Commit Graph

534 Commits

Author SHA1 Message Date
Fabien O'Carroll
c0ac7b6b37 Updated getMagicLink usage
no-issue

This updates the call to getMagicLink to correctly pass tokenData
2020-09-18 17:43:42 +01:00
Fabien O'Carroll
7b63fd6862 Published new versions
- @tryghost/members-api@0.30.0
2020-09-18 17:02:27 +01:00
Fabien O'Carroll
0d14e33436 Updated members-api to accept a TokenProvider
no-issue

This paves the way for Ghost to be able to pass in a custom token
provider which will handle the shortening of tokens and making them
single use.
2020-09-18 16:37:32 +01:00
Fabien O'Carroll
42c2468314 Published new versions
- @tryghost/magic-link@0.6.0
 - @tryghost/members-api@0.29.0
2020-09-18 13:23:54 +01:00
Fabien O'Carroll
9363d4a3b5 Fixed MagicLink tests
no-issue
2020-09-18 13:23:17 +01:00
Fabien O'Carroll
9c093c6beb Fixed MagicLink tests
no-issue

The JWTTokenProvider is now exported from the index
2020-09-18 13:21:46 +01:00
Fabien O'Carroll
97ceb13d42 Moved JWTTokenProvider to lib and exported from index
no-issue

This brings the module in line with our current package standards.
2020-09-18 13:20:12 +01:00
Fabien O'Carroll
e38dbc1e6e Published new versions
- @tryghost/magic-link@0.5.0
 - @tryghost/members-api@0.28.3
 - @tryghost/members-csv@0.3.1
2020-09-18 12:43:56 +01:00
Fabien O'Carroll
0723a1f9ed Updated members-api to work with new magic-link class
no-issue

The MagicLink class now accepts a TokenProvider rather than a secret
2020-09-18 12:42:31 +01:00
Fabien O'Carroll
de7f5c1383 Updated README to reflect API changes
no-issue
2020-09-18 12:42:31 +01:00
Fabien O'Carroll
a208a6c957 Added JWTTokenProvider to preserve functionality
no-issue

This allows the magic-link module to be used with the current
functionality with minimal changes
2020-09-18 12:42:31 +01:00
Fabien O'Carroll
37c8c15dd6 Updated magic-link to accept a TokenProvider
no-issue

This adds a layer of abstraction between the magic-link module and the
token generation, allowing us to switch out the token generation in the
future, when implementing single use tokens stored in a database
2020-09-18 12:42:31 +01:00
Fabien 'egg' O'Carroll
6957c2725b Refactored magic-link to be more generic (#202)
no-issue

This removes the concept of `subject` & `payload` from the function
signatures, making the implementation a little more generic, and less
JWT centric.

We also replace getUserFromToken and getPayloadFromToken with a single
method getDataFromToken, which will contain all the necessary data.

* Updated members-api to use new magic-link module

This updates the usage of magic-link to work with the new interface

* Fixed labels not saving for new members

Due to how bookshelf-relations works, we must fetch the labels before
saving a member, otherwise the labels are all deleted.

* Used a proper class rather than constructor function

This just moves the code to a more modern standard

* Updated methods to be async

This prepares us for a future where token generation and validation may
require access to storage and thus be an asyncronous operation
2020-09-17 15:42:01 +01:00
Renovate Bot
ed20668eac Update dependency papaparse to v5.3.0 2020-08-26 18:04:36 +00:00
Nazar Gargol
a578ae4076 Published new versions
- @tryghost/members-api@0.28.2
2020-08-24 18:31:02 +12:00
Nazar Gargol
30f758e297 🐛 Fixed create and update user methods to account for created_at and subscribed fields
refs https://github.com/TryGhost/Ghost/issues/12156

- During the refactor - 117309b4e8 (diff-3daeef67d07a2a0f94c89a86cafcede9R44), `subscribed` and `created_at` fields have been overlooked. All fields accepted by Ghost's `POST /members` and `PUT /members/:id` should be supported
2020-08-24 18:29:03 +12:00
Rish
56b9f4d350 Published new versions
- @tryghost/members-api@0.28.1
2020-08-21 16:12:31 +05:30
Rish
1fe75532e5 🐛 Fixed incorrect stripe method for cancelling subscriptions
refs https://github.com/TryGhost/Ghost/issues/12150

- `destroy` method was using incorrect cancel subscriptions method - stripe.cancelStripeSubscriptions - which doesn't exist
- Fixes call with intended method - `stripe.cancelAllSubscriptions` - to cancel all subscriptions
2020-08-21 16:11:24 +05:30
Rish
838ec6bb26 Published new versions
- @tryghost/members-api@0.28.0
2020-08-20 14:26:39 +05:30
Rishabh Garg
0dad6d147f Added update subscription method to members api (#198)
refs TryGhost/Ghost#12127

- Adds new `updateSubscription` method to members-api which allows updating individual subscription for a member
- New method only allows toggling of cancellation at period end for a subscription at the moment
2020-08-20 14:24:29 +05:30
Fabien O'Carroll
1625bc94c4 Published new versions
- @tryghost/members-api@0.27.2
2020-08-18 11:29:02 +01:00
Fabien O'Carroll
66b099222f Fixed throttling of Stripe API requests
no-issue

This ensures any requests during exponential backoff are correctly rate
limited too
2020-08-18 11:28:15 +01:00
Fabien O'Carroll
f8a705448b Published new versions
- @tryghost/members-api@0.27.1
2020-08-18 10:39:56 +01:00
Fabien O'Carroll
2d347cd5fd Fixed LeakyBucket params for test and live mode
no-issue

These were the wrong way round initially, and not caught when testing
with live api keys
2020-08-18 10:38:26 +01:00
Fabien O'Carroll
4fb68c6b19 Published new versions
- @tryghost/members-api@0.27.0
2020-08-17 17:37:23 +01:00
Fabien 'egg' O'Carroll
c7ea226d9e Updated stripe module for the bulk importer (#196)
no-issue

* Added LeakyBucket rate limiting for all Stripe requests
* Added createCustomer method
* Added createComplimentarySubscription method
* Replaced getStripeCustomer with getCustomer
* Exported createStripeCustomer & createComplimentarySubscription
2020-08-17 17:35:18 +01:00
Nazar Gargol
8cc8cc7acc Published new versions
- @tryghost/members-api@0.26.0
 - @tryghost/members-csv@0.3.0
2020-08-17 18:00:44 +12:00
Nazar Gargol
b8c1aeee35 Added empty string '' to null transform when parsing CSVs
no issue

- When items are parsed from CSV empty values were interpreted as empty strings - ''. Empty strings are always transformed into 'null' values in Ghost's model layer and are much more problematic to validate comparing to plain `null`. Specifically validation was imossible for 'format: date-time' with JSON schema validation through ajv when the value of date property was an empty string
- This behavior resemples one present in Ghost's model layer  - 95880dddeb
- When testing performance overhead for this change did not spot any statistically significant change in performance (tested set was 50K rows)
2020-08-17 17:57:49 +12:00
Fabien 'egg' O'Carroll
117309b4e8 Used models internally and for exported API (#195)
no-issue

Using models internally and in the exported API means that we avoid expensive
`toJSON` calls, which affects performance when looping through large lists of
members. It also allows us to take advantage of the new relations used in the
models.

The addition of "ByID" methods for linking stripe customers and setting
complimentary subscriptions allows bulk imports to avoid the overhead of creating
a model for each members, instead passing an id string. n.b. currently the impl
_does_ still create models, but it makes it easier to optimise and refactor in the 
future.
2020-08-12 12:57:28 +01:00
Daniel Lockyer
85800c57f7 Published new versions
- @tryghost/magic-link@0.4.13
 - @tryghost/members-api@0.25.2
 - @tryghost/members-ssr@0.8.5
2020-08-11 09:10:32 +01:00
Daniel Lockyer
56ef95c397 Updated ghost-ignition dependency
- this will resolve the lodash warnings when running `yarn audit`
2020-08-11 09:08:54 +01:00
Fabien O'Carroll
043609b194 Published new versions
- @tryghost/members-api@0.25.1
2020-07-24 15:40:35 +02:00
Fabien 'egg' O'Carroll
e7484638e3 Ensured that we do not insert orphaned rows (#190)
no-issue

Previously we would blindly put subscriptions into the database when we
received a webhook, which could result in orphaned rows that were not
linked to a customer (and by extension a member)

This updates the logic so that we will only add subscriptions if we have
a record of their customer.

Customers are only added during a checkout.session.completed webhook, at
which point a member is guarunteed, but for formailty and safety against
changes in the flow, the logic has been applied to inserting customers
too.
2020-07-24 15:39:01 +02:00
Fabien O'Carroll
20e3b6cc8a Published new versions
- @tryghost/magic-link@0.4.12
 - @tryghost/members-api@0.25.0
 - @tryghost/members-ssr@0.8.4
2020-07-24 13:48:27 +02:00
Fabien O'Carroll
d63484e99a Handled subscription deletion errors with logging
refs https://github.com/TryGhost/Ghost/issues/11557

If a subscription failed to delete, we would error and bailout of the
process, this updates it to log the error so that site owners have a
record of the error in the logs, but also to continue through the rest
of the subscriptions.
2020-07-24 13:46:38 +02:00
Fabien O'Carroll
b435d6a8c1 Renamed destroyStripeSubscriptions to cancelStripeSubscriptions
no-issue

Destroy is terminology we usually use for the model layer and was a
little confusing without context, this method is used in one place so
it's a low effort cleanup with minimal repercussions
2020-07-24 13:46:38 +02:00
Renovate Bot
8137d5aa72 Update dependency mocha to v6.2.3 2020-07-23 13:04:38 +00:00
Rish
f23503e35c Published new versions
- @tryghost/members-api@0.24.5
2020-07-22 16:08:35 +05:30
Rish
f792148ce8 Updated magic link email to use custom status code for failures
refs https://github.com/TryGhost/Team/issues/342

- Send magic link middleware was not using custom status code from error and sending 500
- Updates error code to be picked from err object if present, or fallback to 500 as before otherwise
2020-07-22 16:07:21 +05:30
Fabien O'Carroll
763153d110 Published new versions
- @tryghost/members-api@0.24.4
2020-07-22 12:28:43 +02:00
Fabien 'egg' O'Carroll
bf38d836d4 Updated webhooks cleanup to handle all older webhooks (#186)
refs https://github.com/TryGhost/Ghost/issues/12074

Some sites may have had duplicate webhooks created due to a race
condition. This updates the members-api to cleanup _all_ webhooks before
starting, allowing it to create webhooks on a fresh slate, and removing
possible causes of 401 errors due to incorrect webhook secrets.
2020-07-22 12:27:48 +02:00
Fabien O'Carroll
cdfa31af1a Published new versions
- @tryghost/members-api@0.24.3
2020-07-21 13:45:34 +02:00
Fabien 'egg' O'Carroll
d1cd0fe80e Caught & handled 'resource_already_exists' errors (#185)
refs https://github.com/TryGhost/Ghost/issues/12065

This protects us against multiple instances of the members-api being
started simultaneously and race conditions where inbetween the initial
"GET" of a plan which returns empty, and the "POST" of a plan to create
it, another instance has already created it.
2020-07-21 13:40:49 +02:00
Fabien O'Carroll
8c73c4a42b Published new versions
- @tryghost/members-api@0.24.2
2020-07-21 12:03:41 +02:00
Fabien 'egg' O'Carroll
9f1b9d6156 Used mode to determine flow for checkout session (#184)
no-issue

This fixes a problem when subscribing to a Plan (Price) with a default
trial period. We also add logging to add a little more information about
which flow we're entering.

Subscriptions that are started with a trial have a `setup_intent`
present on the Checkout Session object, which was incorrectly causing us
to determine that we are in a "setup" flow and attempt to update a
customers card details.

We now use the `mode` property of the Checkout Session to determine
whether we are handling a new Subscription, or if we are in a "setup"
flow and should update the Customer's card details.
2020-07-21 12:03:16 +02:00
Fabien O'Carroll
9dc22b2bb2 Published new versions
- @tryghost/magic-link@0.4.11
 - @tryghost/members-api@0.24.1
 - @tryghost/members-ssr@0.8.3
2020-07-21 12:02:36 +02:00
Fabien O'Carroll
c30ffba75a Revert "Used mode to determine flow for checkout session (#184)"
no-issue

Reverting so that changesets can be released independently

This reverts commit d41e5f3b55.
2020-07-21 12:01:07 +02:00
Fabien 'egg' O'Carroll
d41e5f3b55 Used mode to determine flow for checkout session (#184)
no-issue

This fixes a problem when subscribing to a Plan (Price) with a default
trial period. We also add logging to add a little more information about
which flow we're entering.

Subscriptions that are started with a trial have a `setup_intent`
present on the Checkout Session object, which was incorrectly causing us
to determine that we are in a "setup" flow and attempt to update a
customers card details.

We now use the `mode` property of the Checkout Session to determine
whether we are handling a new Subscription, or if we are in a "setup"
flow and should update the Customer's card details.
2020-07-21 11:50:10 +02:00
Renovate Bot
f94f1bc107 Update dependency @types/node to v12.12.51 2020-07-20 22:51:48 +00:00
Fabien 'egg' O'Carroll
400dba62a9 Added cleanup on startup for old webhooks (#181)
refs https://github.com/TryGhost/Ghost/issues/12061

Due to a bug in Ghost webhooks are now created with a trailing "/" which
meant that the previous webhooks to that (without a slash) was never
removed.

This results in users receiving emails from stripe about failed webhook
delivery, which is not good at all.

This fix lists out the webhooks and finds (if present) the webhook which
matches the current URL, minus the trailing slash. If found it will then
attempt to delete that webhook thus stopping the emails from Stripe.

I've added a note to remove this code as it should only ever need to run
once, and can be removed for the Ghost release after these changes.
2020-07-20 17:54:22 +02:00