From b14022fcee93b94009e64f1e0ba05fe165d1e973 Mon Sep 17 00:00:00 2001 From: Roman Lytvynenko Date: Fri, 31 Jul 2020 10:26:54 -0500 Subject: [PATCH 01/21] MC-36227: Page builder content is getting cropped. --- app/code/Magento/Catalog/etc/db_schema.xml | 4 ++-- app/code/Magento/Eav/etc/db_schema.xml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/app/code/Magento/Catalog/etc/db_schema.xml b/app/code/Magento/Catalog/etc/db_schema.xml index a0aa48fb76b13..ddd66a5bf04bd 100644 --- a/app/code/Magento/Catalog/etc/db_schema.xml +++ b/app/code/Magento/Catalog/etc/db_schema.xml @@ -154,7 +154,7 @@ default="0" comment="Store ID"/> - + @@ -408,7 +408,7 @@ default="0" comment="Store ID"/> - + diff --git a/app/code/Magento/Eav/etc/db_schema.xml b/app/code/Magento/Eav/etc/db_schema.xml index 5decc27ea8f26..a166e463f601c 100644 --- a/app/code/Magento/Eav/etc/db_schema.xml +++ b/app/code/Magento/Eav/etc/db_schema.xml @@ -205,7 +205,7 @@ default="0" comment="Store ID"/> - + From 5fb051baf0041ddc7fce70c370dc21cf323a969a Mon Sep 17 00:00:00 2001 From: Roman Lytvynenko Date: Fri, 31 Jul 2020 13:22:20 -0500 Subject: [PATCH 02/21] MC-36227: Page builder content is getting cropped. --- app/code/Magento/Eav/etc/db_schema.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/code/Magento/Eav/etc/db_schema.xml b/app/code/Magento/Eav/etc/db_schema.xml index a166e463f601c..5decc27ea8f26 100644 --- a/app/code/Magento/Eav/etc/db_schema.xml +++ b/app/code/Magento/Eav/etc/db_schema.xml @@ -205,7 +205,7 @@ default="0" comment="Store ID"/> - + From 7a2dd87ce807c7f82e053697ae5fe8508ba8f83c Mon Sep 17 00:00:00 2001 From: Victor Rad Date: Mon, 17 Aug 2020 11:27:14 -0500 Subject: [PATCH 03/21] MC-36598: Default Billing address is not selected after the same address checkbox unticked --- .../view/frontend/web/js/view/billing-address/list.js | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/app/code/Magento/Checkout/view/frontend/web/js/view/billing-address/list.js b/app/code/Magento/Checkout/view/frontend/web/js/view/billing-address/list.js index ca3a267c01671..80411fb8eb29d 100644 --- a/app/code/Magento/Checkout/view/frontend/web/js/view/billing-address/list.js +++ b/app/code/Magento/Checkout/view/frontend/web/js/view/billing-address/list.js @@ -23,6 +23,9 @@ define([ }, addressOptions = addressList().filter(function (address) { return address.getType() === 'customer-address'; + }), + addressDefaultIndex = addressOptions.findIndex(function (address) { + return address.isDefaultBilling(); }); return Component.extend({ @@ -53,7 +56,8 @@ define([ this._super() .observe('selectedAddress isNewAddressSelected') .observe({ - isNewAddressSelected: !customer.isLoggedIn() || !addressOptions.length + isNewAddressSelected: !customer.isLoggedIn() || !addressOptions.length, + selectedAddress: this.addressOptions[addressDefaultIndex] }); return this; From 8ecdbcf91f62315abe9db041b32e4fd76aa71f71 Mon Sep 17 00:00:00 2001 From: Roman Lytvynenko Date: Tue, 18 Aug 2020 12:50:33 -0500 Subject: [PATCH 04/21] MC-36227: Page builder content is getting cropped. --- .../Magento/Catalog/Model/CategoryTest.php | 25 ++++ .../Magento/Catalog/Model/ProductTest.php | 107 +++++++++++++----- 2 files changed, 105 insertions(+), 27 deletions(-) diff --git a/dev/tests/integration/testsuite/Magento/Catalog/Model/CategoryTest.php b/dev/tests/integration/testsuite/Magento/Catalog/Model/CategoryTest.php index 0d2f9d63c5d7f..8c25a82e0f6fd 100644 --- a/dev/tests/integration/testsuite/Magento/Catalog/Model/CategoryTest.php +++ b/dev/tests/integration/testsuite/Magento/Catalog/Model/CategoryTest.php @@ -15,6 +15,8 @@ use Magento\Catalog\Model\ResourceModel\Category\Tree; use Magento\Catalog\Model\ResourceModel\Product\Collection as ProductCollection; use Magento\Eav\Model\Entity\Attribute\Exception as AttributeException; +use Magento\Framework\Exception\NoSuchEntityException; +use Magento\Framework\Math\Random; use Magento\Framework\Url; use Magento\Store\Api\StoreRepositoryInterface; use Magento\Store\Model\Store; @@ -419,6 +421,29 @@ public function testCategoryCreateWithDifferentFields(array $data): void $this->assertSame($data, $categoryData); } + /** + * Test for Category Description field to be able to contain >64kb of data + * + * @throws NoSuchEntityException + * @throws \Exception + */ + public function testMaximumDescriptionLength(): void + { + $random = Bootstrap::getObjectManager()->get(Random::class); + $longDescription = $random->getRandomString(70000); + + $requiredData = [ + 'name' => 'Test Category', + 'attribute_set_id' => '3', + 'parent_id' => 2, + 'description' => $longDescription + ]; + $this->_model->setData($requiredData); + $this->categoryResource->save($this->_model); + $category = $this->categoryRepository->get($this->_model->getId()); + $this->assertEquals($longDescription, $category->getDescription()); + } + /** * @return array */ diff --git a/dev/tests/integration/testsuite/Magento/Catalog/Model/ProductTest.php b/dev/tests/integration/testsuite/Magento/Catalog/Model/ProductTest.php index b56e9e502cce6..b0f36f250991b 100644 --- a/dev/tests/integration/testsuite/Magento/Catalog/Model/ProductTest.php +++ b/dev/tests/integration/testsuite/Magento/Catalog/Model/ProductTest.php @@ -8,14 +8,19 @@ namespace Magento\Catalog\Model; -use Magento\Eav\Model\Config as EavConfig; -use Magento\Catalog\Model\Product; -use Magento\Framework\App\Filesystem\DirectoryList; -use Magento\TestFramework\ObjectManager; use Magento\Catalog\Api\ProductRepositoryInterface; use Magento\Catalog\Model\Product\Attribute\Source\Status; +use Magento\Catalog\Model\Product\Visibility; +use Magento\Framework\App\Filesystem\DirectoryList; +use Magento\Framework\Exception\CouldNotSaveException; +use Magento\Framework\Exception\InputException; +use Magento\Framework\Exception\LocalizedException; +use Magento\Framework\Exception\NoSuchEntityException; +use Magento\Framework\Exception\StateException; +use Magento\Framework\Math\Random; use Magento\Framework\ObjectManagerInterface; use Magento\TestFramework\Helper\Bootstrap; +use Magento\TestFramework\ObjectManager; /** * Tests product model: @@ -119,14 +124,62 @@ public function testCRUD() )->setMetaDescription( 'meta description' )->setVisibility( - \Magento\Catalog\Model\Product\Visibility::VISIBILITY_BOTH + Visibility::VISIBILITY_BOTH )->setStatus( - \Magento\Catalog\Model\Product\Attribute\Source\Status::STATUS_ENABLED + Status::STATUS_ENABLED ); $crud = new \Magento\TestFramework\Entity($this->_model, ['sku' => uniqid()]); $crud->testCrud(); } + /** + * Test for Product Description field to be able to contain >64kb of data + * + * @magentoDbIsolation enabled + * @magentoAppIsolation enabled + * @magentoAppArea adminhtml + * @throws NoSuchEntityException + * @throws CouldNotSaveException + * @throws InputException + * @throws StateException + * @throws LocalizedException + */ + public function testMaximumDescriptionLength() + { + $sku = uniqid(); + $random = Bootstrap::getObjectManager()->get(Random::class); + $longDescription = $random->getRandomString(70000); + + $this->_model->setTypeId( + 'simple' + )->setAttributeSetId( + 4 + )->setName( + 'Simple Product With Long Description' + )->setDescription( + $longDescription + )->setSku( + $sku + )->setPrice( + 10 + )->setMetaTitle( + 'meta title' + )->setMetaKeyword( + 'meta keyword' + )->setMetaDescription( + 'meta description' + )->setVisibility( + Visibility::VISIBILITY_BOTH + )->setStatus( + Status::STATUS_ENABLED + ); + + $this->productRepository->save($this->_model); + $product = $this->productRepository->get($sku); + + $this->assertEquals($longDescription, $product->getDescription()); + } + /** * Test clean cache * @@ -219,7 +272,7 @@ public function testDuplicate() $this->assertNotEquals($duplicate->getId(), $this->_model->getId()); $this->assertNotEquals($duplicate->getSku(), $this->_model->getSku()); $this->assertEquals( - \Magento\Catalog\Model\Product\Attribute\Source\Status::STATUS_DISABLED, + Status::STATUS_DISABLED, $duplicate->getStatus() ); $this->assertEquals(\Magento\Store\Model\Store::DEFAULT_STORE_ID, $duplicate->getStoreId()); @@ -275,35 +328,35 @@ protected function _undo($duplicate) public function testVisibilityApi() { $this->assertEquals( - [\Magento\Catalog\Model\Product\Attribute\Source\Status::STATUS_ENABLED], + [Status::STATUS_ENABLED], $this->_model->getVisibleInCatalogStatuses() ); $this->assertEquals( - [\Magento\Catalog\Model\Product\Attribute\Source\Status::STATUS_ENABLED], + [Status::STATUS_ENABLED], $this->_model->getVisibleStatuses() ); - $this->_model->setStatus(\Magento\Catalog\Model\Product\Attribute\Source\Status::STATUS_DISABLED); + $this->_model->setStatus(Status::STATUS_DISABLED); $this->assertFalse($this->_model->isVisibleInCatalog()); - $this->_model->setStatus(\Magento\Catalog\Model\Product\Attribute\Source\Status::STATUS_ENABLED); + $this->_model->setStatus(Status::STATUS_ENABLED); $this->assertTrue($this->_model->isVisibleInCatalog()); $this->assertEquals( [ - \Magento\Catalog\Model\Product\Visibility::VISIBILITY_IN_SEARCH, - \Magento\Catalog\Model\Product\Visibility::VISIBILITY_IN_CATALOG, - \Magento\Catalog\Model\Product\Visibility::VISIBILITY_BOTH, + Visibility::VISIBILITY_IN_SEARCH, + Visibility::VISIBILITY_IN_CATALOG, + Visibility::VISIBILITY_BOTH, ], $this->_model->getVisibleInSiteVisibilities() ); $this->assertFalse($this->_model->isVisibleInSiteVisibility()); - $this->_model->setVisibility(\Magento\Catalog\Model\Product\Visibility::VISIBILITY_IN_SEARCH); + $this->_model->setVisibility(Visibility::VISIBILITY_IN_SEARCH); $this->assertTrue($this->_model->isVisibleInSiteVisibility()); - $this->_model->setVisibility(\Magento\Catalog\Model\Product\Visibility::VISIBILITY_IN_CATALOG); + $this->_model->setVisibility(Visibility::VISIBILITY_IN_CATALOG); $this->assertTrue($this->_model->isVisibleInSiteVisibility()); - $this->_model->setVisibility(\Magento\Catalog\Model\Product\Visibility::VISIBILITY_BOTH); + $this->_model->setVisibility(Visibility::VISIBILITY_BOTH); $this->assertTrue($this->_model->isVisibleInSiteVisibility()); } @@ -509,9 +562,9 @@ public function testValidate() )->setMetaDescription( 'meta description' )->setVisibility( - \Magento\Catalog\Model\Product\Visibility::VISIBILITY_BOTH + Visibility::VISIBILITY_BOTH )->setStatus( - \Magento\Catalog\Model\Product\Attribute\Source\Status::STATUS_ENABLED + Status::STATUS_ENABLED )->setCollectExceptionMessages( true ); @@ -551,9 +604,9 @@ public function testValidateUniqueInputAttributeValue() $attribute->getAttributeCode(), 'unique value' )->setVisibility( - \Magento\Catalog\Model\Product\Visibility::VISIBILITY_BOTH + Visibility::VISIBILITY_BOTH )->setStatus( - \Magento\Catalog\Model\Product\Attribute\Source\Status::STATUS_ENABLED + Status::STATUS_ENABLED )->setCollectExceptionMessages( true ); @@ -600,9 +653,9 @@ public function testValidateUniqueInputAttributeOnTheSameProduct() $attribute->getAttributeCode(), 'unique value' )->setVisibility( - \Magento\Catalog\Model\Product\Visibility::VISIBILITY_BOTH + Visibility::VISIBILITY_BOTH )->setStatus( - \Magento\Catalog\Model\Product\Attribute\Source\Status::STATUS_ENABLED + Status::STATUS_ENABLED )->setCollectExceptionMessages( true ); @@ -675,10 +728,10 @@ public function testSaveWithBackordersEnabled(int $qty, int $stockStatus, bool $ * @magentoDataFixture Magento/Catalog/_files/product_simple.php * * @return void - * @throws \Magento\Framework\Exception\CouldNotSaveException - * @throws \Magento\Framework\Exception\InputException - * @throws \Magento\Framework\Exception\NoSuchEntityException - * @throws \Magento\Framework\Exception\StateException + * @throws CouldNotSaveException + * @throws InputException + * @throws NoSuchEntityException + * @throws StateException */ public function testProductStatusWhenCatalogFlatProductIsEnabled() { From 02934d4d87bbb8c7da3fa3cb0c8b8f8ac6f9faf9 Mon Sep 17 00:00:00 2001 From: Buba Suma Date: Mon, 17 Aug 2020 17:39:57 -0500 Subject: [PATCH 05/21] MC-36258: customer/section/load are failing with a 400 error - Fix error The "checkout-fields" section source isn't supported --- .../view/frontend/web/js/customer-data.js | 3 + .../frontend/js/customer-data.test.js | 213 ++++++++++++++++++ 2 files changed, 216 insertions(+) create mode 100644 dev/tests/js/jasmine/tests/app/code/Magento/Customer/frontend/js/customer-data.test.js diff --git a/app/code/Magento/Customer/view/frontend/web/js/customer-data.js b/app/code/Magento/Customer/view/frontend/web/js/customer-data.js index 5c9bf431bac1d..5321dfecba182 100644 --- a/app/code/Magento/Customer/view/frontend/web/js/customer-data.js +++ b/app/code/Magento/Customer/view/frontend/web/js/customer-data.js @@ -261,6 +261,9 @@ define([ } }); + //remove expired section names of previously installed/enable modules + expiredSectionNames = _.intersection(expiredSectionNames, sectionConfig.getSectionNames()); + return _.uniq(expiredSectionNames); }, diff --git a/dev/tests/js/jasmine/tests/app/code/Magento/Customer/frontend/js/customer-data.test.js b/dev/tests/js/jasmine/tests/app/code/Magento/Customer/frontend/js/customer-data.test.js new file mode 100644 index 0000000000000..7063b846ed166 --- /dev/null +++ b/dev/tests/js/jasmine/tests/app/code/Magento/Customer/frontend/js/customer-data.test.js @@ -0,0 +1,213 @@ +/** + * Copyright © Magento, Inc. All rights reserved. + * See COPYING.txt for license details. + */ + +/*eslint-disable max-nested-callbacks*/ +/*jscs:disable jsDoc*/ + +define([ + 'jquery', + 'underscore', + 'Magento_Customer/js/section-config', + 'Magento_Customer/js/customer-data' +], function ( + $, + _, + sectionConfig, + customerData +) { + 'use strict'; + + var sectionConfigSettings = { + baseUrls: [ + 'http://localhost/' + ], + sections: { + 'customer/account/loginpost': ['*'], + 'checkout/cart/add': ['cart'], + 'rest/*/v1/guest-carts/*/selected-payment-method': ['cart','checkout-data'], + '*': ['messages'] + }, + clientSideSections: [ + 'checkout-data', + 'cart-data' + ], + sectionNames: [ + 'customer', + 'product_data_storage', + 'cart', + 'messages' + ] + }, + cookieLifeTime = 3600, + jQueryGetJSON; + + function init(config) { + var defaultConfig = { + sectionLoadUrl: 'http://localhost/customer/section/load/', + expirableSectionLifetime: 60, // minutes + expirableSectionNames: ['cart'], + cookieLifeTime: cookieLifeTime, + updateSessionUrl: 'http://localhost/customer/account/updateSession/' + }; + + customerData['Magento_Customer/js/customer-data']($.extend({}, defaultConfig, config || {})); + } + + function setupLocalStorage(sections) { + var mageCacheStorage = {}, + sectionDataIds = {}; + + _.each(sections, function (sectionData, sectionName) { + sectionDataIds[sectionName] = sectionData['data_id']; + + if (typeof sectionData.content !== 'undefined') { + mageCacheStorage[sectionName] = sectionData; + } + }); + + $.localStorage.set( + 'mage-cache-storage', + mageCacheStorage + ); + $.cookieStorage.set( + 'section_data_ids', + sectionDataIds + ); + + $.localStorage.set( + 'mage-cache-timeout', + new Date(Date.now() + cookieLifeTime * 1000) + ); + $.cookieStorage.set( + 'mage-cache-sessid', + true + ); + } + + function clearLocalStorage() { + $.cookieStorage.set('section_data_ids', {}); + + if (window.localStorage) { + window.localStorage.clear(); + } + } + + describe('Magento_Customer/js/customer-data', function () { + beforeAll(function () { + clearLocalStorage(); + }); + + beforeEach(function () { + jQueryGetJSON = $.getJSON; + sectionConfig['Magento_Customer/js/section-config'](sectionConfigSettings); + }); + + afterEach(function () { + $.getJSON = jQueryGetJSON; + clearLocalStorage(); + }); + + describe('getExpiredSectionNames()', function () { + it('check that result contains expired section names', function () { + setupLocalStorage({ + 'cart': { + 'data_id': Math.floor(Date.now() / 1000) - 61 * 60, // 61 minutes ago + 'content': {} + } + }); + init(); + expect(customerData.getExpiredSectionNames()).toEqual(['cart']); + }); + + it('check that result doest not contain unexpired section names', function () { + setupLocalStorage({ + 'cart': { + 'data_id': Math.floor(Date.now() / 1000) + 60, // in 1 minute + 'content': {} + } + }); + init(); + expect(customerData.getExpiredSectionNames()).toEqual([]); + }); + + it('check that result contains invalidated section names', function () { + setupLocalStorage({ + 'cart': { // without storage content + 'data_id': Math.floor(Date.now() / 1000) + 60 // in 1 minute + } + }); + + init(); + expect(customerData.getExpiredSectionNames()).toEqual(['cart']); + }); + + it('check that result does not contain unsupported section names', function () { + setupLocalStorage({ + 'catalog': { // without storage content + 'data_id': Math.floor(Date.now() / 1000) + 60 // in 1 minute + } + }); + + init(); + expect(customerData.getExpiredSectionNames()).toEqual([]); + }); + }); + + describe('init()', function () { + it('check that sections are not requested from server, if there are no expired sections', function () { + setupLocalStorage({ + 'catalog': { // without storage content + 'data_id': Math.floor(Date.now() / 1000) + 60 // in 1 minute + } + }); + + $.getJSON = jasmine.createSpy('$.getJSON').and.callFake(function () { + var deferred = $.Deferred(); + + return deferred.promise(); + }); + + init(); + expect($.getJSON).not.toHaveBeenCalled(); + }); + it('check that sections are requested from server, if there are expired sections', function () { + setupLocalStorage({ + 'customer': { + 'data_id': Math.floor(Date.now() / 1000) + 60 // invalidated, + }, + 'cart': { + 'data_id': Math.floor(Date.now() / 1000) - 61 * 60, // 61 minutes ago + 'content': {} + }, + 'product_data_storage': { + 'data_id': Math.floor(Date.now() / 1000) + 60, // in 1 minute + 'content': {} + }, + 'catalog': { + 'data_id': Math.floor(Date.now() / 1000) + 60 // invalid section, + }, + 'checkout': { + 'data_id': Math.floor(Date.now() / 1000) - 61 * 60, // invalid section, + 'content': {} + } + }); + + $.getJSON = jasmine.createSpy('$.getJSON').and.callFake(function () { + var deferred = $.Deferred(); + + return deferred.promise(); + }); + + init(); + expect($.getJSON).toHaveBeenCalledWith( + 'http://localhost/customer/section/load/', + jasmine.objectContaining({ + sections: 'cart,customer' + }) + ); + }); + }); + }); +}); From 3dba58b321217cb186e03449c611382dc54a588f Mon Sep 17 00:00:00 2001 From: Victor Rad Date: Wed, 19 Aug 2020 15:29:43 -0500 Subject: [PATCH 06/21] MC-36598: Default Billing address is not selected after the same address checkbox unticked --- .../Test/Mftf/Section/CheckoutPaymentSection.xml | 2 ++ ...eckoutAsCustomerUsingNonDefaultAddressTest.xml | 5 +++-- .../Customer/Test/Mftf/Data/CustomerData.xml | 15 +++++++++++++++ 3 files changed, 20 insertions(+), 2 deletions(-) diff --git a/app/code/Magento/Checkout/Test/Mftf/Section/CheckoutPaymentSection.xml b/app/code/Magento/Checkout/Test/Mftf/Section/CheckoutPaymentSection.xml index 5a9857f6aaa78..1c9933064154a 100644 --- a/app/code/Magento/Checkout/Test/Mftf/Section/CheckoutPaymentSection.xml +++ b/app/code/Magento/Checkout/Test/Mftf/Section/CheckoutPaymentSection.xml @@ -15,6 +15,8 @@ + + diff --git a/app/code/Magento/Checkout/Test/Mftf/Test/OnePageCheckoutAsCustomerUsingNonDefaultAddressTest.xml b/app/code/Magento/Checkout/Test/Mftf/Test/OnePageCheckoutAsCustomerUsingNonDefaultAddressTest.xml index 6a211c3908059..13968964436b4 100644 --- a/app/code/Magento/Checkout/Test/Mftf/Test/OnePageCheckoutAsCustomerUsingNonDefaultAddressTest.xml +++ b/app/code/Magento/Checkout/Test/Mftf/Test/OnePageCheckoutAsCustomerUsingNonDefaultAddressTest.xml @@ -26,7 +26,7 @@ - + @@ -70,7 +70,8 @@ - + + diff --git a/app/code/Magento/Customer/Test/Mftf/Data/CustomerData.xml b/app/code/Magento/Customer/Test/Mftf/Data/CustomerData.xml index e176c45a1fa00..5db0b8f5581d7 100644 --- a/app/code/Magento/Customer/Test/Mftf/Data/CustomerData.xml +++ b/app/code/Magento/Customer/Test/Mftf/Data/CustomerData.xml @@ -285,6 +285,21 @@ DE_Address_Berlin_Not_Default_Address UK_Not_Default_Address + + 1 + true + true + John.Doe@example.com + John + Doe + John Doe + pwdTest123! + 0 + 0 + DE_Address_Berlin_Not_Default_Address + UK_Not_Default_Address + US_Address_NY + 3 true From 4fd39eac5c9aa26b55f7caff296000201a2acdb3 Mon Sep 17 00:00:00 2001 From: Roman Lytvynenko Date: Fri, 21 Aug 2020 10:20:46 -0500 Subject: [PATCH 07/21] MC-36647: Order can be placed as a customer after session cookie expiration with Persistent Cart enabled --- .../Model/Plugin/CustomerAuthorization.php | 80 +++++++++++++++++++ .../Magento/Persistent/etc/webapi_rest/di.xml | 3 + .../Magento/Persistent/etc/webapi_soap/di.xml | 3 + 3 files changed, 86 insertions(+) create mode 100644 app/code/Magento/Persistent/Model/Plugin/CustomerAuthorization.php diff --git a/app/code/Magento/Persistent/Model/Plugin/CustomerAuthorization.php b/app/code/Magento/Persistent/Model/Plugin/CustomerAuthorization.php new file mode 100644 index 0000000000000..d7475c725b481 --- /dev/null +++ b/app/code/Magento/Persistent/Model/Plugin/CustomerAuthorization.php @@ -0,0 +1,80 @@ +userContext = $userContext; + $this->customerSession = $customerSession; + $this->persistentSession = $persistentSession; + } + + /** + * Check if the customer is logged in prior placing order on his behalf when the persistent cart is active + * + * @SuppressWarnings(PHPMD.UnusedFormalParameter) + * @param Authorization $subject + * @param Closure $proceed + * @param $resource + * @param null $privilege + * @return false|mixed + */ + public function aroundIsAllowed( + Authorization $subject, + Closure $proceed, + $resource, + $privilege = null + ) { + if ($resource == AuthorizationService::PERMISSION_SELF + && $this->userContext->getUserId() + && $this->userContext->getUserType() === UserContextInterface::USER_TYPE_CUSTOMER + && !$this->customerSession->isLoggedIn() + && $this->persistentSession->isPersistent() + ) { + return false; + } + + return true; + } +} diff --git a/app/code/Magento/Persistent/etc/webapi_rest/di.xml b/app/code/Magento/Persistent/etc/webapi_rest/di.xml index cb0aec6b460af..21a47576b1a08 100644 --- a/app/code/Magento/Persistent/etc/webapi_rest/di.xml +++ b/app/code/Magento/Persistent/etc/webapi_rest/di.xml @@ -13,4 +13,7 @@ + + + diff --git a/app/code/Magento/Persistent/etc/webapi_soap/di.xml b/app/code/Magento/Persistent/etc/webapi_soap/di.xml index cb0aec6b460af..21a47576b1a08 100644 --- a/app/code/Magento/Persistent/etc/webapi_soap/di.xml +++ b/app/code/Magento/Persistent/etc/webapi_soap/di.xml @@ -13,4 +13,7 @@ + + + From 3e0320f303de2c06e38d330f9197b6a25af9fd60 Mon Sep 17 00:00:00 2001 From: Roman Lytvynenko Date: Fri, 21 Aug 2020 17:40:20 -0500 Subject: [PATCH 08/21] MC-36647: Order can be placed as a customer after session cookie expiration with Persistent Cart enabled --- .../Customer/Model/Customer/Authorization.php | 77 +++++++++++++++++++ .../Model/Customer/AuthorizationComposite.php | 41 ++++++++++ .../Model/Plugin/CustomerAuthorization.php | 74 ++++-------------- .../Magento/Customer/etc/webapi_rest/di.xml | 9 +++ .../Magento/Customer/etc/webapi_soap/di.xml | 9 +++ .../Authorization.php} | 32 ++------ .../Magento/Persistent/etc/webapi_rest/di.xml | 8 +- .../Magento/Persistent/etc/webapi_soap/di.xml | 8 +- 8 files changed, 172 insertions(+), 86 deletions(-) create mode 100644 app/code/Magento/Customer/Model/Customer/Authorization.php create mode 100644 app/code/Magento/Customer/Model/Customer/AuthorizationComposite.php rename app/code/Magento/Persistent/Model/{Plugin/CustomerAuthorization.php => Customer/Authorization.php} (62%) diff --git a/app/code/Magento/Customer/Model/Customer/Authorization.php b/app/code/Magento/Customer/Model/Customer/Authorization.php new file mode 100644 index 0000000000000..f4e6d07affc84 --- /dev/null +++ b/app/code/Magento/Customer/Model/Customer/Authorization.php @@ -0,0 +1,77 @@ +userContext = $userContext; + $this->customerFactory = $customerFactory; + $this->customerResource = $customerResource; + $this->storeManager = $storeManager; + } + + public function isAllowed($resource, $privilege = null) + { + if ($resource == AuthorizationService::PERMISSION_SELF + && $this->userContext->getUserId() + && $this->userContext->getUserType() === UserContextInterface::USER_TYPE_CUSTOMER + ) { + $customer = $this->customerFactory->create(); + $this->customerResource->load($customer, $this->userContext->getUserId()); + $currentStoreId = $this->storeManager->getStore()->getId(); + $sharedStoreIds = $customer->getSharedStoreIds(); + if (in_array($currentStoreId, $sharedStoreIds)) { + return true; + } + } + + return false; + } +} diff --git a/app/code/Magento/Customer/Model/Customer/AuthorizationComposite.php b/app/code/Magento/Customer/Model/Customer/AuthorizationComposite.php new file mode 100644 index 0000000000000..e643460a32789 --- /dev/null +++ b/app/code/Magento/Customer/Model/Customer/AuthorizationComposite.php @@ -0,0 +1,41 @@ +authorizationChecks = $authorizationChecks; + } + + public function isAllowed($resource, $privilege = null) + { + $result = false; + + foreach ($this->authorizationChecks as $authorizationCheck) { + $result = $authorizationCheck->isAllowed($resource, $privilege); + if (!$result) { + break; + } + } + + return $result; + } +} diff --git a/app/code/Magento/Customer/Model/Plugin/CustomerAuthorization.php b/app/code/Magento/Customer/Model/Plugin/CustomerAuthorization.php index b877b2cca67a5..292c22fba512b 100644 --- a/app/code/Magento/Customer/Model/Plugin/CustomerAuthorization.php +++ b/app/code/Magento/Customer/Model/Plugin/CustomerAuthorization.php @@ -6,11 +6,9 @@ namespace Magento\Customer\Model\Plugin; -use Magento\Authorization\Model\UserContextInterface; -use Magento\Customer\Model\CustomerFactory; -use Magento\Customer\Model\ResourceModel\Customer as CustomerResource; -use Magento\Integration\Api\AuthorizationServiceInterface as AuthorizationService; -use Magento\Store\Model\StoreManagerInterface; +use Closure; +use Magento\Customer\Model\Customer\AuthorizationComposite; +use Magento\Framework\Authorization; /** * Plugin around \Magento\Framework\Authorization::isAllowed @@ -20,74 +18,36 @@ class CustomerAuthorization { /** - * @var UserContextInterface + * @var AuthorizationComposite */ - private $userContext; - - /** - * @var CustomerFactory - */ - private $customerFactory; - - /** - * @var CustomerResource - */ - private $customerResource; - - /** - * @var StoreManagerInterface - */ - private $storeManager; + private $authorizationComposite; /** * Inject dependencies. - * - * @param UserContextInterface $userContext - * @param CustomerFactory $customerFactory - * @param CustomerResource $customerResource - * @param StoreManagerInterface $storeManager + * @param AuthorizationComposite $composite */ public function __construct( - UserContextInterface $userContext, - CustomerFactory $customerFactory, - CustomerResource $customerResource, - StoreManagerInterface $storeManager + AuthorizationComposite $composite ) { - $this->userContext = $userContext; - $this->customerFactory = $customerFactory; - $this->customerResource = $customerResource; - $this->storeManager = $storeManager; + $this->authorizationComposite = $composite; } /** - * Check if resource for which access is needed has self permissions defined in webapi config. - * - * @param \Magento\Framework\Authorization $subject - * @param callable $proceed - * @param string $resource - * @param string $privilege - * - * @return bool true If resource permission is self, to allow - * customer access without further checks in parent method * @SuppressWarnings(PHPMD.UnusedFormalParameter) + * @param Authorization $subject + * @param Closure $proceed + * @param $resource + * @param null $privilege + * @return bool|mixed */ public function aroundIsAllowed( - \Magento\Framework\Authorization $subject, - \Closure $proceed, + Authorization $subject, + Closure $proceed, $resource, $privilege = null ) { - if ($resource == AuthorizationService::PERMISSION_SELF - && $this->userContext->getUserId() - && $this->userContext->getUserType() === UserContextInterface::USER_TYPE_CUSTOMER - ) { - $customer = $this->customerFactory->create(); - $this->customerResource->load($customer, $this->userContext->getUserId()); - $currentStoreId = $this->storeManager->getStore()->getId(); - $sharedStoreIds = $customer->getSharedStoreIds(); - if (in_array($currentStoreId, $sharedStoreIds)) { - return true; - } + if ($this->authorizationComposite->isAllowed($resource, $privilege)) { + return true; } return $proceed($resource, $privilege); diff --git a/app/code/Magento/Customer/etc/webapi_rest/di.xml b/app/code/Magento/Customer/etc/webapi_rest/di.xml index a349d07a5e222..d07d1a61c3d62 100644 --- a/app/code/Magento/Customer/etc/webapi_rest/di.xml +++ b/app/code/Magento/Customer/etc/webapi_rest/di.xml @@ -22,4 +22,13 @@ + + + + + Magento\Customer\Model\Customer\Authorization + + + + diff --git a/app/code/Magento/Customer/etc/webapi_soap/di.xml b/app/code/Magento/Customer/etc/webapi_soap/di.xml index 646ba98b4c5d8..c23de8ef3f7e1 100644 --- a/app/code/Magento/Customer/etc/webapi_soap/di.xml +++ b/app/code/Magento/Customer/etc/webapi_soap/di.xml @@ -9,4 +9,13 @@ + + + + + Magento\Customer\Model\Customer\Authorization + + + + diff --git a/app/code/Magento/Persistent/Model/Plugin/CustomerAuthorization.php b/app/code/Magento/Persistent/Model/Customer/Authorization.php similarity index 62% rename from app/code/Magento/Persistent/Model/Plugin/CustomerAuthorization.php rename to app/code/Magento/Persistent/Model/Customer/Authorization.php index d7475c725b481..e9687b2193475 100644 --- a/app/code/Magento/Persistent/Model/Plugin/CustomerAuthorization.php +++ b/app/code/Magento/Persistent/Model/Customer/Authorization.php @@ -4,21 +4,15 @@ * See COPYING.txt for license details. */ -namespace Magento\Persistent\Model\Plugin; +namespace Magento\Persistent\Model\Customer; -use Closure; use Magento\Authorization\Model\UserContextInterface; use Magento\Customer\Model\Session as CustomerSession; -use Magento\Framework\Authorization; +use Magento\Framework\AuthorizationInterface; use Magento\Integration\Api\AuthorizationServiceInterface as AuthorizationService; use Magento\Persistent\Helper\Session as PersistentSession; -/** - * Plugin around \Magento\Framework\Authorization::isAllowed - * - * Performs the check if the customer is logged in prior placing order on his behalf when the persistent cart is active - */ -class CustomerAuthorization +class Authorization implements AuthorizationInterface { /** * @var UserContextInterface @@ -50,31 +44,19 @@ public function __construct( $this->persistentSession = $persistentSession; } - /** - * Check if the customer is logged in prior placing order on his behalf when the persistent cart is active - * - * @SuppressWarnings(PHPMD.UnusedFormalParameter) - * @param Authorization $subject - * @param Closure $proceed - * @param $resource - * @param null $privilege - * @return false|mixed - */ - public function aroundIsAllowed( - Authorization $subject, - Closure $proceed, + public function isAllowed( $resource, $privilege = null ) { if ($resource == AuthorizationService::PERMISSION_SELF && $this->userContext->getUserId() && $this->userContext->getUserType() === UserContextInterface::USER_TYPE_CUSTOMER - && !$this->customerSession->isLoggedIn() + && $this->customerSession->isLoggedIn() && $this->persistentSession->isPersistent() ) { - return false; + return true; } - return true; + return false; } } diff --git a/app/code/Magento/Persistent/etc/webapi_rest/di.xml b/app/code/Magento/Persistent/etc/webapi_rest/di.xml index 21a47576b1a08..89504f0471788 100644 --- a/app/code/Magento/Persistent/etc/webapi_rest/di.xml +++ b/app/code/Magento/Persistent/etc/webapi_rest/di.xml @@ -13,7 +13,11 @@ - - + + + + Magento\Persistent\Model\Customer\Authorization + + diff --git a/app/code/Magento/Persistent/etc/webapi_soap/di.xml b/app/code/Magento/Persistent/etc/webapi_soap/di.xml index 21a47576b1a08..2a440fff03598 100644 --- a/app/code/Magento/Persistent/etc/webapi_soap/di.xml +++ b/app/code/Magento/Persistent/etc/webapi_soap/di.xml @@ -13,7 +13,11 @@ - - + + + + Magento\Persistent\Model\Customer\Authorization + + From fe8771e08ba3f1a1e956d9531fb4448963c5603c Mon Sep 17 00:00:00 2001 From: Roman Lytvynenko Date: Mon, 24 Aug 2020 07:57:04 -0500 Subject: [PATCH 09/21] MC-36647: Order can be placed as a customer after session cookie expiration with Persistent Cart enabled --- .../Persistent/Model/Customer/Authorization.php | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/app/code/Magento/Persistent/Model/Customer/Authorization.php b/app/code/Magento/Persistent/Model/Customer/Authorization.php index e9687b2193475..7852000ad525a 100644 --- a/app/code/Magento/Persistent/Model/Customer/Authorization.php +++ b/app/code/Magento/Persistent/Model/Customer/Authorization.php @@ -48,15 +48,15 @@ public function isAllowed( $resource, $privilege = null ) { - if ($resource == AuthorizationService::PERMISSION_SELF + if ($this->persistentSession->isPersistent() + && $resource == AuthorizationService::PERMISSION_SELF && $this->userContext->getUserId() && $this->userContext->getUserType() === UserContextInterface::USER_TYPE_CUSTOMER - && $this->customerSession->isLoggedIn() - && $this->persistentSession->isPersistent() + && !$this->customerSession->isLoggedIn() ) { - return true; + return false; } - return false; + return true; } } From f794b771c3e1e028519a52222cf299f723fc22ff Mon Sep 17 00:00:00 2001 From: Roman Lytvynenko Date: Mon, 24 Aug 2020 08:11:06 -0500 Subject: [PATCH 10/21] MC-36647: Order can be placed as a customer after session cookie expiration with Persistent Cart enabled --- .../Persistent/Model/Customer/Authorization.php | 17 +---------------- 1 file changed, 1 insertion(+), 16 deletions(-) diff --git a/app/code/Magento/Persistent/Model/Customer/Authorization.php b/app/code/Magento/Persistent/Model/Customer/Authorization.php index 7852000ad525a..156a55b39991b 100644 --- a/app/code/Magento/Persistent/Model/Customer/Authorization.php +++ b/app/code/Magento/Persistent/Model/Customer/Authorization.php @@ -6,19 +6,12 @@ namespace Magento\Persistent\Model\Customer; -use Magento\Authorization\Model\UserContextInterface; use Magento\Customer\Model\Session as CustomerSession; use Magento\Framework\AuthorizationInterface; -use Magento\Integration\Api\AuthorizationServiceInterface as AuthorizationService; use Magento\Persistent\Helper\Session as PersistentSession; class Authorization implements AuthorizationInterface { - /** - * @var UserContextInterface - */ - private $userContext; - /** * @var CustomerSession */ @@ -30,16 +23,13 @@ class Authorization implements AuthorizationInterface private $persistentSession; /** - * @param UserContextInterface $userContext * @param CustomerSession $customerSession * @param PersistentSession $persistentSession */ public function __construct( - UserContextInterface $userContext, CustomerSession $customerSession, PersistentSession $persistentSession ) { - $this->userContext = $userContext; $this->customerSession = $customerSession; $this->persistentSession = $persistentSession; } @@ -48,12 +38,7 @@ public function isAllowed( $resource, $privilege = null ) { - if ($this->persistentSession->isPersistent() - && $resource == AuthorizationService::PERMISSION_SELF - && $this->userContext->getUserId() - && $this->userContext->getUserType() === UserContextInterface::USER_TYPE_CUSTOMER - && !$this->customerSession->isLoggedIn() - ) { + if ($this->persistentSession->isPersistent() && !$this->customerSession->isLoggedIn()) { return false; } From afa8c7fd86e7f9f2ee994d361900b5cc8fb236f3 Mon Sep 17 00:00:00 2001 From: Roman Lytvynenko Date: Mon, 24 Aug 2020 11:53:34 -0500 Subject: [PATCH 11/21] MC-36647: Order can be placed as a customer after session cookie expiration with Persistent Cart enabled --- .../Magento/Customer/Model/Customer/Authorization.php | 5 +++++ .../Customer/Model/Customer/AuthorizationComposite.php | 8 ++++++++ .../Customer/Model/Plugin/CustomerAuthorization.php | 8 +++++--- .../Persistent/Model/Customer/Authorization.php | 10 ++++++++++ app/code/Magento/Persistent/etc/webapi_rest/di.xml | 5 +++++ app/code/Magento/Persistent/etc/webapi_soap/di.xml | 5 +++++ 6 files changed, 38 insertions(+), 3 deletions(-) diff --git a/app/code/Magento/Customer/Model/Customer/Authorization.php b/app/code/Magento/Customer/Model/Customer/Authorization.php index f4e6d07affc84..f5ddf839597e2 100644 --- a/app/code/Magento/Customer/Model/Customer/Authorization.php +++ b/app/code/Magento/Customer/Model/Customer/Authorization.php @@ -40,6 +40,8 @@ class Authorization implements AuthorizationInterface private $storeManager; /** + * Authorization constructor. + * * @param UserContextInterface $userContext * @param CustomerFactory $customerFactory * @param CustomerResource $customerResource @@ -57,6 +59,9 @@ public function __construct( $this->storeManager = $storeManager; } + /** + * @inheritdoc + */ public function isAllowed($resource, $privilege = null) { if ($resource == AuthorizationService::PERMISSION_SELF diff --git a/app/code/Magento/Customer/Model/Customer/AuthorizationComposite.php b/app/code/Magento/Customer/Model/Customer/AuthorizationComposite.php index e643460a32789..790c81056f4ff 100644 --- a/app/code/Magento/Customer/Model/Customer/AuthorizationComposite.php +++ b/app/code/Magento/Customer/Model/Customer/AuthorizationComposite.php @@ -19,12 +19,20 @@ class AuthorizationComposite implements AuthorizationInterface */ private $authorizationChecks; + /** + * AuthorizationComposite constructor. + * + * @param array $authorizationChecks + */ public function __construct( array $authorizationChecks ) { $this->authorizationChecks = $authorizationChecks; } + /** + * @inheritdoc + */ public function isAllowed($resource, $privilege = null) { $result = false; diff --git a/app/code/Magento/Customer/Model/Plugin/CustomerAuthorization.php b/app/code/Magento/Customer/Model/Plugin/CustomerAuthorization.php index 292c22fba512b..f9c16b95ee054 100644 --- a/app/code/Magento/Customer/Model/Plugin/CustomerAuthorization.php +++ b/app/code/Magento/Customer/Model/Plugin/CustomerAuthorization.php @@ -33,17 +33,19 @@ public function __construct( } /** + * Verify if to allow customer users to access resources with self permission + * * @SuppressWarnings(PHPMD.UnusedFormalParameter) * @param Authorization $subject * @param Closure $proceed - * @param $resource - * @param null $privilege + * @param string $resource + * @param $privilege * @return bool|mixed */ public function aroundIsAllowed( Authorization $subject, Closure $proceed, - $resource, + string $resource, $privilege = null ) { if ($this->authorizationComposite->isAllowed($resource, $privilege)) { diff --git a/app/code/Magento/Persistent/Model/Customer/Authorization.php b/app/code/Magento/Persistent/Model/Customer/Authorization.php index 156a55b39991b..0ebda14e215ec 100644 --- a/app/code/Magento/Persistent/Model/Customer/Authorization.php +++ b/app/code/Magento/Persistent/Model/Customer/Authorization.php @@ -10,6 +10,11 @@ use Magento\Framework\AuthorizationInterface; use Magento\Persistent\Helper\Session as PersistentSession; +/** + * Authorization logic for persistent customers + * + * @SuppressWarnings(PHPMD.CookieAndSessionMisuse) + */ class Authorization implements AuthorizationInterface { /** @@ -34,6 +39,11 @@ public function __construct( $this->persistentSession = $persistentSession; } + /** + * @inheritdoc + * + * @SuppressWarnings(PHPMD.UnusedFormalParameter) + */ public function isAllowed( $resource, $privilege = null diff --git a/app/code/Magento/Persistent/etc/webapi_rest/di.xml b/app/code/Magento/Persistent/etc/webapi_rest/di.xml index 89504f0471788..5c2c6d0450019 100644 --- a/app/code/Magento/Persistent/etc/webapi_rest/di.xml +++ b/app/code/Magento/Persistent/etc/webapi_rest/di.xml @@ -20,4 +20,9 @@ + + + Magento\Customer\Model\Session\Proxy + + diff --git a/app/code/Magento/Persistent/etc/webapi_soap/di.xml b/app/code/Magento/Persistent/etc/webapi_soap/di.xml index 2a440fff03598..cd1006fa5c73e 100644 --- a/app/code/Magento/Persistent/etc/webapi_soap/di.xml +++ b/app/code/Magento/Persistent/etc/webapi_soap/di.xml @@ -20,4 +20,9 @@ + + + Magento\Customer\Model\Session\Proxy + + From 32b30e570fc747f7c1b63305be9d9dbff10cbb79 Mon Sep 17 00:00:00 2001 From: Roman Lytvynenko Date: Mon, 24 Aug 2020 15:15:52 -0500 Subject: [PATCH 12/21] MC-36647: Order can be placed as a customer after session cookie expiration with Persistent Cart enabled --- .../Customer/Model/Plugin/CustomerAuthorization.php | 2 +- app/code/Magento/Persistent/etc/di.xml | 10 ++++++++++ app/code/Magento/Persistent/etc/webapi_rest/di.xml | 5 ----- app/code/Magento/Persistent/etc/webapi_soap/di.xml | 5 ----- 4 files changed, 11 insertions(+), 11 deletions(-) diff --git a/app/code/Magento/Customer/Model/Plugin/CustomerAuthorization.php b/app/code/Magento/Customer/Model/Plugin/CustomerAuthorization.php index f9c16b95ee054..c3de3af812670 100644 --- a/app/code/Magento/Customer/Model/Plugin/CustomerAuthorization.php +++ b/app/code/Magento/Customer/Model/Plugin/CustomerAuthorization.php @@ -39,7 +39,7 @@ public function __construct( * @param Authorization $subject * @param Closure $proceed * @param string $resource - * @param $privilege + * @param null $privilege * @return bool|mixed */ public function aroundIsAllowed( diff --git a/app/code/Magento/Persistent/etc/di.xml b/app/code/Magento/Persistent/etc/di.xml index f49d4361acb52..fd1c97fae66d9 100644 --- a/app/code/Magento/Persistent/etc/di.xml +++ b/app/code/Magento/Persistent/etc/di.xml @@ -12,4 +12,14 @@ + + + Magento\Customer\Model\Session\Proxy + + + + + Magento\Checkout\Model\Session\Proxy + + diff --git a/app/code/Magento/Persistent/etc/webapi_rest/di.xml b/app/code/Magento/Persistent/etc/webapi_rest/di.xml index 5c2c6d0450019..89504f0471788 100644 --- a/app/code/Magento/Persistent/etc/webapi_rest/di.xml +++ b/app/code/Magento/Persistent/etc/webapi_rest/di.xml @@ -20,9 +20,4 @@ - - - Magento\Customer\Model\Session\Proxy - - diff --git a/app/code/Magento/Persistent/etc/webapi_soap/di.xml b/app/code/Magento/Persistent/etc/webapi_soap/di.xml index cd1006fa5c73e..2a440fff03598 100644 --- a/app/code/Magento/Persistent/etc/webapi_soap/di.xml +++ b/app/code/Magento/Persistent/etc/webapi_soap/di.xml @@ -20,9 +20,4 @@ - - - Magento\Customer\Model\Session\Proxy - - From 2c0c2805d516263a771f0737c3e3db5c0f817cae Mon Sep 17 00:00:00 2001 From: Roman Lytvynenko Date: Mon, 24 Aug 2020 17:25:58 -0500 Subject: [PATCH 13/21] MC-36647: Order can be placed as a customer after session cookie expiration with Persistent Cart enabled --- .../Magento/Customer/Model/Plugin/CustomerAuthorization.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/code/Magento/Customer/Model/Plugin/CustomerAuthorization.php b/app/code/Magento/Customer/Model/Plugin/CustomerAuthorization.php index c3de3af812670..65bf9843e44fd 100644 --- a/app/code/Magento/Customer/Model/Plugin/CustomerAuthorization.php +++ b/app/code/Magento/Customer/Model/Plugin/CustomerAuthorization.php @@ -39,7 +39,7 @@ public function __construct( * @param Authorization $subject * @param Closure $proceed * @param string $resource - * @param null $privilege + * @param mixed $privilege * @return bool|mixed */ public function aroundIsAllowed( From 33921dd7898e67b606091627d9fbb7a408d1f694 Mon Sep 17 00:00:00 2001 From: Roman Lytvynenko Date: Tue, 25 Aug 2020 09:10:58 -0500 Subject: [PATCH 14/21] MC-36647: Order can be placed as a customer after session cookie expiration with Persistent Cart enabled --- app/code/Magento/Customer/Model/Customer/Authorization.php | 2 +- .../Magento/Customer/Model/Customer/AuthorizationComposite.php | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/app/code/Magento/Customer/Model/Customer/Authorization.php b/app/code/Magento/Customer/Model/Customer/Authorization.php index f5ddf839597e2..027eeb0dd581b 100644 --- a/app/code/Magento/Customer/Model/Customer/Authorization.php +++ b/app/code/Magento/Customer/Model/Customer/Authorization.php @@ -15,7 +15,7 @@ use Magento\Store\Model\StoreManagerInterface; /** - * Class to invalidate user credentials + * Checks if customer is logged in and authorized in the current store */ class Authorization implements AuthorizationInterface { diff --git a/app/code/Magento/Customer/Model/Customer/AuthorizationComposite.php b/app/code/Magento/Customer/Model/Customer/AuthorizationComposite.php index 790c81056f4ff..c0d4651a2e0f1 100644 --- a/app/code/Magento/Customer/Model/Customer/AuthorizationComposite.php +++ b/app/code/Magento/Customer/Model/Customer/AuthorizationComposite.php @@ -22,7 +22,7 @@ class AuthorizationComposite implements AuthorizationInterface /** * AuthorizationComposite constructor. * - * @param array $authorizationChecks + * @param AuthorizationInterface[] $authorizationChecks */ public function __construct( array $authorizationChecks From 272dcf6bb42123d7b29b46d90e57172b0f61de8f Mon Sep 17 00:00:00 2001 From: Roman Lytvynenko Date: Tue, 25 Aug 2020 09:52:56 -0500 Subject: [PATCH 15/21] MC-36647: Order can be placed as a customer after session cookie expiration with Persistent Cart enabled --- .../Magento/Customer/Model/Customer/Authorization.php | 8 ++++---- .../Customer/Model/Customer/AuthorizationComposite.php | 1 + .../Magento/Persistent/Model/Customer/Authorization.php | 1 + 3 files changed, 6 insertions(+), 4 deletions(-) diff --git a/app/code/Magento/Customer/Model/Customer/Authorization.php b/app/code/Magento/Customer/Model/Customer/Authorization.php index 027eeb0dd581b..5df3dbc51b732 100644 --- a/app/code/Magento/Customer/Model/Customer/Authorization.php +++ b/app/code/Magento/Customer/Model/Customer/Authorization.php @@ -4,6 +4,7 @@ * Copyright © Magento, Inc. All rights reserved. * See COPYING.txt for license details. */ +declare(strict_types=1); namespace Magento\Customer\Model\Customer; @@ -64,7 +65,7 @@ public function __construct( */ public function isAllowed($resource, $privilege = null) { - if ($resource == AuthorizationService::PERMISSION_SELF + if ($resource === AuthorizationService::PERMISSION_SELF && $this->userContext->getUserId() && $this->userContext->getUserType() === UserContextInterface::USER_TYPE_CUSTOMER ) { @@ -72,9 +73,8 @@ public function isAllowed($resource, $privilege = null) $this->customerResource->load($customer, $this->userContext->getUserId()); $currentStoreId = $this->storeManager->getStore()->getId(); $sharedStoreIds = $customer->getSharedStoreIds(); - if (in_array($currentStoreId, $sharedStoreIds)) { - return true; - } + + return in_array($currentStoreId, $sharedStoreIds); } return false; diff --git a/app/code/Magento/Customer/Model/Customer/AuthorizationComposite.php b/app/code/Magento/Customer/Model/Customer/AuthorizationComposite.php index c0d4651a2e0f1..716719470796e 100644 --- a/app/code/Magento/Customer/Model/Customer/AuthorizationComposite.php +++ b/app/code/Magento/Customer/Model/Customer/AuthorizationComposite.php @@ -4,6 +4,7 @@ * Copyright © Magento, Inc. All rights reserved. * See COPYING.txt for license details. */ +declare(strict_types=1); namespace Magento\Customer\Model\Customer; diff --git a/app/code/Magento/Persistent/Model/Customer/Authorization.php b/app/code/Magento/Persistent/Model/Customer/Authorization.php index 0ebda14e215ec..6d8859a30fd96 100644 --- a/app/code/Magento/Persistent/Model/Customer/Authorization.php +++ b/app/code/Magento/Persistent/Model/Customer/Authorization.php @@ -3,6 +3,7 @@ * Copyright © Magento, Inc. All rights reserved. * See COPYING.txt for license details. */ +declare(strict_types=1); namespace Magento\Persistent\Model\Customer; From 00ae2382e1fc813cf53035e73455d41e65388128 Mon Sep 17 00:00:00 2001 From: Roman Lytvynenko Date: Tue, 25 Aug 2020 10:00:54 -0500 Subject: [PATCH 16/21] MC-36647: Order can be placed as a customer after session cookie expiration with Persistent Cart enabled --- .../Magento/Customer/Model/Plugin/CustomerAuthorization.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/code/Magento/Customer/Model/Plugin/CustomerAuthorization.php b/app/code/Magento/Customer/Model/Plugin/CustomerAuthorization.php index 65bf9843e44fd..271d8f795d6f6 100644 --- a/app/code/Magento/Customer/Model/Plugin/CustomerAuthorization.php +++ b/app/code/Magento/Customer/Model/Plugin/CustomerAuthorization.php @@ -40,7 +40,7 @@ public function __construct( * @param Closure $proceed * @param string $resource * @param mixed $privilege - * @return bool|mixed + * @return bool */ public function aroundIsAllowed( Authorization $subject, From 4fd4dd266edc48de8d1538c75a3256da26e7dd99 Mon Sep 17 00:00:00 2001 From: Roman Lytvynenko Date: Wed, 26 Aug 2020 09:37:33 -0500 Subject: [PATCH 17/21] MC-36647: Order can be placed as a customer after session cookie expiration with Persistent Cart enabled --- .../Unit/Model/Customer/AuthorizationTest.php | 102 ++++++++++++++++++ 1 file changed, 102 insertions(+) create mode 100644 app/code/Magento/Persistent/Test/Unit/Model/Customer/AuthorizationTest.php diff --git a/app/code/Magento/Persistent/Test/Unit/Model/Customer/AuthorizationTest.php b/app/code/Magento/Persistent/Test/Unit/Model/Customer/AuthorizationTest.php new file mode 100644 index 0000000000000..4ee5309fcd9e3 --- /dev/null +++ b/app/code/Magento/Persistent/Test/Unit/Model/Customer/AuthorizationTest.php @@ -0,0 +1,102 @@ +persistentSessionMock = $this->getMockBuilder(PersistentSession::class) + ->onlyMethods(['isPersistent']) + ->disableOriginalConstructor() + ->getMock(); + + $this->customerSessionMock = $this->getMockBuilder(CustomerSession::class) + ->onlyMethods(['isLoggedIn']) + ->disableOriginalConstructor() + ->getMock(); + + $this->authorization = new Authorization( + $this->customerSessionMock, + $this->persistentSessionMock + ); + } + + /** + * Validate if isAuthorized() will return proper permission value for logged in/ out persistent customers + * + * @dataProvider persistentLoggedInCombinations + * @param bool $isPersistent + * @param bool $isLoggedIn + * @param bool $isAllowedExpectation + */ + public function testIsAuthorized( + bool $isPersistent, + bool $isLoggedIn, + bool $isAllowedExpectation + ): void { + $this->persistentSessionMock->method('isPersistent')->willReturn($isPersistent); + $this->customerSessionMock->method('isLoggedIn')->willReturn($isLoggedIn); + $isAllowedResult = $this->authorization->isAllowed('self'); + + $this->assertEquals($isAllowedExpectation, $isAllowedResult); + } + + /** + * @return array + */ + public function persistentLoggedInCombinations(): array + { + return [ + [ + true, + false, + false + ], + [ + true, + true, + true + ], + [ + false, + false, + true + ], + ]; + } +} From bb99950661edae2099bcb54bdf23e3222381f02a Mon Sep 17 00:00:00 2001 From: Roman Lytvynenko Date: Wed, 26 Aug 2020 10:20:39 -0500 Subject: [PATCH 18/21] MC-36647: Order can be placed as a customer after session cookie expiration with Persistent Cart enabled --- .../Unit/Model/Customer/AuthorizationTest.php | 20 ++++++++++++++----- 1 file changed, 15 insertions(+), 5 deletions(-) diff --git a/app/code/Magento/Persistent/Test/Unit/Model/Customer/AuthorizationTest.php b/app/code/Magento/Persistent/Test/Unit/Model/Customer/AuthorizationTest.php index 4ee5309fcd9e3..049014807190c 100644 --- a/app/code/Magento/Persistent/Test/Unit/Model/Customer/AuthorizationTest.php +++ b/app/code/Magento/Persistent/Test/Unit/Model/Customer/AuthorizationTest.php @@ -9,9 +9,10 @@ use Magento\Customer\Model\Session as CustomerSession; use Magento\Persistent\Helper\Session as PersistentSession; -use Magento\Persistent\Model\Customer\Authorization; +use Magento\Persistent\Model\Customer\Authorization as PersistentAuthorization; use PHPUnit\Framework\MockObject\MockObject; use PHPUnit\Framework\TestCase; +use Magento\Customer\Model\Customer\AuthorizationComposite as CustomerAuthorizationComposite; /** * A test class for the persistent customers authorization @@ -26,15 +27,20 @@ class AuthorizationTest extends TestCase private $persistentSessionMock; /** - * @var Authorization + * @var PersistentAuthorization */ - private $authorization; + private $persistentCustomerAuthorization; /** * @var CustomerSession|MockObject */ private $customerSessionMock; + /** + * @var CustomerAuthorizationComposite + */ + private $customerAuthorizationComposite; + /** * @inheritdoc */ @@ -50,10 +56,14 @@ protected function setUp(): void ->disableOriginalConstructor() ->getMock(); - $this->authorization = new Authorization( + $this->persistentCustomerAuthorization = new PersistentAuthorization( $this->customerSessionMock, $this->persistentSessionMock ); + + $this->customerAuthorizationComposite = new CustomerAuthorizationComposite( + [$this->persistentCustomerAuthorization] + ); } /** @@ -71,7 +81,7 @@ public function testIsAuthorized( ): void { $this->persistentSessionMock->method('isPersistent')->willReturn($isPersistent); $this->customerSessionMock->method('isLoggedIn')->willReturn($isLoggedIn); - $isAllowedResult = $this->authorization->isAllowed('self'); + $isAllowedResult = $this->customerAuthorizationComposite->isAllowed('self'); $this->assertEquals($isAllowedExpectation, $isAllowedResult); } From cbc1023155f37b4d5189b2d44c5dff80bd79bfb6 Mon Sep 17 00:00:00 2001 From: Roman Lytvynenko Date: Wed, 26 Aug 2020 10:23:14 -0500 Subject: [PATCH 19/21] MC-36647: Order can be placed as a customer after session cookie expiration with Persistent Cart enabled --- .../Unit/Model/Customer/AuthorizationTest.php | 30 +++++++++---------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/app/code/Magento/Persistent/Test/Unit/Model/Customer/AuthorizationTest.php b/app/code/Magento/Persistent/Test/Unit/Model/Customer/AuthorizationTest.php index 049014807190c..d2abafc7e5ecf 100644 --- a/app/code/Magento/Persistent/Test/Unit/Model/Customer/AuthorizationTest.php +++ b/app/code/Magento/Persistent/Test/Unit/Model/Customer/AuthorizationTest.php @@ -92,21 +92,21 @@ public function testIsAuthorized( public function persistentLoggedInCombinations(): array { return [ - [ - true, - false, - false - ], - [ - true, - true, - true - ], - [ - false, - false, - true - ], + [ + true, + false, + false + ], + [ + true, + true, + true + ], + [ + false, + false, + true + ], ]; } } From a80fa10f665e1da1d64bed6ea7187bef2aa00d2b Mon Sep 17 00:00:00 2001 From: Dmytro Yushkin Date: Wed, 26 Aug 2020 19:08:48 -0500 Subject: [PATCH 20/21] MC-35161: No Payment method is showing in Admin Create Order for one website only. --- app/code/Magento/Sales/Model/AdminOrder/Create.php | 10 ++++++---- .../Magento/Sales/Model/AdminOrder/CreateTest.php | 8 ++------ 2 files changed, 8 insertions(+), 10 deletions(-) diff --git a/app/code/Magento/Sales/Model/AdminOrder/Create.php b/app/code/Magento/Sales/Model/AdminOrder/Create.php index d5a94a4dd1fcf..f60944d57c992 100644 --- a/app/code/Magento/Sales/Model/AdminOrder/Create.php +++ b/app/code/Magento/Sales/Model/AdminOrder/Create.php @@ -745,10 +745,12 @@ public function getCustomerCart() try { $this->_cart = $this->quoteRepository->getForCustomer($customerId, [$storeId]); } catch (\Magento\Framework\Exception\NoSuchEntityException $e) { - $this->_cart->setStore($this->getSession()->getStore()); - $customerData = $this->customerRepository->getById($customerId); - $this->_cart->assignCustomer($customerData); - $this->quoteRepository->save($this->_cart); + if ($this->getQuote()->hasItems()) { + $this->_cart->setStore($this->getSession()->getStore()); + $customerData = $this->customerRepository->getById($customerId); + $this->_cart->assignCustomer($customerData); + $this->quoteRepository->save($this->_cart); + } } } diff --git a/dev/tests/integration/testsuite/Magento/Sales/Model/AdminOrder/CreateTest.php b/dev/tests/integration/testsuite/Magento/Sales/Model/AdminOrder/CreateTest.php index e1cc942d4ae28..86e42e228d623 100644 --- a/dev/tests/integration/testsuite/Magento/Sales/Model/AdminOrder/CreateTest.php +++ b/dev/tests/integration/testsuite/Magento/Sales/Model/AdminOrder/CreateTest.php @@ -693,12 +693,8 @@ public function testGetCustomerCartNewCart() /** SUT execution */ $customerQuote = $this->model->getCustomerCart(); - self::assertNotEmpty($customerQuote->getId(), 'Quote ID is invalid.'); - self::assertEquals( - $customerEmailFromFixture, - $customerQuote->getCustomerEmail(), - 'Customer data is preserved incorrectly in a newly quote.' - ); + self::assertInstanceOf(Quote::class, $customerQuote); + self::assertEmpty($customerQuote->getData()); } /** From 605d211f3247317a148575d462f36d8dabd07360 Mon Sep 17 00:00:00 2001 From: Dmytro Yushkin Date: Wed, 26 Aug 2020 21:24:12 -0500 Subject: [PATCH 21/21] MC-35161: No Payment method is showing in Admin Create Order for one website only. - Static tests fix --- app/code/Magento/Sales/Model/AdminOrder/Create.php | 6 ++++-- .../testsuite/Magento/Sales/Model/AdminOrder/CreateTest.php | 1 - 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/app/code/Magento/Sales/Model/AdminOrder/Create.php b/app/code/Magento/Sales/Model/AdminOrder/Create.php index f60944d57c992..8ef12e5889520 100644 --- a/app/code/Magento/Sales/Model/AdminOrder/Create.php +++ b/app/code/Magento/Sales/Model/AdminOrder/Create.php @@ -787,6 +787,7 @@ public function getCustomerCompareList() public function getCustomerGroupId() { $groupId = $this->getQuote()->getCustomerGroupId(); + // @phpstan-ignore-next-line if (!isset($groupId)) { $groupId = $this->getSession()->getCustomerGroupId(); } @@ -1445,9 +1446,10 @@ public function setShippingAddress($address) */ $saveInAddressBook = (int)(!empty($address['save_in_address_book'])); $shippingAddress->setData('save_in_address_book', $saveInAddressBook); - } - if ($address instanceof \Magento\Quote\Model\Quote\Address) { + } elseif ($address instanceof \Magento\Quote\Model\Quote\Address) { $shippingAddress = $address; + } else { + $shippingAddress = null; } $this->setRecollect(true); diff --git a/dev/tests/integration/testsuite/Magento/Sales/Model/AdminOrder/CreateTest.php b/dev/tests/integration/testsuite/Magento/Sales/Model/AdminOrder/CreateTest.php index 86e42e228d623..3e6b27a7ca622 100644 --- a/dev/tests/integration/testsuite/Magento/Sales/Model/AdminOrder/CreateTest.php +++ b/dev/tests/integration/testsuite/Magento/Sales/Model/AdminOrder/CreateTest.php @@ -684,7 +684,6 @@ public function testMoveQuoteItemToCart() public function testGetCustomerCartNewCart() { $customerIdFromFixture = 1; - $customerEmailFromFixture = 'customer@example.com'; /** Preconditions */ /** @var SessionQuote $session */