From cf294eefca6062b9e8151968678655adb5d18275 Mon Sep 17 00:00:00 2001 From: Steve Tentrop Date: Tue, 19 Mar 2024 14:20:34 +0100 Subject: [PATCH 1/9] add throttle to register route --- src/Providers/IORouteServiceProvider.php | 250 ++++++++++++++++------- 1 file changed, 177 insertions(+), 73 deletions(-) diff --git a/src/Providers/IORouteServiceProvider.php b/src/Providers/IORouteServiceProvider.php index 209583ea9..e85aae793 100644 --- a/src/Providers/IORouteServiceProvider.php +++ b/src/Providers/IORouteServiceProvider.php @@ -1,4 +1,4 @@ -resource('io/order/property/file', 'OrderPropertyFileResource'); $api->get('io/checkout', 'CheckoutResource@index'); $api->resource('io/category/description', 'CategoryDescriptionResource'); - $api->resource('io/customer', 'CustomerResource'); + $api->get('io/customer', 'CustomerResource@index'); $api->resource('io/customer/login', 'CustomerAuthenticationResource'); $api->resource('io/customer/logout', 'CustomerLogoutResource'); $api->resource('io/customer/password', 'CustomerPasswordResource'); @@ -66,11 +66,23 @@ public function map(Router $router, ApiRouter $api) $api->get('io/session', 'SessionResource@index'); }); + $api->version( + ['v1'], + ['namespace' => 'IO\Api\Resources', 'middleware' => ['throttleFrontend:register-form']], + function (ApiRouter $api) { + $api->post('io/customer', 'CustomerResource@store'); + } + ); + if (RouteConfig::isActive(RouteConfig::CONTACT_MAIL_API)) { - $api->version(['v1'], ['namespace' => 'IO\Api\Resources', 'middleware' => ['throttleFrontend:contact-form']], function (ApiRouter $api) { - $api->resource('io/customer/contact/mail', 'ContactMailResource'); - $api->resource('io/customer/contact/mail/file', 'ContactMailFileResource'); - }); + $api->version( + ['v1'], + ['namespace' => 'IO\Api\Resources', 'middleware' => ['throttleFrontend:contact-form']], + function (ApiRouter $api) { + $api->resource('io/customer/contact/mail', 'ContactMailResource'); + $api->resource('io/customer/contact/mail/file', 'ContactMailFileResource'); + } + ); } $api->version(['v1'], ['namespace' => 'IO\Api\Resources', 'middleware' => ['csrf']], function (ApiRouter $api) { @@ -122,21 +134,28 @@ public function map(Router $router, ApiRouter $api) // CHANGE MAIL if (RouteConfig::isActive(RouteConfig::CHANGE_MAIL)) { $router->get('change-mail/{contactId}/{hash}', 'IO\Controllers\CustomerChangeMailController@show'); - } else if (in_array(RouteConfig::CHANGE_MAIL, RouteConfig::getEnabledRoutes()) - && RouteConfig::getCategoryId(RouteConfig::CHANGE_MAIL) > 0 - && !$shopUrls->equals($shopUrls->changeMail, '/change-mail') - ) { - $router->get('change-mail/{contactId}/{hash}', 'IO\Controllers\CustomerChangeMailController@redirect'); + } else { + if ( + in_array(RouteConfig::CHANGE_MAIL, RouteConfig::getEnabledRoutes()) + && RouteConfig::getCategoryId(RouteConfig::CHANGE_MAIL) > 0 + && !$shopUrls->equals($shopUrls->changeMail, '/change-mail') + ) { + $router->get('change-mail/{contactId}/{hash}', 'IO\Controllers\CustomerChangeMailController@redirect'); + } } if (RouteConfig::isActive(RouteConfig::MY_ACCOUNT)) { //My-account route $router->get('my-account', 'IO\Controllers\MyAccountController@showMyAccount'); - } else if (in_array(RouteConfig::MY_ACCOUNT, RouteConfig::getEnabledRoutes()) - && RouteConfig::getCategoryId(RouteConfig::MY_ACCOUNT) > 0 - && !$shopUrls->equals($shopUrls->myAccount, '/my-account')) { - // my-account-route is activated and category is linked and category url is not '/my-account' - $router->get('my-account', 'IO\Controllers\MyAccountController@showMyAccount'); + } else { + if ( + in_array(RouteConfig::MY_ACCOUNT, RouteConfig::getEnabledRoutes()) + && RouteConfig::getCategoryId(RouteConfig::MY_ACCOUNT) > 0 + && !$shopUrls->equals($shopUrls->myAccount, '/my-account') + ) { + // my-account-route is activated and category is linked and category url is not '/my-account' + $router->get('my-account', 'IO\Controllers\MyAccountController@showMyAccount'); + } } // CHECKOUT @@ -149,31 +168,70 @@ public function map(Router $router, ApiRouter $api) ); // CONFIRMATION - if (RouteConfig::isActive(RouteConfig::CONFIRMATION) + if ( + RouteConfig::isActive(RouteConfig::CONFIRMATION) || in_array(RouteConfig::CONFIRMATION, RouteConfig::getEnabledRoutes()) - || RouteConfig::getCategoryId(RouteConfig::CONFIRMATION) > 0) - { - $router->get('-/akQQ{orderAccessKey}/idQQ{orderId}.html', 'IO\Controllers\ConfirmationEmailController@showConfirmation')->where('orderId', '\d+'); - $router->get('-/akQQ{orderAccessKey}/idQQ{orderId}', 'IO\Controllers\ConfirmationEmailController@showConfirmation')->where('orderId', '\d+'); - $router->get('_py-/akQQ{orderAccessKey}/idQQ{orderId}.html', 'IO\Controllers\ConfirmationEmailController@showConfirmation')->where('orderId', '\d+'); - $router->get('_py-/akQQ{orderAccessKey}/idQQ{orderId}', 'IO\Controllers\ConfirmationEmailController@showConfirmation')->where('orderId', '\d+'); - $router->get('_py_/akQQ{orderAccessKey}/idQQ{orderId}.html', 'IO\Controllers\ConfirmationEmailController@showConfirmation')->where('orderId', '\d+'); - $router->get('_py_/akQQ{orderAccessKey}/idQQ{orderId}', 'IO\Controllers\ConfirmationEmailController@showConfirmation')->where('orderId', '\d+'); - $router->get('_plentyShop__/akQQ{orderAccessKey}/idQQ{orderId}.html', 'IO\Controllers\ConfirmationEmailController@showConfirmation')->where('orderId', '\d+'); - $router->get('_plentyShop__/akQQ{orderAccessKey}/idQQ{orderId}', 'IO\Controllers\ConfirmationEmailController@showConfirmation')->where('orderId', '\d+'); + || RouteConfig::getCategoryId(RouteConfig::CONFIRMATION) > 0 + ) { + $router->get( + '-/akQQ{orderAccessKey}/idQQ{orderId}.html', + 'IO\Controllers\ConfirmationEmailController@showConfirmation' + )->where('orderId', '\d+'); + $router->get( + '-/akQQ{orderAccessKey}/idQQ{orderId}', + 'IO\Controllers\ConfirmationEmailController@showConfirmation' + )->where('orderId', '\d+'); + $router->get( + '_py-/akQQ{orderAccessKey}/idQQ{orderId}.html', + 'IO\Controllers\ConfirmationEmailController@showConfirmation' + )->where('orderId', '\d+'); + $router->get( + '_py-/akQQ{orderAccessKey}/idQQ{orderId}', + 'IO\Controllers\ConfirmationEmailController@showConfirmation' + )->where('orderId', '\d+'); + $router->get( + '_py_/akQQ{orderAccessKey}/idQQ{orderId}.html', + 'IO\Controllers\ConfirmationEmailController@showConfirmation' + )->where('orderId', '\d+'); + $router->get( + '_py_/akQQ{orderAccessKey}/idQQ{orderId}', + 'IO\Controllers\ConfirmationEmailController@showConfirmation' + )->where('orderId', '\d+'); + $router->get( + '_plentyShop__/akQQ{orderAccessKey}/idQQ{orderId}.html', + 'IO\Controllers\ConfirmationEmailController@showConfirmation' + )->where('orderId', '\d+'); + $router->get( + '_plentyShop__/akQQ{orderAccessKey}/idQQ{orderId}', + 'IO\Controllers\ConfirmationEmailController@showConfirmation' + )->where('orderId', '\d+'); } if (RouteConfig::isActive(RouteConfig::CONFIRMATION)) { //Confirmation route - $router->get('confirmation/{orderId?}/{orderAccessKey?}', 'IO\Controllers\ConfirmationController@showConfirmation'); - } else if (in_array(RouteConfig::CONFIRMATION, RouteConfig::getEnabledRoutes()) - && RouteConfig::getCategoryId(RouteConfig::CONFIRMATION) > 0 - && !$shopUrls->equals($shopUrls->confirmation, '/confirmation')) { - // confirmation-route is activated and category is linked and category url is not '/confirmation' - $router->get('confirmation/{orderId?}/{orderAccessKey?}', 'IO\Controllers\ConfirmationController@redirect'); + $router->get( + 'confirmation/{orderId?}/{orderAccessKey?}', + 'IO\Controllers\ConfirmationController@showConfirmation' + ); + } else { + if ( + in_array(RouteConfig::CONFIRMATION, RouteConfig::getEnabledRoutes()) + && RouteConfig::getCategoryId(RouteConfig::CONFIRMATION) > 0 + && !$shopUrls->equals($shopUrls->confirmation, '/confirmation') + ) { + // confirmation-route is activated and category is linked and category url is not '/confirmation' + $router->get( + 'confirmation/{orderId?}/{orderAccessKey?}', + 'IO\Controllers\ConfirmationController@redirect' + ); + } } - if (RouteConfig::getCategoryId(RouteConfig::CONFIRMATION) > 0 && !RouteConfig::isActive(RouteConfig::CATEGORY)) { + if ( + RouteConfig::getCategoryId(RouteConfig::CONFIRMATION) > 0 && !RouteConfig::isActive( + RouteConfig::CATEGORY + ) + ) { $this->registerRedirectedRoute( $router, RouteConfig::CONFIRMATION, @@ -183,7 +241,11 @@ public function map(Router $router, ApiRouter $api) ); } - if (RouteConfig::getCategoryId(RouteConfig::ORDER_RETURN) > 0 && !RouteConfig::isActive(RouteConfig::CATEGORY)) { + if ( + RouteConfig::getCategoryId(RouteConfig::ORDER_RETURN) > 0 && !RouteConfig::isActive( + RouteConfig::CATEGORY + ) + ) { $this->registerSingleCategoryRoute($router, RouteConfig::ORDER_RETURN, $shopUrls->returns); } @@ -200,9 +262,13 @@ public function map(Router $router, ApiRouter $api) if (RouteConfig::isActive(RouteConfig::HOME)) { //homepage route $router->get('', 'IO\Controllers\HomepageController@showHomepage'); - } else if (in_array(RouteConfig::HOME, RouteConfig::getEnabledRoutes()) - && RouteConfig::getCategoryId(RouteConfig::HOME) > 0) { - $router->get('', 'IO\Controllers\HomepageController@showHomepageCategory'); + } else { + if ( + in_array(RouteConfig::HOME, RouteConfig::getEnabledRoutes()) + && RouteConfig::getCategoryId(RouteConfig::HOME) > 0 + ) { + $router->get('', 'IO\Controllers\HomepageController@showHomepageCategory'); + } } // LEGAL DISCLOSURE @@ -234,17 +300,27 @@ public function map(Router $router, ApiRouter $api) // NEWSLETTER OPT IN if (RouteConfig::isActive(RouteConfig::NEWSLETTER_OPT_IN)) { - $router->get('newsletter/subscribe/{authString}/{newsletterEmailId}', 'IO\Controllers\NewsletterOptInController@showOptInConfirmation'); + $router->get( + 'newsletter/subscribe/{authString}/{newsletterEmailId}', + 'IO\Controllers\NewsletterOptInController@showOptInConfirmation' + ); } // NEWSLETTER OPT OUT if (RouteConfig::isActive(RouteConfig::NEWSLETTER_OPT_OUT)) { $router->get('newsletter/unsubscribe', 'IO\Controllers\NewsletterOptOutController@showOptOut'); - $router->post('newsletter/unsubscribe', 'IO\Controllers\NewsletterOptOutConfirmationController@showOptOutConfirmation'); - } else if (in_array(RouteConfig::NEWSLETTER_OPT_OUT, RouteConfig::getEnabledRoutes()) - && RouteConfig::getCategoryId(RouteConfig::NEWSLETTER_OPT_OUT) > 0 - && !$shopUrls->equals($shopUrls->newsletterOptOut, '/newsletter/unsubscribe')) { - $router->get('newsletter/unsubscribe', 'IO\Controllers\NewsletterOptOutController@redirect'); + $router->post( + 'newsletter/unsubscribe', + 'IO\Controllers\NewsletterOptOutConfirmationController@showOptOutConfirmation' + ); + } else { + if ( + in_array(RouteConfig::NEWSLETTER_OPT_OUT, RouteConfig::getEnabledRoutes()) + && RouteConfig::getCategoryId(RouteConfig::NEWSLETTER_OPT_OUT) > 0 + && !$shopUrls->equals($shopUrls->newsletterOptOut, '/newsletter/unsubscribe') + ) { + $router->get('newsletter/unsubscribe', 'IO\Controllers\NewsletterOptOutController@redirect'); + } } // ORDER DOCUMENT @@ -255,32 +331,50 @@ public function map(Router $router, ApiRouter $api) // ORDER PROPERTY FILE if (RouteConfig::isActive(RouteConfig::ORDER_PROPERTY_FILE)) { $router->get('order-property-file/{hash1}', 'IO\Controllers\OrderPropertyFileController@downloadTempFile'); - $router->get('order-property-file/{hash1}/{hash2}', 'IO\Controllers\OrderPropertyFileController@downloadFile'); + $router->get( + 'order-property-file/{hash1}/{hash2}', + 'IO\Controllers\OrderPropertyFileController@downloadFile' + ); } // ORDER RETURN if (RouteConfig::isActive(RouteConfig::ORDER_RETURN)) { $router->get('returns/{orderId}/{orderAccessKey?}', 'IO\Controllers\OrderReturnController@showOrderReturn'); - } else if (in_array(RouteConfig::ORDER_RETURN, RouteConfig::getEnabledRoutes()) - && RouteConfig::getCategoryId(RouteConfig::ORDER_RETURN) > 0 - && !$shopUrls->equals($shopUrls->returns, '/returns')) { - $router->get('returns/{orderId}/{orderAccessKey?}', 'IO\Controllers\OrderReturnController@redirect'); - + } else { + if ( + in_array(RouteConfig::ORDER_RETURN, RouteConfig::getEnabledRoutes()) + && RouteConfig::getCategoryId(RouteConfig::ORDER_RETURN) > 0 + && !$shopUrls->equals($shopUrls->returns, '/returns') + ) { + $router->get('returns/{orderId}/{orderAccessKey?}', 'IO\Controllers\OrderReturnController@redirect'); + } } // ORDER RETURN CONFIRMATION if (RouteConfig::isActive(RouteConfig::ORDER_RETURN_CONFIRMATION)) { - $router->get('return-confirmation', 'IO\Controllers\OrderReturnConfirmationController@showOrderReturnConfirmation'); + $router->get( + 'return-confirmation', + 'IO\Controllers\OrderReturnConfirmationController@showOrderReturnConfirmation' + ); } // PASSWORD RESET if (RouteConfig::isActive(RouteConfig::PASSWORD_RESET)) { - $router->get('password-reset/{contactId}/{hash}', 'IO\Controllers\CustomerPasswordResetController@showReset'); - } else if (in_array(RouteConfig::PASSWORD_RESET, RouteConfig::getEnabledRoutes()) - && RouteConfig::getCategoryId(RouteConfig::PASSWORD_RESET) > 0 - && !$shopUrls->equals($shopUrls->passwordReset, '/password-reset') - ) { - $router->get('password-reset/{contactId}/{hash}', 'IO\Controllers\CustomerPasswordResetController@redirect'); + $router->get( + 'password-reset/{contactId}/{hash}', + 'IO\Controllers\CustomerPasswordResetController@showReset' + ); + } else { + if ( + in_array(RouteConfig::PASSWORD_RESET, RouteConfig::getEnabledRoutes()) + && RouteConfig::getCategoryId(RouteConfig::PASSWORD_RESET) > 0 + && !$shopUrls->equals($shopUrls->passwordReset, '/password-reset') + ) { + $router->get( + 'password-reset/{contactId}/{hash}', + 'IO\Controllers\CustomerPasswordResetController@redirect' + ); + } } // PLACE ORDER @@ -317,8 +411,10 @@ public function map(Router $router, ApiRouter $api) } // SEARCH - if (RouteConfig::isActive(RouteConfig::SEARCH) || in_array(RouteConfig::SEARCH, RouteConfig::getEnabledRoutes()) - || RouteConfig::getCategoryId(RouteConfig::SEARCH) > 0) { + if ( + RouteConfig::isActive(RouteConfig::SEARCH) || in_array(RouteConfig::SEARCH, RouteConfig::getEnabledRoutes()) + || RouteConfig::getCategoryId(RouteConfig::SEARCH) > 0 + ) { //Callisto Tag route $router->get('tag/{tagName}', 'IO\Controllers\ItemSearchController@redirectToSearch'); } @@ -377,7 +473,10 @@ public function map(Router $router, ApiRouter $api) // CATEGORY ROUTES if (RouteConfig::isActive(RouteConfig::CATEGORY)) { - $categoryRoute = $router->get('{level1?}/{level2?}/{level3?}/{level4?}/{level5?}/{level6?}', 'IO\Controllers\CategoryController@showCategory'); + $categoryRoute = $router->get( + '{level1?}/{level2?}/{level3?}/{level4?}/{level5?}/{level6?}', + 'IO\Controllers\CategoryController@showCategory' + ); if (RouteConfig::passThroughBlogRoutes()) { // do not catch legacy blog-routes @@ -387,7 +486,10 @@ public function map(Router $router, ApiRouter $api) // NOT FOUND if (in_array(RouteConfig::PAGE_NOT_FOUND, RouteConfig::getEnabledRoutes())) { - $fallbackRoute = $router->get('{level1?}/{anything?}', 'IO\Controllers\StaticPagesController@getPageNotFoundStatusResponse'); + $fallbackRoute = $router->get( + '{level1?}/{anything?}', + 'IO\Controllers\StaticPagesController@getPageNotFoundStatusResponse' + ); if (RouteConfig::passThroughBlogRoutes()) { // do not catch legacy blog-routes $fallbackRoute @@ -400,11 +502,11 @@ public function map(Router $router, ApiRouter $api) } /** - * @param Router $router - * @param string $route - * @param string $shopUrl - * @param string $legacyController - * @param string $redirectController + * @param Router $router + * @param string $route + * @param string $shopUrl + * @param string $legacyController + * @param string $redirectController * @throws \Plenty\Plugin\Routing\Exceptions\RouteReservedException */ private function registerRedirectedRoute( @@ -413,10 +515,8 @@ private function registerRedirectedRoute( $shopUrl, $legacyController, $redirectController - ) - { + ) { if (in_array($route, RouteConfig::getEnabledRoutes())) { - // legacy route is active if (RouteConfig::getCategoryId($route) <= 0) { // no category is assigned => bind legacy controller @@ -426,7 +526,11 @@ private function registerRedirectedRoute( } } - if (!RouteConfig::isActive(RouteConfig::CATEGORY) && RouteConfig::getCategoryId($route) > 0 && !empty($shopUrl)) { + if ( + !RouteConfig::isActive(RouteConfig::CATEGORY) && RouteConfig::getCategoryId( + $route + ) > 0 && !empty($shopUrl) + ) { $this->registerSingleCategoryRoute($router, $route, $shopUrl); } } From fccd1835c8790ebcc86971585f6d829a593a18ee Mon Sep 17 00:00:00 2001 From: Steve Tentrop Date: Tue, 19 Mar 2024 14:22:11 +0100 Subject: [PATCH 2/9] change position --- src/Providers/IORouteServiceProvider.php | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/src/Providers/IORouteServiceProvider.php b/src/Providers/IORouteServiceProvider.php index e85aae793..8caa71ddf 100644 --- a/src/Providers/IORouteServiceProvider.php +++ b/src/Providers/IORouteServiceProvider.php @@ -28,6 +28,14 @@ public function register() */ public function map(Router $router, ApiRouter $api) { + $api->version( + ['v1'], + ['namespace' => 'IO\Api\Resources', 'middleware' => ['throttleFrontend:register-form']], + function (ApiRouter $api) { + $api->post('io/customer', 'CustomerResource@store'); + } + ); + $api->version(['v1'], ['namespace' => 'IO\Api\Resources'], function (ApiRouter $api) { $api->get('io/basket', 'BasketResource@index'); $api->resource('io/basket/items', 'BasketItemResource'); @@ -66,14 +74,6 @@ public function map(Router $router, ApiRouter $api) $api->get('io/session', 'SessionResource@index'); }); - $api->version( - ['v1'], - ['namespace' => 'IO\Api\Resources', 'middleware' => ['throttleFrontend:register-form']], - function (ApiRouter $api) { - $api->post('io/customer', 'CustomerResource@store'); - } - ); - if (RouteConfig::isActive(RouteConfig::CONTACT_MAIL_API)) { $api->version( ['v1'], From 900661c3d8e16c2c21e44ca2537a59584c8d2999 Mon Sep 17 00:00:00 2001 From: Steve Tentrop Date: Tue, 19 Mar 2024 14:24:19 +0100 Subject: [PATCH 3/9] add changelog --- meta/documents/changelog_de.md | 4 ++++ meta/documents/changelog_en.md | 4 ++++ 2 files changed, 8 insertions(+) diff --git a/meta/documents/changelog_de.md b/meta/documents/changelog_de.md index b51ed8ef4..e87013ea9 100644 --- a/meta/documents/changelog_de.md +++ b/meta/documents/changelog_de.md @@ -8,6 +8,10 @@ - Es wurde ein Fehler behoben, der dazu führte, dass der Benutzer auf die Homepage umgeleitet wurde, wenn die Sprache auf der Bestellbestätigungsseite geändert wurde. - Die Reihenfolge der Artikel auf der Wunschliste wird jetzt beibehalten. +### Geändert + +- Die Route zur Kundenregistrierung enthält jetzt eine kernseitige Limitierung. + ## v5.0.61 (2023-10-30) Übersicht aller Änderungen ### Behoben diff --git a/meta/documents/changelog_en.md b/meta/documents/changelog_en.md index 69ead8017..2521e9e0d 100644 --- a/meta/documents/changelog_en.md +++ b/meta/documents/changelog_en.md @@ -8,6 +8,10 @@ - Solved a bug that manifested by redirecting the user to the homepage when the language was changed on order confirmation page. - The wish list now preserves the order of the items on the list. +### Changed + +- The route to customer registration now contains a core-side limitation. + ## v5.0.61 (2023-10-30) Overview of all changes ### Fixed From f159c69c0fb4ddddaa470bae5d769013bc6c47d3 Mon Sep 17 00:00:00 2001 From: Steve Tentrop Date: Tue, 19 Mar 2024 15:09:10 +0100 Subject: [PATCH 4/9] Update meta/documents/changelog_de.md MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Tim Müller-Späth <11943448+Tim-M-S@users.noreply.github.com> --- meta/documents/changelog_de.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta/documents/changelog_de.md b/meta/documents/changelog_de.md index e87013ea9..5164799e2 100644 --- a/meta/documents/changelog_de.md +++ b/meta/documents/changelog_de.md @@ -10,7 +10,7 @@ ### Geändert -- Die Route zur Kundenregistrierung enthält jetzt eine kernseitige Limitierung. +- Die Route zur Kundenregistrierung enthält jetzt eine IP-basierte Limitierung im Kern. ## v5.0.61 (2023-10-30) Übersicht aller Änderungen From c806a2f5e12924b7b1a76c6f5491e37680e37d8b Mon Sep 17 00:00:00 2001 From: Steve Tentrop Date: Tue, 19 Mar 2024 15:09:16 +0100 Subject: [PATCH 5/9] Update meta/documents/changelog_en.md MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Tim Müller-Späth <11943448+Tim-M-S@users.noreply.github.com> --- meta/documents/changelog_en.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta/documents/changelog_en.md b/meta/documents/changelog_en.md index 2521e9e0d..7c4a8b462 100644 --- a/meta/documents/changelog_en.md +++ b/meta/documents/changelog_en.md @@ -10,7 +10,7 @@ ### Changed -- The route to customer registration now contains a core-side limitation. +- The customer registration route now contains an IP-based limitation in the core. ## v5.0.61 (2023-10-30) Overview of all changes From 5a99c158a1ceba74dbdfcbd3c708b21e58bcdac6 Mon Sep 17 00:00:00 2001 From: Steve Tentrop Date: Tue, 19 Mar 2024 15:10:06 +0100 Subject: [PATCH 6/9] remove recaptcha from the route --- src/Api/Resources/CustomerResource.php | 51 +++++++++----------------- 1 file changed, 18 insertions(+), 33 deletions(-) diff --git a/src/Api/Resources/CustomerResource.php b/src/Api/Resources/CustomerResource.php index 6ec658740..8fc715132 100644 --- a/src/Api/Resources/CustomerResource.php +++ b/src/Api/Resources/CustomerResource.php @@ -1,20 +1,15 @@ -customerService = $customerService; } - /** - * Get the contact. - * @return Response - */ - public function index(): Response - { - return $this->response->create($this->indexCustomer(), ResponseCode::OK); - } - /** * Save the contact. * @return Response @@ -66,16 +52,6 @@ public function store(): Response return $this->response->create(true, ResponseCode::OK); } - if (!ReCaptcha::verify($this->request->get('recaptcha', null))) { - /** - * @var NotificationService $notificationService - */ - $notificationService = pluginApp(NotificationService::class); - $notificationService->addNotificationCode(LogLevel::ERROR, 13); - - return $this->response->create('', ResponseCode::BAD_REQUEST); - } - $contactData = $this->request->get('contact', null); $billingAddressData = $this->request->get('billingAddress', []); $deliveryAddressData = $this->request->get('deliveryAddress', []); @@ -90,7 +66,7 @@ public function store(): Response return $this->response->create(null, ResponseCode::BAD_REQUEST); } - /** @var Dispatcher $eventDispatcher */ + /** @var Dispatcher $eventDispatcher */ $eventDispatcher = pluginApp(Dispatcher::class); if (count($billingAddressData) === 0) { @@ -123,4 +99,13 @@ public function store(): Response return $this->index(); } + + /** + * Get the contact. + * @return Response + */ + public function index(): Response + { + return $this->response->create($this->indexCustomer(), ResponseCode::OK); + } } From e274fb11d3c08b9f6bac8fbea0286264b5d2d028 Mon Sep 17 00:00:00 2001 From: Franz Mutschler <36404400+fmutschler@users.noreply.github.com> Date: Wed, 20 Mar 2024 10:31:41 +0100 Subject: [PATCH 7/9] Update changelog_de.md --- meta/documents/changelog_de.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/meta/documents/changelog_de.md b/meta/documents/changelog_de.md index 5164799e2..f7ab96a6b 100644 --- a/meta/documents/changelog_de.md +++ b/meta/documents/changelog_de.md @@ -4,13 +4,13 @@ ### Behoben -- Ein Fehler bei der Prüfung von kanonischen Urls in Kombination mit ausgeschlossenen ShopBooster Parametern, kann zu fehlenden alternate links führen. Dies wurde behoben. +- Ein Fehler bei der Prüfung von kanonischen URLs in Kombination mit ausgeschlossenen ShopBooster-Parametern, kann zu fehlenden alternate links führen. Dies wurde behoben. - Es wurde ein Fehler behoben, der dazu führte, dass der Benutzer auf die Homepage umgeleitet wurde, wenn die Sprache auf der Bestellbestätigungsseite geändert wurde. - Die Reihenfolge der Artikel auf der Wunschliste wird jetzt beibehalten. ### Geändert -- Die Route zur Kundenregistrierung enthält jetzt eine IP-basierte Limitierung im Kern. +- Die Route zur Kundenregistrierung `/registration` enthält jetzt eine IP-basierte Limitierung im plentysystems Kern. ## v5.0.61 (2023-10-30) Übersicht aller Änderungen From 2f43db4293a7685a079dce4122b473d98eaf8e9d Mon Sep 17 00:00:00 2001 From: Franz Mutschler <36404400+fmutschler@users.noreply.github.com> Date: Wed, 20 Mar 2024 10:32:24 +0100 Subject: [PATCH 8/9] Update changelog_en.md --- meta/documents/changelog_en.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/meta/documents/changelog_en.md b/meta/documents/changelog_en.md index 7c4a8b462..12814a651 100644 --- a/meta/documents/changelog_en.md +++ b/meta/documents/changelog_en.md @@ -4,13 +4,13 @@ ### Fixed -- An error when checking canonical urls in combination with excluded ShopBooster parameters can lead to missing alternate links. This was fixed. +- An error when checking canonical URLs in combination with excluded ShopBooster parameters could lead to missing alternate links. This has been fixed. - Solved a bug that manifested by redirecting the user to the homepage when the language was changed on order confirmation page. - The wish list now preserves the order of the items on the list. ### Changed -- The customer registration route now contains an IP-based limitation in the core. +- The customer registration route `/register` now contains an IP-based limitation in the plentysystems core. ## v5.0.61 (2023-10-30) Overview of all changes From b0706940ec68dad2ce417f4a788314d8e16a8c6d Mon Sep 17 00:00:00 2001 From: Franz Mutschler <36404400+fmutschler@users.noreply.github.com> Date: Wed, 20 Mar 2024 10:32:43 +0100 Subject: [PATCH 9/9] Update changelog_de.md --- meta/documents/changelog_de.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta/documents/changelog_de.md b/meta/documents/changelog_de.md index f7ab96a6b..d28fda1e4 100644 --- a/meta/documents/changelog_de.md +++ b/meta/documents/changelog_de.md @@ -10,7 +10,7 @@ ### Geändert -- Die Route zur Kundenregistrierung `/registration` enthält jetzt eine IP-basierte Limitierung im plentysystems Kern. +- Die Route zur Kundenregistrierung `/register` enthält jetzt eine IP-basierte Limitierung im plentysystems Kern. ## v5.0.61 (2023-10-30) Übersicht aller Änderungen