From 2d6bfa219a62e8992ea657eb35229843fde30968 Mon Sep 17 00:00:00 2001 From: magdev Date: Wed, 28 Jan 2026 12:07:23 +0100 Subject: [PATCH] Release v0.7.1 - Bug Fixes & Client Compatibility ## Fixed - CRITICAL: Fixed API Verification Secret not displayed in PHP fallback template - Response signing now includes /update-check endpoint ## Changed - Updated magdev/wc-licensed-product-client to v0.2.2 - Updated symfony/http-client to v7.4.5 Co-Authored-By: Claude Opus 4.5 --- CHANGELOG.md | 18 +++++++++++++++++ CLAUDE.md | 31 ++++++++++++++++++++++++++++-- composer.lock | 16 +++++++-------- src/Api/ResponseSigner.php | 3 ++- src/Frontend/AccountController.php | 20 +++++++++++++++++++ wc-licensed-product.php | 4 ++-- 6 files changed, 79 insertions(+), 13 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index c562725..56fae46 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,6 +7,24 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased] +## [0.7.1] - 2026-01-28 + +### Fixed + +- **CRITICAL:** Fixed API Verification Secret not displayed in PHP fallback template on customer account licenses page +- Response signing now includes `/update-check` endpoint (was missing from signed routes) + +### Changed + +- Updated `magdev/wc-licensed-product-client` dependency to v0.2.2 +- Updated `symfony/http-client` dependency to v7.4.5 + +### Technical Details + +- Added customer secret display to `displayLicensesFallback()` method in `AccountController` +- Added `/update-check` route to `ResponseSigner::shouldSign()` method for consistent signature headers +- Verified server implementation aligns with updated client library documentation + ## [0.7.0] - 2026-01-28 ### Security diff --git a/CLAUDE.md b/CLAUDE.md index e416d7e..b1c8814 100644 --- a/CLAUDE.md +++ b/CLAUDE.md @@ -32,9 +32,9 @@ This project is proudly **"vibe-coded"** using Claude.AI - the entire codebase w **Note for AI Assistants:** Clean this section after the specific features are done or new releases are made. Effective changes are tracked in `CHANGELOG.md`. Do not add completed versions here - document them in the Session History section at the end of this file. -### Version 0.7.1 +### Version 0.7.2 -No pending features +No pending features. ## Technical Stack @@ -1845,3 +1845,30 @@ Security-focused release with comprehensive audit and hardening. Performed OWASP - Created release package: `releases/wc-licensed-product-0.7.0.zip` (883 KB) - SHA256: `12f8452316e350273003f36bf6d7b7121a7bedc9a6964c3d0732d26318d94c18` - Tagged as `v0.7.0` and pushed to `main` branch + +### 2026-01-28 - Version 0.7.1 - Bug Fixes & Client Compatibility + +**Overview:** + +Bug fix release ensuring compatibility with updated `magdev/wc-licensed-product-client` v0.2.2 and fixing API Verification Secret display. + +**Bug Fixes:** + +- **CRITICAL:** Fixed API Verification Secret not displaying on customer account licenses page when using PHP fallback (Twig unavailable) +- Fixed `/update-check` endpoint responses not being signed (missing from `ResponseSigner::shouldSign()`) + +**Dependency Updates:** + +- Updated `magdev/wc-licensed-product-client` from `760e1e7` to `56abe8a` (v0.2.2) +- Updated `symfony/http-client` from v7.4.4 to v7.4.5 + +**Modified files:** + +- `src/Frontend/AccountController.php` - Added customer secret display to PHP fallback method `displayLicensesFallback()` +- `src/Api/ResponseSigner.php` - Added `/update-check` to `shouldSign()` method + +**Technical notes:** + +- PHP fallback template now includes the collapsible API Verification Secret section matching the Twig template +- All four API endpoints (`/validate`, `/status`, `/activate`, `/update-check`) now include signature headers when `WC_LICENSE_SERVER_SECRET` is configured +- Client library v0.2.2 verified compatible with server implementation diff --git a/composer.lock b/composer.lock index bc336a8..a0a2822 100644 --- a/composer.lock +++ b/composer.lock @@ -12,7 +12,7 @@ "source": { "type": "git", "url": "https://src.bundespruefstelle.ch/magdev/wc-licensed-product-client.git", - "reference": "760e1e752a0c088fa634cf7ff678e0735ed525a4" + "reference": "56abe8a97c72419c07a6daf263ba6f4a9b5fe4b1" }, "require": { "php": "^8.3", @@ -52,7 +52,7 @@ "issues": "https://src.bundespruefstelle.ch/magdev/wc-licensed-product-client/issues", "source": "https://src.bundespruefstelle.ch/magdev/wc-licensed-product-client" }, - "time": "2026-01-27T19:52:12+00:00" + "time": "2026-01-28T10:56:47+00:00" }, { "name": "psr/cache", @@ -380,16 +380,16 @@ }, { "name": "symfony/http-client", - "version": "v7.4.4", + "version": "v7.4.5", "source": { "type": "git", "url": "https://github.com/symfony/http-client.git", - "reference": "d63c23357d74715a589454c141c843f0172bec6c" + "reference": "84bb634857a893cc146cceb467e31b3f02c5fe9f" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/symfony/http-client/zipball/d63c23357d74715a589454c141c843f0172bec6c", - "reference": "d63c23357d74715a589454c141c843f0172bec6c", + "url": "https://api.github.com/repos/symfony/http-client/zipball/84bb634857a893cc146cceb467e31b3f02c5fe9f", + "reference": "84bb634857a893cc146cceb467e31b3f02c5fe9f", "shasum": "" }, "require": { @@ -457,7 +457,7 @@ "http" ], "support": { - "source": "https://github.com/symfony/http-client/tree/v7.4.4" + "source": "https://github.com/symfony/http-client/tree/v7.4.5" }, "funding": [ { @@ -477,7 +477,7 @@ "type": "tidelift" } ], - "time": "2026-01-23T16:34:22+00:00" + "time": "2026-01-27T16:16:02+00:00" }, { "name": "symfony/http-client-contracts", diff --git a/src/Api/ResponseSigner.php b/src/Api/ResponseSigner.php index b174f1a..5efeca0 100644 --- a/src/Api/ResponseSigner.php +++ b/src/Api/ResponseSigner.php @@ -79,7 +79,8 @@ final class ResponseSigner return str_starts_with($route, '/wc-licensed-product/v1/validate') || str_starts_with($route, '/wc-licensed-product/v1/status') - || str_starts_with($route, '/wc-licensed-product/v1/activate'); + || str_starts_with($route, '/wc-licensed-product/v1/activate') + || str_starts_with($route, '/wc-licensed-product/v1/update-check'); } /** diff --git a/src/Frontend/AccountController.php b/src/Frontend/AccountController.php index cfa6e2d..22a6db1 100644 --- a/src/Frontend/AccountController.php +++ b/src/Frontend/AccountController.php @@ -428,6 +428,26 @@ final class AccountController ?> + +
+ + +
+ diff --git a/wc-licensed-product.php b/wc-licensed-product.php index 8b437ad..1bf31fd 100644 --- a/wc-licensed-product.php +++ b/wc-licensed-product.php @@ -3,7 +3,7 @@ * Plugin Name: WooCommerce Licensed Product * Plugin URI: https://src.bundespruefstelle.ch/magdev/wc-licensed-product * Description: WooCommerce plugin to sell software products using license keys with domain-based validation. - * Version: 0.7.0 + * Version: 0.7.1 * Author: Marco Graetsch * Author URI: https://src.bundespruefstelle.ch/magdev * License: GPL-2.0-or-later @@ -28,7 +28,7 @@ if (!defined('ABSPATH')) { } // Plugin constants -define('WC_LICENSED_PRODUCT_VERSION', '0.7.0'); +define('WC_LICENSED_PRODUCT_VERSION', '0.7.1'); define('WC_LICENSED_PRODUCT_PLUGIN_FILE', __FILE__); define('WC_LICENSED_PRODUCT_PLUGIN_DIR', plugin_dir_path(__FILE__)); define('WC_LICENSED_PRODUCT_PLUGIN_URL', plugin_dir_url(__FILE__));