Ema 145 security issues fix (#63)

Co-authored-by: Sanyi <[email protected]>
Co-authored-by: bognar.tamas <[email protected]>

Author: 3 people

.github/workflows/tests.yml

@@ -12,11 +12,11 @@ jobs:
     permissions:
       contents: "read"
     strategy:
-      max-parallel: 2
+      max-parallel: 1
       fail-fast: false
       matrix:
         magento-versions:
-          ["2.3.3ce", "2.3.5ce", "2.4.0ce", "2.4.2ce", "2.4.4ce", "2.4.6ce"]
+          ["2.3.5ce", "2.4.0ce", "2.4.2ce", "2.4.4ce", "2.4.6ce"]
     steps:
       - name: Extract branch name
         shell: bash
@@ -48,24 +48,31 @@ jobs:
             sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
           sudo apt-get update
           sudo apt-get install docker-compose-plugin -y
+      - name: Build mage_node image
+        shell: bash
+        run: |
+          cd magento2-extension/dev
+          docker build -f testv2/tools/docker/Dockerfile-mage-node --build-arg NPM_TOKEN=$NPM_TOKEN -t "mage_node" .
+        env:
+          NPM_TOKEN: ${{ secrets.GITLAB_TOKEN }}
       - name: Run unittest
         shell: bash
         run: |
           cd magento2-extension
           bash dev/testv2/tools/scripts/run-unit.sh
         env:
           VERSION: ${{ matrix.magento-versions }}
-          NPM_TOKEN: ${{ secrets.NPM_DEPLOYER_TOKEN }}
+          NPM_TOKEN: ${{ secrets.GITLAB_TOKEN }}
   e2e-tests:
     runs-on: github-actions-runner-emarsys
     permissions:
       contents: "read"
     strategy:
-      max-parallel: 2
+      max-parallel: 1
       fail-fast: false
       matrix:
         magento-versions:
-          ["2.3.3ce", "2.3.5ce", "2.4.0ce", "2.4.2ce", "2.4.4ce", "2.4.6ce"]
+          ["2.3.5ce", "2.4.0ce", "2.4.2ce", "2.4.4ce", "2.4.6ce"]
     steps:
       - name: Extract branch name
         shell: bash
@@ -97,11 +104,18 @@ jobs:
             sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
           sudo apt-get update
           sudo apt-get install docker-compose-plugin -y
+      - name: Build mage_node image
+        shell: bash
+        run: |
+          cd magento2-extension/dev
+          docker build -f testv2/tools/docker/Dockerfile-mage-node --build-arg NPM_TOKEN=$NPM_TOKEN -t "mage_node" .
+        env:
+          NPM_TOKEN: ${{ secrets.GITLAB_TOKEN }}
       - name: Run e2stest
         shell: bash
         run: |
           cd magento2-extension
           bash dev/testv2/tools/scripts/run-e2e.sh
         env:
           VERSION: ${{ matrix.magento-versions }}
-          NPM_TOKEN: ${{ secrets.NPM_DEPLOYER_TOKEN }}
+          NPM_TOKEN: ${{ secrets.GITLAB_TOKEN }}

dev/README.md

@@ -203,3 +203,4 @@ git push -f --tags
 ## Update Cypress
 * Update the version in `package.json`
 * Run `make build-cypress VERSION=new-version` from project root
+

dev/testv2/.npmrc

@@ -0,0 +1,3 @@
+always-auth=true
+@itg-commerce:registry=https://gitlab.itg.cloud/api/v4/projects/295/packages/npm/
+//gitlab.itg.cloud/api/v4/projects/295/packages/npm/:_authToken=${NPM_TOKEN}

dev/testv2/attributes/index.spec.js

@@ -6,13 +6,13 @@ const websiteId = 1;
 
 const mapAttributes = attributes => attributes.map(attribute => ({ code: attribute.code, name: attribute.name }));
 
-describe('Attributes endpoint', function() {
-  afterEach(async function() {});
+describe('Attributes endpoint', function () {
+  afterEach(async function () {});
 
-  after(async function() {});
+  after(async function () {});
 
-  describe('get', function() {
-    it('should fetch attributes including extra fields for customer', async function() {
+  describe('get', function () {
+    it('should fetch attributes including extra fields for customer', async function () {
       const { attributes } = await this.magentoApi.execute('attributes', 'get', { type: 'customer' });
       const mappedAttributes = mapAttributes(attributes);
 
@@ -29,7 +29,7 @@ describe('Attributes endpoint', function() {
       }
     });
 
-    it('should fetch attributes including extra fields for customer_address', async function() {
+    it('should fetch attributes including extra fields for customer_address', async function () {
       const { attributes } = await this.magentoApi.execute('attributes', 'get', { type: 'customer_address' });
       const mappedAttributes = mapAttributes(attributes);
 
@@ -40,7 +40,7 @@ describe('Attributes endpoint', function() {
       }
     });
 
-    it('should fetch attributes including extra fields for products', async function() {
+    it('should fetch attributes including extra fields for products', async function () {
       const { attributes } = await this.magentoApi.execute('attributes', 'get', { type: 'product' });
       const mappedAttributes = attributes.map(attribute => {
         return { code: attribute.code, name: attribute.name };
@@ -58,8 +58,8 @@ describe('Attributes endpoint', function() {
     });
   });
 
-  describe('set', function() {
-    it('should modify customer attribute config for website', async function() {
+  describe('set', function () {
+    it('should modify customer attribute config for website', async function () {
       await this.magentoApi.execute('attributes', 'set', {
         websiteId,
         type: 'customer',
@@ -76,7 +76,7 @@ describe('Attributes endpoint', function() {
       expect(config.value).to.equal(JSON.stringify(['hello_attribute']));
     });
 
-    it('should modify customer_address attribute config for website', async function() {
+    it('should modify customer_address attribute config for website', async function () {
       await this.magentoApi.execute('attributes', 'set', {
         websiteId,
         type: 'customer_address',
@@ -93,7 +93,7 @@ describe('Attributes endpoint', function() {
       expect(config.value).to.equal(JSON.stringify(['hello_attribute']));
     });
 
-    it('should modify product attribute config for website', async function() {
+    it('should modify product attribute config for website', async function () {
       await this.magentoApi.execute('attributes', 'set', {
         websiteId: 0,
         type: 'product',

dev/testv2/config/index.spec.js

@@ -21,21 +21,21 @@ const dbKeys = {
 };
 
 const websiteId = 1;
-describe('Config endpoint', function() {
-  before(async function() {
+describe('Config endpoint', function () {
+  before(async function () {
     await this.turnOffEverySetting(1);
   });
 
-  afterEach(async function() {
+  afterEach(async function () {
     await this.turnOffEverySetting(1);
   });
 
-  after(async function() {
+  after(async function () {
     await this.setDefaultStoreSettings();
   });
 
-  describe('set', function() {
-    it('should modify config values for website', async function() {
+  describe('set', function () {
+    it('should modify config values for website', async function () {
       await this.magentoApi.execute('config', 'set', {
         websiteId,
         config: fullConfig

dev/testv2/customers/list.spec.js

@@ -23,8 +23,8 @@ const customers = [
   }
 ];
 
-describe('Customers endpoint', function() {
-  before(async function() {
+describe('Customers endpoint', function () {
+  before(async function () {
     await this.magentoApi.execute('attributes', 'set', {
       websiteId: 1,
       type: 'customer',
@@ -35,7 +35,7 @@ describe('Customers endpoint', function() {
     }
   });
 
-  after(async function() {
+  after(async function () {
     await this.magentoApi.execute('attributes', 'set', {
       websiteId: 1,
       type: 'customer',
@@ -44,7 +44,7 @@ describe('Customers endpoint', function() {
     await this.db.raw(`DELETE FROM ${this.getTableName('customer_entity')} where email like "%@customer.net"`);
   });
 
-  it('returns customers according to page and page_size inlcuding last_page', async function() {
+  it('returns customers according to page and page_size inlcuding last_page', async function () {
     const page = 1;
     const limit = 2;
 
@@ -66,7 +66,7 @@ describe('Customers endpoint', function() {
     expect(customer).to.have.property('shipping_address');
   });
 
-  it('returns extra_fields for customers', async function() {
+  it('returns extra_fields for customers', async function () {
     const page = 1;
     const limit = 1;
 

dev/testv2/cypress.config.js

@@ -3,9 +3,9 @@ const { defineConfig } = require('cypress');
 module.exports = defineConfig({
     video: false,
     trashAssetsBeforeRuns: false,
-    requestTimeout: 30000,
-    defaultCommandTimeout: 30000,
-    pageLoadTimeout: 30000,
+    requestTimeout: 120000,
+    defaultCommandTimeout: 120000,
+    pageLoadTimeout: 120000,
     blockHosts: ['*snippet.url.com', '*scarabresearch.com'],
     env: {
         snippetUrl: 'http://snippet.url.com/main.js'

dev/testv2/cypress/integration/default-behaviour.spec.js

@@ -1,6 +1,6 @@
 'use strict';
 
-describe('Default behaviour with everything turned off', function() {
+describe('Default behaviour with everything turned off', function () {
   before(() => {
     cy.task('setConfig', {});
   });
@@ -14,13 +14,13 @@ describe('Default behaviour with everything turned off', function() {
     cy.task('clearMails');
   });
 
-  context('MarketingEvents - Customer', function() {
+  context('MarketingEvents - Customer', function () {
     afterEach(() => {
       cy.task('clearEvents');
       cy.logout();
     });
 
-    it('should not create customer_password_reset event', function() {
+    it('should not create customer_password_reset event', function () {
       const newPassword = 'newPassword1';
 
       cy.loginWithCustomer(this.defaultCustomer);
@@ -36,7 +36,7 @@ describe('Default behaviour with everything turned off', function() {
       });
     });
 
-    it('should not create customer_email_changed event', function() {
+    it('should not create customer_email_changed event', function () {
       const oldEmail = this.defaultCustomer.email;
       const newEmail = '[email protected]';
 
@@ -52,7 +52,7 @@ describe('Default behaviour with everything turned off', function() {
       });
     });
 
-    it('should not create customer_email_and_password_changed event', function() {
+    it('should not create customer_email_and_password_changed event', function () {
       const newEmail = '[email protected]';
       const newPassword = 'newPassword4';
 
@@ -70,7 +70,7 @@ describe('Default behaviour with everything turned off', function() {
     });
   });
 
-  context('MarketingEvents - Subscription', function() {
+  context('MarketingEvents - Subscription', function () {
     const unsubscribe = email => {
       cy.task('getSubscription', email).then(subscription => {
         cy.visit(`/newsletter/subscriber/unsubscribe?id=${subscription.subscriber_id}\
@@ -84,8 +84,8 @@ describe('Default behaviour with everything turned off', function() {
       cy.get('.action.subscribe.primary[type="submit"]').click();
     };
 
-    context('guest with double optin off', function() {
-      it('should not create subscription events', function() {
+    context('guest with double optin off', function () {
+      it('should not create subscription events', function () {
         const guestEmail = '[email protected]';
         subscribe(guestEmail);
 
@@ -110,7 +110,7 @@ describe('Default behaviour with everything turned off', function() {
       });
     });
 
-    context('guest with double optin on', function() {
+    context('guest with double optin on', function () {
       before(() => {
         cy.task('setDoubleOptin', true);
         cy.task('flushMagentoCache');
@@ -120,7 +120,7 @@ describe('Default behaviour with everything turned off', function() {
         cy.task('setDoubleOptin', false);
       });
 
-      it('should not create subscription events', function() {
+      it('should not create subscription events', function () {
         const guestEmail = '[email protected]';
         subscribe(guestEmail);
 

dev/testv2/cypress/integration/marketing-events-customer.spec.js

@@ -1,6 +1,6 @@
 'use strict';
 
-describe('Marketing Events', function() {
+describe('Marketing Events', function () {
   beforeEach(() => {
     cy.task('clearMails');
     cy.task('getDefaultCustomer').as('defaultCustomer');
@@ -10,7 +10,7 @@ describe('Marketing Events', function() {
     cy.logout();
   });
 
-  context('magentoSendEmails config is disabled', function() {
+  context('magentoSendEmails config is disabled', function () {
     before(() => {
       cy.task('setConfig', {
         collectMarketingEvents: 'enabled',
@@ -19,7 +19,7 @@ describe('Marketing Events', function() {
       cy.task('clearEvents');
     });
 
-    it('should create customer_password_reset event', function() {
+    it('should create customer_password_reset event', function () {
       const newPassword = 'newPassword2';
 
       cy.loginWithCustomer(this.defaultCustomer);
@@ -36,7 +36,7 @@ describe('Marketing Events', function() {
       });
     });
 
-    it('should create customer_email_changed event', function() {
+    it('should create customer_email_changed event', function () {
       const newEmail = '[email protected]';
 
       cy.loginWithCustomer(this.defaultCustomer);
@@ -53,7 +53,7 @@ describe('Marketing Events', function() {
       });
     });
 
-    it('should create customer_email_and_password_changed event', function() {
+    it('should create customer_email_and_password_changed event', function () {
       const newEmail = '[email protected]';
       const newPassword = 'newPassword3';
 
@@ -72,7 +72,7 @@ describe('Marketing Events', function() {
     });
   });
 
-  context('magentoSendEmails config is enabled', function() {
+  context('magentoSendEmails config is enabled', function () {
     before(() => {
       cy.task('setConfig', {
         collectMarketingEvents: 'enabled',
@@ -81,7 +81,7 @@ describe('Marketing Events', function() {
       cy.task('clearEvents');
     });
 
-    it('should create customer_password_reset event', function() {
+    it('should create customer_password_reset event', function () {
       const newPassword = 'newPassword2';
 
       cy.loginWithCustomer(this.defaultCustomer);
@@ -98,7 +98,7 @@ describe('Marketing Events', function() {
       });
     });
 
-    it('should create customer_email_changed event', function() {
+    it('should create customer_email_changed event', function () {
       const oldEmail = this.defaultCustomer.email;
       const newEmail = '[email protected]';
 
@@ -116,7 +116,7 @@ describe('Marketing Events', function() {
       });
     });
 
-    it('should create customer_email_and_password_changed event', function() {
+    it('should create customer_email_and_password_changed event', function () {
       const oldEmail = this.defaultCustomer.email;
       const newEmail = '[email protected]';
       const newPassword = 'newPassword3';