ENGCOM-7750: #28481: GraphQl. updateCustomer allows to set any INT value in gender argument #28487

Author: cpartica

app/code/Magento/CustomerGraphQl/Api/ValidateCustomerDataInterface.php

@@ -0,0 +1,24 @@
+<?php
+/**
+ * Copyright © Magento, Inc. All rights reserved.
+ * See COPYING.txt for license details.
+ */
+declare(strict_types=1);
+
+namespace Magento\CustomerGraphQl\Api;
+
+use Magento\Framework\GraphQl\Exception\GraphQlInputException;
+
+/**
+ * Interface for customer data validator
+ */
+interface ValidateCustomerDataInterface
+{
+    /**
+     * Validate customer data
+     *
+     * @param array $customerData
+     * @throws GraphQlInputException
+     */
+    public function execute(array $customerData): void;
+}

app/code/Magento/CustomerGraphQl/Model/Customer/ValidateCustomerData.php

@@ -7,6 +7,9 @@
 
 namespace Magento\CustomerGraphQl\Model\Customer;
 
+use Magento\CustomerGraphQl\Api\ValidateCustomerDataInterface;
+use Magento\Framework\Exception\LocalizedException;
+use Magento\Framework\Exception\NoSuchEntityException;
 use Magento\Framework\GraphQl\Exception\GraphQlInputException;
 use Magento\Framework\Validator\EmailAddress as EmailAddressValidator;
 
@@ -27,53 +30,41 @@ class ValidateCustomerData
      */
     private $emailAddressValidator;
 
+    /**
+     * @var ValidateCustomerDataInterface[]
+     */
+    private $validators = [];
+
     /**
      * ValidateCustomerData constructor.
      *
      * @param GetAllowedCustomerAttributes $getAllowedCustomerAttributes
      * @param EmailAddressValidator $emailAddressValidator
+     * @param array $validators
      */
     public function __construct(
         GetAllowedCustomerAttributes $getAllowedCustomerAttributes,
-        EmailAddressValidator $emailAddressValidator
+        EmailAddressValidator $emailAddressValidator,
+        $validators = []
     ) {
         $this->getAllowedCustomerAttributes = $getAllowedCustomerAttributes;
         $this->emailAddressValidator = $emailAddressValidator;
+        $this->validators = $validators;
     }
 
     /**
      * Validate customer data
      *
      * @param array $customerData
-     *
-     * @return void
-     *
      * @throws GraphQlInputException
+     * @throws LocalizedException
+     * @throws NoSuchEntityException
      */
-    public function execute(array $customerData): void
+    public function execute(array $customerData)
     {
-        $attributes = $this->getAllowedCustomerAttributes->execute(array_keys($customerData));
-        $errorInput = [];
-
-        foreach ($attributes as $attributeInfo) {
-            if ($attributeInfo->getIsRequired()
-                && (!isset($customerData[$attributeInfo->getAttributeCode()])
-                    || $customerData[$attributeInfo->getAttributeCode()] == '')
-            ) {
-                $errorInput[] = $attributeInfo->getDefaultFrontendLabel();
-            }
-        }
-
-        if ($errorInput) {
-            throw new GraphQlInputException(
-                __('Required parameters are missing: %1', [implode(', ', $errorInput)])
-            );
-        }
-
-        if (isset($customerData['email']) && !$this->emailAddressValidator->isValid($customerData['email'])) {
-            throw new GraphQlInputException(
-                __('"%1" is not a valid email address.', $customerData['email'])
-            );
+        /** @var ValidateCustomerDataInterface $validator */
+        foreach ($this->validators as $validator) {
+            $validator->execute($customerData);
         }
     }
 }

app/code/Magento/CustomerGraphQl/Model/Customer/ValidateCustomerData/ValidateEmail.php

@@ -0,0 +1,45 @@
+<?php
+/**
+ * Copyright © Magento, Inc. All rights reserved.
+ * See COPYING.txt for license details.
+ */
+declare(strict_types=1);
+
+namespace Magento\CustomerGraphQl\Model\Customer\ValidateCustomerData;
+
+use Magento\CustomerGraphQl\Api\ValidateCustomerDataInterface;
+use Magento\Framework\GraphQl\Exception\GraphQlInputException;
+use Magento\Framework\Validator\EmailAddress as EmailAddressValidator;
+
+/**
+ * Validates an email
+ */
+class ValidateEmail implements ValidateCustomerDataInterface
+{
+    /**
+     * @var EmailAddressValidator
+     */
+    private $emailAddressValidator;
+
+    /**
+     * ValidateEmail constructor.
+     *
+     * @param EmailAddressValidator $emailAddressValidator
+     */
+    public function __construct(EmailAddressValidator $emailAddressValidator)
+    {
+        $this->emailAddressValidator = $emailAddressValidator;
+    }
+
+    /**
+     * @inheritDoc
+     */
+    public function execute(array $customerData): void
+    {
+        if (isset($customerData['email']) && !$this->emailAddressValidator->isValid($customerData['email'])) {
+            throw new GraphQlInputException(
+                __('"%1" is not a valid email address.', $customerData['email'])
+            );
+        }
+    }
+}

app/code/Magento/CustomerGraphQl/Model/Customer/ValidateCustomerData/ValidateGender.php

@@ -0,0 +1,58 @@
+<?php
+/**
+ * Copyright © Magento, Inc. All rights reserved.
+ * See COPYING.txt for license details.
+ */
+declare(strict_types=1);
+
+namespace Magento\CustomerGraphQl\Model\Customer\ValidateCustomerData;
+
+use Magento\Customer\Api\CustomerMetadataInterface;
+use Magento\Customer\Model\Data\AttributeMetadata;
+use Magento\CustomerGraphQl\Api\ValidateCustomerDataInterface;
+use Magento\Framework\GraphQl\Exception\GraphQlInputException;
+
+/**
+ * Validates gender value
+ */
+class ValidateGender implements ValidateCustomerDataInterface
+{
+    /**
+     * @var CustomerMetadataInterface
+     */
+    private $customerMetadata;
+
+    /**
+     * ValidateGender constructor.
+     *
+     * @param CustomerMetadataInterface $customerMetadata
+     */
+    public function __construct(CustomerMetadataInterface $customerMetadata)
+    {
+        $this->customerMetadata = $customerMetadata;
+    }
+
+    /**
+     * @inheritDoc
+     */
+    public function execute(array $customerData): void
+    {
+        if (isset($customerData['gender']) && $customerData['gender']) {
+            /** @var AttributeMetadata $genderData */
+            $options = $this->customerMetadata->getAttributeMetadata('gender')->getOptions();
+
+            $isValid = false;
+            foreach ($options as $optionData) {
+                if ($optionData->getValue() && $optionData->getValue() == $customerData['gender']) {
+                    $isValid = true;
+                }
+            }
+
+            if (!$isValid) {
+                throw new GraphQlInputException(
+                    __('"%1" is not a valid gender value.', $customerData['gender'])
+                );
+            }
+        }
+    }
+}

app/code/Magento/CustomerGraphQl/Model/Customer/ValidateCustomerData/ValidateRequiredArguments.php

@@ -0,0 +1,59 @@
+<?php
+/**
+ * Copyright © Magento, Inc. All rights reserved.
+ * See COPYING.txt for license details.
+ */
+declare(strict_types=1);
+
+namespace Magento\CustomerGraphQl\Model\Customer\ValidateCustomerData;
+
+use Magento\CustomerGraphQl\Api\ValidateCustomerDataInterface;
+use Magento\CustomerGraphQl\Model\Customer\GetAllowedCustomerAttributes;
+use Magento\Framework\GraphQl\Exception\GraphQlInputException;
+
+/**
+ * Validates required attributes
+ */
+class ValidateRequiredArguments implements ValidateCustomerDataInterface
+{
+    /**
+     * Get allowed/required customer attributes
+     *
+     * @var GetAllowedCustomerAttributes
+     */
+    private $getAllowedCustomerAttributes;
+
+    /**
+     * ValidateRequiredArguments constructor.
+     *
+     * @param GetAllowedCustomerAttributes $getAllowedCustomerAttributes
+     */
+    public function __construct(GetAllowedCustomerAttributes $getAllowedCustomerAttributes)
+    {
+        $this->getAllowedCustomerAttributes = $getAllowedCustomerAttributes;
+    }
+
+    /**
+     * @inheritDoc
+     */
+    public function execute(array $customerData): void
+    {
+        $attributes = $this->getAllowedCustomerAttributes->execute(array_keys($customerData));
+        $errorInput = [];
+
+        foreach ($attributes as $attributeInfo) {
+            if ($attributeInfo->getIsRequired()
+                && (!isset($customerData[$attributeInfo->getAttributeCode()])
+                    || $customerData[$attributeInfo->getAttributeCode()] == '')
+            ) {
+                $errorInput[] = $attributeInfo->getDefaultFrontendLabel();
+            }
+        }
+
+        if ($errorInput) {
+            throw new GraphQlInputException(
+                __('Required parameters are missing: %1', [implode(', ', $errorInput)])
+            );
+        }
+    }
+}

app/code/Magento/CustomerGraphQl/etc/graphql/di.xml

@@ -29,4 +29,14 @@
             </argument>
         </arguments>
     </type>
+    <!-- Validate input customer data -->
+    <type name="Magento\CustomerGraphQl\Model\Customer\ValidateCustomerData">
+        <arguments>
+            <argument name="validators" xsi:type="array">
+                <item name="validateRequiredArguments" xsi:type="object">Magento\CustomerGraphQl\Model\Customer\ValidateCustomerData\ValidateRequiredArguments</item>
+                <item name="validateEmail" xsi:type="object">Magento\CustomerGraphQl\Model\Customer\ValidateCustomerData\ValidateEmail</item>
+                <item name="validateGender" xsi:type="object">Magento\CustomerGraphQl\Model\Customer\ValidateCustomerData\ValidateGender</item>
+            </argument>
+        </arguments>
+    </type>
 </config>

dev/tests/api-functional/testsuite/Magento/GraphQl/Customer/UpdateCustomerTest.php

@@ -368,6 +368,32 @@ public function testEmptyCustomerLastName()
         $this->graphQlMutation($query, [], '', $this->getCustomerAuthHeaders('customer@example.com', 'password'));
     }
 
+    /**
+     * @magentoApiDataFixture Magento/Customer/_files/customer.php
+     */
+    public function testUpdateCustomerWithIncorrectGender()
+    {
+        $gender = 5;
+
+        $this->expectException(Exception::class);
+        $this->expectExceptionMessage('"' . $gender . '" is not a valid gender value.');
+
+        $query = <<<QUERY
+mutation {
+    updateCustomer(
+        input: {
+            gender: {$gender}
+        }
+    ) {
+        customer {
+            gender
+        }
+    }
+}
+QUERY;
+        $this->graphQlMutation($query, [], '', $this->getCustomerAuthHeaders('customer@example.com', 'password'));
+    }
+
     /**
      * @magentoApiDataFixture Magento/Customer/_files/customer.php
      */