no issue
- when redirecting from Stripe back to Ghost after making a donation the URL contained a double slash (`//#/portal/...`) which triggered browser security errors when Portal modified the browser history stack when navigating
- the above could prevent the donation success modal from closing
ref INC-97
ref https://github.com/TryGhost/Ghost/issues/20767
- finishes wiring up the honeypot fied
- updates state handing to properly set the value
- maintains honeypot field across page changes within portal
There isn't a single previous commit to point to here since they didn't
get squashed. We added a honeypot field to help mitigate bot signup
activity. It's hidden, and if filled out, we can anticipate it's a bot.
Right now this just logs to Ghost while we collect data.
ref KTLO-1
These tokens should prevent untargeted attacks, as the magic link
endpoint needs a token that was generated by the server, similar to a
CSRF token, but without needing any server-side state, or a cookie to
be set for unauthenticated users.
ref ONC-225
- Wires up the `editor_default_email_recipients` key to the settings
public / content api endpoint.
- This key is then wired up to Portal to determine whether it's hiding or
showing the Member subscribe toggle
ref https://linear.app/tryghost/issue/ENG-1464
- added redirect to sign in page when trying to access newsletter
management
If a user tries to access newsletter management when not logged in,
Portal requires sign in via magic link. This magic link didn't previous
redirect the user back to newsletter management, requiring some extra
clicks.
no ref
- while reviewing the newsletter flows, it was apparent that we were
missing test coverage
Some of the tests in Portal are a bit redundant with tests added for
child components, but it didn't seem worth removing them after getting
them to work. There was a bug in our Portal fixture data that requires a
few changes, as well as some small adjustments for making tests easier
(testing-lib-react has `getByTestId` and simply a `querySelector` to use
alternate test attributes).
Fixes
https://linear.app/tryghost/issue/DES-324/complimentary-plan-issues
We were showing renewal copy for subscriptions that are forever
complimentary. We also had a trailing en-dash in the Member detail
screen when their subscription was complimentary and had no end date.
Those things are solved now. We don't show dates or renewal copy when we
don't need to.
no issue
- the signup flow tests check whether the benefits of the available
tiers are rendering correctly. The test is based on a text match, which
sometimes fails because of duplicate benefit descriptions
- this fix makes the benefit descriptions less likely to be the same, by
using a timestamp in the randomisation function
no ref
- The 'Get help' button was only adding margin on the left when accessed
through account management even though it is also shown on the
unsubscribe page accessed via link.
no refs
- Tests run locally (US TZ) often always failed because the dates are
pushed to the en-GB locale. The test now forces the same TZ onto the
compared to date.
refs https://linear.app/tryghost/issue/ENG-677
- Portal was completely missing tests for `UnsubscribePage`
- `UnsubscribePage` is unique for Portal in that it needs to be able to
handle logged in and not-logged-in member state/interactions
- Various parts of Portal don't use a shared `GhostApi` instance, making
mocking all functionality impossible
- `UnsubscribePage` was updated to use `onAction` to bring it in line
with other Portal interactions while logged in
- Added checks for UI components for more precision in tests checking subscriptions within the UI
---------
Co-authored-by: Ronald Langeveld <hi@ronaldlangeveld.com>
refs https://linear.app/tryghost/issue/ENG-677
- UnsubscribePage is intended to be able to be used without logging in
to Portal. The app context (member state) was not synchronized when
logged in, causing conflicts in the client data vs. database.
- Now when a logged in member is found, the member object is manually
updated to reflect the API response(s).
ref ENG-607
- also added the option to show the monthly pricing by default during
signup
Co-authored-by: Simon Backx <simon@ghost.org>
Co-authored-by: Djordje Vlaisavljevic <dzvlais@gmail.com>
There were two changes in the Email receiving FAQ page.
1. Add "a" to "If you're not receiving the email newsletter you've
subscribed to, here are a few things to check."
2. Remove unnecessary hyphens from "to-and-from this address."
@jonhickman
no issue
- adds 2 addition conditions for when the Portal iframe should be
visible.
- waits an extra 100ms before making it visible to give portal time to
properly load.
---------
Co-authored-by: Princi Vershwal <vershwal.princi@gmail.com>
refs PROD-60, PROD-222, PROD-223, PROD-89, PROD-94
- Indicator shows up in the monthly/yearly toggle if there are any paid
tiers with yearly discount, and shows the highest discount in order to
nudge visitors towards checking out yearly plan
- A couple of smaller portal improvements: typos, spacing, alignment
---------
Co-authored-by: Simon Backx <simon@ghost.org>
fixes PROD-61
This adds a new default plan setting. It defaults to yearly, which is
the current default selected interval in Portal.
Behind the new portal improvements feature flag, the default plan can be
changed. It will also change automatically if the available intervals
are changed.
This PR also wires up passing the new setting to the Portal preview.
fixes https://github.com/TryGhost/Product/issues/4222
fixes PROD-197
- links in signup terms were not opening properly, as we open Portal
within an iframe
- the previous fix in place did not work anymore, as the HTML structure
of the signup terms has changed
fixes GRO-72
- added "default_email_address" and "support_email_address" to the
public settings
- when available, use these addresses in Portal. Otherwise, fallback to
current logic
fixes GRO-88
Instead of going to the previous page when visiting /#/portal, it will now go to the default page:
- Sign up if you are not signed in
- Account home if you are signed in
Previously, it had the same behaviour, with the difference that it would also go to the previous page if there was any.
fixes https://github.com/TryGhost/Product/issues/3738https://www.notion.so/ghost/Member-Session-Invalidation-13254316f2244c34bcbc65c101eb5cc4
- Adds the transient_id column to the members table. This defaults to
email, to keep it backwards compatible (not logging out all existing
sessions)
- Instead of using the email in the cookies, we now use the transient_id
- Updating the transient_id means invalidating all sessions of a member
- Adds an endpoint to the admin api to log out a member from all devices
- Added the `all` body property to the DELETE session endpoint in the
members API. Setting it to true will sign a member out from all devices.
- Adds a UI button in Admin to sign a member out from all devices
- Portal 'sign out of all devices' will not be added for now
Related changes (added because these areas were affected by the code
changes):
- Adds a serializer to member events / activity feed endpoints - all
member fields were returned here, so the transient_id would also be
returned - which is not needed and bloats the API response size
(`transient_id` is not a secret because the cookies are signed)
- Removed `loadMemberSession` from public settings browse (not used
anymore + bad pattern)
Performance tests on site with 50.000 members (on Macbook M1 Pro):
- Migrate: 6s (adding column 4s, setting to email is 1s, dropping
nullable: 1s)
- Rollback: 2s
refs https://ghost.slack.com/archives/C02G9E68C/p1699391515110759
When the unsubscribe page first showed, member is set to `undefined`. This cause the normal NewsletterManagement page to be visible, but with the wrong settings. This caused the switches to quickly change between on/off state, making it look like some setting was changed when it was not.
To fix this, I added a loading page to the unsubscribe page.
Apart from this, the current error page now will get shown correctly when the uuid in the url is invalid. And the toast message on the top will be hidden if the newsletter uuid in the url is missing or invalid.
fixes https://github.com/TryGhost/Product/issues/4005
We no longer use the 'reason' of a recommendation, but allow a flexible
description instead. Because this is a breaking change in the API, we do
this before making this feature GA.
- Added new database utils for renaming a column
- Added new migration to rename the column
- Updated all references in code
no issue
- During the one click subscribe flow, the outboundLinkTagging should
affect whether we send a history or not to the signup endpoint. But for
internal history this is the members_track_sources setting. This happens
in the backend normally.
- Do not send a (constructed) history to external sites (= one click
subscribe flow in recommendations) if outboundLinkTagging is false
- Do always send a history internally for local signups (backend handles
whether to store it based on the members_track_sources setting that is
currently not exposed in the frontend). The history is not built if this
setting is disabled, but we could have an old history entry if this
setting was enabled in the past.
refs https://github.com/TryGhost/Product/issues/3963
The subscription status text was incorrect when a subscription was
comped and a member had multiple subscriptions (i.e a cancelled sub and
a comped sub). This was because the methods used to determine the status
of a subscription only took into account the status of the first
subscription associated with a member.
