5.1.0

What's Changed

• feat: Added new isset method for ArrayStruct by Fabian Boensch (@En0Ma1259) in #58

New Contributors

• Fabian Boensch (@En0Ma1259) made their first contribution in #58

Full Changelog: 5.0.3...5.1.0

5.0.3

What's Changed

• test: improve infection coverage by Max Stegmeyer (@mstegmeyer) in #55
• feat: getters for exception parameters by Michel (@cyl3x) in #54
• fix: testing with integer values by Max Stegmeyer (@mstegmeyer) in #56
• fix: missing shippingLocation in salesChannelContext by Max Stegmeyer (@mstegmeyer) in #57

Full Changelog: 5.0.2...5.0.3

5.0.2

What's Changed

• fix: flow action resolving by Max Stegmeyer (@mstegmeyer) in #53

Full Changelog: 5.0.1...5.0.2

5.0.1

What's Changed

• fix: add missing recurring data to recurring action by Max Stegmeyer (@mstegmeyer) in #52

Full Changelog: 5.0.0...5.0.1

5.0.0

Highlights

• Introduce the dual signature verification mechanism to enhance security during shop secret rotations.
• Public API updates in registration verification and shop model that require consumer changes.

Breaking change

• RequestVerifier public API updated to accept raw secrets and adds authenticateRegistrationRequestWithShopSignature.
• ResponseSigner::getRegistrationSignature now expects proof parameters array.
• ShopInterface expanded with required getters/setters for pending/previous secrets, rotation time, and registration confirmation.
• AppConfiguration constructor adds enforceDoubleSignature (default false); enforceDoubleSignature() is deprecated.

Upgrade Notes

Public API changes

AppConfiguration

• New constructor parameter: bool $enforceDoubleSignature = false
• enforceDoubleSignature() is also deprecated (scheduled removal in v6.0.0). Should become always enforced.

RequestVerifier

• authenticateRegistrationRequest(RequestInterface, AppConfiguration) →
  authenticateRegistrationRequest(RequestInterface, string $appSecret)
• New: authenticateRegistrationRequestWithShopSignature(RequestInterface, string $shopSecret)
• authenticatePostRequest(RequestInterface, ShopInterface) →
  authenticatePostRequest(RequestInterface, string $secret, string $headerName = 'shopware-shop-signature')
• authenticateGetRequest(RequestInterface, ShopInterface) →
  authenticateGetRequest(RequestInterface, string $secret)
• authenticateStorefrontRequest(RequestInterface, ShopInterface) →
  authenticateStorefrontRequest(RequestInterface, string $shopId, string $secret)

ResponseSigner

• getRegistrationSignature(AppConfiguration, ShopInterface) →
  getRegistrationSignature(AppConfiguration, array $proofParameters) with keys shop-id, shop-url

ShopInterface (new required methods)

• getPendingShopUrl, setPendingShopUrl
• getPendingShopSecret, setPendingShopSecret
• getPreviousShopSecret, setPreviousShopSecret
• setShopSecret
• getSecretsRotatedAt, setSecretsRotatedAt
• isRegistrationConfirmed, setRegistrationConfirmed
• hasVerifiedWithDoubleSignature, setVerifiedWithDoubleSignature (deprecated)

Recommendations

• Replace direct usage of RequestVerifier with DualSignatureRequestVerifier to enable in-flight support during secret rotation windows.

Required code changes

1. Update your ShopInterface implementation

• Add the new fields and methods listed above.

2. Update any storage/persistence you own

• Persist the new fields your ShopInterface now exposes.
• Example: add columns for pending_shop_secret, pending_shop_url, previous_shop_secret, secrets_rotated_at, registration_confirmed, and has_verified_with_double_signature to your shop table.

3. Update calls to RequestVerifier

$verifier = new RequestVerifier();

$verifier->authenticateRegistrationRequest($request, $appSecret);
$verifier->authenticateRegistrationRequestWithShopSignature($request, $shopSecret);
$verifier->authenticatePostRequest($request, $shopSecret);
$verifier->authenticateGetRequest($request, $shopSecret);
$verifier->authenticateStorefrontRequest($request, $shopId, $shopSecret);

4. Update ResponseSigner::getRegistrationSignature usage

$proof = $responseSigner->getRegistrationSignature(
    $appConfig,
    ['shop-id' => $shopId, 'shop-url' => $shopUrl]
);

4.1.5

What's Changed

• feat: add customFields for CustomerResponseStruct by Chuc Le (@untilu29) in #50

Full Changelog: 4.1.4...4.1.5

4.1.4

What's Changed

• feat: add LanguageInfo to SalesChannelContext by Chuc Le (@untilu29) in #49

Full Changelog: 4.1.3...4.1.4

4.1.3

What's Changed

• fix: missing transaction validation data and status redirect response by Michel (@cyl3x) in #48

Full Changelog: 4.1.2...4.1.3

4.1.2

What's Changed

• fix: payment issues with PaymentFinalizeAction in ContextResolver by Chuc Le (@untilu29)

Full Changelog: 4.1.1...4.1.2

4.1.1

What's Changed

• feat: bc-check by Michel (@cyl3x) in #44
• fix: mark invalid json response as authentication error by Ghaith (@Gaitholabi) in #45

Full Changelog: 4.1.0...4.1.1