Commit Graph

15 Commits

Author SHA1 Message Date
Naz
113e2a6515 Improved verification email copy
refs https://github.com/TryGhost/Toolbox/issues/387

- Copy improvement afte a review
2022-08-29 12:18:46 +08:00
Naz
6e76fcc36a Parameterized api sourced verification threshold
refs https://github.com/TryGhost/Toolbox/issues/387

- The limit values should be as configurable as possible to adjust verification thresholds dinamically per-usecase. This solves a problem of doing a separate version release when we need to adjust the verification thresholds.
- Before this "importThreshold" was the same concept as "apiThreshold", which makes it hard&confusing to reason about and hard to parameterize each specific case.
2022-08-25 17:07:10 +08:00
Naz
7e3b8ff404 Added email verification trigger for admin requests
refs https://github.com/TryGhost/Toolbox/issues/387

- When members are added through the Admin client they have to be a part of instance validation process to prevent service misuse.
2022-08-25 14:26:44 +08:00
Naz
7cae68baaa Renamed trigger amount variable
refs https://github.com/TryGhost/Toolbox/issues/387

- Similar reasoning as to previous renames - the variables were named with a single trigger source in mind and now would be confusing with multiple verification trigger sources.
2022-08-25 14:26:44 +08:00
Naz
1e96ef849f Renamed verification parameters
refs https://github.com/TryGhost/Toolbox/issues/387

- The "amountImported" was to specific to one verification trigger source. There can be multiple sources that start the verification process.
- Changed `startVerificationProcess` method signature to reflect it's a private method that's only used internally - exposed for testing purposes only.
2022-08-25 14:26:44 +08:00
Naz
8892a60948 Renamed verification threshold parameter
refs https://github.com/TryGhost/Toolbox/issues/387

- There will three distinct verification limits soon. To keep the naming clear "configThreshold" would be too generic/confusing to use.
- Introduced jsdoc descriptions for the "source" parameter, which will be corelating with each new config parameter ("apiTriggerThreshold", "importTriggerThreshold", "adminTriggerThreshold", etc.). This should give a better visibility into parameters we are dealing in this area.
2022-08-25 14:26:44 +08:00
Naz
243aa9c834 Refactored member subscribe handler generic
refs https://github.com/TryGhost/Toolbox/issues/387

- I'm about to add  another event source -  "admin". Before doing that made the method more parameter dependent, so it can handle limit triggering logic from multiple source and based on multiple configuration parameters.
2022-08-25 14:26:44 +08:00
Naz
5934794d86 Refactored verification trigger constructor
refs https://github.com/TryGhost/Toolbox/issues/387

- The constructor should be light initialization logic only. Putting business logic into constructor is quite dirty and not really testable!
2022-08-24 14:06:22 +08:00
Daniel Lockyer
a9b011ad4b Avoided loading newsletter subscription events if threshold is Infinity
- if the threshold is Infinity, we shouldn't be loading the newsletter
  subscription events because we are saying there is no threshold
- the code has a quick path to avoid comparing the values, but it still
  loads the events upfront
- this commit moves the quick path up to return earlier
- this has the nice side-effect of producing 100% coverage on this
  package
2022-08-01 09:23:04 +02:00
Sam Lord
455778662c Email verification for imports based on 30 days of import
refs: https://github.com/TryGhost/Toolbox/issues/293

Things needed to create this:
* MemberSubscriptionEvent now has an import source
* Importer now creates events with this type
* Verification trigger logic changed to use 30 day window of imports
2022-04-13 17:35:30 +01:00
Sam Lord
20a37bdcd6 Verification trigger: Wrap values in NQL in single quotes
no issue
2022-02-04 11:54:48 +00:00
Sam Lord
dbad2fc0a6 Add API source when verification triggered from API events
no issue

This allows the message to be changed when sending an email to the host administrator about an increase in API usage to add members.
2022-02-03 15:03:47 +00:00
Sam Lord
bf9070f945 Add API verification trigger with new filter
no issue

Previous API verification trigger didn't work because the way filters work also changed. Re-implemented with a new filter.
2022-02-03 15:02:33 +00:00
Fabien 'egg' O'Carroll
96cd96a4f6 Removed API verification logic (#362)
no-issue

There is a bug in the event repository code where filters are not
correctly applied, this results in the api verification being extremely
trigger happy. For now we're removing the logic, with the plan to revert
this commit once the event repository is fixed.
2022-02-02 17:06:31 +02:00
Sam Lord
3c5cf21274 Added email verification trigger package
refs: https://github.com/TryGhost/Toolbox/issues/166

New package handles the email verification workflow to prevent spammers. It currently handles MembersSubscribeEvent to detect potential abuse of the API to add members, and exposes methods for checking the threshold / starting the verification process for use by other areas of the code (at the moment - just member imports).

The import package no longer needs to handle anything related to verification since it can be handled in the wrapper function in Ghost, and the API package doesn't need to do anything other than dispatch the new event.
2022-01-27 10:57:51 +00:00