Welcome to the August edition of Atwix MageNews!
This is the 7th digest in the series and it’s all about updates from Magento world, upcoming changes and experience sharing. Interested? Come in and read more!
Not to Miss
New Payment Security Standards and Magento
Currently, two payment standards are shaping the payment industry. This is all about 3-D Secure 2.0 and PSD2.
The main change of 3-D Secure 2.0 is that merchants and issuer banks will exchange contextual data to automatically verify the identity of the customers and detect high-risks transactions which are less than 5 percent of all placed transactions. This helps to reduce transaction time by 85% and the drop-off rate by 70%.
The PSD2 (Payment Service Directive 2) is a reviewed EU payment directive which requires payment providers to apply Strong Customer Authentication (SCA). SCA requires to use at least two of the following factors to verify identity during transactions:
– Something the customer knows: password or PIN they set
– Something the customers has: phone or hardware token for authentication
– Something the customer is: fingerprint, face recognition.
Starting September 14, 2019 European banks will decline payments that require SCA but do not meet the above criteria.
These directives will affect Magento as well. Magento is going to deprecate core bundled integrations with CyberSource, Authorize.net, eWay, Worldpay in favor of official payment integrations available on the marketplace.
PSA for #Magento merchants – CyberSource, https://t.co/aGSFPGC4LF, eWay, Braintree core integrations will be deprecated from the 2.3.3/2.3.4 M2 bundles and deleted in 2.4.0; they will live on @MagentoMP to enable quicker compliance and security updates https://t.co/IWiIEwHktq
— Igor Gorin (@theigorgorin) July 17, 2019
More Info:
– [Magento DevBlog] 3D Secure 2.0 changes
– [3DSecure2] Official website of 3D Secure 2.0 standard
– [Visa] New and improved 3-D secure – Infographic
– [Magento Marketplace] Braintree – Official Integration
– [Magento Marketplace] Authorize.Net – Official Integration
– [Magento Marketplace] CyberSource Global Payment Management – Official Integration
– [Magento Marketplace] eWay Payments – Official Integration
Adobe Analytics in Magento
Adobe announced a brand-new Analysis Workspace template for exploring your Magento commerce and marketing data. Check it out below!
A little Adobe news for your Friday: the latest step in the integration of Magento and #AdobeAnalytics is now live: a brand-new Analysis Workspace template for exploring your Magento commerce data and your marketing data. Here's the video overview: https://t.co/93eKghDXMm
— Benjamin Gaines (@benjamingaines) July 19, 2019
More Info:
– [Youtube] Adobe Analytics – Magento Marketing & Commerce Template
Community Experience
Module Vendor Worst Practices
A write up from Jisse Reitsma about classic quality issues of third-party modules you can find during the code review.
More Info:
– [Yireo] Review of a bad Magento 2 extension
Ngrok + Magento + Docker
And again about ngrok service and Magento. This time Dmitry Shkoliar tells us how to share docker-powered Magento local environment with the world using a custom integration module to troubleshoot typical issues related to building URLs and caching.
More Info:
– [shkoliar.com] Sharing local Docker Magento 2 development environment over the web
– [Github] Magento 2 ngrok integration
Magento 2 JS Bundling
Andrew Levine analyzed current JavaScript bundling problems for Luma-based frontend. He pointed out the most significant differences between Magento frontend and the rest of webpack-based frontends. As a result we got a summary of challenges on a way of implementing optimized JS bundling.
More Info:
– [Github Gist] JavaScript Bundling in Magento
Composer Root Updater
It’s great to see that Magento cares about upgrading process and tries to streamline it. For these needs, Magento created a composer plugin which automatically adjusts composer.json of the project making sure all dependencies comply with a new version of the platform. Don’t forget to try it next time you upgrade your projects!
We've got a new #Composer plugin that streamlines the process of upgrading to the latest greatest @magento Commerce.
This rad new plugin automates some manual steps in the upgrade process—it's easier + faster than ever!
All the info at your fingertips: https://t.co/5yBebj9JLC
— Magento DevDocs (@MagentoDevDocs) July 10, 2019
More Info:
– [Github] magento/composer-root-update-plugin
– [Magento DevBlog] Easier upgrades with new Composer plugin!
– [Magento DevDocs] Upgrade using the Magento composer root plugin
Elastic App Search for Magento
Elastic team announced an integration between Magento and their Elastic App Search product. App Search is a SaaS solution that simplifies the process of creating and maintaining applications which need to support search functionality. It provides deep relevance tuning and analytics feature for improving conversion rates. Learn more about this below.
More Info:
– [Elastic] Elastic App Search Magento module beta release
– [Elastic] Elastic App Search
– [Github] A first party module to integrate Elastic App Search in Magento 2.
Architecture
DocBlock Standards
Magento DocBlock Standards improvement has been announced by Vinai Kopp. This is a common effort and it resulted in removing rules which let to docBlock duplication. The proposal discourages usage of @inheritdoc directives which were based on adding obvious and redundant descriptions. It encourages commenting why some method or component was added and not how it was added. Read more about changes below.
Whohoo, the Magento devdocs coding style guide PR got merged! https://t.co/QTjTbeTXVP
Thanks for all the reviews and encouragement. This really was a group effort!
Still – in the end, style is only cosmetics, no real functionality was added or improved.
— Vinai (@VinaiKopp) July 16, 2019
More Info:
– [Magento DevDocs] DocBlock Standards
– [Github] Remove rules duplicating method signature info
Replacement for SCD
Static content deployment is one of the longest-running processes during Magento deployments. If the deployment process is not optimized, it even prolongs website downtime. Andrew Levine is working right now on a replacement for the current SCD. The biggest bottleneck is unofficial PHP LESS compiler. Andrew is working on a solution. The idea is to make Magento use official LESS compiler written on JavaScript and parallel style compiling via workers. This approach seems to be reasonable and works 6 times faster than the current one.
Big progress on my re-write of the #magento static content deploy functionality.
Less compilation is, by far, the biggest bottleneck in a deployment. I've spread the less compilation across workers so it can happen in parallel, without blocking other work in the main thread pic.twitter.com/Ft6X1GfnAS
— Andrew (@drewml) July 18, 2019
More Info:
– [Github] Fast, drop-in replacement for Magento’s Static Content Deploy (WIP)
– [Github] Proposal to rewrite + modernize Static Content Deployment
Security
XSS in Authorize.net Order Cancelation Flow
Magento 2.3.2 contains numerous security improvements and it’s super important to apply them all on out-dated versions of the platform. One of such vulnerabilities and attack vectors was founded and disclosed by RIPS Tech team. According to it, merchants who use core bundled integration with Authorize.net could be vulnerable to unauthenticated stored XSS attack during order cancelation which combined with RCE exploit can give hackers access to the webserver. Make sure your projects are patched and ready for this!
More Info:
– [RIPSTECH Blog] Magento 2.3.1: Unauthenticated Stored XSS to RCE
Upcoming Events. Don’t Miss!
– August 1st – MM19ID, Jakarta, Indonesia
– August 22nd – MM19SG, Marina Bay Sands, Singapore
– August 30th – Magento Meetup & Contribution Day in Khmelnytskyi, Khmelnytskyi, Ukraine
– September 5-6 – Meet Magento New York
– September 27-28 – MageCONF 2019, Kyiv, Ukraine
Want more?
Make sure to be the first for our September MageNews digest – subscribe to our blog.
See you in a month!
What was before?
– Atwix MageNews – July 2019
– Atwix MageNews – June 2019