Commit graph

188 commits

Author SHA1 Message Date
Jakub Tobiasz
6426db133e
Cover editing customer profile scenarios in API 2023-05-05 11:04:14 +02:00
Jan Goralski
4fade40420
[Order] Prevent paying with a disabled method 2023-04-03 10:37:59 +02:00
Jan Goralski
8ae20f46d7
[Behat][Shop] Scenario for successful logout 2022-09-20 10:43:45 +02:00
Jan Goralski
d6027ed795
[API][Shop] List orders from current channel 2022-08-18 12:50:25 +02:00
Jan Goralski
50140d7a89
Allow requesting password reset token with a non existent customer email 2022-07-18 09:31:20 +02:00
Ferror
47ac3b0c32 [maintenance]Prepare postgresql pipeline by making behat scenarios de-case-sensitive 2022-06-03 10:37:44 +02:00
Grzegorz Sadowski
37552254fa
[API] Cover scenarios for receiving email after registration 2022-05-10 12:36:14 +02:00
Mateusz Zalewski
eaf689e22a
Merge branch '1.10' into 1.11
* 1.10:
  passwordResetToken nulled after password is changed
  suggested review changes
  listener added to finish response with X-Frame-Options sameorigin header
2022-03-14 15:28:00 +01:00
Mateusz Zalewski
8f3a08a50a
bug #13766 [Security][API] passwordResetToken nulled after password is changed (lchrusciel, ernestWarwas, GSadee, TheMilek)
This PR was merged into the 1.10 branch.

Discussion
----------

| Q               | A
| --------------- | -----
| Branch?         | 1.10
| Bug fix?        | yes
| New feature?    | no
| BC breaks?      | no
| Deprecations?   | no
| Related tickets | 
| License         | MIT

<!--
 - Bug fixes must be submitted against the 1.10 or 1.11 branch(the lowest possible)
 - Features and deprecations must be submitted against the master branch
 - Make sure that the correct base branch is set

 To be sure you are not breaking any Backward Compatibilities, check the documentation:
 https://docs.sylius.com/en/latest/book/organization/backward-compatibility-promise.html
-->

Commits
-------

214f6184eb listener added to finish response with X-Frame-Options sameorigin header
60b7c81f75 suggested review changes
bd1de40d04 passwordResetToken nulled after password is changed
2022-03-14 15:27:28 +01:00
Mateusz Zalewski
6e655d6368
Merge branch '1.10' into 1.11
* 1.10:
  [Security] XSS - SVG file upload vulnerability fixed
  [PHPUnit] Move subscribers tests to main directory
  Replace str_contains with strpos method to support PHP 7
  [Behat] Extract browser element and context
  [Behat] Add scenarios for securing access to account and dashboard after logging out
  Minor fixes for specs and unit tests of cache control subscribers
  Remove type declarations for properties due to supporting PHP 7.3
  [Maintenace] Test existence of new cache headers
  [UI] Force no-store cache directives for admin and customer account section
  suggested review changes
  listener added to finish response with X-Frame-Options sameorigin header
2022-03-14 15:09:18 +01:00
Mateusz Zalewski
410716251a
Merge branch '1.9' into 1.10
* 1.9:
  [Security] XSS - SVG file upload vulnerability fixed
  [PHPUnit] Move subscribers tests to main directory
  Replace str_contains with strpos method to support PHP 7
  [Behat] Extract browser element and context
  [Behat] Add scenarios for securing access to account and dashboard after logging out
  Minor fixes for specs and unit tests of cache control subscribers
  Remove type declarations for properties due to supporting PHP 7.3
  [Maintenace] Test existence of new cache headers
  [UI] Force no-store cache directives for admin and customer account section
  suggested review changes
  listener added to finish response with X-Frame-Options sameorigin header
2022-03-14 15:06:24 +01:00
TheMilek
bd1de40d04
passwordResetToken nulled after password is changed 2022-03-08 15:17:24 +01:00
Grzegorz Sadowski
5dee3dc656
[Behat] Add scenarios for securing access to account and dashboard after logging out 2022-03-07 15:43:28 +01:00
Tomanhez
7370877a18
Check payment amount for admin 2021-08-05 10:09:11 +02:00
Tomanhez
2c1a6a268a
Check payment amount for shop 2021-08-05 10:09:11 +02:00
Grzegorz Sadowski
a91b275dd2
Resolve conflict after upmerge validation of commands arguments 2021-07-21 09:24:10 +02:00
Mateusz Zalewski
de381eef2c
[API] Denormalizer and Normalizer for command-based requests 2021-07-19 08:55:25 +02:00
Mateusz Zalewski
3b3e384199
[API] Test not providing required fields during registration 2021-07-16 07:31:57 +02:00
Kamil Kokot
54b7872c28
Merge branch '1.9' into 1.10
* 1.9:
  Change application's version to v1.9.6-DEV
  Fix the security advisory PR
  Generate changelog for v1.9.5
  Change application's version to v1.9.5
  [API][Shop] Block access to order list by default
  [API][Shop] Hide order list details for guest users
2021-06-28 15:36:41 +01:00
Łukasz Chruściel
bb06783993
[API][Shop] Hide order list details for guest users 2021-06-17 21:15:17 +02:00
Grzegorz Sadowski
54c9efd2b8
Merge branch '1.9'
* 1.9:
  Mention localhost exposure for easier Facebook login
  change validation message
  Comment out 2 behats steps for checking notifications
2021-05-13 19:17:47 +02:00
Dominik Garbulski
4fd32e9fef Comment out 2 behats steps for checking notifications 2021-05-13 16:10:23 +02:00
Adam Kasperczak
04a502a284 upmerge 2021-04-27 08:03:32 +02:00
Grzegorz Sadowski
2987860b59
[API][Order] Fix orders extension to filter out carts for all users 2021-04-27 06:46:05 +02:00
Grzegorz Sadowski
4f0e0b6b2f
feature #12476 [API] Subscribing to newsletter on account register (arti0090)
This PR was merged into the 1.10-dev branch.

Discussion
----------

| Q               | A
| --------------- | -----
| Branch?         | master
| Bug fix?        | no
| New feature?    | yes
| BC breaks?      | no
| Deprecations?   | no
| License         | MIT


Commits
-------

dc202a69a4 [API] Subscribing to newsletter on account register
dfe536f1ea Add default value for newsletter variable
2021-03-24 09:39:13 +01:00
arti0090
dc202a69a4 [API] Subscribing to newsletter on account register 2021-03-24 08:13:25 +01:00
arti0090
ab9bda4944 [API] Resend Verification email 2021-03-24 07:21:44 +01:00
arti0090
3272f454de add validation, fix register customer route, add missing mail send 2021-03-17 14:29:03 +01:00
Adam Kasperczak
a070f74520 Add test for sending emails 2021-03-17 14:28:55 +01:00
Adam Kasperczak
2855ea5b3a [API] add custom resource for verify account 2021-03-17 14:28:55 +01:00
Adam Kasperczak
d80db7966c [API] Sending verification email and verify account 2021-03-17 14:20:15 +01:00
Tomanhez
edade603da Fix build 2021-03-17 10:14:19 +01:00
Tomanhez
1dce29990a Add tests and implementation for subscribedToNewsletter 2021-03-17 08:55:40 +01:00
arti0090
d230f15d5a reseting password with validation 2021-03-03 10:59:58 +01:00
arti0090
e58e741641 fix behat step 2021-02-18 10:13:20 +01:00
arti0090
3759b2bcc4 validate email 2021-02-18 10:06:22 +01:00
arti0090
0ce0173c66 [API] Password reset 2021-02-18 08:31:27 +01:00
Łukasz Chruściel
e4265fb3ae
[API] Add missing api and no-api tags 2021-02-02 17:01:39 +01:00
Tomanhez
5e21ab045e Add next iteration 2020-11-18 12:32:02 +01:00
Tomanhez
e536b98875 Add fixes for tests and implementation 2020-11-17 17:27:24 +01:00
Tomanhez
b7cef0b406 Add tests for check payment metchod on order account 2020-11-17 17:27:24 +01:00
Grzegorz Sadowski
15339672f2
[API] Secure access in shop context to order items, order item units, shipments and payments 2020-11-11 13:41:19 +01:00
Łukasz Chruściel
d48ceea79d
[API][Shop] Logging in after changing password implementation 2020-11-04 09:24:36 +01:00
Łukasz Chruściel
955a060c71
[API] Extract user context and revamp change password handler 2020-11-03 23:44:15 +01:00
Łukasz Chruściel
09d834bb82
[API][Account] Adjust password change to chosen structure 2020-11-03 23:44:14 +01:00
arti0090
2a60d1fd6c
add validation to password change 2020-11-03 23:44:14 +01:00
arti0090
b26309007f
changed tags in behat steps 2020-11-03 23:44:14 +01:00
arti0090
ec72ab4a56
Api changing password 2020-11-03 23:44:13 +01:00
Łukasz Chruściel
00822a8a83
[Behat][Account] Add scenario for logging in after password change 2020-11-03 23:44:13 +01:00
Adam Kasperczak
787d7e4422 [Api][Address] Add missing behats scenario 2020-10-30 10:53:47 +01:00