Merge remote-tracking branch 'origin/MC-39885' into 2.4.3-develop-pr129

magento · Mar 2, 2021 · c6b6c10 · c6b6c10
2 parents 9648b09 + f77a37a
commit c6b6c10
Show file tree

Hide file tree

Showing 5 changed files with 270 additions and 2 deletions.
diff --git a/app/code/Magento/Customer/Model/Validator/Name.php b/app/code/Magento/Customer/Model/Validator/Name.php
@@ -0,0 +1,59 @@
+<?php
+/**
+ * Copyright © Magento, Inc. All rights reserved.
+ * See COPYING.txt for license details.
+ */
+declare(strict_types=1);
+
+namespace Magento\Customer\Model\Validator;
+
+use Magento\Customer\Model\Customer;
+use Magento\Framework\Validator\AbstractValidator;
+
+/**
+ * Customer name fields validator.
+ */
+class Name extends AbstractValidator
+{
+    private const PATTERN_NAME = '/(?:[\p{L}\p{M}\,\-\_\.\'\s\d]){1,255}+/u';
+
+    /**
+     * Validate name fields.
+     *
+     * @param Customer $customer
+     * @return bool
+     */
+    public function isValid($customer)
+    {
+        if (!$this->isValidName($customer->getFirstname())) {
+            parent::_addMessages([['firstname' => 'First Name is not valid!']]);
+        }
+
+        if (!$this->isValidName($customer->getLastname())) {
+            parent::_addMessages([['lastname' => 'Last Name is not valid!']]);
+        }
+
+        if (!$this->isValidName($customer->getMiddlename())) {
+            parent::_addMessages([['middlename' => 'Middle Name is not valid!']]);
+        }
+
+        return count($this->_messages) == 0;
+    }
+
+    /**
+     * Check if name field is valid.
+     *
+     * @param string|null $nameValue
+     * @return bool
+     */
+    private function isValidName($nameValue)
+    {
+        if ($nameValue != null) {
+            if (preg_match(self::PATTERN_NAME, $nameValue, $matches)) {
+                return $matches[0] == $nameValue;
+            }
+        }
+
+        return true;
+    }
+}
diff --git a/app/code/Magento/Customer/Test/Mftf/Test/AdminExactMatchSearchInCustomerGridTest.xml b/app/code/Magento/Customer/Test/Mftf/Test/AdminExactMatchSearchInCustomerGridTest.xml
@@ -21,7 +21,7 @@
         <before>
             <createData entity="Simple_US_Customer" stepKey="createFirstCustomer"/>
             <createData entity="Simple_US_Customer" stepKey="createSecondCustomer">
-                <field key="firstname">&quot;Jane Doe&quot;</field>
+                <field key="firstname">Jane Doe</field>
             </createData>
             <actionGroup ref="AdminLoginActionGroup" stepKey="login"/>
         </before>

diff --git a/...est/Mftf/Test/StorefrontVerifyNoXssInjectionOnUpdateCustomerInformationAddAddressTest.xml b/...est/Mftf/Test/StorefrontVerifyNoXssInjectionOnUpdateCustomerInformationAddAddressTest.xml
@@ -11,12 +11,15 @@
     <test name="StorefrontVerifyNoXssInjectionOnUpdateCustomerInformationAddAddressTest">
         <annotations>
             <stories value="Update Customer Address"/>
-            <title value="[Security] Verify No XSS Injection on Update Customer Information Add Address"/>
+            <title value="DEPRECATED [Security] Verify No XSS Injection on Update Customer Information Add Address"/>
             <description value="Test log in to Storefront and Verify No XSS Injection on Update Customer Information Add Address"/>
             <testCaseId value="MC-10910"/>
             <severity value="CRITICAL"/>
             <group value="customer"/>
             <group value="mtf_migrated"/>
+            <skip>
+                <issueId value="DEPRECATED">Test outdated</issueId>
+            </skip>
         </annotations>
 
         <before>

diff --git a/app/code/Magento/Customer/etc/validation.xml b/app/code/Magento/Customer/etc/validation.xml
@@ -18,11 +18,17 @@
                     <constraint alias="metadata_data_validator" class="Magento\Customer\Model\Metadata\Validator" />
                 </entity_constraints>
             </rule>
+            <rule name="check_name">
+                <entity_constraints>
+                    <constraint alias="name_validator" class="Magento\Customer\Model\Validator\Name" />
+                </entity_constraints>
+            </rule>
         </rules>
         <groups>
             <group name="save">
                 <uses>
                     <use rule="check_eav"/>
+                    <use rule="check_name"/>
                 </uses>
             </group>
             <group name="form">

diff --git a/dev/tests/api-functional/testsuite/Magento/Customer/Api/CustomerRepositoryTest.php b/dev/tests/api-functional/testsuite/Magento/Customer/Api/CustomerRepositoryTest.php
@@ -1058,4 +1058,204 @@ protected function _createCustomer(?array $additionalData = [])
         $this->currentCustomerId[] = $customerData['id'];
         return $customerData;
     }
+
+    /**
+     * Test customer create with invalid name's.
+     *
+     * @param string $fieldName
+     * @param string $fieldValue
+     * @param string $expectedMessage
+     * @return void
+     *
+     * @dataProvider customerDataProvider
+     */
+    public function testCreateCustomerWithInvalidCustomerFirstName(string $fieldName, string $fieldValue, string $expectedMessage): void
+    {
+        $customerData = $this->dataObjectProcessor->buildOutputDataArray(
+            $this->customerHelper->createSampleCustomerDataObject(),
+            Customer::class
+        );
+        $customerData[$fieldName] = $fieldValue;
+
+        $serviceInfo = [
+            'rest' => [
+                'resourcePath' => self::RESOURCE_PATH,
+                'httpMethod' => Request::HTTP_METHOD_POST,
+            ],
+            'soap' => [
+                'service' => self::SERVICE_NAME,
+                'serviceVersion' => self::SERVICE_VERSION,
+                'operation' => self::SERVICE_NAME . 'Save',
+            ],
+        ];
+
+        $requestData = ['customer' => $customerData];
+
+        try {
+            $this->_webApiCall($serviceInfo, $requestData);
+            $this->fail('Expected exception was not raised');
+        } catch (\SoapFault $e) {
+            $this->assertStringContainsString($expectedMessage, $e->getMessage());
+        } catch (\Exception $e) {
+            $errorObj = $this->processRestExceptionResult($e);
+            $this->assertEquals(HTTPExceptionCodes::HTTP_BAD_REQUEST, $e->getCode());
+            $this->assertEquals($expectedMessage, $errorObj['message']);
+        }
+    }
+
+    /**
+     * Invalid customer data provider
+     *
+     * @return array
+     */
+    public function customerDataProvider(): array
+    {
+        return [
+            ['firstname', 'Jane ☺ ', 'First Name is not valid!'],
+            ['lastname', '☏ - Doe', 'Last Name is not valid!'],
+            ['middlename', '⚐ $(date)', 'Middle Name is not valid!'],
+            [
+                'firstname',
+                str_repeat('खाना अच्छा है', 20),
+                'First Name is not valid!',
+            ],
+            [
+                'lastname',
+                str_repeat('المغلوطة حول استنكار  النشوة وتمجيد الألمالمغلوطة حول', 5),
+                'Last Name is not valid!',
+            ],
+        ];
+    }
+
+    /**
+     * Test customer create with ultibyte chanracters in name's.
+     *
+     * @param string $fieldName
+     * @param string $fieldValue
+     * @return void
+     *
+     * @dataProvider customerWithMultiByteDataProvider
+     */
+    public function testCreateCustomerWithMultibyteCharacters(string $fieldName, string $fieldValue): void
+    {
+        $customerData = $this->dataObjectProcessor->buildOutputDataArray(
+            $this->customerHelper->createSampleCustomerDataObject(),
+            Customer::class
+        );
+        $customerData[$fieldName] = $fieldValue;
+
+        $serviceInfo = [
+            'rest' => [
+                'resourcePath' => self::RESOURCE_PATH,
+                'httpMethod' => Request::HTTP_METHOD_POST,
+            ],
+            'soap' => [
+                'service' => self::SERVICE_NAME,
+                'serviceVersion' => self::SERVICE_VERSION,
+                'operation' => self::SERVICE_NAME . 'Save',
+            ],
+        ];
+
+        $requestData = ['customer' => $customerData];
+
+        $response = $this->_webApiCall($serviceInfo, $requestData);
+
+        $this->assertNotNull($response);
+        $this->assertEquals($fieldValue, $response[$fieldName]);
+    }
+
+    /**
+     * Customer with multibyte characters data provider.
+     *
+     * @return array
+     */
+    public function customerWithMultiByteDataProvider(): array
+    {
+        return [
+            [
+                'firstname',
+                str_repeat('हैखान', 51),
+            ],
+            [
+                'lastname',
+                str_repeat('مغلوطة حول استنكار  النشوة وتمجيد الألمالمغلوطة حول', 5),
+            ],
+        ];
+    }
+
+    /**
+     * Test customer create with valid name's.
+     *
+     * @param string $fieldName
+     * @param string $fieldValue
+     * @return void
+     *
+     * @dataProvider customerValidNameDataProvider
+     */
+    public function testCreateCustomerWithValidName(string $fieldName, string $fieldValue): void
+    {
+        $customerData = $this->dataObjectProcessor->buildOutputDataArray(
+            $this->customerHelper->createSampleCustomerDataObject(),
+            Customer::class
+        );
+        $customerData[$fieldName] = $fieldValue;
+
+        $serviceInfo = [
+            'rest' => [
+                'resourcePath' => self::RESOURCE_PATH,
+                'httpMethod' => Request::HTTP_METHOD_POST,
+            ],
+            'soap' => [
+                'service' => self::SERVICE_NAME,
+                'serviceVersion' => self::SERVICE_VERSION,
+                'operation' => self::SERVICE_NAME . 'Save',
+            ],
+        ];
+
+        $requestData = ['customer' => $customerData];
+
+        $response = $this->_webApiCall($serviceInfo, $requestData);
+
+        $this->assertNotNull($response);
+        $this->assertEquals($fieldValue, $response[$fieldName]);
+    }
+
+    /**
+     * Customer valid name data provider.
+     *
+     * @return array
+     */
+    public function customerValidNameDataProvider(): array
+    {
+        return [
+            [
+                'firstname',
+                'Anne-Marie',
+            ],
+            [
+                'lastname',
+                'D\'Artagnan',
+            ],
+            [
+                'lastname',
+                'Guðmundsdóttir',
+            ],
+            [
+                'lastname',
+                'María José Carreño Quiñones',
+            ],
+            [
+                'lastname',
+                'Q. Public',
+            ],
+            [
+                'firstname',
+                'Elizabeth II',
+            ],
+            [
+                'firstname',
+                'X Æ A-12 Musk',
+            ],
+        ];
+    }
 }