Merge remote-tracking branch 'performance/CABPI-425' into CABPI-398

Author: andimov

.github/ISSUE_TEMPLATE/bug_report.md

@@ -0,0 +1,72 @@
+name: Bug report
+description: Technical issue with the Magento 2 core components
+body:
+  - type: markdown
+    attributes:
+      value: |
+        Please read [our guidelines](https://developer.adobe.com/commerce/contributor/guides/code-contributions/#report-an-issue) before submitting the issue.
+  - type: textarea
+    attributes:
+      label: Preconditions and environment
+      description: |
+        Describe your environment.
+        Provide all the details that will help us to reproduce the bug.
+      value: |
+        - Magento version
+        - Anything else that would help a developer reproduce the bug
+  - type: textarea
+    attributes:
+      label: Steps to reproduce
+      description: |
+        Provide a set of clear steps to reproduce this bug.
+      placeholder: |
+        Example:
+          1. Navigate to storefront as a guest.
+          2. Open Test Category.
+          3. Click “Add to Cart” on the Virtual Product.
+          4. Open mini shopping cart and click “Proceed to Checkout”.
+    validations:
+      required: true
+  - type: textarea
+    attributes:
+      label: Expected result
+      description: |
+        Tell us what you expected to happen.
+      placeholder: |
+        Example:
+          Order is placed successfully, customer is redirected to the success page.
+    validations:
+      required: true
+  - type: textarea
+    attributes:
+      label: Actual result
+      description: |
+        Tell us what happened. Include error messages and issues.
+      placeholder: |
+        Example:
+          “Place order” button is not visible, order cannot be placed.
+    validations:
+      required: true
+  - type: textarea
+    attributes:
+      label: Additional information
+      description: |
+        Additional information is often requested when the bug report is processed. You can save time by providing both Magento and browser logs, screenshots, repository branch and HEAD commit you checked out to install Magento and any other artifacts related to the issue.
+        Also, links to the comments with important information, Root Cause analysis, additional video recordings; and anything else that is important for the issue and at some reason cannot be added to other sections.
+  - type: textarea
+    attributes:
+      label: Release note
+      description: |
+        Help us to provide meaningful release notes to the community.
+  - type: checkboxes
+    attributes:
+      label: Triage and priority
+      description: |
+        Provide [Severity](https://developer.adobe.com/commerce/contributor/guides/code-contributions/#community-backlog-priority) assessment for the Issue as a Reporter.
+        This information helps us during the Confirmation and Issue triage processes.
+      options:
+        - label: 'Severity: **S0** _- Affects critical data or functionality and leaves users without workaround._'
+        - label: 'Severity: **S1** _- Affects critical data or functionality and forces users to employ a workaround._'
+        - label: 'Severity: **S2** _- Affects non-critical data or functionality and forces users to employ a workaround._'
+        - label: 'Severity: **S3** _- Affects non-critical data or functionality and does not force users to employ a workaround._'
+        - label: 'Severity: **S4** _- Affects aesthetics, professional look and feel, “quality” or “usability”._'

.github/ISSUE_TEMPLATE/bug_report.yaml

@@ -4,7 +4,7 @@ Magento values the contributions of the security research community, and we look
 
 ## Where should I report security issues?
 
-We strongly encourage you to report all security issues privately via our [bug bounty program](https://hackerone.com/magento).  Please provide us with relevant technical details and repro steps to expedite our investigation.  If you prefer not to use HackerOne, email us directly at `psirt@adobe.com` with details and repro steps.  
+We strongly encourage you to report all security issues privately via our [bug bounty program](https://hackerone.com/adobe).  Please provide us with relevant technical details and repro steps to expedite our investigation.  If you prefer not to use HackerOne, email us directly at `psirt@adobe.com` with details and repro steps.  
 
 ## Learning More About Security
 To learn more about securing a Magento store, please visit the [Security Center](https://magento.com/security).

SECURITY.md

@@ -131,7 +131,7 @@ public function setAccessTokenExpiresAt(string $value): ImsWebapiInterface;
     /**
      * Retrieve existing extension attributes object or create a new one.
      *
-     * @return \Magento\AdminAdobeIms\Api\Data\ImsWebapiExtensionInterface
+     * @return \Magento\AdminAdobeIms\Api\Data\ImsWebapiExtensionInterface|null
      */
     public function getExtensionAttributes(): ImsWebapiExtensionInterface;
 
@@ -141,7 +141,5 @@ public function getExtensionAttributes(): ImsWebapiExtensionInterface;
      * @param \Magento\AdminAdobeIms\Api\Data\ImsWebapiExtensionInterface $extensionAttributes
      * @return $this
      */
-    public function setExtensionAttributes(
-        ImsWebapiExtensionInterface $extensionAttributes
-    ): ImsWebapiInterface;
+    public function setExtensionAttributes(ImsWebapiExtensionInterface $extensionAttributes): ImsWebapiInterface;
 }

app/code/Magento/AdminAdobeIms/Api/Data/ImsWebapiInterface.php

@@ -102,14 +102,15 @@ public function execute(): Redirect
             $tokenResponse = $this->adminImsConnection->getTokenResponse($code);
             $accessToken = $tokenResponse->getAccessToken();
 
-            //check organization assignment
-            $this->adminOrganizationService->checkOrganizationAllocation($accessToken);
-
             //get profile info to check email
             $profile = $this->adminImsConnection->getProfile($accessToken);
             if (empty($profile['email'])) {
                 throw new AuthenticationException(__('An authentication error occurred. Verify and try again.'));
             }
+
+            //check membership in organization
+            $this->adminOrganizationService->checkOrganizationMembership($accessToken);
+
             $this->adminLoginProcessService->execute($tokenResponse, $profile);
         } catch (AdobeImsAuthorizationException $e) {
             $this->logger->error($e->getMessage());

app/code/Magento/AdminAdobeIms/Controller/Adminhtml/OAuth/ImsCallback.php

@@ -118,14 +118,16 @@ public function execute(): ResultInterface
             }
 
             $tokenResponse = $this->adminImsConnection->getTokenResponse($code);
+            $accessToken = $tokenResponse->getAccessToken();
 
-            $profile = $this->adminImsConnection->getProfile($tokenResponse->getAccessToken());
+            $profile = $this->adminImsConnection->getProfile($accessToken);
             if (empty($profile['email'])) {
                 throw new AuthenticationException(__('An authentication error occurred. Verify and try again.'));
             }
 
-            $accessToken = $tokenResponse->getAccessToken();
-            $this->adminOrganizationService->checkOrganizationAllocation($accessToken);
+            //check membership in organization
+            $this->adminOrganizationService->checkOrganizationMembership($accessToken);
+
             $this->adminReauthProcessService->execute($tokenResponse);
 
             $response = sprintf(

app/code/Magento/AdminAdobeIms/Controller/Adminhtml/OAuth/ImsReauthCallback.php

@@ -0,0 +1,58 @@
+<?php
+/**
+ * Copyright © Magento, Inc. All rights reserved.
+ * See COPYING.txt for license details.
+ */
+
+declare(strict_types=1);
+
+namespace Magento\AdminAdobeIms\Plugin\Block\Adminhtml\Integration\Edit\Tab;
+
+use Magento\AdminAdobeIms\Plugin\AdobeImsReauth\AddAdobeImsReAuthButton;
+use Magento\AdminAdobeIms\Service\ImsConfig;
+use Magento\Integration\Block\Adminhtml\Integration\Edit\Tab\Info;
+
+class AddReAuthVerification
+{
+    /**
+     * @var AddAdobeImsReAuthButton
+     */
+    private AddAdobeImsReAuthButton $adobeImsReAuthButton;
+
+    /**
+     * @var ImsConfig
+     */
+    private ImsConfig $adminAdobeImsConfig;
+
+    /**
+     * @param AddAdobeImsReAuthButton $adobeImsReAuthButton
+     * @param ImsConfig $adminAdobeImsConfig
+     */
+    public function __construct(
+        AddAdobeImsReAuthButton $adobeImsReAuthButton,
+        ImsConfig $adminAdobeImsConfig
+    ) {
+        $this->adobeImsReAuthButton = $adobeImsReAuthButton;
+        $this->adminAdobeImsConfig = $adminAdobeImsConfig;
+    }
+
+    /**
+     * Add adobeIms reAuth button to integration new/edit form
+     *
+     * @param Info $subject
+     * @return void
+     */
+    public function beforeGetFormHtml(Info $subject): void
+    {
+        if ($this->adminAdobeImsConfig->enabled()) {
+            $form = $subject->getForm();
+            if (is_object($form)) {
+                $verificationFieldset = $form->getElement('current_user_verification_fieldset');
+                if ($verificationFieldset !== null) {
+                    $this->adobeImsReAuthButton->addAdobeImsReAuthButton($verificationFieldset);
+                    $subject->setForm($form);
+                }
+            }
+        }
+    }
+}

app/code/Magento/AdminAdobeIms/Plugin/Block/Adminhtml/Integration/Edit/Tab/AddReAuthVerification.php

@@ -33,12 +33,13 @@ public function __construct(ImsConfig $adminImsConfig)
      * @param ResetAttemptForBackendObserver $subject
      * @param callable $proceed
      * @param Observer $observer
+     * @return void
      * @SuppressWarnings(PHPMD.UnusedFormalParameter)
      */
-    public function aroundExecute(ResetAttemptForBackendObserver $subject, callable $proceed, Observer $observer)
+    public function aroundExecute(ResetAttemptForBackendObserver $subject, callable $proceed, Observer $observer): void
     {
         if (!$this->adminImsConfig->enabled()) {
-            return $proceed($observer);
+            $proceed($observer);
         }
     }
 }

app/code/Magento/AdminAdobeIms/Plugin/ResetAttemptForBackendObserverPlugin.php

@@ -30,14 +30,14 @@ abstract class AbstractAdminBaseProcessService
     protected Auth $auth;
 
     /**
-     * @var LogOut
+     * @var DateTime
      */
-    protected LogOut $logOut;
+    protected DateTime $dateTime;
 
     /**
-     * @var DateTime
+     * @var LogOut
      */
-    protected DateTime $dateTime;
+    private LogOut $logOut;
 
     /**
      * @param User $adminUser

app/code/Magento/AdminAdobeIms/Service/AbstractAdminBaseProcessService.php

@@ -34,6 +34,7 @@ class ImsConfig extends Config
     public const XML_PATH_ADMIN_AUTH_URL_PATTERN = 'adobe_ims/integration/admin/auth_url_pattern';
     public const XML_PATH_ADMIN_REAUTH_URL_PATTERN = 'adobe_ims/integration/admin/reauth_url_pattern';
     public const XML_PATH_ADMIN_ADOBE_IMS_SCOPES = 'adobe_ims/integration/admin/scopes';
+    public const XML_PATH_ORGANIZATION_MEMBERSHIP_URL = 'adobe_ims/integration/organization_membership_url';
 
     private const OAUTH_CALLBACK_URL = 'adobe_ims_auth/oauth/';
 
@@ -376,4 +377,19 @@ public function getCertificateUrl(string $fileName): string
     {
         return $this->scopeConfig->getValue(self::XML_PATH_CERTIFICATE_PATH) . $fileName;
     }
+
+    /**
+     * Get url to check organization membership
+     *
+     * @param string $orgId
+     * @return string
+     */
+    public function getOrganizationMembershipUrl(string $orgId): string
+    {
+        return str_replace(
+            ['#{org_id}'],
+            [$orgId],
+            $this->scopeConfig->getValue(self::XML_PATH_ORGANIZATION_MEMBERSHIP_URL)
+        );
+    }
 }