- Fixed is_purchasable() method in LicensedVariableProduct to delegate to
parent WC_Product_Variable instead of checking for price (variable products
don't have direct prices, only their variations do)
- Fixed getProductClass() filter to accept all 4 WooCommerce parameters
and use product_id for reliable variation parent detection
- Fallback to global $post when product_id not available for backwards compat
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Re-load product via wc_get_product() to ensure correct class instance
- Removed overly strict type check that prevented variations from displaying
- Now mirrors WooCommerce's standard woocommerce_variable_add_to_cart()
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Added null checks for get_variation_attributes(), get_available_variations(), get_default_attributes()
- Show informative message when product has no variations configured
- Changed product type check from instanceof to is_type() for better compatibility
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Max Activations (was "Default Max Activations")
- License Validity (Days) (was "Default License Validity (Days)")
- Bind to Major Version (was "Default Bind to Major Version")
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
CRITICAL: Key derivation now uses native hash_hkdf() for RFC 5869
compliance. Previous custom implementation was incompatible with
the magdev/wc-licensed-product-client library.
Changes:
- ResponseSigner::deriveCustomerSecret() now uses hash_hkdf()
- Added missing domain validation to /activate endpoint
- Customer secrets will change after upgrade (breaking change)
The signature algorithm now matches the client's ResponseSignature::deriveKey():
- IKM: server_secret
- Length: 32 bytes
- Info: license_key
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Fixed HTTP status codes for API responses:
- /validate now returns 404 for license_not_found (was 403)
- Added status code mapping: 404 not found, 500 server errors, 403 others
Added configurable rate limiting:
- WC_LICENSE_RATE_LIMIT constant for requests per window
- WC_LICENSE_RATE_WINDOW constant for window duration in seconds
Fixed license_key validation:
- Now enforces minimum 8 characters across all endpoints
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Customers can now purchase licenses with different durations (monthly,
yearly, lifetime) through WooCommerce product variations. Each variation
can have its own license validity settings.
New features:
- LicensedVariableProduct class for variable licensed products
- LicensedProductVariation class for individual variations
- Per-variation license duration and max activations settings
- Duration labels in checkout (Monthly, Quarterly, Yearly, etc.)
- Full support for WooCommerce Blocks checkout with variations
- Updated translations for German (de_CH)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add CHANGELOG entry for self-licensing prevention feature
- Update plugin header and constant to 0.4.0
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add recursive key sorting for response signing compatibility
- Fix IP header spoofing in rate limiting with trusted proxy support
- Add CSRF protection to CSV export with nonce verification
- Explicit Twig autoescape for XSS prevention
- Escape status values in CSS classes
- Update README with security documentation and trusted proxy config
- Update translations for v0.3.6
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add admin dashboard widget with license statistics
- Add daily wp-cron to auto-expire licenses past expiration date
- Add LicenseExpiredEmail notification for expired licenses
- Add getExpiredActiveLicenses() and autoExpireLicense() to LicenseManager
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Downloads now displayed in two-row format per entry
- First row: file download link
- Second row: metadata (version, date, checksum)
- Better visual separation and readability
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Display current version under product title for licensed products
- Add frontend CSS styling for version badge
- Update translations for new "Version:" string
- Bump version to 0.3.4
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
The toggle version button in the admin product versions table was not
deactivating versions due to incorrect parameter order in the
updateVersion() call. The isActive value was being passed to the
attachmentId parameter position instead.
- Fixed parameter order: updateVersion($id, null, !$active, null)
- Bumped version to 0.3.3
- Updated CHANGELOG.md
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Updated OpenAPI version from 0.0.7 to 0.3.2
- Added documentation for response signing headers (X-License-Signature, X-License-Timestamp)
- Enhanced API description with security information about signature verification
- Added header component definitions to OpenAPI spec
- All endpoint 200 responses now reference optional signature headers
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Features:
- Add SHA256 column to admin product versions table
- Display file hash in customer account downloads section
- Style checksum file upload field consistently with package upload
Changes:
- Admin versions table shows truncated hash with full hash on hover
- Customer downloads show hash with shield icon indicator
- Updated German translations
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Remove known bug (checksum field issue was fixed)
- Remove completed v0.2.1 tasks from roadmap
- Add v0.2.1 version link to CHANGELOG
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Replace SHA256 text input with file upload field for checksum files
- Add readChecksumFile() JavaScript function using FileReader API
- Support .sha256 and .txt checksum file formats
- Add Promise-based async handling for file reading
- Add localized error messages for checksum file validation
- Update translations (de_CH) with new strings
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add REST API response signing using HMAC-SHA256
- Add SHA256 hash validation for version file uploads
- Add ResponseSigner class for automatic API response signing
- Add file_hash column to database schema
- Remove external URL support from version uploads
- Update translations with all fuzzy strings resolved
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Conducted comprehensive security and best practices review
- Fixed VersionManager null format handling for attachment updates
- Improved input sanitization in AdminController for page context checks
- Updated README.md with complete feature documentation
- Updated CHANGELOG.md with 0.1.0 release notes
- Updated translations (.pot, .po, .mo files) to version 0.1.0
- Bumped version to 0.1.0 in plugin header and constant
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Keep existing Reports > Licenses dashboard which works correctly.
Version 0.0.11 now only includes the Created column in license overview.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add Created date column to admin license overview
- Add License Statistics page under WooCommerce menu
- Add REST API endpoints for analytics data with time-series support
- WooCommerce Analytics integration via submenu page
New files:
- src/Admin/AnalyticsController.php
- templates/admin/statistics.html.twig
REST API endpoints:
- GET /wc-licensed-product/v1/analytics/stats
- GET /wc-licensed-product/v1/analytics/products
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add license meta box on WooCommerce order edit pages
- Add editable order domain field with AJAX inline editing
- Add editable license domains directly from order page
- Add licenses table showing all licenses for an order
- Support both classic orders and HPOS
New files:
- src/Admin/OrderLicenseController.php
- assets/js/order-licenses.js
New method: LicenseManager::getLicensesByOrder()
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Add product version management:
- ProductVersion model and VersionManager class
- VersionAdminController with meta box on product edit page
- AJAX-based version CRUD (add, delete, toggle status)
- JavaScript for version management UI
Add email notifications:
- LicenseEmailController for order emails
- License keys included in order completed emails
- Support for both HTML and plain text emails
Add REST API rate limiting:
- 30 requests per minute per IP
- Cloudflare and proxy-aware IP detection
- HTTP 429 response with Retry-After header
Other changes:
- Bump version to 0.0.2
- Update CHANGELOG.md
- Add version status styles to admin.css
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Add complete plugin infrastructure for selling software with license keys:
- New "Licensed Product" WooCommerce product type
- License key generation (XXXX-XXXX-XXXX-XXXX format) on order completion
- Domain-based license validation system
- REST API endpoints (validate, status, activate, deactivate)
- Customer My Account "Licenses" page
- Admin license management under WooCommerce > Licenses
- Checkout domain field for licensed products
- Custom database tables for licenses and product versions
- Twig template engine integration
- Full i18n support with German (de_CH) translation
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
