Frontend Customer checkLimit not working as expected in TYPO3
Forum rules
Always add your TYPO3, Aimeos and PHP version as well as your environment (Linux/Mac/Win)
Spam and unrelated posts will be removed immediately!
Always add your TYPO3, Aimeos and PHP version as well as your environment (Linux/Mac/Win)
Spam and unrelated posts will be removed immediately!
-
- Posts: 10
- Joined: 12 Jun 2023, 06:49
Frontend Customer checkLimit not working as expected in TYPO3
Our customer called us, because one of the shop customers didn't got his account created.
We found the following entry within the aimeos log: Unable to create an account: Temporary limit reached.
We tracked it down to the aimeos/ai-controller-frontend/src/Controller/Frontend/Customer/Standard.php file an checkLimit() method.
This one is well documented and would check whether the same IP ($context->editor()) has already created two accounts within 14400 seconds ( https://github.com/aimeos/ai-controller ... d.php#L461 ).
That's all fine. But using TYPO3 the column customer.editor is not available ( https://github.com/aimeos/ai-typo3/blob ... 3.php#L238 ), leading to ignoring the IP address. This will lead to block new user accounts whenever two new accounts where created within 14400 seconds (=240 minutes = 4 hours).
That doesn't sound well.
We now increased the number of allowed accounts and reduced the number of seconds as temporarily workaround. Maybe it would make sense to add the column to TYPO3 fe_users and have a proper IP based check.
But one should also ensure that the IP is removed after a certain amount of time, due to DSGVO. TYPO3 already offers a scheduler task for that: https://github.com/TYPO3/typo3/blob/12. ... onTask.php this can be configured to also handle the table and field.
We probably will add that as proper solution within the customer installation.
So this post is not a request for help, but a feedback on the current situation with a request to consider the current situation and a whether it would make sense to optimize that situation.
We found the following entry within the aimeos log: Unable to create an account: Temporary limit reached.
We tracked it down to the aimeos/ai-controller-frontend/src/Controller/Frontend/Customer/Standard.php file an checkLimit() method.
This one is well documented and would check whether the same IP ($context->editor()) has already created two accounts within 14400 seconds ( https://github.com/aimeos/ai-controller ... d.php#L461 ).
That's all fine. But using TYPO3 the column customer.editor is not available ( https://github.com/aimeos/ai-typo3/blob ... 3.php#L238 ), leading to ignoring the IP address. This will lead to block new user accounts whenever two new accounts where created within 14400 seconds (=240 minutes = 4 hours).
That doesn't sound well.
We now increased the number of allowed accounts and reduced the number of seconds as temporarily workaround. Maybe it would make sense to add the column to TYPO3 fe_users and have a proper IP based check.
But one should also ensure that the IP is removed after a certain amount of time, due to DSGVO. TYPO3 already offers a scheduler task for that: https://github.com/TYPO3/typo3/blob/12. ... onTask.php this can be configured to also handle the table and field.
We probably will add that as proper solution within the customer installation.
So this post is not a request for help, but a feedback on the current situation with a request to consider the current situation and a whether it would make sense to optimize that situation.
-
- Posts: 10
- Joined: 12 Jun 2023, 06:49
Re: Frontend Customer checkLimit not working as expected in TYPO3
Another remark: The order passed through but only contained digital products. That leaves the customer in a situation where he pays and receives emails without a way to log in and download the products.
We workaround that by manually creating the user record and linking it to the user.
We workaround that by manually creating the user record and linking it to the user.
-
- Posts: 10
- Joined: 12 Jun 2023, 06:49
Re: Frontend Customer checkLimit not working as expected in TYPO3
Registration for anonymization can be done this way in ext_localconf.php:
Where aimeos_editor is the actual column name. Note that anonymization will replace the last parts of the address with 0 …
Creation of the column can happen within ext_tables.sql:
And this is our patch to the aimeos package:
Code: Select all
\TYPO3\CMS\Core\Utility\ArrayUtility::mergeRecursiveWithOverrule($GLOBALS['TYPO3_CONF_VARS'], [
'SC_OPTIONS' => [
'scheduler' => [
'tasks' => [
\TYPO3\CMS\Scheduler\Task\IpAnonymizationTask::class => [
'options' => [
'tables' => [
'fe_users' => [
'dateField' => 'crdate',
'ipField' => 'aimeos_editor',
],
],
],
],
],
],
],
]);
Creation of the column can happen within ext_tables.sql:
Code: Select all
CREATE TABLE fe_users (
aimeos_editor varchar(39) DEFAULT '' NOT NULL,
);
Code: Select all
diff --git a/config/mshop/customer.php b/config/mshop/customer.php
index d99e791..4caa9dd 100644
--- a/config/mshop/customer.php
+++ b/config/mshop/customer.php
@@ -647,9 +647,9 @@ return array(
"title", "first_name", "last_name", "address", "zip", "city", "zone",
"language", "telephone", "email", "fax", "www", "longitude", "latitude",
"date_of_birth", "disable", "password", "tstamp", "static_info_country",
- "usergroup", "pid", "siteid", "crdate"
+ "usergroup", "pid", "siteid", "crdate", "aimeos_editor"
) VALUES ( :values
- ?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?
+ ?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?
)
',
),
@@ -661,7 +661,7 @@ return array(
"first_name" = ?, "last_name" = ?, "address" = ?, "zip" = ?, "city" = ?, "zone" = ?,
"language" = ?, "telephone" = ?, "email" = ?, "fax" = ?, "www" = ?, "longitude" = ?,
"latitude" = ?, "date_of_birth" = ?, "disable" = ?, "password" = ?, "tstamp" = ?,
- "static_info_country" = ?, "usergroup" = ?, "pid" = ?
+ "static_info_country" = ?, "usergroup" = ?, "pid" = ?, "aimeos_editor" = ?
WHERE ( "siteid" LIKE ? OR siteid = \'\' ) AND "uid" = ?
',
),
diff --git a/src/MShop/Customer/Manager/Typo3.php b/src/MShop/Customer/Manager/Typo3.php
index 888b302..cddd8b3 100644
--- a/src/MShop/Customer/Manager/Typo3.php
+++ b/src/MShop/Customer/Manager/Typo3.php
@@ -234,11 +234,11 @@ class Typo3
'type' => 'datetime',
'internaltype' => \Aimeos\Base\DB\Statement\Base::PARAM_STR,
),
- // not available
+ // Added in customer installation
'customer.editor'=> array(
'label' => 'Customer editor',
'code' => 'customer.editor',
- 'internalcode' => null,
+ 'internalcode' => 'mcus."aimeos_editor"',
'type' => 'string',
'internaltype' => \Aimeos\Base\DB\Statement\Base::PARAM_STR,
),
@@ -608,12 +608,14 @@ class Typo3
$stmt->bind( $idx++, $this->pid, \Aimeos\Base\DB\Statement\Base::PARAM_INT ); // TYPO3 PID value
if( $id !== null ) {
+ $stmt->bind( $idx++, $context->editor(), \Aimeos\Base\DB\Statement\Base::PARAM_STR ); // IP Address
$stmt->bind( $idx++, $context->locale()->getSiteId() . '%' );
$stmt->bind( $idx, $id, \Aimeos\Base\DB\Statement\Base::PARAM_INT );
$item->setId( $id );
} else {
$stmt->bind( $idx++, $this->siteId( $item->getSiteId(), \Aimeos\MShop\Locale\Manager\Base::SITE_SUBTREE ) );
- $stmt->bind( $idx, time(), \Aimeos\Base\DB\Statement\Base::PARAM_INT ); // Creation time
+ $stmt->bind( $idx++, time(), \Aimeos\Base\DB\Statement\Base::PARAM_INT ); // Creation time
+ $stmt->bind( $idx++, $context->editor(), \Aimeos\Base\DB\Statement\Base::PARAM_STR ); // IP Address
}
$stmt->execute()->finish();
Re: Frontend Customer checkLimit not working as expected in TYPO3
The IP address is only used if the user is not logged in:
https://github.com/aimeos/aimeos-typo3/ ... t.php#L338
The IP address (or the user e-mail address) also stored in the mshop_order table along with the order instead of the fe_users table. If the mshop_order.editor column contains an empty value, the problem is likely here:
https://github.com/aimeos/aimeos-typo3/ ... #L332-L339
Or there could be a problem here because only the user ID is updated, not the editor in the context:
https://github.com/aimeos/ai-client-htm ... rd.php#L55
Also, don't care about storing the IP address because of DSGVO. The order already contains the full address of the customer which is much more sensitive personal data.
https://github.com/aimeos/aimeos-typo3/ ... t.php#L338
The IP address (or the user e-mail address) also stored in the mshop_order table along with the order instead of the fe_users table. If the mshop_order.editor column contains an empty value, the problem is likely here:
https://github.com/aimeos/aimeos-typo3/ ... #L332-L339
Or there could be a problem here because only the user ID is updated, not the editor in the context:
https://github.com/aimeos/ai-client-htm ... rd.php#L55
Also, don't care about storing the IP address because of DSGVO. The order already contains the full address of the customer which is much more sensitive personal data.
Professional support and custom implementation are available at Aimeos.com
If you like Aimeos, give us a star
If you like Aimeos, give us a star
-
- Posts: 10
- Joined: 12 Jun 2023, 06:49
Re: Frontend Customer checkLimit not working as expected in TYPO3
Thanks for your answer. I could verify that the context contains the IP address.
The issue then still seems to be https://github.com/aimeos/ai-typo3/blob ... 3.php#L238 in combination with https://github.com/aimeos/ai-controller ... d.php#L504 as the check happens against the user table, not the order table. And the column is not defined for the user table.
The issue then still seems to be https://github.com/aimeos/ai-typo3/blob ... 3.php#L238 in combination with https://github.com/aimeos/ai-controller ... d.php#L504 as the check happens against the user table, not the order table. And the column is not defined for the user table.
Re: Frontend Customer checkLimit not working as expected in TYPO3
You are right, it's about creating new customer accounts, not placing orders.
And indeed, your solution seems to be the only viable one but we can't add it to 2023.10 LTS because of the neccesary database schema change. We will add the "editor" column to the fe_users table for 2024.x but in the meantime, the only option for you is to increase the count and decrease the time in which new customer accounts can be created, e.g. 10 accounts in 300 seconds (depending on how many new accounts to expect).
And indeed, your solution seems to be the only viable one but we can't add it to 2023.10 LTS because of the neccesary database schema change. We will add the "editor" column to the fe_users table for 2024.x but in the meantime, the only option for you is to increase the count and decrease the time in which new customer accounts can be created, e.g. 10 accounts in 300 seconds (depending on how many new accounts to expect).
Professional support and custom implementation are available at Aimeos.com
If you like Aimeos, give us a star
If you like Aimeos, give us a star
-
- Posts: 10
- Joined: 12 Jun 2023, 06:49
Re: Frontend Customer checkLimit not working as expected in TYPO3
Thanks for confirming the issue and approach Can you tell me the column name? We currently apply the patch in our project. So using the same column name would make updates way easier as we only would need to remove our patch.
Re: Frontend Customer checkLimit not working as expected in TYPO3
Here are the necessary patches:
- https://github.com/aimeos/ai-typo3/comm ... 422d898c56
- https://github.com/aimeos/aimeos-typo3/ ... fcee907d67
- https://github.com/aimeos/ai-typo3/comm ... 422d898c56
- https://github.com/aimeos/aimeos-typo3/ ... fcee907d67
Professional support and custom implementation are available at Aimeos.com
If you like Aimeos, give us a star
If you like Aimeos, give us a star
-
- Posts: 10
- Joined: 12 Jun 2023, 06:49
Re: Frontend Customer checkLimit not working as expected in TYPO3
Thank you very much