From 63762d61f5ec8be8f64d4f594a35c4aa2f82a0f0 Mon Sep 17 00:00:00 2001 From: Patrick McLain Date: Fri, 7 Jun 2019 22:22:54 -0400 Subject: [PATCH] Respect allow send as guest configuration in resolver Resolver throws `GraphQlAuthorizationException` when sending as guest if allow send as guest is disabled. Fixes #732 --- .../Model/Resolver/SendEmailToFriend.php | 33 ++++- .../GraphQl/SendFriend/SendFriendTest.php | 124 +++++++++++++++--- .../_files/disable_send_friend_guest.php | 21 +++ .../_files/enable_send_friend_guest.php | 21 +++ 4 files changed, 177 insertions(+), 22 deletions(-) create mode 100644 dev/tests/integration/testsuite/Magento/GraphQl/SendFriend/_files/disable_send_friend_guest.php create mode 100644 dev/tests/integration/testsuite/Magento/GraphQl/SendFriend/_files/enable_send_friend_guest.php diff --git a/app/code/Magento/SendFriendGraphQl/Model/Resolver/SendEmailToFriend.php b/app/code/Magento/SendFriendGraphQl/Model/Resolver/SendEmailToFriend.php index c0c01c71df764..1ee4844e5a019 100644 --- a/app/code/Magento/SendFriendGraphQl/Model/Resolver/SendEmailToFriend.php +++ b/app/code/Magento/SendFriendGraphQl/Model/Resolver/SendEmailToFriend.php @@ -7,18 +7,22 @@ namespace Magento\SendFriendGraphQl\Model\Resolver; +use Magento\Authorization\Model\UserContextInterface; use Magento\Catalog\Api\Data\ProductInterface; use Magento\Catalog\Api\ProductRepositoryInterface; +use Magento\Framework\App\ObjectManager; use Magento\Framework\DataObjectFactory; use Magento\Framework\Event\ManagerInterface; use Magento\Framework\Exception\NoSuchEntityException; use Magento\Framework\GraphQl\Config\Element\Field; +use Magento\Framework\GraphQl\Exception\GraphQlAuthorizationException; use Magento\Framework\GraphQl\Exception\GraphQlInputException; use Magento\Framework\GraphQl\Exception\GraphQlNoSuchEntityException; use Magento\Framework\GraphQl\Query\ResolverInterface; use Magento\Framework\GraphQl\Schema\Type\ResolveInfo; use Magento\SendFriend\Model\SendFriend; use Magento\SendFriend\Model\SendFriendFactory; +use Magento\SendFriend\Helper\Data as SendFriendHelper; /** * @inheritdoc @@ -45,22 +49,30 @@ class SendEmailToFriend implements ResolverInterface */ private $eventManager; + /** + * @var SendFriendHelper + */ + private $sendFriendHelper; + /** * @param SendFriendFactory $sendFriendFactory * @param ProductRepositoryInterface $productRepository * @param DataObjectFactory $dataObjectFactory * @param ManagerInterface $eventManager + * @param SendFriendHelper|null $sendFriendHelper */ public function __construct( SendFriendFactory $sendFriendFactory, ProductRepositoryInterface $productRepository, DataObjectFactory $dataObjectFactory, - ManagerInterface $eventManager + ManagerInterface $eventManager, + SendFriendHelper $sendFriendHelper = null ) { $this->sendFriendFactory = $sendFriendFactory; $this->productRepository = $productRepository; $this->dataObjectFactory = $dataObjectFactory; $this->eventManager = $eventManager; + $this->sendFriendHelper = $sendFriendHelper ?? ObjectManager::getInstance()->get(SendFriendHelper::class); } /** @@ -68,6 +80,10 @@ public function __construct( */ public function resolve(Field $field, $context, ResolveInfo $info, array $value = null, array $args = null) { + if (!$this->sendFriendHelper->isAllowForGuest() && $this->isUserGuest($context->getUserId(), $context->getUserType())) { + throw new GraphQlAuthorizationException(__('The current customer isn\'t authorized.')); + } + /** @var SendFriend $sendFriend */ $sendFriend = $this->sendFriendFactory->create(); @@ -195,4 +211,19 @@ private function extractSenderData(array $args): array ], ]; } + + /** + * Checking if current customer is guest + * + * @param int|null $customerId + * @param int|null $customerType + * @return bool + */ + private function isUserGuest(?int $customerId, ?int $customerType): bool + { + if (null === $customerId || null === $customerType) { + return true; + } + return 0 === (int)$customerId || (int)$customerType === UserContextInterface::USER_TYPE_GUEST; + } } diff --git a/dev/tests/api-functional/testsuite/Magento/GraphQl/SendFriend/SendFriendTest.php b/dev/tests/api-functional/testsuite/Magento/GraphQl/SendFriend/SendFriendTest.php index e7401100b7860..e885c2b8fb568 100644 --- a/dev/tests/api-functional/testsuite/Magento/GraphQl/SendFriend/SendFriendTest.php +++ b/dev/tests/api-functional/testsuite/Magento/GraphQl/SendFriend/SendFriendTest.php @@ -8,6 +8,8 @@ namespace Magento\GraphQl\SendFriend; use Magento\Catalog\Api\ProductRepositoryInterface; +use Magento\Framework\Exception\AuthenticationException; +use Magento\Integration\Api\CustomerTokenServiceInterface; use Magento\SendFriend\Model\SendFriend; use Magento\SendFriend\Model\SendFriendFactory; use Magento\TestFramework\Helper\Bootstrap; @@ -23,21 +25,29 @@ class SendFriendTest extends GraphQlAbstract * @var SendFriendFactory */ private $sendFriendFactory; + /** * @var ProductRepositoryInterface */ private $productRepository; + /** + * @var CustomerTokenServiceInterface + */ + private $customerTokenService; + protected function setUp() { $this->sendFriendFactory = Bootstrap::getObjectManager()->get(SendFriendFactory::class); $this->productRepository = Bootstrap::getObjectManager()->get(ProductRepositoryInterface::class); + $this->customerTokenService = Bootstrap::getObjectManager()->get(CustomerTokenServiceInterface::class); } /** * @magentoApiDataFixture Magento/GraphQl/Catalog/_files/simple_product.php + * @magentoApiDataFixture Magento/GraphQl/SendFriend/_files/enable_send_friend_guest.php */ - public function testSendFriend() + public function testSendFriendGuestEnable() { $productId = (int)$this->productRepository->get('simple_product')->getId(); $recipients = '{ @@ -51,15 +61,57 @@ public function testSendFriend() $query = $this->getQuery($productId, $recipients); $response = $this->graphQlMutation($query); - self::assertEquals('Name', $response['sendEmailToFriend']['sender']['name']); - self::assertEquals('e@mail.com', $response['sendEmailToFriend']['sender']['email']); - self::assertEquals('Lorem Ipsum', $response['sendEmailToFriend']['sender']['message']); - self::assertEquals('Recipient Name 1', $response['sendEmailToFriend']['recipients'][0]['name']); - self::assertEquals('recipient1@mail.com', $response['sendEmailToFriend']['recipients'][0]['email']); - self::assertEquals('Recipient Name 2', $response['sendEmailToFriend']['recipients'][1]['name']); - self::assertEquals('recipient2@mail.com', $response['sendEmailToFriend']['recipients'][1]['email']); + $this->assertResponse($response); + } + + /** + * @magentoApiDataFixture Magento/GraphQl/Catalog/_files/simple_product.php + * @magentoApiDataFixture Magento/GraphQl/SendFriend/_files/disable_send_friend_guest.php + * @expectedException \Exception + * @expectedExceptionMessage The current customer isn't authorized. + */ + public function testSendFriendGuestDisableAsGuest() + { + $productId = (int)$this->productRepository->get('simple_product')->getId(); + $recipients = '{ + name: "Recipient Name 1" + email:"recipient1@mail.com" + }, + { + name: "Recipient Name 2" + email:"recipient2@mail.com" + }'; + $query = $this->getQuery($productId, $recipients); + + $response = $this->graphQlMutation($query); + $this->assertResponse($response); + } + + /** + * @magentoApiDataFixture Magento/Customer/_files/customer.php + * @magentoApiDataFixture Magento/GraphQl/Catalog/_files/simple_product.php + * @magentoApiDataFixture Magento/GraphQl/SendFriend/_files/disable_send_friend_guest.php + */ + public function testSendFriendGuestDisableAsCustomer() + { + $productId = (int)$this->productRepository->get('simple_product')->getId(); + $recipients = '{ + name: "Recipient Name 1" + email:"recipient1@mail.com" + }, + { + name: "Recipient Name 2" + email:"recipient2@mail.com" + }'; + $query = $this->getQuery($productId, $recipients); + + $response = $this->graphQlMutation($query, [], '', $this->getHeaderMap()); + $this->assertResponse($response); } + /** + * @magentoApiDataFixture Magento/Customer/_files/customer.php + */ public function testSendWithoutExistProduct() { $productId = 2018; @@ -77,10 +129,11 @@ public function testSendWithoutExistProduct() $this->expectExceptionMessage( 'The product that was requested doesn\'t exist. Verify the product and try again.' ); - $this->graphQlMutation($query); + $this->graphQlMutation($query, [], '', $this->getHeaderMap()); } /** + * @magentoApiDataFixture Magento/Customer/_files/customer.php * @magentoApiDataFixture Magento/GraphQl/Catalog/_files/simple_product.php */ public function testMaxSendEmailToFriend() @@ -118,10 +171,11 @@ public function testMaxSendEmailToFriend() $this->expectException(\Exception::class); $this->expectExceptionMessage("No more than {$sendFriend->getMaxRecipients()} emails can be sent at a time."); - $this->graphQlMutation($query); + $this->graphQlMutation($query, [], '', $this->getHeaderMap()); } /** + * @magentoApiDataFixture Magento/Customer/_files/customer.php * @magentoApiDataFixture Magento/Catalog/_files/product_simple.php * @dataProvider sendFriendsErrorsDataProvider * @param string $input @@ -151,10 +205,11 @@ public function testErrors(string $input, string $errorMessage) QUERY; $this->expectException(\Exception::class); $this->expectExceptionMessage($errorMessage); - $this->graphQlMutation($query); + $this->graphQlMutation($query, [], '', $this->getHeaderMap()); } /** + * @magentoApiDataFixture Magento/Customer/_files/customer.php * @magentoApiDataFixture Magento/GraphQl/Catalog/_files/simple_product.php * TODO: use magentoApiConfigFixture (to be merged https://github.com/magento/graphql-ce/pull/351) * @magentoApiDataFixture Magento/SendFriend/Fixtures/sendfriend_configuration.php @@ -183,11 +238,12 @@ public function testLimitMessagesPerHour() $maxSendToFriends = $sendFriend->getMaxSendsToFriend(); for ($i = 0; $i <= $maxSendToFriends + 1; $i++) { - $this->graphQlMutation($query); + $this->graphQlMutation($query, [], '', $this->getHeaderMap()); } } /** + * @magentoApiDataFixture Magento/Customer/_files/customer.php * @magentoApiDataFixture Magento/GraphQl/Catalog/_files/simple_product.php */ public function testSendProductWithoutSenderEmail() @@ -201,10 +257,11 @@ public function testSendProductWithoutSenderEmail() $this->expectException(\Exception::class); $this->expectExceptionMessage('GraphQL response contains errors: Please provide Email for all of recipients.'); - $this->graphQlMutation($query); + $this->graphQlMutation($query, [], '', $this->getHeaderMap()); } /** + * @magentoApiDataFixture Magento/Customer/_files/customer.php * @magentoApiDataFixture Magento/GraphQl/Catalog/_files/simple_product_without_visibility.php */ public function testSendProductWithoutVisibility() @@ -220,14 +277,8 @@ public function testSendProductWithoutVisibility() }'; $query = $this->getQuery($productId, $recipients); - $response = $this->graphQlMutation($query); - self::assertEquals('Name', $response['sendEmailToFriend']['sender']['name']); - self::assertEquals('e@mail.com', $response['sendEmailToFriend']['sender']['email']); - self::assertEquals('Lorem Ipsum', $response['sendEmailToFriend']['sender']['message']); - self::assertEquals('Recipient Name 1', $response['sendEmailToFriend']['recipients'][0]['name']); - self::assertEquals('recipient1@mail.com', $response['sendEmailToFriend']['recipients'][0]['email']); - self::assertEquals('Recipient Name 2', $response['sendEmailToFriend']['recipients'][1]['name']); - self::assertEquals('recipient2@mail.com', $response['sendEmailToFriend']['recipients'][1]['email']); + $response = $this->graphQlMutation($query, [], '', $this->getHeaderMap()); + $this->assertResponse($response); } /** @@ -311,6 +362,37 @@ public function sendFriendsErrorsDataProvider() ]; } + /** + * Generic assertions for send a friend response + * + * @param array $response + */ + private function assertResponse(array $response): void + { + self::assertEquals('Name', $response['sendEmailToFriend']['sender']['name']); + self::assertEquals('e@mail.com', $response['sendEmailToFriend']['sender']['email']); + self::assertEquals('Lorem Ipsum', $response['sendEmailToFriend']['sender']['message']); + self::assertEquals('Recipient Name 1', $response['sendEmailToFriend']['recipients'][0]['name']); + self::assertEquals('recipient1@mail.com', $response['sendEmailToFriend']['recipients'][0]['email']); + self::assertEquals('Recipient Name 2', $response['sendEmailToFriend']['recipients'][1]['name']); + self::assertEquals('recipient2@mail.com', $response['sendEmailToFriend']['recipients'][1]['email']); + } + + /** + * Retrieve customer authorization headers + * + * @param string $username + * @param string $password + * @return array + * @throws AuthenticationException + */ + private function getHeaderMap(string $username = 'customer@example.com', string $password = 'password'): array + { + $customerToken = $this->customerTokenService->createCustomerAccessToken($username, $password); + $headerMap = ['Authorization' => 'Bearer ' . $customerToken]; + return $headerMap; + } + /** * @param int $productId * @param string $recipients diff --git a/dev/tests/integration/testsuite/Magento/GraphQl/SendFriend/_files/disable_send_friend_guest.php b/dev/tests/integration/testsuite/Magento/GraphQl/SendFriend/_files/disable_send_friend_guest.php new file mode 100644 index 0000000000000..80fcc2079a018 --- /dev/null +++ b/dev/tests/integration/testsuite/Magento/GraphQl/SendFriend/_files/disable_send_friend_guest.php @@ -0,0 +1,21 @@ +get(WriterInterface::class); + +$configWriter->save('sendfriend/email/allow_guest', '0'); + +$scopeConfig = $objectManager->get(ScopeConfigInterface::class); +$scopeConfig->clean(); diff --git a/dev/tests/integration/testsuite/Magento/GraphQl/SendFriend/_files/enable_send_friend_guest.php b/dev/tests/integration/testsuite/Magento/GraphQl/SendFriend/_files/enable_send_friend_guest.php new file mode 100644 index 0000000000000..aaf9a447aeaa0 --- /dev/null +++ b/dev/tests/integration/testsuite/Magento/GraphQl/SendFriend/_files/enable_send_friend_guest.php @@ -0,0 +1,21 @@ +get(WriterInterface::class); + +$configWriter->save('sendfriend/email/allow_guest', '1'); + +$scopeConfig = $objectManager->get(ScopeConfigInterface::class); +$scopeConfig->clean();