diff --git a/classes/PrestaScanQueue.php b/classes/PrestaScanQueue.php index f8325a1..cc6306d 100644 --- a/classes/PrestaScanQueue.php +++ b/classes/PrestaScanQueue.php @@ -215,4 +215,13 @@ public static function getJobAlreadyInProgress($actionName, $time = 10) AND TIMESTAMPDIFF(MINUTE, date_add, now()) > ' . $time); return empty($jobId) ? false : $jobId; } + + public static function isJobToRetrieve($actionName) + { + $jobId = Db::getInstance()->getValue(' + SELECT `jobid` + FROM `' . _DB_PREFIX_ . self::$definition['table'] . '` + WHERE `action_name` = "' . pSQL($actionName) . '" AND `state` = "' . pSQL(self::$actionname['TORETRIEVE']) . '" ORDER BY `id` DESC'); + return empty($jobId) ? false : true; + } } diff --git a/controllers/front/oauth2.php b/controllers/front/oauth2.php index e93ce7f..0208001 100644 --- a/controllers/front/oauth2.php +++ b/controllers/front/oauth2.php @@ -50,6 +50,10 @@ public function init() public function initContent() { + // handle old site monitored change; retry a login with new site monitored + if (Tools::getValue('site_changed')) { + return $this->module->handleSiteMonitoredChanged(); + } // Check our sudo user token if (!$this->isSudoTokenValid()) { \PrestaScan\Tools::displayErrorAndDie(401, 'Token mismatch'); diff --git a/github_images/logo.png b/github_images/logo.png index 879480a..feeaf52 100644 Binary files a/github_images/logo.png and b/github_images/logo.png differ diff --git a/github_images/logo.svg b/github_images/logo.svg index eca88c4..9ad9f05 100644 --- a/github_images/logo.svg +++ b/github_images/logo.svg @@ -1,127 +1,43 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/github_images/partners/partner2.png b/github_images/partners/partner2.png index 381668a..48fa27b 100644 Binary files a/github_images/partners/partner2.png and b/github_images/partners/partner2.png differ diff --git a/github_images/partners/partner4.png b/github_images/partners/partner4.png index 2cce58b..4e64b80 100644 Binary files a/github_images/partners/partner4.png and b/github_images/partners/partner4.png differ diff --git a/logo.png b/logo.png index 03506ed..9c7dfd0 100644 Binary files a/logo.png and b/logo.png differ diff --git a/prestascansecurity.php b/prestascansecurity.php index d634b97..89553ba 100644 --- a/prestascansecurity.php +++ b/prestascansecurity.php @@ -33,7 +33,7 @@ public function __construct() { $this->name = 'prestascansecurity'; $this->tab = 'others'; - $this->version = '1.1.8'; + $this->version = '1.1.9'; $this->author = 'PrestaScan'; $this->need_instance = false; $this->bootstrap = true; @@ -261,6 +261,28 @@ public function generateModuleHash() public function getContent() { + if ($this->isUserLoggedIn()) { + // check if selected url is correct on account + try { + $postBody = array( + 'shop_urls' => implode(';', array_map('urlencode', $this->getShopUrls())), + ); + $request = new \PrestaScan\Api\Request( + 'prestascan-api/v2/check-url', + 'POST', + $postBody + ); + $response = $request->getResponse(); + if (isset($response['error']) && $response['error']) { // disconnect + $this->logout(); + } + } catch (Exception $e) { + if ($e->getMessage() == 'Not logged in') { // + $this->logout(); + } + } + } + // Update the module if requested to do so $this->updateModule(); // Check for error message to display @@ -371,18 +393,20 @@ protected function displayInitialScanAndScanProgress() $displayInitialScan = false; } $progressScans = Configuration::get('PRESTASCAN_SCAN_PROGRESS'); + $scansToRetrieve = array(); if (!empty($progressScans)) { $progressScans = json_decode($progressScans, true); - foreach ($progressScans as $scan) { + foreach ($progressScans as $type => $scan) { + $scansToRetrieve[$type] = \PrestaScanQueue::isJobToRetrieve($type); if ($scan) { $displayInitialScan = false; - break; } } } $this->context->smarty->assign('displayInitialScan', $displayInitialScan); $this->context->smarty->assign('progressScans', $progressScans); + $this->context->smarty->assign('scansToRetrieve', $scansToRetrieve); } protected function assignAdminVariables($moduleNewVulnerabilitiesAlert) @@ -510,6 +534,8 @@ protected function includeAdminResources($moduleNewVulnerabilitiesAlert) 'checkbox_risk_label' => $this->l('I understand the risks associated with removing or uninstalling modules in PrestaShop and agree to proceed with caution, prioritizing a development environment.'), 'question_to_logout' => $this->l('Are you sure to log out?'), 'js_error_occured' => $this->l('An error occured while generating the report. This may be due to a timeout. Please try again.'), + 'js_ps_nodebug_error_occured' => $this->l('A error occured. Enable debug for more information and please try again.'), + 'js_ps_error_occured' => $this->l('A error occured. Please try again.'), 'question_to_logout' => $this->l('Are you sure to log out?'), 'js_description' => $this->l('Description'), 'text_confirm_log_me_out' => $this->l('Yes, log me out'), @@ -670,4 +696,25 @@ public function getWordTranslated($word) return ucfirst($criticity); } + + protected function logout() + { + // Remove the data in the database + \PrestaScanQueue::truncate(); + \PrestaScanVulnAlerts::truncate(); + // Delete cache files and configuration + \PrestaScan\Tools::resetModuleConfigurationAndCache(); + $this->isLoggedIn = false; + } + + public function handleSiteMonitoredChanged() + { + if (Context::getContext()->cookie->__isset('psscan_urlconfigbo')) { + $urlBackOffice = Context::getContext()->cookie->__get('psscan_urlconfigbo'); + Context::getContext()->cookie->__unset('psscan_urlconfigbo'); + Tools::redirectAdmin($urlBackOffice . '&site_changed=1'); + } else { + die($this->display(__FILE__, 'views/templates/front/sitemonitored_changed.tpl')); + } + } } diff --git a/src/OAuth2/Provider.php b/src/OAuth2/Provider.php index 219caba..ba87bc9 100644 --- a/src/OAuth2/Provider.php +++ b/src/OAuth2/Provider.php @@ -67,6 +67,10 @@ public function getAuthenticatedRequest($method, $url, $accessToken, array $opti curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 3); curl_setopt($ch, CURLOPT_TIMEOUT, 10); + if (defined('_EOSC_MODE_DEV_') && _EOSC_MODE_DEV_) { + curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); + curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0); + } if (isset($options['body'])) { curl_setopt($ch, CURLOPT_POSTFIELDS, $options['body']); @@ -134,7 +138,11 @@ public function getAccessToken($grantType, array $options = []) curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($params)); curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 3); curl_setopt($ch, CURLOPT_TIMEOUT, 10); - + if (defined('_EOSC_MODE_DEV_') && _EOSC_MODE_DEV_) { + curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); + curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0); + } + $response = $this->getResponse($ch); $parsedResponse = $this->parseResponse($response); diff --git a/src/Tools.php b/src/Tools.php index d1b487d..8d22d74 100644 --- a/src/Tools.php +++ b/src/Tools.php @@ -327,7 +327,7 @@ public static function formatDateString($date) if (!empty($date)) { $return = date('j F Y ', strtotime($date)); $return .= in_array($languageCode, array('fr','es')) ? $at[$languageCode] : ' at '; - $return .= date('h\hm', strtotime($date)); + $return .= date('h\hi', strtotime($date)); if (in_array($languageCode, array('fr','es'))) { $return = str_replace(array_keys($mois[$languageCode]), array_values($mois[$languageCode]), $return); } diff --git a/translations/es.php b/translations/es.php index b362029..b057582 100644 --- a/translations/es.php +++ b/translations/es.php @@ -227,6 +227,9 @@ $_MODULE['<{prestascansecurity}prestashop>scan_in_progress_96726308d783c8c6143d5b22fea5d7fb'] = 'Parece que el escaneo se ha estado ejecutando durante bastante tiempo, podría haber un problema.'; $_MODULE['<{prestascansecurity}prestashop>scan_in_progress_eb83cb7c01a3449487ded1a52bb1836c'] = 'Puede intentar forzar el escaneo para recuperar sus datos. Si esto no funciona, el escaneo se cancelará y podrá volver a intentarlo con un nuevo escaneo.'; $_MODULE['<{prestascansecurity}prestashop>scan_in_progress_ba387b98b9462fc96925aadf3f641e6c'] = 'Forzar recuperación o cancelar'; +$_MODULE['<{prestascansecurity}prestashop>scan_to_retrieve_9a2320c81ad462c52e15563fb7d3ee4d'] = 'Descargando los últimos escaneos'; +$_MODULE['<{prestascansecurity}prestashop>scan_to_retrieve_fc4d43c730c5d2ff49c6105683a5b70a'] = 'Se está descargando el último análisis automático para su visualización.'; +$_MODULE['<{prestascansecurity}prestashop>scan_to_retrieve_732e91e4bc78bb97e63473154025e419'] = 'Esta operación puede tardar unos momentos.'; $_MODULE['<{prestascansecurity}prestashop>scan_result_60a1994f5365c8a09a74ac6516b88629'] = 'Resultados del último escaneo'; $_MODULE['<{prestascansecurity}prestashop>scan_result_f91fe4f33093ee783af6952f653577d4'] = 'Recientemente se descubrió una nueva vulnerabilidad, verifique su alerta arriba y vuelva a hacer un escaneo si es necesario para actualizar sus resultados'; $_MODULE['<{prestascansecurity}prestashop>scan_result_48a098c06115a3db0efb6bcb5e31fd41'] = 'Vulnerabilidad'; diff --git a/translations/fr.php b/translations/fr.php index c84ca6a..349d7c8 100644 --- a/translations/fr.php +++ b/translations/fr.php @@ -11,6 +11,8 @@ $_MODULE['<{prestascansecurity}prestashop>prestascansecurity_a3f4cecacc0164fd6c90029641134efa'] = 'Je comprends les risques associés à la suppression ou la désinstallation de modules dans PrestaShop et accepte de procéder avec prudence, en privilégiant un environnement de développement.'; $_MODULE['<{prestascansecurity}prestashop>prestascansecurity_b9ff4aa1cb93a366b1973c5c3af52289'] = 'Êtes-vous sûr de vouloir vous déconnecter ?'; $_MODULE['<{prestascansecurity}prestashop>prestascansecurity_fd541b21fd5a44149a86bc83f5ed7739'] = 'Une erreur s\'est produite lors de la génération du rapport. Cela peut être dû à un délai d\'expiration. Veuillez réessayer.'; +$_MODULE['<{prestascansecurity}prestashop>prestascansecurity_d90237b6602334152220c3825a978ac3'] = 'Une erreur s\'est produite. Activez le mode debug pour plus d\'informations et veuillez réessayer.'; +$_MODULE['<{prestascansecurity}prestashop>prestascansecurity_9cdc88e43e892de1c3f8b949719ed4e2'] = 'Une erreur est survenue. Veuillez réessayer.'; $_MODULE['<{prestascansecurity}prestashop>prestascansecurity_b5a7adde1af5c87d7fd797b6245c2a39'] = 'Description'; $_MODULE['<{prestascansecurity}prestashop>prestascansecurity_9eadb78db102ef3b8dc9c43043d26422'] = 'Oui, déconnectez-moi'; $_MODULE['<{prestascansecurity}prestashop>prestascansecurity_01602a2174d298aea9aa785039556a5a'] = 'Cliquez ici pour actualiser la page'; @@ -227,6 +229,9 @@ $_MODULE['<{prestascansecurity}prestashop>scan_in_progress_96726308d783c8c6143d5b22fea5d7fb'] = 'Il semble que le scan dure depuis un certain temps maintenant, il pourrait y avoir un problème.'; $_MODULE['<{prestascansecurity}prestashop>scan_in_progress_eb83cb7c01a3449487ded1a52bb1836c'] = 'Vous pouvez essayer de forcer le scan pour récupérer ses données. Si cela ne fonctionne pas, le scan sera annulé et vous pourrez réessayer avec un nouveau scan.'; $_MODULE['<{prestascansecurity}prestashop>scan_in_progress_ba387b98b9462fc96925aadf3f641e6c'] = 'Forcer la récupération ou annuler'; +$_MODULE['<{prestascansecurity}prestashop>scan_to_retrieve_9a2320c81ad462c52e15563fb7d3ee4d'] = 'Téléchargement des derniers scans'; +$_MODULE['<{prestascansecurity}prestashop>scan_to_retrieve_fc4d43c730c5d2ff49c6105683a5b70a'] = 'Le dernier scan automatique est en cours de téléchargement pour son affichage.'; +$_MODULE['<{prestascansecurity}prestashop>scan_to_retrieve_732e91e4bc78bb97e63473154025e419'] = 'Cette opération peut prendre quelques instants.'; $_MODULE['<{prestascansecurity}prestashop>scan_result_60a1994f5365c8a09a74ac6516b88629'] = 'Derniers résultats de scan'; $_MODULE['<{prestascansecurity}prestashop>scan_result_f91fe4f33093ee783af6952f653577d4'] = 'Une nouvelle vulnérabilité a été récemment découverte, vérifiez l\'alerte ci-dessus et refaites un scan si nécessaire pour mettre à jour vos résultats'; $_MODULE['<{prestascansecurity}prestashop>scan_result_535e2de9168013bbfc31965016086243'] = 'Vulnérabilités'; diff --git a/views/css/admin.1.1.6.css b/views/css/admin.1.1.6.css index 6b2a761..be31bac 100644 --- a/views/css/admin.1.1.6.css +++ b/views/css/admin.1.1.6.css @@ -959,6 +959,7 @@ label.chkConfirmModuleUninstall input { width: 100%; position: absolute; bottom: 0; + left: 0; } #prestascansecurity_main_container #tab-report-home .scan_link.row a.btn { margin-top: 45px; diff --git a/views/css/modal.1.1.6.css b/views/css/modal.1.1.6.css index a4d5be3..2107876 100644 --- a/views/css/modal.1.1.6.css +++ b/views/css/modal.1.1.6.css @@ -70,7 +70,17 @@ padding: 15px 10px 10px; width: 100%; } - +#prestascansecurity_main_container .modal_content.has_error { + width: 35vw; + max-height: 70vh; +} +#prestascansecurity_main_container .modal_content.has_error .modal_body { + text-align: left; +} +#prestascansecurity_main_container .modal_content.has_error .modal_body pre { + overflow: auto; + max-height: 60vh; +} /* Add Animation */ @-webkit-keyframes animatetop { from {top:-300px; opacity:0} diff --git a/views/img/Logo_PSSecurity.svg b/views/img/Logo_PSSecurity.svg index 7b7656f..0261403 100644 --- a/views/img/Logo_PSSecurity.svg +++ b/views/img/Logo_PSSecurity.svg @@ -1,66 +1,136 @@ + viewBox="0 0 2551.7 834.1" style="enable-background:new 0 0 2551.7 834.1;" xml:space="preserve"> - - - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + - - - - - - - - - - - - - - - - - - - diff --git a/views/img/icon_dashboard.png b/views/img/icon_dashboard.png index 4ce7d19..8eec0a2 100644 Binary files a/views/img/icon_dashboard.png and b/views/img/icon_dashboard.png differ diff --git a/views/img/logo.png b/views/img/logo.png index 7ee7764..a636e31 100644 Binary files a/views/img/logo.png and b/views/img/logo.png differ diff --git a/views/img/logo.svg b/views/img/logo.svg index eca88c4..9ad9f05 100644 --- a/views/img/logo.svg +++ b/views/img/logo.svg @@ -1,127 +1,43 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/views/img/partners/partner2.png b/views/img/partners/partner2.png index 8d85127..48fa27b 100644 Binary files a/views/img/partners/partner2.png and b/views/img/partners/partner2.png differ diff --git a/views/img/partners/partner4.png b/views/img/partners/partner4.png index 6ed90ee..4e64b80 100644 Binary files a/views/img/partners/partner4.png and b/views/img/partners/partner4.png differ diff --git a/views/js/modal.js b/views/js/modal.js index c785cd6..226d3a0 100644 --- a/views/js/modal.js +++ b/views/js/modal.js @@ -64,8 +64,14 @@ $(function () { prestascanSecurity_Modal.config.jQuerySelectors.modalBody.html(''); prestascanSecurity_Modal.config.jQuerySelectors.prestascanModal.hide(); }, - createDialog : function(mainContent, buttons, customHtml) { + createDialog : function(mainContent, buttons, customHtml, hasError) { var modalBody = $(window.prestascanSecurity_Modal.config.cssSelector.modalBody); + var modalContent = window.prestascanSecurity_Modal.config.jQuerySelectors.modalContent; + if (hasError) { + modalContent.addClass('has_error'); + } else { + modalContent.removeClass('has_error'); + } modalBody.html("

" + mainContent + "

"); // Add additional html to popup if (typeof customHtml !== 'undefined') { diff --git a/views/js/reports.js b/views/js/reports.js index 95ff497..aadf3c9 100644 --- a/views/js/reports.js +++ b/views/js/reports.js @@ -254,10 +254,40 @@ $(function () { }, loadReportError : function(res) { if (res.status === 200) { + var $response = $(res.responseText); + // Handle error in 1.6 + if ($response.find('.xdebug-error').length) { + var error_text = '' + js_ps_error_occured + '
'; + error_text += '
 '  + $response.find('.xdebug-error').text() + '
'; + window.prestascanSecurity_Modal.createDialog(error_text, [], null, true); + return; + } window.prestascanSecurity_Modal.createDialog(res.responseText, []); } else { - window.prestascanSecurity_Modal.createDialog(js_error_occured, []); + // handle prestashop error + var responseText = $(res.responseText).text(); + if (responseText) { + var $response = $(res.responseText); + + // Handle Error 500 in 1.7 + if ($response.find('.error-header').length) { + var error_text = '' + js_ps_nodebug_error_occured + '
'; + error_text += $response.find('.error-header').next().text(); + window.prestascanSecurity_Modal.createDialog(error_text, [], null, true); + return; + } + if ($response.find('.stacktrace').length > 0) { + var error_text = '' + js_ps_error_occured + '
'; + error_text += '
 '  + $response.find('.stacktrace').text() + '
'; + window.prestascanSecurity_Modal.createDialog(error_text, [], null, true); + return; + } + + // 1.6 + + } + window.prestascanSecurity_Modal.createDialog(js_ps_nodebug_error_occured, []); } }, postJsonAjax : function(url, data, handlerSuccess, handlerError) { @@ -802,4 +832,16 @@ window.addEventListener('load', () => { let cleanUrl = window.location.href.replace(/[\?&]subRefresh=1/, ''); window.history.replaceState({}, document.title, cleanUrl); } -}); \ No newline at end of file +}); + +document.addEventListener('DOMContentLoaded', function() { + if (window.opener && window.opener !== window) { + const urlParams = new URLSearchParams(window.location.search); + if (urlParams.has('site_changed')) { + // alert('site_changed 2'); + window.opener.openOauthPsScan(); + } else { + window.close(); // close popup + } + } +}); diff --git a/views/templates/admin/layouts/menu.tpl b/views/templates/admin/layouts/menu.tpl index 5ca258d..f6cb14d 100644 --- a/views/templates/admin/layouts/menu.tpl +++ b/views/templates/admin/layouts/menu.tpl @@ -74,15 +74,12 @@ {/if}