New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
🐛 Updated support email verification flow #15029
Conversation
refs https://github.com/TryGhost/Team/issues/584 The current support email verification flow uses an API endpoint as verification URL. This is a bad pattern, and also has the side effect that it shows a JSON error if something goes wrong. To fix this, this commit updates the whole flow to use the same pattern as newsletters: - You can update the `members_support_address` setting directly via the edit endpoint of settings. - Changes to that (and future 'guarded' email properties) are blocked and generate verification emails automatically. - When an email verification has been sent, the meta property `sent_email_verification` is set. Other changes: - Underlying, the implementation of email verificaton has moved from the (old) members service to the settings BREAD service. This makes it easier to add extra email addresses in settings later on that are not related to 'members'. - Because now you can update the `members_support_address` by updating the settings, the `updateMembersEmail` is no longer needed and has been removed. - The SingleUseTokenProvider threw a `UnauthorizedError` error if a token was expired or invalid. Those errors are caught by the admin app, and causes it to do a page reload (making the error message and modals invisible). To fix that, I've swapped it with a validation error. Future changes: - Existing emails that have been sent 24h before this change is applied, still use the `validateMembersEmailUpdate` API endpoint. This endpoint has not been removed for now, to not break those emails. In a future release, we should remove this. Changes to admin: TryGhost/Admin#2426
Codecov Report
@@ Coverage Diff @@
## main #15029 +/- ##
==========================================
+ Coverage 61.07% 61.47% +0.40%
==========================================
Files 593 597 +4
Lines 47557 47925 +368
Branches 4271 4322 +51
==========================================
+ Hits 29045 29462 +417
+ Misses 18463 18413 -50
- Partials 49 50 +1
Continue to review full report at Codecov.
|
This is technically a breaking change. Can we reinstate it, but map it internally using the deprecation header to a settings update to trigger the new flow? |
You are right. I readded the old endpoints ✅ |
refs https://github.com/TryGhost/Team/issues/584
The current support email verification flow uses an API endpoint as verification URL inside the emails. This is a bad pattern, and also has the side effect that it shows a JSON error if something goes wrong.
To fix this, this commit updates the whole flow to use the same pattern as newsletters:
members_support_address
setting directly via the edit endpoint of settings.sent_email_verification
is set.Other changes:
members_support_address
by updating the settings directly, so theupdateMembersEmail
endpoint has been deprecated and is mapped to the new behaviour.UnauthorizedError
error if a token was expired or invalid. Those errors are caught by the admin app, and causes it to do a page reload (making the error message and modals invisible). To fix that, I've swapped it with a validation error.Future changes:
validateMembersEmailUpdate
API endpoint. This endpoint has not been removed for now, to not break those emails. In a future release, we should remove this.Changes to admin: TryGhost/Admin#2426