OpenSourceArk/Ghost
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
e920888832
Ghost/ghost/verification-trigger/lib/VerificationTrigger.js

223 lines
8.9 KiB
JavaScript
Raw Normal View History

Added email verification trigger package refs: https://github.com/TryGhost/Toolbox/issues/166 New package handles the email verification workflow to prevent spammers. It currently handles MembersSubscribeEvent to detect potential abuse of the API to add members, and exposes methods for checking the threshold / starting the verification process for use by other areas of the code (at the moment - just member imports). The import package no longer needs to handle anything related to verification since it can be handled in the wrapper function in Ghost, and the API package doesn't need to do anything other than dispatch the new event.
2022-01-27 13:57:51 +03:00
const errors = require('@tryghost/errors');
Add API verification trigger with new filter no issue Previous API verification trigger didn't work because the way filters work also changed. Re-implemented with a new filter.
2022-02-03 18:02:33 +03:00
const DomainEvents = require('@tryghost/domain-events');
Swapped member limit verification trigger event closes https://github.com/TryGhost/Toolbox/issues/399 - The MemberCreatedEvent event is more accurate representation of the limit nature - counting the number of members created. The previous MemberSubscribeEvent was slightly hacky solution because a member could be subscribed/unsubscribed multiple times and distorting the limit counts.
2022-10-06 08:50:27 +03:00
const {MemberCreatedEvent} = require('@tryghost/member-events');
Added email verification trigger package refs: https://github.com/TryGhost/Toolbox/issues/166 New package handles the email verification workflow to prevent spammers. It currently handles MembersSubscribeEvent to detect potential abuse of the API to add members, and exposes methods for checking the threshold / starting the verification process for use by other areas of the code (at the moment - just member imports). The import package no longer needs to handle anything related to verification since it can be handled in the wrapper function in Ghost, and the API package doesn't need to do anything other than dispatch the new event.
2022-01-27 13:57:51 +03:00
const messages = {
Improved verification email copy refs https://github.com/TryGhost/Toolbox/issues/387 - Copy improvement afte a review
2022-08-29 07:18:46 +03:00
emailVerificationNeeded: `We're hard at work processing your import. To make sure you get great deliverability, we'll need to enable some extra features for your account. A member of our team will be in touch with you by email to review your account make sure everything is configured correctly so you're ready to go.`,
Added email verification trigger package refs: https://github.com/TryGhost/Toolbox/issues/166 New package handles the email verification workflow to prevent spammers. It currently handles MembersSubscribeEvent to detect potential abuse of the API to add members, and exposes methods for checking the threshold / starting the verification process for use by other areas of the code (at the moment - just member imports). The import package no longer needs to handle anything related to verification since it can be handled in the wrapper function in Ghost, and the API package doesn't need to do anything other than dispatch the new event.
2022-01-27 13:57:51 +03:00
emailVerificationEmailSubject: `Email needs verification`,
Renamed trigger amount variable refs https://github.com/TryGhost/Toolbox/issues/387 - Similar reasoning as to previous renames - the variables were named with a single trigger source in mind and now would be confusing with multiple verification trigger sources.
2022-08-25 05:43:46 +03:00
emailVerificationEmailMessageImport: `Email verification needed for site: {siteUrl}, has imported: {amountTriggered} members in the last 30 days.`,
Added email verification trigger for admin requests refs https://github.com/TryGhost/Toolbox/issues/387 - When members are added through the Admin client they have to be a part of instance validation process to prevent service misuse.
2022-08-25 09:26:26 +03:00
emailVerificationEmailMessageAdmin: `Email verification needed for site: {siteUrl} has added: {amountTriggered} members through the Admin client in the last 30 days.`,
Renamed trigger amount variable refs https://github.com/TryGhost/Toolbox/issues/387 - Similar reasoning as to previous renames - the variables were named with a single trigger source in mind and now would be confusing with multiple verification trigger sources.
2022-08-25 05:43:46 +03:00
emailVerificationEmailMessageAPI: `Email verification needed for site: {siteUrl} has added: {amountTriggered} members through the API in the last 30 days.`
Added email verification trigger package refs: https://github.com/TryGhost/Toolbox/issues/166 New package handles the email verification workflow to prevent spammers. It currently handles MembersSubscribeEvent to detect potential abuse of the API to add members, and exposes methods for checking the threshold / starting the verification process for use by other areas of the code (at the moment - just member imports). The import package no longer needs to handle anything related to verification since it can be handled in the wrapper function in Ghost, and the API package doesn't need to do anything other than dispatch the new event.
2022-01-27 13:57:51 +03:00
};
class VerificationTrigger {
/**
Verification trigger: Wrap values in NQL in single quotes no issue
2022-02-04 14:54:48 +03:00
*
Added email verification trigger package refs: https://github.com/TryGhost/Toolbox/issues/166 New package handles the email verification workflow to prevent spammers. It currently handles MembersSubscribeEvent to detect potential abuse of the API to add members, and exposes methods for checking the threshold / starting the verification process for use by other areas of the code (at the moment - just member imports). The import package no longer needs to handle anything related to verification since it can be handled in the wrapper function in Ghost, and the API package doesn't need to do anything other than dispatch the new event.
2022-01-27 13:57:51 +03:00
* @param {object} deps
Improved email verification required checks (#16060) fixes https://github.com/TryGhost/Team/issues/2366 refs https://ghost.slack.com/archives/C02G9E68C/p1670232405014209 Probem described in issue. In the old MEGA flow: - The `email_verification_required` check is now repeated inside the job In the new email service flow: - The `email_verification_required` is now checked (didn't happen before) - When generating the email batch recipients, we only include members that were created before the email was created. That way it is impossible to avoid limit checks by inserting new members between creating an email and sending an email. - We don't need to repeat the check inside the job because of the above changes Improved handling of large imports: - When checking `email_verification_required`, we now also check if the import threshold is reached (a new method is introduced in vertificationTrigger specifically for this usage). If it is, we start the verification progress. This is required for long running imports that only check the verification threshold at the very end. - This change increases the concurrency of fastq to 3 (refs https://ghost.slack.com/archives/C02G9E68C/p1670232405014209). So when running a long import, it is now possible to send emails without having to wait for the import. Above change makes sure it is not possible to get around the verification limits. Refactoring: - Removed the need to use `updateVerificationTrigger` by making thresholds getters instead of fixed variables. - Improved awaiting of members import job in regression test
2023-01-04 13:22:12 +03:00
* @param {() => number} deps.getApiTriggerThreshold Threshold for triggering API&Import sourced verifications
* @param {() => number} deps.getAdminTriggerThreshold Threshold for triggering Admin sourced verifications
* @param {() => number} deps.getImportTriggerThreshold Threshold for triggering Import sourced verifications
Added email verification trigger package refs: https://github.com/TryGhost/Toolbox/issues/166 New package handles the email verification workflow to prevent spammers. It currently handles MembersSubscribeEvent to detect potential abuse of the API to add members, and exposes methods for checking the threshold / starting the verification process for use by other areas of the code (at the moment - just member imports). The import package no longer needs to handle anything related to verification since it can be handled in the wrapper function in Ghost, and the API package doesn't need to do anything other than dispatch the new event.
2022-01-27 13:57:51 +03:00
* @param {() => boolean} deps.isVerified Check Ghost config to see if we are already verified
* @param {() => boolean} deps.isVerificationRequired Check Ghost settings to see whether verification has been requested
Removed getCreatedEvents and added verification trigger test (#15832) refs https://github.com/TryGhost/Team/issues/2266 This removes the deprecated `getCreatedEvents` method in the event repository and adds tests to the verification trigger to see if we don't break anything. Changes extracted from https://github.com/TryGhost/Ghost/pull/15831
2022-11-18 17:05:15 +03:00
* @param {(content: {subject: string, message: string, amountTriggered: number}) => Promise<void>} deps.sendVerificationEmail Sends an email to the escalation address to confirm that customer needs to be verified
Added email verification trigger package refs: https://github.com/TryGhost/Toolbox/issues/166 New package handles the email verification workflow to prevent spammers. It currently handles MembersSubscribeEvent to detect potential abuse of the API to add members, and exposes methods for checking the threshold / starting the verification process for use by other areas of the code (at the moment - just member imports). The import package no longer needs to handle anything related to verification since it can be handled in the wrapper function in Ghost, and the API package doesn't need to do anything other than dispatch the new event.
2022-01-27 13:57:51 +03:00
* @param {any} deps.Settings Ghost Settings model
* @param {any} deps.eventRepository For querying events
*/
constructor({
Improved email verification required checks (#16060) fixes https://github.com/TryGhost/Team/issues/2366 refs https://ghost.slack.com/archives/C02G9E68C/p1670232405014209 Probem described in issue. In the old MEGA flow: - The `email_verification_required` check is now repeated inside the job In the new email service flow: - The `email_verification_required` is now checked (didn't happen before) - When generating the email batch recipients, we only include members that were created before the email was created. That way it is impossible to avoid limit checks by inserting new members between creating an email and sending an email. - We don't need to repeat the check inside the job because of the above changes Improved handling of large imports: - When checking `email_verification_required`, we now also check if the import threshold is reached (a new method is introduced in vertificationTrigger specifically for this usage). If it is, we start the verification progress. This is required for long running imports that only check the verification threshold at the very end. - This change increases the concurrency of fastq to 3 (refs https://ghost.slack.com/archives/C02G9E68C/p1670232405014209). So when running a long import, it is now possible to send emails without having to wait for the import. Above change makes sure it is not possible to get around the verification limits. Refactoring: - Removed the need to use `updateVerificationTrigger` by making thresholds getters instead of fixed variables. - Improved awaiting of members import job in regression test
2023-01-04 13:22:12 +03:00
getApiTriggerThreshold,
getAdminTriggerThreshold,
getImportTriggerThreshold,
Added email verification trigger package refs: https://github.com/TryGhost/Toolbox/issues/166 New package handles the email verification workflow to prevent spammers. It currently handles MembersSubscribeEvent to detect potential abuse of the API to add members, and exposes methods for checking the threshold / starting the verification process for use by other areas of the code (at the moment - just member imports). The import package no longer needs to handle anything related to verification since it can be handled in the wrapper function in Ghost, and the API package doesn't need to do anything other than dispatch the new event.
2022-01-27 13:57:51 +03:00
isVerified,
isVerificationRequired,
sendVerificationEmail,
Settings,
eventRepository
}) {
Improved email verification required checks (#16060) fixes https://github.com/TryGhost/Team/issues/2366 refs https://ghost.slack.com/archives/C02G9E68C/p1670232405014209 Probem described in issue. In the old MEGA flow: - The `email_verification_required` check is now repeated inside the job In the new email service flow: - The `email_verification_required` is now checked (didn't happen before) - When generating the email batch recipients, we only include members that were created before the email was created. That way it is impossible to avoid limit checks by inserting new members between creating an email and sending an email. - We don't need to repeat the check inside the job because of the above changes Improved handling of large imports: - When checking `email_verification_required`, we now also check if the import threshold is reached (a new method is introduced in vertificationTrigger specifically for this usage). If it is, we start the verification progress. This is required for long running imports that only check the verification threshold at the very end. - This change increases the concurrency of fastq to 3 (refs https://ghost.slack.com/archives/C02G9E68C/p1670232405014209). So when running a long import, it is now possible to send emails without having to wait for the import. Above change makes sure it is not possible to get around the verification limits. Refactoring: - Removed the need to use `updateVerificationTrigger` by making thresholds getters instead of fixed variables. - Improved awaiting of members import job in regression test
2023-01-04 13:22:12 +03:00
this._getApiTriggerThreshold = getApiTriggerThreshold;
this._getAdminTriggerThreshold = getAdminTriggerThreshold;
this._getImportTriggerThreshold = getImportTriggerThreshold;
Added email verification trigger package refs: https://github.com/TryGhost/Toolbox/issues/166 New package handles the email verification workflow to prevent spammers. It currently handles MembersSubscribeEvent to detect potential abuse of the API to add members, and exposes methods for checking the threshold / starting the verification process for use by other areas of the code (at the moment - just member imports). The import package no longer needs to handle anything related to verification since it can be handled in the wrapper function in Ghost, and the API package doesn't need to do anything other than dispatch the new event.
2022-01-27 13:57:51 +03:00
this._isVerified = isVerified;
this._isVerificationRequired = isVerificationRequired;
this._sendVerificationEmail = sendVerificationEmail;
this._Settings = Settings;
this._eventRepository = eventRepository;
Add API verification trigger with new filter no issue Previous API verification trigger didn't work because the way filters work also changed. Re-implemented with a new filter.
2022-02-03 18:02:33 +03:00
Swapped member limit verification trigger event closes https://github.com/TryGhost/Toolbox/issues/399 - The MemberCreatedEvent event is more accurate representation of the limit nature - counting the number of members created. The previous MemberSubscribeEvent was slightly hacky solution because a member could be subscribed/unsubscribed multiple times and distorting the limit counts.
2022-10-06 08:50:27 +03:00
this._handleMemberCreatedEvent = this._handleMemberCreatedEvent.bind(this);
DomainEvents.subscribe(MemberCreatedEvent, this._handleMemberCreatedEvent);
Refactored verification trigger constructor refs https://github.com/TryGhost/Toolbox/issues/387 - The constructor should be light initialization logic only. Putting business logic into constructor is quite dirty and not really testable!
2022-08-24 09:06:05 +03:00
}
Add API verification trigger with new filter no issue Previous API verification trigger didn't work because the way filters work also changed. Re-implemented with a new filter.
2022-02-03 18:02:33 +03:00
Improved email verification required checks (#16060) fixes https://github.com/TryGhost/Team/issues/2366 refs https://ghost.slack.com/archives/C02G9E68C/p1670232405014209 Probem described in issue. In the old MEGA flow: - The `email_verification_required` check is now repeated inside the job In the new email service flow: - The `email_verification_required` is now checked (didn't happen before) - When generating the email batch recipients, we only include members that were created before the email was created. That way it is impossible to avoid limit checks by inserting new members between creating an email and sending an email. - We don't need to repeat the check inside the job because of the above changes Improved handling of large imports: - When checking `email_verification_required`, we now also check if the import threshold is reached (a new method is introduced in vertificationTrigger specifically for this usage). If it is, we start the verification progress. This is required for long running imports that only check the verification threshold at the very end. - This change increases the concurrency of fastq to 3 (refs https://ghost.slack.com/archives/C02G9E68C/p1670232405014209). So when running a long import, it is now possible to send emails without having to wait for the import. Above change makes sure it is not possible to get around the verification limits. Refactoring: - Removed the need to use `updateVerificationTrigger` by making thresholds getters instead of fixed variables. - Improved awaiting of members import job in regression test
2023-01-04 13:22:12 +03:00
get _apiTriggerThreshold() {
return this._getApiTriggerThreshold();
}
get _adminTriggerThreshold() {
return this._getAdminTriggerThreshold();
}
get _importTriggerThreshold() {
return this._getImportTriggerThreshold();
}
Added email verification trigger for admin requests refs https://github.com/TryGhost/Toolbox/issues/387 - When members are added through the Admin client they have to be a part of instance validation process to prevent service misuse.
2022-08-25 09:26:26 +03:00
/**
Improved member importer error handling (#15843) refs: https://github.com/TryGhost/Team/issues/1121 - This makes several key changes to the way errors are handled in the member importer, to ensure that we only show error messages to users that we wrote. - Fundamentally, we no longer trust all API errors, and instead only trust a set of very specific API errors. Anything outside of that is replaced with a generic error message. - Also switches the server-side error generated for email verification (which can throw during member import) to be a HostLimitError, as that is a more appropriate class. - Note: there are many other parts of Ghost admin that need a similar overhaul, and a similar change we need to introduce server side to fully resolve the underlying issue of bubbling up code errors to the UI.
2022-11-17 22:41:39 +03:00
*
* @param {MemberCreatedEvent} event
Added email verification trigger for admin requests refs https://github.com/TryGhost/Toolbox/issues/387 - When members are added through the Admin client they have to be a part of instance validation process to prevent service misuse.
2022-08-25 09:26:26 +03:00
*/
Swapped member limit verification trigger event closes https://github.com/TryGhost/Toolbox/issues/399 - The MemberCreatedEvent event is more accurate representation of the limit nature - counting the number of members created. The previous MemberSubscribeEvent was slightly hacky solution because a member could be subscribed/unsubscribed multiple times and distorting the limit counts.
2022-10-06 08:50:27 +03:00
async _handleMemberCreatedEvent(event) {
Refactored member subscribe handler generic refs https://github.com/TryGhost/Toolbox/issues/387 - I'm about to add another event source - "admin". Before doing that made the method more parameter dependent, so it can handle limit triggering logic from multiple source and based on multiple configuration parameters.
2022-08-24 09:23:32 +03:00
const source = event.data?.source;
Added email verification trigger for admin requests refs https://github.com/TryGhost/Toolbox/issues/387 - When members are added through the Admin client they have to be a part of instance validation process to prevent service misuse.
2022-08-25 09:26:26 +03:00
let sourceThreshold;
if (source === 'api') {
sourceThreshold = this._apiTriggerThreshold;
} else if (source === 'admin') {
sourceThreshold = this._adminTriggerThreshold;
}
Refactored member subscribe handler generic refs https://github.com/TryGhost/Toolbox/issues/387 - I'm about to add another event source - "admin". Before doing that made the method more parameter dependent, so it can handle limit triggering logic from multiple source and based on multiple configuration parameters.
2022-08-24 09:23:32 +03:00
Added email verification trigger for admin requests refs https://github.com/TryGhost/Toolbox/issues/387 - When members are added through the Admin client they have to be a part of instance validation process to prevent service misuse.
2022-08-25 09:26:26 +03:00
if (['api', 'admin'].includes(source) && isFinite(sourceThreshold)) {
Refactored verification trigger constructor refs https://github.com/TryGhost/Toolbox/issues/387 - The constructor should be light initialization logic only. Putting business logic into constructor is quite dirty and not really testable!
2022-08-24 09:06:05 +03:00
const createdAt = new Date();
createdAt.setDate(createdAt.getDate() - 30);
Removed getCreatedEvents and added verification trigger test (#15832) refs https://github.com/TryGhost/Team/issues/2266 This removes the deprecated `getCreatedEvents` method in the event repository and adds tests to the verification trigger to see if we don't break anything. Changes extracted from https://github.com/TryGhost/Ghost/pull/15831
2022-11-18 17:05:15 +03:00
const events = await this._eventRepository.getSignupEvents({}, {
Fixed verification trigger usage of Event Repository refs https://github.com/TryGhost/Team/issues/2192 The method signatures of the Event Repository have been updated to take mongo filter objects, but this call-site was not updated. Long term we should really be using NQL filter strings for our filtering API and the mongo filter objects should be an implementation detail, however we don't have time right now to rectify this.
2022-11-01 07:31:49 +03:00
source: source,
created_at: {
$gt: createdAt.toISOString().replace('T', ' ').substring(0, 19)
}
Refactored verification trigger constructor refs https://github.com/TryGhost/Toolbox/issues/387 - The constructor should be light initialization logic only. Putting business logic into constructor is quite dirty and not really testable!
2022-08-24 09:06:05 +03:00
});
Made verification trigger depend on the number of members no issue This change makes the verification trigger behave closer to the original idea. As well as having a threshold to trigger email verification, the trigger should also rely on the number of "organic" / verified members. This means that large publications will not trigger the verification flow when they import members, but spammers / suspicious sites worth verifying will not have the organic member count to allow for larger imports.
2023-03-21 21:00:14 +03:00
const membersTotal = (await this._eventRepository.getSignupEvents({}, {
source: 'member'
})).meta.pagination.total;
if (events.meta.pagination.total > Math.max(sourceThreshold, membersTotal)) {
Renamed verification parameters refs https://github.com/TryGhost/Toolbox/issues/387 - The "amountImported" was to specific to one verification trigger source. There can be multiple sources that start the verification process. - Changed `startVerificationProcess` method signature to reflect it's a private method that's only used internally - exposed for testing purposes only.
2022-08-25 04:47:59 +03:00
await this._startVerificationProcess({
amount: events.meta.pagination.total,
Refactored verification trigger constructor refs https://github.com/TryGhost/Toolbox/issues/387 - The constructor should be light initialization logic only. Putting business logic into constructor is quite dirty and not really testable!
2022-08-24 09:06:05 +03:00
throwOnTrigger: false,
Refactored member subscribe handler generic refs https://github.com/TryGhost/Toolbox/issues/387 - I'm about to add another event source - "admin". Before doing that made the method more parameter dependent, so it can handle limit triggering logic from multiple source and based on multiple configuration parameters.
2022-08-24 09:23:32 +03:00
source: source
Refactored verification trigger constructor refs https://github.com/TryGhost/Toolbox/issues/387 - The constructor should be light initialization logic only. Putting business logic into constructor is quite dirty and not really testable!
2022-08-24 09:06:05 +03:00
});
Add API verification trigger with new filter no issue Previous API verification trigger didn't work because the way filters work also changed. Re-implemented with a new filter.
2022-02-03 18:02:33 +03:00
}
Refactored verification trigger constructor refs https://github.com/TryGhost/Toolbox/issues/387 - The constructor should be light initialization logic only. Putting business logic into constructor is quite dirty and not really testable!
2022-08-24 09:06:05 +03:00
}
Added email verification trigger package refs: https://github.com/TryGhost/Toolbox/issues/166 New package handles the email verification workflow to prevent spammers. It currently handles MembersSubscribeEvent to detect potential abuse of the API to add members, and exposes methods for checking the threshold / starting the verification process for use by other areas of the code (at the moment - just member imports). The import package no longer needs to handle anything related to verification since it can be handled in the wrapper function in Ghost, and the API package doesn't need to do anything other than dispatch the new event.
2022-01-27 13:57:51 +03:00
}
async getImportThreshold() {
Parameterized api sourced verification threshold refs https://github.com/TryGhost/Toolbox/issues/387 - The limit values should be as configurable as possible to adjust verification thresholds dinamically per-usecase. This solves a problem of doing a separate version release when we need to adjust the verification thresholds. - Before this "importThreshold" was the same concept as "apiThreshold", which makes it hard&confusing to reason about and hard to parameterize each specific case.
2022-08-25 12:07:03 +03:00
const volumeThreshold = this._importTriggerThreshold;
Added email verification trigger package refs: https://github.com/TryGhost/Toolbox/issues/166 New package handles the email verification workflow to prevent spammers. It currently handles MembersSubscribeEvent to detect potential abuse of the API to add members, and exposes methods for checking the threshold / starting the verification process for use by other areas of the code (at the moment - just member imports). The import package no longer needs to handle anything related to verification since it can be handled in the wrapper function in Ghost, and the API package doesn't need to do anything other than dispatch the new event.
2022-01-27 13:57:51 +03:00
if (isFinite(volumeThreshold)) {
Made verification trigger depend on the number of members no issue This change makes the verification trigger behave closer to the original idea. As well as having a threshold to trigger email verification, the trigger should also rely on the number of "organic" / verified members. This means that large publications will not trigger the verification flow when they import members, but spammers / suspicious sites worth verifying will not have the organic member count to allow for larger imports.
2023-03-21 21:00:14 +03:00
const membersTotal = (await this._eventRepository.getSignupEvents({}, {
source: 'member'
})).meta.pagination.total;
Added email verification trigger package refs: https://github.com/TryGhost/Toolbox/issues/166 New package handles the email verification workflow to prevent spammers. It currently handles MembersSubscribeEvent to detect potential abuse of the API to add members, and exposes methods for checking the threshold / starting the verification process for use by other areas of the code (at the moment - just member imports). The import package no longer needs to handle anything related to verification since it can be handled in the wrapper function in Ghost, and the API package doesn't need to do anything other than dispatch the new event.
2022-01-27 13:57:51 +03:00
return Math.max(membersTotal, volumeThreshold);
} else {
return volumeThreshold;
}
}
Improved email verification required checks (#16060) fixes https://github.com/TryGhost/Team/issues/2366 refs https://ghost.slack.com/archives/C02G9E68C/p1670232405014209 Probem described in issue. In the old MEGA flow: - The `email_verification_required` check is now repeated inside the job In the new email service flow: - The `email_verification_required` is now checked (didn't happen before) - When generating the email batch recipients, we only include members that were created before the email was created. That way it is impossible to avoid limit checks by inserting new members between creating an email and sending an email. - We don't need to repeat the check inside the job because of the above changes Improved handling of large imports: - When checking `email_verification_required`, we now also check if the import threshold is reached (a new method is introduced in vertificationTrigger specifically for this usage). If it is, we start the verification progress. This is required for long running imports that only check the verification threshold at the very end. - This change increases the concurrency of fastq to 3 (refs https://ghost.slack.com/archives/C02G9E68C/p1670232405014209). So when running a long import, it is now possible to send emails without having to wait for the import. Above change makes sure it is not possible to get around the verification limits. Refactoring: - Removed the need to use `updateVerificationTrigger` by making thresholds getters instead of fixed variables. - Improved awaiting of members import job in regression test
2023-01-04 13:22:12 +03:00
/**
* Returns false if email verification is required to send an email. It also updates the verification check and might activate email verification.
* Use this when sending emails.
*/
async checkVerificationRequired() {
// Check if import threshold is reached (could happen that a long import is in progress and we didn't check the threshold yet)
await this.testImportThreshold();
return this._isVerificationRequired() && !this._isVerified();
}
Email verification for imports based on 30 days of import refs: https://github.com/TryGhost/Toolbox/issues/293 Things needed to create this: * MemberSubscriptionEvent now has an import source * Importer now creates events with this type * Verification trigger logic changed to use 30 day window of imports
2022-04-13 19:35:24 +03:00
async testImportThreshold() {
Parameterized api sourced verification threshold refs https://github.com/TryGhost/Toolbox/issues/387 - The limit values should be as configurable as possible to adjust verification thresholds dinamically per-usecase. This solves a problem of doing a separate version release when we need to adjust the verification thresholds. - Before this "importThreshold" was the same concept as "apiThreshold", which makes it hard&confusing to reason about and hard to parameterize each specific case.
2022-08-25 12:07:03 +03:00
if (!isFinite(this._importTriggerThreshold)) {
Avoided loading newsletter subscription events if threshold is Infinity - if the threshold is Infinity, we shouldn't be loading the newsletter subscription events because we are saying there is no threshold - the code has a quick path to avoid comparing the values, but it still loads the events upfront - this commit moves the quick path up to return earlier - this has the nice side-effect of producing 100% coverage on this package
2022-07-26 12:35:48 +03:00
// Infinite threshold, quick path
return;
}
Improved email verification required checks (#16060) fixes https://github.com/TryGhost/Team/issues/2366 refs https://ghost.slack.com/archives/C02G9E68C/p1670232405014209 Probem described in issue. In the old MEGA flow: - The `email_verification_required` check is now repeated inside the job In the new email service flow: - The `email_verification_required` is now checked (didn't happen before) - When generating the email batch recipients, we only include members that were created before the email was created. That way it is impossible to avoid limit checks by inserting new members between creating an email and sending an email. - We don't need to repeat the check inside the job because of the above changes Improved handling of large imports: - When checking `email_verification_required`, we now also check if the import threshold is reached (a new method is introduced in vertificationTrigger specifically for this usage). If it is, we start the verification progress. This is required for long running imports that only check the verification threshold at the very end. - This change increases the concurrency of fastq to 3 (refs https://ghost.slack.com/archives/C02G9E68C/p1670232405014209). So when running a long import, it is now possible to send emails without having to wait for the import. Above change makes sure it is not possible to get around the verification limits. Refactoring: - Removed the need to use `updateVerificationTrigger` by making thresholds getters instead of fixed variables. - Improved awaiting of members import job in regression test
2023-01-04 13:22:12 +03:00
if (this._isVerified()) {
// Already verified, no need to check limits
return;
}
if (this._isVerificationRequired()) {
// Already requested verification, no need to calculate again
return;
}
Email verification for imports based on 30 days of import refs: https://github.com/TryGhost/Toolbox/issues/293 Things needed to create this: * MemberSubscriptionEvent now has an import source * Importer now creates events with this type * Verification trigger logic changed to use 30 day window of imports
2022-04-13 19:35:24 +03:00
const createdAt = new Date();
createdAt.setDate(createdAt.getDate() - 30);
Removed getCreatedEvents and added verification trigger test (#15832) refs https://github.com/TryGhost/Team/issues/2266 This removes the deprecated `getCreatedEvents` method in the event repository and adds tests to the verification trigger to see if we don't break anything. Changes extracted from https://github.com/TryGhost/Ghost/pull/15831
2022-11-18 17:05:15 +03:00
const events = await this._eventRepository.getSignupEvents({}, {
Fixed verification trigger usage of Event Repository refs https://github.com/TryGhost/Team/issues/2192 The method signatures of the Event Repository have been updated to take mongo filter objects, but this call-site was not updated. Long term we should really be using NQL filter strings for our filtering API and the mongo filter objects should be an implementation detail, however we don't have time right now to rectify this.
2022-11-01 07:31:49 +03:00
source: 'import',
created_at: {
$gt: createdAt.toISOString().replace('T', ' ').substring(0, 19)
}
Email verification for imports based on 30 days of import refs: https://github.com/TryGhost/Toolbox/issues/293 Things needed to create this: * MemberSubscriptionEvent now has an import source * Importer now creates events with this type * Verification trigger logic changed to use 30 day window of imports
2022-04-13 19:35:24 +03:00
});
Made verification trigger depend on the number of members no issue This change makes the verification trigger behave closer to the original idea. As well as having a threshold to trigger email verification, the trigger should also rely on the number of "organic" / verified members. This means that large publications will not trigger the verification flow when they import members, but spammers / suspicious sites worth verifying will not have the organic member count to allow for larger imports.
2023-03-21 21:00:14 +03:00
const membersTotal = (await this._eventRepository.getSignupEvents({}, {
source: 'member'
})).meta.pagination.total;
Email verification for imports based on 30 days of import refs: https://github.com/TryGhost/Toolbox/issues/293 Things needed to create this: * MemberSubscriptionEvent now has an import source * Importer now creates events with this type * Verification trigger logic changed to use 30 day window of imports
2022-04-13 19:35:24 +03:00
// Import threshold is either the total number of members (discounting any created by imports in
// the last 30 days) or the threshold defined in config, whichever is greater.
Parameterized api sourced verification threshold refs https://github.com/TryGhost/Toolbox/issues/387 - The limit values should be as configurable as possible to adjust verification thresholds dinamically per-usecase. This solves a problem of doing a separate version release when we need to adjust the verification thresholds. - Before this "importThreshold" was the same concept as "apiThreshold", which makes it hard&confusing to reason about and hard to parameterize each specific case.
2022-08-25 12:07:03 +03:00
const importThreshold = Math.max(membersTotal - events.meta.pagination.total, this._importTriggerThreshold);
Email verification for imports based on 30 days of import refs: https://github.com/TryGhost/Toolbox/issues/293 Things needed to create this: * MemberSubscriptionEvent now has an import source * Importer now creates events with this type * Verification trigger logic changed to use 30 day window of imports
2022-04-13 19:35:24 +03:00
if (isFinite(importThreshold) && events.meta.pagination.total > importThreshold) {
Renamed verification parameters refs https://github.com/TryGhost/Toolbox/issues/387 - The "amountImported" was to specific to one verification trigger source. There can be multiple sources that start the verification process. - Changed `startVerificationProcess` method signature to reflect it's a private method that's only used internally - exposed for testing purposes only.
2022-08-25 04:47:59 +03:00
await this._startVerificationProcess({
amount: events.meta.pagination.total,
Email verification for imports based on 30 days of import refs: https://github.com/TryGhost/Toolbox/issues/293 Things needed to create this: * MemberSubscriptionEvent now has an import source * Importer now creates events with this type * Verification trigger logic changed to use 30 day window of imports
2022-04-13 19:35:24 +03:00
throwOnTrigger: false,
source: 'import'
});
}
}
Verification trigger: Wrap values in NQL in single quotes no issue
2022-02-04 14:54:48 +03:00
/**
* @typedef IVerificationResult
Added email verification trigger package refs: https://github.com/TryGhost/Toolbox/issues/166 New package handles the email verification workflow to prevent spammers. It currently handles MembersSubscribeEvent to detect potential abuse of the API to add members, and exposes methods for checking the threshold / starting the verification process for use by other areas of the code (at the moment - just member imports). The import package no longer needs to handle anything related to verification since it can be handled in the wrapper function in Ghost, and the API package doesn't need to do anything other than dispatch the new event.
2022-01-27 13:57:51 +03:00
* @property {boolean} needsVerification Whether the verification workflow was triggered
*/
/**
Verification trigger: Wrap values in NQL in single quotes no issue
2022-02-04 14:54:48 +03:00
*
Added email verification trigger package refs: https://github.com/TryGhost/Toolbox/issues/166 New package handles the email verification workflow to prevent spammers. It currently handles MembersSubscribeEvent to detect potential abuse of the API to add members, and exposes methods for checking the threshold / starting the verification process for use by other areas of the code (at the moment - just member imports). The import package no longer needs to handle anything related to verification since it can be handled in the wrapper function in Ghost, and the API package doesn't need to do anything other than dispatch the new event.
2022-01-27 13:57:51 +03:00
* @param {object} config
Renamed verification parameters refs https://github.com/TryGhost/Toolbox/issues/387 - The "amountImported" was to specific to one verification trigger source. There can be multiple sources that start the verification process. - Changed `startVerificationProcess` method signature to reflect it's a private method that's only used internally - exposed for testing purposes only.
2022-08-25 04:47:59 +03:00
* @param {number} config.amount The amount of members that triggered the verification process
Added email verification trigger package refs: https://github.com/TryGhost/Toolbox/issues/166 New package handles the email verification workflow to prevent spammers. It currently handles MembersSubscribeEvent to detect potential abuse of the API to add members, and exposes methods for checking the threshold / starting the verification process for use by other areas of the code (at the moment - just member imports). The import package no longer needs to handle anything related to verification since it can be handled in the wrapper function in Ghost, and the API package doesn't need to do anything other than dispatch the new event.
2022-01-27 13:57:51 +03:00
* @param {boolean} config.throwOnTrigger Whether to throw if verification is needed
Add API source when verification triggered from API events no issue This allows the message to be changed when sending an email to the host administrator about an increase in API usage to add members.
2022-02-03 18:03:47 +03:00
* @param {string} config.source Source of the verification trigger - currently either 'api' or 'import'
Verification trigger: Wrap values in NQL in single quotes no issue
2022-02-04 14:54:48 +03:00
* @returns {Promise<IVerificationResult>} Object containing property "needsVerification" - true when triggered
Added email verification trigger package refs: https://github.com/TryGhost/Toolbox/issues/166 New package handles the email verification workflow to prevent spammers. It currently handles MembersSubscribeEvent to detect potential abuse of the API to add members, and exposes methods for checking the threshold / starting the verification process for use by other areas of the code (at the moment - just member imports). The import package no longer needs to handle anything related to verification since it can be handled in the wrapper function in Ghost, and the API package doesn't need to do anything other than dispatch the new event.
2022-01-27 13:57:51 +03:00
*/
Renamed verification parameters refs https://github.com/TryGhost/Toolbox/issues/387 - The "amountImported" was to specific to one verification trigger source. There can be multiple sources that start the verification process. - Changed `startVerificationProcess` method signature to reflect it's a private method that's only used internally - exposed for testing purposes only.
2022-08-25 04:47:59 +03:00
async _startVerificationProcess({
amount,
Add API source when verification triggered from API events no issue This allows the message to be changed when sending an email to the host administrator about an increase in API usage to add members.
2022-02-03 18:03:47 +03:00
throwOnTrigger,
source
Added email verification trigger package refs: https://github.com/TryGhost/Toolbox/issues/166 New package handles the email verification workflow to prevent spammers. It currently handles MembersSubscribeEvent to detect potential abuse of the API to add members, and exposes methods for checking the threshold / starting the verification process for use by other areas of the code (at the moment - just member imports). The import package no longer needs to handle anything related to verification since it can be handled in the wrapper function in Ghost, and the API package doesn't need to do anything other than dispatch the new event.
2022-01-27 13:57:51 +03:00
}) {
if (!this._isVerified()) {
// Only trigger flag change and escalation email the first time
if (!this._isVerificationRequired()) {
await this._Settings.edit([{
key: 'email_verification_required',
value: true
}], {context: {internal: true}});
Added email verification trigger for admin requests refs https://github.com/TryGhost/Toolbox/issues/387 - When members are added through the Admin client they have to be a part of instance validation process to prevent service misuse.
2022-08-25 09:26:26 +03:00
// Setting import as a default message
let verificationMessage = messages.emailVerificationEmailMessageImport;
if (source === 'api') {
verificationMessage = messages.emailVerificationEmailMessageAPI;
} else if (source === 'admin') {
verificationMessage = messages.emailVerificationEmailMessageAdmin;
}
Improved member importer error handling (#15843) refs: https://github.com/TryGhost/Team/issues/1121 - This makes several key changes to the way errors are handled in the member importer, to ensure that we only show error messages to users that we wrote. - Fundamentally, we no longer trust all API errors, and instead only trust a set of very specific API errors. Anything outside of that is replaced with a generic error message. - Also switches the server-side error generated for email verification (which can throw during member import) to be a HostLimitError, as that is a more appropriate class. - Note: there are many other parts of Ghost admin that need a similar overhaul, and a similar change we need to introduce server side to fully resolve the underlying issue of bubbling up code errors to the UI.
2022-11-17 22:41:39 +03:00
Removed getCreatedEvents and added verification trigger test (#15832) refs https://github.com/TryGhost/Team/issues/2266 This removes the deprecated `getCreatedEvents` method in the event repository and adds tests to the verification trigger to see if we don't break anything. Changes extracted from https://github.com/TryGhost/Ghost/pull/15831
2022-11-18 17:05:15 +03:00
await this._sendVerificationEmail({
Added email verification trigger for admin requests refs https://github.com/TryGhost/Toolbox/issues/387 - When members are added through the Admin client they have to be a part of instance validation process to prevent service misuse.
2022-08-25 09:26:26 +03:00
message: verificationMessage,
Added email verification trigger package refs: https://github.com/TryGhost/Toolbox/issues/166 New package handles the email verification workflow to prevent spammers. It currently handles MembersSubscribeEvent to detect potential abuse of the API to add members, and exposes methods for checking the threshold / starting the verification process for use by other areas of the code (at the moment - just member imports). The import package no longer needs to handle anything related to verification since it can be handled in the wrapper function in Ghost, and the API package doesn't need to do anything other than dispatch the new event.
2022-01-27 13:57:51 +03:00
subject: messages.emailVerificationEmailSubject,
Renamed trigger amount variable refs https://github.com/TryGhost/Toolbox/issues/387 - Similar reasoning as to previous renames - the variables were named with a single trigger source in mind and now would be confusing with multiple verification trigger sources.
2022-08-25 05:43:46 +03:00
amountTriggered: amount
Added email verification trigger package refs: https://github.com/TryGhost/Toolbox/issues/166 New package handles the email verification workflow to prevent spammers. It currently handles MembersSubscribeEvent to detect potential abuse of the API to add members, and exposes methods for checking the threshold / starting the verification process for use by other areas of the code (at the moment - just member imports). The import package no longer needs to handle anything related to verification since it can be handled in the wrapper function in Ghost, and the API package doesn't need to do anything other than dispatch the new event.
2022-01-27 13:57:51 +03:00
});
if (throwOnTrigger) {
Improved member importer error handling (#15843) refs: https://github.com/TryGhost/Team/issues/1121 - This makes several key changes to the way errors are handled in the member importer, to ensure that we only show error messages to users that we wrote. - Fundamentally, we no longer trust all API errors, and instead only trust a set of very specific API errors. Anything outside of that is replaced with a generic error message. - Also switches the server-side error generated for email verification (which can throw during member import) to be a HostLimitError, as that is a more appropriate class. - Note: there are many other parts of Ghost admin that need a similar overhaul, and a similar change we need to introduce server side to fully resolve the underlying issue of bubbling up code errors to the UI.
2022-11-17 22:41:39 +03:00
throw new errors.HostLimitError({
message: messages.emailVerificationNeeded,
code: 'EMAIL_VERIFICATION_NEEDED'
Added email verification trigger package refs: https://github.com/TryGhost/Toolbox/issues/166 New package handles the email verification workflow to prevent spammers. It currently handles MembersSubscribeEvent to detect potential abuse of the API to add members, and exposes methods for checking the threshold / starting the verification process for use by other areas of the code (at the moment - just member imports). The import package no longer needs to handle anything related to verification since it can be handled in the wrapper function in Ghost, and the API package doesn't need to do anything other than dispatch the new event.
2022-01-27 13:57:51 +03:00
});
}
return {
needsVerification: true
};
}
}
return {
needsVerification: false
};
}
}
Verification trigger: Wrap values in NQL in single quotes no issue
2022-02-04 14:54:48 +03:00
module.exports = VerificationTrigger;
Reference in New Issue Copy Permalink