woocommerce

Commit Graph

Author	SHA1	Message	Date
Paulo Arromba	f857afae0f	Add PHP8 Unit Testing (https://github.com/woocommerce/woocommerce-blocks/pull/7528 ) * fixed method sig * Updated to @wordpress/env@5.5.0 and set default PHP 7.4 for wp-env. * updated Coding Standards flow to use PHP 8.0 * Added comment to E2E flows explaining what PHP version is used * Revert "Updated to @wordpress/env@5.5.0 and set default PHP 7.4 for wp-env." This reverts commit 696cd7f42edc9d9726b777cf4f83a501a6d63936. * Added comment to Unit test flows explaining what PHP version is used. Specified PHP version on .wp-env.json * Fixed composer-lock.json version. * Updated tests to run on PHP Unit 9.2.6 * Updated tests to run on PHP 8 * Reverted test, mismatched results between local and pipeline * Removed Todo * Updated platform overrides * Update Migrationb tests with Mockery for PHP8 compat * try at PHP unit flow matrix * Fix blocks.ini invalid config * Temp disable E2E * Downgraded woocommerce/woocommerce-sniffs as it introduced new sniffs we should be handling on a different PR * re-enable E2E tests * blocks.ini fix * revert blocks.ini fix * Update @wordpress/env * remove .htaccess mapping * Fix permissions for tests * Debug permissions * Attempt at perm fix * Attempt at perm fix * Downgraded @wordpress/env * Another attempt at upgrade @wordpress/env * Attempt at cleaning wp-env before run * Attempt at destroying wp-env before run. Disabled E2E. * Attempt at destroying wp-env before run. * debug wp-env data * attempt at deleting wp-env data (destroy won't work due to prompt) * re-enable E2E * Fix deprecation warnings * Cleaned wp-env data for E2E * Fix perms for E2E * Updated RateLimitsTests * debug * Force 7.4 for wp-env * Run sh outside of npm * Reverted E2E flow * reverted wp-env-config.sh debug test * reverted .wp-env.json phpVersion force * Update tests/php/StoreApi/Utilities/ProductQueryFilters.php Co-authored-by: Mike Jolley <mike.jolley@me.com> * Update tests/php/StoreApi/Routes/CartExtensions.php Co-authored-by: Mike Jolley <mike.jolley@me.com> * Update tests/php/StoreApi/Routes/CartItems.php Co-authored-by: Mike Jolley <mike.jolley@me.com> * Update tests/php/StoreApi/Routes/Products.php Co-authored-by: Mike Jolley <mike.jolley@me.com> * Update tests/php/StoreApi/Routes/ProductCollectionData.php Co-authored-by: Mike Jolley <mike.jolley@me.com> * Update tests/php/StoreApi/Routes/Batch.php Co-authored-by: Mike Jolley <mike.jolley@me.com> * Update tests/php/StoreApi/Routes/Checkout.php Co-authored-by: Mike Jolley <mike.jolley@me.com> * Update tests/php/StoreApi/Routes/CartCoupons.php Co-authored-by: Mike Jolley <mike.jolley@me.com> * Update tests/php/StoreApi/Routes/ProductAttributes.php Co-authored-by: Mike Jolley <mike.jolley@me.com> * Update tests/php/StoreApi/Routes/Cart.php Co-authored-by: Mike Jolley <mike.jolley@me.com> * downgraded @wordpress/env to v4 * Reverted back to reflection class for pivate attribs manipulation on tests * reverted JS unit testing job name * Update tests/php/StoreApi/Formatters/TestMoneyFormatter.php Co-authored-by: Mike Jolley <mike.jolley@me.com> * Typo fix Co-authored-by: Mike Jolley <mike.jolley@me.com>	2022-11-09 15:28:08 +00:00
Mike Jolley	07a612f575	Experiment: Add Rate Limits to Store API (https://github.com/woocommerce/woocommerce-blocks/pull/5962 ) * Add rate limiting to cart endpoints based on session * Handle nonce and rate checks in permission_callback * Rate limit checkout only * Debug * Unused AbstractRoute * Code standards * Modify core rate limit table * Add rate limit at rest api level, not route level * Rate limit helper * Remove rate limit from routes * Usused dep * Remove custom error logic no longer needed * Remove dependency * Remove custom permission_callback * Hash IP and handle null * Remove error response handler * revert error_to_response changes * Remove add_response_headers * Remove IDENTIFIER * Remove white space * Increase limit * Missing class comment * Move rate limiting code within store api codebase * white space * Fix return type * Check rate limit expiry greater than now * Remove x- prefix * reorder functions * remove table * pass request to add_nonce_headers * return early and avoid elseif on AbstractCartRoute:get_response() * Refactor get_ip_address() before implementing options for functionality * Change rate limit to 5 requests Co-authored-by: Seghir Nadir <nadir.seghir@gmail.com> * Change rate limit window to 60 seconds Co-authored-by: Seghir Nadir <nadir.seghir@gmail.com> * Disable rate limiting by default Co-authored-by: Seghir Nadir <nadir.seghir@gmail.com> * Updated limits comment * Example for Forwarded header * Updated "woocommerce_store_api_enable_rate_limit_check" filter doc * Added filter for the Store API rate limit check proxy support * Add an action here that carries over the IP address being blocked. * Added logic around setting the action_id, and returns an error when ip cannot be determined for users not logged in. * Renamed action for limit exceeded. * Common rate limiting header naming prefix, and fixed comment typos. * Doc for Rate Limiting (wip) * Example for Rate Limiting docs * Remove private IP range block for rate limiting * Refactored get_response() to add nonce headers to response instead of request * Disable batching for Checkout calls to prevent bypassing Rate Limiting. * Removed redundant arg. * package-lock.json update * Removed repeated func calls. * Fix failing tests. * Tests wip. * Request limit and timeframe are now constants for RateLimits utility class. * Tests for Rate Limit headers. * Reverted PHPUnit config to enable all tests again. * Update src/StoreApi/Authentication.php comment wording Co-authored-by: Thomas Roberts <5656702+opr@users.noreply.github.com> * Removed possibly unnecessary get_ip_address() call. * Changed wording on comment for get_ip_address() method. * Simplified validate_ip() method. * Fixed wrong header entry for "Forwarded" check. * Unit testing for Authentication::get_ip_address() * Comment explaining the reason to use ReflectionClass for testing get_ip_address(). * Support for error output outside batch request. * MD linting. * Refactor to implement options through a single filter. * fixed md lint error and config file * reverted accidental default func arg value removal * re-enabled batch support for checkout * action for limit exceed now also triggered in case we can't resolve the IP. * Doc tweak. * Return unresolved IP address when REMOTE_ADDR isn't set with proxy support disabled. * Group unresolved ips for rate limiting * Fixed bug where current limit wasn't properly initialized. Co-authored-by: Nadir Seghir <nadir.seghir@gmail.com> Co-authored-by: Paulo Arromba <17236129+wavvves@users.noreply.github.com> Co-authored-by: Thomas Roberts <5656702+opr@users.noreply.github.com>	2022-11-04 15:53:00 +00:00

Author

SHA1

Message

Date

Paulo Arromba

f857afae0f

Add PHP8 Unit Testing (https://github.com/woocommerce/woocommerce-blocks/pull/7528 )

* fixed method sig

* Updated to @wordpress/env@5.5.0 and set default PHP 7.4 for wp-env.

* updated Coding Standards flow to use PHP 8.0

* Added comment to E2E flows explaining what PHP version is used

* Revert "Updated to @wordpress/env@5.5.0 and set default PHP 7.4 for wp-env."

This reverts commit 696cd7f42edc9d9726b777cf4f83a501a6d63936.

* Added comment to Unit test flows explaining what PHP version is used.
Specified PHP version on .wp-env.json

* Fixed composer-lock.json version.

* Updated tests to run on PHP Unit 9.2.6

* Updated tests to run on PHP 8

* Reverted test, mismatched results between local and pipeline

* Removed Todo

* Updated platform overrides

* Update Migrationb tests with Mockery for PHP8 compat

* try at PHP unit flow matrix

* Fix blocks.ini invalid config

* Temp disable E2E

* Downgraded woocommerce/woocommerce-sniffs as it introduced new sniffs we should be handling on a different PR

* re-enable E2E tests

* blocks.ini fix

* revert blocks.ini fix

* Update @wordpress/env

* remove .htaccess mapping

* Fix permissions for tests

* Debug permissions

* Attempt at perm fix

* Attempt at perm fix

* Downgraded @wordpress/env

* Another attempt at upgrade @wordpress/env

* Attempt at cleaning wp-env before run

* Attempt at destroying wp-env before run. Disabled E2E.

* Attempt at destroying wp-env before run.

* debug wp-env data

* attempt at deleting wp-env data (destroy won't work due to prompt)

* re-enable E2E

* Fix deprecation warnings

* Cleaned wp-env data for E2E

* Fix perms for E2E

* Updated RateLimitsTests

* debug

* Force 7.4 for wp-env

* Run sh outside of npm

* Reverted E2E flow

* reverted wp-env-config.sh debug test

* reverted .wp-env.json phpVersion force

* Update tests/php/StoreApi/Utilities/ProductQueryFilters.php

Co-authored-by: Mike Jolley <mike.jolley@me.com>

* Update tests/php/StoreApi/Routes/CartExtensions.php

Co-authored-by: Mike Jolley <mike.jolley@me.com>

* Update tests/php/StoreApi/Routes/CartItems.php

Co-authored-by: Mike Jolley <mike.jolley@me.com>

* Update tests/php/StoreApi/Routes/Products.php

Co-authored-by: Mike Jolley <mike.jolley@me.com>

* Update tests/php/StoreApi/Routes/ProductCollectionData.php

Co-authored-by: Mike Jolley <mike.jolley@me.com>

* Update tests/php/StoreApi/Routes/Batch.php

Co-authored-by: Mike Jolley <mike.jolley@me.com>

* Update tests/php/StoreApi/Routes/Checkout.php

Co-authored-by: Mike Jolley <mike.jolley@me.com>

* Update tests/php/StoreApi/Routes/CartCoupons.php

Co-authored-by: Mike Jolley <mike.jolley@me.com>

* Update tests/php/StoreApi/Routes/ProductAttributes.php

Co-authored-by: Mike Jolley <mike.jolley@me.com>

* Update tests/php/StoreApi/Routes/Cart.php

Co-authored-by: Mike Jolley <mike.jolley@me.com>

* downgraded @wordpress/env to v4

* Reverted back to reflection class for pivate attribs manipulation on tests

* reverted JS unit testing job name

* Update tests/php/StoreApi/Formatters/TestMoneyFormatter.php

Co-authored-by: Mike Jolley <mike.jolley@me.com>

* Typo fix

Co-authored-by: Mike Jolley <mike.jolley@me.com>

2022-11-09 15:28:08 +00:00

Mike Jolley

07a612f575

Experiment: Add Rate Limits to Store API (https://github.com/woocommerce/woocommerce-blocks/pull/5962 )

* Add rate limiting to cart endpoints based on session

* Handle nonce and rate checks in permission_callback

* Rate limit checkout only

* Debug

* Unused AbstractRoute

* Code standards

* Modify core rate limit table

* Add rate limit at rest api level, not route level

* Rate limit helper

* Remove rate limit from routes

* Usused dep

* Remove custom error logic no longer needed

* Remove dependency

* Remove custom permission_callback

* Hash IP and handle null

* Remove error response handler

* revert error_to_response changes

* Remove add_response_headers

* Remove IDENTIFIER

* Remove white space

* Increase limit

* Missing class comment

* Move rate limiting code within store api codebase

* white space

* Fix return type

* Check rate limit expiry greater than now

* Remove x- prefix

* reorder functions

* remove table

* pass request to add_nonce_headers

* return early and avoid elseif on AbstractCartRoute:get_response()

* Refactor get_ip_address() before implementing options for functionality

* Change rate limit to 5 requests

Co-authored-by: Seghir Nadir <nadir.seghir@gmail.com>

* Change rate limit window to 60 seconds

Co-authored-by: Seghir Nadir <nadir.seghir@gmail.com>

* Disable rate limiting by default

Co-authored-by: Seghir Nadir <nadir.seghir@gmail.com>

* Updated limits comment

* Example for Forwarded header

* Updated "woocommerce_store_api_enable_rate_limit_check" filter doc

* Added filter for the Store API rate limit check proxy support

* Add an action here that carries over the IP address being blocked.

* Added logic around setting the action_id, and returns an error when ip cannot be determined for users not logged in.

* Renamed action for limit exceeded.

* Common rate limiting header naming prefix, and fixed comment typos.

* Doc for Rate Limiting (wip)

* Example for Rate Limiting docs

* Remove private IP range block for rate limiting

* Refactored get_response() to add nonce headers to response instead of request

* Disable batching for Checkout calls to prevent bypassing Rate Limiting.

* Removed redundant arg.

* package-lock.json update

* Removed repeated func calls.

* Fix failing tests.

* Tests wip.

* Request limit and timeframe are now constants for RateLimits utility class.

* Tests for Rate Limit headers.

* Reverted PHPUnit config to enable all tests again.

* Update src/StoreApi/Authentication.php comment wording

Co-authored-by: Thomas Roberts <5656702+opr@users.noreply.github.com>

* Removed possibly unnecessary get_ip_address() call.

* Changed wording on comment for get_ip_address() method.

* Simplified validate_ip() method.

* Fixed wrong header entry for "Forwarded" check.

* Unit testing for Authentication::get_ip_address()

* Comment explaining the reason to use ReflectionClass for testing get_ip_address().

* Support for error output outside batch request.

* MD linting.

* Refactor to implement options through a single filter.

* fixed md lint error and config file

* reverted accidental default func arg value removal

* re-enabled batch support for checkout

* action for limit exceed now also triggered in case we can't resolve the IP.

* Doc tweak.

* Return unresolved IP address when REMOTE_ADDR isn't set with proxy support disabled.

* Group unresolved ips for rate limiting

* Fixed bug where current limit wasn't properly initialized.

Co-authored-by: Nadir Seghir <nadir.seghir@gmail.com>
Co-authored-by: Paulo Arromba <17236129+wavvves@users.noreply.github.com>
Co-authored-by: Thomas Roberts <5656702+opr@users.noreply.github.com>

2022-11-04 15:53:00 +00:00

2 Commits