Skip to content

Commit

Permalink
NEXT-17397 - Prepare 6.4.6.0
Browse files Browse the repository at this point in the history
  • Loading branch information
taltholtmann committed Oct 19, 2021
1 parent 2d1846e commit c87b7c9
Show file tree
Hide file tree
Showing 115 changed files with 1,482 additions and 0 deletions.
108 changes: 108 additions & 0 deletions CHANGELOG.md

Large diffs are not rendered by default.

148 changes: 148 additions & 0 deletions UPGRADE-6.4.md
Original file line number Diff line number Diff line change
@@ -1,6 +1,154 @@
UPGRADE FROM 6.3.x.x to 6.4
=======================

# 6.4.6.0
## Rate Limiter

With 6.4.6.0 we have implemented a rate limit by default to reduce the risk of bruteforce for the following routes:
- `/store-api/account/login`
- `/store-api/account/recovery-password`
- `/store-api/order`
- `/store-api/contact-form`
- `/api/oauth/token`
- `/api/_action/user/user-recovery`

### Rate Limiter configuration

The confiuration for the rate limit can be found in the `shopware.yaml` under the map `shopware.api.rate_limiter`.
More information about the configuration can be found at the [developer documentation](https://developer.shopware.com/docs/guides/hosting/infrastructure/rate-limiter).
Below you can find an example configuration.

```yaml
shopware:
api:
rate_limiter:
example_route:
enabled: true
policy: 'time_backoff'
reset: '24 hours'
limits:
- limit: 10
interval: '10 seconds'
- limit: 15
interval: '30 seconds'
- limit: 20
interval: '60 seconds'
```
If you plan to create your own rate limits, head over to our [developer documentation](https://developer.shopware.com/docs/guides/plugins/plugins/framework/rate-limiter/add-rate-limiter-to-api-route).
## Update `/api/_info/events.json` API
* Added `aware` property to `BusinessEventDefinition` class at `Shopware\Core\Framework\Event`.
* Deprecated `mailAware`, `logAware` and `salesChannelAware` properties in `BusinessEventDefinition` class at `Shopware\Core\Framework\Event`.
### Response of API
* Before:
```json
[
{
"name": "checkout.customer.before.login",
"class": "Shopware\\Core\\Checkout\\Customer\\Event\\CustomerBeforeLoginEvent",
"mailAware": false,
"logAware": false,
"data": {
"email": {
"type": "string"
}
},
"salesChannelAware": true,
"extensions": []
}
]
```
* After:
```json
[
{
"name": "checkout.customer.before.login",
"class": "Shopware\\Core\\Checkout\\Customer\\Event\\CustomerBeforeLoginEvent",
"data": {
"email": {
"type": "string"
}
},
"aware": [
"Shopware\\Core\\Framework\\Event\\SalesChannelAware"
],
"extensions": []
}
]
```
## Added Maintenance-Bundle

A maintenance bundle was added to have one place where CLI-commands und Utils are located, that help with the ongoing maintenance of the shop.

To load enable that bundle, you should add the following line to your `/config/bundles.php` file, because from 6.5.0 onward the bundle will not be loaded automatically anymore:
```php
return [
...
Shopware\Core\Maintenance\Maintenance::class => ['all' => true],
];
```
In that refactoring we moved some CLI commands into that new bundle and deprecated the old command classes. The new commands are marked as internal, as you should not rely on the PHP interface of those commands, only on the CLI API.

Additionally we've moved the `UserProvisioner` service from the `Core/System/User` namespace, to the `Core/Maintenance/User` namespace, make sure you use the service from the new location.
Before:
```php
use Shopware\Core\System\User\Service\UserProvisioner;
```
After:
```php
use Shopware\Core\Maintenance\User\Service\UserProvisioner;
```
### Create own SeoUrl Twig Extension
Create a regular Twig extension, instead of tagging it with name `twig.extension` use tag name `shopware.seo_url.twig.extension`

Example Class:
```php
<?php declare(strict_types=1);
namespace SwagExample\Core\Content\Seo\Twig;
use Twig\Extension\AbstractExtension;
use Twig\TwigFilter;
class ExampleTwigFilter extends AbstractExtension
{
public function getFilters(): array
{
return [
new TwigFilter('lastBigLetter', [$this, 'convert']),
];
}
public function convert(string $text): string
{
return strrev(ucfirst(strrev($text)));
}
}
```

Example service.xml:
```xml
<service id="SwagExample\Core\Content\Seo\Twig\ExampleTwigFilter">
<tag name="shopware.seo_url.twig.extension"/>
</service>
```
## Context`s properties will be natively typed
The properties of `\Shopware\Core\Framework\Context` will be natively typed in the future.
If you extend the `Context` make sure your implementations adheres to the type constraints for the protected properties.
When you depend on a self-shipped bundle to already been loaded before your plugin, you can now use negative keys in `getAdditionalBundles` to express a different order. Use negative keys to load them before your plugin instance:

```
class AcmePlugin extends Plugin
{
public function getAdditionalBundles(AdditionalBundleParameters $parameters): array
{
return [
-10 => new DependencyBundle(),
];
}
}
```

# 6.4.5.0
If multiple `RetryableQuery` are used within the same SQL transaction, and a deadlock occurs, the whole transaction is
rolled back internally and can be retried. But if instead only the last `RetryableQuery` is retried this can cause all
Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
---
title: Create the module flow builder
issue: NEXT-15108
---
# Administration
* Added new Flow builder module.
* Added ACL for Flow builder module.
* Added new `sw-flow-builder` component.
* Added new `sw-flow-trigger` component.
* Added new `sw-flow-sequence` component.
* Added new `sw-flow-sequence-selector` component.
* Added new `sw-flow-sequence-condition` component.
* Added new `sw-flow-sequence-action` component.
* Added new `sw-flow-sequence-action-modal` component.
* Added new `sw-flow-detail` page.
* Added new `sw-flow-list` page.
* Added new `sw-flow-detail-general` view.
* Added new `sw-flow-detail-flow` view.
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
---
title: Implement base code for trigger flow builder
issue: NEXT-15107
---
# Core
* Added `FlowExecutor` and `FlowState` classes at `Shopware\Core\Content\Flow`.
* Added `FlowDispatcher` class at `Shopware\Core\Content\Flow` to dispatch business event for Flow Builder.
* Added `AddOrderTagAction` class at `Shopware\Core\Content\Flow\Action`.
* Added `FlowAction` abstract class at `Shopware\Core\Content\Flow\Action`.
* Added `CustomerAware` and `OrderAware` interfaces at `Shopware\Core\Framework\Event`.
* Added function `getOrderId` into `Shopware\Core\Checkout\Cart\Event\CheckoutOrderPlacedEvent`.
* Deprecated `BusinessEventDispatcher` at `Shopware\Core\Framework\Event` which will be removed in v6.5.0.
* Added 'display_group' column into `flow_sequence` table.
* Added 'displayGroup' property into `FlowSequenceEntity` and `FlowSequenceDefinition` at `Shopware\Core\Content\Flow\Aggregate\FlowSequence`.
* Added `Sequence` class at `Shopware\Core\Content\Flow\SequenceTree`.
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
---
title: Create flow and flow sequence DAL for flow builder
issue: NEXT-15110
---
# Core
* Added two new tables `flow` and `flow_sequence` to stored flow and flow sequence data for Flow Builder.
* Added entities, definition and collection for table `flow` at `Shopware\Core\Content\Flow`.
* Added entities, definition and collection for table `flow_sequence` at `Shopware\Core\Content\Flow\Aggregate\FlowSequence`.
* Added OneToMany association between `rule` and `flow_sequence`.
* Added new property `flowSequences` to `Shopware/Core/Content/Rule/RuleEntity`.
* Deprecated `EventActionRuleDefinition` at `Shopware\Core\Framework\Event\EventAction\Aggregate\EventActionRule`.
* Deprecated `EventActionSalesChannelDefinition` at `Shopware\Core\Framework\Event\EventAction\Aggregate\EventActionSalesChannel`.
* Deprecated `EventActionCollection`, `EventActionDefinition`, `EventActionEntity`, `EventActionEvents` and `EventActionSubscriber`, at `Shopware\Core\Framework\Event\EventAction`.
* Deprecated `eventActions` property in `RuleEntity` and `RuleDefinition` at `Shopware\Core\Content\Rule`.
* Deprecated `eventActions` property in `SalesChannelEntity` and `SalesChannelDefinition` at `Shopware\Core\System\SalesChannel`.
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
---
title: Improvement performance for trigger flow
issue: NEXT-15742
---
# Core
* Added `FlowIndexer`, `FlowIndexingMessage` and `FlowPayloadUpdater` class at `Shopware\Core\Content\Flow\DataAbstractionLayer`.
* Added `FlowIndexerEvent` class at `Shopware\Core\Content\Flow\Events`.
* Added `AbstractFlowLoader` interface and `FlowLoader` class at `Shopware\Core\Content\Flow`.
* Added `payload` column into table `flow`.
* Added `payload` property into `FlowEntity` and `FlowDefinition` class at `Shopware\Core\Content\Flow`.
* Added `FlowEvent` class at `Shopware\Core\Framework\Event`.
* Added `SequenceTree` and `SequenceTreeCollection` classes at `Shopware\Core\Content\Flow\SequenceTree`.
* Added `StopFlowAction` class at `Shopware\Core\Content\Flow\Action`.
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
---
title: create-handler-for-add-tag-action
issue: NEXT-15155
---
# Core
* Added `AddCustomerTagAction` class at `Shopware\Core\Content\Flow\Action` which used to add a list of tags for customers.
* Added `AddOrderTagAction` class at `Shopware\Core\Content\Flow\Action` which used to add a list of tags for an order.
* Added `ADD_ORDER_TAG`, `ADD_CUSTOMER_TAG`, `REMOVE_ORDER_TAG` and `REMOVE_CUSTOMER_TAG` variables in `Shopware\Core\Content\Flow\Action\FlowAction`
* Remove `ADD_TAG` and `REMOVE_TAG` variables from `FlowAction` class at `Shopware\Core\Content\Flow\Action`.
* Remove `AddTagAction` class at `Shopware\Core\Content\Flow\Action`, use `AddCustomerTagAction` and `AddOrderTagAction` instead.
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
---
title: Create handler for remove tag action.
issue: NEXT-15159
---
# Core
* Added `RemoveCustomerTagAction` and `RemoveOrderTagAction` classes at `Shopware\Core\Content\Flow\Action`.
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
---
title: Create handler for send mail action.
issue: NEXT-15154
---
# Core
* Added a new constant `SEND_MAIL` in `Shopware\Core\Content\Flow\Action\FlowAction`.
* Added `SendMailAction` class at `Shopware\Core\Content\Flow\Action\FlowAction` which used to send email to customers.
* Added `FlowSendMailActionEvent` class at `Shopware\Core\Content\Flow\Events\FlowSendMailActionEvent` which used to dispatch an event when `SendMailAction` is called.
* Added `MailAware` interface at `Shopware\Core\Framework\Event`.
* Deprecated `MailSendSubscriberBridgeEvent` at `Shopware\Core\Content\MailTemplate\Event\MailSendSubscriberBridgeEvent.php` use `FlowSendMailActionEvent` instead.
* Deprecated `MailSendSubscriber` at `Shopware\Core\Content\MailTemplate\Event\MailSendSubscriberBridgeEvent.php` use `SendMailAction` instead.
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
---
title: Migrate data from Business events to Flow builder
issue: NEXT-15106
---
# Core
* Added new table `sales_channel_rule`.
* Added new migration `Migration1625583596CreateActionEventFlowMigrateTable`.
* Added new migration `Migration1625583619MoveDataFromEventActionToFlow` to migrate data from Business events to Flow builder.
* Added `SequenceTreeBuilder` class at `Shopware\Core\Content\Flow\SequenceTree`.
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
---
title: Create handler for set order state
issue: NEXT-15157
---
# Core
* Changed method `handle` in `Shopware\Core\Content\Flow\Action\SetOrderStateAction` to handle set state for order state action
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
---
title: Create handler for generate document
issue: NEXT_15156
---
# Core
* Added a new constant `GENERATE_DOCUMENT` in `Shopware\Core\Content\Flow\Action\FlowAction`.
* Added `GenerateDocumentAction` class at `Shopware\Core\Content\Flow\Action\FlowAction` which used to generate documents, This action will be called by Flow trigger.
84 changes: 84 additions & 0 deletions changelog/release-6-4-6-0/2021-08-02-implement-rate-limiter.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,84 @@
---
title: Implement rate limiter
issue: NEXT-13795
author_github: @Dominik28111
---
# Core
* Added exception class `Shopware\Core\Checkout\Customer\Exception\CustomerAuthThrottledException`.
* Added exception class `Shopware\Core\Framework\Api\Controller\Exception\AuthThrottledException`.
* Added compiler pass class `Shopware\Core\Framework\DependencyInjection\CompilerPass\RateLimiterCompilerPass`.
* Added exception class `Shopware\Core\Framework\RateLimiter\Exception\RateLimitExceededException`.
* Added rate limit policy `Shopware\Core\Framework\RateLimiter\Policy\TimeBackoff`.
* Added rate limiter `Shopware\Core\Framework\RateLimiter\Policy\TimeBackoffLimiter`.
* Added class `Shopware\Core\Framework\RateLimiter\RateLimiterFactory` to extend the factory policies provided by Symfony.
* Added class `Shopware\Core\Framework\RateLimiter\NoLimitRateLimiterFactory` to override rate limit with NoLimiter.
* Added service `Shopware\Core\Framework\RateLimiter\RateLimiter`.
* Added `Shopware\Core\Framework\RateLimiter\RateLimiterFactory` to add possibility to add own limiters.
* Changed method `Shopware\Core\Framework\Framework::build()` to add rate limit to the DI.
* Added method `Shopware\Core\System\User\Recovery\UserRecoveryService::getUserByHash()` to receive user entity by recovery hash.
___
# API
* Changed method `Shopware\Core\Checkout\Customer\SalesChannel\LoginRoute::login()` to implement rate limit.
* Changed method `Shopware\Core\Checkout\Customer\SalesChannel\ResetPasswordRoute::resetPassword()` to implement rate limit.
* Changed method `Shopware\Core\Checkout\Customer\SalesChannel\SendPasswordRecoveryMailRoute::sendRecoveryMail()` to implement rate limit.
* Changed method `Shopware\Core\Checkout\Order\SalesChannel\OrderRoute::load()` to implement rate limit for guest login.
* Changed method `Shopware\Core\Content\ContactForm\SalesChannel\ContactFormRoute::load()` to implement rate limit.
* Changed method `Shopware\Core\Framework\Api\Controller\AuthController::token()` to implement rate limit.
* Changed method `Shopware\Core\System\User\Api\UserRecoveryController::createUserRecovery()` to implement rate limit.
___
# Administration
* Added data prop `loginAlertMessage` in `app/administration/src/module/sw-login/view/sw-login-login/index.js`.
* Added computed prop `showLoginAlert` in `app/administration/src/module/sw-login/view/sw-login-login/index.js`.
* Changed method `createNotificationFromResponse` in `module/sw-login/view/sw-login-login/index.js` to display rate limit message.
* Added block `{% block sw_login_login_alert %}` in `module/sw-login/view/sw-login-login/sw-login-login.html.twig` to display login alert.
* Changed method `sendRecoveryMail` in `module/sw-login/view/sw-login-recovery/index.js` to handle error message for rate limit.
* Changed method `displayRecoveryInfo` in `module/sw-login/view/sw-login-recovery/index.js` to progress response for rate limit and forward with the wait time.
* Added computed prop `rateLimitTime` in `module/sw-login/view/sw-login-recovery-info/index.js`.
* Changed block `{% block sw_login_recovery_info_info %}` in `module/sw-login/view/sw-login-recovery-info/sw-login-recovery-info.html.twig` to display rate limit message if rateLimitTime is set.
___
# Storefront
* Changed mhetod `Shopware\Storefront\Controller\AccountOrderController::orderSingleOverview()` to handle rate limit exception and redirect with `waitTime` parameter.
* Changed method `Shopware\Storefront\Controller\AuthController::loginPage()` to pass parameter `waitTime` to twig template.
* Changed method `Shopware\Storefront\Controller\AuthController::guestLoginPage()` to add rate limit message to flashbag.
* Changed method `Shopware\Storefront\Controller\AuthController::login()` to handle rate limit exception and forward with `waitTime` parameter.
* Changed method `Shopware\Storefront\Controller\AuthController::generateAccountRecovery()` to handle rate limit exception and add rate limit message to flashbag.
* Changed method `Shopware\Storefront\Controller\FormController::sendContactForm()` to handle rate limit exception and add an alert to response.
* Changed method `_handleResponse()` in `app/storefront/src/plugin/forms/form-cms-handler.plugin.js` to show alerts of type info.
* Changed `{% block component_account_login_form_error %}` in `views/storefront/component/account/login.html.twig` to display info alert with rate limit message.
___
# Upgrade Information

## Rate Limiter

With 6.4.6.0 we have implemented a rate limit by default to reduce the risk of bruteforce for the following routes:
- `/store-api/account/login`
- `/store-api/account/recovery-password`
- `/store-api/order`
- `/store-api/contact-form`
- `/api/oauth/token`
- `/api/_action/user/user-recovery`

### Rate Limiter configuration

The confiuration for the rate limit can be found in the `shopware.yaml` under the map `shopware.api.rate_limiter`.
More information about the configuration can be found at the [developer documentation](https://developer.shopware.com/docs/guides/hosting/infrastructure/rate-limiter).
Below you can find an example configuration.

```yaml
shopware:
api:
rate_limiter:
example_route:
enabled: true
policy: 'time_backoff'
reset: '24 hours'
limits:
- limit: 10
interval: '10 seconds'
- limit: 15
interval: '30 seconds'
- limit: 20
interval: '60 seconds'
```
If you plan to create your own rate limits, head over to our [developer documentation](https://developer.shopware.com/docs/guides/plugins/plugins/framework/rate-limiter/add-rate-limiter-to-api-route).
Loading

0 comments on commit c87b7c9

Please sign in to comment.