Merge branch 'ACP2E-2969' of https://github.com/adobe-commerce-tier-4/magento2ce into ACP2E-2969

Author: aplapana

app/code/Magento/Integration/Test/Unit/Oauth/OauthTest.php

@@ -55,7 +55,7 @@ class OauthTest extends TestCase
     /** @var \Magento\Framework\Oauth\Oauth */
     private $_oauth;
 
-    /** @var  \Zend_Oauth_Http_Utility */
+    /** @var  Utility */
     private $utility;
 
     /** @var DateTime */
@@ -160,9 +160,7 @@ protected function setUp(): void
         $this->_oauthHelperMock = $this->getMockBuilder(Oauth::class)
             ->setConstructorArgs([new Random()])
             ->getMock();
-        $this->utility = $this->getMockBuilder(Utility::class)
-            ->onlyMethods(['sign'])
-            ->getMock();
+        $this->utility = $this->createMock(Utility::class);
         $this->_dateMock = $this->getMockBuilder(DateTime::class)
             ->disableOriginalConstructor()
             ->getMock();
@@ -791,7 +789,13 @@ public function testValidateAccessToken()
     public function testBuildAuthorizationHeader()
     {
         $signature = 'valid_signature';
-        $this->utility->expects($this->any())->method('sign')->willReturn($signature);
+        $this->utility->expects($this->once())->method('sign')->willReturn($signature);
+        $this->utility->expects($this->once())
+            ->method('toAuthorizationHeader')
+            ->willReturn('OAuth oauth_nonce="tyukmnjhgfdcvxstyuioplkmnhtfvert",oauth_timestamp="1657789046",' .
+            'oauth_version="1.0",oauth_consumer_key="edf957ef88492f0a32eb7e1731e85da2",' .
+            'oauth_consumer_secret="asdawwewefrtyh2f0a32eb7e1731e85d",oauth_token="7c0709f789e1f38a17aa4b9a28e1b06c",' .
+            'oauth_token_secret="a6agsfrsfgsrjjjjyy487939244ssggg",oauth_signature="valid_signature"');
 
         $this->_setupConsumer(false);
         $this->_oauthHelperMock->expects(

dev/tests/api-functional/framework/Magento/TestFramework/Authentication/Rest/OauthClient.php

@@ -18,6 +18,8 @@
 use OAuth\OAuth1\Signature\SignatureInterface;
 use OAuth\OAuth1\Token\StdOAuth1Token;
 use OAuth\OAuth1\Token\TokenInterface;
+use Laminas\OAuth\Http\Utility as HTTPUtility;
+use Magento\Framework\Oauth\Helper\Signature\Hmac256;
 
 /**
  * @SuppressWarnings(PHPMD.CouplingBetweenObjects)
@@ -56,7 +58,7 @@ public function __construct(
             $storage = new \OAuth\Common\Storage\Memory();
         }
         if (!isset($helper)) {
-            $helper = new Utility();
+            $helper = new Utility(new HTTPUtility(), new Hmac256());
         }
         if (!isset($signature)) {
             $signature = new \Magento\TestFramework\Authentication\Rest\OauthClient\Signature($helper, $credentials);

dev/tests/api-functional/framework/Magento/TestFramework/Authentication/Rest/OauthClient/Signature.php

@@ -49,7 +49,7 @@ function ($carry, $item) {
 
         return $this->helper->sign(
             $signatureData,
-            'SHA256',
+            $this->algorithm,
             $this->credentials->getConsumerSecret(),
             $this->tokenSecret,
             $method,

lib/internal/Magento/Framework/Oauth/Helper/Signature/Hmac256.php

@@ -0,0 +1,131 @@
+<?php
+/**
+ * Copyright 2024 Adobe
+ * All Rights Reserved.
+ */
+declare(strict_types=1);
+
+namespace Magento\Framework\Oauth\Helper\Signature;
+
+use Laminas\Crypt\Hmac as HMACEncryption;
+
+class Hmac256
+{
+    /**
+     * Sign a request
+     *
+     * @param array $params
+     * @param string $algo
+     * @param string $consumerSecret
+     * @param string|null $tokenSecret
+     * @param mixed $method
+     * @param mixed $url
+     * @return string
+     */
+    public function sign(
+        array   $params,
+        string  $algo,
+        string  $consumerSecret,
+        ?string $tokenSecret = null,
+        ?string $method = null,
+        ?string $url = null
+    ): string {
+        unset($params['oauth_signature']);
+
+        $binaryHash = HMACEncryption::compute(
+            $this->assembleKey($consumerSecret, $tokenSecret),
+            $algo,
+            $this->getBaseSignatureString($params, $method, $url),
+            HMACEncryption::OUTPUT_BINARY
+        );
+
+        return base64_encode($binaryHash);
+    }
+
+    /**
+     * Assemble key from consumer and token secrets
+     *
+     * @param string $consumerSecret
+     * @param string|null $tokenSecret
+     * @return string
+     */
+    private function assembleKey(string $consumerSecret, ?string $tokenSecret): string
+    {
+        $parts = [$consumerSecret];
+        if ($tokenSecret !== null) {
+            $parts[] = $tokenSecret;
+        }
+        foreach ($parts as $key => $secret) {
+            $parts[$key] = $this->urlEncode($secret);
+        }
+
+        return implode('&', $parts);
+    }
+
+    /**
+     * Get base signature string
+     *
+     * @param array $params
+     * @param null|string $method
+     * @param null|string $url
+     * @return string
+     */
+    private function getBaseSignatureString(array $params, $method = null, $url = null): string
+    {
+        $encodedParams = [];
+        foreach ($params as $key => $value) {
+            $encodedParams[$this->urlEncode($key)] =
+                $this->urlEncode($value);
+        }
+        $baseStrings = [];
+        if (isset($method)) {
+            $baseStrings[] = strtoupper($method);
+        }
+        if (isset($url)) {
+            $baseStrings[] = $this->urlEncode($url);
+        }
+        if (isset($encodedParams['oauth_signature'])) {
+            unset($encodedParams['oauth_signature']);
+        }
+        $baseStrings[] = $this->urlEncode(
+            $this->toByteValueOrderedQueryString($encodedParams)
+        );
+
+        return implode('&', $baseStrings);
+    }
+
+    /**
+     * Transform an array to a byte value ordered query string
+     *
+     * @param array $params
+     * @return string
+     */
+    private function toByteValueOrderedQueryString(array $params): string
+    {
+        $return = [];
+        uksort($params, 'strnatcmp');
+        foreach ($params as $key => $value) {
+            if (is_array($value)) {
+                natsort($value);
+                foreach ($value as $keyduplicate) {
+                    $return[] = $key . '=' . $keyduplicate;
+                }
+            } else {
+                $return[] = $key . '=' . $value;
+            }
+        }
+        return implode('&', $return);
+    }
+
+    /**
+     * URL encode a value
+     *
+     * @param string $value
+     * @return string
+     */
+    private function urlEncode(string $value): string
+    {
+        $encoded = rawurlencode($value);
+        return str_replace('%7E', '~', $encoded);
+    }
+}

lib/internal/Magento/Framework/Oauth/Helper/Utility.php

@@ -1,28 +1,25 @@
 <?php
-/************************************************************************
- *
+/**
  * Copyright 2024 Adobe
  * All Rights Reserved.
- *
- * NOTICE: All information contained herein is, and remains
- * the property of Adobe and its suppliers, if any. The intellectual
- * and technical concepts contained herein are proprietary to Adobe
- * and its suppliers and are protected by all applicable intellectual
- * property laws, including trade secret and copyright laws.
- * Dissemination of this information or reproduction of this material
- * is strictly forbidden unless prior written permission is obtained
- * from Adobe.
- * ************************************************************************
  */
 declare(strict_types=1);
 
 namespace Magento\Framework\Oauth\Helper;
 
-use Laminas\Crypt\Hmac as HMACEncryption;
-use Laminas\OAuth\Http\Utility as HTTPUtility;
+use Laminas\OAuth\Http\Utility as LaminasUtility;
+use Magento\Framework\Oauth\Helper\Signature\Hmac256;
 
-class Utility extends HTTPUtility
+class Utility
 {
+    /**
+     * @param LaminasUtility $httpUtility
+     * @param Hmac256 $hmac256
+     */
+    public function __construct(private readonly LaminasUtility $httpUtility, private readonly Hmac256 $hmac256)
+    {
+    }
+
     /**
      * Generate signature string
      *
@@ -35,97 +32,55 @@ class Utility extends HTTPUtility
      * @return string
      */
     public function sign(
-        array $params,
-        $signatureMethod,
-        $consumerSecret,
-        $tokenSecret = null,
-        $method = null,
-        $url = null
+        array  $params,
+        string $signatureMethod,
+        string $consumerSecret,
+        ?string $tokenSecret = null,
+        ?string $method = null,
+        ?string $url = null
     ): string {
-        unset($params['oauth_signature']);
-
-        $binaryHash = HMACEncryption::compute(
-            $this->assembleKey($consumerSecret, $tokenSecret),
-            $signatureMethod,
-            $this->getBaseSignatureString($params, $method, $url),
-            HMACEncryption::OUTPUT_BINARY
-        );
-
-        return base64_encode($binaryHash);
-    }
-
-    /**
-     * Assemble key from consumer and token secrets
-     *
-     * @param string $consumerSecret
-     * @param string|null $tokenSecret
-     * @return string
-     */
-    private function assembleKey(string $consumerSecret, ?string $tokenSecret): string
-    {
-        $parts = [$consumerSecret];
-        if ($tokenSecret !== null) {
-            $parts[] = $tokenSecret;
+        if ($this->isHmac256($signatureMethod)) {
+            return $this->hmac256->sign($params, 'sha256', $consumerSecret, $tokenSecret, $method, $url);
+        } else {
+            return $this->httpUtility->sign($params, $signatureMethod, $consumerSecret, $tokenSecret, $method, $url);
         }
-        foreach ($parts as $key => $secret) {
-            $parts[$key] = self::urlEncode($secret);
-        }
-
-        return implode('&', $parts);
     }
 
     /**
-     * Get base signature string
+     * Check if signature method is HMAC-SHA256
      *
-     * @param  array $params
-     * @param  null|string $method
-     * @param  null|string $url
-     * @return string
+     * @param string $signatureMethod
+     * @return bool
      */
-    private function getBaseSignatureString(array $params, $method = null, $url = null): string
+    private function isHmac256(string $signatureMethod): bool
     {
-        $encodedParams = [];
-        foreach ($params as $key => $value) {
-            $encodedParams[self::urlEncode($key)] =
-                self::urlEncode($value);
-        }
-        $baseStrings = [];
-        if (isset($method)) {
-            $baseStrings[] = strtoupper($method);
+        if (strtoupper(preg_replace('/[\W]/', '', $signatureMethod)) === 'HMACSHA256') {
+            return true;
         }
-        if (isset($url)) {
-            $baseStrings[] = self::urlEncode($url);
-        }
-        if (isset($encodedParams['oauth_signature'])) {
-            unset($encodedParams['oauth_signature']);
-        }
-        $baseStrings[] = self::urlEncode(
-            $this->toByteValueOrderedQueryString($encodedParams)
-        );
 
-        return implode('&', $baseStrings);
+        return false;
     }
 
     /**
-     * Transform an array to a byte value ordered query string
+     * Cast to authorization header
      *
-     * @param  array $params
+     * @param array $params
+     * @param bool $excludeCustomParams
      * @return string
      */
-    private function toByteValueOrderedQueryString(array $params): string
+    public function toAuthorizationHeader(array $params, bool $excludeCustomParams = true): string
     {
-        $return = [];
-        uksort($params, 'strnatcmp');
+        $headerValue = [];
         foreach ($params as $key => $value) {
-            if (is_array($value)) {
-                natsort($value);
-                foreach ($value as $keyduplicate) {
-                    $return[] = $key . '=' . $keyduplicate;
+            if ($excludeCustomParams) {
+                if (! preg_match("/^oauth_/", $key)) {
+                    continue;
                 }
-            } else {
-                $return[] = $key . '=' . $value;
             }
+            $headerValue[] = $this->httpUtility::urlEncode((string)$key)
+                . '="'
+                . $this->httpUtility::urlEncode((string)$value) . '"';
         }
-        return implode('&', $return);
+        return 'OAuth ' . implode(",", $headerValue);
     }
 }

lib/internal/Magento/Framework/Oauth/Oauth.php

@@ -156,16 +156,14 @@ public function buildAuthorizationHeader(
         $headerParameters = array_merge($headerParameters, $params);
         $headerParameters['oauth_signature'] = $this->hmacSignatureHelper->sign(
             $params,
-            'SHA256',
+            $signatureMethod,
             $headerParameters['oauth_consumer_secret'],
             $headerParameters['oauth_token_secret'],
             $httpMethod,
             $requestUrl
         );
-        $authorizationHeader = $this->hmacSignatureHelper->toAuthorizationHeader($headerParameters);
-        // toAuthorizationHeader adds an optional realm="" which is not required for now.
-        // http://tools.ietf.org/html/rfc2617#section-1.2
-        return str_replace('realm="",', '', $authorizationHeader);
+
+        return $this->hmacSignatureHelper->toAuthorizationHeader($headerParameters);
     }
 
     /**
@@ -192,7 +190,7 @@ protected function _validateSignature($params, $consumerSecret, $httpMethod, $re
 
         $calculatedSign = $this->hmacSignatureHelper->sign(
             $params,
-            'SHA256',
+            $params['oauth_signature_method'],
             $consumerSecret,
             $tokenSecret,
             $httpMethod,