From de46709ee496174344693373f0808bc51bb66647 Mon Sep 17 00:00:00 2001 From: Devansh Bawari Date: Tue, 26 Jul 2022 15:25:56 +0530 Subject: [PATCH 1/4] Kernel Updated --- app/Http/Kernel.php | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/app/Http/Kernel.php b/app/Http/Kernel.php index 00542b8f7..a3361eba6 100755 --- a/app/Http/Kernel.php +++ b/app/Http/Kernel.php @@ -14,11 +14,11 @@ class Kernel extends HttpKernel * @var array */ protected $middleware = [ + \App\Http\Middleware\TrustProxies::class, \Illuminate\Http\Middleware\HandleCors::class, \Webkul\Core\Http\Middleware\CheckForMaintenanceMode::class, - \App\Http\Middleware\EncryptCookies::class, - \Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class, - \Illuminate\Session\Middleware\StartSession::class, + \Illuminate\Foundation\Http\Middleware\ValidatePostSize::class, + \App\Http\Middleware\TrimStrings::class, \Webkul\Core\Http\Middleware\SecureHeaders::class, ]; @@ -29,7 +29,9 @@ class Kernel extends HttpKernel */ protected $middlewareGroups = [ 'web' => [ - \Illuminate\Session\Middleware\AuthenticateSession::class, + \App\Http\Middleware\EncryptCookies::class, + \Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class, + \Illuminate\Session\Middleware\StartSession::class, \Illuminate\View\Middleware\ShareErrorsFromSession::class, \App\Http\Middleware\VerifyCsrfToken::class, \Illuminate\Routing\Middleware\SubstituteBindings::class, @@ -52,6 +54,7 @@ class Kernel extends HttpKernel protected $routeMiddleware = [ 'auth' => \Illuminate\Auth\Middleware\Authenticate::class, 'auth.basic' => \Illuminate\Auth\Middleware\AuthenticateWithBasicAuth::class, + 'auth.session' => \Illuminate\Session\Middleware\AuthenticateSession::class, 'bindings' => \Illuminate\Routing\Middleware\SubstituteBindings::class, 'cache.headers' => \Illuminate\Http\Middleware\SetCacheHeaders::class, 'can' => \Illuminate\Auth\Middleware\Authorize::class, From ae9582db985cf79e1f7cce6009cf28b9472fea0b Mon Sep 17 00:00:00 2001 From: Devansh Bawari Date: Tue, 26 Jul 2022 15:26:29 +0530 Subject: [PATCH 2/4] Test Case Updated --- .github/workflows/ci.yml | 11 +++++------ composer.json | 6 ++++-- tests/api/V1/Shop/Customer/AuthCest.php | 2 +- tests/api/V1/Shop/Customer/CheckoutCest.php | 6 ------ 4 files changed, 10 insertions(+), 15 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index bec386e57..95a036bd5 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -16,9 +16,7 @@ jobs: image: mysql:5.7 env: MYSQL_ROOT_PASSWORD: root - MYSQL_DATABASE: bagisto_testing - MYSQL_USER: bagisto - MYSQL_PASSWORD: secret + MYSQL_DATABASE: bagisto ports: - 3306 options: --health-cmd="mysqladmin ping" --health-interval=10s --health-timeout=5s --health-retries=5 @@ -42,11 +40,12 @@ jobs: run: | cp .env.example .env.testing set -e + sed -i "s|^\(APP_ENV=\s*\).*$|\1testing|" .env.testing sed -i "s|^\(DB_HOST=\s*\).*$|\1127.0.0.1|" .env.testing sed -i "s|^\(DB_PORT=\s*\).*$|\1${{ job.services.mysql.ports['3306'] }}|" .env.testing - sed -i "s|^\(DB_DATABASE=\s*\).*$|\1bagisto_testing|" .env.testing - sed -i "s|^\(DB_USERNAME=\s*\).*$|\1bagisto|" .env.testing - sed -i "s|^\(DB_PASSWORD=\s*\).*$|\1secret|" .env.testing + sed -i "s|^\(DB_DATABASE=\s*\).*$|\1bagisto|" .env.testing + sed -i "s|^\(DB_USERNAME=\s*\).*$|\1root|" .env.testing + sed -i "s|^\(DB_PASSWORD=\s*\).*$|\1root|" .env.testing - name: Key Generate run: set -e && php artisan key:generate --env=testing diff --git a/composer.json b/composer.json index 5e979daa5..b7bd7aaaf 100644 --- a/composer.json +++ b/composer.json @@ -139,14 +139,16 @@ "@php artisan migrate:fresh --env=testing", "vendor/bin/codecept run unit", "vendor/bin/codecept run functional", - "vendor/bin/codecept run trigger" + "vendor/bin/codecept run trigger", + "vendor/bin/codecept run api" ], "test-win": [ "@set -e", "@php artisan migrate:fresh --env=testing", "vendor\\bin\\codecept.bat run unit", "vendor\\bin\\codecept.bat run functional", - "vendor\\bin\\codecept.bat run trigger" + "vendor\\bin\\codecept.bat run trigger", + "vendor\\bin\\codecept.bat run api" ] }, "config": { diff --git a/tests/api/V1/Shop/Customer/AuthCest.php b/tests/api/V1/Shop/Customer/AuthCest.php index 5ec9a635f..3c62dd902 100644 --- a/tests/api/V1/Shop/Customer/AuthCest.php +++ b/tests/api/V1/Shop/Customer/AuthCest.php @@ -29,7 +29,7 @@ class AuthCest extends CustomerCest $I->haveAllNecessaryHeaders(); - $I->sendPost($this->getVersionRoute('customer/login'), [ + $I->sendPost($this->getVersionRoute('customer/login?accept_token=true'), [ 'email' => $customer->email, 'password' => json_decode($customer->notes)->plain_password, 'device_name' => $I->fake()->company, diff --git a/tests/api/V1/Shop/Customer/CheckoutCest.php b/tests/api/V1/Shop/Customer/CheckoutCest.php index 0a1bf357a..acbc4493e 100644 --- a/tests/api/V1/Shop/Customer/CheckoutCest.php +++ b/tests/api/V1/Shop/Customer/CheckoutCest.php @@ -65,8 +65,6 @@ class CheckoutCest extends CustomerCest private function saveShippingMethod(ApiTester $I) { - $I->haveHttpHeader('X-CSRF-TOKEN', csrf_token()); - $I->sendPost($this->getVersionRoute('customer/checkout/save-shipping'), [ 'shipping_method' => 'flatrate_flatrate', ]); @@ -76,8 +74,6 @@ class CheckoutCest extends CustomerCest private function savePaymentMethod(ApiTester $I) { - $I->haveHttpHeader('X-CSRF-TOKEN', csrf_token()); - $I->sendPost($this->getVersionRoute('customer/checkout/save-payment'), [ 'payment' => [ 'method' => 'cashondelivery', @@ -89,8 +85,6 @@ class CheckoutCest extends CustomerCest private function saveOrder(ApiTester $I) { - $I->haveHttpHeader('X-CSRF-TOKEN', csrf_token()); - $I->sendPost($this->getVersionRoute('customer/checkout/save-order')); $I->seeAllNecessarySuccessResponse(); From 43909fab06f151d167a24539e52ae41b8daf9642 Mon Sep 17 00:00:00 2001 From: Devansh Bawari Date: Tue, 26 Jul 2022 15:27:48 +0530 Subject: [PATCH 3/4] Removed intended method. No need of intended as it is holding admin one. If someone wants to intend page can customize and request a fresh route. --- .../Webkul/Customer/src/Http/Controllers/SessionController.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/Webkul/Customer/src/Http/Controllers/SessionController.php b/packages/Webkul/Customer/src/Http/Controllers/SessionController.php index 2730abb5f..22f43aca5 100755 --- a/packages/Webkul/Customer/src/Http/Controllers/SessionController.php +++ b/packages/Webkul/Customer/src/Http/Controllers/SessionController.php @@ -78,7 +78,7 @@ class SessionController extends Controller */ Event::dispatch('customer.after.login', $request->get('email')); - return redirect()->intended(route($this->_config['redirect'])); + return redirect()->route($this->_config['redirect']); } /** From 9386475dec8bd866086a2c99b6873f3b6966889b Mon Sep 17 00:00:00 2001 From: Devansh Bawari Date: Tue, 26 Jul 2022 15:28:45 +0530 Subject: [PATCH 4/4] Removed auth guard middleware dependency from constructor. --- .../Http/Controllers/AddressController.php | 28 ++++++++++----- .../Http/Controllers/WishlistController.php | 34 ++++++++++++------- .../src/Http/Controllers/OrderController.php | 14 +++++--- packages/Webkul/Ui/src/DataGrid/DataGrid.php | 2 -- 4 files changed, 50 insertions(+), 28 deletions(-) diff --git a/packages/Webkul/Customer/src/Http/Controllers/AddressController.php b/packages/Webkul/Customer/src/Http/Controllers/AddressController.php index cd6f9e9c2..b14677b54 100755 --- a/packages/Webkul/Customer/src/Http/Controllers/AddressController.php +++ b/packages/Webkul/Customer/src/Http/Controllers/AddressController.php @@ -30,8 +30,6 @@ class AddressController extends Controller public function __construct(protected CustomerAddressRepository $customerAddressRepository) { $this->_config = request('_config'); - - $this->customer = auth()->guard('customer')->user(); } /** @@ -41,7 +39,9 @@ class AddressController extends Controller */ public function index() { - return view($this->_config['view'])->with('addresses', $this->customer->addresses); + $customer = auth()->guard('customer')->user(); + + return view($this->_config['view'])->with('addresses', $customer->addresses); } /** @@ -63,12 +63,14 @@ class AddressController extends Controller */ public function store(CustomerAddressRequest $request) { + $customer = auth()->guard('customer')->user(); + $data = $request->all(); - $data['customer_id'] = $this->customer->id; + $data['customer_id'] = $customer->id; $data['address1'] = implode(PHP_EOL, array_filter(request()->input('address1'))); - if ($this->customer->addresses->count() == 0) { + if ($customer->addresses->count() == 0) { $data['default_address'] = 1; } @@ -90,9 +92,11 @@ class AddressController extends Controller */ public function edit($id) { + $customer = auth()->guard('customer')->user(); + $address = $this->customerAddressRepository->findOneWhere([ 'id' => $id, - 'customer_id' => $this->customer->id, + 'customer_id' => $customer->id, ]); if (! $address) { @@ -112,11 +116,13 @@ class AddressController extends Controller */ public function update($id, CustomerAddressRequest $request) { + $customer = auth()->guard('customer')->user(); + $data = $request->all(); $data['address1'] = implode(PHP_EOL, array_filter(request()->input('address1'))); - $addresses = $this->customer->addresses; + $addresses = $customer->addresses; foreach ($addresses as $address) { if ($id == $address->id) { @@ -141,7 +147,9 @@ class AddressController extends Controller */ public function makeDefault($id) { - if ($default = $this->customer->default_address) { + $customer = auth()->guard('customer')->user(); + + if ($default = $customer->default_address) { $this->customerAddressRepository->find($default->id)->update(['default_address' => 0]); } @@ -162,9 +170,11 @@ class AddressController extends Controller */ public function destroy($id) { + $customer = auth()->guard('customer')->user(); + $address = $this->customerAddressRepository->findOneWhere([ 'id' => $id, - 'customer_id' => $this->customer->id, + 'customer_id' => $customer->id, ]); if (! $address) { diff --git a/packages/Webkul/Customer/src/Http/Controllers/WishlistController.php b/packages/Webkul/Customer/src/Http/Controllers/WishlistController.php index 7512f5c38..18dd8b8da 100755 --- a/packages/Webkul/Customer/src/Http/Controllers/WishlistController.php +++ b/packages/Webkul/Customer/src/Http/Controllers/WishlistController.php @@ -36,8 +36,6 @@ class WishlistController extends Controller ) { $this->_config = request('_config'); - - $this->currentCustomer = auth()->guard('customer')->user(); } /** @@ -47,6 +45,8 @@ class WishlistController extends Controller */ public function index() { + $customer = auth()->guard('customer')->user(); + if (! core()->getConfigData('general.content.shop.wishlist_option')) { abort(404); } @@ -54,8 +54,8 @@ class WishlistController extends Controller return view($this->_config['view'], [ 'items' => $this->wishlistRepository->getCustomerWishlist(), 'isSharingEnabled' => $this->isSharingEnabled(), - 'isWishlistShared' => $this->currentCustomer->isWishlistShared(), - 'wishlistSharedLink' => $this->currentCustomer->getWishlistSharedLink() + 'isWishlistShared' => $customer->isWishlistShared(), + 'wishlistSharedLink' => $customer->getWishlistSharedLink() ]); } @@ -67,6 +67,8 @@ class WishlistController extends Controller */ public function add($itemId) { + $customer = auth()->guard('customer')->user(); + $product = $this->productRepository->find($itemId); if ( $product == null ) { @@ -79,13 +81,13 @@ class WishlistController extends Controller $data = [ 'channel_id' => core()->getCurrentChannel()->id, 'product_id' => $itemId, - 'customer_id' => $this->currentCustomer->id, + 'customer_id' => $customer->id, ]; $checked = $this->wishlistRepository->findWhere([ 'channel_id' => core()->getCurrentChannel()->id, 'product_id' => $itemId, - 'customer_id' => $this->currentCustomer->id, + 'customer_id' => $customer->id, ]); if ( @@ -124,20 +126,22 @@ class WishlistController extends Controller */ public function share() { + $customer = auth()->guard('customer')->user(); + if ($this->isSharingEnabled()) { $data = $this->validate(request(), [ 'shared' => 'required|boolean' ]); - $updateCounts = $this->currentCustomer->wishlist_items()->update(['shared' => $data['shared']]); + $updateCounts = $customer->wishlist_items()->update(['shared' => $data['shared']]); if ( $updateCounts && $updateCounts > 0 ) { return response()->json([ - 'isWishlistShared' => $this->currentCustomer->isWishlistShared(), - 'wishlistSharedLink' => $this->currentCustomer->getWishlistSharedLink() + 'isWishlistShared' => $customer->isWishlistShared(), + 'wishlistSharedLink' => $customer->getWishlistSharedLink() ]); } } @@ -185,7 +189,9 @@ class WishlistController extends Controller */ public function remove($itemId) { - $customerWishlistItems = $this->currentCustomer->wishlist_items; + $customer = auth()->guard('customer')->user(); + + $customerWishlistItems = $customer->wishlist_items; foreach ($customerWishlistItems as $customerWishlistItem) { if ($itemId == $customerWishlistItem->id) { @@ -210,9 +216,11 @@ class WishlistController extends Controller */ public function move($itemId) { + $customer = auth()->guard('customer')->user(); + $wishlistItem = $this->wishlistRepository->findOneWhere([ 'id' => $itemId, - 'customer_id' => $this->currentCustomer->id, + 'customer_id' => $customer->id, ]); if (! $wishlistItem) { @@ -247,7 +255,9 @@ class WishlistController extends Controller */ public function removeAll() { - $wishlistItems = $this->currentCustomer->wishlist_items; + $customer = auth()->guard('customer')->user(); + + $wishlistItems = $customer->wishlist_items; if ($wishlistItems->count() > 0) { foreach ($wishlistItems as $wishlistItem) { diff --git a/packages/Webkul/Shop/src/Http/Controllers/OrderController.php b/packages/Webkul/Shop/src/Http/Controllers/OrderController.php index 09a4b353b..e1747cfba 100644 --- a/packages/Webkul/Shop/src/Http/Controllers/OrderController.php +++ b/packages/Webkul/Shop/src/Http/Controllers/OrderController.php @@ -23,8 +23,6 @@ class OrderController extends Controller protected InvoiceRepository $invoiceRepository ) { - $this->currentCustomer = auth()->guard('customer')->user(); - parent::__construct(); } @@ -50,8 +48,10 @@ class OrderController extends Controller */ public function view($id) { + $customer = auth()->guard('customer')->user(); + $order = $this->orderRepository->findOneWhere([ - 'customer_id' => $this->currentCustomer->id, + 'customer_id' => $customer->id, 'id' => $id, ]); @@ -70,9 +70,11 @@ class OrderController extends Controller */ public function printInvoice($id) { + $customer = auth()->guard('customer')->user(); + $invoice = $this->invoiceRepository->findOrFail($id); - if ($invoice->order->customer_id !== $this->currentCustomer->id) { + if ($invoice->order->customer_id !== $customer->id) { abort(404); } @@ -90,8 +92,10 @@ class OrderController extends Controller */ public function cancel($id) { + $customer = auth()->guard('customer')->user(); + /* find by order id in customer's order */ - $order = $this->currentCustomer->all_orders()->find($id); + $order = $customer->all_orders()->find($id); /* if order id not found then process should be aborted with 404 page */ if (! $order) { diff --git a/packages/Webkul/Ui/src/DataGrid/DataGrid.php b/packages/Webkul/Ui/src/DataGrid/DataGrid.php index e06923fd4..4e4857cdd 100644 --- a/packages/Webkul/Ui/src/DataGrid/DataGrid.php +++ b/packages/Webkul/Ui/src/DataGrid/DataGrid.php @@ -200,8 +200,6 @@ abstract class DataGrid public function __construct() { $this->invoker = $this; - - $this->currentUser = auth()->guard('admin')->user(); } /**