mirror of
https://github.com/TryGhost/Ghost.git
synced 2025-02-10 23:36:14 -05:00
Removed unused support email verificaton endpoints (#15328)
fixes https://github.com/TryGhost/Team/issues/1679 These endpoints are safe to be removed, as they are only used by the admin app and usage has been removed over there. It is very unlikely that this endpoint has been used in a third party integration (in which case they will get a notification email).
This commit is contained in:
Simon Backx
GitHub
parent
3c94812ee5
commit
f2da1229d8
4 changed files with 1 additions and 165 deletions
|
|
@ -1,4 +1,3 @@
|
|||
const Promise = require('bluebird');
|
||||
const _ = require('lodash');
|
||||
const models = require('../../models');
|
||||
const routeSettings = require('../../services/route-settings');
|
||||
|
|
@ -6,13 +5,8 @@ const {BadRequestError} = require('@tryghost/errors');
|
|||
const settingsService = require('../../services/settings/settings-service');
|
||||
const membersService = require('../../services/members');
|
||||
const stripeService = require('../../services/stripe');
|
||||
const tpl = require('@tryghost/tpl');
|
||||
const settingsBREADService = settingsService.getSettingsBREADServiceInstance();
|
||||
|
||||
const messages = {
|
||||
failedSendingEmail: 'Failed Sending Email'
|
||||
};
|
||||
|
||||
async function getStripeConnectData(frame) {
|
||||
const stripeConnectIntegrationToken = frame.data.settings.find(setting => setting.key === 'stripe_connect_integration_token');
|
||||
|
||||
|
|
@ -77,94 +71,6 @@ module.exports = {
|
|||
}
|
||||
},
|
||||
|
||||
/**
|
||||
* @deprecated
|
||||
*/
|
||||
updateMembersEmail: {
|
||||
statusCode: 204,
|
||||
permissions: {
|
||||
method: 'edit'
|
||||
},
|
||||
data: [
|
||||
'email',
|
||||
'type'
|
||||
],
|
||||
async query(frame) {
|
||||
const {email, type} = frame.data;
|
||||
|
||||
try {
|
||||
// Mapped internally to the newer method of changing emails
|
||||
const actionToKeyMapping = {
|
||||
supportAddressUpdate: 'members_support_address'
|
||||
};
|
||||
const edit = {
|
||||
key: actionToKeyMapping[type],
|
||||
value: email
|
||||
};
|
||||
|
||||
await settingsBREADService.edit([edit], frame.options, null);
|
||||
} catch (err) {
|
||||
throw new BadRequestError({
|
||||
err,
|
||||
message: tpl(messages.failedSendingEmail)
|
||||
});
|
||||
}
|
||||
}
|
||||
},
|
||||
|
||||
/**
|
||||
* @todo can get removed, since this is moved to verifyKeyUpdate
|
||||
* @deprecated: keep to not break existing email verification links, but remove after 1 - 2 releases
|
||||
*/
|
||||
validateMembersEmailUpdate: {
|
||||
options: [
|
||||
'token',
|
||||
'action'
|
||||
],
|
||||
permissions: false,
|
||||
validation: {
|
||||
options: {
|
||||
token: {
|
||||
required: true
|
||||
},
|
||||
action: {
|
||||
values: ['supportaddressupdate']
|
||||
}
|
||||
}
|
||||
},
|
||||
async query(frame) {
|
||||
// This is something you have to do if you want to use the "framework" with access to the raw req/res
|
||||
frame.response = async function (req, res) {
|
||||
try {
|
||||
const {token, action} = frame.options;
|
||||
const updatedEmailAddress = await membersService.settings.getEmailFromToken({token});
|
||||
const actionToKeyMapping = {
|
||||
supportAddressUpdate: 'members_support_address'
|
||||
};
|
||||
if (updatedEmailAddress) {
|
||||
return models.Settings.edit({
|
||||
key: actionToKeyMapping[action],
|
||||
value: updatedEmailAddress
|
||||
}).then(() => {
|
||||
// Redirect to Ghost-Admin settings page
|
||||
const adminLink = membersService.settings.getAdminRedirectLink({type: action});
|
||||
res.redirect(adminLink);
|
||||
});
|
||||
} else {
|
||||
return Promise.reject(new BadRequestError({
|
||||
message: 'Invalid token!'
|
||||
}));
|
||||
}
|
||||
} catch (err) {
|
||||
return Promise.reject(new BadRequestError({
|
||||
err,
|
||||
message: 'Invalid token!'
|
||||
}));
|
||||
}
|
||||
};
|
||||
}
|
||||
},
|
||||
|
||||
disconnectStripeConnectIntegration: {
|
||||
statusCode: 204,
|
||||
permissions: {
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
const Promise = require('bluebird');
|
||||
const _ = require('lodash');
|
||||
const {ValidationError, BadRequestError} = require('@tryghost/errors');
|
||||
const {ValidationError} = require('@tryghost/errors');
|
||||
const validator = require('@tryghost/validator');
|
||||
const tpl = require('@tryghost/tpl');
|
||||
|
||||
|
|
@ -71,24 +71,5 @@ module.exports = {
|
|||
if (errors.length) {
|
||||
return Promise.reject(errors[0]);
|
||||
}
|
||||
},
|
||||
|
||||
/**
|
||||
* @deprecated
|
||||
*/
|
||||
updateMembersEmail(apiConfig, frame) {
|
||||
const {email, type} = frame.data;
|
||||
|
||||
if (typeof email !== 'string' || !validator.isEmail(email)) {
|
||||
throw new BadRequestError({
|
||||
message: messages.invalidEmailReceived
|
||||
});
|
||||
}
|
||||
|
||||
if (!type || !['supportAddressUpdate'].includes(type)) {
|
||||
throw new BadRequestError({
|
||||
message: messages.invalidEmailTypeReceived
|
||||
});
|
||||
}
|
||||
}
|
||||
};
|
||||
|
|
|
|||
|
|
@ -65,13 +65,6 @@ module.exports = function apiRoutes() {
|
|||
router.get('/settings', mw.authAdminApi, http(api.settings.browse));
|
||||
router.put('/settings', mw.authAdminApi, http(api.settings.edit));
|
||||
router.put('/settings/verifications/', mw.authAdminApi, http(api.settings.verifyKeyUpdate));
|
||||
|
||||
/** @deprecated This endpoint is part of the old email verification flow for the support email */
|
||||
router.get('/settings/members/email', http(api.settings.validateMembersEmailUpdate));
|
||||
|
||||
/** @deprecated This endpoint is part of the old email verification flow for the support email */
|
||||
router.post('/settings/members/email', mw.authAdminApi, http(api.settings.updateMembersEmail));
|
||||
|
||||
router.del('/settings/stripe/connect', mw.authAdminApi, http(api.settings.disconnectStripeConnectIntegration));
|
||||
|
||||
// ## Users
|
||||
|
|
|
|||
|
|
@ -403,48 +403,4 @@ describe('Settings API', function () {
|
|||
});
|
||||
});
|
||||
});
|
||||
|
||||
// @TODO We can drop these tests once we removed the deprecated endpoints
|
||||
describe('deprecated', function () {
|
||||
it('can do updateMembersEmail', async function () {
|
||||
await agent
|
||||
.post('settings/members/email/')
|
||||
.body({
|
||||
email: 'test@test.com',
|
||||
type: 'supportAddressUpdate'
|
||||
})
|
||||
.expectStatus(204)
|
||||
.expectEmptyBody()
|
||||
.matchHeaderSnapshot({
|
||||
etag: anyEtag
|
||||
});
|
||||
|
||||
mockManager.assert.sentEmail({
|
||||
subject: 'Verify email address',
|
||||
to: 'test@test.com'
|
||||
});
|
||||
});
|
||||
|
||||
it('can do validateMembersEmailUpdate', async function () {
|
||||
const magicLink = await membersService.api.getMagicLink('test@test.com');
|
||||
const magicLinkUrl = new URL(magicLink);
|
||||
const token = magicLinkUrl.searchParams.get('token');
|
||||
|
||||
await agent
|
||||
.get(`settings/members/email/?token=${token}&action=supportAddressUpdate`)
|
||||
.expectStatus(302)
|
||||
.expectEmptyBody()
|
||||
.matchHeaderSnapshot();
|
||||
|
||||
// Assert that the setting is changed as a side effect
|
||||
// NOTE: cannot use read here :/
|
||||
await agent.get('settings/')
|
||||
.expect(({body}) => {
|
||||
const fromAddress = body.settings.find((setting) => {
|
||||
return setting.key === 'members_support_address';
|
||||
});
|
||||
assert.equal(fromAddress.value, 'test@test.com');
|
||||
});
|
||||
});
|
||||
});
|
||||
});
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue