🇵🇹Portugal @introfini

@bhogue sorry, you need to first apply this one 🐛 Typo in ckeditor_mentions_notifications.settings.yml filename Active

introfini → created an issue.

I encountered and solved this exact issue. The root cause is stale CSRF tokens being cached after session regeneration during the masquerade process.

Root Cause:

The masquerade process calls $this->sessionManager->regenerate() in Masquerade::switchUser() which invalidates the CSRF token seed stored in session metadata. When masquerade URLs are cached (which happens with lazy builders and entity operations), the cached CSRF tokens become invalid after the first masquerade attempt.

Solution:

I created a custom route processor to ensure fresh CSRF tokens are always generated for masquerade routes. This single solution fixes the issue completely:

1. Create a custom route processor

src/Routing/MasqueradeRouteProcessor.php:

namespace Drupal\[YOUR_MODULE]\Routing;

use Drupal\Core\Access\CsrfTokenGenerator;
use Drupal\Core\Render\BubbleableMetadata;
use Drupal\Core\RouteProcessor\OutboundRouteProcessorInterface;
use Symfony\Component\Routing\Route;

/**
 * Processes outbound routes for masquerade to ensure fresh CSRF tokens.
 * 
 * Issue: Masquerade fails with 403 Access Denied on second attempt due to
 * stale CSRF tokens being cached. The masquerade process regenerates the
 * session ID which invalidates previously cached CSRF tokens.
 */
class MasqueradeRouteProcessor implements OutboundRouteProcessorInterface {

  protected $csrfTokenGenerator;

  public function __construct(CsrfTokenGenerator $csrf_token_generator) {
    $this->csrfTokenGenerator = $csrf_token_generator;
  }

  public function processOutbound($route_name, Route $route, array &$parameters, BubbleableMetadata $bubbleable_metadata = NULL) {
    // Only process masquerade routes
    if ($route_name === 'entity.user.masquerade') {
      // Force uncacheable to prevent stale CSRF tokens
      if ($bubbleable_metadata) {
        $bubbleable_metadata->setCacheMaxAge(0);
        $bubbleable_metadata->addCacheContexts(['session']);
      }
      
      // Generate a fresh CSRF token for this specific route
      $path = ltrim($route->getPath(), '/');
      foreach ($parameters as $param => $value) {
        $path = str_replace("{{$param}}", $value, $path);
      }
      
      // Add fresh token to parameters
      if (!isset($parameters['token'])) {
        $parameters['token'] = $this->csrfTokenGenerator->get($path);
      }
    }
  }
}

2. Register the service

In your module's services.yml:

services:
your_module.masquerade_route_processor:
class: Drupal\your_module\Routing\MasqueradeRouteProcessor
arguments: [ '@csrf_token' ]
tags:
- { name: route_processor_outbound, priority: 1000 }

Result:

This solution ensures that:

• Fresh CSRF tokens are generated for every masquerade request
• Masquerade URLs are never cached to prevent stale token reuse
• The fix works consistently across multiple masquerade attempts

Masquerade now works reliably on subsequent attempts without the 403 Access Denied error.

This fix addresses the core issue without requiring changes to the masquerade module itself, making it a safe workaround until the module is updated to handle this scenario properly.

Please review

introfini → created an issue.

Ckeditor Mentions Notifications now work with comment entities.

An optional setting was added to fetch values from the parent entity instead of the comment itself.

Please review when possible.

introfini → created an issue.

Committed to dev

introfini → created an issue.

Hi there,

I've noticed that the 3.0.x-dev release isn't available on Drupal.org, but the actual fix for this issue was already committed to the repository: https://git.drupalcode.org/project/commerceuserpoints/-/commit/c4bed672e...

Could you clarify the relationship between the patch provided by @socialnicheguru and this existing commit?

Would it be possible to:
Create a 3.0.x-dev release to make this fix available via Composer?
Clarify if there are additional changes needed beyond the existing commit?

Thanks.

In /commerce_product_feeds/src/Normalizer/CommerceProductCollectionNormalizer.php

• use Drupal\commerce_product_feeds\Normalizer\Value\Normalization; -> still being imported
• use Drupal\commerce_product_feeds\Normalizer\Value\CacheableNormalization; -> imported, but never used

The issue is that the Attachment PDF element isn't available through the [webform_submission:values:*] token. Since I need to send the PDF to a remote endpoint, I created a custom token that encodes the Attachment PDF element in base64.

Please review the MR.

Here's an example of how it can be used to calculate the sum of a duration field:

/**
 * Implements hook_views_aggregation_functions_info().
 */
function bloom_custom_views_aggregation_functions_info(): array {
  $functions = [
    'views_aggregator_group_sum_duration' => [
      'group' => t('Group Duration field Sum'),
      'column' => t('Group Duration field Sum'),
      'is_renderable' => TRUE,
    ],
  ];

  return $functions;
}

/**
 * Aggregates a field group as the sum of duration fields.
 *
 * @param array $groups
 *   An array of groups of rows, each group indexed by group value.
 * @param \Drupal\views\Plugin\views\field\FieldHandlerInterface $field_handler
 *   The handler for the view column to sum groups in.
 *
 * @return array
 *   An array of values, one for each group, plus the 'column' group.
 */
function views_aggregator_group_sum_duration(array $groups, FieldHandlerInterface $field_handler): array {
  $values = [];
  $total_seconds_all_groups = 0.0;
  $duration_service = \Drupal::service('duration_field.service');

  foreach ($groups as $group => $rows) {
    $sum = 0.0;
    foreach ($rows as $num => $row) {
      $cell = views_aggregator_get_cell($field_handler, $num, FALSE);
      if ($cell !== FALSE) {
        // Convert duration string to DateInterval
        $date_interval = $duration_service->getDateIntervalFromDurationString($cell);
        // Convert to total seconds
        $total_seconds = $duration_service->getSecondsFromDateInterval($date_interval);
        // Convert to hours
        $sum += $total_seconds / 3600;
      }
    }

    // Track the total seconds for all groups combined
    $total_seconds_all_groups += $sum * 3600; // Convert hours back to seconds

    // Convert hours back to duration string for this group
    $total_minutes = round($sum * 60);
    $hours = floor($total_minutes / 60);
    $minutes = $total_minutes % 60;

    // Create duration array with h:i granularity
    $duration = [
      'y' => 0,
      'm' => 0,
      'd' => 0,
      'h' => $hours,
      'i' => $minutes,
      's' => 0,
    ];

    $values[$group] = $duration_service->convertDateArrayToDurationString($duration);
  }

  // Now create the column total from all groups combined
  $total_minutes_all = round($total_seconds_all_groups / 60);
  $hours_all = floor($total_minutes_all / 60);
  $minutes_all = $total_minutes_all % 60;

  $column_duration = [
    'y' => 0,
    'm' => 0,
    'd' => 0,
    'h' => $hours_all,
    'i' => $minutes_all,
    's' => 0,
  ];

  $values['column'] = $duration_service->convertDateArrayToDurationString($column_duration);

  return $values;
}

introfini → changed the visibility of the branch 3516325-add-support-for to hidden.

introfini → created an issue.

The patch works, thanks.

The patch resolves the issue. Thank you!

Here's the updated code for Group v3:

use Drupal\comment\CommentInterface;
use Drupal\Core\Access\AccessResult;
use Drupal\Core\Session\AccountInterface;
use Drupal\group\Entity\GroupInterface;
use Drupal\group\Entity\GroupRelationship;

/**
 * Implements hook_ENTITY_TYPE_access().
 *
 * Allow group admins to edit or delete comments of that group content entities
 */
function hook_comment_access(CommentInterface $comment, $operation, AccountInterface $account) {
  // Allow group admins to edit and delete comments on group content entities.
  if (!in_array($operation, ['delete', 'update'])) {
    return AccessResult::neutral();
  }

  $current_user = \Drupal::currentUser();

  // Exit early if the current user has global permissions.
  if (
    $current_user->hasPermission('bypass group access') ||
    $current_user->hasPermission('administer comments')
  ) {
    return AccessResult::neutral();
  }

  // Get the entity type manager service.
  $entity_type_manager = \Drupal::entityTypeManager();

  // Load group relationships for the commented entity.
  $group_relationships = $entity_type_manager
    ->getStorage('group_relationship')
    ->loadByEntity($comment->getCommentedEntity());

  if (empty($group_relationships)) {
    return AccessResult::neutral();
  }

  $result = AccessResult::neutral();

  /** @var \Drupal\group\GroupMembershipLoaderInterface $membership_loader */
  $membership_loader = \Drupal::service('group.membership_loader');

  /** @var \Drupal\group\Entity\GroupRelationship $relationship */
  foreach ($group_relationships as $relationship) {
    // Get the group from the relationship
    $group = $relationship->getGroup();

    if (!$group instanceof GroupInterface) {
      continue;
    }

    // Check if the user is a member of the group
    $membership = $membership_loader->load($group, $current_user);

    if ($membership) {
      // In Group v3, we check permissions directly through the membership
      if ($membership->hasPermission('administer group')) {
        $result = AccessResult::allowed();
        break;
      }
    }
  }

  // Add cache contexts for user and group permissions
  return $result->addCacheContexts([
    'user.group_permissions',
    'user.roles',
  ])->mergeCacheMaxAge(0);
}

#21 provides a straightforward fix. In a fresh installation with only that fix applied, everything is working correctly. Additionally, the Dompdf documentation also uses that meta tag: https://github.com/dompdf/dompdf/wiki/About-Fonts-and-Character-Encoding

<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />

I've created a merge request with the simple fix from #21. Please review...

introfini → made their first commit to this issue’s fork.

#25 with the #30 modifications also worked for me. thanks!

You can easily add this functionality using a custom module. Here's an example of how to achieve it by altering the form to enable autocomplete for the search box:

/**
 * Implements hook_form_alter().
 */
function MYMODULE_form_alter(&$form, \Drupal\Core\Form\FormStateInterface $form_state, $form_id) {
  // Check if the form ID matches the search API form.
  if ($form_id === 'search_api_form') {
    // Load the "store" view to retrieve the search plugin ID.
    $view = \Drupal::service('entity_type.manager')
      ->getStorage('view')
      ->load('VIEW_MACHINE_NAME');
    $plugin_id = 'views:' . $view->id();

    // Load the search API autocomplete entity based on the plugin ID.
    /** @var \Drupal\search_api_autocomplete\Entity\SearchStorage $search_storage */
    $search_storage = \Drupal::entityTypeManager()
      ->getStorage('search_api_autocomplete_search');
    $search = $search_storage->loadBySearchPlugin($plugin_id);

    // If the autocomplete feature is enabled, alter the search box element.
    if ($search && $search->status()) {
      \Drupal::service('search_api_autocomplete.helper')
        ->alterElement($form['search_api_fulltext'], $search);
    }
  }
}

I’ve created this module "Group Entity Reference Filter", and it might help: https://www.drupal.org/project/group_entity_reference_filte →

I’ve created this module "Group Entity Reference Filter", and it might help: https://www.drupal.org/project/group_entity_reference_filte →

Thanks for the patch. It fixes the issue in Claro and Gin.

Maybe this twig extension helps: ✨ Add Twig function to generate flag/unflag links Active

MR added...

introfini → created an issue.

I occasionally encounter this error on multilingual websites as well. It typically resolves with a cache clear via `drush cr` or by running `drush ev "drupal_flush_all_caches();"`.

This way, you can add a custom message or, more interestingly, a spinner or animations.

Please review...

introfini → made their first commit to this issue’s fork.

I'm also encountering this issue with RC13 in Drupal 9.5. The patch from issue #11 successfully resolves it. Thank you!

#244 patch is working on my project. Thanks.

MR added, please review.

introfini → created an issue.

The MR worked on Drupal 10.

introfini → created an issue.

Please review the following reference: ✨ Add out-of-stock text message to select options in Add to Cart Form Needs review . While it may not be an exact match for your needs, it should effectively accomplish the task.

The merge request (MR) introduces this functionality.

To configure the desired message, follow these steps:

1. Navigate to /admin/commerce/config/stock/enforcement/settings.
2. Set the desired message for out-of-stock notifications.

With these settings updated, each product variation will now display an indication if it is out of stock.

introfini → changed the visibility of the branch 8.x-1.x to hidden.

introfini → changed the visibility of the branch cherry-pick-84c6a86a to hidden.

introfini → created an issue.

introfini → made their first commit to this issue’s fork.

After all, the issue was related to communication between two DDEV projects. I can confirm it is now working.

introfini → created an issue.

I'm experiencing the same issue with the "Add to Cart" form in Drupal Commerce. I attempted to resolve it using the Views Load More module ( https://www.drupal.org/project/views_load_more → ), but the problem persists.

introfini → created an issue.

I mentioned that other modules face this issue. Since this module does not use tjackocnr/intl-tel-input, it can freely implement a widget based on my suggestion. What are your thoughts on this?

introfini → created an issue.

introfini → created an issue.

#3 works, thanks!

The patch works, thanks.

Committed. Thanks!

To assist others facing the same issue, ensure that the "Ignore Case" processor is not enabled on your index for the country field. The country codes are stored in uppercase, and the countryManager->getList() method returns keys in uppercase as well. Any conversion to lowercase will cause the functionality to break.

introfini → created an issue.

Please review.

introfini → created an issue.

introfini → created an issue.

The solution is straightforward: just add a new address in the new shipping form and click the 'Recalculate shipping' button. This action will display the UPS shipping method with shipping rates.

introfini → created an issue.

It depends on this issue: https://www.drupal.org/project/commerce_ups/issues/3387353#comment-15575683 ✨ OAuth 2.0 support? (D10+) Fixed

@tBKoT Is it okay to commit this change to UPSSdk.php so we can enable translation of the service names? ( ✨ Allow the UPS service names to be translated Active )?

    public function getServiceName(string $service): string {
        return isset($this->serviceNames[$service]) ? t($this->serviceNames[$service]) : '';
    }

introfini → created an issue.

introfini → changed the visibility of the branch 3444079-date-is-hardcode to hidden.

introfini → changed the visibility of the branch 3444079-fix-date-format to active.

introfini → changed the visibility of the branch 3444079-fix-date-format to active.

introfini → changed the visibility of the branch 3444079-fix-date-format to hidden.

introfini → changed the visibility of the branch 3444079-date-is-hardcode to active.

introfini → changed the visibility of the branch 3444079-date-is-hardcode to hidden.

The development branch is currently behind the 8.x-1.1 release. Will do the MR for the 8.x-1.1 release instead.

introfini → created an issue.

The merge request introduces the following enhancements:

1. Support for revisions of taxonomy terms.
2. Addition of a setting for "Filter by Revision Translation Affected". I'm not certain if there are any side effects to disabling this setting, but I observed that revisions with 'revision_translation_affected' set to NULL were overlooked by the 'revisionsToKeep' method.
3. Addition of a 'Configure' link for the module on the 'Extend' page (admin/modules).

Given the substantial nature of these changes, thorough testing and careful review are essential.

introfini → created an issue.

The merge request adds initial support for creating UPS Shipping Labels. It introduces basic functionality for generating these labels and includes a dependency on the Commerce Shipping Label API module to aid integration and manage label operations efficiently.

Can the module maintainers confirm if it's okay to add a dependency on the Commerce Shipping Label API module before I continue development?

For those looking to achieve this, I recommend using the suggestion by @longwave:

use CommerceGuys\Addressing\Repository\CountryRepository;

function convert_two_letter_to_three_letter_country_code($two_letter_code) {
    $countryRepository = new CountryRepository();
    // Get the country information based on the two-letter code.
    $country = $countryRepository->get($two_letter_code);

    if ($country) {
        // Return the three-letter country code.
        return $country->getThreeLetterCode();
    }
    return null;
}

With this merge request, it's possible to enable this feature by setting it in settings.php.

// Enable direct database serving of assets (CSS/JS) for read-only filesystem environments
$settings['optimized_assets_proxy_dump_from_database'] = TRUE;

Note: the fix for 📌 Upgrade to Drupal 10.1.x Needs review is already included.

introfini → created an issue.

The only necessary modification appears to be switching the override method from \Drupal\optimized_assets_proxy\AssetDumper::dump to \Drupal\optimized_assets_proxy\AssetDumper::dumpToUri. This is because \Drupal\Core\Asset\AssetDumper::dump now returns \Drupal\Core\Asset\AssetDumper::dumpToUri.

introfini → made their first commit to this issue’s fork.

introfini → created an issue.

I've reviewed the patch; it's functioning well overall. However, there are some key points to address:

1. To avoid errors, implement the solution found here: 🐛 Error: Call to a member function getLength() Needs review
2. If utilizing any default packages, refer to this important note: ✨ Default UPS packages types need updating Active
3. The issue with Negotiated Rates not working has been resolved; I've already committed the fix to the merge request.

Testing Standard Rates vs. Negotiated Rates:

introfini → made their first commit to this issue’s fork.

introfini → created an issue.

introfini → created an issue.

The problem was that the PackageType is not set when calculating rates.

The module commerce_fedex already does that: https://git.drupalcode.org/project/commerce_fedex/-/blob/6c4155e25354526...

There's ongoing discussion relevant to this issue in the Commerce Shipping module: https://www.drupal.org/project/commerce_shipping/issues/2988710 → .

I am escalating this to a critical priority due to its direct impact on halting the order checkout process, thereby preventing order completion.

introfini → made their first commit to this issue’s fork.

introfini → created an issue. See original summary → .

Patch #14 works well. Thanks!

The patch works. Thanks!

Note: If you have this patch applied before this one doesn't apply: https://www.drupal.org/project/download/issues/3324861 🐛 Declaration of Drupal\download\Plugin\Field\FieldFormatter\DownloadLinkFormatter::create not compatible RTBC

I also believe that it should have been set to disabled as the default configuration. Meanwhile, you can add the following to the settings.php file:

# Disable Commerce Inbox
$settings['commerce_dashboard_show_toolbar_link'] = FALSE;
$settings['commerce_dashboard_fetch_inbox_messages'] = FALSE;

#2 is working. Thanks!

I figured out why it wasn't working: the problem was that my admin account didn't have the Administrator role set.