docs
This commit is contained in:
alorig
61
CHANGELOG.md
61
CHANGELOG.md
@@ -22,6 +22,67 @@ Each entry follows this format:
|
||||
|
||||
---
|
||||
|
||||
## [1.0.1] - 2025-11-24
|
||||
|
||||
### Changed
|
||||
|
||||
#### WordPress Integration - Authentication Modernization
|
||||
- **Simplified authentication to API key only** across WordPress plugin and Django backend
|
||||
- Removed webhook secret/signature validation in favor of direct API key authentication
|
||||
- Updated `class-igny8-webhooks.php` to validate `X-IGNY8-API-KEY` or `Authorization: Bearer` headers
|
||||
- Modified Django `views.py` validator to require only `api_key` in `credentials_json` for new WordPress integrations
|
||||
- Files changed:
|
||||
- `igny8-wp-integration/includes/class-igny8-webhooks.php`
|
||||
- `igny8/backend/igny8_core/modules/integration/views.py`
|
||||
|
||||
- **Implemented 3-state connection model** for clearer integration status tracking
|
||||
- States: `not_connected` (no API key), `configured` (API key + integration_id), `connected` (structure synced)
|
||||
- Added `igny8_get_connection_state()` helper function
|
||||
- Files changed:
|
||||
- `igny8-wp-integration/includes/functions.php`
|
||||
- `igny8-wp-integration/admin/settings.php`
|
||||
|
||||
### Added
|
||||
|
||||
#### WordPress Integration - Enhanced Logging & Filtering
|
||||
- **Safe logging functions** that filter sensitive data (api_key, password, secret, token)
|
||||
- Added `igny8_log_connection_state()` for connection state transitions
|
||||
- Added `igny8_log_sync()` for sync operations with context tracking
|
||||
- Enhanced `igny8_sync_site_structure_to_backend()` with detailed operation logging
|
||||
- Files changed:
|
||||
- `igny8-wp-integration/includes/functions.php`
|
||||
|
||||
- **Product attribute filtering** to sync only IGNY8-created WooCommerce attributes
|
||||
- Filters product attribute terms by `igny8_origin = 'igny8_app'` term meta
|
||||
- Applies to taxonomies starting with `pa_` prefix
|
||||
- Files changed:
|
||||
- `igny8-wp-integration/data/site-collection.php`
|
||||
|
||||
### Removed
|
||||
|
||||
#### WordPress Integration - Legacy Authentication
|
||||
- **Removed webhook secret authentication** from WordPress plugin
|
||||
- Deleted `igny8_get_webhook_secret()` and `igny8_regenerate_webhook_secret()` functions
|
||||
- Removed webhook secret UI from admin settings page
|
||||
- Removed HMAC-SHA256 signature validation from webhook handler
|
||||
- Files changed:
|
||||
- `igny8-wp-integration/includes/functions.php`
|
||||
- `igny8-wp-integration/includes/class-igny8-webhooks.php`
|
||||
- `igny8-wp-integration/admin/settings.php`
|
||||
|
||||
### Security
|
||||
|
||||
#### WordPress Integration
|
||||
- **Upgraded authentication security** by consolidating to single API key method
|
||||
- Eliminated webhook signature complexity and potential timing attack vectors
|
||||
- Implemented constant-time comparison for API key validation using `hash_equals()`
|
||||
- All incoming webhook requests now require valid API key in headers
|
||||
- Files affected:
|
||||
- `igny8-wp-integration/includes/class-igny8-webhooks.php`
|
||||
- `igny8-wp-integration/includes/class-igny8-rest-api.php`
|
||||
|
||||
---
|
||||
|
||||
## [1.0.0] - 2025-11-24
|
||||
|
||||
### Added
|
||||
|
||||
Reference in New Issue
Block a user