npm - ghost - Versions diffs - 6.0.5 → 6.0.7 - Mend

ghost 6.0.5 → 6.0.7

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (48) hide show

package/core/server/data/tinybird/tests/api_top_utm_sources.yaml ADDED Viewed

@@ -0,0 +1,108 @@
+- name: Date range
+  description: All fixture data
+  parameters: site_uuid=mock_site_uuid&date_from=2100-01-01&date_to=2100-01-07&timezone=Etc/UTC
+  expected_result: |
+    {"utm_source":"google","visits":6}
+    {"utm_source":"linkedin","visits":3}
+    {"utm_source":"twitter","visits":3}
+    {"utm_source":"newsletter","visits":3}
+    {"utm_source":"instagram","visits":1}
+- name: Filtered by browser - Chrome
+  description: Filtered by browser - Chrome
+  parameters: site_uuid=mock_site_uuid&date_from=2100-01-01&date_to=2100-01-07&timezone=Etc/UTC&browser=chrome
+  expected_result: |
+    {"utm_source":"google","visits":4}
+    {"utm_source":"linkedin","visits":1}
+    {"utm_source":"twitter","visits":1}
+    {"utm_source":"newsletter","visits":1}
+- name: Filtered by device - desktop
+  description: Filtered by device - desktop
+  parameters: site_uuid=mock_site_uuid&date_from=2100-01-01&date_to=2100-01-07&timezone=Etc/UTC&device=desktop
+  expected_result: |
+    {"utm_source":"google","visits":6}
+    {"utm_source":"twitter","visits":3}
+    {"utm_source":"newsletter","visits":3}
+    {"utm_source":"linkedin","visits":2}
+    {"utm_source":"instagram","visits":1}
+- name: Filtered by location - UK
+  description: Filtered by location - UK
+  parameters: site_uuid=mock_site_uuid&date_from=2100-01-01&date_to=2100-01-07&timezone=Etc/UTC&location=GB
+  expected_result: |
+    {"utm_source":"google","visits":3}
+    {"utm_source":"linkedin","visits":2}
+    {"utm_source":"newsletter","visits":2}
+    {"utm_source":"twitter","visits":1}
+- name: Filtered by OS - Windows
+  description: Filtered by OS - Windows
+  parameters: site_uuid=mock_site_uuid&date_from=2100-01-01&date_to=2100-01-07&timezone=Etc/UTC&os=windows
+  expected_result: |
+    {"utm_source":"google","visits":5}
+    {"utm_source":"twitter","visits":3}
+    {"utm_source":"newsletter","visits":3}
+    {"utm_source":"linkedin","visits":2}
+    {"utm_source":"instagram","visits":1}
+- name: Filtered by pathname - /about/
+  description: Filtered by pathname - /about/
+  parameters: site_uuid=mock_site_uuid&date_from=2100-01-01&date_to=2100-01-07&timezone=Etc/UTC&pathname=%2Fabout%2F
+  expected_result: |
+    {"utm_source":"google","visits":4}
+    {"utm_source":"twitter","visits":2}
+    {"utm_source":"linkedin","visits":1}
+    {"utm_source":"newsletter","visits":1}
+- name: Filtered by post_uuid - 06b1b0c9-fb53-4a15-a060-3db3fde7b1fc (/about/)
+  description: Filtered by post_uuid - 06b1b0c9-fb53-4a15-a060-3db3fde7b1fc (/about/)
+  parameters: site_uuid=mock_site_uuid&date_from=2100-01-01&date_to=2100-01-07&timezone=Etc/UTC&post_uuid=06b1b0c9-fb53-4a15-a060-3db3fde7b1fc
+  expected_result: |
+    {"utm_source":"google","visits":4}
+    {"utm_source":"twitter","visits":2}
+    {"utm_source":"linkedin","visits":1}
+    {"utm_source":"newsletter","visits":1}
+- name: Filtered by source - bing.com
+  description: Filtered by source - bing.com
+  parameters: site_uuid=mock_site_uuid&date_from=2100-01-01&date_to=2100-01-07&timezone=Etc/UTC&source=bing.com
+  expected_result: |
+    {"utm_source":"twitter","visits":2}
+- name: Filtered by member status - paid
+  description: Filtered by member status - paid
+  parameters: site_uuid=mock_site_uuid&date_from=2100-01-01&date_to=2100-01-07&timezone=Etc/UTC&member_status=paid
+  expected_result: |
+    {"utm_source":"google","visits":2}
+    {"utm_source":"newsletter","visits":2}
+    {"utm_source":"twitter","visits":1}
+- name: Filtered by member status - undefined
+  description: Filtered by member status - undefined
+  parameters: site_uuid=mock_site_uuid&date_from=2100-01-01&date_to=2100-01-07&timezone=Etc/UTC&member_status=undefined
+  expected_result: |
+    {"utm_source":"linkedin","visits":3}
+    {"utm_source":"google","visits":1}
+    {"utm_source":"instagram","visits":1}
+    {"utm_source":"newsletter","visits":1}
+- name: Filtered by timezone - America/Los_Angeles
+  description: Filtered by timezone - America/Los_Angeles
+  parameters: site_uuid=mock_site_uuid&date_from=2100-01-01&date_to=2100-01-07&timezone=America/Los_Angeles
+  expected_result: |
+    {"utm_source":"google","visits":5}
+    {"utm_source":"newsletter","visits":3}
+    {"utm_source":"linkedin","visits":2}
+    {"utm_source":"twitter","visits":2}
+    {"utm_source":"instagram","visits":1}
+- name: Test with multiple filters combined
+  description: Test with multiple filters combined
+  parameters: site_uuid=mock_site_uuid&date_from=2100-01-01&date_to=2100-01-07&timezone=Etc/UTC&device=desktop&browser=firefox
+  expected_result: |
+    {"utm_source":"newsletter","visits":2}
+    {"utm_source":"linkedin","visits":1}
+    {"utm_source":"twitter","visits":1}
+    {"utm_source":"instagram","visits":1}

package/core/server/data/tinybird/tests/api_top_utm_terms.yaml ADDED Viewed

@@ -0,0 +1,108 @@
+- name: Date range
+  description: All fixture data
+  parameters: site_uuid=mock_site_uuid&date_from=2100-01-01&date_to=2100-01-07&timezone=Etc/UTC
+  expected_result: |
+    {"utm_term":"ghost cms","visits":6}
+    {"utm_term":"blog software","visits":3}
+    {"utm_term":"content management","visits":3}
+    {"utm_term":"newsletter platform","visits":3}
+    {"utm_term":"membership site","visits":1}
+- name: Filtered by browser - Chrome
+  description: Filtered by browser - Chrome
+  parameters: site_uuid=mock_site_uuid&date_from=2100-01-01&date_to=2100-01-07&timezone=Etc/UTC&browser=chrome
+  expected_result: |
+    {"utm_term":"ghost cms","visits":4}
+    {"utm_term":"blog software","visits":1}
+    {"utm_term":"content management","visits":1}
+    {"utm_term":"newsletter platform","visits":1}
+- name: Filtered by device - desktop
+  description: Filtered by device - desktop
+  parameters: site_uuid=mock_site_uuid&date_from=2100-01-01&date_to=2100-01-07&timezone=Etc/UTC&device=desktop
+  expected_result: |
+    {"utm_term":"ghost cms","visits":6}
+    {"utm_term":"blog software","visits":3}
+    {"utm_term":"content management","visits":3}
+    {"utm_term":"newsletter platform","visits":2}
+    {"utm_term":"membership site","visits":1}
+- name: Filtered by location - UK
+  description: Filtered by location - UK
+  parameters: site_uuid=mock_site_uuid&date_from=2100-01-01&date_to=2100-01-07&timezone=Etc/UTC&location=GB
+  expected_result: |
+    {"utm_term":"ghost cms","visits":3}
+    {"utm_term":"blog software","visits":2}
+    {"utm_term":"newsletter platform","visits":2}
+    {"utm_term":"content management","visits":1}
+- name: Filtered by OS - Windows
+  description: Filtered by OS - Windows
+  parameters: site_uuid=mock_site_uuid&date_from=2100-01-01&date_to=2100-01-07&timezone=Etc/UTC&os=windows
+  expected_result: |
+    {"utm_term":"ghost cms","visits":5}
+    {"utm_term":"blog software","visits":3}
+    {"utm_term":"content management","visits":3}
+    {"utm_term":"newsletter platform","visits":2}
+    {"utm_term":"membership site","visits":1}
+- name: Filtered by pathname - /about/
+  description: Filtered by pathname - /about/
+  parameters: site_uuid=mock_site_uuid&date_from=2100-01-01&date_to=2100-01-07&timezone=Etc/UTC&pathname=%2Fabout%2F
+  expected_result: |
+    {"utm_term":"ghost cms","visits":4}
+    {"utm_term":"content management","visits":2}
+    {"utm_term":"blog software","visits":1}
+    {"utm_term":"newsletter platform","visits":1}
+- name: Filtered by post_uuid - 06b1b0c9-fb53-4a15-a060-3db3fde7b1fc (/about/)
+  description: Filtered by post_uuid - 06b1b0c9-fb53-4a15-a060-3db3fde7b1fc (/about/)
+  parameters: site_uuid=mock_site_uuid&date_from=2100-01-01&date_to=2100-01-07&timezone=Etc/UTC&post_uuid=06b1b0c9-fb53-4a15-a060-3db3fde7b1fc
+  expected_result: |
+    {"utm_term":"ghost cms","visits":4}
+    {"utm_term":"content management","visits":2}
+    {"utm_term":"blog software","visits":1}
+    {"utm_term":"newsletter platform","visits":1}
+- name: Filtered by source - bing.com
+  description: Filtered by source - bing.com
+  parameters: site_uuid=mock_site_uuid&date_from=2100-01-01&date_to=2100-01-07&timezone=Etc/UTC&source=bing.com
+  expected_result: |
+    {"utm_term":"content management","visits":2}
+- name: Filtered by member status - paid
+  description: Filtered by member status - paid
+  parameters: site_uuid=mock_site_uuid&date_from=2100-01-01&date_to=2100-01-07&timezone=Etc/UTC&member_status=paid
+  expected_result: |
+    {"utm_term":"blog software","visits":2}
+    {"utm_term":"ghost cms","visits":2}
+    {"utm_term":"content management","visits":1}
+- name: Filtered by member status - undefined
+  description: Filtered by member status - undefined
+  parameters: site_uuid=mock_site_uuid&date_from=2100-01-01&date_to=2100-01-07&timezone=Etc/UTC&member_status=undefined
+  expected_result: |
+    {"utm_term":"newsletter platform","visits":3}
+    {"utm_term":"blog software","visits":1}
+    {"utm_term":"membership site","visits":1}
+    {"utm_term":"ghost cms","visits":1}
+- name: Filtered by timezone - America/Los_Angeles
+  description: Filtered by timezone - America/Los_Angeles
+  parameters: site_uuid=mock_site_uuid&date_from=2100-01-01&date_to=2100-01-07&timezone=America/Los_Angeles
+  expected_result: |
+    {"utm_term":"ghost cms","visits":5}
+    {"utm_term":"blog software","visits":3}
+    {"utm_term":"content management","visits":2}
+    {"utm_term":"newsletter platform","visits":2}
+    {"utm_term":"membership site","visits":1}
+- name: Test with multiple filters combined
+  description: Test with multiple filters combined
+  parameters: site_uuid=mock_site_uuid&date_from=2100-01-01&date_to=2100-01-07&timezone=Etc/UTC&device=desktop&browser=firefox
+  expected_result: |
+    {"utm_term":"blog software","visits":2}
+    {"utm_term":"membership site","visits":1}
+    {"utm_term":"content management","visits":1}
+    {"utm_term":"newsletter platform","visits":1}

package/core/server/services/lib/magic-link/MagicLink.js CHANGED Viewed

@@ -1,6 +1,7 @@
 const {IncorrectUsageError, BadRequestError} = require('@tryghost/errors');
 const {isEmail} = require('@tryghost/validator');
 const tpl = require('@tryghost/tpl');
 const messages = {
     invalidEmail: 'Email is not valid'
 };
@@ -11,12 +12,19 @@ const messages = {
  * @typedef { string } URL
  */
+/**
+ * @typedef {Object} TokenValidateOptions
+ * @prop {string} [otcVerification] - "timestamp:hash" string used to verify an OTC-bound token
+ */
 /**
  * @template T
  * @template D
  * @typedef {Object} TokenProvider<T, D>
  * @prop {(data: D) => Promise<T>} create
- * @prop {(token: T) => Promise<D>} validate
+ * @prop {(token: T, options?: TokenValidateOptions) => Promise<D>} validate
+ * @prop {(token: T) => Promise<string | null>} [getIdByToken]
+ * @prop {(otcRef: string, tokenValue: T) => string} [deriveOTC]
  */
 /**
@@ -29,11 +37,12 @@ class MagicLink {
      * @param {object} options
      * @param {MailTransporter} options.transporter
      * @param {TokenProvider<Token, TokenData>} options.tokenProvider
-     * @param {(token: Token, type: string, referrer?: string) => URL} options.getSigninURL
+     * @param {(token: Token, type: string, referrer?: string, otcVerification?: string) => URL} options.getSigninURL
      * @param {typeof defaultGetText} [options.getText]
      * @param {typeof defaultGetHTML} [options.getHTML]
      * @param {typeof defaultGetSubject} [options.getSubject]
      * @param {object} [options.sentry]
+     * @param {{isSet(name: string): boolean}} [options.labsService]
      */
     constructor(options) {
         if (!options || !options.transporter || !options.tokenProvider || !options.getSigninURL) {
@@ -46,6 +55,7 @@ class MagicLink {
         this.getHTML = options.getHTML || defaultGetHTML;
         this.getSubject = options.getSubject || defaultGetSubject;
         this.sentry = options.sentry || undefined;
+        this.labsService = options.labsService || undefined;
     }
     /**
@@ -56,7 +66,8 @@ class MagicLink {
      * @param {TokenData} options.tokenData - The data for token
      * @param {string} [options.type='signin'] - The type to be passed to the url and content generator functions
      * @param {string} [options.referrer=null] - The referrer of the request, if exists. The member will be redirected back to this URL after signin.
-     * @returns {Promise<{token: Token, info: SentMessageInfo}>}
+     * @param {boolean} [options.includeOTC=false] - Whether to send a one-time-code in the email.
+     * @returns {Promise<{token: Token, otcRef: string | null, info: SentMessageInfo}>}
      */
     async sendMagicLink(options) {
         this.sentry?.captureMessage?.(`[Magic Link] Generating magic link`, {extra: options});
@@ -73,14 +84,38 @@ class MagicLink {
         const url = this.getSigninURL(token, type, options.referrer);
+        let otc = null;
+        if (this.labsService?.isSet('membersSigninOTC') && options.includeOTC) {
+            try {
+                otc = await this.getOTCFromToken(token);
+            } catch (err) {
+                this.sentry?.captureException?.(err);
+                otc = null;
+            }
+        }
         const info = await this.transporter.sendMail({
             to: options.email,
-            subject: this.getSubject(type),
-            text: this.getText(url, type, options.email),
-            html: this.getHTML(url, type, options.email)
+            subject: this.getSubject(type, otc),
+            text: this.getText(url, type, options.email, otc),
+            html: this.getHTML(url, type, options.email, otc)
         });
-        return {token, info};
+        // return otcRef so we can pass it as a reference to the client so it
+        // can pass it back as a reference when verifying the OTC. We only do
+        // this if we've successfully generated an OTC to avoid clients showing
+        // a token input field when the email doesn't contain an OTC
+        let otcRef = null;
+        if (this.labsService?.isSet('membersSigninOTC') && otc) {
+            try {
+                otcRef = await this.getIdFromToken(token);
+            } catch (err) {
+                this.sentry?.captureException?.(err);
+                otcRef = null;
+            }
+        }
+        return {token, otcRef, info};
     }
     /**
@@ -99,14 +134,47 @@ class MagicLink {
         return this.getSigninURL(token, type, options.referrer);
     }
+    /**
+     * getIdFromToken
+     *
+     * @param {Token} token - The token to get the id from
+     * @returns {Promise<string|null>} id - The id of the token
+     */
+    async getIdFromToken(token) {
+        if (typeof this.tokenProvider.getIdByToken !== 'function') {
+            return null;
+        }
+        const id = await this.tokenProvider.getIdByToken(token);
+        return id;
+    }
+    /**
+     * getOTCFromToken
+     *
+     * @param {Token} token - The token to get the otc from
+     * @returns {Promise<string|null>} otc - The otc of the token
+     */
+    async getOTCFromToken(token) {
+        const tokenId = await this.getIdFromToken(token);
+        if (!tokenId || typeof this.tokenProvider.deriveOTC !== 'function') {
+            return null;
+        }
+        const otc = await this.tokenProvider.deriveOTC(tokenId, token);
+        return otc;
+    }
     /**
      * getDataFromToken
      *
      * @param {Token} token - The token to decode
+     * @param {string} [otcVerification] - Optional "timestamp:hash" to bind token usage to an OTC verification window
      * @returns {Promise<TokenData>} data - The data object associated with the magic link
      */
-    async getDataFromToken(token) {
-        const tokenData = await this.tokenProvider.validate(token);
+    async getDataFromToken(token, otcVerification) {
+        const tokenData = await this.tokenProvider.validate(token, {otcVerification});
         return tokenData;
     }
 }
@@ -117,13 +185,19 @@ class MagicLink {
  * @param {URL} url - The url which will trigger sign in flow
  * @param {string} type - The type of email to send e.g. signin, signup
  * @param {string} email - The recipient of the email to send
+ * @param {string} otc - Optional one-time-code
  * @returns {string} text - The text content of an email to send
  */
-function defaultGetText(url, type, email) {
+function defaultGetText(url, type, email, otc) {
     let msg = 'sign in';
     if (type === 'signup') {
         msg = 'confirm your email address';
     }
+    if (otc) {
+        return `Enter the code ${otc} or click here to ${msg} ${url}. This msg was sent to ${email}`;
+    }
     return `Click here to ${msg} ${url}. This msg was sent to ${email}`;
 }
@@ -133,13 +207,19 @@ function defaultGetText(url, type, email) {
  * @param {URL} url - The url which will trigger sign in flow
  * @param {string} type - The type of email to send e.g. signin, signup
  * @param {string} email - The recipient of the email to send
+ * @param {string} otc - Optional one-time-code
  * @returns {string} HTML - The HTML content of an email to send
  */
-function defaultGetHTML(url, type, email) {
+function defaultGetHTML(url, type, email, otc) {
     let msg = 'sign in';
     if (type === 'signup') {
         msg = 'confirm your email address';
     }
+    if (otc) {
+        return `Enter the code ${otc} or <a href="${url}">click here to ${msg}</a> This msg was sent to ${email}`;
+    }
     return `<a href="${url}">Click here to ${msg}</a> This msg was sent to ${email}`;
 }
@@ -147,12 +227,18 @@ function defaultGetHTML(url, type, email) {
  * defaultGetSubject
  *
  * @param {string} type - The type of email to send e.g. signin, signup
+ * @param {string} otc - Optional one-time-code
  * @returns {string} subject - The subject of an email to send
  */
-function defaultGetSubject(type) {
+function defaultGetSubject(type, otc) {
     if (type === 'signup') {
         return `Signup!`;
     }
+    if (otc) {
+        return `Your signin verification code is ${otc}`;
+    }
     return `Signin!`;
 }

package/core/server/services/members/MembersConfigProvider.js CHANGED Viewed

@@ -82,7 +82,14 @@ class MembersConfigProvider {
         };
     }
-    getSigninURL(token, type, referrer) {
+    /**
+     * @param {string} token
+     * @param {string} type - also known as "action", e.g. "signin" or "signup"
+     * @param {string} [referrer] - optional URL for redirecting to after signin
+     * @param {string} [otcVerification] - optional for verifying an OTC signin redirect
+     * @returns {string}
+     */
+    getSigninURL(token, type, referrer, otcVerification) {
         const siteUrl = this._urlUtils.urlFor({relativeUrl: '/members/'}, true);
         const signinURL = new URL(siteUrl);
         signinURL.searchParams.set('token', token);
@@ -90,6 +97,9 @@ class MembersConfigProvider {
         if (referrer) {
             signinURL.searchParams.set('r', referrer);
         }
+        if (otcVerification) {
+            signinURL.searchParams.set('otc_verification', otcVerification);
+        }
         return signinURL.toString();
     }
 }