refs https://github.com/TryGhost/Team/issues/1149
Ghost allows different themes to have the same `name` value in `package.json` but gives them a custom name based on the zip file used to upload it. The custom theme settings service however was always using the package.json name meaning that when syncing a theme with a duplicate name it was overwriting the settings for all other themes.
- bumped `@tryghost/custom-theme-settings-service` which changes the `.activateTheme()` signature to accept a theme name as the first argument
- updated our calls to `.activateTheme()` to pass Ghost's known theme name as the first argument so we're always syncing with the correct `theme` field value in the `custom_theme_settings` table
no-issue
We were only updating the Offer description if it was truthy - rather
than if it existing, this resulting in empty strings or null not working
correctly.
refs https://github.com/TryGhost/Team/issues/1132
This adds redemption_count to the Offers API so that we can display how
many times an Offer has been used. This also adds the storage mechanism
for Offer Redemptions - which ensure that everytime a Checkout Session
is completed - we will create the Offer Redemption in the database.
This means that manual usage of the underlying will not count toward the
Offer redemption count, this is considered an edge case.
refs https://github.com/TryGhost/Team/issues/1156
When a payment fails but Stripe Checkout succeeds, a subscription is
created in the "incomplete" status. This would result in a Member not
being linked to the Product. When the subscription was later updated to
"active" or trialing - the Product would still not be added!
This updates the members-api to always link the Product to the Member
for active subscriptions - regardless of if they're new or not.
- we have the `@tryghost/logging` library to manage logging across all
our code
- this package is intended to be a singleton, otherwise we have multiple
versions of logging loaded
- we sometimes have problems where dependencies also use
`@tryghost/logging` but Ghost's yarn.lock is not regenerated to update
this
- this means we have multiple versions of `@tryghost/logging` running
- this commit updates the dependency @tryghost/update-check-service to
v0.2.4 to clean up the yarn.lock of multiple versions
no issue
- right now, we mount all API endpoints (v2, v3 and canary), alongside some
other routes, when Ghost is booting. This is wasteful because we don't
necessarily need any of the endpoints to get Ghost up and running
- even when Admin is used, it uses `canary` so `v2` and `v3` sit in memory
- the better approach here is to lazy load these endpoints, so they only
get mounted when needed
- this commit adds the `lazyUse` function into our Express lib,
which takes a mount path and a module function to execute down the
line. This gets passed to the wonderful `express-lazy-router` lib which
detects when we're calling an unmounted module and will mount it for
us
- from local testing, this speeds up boot time by about 18% and reduces
initial memory usage by about 6% 🚀
no-issue
An update in the MembersAPI meant that coupons were not correctly being
passed to Stripe Checkout. This bump contains the fix to ensure they
are.
refs https://github.com/TryGhost/Team/issues/1133
This updates the MembersAPI Checkout Session handling to 403 if an
attempt is made to create a Checkout Session using an archived Offer.
no-issue
The MembersAPI using the OfferRepository coupled it to the internals of
the Offers Module - instead we pass the "external" API - so that we can
change the internals, and not have to update the MembersAPI's usage.
refs https://github.com/TryGhost/Team/issues/1131
This will allow Ghost Admin to display separate lists of active and
archived Offers! We must pass the options through so that the
OffersService is able to handle the filter passed in the request.
refs https://github.com/TryGhost/Team/issues/1131
This updates the Offers Service to include the `status` of an Offer,
which will be either 'active' or 'archived'. It also allows setting the
`status` of an Offer to one of these two values when adding & editing
Offers.
no issue
Boot-time metrics are really valuable for understanding how releases affect the performance of Ghost. The new @tryghost/metrics package lets us ship these metrics to different sources using the same configuration framework as @tryghost/logging introduced.
closes https://linear.app/tryghost/issue/CORE-91/add-email-analytics-job-unstalling-mechanism
- Additional debug stagements should give better visibility into what's going on with the internal services fetching email events.
- To see all email analytics related outputs use following DEBUG value:
DEBUG=@tryghost/email-analytics-provider-mailgun:email-analytics*
refs https://github.com/TryGhost/Team/issues/1104
- bumped `@tryghost/custom-theme-settings-service` so it throws a more appropriate `ValidationError` when setting keys don't exist or a select value is not known
- changed the custom theme settings service to have a `.init()` method which creates an instance of the service under `.api` so that we're able to create the instance at a particular point in the boot process when we know the models have been initialised
- there were problems in tests because the service was being initialised through the require chain before models were initialised through the boot process
- fixed incorrect `camelCase` of resource name in API responses
refs 838fe54628
- see referenced commit for majority of context but in short,
knex-migrator was doing a DB query per migration folder
- in Ghost, we currently have 79 folders, which results in 79
queries during boot... owch
- the bump to knex-migrator in this commit uses a smarter method of
grouping together the DB entries in 1 query, resulting in a drop of 79
queries -> 1 query
refs https://github.com/TryGhost/Team/issues/1083
This field is not required but was previously causing API errors when
missing, the bump to members-offers removes this requirement.
refs https://github.com/TryGhost/Team/issues/1083
Offers with a "repeating" duration will repeat for a number of months.
These offers are restricted to the monthly Cadence. This updates the
members-offers module to add support for them.
refs https://github.com/TryGhost/Team/issues/1083
The @tryghost/members-offers package has been updated to add support for
more Offer durations and types
Co-authored-by: Renovate Bot <bot@renovateapp.com>
refs https://github.com/TryGhost/Team/issues/1090
This updates the Members & Offers modules to provide support for using
Offers in Stripe Checkout.
Members module now needs a handle to the Offers module repository, and
as such we have had to reorder the services boot order.
- some tests are necessarily driven from the db
- these are like unit tests, except they only make sense if using the db - else you have to stub too much to make them worthwhile
- for these rare but important cases, we have the clear concept of integration tests
- We have a bunch of important server-related e2e tests
- Make these clear in their own folder
- "server" is everything that isn't the api or the frontend - kind of a catch-all concept
refs https://github.com/TryGhost/Team/issues/1083
This adds the Offers service which will allow us to build out an Admin
API to communicate with it. As well as wiring up the redirects to the
site app.
refs https://github.com/TryGhost/Team/issues/1083
The Offers service is going to need access to the StripeAPIService too,
so we need to move it out of the @tryghost/members-api module and make
it accessible to both.
no issue
- bumped `@tryghost/custom-theme-settings-service`
- fixes errors when a previously seen theme setting has been removed from the theme when syncing
- fixes settings for non-active theme being deleted/updated instead of just settings for the current theme
refs https://github.com/TryGhost/Team/issues/1075
This includes changes to how we handle upgrading subscriptions to ensure
that members are immediately charged for upgrades. This fixes a flaw
where upgrading would not be charged until the end of the current
billing cycle, essentially giving free upgraded access for a period of
time.
refs https://github.com/TryGhost/Team/issues/1070
- bumped `@tryghost/custom-theme-settings-service` for access to `.updateSettings()`
- added `PUT /custom_theme_settings` route that delegates to `customThemeSettingsService.updateSettings()` to perform the db and cache updates
- invalidates the cache in Ghost because a theme setting change will mean the front-end output will change
refs https://forum.ghost.org/t/un-noticed-email-config-change-in-4-15-16/25869/6
refs https://linear.app/tryghost/issue/CORE-66/fixed-secureconnection-alias-for-nodemailer
- `secureConnection` was removed in Nodemailer 1.0.2 in favor of
`secure` but we're locked into supporting it because a lot of
our users will have it in their config
- I attempted to alias it to keep compatibility but I did this
incorrectly and only handled the cases where it was set to `true`
- this meant users who had disabled secure connections were seeing SSL
warnings because the library was trying to connect via SSL to a
non-SSL endpoint
- the aliasing is fixed in `@tryghost/nodemailer` 0.3.3 and so this
commit bumps the package in Ghost
refs https://github.com/TryGhost/Team/issues/1090
This updates the members-api to allow passing an Offer ID when creating
a Stripe Checkout Session. This will be used for the 1-day version of
Offers.
refs https://github.com/TryGhost/Team/issues/1070
- bumped `@tryghost/custom-theme-settings-service` to get access to `.listSettings()` method
- added GET `/api/canary/admin/theme_settings/` route behind `'customThemeSettings'` feature flag that uses the custom theme settings service to return settings resources that are a combination of the theme-provided definition and the saved value
refs https://github.com/TryGhost/Team/issues/1070
- added `@tryghost/custom-theme-settings-service` as a dependency
- `core/server/services/custom-theme-settings` creates an instance of the new service passing in the model used for storing the setting keys/values and a cache instance
- requiring `core/shared/services/custom-theme-settings-cache` creates a cache instance, it has no dependencies so can be required anywhere and the first require will initialize the shared instance
- updated the theme activation bridge to trigger the theme settings service to sync the newly activated theme settings and populate the cache
- updated theme validation to pass `labs` through as an option so that we get custom theme settings back as part of the checked theme as that's what is passed to the custom theme settings service
refs https://github.com/TryGhost/Ghost/commit/944c2cc9af
The original fix for this happened off of `main` on a separate branch for
v4.15.1 - the same was the case for the @tryghost/members-api package.
Because work happened on both packages in `main`, since the versions
that were patched, we needed to rebump the dependency here to include
the changes.
refs https://github.com/TryGhost/Ghost/security/advisories/GHSA-65p7-pjj8-ggmr
This updates the signup/signin flow for members to no longer support the
email address change flow - which had missing authentication. It has
been replaced with a dedicated email change flow, and Portal has been
updated to use it.
fixes https://linear.app/tryghost/issue/CORE-45/
- this commit fixes two email related issues:
- SES transport: the auth mechanism was set up wrong and so none of
the requests would go through. This now follows the docs on https://nodemailer.com/transports/ses/
- SMTP transport: the latest versions of Nodemailer don't seem to
allow overriding of options if a service is present. I've filed
https://github.com/nodemailer/nodemailer/issues/1327 but in the
mean time, I assign the options back to the transporter object
to ensure they always get applied
- I've fixed this in our `@trghost/nodemailer` package and so this commit
bumps that here
fixes https://linear.app/tryghost/issue/CORE-45/
- this commit fixes two email related issues:
- SES transport: the auth mechanism was set up wrong and so none of
the requests would go through. This now follows the docs on https://nodemailer.com/transports/ses/
- SMTP transport: the latest versions of Nodemailer don't seem to
allow overriding of options if a service is present. I've filed
https://github.com/nodemailer/nodemailer/issues/1327 but in the
mean time, I assign the options back to the transporter object
to ensure they always get applied
- I've fixed this in our `@trghost/nodemailer` package and so this commit
bumps that here
refs https://github.com/TryGhost/Ghost/security/advisories/GHSA-wfrj-qqc2-83cm
refs https://github.com/advisories/GHSA-48ww-j4fc-435p
- a vulnerability in `nodemailer` means that the `sendmail` transport is
vulnerable to command injection for flags passed to the `sendmail`
binary
- updating to the latest version of Nodemailer required creating
`@tryghost/nodemailer`, which is a wrapper around Nodemailer and
several plugins that used to be in the core
- this commit switches to using that package, and fixes up some small
code + test changes
no issue
- this package has been bumped to support Node 12 + 14
- AFAICT I added it to the Renovate list back when we had some timezone
issues with moment, but we've since pinned the version of moment so we
shouldn't experience that now
- therefore this commit also removes it from the Renovate ignore list
no-issue
The webhook handler did not correctly check for whether or not Stripe
was connected, and would attempt to handle webhooks anyway, resulting in
errors due to missing Stripe config. This fixes the handler to exit
early.
refs https://github.com/TryGhost/Team/issues/1006
The @tryghost/members-api module has been updated to remove webhooks
from Stripe when disconnecting. This will ensure that we do not leave
around old/invalid webhooks that will not be handled and generate
errors.
refs https://github.com/TryGhost/Team/issues/1006
Moving the logic of disconnecting Stripe into the members-api module
decouples the Ghost API from the Members API internals. This method can
now be updated independently of Ghost, to implement the deletion of
webhooks from Stripe.
refs https://github.com/TryGhost/Team/issues/995
Since we reintroduced the comped status, we did not update the
subscription handling to correctly set members to a status of comped
when they were on a 'Complimentary' plan. This meant that 'comped' members
had a status of 'paid'. The changes to @tryghost/members-api ensure that
handling subscriptions going forward will not result in this error.
Since we handle the Complimentary plan correctly now, we do not need to
manually check for the existence of one, we can instead rely on the
status to set the `comped` flag.
no-issue
The ProductRepository changed to require the options parameter which is
not passed when created complimentary subscriptions. This updates the
code to no longer require the options parameter and instead provide a
default.
no-issue
The ProductRepository changed to require the options parameter which is
not passed when created complimentary subscriptions. This updates the
code to no longer require the options parameter and instead provide a
default.
no-issue
When updating products we make many reads and writes to the database,
some of these reads were not happening inside of a transaction which was
causing issues when loading the members setting page. This bumps the
@tryghost/members-api dependency to ensure that all of the database
operations happen inside of the transaction
closes https://github.com/TryGhost/Team/issues/860
refs 5405b6ca7c
- The slow test was running slow because it's not a "unit test" it is testing much more. Moved it to a correct suite - regression which simplified the logic a lot (no need to mock db calls).
- Brought back the 2000ms limit as the bottleneck has been solved
refs https://github.com/TryGhost/Team/issues/860
- Lifting it slightly just so the timeout doesn't waste team's time on false-positive failures. A follow up commit should put the threshold back to the original value and solve the slow test
refs https://github.com/TryGhost/Team/issues/892
- When a published email-only post is edited on the client it sends through a "sent" status over to the backend over PUT endpoint. It's a valid new status that should be accepted by the validation