magento
diff --git a/‎app/code/Magento/Authorizenet/Controller/Directpost/Payment/Redirect.php
Lines changed: 4 additions & 34 deletions b/‎app/code/Magento/Authorizenet/Controller/Directpost/Payment/Redirect.php
Lines changed: 4 additions & 34 deletions
diff --git a/‎app/code/Magento/Authorizenet/Test/Unit/Controller/Directpost/Payment/RedirectTest.php
Lines changed: 1 addition & 22 deletions b/‎app/code/Magento/Authorizenet/Test/Unit/Controller/Directpost/Payment/RedirectTest.php
Lines changed: 1 addition & 22 deletions
diff --git a/‎app/code/Magento/Backend/App/BackendAppList.php
Lines changed: 1 addition & 0 deletions b/‎app/code/Magento/Backend/App/BackendAppList.php
Lines changed: 1 addition & 0 deletions
diff --git a/‎app/code/Magento/Integration/Model/Oauth/Consumer.php
Lines changed: 24 additions & 1 deletion b/‎app/code/Magento/Integration/Model/Oauth/Consumer.php
Lines changed: 24 additions & 1 deletion
diff --git a/‎app/code/Magento/Integration/Model/OauthService.php
Lines changed: 23 additions & 0 deletions b/‎app/code/Magento/Integration/Model/OauthService.php
Lines changed: 23 additions & 0 deletions
diff --git a/‎app/code/Magento/Integration/Model/ResourceModel/Oauth/Consumer.php
Lines changed: 2 additions & 0 deletions b/‎app/code/Magento/Integration/Model/ResourceModel/Oauth/Consumer.php
Lines changed: 2 additions & 0 deletions
diff --git a/‎app/code/Magento/Integration/Test/Unit/Helper/Oauth/ConsumerTest.php
Lines changed: 15 additions & 0 deletions b/‎app/code/Magento/Integration/Test/Unit/Helper/Oauth/ConsumerTest.php
Lines changed: 15 additions & 0 deletions
diff --git a/‎app/code/Magento/Integration/Test/Unit/Model/Oauth/ConsumerTest.php
Lines changed: 21 additions & 9 deletions b/‎app/code/Magento/Integration/Test/Unit/Model/Oauth/ConsumerTest.php
Lines changed: 21 additions & 9 deletions
diff --git a/‎app/code/Magento/Quote/Model/QuoteManagement.php
Lines changed: 25 additions & 0 deletions b/‎app/code/Magento/Quote/Model/QuoteManagement.php
Lines changed: 25 additions & 0 deletions
@@ -8,18 +8,12 @@
 
 use Magento\Framework\App\ObjectManager;
 use Magento\Payment\Block\Transparent\Iframe;
-use Magento\Framework\Escaper;
 
 /**
  * Class Redirect
  */
 class Redirect extends \Magento\Authorizenet\Controller\Directpost\Payment
 {
-    /**
-     * @var Escaper
-     */
-    private $escaper;
-
     /**
      * Retrieve params and put javascript into iframe
      *
@@ -29,7 +23,7 @@ public function execute()
     {
         $helper = $this->dataFactory->create('frontend');
 
-        $redirectParams = $this->filterData($this->getRequest()->getParams());
+        $redirectParams = $this->getRequest()->getParams();
         $params = [];
         if (!empty($redirectParams['success'])
             && isset($redirectParams['x_invoice_num'])
@@ -38,9 +32,11 @@ public function execute()
             $this->_getDirectPostSession()->unsetData('quote_id');
             $params['redirect_parent'] = $helper->getSuccessOrderUrl([]);
         }
+
         if (!empty($redirectParams['error_msg'])) {
             $cancelOrder = empty($redirectParams['x_invoice_num']);
             $this->_returnCustomerQuote($cancelOrder, $redirectParams['error_msg']);
+            $params['error_msg'] = $redirectParams['error_msg'];
         }
 
         if (isset($redirectParams['controller_action_name'])
@@ -50,34 +46,8 @@ public function execute()
             unset($params['redirect_parent']);
         }
 
-        $this->_coreRegistry->register(Iframe::REGISTRY_KEY, array_merge($params, $redirectParams));
+        $this->_coreRegistry->register(Iframe::REGISTRY_KEY, $params);
         $this->_view->addPageLayoutHandles();
         $this->_view->loadLayout(false)->renderLayout();
     }
-
-    /**
-     * Escape xss in request data
-     * @param array $data
-     * @return array
-     */
-    private function filterData(array $data)
-    {
-        $self = $this;
-        array_walk($data, function (&$item) use ($self) {
-            $item = $self->getEscaper()->escapeXssInUrl($item);
-        });
-        return $data;
-    }
-
-    /**
-     * Get Escaper instance
-     * @return Escaper
-     */
-    private function getEscaper()
-    {
-        if (!$this->escaper) {
-            $this->escaper = ObjectManager::getInstance()->get(Escaper::class);
-        }
-        return $this->escaper;
-    }
 }
@@ -8,7 +8,6 @@
 use Magento\Authorizenet\Controller\Directpost\Payment\Redirect;
 use Magento\Framework\App\RequestInterface;
 use Magento\Framework\App\ViewInterface;
-use Magento\Framework\Escaper;
 use Magento\Framework\Registry;
 use Magento\Framework\TestFramework\Unit\Helper\ObjectManager;
 use Magento\Payment\Block\Transparent\Iframe;
@@ -34,11 +33,6 @@ class RedirectTest extends \PHPUnit_Framework_TestCase
      */
     private $coreRegistry;
 
-    /**
-     * @var Escaper|MockObject
-     */
-    private $escaper;
-
     /**
      * @var Redirect
      */
@@ -57,21 +51,11 @@ protected function setUp()
             ->setMethods(['register'])
             ->getMock();
 
-        $this->escaper = static::getMockBuilder(Escaper::class)
-            ->disableOriginalConstructor()
-            ->setMethods(['escapeXssInUrl'])
-            ->getMock();
-
         $this->controller = $objectManager->getObject(Redirect::class, [
             'request' => $this->request,
             'view' => $this->view,
             'coreRegistry' => $this->coreRegistry
         ]);
-
-        $refClass = new \ReflectionClass(Redirect::class);
-        $refProperty = $refClass->getProperty('escaper');
-        $refProperty->setAccessible(true);
-        $refProperty->setValue($this->controller, $this->escaper);
     }
 
     /**
@@ -87,14 +71,9 @@ public function testExecute()
             ->method('getParams')
             ->willReturn($params);
 
-        $this->escaper->expects(static::once())
-            ->method('escapeXssInUrl')
-            ->with($url)
-            ->willReturn($url);
-
         $this->coreRegistry->expects(static::once())
             ->method('register')
-            ->with(Iframe::REGISTRY_KEY, $params);
+            ->with(Iframe::REGISTRY_KEY, []);
 
         $this->view->expects(static::once())
             ->method('addPageLayoutHandles');
 
@@ -44,6 +44,7 @@ public function getCurrentApp()
         if ($appName && isset($this->backendApps[$appName])) {
             return $this->backendApps[$appName];
         }
+        return null;
     }
 
     /**
 
@@ -43,6 +43,11 @@ class Consumer extends \Magento\Framework\Model\AbstractModel implements Consume
      */
     protected $dataHelper;
 
+    /**
+     * @var \Magento\Framework\Stdlib\DateTime\DateTime
+     */
+    private $_dateHelper;
+
     /**
      * @param \Magento\Framework\Model\Context $context
      * @param \Magento\Framework\Registry $registry
@@ -80,6 +85,22 @@ protected function _construct()
         $this->_init('Magento\Integration\Model\ResourceModel\Oauth\Consumer');
     }
 
+    /**
+     * The getter function to get the new DateTime dependency
+     *
+     * @return \Magento\Framework\Stdlib\DateTime\DateTime
+     *
+     * @deprecated
+     */
+    private function getDateHelper()
+    {
+        if ($this->_dateHelper === null) {
+            $this->_dateHelper = \Magento\Framework\App\ObjectManager::getInstance()
+                ->get(\Magento\Framework\Stdlib\DateTime\DateTime::class);
+        }
+        return $this->_dateHelper;
+    }
+
     /**
      * BeforeSave actions
      *
@@ -176,6 +197,8 @@ public function getCreatedAt()
     public function isValidForTokenExchange()
     {
         $expiry = $this->dataHelper->getConsumerExpirationPeriod();
-        return $expiry > $this->getResource()->getTimeInSecondsSinceCreation($this->getId());
+        $currentTimestamp = $this->getDateHelper()->gmtTimestamp();
+        $updatedTimestamp = $this->getDateHelper()->gmtTimestamp($this->getUpdatedAt());
+        return $expiry > ($currentTimestamp - $updatedTimestamp);
     }
 }
@@ -61,6 +61,11 @@ class OauthService implements \Magento\Integration\Api\OauthServiceInterface
      */
     protected $_tokenProvider;
 
+    /**
+     * @var \Magento\Framework\Stdlib\DateTime\DateTime
+     */
+    private $_dateHelper;
+
     /**
      * Initialize dependencies.
      *
@@ -93,6 +98,22 @@ public function __construct(
         $this->_tokenProvider = $tokenProvider;
     }
 
+    /**
+     * The getter function to get the new DateTime dependency
+     *
+     * @return \Magento\Framework\Stdlib\DateTime\DateTime
+     *
+     * @deprecated
+     */
+    private function getDateHelper()
+    {
+        if ($this->_dateHelper === null) {
+            $this->_dateHelper = \Magento\Framework\App\ObjectManager::getInstance()
+                ->get(\Magento\Framework\Stdlib\DateTime\DateTime::class);
+        }
+        return $this->_dateHelper;
+    }
+
     /**
      * {@inheritdoc}
      */
@@ -193,6 +214,8 @@ public function postToConsumer($consumerId, $endpointUrl)
     {
         try {
             $consumer = $this->_consumerFactory->create()->load($consumerId);
+            $consumer->setUpdatedAt($this->getDateHelper()->gmtDate());
+            $consumer->save();
             if (!$consumer->getId()) {
                 throw new \Magento\Framework\Oauth\Exception(
                     __('A consumer with ID %1 does not exist', $consumerId)
 
@@ -45,6 +45,8 @@ public function _afterDelete(\Magento\Framework\Model\AbstractModel $object)
     /**
      * Compute time in seconds since consumer was created.
      *
+     * @deprecated
+     *
      * @param int $consumerId - The consumer id
      * @return int - time lapsed in seconds
      */
 
@@ -5,6 +5,11 @@
  */
 namespace Magento\Integration\Test\Unit\Helper\Oauth;
 
+/**
+ * Test for \Magento\Integration\Model\Oauth\Consumer
+ *
+ * @SuppressWarnings(PHPMD.CouplingBetweenObjects)
+ */
 class ConsumerTest extends \PHPUnit_Framework_TestCase
 {
     /** @var \Magento\Store\Model\StoreManagerInterface */
@@ -152,6 +157,16 @@ public function testPostToConsumer()
         )->will(
             $this->returnSelf()
         );
+
+        $dateHelperMock = $this->getMockBuilder('Magento\Framework\Stdlib\DateTime\DateTime')
+            ->disableOriginalConstructor()
+            ->getMock();
+        $dateHelperMock->expects($this->any())->method('gmtDate');
+
+        $dateHelper = new \ReflectionProperty('Magento\Integration\Model\OauthService', '_dateHelper');
+        $dateHelper->setAccessible(true);
+        $dateHelper->setValue($this->_oauthService, $dateHelperMock);
+
         $this->_consumerMock->expects($this->once())->method('getId')->will($this->returnValue($consumerId));
         $this->_consumerMock->expects($this->once())->method('getData')->will($this->returnValue($consumerData));
         $this->_httpClientMock->expects(
 
@@ -110,7 +110,7 @@ public function setUp()
 
         $this->resourceMock = $this->getMock(
             'Magento\Integration\Model\ResourceModel\Oauth\Consumer',
-            ['getTimeInSecondsSinceCreation', 'getIdFieldName', 'selectByCompositeKey', 'deleteOldEntries'],
+            ['getIdFieldName', 'selectByCompositeKey', 'deleteOldEntries'],
             [],
             '',
             false,
@@ -215,21 +215,33 @@ public function testValidateInvalidConsumerSecret()
 
     public function testGetConsumerExpirationPeriodValid()
     {
-        $this->resourceMock->expects($this->once())
-            ->method('getTimeInSecondsSinceCreation')
-            ->will($this->returnValue(30));
+        $dateHelperMock = $this->getMockBuilder('Magento\Framework\Stdlib\DateTime\DateTime')
+            ->disableOriginalConstructor()
+            ->getMock();
+        $dateHelperMock->expects($this->at(0))->method('gmtTimestamp')->willReturn(time());
+        $dateHelperMock->expects($this->at(1))->method('gmtTimestamp')->willReturn(time() - 100);
 
-        $this->consumerModel->setCreatedAt(time());
+        $dateHelper = new \ReflectionProperty('Magento\Integration\Model\Oauth\Consumer', '_dateHelper');
+        $dateHelper->setAccessible(true);
+        $dateHelper->setValue($this->consumerModel, $dateHelperMock);
+
+        $this->consumerModel->setUpdatedAt(time());
         $this->assertTrue($this->consumerModel->isValidForTokenExchange());
     }
 
     public function testGetConsumerExpirationPeriodExpired()
     {
-        $this->resourceMock->expects($this->once())
-            ->method('getTimeInSecondsSinceCreation')
-            ->will($this->returnValue(400));
+        $dateHelperMock = $this->getMockBuilder('Magento\Framework\Stdlib\DateTime\DateTime')
+            ->disableOriginalConstructor()
+            ->getMock();
+        $dateHelperMock->expects($this->at(0))->method('gmtTimestamp')->willReturn(time());
+        $dateHelperMock->expects($this->at(1))->method('gmtTimestamp')->willReturn(time() - 1000);
+
+        $dateHelper = new \ReflectionProperty('Magento\Integration\Model\Oauth\Consumer', '_dateHelper');
+        $dateHelper->setAccessible(true);
+        $dateHelper->setValue($this->consumerModel, $dateHelperMock);
 
-        $this->consumerModel->setCreatedAt(time());
+        $this->consumerModel->setUpdatedAt(time());
         $this->assertFalse($this->consumerModel->isValidForTokenExchange());
     }
 }
@@ -21,6 +21,8 @@
 use Magento\Sales\Api\OrderManagementInterface as OrderManagement;
 use Magento\Store\Model\StoreManagerInterface;
 use Magento\Quote\Model\Quote\Address;
+use Magento\Framework\App\ObjectManager;
+use Magento\Quote\Model\QuoteIdMaskFactory;
 
 /**
  * Class QuoteManagement
@@ -130,6 +132,11 @@ class QuoteManagement implements \Magento\Quote\Api\CartManagementInterface
      */
     protected $quoteFactory;
 
+    /**
+     * @var QuoteIdMaskFactory
+     */
+    private $quoteIdMaskFactory;
+
     /**
      * @param EventManager $eventManager
      * @param QuoteValidator $quoteValidator
@@ -262,6 +269,12 @@ public function assignCustomer($cartId, $customerId, $storeId)
 
         $quote->setCustomer($customer);
         $quote->setCustomerIsGuest(0);
+        $quoteIdMaskFactory = $this->getQuoteIdMaskFactory();
+        /** @var  \Magento\Quote\Model\QuoteIdMask $quoteIdMask */
+        $quoteIdMask = $quoteIdMaskFactory->create()->load($cartId, 'quote_id');
+        if ($quoteIdMask->getId()) {
+            $quoteIdMask->delete();
+        }
         $this->quoteRepository->save($quote);
         return true;
 
@@ -547,4 +560,16 @@ protected function _prepareCustomerQuote($quote)
             $shipping->setIsDefaultBilling(true);
         }
     }
+
+    /**
+     * @return QuoteIdMaskFactory
+     * @deprecated
+     */
+    private function getQuoteIdMaskFactory()
+    {
+        if (!$this->quoteIdMaskFactory) {
+            $this->quoteIdMaskFactory = ObjectManager::getInstance()->get(QuoteIdMaskFactory::class);
+        }
+        return $this->quoteIdMaskFactory;
+    }
 }
Original file line number	Diff line number	Diff line change
`@@ -44,6 +44,7 @@ public function getCurrentApp()`
`44`	`44`	`if ($appName && isset($this->backendApps[$appName])) {`
`45`	`45`	`return $this->backendApps[$appName];`
`46`	`46`	`}`
	`47`	`+ return null;`
`47`	`48`	`}`
`48`	`49`
`49`	`50`	`/**`
Original file line number	Diff line number	Diff line change
`@@ -45,6 +45,8 @@ public function _afterDelete(\Magento\Framework\Model\AbstractModel $object)`
`45`	`45`	`/**`
`46`	`46`	`* Compute time in seconds since consumer was created.`
`47`	`47`	`*`
	`48`	`+ * @deprecated`
	`49`	`+ *`
`48`	`50`	`* @param int $consumerId - The consumer id`
`49`	`51`	`* @return int - time lapsed in seconds`
`50`	`52`	`*/`