fix: remove the exclusion of NonceVerification in phpcs and fix the issues

[MaferMazu]

Description

This PR:

• Adds nonces in the forms of our plugin (settings, enrollment, product and order).
• Removes the exclusion of the WordPress.Security.NonceVerification.Missing alert.
• Changes the action save_post_shop_order to woocommerce_update_order.

Testing instructions

• Check the tests are passing: To know if we are following the WordPress standards without avoiding alerts.
• Check if the plugin works as expected in WordPress: Principally the workflows
  • Save and update the plugin settings (Reference image)
  • Create or edit a manual enrollment. (Reference)
  • Create or edit an Open edX course product (Reference)
  • Create or edit a WooCommerce Order with an Open edX course product and change the Enrollment associated.

The expected result is that the forms are saved correctly (if the nonce_verification fails, the save or update won't store the new information).

Credentials for the stage to test: https://share.1password.com/s#Pu505pb8w5wyFnHuHhvHBg4K1B5VIHk69kK0O-mCy9s

Additional information

• This change favors publishing this plugin in the WordPress org and following the WordPress PHPCS standards.
• I changed save_post_shop_order to woocommerce_update_order because the first one was preventing me from saving the order extra information.

More references related:

• Nonces
• Understand and use WordPress Nonces
• Hooks WooCommerce
• woocommerce_update_order

Checklist for Merge

• Tested in a remote environment (I tested all the workflows mentioned and the full shopping workflow)
• Updated documentation
• Rebased master/main
• Squashed commits

[openedx-webhooks]

Thanks for the pull request, @MaferMazu! Please note that it may take us up to several weeks or months to complete a review and merge your PR.

Feel free to add as much of the following information to the ticket as you can:

• supporting documentation
• Open edX discussion forum threads
• timeline information ("this must be merged by XX date", and why that is)
• partner information ("this is a course on edx.org")
• any other information that can help Product understand the context for the PR

All technical communication about the code itself will be done via the GitHub pull request interface. As a reminder, our process documentation is here.

Please let us know once your PR is ready for our review and all tests are green.

[MaferMazu]

This is ready for review, @feanil and @felipemontoya. This PR solves the first issue from Wordpress.org related to the PHPCS and WordPress Standards, and the error logs they sent us are in the attached file.

If you have any questions or feedback, please don't hesitate to contact me.

[felipemontoya]

The PR seems very reasonable to me. Adding nonces for security of the form submissions looks good.

I don't have an environment to test this so we depend on the testing that you are doing locally or in the remote staging. How did that go?

[MaferMazu]

@felipemontoya, I tested locally and in our stage. You can test it by entering the stage with these credentials and checking if the forms correctly store the info you change (If the nonce doesn't work, they don't store the info), and check if you are receiving the nonce variable (In inspect searching the nonce variable related to that form).

View	Nonce related	How to test
Product (edit an Open edX course product field)	openedx_commerce_custom_product_nonce	Create or edit an Open edX course product (Reference)
Order (Enrollment request related to the order)	openedx_commerce_order_item_nonce	Create or edit a WooCommerce Order with an Open edX course product and change the Enrollment associated.
Enrollment Request Form	openedx_commerce_enrollment_form_nonce	Create or edit a manual enrollment. (Reference)
Plugin settings	openedx_commerce_new_token_nonce	Save and update the plugin settings (Reference image)

Example:

[felipemontoya]

Sorry to take so long. I tested the code in the staging server and it's working correctly.
We can go ahead with merging this to move forward with the wordpress plugin index publication

[felipemontoya]

@MaferMazu I came back to this and notice my review is not approving. Maybe we need a green check from @feanil to be able to merge.

[feanil]

@felipemontoya thanks, just approved but also maybe it makes sense for you to be a CC on this repo? do you want to post for some rights expansion?

[openedx-webhooks]

@MaferMazu 🎉 Your pull request was merged! Please take a moment to answer a two question survey so we can improve your experience in the future.