Commit Graph

64 Commits

Author SHA1 Message Date
Fabien "egg" O'Carroll
1f300fb781 🐛 Fixed checkout sessions when using Offers
closes https://github.com/TryGhost/Team/issues/2195

The issue here is two-fold, and specific to using Offers so was not
caught by any automated tests. First, we were incorrectly comparing
the tier.id to the offer.tier.id - this is because the Tier objects id
property is an instance of ObjectID rather than a string.

Secondly we were passing through the cadence parameter from the
request body, but when using Offers this is not including in the
request, so we must pull the data off of the Offer object instead and
pass that to the payments service.
2022-11-02 00:11:33 +07:00
Fabien 'egg' O'Carroll
aa89fe55e0
Fixed Stripe Checkout not having the email prefilled from Portal (#15703)
We need to pass the customerEmail param along so that Stripe Checkout
will prefill it for us, this was missed in the refactor.
2022-10-27 11:00:21 +07:00
Fabien "egg" O'Carroll
25d8d694a0 Wired up the payment service to create stripe checkout sessions
refs https://github.com/TryGhost/Team/issues/2078
2022-10-25 09:03:04 +07:00
Simon Backx
e7378520a0
🔒 Prevented member creation when logging in (#15526)
fixes https://github.com/TryGhost/Ghost/issues/14508

This change requires the frontend to send an explicit `emailType` when sending a magic link. We default to `subscribe` (`signin` for invite only sites) for now to remain compatible with the existing behaviour.

**Problem:**
When a member tries to login and that member doesn't exist, we created a new member in the past.

- This caused the creation of duplicate accounts when members were guessing the email address they used.
- This caused the creation of new accounts when using an old impersonation token, login link or email change link that was sent before member deletion.

**Fixed:**
- Trying to login with an email address that doesn't exist will throw an error now.
- Added new and separate rate limiting to login (to prevent user enumeration). This rate limiting has a higher default limit of 8. I think it needs a higher default limit (because it is rate limited on every call instead of per email address. And it should be configurable independent from administrator rate limiting. It also needs a lower lifetime value because it is never reset.
- Updated error responses in the `sendMagicLink` endpoint to use the default error encoding middleware.
- The type (`signin`, `signup`, `updateEmail` or `subscribe`) is now stored in the magic link. This is used to prevent signups with a sign in token.

**Notes:**
- Between tests, we truncate the database, but this is not enough for the rate limits to be truly reset. I had to add a method to the spam prevention service to reset all the instances between tests. Not resetting them caused random failures because every login in every test was hitting those spam prevention middlewares and somehow left a trace of that in those instances (even when the brute table is reset). Maybe those instances were doing some in memory caching.
2022-10-05 12:42:42 +02:00
Rishabh Garg
31733657a6
Updated naming for referrer attribution (#15486)
- renames `refSource`, `refMedium` and `refUrl` to `referrerSource`, `referrerMedium` and `referrerUrl` respectively for consistent naming across files and usages
2022-09-28 00:58:06 +05:30
Rishabh
bb0d900937 Handled storing referrer information in DB
refs https://github.com/TryGhost/Team/issues/1931

- stores `referrer_source`, `referrer_medium` and `referrer_url` in event tables for new members and paid subscriptions
2022-09-21 19:32:18 +05:30
Rishabh
54f848415a Updated stripe checkout session metadata for referrer data
- adds referrer source, medium and url to stripe checkout metadata for later storage
2022-09-19 12:29:22 +05:30
Simon Backx
972c25edc7
Wired up member attribution from email clicks (#15407)
refs https://github.com/TryGhost/Team/issues/1899

- Added `addEmailAttributionToUrl` method to MemberAttributionService. This adds both the source attribution (`rel=newsletter`) and member attribution (`?attribution_id=123&attribution_type=post`) to a URL.
- The URLHistory can now contain a new sort of items: `{type: 'post', id: 'post-id', time: 123}`.
- Updated frontend script to read `?attribution_id=123&attribution_type=post` from the URL and add it to the URLHistory + clear it from the URL.
- Wired up some external dependencies to LinkReplacementService and added some dummy code.
- Increased test coverage of attribution service
- Moved all logic that removes the subdirectory from a URL to the UrlTranslator instead of the AttributionBuilder
- The UrlTranslator now parses a URLHistoryItem to an object that can be used to build an Attribution instance
- Excluded sites with different domain from member id and attribution tracking
2022-09-14 15:50:54 -04:00
Ronald Langeveld
1f177e1c17
Added optional data-attribute to enable and disable auto redirection. (#15335)
closes https://github.com/TryGhost/Ghost/issues/15104 https://github.com/TryGhost/Team/issues/1800

- On custom sign up and login forms, creators often wouldn't want their members to be redirected to that page after signing in.
- This takes a new data-attribute value (eg `data-members-autoredirect="false"`) that can be set on [custom sign up / login forms](https://ghost.org/docs/themes/members/#signup-forms) into account before parsing the referrer on the magic link URL that gets sent to the member for login.
2022-09-06 14:36:06 +02:00
Elijah
3c94812ee5
Added missing return in create-stripe-update-session
no issue

- Return was missing for `res.end` if an invalid subscription_id was passed
- Added explicit `text/plain` `Content-Type` headers to error messages to avoid MIME sniffing

Signed-off-by: Elijah Conners <business@elijahpepe.com>
Co-authored-by: Simon Backx <simon@ghost.org>
2022-08-29 14:02:58 +02:00
Rishabh Garg
1bf70bf3c6
Stored geolocation for member on creation (#15320)
refs https://github.com/TryGhost/Team/issues/1826

Geolocation was prev. loaded after member was created and updated on existing member. this was mostly due to historical context where we couldn't store data on magic link token.
Since email alerts go out at the time of member creation, this flow missed out on attaching member's location to email. 
This change -

- stores request ip when a member asks for magic link in the token
- loads request ip from token when member uses magic link, and for new members loads their geolocation and stores it with member creation
2022-08-26 00:45:34 +05:30
Rishabh
6f2066517b Allowed comped members to go through checkout flow
refs https://github.com/TryGhost/Team/issues/1728

- allows comped members to go through the stripe checkout flow and become a paid member
2022-08-19 20:55:31 +05:30
Simon Backx
da24d13601
Added member attribution events and storage (#15243)
refs https://github.com/TryGhost/Team/issues/1808
refs https://github.com/TryGhost/Team/issues/1809
refs https://github.com/TryGhost/Team/issues/1820
refs https://github.com/TryGhost/Team/issues/1814

### Changes in `member-events` package

- Added MemberCreatedEvent (event, not model)
- Added SubscriptionCreatedEvent (event, not model) 

### Added `member-attribution` package (new)

- Added the AttributionBuilder class which is able to convert a url history to an attribution object (exposed as getAttribution on the service itself, which handles the dependencies)
```
[{
    "path": "/",
    "time": 123
}]
```
to
```
{
    "url": "/",
    "id": null,
    "type": "url"
}
```

- event handler listens for MemberCreatedEvent and SubscriptionCreatedEvent and creates the corresponding models in the database.

### Changes in `members-api` package

- Added urlHistory to `sendMagicLink` endpoint body + convert the urlHistory to an attribution object that is stored in the tokenData of the magic link (sent by Portal in this PR: https://github.com/TryGhost/Portal/pull/256).
- Added urlHistory to `createCheckoutSession` endpoint + convert the urlHistory to attribution keys that are saved in the Stripe Session metadata (sent by Portal in this PR: https://github.com/TryGhost/Portal/pull/256).

- Added attribution data property to member repository's create method (when a member is created)
- Dispatch MemberCreatedEvent with attribution

###  Changes in `members-stripe-service` package (`ghost/stripe`)

- Dispatch SubscriptionCreatedEvent in WebhookController on subscription checkout (with attribution from session metadata)
2022-08-18 17:38:42 +02:00
Rishabh
843bbfa55d Handled stripe setup for free trial offers
refs https://github.com/TryGhost/Team/issues/1726

- free trial offers don't need a stripe coupon created for them
- checkout sessions for free trial offers ignore stripe coupon and directly pass the trial days value
- trial days of an offer take precedence over trial days added as default to a tier
2022-08-11 11:04:39 +05:30
Rishabh
54860d2b64 Wired trial days to stripe checkout session
refs https://github.com/TryGhost/Team/issues/1724

- wires trial days stored on a tier to stripe checkout session creation
- removes deprecated `trial_from_plan` if trial days is set
2022-08-05 17:23:40 +05:30
Fabien 'egg' O'Carroll
f3130d9538 Passed request referrer to magic link service (#408)
refs https://github.com/TryGhost/Team/issues/1174

This paves the way for Ghost to be able to redirect to the referrer
page when dealign with signup magic links. We pass the referrer for
all types of magic links however, to allow extension of this
functionality in the future.

We've also removed the concept of `requestSrc` which has been unused
for a while now.
2022-07-15 11:02:58 +01:00
Fabien 'egg' O'Carroll
8e2c600612 Fixed checkout session creation for existing members (#403)
refs https://github.com/TryGhost/Team/issues/1526

We weren't using the `req.body.customerEmail` to load a member and
check their existing tiers, this meant that existing members which
were signed out and attempted to create a stripe checkout session were
able to.
2022-06-01 10:40:52 +01:00
Rishabh
63a859587b Fixed checkout session creation with just offer id
- In case of an offer id present in stripe checkout session, the cadence and tier id values can be null
- this fixes the invalid 400 thrown on missing cadence value while creating stripe checkout session for offer
2022-05-18 13:12:40 +05:30
Fabien 'egg' O'Carroll
676fca7077 Updated Frontend API to work with Tier & Cadence (#399)
refs https://github.com/TryGhost/Team/issues/1575

Since we are not exposing the underlying Price data anymore, we need to
update the API to work with Tier and Cadence.
2022-05-16 19:27:23 +01:00
Rishabh
54a6fe9a62 Handled newsletters preference for free members signup
refs https://github.com/TryGhost/Team/issues/1490

With multiple newsletters, free members can choose their newsletter subscription preference while signing up.
This change -
- includes newsletters data in magic link token creation
- attaches newsletter data to new members created via magic link
2022-04-13 15:00:31 +05:30
Fabien "egg" O'Carroll
6ce441f760 Moved the last of the Stripe config out of Members
refs https://github.com/TryGhost/Team/issues/1322

We no longer restart the Members service based on the Stripe service
being updated, which meant that if it was initially configured with
missing URL's and later Stripe connected, it would not get the new
config until a server restart. This moves the last of Stripe config into
the Stripe service, so that all things concerning Stripe can be handled
in one place and updated together.
2022-02-15 10:57:40 +02:00
Fabien "egg" O'Carroll
5a9cb1ab83 Restricted changing Subscription to archived Tier
refs https://github.com/TryGhost/Team/issues/1252
2022-01-21 14:08:31 +02:00
Fabien "egg" O'Carroll
2661ddcde2 Restricted signing up with archived Tiers
refs https://github.com/TryGhost/Team/issues/1252
2022-01-21 11:13:23 +02:00
Fabien "egg" O'Carroll
69df4b7c05 Added support for dynamic allowSelfSignup config
refs https://github.com/TryGhost/Team/issues/1257

This gets us closer to not having to reload the MembersAPI when config
is changed which will help stop bugs arising from multiple instances of
the MembersAPI being created.
2022-01-10 17:53:30 +02:00
Kevin Ansfield
381e0c1f2a Removed membersAutoLogin labs flag
refs https://github.com/TryGhost/Team/issues/1258

- feature is GA so conditionals are no longer needed
2022-01-04 14:50:24 +00:00
Fabien egg O'Carroll
2e7bb3e67e Handled EENVELOPE errors when generating magic link
refs https://github.com/TryGhost/Team/issues/1259

These errors are thrown by nodemailer and can occur when an invalid
email address is used. Without special handling these cause a 500 error.
2021-12-16 09:25:32 +02:00
Sam Lord
ba2c0818e0 Use @tryghost/logging instead of injected argument 2021-12-02 14:46:58 +00:00
Fabien O'Carroll
47a7bd8555 Disabled auto-login when a success url is provided
refs https://github.com/TryGhost/Team/issues/1067

The auto-login behaviour obliterates the concept of a success URL,
because the Member is redirected in a logged in state, to the welcome
URL - rather than a logged out state to the success URL.

In order to not disrupt existing flows, we disable auto login if a
success URL is provided.
2021-11-05 10:18:43 +02:00
Fabien O'Carroll
a9871f1ab9 Removed references to Offers labs flag
refs https://github.com/TryGhost/Team/issues/1115

This flag is now enabled by default - so we can clean up all uses of it.
2021-11-03 16:13:11 +02:00
Fabien O'Carroll
81868c1850 Added alpha version of auto-login for Members
refs https://github.com/TryGhost/Team/issues/1067

This is the MVP for auto-login of Members, it does not support custom
redirects, and will always just redirect to the same place that the
signin & signup links do. Behind a feature flag whilst we iron out the
functionality.
2021-11-03 10:57:28 +02:00
Fabien O'Carroll
e78b2f80bc Fixed issues with checkout when not using coupon
no-issue

We were incorrectly checking for the existence of a coupon id - instead
we simplify the signature, and make sure the check is correct.
2021-10-21 18:06:36 +02:00
Fabien O'Carroll
efe5164eff Wired up payments service
refs https://github.com/TryGhost/Team/issues/1166

By using the PaymentsService to fetch coupon information - we ensure
that the coupons are created if they're missing. Like in the case of a
Stripe disconnect/connect cycle.
2021-10-21 15:40:55 +02:00
Fabien O'Carroll
c58e83c9d7 Wired up OfferRedemption storage
refs https://github.com/TryGhost/Team/issues/1132

We have to include the Offer on the metadata for the Stripe Checkout -
as Offers with a duration of 'once' will not always be present on the
Subscription after fetching it.

Once we receive the Stripe Checkout webhook we emit an event for
subscription created - the reason we use an event is because this logic
should eventually live in a Payments/Stripe module - and we'd want to
decouple it from the Members module.

The Members module is in charge of writing Offer Redemptions - rather
than the Offers module - because Offer Redemptions are "owned" by a
Member - and merely reference and Offer. Eventually Offer Redemptions
could be replaced by Subscriptions.
2021-10-18 17:26:34 +02:00
Fabien O'Carroll
53d24e501d Fixed Stripe Checkout using Offers
refs https://github.com/TryGhost/Members/commit/5172e40646

When we updated to use the OffersAPI instead of OfferRepository this was
missed, and we were passing blank coupon to Stripe Checkout. This should
eventually be replaced with a call like `getCoupon(offerId)` from a
payments service.
2021-10-14 12:02:39 +02:00
Fabien O'Carroll
9e7891fef7 Restricted archived Offers from being used
refs https://github.com/TryGhost/Team/issues/1133

An archived Offer is intended to be disabled from a redemption point of
view. This ensures that we do not allow Stripe Checkout Sessions to be
created for them.
2021-10-13 11:19:35 +02:00
Fabien O'Carroll
5172e40646 Used OffersAPI over OfferRepository in MembersAPI
no-issue

The OfferRepository deals with domain objects in the Offers module, and
as such is not suitable for use with "external" services. This update
means that MembersAPI can deal with POJO DTOs so that there is not a
dependency on the internals of the Offers module. Just on the contract
it holds with the outside world.
2021-10-13 11:11:12 +02:00
Fabien O'Carroll
afa5363dd4 Fixed Stripe Checkout for monthly Offers
refs https://github.com/TryGhost/Members/commit/504fb1bf

Since we updated the Offer to use Value Objects, we needed to update the
usage here too.
2021-10-08 15:19:59 +02:00
Fabien O'Carroll
f0141f08ff Applied Offers when creating Stripe Checkout Session
refs https://github.com/TryGhost/Team/issues/1090

Instead of the hardcoded 1-day version for Offers, we can now talk
directly to the Offers repository and use the real values for Stripe
Checkout.
2021-10-06 16:12:53 +02:00
Fabien O'Carroll
cd6e87774a Added 1-day version of Offers
refs https://github.com/TryGhost/Team/issues/1090

This 1-day version of Offers allows us to test the full flow of the
Offers feature without having to implement all of it. The focus here is
that we can pass an Offer ID when creating a Stripe Checkout session and
have it apply. Here we use hardcoded Stripe Coupons as we haven't yet
got persistence implemented for Offers & their related Stripe Coupons
2021-09-28 13:39:04 +02:00
Fabien O'Carroll
e93d092766 Fixed handling of invalid tokens when changing email
no-issue

Without a return after ending the response, the code will continue to
attempt to send emails and then send another response which results in
an uncaught error.
2021-09-23 11:12:23 +02:00
Fabien O'Carroll
4e947a88ce Fixed security hole in email address change flow
refs https://github.com/TryGhost/Ghost/security/advisories/GHSA-65p7-pjj8-ggmr

The email address change flow was built on top of the unauthenticated
signin/signup flow. This meant that ownership of the email being changed
wasn't verified and allowed a malicious actore to change the email
address of arbitrary accounts to an email address which they controlled.

We remove the ability to change email addresses from the signin/signup
flow and instead create a dedicated, authenticated flow for changing
email address.
2021-09-22 16:49:17 +02:00
Rishabh
fe4fb78830 Cleaned up stripe-service package usage
no refs

- updates all usages of `stripe-service` package to new correct `members-stripe-service` package
2021-09-22 18:12:40 +05:30
Rishabh
3e54819469 Revert "Updated usage of stripe-service package to members-stripe-service package"
This reverts commit 7363f0769d.
2021-09-22 18:05:41 +05:30
Rishabh
7363f0769d Updated usage of stripe-service package to members-stripe-service package
refs 8b90c93a79
2021-09-22 18:02:50 +05:30
Rishabh
37001c539d Fixed lint
no refs
2021-09-22 16:52:40 +05:30
Rishabh
317caacc0e Updated ingress event handler to use new analytics ingress package
refs https://github.com/TryGhost/Team/issues/1064

- updates handling of member events to use new analytics ingress package which is responsible to ensure storage of event
2021-09-22 16:51:03 +05:30
Rishabh Garg
1f7a455374 Added @tryghost/members-analytics-ingress package (#335)
refs https://github.com/TryGhost/Team/issues/1064

This package will be used as to handle and emit ingress events on new members event endpoint - `/members/api/events`
2021-09-22 16:07:37 +05:30
Fabien O'Carroll
7a401e5253 Used @tryghost/stripe-service in @tryghost/members-api
no-issue

This finalises the extraction of the StripeAPIService to a separate
package!
2021-09-13 14:38:40 +02:00
Fabien O'Carroll
caf059cd7e Added WellKnownController and exposed jwks.json
refs https://github.com/TryGhost/Team/issues/664

The well known controller is designed to handle any requests to the
/.well-known endpoint where the members app is mounted. The first and
only requirement so far is that we expose a JSON Web Key Set so that
external services are able to validate Members JWT's
2021-07-19 13:51:58 +01:00
Rishabh
aa19008651 Fixed incorrect import path
no refs
2021-07-14 20:01:29 +05:30