From 16fdd2b86bac7d96c05e06067d5992e49f48d939 Mon Sep 17 00:00:00 2001 From: Rico Neitzel Date: Thu, 1 Oct 2020 11:58:52 +0200 Subject: [PATCH 01/10] adds missing title --- .../Mageone/Qps/controllers/Adminhtml/QpsController.php | 1 + 1 file changed, 1 insertion(+) diff --git a/src/app/code/community/Mageone/Qps/controllers/Adminhtml/QpsController.php b/src/app/code/community/Mageone/Qps/controllers/Adminhtml/QpsController.php index 5c29126..bacc462 100644 --- a/src/app/code/community/Mageone/Qps/controllers/Adminhtml/QpsController.php +++ b/src/app/code/community/Mageone/Qps/controllers/Adminhtml/QpsController.php @@ -6,6 +6,7 @@ class Mageone_Qps_Adminhtml_QpsController extends Mage_Adminhtml_Controller_Acti public function indexAction(): void { $this->loadLayout(); + $this->_title($this->_getHelper()->__('Mage One QPS Rules')); $this->_addContent($this->getLayout()->createBlock('qps/rule')); $this->renderLayout(); } From d86966453c098b7942cc9f56075fd1a48f81e193 Mon Sep 17 00:00:00 2001 From: Rico Neitzel Date: Thu, 1 Oct 2020 11:59:34 +0200 Subject: [PATCH 02/10] removes unnecessary system.xml entries --- src/app/code/community/Mageone/Qps/etc/system.xml | 2 -- 1 file changed, 2 deletions(-) diff --git a/src/app/code/community/Mageone/Qps/etc/system.xml b/src/app/code/community/Mageone/Qps/etc/system.xml index 153a9da..1c500d6 100644 --- a/src/app/code/community/Mageone/Qps/etc/system.xml +++ b/src/app/code/community/Mageone/Qps/etc/system.xml @@ -4,7 +4,6 @@ general - text 5000 1 0 @@ -12,7 +11,6 @@ - text 100 1 0 From 06531a997793c193cc27853c4da359fd57792b47 Mon Sep 17 00:00:00 2001 From: Rico Neitzel Date: Thu, 1 Oct 2020 12:01:14 +0200 Subject: [PATCH 03/10] adds send email notification feature --- modman | 2 + .../community/Mageone/Qps/Helper/Data.php | 18 +++++++++ .../code/community/Mageone/Qps/Model/Cron.php | 37 ++++++++++++++----- .../Mageone/Qps/Model/EmailService.php | 25 +++++++++++++ .../code/community/Mageone/Qps/etc/config.xml | 9 +++++ .../code/community/Mageone/Qps/etc/system.xml | 30 +++++++++++++++ src/app/locale/de_DE/Mageone_Qps.csv | 8 ++++ .../de_DE/template/email/qps_ruleupdate.html | 18 +++++++++ src/app/locale/en_US/Mageone_Qps.csv | 8 ++++ .../en_US/template/email/qps_ruleupdate.html | 18 +++++++++ 10 files changed, 163 insertions(+), 10 deletions(-) create mode 100644 src/app/code/community/Mageone/Qps/Model/EmailService.php create mode 100644 src/app/locale/de_DE/template/email/qps_ruleupdate.html create mode 100644 src/app/locale/en_US/template/email/qps_ruleupdate.html diff --git a/modman b/modman index 0e3429a..5502773 100644 --- a/modman +++ b/modman @@ -1,5 +1,7 @@ src/app/code/community/Mageone/Qps app/code/community/Mageone/Qps src/app/locale/de_DE/Mageone_Qps.csv app/locale/de_DE/Mageone_Qps.csv src/app/locale/en_US/Mageone_Qps.csv app/locale/en_US/Mageone_Qps.csv +src/app/locale/en_US/template/email/qps_ruleupdate.html app/locale/en_US/template/email/qps_ruleupdate.html +src/app/locale/de_DE/template/email/qps_ruleupdate.html app/locale/de_DE/template/email/qps_ruleupdate.html src/app/etc/modules/Mageone_Qps.xml app/etc/modules/Mageone_Qps.xml diff --git a/src/app/code/community/Mageone/Qps/Helper/Data.php b/src/app/code/community/Mageone/Qps/Helper/Data.php index 702d622..52eb181 100644 --- a/src/app/code/community/Mageone/Qps/Helper/Data.php +++ b/src/app/code/community/Mageone/Qps/Helper/Data.php @@ -7,6 +7,24 @@ class Mageone_Qps_Helper_Data extends Mage_Core_Helper_Abstract const QPS_PUBLIC_KEY = 'qps_section/config/public_key'; const QPS_USER = 'qps_section/config/user_name'; const QPS_RULE_AUTO_ENABLE = 'qps_section/config/rule_auto_enable'; + const NOTIFICATION_STATUS = 'qps_section/notification/enabled'; + const NOTIFICATION_EMAIL = 'qps_section/notification/email'; + + /** + * @return bool + */ + public function isNotificationEnabled(): bool + { + return Mage::getStoreConfigFlag(self::NOTIFICATION_STATUS); + } + + /** + * @return string + */ + public function getNotifactionEmail(): bool + { + return Mage::getStoreConfig(self::NOTIFICATION_EMAIL); + } /** * @return bool diff --git a/src/app/code/community/Mageone/Qps/Model/Cron.php b/src/app/code/community/Mageone/Qps/Model/Cron.php index ef3421e..7ca7170 100644 --- a/src/app/code/community/Mageone/Qps/Model/Cron.php +++ b/src/app/code/community/Mageone/Qps/Model/Cron.php @@ -11,12 +11,20 @@ class Mageone_Qps_Model_Cron */ private $helper; + /** + * . + * + * @var Mageone_Qps_Model_EmailService + */ + private $emailService; + public function __construct(array $args = []) { if (isset($args['client'])) { $this->client = $args['client']; } - $this->helper = Mage::helper('qps'); + $this->helper = Mage::helper('qps'); + $this->emailService = Mage::getModel('qps/emailService'); } /** @@ -28,18 +36,21 @@ public function getRules(): void return; } try { - $security = Mage::getModel('qps/secService'); - $client = $this->getClient(); - $message = $security->encryptMessage( - json_encode([ - 'magento_version' => Mage::getVersion(), - 'patches_list' => $this->getPatchList() - ]) + $sendNotification = false; + $security = Mage::getModel('qps/secService'); + $client = $this->getClient(); + $message = $security->encryptMessage( + json_encode( + [ + 'magento_version' => Mage::getVersion(), + 'patches_list' => $this->getPatchList(), + ]) ); - $client->post($this->helper->getResourceUrl(), + $client->post( + $this->helper->getResourceUrl(), [ 'user' => $this->helper->getUserName(), - 'message' => $message + 'message' => $message, ] ); if ($client->getStatus() !== 200) { @@ -68,10 +79,16 @@ public function getRules(): void } $rule->addData($item)->save(); $collection->removeItemByKey($rule->getId()); + $sendNotification = true; } // delete everything which was not updated and unset $collection->walk('delete'); Mage::app()->cleanCache([Mageone_Qps_Model_Observer::QPS_CACHE_TAG]); + + if ($sendNotification === true && $this->helper->isNotificationEnabled()) { + $this->emailService->sendNotificationEmail($this->helper); + } + } } catch (Exception $exception) { Mage::logException($exception); diff --git a/src/app/code/community/Mageone/Qps/Model/EmailService.php b/src/app/code/community/Mageone/Qps/Model/EmailService.php new file mode 100644 index 0000000..2d49817 --- /dev/null +++ b/src/app/code/community/Mageone/Qps/Model/EmailService.php @@ -0,0 +1,25 @@ +isRuleAutoEnable()) { + $variables['notautoenable'] = 'true'; + } + + $mail = Mage::getModel('core/email_template'); + $mail->sendTransactional( + 'mageone_qps_ruleupdate', + 'general', + $helper->getNotifactionEmail(), + 'Mage One QPS', + $variables + ); + + } +} diff --git a/src/app/code/community/Mageone/Qps/etc/config.xml b/src/app/code/community/Mageone/Qps/etc/config.xml index 507d6c2..d7aa181 100644 --- a/src/app/code/community/Mageone/Qps/etc/config.xml +++ b/src/app/code/community/Mageone/Qps/etc/config.xml @@ -37,6 +37,15 @@ + diff --git a/src/app/code/community/Mageone/Qps/etc/system.xml b/src/app/code/community/Mageone/Qps/etc/system.xml index 1c500d6..ad6e840 100644 --- a/src/app/code/community/Mageone/Qps/etc/system.xml +++ b/src/app/code/community/Mageone/Qps/etc/system.xml @@ -9,6 +9,36 @@ 0 0 + + + 200 + 1 + 0 + 0 + + + + select + adminhtml/system_config_source_yesno + 20 + 1 + 0 + 0 + Enable notifications + + + + text + Notify this email address, when new QPS rules are downloaded. + validate-email + 30 + 1 + 0 + 0 + + + + 100 diff --git a/src/app/locale/de_DE/Mageone_Qps.csv b/src/app/locale/de_DE/Mageone_Qps.csv index edb10e8..6b38024 100644 --- a/src/app/locale/de_DE/Mageone_Qps.csv +++ b/src/app/locale/de_DE/Mageone_Qps.csv @@ -41,3 +41,11 @@ "Reset","Zurücksetzen" "Save and Continue Edit","Speichern und weiterbearbeiten" "Quick Protection System Section","Mage One QPS" + +"Notify this email address, when new QPS rules are downloaded.","Diese E-Mail-Adresse bei neuen QPS-Regeln benachrichtigen." +"eMail Address","E-Mail-Adresse" +"Notification","Benachrichtigung" +"Enable notifications","Benachrichtigung aktivieren" + +"Yes","Ja" +"No","Nein" diff --git a/src/app/locale/de_DE/template/email/qps_ruleupdate.html b/src/app/locale/de_DE/template/email/qps_ruleupdate.html new file mode 100644 index 0000000..064c776 --- /dev/null +++ b/src/app/locale/de_DE/template/email/qps_ruleupdate.html @@ -0,0 +1,18 @@ + + + + +{{template config_path="design/email/header"}} +{{inlinecss file="email-inline.css"}} + + + + + +
+

Neue QPS Regeln in {{var store.getFrontendName()}}.

+

Das Regelset für QPS wurde soeben aktualisiert.

+ {{if notautoenable}}

Bitte prüfen und aktivieren Sie die neuen Regeln.

{{/if}} +
+ +{{template config_path="design/email/footer"}} diff --git a/src/app/locale/en_US/Mageone_Qps.csv b/src/app/locale/en_US/Mageone_Qps.csv index 5e2de86..53fb3e5 100644 --- a/src/app/locale/en_US/Mageone_Qps.csv +++ b/src/app/locale/en_US/Mageone_Qps.csv @@ -41,3 +41,11 @@ "Reset","Reset" "Save and Continue Edit","Save and Continue Edit" "Quick Protection System Section","Mage One QPS" + +"Notification","Notification", +"Notify this email address, when new QPS rules are downloaded.","Notify this email address, when new QPS rules are downloaded." +"eMail Address","eMail Address" +"Enable notifications","Enable notifications" + +"Yes","Yes" +"No","No" diff --git a/src/app/locale/en_US/template/email/qps_ruleupdate.html b/src/app/locale/en_US/template/email/qps_ruleupdate.html new file mode 100644 index 0000000..18e6043 --- /dev/null +++ b/src/app/locale/en_US/template/email/qps_ruleupdate.html @@ -0,0 +1,18 @@ + + + + +{{template config_path="design/email/header"}} +{{inlinecss file="email-inline.css"}} + + + + + +
+

New QPS rules in {{var store.getFrontendName()}}.

+

We just updated the QPS rule set.

+ {{if notautoenable}}

Please review the rules and enable them accordingly.

{{/if}} +
+ +{{template config_path="design/email/footer"}} From 292c601d1e9ea3b0f35cf438c5e9cdadd7cb135a Mon Sep 17 00:00:00 2001 From: Rico Neitzel Date: Thu, 1 Oct 2020 12:05:56 +0200 Subject: [PATCH 04/10] updates README to reflect new notification feature --- README.md | 29 ++++++++++++++++++----------- 1 file changed, 18 insertions(+), 11 deletions(-) diff --git a/README.md b/README.md index daaa544..0e49b7d 100644 --- a/README.md +++ b/README.md @@ -39,29 +39,26 @@ In order to see the rules page and configuration, logout and login again. You can find the list of downloaded rules in `System > Tools > Mage One QPS Rules` + ## Username + key To use the QPS you need to [add your username and key in the configuration](https://my.mage-one.com/qps): System > Konfiguration > General > Quick Protection System -# Uninstall -## with composer -- Remove module from `composer.json` and rerun `composer update mageone/qps` -- Drop the rules table: `DROP TABLE mageone_qps_rules;` +## Configuration -## with modman or manually -- Remove the files from your installation -- Drop the rules table: `DROP TABLE mageone_qps_rules;` - -# Configuration - -The rule processing must be enabled manually in `System > Config > Quick Protection System (General Tab)`. +### Access credentials and rules enabling +The rule processing must be enabled manually in `System > Config > Quick Protection System > Configuration`. Rules can be automatically enabled after the hourly API sync, although we recommend enabling rules manually after testing them (this is our default setting). Enabling or disabling rules is possible in `System > Tools > MageOne QPS Rules` You have to enter a username and public key, which you can obtain from [https://my.mage-one.com/qps](https://my.mage-one.com/qps) +### Notification of new rules + +You can send an email once new rules have been fetched. Configure the recipient's email address and enable the notification in `System > Tools > MageOne QPS Rules > Notification` + # How does it work? Our module filters malicious requests based on rules. These rules will be provided by our API, which is part of [https://mage-one.com/](https://mage-one.com/). Rules are usually based on regex inspections of the _GLOBALS data. @@ -74,6 +71,16 @@ After a successful installation and configuration you can enable our test rule ` After this test, please disable our test rule again. + +# Uninstall +## with composer +- Remove module from `composer.json` and rerun `composer update mageone/qps` +- Drop the rules table: `DROP TABLE mageone_qps_rules;` + +## with modman or manually +- Remove the files from your installation +- Drop the rules table: `DROP TABLE mageone_qps_rules;` + # Help If you want to trigger the rule synchronisation manually, you can trigger the cron job via [n98-magerun](https://github.com/netz98/n98-magerun) From 397932976107d8a7d400be37859cb3dd8af5b9e6 Mon Sep 17 00:00:00 2001 From: Rico Neitzel Date: Thu, 1 Oct 2020 12:28:45 +0200 Subject: [PATCH 05/10] only send email on new rules (not on updates) --- src/app/code/community/Mageone/Qps/Model/Cron.php | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/src/app/code/community/Mageone/Qps/Model/Cron.php b/src/app/code/community/Mageone/Qps/Model/Cron.php index 7ca7170..9d89171 100644 --- a/src/app/code/community/Mageone/Qps/Model/Cron.php +++ b/src/app/code/community/Mageone/Qps/Model/Cron.php @@ -75,20 +75,18 @@ public function getRules(): void // update rules, save to database and unset on collection $rule = $collection->getItemByColumnValue('m1_key', $item['m1_key']) ?: Mage::getModel('qps/rule'); if ($rule->isObjectNew()) { + $sendNotification = true; $rule->setEnabled($this->helper->isRuleAutoEnable()); } $rule->addData($item)->save(); $collection->removeItemByKey($rule->getId()); - $sendNotification = true; } // delete everything which was not updated and unset $collection->walk('delete'); Mage::app()->cleanCache([Mageone_Qps_Model_Observer::QPS_CACHE_TAG]); - - if ($sendNotification === true && $this->helper->isNotificationEnabled()) { + if($sendNotification === true){ $this->emailService->sendNotificationEmail($this->helper); } - } } catch (Exception $exception) { Mage::logException($exception); From 075d2f1a958e15466737e10d37d54492efddec77 Mon Sep 17 00:00:00 2001 From: Rico Neitzel Date: Thu, 1 Oct 2020 12:28:57 +0200 Subject: [PATCH 06/10] validate email address before sending, additional logging --- .../Mageone/Qps/Model/EmailService.php | 31 ++++++++++++++----- 1 file changed, 24 insertions(+), 7 deletions(-) diff --git a/src/app/code/community/Mageone/Qps/Model/EmailService.php b/src/app/code/community/Mageone/Qps/Model/EmailService.php index 2d49817..7283b0c 100644 --- a/src/app/code/community/Mageone/Qps/Model/EmailService.php +++ b/src/app/code/community/Mageone/Qps/Model/EmailService.php @@ -7,19 +7,36 @@ class Mageone_Qps_Model_EmailService public function sendNotificationEmail(Mageone_Qps_Helper_Data $helper) { + if ($helper->isNotificationEnabled() === false ) { + return; + } + + if(!$this->isEmailValid($helper->getNotifactionEmail())){ + Mage::log('QPS notification email address seems to be invalid. Please check your configuration!'); + return; + } + $variables = []; if (!$helper->isRuleAutoEnable()) { $variables['notautoenable'] = 'true'; } $mail = Mage::getModel('core/email_template'); - $mail->sendTransactional( - 'mageone_qps_ruleupdate', - 'general', - $helper->getNotifactionEmail(), - 'Mage One QPS', - $variables - ); + try { + $mail->sendTransactional( + 'mageone_qps_ruleupdate', + 'general', + $helper->getNotifactionEmail(), + 'Mage One QPS', + $variables + ); + } catch (Mage_Core_Exception $e) { + Mage::log('QPS notification email could not be send.'); + } + } + private function isEmailValid($emailAddress) + { + return filter_var($emailAddress, FILTER_VALIDATE_EMAIL); } } From d5a3dba45ea17bc8c152fdd97095f76bd04b2cba Mon Sep 17 00:00:00 2001 From: Rico Neitzel Date: Thu, 1 Oct 2020 12:38:33 +0200 Subject: [PATCH 07/10] fixes typo and return hint --- src/app/code/community/Mageone/Qps/Helper/Data.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/app/code/community/Mageone/Qps/Helper/Data.php b/src/app/code/community/Mageone/Qps/Helper/Data.php index 52eb181..97c4d60 100644 --- a/src/app/code/community/Mageone/Qps/Helper/Data.php +++ b/src/app/code/community/Mageone/Qps/Helper/Data.php @@ -21,7 +21,7 @@ public function isNotificationEnabled(): bool /** * @return string */ - public function getNotifactionEmail(): bool + public function getNotificationEmail(): string { return Mage::getStoreConfig(self::NOTIFICATION_EMAIL); } From d7d1eb5f39c301c40e3a0741031c256fd1c07db5 Mon Sep 17 00:00:00 2001 From: Rico Neitzel Date: Thu, 1 Oct 2020 12:38:44 +0200 Subject: [PATCH 08/10] fixes validation --- .../community/Mageone/Qps/Model/EmailService.php | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/src/app/code/community/Mageone/Qps/Model/EmailService.php b/src/app/code/community/Mageone/Qps/Model/EmailService.php index 7283b0c..51f133a 100644 --- a/src/app/code/community/Mageone/Qps/Model/EmailService.php +++ b/src/app/code/community/Mageone/Qps/Model/EmailService.php @@ -5,17 +5,17 @@ class Mageone_Qps_Model_EmailService { - public function sendNotificationEmail(Mageone_Qps_Helper_Data $helper) + public function sendNotificationEmail(Mageone_Qps_Helper_Data $helper): void { if ($helper->isNotificationEnabled() === false ) { return; } - if(!$this->isEmailValid($helper->getNotifactionEmail())){ + if($this->isEmailValid($helper->getNotificationEmail()) === false){ Mage::log('QPS notification email address seems to be invalid. Please check your configuration!'); return; } - + $variables = []; if (!$helper->isRuleAutoEnable()) { $variables['notautoenable'] = 'true'; @@ -26,7 +26,7 @@ public function sendNotificationEmail(Mageone_Qps_Helper_Data $helper) $mail->sendTransactional( 'mageone_qps_ruleupdate', 'general', - $helper->getNotifactionEmail(), + $helper->getNotificationEmail(), 'Mage One QPS', $variables ); @@ -35,8 +35,8 @@ public function sendNotificationEmail(Mageone_Qps_Helper_Data $helper) } } - private function isEmailValid($emailAddress) + private function isEmailValid($emailAddress): bool { - return filter_var($emailAddress, FILTER_VALIDATE_EMAIL); + return filter_var($emailAddress, FILTER_VALIDATE_EMAIL) !== false; } } From 2936b51d379ae6e2d7e7bf0cf226085adb201003 Mon Sep 17 00:00:00 2001 From: Rico Neitzel Date: Thu, 1 Oct 2020 12:41:14 +0200 Subject: [PATCH 09/10] cleanup --- src/app/code/community/Mageone/Qps/Model/Cron.php | 3 --- 1 file changed, 3 deletions(-) diff --git a/src/app/code/community/Mageone/Qps/Model/Cron.php b/src/app/code/community/Mageone/Qps/Model/Cron.php index 9d89171..76d492e 100644 --- a/src/app/code/community/Mageone/Qps/Model/Cron.php +++ b/src/app/code/community/Mageone/Qps/Model/Cron.php @@ -10,10 +10,7 @@ class Mageone_Qps_Model_Cron * @var Mageone_Qps_Helper_Data */ private $helper; - /** - * . - * * @var Mageone_Qps_Model_EmailService */ private $emailService; From 2adc687813c9cf6f25db2bf70c306fbd02b8cca3 Mon Sep 17 00:00:00 2001 From: Rico Neitzel Date: Thu, 1 Oct 2020 12:46:31 +0200 Subject: [PATCH 10/10] codeformat --- src/app/code/community/Mageone/Qps/Model/Cron.php | 2 +- src/app/code/community/Mageone/Qps/Model/EmailService.php | 5 +++-- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/src/app/code/community/Mageone/Qps/Model/Cron.php b/src/app/code/community/Mageone/Qps/Model/Cron.php index 76d492e..883ac98 100644 --- a/src/app/code/community/Mageone/Qps/Model/Cron.php +++ b/src/app/code/community/Mageone/Qps/Model/Cron.php @@ -81,7 +81,7 @@ public function getRules(): void // delete everything which was not updated and unset $collection->walk('delete'); Mage::app()->cleanCache([Mageone_Qps_Model_Observer::QPS_CACHE_TAG]); - if($sendNotification === true){ + if ($sendNotification === true) { $this->emailService->sendNotificationEmail($this->helper); } } diff --git a/src/app/code/community/Mageone/Qps/Model/EmailService.php b/src/app/code/community/Mageone/Qps/Model/EmailService.php index 51f133a..c40d241 100644 --- a/src/app/code/community/Mageone/Qps/Model/EmailService.php +++ b/src/app/code/community/Mageone/Qps/Model/EmailService.php @@ -7,12 +7,13 @@ class Mageone_Qps_Model_EmailService public function sendNotificationEmail(Mageone_Qps_Helper_Data $helper): void { - if ($helper->isNotificationEnabled() === false ) { + if ($helper->isNotificationEnabled() === false) { return; } - if($this->isEmailValid($helper->getNotificationEmail()) === false){ + if ($this->isEmailValid($helper->getNotificationEmail()) === false) { Mage::log('QPS notification email address seems to be invalid. Please check your configuration!'); + return; }