Changelog

Categories: Security, Feature, Fix, Perf, Admin, Deps.

[1.7.14] - 2026-05-26

Fix

• MultiSafepay redirect handshake fixed (orders no longer bounce back to /checkout/cart/). The redirect token sent to MultiSafepay is now generated as a 32-character hex string instead of a 36-character UUIDv4 — the multisafepay_redirect_token.token column is VARCHAR(32), so MySQL was silently truncating the UUID and the redirect controller's later lookup never found the row, throwing "Redirect token does not exist" after every Place Order on stores running multisafepay/magento2 4.2+.
• Removed the diagnostic logging added in 1.7.12/1.7.13 that flooded system.log while we tracked the issue down.

[1.7.11] - 2026-05-26

Fix

• MultiSafepay 4.2 redirect_token now persists end-to-end. Magento's REST ServiceInputProcessor was stripping the redirect_token from additional_data before MultiSafepay's observer could read it (signature mismatch on PaymentInterface::setAdditionalData). A new CaptureMultisafepayRedirectTokenPlugin on Magento\Quote\Model\Quote\Payment::importData captures the value from the raw input and writes it to additional_information so MultiSafepay's place-order observer can persist the redirect_token row.

[1.7.10] - 2026-05-26

Fix

• MultiSafepay checkout restored after multisafepay/magento2 4.2 upgrade. The 4.2 metapackage requires token-based redirect handling (PLGMAG2V2-888) — the gateway redirect controller refuses session-based lookups and demands a ?token=... query string. The Hyvä checkout JS now generates a per-order token, sends it as paymentMethod.additional_data.redirect_token, and appends it to the redirect URL for all multisafepay* gateway codes. Other off-site gateways (Mollie, PayNL, Buckaroo) are untouched. WMI-130.

[1.7.9] - 2026-05-26

Fix

• Post-order redirect no longer leaves the customer on /checkout/cart/ with the page looking like they've been logged out. The private-content-loaded event dispatched after a successful payment now carries a {detail: {data: {}}} payload, fixing a Cannot read properties of null thrown by Hyvä's messages section listener.

[1.7.8] - 2026-05-20

Fix

• Order summary now shows whole quantities as 1 instead of the raw 1.0000 decimal returned by Magento's quote API. The sidebar item count and the in-summary + / − quantity buttons also stop misbehaving (the previous code was string-concatenating qty values instead of summing them numerically).
• One-page checkout no longer leaves shoppers stuck on "Please complete the shipping step first to see payment methods" after they pick a shipping method. The first user click now reliably loads the payment methods (the previous one-page watcher silently swallowed the very first selection when no shipping method was preselected).
• Added missing French and Dutch translations for "Back to cart" and "Loading payment methods…" — both strings now render in the active store language instead of leaking English on non-English storefronts.

[1.7.7] - 2026-05-19

Fix

• Logged-in customers whose Magento session became corrupted were re-exposed to the storefront as guests, so the checkout silently tried a guest place-order. On stores with downloadable products (where guest checkout is disabled by default), the place-order then aborted with "guest checkout not available" even though the shopper was logged in. The session fallback now restores the logged-in flag and customer profile from the quote's stored customer link. WMI-130.

[1.7.6] - 2026-05-19

Fix

• Downloadable-only carts (a cart of only digital / module products) no longer freeze on the shipping step waiting for a method that will never appear. The checkout now treats a cart of only virtual/downloadable items as virtual regardless of Magento's stored is_virtual flag and goes straight to billing + payment. WMI-130.
• Order summary thumbnails now fall back through thumbnail → small_image → image so marketplace products that only carry a base image still render their picture in the cart and on the success page. WMI-130.

[1.7.5] - 2026-05-19

Fix

• Order summary and totals no longer render every amount as the literal "0,00 €" on locales where Magento's Currency::getOutputFormat() returns a formatted zero instead of the %s € template. The checkout config is now repaired after serialization (re-injecting %s into the pattern) and formatPrice() falls back to %s € if a broken pattern still leaks through. WMI-130.

[1.7.4] - 2026-05-18

Fix

• Virtual and downloadable-only carts no longer trigger the full-page loader while the customer is still typing their address. The billing / payment-methods / totals preload now runs against a localized paymentMethodsLoading flag and surfaces as a small inline "Loading payment methods…" indicator inside the payment section. The full-page loader is preserved for genuine blocking operations (Place Order, Set Shipping Info, cart item updates). Fixes WMI-124.

[1.7.3] - 2026-05-10

Feature

• New Enable Debug Logging toggle (Stores → Configuration → Wimakeit → Checkout → General), off by default. Internal traces in success-page hydration, checkout data provider, config provider and the payment-information plugins (logged-in + guest) are gated behind it; error/critical always log.

Perf

• Production stores stop emitting hot-path traces from the checkout pipeline into var/log/system.log once the toggle is left off.

Deps

• Requires wimakeit/module-core 3.0.9+ for the shared debug logger virtual type.

[1.7.2] - 2026-05-08

Admin

• Admin menu group standardized — module appears under a top-level Wimakeit_Checkout entry with a Settings child that opens directly on the configuration section.
• New Wimakeit_Checkout::config ACL resource so the Settings entry can be granted independently of code edits.

Deps

• Certified PHP 8.1 → 8.3 support. Composer php constraint tightened to >=8.1 <8.4.

[1.7.1] - 2026-04-29

Admin

• Internal release pipeline standardized (validate, tag, deploy, release stages). No functional change for merchants.

[1.7.0] - 2026-04-30

Feature

• New payment method icons — 5 neutral SVG categories (card, bank, wallet, cash, voucher) auto-mapped to the major gateways (MultiSafepay, Mollie, PayNL, Buckaroo, Adyen, Stripe, native PayPal/Braintree) and generic codes (cashondelivery, checkmo, banktransfer, sepa, klarna, afterpay…), with a title-keyword fallback (bancontact, iDEAL, PayPal, Apple/Google Pay, Klarna, sofort, giropay, payconiq, FR/NL translations).
• Expanded post-order redirect defaults to cover multisafepay, mollie_methods, mollie, paynl_payment, buckaroo_magento2. Previously only MultiSafepay was handled server-side, so Mollie iDEAL/Bancontact customers were dropped on the native success page before the gateway could redirect them.

Admin

• New Show Payment Method Icons toggle (default on) under Stores > Configuration > WiMakeIT > Checkout > Payment.
• New Custom Icon Overrides field (multiline prefix|value textarea) — value can be a full URL, a module-relative path, or a built-in slug.
• New Off-site Gateway Redirect URLs field (multiline prefix|url textarea) — URLs starting with / are prefixed with the store base URL, letting integrators add gateways without touching code.

[1.6.1] - 2026-04-25

Fix

• Off-site payment gateways (MultiSafepay and similar) no longer drop customers on the native success page right after placing the order. The Alpine place-order handler now resolves the gateway redirect URL from the server-side map instead of always navigating to successUrl.

[1.6.0] - 2026-04-20

Admin

• Module is now laser-focused on Luma + Breeze. Hyvä-specific surface area (Tailwind module, hyva_config_generate_before observer, etc/frontend/events.xml, pre-compiled CSS) moved to the companion wimakeit/module-checkout-hyva ≥ 1.1.0.
• Removed pre-compiled checkout.css / success.css and the non-partial LESS entries that existed only for the Hyvä <css src=> publisher.

Deps

• Hyvä sites must now install wimakeit/module-checkout-hyva ≥ 1.1.0 (ships its own compiled stylesheets and a proper <link rel="stylesheet"> injection).

[1.5.2] - 2026-04-15

Admin

• Dropped <head><css src="…"/> from checkout_index_index.xml and checkout_onepage_success.xml — Hyvä's page-config renderer was stripping the rel="stylesheet" from it, leaving the browser with a bare <link> it never loaded. Luma and Breeze still pick up the styles via their existing _extend.less / critical-CSS pipelines.
• Ship compiled checkout.css and success.css alongside the LESS partials so the Hyvä companion module can reference them.

[1.5.1] - 2026-04-12

Fix

• Restored the runtime LESS entry points (checkout.less, success.less) after the 1.5.0 cleanup so themes that don't bundle our partials still get styled.

Feature

• Native Hyvä Tailwind registration via the hyva_config_generate_before observer — themes that opt-in to the proper pipeline no longer double-load the styles.

[1.5.0] - 2026-04-10

Admin

• Frontend assets restructured into a single LESS source under view/frontend/web/css/source/:
• _variables.less — design tokens (text, font-size, radius, breakpoints, transitions, dark-mode palette).
• _mixins.less — spinner, input-base, selectable-card, button-base, visually-hidden.
• _checkout.less, _success.less — fully nested page partials.
• _module.less — Luma bundle entry (auto-included via _extend.less).
• New Breeze critical-CSS entry at view/frontend/web/css/breeze/_checkout.less per breezefront convention.
• New Hyvä Tailwind source at view/frontend/tailwind/module.css so Hyvä's Tailwind build keeps the .wm-co-* classes.
• New Breeze JS widget shim registered in breeze_checkout_index_index.xml — Breeze can defer / bundle the Alpine component instead of treating the <script src> as a standalone asset.

[1.4.4] - 2026-04-08

Fix

• Custom success page no longer renders a duplicate native "Thank you for your purchase!" heading nor the "Print" link above our hero.
• Product thumbnails on the success page no longer produce a broken placeholder/.jpg URL when the product has no small_image. Magento's normal placeholder URL is now returned.
• Social share text now reads "I just placed an order at WiMakeIT" instead of the raw store-view code (was "FR").

[1.4.3] - 2026-04-05

Admin

• "Place Order" button now uses the configured Accent Color instead of the neutral text color, so the primary CTA matches the brand. Hover darkens via filter: brightness(.92).

[1.4.2] - 2026-04-03

Fix

• Minicart no longer shows the items from the order just placed. After a successful payment-information POST, the cart, checkout-data, cart-data, last-ordered-items and messages keys are wiped from mage-cache-storage, section cookies expired, and the Hyvä reload-customer-section-data / private-content-loaded events dispatched.

[1.4.1] - 2026-04-02

Fix

• placeOrder no longer fails silently when a shipping/billing field is invalid. The validator now sets a global error (with the offending field's message) and scrolls/focuses the first invalid input. Previously the button stayed enabled while the click did nothing.

[1.4.0] - 2026-04-01

Feature

• New custom order success page with five individually toggleable sections:
• Hero with personalised greeting, order number and confirmation email line.
• Order summary card listing each item (thumbnail, qty, line total) plus the grand total.
• Next-order coupon card with a copy-to-clipboard button (Alpine, no extra JS).
• Social share row (Facebook, X, LinkedIn, WhatsApp, email) with brand-coloured hover.
• Upsells grid built from related products of the just-bought items, deduped against the order itself and capped to a configurable limit (default 4).
• New SuccessData ViewModel that pulls the last real order from the checkout session, formats prices via Pricing\Helper\Data, and degrades gracefully when the order is no longer available (empty-state with "continue shopping" CTA).

Admin

• Module now sequences Magento_Catalog and Magento_Sales for the upsell + order data needed by the success page.

[1.3.0] - 2026-03-28

Feature

• New extension attribute wm_newsletter_email so the newsletter subscription uses the email actually captured in the checkout form rather than billing.email. Avoids subscribing the wrong address after the user changes the email in a later step. Falls back to billing/quote email if missing or invalid.
• New getDeliveryEstimate(method) helper exposing per-method delivery ETAs when the carrier provides them (extension_attributes.delivery_date, eta, lead_time, estimated_delivery). Displayed under the carrier title.

Perf

• Shipping form no longer issues redundant POST /billing-address calls — the request is now skipped when neither the address nor the cart changed since the last successful load.

Admin

• Bundled phpstan.neon (level 8) and phpcs.xml (PSR-12 + Magento2) so the module ships with a clean static-analysis baseline.

[1.2.0] - 2026-03-25

Feature

• Virtual / downloadable cart support — when $quote->isVirtual() is true, the shipping leg is skipped, the address form becomes the billing address, and payment methods are loaded via POST /billing-address + GET /payment-methods + GET /totals.
• Step indicator shows "Billing" instead of "Shipping" for virtual carts.

Admin

• Removed the "billing address same as shipping" toggle and the secondary billing form for virtual carts — the displayed address IS the billing address.

[1.1.0] - 2026-03-20

Feature

• Order comments now persisted on the quote and copied to sales_order.customer_note (plugin on PaymentInformationManagementInterface + guest variant).
• Newsletter opt-in actually subscribes the email after a successful order, for both customer and guest checkout.
• Gift message UI (sender / recipient / message) wired to the native Magento_GiftMessage REST endpoint, called before order placement.
• Real address autocomplete implementation for both Google Places and HERE Geocoding — country-restricted suggestions under the street field, with a session token to keep Google billing on the autocomplete-only tier.
• Bundled Alpine.js 3.14.1 in view/frontend/web/js/vendor/alpine.min.js so Luma works out of the box (Hyvä and Breeze keep using their native Alpine).
• Telephone validation (E.164-ish: 7–20 digits after stripping separators).

Security

• Email validation now uses the WHATWG HTML5 regex with a 254-char cap.
• isEmailAvailable calls are debounced and rate-limited (≥ 1.5s between requests) to slow down enumeration probes.

Admin

• Declared extension_attributes on Quote\Api\Data\PaymentInterface: wm_customer_note, wm_subscribe_newsletter.
• Removed the 0000000000 telephone fallback — the field is now properly required.

Deps

• Soft dependency on magento/module-gift-message and magento/module-newsletter declared in composer.json and module.xml.