ENGCOM-7611: #7213 prevent pointless session start in webapi scope #26032

slavvka · web-flow · commit 06f406e3e42d · 2020-07-30T10:56:52.000-05:00
diff --git a/app/code/Magento/Customer/etc/webapi_rest/di.xml b/app/code/Magento/Customer/etc/webapi_rest/di.xml
@@ -13,7 +13,7 @@
         <arguments>
             <argument name="userContexts" xsi:type="array">
                 <item name="customerSessionUserContext" xsi:type="array">
-                    <item name="type" xsi:type="object">Magento\Customer\Model\Authorization\CustomerSessionUserContext</item>
+                    <item name="type" xsi:type="object">Magento\Customer\Model\Authorization\CustomerSessionUserContext\Proxy</item>
                     <item name="sortOrder" xsi:type="string">20</item>
                 </item>
             </argument>
diff --git a/app/code/Magento/PageCache/etc/di.xml b/app/code/Magento/PageCache/etc/di.xml
@@ -37,9 +37,6 @@
             <argument name="layoutCacheKey" xsi:type="object">Magento\Framework\View\Layout\LayoutCacheKeyInterface</argument>
         </arguments>
     </type>
-    <type name="Magento\Framework\App\FrontControllerInterface">
-        <plugin name="page_cache_from_key_from_cookie" type="Magento\PageCache\Plugin\RegisterFormKeyFromCookie" />
-    </type>
     <type name="Magento\Framework\App\Cache\RuntimeStaleCacheStateModifier">
         <arguments>
             <argument name="cacheTypes" xsi:type="array">
diff --git a/app/code/Magento/PageCache/etc/frontend/di.xml b/app/code/Magento/PageCache/etc/frontend/di.xml
@@ -9,6 +9,7 @@
     <type name="Magento\Framework\App\FrontControllerInterface">
         <plugin name="front-controller-builtin-cache" type="Magento\PageCache\Model\App\FrontController\BuiltinPlugin"/>
         <plugin name="front-controller-varnish-cache" type="Magento\PageCache\Model\App\FrontController\VarnishPlugin"/>
+        <plugin name="page_cache_form_key_from_cookie" type="Magento\PageCache\Plugin\RegisterFormKeyFromCookie" />
     </type>
     <type name="Magento\Framework\Controller\ResultInterface">
         <plugin name="result-builtin-cache" type="Magento\PageCache\Model\Controller\Result\BuiltinPlugin"/>
diff --git a/app/code/Magento/PageCache/etc/graphql/di.xml b/app/code/Magento/PageCache/etc/graphql/di.xml
@@ -0,0 +1,12 @@
+<?xml version="1.0"?>
+<!--
+/**
+ * Copyright © Magento, Inc. All rights reserved.
+ * See COPYING.txt for license details.
+ */
+-->
+<config xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="urn:magento:framework:ObjectManager/etc/config.xsd">
+    <type name="Magento\Framework\App\FrontControllerInterface">
+        <plugin name="page_cache_form_key_from_cookie" type="Magento\PageCache\Plugin\RegisterFormKeyFromCookie" />
+    </type>
+</config>
diff --git a/app/code/Magento/User/etc/webapi_rest/di.xml b/app/code/Magento/User/etc/webapi_rest/di.xml
@@ -10,7 +10,7 @@
         <arguments>
             <argument name="userContexts" xsi:type="array">
                 <item name="adminSessionUserContext" xsi:type="array">
-                    <item name="type" xsi:type="object">Magento\User\Model\Authorization\AdminSessionUserContext</item>
+                    <item name="type" xsi:type="object">Magento\User\Model\Authorization\AdminSessionUserContext\Proxy</item>
                     <item name="sortOrder" xsi:type="string">30</item>
                 </item>
             </argument>
diff --git a/dev/tests/api-functional/testsuite/Magento/Webapi/RestSessionCookieTest.php b/dev/tests/api-functional/testsuite/Magento/Webapi/RestSessionCookieTest.php
@@ -0,0 +1,71 @@
+<?php
+/**
+ * Copyright © Magento, Inc. All rights reserved.
+ * See COPYING.txt for license details.
+ */
+
+namespace Magento\Webapi;
+
+use Magento\Framework\Module\Manager;
+use Magento\TestFramework\Helper\Bootstrap;
+
+/**
+ * Class for RestSessionCookieTest
+ */
+class RestSessionCookieTest extends \Magento\TestFramework\TestCase\WebapiAbstract
+{
+
+    private $moduleManager;
+    private $objectManager;
+
+    /**
+     * @inheritdoc
+     */
+    protected function setUp(): void
+    {
+        $this->objectManager = Bootstrap::getObjectManager();
+        $this->moduleManager = $this->objectManager->get(Manager::class);
+        if ($this->moduleManager->isEnabled('Magento_B2b')) {
+            $this->markTestSkipped('Skipped, because this logic is rewritten on B2B.');
+        }
+    }
+
+    /**
+     * Check for non exist cookie PHPSESSID
+     */
+    public function testRestSessionNoCookie()
+    {
+        $this->_markTestAsRestOnly();
+        /** @var $curlClient CurlClientWithCookies */
+
+        $curlClient = $this->objectManager
+            ->get(\Magento\TestFramework\TestCase\HttpClient\CurlClientWithCookies::class);
+        $phpSessionCookieName =
+            [
+                'cookie_name' => 'PHPSESSID',
+            ];
+
+        $response = $curlClient->get('/rest/V1/directory/countries', []);
+
+        $cookie = $this->findCookie($phpSessionCookieName['cookie_name'], $response['cookies']);
+        $this->assertNull($cookie);
+    }
+
+    /**
+     * Find cookie with given name in the list of cookies
+     *
+     * @param string $cookieName
+     * @param array $cookies
+     * @return $cookie|null
+     * @SuppressWarnings(PHPMD.UnusedLocalVariable)
+     */
+    private function findCookie($cookieName, $cookies)
+    {
+        foreach ($cookies as $cookieIndex => $cookie) {
+            if ($cookie['name'] === $cookieName) {
+                return $cookie;
+            }
+        }
+        return null;
+    }
+}
