From dbf412e4099b32f56b30c0684a5ab6eb1c083c60 Mon Sep 17 00:00:00 2001 From: Sanyi Date: Wed, 21 Feb 2024 15:35:49 +0100 Subject: [PATCH 01/36] EMA-145 - Security findings --- dev/testv2/tools/docker/docker-compose-test-elastic.yml | 4 +++- dev/testv2/tools/docker/docker-compose-test.yml | 4 +++- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/dev/testv2/tools/docker/docker-compose-test-elastic.yml b/dev/testv2/tools/docker/docker-compose-test-elastic.yml index f57b70a..0362b77 100644 --- a/dev/testv2/tools/docker/docker-compose-test-elastic.yml +++ b/dev/testv2/tools/docker/docker-compose-test-elastic.yml @@ -41,7 +41,9 @@ services: - 'ES_JAVA_OPTS=-Xms512m -Xmx512m' node: # image: registry.itg.cloud/itg-commerce/emarsys-magento2-extension-test/mage_node:13.6.4 - build: ./Dockerfile-mage-node + build: + context: . + dockerfile: Dockerfile-mage-node container_name: mage_node ipc: host env_file: diff --git a/dev/testv2/tools/docker/docker-compose-test.yml b/dev/testv2/tools/docker/docker-compose-test.yml index 185883c..42b1150 100644 --- a/dev/testv2/tools/docker/docker-compose-test.yml +++ b/dev/testv2/tools/docker/docker-compose-test.yml @@ -43,7 +43,9 @@ services: - db node: # image: registry.itg.cloud/itg-commerce/emarsys-magento2-extension-test/mage_node:13.6.4 - build: ./Dockerfile-mage-node + build: + context: . + dockerfile: Dockerfile-mage-node container_name: mage_node ipc: host env_file: From ad9c4682c6fe7c4f03b65a08fc899795e9124819 Mon Sep 17 00:00:00 2001 From: Sanyi Date: Wed, 21 Feb 2024 16:05:16 +0100 Subject: [PATCH 02/36] EMA-145 - Security findings --- dev/testv2/tools/docker/Dockerfile-mage-node | 2 +- dev/testv2/tools/docker/docker-compose-test-elastic.yml | 4 ++-- dev/testv2/tools/docker/docker-compose-test.yml | 4 ++-- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/dev/testv2/tools/docker/Dockerfile-mage-node b/dev/testv2/tools/docker/Dockerfile-mage-node index 8c4f551..93dc507 100644 --- a/dev/testv2/tools/docker/Dockerfile-mage-node +++ b/dev/testv2/tools/docker/Dockerfile-mage-node @@ -2,7 +2,7 @@ FROM registry.itg.cloud/itg-commerce/emarsys-magento2-extension-test/cypress:13. ARG NPM_TOKEN ENV NPM_TOKEN=${NPM_TOKEN} -COPY ../../../testv2 /test +COPY testv2 /test WORKDIR /test RUN npm i && \ diff --git a/dev/testv2/tools/docker/docker-compose-test-elastic.yml b/dev/testv2/tools/docker/docker-compose-test-elastic.yml index 0362b77..daf4646 100644 --- a/dev/testv2/tools/docker/docker-compose-test-elastic.yml +++ b/dev/testv2/tools/docker/docker-compose-test-elastic.yml @@ -42,8 +42,8 @@ services: node: # image: registry.itg.cloud/itg-commerce/emarsys-magento2-extension-test/mage_node:13.6.4 build: - context: . - dockerfile: Dockerfile-mage-node + context: ./dev + dockerfile: ./dev/testv2/tools/docker/Dockerfile-mage-node container_name: mage_node ipc: host env_file: diff --git a/dev/testv2/tools/docker/docker-compose-test.yml b/dev/testv2/tools/docker/docker-compose-test.yml index 42b1150..d5d555f 100644 --- a/dev/testv2/tools/docker/docker-compose-test.yml +++ b/dev/testv2/tools/docker/docker-compose-test.yml @@ -44,8 +44,8 @@ services: node: # image: registry.itg.cloud/itg-commerce/emarsys-magento2-extension-test/mage_node:13.6.4 build: - context: . - dockerfile: Dockerfile-mage-node + context: ./dev + dockerfile: ./dev/testv2/tools/docker/Dockerfile-mage-node container_name: mage_node ipc: host env_file: From 58e56ac2960e5e430149ba3da3ed8d82c63300eb Mon Sep 17 00:00:00 2001 From: Sanyi Date: Wed, 21 Feb 2024 16:17:32 +0100 Subject: [PATCH 03/36] EMA-145 - Security findings --- dev/testv2/tools/docker/docker-compose-test-elastic.yml | 4 ++-- dev/testv2/tools/docker/docker-compose-test.yml | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/dev/testv2/tools/docker/docker-compose-test-elastic.yml b/dev/testv2/tools/docker/docker-compose-test-elastic.yml index daf4646..dd13bdc 100644 --- a/dev/testv2/tools/docker/docker-compose-test-elastic.yml +++ b/dev/testv2/tools/docker/docker-compose-test-elastic.yml @@ -42,8 +42,8 @@ services: node: # image: registry.itg.cloud/itg-commerce/emarsys-magento2-extension-test/mage_node:13.6.4 build: - context: ./dev - dockerfile: ./dev/testv2/tools/docker/Dockerfile-mage-node + context: ../../.. + dockerfile: ./Dockerfile-mage-node container_name: mage_node ipc: host env_file: diff --git a/dev/testv2/tools/docker/docker-compose-test.yml b/dev/testv2/tools/docker/docker-compose-test.yml index d5d555f..4781431 100644 --- a/dev/testv2/tools/docker/docker-compose-test.yml +++ b/dev/testv2/tools/docker/docker-compose-test.yml @@ -44,8 +44,8 @@ services: node: # image: registry.itg.cloud/itg-commerce/emarsys-magento2-extension-test/mage_node:13.6.4 build: - context: ./dev - dockerfile: ./dev/testv2/tools/docker/Dockerfile-mage-node + context: ../../.. + dockerfile: ./Dockerfile-mage-node container_name: mage_node ipc: host env_file: From c144e6d0fa9b3f5a6dfb01b072a2b8bd17bb589f Mon Sep 17 00:00:00 2001 From: Sanyi Date: Wed, 21 Feb 2024 16:22:41 +0100 Subject: [PATCH 04/36] EMA-145 - Security findings --- dev/testv2/tools/docker/docker-compose-test-elastic.yml | 2 +- dev/testv2/tools/docker/docker-compose-test.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/dev/testv2/tools/docker/docker-compose-test-elastic.yml b/dev/testv2/tools/docker/docker-compose-test-elastic.yml index dd13bdc..f2d7d80 100644 --- a/dev/testv2/tools/docker/docker-compose-test-elastic.yml +++ b/dev/testv2/tools/docker/docker-compose-test-elastic.yml @@ -43,7 +43,7 @@ services: # image: registry.itg.cloud/itg-commerce/emarsys-magento2-extension-test/mage_node:13.6.4 build: context: ../../.. - dockerfile: ./Dockerfile-mage-node + dockerfile: Dockerfile-mage-node container_name: mage_node ipc: host env_file: diff --git a/dev/testv2/tools/docker/docker-compose-test.yml b/dev/testv2/tools/docker/docker-compose-test.yml index 4781431..a13d04c 100644 --- a/dev/testv2/tools/docker/docker-compose-test.yml +++ b/dev/testv2/tools/docker/docker-compose-test.yml @@ -45,7 +45,7 @@ services: # image: registry.itg.cloud/itg-commerce/emarsys-magento2-extension-test/mage_node:13.6.4 build: context: ../../.. - dockerfile: ./Dockerfile-mage-node + dockerfile: Dockerfile-mage-node container_name: mage_node ipc: host env_file: From 37e0b808dd09f8f7550921753400bd1f7ca85c30 Mon Sep 17 00:00:00 2001 From: Sanyi Date: Wed, 21 Feb 2024 16:29:50 +0100 Subject: [PATCH 05/36] EMA-145 - Security findings --- dev/testv2/tools/docker/docker-compose-test-elastic.yml | 2 +- dev/testv2/tools/docker/docker-compose-test.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/dev/testv2/tools/docker/docker-compose-test-elastic.yml b/dev/testv2/tools/docker/docker-compose-test-elastic.yml index f2d7d80..b8ddf6d 100644 --- a/dev/testv2/tools/docker/docker-compose-test-elastic.yml +++ b/dev/testv2/tools/docker/docker-compose-test-elastic.yml @@ -43,7 +43,7 @@ services: # image: registry.itg.cloud/itg-commerce/emarsys-magento2-extension-test/mage_node:13.6.4 build: context: ../../.. - dockerfile: Dockerfile-mage-node + dockerfile: testv2/tools/docker/Dockerfile-mage-node container_name: mage_node ipc: host env_file: diff --git a/dev/testv2/tools/docker/docker-compose-test.yml b/dev/testv2/tools/docker/docker-compose-test.yml index a13d04c..49709f1 100644 --- a/dev/testv2/tools/docker/docker-compose-test.yml +++ b/dev/testv2/tools/docker/docker-compose-test.yml @@ -45,7 +45,7 @@ services: # image: registry.itg.cloud/itg-commerce/emarsys-magento2-extension-test/mage_node:13.6.4 build: context: ../../.. - dockerfile: Dockerfile-mage-node + dockerfile: testv2/tools/docker/Dockerfile-mage-node container_name: mage_node ipc: host env_file: From 226a8d0abf47f2ce3ea98aa0969055b075371768 Mon Sep 17 00:00:00 2001 From: Sanyi Date: Wed, 21 Feb 2024 17:02:05 +0100 Subject: [PATCH 06/36] EMA-145 - Security findings --- .github/workflows/tests.yml | 2 ++ dev/testv2/tools/docker/docker-compose-test-elastic.yml | 2 ++ dev/testv2/tools/docker/docker-compose-test.yml | 2 ++ 3 files changed, 6 insertions(+) diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index 560676f..9a23fd2 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -55,6 +55,7 @@ jobs: bash dev/testv2/tools/scripts/run-unit.sh env: VERSION: ${{ matrix.magento-versions }} + NPM_TOKEN: ${{ secrets.NPM_PUBLISHER_TOKEN }} e2e-tests: runs-on: github-actions-runner-emarsys permissions: @@ -103,3 +104,4 @@ jobs: bash dev/testv2/tools/scripts/run-e2e.sh env: VERSION: ${{ matrix.magento-versions }} + NPM_TOKEN: ${{ secrets.NPM_PUBLISHER_TOKEN }} diff --git a/dev/testv2/tools/docker/docker-compose-test-elastic.yml b/dev/testv2/tools/docker/docker-compose-test-elastic.yml index b8ddf6d..3bfadee 100644 --- a/dev/testv2/tools/docker/docker-compose-test-elastic.yml +++ b/dev/testv2/tools/docker/docker-compose-test-elastic.yml @@ -43,6 +43,8 @@ services: # image: registry.itg.cloud/itg-commerce/emarsys-magento2-extension-test/mage_node:13.6.4 build: context: ../../.. + args: + - NPM_TOKEN=$NPM_TOKEN dockerfile: testv2/tools/docker/Dockerfile-mage-node container_name: mage_node ipc: host diff --git a/dev/testv2/tools/docker/docker-compose-test.yml b/dev/testv2/tools/docker/docker-compose-test.yml index 49709f1..d896433 100644 --- a/dev/testv2/tools/docker/docker-compose-test.yml +++ b/dev/testv2/tools/docker/docker-compose-test.yml @@ -45,6 +45,8 @@ services: # image: registry.itg.cloud/itg-commerce/emarsys-magento2-extension-test/mage_node:13.6.4 build: context: ../../.. + args: + - NPM_TOKEN=$NPM_TOKEN dockerfile: testv2/tools/docker/Dockerfile-mage-node container_name: mage_node ipc: host From 735193c674b25039ca678e1cb3e96d5595d17239 Mon Sep 17 00:00:00 2001 From: Sanyi Date: Wed, 21 Feb 2024 17:07:32 +0100 Subject: [PATCH 07/36] EMA-145 - Security findings --- .github/workflows/tests.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index 9a23fd2..612452a 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -55,7 +55,7 @@ jobs: bash dev/testv2/tools/scripts/run-unit.sh env: VERSION: ${{ matrix.magento-versions }} - NPM_TOKEN: ${{ secrets.NPM_PUBLISHER_TOKEN }} + NPM_TOKEN: ${{ secrets.NPM_DEPLOYER_TOKEN }} e2e-tests: runs-on: github-actions-runner-emarsys permissions: @@ -104,4 +104,4 @@ jobs: bash dev/testv2/tools/scripts/run-e2e.sh env: VERSION: ${{ matrix.magento-versions }} - NPM_TOKEN: ${{ secrets.NPM_PUBLISHER_TOKEN }} + NPM_TOKEN: ${{ secrets.NPM_DEPLOYER_TOKEN }} From 7cf7e6ecb651a990f99f52855eca25eeca540167 Mon Sep 17 00:00:00 2001 From: Sanyi Date: Fri, 23 Feb 2024 15:56:23 +0100 Subject: [PATCH 08/36] EMA-145 - Security findings --- dev/Magento/composer.json | 4 ++-- dev/composer.json | 2 +- dev/test/package.json | 6 +++--- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/dev/Magento/composer.json b/dev/Magento/composer.json index 3d394ed..737c6ce 100644 --- a/dev/Magento/composer.json +++ b/dev/Magento/composer.json @@ -8,7 +8,7 @@ "AFL-3.0" ], "require": { - "magento/product-community-edition": "2.2.3", + "magento/product-community-edition": "2.2.10", "composer/composer": "@alpha" }, "require-dev": { @@ -69,4 +69,4 @@ "extra": { "magento-force": "override" } -} \ No newline at end of file +} diff --git a/dev/composer.json b/dev/composer.json index 66c4f98..8c574d6 100644 --- a/dev/composer.json +++ b/dev/composer.json @@ -5,7 +5,7 @@ "version": "2.2.3", "license": ["OSL-3.0", "AFL-3.0"], "require": { - "magento/product-community-edition": "2.2.3", + "magento/product-community-edition": "2.2.10", "composer/composer": "@alpha", "emartech/emarsys-magento2-extension": "dev-master@dev" }, diff --git a/dev/test/package.json b/dev/test/package.json index 1ae22e0..da3a506 100644 --- a/dev/test/package.json +++ b/dev/test/package.json @@ -24,7 +24,7 @@ "license": "UNLICENSED", "dependencies": { "@emartech/magento2-api": "4.7.0", - "axios": "0.19.0", + "axios": ">=0.28.0", "chai": "4.2.0", "chai-string": "1.5.0", "chai-subset": "1.6.0", @@ -37,9 +37,9 @@ "eslint-plugin-no-only-tests": "2.3.1", "eslint-plugin-security": "1.4.0", "form-data": "2.5.1", - "knex": "0.19.5", + "knex": ">=2.4.0", "mocha": "6.2.0", - "mysql": "2.17.1", + "mysql": ">=2.18.0", "sinon": "7.4.2", "sinon-chai": "3.3.0" } From 999175d20bd2eb75a14bdecf1656538fed514dcc Mon Sep 17 00:00:00 2001 From: Sanyi Date: Fri, 23 Feb 2024 17:30:02 +0100 Subject: [PATCH 09/36] EMA-145 - Security findings --- .github/workflows/tests.yml | 4 ++-- dev/testv2/.npmrc | 3 +++ dev/testv2/cypress/plugins/index.js | 2 +- dev/testv2/package.json | 2 +- dev/testv2/setup.spec.js | 2 +- 5 files changed, 8 insertions(+), 5 deletions(-) create mode 100644 dev/testv2/.npmrc diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index 612452a..7b079da 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -55,7 +55,7 @@ jobs: bash dev/testv2/tools/scripts/run-unit.sh env: VERSION: ${{ matrix.magento-versions }} - NPM_TOKEN: ${{ secrets.NPM_DEPLOYER_TOKEN }} + NPM_TOKEN: ${{ secrets.GITLAB_TOKEN }} e2e-tests: runs-on: github-actions-runner-emarsys permissions: @@ -104,4 +104,4 @@ jobs: bash dev/testv2/tools/scripts/run-e2e.sh env: VERSION: ${{ matrix.magento-versions }} - NPM_TOKEN: ${{ secrets.NPM_DEPLOYER_TOKEN }} + NPM_TOKEN: ${{ secrets.GITLAB_TOKEN }} diff --git a/dev/testv2/.npmrc b/dev/testv2/.npmrc new file mode 100644 index 0000000..23715a6 --- /dev/null +++ b/dev/testv2/.npmrc @@ -0,0 +1,3 @@ +always-auth=true +@itg-commerce:registry=https://gitlab.itg.cloud/api/v4/projects/295/packages/npm/ +//gitlab.itg.cloud/api/v4/projects/295/packages/npm/:_authToken=${NPM_TOKEN} diff --git a/dev/testv2/cypress/plugins/index.js b/dev/testv2/cypress/plugins/index.js index dd86e78..30583fb 100644 --- a/dev/testv2/cypress/plugins/index.js +++ b/dev/testv2/cypress/plugins/index.js @@ -1,6 +1,6 @@ 'use strict'; -const Magento2ApiClient = require('@emartech/magento2-api'); +const Magento2ApiClient = require('@itg-commerce/magento2-api'); const db = require('../../helpers/db'); const { getTableName, cacheTablePrefix } = require('../../helpers/get-table-name'); const { getSentAddresses, clearMails } = require('../../helpers/mailhog'); diff --git a/dev/testv2/package.json b/dev/testv2/package.json index 20b45d7..df31f70 100644 --- a/dev/testv2/package.json +++ b/dev/testv2/package.json @@ -23,7 +23,7 @@ "author": "", "license": "UNLICENSED", "dependencies": { - "@emartech/magento2-api": "4.7.0", + "@itg-commerce/magento2-api": "4.7.0", "axios": "^1.6.7", "chai": "^4.4.1", "chai-string": "^1.5.0", diff --git a/dev/testv2/setup.spec.js b/dev/testv2/setup.spec.js index 0d0620c..78ffb1e 100644 --- a/dev/testv2/setup.spec.js +++ b/dev/testv2/setup.spec.js @@ -6,7 +6,7 @@ const chaiSubset = require('chai-subset'); const sinon = require('sinon'); const sinonChai = require('sinon-chai'); const url = require('url'); -const Magento2ApiClient = require('@emartech/magento2-api'); +const Magento2ApiClient = require('@itg-commerce/magento2-api'); const axios = require('axios'); const { cacheTablePrefix, getTableName } = require('./helpers/get-table-name'); From 5125908d2c3a5311e37e92ed5dee3637b58f6d25 Mon Sep 17 00:00:00 2001 From: Sanyi Date: Mon, 26 Feb 2024 17:21:59 +0100 Subject: [PATCH 10/36] EMA-145 - Security findings --- dev/testv2/cypress.config.js | 6 +++--- dev/testv2/tools/scripts/run-e2e-local.sh | 4 ++-- dev/testv2/tools/scripts/run-unit-local.sh | 2 +- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/dev/testv2/cypress.config.js b/dev/testv2/cypress.config.js index 5ac964c..df916d8 100644 --- a/dev/testv2/cypress.config.js +++ b/dev/testv2/cypress.config.js @@ -3,9 +3,9 @@ const { defineConfig } = require('cypress'); module.exports = defineConfig({ video: false, trashAssetsBeforeRuns: false, - requestTimeout: 30000, - defaultCommandTimeout: 30000, - pageLoadTimeout: 30000, + requestTimeout: 60000, + defaultCommandTimeout: 60000, + pageLoadTimeout: 60000, blockHosts: ['*snippet.url.com', '*scarabresearch.com'], env: { snippetUrl: 'http://snippet.url.com/main.js' diff --git a/dev/testv2/tools/scripts/run-e2e-local.sh b/dev/testv2/tools/scripts/run-e2e-local.sh index 6d04e19..28121d7 100755 --- a/dev/testv2/tools/scripts/run-e2e-local.sh +++ b/dev/testv2/tools/scripts/run-e2e-local.sh @@ -30,7 +30,7 @@ echo "\n|--- Running tests on Magento $VERSION" echo "\n|--- Pulling newest image version" docker pull registry.itg.cloud/itg-commerce/emarsys-magento2-extension-test/ems-integration-magento-sampledata:$VERSION echo "\n|--- Starting containers" -docker compose -p mage_e2e_$project_version -f $composefile up -d +docker compose -p mage_e2e_$project_version -f $composefile up --build -d echo "\n|--- Waiting for containers to initialize" sh ./wait.sh e2e >>/dev/null 2>&1 echo "\n|--- Running frontend tests" @@ -39,4 +39,4 @@ exitcode=$? echo "\n\n|--- All tests passed" docker compose -p mage_e2e_$project_version -f $composefile down -exit $exitcode \ No newline at end of file +exit $exitcode diff --git a/dev/testv2/tools/scripts/run-unit-local.sh b/dev/testv2/tools/scripts/run-unit-local.sh index 8833687..8de1319 100755 --- a/dev/testv2/tools/scripts/run-unit-local.sh +++ b/dev/testv2/tools/scripts/run-unit-local.sh @@ -30,7 +30,7 @@ echo "\n|--- Running tests on Magento $VERSION" echo "\n|--- Pulling newest image version" docker pull registry.itg.cloud/itg-commerce/emarsys-magento2-extension-test/ems-integration-magento-sampledata:$VERSION echo "\n|--- Starting containers" -docker compose -p mage_unit_$project_version -f $composefile up -d +docker compose -p mage_unit_$project_version -f $composefile up --build -d echo "\n|--- Waiting for containers to initialize" sh ./wait.sh unit >>/dev/null 2>&1 From b89643fbd48b727af63e283c4729b2eff8e46cf7 Mon Sep 17 00:00:00 2001 From: Sanyi Date: Mon, 26 Feb 2024 17:38:41 +0100 Subject: [PATCH 11/36] EMA-145 - Security findings --- .github/workflows/tests.yml | 6 +++--- dev/testv2/tools/scripts/run-e2e.sh | 4 ++-- dev/testv2/tools/scripts/run-unit.sh | 4 ++-- 3 files changed, 7 insertions(+), 7 deletions(-) diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index c696916..e0458c3 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -12,7 +12,7 @@ jobs: permissions: contents: "read" strategy: - max-parallel: 2 + max-parallel: 1 fail-fast: false matrix: magento-versions: @@ -61,7 +61,7 @@ jobs: permissions: contents: "read" strategy: - max-parallel: 2 + max-parallel: 1 fail-fast: false matrix: magento-versions: @@ -104,4 +104,4 @@ jobs: bash dev/testv2/tools/scripts/run-e2e.sh env: VERSION: ${{ matrix.magento-versions }} - NPM_TOKEN: ${{ secrets.GITLAB_TOKEN }} \ No newline at end of file + NPM_TOKEN: ${{ secrets.GITLAB_TOKEN }} diff --git a/dev/testv2/tools/scripts/run-e2e.sh b/dev/testv2/tools/scripts/run-e2e.sh index 5ec2956..a5ca1d7 100644 --- a/dev/testv2/tools/scripts/run-e2e.sh +++ b/dev/testv2/tools/scripts/run-e2e.sh @@ -21,7 +21,7 @@ echo "\n|--- Running tests on Magento $VERSION" echo "\n|--- Pulling newest image version" docker pull registry.itg.cloud/itg-commerce/emarsys-magento2-extension-test/ems-integration-magento-sampledata:"$VERSION" echo "\n|--- Starting containers" -docker compose -p mage_e2e_"$project_version" -f $composefile up -d +docker compose -p mage_e2e_"$project_version" -f $composefile up --build -d echo "\n|--- Waiting for containers to initialize" sh ./wait.sh e2e >>/dev/null 2>&1 echo "\n|--- Running frontend tests" @@ -30,4 +30,4 @@ exitcode=$? echo "\n\n|--- All tests passed" docker compose -p mage_e2e_"$project_version" -f $composefile down -exit $exitcode \ No newline at end of file +exit $exitcode diff --git a/dev/testv2/tools/scripts/run-unit.sh b/dev/testv2/tools/scripts/run-unit.sh index ad13316..e0e82fe 100644 --- a/dev/testv2/tools/scripts/run-unit.sh +++ b/dev/testv2/tools/scripts/run-unit.sh @@ -23,7 +23,7 @@ echo "\n|--- Running tests on Magento $VERSION" echo "\n|--- Pulling newest image version" docker pull registry.itg.cloud/itg-commerce/emarsys-magento2-extension-test/ems-integration-magento-sampledata:$VERSION echo "\n|--- Starting containers" -docker compose -p mage_unit_$project_version -f $composefile up -d +docker compose -p mage_unit_$project_version -f $composefile up --build -d echo "\n|--- Waiting for containers to initialize" sh ./wait.sh unit >>/dev/null 2>&1 @@ -38,4 +38,4 @@ docker compose -p mage_unit_$project_version -f $composefile run --rm node sh -c exitcode=$? echo "\n\n|--- Stopping containers" docker compose -p mage_unit_$project_version -f $composefile down -exit $exitcode \ No newline at end of file +exit $exitcode From ac741150f5acb4c90ca183dbcc6a27bc9531dcef Mon Sep 17 00:00:00 2001 From: "bognar.tamas" Date: Wed, 6 Mar 2024 11:41:49 +0100 Subject: [PATCH 12/36] EMA-145 - Security findings run test change --- .github/workflows/tests.yml | 14 ++++++++++ .../docker/docker-compose-test-elastic.yml | 14 +++++----- .../tools/docker/docker-compose-test.yml | 26 +++++++------------ 3 files changed, 30 insertions(+), 24 deletions(-) diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index e0458c3..6746a6e 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -48,6 +48,13 @@ jobs: sudo tee /etc/apt/sources.list.d/docker.list > /dev/null sudo apt-get update sudo apt-get install docker-compose-plugin -y + - name: Build mage_node image + shell: bash + run: | + cd magento2-extension/dev + docker build -f testv2/tools/docker/Dockerfile-mage-node --build-arg NPM_TOKEN=$NPM_TOKEN -t "mage_node" . + env: + NPM_TOKEN: ${{ secrets.GITLAB_TOKEN }} - name: Run unittest shell: bash run: | @@ -97,6 +104,13 @@ jobs: sudo tee /etc/apt/sources.list.d/docker.list > /dev/null sudo apt-get update sudo apt-get install docker-compose-plugin -y + - name: Build mage_node image + shell: bash + run: | + cd magento2-extension/dev + docker build -f testv2/tools/docker/Dockerfile-mage-node --build-arg NPM_TOKEN=$NPM_TOKEN -t "mage_node" . + env: + NPM_TOKEN: ${{ secrets.GITLAB_TOKEN }} - name: Run e2stest shell: bash run: | diff --git a/dev/testv2/tools/docker/docker-compose-test-elastic.yml b/dev/testv2/tools/docker/docker-compose-test-elastic.yml index 3bfadee..1e24110 100644 --- a/dev/testv2/tools/docker/docker-compose-test-elastic.yml +++ b/dev/testv2/tools/docker/docker-compose-test-elastic.yml @@ -40,13 +40,13 @@ services: - 'discovery.type=single-node' - 'ES_JAVA_OPTS=-Xms512m -Xmx512m' node: - # image: registry.itg.cloud/itg-commerce/emarsys-magento2-extension-test/mage_node:13.6.4 - build: - context: ../../.. - args: - - NPM_TOKEN=$NPM_TOKEN - dockerfile: testv2/tools/docker/Dockerfile-mage-node - container_name: mage_node + image: mage_node + # build: + # context: ../../.. + # args: + # - NPM_TOKEN=$NPM_TOKEN + # dockerfile: testv2/tools/docker/Dockerfile-mage-node + # container_name: mage_node ipc: host env_file: - ../setup/.env diff --git a/dev/testv2/tools/docker/docker-compose-test.yml b/dev/testv2/tools/docker/docker-compose-test.yml index d896433..2ff76fb 100644 --- a/dev/testv2/tools/docker/docker-compose-test.yml +++ b/dev/testv2/tools/docker/docker-compose-test.yml @@ -1,4 +1,4 @@ -version: "3.2" +version: '3.2' services: db: @@ -30,25 +30,17 @@ services: - PHP_SENDMAIL_PATH='/usr/local/bin/mhsendmail --smtp-addr="mailhog:1025"' env_file: - ../setup/.env - command: - [ - "/opt/emartech/wait-for-it.sh", - "db:3306", - "--timeout=30", - "--strict", - "--", - "/opt/emartech/init", - ] + command: ['/opt/emartech/wait-for-it.sh', 'db:3306', '--timeout=30', '--strict', '--', '/opt/emartech/init'] links: - db node: - # image: registry.itg.cloud/itg-commerce/emarsys-magento2-extension-test/mage_node:13.6.4 - build: - context: ../../.. - args: - - NPM_TOKEN=$NPM_TOKEN - dockerfile: testv2/tools/docker/Dockerfile-mage-node - container_name: mage_node + image: mage_node + # build: + # context: ../../.. + # args: + # - NPM_TOKEN=$NPM_TOKEN + # dockerfile: testv2/tools/docker/Dockerfile-mage-node + # container_name: mage_node ipc: host env_file: - ../setup/.env From 68c38e796800973d7768c59cf5590e78a3aa30dc Mon Sep 17 00:00:00 2001 From: "bognar.tamas" Date: Wed, 6 Mar 2024 16:02:37 +0100 Subject: [PATCH 13/36] EMA-145 - Security findings run test change --- dev/testv2/cypress.config.js | 6 +++--- dev/testv2/package.json | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/dev/testv2/cypress.config.js b/dev/testv2/cypress.config.js index df916d8..26d5d25 100644 --- a/dev/testv2/cypress.config.js +++ b/dev/testv2/cypress.config.js @@ -3,9 +3,9 @@ const { defineConfig } = require('cypress'); module.exports = defineConfig({ video: false, trashAssetsBeforeRuns: false, - requestTimeout: 60000, - defaultCommandTimeout: 60000, - pageLoadTimeout: 60000, + requestTimeout: 120000, + defaultCommandTimeout: 120000, + pageLoadTimeout: 120000, blockHosts: ['*snippet.url.com', '*scarabresearch.com'], env: { snippetUrl: 'http://snippet.url.com/main.js' diff --git a/dev/testv2/package.json b/dev/testv2/package.json index df31f70..527e955 100644 --- a/dev/testv2/package.json +++ b/dev/testv2/package.json @@ -9,7 +9,7 @@ "e2e:ci": "cypress run --browser chrome --record --key 80ddf60c-0dca-4075-8074-31207092e038", "e2e:debug": "DEBUG=cypress:* cypress run --browser chrome", "quick-test": "npm run mocha", - "mocha": "./node_modules/mocha/bin/mocha.js --exit --timeout 60000 --colors ./setup.spec.js './!(node_modules|cypress)/**/*.spec.js'", + "mocha": "./node_modules/mocha/bin/mocha.js --exit --timeout 120000 --colors ./setup.spec.js './!(node_modules|cypress)/**/*.spec.js'", "code-style": "eslint '!(node_modules)/**/**.js'", "copy-git-hooks": "cp -rf ./git-hooks/* ./../../.git/hooks && chmod +x ./../../.git/hooks/pre-commit && chmod +x ./../../.git/hooks/commit-msg" }, From 25b97fdb15483dfe27937fbc0d08db81305b8c90 Mon Sep 17 00:00:00 2001 From: "bognar.tamas" Date: Wed, 6 Mar 2024 22:34:09 +0100 Subject: [PATCH 14/36] EMA-145 - Security findings run test change --- dev/testv2/cypress/integration/web-extend.spec.js | 2 ++ 1 file changed, 2 insertions(+) diff --git a/dev/testv2/cypress/integration/web-extend.spec.js b/dev/testv2/cypress/integration/web-extend.spec.js index f9f4966..c886020 100644 --- a/dev/testv2/cypress/integration/web-extend.spec.js +++ b/dev/testv2/cypress/integration/web-extend.spec.js @@ -74,6 +74,8 @@ describe('Web extend scripts', function() { cy.get('.action.showcart').click(); cy.get('#top-cart-btn-checkout').click(); + cy.log("wait"); + cy.wait("6000"); cy.get('#checkout-step-shipping input.input-text[name="username"]').type('guest@cypress.net'); cy.get('#checkout-step-shipping input.input-text[name="firstname"]').type('Guest'); cy.get('#checkout-step-shipping input.input-text[name="lastname"]').type('Da Best'); From 567a68866b62f38618cbb2b263a90ce92ee8402a Mon Sep 17 00:00:00 2001 From: "bognar.tamas" Date: Thu, 7 Mar 2024 09:47:24 +0100 Subject: [PATCH 15/36] EMA-145 - Security findings run test change --- dev/testv2/cypress/integration/web-extend.spec.js | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/dev/testv2/cypress/integration/web-extend.spec.js b/dev/testv2/cypress/integration/web-extend.spec.js index c886020..29a2927 100644 --- a/dev/testv2/cypress/integration/web-extend.spec.js +++ b/dev/testv2/cypress/integration/web-extend.spec.js @@ -74,8 +74,7 @@ describe('Web extend scripts', function() { cy.get('.action.showcart').click(); cy.get('#top-cart-btn-checkout').click(); - cy.log("wait"); - cy.wait("6000"); + cy.wait(6000); cy.get('#checkout-step-shipping input.input-text[name="username"]').type('guest@cypress.net'); cy.get('#checkout-step-shipping input.input-text[name="firstname"]').type('Guest'); cy.get('#checkout-step-shipping input.input-text[name="lastname"]').type('Da Best'); From a5bca27c3d493096e04d143575b5e3d017846678 Mon Sep 17 00:00:00 2001 From: Sanyi Date: Fri, 8 Mar 2024 09:56:50 +0100 Subject: [PATCH 16/36] EMA-145 - Security findings --- dev/testv2/package.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/dev/testv2/package.json b/dev/testv2/package.json index 527e955..c896cee 100644 --- a/dev/testv2/package.json +++ b/dev/testv2/package.json @@ -5,9 +5,9 @@ "scripts": { "postinstall": "if [ -d \"./../../.git\" ]; then npm run copy-git-hooks; fi", "test": "npm run mocha && npm run code-style", - "e2e": "cypress run --browser chrome", - "e2e:ci": "cypress run --browser chrome --record --key 80ddf60c-0dca-4075-8074-31207092e038", - "e2e:debug": "DEBUG=cypress:* cypress run --browser chrome", + "e2e": "cypress run --browser electron --headless", + "e2e:ci": "cypress run --browser electron --headless --record --key 80ddf60c-0dca-4075-8074-31207092e038", + "e2e:debug": "DEBUG=cypress:* cypress run --browser electron --headless", "quick-test": "npm run mocha", "mocha": "./node_modules/mocha/bin/mocha.js --exit --timeout 120000 --colors ./setup.spec.js './!(node_modules|cypress)/**/*.spec.js'", "code-style": "eslint '!(node_modules)/**/**.js'", From 5e31d0956373aa61e6e06300fde2bf53e8bfd43b Mon Sep 17 00:00:00 2001 From: Sanyi Date: Fri, 8 Mar 2024 10:12:44 +0100 Subject: [PATCH 17/36] EMA-145 - Security findings --- dev/testv2/cypress/integration/web-extend.spec.js | 2 ++ 1 file changed, 2 insertions(+) diff --git a/dev/testv2/cypress/integration/web-extend.spec.js b/dev/testv2/cypress/integration/web-extend.spec.js index 29a2927..46d7e77 100644 --- a/dev/testv2/cypress/integration/web-extend.spec.js +++ b/dev/testv2/cypress/integration/web-extend.spec.js @@ -75,6 +75,8 @@ describe('Web extend scripts', function() { cy.get('#top-cart-btn-checkout').click(); cy.wait(6000); + cy.contains('Email Address').should('be.visible'); + cy.get('#checkout-step-shipping input.input-text[name="username"]').type('guest@cypress.net'); cy.get('#checkout-step-shipping input.input-text[name="firstname"]').type('Guest'); cy.get('#checkout-step-shipping input.input-text[name="lastname"]').type('Da Best'); From 450d615b233bd1c862511f6c24a13eb8da1532f8 Mon Sep 17 00:00:00 2001 From: "bognar.tamas" Date: Fri, 8 Mar 2024 13:34:49 +0100 Subject: [PATCH 18/36] EMA-145 - Security findings run test change --- dev/testv2/cypress/integration/web-extend.spec.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/dev/testv2/cypress/integration/web-extend.spec.js b/dev/testv2/cypress/integration/web-extend.spec.js index 46d7e77..b12b4a3 100644 --- a/dev/testv2/cypress/integration/web-extend.spec.js +++ b/dev/testv2/cypress/integration/web-extend.spec.js @@ -74,8 +74,8 @@ describe('Web extend scripts', function() { cy.get('.action.showcart').click(); cy.get('#top-cart-btn-checkout').click(); - cy.wait(6000); - cy.contains('Email Address').should('be.visible'); + // cy.wait(6000); + // cy.contains('Email Address').should('be.visible'); cy.get('#checkout-step-shipping input.input-text[name="username"]').type('guest@cypress.net'); cy.get('#checkout-step-shipping input.input-text[name="firstname"]').type('Guest'); From 982376f10260be27dfcf7ce67f419edf7401d2e0 Mon Sep 17 00:00:00 2001 From: Sanyi Date: Tue, 19 Mar 2024 04:12:45 +0100 Subject: [PATCH 19/36] EMA-145 - Security findings --- dev/testv2/cypress/integration/web-extend.spec.js | 1 + 1 file changed, 1 insertion(+) diff --git a/dev/testv2/cypress/integration/web-extend.spec.js b/dev/testv2/cypress/integration/web-extend.spec.js index b12b4a3..b463b6b 100644 --- a/dev/testv2/cypress/integration/web-extend.spec.js +++ b/dev/testv2/cypress/integration/web-extend.spec.js @@ -74,6 +74,7 @@ describe('Web extend scripts', function() { cy.get('.action.showcart').click(); cy.get('#top-cart-btn-checkout').click(); + cy.visit('/checkout'); // cy.wait(6000); // cy.contains('Email Address').should('be.visible'); From 973f29871348a39ae412d03251e73fdbd0483781 Mon Sep 17 00:00:00 2001 From: Sanyi Date: Tue, 19 Mar 2024 06:06:13 +0100 Subject: [PATCH 20/36] EMA-145 - Security findings --- dev/testv2/products/list.spec.js | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/dev/testv2/products/list.spec.js b/dev/testv2/products/list.spec.js index 578b999..3e8e27a 100644 --- a/dev/testv2/products/list.spec.js +++ b/dev/testv2/products/list.spec.js @@ -353,7 +353,12 @@ describe('Products endpoint', function () { originalPrice = configurableProduct.store_data.find((data) => data.store_id !== 0).price; await setPriceForEntityId(entityIdUsed, 0, this.db, this.magentoEdition); - await this.reindex(); + + try { + await this.reindex(); + } catch (e) { + console.log(e); + } }); after(async function () { From a350908957bca48b1cd0d4a2d64971e9f17d80b2 Mon Sep 17 00:00:00 2001 From: Sanyi Date: Tue, 19 Mar 2024 07:54:00 +0100 Subject: [PATCH 21/36] EMA-145 - Security findings --- dev/testv2/products/list.spec.js | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/dev/testv2/products/list.spec.js b/dev/testv2/products/list.spec.js index 3e8e27a..4e7e96a 100644 --- a/dev/testv2/products/list.spec.js +++ b/dev/testv2/products/list.spec.js @@ -357,13 +357,17 @@ describe('Products endpoint', function () { try { await this.reindex(); } catch (e) { - console.log(e); + console.log(e.stack); } }); after(async function () { await setPriceForEntityId(entityIdUsed, originalPrice, this.db, this.magentoEdition); - await this.reindex(); + try { + await this.reindex(); + } catch (e) { + console.log(e.stack); + } }); it('returns configurable product min price if price or final price is 0', async function () { const { products } = await this.magentoApi.execute('products', 'get', requestParams); From 9eb1067d114c8813b4cb54afcfc8f88d18c050f1 Mon Sep 17 00:00:00 2001 From: Sanyi Date: Tue, 19 Mar 2024 15:34:48 +0100 Subject: [PATCH 22/36] EMA-145 - Security findings --- dev/testv2/cypress/integration/web-extend.spec.js | 1 + dev/testv2/products/list.spec.js | 4 ++-- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/dev/testv2/cypress/integration/web-extend.spec.js b/dev/testv2/cypress/integration/web-extend.spec.js index b463b6b..f21f591 100644 --- a/dev/testv2/cypress/integration/web-extend.spec.js +++ b/dev/testv2/cypress/integration/web-extend.spec.js @@ -91,6 +91,7 @@ describe('Web extend scripts', function() { cy.get('button[data-role="opc-continue"]').click(); cy.get('button[title="Place Order"]').click(); + cy.wait(1000); cy.get('.checkout-success'); cy.window().then(win => { diff --git a/dev/testv2/products/list.spec.js b/dev/testv2/products/list.spec.js index 4e7e96a..23fd14b 100644 --- a/dev/testv2/products/list.spec.js +++ b/dev/testv2/products/list.spec.js @@ -357,7 +357,7 @@ describe('Products endpoint', function () { try { await this.reindex(); } catch (e) { - console.log(e.stack); + console.log(e.message); } }); @@ -366,7 +366,7 @@ describe('Products endpoint', function () { try { await this.reindex(); } catch (e) { - console.log(e.stack); + console.log(e.message); } }); it('returns configurable product min price if price or final price is 0', async function () { From aaf2f33079f014e2882db9f3f75c1c2f0e14a8df Mon Sep 17 00:00:00 2001 From: Sanyi Date: Thu, 4 Apr 2024 06:10:08 +0200 Subject: [PATCH 23/36] EMA-145 - Security findings --- .github/workflows/tests.yml | 4 ++-- dev/testv2/tools/docker/docker-compose-test-elastic.yml | 2 +- dev/testv2/tools/docker/docker-compose-test.yml | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index 6746a6e..5013345 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -16,7 +16,7 @@ jobs: fail-fast: false matrix: magento-versions: - ["2.3.3ce", "2.3.5ce", "2.4.0ce", "2.4.2ce", "2.4.4ce", "2.4.6ce"] + ["2.3.5ce", "2.4.0ce", "2.4.2ce", "2.4.4ce", "2.4.6ce"] steps: - name: Extract branch name shell: bash @@ -72,7 +72,7 @@ jobs: fail-fast: false matrix: magento-versions: - ["2.3.3ce", "2.3.5ce", "2.4.0ce", "2.4.2ce", "2.4.4ce", "2.4.6ce"] + ["2.3.5ce", "2.4.0ce", "2.4.2ce", "2.4.4ce", "2.4.6ce"] steps: - name: Extract branch name shell: bash diff --git a/dev/testv2/tools/docker/docker-compose-test-elastic.yml b/dev/testv2/tools/docker/docker-compose-test-elastic.yml index 1e24110..fa89a1c 100644 --- a/dev/testv2/tools/docker/docker-compose-test-elastic.yml +++ b/dev/testv2/tools/docker/docker-compose-test-elastic.yml @@ -22,7 +22,7 @@ services: - ../setup/reindex.php:/app/pub/reindex.php - ../setup/trigger_event.php:/app/trigger_event.php - ../setup/trigger_event.php:/app/pub/trigger_event.php - - ../setup/customer-data.js:/app/vendor/magento/module-customer/view/frontend/web/js/customer-data.js + # - ../setup/customer-data.js:/app/vendor/magento/module-customer/view/frontend/web/js/customer-data.js environment: - MAGENTO_URL=http://magento-test.local - MAGENTO_REPO_KEY=$MAGENTO_REPO_KEY diff --git a/dev/testv2/tools/docker/docker-compose-test.yml b/dev/testv2/tools/docker/docker-compose-test.yml index 2ff76fb..8478c76 100644 --- a/dev/testv2/tools/docker/docker-compose-test.yml +++ b/dev/testv2/tools/docker/docker-compose-test.yml @@ -22,7 +22,7 @@ services: - ../setup/reindex.php:/app/pub/reindex.php - ../setup/trigger_event.php:/app/trigger_event.php - ../setup/trigger_event.php:/app/pub/trigger_event.php - - ../setup/customer-data.js:/app/vendor/magento/module-customer/view/frontend/web/js/customer-data.js + # - ../setup/customer-data.js:/app/vendor/magento/module-customer/view/frontend/web/js/customer-data.js environment: - MAGENTO_URL=http://magento-test.local - MAGENTO_REPO_KEY=$MAGENTO_REPO_KEY From c2b859f2e4955764298d98cfe72d628b63a57f35 Mon Sep 17 00:00:00 2001 From: Sanyi Date: Thu, 20 Jun 2024 11:39:54 +0200 Subject: [PATCH 24/36] EMA-145 - Security findings --- dev/README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/dev/README.md b/dev/README.md index f8412f4..4fa7bc0 100644 --- a/dev/README.md +++ b/dev/README.md @@ -203,3 +203,4 @@ git push -f --tags ## Update Cypress * Update the version in `package.json` * Run `make build-cypress VERSION=new-version` from project root + From f9446f14debc237eb0e445bc0a0c51689a989231 Mon Sep 17 00:00:00 2001 From: Sanyi Date: Thu, 20 Jun 2024 14:38:49 +0200 Subject: [PATCH 25/36] EMA-145 - Security findings --- dev/README.md | 1 - 1 file changed, 1 deletion(-) diff --git a/dev/README.md b/dev/README.md index 4fa7bc0..f8412f4 100644 --- a/dev/README.md +++ b/dev/README.md @@ -203,4 +203,3 @@ git push -f --tags ## Update Cypress * Update the version in `package.json` * Run `make build-cypress VERSION=new-version` from project root - From 368837594cfda60f5b3e67e0dc203499d3c9eb1d Mon Sep 17 00:00:00 2001 From: Sanyi Date: Thu, 20 Jun 2024 15:08:07 +0200 Subject: [PATCH 26/36] EMA-145 - Security findings --- dev/README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/dev/README.md b/dev/README.md index f8412f4..4fa7bc0 100644 --- a/dev/README.md +++ b/dev/README.md @@ -203,3 +203,4 @@ git push -f --tags ## Update Cypress * Update the version in `package.json` * Run `make build-cypress VERSION=new-version` from project root + From 43c6e458ca202934d6e8caec76218cc6e8cf6cf9 Mon Sep 17 00:00:00 2001 From: Sanyi Date: Thu, 20 Jun 2024 16:51:23 +0200 Subject: [PATCH 27/36] EMA-145 - Security findings --- dev/README.md | 1 - 1 file changed, 1 deletion(-) diff --git a/dev/README.md b/dev/README.md index 4fa7bc0..f8412f4 100644 --- a/dev/README.md +++ b/dev/README.md @@ -203,4 +203,3 @@ git push -f --tags ## Update Cypress * Update the version in `package.json` * Run `make build-cypress VERSION=new-version` from project root - From 51bfed07209101d7aa561d105115c83f73e7714b Mon Sep 17 00:00:00 2001 From: Sanyi Date: Mon, 24 Jun 2024 16:49:06 +0200 Subject: [PATCH 28/36] EMA-145 - Security findings --- dev/README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/dev/README.md b/dev/README.md index f8412f4..4fa7bc0 100644 --- a/dev/README.md +++ b/dev/README.md @@ -203,3 +203,4 @@ git push -f --tags ## Update Cypress * Update the version in `package.json` * Run `make build-cypress VERSION=new-version` from project root + From a6786ef929e318d1c812a86aaf37c13be2eac4e7 Mon Sep 17 00:00:00 2001 From: Sanyi Date: Fri, 28 Jun 2024 17:16:32 +0200 Subject: [PATCH 29/36] EMA-145 - Security findings --- dev/testv2/attributes/index.spec.js | 22 ++++++++--------- dev/testv2/config/index.spec.js | 12 +++++----- dev/testv2/customers/list.spec.js | 10 ++++---- .../integration/default-behaviour.spec.js | 20 ++++++++-------- .../marketing-events-customer.spec.js | 18 +++++++------- .../marketing-events-subscription.spec.js | 22 ++++++++--------- .../cypress/integration/web-extend.spec.js | 19 ++++++--------- dev/testv2/cypress/support/e2e.js | 2 +- dev/testv2/events/customer.spec.js | 16 ++++++------- dev/testv2/events/endpoint.spec.js | 16 ++++++------- .../get-inventory-for-products.spec.js | 10 ++++---- dev/testv2/orders/get.spec.js | 14 +++++------ dev/testv2/system-info/get.spec.js | 8 +++---- dev/testv2/tools/setup/setup | 5 +++- dev/testv2/webextend/script.spec.js | 24 +++++++++---------- 15 files changed, 108 insertions(+), 110 deletions(-) diff --git a/dev/testv2/attributes/index.spec.js b/dev/testv2/attributes/index.spec.js index f57f5bc..a761dd1 100644 --- a/dev/testv2/attributes/index.spec.js +++ b/dev/testv2/attributes/index.spec.js @@ -6,13 +6,13 @@ const websiteId = 1; const mapAttributes = attributes => attributes.map(attribute => ({ code: attribute.code, name: attribute.name })); -describe('Attributes endpoint', function() { - afterEach(async function() {}); +describe('Attributes endpoint', function () { + afterEach(async function () {}); - after(async function() {}); + after(async function () {}); - describe('get', function() { - it('should fetch attributes including extra fields for customer', async function() { + describe('get', function () { + it('should fetch attributes including extra fields for customer', async function () { const { attributes } = await this.magentoApi.execute('attributes', 'get', { type: 'customer' }); const mappedAttributes = mapAttributes(attributes); @@ -29,7 +29,7 @@ describe('Attributes endpoint', function() { } }); - it('should fetch attributes including extra fields for customer_address', async function() { + it('should fetch attributes including extra fields for customer_address', async function () { const { attributes } = await this.magentoApi.execute('attributes', 'get', { type: 'customer_address' }); const mappedAttributes = mapAttributes(attributes); @@ -40,7 +40,7 @@ describe('Attributes endpoint', function() { } }); - it('should fetch attributes including extra fields for products', async function() { + it('should fetch attributes including extra fields for products', async function () { const { attributes } = await this.magentoApi.execute('attributes', 'get', { type: 'product' }); const mappedAttributes = attributes.map(attribute => { return { code: attribute.code, name: attribute.name }; @@ -58,8 +58,8 @@ describe('Attributes endpoint', function() { }); }); - describe('set', function() { - it('should modify customer attribute config for website', async function() { + describe('set', function () { + it('should modify customer attribute config for website', async function () { await this.magentoApi.execute('attributes', 'set', { websiteId, type: 'customer', @@ -76,7 +76,7 @@ describe('Attributes endpoint', function() { expect(config.value).to.equal(JSON.stringify(['hello_attribute'])); }); - it('should modify customer_address attribute config for website', async function() { + it('should modify customer_address attribute config for website', async function () { await this.magentoApi.execute('attributes', 'set', { websiteId, type: 'customer_address', @@ -93,7 +93,7 @@ describe('Attributes endpoint', function() { expect(config.value).to.equal(JSON.stringify(['hello_attribute'])); }); - it('should modify product attribute config for website', async function() { + it('should modify product attribute config for website', async function () { await this.magentoApi.execute('attributes', 'set', { websiteId: 0, type: 'product', diff --git a/dev/testv2/config/index.spec.js b/dev/testv2/config/index.spec.js index 942ef1e..50bc940 100644 --- a/dev/testv2/config/index.spec.js +++ b/dev/testv2/config/index.spec.js @@ -21,21 +21,21 @@ const dbKeys = { }; const websiteId = 1; -describe('Config endpoint', function() { - before(async function() { +describe('Config endpoint', function () { + before(async function () { await this.turnOffEverySetting(1); }); - afterEach(async function() { + afterEach(async function () { await this.turnOffEverySetting(1); }); - after(async function() { + after(async function () { await this.setDefaultStoreSettings(); }); - describe('set', function() { - it('should modify config values for website', async function() { + describe('set', function () { + it('should modify config values for website', async function () { await this.magentoApi.execute('config', 'set', { websiteId, config: fullConfig diff --git a/dev/testv2/customers/list.spec.js b/dev/testv2/customers/list.spec.js index 71e7385..a57ff7d 100644 --- a/dev/testv2/customers/list.spec.js +++ b/dev/testv2/customers/list.spec.js @@ -23,8 +23,8 @@ const customers = [ } ]; -describe('Customers endpoint', function() { - before(async function() { +describe('Customers endpoint', function () { + before(async function () { await this.magentoApi.execute('attributes', 'set', { websiteId: 1, type: 'customer', @@ -35,7 +35,7 @@ describe('Customers endpoint', function() { } }); - after(async function() { + after(async function () { await this.magentoApi.execute('attributes', 'set', { websiteId: 1, type: 'customer', @@ -44,7 +44,7 @@ describe('Customers endpoint', function() { await this.db.raw(`DELETE FROM ${this.getTableName('customer_entity')} where email like "%@customer.net"`); }); - it('returns customers according to page and page_size inlcuding last_page', async function() { + it('returns customers according to page and page_size inlcuding last_page', async function () { const page = 1; const limit = 2; @@ -66,7 +66,7 @@ describe('Customers endpoint', function() { expect(customer).to.have.property('shipping_address'); }); - it('returns extra_fields for customers', async function() { + it('returns extra_fields for customers', async function () { const page = 1; const limit = 1; diff --git a/dev/testv2/cypress/integration/default-behaviour.spec.js b/dev/testv2/cypress/integration/default-behaviour.spec.js index 9ecd356..ac79406 100644 --- a/dev/testv2/cypress/integration/default-behaviour.spec.js +++ b/dev/testv2/cypress/integration/default-behaviour.spec.js @@ -1,6 +1,6 @@ 'use strict'; -describe('Default behaviour with everything turned off', function() { +describe('Default behaviour with everything turned off', function () { before(() => { cy.task('setConfig', {}); }); @@ -14,13 +14,13 @@ describe('Default behaviour with everything turned off', function() { cy.task('clearMails'); }); - context('MarketingEvents - Customer', function() { + context('MarketingEvents - Customer', function () { afterEach(() => { cy.task('clearEvents'); cy.logout(); }); - it('should not create customer_password_reset event', function() { + it('should not create customer_password_reset event', function () { const newPassword = 'newPassword1'; cy.loginWithCustomer(this.defaultCustomer); @@ -36,7 +36,7 @@ describe('Default behaviour with everything turned off', function() { }); }); - it('should not create customer_email_changed event', function() { + it('should not create customer_email_changed event', function () { const oldEmail = this.defaultCustomer.email; const newEmail = 'cypress2@default.com'; @@ -52,7 +52,7 @@ describe('Default behaviour with everything turned off', function() { }); }); - it('should not create customer_email_and_password_changed event', function() { + it('should not create customer_email_and_password_changed event', function () { const newEmail = 'cypress5@default.com'; const newPassword = 'newPassword4'; @@ -70,7 +70,7 @@ describe('Default behaviour with everything turned off', function() { }); }); - context('MarketingEvents - Subscription', function() { + context('MarketingEvents - Subscription', function () { const unsubscribe = email => { cy.task('getSubscription', email).then(subscription => { cy.visit(`/newsletter/subscriber/unsubscribe?id=${subscription.subscriber_id}\ @@ -84,8 +84,8 @@ describe('Default behaviour with everything turned off', function() { cy.get('.action.subscribe.primary[type="submit"]').click(); }; - context('guest with double optin off', function() { - it('should not create subscription events', function() { + context('guest with double optin off', function () { + it('should not create subscription events', function () { const guestEmail = 'no-event.doptin-off@guest-cypress.com'; subscribe(guestEmail); @@ -110,7 +110,7 @@ describe('Default behaviour with everything turned off', function() { }); }); - context('guest with double optin on', function() { + context('guest with double optin on', function () { before(() => { cy.task('setDoubleOptin', true); cy.task('flushMagentoCache'); @@ -120,7 +120,7 @@ describe('Default behaviour with everything turned off', function() { cy.task('setDoubleOptin', false); }); - it('should not create subscription events', function() { + it('should not create subscription events', function () { const guestEmail = 'no-event.doptin-on@guest-cypress.com'; subscribe(guestEmail); diff --git a/dev/testv2/cypress/integration/marketing-events-customer.spec.js b/dev/testv2/cypress/integration/marketing-events-customer.spec.js index 75c1586..e4b7c42 100644 --- a/dev/testv2/cypress/integration/marketing-events-customer.spec.js +++ b/dev/testv2/cypress/integration/marketing-events-customer.spec.js @@ -1,6 +1,6 @@ 'use strict'; -describe('Marketing Events', function() { +describe('Marketing Events', function () { beforeEach(() => { cy.task('clearMails'); cy.task('getDefaultCustomer').as('defaultCustomer'); @@ -10,7 +10,7 @@ describe('Marketing Events', function() { cy.logout(); }); - context('magentoSendEmails config is disabled', function() { + context('magentoSendEmails config is disabled', function () { before(() => { cy.task('setConfig', { collectMarketingEvents: 'enabled', @@ -19,7 +19,7 @@ describe('Marketing Events', function() { cy.task('clearEvents'); }); - it('should create customer_password_reset event', function() { + it('should create customer_password_reset event', function () { const newPassword = 'newPassword2'; cy.loginWithCustomer(this.defaultCustomer); @@ -36,7 +36,7 @@ describe('Marketing Events', function() { }); }); - it('should create customer_email_changed event', function() { + it('should create customer_email_changed event', function () { const newEmail = 'cypress3@default.com'; cy.loginWithCustomer(this.defaultCustomer); @@ -53,7 +53,7 @@ describe('Marketing Events', function() { }); }); - it('should create customer_email_and_password_changed event', function() { + it('should create customer_email_and_password_changed event', function () { const newEmail = 'cypress4@default.com'; const newPassword = 'newPassword3'; @@ -72,7 +72,7 @@ describe('Marketing Events', function() { }); }); - context('magentoSendEmails config is enabled', function() { + context('magentoSendEmails config is enabled', function () { before(() => { cy.task('setConfig', { collectMarketingEvents: 'enabled', @@ -81,7 +81,7 @@ describe('Marketing Events', function() { cy.task('clearEvents'); }); - it('should create customer_password_reset event', function() { + it('should create customer_password_reset event', function () { const newPassword = 'newPassword2'; cy.loginWithCustomer(this.defaultCustomer); @@ -98,7 +98,7 @@ describe('Marketing Events', function() { }); }); - it('should create customer_email_changed event', function() { + it('should create customer_email_changed event', function () { const oldEmail = this.defaultCustomer.email; const newEmail = 'cypress3@default.com'; @@ -116,7 +116,7 @@ describe('Marketing Events', function() { }); }); - it('should create customer_email_and_password_changed event', function() { + it('should create customer_email_and_password_changed event', function () { const oldEmail = this.defaultCustomer.email; const newEmail = 'cypress4@default.com'; const newPassword = 'newPassword3'; diff --git a/dev/testv2/cypress/integration/marketing-events-subscription.spec.js b/dev/testv2/cypress/integration/marketing-events-subscription.spec.js index e1bbb4d..9e36989 100644 --- a/dev/testv2/cypress/integration/marketing-events-subscription.spec.js +++ b/dev/testv2/cypress/integration/marketing-events-subscription.spec.js @@ -1,6 +1,6 @@ 'use strict'; -describe('Marketing Events', function() { +describe('Marketing Events', function () { const unsubscribe = email => { cy.task('getSubscription', email).then(subscription => { cy.visit(`/newsletter/subscriber/unsubscribe?id=${subscription.subscriber_id}\ @@ -19,7 +19,7 @@ describe('Marketing Events', function() { cy.task('clearEvents'); }); - context('magentoSendEmails config is disabled', function() { + context('magentoSendEmails config is disabled', function () { before(() => { cy.task('setConfig', { collectMarketingEvents: 'enabled', @@ -27,8 +27,8 @@ describe('Marketing Events', function() { }); }); - context('guest with double optin off', function() { - it('should create subscription events', function() { + context('guest with double optin off', function () { + it('should create subscription events', function () { const guestEmail = 'event.doptin-off.sub@guest-cypress.com'; subscribe(guestEmail); @@ -56,7 +56,7 @@ describe('Marketing Events', function() { }); }); - context('guest with double optin on', function() { + context('guest with double optin on', function () { before(() => { cy.task('setDoubleOptin', true); cy.task('flushMagentoCache'); @@ -66,7 +66,7 @@ describe('Marketing Events', function() { cy.task('setDoubleOptin', false); }); - it('should create newsletter_send_confirmation_request_email event', function() { + it('should create newsletter_send_confirmation_request_email event', function () { const guestEmail = 'event.doptin-on.sub@guest-cypress.com'; subscribe(guestEmail); @@ -95,7 +95,7 @@ describe('Marketing Events', function() { }); }); - context('magentoSendEmails config is enabled', function() { + context('magentoSendEmails config is enabled', function () { before(() => { cy.task('setConfig', { collectMarketingEvents: 'enabled', @@ -103,8 +103,8 @@ describe('Marketing Events', function() { }); }); - context('guest with double optin off', function() { - it('should create subscription events', function() { + context('guest with double optin off', function () { + it('should create subscription events', function () { const guestEmail = 'event.doptin-off.sub@guest-cypress.com'; subscribe(guestEmail); @@ -133,7 +133,7 @@ describe('Marketing Events', function() { }); }); - context('guest with double optin on', function() { + context('guest with double optin on', function () { before(() => { cy.task('setDoubleOptin', true); cy.task('flushMagentoCache'); @@ -143,7 +143,7 @@ describe('Marketing Events', function() { cy.task('setDoubleOptin', false); }); - it('should create newsletter_send_confirmation_request_email event', function() { + it('should create newsletter_send_confirmation_request_email event', function () { const guestEmail = 'event.doptin-on.sub@guest-cypress.com'; subscribe(guestEmail); diff --git a/dev/testv2/cypress/integration/web-extend.spec.js b/dev/testv2/cypress/integration/web-extend.spec.js index f21f591..86efd99 100644 --- a/dev/testv2/cypress/integration/web-extend.spec.js +++ b/dev/testv2/cypress/integration/web-extend.spec.js @@ -4,7 +4,7 @@ const merchantId = 'merchantId123'; const webTrackingSnippetUrl = Cypress.env('snippetUrl'); const predictUrl = `http://cdn.scarabresearch.com/js/${merchantId}/scarab-v2.js`; -describe('Web extend scripts', function() { +describe('Web extend scripts', function () { before(() => { cy.task('setConfig', { injectSnippet: 'enabled', @@ -24,9 +24,9 @@ describe('Web extend scripts', function() { win.customerStub = cy.stub().as('customerStub'); const testScriptNode = win.document.createElement('script'); - testScriptNode.text = `window.require(['Magento_Customer/js/customer-data'], function(customerData) { + testScriptNode.text = `window.require(['Magento_Customer/js/customer-data'], function (customerData) { window.customerStub(customerData.get('customer')()) - customerData.get('customer').subscribe(function(customer) { + customerData.get('customer').subscribe(function (customer) { window.customerStub(customer); }); });`; @@ -38,7 +38,7 @@ describe('Web extend scripts', function() { cy.logout(); }); - it('should include web-extend scripts', function() { + it('should include web-extend scripts', function () { cy.visit('/'); cy.get('script').then(scripts => { @@ -48,7 +48,7 @@ describe('Web extend scripts', function() { }); }); - it('should include proper customer data', function() { + it('should include proper customer data', function () { cy.loginWithCustomer({ email: 'roni_cost@example.com', password: 'roni_cost3@example.com' }); cy.visit('/fusion-backpack.html'); @@ -60,7 +60,7 @@ describe('Web extend scripts', function() { }); }); - it('should include orderData after ordering as a guest', function() { + it('should include orderData after ordering as a guest', function () { cy.visit('/fusion-backpack.html'); cy.get('.loading-mask').should('not.exist'); @@ -74,10 +74,6 @@ describe('Web extend scripts', function() { cy.get('.action.showcart').click(); cy.get('#top-cart-btn-checkout').click(); - cy.visit('/checkout'); - // cy.wait(6000); - // cy.contains('Email Address').should('be.visible'); - cy.get('#checkout-step-shipping input.input-text[name="username"]').type('guest@cypress.net'); cy.get('#checkout-step-shipping input.input-text[name="firstname"]').type('Guest'); cy.get('#checkout-step-shipping input.input-text[name="lastname"]').type('Da Best'); @@ -91,7 +87,6 @@ describe('Web extend scripts', function() { cy.get('button[data-role="opc-continue"]').click(); cy.get('button[title="Place Order"]').click(); - cy.wait(1000); cy.get('.checkout-success'); cy.window().then(win => { @@ -108,7 +103,7 @@ describe('Web extend scripts', function() { }); }); - it('should include orderData after ordering as a logged in user', function() { + it('should include orderData after ordering as a logged in user', function () { cy.loginWithCustomer({ email: 'roni_cost@example.com', password: 'roni_cost3@example.com' }); cy.visit('/fusion-backpack.html'); diff --git a/dev/testv2/cypress/support/e2e.js b/dev/testv2/cypress/support/e2e.js index 4532834..3ee2538 100644 --- a/dev/testv2/cypress/support/e2e.js +++ b/dev/testv2/cypress/support/e2e.js @@ -41,7 +41,7 @@ Cypress.on('fail', error => { throw error; }); -console.log = function(...args) { +console.log = function (...args) { logs += args.join('\n'); logs += '\n'; }; diff --git a/dev/testv2/events/customer.spec.js b/dev/testv2/events/customer.spec.js index b09e4a7..6383613 100644 --- a/dev/testv2/events/customer.spec.js +++ b/dev/testv2/events/customer.spec.js @@ -17,8 +17,8 @@ const customer = { ] }; -describe('Customer events', function() { - before(async function() { +describe('Customer events', function () { + before(async function () { await this.magentoApi.execute('attributes', 'set', { websiteId: 1, type: 'customer', @@ -26,12 +26,12 @@ describe('Customer events', function() { }); }); - afterEach(async function() { + afterEach(async function () { await this.db.raw(`DELETE FROM ${this.getTableName('customer_entity')} where email = "yolo99@yolo.net"`); await this.turnOffEverySetting(1); }); - after(async function() { + after(async function () { await this.magentoApi.execute('attributes', 'set', { websiteId: 1, type: 'customer', @@ -39,7 +39,7 @@ describe('Customer events', function() { }); }); - it('"customers/update" is saved in DB if customer is created', async function() { + it('"customers/update" is saved in DB if customer is created', async function () { await this.magentoApi.execute('config', 'set', { websiteId: 1, config: { collectCustomerEvents: 'enabled' } }); await this.createCustomer(customer); @@ -56,7 +56,7 @@ describe('Customer events', function() { expect(event.store_id).to.equal(1); }); - it('"customers/update" is saved in DB if customer is updated', async function() { + it('"customers/update" is saved in DB if customer is updated', async function () { const createdCustomer = await this.createCustomer(customer); await this.magentoApi.execute('config', 'set', { websiteId: 1, config: { collectCustomerEvents: 'enabled' } }); @@ -83,7 +83,7 @@ describe('Customer events', function() { expect(event.store_id).to.equal(1); }); - it('"customers/delete" is saved in DB if customer is deleted', async function() { + it('"customers/delete" is saved in DB if customer is deleted', async function () { const createdCustomer = await this.createCustomer(customer); await this.magentoApi.execute('config', 'set', { websiteId: 1, config: { collectCustomerEvents: 'enabled' } }); @@ -100,7 +100,7 @@ describe('Customer events', function() { expect(event.entity_id).to.eql(createdCustomer.entityId); }); - it('are not saved in DB if collectCustomerEvents is disabled', async function() { + it('are not saved in DB if collectCustomerEvents is disabled', async function () { await this.turnOffEverySetting(1); await this.createCustomer(customer); diff --git a/dev/testv2/events/endpoint.spec.js b/dev/testv2/events/endpoint.spec.js index b1fbb9e..bb198d4 100644 --- a/dev/testv2/events/endpoint.spec.js +++ b/dev/testv2/events/endpoint.spec.js @@ -33,12 +33,12 @@ const customers = [ } ]; -describe('Events API endpoint', function() { - before(async function() { +describe('Events API endpoint', function () { + before(async function () { await this.magentoApi.execute('config', 'set', { websiteId: 1, config: { collectCustomerEvents: 'enabled' } }); }); - afterEach(async function() { + afterEach(async function () { await this.db.raw( `DELETE FROM ${this.getTableName( 'customer_entity' @@ -46,11 +46,11 @@ describe('Events API endpoint', function() { ); }); - after(async function() { + after(async function () { await this.turnOffEverySetting(1); }); - it('returns number of events defined in page_size and deletes events before since_id', async function() { + it('returns number of events defined in page_size and deletes events before since_id', async function () { for (const customer of customers) { await this.createCustomer(customer); } @@ -75,7 +75,7 @@ describe('Events API endpoint', function() { expect(firstEvent.store_id).to.equal(1); }); - it('returns 406 status if sinceId is higher than max event ID in the events table', async function() { + it('returns 406 status if sinceId is higher than max event ID in the events table', async function () { for (const customer of customers) { await this.createCustomer(customer); } @@ -95,7 +95,7 @@ describe('Events API endpoint', function() { expect(eventsResponse.events.length).to.equal(3); }); - it('does not return 406 status if sinceId is equal to the maximal event ID in the table', async function() { + it('does not return 406 status if sinceId is equal to the maximal event ID in the table', async function () { for (const customer of customers) { await this.createCustomer(customer); } @@ -105,7 +105,7 @@ describe('Events API endpoint', function() { expect(eventsResponse.events.length).to.equal(0); }); - it('does not return 406 status if there are no entries in the events table', async function() { + it('does not return 406 status if there are no entries in the events table', async function () { const eventsResponse = await this.magentoApi.execute('events', 'getSinceId', { sinceId: 1, pageSize: 10 }); expect(eventsResponse.events.length).to.equal(0); diff --git a/dev/testv2/inventory/get-inventory-for-products.spec.js b/dev/testv2/inventory/get-inventory-for-products.spec.js index d47f967..fa67ed0 100644 --- a/dev/testv2/inventory/get-inventory-for-products.spec.js +++ b/dev/testv2/inventory/get-inventory-for-products.spec.js @@ -1,6 +1,6 @@ 'use strict'; -const createSource = async function(magentoApi) { +const createSource = async function (magentoApi) { return await magentoApi.post({ path: '/index.php/rest/V1/inventory/sources', payload: { @@ -15,7 +15,7 @@ const createSource = async function(magentoApi) { }); }; -const addStockForProductInInventorySource = async function(magentoApi) { +const addStockForProductInInventorySource = async function (magentoApi) { return await magentoApi.post({ path: '/index.php/rest/V1/inventory/source-items', payload: { @@ -35,9 +35,9 @@ const inventorySourceCode = 'custom_source'; const skuWithMultipleSources = '24-WB04'; const skuWithDefaultSource = '24-WB07'; -describe('Product inventory API', function() { +describe('Product inventory API', function () { - before(async function() { + before(async function () { if (this.magentoVersion >= '2.3.0') { await createSource(this.magentoApi); try { @@ -48,7 +48,7 @@ describe('Product inventory API', function() { } }); - it('should return product stock for all inventory sources', async function() { + it('should return product stock for all inventory sources', async function () { if (this.magentoVersion >= '2.3.0') { const { items } = await this.magentoApi.execute('inventory', 'getForProducts', { sku: [skuWithMultipleSources, skuWithDefaultSource] diff --git a/dev/testv2/orders/get.spec.js b/dev/testv2/orders/get.spec.js index da1dd9a..c341c42 100644 --- a/dev/testv2/orders/get.spec.js +++ b/dev/testv2/orders/get.spec.js @@ -4,10 +4,10 @@ const { shipOrder, createNewGuestOrder } = require('../helpers/orders'); const orderCount = 4; -describe('Orders endpoint', function() { +describe('Orders endpoint', function () { let localCartItem; - before(async function() { + before(async function () { await this.dbCleaner.clearOrders(); localCartItem = this.localCartItem; @@ -17,11 +17,11 @@ describe('Orders endpoint', function() { } }); - after(async function() { + after(async function () { await this.dbCleaner.clearOrders(); }); - it('should return orders and paging info according to parameters', async function() { + it('should return orders and paging info according to parameters', async function () { const limit = 1; const page = 1; const ordersResponse = await this.magentoApi.execute('orders', 'getSinceId', { @@ -40,7 +40,7 @@ describe('Orders endpoint', function() { expect(ordersResponse.orders[0].store_id).to.equal(1); }); - it('should handle multiple store IDs', async function() { + it('should handle multiple store IDs', async function () { const limit = 1; const page = 1; const ordersResponse = await this.magentoApi.execute('orders', 'getSinceId', { @@ -53,7 +53,7 @@ describe('Orders endpoint', function() { expect(ordersResponse.orderCount).to.be.equal(orderCount); }); - it('should filter for store IDs', async function() { + it('should filter for store IDs', async function () { const limit = 1; const page = 1; const ordersResponse = await this.magentoApi.execute('orders', 'getSinceId', { @@ -66,7 +66,7 @@ describe('Orders endpoint', function() { expect(ordersResponse.orderCount).to.be.equal(0); }); - it('should filter with sinceId', async function() { + it('should filter with sinceId', async function () { const limit = 1; const page = 2; const sinceId = 2; diff --git a/dev/testv2/system-info/get.spec.js b/dev/testv2/system-info/get.spec.js index 5ffbb77..3b0f34b 100644 --- a/dev/testv2/system-info/get.spec.js +++ b/dev/testv2/system-info/get.spec.js @@ -1,7 +1,7 @@ 'use strict'; -describe('SystemInfo API', function() { - it('should return system information', async function() { +describe('SystemInfo API', function () { + it('should return system information', async function () { const info = await this.magentoApi.execute('systeminfo', 'get'); @@ -11,13 +11,13 @@ describe('SystemInfo API', function() { expect(info.magento_edition).to.not.be.undefined; }); - it('should return customer DB website scope when configured so', async function() { + it('should return customer DB website scope when configured so', async function () { const info = await this.magentoApi.execute('systeminfo', 'get'); expect(info.is_website_scope).to.be.true; }); - it('should return customer DB website scope when configured so', async function() { + it('should return customer DB website scope when configured so', async function () { await this.db(this.getTableName('core_config_data')).insert( { scope: 'default', path: 'customer/account_share/scope', value: 0 } ); diff --git a/dev/testv2/tools/setup/setup b/dev/testv2/tools/setup/setup index a110c96..4530f52 100644 --- a/dev/testv2/tools/setup/setup +++ b/dev/testv2/tools/setup/setup @@ -25,5 +25,8 @@ fi mysql -h $MYSQL_HOST -u $MYSQL_USER -p$MYSQL_PASSWORD $MYSQL_DATABASE -e "UPDATE ${TABLE_PREFIX}oauth_token SET token = 'Almafa456';" +echo "-|| Update cookie lifetime" +bin/magento config:set web/cookie/cookie_lifetime 36000 + echo "-|| Flushing cache" -bin/magento cache:flush \ No newline at end of file +bin/magento cache:flush diff --git a/dev/testv2/webextend/script.spec.js b/dev/testv2/webextend/script.spec.js index d0db921..e899240 100644 --- a/dev/testv2/webextend/script.spec.js +++ b/dev/testv2/webextend/script.spec.js @@ -45,8 +45,8 @@ const insertNewCategoryBetween = async (magentoApi, { name, parentId, childId }) }; describe('Webextend scripts', function () { - describe('enabled', function() { - beforeEach(async function() { + describe('enabled', function () { + beforeEach(async function () { await this.magentoApi.execute('config', 'set', { websiteId: 1, config: { @@ -57,7 +57,7 @@ describe('Webextend scripts', function () { }); }); - it('should be in the HTML if injectsnippet is enabled', async function() { + it('should be in the HTML if injectsnippet is enabled', async function () { const emarsysSnippets = await getEmarsysSnippetContents('customer/account/login/'); expect(emarsysSnippets.includes('')).to.be.true; @@ -77,7 +77,7 @@ describe('Webextend scripts', function () { ).to.be.true; }); - it('should include search term', async function() { + it('should include search term', async function () { const emarsysSnippets = await getEmarsysSnippetContents('catalogsearch/result/?q=magento+is+hit'); expect( emarsysSnippets.includes( @@ -87,7 +87,7 @@ describe('Webextend scripts', function () { ).to.be.true; }); - it('should include categories in the right order', async function() { + it('should include categories in the right order', async function () { let parentCategoryId = '11'; let childCategoryId = '12'; @@ -117,7 +117,7 @@ describe('Webextend scripts', function () { ).to.be.true; }); - it('should include product', async function() { + it('should include product', async function () { const emarsysSnippets = await getEmarsysSnippetContents('cassius-sparring-tank.html'); let productHelper = new ProductHelper(this.db, this.magentoEdition, this.magentoVersion); @@ -131,7 +131,7 @@ describe('Webextend scripts', function () { ).to.be.true; }); - it('should include if product is visible child', async function() { + it('should include if product is visible child', async function () { await alterProductVisibility(this.magentoApi, 'MT12-XS-Blue'); const emarsysSnippets = await getEmarsysSnippetContents('cassius-sparring-tank-xs-blue.html'); @@ -139,16 +139,16 @@ describe('Webextend scripts', function () { expect(emarsysSnippets.includes('"isVisibleChild":true')).to.be.true; }); - describe('store is not enabled', function() { - before(async function() { + describe('store is not enabled', function () { + before(async function () { await this.clearStoreSettings(); }); - after(async function() { + after(async function () { await this.setDefaultStoreSettings(); }); - it('should not be in the HTML', async function() { + it('should not be in the HTML', async function () { await this.turnOffEverySetting(1); const emarsysSnippets = await getEmarsysSnippetContents('customer/account/login/'); expect(emarsysSnippets).to.eql(''); @@ -157,7 +157,7 @@ describe('Webextend scripts', function () { }); describe('disabled', function () { - it('should not be in the HTML if injectsnippet setting is disabled', async function() { + it('should not be in the HTML if injectsnippet setting is disabled', async function () { await this.turnOffEverySetting(1); const emarsysSnippets = await getEmarsysSnippetContents('customer/account/login/'); expect(emarsysSnippets).to.eql(''); From 59127c39cc317c7f3fa59bd8fa1b1afefb80ec40 Mon Sep 17 00:00:00 2001 From: Sanyi Date: Fri, 28 Jun 2024 19:26:29 +0200 Subject: [PATCH 30/36] EMA-145 - Security findings --- dev/testv2/cypress/integration/web-extend.spec.js | 2 ++ 1 file changed, 2 insertions(+) diff --git a/dev/testv2/cypress/integration/web-extend.spec.js b/dev/testv2/cypress/integration/web-extend.spec.js index 86efd99..9c06b58 100644 --- a/dev/testv2/cypress/integration/web-extend.spec.js +++ b/dev/testv2/cypress/integration/web-extend.spec.js @@ -74,6 +74,8 @@ describe('Web extend scripts', function () { cy.get('.action.showcart').click(); cy.get('#top-cart-btn-checkout').click(); + cy.visit('/checkout'); + cy.get('#checkout-step-shipping input.input-text[name="username"]').type('guest@cypress.net'); cy.get('#checkout-step-shipping input.input-text[name="firstname"]').type('Guest'); cy.get('#checkout-step-shipping input.input-text[name="lastname"]').type('Da Best'); From 197cc4f871be35ae60c254bc54d1c9067ba7ac9c Mon Sep 17 00:00:00 2001 From: Sanyi Date: Fri, 28 Jun 2024 19:28:25 +0200 Subject: [PATCH 31/36] EMA-145 - Security findings --- dev/testv2/cypress/integration/web-extend.spec.js | 1 + 1 file changed, 1 insertion(+) diff --git a/dev/testv2/cypress/integration/web-extend.spec.js b/dev/testv2/cypress/integration/web-extend.spec.js index 9c06b58..a58ff53 100644 --- a/dev/testv2/cypress/integration/web-extend.spec.js +++ b/dev/testv2/cypress/integration/web-extend.spec.js @@ -74,6 +74,7 @@ describe('Web extend scripts', function () { cy.get('.action.showcart').click(); cy.get('#top-cart-btn-checkout').click(); + cy.wait(1000); cy.visit('/checkout'); cy.get('#checkout-step-shipping input.input-text[name="username"]').type('guest@cypress.net'); From 65c2311d8a4da2c3f50b023bc96abf096ba2dd80 Mon Sep 17 00:00:00 2001 From: Sanyi Date: Fri, 28 Jun 2024 19:31:27 +0200 Subject: [PATCH 32/36] EMA-145 - Security findings --- dev/testv2/cypress/integration/web-extend.spec.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dev/testv2/cypress/integration/web-extend.spec.js b/dev/testv2/cypress/integration/web-extend.spec.js index a58ff53..c288d50 100644 --- a/dev/testv2/cypress/integration/web-extend.spec.js +++ b/dev/testv2/cypress/integration/web-extend.spec.js @@ -74,7 +74,7 @@ describe('Web extend scripts', function () { cy.get('.action.showcart').click(); cy.get('#top-cart-btn-checkout').click(); - cy.wait(1000); + // cy.wait(1000); cy.visit('/checkout'); cy.get('#checkout-step-shipping input.input-text[name="username"]').type('guest@cypress.net'); From 80f07f84ff3558c1539922fed9f8059d8eb648db Mon Sep 17 00:00:00 2001 From: Sanyi Date: Sun, 30 Jun 2024 07:38:27 +0200 Subject: [PATCH 33/36] EMA-145 - Security findings --- dev/testv2/cypress/integration/web-extend.spec.js | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/dev/testv2/cypress/integration/web-extend.spec.js b/dev/testv2/cypress/integration/web-extend.spec.js index c288d50..969bcdc 100644 --- a/dev/testv2/cypress/integration/web-extend.spec.js +++ b/dev/testv2/cypress/integration/web-extend.spec.js @@ -74,8 +74,16 @@ describe('Web extend scripts', function () { cy.get('.action.showcart').click(); cy.get('#top-cart-btn-checkout').click(); - // cy.wait(1000); - cy.visit('/checkout'); + cy.wait(1000); + cy.url().then(url => { + cy.log(url); + + if (url.includes('checkout/cart')) { + cy.log('Reload checkout page'); + cy.visit('/checkout'); + } + }); + cy.wait(1000); cy.get('#checkout-step-shipping input.input-text[name="username"]').type('guest@cypress.net'); cy.get('#checkout-step-shipping input.input-text[name="firstname"]').type('Guest'); From 2b6d5ab15a713ec062c4e9018162ddb2139fbc06 Mon Sep 17 00:00:00 2001 From: Sanyi Date: Sun, 30 Jun 2024 08:11:34 +0200 Subject: [PATCH 34/36] EMA-145 - Security findings --- dev/testv2/cypress/integration/web-extend.spec.js | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/dev/testv2/cypress/integration/web-extend.spec.js b/dev/testv2/cypress/integration/web-extend.spec.js index 969bcdc..876b610 100644 --- a/dev/testv2/cypress/integration/web-extend.spec.js +++ b/dev/testv2/cypress/integration/web-extend.spec.js @@ -71,14 +71,16 @@ describe('Web extend scripts', function () { cy.get('#product-addtocart-button').click(); cy.get('.counter-number').should('contain', '2'); + wait(100); cy.get('.action.showcart').click(); + wait(300); cy.get('#top-cart-btn-checkout').click(); cy.wait(1000); cy.url().then(url => { cy.log(url); - if (url.includes('checkout/cart')) { + if (url.includes('checkout/cart') || url.includes('fusion-backpack')) { cy.log('Reload checkout page'); cy.visit('/checkout'); } From 7528550bf4ae0c7fc2fef18f15f065e37bc4dea3 Mon Sep 17 00:00:00 2001 From: Sanyi Date: Sun, 30 Jun 2024 09:00:49 +0200 Subject: [PATCH 35/36] EMA-145 - Security findings --- dev/testv2/cypress/integration/web-extend.spec.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/dev/testv2/cypress/integration/web-extend.spec.js b/dev/testv2/cypress/integration/web-extend.spec.js index 876b610..d45a6f1 100644 --- a/dev/testv2/cypress/integration/web-extend.spec.js +++ b/dev/testv2/cypress/integration/web-extend.spec.js @@ -71,9 +71,9 @@ describe('Web extend scripts', function () { cy.get('#product-addtocart-button').click(); cy.get('.counter-number').should('contain', '2'); - wait(100); + cy.wait(100); cy.get('.action.showcart').click(); - wait(300); + cy.wait(300); cy.get('#top-cart-btn-checkout').click(); cy.wait(1000); From a925e313670b022c9122bb12de78afbb38f3b866 Mon Sep 17 00:00:00 2001 From: Sanyi Date: Sun, 30 Jun 2024 10:33:45 +0200 Subject: [PATCH 36/36] EMA-145 - Security findings --- dev/testv2/cypress/integration/web-extend.spec.js | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/dev/testv2/cypress/integration/web-extend.spec.js b/dev/testv2/cypress/integration/web-extend.spec.js index d45a6f1..71e4a70 100644 --- a/dev/testv2/cypress/integration/web-extend.spec.js +++ b/dev/testv2/cypress/integration/web-extend.spec.js @@ -71,12 +71,15 @@ describe('Web extend scripts', function () { cy.get('#product-addtocart-button').click(); cy.get('.counter-number').should('contain', '2'); + // Wait for the cart to update cy.wait(100); cy.get('.action.showcart').click(); cy.wait(300); cy.get('#top-cart-btn-checkout').click(); cy.wait(1000); + + // Check if we are on the checkout page (if not, reload the page) cy.url().then(url => { cy.log(url); @@ -85,6 +88,7 @@ describe('Web extend scripts', function () { cy.visit('/checkout'); } }); + cy.wait(1000); cy.get('#checkout-step-shipping input.input-text[name="username"]').type('guest@cypress.net');