Commit Graph

1332 Commits

Author SHA1 Message Date
Daniel Lockyer
12aaaa6d6e
Removed Portal's .editorconfig file
- this should no longer be needed because we have a top-level
  .editorconfig file
2022-10-06 11:23:39 +07:00
Simon Backx
eac8fbfdfd Released Portal v2.14.0 2022-10-05 12:44:18 +02:00
Simon Backx
e7378520a0
🔒 Prevented member creation when logging in (#15526)
fixes https://github.com/TryGhost/Ghost/issues/14508

This change requires the frontend to send an explicit `emailType` when sending a magic link. We default to `subscribe` (`signin` for invite only sites) for now to remain compatible with the existing behaviour.

**Problem:**
When a member tries to login and that member doesn't exist, we created a new member in the past.

- This caused the creation of duplicate accounts when members were guessing the email address they used.
- This caused the creation of new accounts when using an old impersonation token, login link or email change link that was sent before member deletion.

**Fixed:**
- Trying to login with an email address that doesn't exist will throw an error now.
- Added new and separate rate limiting to login (to prevent user enumeration). This rate limiting has a higher default limit of 8. I think it needs a higher default limit (because it is rate limited on every call instead of per email address. And it should be configurable independent from administrator rate limiting. It also needs a lower lifetime value because it is never reset.
- Updated error responses in the `sendMagicLink` endpoint to use the default error encoding middleware.
- The type (`signin`, `signup`, `updateEmail` or `subscribe`) is now stored in the magic link. This is used to prevent signups with a sign in token.

**Notes:**
- Between tests, we truncate the database, but this is not enough for the rate limits to be truly reset. I had to add a method to the spam prevention service to reset all the instances between tests. Not resetting them caused random failures because every login in every test was hitting those spam prevention middlewares and somehow left a trace of that in those instances (even when the brute table is reset). Maybe those instances were doing some in memory caching.
2022-10-05 12:42:42 +02:00
Daniel Lockyer
609fcb17c0
Removed main from yarn ship
- we might not necessarily be pushing to `main`, for example, if we're
  doing a patch release
2022-10-05 16:47:39 +07:00
Daniel Lockyer
8b7a573a1d
Released Portal v2.13.2 2022-10-05 16:03:46 +07:00
Daniel Lockyer
e60fc167e4
Improved yarn ship for Portal
refs https://github.com/TryGhost/Toolbox/issues/426

- with the existing `ship` command, it publishes to npm before pushing
  to GitHub
- I fear we're likely to run into a scenario where the HEAD of `main` is
  behind, so the git push fails, and then rebasing the HEAD will break
  the tags that we created
- in this scenario, I think it's better to hard reset back, git pull and
  then try again
- in that case, we need to publish to npm after GitHub
- this commit should implement that
2022-10-05 15:48:10 +07:00
Daniel Lockyer
700a62e048
Added quotes to version-tag-prefix
- without this, the following line does not apply for some reason
2022-10-05 15:27:20 +07:00
Daniel Lockyer
a26886ed65
Updated Portal README and repository link
refs https://github.com/TryGhost/Toolbox/issues/426

- these needed updating now Portal is in the monorepo
2022-10-05 15:22:17 +07:00
Daniel Lockyer
2a40f72f36
Added yarn test:unit to Portal
refs https://github.com/TryGhost/Toolbox/issues/426

- this ensures we provide a `test:unit` command for CI
- this probably needs changing in the future - not sure yet
2022-10-05 15:17:01 +07:00
Daniel Lockyer
22c85df66f
Added .yarnrc config for Portal
refs https://github.com/TryGhost/Toolbox/issues/426

- this ensures the git tag and commit message are in the expected format
2022-10-05 15:15:14 +07:00
Daniel Lockyer
314281cf08
Removed extraneous logging from Portal dev script
refs https://github.com/TryGhost/Toolbox/issues/426

- now Portal is in the monorepo, the dev script doesn't need to wipe the
  console output nor print instructions as that should be handled with
  setting environment variables
2022-10-05 15:13:34 +07:00
Daniel Lockyer
181f12d2de
Cleaned up extra files in Portal package
refs https://github.com/TryGhost/Toolbox/issues/426

- these files are no longer needed now the code is in the Ghost monorepo
2022-10-05 15:06:36 +07:00
renovate[bot]
a5adffbcb5 Update Test & linting packages 2022-10-05 11:23:47 +07:00
Daniel Lockyer
b73a657435 Updated react-scripts and eslint-plugin-ghost dependencies
refs https://github.com/TryGhost/Toolbox/issues/426

- this commit bumps both dependencies because it resolves various issues
  I've encountered when moving Portal to the Ghost monorepo
2022-10-05 11:20:29 +07:00
Daniel Lockyer
8daa06a3b8 Fixed various linting issues
- these changes were needed ahead of the upcoming bump to react-scripts,
  which bumps eslint to v8, and therefore we can update
  eslint-plugin-ghost, which introduces some new linting rules
2022-10-05 11:11:03 +07:00
Daniel Lockyer
264e6d41a7 Updated CI Ubuntu version to latest
- 18.04 is deprecated and getting phased out so we should switch to the latest version
2022-10-05 10:58:24 +07:00
Daniel Lockyer
20d9256105 Updated CI Node version to 16
refs https://github.com/TryGhost/Toolbox/issues/163

- Node 16 is our recommended version so we should test using that
2022-10-05 10:56:39 +07:00
renovate[bot]
9608f834c3 Update sentry-javascript monorepo to v7.14.1 2022-10-04 15:59:31 +00:00
renovate[bot]
997d6896a1 Update sentry-javascript monorepo to v7.14.0 2022-09-29 19:50:44 +00:00
Rishabh
3314dafa78 v2.13.1 2022-09-28 00:17:31 +05:30
Rishabh
10e65f7fe8 Fixed incorrect import handling for data attributes
refs c3c503632b
2022-09-28 00:16:47 +05:30
Rishabh
d558a185de v2.13.0 2022-09-27 23:43:00 +05:30
Rishabh
c3c503632b Added attribution history to api requests via data attributes
- we added attribution data from localstorage to api requests made via Portal UI, but was missed for requests directly from theme via data-attributes
- includes url history data for free or paid signups via theme to mark correct attribution
2022-09-27 23:42:09 +05:30
renovate[bot]
c980865d3c Update dependency source-map-explorer to v2.5.3 2022-09-27 08:33:14 +07:00
renovate[bot]
5bec8eb2f4 Update dependency copy-webpack-plugin to v11 2022-09-20 17:48:43 +01:00
renovate[bot]
2814ea4774 Update dependency webpack-cli to v4 2022-09-20 17:35:16 +01:00
renovate[bot]
ff09129dfc Lock file maintenance 2022-09-20 15:37:59 +01:00
renovate[bot]
69a346ccd7 Update sentry-javascript monorepo to v7 2022-09-20 15:34:52 +01:00
Renovate Bot
4fb6913a8e Update dependency react-error-overlay to v6.0.11 2022-09-20 15:33:59 +01:00
renovate[bot]
965c4afcca Update actions/checkout action to v3 2022-09-20 15:33:21 +01:00
Renovate Bot
1135b0073a Update actions/setup-node action to v3 2022-09-20 14:43:22 +01:00
Renovate Bot
96e2c7d7c5 Update codecov/codecov-action action to v3 2022-09-20 14:42:59 +01:00
Ronald Langeveld
17b1141c0f v2.12.0 2022-09-09 13:44:07 +02:00
Ronald Langeveld
c397cb92f3 V2.11.2 2022-09-09 13:08:06 +02:00
Ronald Langeveld
30284909e9 Added members-autoredirect data attribute selector. (#261)
closes https://github.com/TryGhost/Team/issues/1800
- Added data attribute selector for custom login / signup forms to optionally prevent redirects coming from the magic link.
2022-09-06 14:39:18 +02:00
Rishabh
08cdddfb92 v2.11.1 2022-09-02 23:24:42 +05:30
Rishabh
7944e4c11d Allowed dismissing portal popup with Esc for signup page
closes https://github.com/TryGhost/Team/issues/1034

- pressing esc to dismiss popup didn't work for signup page as it was focused on input field
- allows esc to dismiss popup if the focused input field is empty
2022-09-02 23:11:18 +05:30
renovate[bot]
7293d008c4 Lock file maintenance 2022-08-29 05:21:04 +00:00
Rishabh
c5da3c0870 v2.11.0 2022-08-19 22:01:19 +05:30
Djordje Vlaisavljevic
3d87b02c55 Fixed error with free trial pill not showing on upgrade screen
refs https://github.com/TryGhost/Team/issues/1728
2022-08-19 18:13:35 +02:00
Rishabh
9bac4e680c v2.10.0 2022-08-19 21:01:28 +05:30
Rishabh
d6aae23e86 Wired expiry values for complimentary subscriptions
refs https://github.com/TryGhost/Team/issues/1727

- adds expiry date for comp subs with expiry value
2022-08-19 20:57:23 +05:30
Rishabh
aa1c90f60b Added flag for allowing comp member upgrade
refs https://github.com/TryGhost/Team/issues/1728
2022-08-19 20:57:23 +05:30
Rishabh
12bec6011b Fixed lint 2022-08-19 20:57:23 +05:30
Rishabh
8fba983e6d Allowed complimentary members to upgrade
refs https://github.com/TryGhost/Team/issues/1728

- allows comped members to go through the upgrade flow and become a paid member
2022-08-19 20:57:23 +05:30
Djordje Vlaisavljevic
427a5b1057 Removed the feature flag and the related logic
refs https://github.com/TryGhost/Team/issues/1724
2022-08-19 17:14:44 +02:00
Rishabh
2c636d16eb Cleaned up trial days display 2022-08-19 19:03:08 +05:30
Djordje Vlaisavljevic
d5dedd4765 Updated subscription info for users on free trial
refs https://github.com/TryGhost/Team/issues/1724
2022-08-19 14:40:35 +02:00
Djordje Vlaisavljevic
a6666eb8fd Updated the test
refs https://github.com/TryGhost/Team/issues/1724
2022-08-19 14:32:57 +02:00
Djordje Vlaisavljevic
006b3adc3b Updated how discounts appear when there are no tiers with trial
refs https://github.com/TryGhost/Team/issues/1724
2022-08-19 14:20:50 +02:00