Merge pull request #33 from andy-profileo/v1.1.9

v1.1.9

classes/PrestaScanQueue.php

@@ -215,4 +215,13 @@ public static function getJobAlreadyInProgress($actionName, $time = 10)
                     AND TIMESTAMPDIFF(MINUTE, date_add, now()) > ' . $time);
         return empty($jobId) ? false : $jobId;
     }
+
+    public static function isJobToRetrieve($actionName)
+    {
+        $jobId = Db::getInstance()->getValue('
+                SELECT `jobid`
+                FROM `' . _DB_PREFIX_ . self::$definition['table'] . '`
+                WHERE `action_name` = "' . pSQL($actionName) . '" AND `state` = "' . pSQL(self::$actionname['TORETRIEVE']) . '" ORDER BY `id` DESC');
+        return empty($jobId) ? false : true;
+    }
 }

controllers/front/oauth2.php

@@ -50,6 +50,10 @@ public function init()
 
     public function initContent()
     {
+        // handle old site monitored change; retry a login with new site monitored
+        if (Tools::getValue('site_changed')) {
+            return $this->module->handleSiteMonitoredChanged();
+        }
         // Check our sudo user token
         if (!$this->isSudoTokenValid()) {
             \PrestaScan\Tools::displayErrorAndDie(401, 'Token mismatch');

prestascansecurity.php

@@ -33,7 +33,7 @@ public function __construct()
     {
         $this->name = 'prestascansecurity';
         $this->tab = 'others';
-        $this->version = '1.1.8';
+        $this->version = '1.1.9';
         $this->author = 'PrestaScan';
         $this->need_instance = false;
         $this->bootstrap = true;
@@ -261,6 +261,28 @@ public function generateModuleHash()
 
     public function getContent()
     {
+        if ($this->isUserLoggedIn()) {
+            // check if selected url is correct on account            
+            try {
+                $postBody = array(
+                    'shop_urls' => implode(';', array_map('urlencode', $this->getShopUrls())),
+                );
+                $request = new \PrestaScan\Api\Request(
+                    'prestascan-api/v2/check-url',
+                    'POST',
+                    $postBody
+                );
+                $response = $request->getResponse();
+                if (isset($response['error']) && $response['error']) {   // disconnect
+                    $this->logout();
+                }
+            } catch (Exception $e) {
+                if ($e->getMessage() == 'Not logged in') {  //
+                    $this->logout();
+                }
+            }
+        }
+
         // Update the module if requested to do so
         $this->updateModule();
         // Check for error message to display
@@ -371,18 +393,20 @@ protected function displayInitialScanAndScanProgress()
             $displayInitialScan = false;
         }
         $progressScans = Configuration::get('PRESTASCAN_SCAN_PROGRESS');
+        $scansToRetrieve = array();
         if (!empty($progressScans)) {
             $progressScans = json_decode($progressScans, true);
-            foreach ($progressScans as $scan) {
+            foreach ($progressScans as $type => $scan) {
+                $scansToRetrieve[$type] = \PrestaScanQueue::isJobToRetrieve($type);
                 if ($scan) {
                     $displayInitialScan = false;
-                    break;
                 }
             }
         }
 
         $this->context->smarty->assign('displayInitialScan', $displayInitialScan);
         $this->context->smarty->assign('progressScans', $progressScans);
+        $this->context->smarty->assign('scansToRetrieve', $scansToRetrieve);
     }
 
     protected function assignAdminVariables($moduleNewVulnerabilitiesAlert)
@@ -510,6 +534,8 @@ protected function includeAdminResources($moduleNewVulnerabilitiesAlert)
             'checkbox_risk_label' => $this->l('I understand the risks associated with removing or uninstalling modules in PrestaShop and agree to proceed with caution, prioritizing a development environment.'),
             'question_to_logout' => $this->l('Are you sure to log out?'),
             'js_error_occured' => $this->l('An error occured while generating the report. This may be due to a timeout. Please try again.'),
+            'js_ps_nodebug_error_occured' => $this->l('A error occured. Enable debug for more information and please try again.'),
+            'js_ps_error_occured' => $this->l('A error occured. Please try again.'),
             'question_to_logout' => $this->l('Are you sure to log out?'),
             'js_description' => $this->l('Description'),
             'text_confirm_log_me_out' => $this->l('Yes, log me out'),
@@ -670,4 +696,25 @@ public function getWordTranslated($word)
 
         return ucfirst($criticity);
     }
+
+    protected function logout()
+    {
+        // Remove the data in the database
+        \PrestaScanQueue::truncate();
+        \PrestaScanVulnAlerts::truncate();
+        // Delete cache files and configuration
+        \PrestaScan\Tools::resetModuleConfigurationAndCache();
+        $this->isLoggedIn = false;
+    }
+
+    public function handleSiteMonitoredChanged()
+    {
+        if (Context::getContext()->cookie->__isset('psscan_urlconfigbo')) {
+            $urlBackOffice = Context::getContext()->cookie->__get('psscan_urlconfigbo');
+            Context::getContext()->cookie->__unset('psscan_urlconfigbo');
+            Tools::redirectAdmin($urlBackOffice . '&site_changed=1');
+        } else {
+            die($this->display(__FILE__, 'views/templates/front/sitemonitored_changed.tpl'));
+        }
+    }
 }

src/OAuth2/Provider.php

@@ -67,6 +67,10 @@ public function getAuthenticatedRequest($method, $url, $accessToken, array $opti
         curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
         curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 3);
         curl_setopt($ch, CURLOPT_TIMEOUT, 10);
+        if (defined('_EOSC_MODE_DEV_') && _EOSC_MODE_DEV_) {
+            curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
+            curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
+        }
 
         if (isset($options['body'])) {
             curl_setopt($ch, CURLOPT_POSTFIELDS, $options['body']);
@@ -134,7 +138,11 @@ public function getAccessToken($grantType, array $options = [])
         curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($params));
         curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 3);
         curl_setopt($ch, CURLOPT_TIMEOUT, 10);
-
+        if (defined('_EOSC_MODE_DEV_') && _EOSC_MODE_DEV_) {
+            curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
+            curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
+        }
+
         $response = $this->getResponse($ch);
         $parsedResponse = $this->parseResponse($response);
 

src/Tools.php

@@ -327,7 +327,7 @@ public static function formatDateString($date)
         if (!empty($date)) {
             $return = date('j F Y ', strtotime($date));
             $return .= in_array($languageCode, array('fr','es')) ? $at[$languageCode] : ' at ';
-            $return .= date('h\hm', strtotime($date));
+            $return .= date('h\hi', strtotime($date));
             if (in_array($languageCode, array('fr','es'))) {
                 $return = str_replace(array_keys($mois[$languageCode]), array_values($mois[$languageCode]), $return);
             }

translations/es.php

@@ -227,6 +227,9 @@
 $_MODULE['<{prestascansecurity}prestashop>scan_in_progress_96726308d783c8c6143d5b22fea5d7fb'] = 'Parece que el escaneo se ha estado ejecutando durante bastante tiempo, podría haber un problema.';
 $_MODULE['<{prestascansecurity}prestashop>scan_in_progress_eb83cb7c01a3449487ded1a52bb1836c'] = 'Puede intentar forzar el escaneo para recuperar sus datos. Si esto no funciona, el escaneo se cancelará y podrá volver a intentarlo con un nuevo escaneo.';
 $_MODULE['<{prestascansecurity}prestashop>scan_in_progress_ba387b98b9462fc96925aadf3f641e6c'] = 'Forzar recuperación o cancelar';
+$_MODULE['<{prestascansecurity}prestashop>scan_to_retrieve_9a2320c81ad462c52e15563fb7d3ee4d'] = 'Descargando los últimos escaneos';
+$_MODULE['<{prestascansecurity}prestashop>scan_to_retrieve_fc4d43c730c5d2ff49c6105683a5b70a'] = 'Se está descargando el último análisis automático para su visualización.';
+$_MODULE['<{prestascansecurity}prestashop>scan_to_retrieve_732e91e4bc78bb97e63473154025e419'] = 'Esta operación puede tardar unos momentos.';
 $_MODULE['<{prestascansecurity}prestashop>scan_result_60a1994f5365c8a09a74ac6516b88629'] = 'Resultados del último escaneo';
 $_MODULE['<{prestascansecurity}prestashop>scan_result_f91fe4f33093ee783af6952f653577d4'] = 'Recientemente se descubrió una nueva vulnerabilidad, verifique su alerta arriba y vuelva a hacer un escaneo si es necesario para actualizar sus resultados';
 $_MODULE['<{prestascansecurity}prestashop>scan_result_48a098c06115a3db0efb6bcb5e31fd41'] = 'Vulnerabilidad';

translations/fr.php

@@ -11,6 +11,8 @@
 $_MODULE['<{prestascansecurity}prestashop>prestascansecurity_a3f4cecacc0164fd6c90029641134efa'] = 'Je comprends les risques associés à la suppression ou la désinstallation de modules dans PrestaShop et accepte de procéder avec prudence, en privilégiant un environnement de développement.';
 $_MODULE['<{prestascansecurity}prestashop>prestascansecurity_b9ff4aa1cb93a366b1973c5c3af52289'] = 'Êtes-vous sûr de vouloir vous déconnecter ?';
 $_MODULE['<{prestascansecurity}prestashop>prestascansecurity_fd541b21fd5a44149a86bc83f5ed7739'] = 'Une erreur s\'est produite lors de la génération du rapport. Cela peut être dû à un délai d\'expiration. Veuillez réessayer.';
+$_MODULE['<{prestascansecurity}prestashop>prestascansecurity_d90237b6602334152220c3825a978ac3'] = 'Une erreur s\'est produite. Activez le mode debug pour plus d\'informations et veuillez réessayer.';
+$_MODULE['<{prestascansecurity}prestashop>prestascansecurity_9cdc88e43e892de1c3f8b949719ed4e2'] = 'Une erreur est survenue. Veuillez réessayer.';
 $_MODULE['<{prestascansecurity}prestashop>prestascansecurity_b5a7adde1af5c87d7fd797b6245c2a39'] = 'Description';
 $_MODULE['<{prestascansecurity}prestashop>prestascansecurity_9eadb78db102ef3b8dc9c43043d26422'] = 'Oui, déconnectez-moi';
 $_MODULE['<{prestascansecurity}prestashop>prestascansecurity_01602a2174d298aea9aa785039556a5a'] = 'Cliquez ici pour actualiser la page';
@@ -227,6 +229,9 @@
 $_MODULE['<{prestascansecurity}prestashop>scan_in_progress_96726308d783c8c6143d5b22fea5d7fb'] = 'Il semble que le scan dure depuis un certain temps maintenant, il pourrait y avoir un problème.';
 $_MODULE['<{prestascansecurity}prestashop>scan_in_progress_eb83cb7c01a3449487ded1a52bb1836c'] = 'Vous pouvez essayer de forcer le scan pour récupérer ses données. Si cela ne fonctionne pas, le scan sera annulé et vous pourrez réessayer avec un nouveau scan.';
 $_MODULE['<{prestascansecurity}prestashop>scan_in_progress_ba387b98b9462fc96925aadf3f641e6c'] = 'Forcer la récupération ou annuler';
+$_MODULE['<{prestascansecurity}prestashop>scan_to_retrieve_9a2320c81ad462c52e15563fb7d3ee4d'] = 'Téléchargement des derniers scans';
+$_MODULE['<{prestascansecurity}prestashop>scan_to_retrieve_fc4d43c730c5d2ff49c6105683a5b70a'] = 'Le dernier scan automatique est en cours de téléchargement pour son affichage.';
+$_MODULE['<{prestascansecurity}prestashop>scan_to_retrieve_732e91e4bc78bb97e63473154025e419'] = 'Cette opération peut prendre quelques instants.';
 $_MODULE['<{prestascansecurity}prestashop>scan_result_60a1994f5365c8a09a74ac6516b88629'] = 'Derniers résultats de scan';
 $_MODULE['<{prestascansecurity}prestashop>scan_result_f91fe4f33093ee783af6952f653577d4'] = 'Une nouvelle vulnérabilité a été récemment découverte, vérifiez l\'alerte ci-dessus et refaites un scan si nécessaire pour mettre à jour vos résultats';
 $_MODULE['<{prestascansecurity}prestashop>scan_result_535e2de9168013bbfc31965016086243'] = 'Vulnérabilités';

views/css/admin.1.1.6.css

@@ -959,6 +959,7 @@ label.chkConfirmModuleUninstall input {
     width: 100%;
     position: absolute;
     bottom: 0;
+    left: 0;
 }
 #prestascansecurity_main_container #tab-report-home .scan_link.row a.btn {
     margin-top: 45px;

views/css/modal.1.1.6.css

@@ -70,7 +70,17 @@
     padding: 15px 10px 10px;
     width: 100%;
 }
-
+#prestascansecurity_main_container .modal_content.has_error {
+    width: 35vw;
+    max-height: 70vh;
+}
+#prestascansecurity_main_container .modal_content.has_error .modal_body {
+    text-align: left;    
+}
+#prestascansecurity_main_container .modal_content.has_error .modal_body pre {
+    overflow: auto;
+    max-height: 60vh;
+}
 /* Add Animation */
 @-webkit-keyframes animatetop {
     from {top:-300px; opacity:0}