Commit Graph

2 Commits

Author SHA1 Message Date
Paulo Arromba f857afae0f Add PHP8 Unit Testing (https://github.com/woocommerce/woocommerce-blocks/pull/7528)
* fixed method sig

* Updated to @wordpress/env@5.5.0 and set default PHP 7.4 for wp-env.

* updated Coding Standards flow to use PHP 8.0

* Added comment to E2E flows explaining what PHP version is used

* Revert "Updated to @wordpress/env@5.5.0 and set default PHP 7.4 for wp-env."

This reverts commit 696cd7f42edc9d9726b777cf4f83a501a6d63936.

* Added comment to Unit test flows explaining what PHP version is used.
Specified PHP version on .wp-env.json

* Fixed composer-lock.json version.

* Updated tests to run on PHP Unit 9.2.6

* Updated tests to run on PHP 8

* Reverted test, mismatched results between local and pipeline

* Removed Todo

* Updated platform overrides

* Update Migrationb tests with Mockery for PHP8 compat

* try at PHP unit flow matrix

* Fix blocks.ini invalid config

* Temp disable E2E

* Downgraded woocommerce/woocommerce-sniffs as it introduced new sniffs we should be handling on a different PR

* re-enable E2E tests

* blocks.ini fix

* revert blocks.ini fix

* Update @wordpress/env

* remove .htaccess mapping

* Fix permissions for tests

* Debug permissions

* Attempt at perm fix

* Attempt at perm fix

* Downgraded @wordpress/env

* Another attempt at upgrade @wordpress/env

* Attempt at cleaning wp-env before run

* Attempt at destroying wp-env before run. Disabled E2E.

* Attempt at destroying wp-env before run.

* debug wp-env data

* attempt at deleting wp-env data (destroy won't work due to prompt)

* re-enable E2E

* Fix deprecation warnings

* Cleaned wp-env data for E2E

* Fix perms for E2E

* Updated RateLimitsTests

* debug

* Force 7.4 for wp-env

* Run sh outside of npm

* Reverted E2E flow

* reverted wp-env-config.sh debug test

* reverted .wp-env.json phpVersion force

* Update tests/php/StoreApi/Utilities/ProductQueryFilters.php

Co-authored-by: Mike Jolley <mike.jolley@me.com>

* Update tests/php/StoreApi/Routes/CartExtensions.php

Co-authored-by: Mike Jolley <mike.jolley@me.com>

* Update tests/php/StoreApi/Routes/CartItems.php

Co-authored-by: Mike Jolley <mike.jolley@me.com>

* Update tests/php/StoreApi/Routes/Products.php

Co-authored-by: Mike Jolley <mike.jolley@me.com>

* Update tests/php/StoreApi/Routes/ProductCollectionData.php

Co-authored-by: Mike Jolley <mike.jolley@me.com>

* Update tests/php/StoreApi/Routes/Batch.php

Co-authored-by: Mike Jolley <mike.jolley@me.com>

* Update tests/php/StoreApi/Routes/Checkout.php

Co-authored-by: Mike Jolley <mike.jolley@me.com>

* Update tests/php/StoreApi/Routes/CartCoupons.php

Co-authored-by: Mike Jolley <mike.jolley@me.com>

* Update tests/php/StoreApi/Routes/ProductAttributes.php

Co-authored-by: Mike Jolley <mike.jolley@me.com>

* Update tests/php/StoreApi/Routes/Cart.php

Co-authored-by: Mike Jolley <mike.jolley@me.com>

* downgraded @wordpress/env to v4

* Reverted back to reflection class for pivate attribs manipulation on tests

* reverted JS unit testing job name

* Update tests/php/StoreApi/Formatters/TestMoneyFormatter.php

Co-authored-by: Mike Jolley <mike.jolley@me.com>

* Typo fix

Co-authored-by: Mike Jolley <mike.jolley@me.com>
2022-11-09 15:28:08 +00:00
Mike Jolley 07a612f575 Experiment: Add Rate Limits to Store API (https://github.com/woocommerce/woocommerce-blocks/pull/5962)
* Add rate limiting to cart endpoints based on session

* Handle nonce and rate checks in permission_callback

* Rate limit checkout only

* Debug

* Unused AbstractRoute

* Code standards

* Modify core rate limit table

* Add rate limit at rest api level, not route level

* Rate limit helper

* Remove rate limit from routes

* Usused dep

* Remove custom error logic no longer needed

* Remove dependency

* Remove custom permission_callback

* Hash IP and handle null

* Remove error response handler

* revert error_to_response changes

* Remove add_response_headers

* Remove IDENTIFIER

* Remove white space

* Increase limit

* Missing class comment

* Move rate limiting code within store api codebase

* white space

* Fix return type

* Check rate limit expiry greater than now

* Remove x- prefix

* reorder functions

* remove table

* pass request to add_nonce_headers

* return early and avoid elseif on AbstractCartRoute:get_response()

* Refactor get_ip_address() before implementing options for functionality

* Change rate limit to 5 requests

Co-authored-by: Seghir Nadir <nadir.seghir@gmail.com>

* Change rate limit window to 60 seconds

Co-authored-by: Seghir Nadir <nadir.seghir@gmail.com>

* Disable rate limiting by default

Co-authored-by: Seghir Nadir <nadir.seghir@gmail.com>

* Updated limits comment

* Example for Forwarded header

* Updated "woocommerce_store_api_enable_rate_limit_check" filter doc

* Added filter for the Store API rate limit check proxy support

* Add an action here that carries over the IP address being blocked.

* Added logic around setting the action_id, and returns an error when ip cannot be determined for users not logged in.

* Renamed action for limit exceeded.

* Common rate limiting header naming prefix, and fixed comment typos.

* Doc for Rate Limiting (wip)

* Example for Rate Limiting docs

* Remove private IP range block for rate limiting

* Refactored get_response() to add nonce headers to response instead of request

* Disable batching for Checkout calls to prevent bypassing Rate Limiting.

* Removed redundant arg.

* package-lock.json update

* Removed repeated func calls.

* Fix failing tests.

* Tests wip.

* Request limit and timeframe are now constants for RateLimits utility class.

* Tests for Rate Limit headers.

* Reverted PHPUnit config to enable all tests again.

* Update src/StoreApi/Authentication.php comment wording

Co-authored-by: Thomas Roberts <5656702+opr@users.noreply.github.com>

* Removed possibly unnecessary get_ip_address() call.

* Changed wording on comment for get_ip_address() method.

* Simplified validate_ip() method.

* Fixed wrong header entry for "Forwarded" check.

* Unit testing for Authentication::get_ip_address()

* Comment explaining the reason to use ReflectionClass for testing get_ip_address().

* Support for error output outside batch request.

* MD linting.

* Refactor to implement options through a single filter.

* fixed md lint error and config file

* reverted accidental default func arg value removal

* re-enabled batch support for checkout

* action for limit exceed now also triggered in case we can't resolve the IP.

* Doc tweak.

* Return unresolved IP address when REMOTE_ADDR isn't set with proxy support disabled.

* Group unresolved ips for rate limiting

* Fixed bug where current limit wasn't properly initialized.

Co-authored-by: Nadir Seghir <nadir.seghir@gmail.com>
Co-authored-by: Paulo Arromba <17236129+wavvves@users.noreply.github.com>
Co-authored-by: Thomas Roberts <5656702+opr@users.noreply.github.com>
2022-11-04 15:53:00 +00:00