Skip to content

Commit

Permalink
Merge branch 'next' into tinymce6
Browse files Browse the repository at this point in the history
  • Loading branch information
@fballiano
fballiano authored Sep 6, 2023
2 parents f2b033a + fdb003a commit 4879f22
Show file tree
Hide file tree
Showing 17 changed files with 261 additions and 423 deletions.
2 changes: 1 addition & 1 deletion .github/workflows/composer.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,4 +26,4 @@ jobs:
restore-keys: ${{ runner.os }}-composer-

- name: Validate composer
run: composer validate --strict
run: composer validate --strict --no-check-all
4 changes: 2 additions & 2 deletions app/Mage.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -216,7 +216,7 @@ public static function getOpenMageVersionInfo(): array
return [
'major' => '20',
'minor' => '1',
'patch' => '0',
'patch' => '1',
'stability' => '', // beta,alpha,rc
'number' => '', // 1,2,3,0.3.7,x.7.z.92 @see https://semver.org/#spec-item-9
];
Expand All @@ -225,7 +225,7 @@ public static function getOpenMageVersionInfo(): array
return [
'major' => '19',
'minor' => '5',
'patch' => '0',
'patch' => '1',
'stability' => '', // beta,alpha,rc
'number' => '', // 1,2,3,0.3.7,x.7.z.92 @see https://semver.org/#spec-item-9
];
Expand Down
60 changes: 25 additions & 35 deletions app/code/core/Mage/Api/Model/Server/Handler/Abstract.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -87,6 +87,21 @@ protected function _startSession($sessionId = null)
return $this;
}

/**
* Allow insta-login via HTTP Basic Auth
*
* @param string $sessionId
* @return $this
*/
protected function _instaLogin(&$sessionId)
{
if ($sessionId === null && !empty($_SERVER['PHP_AUTH_USER']) && !empty($_SERVER['PHP_AUTH_PW'])) {
$this->_getSession()->setIsInstaLogin();
$sessionId = $this->login($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']);
}
return $this;
}

/**
* Check current user permission on resource and privilege
*
Expand All @@ -100,16 +115,6 @@ protected function _isAllowed($resource, $privilege = null)
return $this->_getSession()->isAllowed($resource, $privilege);
}

/**
* Check session expiration
*
* @return bool
*/
protected function _isSessionExpired()
{
return $this->_getSession()->isSessionExpired();
}

/**
* Dispatch webservice fault
*
Expand Down Expand Up @@ -225,11 +230,8 @@ public function login($username, $apiKey = null)
*/
public function call($sessionId, $apiPath, $args = [])
{
// Allow insta-login via HTTP Basic Auth
if ($sessionId === null && ! empty($_SERVER['PHP_AUTH_USER']) && ! empty($_SERVER['PHP_AUTH_PW'])) {
$sessionId = $this->login($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']);
}
$this->_startSession($sessionId);
$this->_instaLogin($sessionId)
->_startSession($sessionId);

if (!$this->_getSession()->isLoggedIn($sessionId)) {
return $this->_fault('session_expired');
Expand Down Expand Up @@ -313,11 +315,8 @@ public function call($sessionId, $apiPath, $args = [])
*/
public function multiCall($sessionId, array $calls = [], $options = [])
{
// Allow insta-login via HTTP Basic Auth
if ($sessionId === null && ! empty($_SERVER['PHP_AUTH_USER']) && ! empty($_SERVER['PHP_AUTH_PW'])) {
$sessionId = $this->login($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']);
}
$this->_startSession($sessionId);
$this->_instaLogin($sessionId)
->_startSession($sessionId);

if (!$this->_getSession()->isLoggedIn($sessionId)) {
return $this->_fault('session_expired');
Expand Down Expand Up @@ -445,11 +444,8 @@ public function multiCall($sessionId, array $calls = [], $options = [])
*/
public function resources($sessionId)
{
// Allow insta-login via HTTP Basic Auth
if ($sessionId === null && ! empty($_SERVER['PHP_AUTH_USER']) && ! empty($_SERVER['PHP_AUTH_PW'])) {
$sessionId = $this->login($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']);
}
$this->_startSession($sessionId);
$this->_instaLogin($sessionId)
->_startSession($sessionId);

if (!$this->_getSession()->isLoggedIn($sessionId)) {
return $this->_fault('session_expired');
Expand Down Expand Up @@ -513,11 +509,8 @@ public function resources($sessionId)
*/
public function resourceFaults($sessionId, $resourceName)
{
// Allow insta-login via HTTP Basic Auth
if ($sessionId === null && ! empty($_SERVER['PHP_AUTH_USER']) && ! empty($_SERVER['PHP_AUTH_PW'])) {
$sessionId = $this->login($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']);
}
$this->_startSession($sessionId);
$this->_instaLogin($sessionId)
->_startSession($sessionId);

if (!$this->_getSession()->isLoggedIn($sessionId)) {
return $this->_fault('session_expired');
Expand Down Expand Up @@ -553,11 +546,8 @@ public function resourceFaults($sessionId, $resourceName)
*/
public function globalFaults($sessionId)
{
// Allow insta-login via HTTP Basic Auth
if ($sessionId === null && ! empty($_SERVER['PHP_AUTH_USER']) && ! empty($_SERVER['PHP_AUTH_PW'])) {
$sessionId = $this->login($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']);
}
$this->_startSession($sessionId);
$this->_instaLogin($sessionId)
->_startSession($sessionId);
return array_values($this->_getConfig()->getFaults());
}

Expand Down
33 changes: 31 additions & 2 deletions app/code/core/Mage/Api/Model/Session.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -96,6 +96,28 @@ public function clear()
return true;
}

/**
* Flag login as HTTP Basic Auth.
*
* @param bool $isInstaLogin
* @return $this
*/
public function setIsInstaLogin(bool $isInstaLogin = true)
{
$this->setData('is_insta_login', $isInstaLogin);
return $this;
}

/**
* Is insta-login?
*
* @return bool
*/
public function getIsInstaLogin(): bool
{
return (bool) $this->getData('is_insta_login');
}

/**
* @param string $username
* @param string $apiKey
Expand All @@ -105,8 +127,15 @@ public function clear()
public function login($username, $apiKey)
{
$user = Mage::getModel('api/user')
->setSessid($this->getSessionId())
->login($username, $apiKey);
->setSessid($this->getSessionId());
if ($this->getIsInstaLogin() && $user->authenticate($username, $apiKey)) {
Mage::dispatchEvent('api_user_authenticated', [
'model' => $user,
'api_key' => $apiKey,
]);
} else {
$user->login($username, $apiKey);
}

if ($user->getId() && $user->getIsActive() != '1') {
Mage::throwException(Mage::helper('api')->__('Your account has been deactivated.'));
Expand Down
2 changes: 1 addition & 1 deletion app/code/core/Mage/Api/etc/config.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@
<config>
<modules>
<Mage_Api>
<version>1.6.0.2</version>
<version>1.6.0.3</version>
</Mage_Api>
</modules>
<global>
Expand Down
31 changes: 31 additions & 0 deletions app/code/core/Mage/Api/sql/api_setup/mysql4-upgrade-1.6.0.2-1.6.0.3.php
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,31 @@
<?php
/**
* OpenMage
*
* This source file is subject to the Open Software License (OSL 3.0)
* that is bundled with this package in the file LICENSE.txt.
* It is also available at https://opensource.org/license/osl-3-0-php
*
* @category Mage
* @package Mage_Api
* @copyright Copyright (c) 2023 The OpenMage Contributors (https://www.openmage.org)
* @license https://opensource.org/licenses/osl-3.0.php Open Software License (OSL 3.0)
*/

/** @var Mage_Core_Model_Resource_Setup $this */
$this->startSetup();

$this->getConnection()->changeColumn(
$this->getTable('api/user'),
'lognum',
'lognum',
[
'type' => Varien_Db_Ddl_Table::TYPE_INTEGER,
'unsigned' => true,
'nullable' => false,
'default' => '0',
'comment' => 'Quantity of log ins'
]
);

$this->endSetup();
35 changes: 35 additions & 0 deletions app/code/core/Mage/Core/Helper/Data.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1008,4 +1008,39 @@ public function isFormKeyEnabled(): bool
{
return Mage::getStoreConfigFlag(Mage_Core_Controller_Front_Action::XML_CSRF_USE_FLAG_CONFIG_PATH);
}

/**
* @param bool $setErrorMessage Adds a predefined error message to the 'core/session' object
* @return bool
*/
public function isRateLimitExceeded($setErrorMessage = true, $recordRateLimitHit = true): bool
{
$active = Mage::getStoreConfigFlag('system/rate_limit/active');
if ($active && $remoteAddr = Mage::helper('core/http')->getRemoteAddr()) {
$cacheTag = 'rate_limit_' . $remoteAddr;
if (Mage::app()->testCache($cacheTag)) {
$errorMessage = "Too Soon: You are trying to perform this operation too frequently. Please wait a few seconds and try again.";
Mage::getSingleton('core/session')->addError($this->__($errorMessage));
return true;
}

if ($recordRateLimitHit) {
$this->recordRateLimitHit();
}
}

return false;
}

/**
* @return void
*/
public function recordRateLimitHit(): void
{
$active = Mage::getStoreConfigFlag('system/rate_limit/active');
if ($active && $remoteAddr = Mage::helper('core/http')->getRemoteAddr()) {
$cacheTag = 'rate_limit_' . $remoteAddr;
Mage::app()->saveCache(1, $cacheTag, ['brute_force'], Mage::getStoreConfig('system/rate_limit/timeframe'));
}
}
}
4 changes: 4 additions & 0 deletions app/code/core/Mage/Core/etc/config.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -315,6 +315,10 @@
<csrf>
<use_form_key>1</use_form_key>
</csrf>
<rate_limit>
<active>1</active>
<timeframe>30</timeframe>
</rate_limit>
<cache>
<flush_cron_expr>30 2 * * *</flush_cron_expr>
</cache>
Expand Down
63 changes: 27 additions & 36 deletions app/code/core/Mage/Core/etc/system.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -50,6 +50,33 @@
</use_form_key>
</fields>
</csrf>
<rate_limit translate="label comment" module="core">
<label>Rate limit</label>
<sort_order>10</sort_order>
<show_in_default>1</show_in_default>
<show_in_website>1</show_in_website>
<show_in_store>1</show_in_store>
<comment>This functionality limits the number of requests a user (identified by IP address) can perform within a specific time frame, preventing excessive resources usage and maintaining system performance, stability and security.</comment>
<fields>
<active translate="label">
<label>Enabled</label>
<frontend_type>select</frontend_type>
<source_model>adminhtml/system_config_source_yesno</source_model>
<sort_order>10</sort_order>
<show_in_default>1</show_in_default>
<show_in_website>1</show_in_website>
<show_in_store>1</show_in_store>
</active>
<timeframe translate="label comment">
<label>Timeframe</label>
<sort_order>20</sort_order>
<show_in_default>1</show_in_default>
<show_in_website>1</show_in_website>
<show_in_store>1</show_in_store>
<comment>Number of seconds between each allowed request.</comment>
</timeframe>
</fields>
</rate_limit>
<cache translate="label" module="core">
<label>Advanced Cache Settings</label>
<sort_order>1000</sort_order>
Expand All @@ -69,13 +96,6 @@
</cache>
</groups>
</system>
<!--<web_track translate="label" module="core">
<label>Web Tracking</label>
<sort_order>180</sort_order>
<show_in_default>1</show_in_default>
<show_in_website>1</show_in_website>
<show_in_store>1</show_in_store>
</web_track>-->
<advanced translate="label" module="core">
<label>Advanced</label>
<tab>advanced</tab>
Expand All @@ -84,35 +104,6 @@
<show_in_website>1</show_in_website>
<show_in_store>1</show_in_store>
<groups>
<!--datashare translate="label">
<label>Datasharing</label>
<sort_order>1</sort_order>
<show_in_default>1</show_in_default>
<show_in_website>1</show_in_website>
<show_in_store>0</show_in_store>
<fields>
<default translate="label">
<label>Default</label>
<frontend_type>multiselect</frontend_type>
<backend_model>adminhtml/system_config_backend_datashare</backend_model>
<source_model>adminhtml/system_config_source_store</source_model>
<sort_order>1</sort_order>
<show_in_default>1</show_in_default>
<show_in_website>1</show_in_website>
<show_in_store>1</show_in_store>
</default>
<default translate="label">
<label>Default</label>
<frontend_type>multiselect</frontend_type>
<backend_model>adminhtml/system_config_backend_datashare</backend_model>
<source_model>adminhtml/system_config_source_store</source_model>
<sort_order>1</sort_order>
<show_in_default>1</show_in_default>
<show_in_website>1</show_in_website>
<show_in_store>1</show_in_store>
</default>
</fields>
</datashare-->
<modules_disable_output translate="label">
<label>Disable Modules Output</label>
<frontend_model>adminhtml/system_config_form_fieldset_modules_disableOutput</frontend_model>
Expand Down
6 changes: 5 additions & 1 deletion app/code/core/Mage/Sales/Helper/Guest.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -105,6 +105,7 @@ public function loadValidOrder()
$errors = true;
}
} else {
Mage::helper('core')->recordRateLimitHit();
$errors = true;
}
}
Expand All @@ -114,7 +115,10 @@ public function loadValidOrder()
return true;
}

Mage::getSingleton('core/session')->addError($this->__($errorMessage));
if (!Mage::helper('core')->isRateLimitExceeded(true, false)) {
Mage::getSingleton('core/session')->addError($this->__($errorMessage));
}

Mage::app()->getResponse()->setRedirect(Mage::getUrl('sales/guest/form'));
return false;
}
Expand Down
2 changes: 1 addition & 1 deletion app/code/core/Mage/Sales/Model/Order.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2372,7 +2372,7 @@ protected function _beforeSave()
}

if (!$this->getId()) {
$this->setData('protect_code', substr(md5(uniqid(mt_rand(), true) . ':' . microtime(true)), 5, 6));
$this->setData('protect_code', Mage::helper('core')->getRandomString(16));
}

if ($this->getStatus() !== $this->getOrigData('status')) {
Expand Down
4 changes: 2 additions & 2 deletions app/code/core/Mage/Sales/Model/Quote.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2096,10 +2096,10 @@ public function getCouponCode(): string
}

/**
* @param string $couponCode
* @param string|null $couponCode
* @return $this
*/
public function setCouponCode(string $couponCode)
public function setCouponCode(?string $couponCode)
{
return $this->setData('coupon_code', $couponCode);
}
Expand Down
Loading

0 comments on commit 4879f22

Please sign in to comment.