diff --git a/meta/documents/changelog_de.md b/meta/documents/changelog_de.md
index b51ed8ef4..d28fda1e4 100644
--- a/meta/documents/changelog_de.md
+++ b/meta/documents/changelog_de.md
@@ -4,10 +4,14 @@
### Behoben
-- Ein Fehler bei der Prüfung von kanonischen Urls in Kombination mit ausgeschlossenen ShopBooster Parametern, kann zu fehlenden alternate links führen. Dies wurde behoben.
+- Ein Fehler bei der Prüfung von kanonischen URLs in Kombination mit ausgeschlossenen ShopBooster-Parametern, kann zu fehlenden alternate links führen. Dies wurde behoben.
- Es wurde ein Fehler behoben, der dazu führte, dass der Benutzer auf die Homepage umgeleitet wurde, wenn die Sprache auf der Bestellbestätigungsseite geändert wurde.
- Die Reihenfolge der Artikel auf der Wunschliste wird jetzt beibehalten.
+### Geändert
+
+- Die Route zur Kundenregistrierung `/register` enthält jetzt eine IP-basierte Limitierung im plentysystems Kern.
+
## v5.0.61 (2023-10-30) Übersicht aller Änderungen
### Behoben
diff --git a/meta/documents/changelog_en.md b/meta/documents/changelog_en.md
index 69ead8017..12814a651 100644
--- a/meta/documents/changelog_en.md
+++ b/meta/documents/changelog_en.md
@@ -4,10 +4,14 @@
### Fixed
-- An error when checking canonical urls in combination with excluded ShopBooster parameters can lead to missing alternate links. This was fixed.
+- An error when checking canonical URLs in combination with excluded ShopBooster parameters could lead to missing alternate links. This has been fixed.
- Solved a bug that manifested by redirecting the user to the homepage when the language was changed on order confirmation page.
- The wish list now preserves the order of the items on the list.
+### Changed
+
+- The customer registration route `/register` now contains an IP-based limitation in the plentysystems core.
+
## v5.0.61 (2023-10-30) Overview of all changes
### Fixed
diff --git a/src/Api/Resources/CustomerResource.php b/src/Api/Resources/CustomerResource.php
index 6ec658740..8fc715132 100644
--- a/src/Api/Resources/CustomerResource.php
+++ b/src/Api/Resources/CustomerResource.php
@@ -1,20 +1,15 @@
-customerService = $customerService;
}
- /**
- * Get the contact.
- * @return Response
- */
- public function index(): Response
- {
- return $this->response->create($this->indexCustomer(), ResponseCode::OK);
- }
-
/**
* Save the contact.
* @return Response
@@ -66,16 +52,6 @@ public function store(): Response
return $this->response->create(true, ResponseCode::OK);
}
- if (!ReCaptcha::verify($this->request->get('recaptcha', null))) {
- /**
- * @var NotificationService $notificationService
- */
- $notificationService = pluginApp(NotificationService::class);
- $notificationService->addNotificationCode(LogLevel::ERROR, 13);
-
- return $this->response->create('', ResponseCode::BAD_REQUEST);
- }
-
$contactData = $this->request->get('contact', null);
$billingAddressData = $this->request->get('billingAddress', []);
$deliveryAddressData = $this->request->get('deliveryAddress', []);
@@ -90,7 +66,7 @@ public function store(): Response
return $this->response->create(null, ResponseCode::BAD_REQUEST);
}
- /** @var Dispatcher $eventDispatcher */
+ /** @var Dispatcher $eventDispatcher */
$eventDispatcher = pluginApp(Dispatcher::class);
if (count($billingAddressData) === 0) {
@@ -123,4 +99,13 @@ public function store(): Response
return $this->index();
}
+
+ /**
+ * Get the contact.
+ * @return Response
+ */
+ public function index(): Response
+ {
+ return $this->response->create($this->indexCustomer(), ResponseCode::OK);
+ }
}
diff --git a/src/Providers/IORouteServiceProvider.php b/src/Providers/IORouteServiceProvider.php
index 209583ea9..8caa71ddf 100644
--- a/src/Providers/IORouteServiceProvider.php
+++ b/src/Providers/IORouteServiceProvider.php
@@ -1,4 +1,4 @@
-version(
+ ['v1'],
+ ['namespace' => 'IO\Api\Resources', 'middleware' => ['throttleFrontend:register-form']],
+ function (ApiRouter $api) {
+ $api->post('io/customer', 'CustomerResource@store');
+ }
+ );
+
$api->version(['v1'], ['namespace' => 'IO\Api\Resources'], function (ApiRouter $api) {
$api->get('io/basket', 'BasketResource@index');
$api->resource('io/basket/items', 'BasketItemResource');
@@ -37,7 +45,7 @@ public function map(Router $router, ApiRouter $api)
$api->resource('io/order/property/file', 'OrderPropertyFileResource');
$api->get('io/checkout', 'CheckoutResource@index');
$api->resource('io/category/description', 'CategoryDescriptionResource');
- $api->resource('io/customer', 'CustomerResource');
+ $api->get('io/customer', 'CustomerResource@index');
$api->resource('io/customer/login', 'CustomerAuthenticationResource');
$api->resource('io/customer/logout', 'CustomerLogoutResource');
$api->resource('io/customer/password', 'CustomerPasswordResource');
@@ -67,10 +75,14 @@ public function map(Router $router, ApiRouter $api)
});
if (RouteConfig::isActive(RouteConfig::CONTACT_MAIL_API)) {
- $api->version(['v1'], ['namespace' => 'IO\Api\Resources', 'middleware' => ['throttleFrontend:contact-form']], function (ApiRouter $api) {
- $api->resource('io/customer/contact/mail', 'ContactMailResource');
- $api->resource('io/customer/contact/mail/file', 'ContactMailFileResource');
- });
+ $api->version(
+ ['v1'],
+ ['namespace' => 'IO\Api\Resources', 'middleware' => ['throttleFrontend:contact-form']],
+ function (ApiRouter $api) {
+ $api->resource('io/customer/contact/mail', 'ContactMailResource');
+ $api->resource('io/customer/contact/mail/file', 'ContactMailFileResource');
+ }
+ );
}
$api->version(['v1'], ['namespace' => 'IO\Api\Resources', 'middleware' => ['csrf']], function (ApiRouter $api) {
@@ -122,21 +134,28 @@ public function map(Router $router, ApiRouter $api)
// CHANGE MAIL
if (RouteConfig::isActive(RouteConfig::CHANGE_MAIL)) {
$router->get('change-mail/{contactId}/{hash}', 'IO\Controllers\CustomerChangeMailController@show');
- } else if (in_array(RouteConfig::CHANGE_MAIL, RouteConfig::getEnabledRoutes())
- && RouteConfig::getCategoryId(RouteConfig::CHANGE_MAIL) > 0
- && !$shopUrls->equals($shopUrls->changeMail, '/change-mail')
- ) {
- $router->get('change-mail/{contactId}/{hash}', 'IO\Controllers\CustomerChangeMailController@redirect');
+ } else {
+ if (
+ in_array(RouteConfig::CHANGE_MAIL, RouteConfig::getEnabledRoutes())
+ && RouteConfig::getCategoryId(RouteConfig::CHANGE_MAIL) > 0
+ && !$shopUrls->equals($shopUrls->changeMail, '/change-mail')
+ ) {
+ $router->get('change-mail/{contactId}/{hash}', 'IO\Controllers\CustomerChangeMailController@redirect');
+ }
}
if (RouteConfig::isActive(RouteConfig::MY_ACCOUNT)) {
//My-account route
$router->get('my-account', 'IO\Controllers\MyAccountController@showMyAccount');
- } else if (in_array(RouteConfig::MY_ACCOUNT, RouteConfig::getEnabledRoutes())
- && RouteConfig::getCategoryId(RouteConfig::MY_ACCOUNT) > 0
- && !$shopUrls->equals($shopUrls->myAccount, '/my-account')) {
- // my-account-route is activated and category is linked and category url is not '/my-account'
- $router->get('my-account', 'IO\Controllers\MyAccountController@showMyAccount');
+ } else {
+ if (
+ in_array(RouteConfig::MY_ACCOUNT, RouteConfig::getEnabledRoutes())
+ && RouteConfig::getCategoryId(RouteConfig::MY_ACCOUNT) > 0
+ && !$shopUrls->equals($shopUrls->myAccount, '/my-account')
+ ) {
+ // my-account-route is activated and category is linked and category url is not '/my-account'
+ $router->get('my-account', 'IO\Controllers\MyAccountController@showMyAccount');
+ }
}
// CHECKOUT
@@ -149,31 +168,70 @@ public function map(Router $router, ApiRouter $api)
);
// CONFIRMATION
- if (RouteConfig::isActive(RouteConfig::CONFIRMATION)
+ if (
+ RouteConfig::isActive(RouteConfig::CONFIRMATION)
|| in_array(RouteConfig::CONFIRMATION, RouteConfig::getEnabledRoutes())
- || RouteConfig::getCategoryId(RouteConfig::CONFIRMATION) > 0)
- {
- $router->get('-/akQQ{orderAccessKey}/idQQ{orderId}.html', 'IO\Controllers\ConfirmationEmailController@showConfirmation')->where('orderId', '\d+');
- $router->get('-/akQQ{orderAccessKey}/idQQ{orderId}', 'IO\Controllers\ConfirmationEmailController@showConfirmation')->where('orderId', '\d+');
- $router->get('_py-/akQQ{orderAccessKey}/idQQ{orderId}.html', 'IO\Controllers\ConfirmationEmailController@showConfirmation')->where('orderId', '\d+');
- $router->get('_py-/akQQ{orderAccessKey}/idQQ{orderId}', 'IO\Controllers\ConfirmationEmailController@showConfirmation')->where('orderId', '\d+');
- $router->get('_py_/akQQ{orderAccessKey}/idQQ{orderId}.html', 'IO\Controllers\ConfirmationEmailController@showConfirmation')->where('orderId', '\d+');
- $router->get('_py_/akQQ{orderAccessKey}/idQQ{orderId}', 'IO\Controllers\ConfirmationEmailController@showConfirmation')->where('orderId', '\d+');
- $router->get('_plentyShop__/akQQ{orderAccessKey}/idQQ{orderId}.html', 'IO\Controllers\ConfirmationEmailController@showConfirmation')->where('orderId', '\d+');
- $router->get('_plentyShop__/akQQ{orderAccessKey}/idQQ{orderId}', 'IO\Controllers\ConfirmationEmailController@showConfirmation')->where('orderId', '\d+');
+ || RouteConfig::getCategoryId(RouteConfig::CONFIRMATION) > 0
+ ) {
+ $router->get(
+ '-/akQQ{orderAccessKey}/idQQ{orderId}.html',
+ 'IO\Controllers\ConfirmationEmailController@showConfirmation'
+ )->where('orderId', '\d+');
+ $router->get(
+ '-/akQQ{orderAccessKey}/idQQ{orderId}',
+ 'IO\Controllers\ConfirmationEmailController@showConfirmation'
+ )->where('orderId', '\d+');
+ $router->get(
+ '_py-/akQQ{orderAccessKey}/idQQ{orderId}.html',
+ 'IO\Controllers\ConfirmationEmailController@showConfirmation'
+ )->where('orderId', '\d+');
+ $router->get(
+ '_py-/akQQ{orderAccessKey}/idQQ{orderId}',
+ 'IO\Controllers\ConfirmationEmailController@showConfirmation'
+ )->where('orderId', '\d+');
+ $router->get(
+ '_py_/akQQ{orderAccessKey}/idQQ{orderId}.html',
+ 'IO\Controllers\ConfirmationEmailController@showConfirmation'
+ )->where('orderId', '\d+');
+ $router->get(
+ '_py_/akQQ{orderAccessKey}/idQQ{orderId}',
+ 'IO\Controllers\ConfirmationEmailController@showConfirmation'
+ )->where('orderId', '\d+');
+ $router->get(
+ '_plentyShop__/akQQ{orderAccessKey}/idQQ{orderId}.html',
+ 'IO\Controllers\ConfirmationEmailController@showConfirmation'
+ )->where('orderId', '\d+');
+ $router->get(
+ '_plentyShop__/akQQ{orderAccessKey}/idQQ{orderId}',
+ 'IO\Controllers\ConfirmationEmailController@showConfirmation'
+ )->where('orderId', '\d+');
}
if (RouteConfig::isActive(RouteConfig::CONFIRMATION)) {
//Confirmation route
- $router->get('confirmation/{orderId?}/{orderAccessKey?}', 'IO\Controllers\ConfirmationController@showConfirmation');
- } else if (in_array(RouteConfig::CONFIRMATION, RouteConfig::getEnabledRoutes())
- && RouteConfig::getCategoryId(RouteConfig::CONFIRMATION) > 0
- && !$shopUrls->equals($shopUrls->confirmation, '/confirmation')) {
- // confirmation-route is activated and category is linked and category url is not '/confirmation'
- $router->get('confirmation/{orderId?}/{orderAccessKey?}', 'IO\Controllers\ConfirmationController@redirect');
+ $router->get(
+ 'confirmation/{orderId?}/{orderAccessKey?}',
+ 'IO\Controllers\ConfirmationController@showConfirmation'
+ );
+ } else {
+ if (
+ in_array(RouteConfig::CONFIRMATION, RouteConfig::getEnabledRoutes())
+ && RouteConfig::getCategoryId(RouteConfig::CONFIRMATION) > 0
+ && !$shopUrls->equals($shopUrls->confirmation, '/confirmation')
+ ) {
+ // confirmation-route is activated and category is linked and category url is not '/confirmation'
+ $router->get(
+ 'confirmation/{orderId?}/{orderAccessKey?}',
+ 'IO\Controllers\ConfirmationController@redirect'
+ );
+ }
}
- if (RouteConfig::getCategoryId(RouteConfig::CONFIRMATION) > 0 && !RouteConfig::isActive(RouteConfig::CATEGORY)) {
+ if (
+ RouteConfig::getCategoryId(RouteConfig::CONFIRMATION) > 0 && !RouteConfig::isActive(
+ RouteConfig::CATEGORY
+ )
+ ) {
$this->registerRedirectedRoute(
$router,
RouteConfig::CONFIRMATION,
@@ -183,7 +241,11 @@ public function map(Router $router, ApiRouter $api)
);
}
- if (RouteConfig::getCategoryId(RouteConfig::ORDER_RETURN) > 0 && !RouteConfig::isActive(RouteConfig::CATEGORY)) {
+ if (
+ RouteConfig::getCategoryId(RouteConfig::ORDER_RETURN) > 0 && !RouteConfig::isActive(
+ RouteConfig::CATEGORY
+ )
+ ) {
$this->registerSingleCategoryRoute($router, RouteConfig::ORDER_RETURN, $shopUrls->returns);
}
@@ -200,9 +262,13 @@ public function map(Router $router, ApiRouter $api)
if (RouteConfig::isActive(RouteConfig::HOME)) {
//homepage route
$router->get('', 'IO\Controllers\HomepageController@showHomepage');
- } else if (in_array(RouteConfig::HOME, RouteConfig::getEnabledRoutes())
- && RouteConfig::getCategoryId(RouteConfig::HOME) > 0) {
- $router->get('', 'IO\Controllers\HomepageController@showHomepageCategory');
+ } else {
+ if (
+ in_array(RouteConfig::HOME, RouteConfig::getEnabledRoutes())
+ && RouteConfig::getCategoryId(RouteConfig::HOME) > 0
+ ) {
+ $router->get('', 'IO\Controllers\HomepageController@showHomepageCategory');
+ }
}
// LEGAL DISCLOSURE
@@ -234,17 +300,27 @@ public function map(Router $router, ApiRouter $api)
// NEWSLETTER OPT IN
if (RouteConfig::isActive(RouteConfig::NEWSLETTER_OPT_IN)) {
- $router->get('newsletter/subscribe/{authString}/{newsletterEmailId}', 'IO\Controllers\NewsletterOptInController@showOptInConfirmation');
+ $router->get(
+ 'newsletter/subscribe/{authString}/{newsletterEmailId}',
+ 'IO\Controllers\NewsletterOptInController@showOptInConfirmation'
+ );
}
// NEWSLETTER OPT OUT
if (RouteConfig::isActive(RouteConfig::NEWSLETTER_OPT_OUT)) {
$router->get('newsletter/unsubscribe', 'IO\Controllers\NewsletterOptOutController@showOptOut');
- $router->post('newsletter/unsubscribe', 'IO\Controllers\NewsletterOptOutConfirmationController@showOptOutConfirmation');
- } else if (in_array(RouteConfig::NEWSLETTER_OPT_OUT, RouteConfig::getEnabledRoutes())
- && RouteConfig::getCategoryId(RouteConfig::NEWSLETTER_OPT_OUT) > 0
- && !$shopUrls->equals($shopUrls->newsletterOptOut, '/newsletter/unsubscribe')) {
- $router->get('newsletter/unsubscribe', 'IO\Controllers\NewsletterOptOutController@redirect');
+ $router->post(
+ 'newsletter/unsubscribe',
+ 'IO\Controllers\NewsletterOptOutConfirmationController@showOptOutConfirmation'
+ );
+ } else {
+ if (
+ in_array(RouteConfig::NEWSLETTER_OPT_OUT, RouteConfig::getEnabledRoutes())
+ && RouteConfig::getCategoryId(RouteConfig::NEWSLETTER_OPT_OUT) > 0
+ && !$shopUrls->equals($shopUrls->newsletterOptOut, '/newsletter/unsubscribe')
+ ) {
+ $router->get('newsletter/unsubscribe', 'IO\Controllers\NewsletterOptOutController@redirect');
+ }
}
// ORDER DOCUMENT
@@ -255,32 +331,50 @@ public function map(Router $router, ApiRouter $api)
// ORDER PROPERTY FILE
if (RouteConfig::isActive(RouteConfig::ORDER_PROPERTY_FILE)) {
$router->get('order-property-file/{hash1}', 'IO\Controllers\OrderPropertyFileController@downloadTempFile');
- $router->get('order-property-file/{hash1}/{hash2}', 'IO\Controllers\OrderPropertyFileController@downloadFile');
+ $router->get(
+ 'order-property-file/{hash1}/{hash2}',
+ 'IO\Controllers\OrderPropertyFileController@downloadFile'
+ );
}
// ORDER RETURN
if (RouteConfig::isActive(RouteConfig::ORDER_RETURN)) {
$router->get('returns/{orderId}/{orderAccessKey?}', 'IO\Controllers\OrderReturnController@showOrderReturn');
- } else if (in_array(RouteConfig::ORDER_RETURN, RouteConfig::getEnabledRoutes())
- && RouteConfig::getCategoryId(RouteConfig::ORDER_RETURN) > 0
- && !$shopUrls->equals($shopUrls->returns, '/returns')) {
- $router->get('returns/{orderId}/{orderAccessKey?}', 'IO\Controllers\OrderReturnController@redirect');
-
+ } else {
+ if (
+ in_array(RouteConfig::ORDER_RETURN, RouteConfig::getEnabledRoutes())
+ && RouteConfig::getCategoryId(RouteConfig::ORDER_RETURN) > 0
+ && !$shopUrls->equals($shopUrls->returns, '/returns')
+ ) {
+ $router->get('returns/{orderId}/{orderAccessKey?}', 'IO\Controllers\OrderReturnController@redirect');
+ }
}
// ORDER RETURN CONFIRMATION
if (RouteConfig::isActive(RouteConfig::ORDER_RETURN_CONFIRMATION)) {
- $router->get('return-confirmation', 'IO\Controllers\OrderReturnConfirmationController@showOrderReturnConfirmation');
+ $router->get(
+ 'return-confirmation',
+ 'IO\Controllers\OrderReturnConfirmationController@showOrderReturnConfirmation'
+ );
}
// PASSWORD RESET
if (RouteConfig::isActive(RouteConfig::PASSWORD_RESET)) {
- $router->get('password-reset/{contactId}/{hash}', 'IO\Controllers\CustomerPasswordResetController@showReset');
- } else if (in_array(RouteConfig::PASSWORD_RESET, RouteConfig::getEnabledRoutes())
- && RouteConfig::getCategoryId(RouteConfig::PASSWORD_RESET) > 0
- && !$shopUrls->equals($shopUrls->passwordReset, '/password-reset')
- ) {
- $router->get('password-reset/{contactId}/{hash}', 'IO\Controllers\CustomerPasswordResetController@redirect');
+ $router->get(
+ 'password-reset/{contactId}/{hash}',
+ 'IO\Controllers\CustomerPasswordResetController@showReset'
+ );
+ } else {
+ if (
+ in_array(RouteConfig::PASSWORD_RESET, RouteConfig::getEnabledRoutes())
+ && RouteConfig::getCategoryId(RouteConfig::PASSWORD_RESET) > 0
+ && !$shopUrls->equals($shopUrls->passwordReset, '/password-reset')
+ ) {
+ $router->get(
+ 'password-reset/{contactId}/{hash}',
+ 'IO\Controllers\CustomerPasswordResetController@redirect'
+ );
+ }
}
// PLACE ORDER
@@ -317,8 +411,10 @@ public function map(Router $router, ApiRouter $api)
}
// SEARCH
- if (RouteConfig::isActive(RouteConfig::SEARCH) || in_array(RouteConfig::SEARCH, RouteConfig::getEnabledRoutes())
- || RouteConfig::getCategoryId(RouteConfig::SEARCH) > 0) {
+ if (
+ RouteConfig::isActive(RouteConfig::SEARCH) || in_array(RouteConfig::SEARCH, RouteConfig::getEnabledRoutes())
+ || RouteConfig::getCategoryId(RouteConfig::SEARCH) > 0
+ ) {
//Callisto Tag route
$router->get('tag/{tagName}', 'IO\Controllers\ItemSearchController@redirectToSearch');
}
@@ -377,7 +473,10 @@ public function map(Router $router, ApiRouter $api)
// CATEGORY ROUTES
if (RouteConfig::isActive(RouteConfig::CATEGORY)) {
- $categoryRoute = $router->get('{level1?}/{level2?}/{level3?}/{level4?}/{level5?}/{level6?}', 'IO\Controllers\CategoryController@showCategory');
+ $categoryRoute = $router->get(
+ '{level1?}/{level2?}/{level3?}/{level4?}/{level5?}/{level6?}',
+ 'IO\Controllers\CategoryController@showCategory'
+ );
if (RouteConfig::passThroughBlogRoutes()) {
// do not catch legacy blog-routes
@@ -387,7 +486,10 @@ public function map(Router $router, ApiRouter $api)
// NOT FOUND
if (in_array(RouteConfig::PAGE_NOT_FOUND, RouteConfig::getEnabledRoutes())) {
- $fallbackRoute = $router->get('{level1?}/{anything?}', 'IO\Controllers\StaticPagesController@getPageNotFoundStatusResponse');
+ $fallbackRoute = $router->get(
+ '{level1?}/{anything?}',
+ 'IO\Controllers\StaticPagesController@getPageNotFoundStatusResponse'
+ );
if (RouteConfig::passThroughBlogRoutes()) {
// do not catch legacy blog-routes
$fallbackRoute
@@ -400,11 +502,11 @@ public function map(Router $router, ApiRouter $api)
}
/**
- * @param Router $router
- * @param string $route
- * @param string $shopUrl
- * @param string $legacyController
- * @param string $redirectController
+ * @param Router $router
+ * @param string $route
+ * @param string $shopUrl
+ * @param string $legacyController
+ * @param string $redirectController
* @throws \Plenty\Plugin\Routing\Exceptions\RouteReservedException
*/
private function registerRedirectedRoute(
@@ -413,10 +515,8 @@ private function registerRedirectedRoute(
$shopUrl,
$legacyController,
$redirectController
- )
- {
+ ) {
if (in_array($route, RouteConfig::getEnabledRoutes())) {
-
// legacy route is active
if (RouteConfig::getCategoryId($route) <= 0) {
// no category is assigned => bind legacy controller
@@ -426,7 +526,11 @@ private function registerRedirectedRoute(
}
}
- if (!RouteConfig::isActive(RouteConfig::CATEGORY) && RouteConfig::getCategoryId($route) > 0 && !empty($shopUrl)) {
+ if (
+ !RouteConfig::isActive(RouteConfig::CATEGORY) && RouteConfig::getCategoryId(
+ $route
+ ) > 0 && !empty($shopUrl)
+ ) {
$this->registerSingleCategoryRoute($router, $route, $shopUrl);
}
}