Commit graph

209 commits

Author SHA1 Message Date
Grzegorz Sadowski
3bc21174cf
Merge branch '1.12' into 1.13
* 1.12:
  [Behat] Minor scenarios improvements
  Fixes after CR
  Test adding similar products
  Test adding new simple product
  Test adding new taxon
  [Behat] Minor scenarios improvements after code review
  [Checkout] Add scenario for preventing from a potential XSS attack
  [AddressBook] Add scenario for preventing from a potential XSS attack
  Use function from UIBundle
  Add sanitizer function to UIBundle
  Add js sanitizeInput function
  Fix product-auto-complete
  Use function from UIBundle
  Fix potential xss in admin panel
  [Maintenance] Remove unnecessary line
  [Maintenance] Update docker docs
2024-05-10 10:28:17 +02:00
Grzegorz Sadowski
30de6ff277
[Behat] Minor scenarios improvements after code review 2024-05-10 07:22:38 +02:00
Grzegorz Sadowski
3d66fb0672
[AddressBook] Add scenario for preventing from a potential XSS attack 2024-05-10 06:34:27 +02:00
Kamil Grygierzec
16c695ae88
Add missing validation for the customers first and last name 2024-03-28 09:04:22 +01:00
Kamil Grygierzec
d984f452a5
Validate customer creation and edit 2024-03-27 08:47:32 +01:00
Rafikooo
33bf3648a5
[Behat] Remove unnecessary javascript tags 2024-01-17 15:14:06 +01:00
Rafikooo
62f787d307
[Behat] Introduce the proper format in the rest of the prices 2023-12-01 03:48:01 +01:00
Rafikooo
8a523e43f9
[Behat] Apply the decimal part of the price in every scenario 2023-12-01 03:48:01 +01:00
Francis Hilaire
8763404483
Make the sentence applies to both UI and API 2023-09-29 10:42:57 +02:00
Francis Hilaire
926081a7ac Add API validator message check 2023-09-27 14:35:48 +02:00
Francis Hilaire
e2fc25a1c1 Use the already present contexts 2023-09-27 14:33:35 +02:00
Francis Hilaire
0d146878a4 Mirror UI behaviour within the API call 2023-09-27 14:33:02 +02:00
Francis Hilaire
1fba577fe0 Rename validators and spec methods 2023-09-27 14:32:17 +02:00
Francis Hilaire
4b5f3f5142 Add a new scenario to test validation 2023-09-27 14:31:40 +02:00
Francis Hilaire
a00fa79b26 Add new scenario testing expired password requested token 2023-09-27 14:31:38 +02:00
Jacob Tobiasz
474f12a819
Provide post-CR fixes 2023-08-19 08:10:54 +02:00
Jakub Tobiasz
852f2db9f5
Provide post-CR fixes 2023-08-18 18:58:13 +02:00
Jakub Tobiasz
0284acad88
Add email verification methods in API's EmailContext 2023-08-18 18:58:13 +02:00
Fabiana Romagnoli
185e876a77
Improve registration workflow 2023-08-18 18:58:13 +02:00
Rafikooo
2b1a243607
[Scenarios] Add @api tag and change step implementation to reflect current app behaviour 2023-06-23 15:08:06 +02:00
TheMilek
fc316f7107
Uncomment editing customer profile steps 2023-05-18 10:46:45 +02:00
Jakub Tobiasz
6426db133e
Cover editing customer profile scenarios in API 2023-05-05 11:04:14 +02:00
Jan Goralski
4fade40420
[Order] Prevent paying with a disabled method 2023-04-03 10:37:59 +02:00
Jan Goralski
8ae20f46d7
[Behat][Shop] Scenario for successful logout 2022-09-20 10:43:45 +02:00
Jan Goralski
d6027ed795
[API][Shop] List orders from current channel 2022-08-18 12:50:25 +02:00
Jan Goralski
50140d7a89
Allow requesting password reset token with a non existent customer email 2022-07-18 09:31:20 +02:00
Ferror
47ac3b0c32 [maintenance]Prepare postgresql pipeline by making behat scenarios de-case-sensitive 2022-06-03 10:37:44 +02:00
Grzegorz Sadowski
37552254fa
[API] Cover scenarios for receiving email after registration 2022-05-10 12:36:14 +02:00
Mateusz Zalewski
eaf689e22a
Merge branch '1.10' into 1.11
* 1.10:
  passwordResetToken nulled after password is changed
  suggested review changes
  listener added to finish response with X-Frame-Options sameorigin header
2022-03-14 15:28:00 +01:00
Mateusz Zalewski
8f3a08a50a
bug #13766 [Security][API] passwordResetToken nulled after password is changed (lchrusciel, ernestWarwas, GSadee, TheMilek)
This PR was merged into the 1.10 branch.

Discussion
----------

| Q               | A
| --------------- | -----
| Branch?         | 1.10
| Bug fix?        | yes
| New feature?    | no
| BC breaks?      | no
| Deprecations?   | no
| Related tickets | 
| License         | MIT

<!--
 - Bug fixes must be submitted against the 1.10 or 1.11 branch(the lowest possible)
 - Features and deprecations must be submitted against the master branch
 - Make sure that the correct base branch is set

 To be sure you are not breaking any Backward Compatibilities, check the documentation:
 https://docs.sylius.com/en/latest/book/organization/backward-compatibility-promise.html
-->

Commits
-------

214f6184eb listener added to finish response with X-Frame-Options sameorigin header
60b7c81f75 suggested review changes
bd1de40d04 passwordResetToken nulled after password is changed
2022-03-14 15:27:28 +01:00
Mateusz Zalewski
6e655d6368
Merge branch '1.10' into 1.11
* 1.10:
  [Security] XSS - SVG file upload vulnerability fixed
  [PHPUnit] Move subscribers tests to main directory
  Replace str_contains with strpos method to support PHP 7
  [Behat] Extract browser element and context
  [Behat] Add scenarios for securing access to account and dashboard after logging out
  Minor fixes for specs and unit tests of cache control subscribers
  Remove type declarations for properties due to supporting PHP 7.3
  [Maintenace] Test existence of new cache headers
  [UI] Force no-store cache directives for admin and customer account section
  suggested review changes
  listener added to finish response with X-Frame-Options sameorigin header
2022-03-14 15:09:18 +01:00
Mateusz Zalewski
410716251a
Merge branch '1.9' into 1.10
* 1.9:
  [Security] XSS - SVG file upload vulnerability fixed
  [PHPUnit] Move subscribers tests to main directory
  Replace str_contains with strpos method to support PHP 7
  [Behat] Extract browser element and context
  [Behat] Add scenarios for securing access to account and dashboard after logging out
  Minor fixes for specs and unit tests of cache control subscribers
  Remove type declarations for properties due to supporting PHP 7.3
  [Maintenace] Test existence of new cache headers
  [UI] Force no-store cache directives for admin and customer account section
  suggested review changes
  listener added to finish response with X-Frame-Options sameorigin header
2022-03-14 15:06:24 +01:00
TheMilek
bd1de40d04
passwordResetToken nulled after password is changed 2022-03-08 15:17:24 +01:00
Grzegorz Sadowski
5dee3dc656
[Behat] Add scenarios for securing access to account and dashboard after logging out 2022-03-07 15:43:28 +01:00
Tomanhez
7370877a18
Check payment amount for admin 2021-08-05 10:09:11 +02:00
Tomanhez
2c1a6a268a
Check payment amount for shop 2021-08-05 10:09:11 +02:00
Grzegorz Sadowski
a91b275dd2
Resolve conflict after upmerge validation of commands arguments 2021-07-21 09:24:10 +02:00
Mateusz Zalewski
de381eef2c
[API] Denormalizer and Normalizer for command-based requests 2021-07-19 08:55:25 +02:00
Mateusz Zalewski
3b3e384199
[API] Test not providing required fields during registration 2021-07-16 07:31:57 +02:00
Kamil Kokot
54b7872c28
Merge branch '1.9' into 1.10
* 1.9:
  Change application's version to v1.9.6-DEV
  Fix the security advisory PR
  Generate changelog for v1.9.5
  Change application's version to v1.9.5
  [API][Shop] Block access to order list by default
  [API][Shop] Hide order list details for guest users
2021-06-28 15:36:41 +01:00
Łukasz Chruściel
bb06783993
[API][Shop] Hide order list details for guest users 2021-06-17 21:15:17 +02:00
Grzegorz Sadowski
54c9efd2b8
Merge branch '1.9'
* 1.9:
  Mention localhost exposure for easier Facebook login
  change validation message
  Comment out 2 behats steps for checking notifications
2021-05-13 19:17:47 +02:00
Dominik Garbulski
4fd32e9fef Comment out 2 behats steps for checking notifications 2021-05-13 16:10:23 +02:00
Adam Kasperczak
04a502a284 upmerge 2021-04-27 08:03:32 +02:00
Grzegorz Sadowski
2987860b59
[API][Order] Fix orders extension to filter out carts for all users 2021-04-27 06:46:05 +02:00
Grzegorz Sadowski
4f0e0b6b2f
feature #12476 [API] Subscribing to newsletter on account register (arti0090)
This PR was merged into the 1.10-dev branch.

Discussion
----------

| Q               | A
| --------------- | -----
| Branch?         | master
| Bug fix?        | no
| New feature?    | yes
| BC breaks?      | no
| Deprecations?   | no
| License         | MIT


Commits
-------

dc202a69a4 [API] Subscribing to newsletter on account register
dfe536f1ea Add default value for newsletter variable
2021-03-24 09:39:13 +01:00
arti0090
dc202a69a4 [API] Subscribing to newsletter on account register 2021-03-24 08:13:25 +01:00
arti0090
ab9bda4944 [API] Resend Verification email 2021-03-24 07:21:44 +01:00
arti0090
3272f454de add validation, fix register customer route, add missing mail send 2021-03-17 14:29:03 +01:00
Adam Kasperczak
a070f74520 Add test for sending emails 2021-03-17 14:28:55 +01:00