ACP2E-2969: REST API unable to make requests with slash (/) in SKU when using Oauth1

Author: aplapana

app/code/Magento/Integration/Test/Unit/Oauth/OauthTest.php

@@ -7,7 +7,7 @@
 
 namespace Magento\Integration\Test\Unit\Oauth;
 
-use Laminas\OAuth\Http\Utility;
+use Magento\Framework\Oauth\Helper\Utility;
 use Magento\Framework\DataObject;
 use Magento\Framework\Math\Random;
 use Magento\Framework\Oauth\Helper\Oauth;
@@ -56,7 +56,7 @@ class OauthTest extends TestCase
     private $_oauth;
 
     /** @var  \Zend_Oauth_Http_Utility */
-    private $_httpUtilityMock;
+    private $utility;
 
     /** @var DateTime */
     private $_dateMock;
@@ -160,7 +160,7 @@ protected function setUp(): void
         $this->_oauthHelperMock = $this->getMockBuilder(Oauth::class)
             ->setConstructorArgs([new Random()])
             ->getMock();
-        $this->_httpUtilityMock = $this->getMockBuilder(Utility::class)
+        $this->utility = $this->getMockBuilder(Utility::class)
             ->onlyMethods(['sign'])
             ->getMock();
         $this->_dateMock = $this->getMockBuilder(DateTime::class)
@@ -190,7 +190,7 @@ protected function setUp(): void
             $this->_oauthHelperMock,
             $nonceGenerator,
             $tokenProvider,
-            $this->_httpUtilityMock
+            $this->utility
         );
         $this->_oauthToken = $this->_generateRandomString(Oauth::LENGTH_TOKEN);
         $this->_oauthSecret = $this->_generateRandomString(Oauth::LENGTH_TOKEN_SECRET);
@@ -199,17 +199,6 @@ protected function setUp(): void
         );
     }
 
-    protected function tearDown(): void
-    {
-        unset($this->_consumerFactory);
-        unset($this->_nonceFactory);
-        unset($this->_tokenFactory);
-        unset($this->_oauthHelperMock);
-        unset($this->_httpUtilityMock);
-        unset($this->_dateMock);
-        unset($this->_oauth);
-    }
-
     /**
      * @param array $amendments
      * @return array
@@ -477,7 +466,7 @@ public function testGetRequestTokenTokenRejected()
         $this->_setupToken(false);
 
         $signature = 'valid_signature';
-        $this->_httpUtilityMock->expects($this->any())->method('sign')->willReturn($signature);
+        $this->utility->expects($this->any())->method('sign')->willReturn($signature);
 
         $this->_oauth->getRequestToken(
             $this->_getRequestTokenParams(['oauth_signature' => $signature]),
@@ -498,7 +487,7 @@ public function testGetRequestTokenTokenRejectedByType()
         // wrong type
 
         $signature = 'valid_signature';
-        $this->_httpUtilityMock->expects($this->any())->method('sign')->willReturn($signature);
+        $this->utility->expects($this->any())->method('sign')->willReturn($signature);
 
         $this->_oauth->getRequestToken(
             $this->_getRequestTokenParams(['oauth_signature' => $signature]),
@@ -548,7 +537,7 @@ public function testGetRequestToken()
         $this->_setupToken();
 
         $signature = 'valid_signature';
-        $this->_httpUtilityMock->expects($this->any())->method('sign')->willReturn($signature);
+        $this->utility->expects($this->any())->method('sign')->willReturn($signature);
 
         $requestToken = $this->_oauth->getRequestToken(
             $this->_getRequestTokenParams(['oauth_signature' => $signature]),
@@ -802,7 +791,7 @@ public function testValidateAccessToken()
     public function testBuildAuthorizationHeader()
     {
         $signature = 'valid_signature';
-        $this->_httpUtilityMock->expects($this->any())->method('sign')->willReturn($signature);
+        $this->utility->expects($this->any())->method('sign')->willReturn($signature);
 
         $this->_setupConsumer(false);
         $this->_oauthHelperMock->expects(

lib/internal/Magento/Framework/Oauth/Helper/Utility.php

@@ -24,12 +24,14 @@
 class Utility extends HTTPUtility
 {
     /**
+     * Generate signature string
+     *
      * @param array $params
-     * @param $signatureMethod
+     * @param string $signatureMethod
      * @param string $consumerSecret
-     * @param null $tokenSecret
-     * @param null $method
-     * @param null $url
+     * @param string|null $tokenSecret
+     * @param string|null $method
+     * @param string|null $url
      * @return string
      */
     public function sign(
@@ -52,31 +54,6 @@ public function sign(
         return base64_encode($binaryHash);
     }
 
-    /**
-     * Cast to authorization header
-     *
-     * @param array $params
-     * @param null $realm
-     * @param bool $excludeCustomParams
-     * @return string
-     */
-    public function toAuthorizationHeader(array $params, $realm = null, $excludeCustomParams = true)
-    {
-        $headerValue = [];
-        foreach ($params as $key => $value) {
-            if ($excludeCustomParams) {
-                if (! preg_match("/^oauth_/", $key)) {
-                    continue;
-                }
-            }
-            $headerValue[] = $this->urlEncode($key)
-                . '="'
-                . $this->urlEncode($value) . '"';
-        }
-
-        return implode(",", $headerValue);
-    }
-
     /**
      * Assemble key from consumer and token secrets
      *

lib/internal/Magento/Framework/Oauth/Oauth.php

@@ -162,8 +162,10 @@ public function buildAuthorizationHeader(
             $httpMethod,
             $requestUrl
         );
-
-        return $this->hmacSignatureHelper->toAuthorizationHeader($headerParameters);
+        $authorizationHeader = $this->hmacSignatureHelper->toAuthorizationHeader($headerParameters);
+        // toAuthorizationHeader adds an optional realm="" which is not required for now.
+        // http://tools.ietf.org/html/rfc2617#section-1.2
+        return str_replace('realm="",', '', $authorizationHeader);
     }
 
     /**