Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Amend login failure event being reported by mistake #3092

Merged
merged 2 commits into from
Feb 18, 2025
Merged

Amend login failure event being reported by mistake #3092

merged 2 commits into from
Feb 18, 2025

Conversation

estringana
Copy link
Contributor

@estringana estringana commented Feb 17, 2025
edited by jira bot
Loading

Description

It was reported that wodpress was reporting many login failure events when they should not be reported. After investigation it was spotted that whenever the login page was hit(even with a get), the login failure event was reported. This PR fixes that.

Additionaly, user login events were not tested on Wordpress 6.1. This pr takes the opportunity to make those tests run

APPSEC-56789

Reviewer checklist

  • Test coverage seems ok.
  • Appropriate labels assigned.

@codecov-commenter
Copy link

codecov-commenter commented Feb 17, 2025
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 74.74%. Comparing base (30bf5fd) to head (c6ffdcf).

Additional details and impacted files

Impacted file tree graph

@@            Coverage Diff            @@
##             master    #3092   +/-   ##
=========================================
  Coverage     74.74%   74.74%           
- Complexity     2790     2791    +1     
=========================================
  Files           112      112           
  Lines         11042    11044    +2     
=========================================
+ Hits           8253     8255    +2     
  Misses         2789     2789
Flag Coverage Δ
tracer-php 74.74% <100.00%> (+<0.01%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

Files with missing lines Coverage Δ
...ce/Integrations/WordPress/WordPressIntegration.php 94.25% <100.00%> (+0.13%) ⬆️

Continue to review full report in Codecov by Sentry.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 30bf5fd...c6ffdcf. Read the comment docs.

@pr-commenter
Copy link

pr-commenter bot commented Feb 17, 2025
edited
Loading

Benchmarks [ tracer ]

Benchmark execution time: 2025-02-18 12:21:34

Comparing candidate commit c6ffdcf in PR branch estringana/fix-wordpress-login-events with baseline commit 30bf5fd in branch master.

Found 2 performance improvements and 0 performance regressions! Performance is the same for 176 metrics, 0 unstable metrics.

scenario:ContextPropagationBench/benchInject64Bit

  • 🟩 execution_time [-615.785ns; -330.215ns] or [-7.592%; -4.071%]

scenario:TraceSerializationBench/benchSerializeTrace

  • 🟩 execution_time [-10.503µs; -5.797µs] or [-5.010%; -2.765%]

@estringana estringana marked this pull request as ready for review February 17, 2025 16:09
@estringana estringana requested review from a team as code owners February 17, 2025 16:09
@estringana estringana force-pushed the estringana/fix-wordpress-login-events branch from fc943a1 to 1612f88 Compare February 17, 2025 16:54
estringana
estringana commented Feb 17, 2025
View reviewed changes
tests/Integrations/WordPress/AutomatedLoginEventsTestSuite.php
@@ -45,6 +45,15 @@ public function testUserLoginSuccessEvent()
$this->assertEquals($name, $events[0]['metadata']['name']);
}

public function testHittingLoginPageDoesNotGenerateUserEvent()
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This new tests ensures the bug is not happening

estringana
estringana commented Feb 17, 2025
View reviewed changes
tests/Integrations/WordPress/V6_1/AutomatedLoginEventsTest.php
/**
* @group appsec
*/
class AutomatedLoginEventsTest extends AutomatedLoginEventsTestSuite
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Automated login event tests were not tested in Wordpress 6.1. This makes all these tests to be executed

@estringana estringana force-pushed the estringana/fix-wordpress-login-events branch from 1612f88 to b6cdc6b Compare February 18, 2025 09:19
@estringana
Copy link
Contributor Author

The changes done to the sql is to allow users to be registered to test user sign up

@estringana estringana force-pushed the estringana/fix-wordpress-login-events branch from c5f8a25 to c6ffdcf Compare February 18, 2025 11:53
@estringana estringana requested a review from PROFeNoM February 18, 2025 13:39
PROFeNoM
PROFeNoM approved these changes Feb 18, 2025
View reviewed changes
Copy link
Contributor

@PROFeNoM PROFeNoM left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM 😃

@estringana estringana merged commit 445f72a into master Feb 18, 2025
458 of 476 checks passed
@estringana estringana deleted the estringana/fix-wordpress-login-events branch February 18, 2025 14:00
@github-actions github-actions bot added this to the 1.7.0 milestone Feb 18, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@PROFeNoM PROFeNoM PROFeNoM approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
1.7.0
Development

Successfully merging this pull request may close these issues.
3 participants
@estringana @codecov-commenter @PROFeNoM