Infrastructure/ghost
0
Fork 0
mirror of https://github.com/TryGhost/Ghost.git synced 2025-02-10 23:36:14 -05:00
Code Issues Activity
ghost/test/unit/server/services
History
Simon Backx c6621dc17d
🐛 Updated support email verification flow (#15029) 
refs https://github.com/TryGhost/Team/issues/584

The current support email verification flow uses an API endpoint as verification URL inside the emails. This is a bad pattern, and also has the side effect that it shows a JSON error if something goes wrong.

To fix this, this commit updates the whole flow to use the same pattern as newsletters:
- You can update the `members_support_address` setting directly via the edit endpoint of settings.
- Changes to that (and future 'guarded' email properties) are blocked and generate verification emails automatically.
- When an email verification has been sent, the meta property `sent_email_verification` is set.

Other changes:
- Underlying, the implementation of email verificaton has moved from the (old) members service to the settings BREAD service. This makes it easier to add extra email addresses in settings later on that are not related to 'members'.
- Now you can update the `members_support_address` by updating the settings directly, so the `updateMembersEmail` endpoint has been deprecated and is mapped to the new behaviour.
- The SingleUseTokenProvider threw a `UnauthorizedError` error if a token was expired or invalid. Those errors are caught by the admin app, and causes it to do a page reload (making the error message and modals invisible). To fix that, I've swapped it with a validation error.

Future changes:
- Existing emails that have been sent 24h before this change is applied, still use the `validateMembersEmailUpdate` API endpoint. This endpoint has not been removed for now, to not break those emails. In a future release, we should remove this.

Changes to admin: https://github.com/TryGhost/Admin/pull/2426
2022-07-15 14:43:52 +02:00
..
adapter-manager
api-version-compatibility Fixed legacyApiPathMatch not working with subdirs 2022-05-10 13:57:06 +01:00
auth Swapped setup to use tiers API endpoint 2022-05-12 19:48:27 +01:00
frontend-data-service Added frontend key to ghost_head for portal (#14782) 2022-05-11 17:34:31 +01:00
mail Extracted email-content-generator into a package 2022-05-04 17:28:09 +08:00
mega Added getLazyRelation model helper method (#14943) 2022-05-31 13:21:53 +02:00
members Redirected Members to previous post/page upon sign-in 2022-07-15 11:55:09 +01:00
newsletters Fixed newsletter includes when adding or editing (#14696) 2022-05-05 11:20:15 +02:00
notifications Replace error handler middleware with @tryghost/mw-error-handler (#13879) 2021-12-14 15:18:46 +00:00
permissions Added members permission system 2022-07-12 10:24:02 +02:00
posts
redirects
route-settings Removed sync method from route settings loader 2022-04-28 15:37:09 +01:00
settings 🐛 Updated support email verification flow (#15029) 2022-07-15 14:43:52 +02:00
stripe Removed settings that are no longer in use (#14802) 2022-05-13 21:19:21 +01:00
themes
url 🔥 Removed support for http/https mixed mode (#14783) 2022-05-11 14:53:23 +01:00
users Added unit test coverage to the user service 2022-07-13 03:06:04 +12:00
webhooks Improved assertions 2022-05-12 13:54:21 +08:00
labs.test.js Removed oauth experiment 2022-05-16 17:37:13 +01:00
limits.test.js Fixed incorrect usage of limit config causing Ghost not to boot 2022-05-10 15:47:45 -04:00
slack.test.js Replaced schema.isPost in slack service /w custom fn 2022-04-05 14:24:42 +01:00
xmlrpc.test.js