Skip to content

Commit

Permalink
Merge branch 'develop' of https://github.com/mage-os/mirror-security-…
Browse files Browse the repository at this point in the history 
…package into develop
  • Loading branch information
@mage-os-ci
mage-os-ci committed Dec 6, 2023
2 parents d31adda + 8f476ac commit c480b0e
Show file tree
Hide file tree
Showing 7 changed files with 173 additions and 18 deletions.
10 changes: 5 additions & 5 deletions .github/CONTRIBUTING.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,11 +19,11 @@ For more detailed information on contribution please read our [beginners guide](
2. Pull requests (PRs) must be accompanied by a meaningful description of their purpose. Comprehensive descriptions increase the chances of a pull request being merged quickly and without additional clarification requests.
3. Commits must be accompanied by meaningful commit messages. Please see the [Magento Pull Request Template](https://github.com/magento/magento2/blob/2.3-develop/.github/PULL_REQUEST_TEMPLATE.md) for more information.
4. PRs which include bug fixes must be accompanied with a step-by-step description of how to reproduce the bug.
3. PRs which include new logic or new features must be submitted along with:
* Unit/integration test coverage
* Proposed [documentation](https://devdocs.magento.com) updates. Documentation contributions can be submitted via the [devdocs GitHub](https://github.com/magento/devdocs).
4. For larger features or changes, please [open an issue](https://github.com/magento/magento2/issues) to discuss the proposed changes prior to development. This may prevent duplicate or unnecessary effort and allow other contributors to provide input.
5. All automated tests must pass (all builds on [Travis CI](https://travis-ci.org/magento/magento2) must be green).
5. PRs which include new logic or new features must be submitted along with:
* Unit/integration test coverage
* Proposed [documentation](https://developer.adobe.com/commerce) updates. Use feedback buttons __Edit in GitHub__ and __Log an issue__ at the top of a relevant topic.
6. For larger features or changes, please [open an issue](https://github.com/magento/magento2/issues) to discuss the proposed changes prior to development. This may prevent duplicate or unnecessary effort and allow other contributors to provide input.
7. All automated tests must pass (all builds on [Travis CI](https://travis-ci.org/magento/magento2) must be green).

## Contribution process

Expand Down
19 changes: 12 additions & 7 deletions ReCaptchaFrontendUi/view/frontend/web/js/reCaptcha.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -73,8 +73,14 @@ define(
* @param {String} token
*/
reCaptchaCallback: function (token) {
var submitButton;

if (this.getIsInvisibleRecaptcha()) {
this.tokenField.value = token;
submitButton = this.$parentForm.find('button:not([type]), [type=submit]');
if (submitButton.length) { //eslint-disable-line max-depth
submitButton.attr('disabled', false);
}
this.$parentForm.submit();
}
},
Expand Down Expand Up @@ -155,18 +161,17 @@ define(

if (this.getIsInvisibleRecaptcha() && parentForm.length > 0) {
parentForm.submit(function (event) {
var submitButton;

if (!this.tokenField.value) {
submitButton = this.$parentForm.find('button:not([type]), [type=submit]');
if (submitButton.length) { //eslint-disable-line max-depth
submitButton.attr('disabled', true);
}
// eslint-disable-next-line no-undef
grecaptcha.execute(widgetId);
event.preventDefault(event);
event.stopImmediatePropagation();
if (this.$parentForm.valid()) {
let formSubmitButton = this.$parentForm.find('button:not([type]), [type=submit]');

if (formSubmitButton.length) { //eslint-disable-line max-depth
formSubmitButton.attr('disabled', true);
}
}
}
}.bind(this));

Expand Down
8 changes: 6 additions & 2 deletions TwoFactorAuth/view/adminhtml/web/js/u2fkey/auth.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -84,6 +84,10 @@ define([
*/
waitForTouch: function () {
this.idle(false);
if (!navigator.credentials) {
this.currentStep('no-webauthn');
return;
}
navigator.credentials.get({
publicKey: this.authenticateData.credentialRequestOptions
})
Expand Down Expand Up @@ -158,8 +162,8 @@ define([
_onCredentialError: function (u2fError) {
this.idle(true);

if (['AbortError', 'NS_ERROR_ABORT', 'NotAllowedError'].indexOf(u2fError.name) === -1) {
error.display($t('Unable to register your device'));
if (['AbortError', 'NS_ERROR_ABORT'].indexOf(u2fError.name) === -1) {
error.display($t(u2fError.message));
}
}
});
Expand Down
8 changes: 6 additions & 2 deletions TwoFactorAuth/view/adminhtml/web/js/u2fkey/configure.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -78,6 +78,10 @@ define([
*/
waitForTouch: function () {
this.idle(false);
if (!navigator.credentials) {
this.currentStep('no-webauthn');
return;
}
navigator.credentials.create({
publicKey: this.registerData.publicKey
})
Expand Down Expand Up @@ -150,8 +154,8 @@ define([
_onCredentialError: function (u2fError) {
this.idle(true);

if (['AbortError', 'NS_ERROR_ABORT', 'NotAllowedError'].indexOf(u2fError.name) === -1) {
error.display($t('Unable to register your device'));
if (['AbortError', 'NS_ERROR_ABORT'].indexOf(u2fError.name) === -1) {
error.display($t(u2fError.message));
}
}
});
Expand Down
6 changes: 5 additions & 1 deletion TwoFactorAuth/view/adminhtml/web/template/u2fkey/auth.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@
<fieldset class="admin__fieldset">
<legend class="admin__legend">
<span translate="'2FA - U2F key verification'"></span>
</legend><br/>
</legend><br>
<div class="tfa-u2f-touch-key">
<h3 translate="'Plug in your U2F key and follow instructions'"></h3>
<div visible="$data.idle" class="tfa-u2f-try-again">
Expand All @@ -27,6 +27,10 @@ <h3 translate="'Plug in your U2F key and follow instructions'"></h3>
</div>
<div translate="'Redirecting to Magento Admin Panel...'"></div>
</div>
<div visible='currentStep() === "no-webauthn"'
translate="'Error! Your browser does not support WebAuthn or you are not using a secure connection'"
>
</div>
<div visible='$data.loading' class="tfa-waitbox">
<div data-role="spinner">
<div class="spinner">
Expand Down
6 changes: 5 additions & 1 deletion TwoFactorAuth/view/adminhtml/web/template/u2fkey/configure.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@
<fieldset class="admin__fieldset">
<legend class="admin__legend">
<span translate="'2FA - U2F key device registration'"></span>
</legend><br/>
</legend><br>
<div id="u2f-touch-key">
<h3 translate="'Plug in your U2F key and follow instructions'"></h3>
<div visible="$data.idle" class="tfa-u2f-try-again">
Expand All @@ -27,6 +27,10 @@ <h3 translate="'Plug in your U2F key and follow instructions'"></h3>
</div>
<div translate="'Redirecting to Magento Admin Panel...'"></div>
</div>
<div visible='currentStep() === "no-webauthn"'
translate="'Error! Your browser does not support WebAuthn or you are not using a secure connection'"
>
</div>
<div visible='$data.loading' class="tfa-waitbox">
<div data-role="spinner">
<div class="spinner">
Expand Down
134 changes: 134 additions & 0 deletions ...tests/js/jasmine/tests/app/code/Magento/ReCaptchaFrontendUi/frontend/js/reCaptcha.test.js
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,134 @@
/************************************************************************
*
* Copyright 2023 Adobe
* All Rights Reserved.
*
* NOTICE: All information contained herein is, and remains
* the property of Adobe and its suppliers, if any. The intellectual
* and technical concepts contained herein are proprietary to Adobe
* and its suppliers and are protected by all applicable intellectual
* property laws, including trade secret and copyright laws.
* Dissemination of this information or reproduction of this material
* is strictly forbidden unless prior written permission is obtained
* from Adobe.
* ************************************************************************
*/

/* eslint-disable max-nested-callbacks */
define([
'squire'
], function (Squire) {
'use strict';

var injector = new Squire(),
mocks = {
'Magento_ReCaptchaFrontendUi/js/registry': {
ds: [],
captchaList: [],
tokenFields: []
},
'Magento_ReCaptchaFrontendUi/js/reCaptchaScriptLoader': {
addReCaptchaScriptTag: jasmine.createSpy('reCaptchaScriptLoader.addReCaptchaScriptTag')
},
'Magento_ReCaptchaFrontendUi/js/nonInlineReCaptchaRenderer': {
add: jasmine.createSpy('nonInlineReCaptchaRenderer.add')
}
},
reCaptchaModel,
formElement,
submitButtonElement,
$;

beforeEach(function (done) {
injector.mock(mocks);
injector.require(['jquery', 'Magento_ReCaptchaFrontendUi/js/reCaptcha'], function (jq, reCaptchaUiComponent) {
reCaptchaModel = new reCaptchaUiComponent();
$ = jq;
done();
});
formElement = document.createElement('form');
submitButtonElement = document.createElement('button');
formElement.appendChild(submitButtonElement);
window.document.body.appendChild(formElement);
window.grecaptcha = {
render: jasmine.createSpy('window.grecaptcha.render'),
execute: jasmine.createSpy('window.grecaptcha.execute')
};
});

afterEach(function () {
try {
injector.clean();
injector.remove();
} catch (e) {
}
formElement.remove();
formElement = undefined;
submitButtonElement = undefined;
});

describe('Magento_ReCaptchaFrontendUi/js/reCaptcha', function () {
describe('Invisible ReCaptcha', function () {
beforeEach(function () {
reCaptchaModel.getIsInvisibleRecaptcha = jasmine.createSpy().and.returnValue(true);
});

describe('"initParentForm" method', function () {
it(
'should disable submit button, prevent submit handlers from executing and execute recaptcha' +
' on submit',
function () {
var request = {
send: jasmine.createSpy('request.send')
};

// check that submit button is enabled
expect(submitButtonElement.disabled).toBeFalse();
$(formElement).on('submit', function (event) {
event.preventDefault();
request.send();
});
reCaptchaModel.initParentForm($(formElement), 'test');
$(formElement).submit();
// check that submit button is disabled
expect(submitButtonElement.disabled).toBeTrue();
// check that grecaptcha is executed
expect(window.grecaptcha.execute).toHaveBeenCalledOnceWith('test');
// check that other submit handlers are not executed
expect(request.send).not.toHaveBeenCalled();
});

it('should add a token input field to the form', function () {
submitButtonElement.disabled = true;
reCaptchaModel.initParentForm($(formElement), 'test');
expect(submitButtonElement.disabled).toBeFalse();
expect(reCaptchaModel.tokenField).not.toBeNull();
expect($(reCaptchaModel.tokenField).parents('form').is($(formElement))).toBeTrue();
});
});
describe('"reCaptchaCallback" method', function () {
it('should enable submit button, set token input value and submit the form', function () {
var request = {
send: jasmine.createSpy('request.send')
};

submitButtonElement.disabled = true;
reCaptchaModel.$parentForm = $(formElement);
reCaptchaModel.tokenField = $('<input type="text" name="token" style="display: none" />')[0];

$(formElement).on('submit', function (event) {
event.preventDefault();
request.send();
});
reCaptchaModel.reCaptchaCallback('testtoken');
// check that submit button is enabled
expect(submitButtonElement.disabled).toBeFalse();
// check that token input value is set
expect(reCaptchaModel.tokenField.value).toEqual('testtoken');
// check that form is submitted
expect(request.send).toHaveBeenCalled();
});
});
});
});
});

0 comments on commit c480b0e

Please sign in to comment.