/logging instead of injected argument 2021-12-02 14:46:58 +00:00
Fabien egg O'Carroll
9f7a1fa50d Published new versions
- @tryghost/members-api@2.8.3
2021-12-01 20:47:09 +02:00
Fabien egg O'Carroll
c99ebe589d Responded with 409 when we have DB conflicts
refs https://github.com/TryGhost/Team/issues/789

We are still having issues with duplicate subscriptions being inserted,
despite running our code in transactions. For now we will catch these
errors and response ot Stripe with a 409 so that it'll retry later - and
it stops us from throwing 500's
2021-12-01 20:44:21 +02:00
Fabien egg O'Carroll
80a0e56d36 Published new versions
- @tryghost/members-csv@1.2.0
 - @tryghost/members-importer@0.3.5
2021-12-01 17:05:05 +02:00
Fabien O'Carroll
75d003816e Fixed the importer from overriding properties
refs https://github.com/TryGhost/Team/issues/1202

When importing we were transforming the CSV and add missing columns to
it before storing it in preparation to perform the import. This resulted
in the missing columns being updated for existing members with blank
data.

We've updated the Members CSV parsing library to take an options list of
columns to include, which then allows imports to not include all of the
default columns.
2021-12-01 17:02:30 +02:00
Rishabh
1bb5fdcb0b Published new versions
- @tryghost/members-api@2.8.2
2021-12-01 20:27:19 +05:30
Rishabh
43642216c8 Cleaned up fix for 500 errors on invalid Stripe subscription webhooks
no refs

- moves up check for invalid subscription before making any DB requests to fail fast
2021-12-01 20:26:33 +05:30
Rishabh
e83c9e38a7 Published new versions
- @tryghost/members-api@2.8.1
2021-12-01 20:21:46 +05:30
Rishabh Garg
dec16bd27c 🐛 Fixed 500 webhook errors for subscription with multiple prices (#350)
closes https://github.com/TryGhost/Team/issues/1238

- previously returned 500 errors when a subscription had multiple prices due to external tampering on Stripe directly
- instead now returns 400 Bad Request error when subscriptions don't have right number of prices
2021-12-01 20:09:55 +05:30
Fabien egg O'Carroll
cf73ce7fc3 Published new versions
- @tryghost/members-api@2.8.0
2021-12-01 13:18:14 +02:00
Fabien egg O'Carroll
cef8cadd21 Used the paid signup email when auto login is enabled
refs https://github.com/TryGhost/Team/issues/1067
refs https://github.com/TryGhost/Ghost/commit/579b3443

This will eventually be the only type of email sent from this function,
but for now is behind a feature flag for testing.
2021-12-01 13:17:23 +02:00
Fabien egg O'Carroll
985fd5bb5e Simplified interface for sending paid signup emails
refs https://github.com/TryGhost/Team/issues/1067

This decouples the contents/type of email from the webhooks service,
allowing us to easily make changes to the type of email sent, without
having to make changes to the webhooks service.
2021-12-01 13:17:23 +02:00
Fabien egg O'Carroll
b14403325c Published new versions
- @tryghost/members-api@2.7.6
2021-12-01 10:55:47 +02:00
Fabien egg O'Carroll
188423b1ed Removed Subscriptions without Prices from BREAD API
refs https://github.com/TryGhost/Team/issues/1243

It's possible to get into strange states where a subscription in Ghost
doesn't have an associated Price. This then has knock on effects because
we're dealing with data in an undefined state. Rather than add guards
against this throughout the entire stack, we stop returning it from the
BREAD API. It might be worth considering removing these subscriptions
from the response of the repository, but for now this is the most
minimal change that fixes the problem.
2021-12-01 10:45:50 +02:00
Naz
928ff629fd Published new versions
- @tryghost/express-dynamic-redirects@0.2.2
2021-11-29 17:45:22 +04:00
Naz
c25c409e60 Added edge case unit tests to DynamiRedirectsManager suites
refs https://github.com/TryGhost/Toolbox/issues/139

- These changes bring the module to 100% test coverage. No need to cover any more unless there are specific bugs uncovere!
2021-11-29 17:43:39 +04:00
Naz
c0b1ddfd3e Added subdirectory coverage to DynamiRedirectsManager suites
refs https://github.com/TryGhost/Toolbox/issues/139

- These unit tests come directly from equivalent regression tests in Ghost repository - fedbfb3c67/test/regression/site/redirects.test.js
- This changeset covers subdirectory use in incoming request
2021-11-29 17:30:53 +04:00
Naz
0daed36366 Added external URL coverage to DynamiRedirectsManager suites
refs https://github.com/TryGhost/Toolbox/issues/139

- These unit tests come directly from equivalent regression tests in Ghost repository - fedbfb3c67/test/regression/site/redirects.test.js
- This changeset covers redirects to external URLs
2021-11-29 17:20:45 +04:00
Naz
a6d86c85b6 Added case sensitivity coverage to DynamiRedirectsManager suites
refs https://github.com/TryGhost/Toolbox/issues/139

- These unit tests come directly from equivalent regression tests in Ghost repository - fedbfb3c67/test/regression/site/redirects.test.js
- This changeset covers case sensitivity cases in regexes
2021-11-29 17:15:14 +04:00
Naz
08e2056f6c Extracted duplicate class initialization in test suite
refs https://github.com/TryGhost/Toolbox/issues/139

- The DynamicRedirectManager was initialized witht the same set of parameters throughout the test suite, so it made sense to initialize it once for all the tests. The sibiling describe block will have a similar setup for a redirects manager that has a subdirectory configured
2021-11-29 16:31:40 +04:00
Naz
77e2d550c8 Extracted duplicate declarations from test suite
refs https://github.com/TryGhost/Toolbox/issues/139

- As few more tests have been added a clearer pattern of reusable variable has emerged. Have extracted common bits into "beforeEach" block to keep the declarative part of the test to the minimum
2021-11-29 16:23:52 +04:00
Naz
6d51cef41b Added unit test coverage to DynamicRedirectManager
refs https://github.com/TryGhost/Toolbox/issues/139

- These unit tests come directly from equivalent regression tests in Ghost repository - fedbfb3c67/test/regression/site/redirects.test.js
2021-11-29 16:13:29 +04:00
Naz
eb6d1b208a Made options parameter optional
refs https://github.com/TryGhost/Toolbox/issues/139

- The options parameter doesn't have to be passed in as there is handling for a default value in place - "permanent = false"
2021-11-29 16:08:03 +04:00
Fabien O'Carroll
2dc4f3209f Published new versions
- @tryghost/members-api@2.7.5
 - @tryghost/members-offers@0.10.3
 - @tryghost/members-payments@0.1.5
2021-11-25 12:39:34 +02:00
Fabien O'Carroll
3efb2f1f04 Required OfferName to be a maximum of 40 characters
refs https://github.com/TryGhost/Team/issues/1236

We want to be able to use the OfferName as the name property for a
Stripe Coupon - which has a maximum character length of 40.
2021-11-25 12:34:33 +02:00
Fabien O'Carroll
3478aa3a92 Published new versions
- @tryghost/members-api@2.7.4
 - @tryghost/members-stripe-service@0.5.0
2021-11-09 11:20:40 +02:00
Fabien O'Carroll
b20f5a8b1f Updated linkSubscription to call method in transaction
no-issue

This was missing the options object which would force the DB call to be
run inside the same transaction as the rest
2021-11-09 11:19:05 +02:00
Fabien O'Carroll
2fcafcc8dc Removed coupons from subscriptions when the price changes
refs https://github.com/TryGhost/Team/issues/1092
refs https://github.com/TryGhost/Team/issues/1135

This was missed in the initial due to the issue tracking the task being
superceded, and the task not being copied across to the superceding
issue.

A new method to remove coupons has been added, as opposed to updating
the existing change subscription price method, because the removal of a
coupon is not the concern of an auxillary stripe service, but a busines
concern that should be explicit in the members-api codebase.
2021-11-09 11:12:13 +02:00
Fabien O'Carroll
4b005da248 Published new versions
- @tryghost/members-api@2.7.3
 - @tryghost/members-offers@0.10.2
 - @tryghost/members-payments@0.1.4
2021-11-07 23:14:00 +02:00
Fabien O'Carroll
0b9c9968d0 Added initial tests for Offers
refs https://github.com/TryGhost/Team/issues/1198
2021-11-07 23:10:10 +02:00
Fabien O'Carroll
155d9b4f7d Published new versions
- @tryghost/members-api@2.7.2
2021-11-05 10:22:48 +02:00
Fabien O'Carroll
47a7bd8555 Disabled auto-login when a success url is provided
refs https://github.com/TryGhost/Team/issues/1067

The auto-login behaviour obliterates the concept of a success URL,
because the Member is redirected in a logged in state, to the welcome
URL - rather than a logged out state to the success URL.

In order to not disrupt existing flows, we disable auto login if a
success URL is provided.
2021-11-05 10:18:43 +02:00
Fabien O'Carroll
844fa0cdb6 Published new versions
- @tryghost/members-api@2.7.1
2021-11-03 16:15:19 +02:00
Fabien O'Carroll
a9871f1ab9 Removed references to Offers labs flag
refs https://github.com/TryGhost/Team/issues/1115

This flag is now enabled by default - so we can clean up all uses of it.
2021-11-03 16:13:11 +02:00
Fabien O'Carroll
39c31b1824 Published new versions
- @tryghost/members-api@2.7.0
2021-11-03 11:00:56 +02:00
Fabien O'Carroll
81868c1850 Added alpha version of auto-login for Members
refs https://github.com/TryGhost/Team/issues/1067

This is the MVP for auto-login of Members, it does not support custom
redirects, and will always just redirect to the same place that the
signin & signup links do. Behind a feature flag whilst we iron out the
functionality.
2021-11-03 10:57:28 +02:00
Fabien O'Carroll
2c294be428 Published new versions
- @tryghost/members-api@2.6.2
2021-11-02 15:37:38 +02:00
Fabien O'Carroll
635c2614a3 Fixed errors for non-subscription invoices
refs https://github.com/TryGhost/Team/issues/887

Our invoice webhook handling code assumed that every invoice would be
for a subscription, but that is not the case. There are valid use-cases
of using the same Stripe account in order to sell items with a one-off
purchase. Here we update the handling to ignore all invoices which are
not for subscriptions.
2021-11-02 15:34:02 +02:00
Fabien O'Carroll
d0b349828a Published new versions
- @tryghost/members-api@2.6.1
2021-11-02 12:45:02 +02:00
Fabien O'Carroll
02bf858903 Fixed behaviour of sending emails when adding member
no-issue

When adding a new member, we allow an email to be sent, and the type of
email to be chosen. This choice was being overriden by our signup email
logic - here we allow the BREAD API to have full control over which
email is sent.
2021-11-02 12:37:07 +02:00
Fabien O'Carroll
1acf31833c Published new versions
- @tryghost/members-api@2.6.0
2021-10-25 14:33:48 +02:00
Fabien O'Carroll
68163863c2 Removed invoice.payment_failed webhook handling
refs https://github.com/TryGhost/Team/issues/885

This webhook isn't used and can cause issues when Checkout Sessions are
completed but with a failed payment. Removing it will remove those
errors.
2021-10-25 14:31:44 +02:00
Fabien O'Carroll
41b23dceb7 Published new versions
- @tryghost/members-api@2.5.0
2021-10-25 13:36:08 +02:00
Fabien O'Carroll
ed8a3ca27c Updated browse to not include products by default
no-issue

The Members API does not currently include 'products' by default when
browsing. This ensures the functionality is maintained.
2021-10-25 13:34:20 +02:00
Fabien O'Carroll
0144ad1f7e Published new versions
- @tryghost/members-api@2.4.4
 - @tryghost/members-offers@0.10.1
 - @tryghost/members-payments@0.1.3
2021-10-22 16:49:55 +02:00
Fabien O'Carroll
668a9d47ba Improved error messages for Offers API
no-issue
2021-10-22 16:48:52 +02:00
Fabien O'Carroll
af1a019f0e Published new versions
- @tryghost/members-api@2.4.3
 - @tryghost/members-offers@0.10.0
 - @tryghost/members-payments@0.1.2
2021-10-22 14:53:16 +02:00
Fabien O'Carroll
a953b530c3 Returned null when updateOffer does not find Offer
no-issue

This is another improvement for the API so that we can correctly handle
404's
2021-10-22 14:43:52 +02:00
Fabien O'Carroll
01a1a83c52 Published new versions
- @tryghost/members-api@2.4.2
 - @tryghost/members-offers@0.9.0
 - @tryghost/members-payments@0.1.1
2021-10-22 14:16:29 +02:00
Fabien O'Carroll
49f325dde4 Handled missing Offer when reading
no-issue

When attempting to read a non-existent offer we were running into issues
with calling toJSON() on `null`. This updates the handling to explicitly
return null - so that the controller can correctly throw a NotFoundError
2021-10-22 14:13:04 +02:00
Fabien O'Carroll
b6234d6e96 Allowed OfferTitle to be empty
refs https://github.com/TryGhost/Team/issues/1163

This allows users to not provide a title for an Offer. We store the lack
of a title as `NULL` in the DB, but we will always provide a string to
the API so that the title can safely be used in HTML.
2021-10-22 13:41:09 +02:00
Fabien O'Carroll
d522da5d42 Published new versions
- @tryghost/members-api@2.4.1
 - @tryghost/members-stripe-service@0.4.0
2021-10-21 18:10:47 +02:00
Fabien O'Carroll
c154be4581 Included Offer information for Subscriptions
refs https://github.com/TryGhost/Team/issues/1135

We use the OffersAPI to fetch Offers, so that we can be using the same
format for Offers in all of our APIs.

We will not attach the Offer to the Subscription if either the Tier or
the Cadence do not match. This is because the Offer would no longer
apply to this Subscription.

We do however retain the data, so that a Member can still be filtered on
the Offers which they've redeemed.
2021-10-21 18:10:08 +02:00
Fabien O'Carroll
e78b2f80bc Fixed issues with checkout when not using coupon
no-issue

We were incorrectly checking for the existence of a coupon id - instead
we simplify the signature, and make sure the check is correct.
2021-10-21 18:06:36 +02:00
Fabien O'Carroll
93a37f98be Published new versions
- @tryghost/domain-events@0.1.3
 - @tryghost/express-dynamic-redirects@0.2.1
 - @tryghost/magic-link@1.0.14
 - @tryghost/member-analytics-service@0.1.4
 - @tryghost/member-events@0.3.1
 - @tryghost/members-analytics-ingress@0.1.5
 - @tryghost/members-api@2.4.0
 - @tryghost/members-csv@1.1.8
 - @tryghost/members-importer@0.3.4
 - @tryghost/members-ssr@1.0.15
 - @tryghost/members-stripe-service@0.3.1
 - @tryghost/members-offers@0.8.0
 - @tryghost/members-payments@0.1.0
2021-10-21 15:44:21 +02:00
Fabien O'Carroll
dbf564d137 Created Stripe Coupons when Offers are created
refs https://github.com/TryGhost/Team/issues/1166

We've moved the Stripe Coupon creation out of the Offers module as part
of the work for Stripe disconnect, so we have to make sure that we are
still creating coupons when an Offer is created.
2021-10-21 15:40:55 +02:00
Fabien O'Carroll
ff2da8a417 Added and emitted events for Offer Created
refs https://github.com/TryGhost/Team/issues/1166

Since we removed the creation of coupons from the Offers module, we must
emit events so that the Payments module can handle creating Coupons when
Offers are created.

We also export the events from the module so that they can be listened
to by the Payments module.

We also export other internals of the module so that the types can be
used.
2021-10-21 15:40:55 +02:00
Fabien O'Carroll
efe5164eff Wired up payments service
refs https://github.com/TryGhost/Team/issues/1166

By using the PaymentsService to fetch coupon information - we ensure
that the coupons are created if they're missing. Like in the case of a
Stripe disconnect/connect cycle.
2021-10-21 15:40:55 +02:00
Fabien O'Carroll
5db41169aa Added @tryghost/members-payments module
refs https://github.com/TryGhost/Team/issues/1166

This is a new module which will eventually handle all payment related
things. This allows the Offers module to focus exclusively on the Ghost
concepts, and the Payments module will handle the association between
Offer & Stripe Coupon, Tier & Stripe Product, Cadence & Stripe Price.

This decoupling allows us to not have to consider the lack of Stripe
data for an Offer, which is the case after a Stripe Disconnect. Instead
all of the population/repopulation/lazy-creating can be handled here.
2021-10-21 15:40:55 +02:00
Fabien O'Carroll
947fa74b9e Removed stripe_coupon_id handling from Offers
refs https://github.com/TryGhost/Team/issues/1166

This will be handled by a payments module instead. In order to
disconnect Stripe we must delete all Stripe related data, which means an
Offer doesn't inherently have a stripe coupon id. Instead we can use a
payments service which will get/create the coupon for us when we need
it.
2021-10-21 15:40:55 +02:00
Fabien O'Carroll
1ae6a2ac44 Handled Stripe Disconnect for Offers
refs https://github.com/TryGhost/Team/issues/1166

As usual we want to delete all Stripe related data on disconnect.
2021-10-21 15:40:55 +02:00
Renovate Bot
7a68dc2bd3 Update dependency mocha to v9.1.3 2021-10-20 13:45:40 +00:00
Renovate Bot
b01f7e2ee5 Update dependency nock to v13.1.4 2021-10-20 13:49:27 +02:00
Daniel Lockyer
cc73c4585a Added codecov.io coverage uploader to CI
refs linear.app/tryghost/issue/CORE-74/improve-the-test-situation

- this commit adds the codecov GitHub Action into CI so we can upload
  coverage reports
- the coverage files need to be in XML for them to work with
  codecov, so this commit also adds cobertura (XML) as a reporter
2021-10-20 13:48:54 +02:00
Fabien O'Carroll
501f05aef6 Published new versions
- @tryghost/members-offers@0.7.2
2021-10-19 11:09:17 +02:00
Fabien O'Carroll
e744c0f82e Fixed issue with updating offer to empty description
no-issue

Because we were checking for truthyness rather than existence when
updating properties on an Offer - it was impossible to set the
description to a blank string, as this is falsy.
2021-10-19 11:00:18 +02:00
Fabien O'Carroll
8d544978eb Published new versions
- @tryghost/members-offers@0.7.1
2021-10-18 17:29:58 +02:00
Fabien O'Carroll
dec46383b7 Updated API to use snake_case for redemption_count
no-issue
2021-10-18 17:29:30 +02:00
Fabien O'Carroll
959fbae83d Published new versions
- @tryghost/member-analytics-service@0.1.3
 - @tryghost/member-events@0.3.0
 - @tryghost/members-analytics-ingress@0.1.4
 - @tryghost/members-api@2.3.0
 - @tryghost/members-offers@0.7.0
2021-10-18 17:28:06 +02:00
Fabien O'Carroll
8051015bb8 Fixed race condition when linking subscriptions
no-issue

Without forcing linkSubscription to run inside a transaction - it's
possible to have race conditions where it is called twice, and attempt
to insert duplicate rows into the database.
2021-10-18 17:26:34 +02:00
Fabien O'Carroll
c58e83c9d7 Wired up OfferRedemption storage
refs https://github.com/TryGhost/Team/issues/1132

We have to include the Offer on the metadata for the Stripe Checkout -
as Offers with a duration of 'once' will not always be present on the
Subscription after fetching it.

Once we receive the Stripe Checkout webhook we emit an event for
subscription created - the reason we use an event is because this logic
should eventually live in a Payments/Stripe module - and we'd want to
decouple it from the Members module.

The Members module is in charge of writing Offer Redemptions - rather
than the Offers module - because Offer Redemptions are "owned" by a
Member - and merely reference and Offer. Eventually Offer Redemptions
could be replaced by Subscriptions.
2021-10-18 17:26:34 +02:00
Fabien O'Carroll
05619a193c Included redemptions in OfferDTO
refs https://github.com/TryGhost/Team/issues/1132

The DTO is the object which we expose externally so this adds the
Redemptions property for consumption by our external API's
2021-10-18 17:26:34 +02:00
Fabien O'Carroll
dbf549b664 Fixed count for redemptions
no-issue

You must use `where` rather than `forge` when generating counts.
2021-10-18 17:26:34 +02:00
Fabien O'Carroll
3cd26bc11b Updated OfferRepository to handle redemptions
refs https://github.com/TryGhost/Team/issues/1132

The OfferRepository needs to read from the OfferRedemptionModel to get
this data.
2021-10-18 17:26:34 +02:00
Fabien O'Carroll
34c0a7f6af Added redemptionCount to Offer
refs https://github.com/TryGhost/Team/issues/1132

This is a read-only property for tracking how many times an Offer has
been redeemed
2021-10-18 15:17:31 +02:00
Fabien O'Carroll
30fa4158bd Published new versions
- @tryghost/members-api@2.2.3
 - @tryghost/members-offers@0.6.2
2021-10-18 14:33:00 +02:00
Fabien 'egg' O'Carroll
9e3136cdbc Fixed incomplete subscription flow (#341)
refs https://github.com/TryGhost/Team/issues/1156

Because we were only attempting to add the product to the members if the
subscription was new AND active - we would not add it for incomplete
subscriptions transitioning to active.

Instead we always attempt to add the product to a member for an active
subscription - it doesn't matter if it's a new one. We later have logic
to filter out duplicate products if the member already has access to the
product.
2021-10-18 14:25:28 +02:00
Fabien O'Carroll
47ad10629e Used correct methods for reading/writing to db
no-issue

Using `save` was a placeholder and isn't the correct way to interact
with our model layer.
2021-10-15 11:08:30 +02:00
Fabien O'Carroll
c2f85d3742 Used isEqual to compare ValueObjects
no-issue

This ensures that ValueObjects can contain non-primitive types.
2021-10-14 14:56:37 +02:00
Fabien O'Carroll
3fc4bf6239 Published new versions
- @tryghost/members-api@2.2.2
 - @tryghost/members-offers@0.6.1
2021-10-14 12:06:48 +02:00
Fabien O'Carroll
53d24e501d Fixed Stripe Checkout using Offers
refs https://github.com/TryGhost/Members/commit/5172e40646

When we updated to use the OffersAPI instead of OfferRepository this was
missed, and we were passing blank coupon to Stripe Checkout. This should
eventually be replaced with a call like `getCoupon(offerId)` from a
payments service.
2021-10-14 12:02:39 +02:00
Fabien O'Carroll
2a3df8e3db Published new versions
- @tryghost/members-api@2.2.1
2021-10-13 11:22:05 +02:00
Fabien O'Carroll
9e7891fef7 Restricted archived Offers from being used
refs https://github.com/TryGhost/Team/issues/1133

An archived Offer is intended to be disabled from a redemption point of
view. This ensures that we do not allow Stripe Checkout Sessions to be
created for them.
2021-10-13 11:19:35 +02:00
Fabien O'Carroll
1ec3dfbfab Published new versions
- @tryghost/members-api@2.2.0
2021-10-13 11:16:08 +02:00
Fabien O'Carroll
5172e40646 Used OffersAPI over OfferRepository in MembersAPI
no-issue

The OfferRepository deals with domain objects in the Offers module, and
as such is not suitable for use with "external" services. This update
means that MembersAPI can deal with POJO DTOs so that there is not a
dependency on the internals of the Offers module. Just on the contract
it holds with the outside world.
2021-10-13 11:11:12 +02:00
Fabien O'Carroll
8ef752a7f7 Published new versions
- @tryghost/members-offers@0.6.0
2021-10-12 18:36:47 +02:00
Fabien O'Carroll
96e87d6798 Ensured that Offers can be filtered on status
refs https://github.com/TryGhost/Team/issues/1131

This adds a mapping between the status property used in the domain & API
and the active column used in the database. As we only have the usecase
of filtering by `status` right now, we have not added support for all
the other columns. Instead of these potentially erroring where the
column name does not match the property name in the domain/api - we've
added a transformer which will ignore all filters for properties other
than `status`. This follows postels law, in that we can be liberal with
the filters we accept, but conservative in the ones we implement.
2021-10-12 18:36:04 +02:00
Fabien O'Carroll
cf8fcc6f35 Installed @nexes/mongo-utils
refs https://github.com/TryGhost/Team/issues/1131

This will allow us to map filters from our domain to the persistence
layer.
2021-10-12 18:32:48 +02:00
Fabien O'Carroll
1e4b5c792a Supported using NQL filter to get Offers
refs https://github.com/TryGhost/Team/issues/1131

This adds initial support for pass through a filter to the Model layer,
so that we can fetch Offers based on an NQL filter.
2021-10-12 18:32:48 +02:00
Naz
8b271835d2 Published new versions
- @tryghost/express-dynamic-redirects@0.2.0
2021-10-12 17:26:29 +02:00
Naz
4da8051114 Fixed tests
refs https://linear.app/tryghost/issue/CORE-84/have-a-look-at-the-eggs-redirects-refactor-branch
refs c44e33b1f7

- Previous commit didn't adjust unit tests to the new constructor API
2021-10-12 17:25:52 +02:00
Naz
c44e33b1f7 Simplified DynamicRedirectManager's constructor interface
refs https://linear.app/tryghost/issue/CORE-84/have-a-look-at-the-eggs-redirects-refactor-branch

- There is no need to pass in whole "urlUtils" instance to construct the class as all the class has to know is how to construct a "subdirectory URL" which can be a single function passed in instead of a vague object instance
2021-10-12 17:21:46 +02:00
Naz
ba2a5df493 Added handling for invalid redirect regexes
refs https://linear.app/tryghost/issue/CORE-84/have-a-look-at-the-eggs-redirects-refactor-branch
refs 8f5186995d
refs 260a47da83

- The router should not stop working when an invalid redirect definition is added
- Referenced commits solve this exact problem before this module was introduced
2021-10-12 17:21:46 +02:00
Naz
80f2a001ec Simplified DynamicRedirectManager's constructor interface
refs https://linear.app/tryghost/issue/CORE-84/have-a-look-at-the-eggs-redirects-refactor-branch

- In most of the packages we follow the pattern of passing in a single "options" object into a constructor and desructuring those the object into parameter, like this example: 077c83dc2d/packages/limit-service/lib/limit-service.js (L19-L26)
2021-10-12 17:21:46 +02:00
Fabien O'Carroll
73e11690c1 Published new versions
- @tryghost/members-offers@0.5.0
2021-10-12 17:14:11 +02:00
Fabien O'Carroll
facbfcfa8e Added support for Offer status to API
refs https://github.com/TryGhost/Team/issues/1131

- Includes `status` on OfferDTO so client can use it
- Allows editing `status` of Offers
- Allows setting initial `status` when creating Offers
2021-10-12 17:11:54 +02:00
Fabien O'Carroll
04b9944e67 Defaulted to 'active' status when creating Offers
refs https://github.com/TryGhost/Team/issues/1131

This ensures that Offers are active by default.
2021-10-12 17:10:51 +02:00
Fabien O'Carroll
a772f5b82f Wired up Offer status to the OfferRepository
refs https://github.com/TryGhost/Team/issues/1131

This allows us to persist and hydrate the Offer status from our
database.
2021-10-12 15:29:13 +02:00
Fabien O'Carroll
1f936357d9 Added concept of OfferStatus to domain model
refs https://github.com/TryGhost/Team/issues/1131

This allows us to model the behaviour of archived & active offers, as
well as allowing us to set their status on the model.
2021-10-12 15:27:27 +02:00
Fabien O'Carroll
d148108ae6 Published new versions
- @tryghost/members-api@2.1.1
 - @tryghost/members-offers@0.4.2
2021-10-08 15:21:07 +02:00
Fabien O'Carroll
afa5363dd4 Fixed Stripe Checkout for monthly Offers
refs https://github.com/TryGhost/Members/commit/504fb1bf

Since we updated the Offer to use Value Objects, we needed to update the
usage here too.
2021-10-08 15:19:59 +02:00
Fabien O'Carroll
1312943f5b Updated Offer to only change code once
no-issue

This simplifies the handling of updating redirects for a code, and
doesn't affect our application layer because we never have the need to
change a code twice.

In future this should be replaced with events at the domain level - so
that we do not have to track changed properties and instead a redirect
service can listen to events, which would be dispatched on a successful
save by the repository.
2021-10-08 13:02:22 +02:00
Fabien O'Carroll
1f703920c9 Published new versions
- @tryghost/members-offers@0.4.1
2021-10-08 12:43:16 +02:00
Fabien O'Carroll
08d3e6e99c Allowed for OfferDescription to be null/empty
refs https://github.com/TryGhost/Team/issues/1083

OfferDescription is not a required field, so we must not throw when it
is falsy or not present.
2021-10-08 12:40:57 +02:00
Fabien O'Carroll
35f150bcf4 Moved errors to domain/errors
no-issue

More cleanup to pull files into their appropriate responsibility
2021-10-08 12:31:11 +02:00
Fabien O'Carroll
9bcd25fe5e Moved application concerns to an application dir
no-issue

Shuffling files to give a better idea of what the files concern, as well
as to add some structure.
2021-10-08 12:27:17 +02:00
Fabien O'Carroll
78be4b55c9 Moved ValueObject to domain/models/shared
no-issue

This is only ever used in this directory so it makes sense to be
colocated.
2021-10-08 12:23:40 +02:00
Fabien O'Carroll
4a27ef68df Moved events into domain directory
no-issue

Events are a domain concern and as such should live in this directory
2021-10-08 12:21:27 +02:00
Fabien O'Carroll
32a88df1d3 Published new versions
- @tryghost/members-offers@0.4.0
2021-10-08 12:13:38 +02:00
Fabien O'Carroll
9f7a922415 Added support for "repeating" duration Offers
refs https://github.com/TryGhost/Team/issues/1083

We combine the duration and duration_in_months into a single value
object which can be validated together, meaning we will never have
properties which are out of sync (e.g. forever durations with 2 months).
2021-10-08 12:10:36 +02:00
Fabien O'Carroll
6afb1eae40 Published new versions
- @tryghost/members-offers@0.3.5
2021-10-08 11:41:07 +02:00
Fabien O'Carroll
bd3f1e6456 Fixed sending back currency for Fixed Offers
no-issue

Since we changed the type from "amount" to "fixed" the logic to send
back the currency was not working. This updates it to use the correct
values.
2021-10-08 11:38:47 +02:00
Fabien O'Carroll
a5f4698201 Published new versions
- @tryghost/members-offers@0.3.4
2021-10-07 18:21:52 +02:00
Fabien O'Carroll
c8933c9abd Fixed handling of null currency & used duration
no-issue

Currency is not always present on an offer so we need to handle it.
Duration was incorrectly not passed to Stripe when creating the coupon.
2021-10-07 18:18:53 +02:00
Fabien O'Carroll
13b870d0ef Published new versions
- @tryghost/members-offers@0.3.3
2021-10-07 17:42:52 +02:00
Fabien O'Carroll
170591a113 Improved types for Offer
no-issue

This splits out the types of the Offers properties from the types of the
expected values to be passed to create.
2021-10-07 17:37:48 +02:00
Fabien O'Carroll
2b58ecd82e Added support for creating fixed offers with currency
refs https://github.com/TryGhost/Team/issues/1083

We now allow creating offers for a fixed amount, rather than a
percentage. These require a currency to be passed as a fixed amount is
meaningless without one.
2021-10-07 17:37:48 +02:00
Fabien O'Carroll
2c04afe810 Updated types of Offers to "fixed" and "percent"
no-issue

This is inline with the language used elsewhere to describe these types.
2021-10-07 17:35:34 +02:00
Fabien O'Carroll
6d383c2d0e Added support for "once" and "forever" Offer duration
refs https://github.com/TryGhost/Team/issues/1083

Instead of Offers being hardcoded to the "once" duration this will allow
Admins to start creating offers of variable durations.
2021-10-07 17:13:23 +02:00
Fabien O'Carroll
ea0282c80e Published new versions
- @tryghost/members-offers@0.3.2
2021-10-07 16:46:52 +02:00
Fabien O'Carroll
504fb1bfa1 Used Value Objects to validate outside of Offer factory
no-issue

This adds the concept of "Value Objects" to an Offers properties,
allowing us to move validation out and ensure that an Offer will only
ever have valid properties, without having to duplicate checks - or
leave them to the persistent layer. This means we can fail early, as
well as write unit tests for all of our validation.
2021-10-07 16:46:08 +02:00
Fabien O'Carroll
a673b2ae99 Published new versions
- @tryghost/members-offers@0.3.1
2021-10-07 12:47:03 +02:00
Fabien O'Carroll
d9e40c6070 Ensured Offer code is slugified
refs https://github.com/TryGhost/Team/issues/1083

This ensures that the code will be URL safe for redirects
2021-10-07 12:45:51 +02:00
Fabien O'Carroll
309e827a7f Published new versions
- @tryghost/members-api@2.1.0
 - @tryghost/members-offers@0.3.0
2021-10-06 16:55:51 +02:00
Fabien O'Carroll
6ae8b7eb0c Added stripeCouponId to Offer
refs https://github.com/TryGhost/Team/issues/1090

When creating a Stripe Checkout Session for an Offer - we need access to
the underlying Stripe Coupon. Exposing it here allows consumers of the
OfferRepository access.
2021-10-06 16:12:53 +02:00
Fabien O'Carroll
f0141f08ff Applied Offers when creating Stripe Checkout Session
refs https://github.com/TryGhost/Team/issues/1090

Instead of the hardcoded 1-day version for Offers, we can now talk
directly to the Offers repository and use the real values for Stripe
Checkout.
2021-10-06 16:12:53 +02:00
Fabien O'Carroll
d57d082c39 Exposed OfferRepository from OffersModule
refs https://github.com/TryGhost/Team/issues/1090

When creating checkout session we will need to be able to look up Offers
from the OfferRepository. This exposes the repository so that it can be
passed as a dependency elsewhere.
2021-10-06 15:15:03 +02:00
Fabien O'Carroll
371581f677 Published new versions
- @tryghost/members-offers@0.2.1
2021-10-06 12:08:48 +02:00
Fabien O'Carroll
dbc7d73be7 Fixed updateOffer API method
no-issue

- Property names were out of sync with API
- Async methods were not awaited
- Transaction was erroneously commited
2021-10-06 12:07:03 +02:00
Fabien O'Carroll
6397438e73 Published new versions
- @tryghost/members-offers@0.2.0
2021-10-05 16:27:31 +02:00
Fabien O'Carroll
33d042ccf7 Added getOffer method to OffersAPI
refs https://github.com/TryGhost/Team/issues/1083
2021-10-05 16:25:56 +02:00
Fabien O'Carroll
b3ed676e53 Moved redirect handling outside of repository
no-issue

The redirect handling is more of an application concern that can happen
at the top level, rather than the lower level of the repository.
2021-10-05 16:24:47 +02:00
Fabien O'Carroll
d4ed604cce Published new versions
- @tryghost/members-offers@0.1.2
2021-10-05 13:15:47 +02:00
Fabien O'Carroll
5dd5b71718 Fixed redirects for new offers
refs https://github.com/TryGhost/Team/issues/1091
2021-10-05 13:14:33 +02:00
Fabien O'Carroll
587954faf9 Published new versions
- @tryghost/members-offers@0.1.1
2021-10-05 11:44:32 +02:00
Fabien O'Carroll
ef73121ae4 Fixed UniqueChecker methods
no-issue

These were returning the opposite of what they should have.
2021-10-05 11:43:38 +02:00
Fabien O'Carroll
81badcae2e Published new versions
- @tryghost/members-offers@0.1.0
2021-10-05 11:19:44 +02:00
Fabien O'Carroll
5674036902 Added initial Offers module
refs https://github.com/TryGhost/Team/issues/1083

This is the initial scaffolding for setting up Offers in Ghost
2021-10-05 11:19:15 +02:00
Fabien O'Carroll
b03221401e Published new versions
- @tryghost/members-api@2.0.0
2021-10-04 13:35:10 +02:00
Fabien 'egg' O'Carroll
c5784da2b6 Updated MembersAPI to take StripeAPIService as dep (#338)
refs https://github.com/TryGhost/Team/issues/1083

The Offers service is going to need access to the StripeAPIService too,
so we must pull its initialisation out of this module up to the Ghost
application layer, which will allow us to pass a reference of the
StripeAPIService to wherever needs it.
2021-10-04 13:34:17 +02:00
Fabien O'Carroll
9341c318d3 Published new versions
- @tryghost/members-api@1.39.1
 - @tryghost/members-stripe-service@0.3.0
2021-10-01 13:18:02 +02:00
Fabien O'Carroll
515a50f2a4 Updated subscription price changes to always invoice
refs https://github.com/TryGhost/Team/issues/1075

Without this flag, payment for upgrading to a more expensive plan will
be taken at the end of the current billing cycle, which could be a year
from the date of the switch - this would effectively give free access to
more expensive prices.
2021-10-01 12:27:09 +02:00
Fabien O'Carroll
a438795d4a Published new versions
- @tryghost/express-dynamic-redirects@0.1.0
2021-09-29 12:02:26 +02:00
Fabien 'egg' O'Carroll
8c92f5744c Added express-dynamic-redirects module (#337)
refs https://github.com/TryGhost/Team/issues/1091

The Offers feature needs to be able to add and remove redirects to Ghost
- which is very similar to the custom redirects functionality. Here we've
pulled out the core of the dynamic redirect part of custom redirects so
that it can be used by both features and have code shared between them.
2021-09-29 12:01:40 +02:00
Fabien O'Carroll
dad54a25b1 Published new versions
- @tryghost/domain-events@0.1.2
 - @tryghost/magic-link@1.0.13
 - @tryghost/member-analytics-service@0.1.2
 - @tryghost/member-events@0.2.1
 - @tryghost/members-analytics-ingress@0.1.3
 - @tryghost/members-api@1.39.0
 - @tryghost/members-csv@1.1.7
 - @tryghost/members-importer@0.3.3
 - @tryghost/members-ssr@1.0.14
 - @tryghost/members-stripe-service@0.2.0
2021-09-28 13:40:14 +02:00
Fabien O'Carroll
cd6e87774a Added 1-day version of Offers
refs https://github.com/TryGhost/Team/issues/1090

This 1-day version of Offers allows us to test the full flow of the
Offers feature without having to implement all of it. The focus here is
that we can pass an Offer ID when creating a Stripe Checkout session and
have it apply. Here we use hardcoded Stripe Coupons as we haven't yet
got persistence implemented for Offers & their related Stripe Coupons
2021-09-28 13:39:04 +02:00
Fabien O'Carroll
e5b0cf8686 Added basic support for coupons
refs https://github.com/TryGhost/Team/issues/1090

This allows us to create Stripe Coupons and use them with Stripe
Checkout from the members-api module whilst we develop the Offers
feature.
2021-09-28 13:39:04 +02:00
Renovate Bot
c13be723e6 Update dependency mocha to v9.1.2 2021-09-28 07:42:20 +00:00
Fabien O'Carroll
2d68442af1 Published new versions
- @tryghost/members-api@1.38.1
2021-09-23 11:16:44 +02:00
Fabien O'Carroll
e93d092766 Fixed handling of invalid tokens when changing email
no-issue

Without a return after ending the response, the code will continue to
attempt to send emails and then send another response which results in
an uncaught error.
2021-09-23 11:12:23 +02:00
Fabien O'Carroll
9031602406 Published new versions
- @tryghost/members-api@1.38.0
2021-09-22 16:50:02 +02:00
Fabien O'Carroll
4e947a88ce Fixed security hole in email address change flow
refs https://github.com/TryGhost/Ghost/security/advisories/GHSA-65p7-pjj8-ggmr

The email address change flow was built on top of the unauthenticated
signin/signup flow. This meant that ownership of the email being changed
wasn't verified and allowed a malicious actore to change the email
address of arbitrary accounts to an email address which they controlled.

We remove the ability to change email addresses from the signin/signup
flow and instead create a dedicated, authenticated flow for changing
email address.
2021-09-22 16:49:17 +02:00
Rishabh
21fbaff41b Published new versions
- @tryghost/members-api@1.37.5
2021-09-22 18:13:43 +05:30