Merge pull request #2 from crowdsecurity/current-features

release preparation

Author: mobula9

.github/workflows/build_package.yml

@@ -4,19 +4,16 @@
 Plugin URI: https://www.crowdsec.net/
 Description: Safer Together. Protect your WordPress application with CrowdSec.
 Tags: security, firewall, malware scanner, two factor authentication, captcha, waf, web app firewall, mfa, 2fa
-Version 0.0.1
+Version 0.1.0
 Author: CrowdSec
 Author URI: https://www.crowdsec.net/
 Github: https://github.com/crowdsecurity/cs-wordpress-blocker
 License: MIT
 Requires PHP: 7.2
-Stable tag: 0.0.1
+Stable tag: 0.1.0
 Text Domain: crowdsec-wp
 */
 
-// TODO P2 check WP minimum compatible version + add a tag: "Requires at least: X.Y"
-// TODO P2 check WP maximum compatible version + add a tag: "Tested up to: 4.8"
-
 
 session_start();
 require_once __DIR__ . '/vendor/autoload.php';

crowdsec.php

@@ -80,4 +80,29 @@ docker-compose down
 docker images | grep wordpress-bouncer_web # to get the container id
 docker rmi 145c1ed0e4df
 CS_WORDPRESS_BOUNCER_PHP_VERSION=7.2 docker-compose up -d --build --force-recreate
+```
+
+#### New feature
+
+```bash
+git checkout -b <branch-name>
+git commit # as much as necessary.
+
+# Rename branch if necessary
+git branch -m <new-name>
+git push origin :<old-name> && git push origin <new-name>
+
+# Create PR
+gh pr create --fill
+```
+
+After the merge, don't forget to delete to branch.
+
+#### New release
+
+```bash
+git checkout main && git pull
+git describe --tags `git rev-list --tags --max-count=1` # to verify what is the current tag
+export NEW_GIT_VERSION_WITHOUT_V_PREFIX= #...X.X.X
+./scripts/publish-release.sh
 ```

docs/contribute.md

@@ -55,11 +55,9 @@ function adminAdvancedSettings()
     addFieldSelect('crowdsec_cache_system', 'Technology', 'crowdsec_plugin_advanced_settings', 'crowdsec_advanced_settings', 'crowdsec_admin_advanced_cache', function ($input) {
         if (!in_array($input, [CROWDSEC_CACHE_SYSTEM_PHPFS, CROWDSEC_CACHE_SYSTEM_REDIS, CROWDSEC_CACHE_SYSTEM_MEMCACHED])) {
             $input = CROWDSEC_CACHE_SYSTEM_PHPFS;
-            // TODO P3 throw error
+            add_settings_error("Technology", "crowdsec_error", "Technology: Incorrect cache technology selected.");
         }
 
-        // TODO P1 big bug: fatal error when changing techno without dsn already set at previous state. Quick fix: Add error if no dsn and ask to set dsn then save then select techno.
-
         $bouncer = getBouncerInstance();
         $bouncer->clearCache();
         $message = __('Cache system changed. Previous cache data has been cleared.');
@@ -86,13 +84,11 @@ function adminAdvancedSettings()
 
     // Field "crowdsec_redis_dsn"
     addFieldString('crowdsec_redis_dsn', 'Redis DSN<br>(if applicable)', 'crowdsec_plugin_advanced_settings', 'crowdsec_advanced_settings', 'crowdsec_admin_advanced_cache', function ($input) {
-        // TODO P2 check if it's a valid DSN
         return $input;
     }, '<p>Fill in this field only if you have chosen the Redis cache.<br>Example of DSN: redis://localhost:6379.', 'redis://...', '');
 
     // Field "crowdsec_memcached_dsn"
     addFieldString('crowdsec_memcached_dsn', 'Memcached DSN<br>(if applicable)', 'crowdsec_plugin_advanced_settings', 'crowdsec_advanced_settings', 'crowdsec_admin_advanced_cache', function ($input) {
-        // TODO P2 check if it's a valid DSN
         return $input;
     }, '<p>Fill in this field only if you have chosen the Memcached cache.<br>Example of DSN: memcached://localhost:11211.', 'memcached://...', '');
 
@@ -127,11 +123,21 @@ function adminAdvancedSettings()
     foreach (Constants::ORDERED_REMEDIATIONS as $remediation) {
         $choice[$remediation] = $remediation;
     }
-    addFieldSelect('crowdsec_fallback_remediation', 'Fallback to', 'crowdsec_plugin_advanced_settings', 'crowdsec_advanced_settings', 'crowdsec_admin_advanced_cache', function ($input) {
+    addFieldSelect('crowdsec_fallback_remediation', 'Fallback to', 'crowdsec_plugin_advanced_settings', 'crowdsec_advanced_settings', 'crowdsec_admin_advanced_remediations', function ($input) {
         if (!in_array($input, Constants::ORDERED_REMEDIATIONS)) {
             $input = CROWDSEC_BOUNCING_LEVEL_DISABLED;
-            // TODO P3 throw error
+            add_settings_error("Fallback to", "crowdsec_error", "Fallback to: Incorrect Fallback selected.");
         }
         return $input;
     }, '<p>Which remediation to apply when CrowdSec advises unhandled remediation.</p>', $choice);
+
+    // Field "crowdsec_hide_mentions"
+    addFieldCheckbox('crowdsec_hide_mentions', 'Hide CrowdSec mentions', 'crowdsec_plugin_advanced_settings', 'crowdsec_advanced_settings', 'crowdsec_admin_advanced_remediations', function () {
+        // Stream mode just activated.
+        scheduleBlocklistRefresh();
+    }, function () {
+        // Stream mode just deactivated.
+        unscheduleBlocklistRefresh();
+    }, '
+    <p>Enable if you want to hide CrowdSec mentions on the Ban and Captcha pages</p>');
 }

inc/admin/advanced-settings.php

@@ -24,7 +24,6 @@ function clearBouncerCacheInAdminPage()
 
             AdminNotice::displaySuccess($message);
 
-            // TODO P3 i18n the whole lib https://developer.wordpress.org/plugins/internationalization/how-to-internationalize-your-plugin/
         } catch (WordpressCrowdSecBouncerException $e) {
             getCrowdSecLoggerInstance()->error(null, [
                 'type' => 'WP_EXCEPTION_WHILE_CLEARING_CACHE',

inc/admin/init.php

@@ -15,14 +15,12 @@ function adminSettings()
 
     // Field "crowdsec_api_url"
     addFieldString('crowdsec_api_url', 'LAPI URL', 'crowdsec_plugin_settings', 'crowdsec_settings', 'crowdsec_admin_connection', function ($input) {
-        // P2 TODO ping API to see if it's available if not: add_settings_error("LAPI URL", "crowdsec_error", "LAPI URL " . $input . " is not reachable.");
         return $input;
     }, '<p>If the CrowdSec Agent is installed on this server, you will set this field to http://localhost:8080.</p>', 'Your LAPI URL', '');
 
 
     // Field "crowdsec_api_key"
     addFieldString('crowdsec_api_key', 'Bouncer API key', 'crowdsec_plugin_settings', 'crowdsec_settings', 'crowdsec_admin_connection', function ($input) {
-        // TODO check api key format / ping api  if not: add_settings_error("LAPI URL", "crowdsec_error", "LAPI URL " . $input . " is not reachable.");
         return $input;
     }, '<p>Generated with the cscli command, ex: <em>cscli bouncers add wordpress-bouncer</em></p>', 'Your bouncer key', 'width: 280px;', 'text');
 
@@ -43,7 +41,7 @@ function adminSettings()
             CROWDSEC_BOUNCING_LEVEL_PARANOID
         ])) {
             $input = CROWDSEC_BOUNCING_LEVEL_DISABLED;
-            // TODO P3 throw error
+            add_settings_error("Bouncing level", "crowdsec_error", "Bouncing level: Incorrect bouncing level selected.");
         }
         return $input;
     }, '<p>
@@ -52,13 +50,13 @@ function adminSettings()
         <li><strong>Bouncing disabled</strong>: No ban or Captcha display to users. The road is free, even for attackers.</li>
         <li><strong>Flex bouncing</strong>: Display Captcha only, even if CrowdSec advises to ban the IP.</li>
         <li><strong>Normal bouncing</strong>: Follow CrowdSec advice (Ban or Captcha).</li>
-        <li><strong>Paranoid mode</strong>: Ban IPs when there are in the CrowdSec database, even if CrowdSec advises to display a Captcha.</li>
+        <!--<li><strong>Paranoid mode</strong>: Ban IPs when there are in the CrowdSec database, even if CrowdSec advises to display a Captcha.</li>-->
     </ul>
 </p>', [
         CROWDSEC_BOUNCING_LEVEL_DISABLED => '🚫 Bouncing disabled',
         CROWDSEC_BOUNCING_LEVEL_FLEX => '😎 Flex bouncing',
         CROWDSEC_BOUNCING_LEVEL_NORMAL => '🛡️ Normal bouncing',
-        CROWDSEC_BOUNCING_LEVEL_PARANOID => '🕵️ Paranoid mode',
+        //CROWDSEC_BOUNCING_LEVEL_PARANOID => '🕵️ Paranoid mode',
     ]);
 
 

inc/admin/settings.php

@@ -11,14 +11,14 @@ function bounceCurrentIp()
     function displayCaptchaWall()
     {
         header('HTTP/1.0 401 Unauthorized');
-        echo Bouncer::getCaptchaHtmlTemplate($_SESSION["crowdsec_captcha_resolution_failed"], $_SESSION['crowdsec_captcha_inline_image'], '');
+        echo Bouncer::getCaptchaHtmlTemplate($_SESSION["crowdsec_captcha_resolution_failed"], $_SESSION['crowdsec_captcha_inline_image'], '', !get_option('crowdsec_hide_mentions'));
         die();
     }
 
     function handleBanRemediation()
     {
         header('HTTP/1.0 403 Forbidden');
-        echo Bouncer::getAccessForbiddenHtmlTemplate();
+        echo Bouncer::getAccessForbiddenHtmlTemplate(!get_option('crowdsec_hide_mentions'));
         die();
     }
 
@@ -128,7 +128,7 @@ function handleRemediation(string $remediation, string $ip)
             $remediation = $bouncer->getRemediationForIp($ip);
             handleRemediation($remediation, $ip);
         } catch (WordpressCrowdSecBouncerException $e) {
-            // TODO log error for debug mode only.
+            
         }
     }
 }

inc/bounce-current-ip.php

@@ -57,7 +57,6 @@ function getCacheAdapterInstance(string $forcedCacheSystem = null): AbstractAdap
             $redisDsn = esc_attr(get_option('crowdsec_redis_dsn'));
             if (empty($redisDsn)) {
                 throw new WordpressCrowdSecBouncerException('Redis selected but no DSN provided.');
-                // TODO P2 fix: when redis is selected and the dsn is filled at the same moment, this error is thrown or it should not be.
             }
             return new RedisAdapter(RedisAdapter::createConnection($redisDsn));
     }
@@ -101,7 +100,6 @@ function getBouncerInstance(string $forcedCacheSystem = null): Bouncer
             break;
         case CROWDSEC_BOUNCING_LEVEL_PARANOID:
             $maxRemediationLevel = Constants::REMEDIATION_BAN;
-            // TODO P2 add "minimum remediation" feature in lib + set it to ban in this case
             break;
         default:
             throw new Exception("Unknown $bouncingLevel");
@@ -110,13 +108,12 @@ function getBouncerInstance(string $forcedCacheSystem = null): Bouncer
     $logger = getCrowdSecLoggerInstance();
 
     // Instanciate the bouncer
-    $bouncer = new Bouncer($logger);
     $cacheAdapter = getCacheAdapterInstance($forcedCacheSystem);
+    $bouncer = new Bouncer($cacheAdapter, $logger);
     $bouncer->configure([
         'api_key' => $apiKey,
         'api_url' => $apiUrl,
         'api_user_agent' => CROWDSEC_BOUNCER_USER_AGENT,
-        //'api_timeout' => null // TODO P3 make a advanced settings
         'live_mode' => !$isStreamMode,
         'max_remediation_level' => $maxRemediationLevel,
         'fallback_remediation' => $fallbackRemediation,

inc/bouncer-instance.php

@@ -15,4 +15,4 @@
 define('CROWDSEC_CAPTCHA_TECHNOLOGY_LOCAL', "local");
 define('CROWDSEC_CAPTCHA_TECHNOLOGY_RECAPTCHA', "recaptcha");
 
-define('CROWDSEC_BOUNCER_USER_AGENT', "Wordpress CrowdSec Bouncer/0.0.1");// TODO P1 SET THE CORRECT VERSION ON BUILD
+define('CROWDSEC_BOUNCER_USER_AGENT', "Wordpress CrowdSec Bouncer/v0.1.0");

inc/constants.php

@@ -28,6 +28,8 @@ function activate_crowdsec_plugin()
     update_option("crowdsec_clean_ip_cache_duration", Constants::CACHE_EXPIRATION_FOR_CLEAN_IP);
     update_option("crowdsec_bad_ip_cache_duration", Constants::CACHE_EXPIRATION_FOR_BAD_IP);
     update_option("crowdsec_fallback_remediation", Constants::REMEDIATION_CAPTCHA);
+
+    update_option("crowdsec_hide_mentions", false);
 }
 
 
@@ -67,4 +69,6 @@ function deactivate_crowdsec_plugin()
     delete_option("crowdsec_clean_ip_cache_duration");
     delete_option("crowdsec_bad_ip_cache_duration");
     delete_option("crowdsec_fallback_remediation");
+
+    delete_option("crowdsec_hide_mentions");
 }