Infrastructure/ghost
0
Fork 0
mirror of https://github.com/TryGhost/Ghost.git synced 2025-02-03 23:00:14 -05:00
Code Issues Activity

Restricted changing Subscription to archived Tier

Browse source 
refs https://github.com/TryGhost/Team/issues/1252
This commit is contained in:
Fabien "egg" O'Carroll 2022-01-21 14:08:31 +02:00
parent 2a1fe514cf
commit 5a9cb1ab83
3 changed files with 73 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
ghost/members-api/lib/MembersAPI.js
View file

@ -132,6 +132,7 @@ module.exports = function MembersAPI({
const memberController = new MemberController({
memberRepository,
productRepository,
StripePrice,
tokenService,
sendEmailWithMagicLink

10
ghost/members-api/lib/controllers/member.js
View file

@ -4,17 +4,20 @@ module.exports = class MemberController {
/**
* @param {object} deps
* @param {any} deps.memberRepository
* @param {any} deps.productRepository
* @param {any} deps.StripePrice
* @param {any} deps.tokenService
* @param {any} deps.sendEmailWithMagicLink
*/
constructor({
memberRepository,
productRepository,
StripePrice,
tokenService,
sendEmailWithMagicLink
}) {
this._memberRepository = memberRepository;
this._productRepository = productRepository;
this._StripePrice = StripePrice;
this._tokenService = tokenService;
this._sendEmailWithMagicLink = sendEmailWithMagicLink;
@ -112,6 +115,13 @@ module.exports = class MemberController {
}
const priceId = price.get('stripe_price_id');
const product = await this._productRepository.get({stripe_price_id: priceId});
if (product.get('active') !== true) {
res.writeHead(403);
return res.end('Tier is archived.');
}
await this._memberRepository.updateSubscription({
email,
subscription: {

63
ghost/members-api/test/unit/lib/controllers/member/index.test.js
View file

@ -3,7 +3,7 @@ const MemberController = require('../../../../../lib/controllers/member');
describe('MemberController', function () {
describe('updateSubscription', function () {
it('Updates a subscriptions plan via the member repository', async function () {
it('Updates a subscriptions plan via the member repository if the Tier is active', async function () {
const tokenService = {
decodeToken: sinon.fake.resolves({sub: 'fake@email.com'})
};
@ -27,8 +27,69 @@ describe('MemberController', function () {
})
};
const productRepository = {
get: sinon.fake.resolves({
get() {
return true;
}
})
};
const controller = new MemberController({
memberRepository,
productRepository,
StripePrice,
tokenService
});
const req = {
body: {
identity: 'token',
priceId: 'plan_name'
},
params: {
id: 'subscription_id'
}
};
const res = {
writeHead() {},
end() {}
};
await controller.updateSubscription(req, res);
memberRepository.updateSubscription.verify();
});
it('Does not a subscriptions plan via the member repository if the Tier is not active', async function () {
const tokenService = {
decodeToken: sinon.fake.resolves({sub: 'fake@email.com'})
};
const StripePrice = {
findOne: sinon.fake.returns({
id: 'plan_id',
stripe_price_id: 'stripe_price_id',
get: () => {
return 'stripe_price_id';
}
})
};
const memberRepository = {
updateSubscription: sinon.mock('updateSubscription').never()
};
const productRepository = {
get: sinon.fake.resolves({
get() {
return false;
}
})
};
const controller = new MemberController({
memberRepository,
productRepository,
StripePrice,
tokenService
});