Release 1.4.2

config.xml

@@ -2,7 +2,7 @@
 <module>
     <name>psgdpr</name>
     <displayName><![CDATA[Official GDPR compliance]]></displayName>
-    <version><![CDATA[1.4.1]]></version>
+    <version><![CDATA[1.4.2]]></version>
     <description><![CDATA[Make your store comply with the General Data Protection Regulation (GDPR).]]></description>
     <author><![CDATA[PrestaShop]]></author>
     <tab><![CDATA[front_office_features]]></tab>

psgdpr.php

@@ -26,6 +26,9 @@
     require_once $autoloadPath;
 }
 
+use PrestaShop\PrestaShop\Adapter\ServiceLocator;
+use PrestaShop\PrestaShop\Core\Crypto\Hashing;
+
 class Psgdpr extends Module
 {
     public $adminControllers = [
@@ -119,7 +122,7 @@ public function __construct()
         // Settings
         $this->name = 'psgdpr';
         $this->tab = 'administration';
-        $this->version = '1.4.1';
+        $this->version = '1.4.2';
         $this->author = 'PrestaShop';
         $this->need_instance = 0;
 
@@ -1043,10 +1046,19 @@ public function deleteDataFromModules($customer)
      */
     public function createAnonymousCustomer()
     {
-        $query = 'SELECT id_customer, email FROM `' . _DB_PREFIX_ . 'customer` c WHERE email = "anonymous@psgdpr.com" or email = "anonymous@anonymous.com"';
+        /** @var Hashing $crypto */
+        $crypto = ServiceLocator::get(Hashing::class);
+
+        $query = 'SELECT id_customer, email, passwd FROM `' . _DB_PREFIX_ . 'customer` c WHERE email = "anonymous@psgdpr.com" or email = "anonymous@anonymous.com"';
         $anonymousCustomer = Db::getInstance()->getRow($query);
 
         if (isset($anonymousCustomer['id_customer'])) {
+            if ($anonymousCustomer['passwd'] === 'prestashop') {
+                $customer = new Customer((int) $anonymousCustomer['id_customer']);
+                $customer->passwd = $crypto->hash(Tools::passwdGen(64)); // Generate a long random password
+                $customer->save();
+            }
+
             $id_address = Address::getFirstCustomerAddressId($anonymousCustomer['id_customer']);
 
             Configuration::updateValue('PSGDPR_ANONYMOUS_CUSTOMER', $anonymousCustomer['id_customer']);
@@ -1061,7 +1073,7 @@ public function createAnonymousCustomer()
         $customer->lastname = 'Anonymous';
         $customer->firstname = 'Anonymous';
         $customer->email = 'anonymous@psgdpr.com';
-        $customer->passwd = 'prestashop';
+        $customer->passwd = $crypto->hash(Tools::passwdGen(64)); // Generate a long random password
         $customer->active = false;
 
         if ($customer->save() == false) {

tests/phpstan/phpstan-1.7.1.2.neon

@@ -7,5 +7,6 @@ parameters:
     - '#Parameter \#1 \$hook_name of method ModuleCore\:\:registerHook\(\) expects string, array<int, string> given.#'
     - '#Parameter \#1 \$id of class Customer constructor expects null, int given.#'
     - '#Parameter \#4 \$idShop of static method CMSCore\:\:getCMSPages\(\) expects null, int given.#'
-    - '#Parameter \#4 \$ssl of method LinkCore\:\:getModuleLink\(\) expects null, true given.#'
+    - '#Parameter \#4 \$ssl of method LinkCore\:\:getModuleLink\(\) expects null, true given\.#'
     - '#Property CustomerCore\:\:\$passwd \(int\) does not accept string.#'
+    - '#^Strict comparison using === between int and ''prestashop'' will always evaluate to false\.$#'

upgrade/upgrade-1.4.2.php

@@ -0,0 +1,45 @@
+<?php
+/**
+ * Copyright since 2007 PrestaShop SA and Contributors
+ * PrestaShop is an International Registered Trademark & Property of PrestaShop SA
+ *
+ * NOTICE OF LICENSE
+ *
+ * This source file is subject to the Academic Free License 3.0 (AFL-3.0)
+ * that is bundled with this package in the file LICENSE.md.
+ * It is also available through the world-wide-web at this URL:
+ * https://opensource.org/licenses/AFL-3.0
+ * If you did not receive a copy of the license and are unable to
+ * obtain it through the world-wide-web, please send an email
+ * to license@prestashop.com so we can send you a copy immediately.
+ *
+ * @author    PrestaShop SA <contact@prestashop.com>
+ * @copyright Since 2007 PrestaShop SA and Contributors
+ * @license   https://opensource.org/licenses/AFL-3.0 Academic Free License 3.0 (AFL-3.0)
+ */
+if (!defined('_PS_VERSION_')) {
+    exit;
+}
+
+use PrestaShop\PrestaShop\Adapter\ServiceLocator;
+use PrestaShop\PrestaShop\Core\Crypto\Hashing;
+
+/**
+ * @param Psgdpr $module
+ *
+ * @return bool
+ */
+function upgrade_module_1_4_2($module)
+{
+    // Only change password when it's "prestashop"
+    $customer = new Customer((int) Configuration::get('PSGDPR_ANONYMOUS_CUSTOMER'));
+    // @phpstan-ignore-next-line
+    if (Validate::isLoadedObject($customer) && $customer->passwd === 'prestashop') {
+        /** @var Hashing $crypto */
+        $crypto = ServiceLocator::get(Hashing::class);
+        $customer->passwd = $crypto->hash(Tools::passwdGen(64)); // Generate a long random password
+        $customer->save();
+    }
+
+    return true;
+}

views/templates/admin/tabs/getStarted.tpl

@@ -30,7 +30,7 @@
         <li>{l s='The right to give and withdraw consent' mod='psgdpr'}</li>
     </ol>
     <p>{l s='It also allows you to keep a record of processing activities (especially for access, consent and erasure).' mod='psgdpr'}</p>
-    <p><b>{l s='Follow our 3 steps to configure your module and help you to become GDPR compliant !' mod='psgdpr'}</b></p>
+    <p><b>{l s='Follow our 3 steps to configure your module and help you to become GDPR compliant!' mod='psgdpr'}</b></p>
 
     <div class="row">
         <div class="col-lg-1"></div>
@@ -69,7 +69,7 @@
     <br>
 
     <div role="alert" data-alert="info" class="alert alert-info">
-        {l s='Note : Please make sure that you have access to the latest version of your installed module(s) to fully benefit the features of our GDPR module. If one or several of your modules do not provide their data list, we invite you to contact directly the developers of these modules.' mod='psgdpr'}
+        {l s='Note: Please make sure that you have access to the latest version of your installed module(s) to fully benefit the features of our GDPR module. If one or several of your modules do not provide their data list, we invite you to contact directly the developers of these modules.' mod='psgdpr'}
     </div>
 
     <br>
@@ -114,6 +114,6 @@
     </div>
 
     <div role="alert" data-alert="info" class="alert alert-info">
-        {l s='Note : These features are intended to help you to become GDPR compliant. However using them does not guarantee that your site is fully compliant with GDPR requirements. It is ' mod='psgdpr'} <b>{l s='It is your own responsibility' mod='psgdpr'}</b> {l s='to configure the modules and take all necessary actions to ensure compliance. For any questions, we recommend you to contact a lawyer specializing in personal data legislation questions.' mod='psgdpr'}
+        {l s='Note: These features are intended to help you to become GDPR compliant. However using them does not guarantee that your site is fully compliant with GDPR requirements.' mod='psgdpr'} <b>{l s='It is your own responsibility' mod='psgdpr'}</b> {l s='to configure the modules and take all necessary actions to ensure compliance. For any questions, we recommend you to contact a lawyer specializing in personal data legislation questions.' mod='psgdpr'}
     </div>
 </div>