Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Ema 145 security issues fix #63

Merged
merged 37 commits into from
Jul 5, 2024
Merged

Ema 145 security issues fix #63

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
37 commits
Select commit Hold shift + click to select a range
dbf412e
EMA-145 - Security findings
Feb 21, 2024
ad9c468
EMA-145 - Security findings
Feb 21, 2024
58e56ac
EMA-145 - Security findings
Feb 21, 2024
c144e6d
EMA-145 - Security findings
Feb 21, 2024
37e0b80
EMA-145 - Security findings
Feb 21, 2024
226a8d0
EMA-145 - Security findings
Feb 21, 2024
735193c
EMA-145 - Security findings
Feb 21, 2024
7cf7e6e
EMA-145 - Security findings
Feb 23, 2024
999175d
EMA-145 - Security findings
Feb 23, 2024
68262b7
Merge branch 'master' into EMA-145-security-issues-fix
szsanyi Feb 23, 2024
5125908
EMA-145 - Security findings
Feb 26, 2024
b89643f
EMA-145 - Security findings
Feb 26, 2024
ac74115
EMA-145 - Security findings run test change
bognartomi Mar 6, 2024
68c38e7
EMA-145 - Security findings run test change
bognartomi Mar 6, 2024
25b97fd
EMA-145 - Security findings run test change
bognartomi Mar 6, 2024
567a688
EMA-145 - Security findings run test change
bognartomi Mar 7, 2024
a5bca27
EMA-145 - Security findings
Mar 8, 2024
5e31d09
EMA-145 - Security findings
Mar 8, 2024
450d615
EMA-145 - Security findings run test change
bognartomi Mar 8, 2024
982376f
EMA-145 - Security findings
Mar 19, 2024
973f298
EMA-145 - Security findings
Mar 19, 2024
a350908
EMA-145 - Security findings
Mar 19, 2024
9eb1067
EMA-145 - Security findings
Mar 19, 2024
aaf2f33
EMA-145 - Security findings
Apr 4, 2024
c2b859f
EMA-145 - Security findings
Jun 20, 2024
f9446f1
EMA-145 - Security findings
Jun 20, 2024
3688375
EMA-145 - Security findings
Jun 20, 2024
43c6e45
EMA-145 - Security findings
Jun 20, 2024
51bfed0
EMA-145 - Security findings
Jun 24, 2024
a6786ef
EMA-145 - Security findings
Jun 28, 2024
59127c3
EMA-145 - Security findings
Jun 28, 2024
197cc4f
EMA-145 - Security findings
Jun 28, 2024
65c2311
EMA-145 - Security findings
Jun 28, 2024
80f07f8
EMA-145 - Security findings
Jun 30, 2024
2b6d5ab
EMA-145 - Security findings
Jun 30, 2024
7528550
EMA-145 - Security findings
Jun 30, 2024
a925e31
EMA-145 - Security findings
Jun 30, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
26 changes: 20 additions & 6 deletions .github/workflows/tests.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,11 +12,11 @@ jobs:
permissions:
contents: "read"
strategy:
max-parallel: 2
max-parallel: 1
fail-fast: false
matrix:
magento-versions:
["2.3.3ce", "2.3.5ce", "2.4.0ce", "2.4.2ce", "2.4.4ce", "2.4.6ce"]
["2.3.5ce", "2.4.0ce", "2.4.2ce", "2.4.4ce", "2.4.6ce"]
steps:
- name: Extract branch name
shell: bash
Expand Down Expand Up @@ -48,24 +48,31 @@ jobs:
sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
sudo apt-get update
sudo apt-get install docker-compose-plugin -y
- name: Build mage_node image
shell: bash
run: |
cd magento2-extension/dev
docker build -f testv2/tools/docker/Dockerfile-mage-node --build-arg NPM_TOKEN=$NPM_TOKEN -t "mage_node" .
env:
NPM_TOKEN: ${{ secrets.GITLAB_TOKEN }}
- name: Run unittest
shell: bash
run: |
cd magento2-extension
bash dev/testv2/tools/scripts/run-unit.sh
env:
VERSION: ${{ matrix.magento-versions }}
NPM_TOKEN: ${{ secrets.NPM_DEPLOYER_TOKEN }}
NPM_TOKEN: ${{ secrets.GITLAB_TOKEN }}
e2e-tests:
runs-on: github-actions-runner-emarsys
permissions:
contents: "read"
strategy:
max-parallel: 2
max-parallel: 1
fail-fast: false
matrix:
magento-versions:
["2.3.3ce", "2.3.5ce", "2.4.0ce", "2.4.2ce", "2.4.4ce", "2.4.6ce"]
["2.3.5ce", "2.4.0ce", "2.4.2ce", "2.4.4ce", "2.4.6ce"]
steps:
- name: Extract branch name
shell: bash
Expand Down Expand Up @@ -97,11 +104,18 @@ jobs:
sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
sudo apt-get update
sudo apt-get install docker-compose-plugin -y
- name: Build mage_node image
shell: bash
run: |
cd magento2-extension/dev
docker build -f testv2/tools/docker/Dockerfile-mage-node --build-arg NPM_TOKEN=$NPM_TOKEN -t "mage_node" .
env:
NPM_TOKEN: ${{ secrets.GITLAB_TOKEN }}
- name: Run e2stest
shell: bash
run: |
cd magento2-extension
bash dev/testv2/tools/scripts/run-e2e.sh
env:
VERSION: ${{ matrix.magento-versions }}
NPM_TOKEN: ${{ secrets.NPM_DEPLOYER_TOKEN }}
NPM_TOKEN: ${{ secrets.GITLAB_TOKEN }}
1 change: 1 addition & 0 deletions dev/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -203,3 +203,4 @@ git push -f --tags
## Update Cypress
* Update the version in `package.json`
* Run `make build-cypress VERSION=new-version` from project root

3 changes: 3 additions & 0 deletions dev/testv2/.npmrc
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
always-auth=true
@itg-commerce:registry=https://gitlab.itg.cloud/api/v4/projects/295/packages/npm/
//gitlab.itg.cloud/api/v4/projects/295/packages/npm/:_authToken=${NPM_TOKEN}
22 changes: 11 additions & 11 deletions dev/testv2/attributes/index.spec.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,13 +6,13 @@ const websiteId = 1;

const mapAttributes = attributes => attributes.map(attribute => ({ code: attribute.code, name: attribute.name }));

describe('Attributes endpoint', function() {
afterEach(async function() {});
describe('Attributes endpoint', function () {
afterEach(async function () {});

after(async function() {});
after(async function () {});

describe('get', function() {
it('should fetch attributes including extra fields for customer', async function() {
describe('get', function () {
it('should fetch attributes including extra fields for customer', async function () {
const { attributes } = await this.magentoApi.execute('attributes', 'get', { type: 'customer' });
const mappedAttributes = mapAttributes(attributes);

Expand All @@ -29,7 +29,7 @@ describe('Attributes endpoint', function() {
}
});

it('should fetch attributes including extra fields for customer_address', async function() {
it('should fetch attributes including extra fields for customer_address', async function () {
const { attributes } = await this.magentoApi.execute('attributes', 'get', { type: 'customer_address' });
const mappedAttributes = mapAttributes(attributes);

Expand All @@ -40,7 +40,7 @@ describe('Attributes endpoint', function() {
}
});

it('should fetch attributes including extra fields for products', async function() {
it('should fetch attributes including extra fields for products', async function () {
const { attributes } = await this.magentoApi.execute('attributes', 'get', { type: 'product' });
const mappedAttributes = attributes.map(attribute => {
return { code: attribute.code, name: attribute.name };
Expand All @@ -58,8 +58,8 @@ describe('Attributes endpoint', function() {
});
});

describe('set', function() {
it('should modify customer attribute config for website', async function() {
describe('set', function () {
it('should modify customer attribute config for website', async function () {
await this.magentoApi.execute('attributes', 'set', {
websiteId,
type: 'customer',
Expand All @@ -76,7 +76,7 @@ describe('Attributes endpoint', function() {
expect(config.value).to.equal(JSON.stringify(['hello_attribute']));
});

it('should modify customer_address attribute config for website', async function() {
it('should modify customer_address attribute config for website', async function () {
await this.magentoApi.execute('attributes', 'set', {
websiteId,
type: 'customer_address',
Expand All @@ -93,7 +93,7 @@ describe('Attributes endpoint', function() {
expect(config.value).to.equal(JSON.stringify(['hello_attribute']));
});

it('should modify product attribute config for website', async function() {
it('should modify product attribute config for website', async function () {
await this.magentoApi.execute('attributes', 'set', {
websiteId: 0,
type: 'product',
Expand Down
12 changes: 6 additions & 6 deletions dev/testv2/config/index.spec.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,21 +21,21 @@ const dbKeys = {
};

const websiteId = 1;
describe('Config endpoint', function() {
before(async function() {
describe('Config endpoint', function () {
before(async function () {
await this.turnOffEverySetting(1);
});

afterEach(async function() {
afterEach(async function () {
await this.turnOffEverySetting(1);
});

after(async function() {
after(async function () {
await this.setDefaultStoreSettings();
});

describe('set', function() {
it('should modify config values for website', async function() {
describe('set', function () {
it('should modify config values for website', async function () {
await this.magentoApi.execute('config', 'set', {
websiteId,
config: fullConfig
Expand Down
10 changes: 5 additions & 5 deletions dev/testv2/customers/list.spec.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,8 +23,8 @@ const customers = [
}
];

describe('Customers endpoint', function() {
before(async function() {
describe('Customers endpoint', function () {
before(async function () {
await this.magentoApi.execute('attributes', 'set', {
websiteId: 1,
type: 'customer',
Expand All @@ -35,7 +35,7 @@ describe('Customers endpoint', function() {
}
});

after(async function() {
after(async function () {
await this.magentoApi.execute('attributes', 'set', {
websiteId: 1,
type: 'customer',
Expand All @@ -44,7 +44,7 @@ describe('Customers endpoint', function() {
await this.db.raw(`DELETE FROM ${this.getTableName('customer_entity')} where email like "%@customer.net"`);
});

it('returns customers according to page and page_size inlcuding last_page', async function() {
it('returns customers according to page and page_size inlcuding last_page', async function () {
const page = 1;
const limit = 2;

Expand All @@ -66,7 +66,7 @@ describe('Customers endpoint', function() {
expect(customer).to.have.property('shipping_address');
});

it('returns extra_fields for customers', async function() {
it('returns extra_fields for customers', async function () {
const page = 1;
const limit = 1;

Expand Down
6 changes: 3 additions & 3 deletions dev/testv2/cypress.config.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,9 +3,9 @@ const { defineConfig } = require('cypress');
module.exports = defineConfig({
video: false,
trashAssetsBeforeRuns: false,
requestTimeout: 30000,
defaultCommandTimeout: 30000,
pageLoadTimeout: 30000,
requestTimeout: 120000,
defaultCommandTimeout: 120000,
pageLoadTimeout: 120000,
blockHosts: ['*snippet.url.com', '*scarabresearch.com'],
env: {
snippetUrl: 'http://snippet.url.com/main.js'
Expand Down
20 changes: 10 additions & 10 deletions dev/testv2/cypress/integration/default-behaviour.spec.js
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
'use strict';

describe('Default behaviour with everything turned off', function() {
describe('Default behaviour with everything turned off', function () {
before(() => {
cy.task('setConfig', {});
});
Expand All @@ -14,13 +14,13 @@ describe('Default behaviour with everything turned off', function() {
cy.task('clearMails');
});

context('MarketingEvents - Customer', function() {
context('MarketingEvents - Customer', function () {
afterEach(() => {
cy.task('clearEvents');
cy.logout();
});

it('should not create customer_password_reset event', function() {
it('should not create customer_password_reset event', function () {
const newPassword = 'newPassword1';

cy.loginWithCustomer(this.defaultCustomer);
Expand All @@ -36,7 +36,7 @@ describe('Default behaviour with everything turned off', function() {
});
});

it('should not create customer_email_changed event', function() {
it('should not create customer_email_changed event', function () {
const oldEmail = this.defaultCustomer.email;
const newEmail = '[email protected]';

Expand All @@ -52,7 +52,7 @@ describe('Default behaviour with everything turned off', function() {
});
});

it('should not create customer_email_and_password_changed event', function() {
it('should not create customer_email_and_password_changed event', function () {
const newEmail = '[email protected]';
const newPassword = 'newPassword4';

Expand All @@ -70,7 +70,7 @@ describe('Default behaviour with everything turned off', function() {
});
});

context('MarketingEvents - Subscription', function() {
context('MarketingEvents - Subscription', function () {
const unsubscribe = email => {
cy.task('getSubscription', email).then(subscription => {
cy.visit(`/newsletter/subscriber/unsubscribe?id=${subscription.subscriber_id}\
Expand All @@ -84,8 +84,8 @@ describe('Default behaviour with everything turned off', function() {
cy.get('.action.subscribe.primary[type="submit"]').click();
};

context('guest with double optin off', function() {
it('should not create subscription events', function() {
context('guest with double optin off', function () {
it('should not create subscription events', function () {
const guestEmail = '[email protected]';
subscribe(guestEmail);

Expand All @@ -110,7 +110,7 @@ describe('Default behaviour with everything turned off', function() {
});
});

context('guest with double optin on', function() {
context('guest with double optin on', function () {
before(() => {
cy.task('setDoubleOptin', true);
cy.task('flushMagentoCache');
Expand All @@ -120,7 +120,7 @@ describe('Default behaviour with everything turned off', function() {
cy.task('setDoubleOptin', false);
});

it('should not create subscription events', function() {
it('should not create subscription events', function () {
const guestEmail = '[email protected]';
subscribe(guestEmail);

Expand Down
18 changes: 9 additions & 9 deletions dev/testv2/cypress/integration/marketing-events-customer.spec.js
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
'use strict';

describe('Marketing Events', function() {
describe('Marketing Events', function () {
beforeEach(() => {
cy.task('clearMails');
cy.task('getDefaultCustomer').as('defaultCustomer');
Expand All @@ -10,7 +10,7 @@ describe('Marketing Events', function() {
cy.logout();
});

context('magentoSendEmails config is disabled', function() {
context('magentoSendEmails config is disabled', function () {
before(() => {
cy.task('setConfig', {
collectMarketingEvents: 'enabled',
Expand All @@ -19,7 +19,7 @@ describe('Marketing Events', function() {
cy.task('clearEvents');
});

it('should create customer_password_reset event', function() {
it('should create customer_password_reset event', function () {
const newPassword = 'newPassword2';

cy.loginWithCustomer(this.defaultCustomer);
Expand All @@ -36,7 +36,7 @@ describe('Marketing Events', function() {
});
});

it('should create customer_email_changed event', function() {
it('should create customer_email_changed event', function () {
const newEmail = '[email protected]';

cy.loginWithCustomer(this.defaultCustomer);
Expand All @@ -53,7 +53,7 @@ describe('Marketing Events', function() {
});
});

it('should create customer_email_and_password_changed event', function() {
it('should create customer_email_and_password_changed event', function () {
const newEmail = '[email protected]';
const newPassword = 'newPassword3';

Expand All @@ -72,7 +72,7 @@ describe('Marketing Events', function() {
});
});

context('magentoSendEmails config is enabled', function() {
context('magentoSendEmails config is enabled', function () {
before(() => {
cy.task('setConfig', {
collectMarketingEvents: 'enabled',
Expand All @@ -81,7 +81,7 @@ describe('Marketing Events', function() {
cy.task('clearEvents');
});

it('should create customer_password_reset event', function() {
it('should create customer_password_reset event', function () {
const newPassword = 'newPassword2';

cy.loginWithCustomer(this.defaultCustomer);
Expand All @@ -98,7 +98,7 @@ describe('Marketing Events', function() {
});
});

it('should create customer_email_changed event', function() {
it('should create customer_email_changed event', function () {
const oldEmail = this.defaultCustomer.email;
const newEmail = '[email protected]';

Expand All @@ -116,7 +116,7 @@ describe('Marketing Events', function() {
});
});

it('should create customer_email_and_password_changed event', function() {
it('should create customer_email_and_password_changed event', function () {
const oldEmail = this.defaultCustomer.email;
const newEmail = '[email protected]';
const newPassword = 'newPassword3';
Expand Down
Loading