TryGhost/Ghost
1
0
Fork 0
mirror of https://github.com/TryGhost/Ghost.git synced 2024-11-23 11:55:01 +03:00
Code Issues Projects Releases Wiki Activity
410 Commits 226 Branches 1,677 Tags 368 MiB
d6897df163
Commit Graph

410 Commits

Author SHA1 Message Date
John O'Nolan
a122aa0119 2020 2020-01-07 19:06:08 +00:00
Nazar Gargol
ef3de2a295 Published new versions 
- @tryghost/members-api@0.10.2
 2019-12-12 15:27:45 +07:00
Naz Gargol
ff5fceafc8 Added subscription update middleware (#107) 
refs #https://github.com/TryGhost/Ghost/pull/11434

- Added method to allow updating single subscription. Only `cancel_at_period_end` field can be updated. 
- Middleware is needed to allow Ghost Core to cancel/uncancel member's subscription. 
- Relies on the request containing identity information to be able to verify if subscription belongs to the user
- When member could not be identified by the identity information present in the request we should throw instead of continuing processing
- Handling and messaging inspired by https://github.com/TryGhost/Ghost/blob/3.1.1/core/server/services/mega/mega.js#L132
- When the user initiates subscription cancellation we can safely mark the subscription as canceled so that it's not shown in the interface on subsequent request. Otherwise, we end up in a situation where we still return the subscription in the period until Stripe triggers the webhook.
- Added boolean coercion for cancel_at_period_end parameter. If anything but boolean is passed to Stripe API it throws an error.  Coercing the value on our side is a gives a better dev experience
 2019-12-12 15:19:36 +07:00
Fabien O'Carroll
94ef530b3c Fixed bug in cancelAllSubscriptions 
no-issue

We filter out previously cancelled subscriptions, but used the wrong string "cancelled" instead of "canceled"
https://stripe.com/docs/billing/lifecycle#subscription-states
 2019-12-09 15:55:37 +02:00
Fabien O'Carroll
231218c4e6 Published new versions 
- @tryghost/members-api@0.10.1
 2019-12-09 14:31:12 +02:00
Fabien O'Carroll
7db503b13b Fixed local webhooks when using localhost urls 
no-issue

When using localhost urls the call to `create` will error and end in teh
catch block - so we need to use the environment variable there, too.

Introduced in 0149dd8f
 2019-12-09 14:29:59 +02:00
Nazar Gargol
fe462ae706 Published new versions 
- @tryghost/members-api@0.10.0
 2019-12-06 13:29:27 +07:00
Naz Gargol
3060e11a4e Changed members-api constructor to accept Member model directly (#105) 
no issue

- As members have become a part of Ghost core there is no need to proxy methods like this anymore and we can allow members-api to work on the model directly
- Methods come from Ghost core: https://github.com/TryGhost/Ghost/blob/cc39786/core/server/services/members/api.js#L11-L110
 2019-12-05 18:16:18 +07:00
Naz Gargol
0149dd8f4d Added priority to webhook secret if present in env (#103) 
no issue

- When debugging Stripe with using: `stripe listen \
  --forward-to http://ghost.local/members/webhooks/stripe/` this priority is nice to have so that Ghost process can be initialized using WEBHOOK_SECRET env variable
- It was not working in current form because Stripe recognized `ghost.local` as a valid domain and didn't throw any errors
- Removed unneeded secret assignment in a catch statement. It is redundant with the new implementation
 2019-11-25 13:15:28 +07:00
Fabien O'Carroll
9da1a18770 Published new versions 
- @tryghost/magic-link@0.3.2
 - @tryghost/members-api@0.9.0
 - @tryghost/members-ssr@0.7.3
 2019-11-05 18:22:07 +07:00
Renovate Bot
297425402b Update dependency @types/nodemailer to v6.2.2 2019-11-05 16:53:53 +07:00
Renovate Bot
b1fe580834 Update dependency @types/jsonwebtoken to v8.3.5 2019-11-05 16:53:39 +07:00
Fabien O'Carroll
19148dab4e Included subscription information when listing members 
no-issue
 2019-11-05 16:12:20 +07:00
Renovate Bot
2ce0c5a992 Update Test & linting packages 2019-11-01 13:40:10 +07:00
Renovate Bot
7684ad51c4 Update Node.js to 12 2019-11-01 13:40:00 +07:00
Fabien O'Carroll
a35d947413 Published new versions 
- @tryghost/magic-link@0.3.1
 - @tryghost/members-api@0.8.3
 - @tryghost/members-ssr@0.7.2
 2019-10-30 15:24:07 +07:00
Fabien O'Carroll
7a3c99886d Added logging for failed webhook verification 
no-issue

This gives us some more information about the secret used
 2019-10-30 14:40:16 +07:00
Renovate Bot
f233d5fc71 Update dependency cookies to ^0.8.0 2019-10-14 12:38:53 +07:00
Renovate Bot
97c9567744 Update dependency @types/node to v12.7.12 2019-10-14 12:38:19 +07:00
Fabien O'Carroll
123fc7dcd5 Published new versions 
- @tryghost/members-ssr@0.7.1
 2019-10-11 18:01:21 +07:00
Fabien O'Carroll
2a90d84e9a Added flag for disabling sign cookies 
no-issue
 2019-10-11 18:00:19 +07:00
Fabien O'Carroll
ebbf4e69f9 Published new versions 
- @tryghost/magic-link@0.3.0
 - @tryghost/members-api@0.8.2
 2019-10-11 12:03:51 +07:00
Fabien O'Carroll
47ed334597 Updated use of magic-link module to pass subject 
no-issue

This takes advantage of magic-links smaller tokens
 2019-10-11 11:58:23 +07:00
Fabien O'Carroll
4c4d5aab91 Removed the need for audience and issuer claim 
no-issue

This is unecessary as this is a closes system, the tokens are issued and
intended for the same service, using the same secret
 2019-10-11 11:58:23 +07:00
Fabien O'Carroll
483654a4b6 Removed user object from magic links 
no-issue

This means magic link will rely solely on the `sub` claim for identifying the user
 2019-10-11 11:58:23 +07:00
Fabien O'Carroll
d248c909d9 Updated usage of magic-link, passing secret 
no-issue
 2019-10-11 11:58:23 +07:00
Fabien O'Carroll
7a512f992b Updated to use HS256 signatures for tokens 
no-issue

This makes the tokens a little more acceptable in plaintext emails
 2019-10-11 11:58:23 +07:00
Fabien O'Carroll
5d2e20fbb7 Published new versions 
- @tryghost/magic-link@0.2.2
 - @tryghost/members-api@0.8.1
 2019-10-10 20:21:23 +07:00
Fabien O'Carroll
e04898cb3d Pass getSubject option to MagicLink module 
no-issue
 2019-10-10 20:20:46 +07:00
Fabien O'Carroll
2de53f8571 Support custom subject line with getSubject option 
no-issue
 2019-10-10 20:20:46 +07:00
Fabien O'Carroll
1e8bac111f Pass email to getHTML and getSubject 
no-issue

This will allow email templates to include the recipient
 2019-10-10 20:20:46 +07:00
Fabien O'Carroll
2c4732b46d Published new versions 
- @tryghost/magic-link@0.2.1
 - @tryghost/members-api@0.8.0
 - @tryghost/members-ssr@0.7.0
 2019-10-09 10:51:35 +07:00
Fabien O'Carroll
2d058d8a47 Refactored updateSubscription to fetch payment info 
no-issue
 2019-10-09 10:48:57 +07:00
Fabien O'Carroll
5a0adce65d Inverted active check for subscriptions 
no-issue

This is more explicit about what we consider to be an active subscription
 2019-10-09 10:46:55 +07:00
Fabien O'Carroll
5a17327a93 Improved error logging for webhook handling 
no-issue
 2019-10-09 10:46:55 +07:00
Fabien O'Carroll
310972f73c Updated signatures for get/set metadata 
no-issue
 2019-10-09 10:46:55 +07:00
Fabien O'Carroll
4c4cc90d05 Added the extra events to the stripe webhook 
no-issue

* customer.subscription.deleted - when a subscription is cancelled
* customer.subscription.updated - when a subscription status/plan changes
* invoice.payment_succeeded - when a subscription has successfully renew
* invoice.payment.failed - when a subscription has failed to renew
 2019-10-09 10:46:55 +07:00
Fabien O'Carroll
6fc6718735 Renamed addCustomerToMember to updateCustomer 
no-issue
 2019-10-09 10:46:55 +07:00
Fabien O'Carroll
8829b545a9 Updated handleStripeWebhook middleware 
no-issue

This adds the handlers for the new events we want to listen to
 2019-10-09 10:46:55 +07:00
Fabien O'Carroll
68d65c905a Added webhook handlers for subscription lifecycle events 
no-issue

We will need these to keep our metadata in sync with stripe
 2019-10-09 10:46:55 +07:00
Fabien O'Carroll
6806505a4c Updated stripe to store and retrieve from metadata 
no-issue

This means that we will not have to make api requests to find out the
customers subscriptions
 2019-10-09 10:46:55 +07:00
Fabien O'Carroll
d11a0db726 Refactored some private methods for stripe 
no-issue

This is to expose a clearer contract with the outside world
 2019-10-09 10:46:55 +07:00
Fabien O'Carroll
e6c8f77d4e Removed cookie based caching 
no-issue

This was just a temporary stopgap. The correct solution is to cache in the backend
 2019-10-09 10:46:55 +07:00
Renovate Bot
baee3ad0ac Update dependency @types/node to v12.7.11 2019-10-08 18:19:58 +07:00
Renovate Bot
56c892e7ed Update dependency @types/cookies to v0.7.4 2019-10-08 14:34:19 +07:00
Fabien O'Carroll
3d7c28a7f9 Published new versions 
- @tryghost/members-api@0.7.7
 2019-10-06 21:19:23 +07:00
Fabien O'Carroll
d6cb2ca796 Defaulted allowSelfSignup to true 
no-issue

This is to keep backwards compatibility
 2019-10-06 21:18:09 +07:00
Fabien O'Carroll
1208b41b9f Added allowSelfSignup options to auth config 
no-issue

This flag is used to allow the sendMagicLink middleware to send an email
to members which do not yet exist. When this flag is set to false, the
only way to create members, would be via the stripe webook, or via the
`create` method exposed on the `members` object
 2019-10-06 21:18:09 +07:00
Fabien O'Carroll
a643b3ff1f Sent "signup" emails when member created via stripe 
no-issue

This is the correct email to send, as they are a new member
 2019-10-06 21:18:09 +07:00
Fabien O'Carroll
355dd8b501 Corrected logic to send signin/signup emails 
no-issue

This ensures that existing members recieve "signin" emails and new
members recieve "signup" (or "subscribe") emails
 2019-10-06 21:18:09 +07:00
Fabien O'Carroll
3550452cd5 Published new versions 
- @tryghost/members-api@0.7.6
 2019-10-03 17:23:21 +07:00
Fabien O'Carroll
dd566b3d29 Added support for custome success/cancel urls 
no-issue

This will allow clients to customise where they are redirecting to after
the stripe checkout session is exited.
 2019-10-03 17:22:29 +07:00
Fabien O'Carroll
88832fa923 Published new versions 
- @tryghost/members-api@0.7.5
 - @tryghost/members-ssr@0.6.0
 2019-10-02 18:21:10 +07:00
Fabien O'Carroll
d02bab7ea8 Made sure we throw an error for invalid session 
no-issue
 2019-10-02 18:19:39 +07:00
Fabien O'Carroll
a6adfdd92c Protected against missing member for id token 
no-issue

If a cookie still exists after a member has been deleted we can have
some strange requests, this just ensures that we check for existence.
 2019-10-02 18:19:39 +07:00
Fabien O'Carroll
af25cfb619 Added interval, currency and last4 to stripe data 
no-issue

This is attached to each "stripe item" belonging to a member
 2019-10-02 18:19:39 +07:00
Fabien O'Carroll
3861bf253c Added options to stripe retrieve request 
no-issue

This will allow us to expand sub objects when talking to stripe
 2019-10-02 18:19:39 +07:00
Fabien O'Carroll
17a141f271 Published new versions 
- @tryghost/members-api@0.7.4
 2019-10-02 15:16:32 +07:00
Fabien O'Carroll
018471c07c Fixed usage of updateMember to use id correctly 
no-issue
 2019-10-02 15:15:20 +07:00
Fabien O'Carroll
e54b61297c Published new versions 
- @tryghost/members-api@0.7.3
 2019-10-02 15:06:10 +07:00
Fabien O'Carroll
071a54be7d Called cancelAllSubscriptions when destroying member 
no-issue
 2019-10-02 15:05:12 +07:00
Fabien O'Carroll
6fe46a79f3 Added cancelAllSubscriptions method 
no-issue

This gets all subscriptions, filters out ones which have already been
cancelled and cancels the rest
 2019-10-02 15:05:12 +07:00
Fabien O'Carroll
18aeed905a Refactored getActiveSubscriptions to getSubscriptions 
no-issue
 2019-10-02 15:05:12 +07:00
Fabien O'Carroll
ea5503f58d Published new versions 
- @tryghost/members-api@0.7.2
 2019-10-02 13:52:10 +07:00
Fabien O'Carroll
561493bfb2 Added debugs and improved getCustomer handling 
no-issue

This adds more debugs so we can follow what's happening and also adds
better handing for failures when getting a customer from stripe
 2019-10-02 13:47:37 +07:00
Fabien O'Carroll
1c3e563ad7 Improved logging for members-api 
no-issue

This allows the logger to be passed in, and configures stripe to have access to it
 2019-10-02 13:47:37 +07:00
Fabien O'Carroll
80f1155590 Ensured we do not create multiple webhooks on boot 
no-issue

This updates the initialisation logic to fetch all webhooks (we use
limit: 100, and there are currently a max of 16 webhooks in stripe) and
find one with the corrct url. Once found, delete that webhook. We then
attempt to create a new one, and log out any errors (this is to allow
for local development, creating a webhook with a local url is expected
to fail)
 2019-10-02 13:47:37 +07:00
Fabien O'Carroll
48cb8d14da Wrapped getCustomer in try catch 
no-issue

This protects against live/test mode poisoned databases
 2019-10-02 13:47:37 +07:00
Fabien O'Carroll
d1b29fd0b7 Added list and update stripe requests 
no-issue

These will be used for listing and updating webhooks on configuration
 2019-10-02 13:47:37 +07:00
Fabien O'Carroll
11a5a9ac69 Published new versions 
- @tryghost/members-api@0.7.1
 2019-10-01 17:48:31 +07:00
Fabien O'Carroll
0b5a70dcf4 Added default options param for users#create 
no-issue

This allows create to have an optional second parameter, so that it
doesn't error when called with just data.
 2019-10-01 17:42:22 +07:00
Fabien O'Carroll
d85ea20ad2 Published new versions 
- @tryghost/magic-link@0.2.0
 - @tryghost/members-api@0.7.0
 2019-10-01 14:47:27 +07:00
Fabien O'Carroll
ece58fe9fd Pass through getText and getHTML function from mail 
no-issue

This will allow consumers of this module to customise the content of emails
 2019-10-01 14:46:17 +07:00
Fabien O'Carroll
b852de95c8 Updated members-api to pass the emailType to magic-link 
no-issue

This will allow requests to send the correct email
 2019-10-01 14:46:17 +07:00
Fabien O'Carroll
d2634c7c7b Added type param to content generation functions 
no-issue

This will allow conditional logic based on the type passed to sending the magic-link
 2019-10-01 14:46:17 +07:00
Fabien O'Carroll
5170c7c1d4 Published new versions 
- @tryghost/magic-link@0.1.4
 - @tryghost/members-api@0.6.2
 - @tryghost/members-ssr@0.5.2
 2019-10-01 11:21:07 +07:00
Fabien O'Carroll
8422a2f28d Fixed signature for listMembers call 
no-issue
 2019-10-01 11:02:54 +07:00
Fabien O'Carroll
957a0df658 Ensured falsy values not returned from cache cookie 
no-issue
 2019-09-30 12:10:29 +07:00
Fabien O'Carroll
ab4493db5f Ensured falsy values are not set as cookies 
no-issue
 2019-09-30 12:10:29 +07:00
Renovate Bot
0a0caca573 Update dependency @types/node to v12.7.8 2019-09-30 11:20:50 +07:00
Renovate Bot
f404e2bd1a Update dependency @types/cookies to v0.7.3 2019-09-30 02:32:14 +00:00
Renovate Bot
ab023e1df9 Update Test & linting packages 2019-09-30 01:35:30 +00:00
Fabien O'Carroll
f966907c78 Published new versions 
- @tryghost/members-api@0.6.1
 2019-09-26 17:14:08 +07:00
Fabien O'Carroll
530390124b Added flag to create member for sending email 
no-issue

This allows us to give more functionality to consumers, with a smaller
API (rather than exposing the methods for sending a magic-link email)
 2019-09-26 17:11:17 +07:00
Fabien O'Carroll
ff0dc6a168 Published new versions 
- @tryghost/magic-link@0.1.3
 - @tryghost/members-api@0.6.0
 - @tryghost/members-ssr@0.5.1
 2019-09-25 17:13:00 +07:00
Fabien O'Carroll
acf01e9065 Updated members-api to export POJO 
no-issue

Previously members-api exported a pre configured express router with the
paths and handlers defined. This did not allow for much control from the
parent application. This replaces this pattern by exposing middlewares,
which the parent application can mount where it sees fit.
 2019-09-25 16:53:08 +07:00
Fabien O'Carroll
d67ad13057 Updated handler for checkout to not require member 
no-issue

This will allow the flow to start from the frontend.
 2019-09-25 16:53:08 +07:00
Fabien O'Carroll
f7630ec05b Updated createCheckoutSession to work w/o member 
no-issue

This will allow us to do a payment first flow, in which a payment is
taken, before creating a member
 2019-09-25 16:53:08 +07:00
Fabien O'Carroll
0527304376 Updated stripe to setAppInfo and apiVersion 
no-issue
 2019-09-25 11:35:58 +07:00
Fabien O'Carroll
6722d3bc8a Ensured member is not linked to customer twice 
no-issue

Edge case but easy to solve - so we dun it
 2019-09-25 11:20:02 +07:00
Fabien O'Carroll
db42b35e9f Added handler for checkout.session.completed 
no-issue

This will link the customer from the checkout session to the member with
the same email
 2019-09-25 11:20:02 +07:00
Fabien O'Carroll
ed4dfd8d54 Updated users module to use getActiveSubscriptions 
no-issue

This offloads some stripe specific logic into the stripe module
 2019-09-25 11:20:02 +07:00
Fabien O'Carroll
314fd6a540 Added method for getting active subscriptions 
no-issue
 2019-09-25 11:20:02 +07:00
Fabien O'Carroll
a92d5f064b Added method for getting stripe customer for member 
no-issue

This finds the first active customer that is linked to the member, and
created and links a new customer if a viable one does not exist.
 2019-09-25 11:20:02 +07:00
Fabien O'Carroll
69abbc6fa2 Added method for linking customer to member 
no-issue

Uses the metadata storage passed into stripe
 2019-09-25 11:20:02 +07:00
Fabien O'Carroll
9beb496bd1 Passed in metadata getter/setter to stripe 
no-issue

This will be used to store information such as customer id
 2019-09-25 11:20:02 +07:00
Fabien O'Carroll
644fd71d4f Removed unused getPublicConfig method from stripe 
no-issue

Don't use it you lose it!
 2019-09-25 11:20:02 +07:00
Fabien O'Carroll
373f67a117 Added getCustomer method to stripe 
no-issue

This uses the stripeRequests module directly since the customers api was
removed.
 2019-09-25 11:20:02 +07:00
Fabien O'Carroll
2849c647d6 Added parseWebhook method to stripe 
no-issue

This uses the webhook secret and stripe module to validate the signature
and parse the body into an object
 2019-09-25 11:20:02 +07:00
Fabien O'Carroll
343fcecfff Updated stripe to create webhook on boot configure 
no-issue

This will allow us to a) have an endpoint to receive webhooks and b) get
hold of the webhook secret to validate the signature.
 2019-09-25 11:20:02 +07:00