- Added null checks for get_variation_attributes(), get_available_variations(), get_default_attributes()
- Show informative message when product has no variations configured
- Changed product type check from instanceof to is_type() for better compatibility
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Max Activations (was "Default Max Activations")
- License Validity (Days) (was "Default License Validity (Days)")
- Bind to Major Version (was "Default Bind to Major Version")
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
CRITICAL: Key derivation now uses native hash_hkdf() for RFC 5869
compliance. Previous custom implementation was incompatible with
the magdev/wc-licensed-product-client library.
Changes:
- ResponseSigner::deriveCustomerSecret() now uses hash_hkdf()
- Added missing domain validation to /activate endpoint
- Customer secrets will change after upgrade (breaking change)
The signature algorithm now matches the client's ResponseSignature::deriveKey():
- IKM: server_secret
- Length: 32 bytes
- Info: license_key
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Fixed HTTP status codes for API responses:
- /validate now returns 404 for license_not_found (was 403)
- Added status code mapping: 404 not found, 500 server errors, 403 others
Added configurable rate limiting:
- WC_LICENSE_RATE_LIMIT constant for requests per window
- WC_LICENSE_RATE_WINDOW constant for window duration in seconds
Fixed license_key validation:
- Now enforces minimum 8 characters across all endpoints
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Customers can now purchase licenses with different durations (monthly,
yearly, lifetime) through WooCommerce product variations. Each variation
can have its own license validity settings.
New features:
- LicensedVariableProduct class for variable licensed products
- LicensedProductVariation class for individual variations
- Per-variation license duration and max activations settings
- Duration labels in checkout (Monthly, Quarterly, Yearly, etc.)
- Full support for WooCommerce Blocks checkout with variations
- Updated translations for German (de_CH)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add static methods to ResponseSigner for deriving customer-specific secrets
- Display "API Verification Secret" in customer account licenses page
- Add collapsible secret section with copy button
- Update server-implementation.md with per-license secret documentation
- Update translations with new strings
Each customer now gets a unique verification secret derived from their
license key, eliminating the need to share the master server secret.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add multi-domain checkout support for WooCommerce Blocks
- Fix domain field rendering using ExperimentalOrderMeta slot
- Add DOM injection fallback for checkout field rendering
- Update translations with new multi-domain strings (de_CH)
- Update email templates for grouped license display
- Refactor account page to group licenses by product/order
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add isSelfLicensing() method to detect when license server URL points to same installation
- Bypass license validation when self-licensing detected (prevents circular dependency)
- Add normalizeDomain() helper for domain comparison
- Update translations
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add 'Generate Licenses' button to order meta box for admin-created orders
- Add AJAX handler for manual license generation
- Show warning when domain is not set or order is not paid
- Handle partial license generation (when some products already have licenses)
- Update German translations for new strings (365 translated)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add recursive key sorting for response signing compatibility
- Fix IP header spoofing in rate limiting with trusted proxy support
- Add CSRF protection to CSV export with nonce verification
- Explicit Twig autoescape for XSS prevention
- Escape status values in CSS classes
- Update README with security documentation and trusted proxy config
- Update translations for v0.3.6
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add admin dashboard widget with license statistics
- Add daily wp-cron to auto-expire licenses past expiration date
- Add LicenseExpiredEmail notification for expired licenses
- Add getExpiredActiveLicenses() and autoExpireLicense() to LicenseManager
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Display current version under product title for licensed products
- Add frontend CSS styling for version badge
- Update translations for new "Version:" string
- Bump version to 0.3.4
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
The PHP fallback template (used when Twig fails) was missing the Test
license action and Transfer modal that were present in the Twig template.
- Added Test license link to row actions in PHP fallback
- Added Transfer link to row actions in PHP fallback
- Added Test License modal with AJAX validation
- Added Transfer License modal
- Added JavaScript handlers for both modals
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Added a "Test" action button in the license overview that validates
licenses against the /validate REST API endpoint. Results are shown
in a modal with validation status, error codes, and license details.
- Added Test link in row actions for each license
- Created AJAX handler handleAjaxTestLicense() in AdminController
- Added test result modal with loading state and result display
- Shows valid/invalid status with detailed error information
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
The toggle version button in the admin product versions table was not
deactivating versions due to incorrect parameter order in the
updateVersion() call. The isActive value was being passed to the
attachmentId parameter position instead.
- Fixed parameter order: updateVersion($id, null, !$active, null)
- Bumped version to 0.3.3
- Updated CHANGELOG.md
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Wrap filename link and media-archive icon in a flex container
with white-space: nowrap to keep them on a single line.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Features:
- Add SHA256 column to admin product versions table
- Display file hash in customer account downloads section
- Style checksum file upload field consistently with package upload
Changes:
- Admin versions table shows truncated hash with full hash on hover
- Customer downloads show hash with shield icon indicator
- Updated German translations
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Changed plain file input to styled button with filename display
- Added Select/Remove buttons for checksum file upload
- Updated JavaScript handlers for styled checksum file input
- Updated German translation for new button text
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Replace SHA256 text input with file upload field for checksum files
- Add readChecksumFile() JavaScript function using FileReader API
- Support .sha256 and .txt checksum file formats
- Add Promise-based async handling for file reading
- Add localized error messages for checksum file validation
- Update translations (de_CH) with new strings
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add REST API response signing using HMAC-SHA256
- Add SHA256 hash validation for version file uploads
- Add ResponseSigner class for automatic API response signing
- Add file_hash column to database schema
- Remove external URL support from version uploads
- Update translations with all fuzzy strings resolved
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Conducted comprehensive security and best practices review
- Fixed VersionManager null format handling for attachment updates
- Improved input sanitization in AdminController for page context checks
- Updated README.md with complete feature documentation
- Updated CHANGELOG.md with 0.1.0 release notes
- Updated translations (.pot, .po, .mo files) to version 0.1.0
- Bumped version to 0.1.0 in plugin header and constant
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Keep existing Reports > Licenses dashboard which works correctly.
Version 0.0.11 now only includes the Created column in license overview.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Store the AnalyticsController instance as a class property
to prevent it from being garbage collected before WordPress
can call the registered callbacks.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Catch all Twig errors (not just LoaderError) to ensure
fallback to PHP rendering works properly.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Changed capability from manage_woocommerce to manage_options
to ensure admin users can access the page.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add Created date column to admin license overview
- Add License Statistics page under WooCommerce menu
- Add REST API endpoints for analytics data with time-series support
- WooCommerce Analytics integration via submenu page
New files:
- src/Admin/AnalyticsController.php
- templates/admin/statistics.html.twig
REST API endpoints:
- GET /wc-licensed-product/v1/analytics/stats
- GET /wc-licensed-product/v1/analytics/products
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add inline editing for status, expiry date, and domain fields
- Add copy-to-clipboard button for license keys
- Add AJAX handlers for inline editing with nonce verification
- Update LicenseManager with updateLicenseExpiry method
- Add new translations for inline editing strings (de_CH)
- Compile updated German translations to .mo file
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This ensures template changes are detected even when WP_DEBUG is false,
avoiding stale cache issues.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
The Twig template already had search/filter functionality but the PHP
fallback template (used when Twig fails) was missing it. This ensures
search and filters work regardless of which template is rendered.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add AJAX handler for real-time license search
- Create admin-licenses.js with debounced search and keyboard navigation
- Display search results with highlighted matches
- Support navigation with arrow keys and Enter to select
- Add CSS for dropdown results styling
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Register licenses query var with WooCommerce via woocommerce_get_query_vars
- Register endpoint in Installer before flushing rewrite rules
- Existing installations need to re-save permalinks
The endpoint was not being recognized because WooCommerce's My Account
requires both add_rewrite_endpoint() and query var registration.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add license meta box on WooCommerce order edit pages
- Add editable order domain field with AJAX inline editing
- Add editable license domains directly from order page
- Add licenses table showing all licenses for an order
- Support both classic orders and HPOS
New files:
- src/Admin/OrderLicenseController.php
- assets/js/order-licenses.js
New method: LicenseManager::getLicensesByOrder()
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Fix VersionManager::createVersion() to handle null attachment_id properly
- Add product type validation in AJAX version handler
- Add database error logging for debugging
- Improve meta box visibility logic for licensed products
- Add known bug note to CLAUDE.md
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add WooCommerce Checkout Blocks support for domain field
- Create CheckoutBlocksIntegration for block-based checkout
- Create StoreApiExtension for Store API domain handling
- Add checkout-blocks.js for frontend domain field in blocks
- Fix LicenseManager product type check in generateLicense()
- Add multiple order status hooks for reliable license generation
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Remove Current Version field from product license settings
- Derive current version from latest product version in database
- Refactor email system to use WooCommerce email notification classes
- Add LicenseExpirationEmail WC_Email class for expiration warnings
- Add customizable email templates (HTML and plain text)
- Update settings to link to WooCommerce email configuration
- Update translations for new email-related strings
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Add product version management:
- ProductVersion model and VersionManager class
- VersionAdminController with meta box on product edit page
- AJAX-based version CRUD (add, delete, toggle status)
- JavaScript for version management UI
Add email notifications:
- LicenseEmailController for order emails
- License keys included in order completed emails
- Support for both HTML and plain text emails
Add REST API rate limiting:
- 30 requests per minute per IP
- Cloudflare and proxy-aware IP detection
- HTTP 429 response with Retry-After header
Other changes:
- Bump version to 0.0.2
- Update CHANGELOG.md
- Add version status styles to admin.css
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Add complete plugin infrastructure for selling software with license keys:
- New "Licensed Product" WooCommerce product type
- License key generation (XXXX-XXXX-XXXX-XXXX format) on order completion
- Domain-based license validation system
- REST API endpoints (validate, status, activate, deactivate)
- Customer My Account "Licenses" page
- Admin license management under WooCommerce > Licenses
- Checkout domain field for licensed products
- Custom database tables for licenses and product versions
- Twig template engine integration
- Full i18n support with German (de_CH) translation
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
