MC-32830: Do not store admin and customer tokens in DB

Author: ogorkun

app/code/Magento/AsynchronousOperations/Model/AccessValidator.php

@@ -55,6 +55,6 @@ public function isAllowed($bulkUuid)
             $this->bulkSummaryFactory->create(),
             $bulkUuid
         );
-        return $bulkSummary->getUserId() === $this->userContext->getUserId();
+        return ((int) $bulkSummary->getUserId()) === ((int) $this->userContext->getUserId());
     }
 }

dev/tests/integration/testsuite/Magento/Customer/_files/customer_no_password.php

@@ -31,3 +31,13 @@
 $customer->isObjectNew(true);
 $customer->save();
 $customerRegistry->remove($customer->getId());
+/** @var \Magento\JwtUserToken\Api\RevokedRepositoryInterface $revokedRepo */
+$revokedRepo = \Magento\TestFramework\Helper\Bootstrap::getObjectManager()
+    ->get(\Magento\JwtUserToken\Api\RevokedRepositoryInterface::class);
+$revokedRepo->saveRevoked(
+    new \Magento\JwtUserToken\Api\Data\Revoked(
+        \Magento\Authorization\Model\UserContextInterface::USER_TYPE_CUSTOMER,
+        (int) $customer->getId(),
+        time() - 3600 * 24
+    )
+);

dev/tests/integration/testsuite/Magento/Customer/_files/customer_one_address.php

@@ -76,3 +76,13 @@
 /** @var AddressRegistry $addressRegistry */
 $addressRegistry = $objectManager->get(AddressRegistry::class);
 $addressRegistry->remove($customerAddress->getId());
+/** @var \Magento\JwtUserToken\Api\RevokedRepositoryInterface $revokedRepo */
+$revokedRepo = \Magento\TestFramework\Helper\Bootstrap::getObjectManager()
+    ->get(\Magento\JwtUserToken\Api\RevokedRepositoryInterface::class);
+$revokedRepo->saveRevoked(
+    new \Magento\JwtUserToken\Api\Data\Revoked(
+        \Magento\Authorization\Model\UserContextInterface::USER_TYPE_CUSTOMER,
+        (int) $customer->getId(),
+        time() - 3600 * 24
+    )
+);

dev/tests/integration/testsuite/Magento/Customer/_files/customer_sample.php

@@ -82,3 +82,13 @@
 
 $customer->save();
 $customerRegistry->remove($customer->getId());
+/** @var \Magento\JwtUserToken\Api\RevokedRepositoryInterface $revokedRepo */
+$revokedRepo = \Magento\TestFramework\Helper\Bootstrap::getObjectManager()
+    ->get(\Magento\JwtUserToken\Api\RevokedRepositoryInterface::class);
+$revokedRepo->saveRevoked(
+    new \Magento\JwtUserToken\Api\Data\Revoked(
+        \Magento\Authorization\Model\UserContextInterface::USER_TYPE_CUSTOMER,
+        (int) $customer->getId(),
+        time() - 3600 * 24
+    )
+);

dev/tests/integration/testsuite/Magento/Customer/_files/customer_without_addresses.php

@@ -29,3 +29,12 @@
     ->setGender(0)
     ->save();
 $customerRegistry->remove($customer->getId());
+/** @var \Magento\JwtUserToken\Api\RevokedRepositoryInterface $revokedRepo */
+$revokedRepo = Bootstrap::getObjectManager()->get(\Magento\JwtUserToken\Api\RevokedRepositoryInterface::class);
+$revokedRepo->saveRevoked(
+    new \Magento\JwtUserToken\Api\Data\Revoked(
+        \Magento\Authorization\Model\UserContextInterface::USER_TYPE_CUSTOMER,
+        (int) $customer->getId(),
+        time() - 3600 * 24
+    )
+);

dev/tests/integration/testsuite/Magento/Customer/_files/three_customers.php

@@ -24,6 +24,16 @@
 $customer->isObjectNew(true);
 
 $customer->save();
+/** @var \Magento\JwtUserToken\Api\RevokedRepositoryInterface $revokedRepo */
+$revokedRepo = \Magento\TestFramework\Helper\Bootstrap::getObjectManager()
+    ->get(\Magento\JwtUserToken\Api\RevokedRepositoryInterface::class);
+$revokedRepo->saveRevoked(
+    new \Magento\JwtUserToken\Api\Data\Revoked(
+        \Magento\Authorization\Model\UserContextInterface::USER_TYPE_CUSTOMER,
+        (int) $customer->getId(),
+        time() - 3600 * 24
+    )
+);
 $customer = \Magento\TestFramework\Helper\Bootstrap::getObjectManager()->create(
     \Magento\Customer\Model\Customer::class
 );

dev/tests/integration/testsuite/Magento/Customer/_files/twenty_one_customers.php

@@ -24,6 +24,16 @@
 $customer->isObjectNew(true);
 
 $customer->save();
+/** @var \Magento\JwtUserToken\Api\RevokedRepositoryInterface $revokedRepo */
+$revokedRepo = \Magento\TestFramework\Helper\Bootstrap::getObjectManager()
+    ->get(\Magento\JwtUserToken\Api\RevokedRepositoryInterface::class);
+$revokedRepo->saveRevoked(
+    new \Magento\JwtUserToken\Api\Data\Revoked(
+        \Magento\Authorization\Model\UserContextInterface::USER_TYPE_CUSTOMER,
+        (int) $customer->getId(),
+        time() - 3600 * 24
+    )
+);
 $customer = \Magento\TestFramework\Helper\Bootstrap::getObjectManager()->create(
     \Magento\Customer\Model\Customer::class
 );

dev/tests/integration/testsuite/Magento/CustomerImportExport/_files/two_addresses.php

@@ -38,6 +38,16 @@
 
 $customer->isObjectNew(true);
 $customer->save();
+/** @var \Magento\JwtUserToken\Api\RevokedRepositoryInterface $revokedRepo */
+$revokedRepo = \Magento\TestFramework\Helper\Bootstrap::getObjectManager()
+    ->get(\Magento\JwtUserToken\Api\RevokedRepositoryInterface::class);
+$revokedRepo->saveRevoked(
+    new \Magento\JwtUserToken\Api\Data\Revoked(
+        \Magento\Authorization\Model\UserContextInterface::USER_TYPE_CUSTOMER,
+        (int) $customer->getId(),
+        time() - 3600 * 24
+    )
+);
 //Second for second website
 /** @var Website $secondWebsite */
 $secondWebsite = $objectManager->create(Website::class);

dev/tests/integration/testsuite/Magento/LoginAsCustomer/_files/customer.php

@@ -46,3 +46,13 @@
 $customer->save();
 
 $customerRegistry->remove($customer->getId());
+/** @var \Magento\JwtUserToken\Api\RevokedRepositoryInterface $revokedRepo */
+$revokedRepo = \Magento\TestFramework\Helper\Bootstrap::getObjectManager()
+    ->get(\Magento\JwtUserToken\Api\RevokedRepositoryInterface::class);
+$revokedRepo->saveRevoked(
+    new \Magento\JwtUserToken\Api\Data\Revoked(
+        \Magento\Authorization\Model\UserContextInterface::USER_TYPE_CUSTOMER,
+        (int) $customer->getId(),
+        time() - 3600 * 24
+    )
+);