security: validate billing address structure in Order model #24

Open

Charon wants to merge 1 commit from feat/validate-billing-address into dev

pull from: feat/validate-billing-address

merge into: core:dev

core:dev

core:feat/test-stripe-webhooks

core:feat/docs-and-provisioning

core:feat/test-permission-matrix-service

core:feat/test-warehouse-service

core:feat/test-product-catalog-service

core:feat/test-invoice-service

core:feat/test-referral-service

core:feat/test-payment-method-service

core:feat/test-usage-billing-service

core:feat/csrf-billing-endpoints

core:main

Conversation 0 Commits 1 Files changed 1 +85

Charon commented 2026-03-24 16:20:31 +00:00

Member

Copy link

Summary

• Add validateBillingAddress() method to Order model, triggered on creating and updating events
• Required fields enforced: line1, city, postcode, country (ISO 3166-1 alpha-2)
• Optional fields: line2, state
• Unrecognised keys are stripped to prevent data pollution
• Respects commerce.checkout.require_billing_address config — when disabled, null is permitted but non-null values must still conform
• Constants BILLING_ADDRESS_REQUIRED_FIELDS and BILLING_ADDRESS_ALLOWED_FIELDS exposed for external validation

Fixes #12

Test plan

• Create order with valid billing address — should succeed
• Create order with missing required field (e.g. no country) — should throw ValidationException
• Create order with null billing address when require_billing_address is true — should throw
• Create order with null billing address when require_billing_address is false — should succeed
• Create order with extra keys in billing address — extra keys should be stripped
• Update order billing address with invalid data — should throw
• Verify country must be exactly 2 characters (ISO code)

🤖 Generated with Claude Code

## Summary - Add `validateBillingAddress()` method to `Order` model, triggered on `creating` and `updating` events - Required fields enforced: `line1`, `city`, `postcode`, `country` (ISO 3166-1 alpha-2) - Optional fields: `line2`, `state` - Unrecognised keys are stripped to prevent data pollution - Respects `commerce.checkout.require_billing_address` config — when disabled, `null` is permitted but non-null values must still conform - Constants `BILLING_ADDRESS_REQUIRED_FIELDS` and `BILLING_ADDRESS_ALLOWED_FIELDS` exposed for external validation Fixes #12 ## Test plan - [ ] Create order with valid billing address — should succeed - [ ] Create order with missing required field (e.g. no `country`) — should throw `ValidationException` - [ ] Create order with `null` billing address when `require_billing_address` is `true` — should throw - [ ] Create order with `null` billing address when `require_billing_address` is `false` — should succeed - [ ] Create order with extra keys in billing address — extra keys should be stripped - [ ] Update order billing address with invalid data — should throw - [ ] Verify `country` must be exactly 2 characters (ISO code) 🤖 Generated with [Claude Code](https://claude.com/claude-code)

Charon added 1 commit 2026-03-24 16:20:32 +00:00

security: validate billing address structure in Order model ... aedc9ee378

Add billing address validation on Order creating/updating events.
Required fields (line1, city, postcode, country) are enforced when
commerce.checkout.require_billing_address is enabled (default).
Unrecognised keys are stripped to prevent data pollution.

Fixes #12

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

This pull request can be merged automatically.

You are not authorized to merge this pull request.

View command line instructions

Checkout

From your project repository, check out a new branch and test the changes.

git fetch -u origin feat/validate-billing-address:feat/validate-billing-address

git checkout feat/validate-billing-address

Merge

Merge the changes and update on Forgejo.

Warning: The "Autodetect manual merge" setting is not enabled for this repository, you will have to mark this pull request as manually merged afterwards.

git checkout dev

git merge --no-ff feat/validate-billing-address

git checkout feat/validate-billing-address

git rebase dev

git checkout dev

git merge --ff-only feat/validate-billing-address

git checkout feat/validate-billing-address

git rebase dev

git checkout dev

git merge --no-ff feat/validate-billing-address

git checkout dev

git merge --squash feat/validate-billing-address

git checkout dev

git merge --ff-only feat/validate-billing-address

git checkout dev

git merge feat/validate-billing-address

git push origin dev

Sign in to join this conversation.

Reviewers

No reviewers

Labels

Clear labels   

P1

Priority 1 - Critical

  

P2

Priority 2 - Important

  

P3

Priority 3 - Nice to have

  

PHP

PHP codebase

  

agent-ready

  

bug

Bug fix

  

clotho

Assigned to Clotho AI agent

  

discovery

Auto-discovered by agent

  

docs

Documentation

  

refactor

Code quality refactoring

  

review

Needs human review

  

security

Security hardening

  

testing

Test coverage

  

athena

Assign to Athena AI agent (M3 Ultra)

  

athena-gemini

Dispatch to Gemini CLI on M3 Ultra

  

audit

Code audit task

  

clotho

Assign to Clotho AI agent for processing

  

clotho-gemini

Dispatch to Gemini CLI on darbs (AU)

  

codex

Dispatch to Codex CLI on gateway for analysis

  

darbs-claude

Dispatch to Claude on darbs (AU)

  

security

Security review task

  

wiki

Documentation/wiki update

No labels

P1

P2

P3

PHP

agent-ready

bug

clotho

discovery

docs

refactor

review

security

testing

athena

athena-gemini

audit

clotho

clotho-gemini

codex

darbs-claude

security

wiki

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: core/php-commerce#24

No description provided.