magdev/wc-licensed-product
1
Fork 0
Code Issues Pull Requests Actions Releases 4 Activity

Release v0.7.1 - Bug Fixes & Client Compatibility

Browse Source 
## Fixed
- CRITICAL: Fixed API Verification Secret not displayed in PHP fallback template
- Response signing now includes /update-check endpoint

## Changed
- Updated magdev/wc-licensed-product-client to v0.2.2
- Updated symfony/http-client to v7.4.5

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
Marco Grätsch
2026-01-28 12:07:23 +01:00
parent 302f2e76ca
commit 2d6bfa219a
6 changed files with 79 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
CHANGELOG.md
View File

@@ -7,6 +7,24 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
## [Unreleased]
## [0.7.1] - 2026-01-28
### Fixed
- **CRITICAL:** Fixed API Verification Secret not displayed in PHP fallback template on customer account licenses page
- Response signing now includes `/update-check` endpoint (was missing from signed routes)
### Changed
- Updated `magdev/wc-licensed-product-client` dependency to v0.2.2
- Updated `symfony/http-client` dependency to v7.4.5
### Technical Details
- Added customer secret display to `displayLicensesFallback()` method in `AccountController`
- Added `/update-check` route to `ResponseSigner::shouldSign()` method for consistent signature headers
- Verified server implementation aligns with updated client library documentation
## [0.7.0] - 2026-01-28
### Security

31
CLAUDE.md
View File

@@ -32,9 +32,9 @@ This project is proudly **"vibe-coded"** using Claude.AI - the entire codebase w
**Note for AI Assistants:** Clean this section after the specific features are done or new releases are made. Effective changes are tracked in `CHANGELOG.md`. Do not add completed versions here - document them in the Session History section at the end of this file.
### Version 0.7.1
### Version 0.7.2
No pending features
No pending features.
## Technical Stack
@@ -1845,3 +1845,30 @@ Security-focused release with comprehensive audit and hardening. Performed OWASP
- Created release package: `releases/wc-licensed-product-0.7.0.zip` (883 KB)
- SHA256: `12f8452316e350273003f36bf6d7b7121a7bedc9a6964c3d0732d26318d94c18`
- Tagged as `v0.7.0` and pushed to `main` branch
### 2026-01-28 - Version 0.7.1 - Bug Fixes & Client Compatibility
**Overview:**
Bug fix release ensuring compatibility with updated `magdev/wc-licensed-product-client` v0.2.2 and fixing API Verification Secret display.
**Bug Fixes:**
- **CRITICAL:** Fixed API Verification Secret not displaying on customer account licenses page when using PHP fallback (Twig unavailable)
- Fixed `/update-check` endpoint responses not being signed (missing from `ResponseSigner::shouldSign()`)
**Dependency Updates:**
- Updated `magdev/wc-licensed-product-client` from `760e1e7` to `56abe8a` (v0.2.2)
- Updated `symfony/http-client` from v7.4.4 to v7.4.5
**Modified files:**
- `src/Frontend/AccountController.php` - Added customer secret display to PHP fallback method `displayLicensesFallback()`
- `src/Api/ResponseSigner.php` - Added `/update-check` to `shouldSign()` method
**Technical notes:**
- PHP fallback template now includes the collapsible API Verification Secret section matching the Twig template
- All four API endpoints (`/validate`, `/status`, `/activate`, `/update-check`) now include signature headers when `WC_LICENSE_SERVER_SECRET` is configured
- Client library v0.2.2 verified compatible with server implementation

16
composer.lock generated
View File

@@ -12,7 +12,7 @@
"source": {
"type": "git",
"url": "https://src.bundespruefstelle.ch/magdev/wc-licensed-product-client.git",
"reference": "760e1e752a0c088fa634cf7ff678e0735ed525a4"
"reference": "56abe8a97c72419c07a6daf263ba6f4a9b5fe4b1"
},
"require": {
"php": "^8.3",
@@ -52,7 +52,7 @@
"issues": "https://src.bundespruefstelle.ch/magdev/wc-licensed-product-client/issues",
"source": "https://src.bundespruefstelle.ch/magdev/wc-licensed-product-client"
},
"time": "2026-01-27T19:52:12+00:00"
"time": "2026-01-28T10:56:47+00:00"
},
{
"name": "psr/cache",
@@ -380,16 +380,16 @@
},
{
"name": "symfony/http-client",
"version": "v7.4.4",
"version": "v7.4.5",
"source": {
"type": "git",
"url": "https://github.com/symfony/http-client.git",
"reference": "d63c23357d74715a589454c141c843f0172bec6c"
"reference": "84bb634857a893cc146cceb467e31b3f02c5fe9f"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/symfony/http-client/zipball/d63c23357d74715a589454c141c843f0172bec6c",
"reference": "d63c23357d74715a589454c141c843f0172bec6c",
"url": "https://api.github.com/repos/symfony/http-client/zipball/84bb634857a893cc146cceb467e31b3f02c5fe9f",
"reference": "84bb634857a893cc146cceb467e31b3f02c5fe9f",
"shasum": ""
},
"require": {
@@ -457,7 +457,7 @@
"http"
],
"support": {
"source": "https://github.com/symfony/http-client/tree/v7.4.4"
"source": "https://github.com/symfony/http-client/tree/v7.4.5"
},
"funding": [
{
@@ -477,7 +477,7 @@
"type": "tidelift"
}
],
"time": "2026-01-23T16:34:22+00:00"
"time": "2026-01-27T16:16:02+00:00"
},
{
"name": "symfony/http-client-contracts",

3
src/Api/ResponseSigner.php
View File

@@ -79,7 +79,8 @@ final class ResponseSigner
return str_starts_with($route, '/wc-licensed-product/v1/validate')
|| str_starts_with($route, '/wc-licensed-product/v1/status')
|| str_starts_with($route, '/wc-licensed-product/v1/activate');
|| str_starts_with($route, '/wc-licensed-product/v1/activate')
|| str_starts_with($route, '/wc-licensed-product/v1/update-check');
}
/**

20
src/Frontend/AccountController.php
View File

@@ -428,6 +428,26 @@ final class AccountController
?>
</span>
</div>
<?php if (ResponseSigner::isSigningEnabled() && !empty($license['customer_secret'])): ?>
<div class="license-row-secret">
<button type="button" class="secret-toggle" aria-expanded="false">
<span class="dashicons dashicons-lock"></span>
<?php esc_html_e('API Verification Secret', 'wc-licensed-product'); ?>
<span class="dashicons dashicons-arrow-down-alt2 toggle-arrow"></span>
</button>
<div class="secret-content" style="display: none;">
<p class="secret-description">
<?php esc_html_e('Use this secret to verify signed API responses. Keep it secure.', 'wc-licensed-product'); ?>
</p>
<div class="secret-value-wrapper">
<code class="secret-value"><?php echo esc_html($license['customer_secret']); ?></code>
<button type="button" class="copy-secret-btn" data-secret="<?php echo esc_attr($license['customer_secret']); ?>" title="<?php esc_attr_e('Copy to clipboard', 'wc-licensed-product'); ?>">
<span class="dashicons dashicons-clipboard"></span>
</button>
</div>
</div>
</div>
<?php endif; ?>
</div>
<?php endforeach; ?>
</div>

4
wc-licensed-product.php
View File

@@ -3,7 +3,7 @@
* Plugin Name: WooCommerce Licensed Product
* Plugin URI: https://src.bundespruefstelle.ch/magdev/wc-licensed-product
* Description: WooCommerce plugin to sell software products using license keys with domain-based validation.
* Version: 0.7.0
* Version: 0.7.1
* Author: Marco Graetsch
* Author URI: https://src.bundespruefstelle.ch/magdev
* License: GPL-2.0-or-later
@@ -28,7 +28,7 @@ if (!defined('ABSPATH')) {
}
// Plugin constants
define('WC_LICENSED_PRODUCT_VERSION', '0.7.0');
define('WC_LICENSED_PRODUCT_VERSION', '0.7.1');
define('WC_LICENSED_PRODUCT_PLUGIN_FILE', __FILE__);
define('WC_LICENSED_PRODUCT_PLUGIN_DIR', plugin_dir_path(__FILE__));
define('WC_LICENSED_PRODUCT_PLUGIN_URL', plugin_dir_url(__FILE__));