MC-30171: Add to Cart Form wrong Form Key in FPC

Author: Viktor Kopin

app/code/Magento/Catalog/Test/Mftf/Section/StorefrontProductActionSection.xml

@@ -14,5 +14,6 @@
         <element name="addToCartButtonTitleIsAdding" type="text" selector="//button/span[text()='Adding...']"/>
         <element name="addToCartButtonTitleIsAdded" type="text" selector="//button/span[text()='Added']"/>
         <element name="addToCartButtonTitleIsAddToCart" type="text" selector="//button/span[text()='Add to Cart']"/>
+        <element name="inputFormKey" type="text" selector="input[name='form_key']"/>
     </section>
 </sections>

app/code/Magento/Checkout/Test/Mftf/Test/StoreFrontFreeShippingRecalculationAfterCouponCodeAddedTest.xml

@@ -88,7 +88,7 @@
         <see userInput="Your coupon was successfully applied." stepKey="seeSuccessMessage"/>
         <click selector="{{CheckoutPaymentSection.placeOrder}}" stepKey="clickPlaceOrder1"/>
         <waitForPageLoad stepKey="waitForError"/>
-        <see stepKey="seeShippingMethodError" userInput="The shipping method is missing. Select the shipping method and try again."/>
+        <seeElementInDOM selector="{{CheckoutHeaderSection.errorMessageContainsText('The shipping method is missing. Select the shipping method and try again.')}}" stepKey="seeShippingMethodError"/>
         <amOnPage stepKey="navigateToShippingPage" url="{{CheckoutShippingPage.url}}"/>
         <waitForPageLoad stepKey="waitForShippingPageLoad"/>
         <click stepKey="chooseFlatRateShipping" selector="{{CheckoutShippingMethodsSection.shippingMethodRowByName('Flat Rate')}}"/>

app/code/Magento/PageCache/Test/Mftf/ActionGroup/AssertStorefrontAddToCartFormKeyValueIsNotCachedActionGroup.xml

@@ -0,0 +1,32 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ /**
+  * Copyright © Magento, Inc. All rights reserved.
+  * See COPYING.txt for license details.
+  */
+-->
+<actionGroups xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+              xsi:noNamespaceSchemaLocation="urn:magento:mftf:Test/etc/actionGroupSchema.xsd">
+    <actionGroup name="AssertStorefrontAddToCartFormKeyValueIsNotCachedActionGroup">
+        <annotations>
+            <description>Assert that product page add to cart form key is different from cached value.</description>
+        </annotations>
+        <arguments>
+            <argument name="cachedValue" type="string"/>
+        </arguments>
+
+        <grabValueFrom selector="{{StorefrontProductActionSection.inputFormKey}}" stepKey="grabUpdatedValue"/>
+        <assertRegExp stepKey="validateCachedFormKey">
+            <expectedResult type="string">/\w{16}/</expectedResult>
+            <actualResult type="string">{{cachedValue}}</actualResult>
+        </assertRegExp>
+        <assertRegExp stepKey="validateUpdatedFormKey">
+            <expectedResult type="string">/\w{16}/</expectedResult>
+            <actualResult type="variable">grabUpdatedValue</actualResult>
+        </assertRegExp>
+        <assertNotEquals stepKey="assertFormKeyUpdated">
+            <expectedResult type="string">{{cachedValue}}</expectedResult>
+            <actualResult type="variable">grabUpdatedValue</actualResult>
+        </assertNotEquals>
+    </actionGroup>
+</actionGroups>

app/code/Magento/PageCache/Test/Mftf/Test/StorefrontCachedInputFormKeyValueUpdatedTest.xml

@@ -0,0 +1,46 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ /**
+  * Copyright © Magento, Inc. All rights reserved.
+  * See COPYING.txt for license details.
+  */
+-->
+
+<tests xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+       xsi:noNamespaceSchemaLocation="urn:magento:mftf:Test/etc/testSchema.xsd">
+    <test name="StorefrontCachedInputFormKeyValueUpdatedTest">
+        <annotations>
+            <features value="PageCache"/>
+            <stories value="FormKey"/>
+            <title value="Form Key value should be updated by js script"/>
+            <description value="Form Key value should be updated by js script"/>
+            <testCaseId value="MC-39300"/>
+            <useCaseId value="MC-30171"/>
+            <severity value="AVERAGE"/>
+            <group value="pageCache"/>
+        </annotations>
+        <before>
+            <!-- Create Data -->
+            <createData entity="SimpleProduct2" stepKey="createProduct"/>
+            <actionGroup ref="CliCacheCleanActionGroup" stepKey="cleanCache">
+                <argument name="tags" value="full_page"/>
+            </actionGroup>
+        </before>
+        <after>
+            <!-- Delete data -->
+            <deleteData createDataKey="createProduct" stepKey="deleteProduct"/>
+        </after>
+        <actionGroup ref="StorefrontOpenProductPageActionGroup" stepKey="openProductPage">
+            <argument name="productUrl" value="$createProduct.custom_attributes[url_key]$"/>
+        </actionGroup>
+        <grabValueFrom selector="{{StorefrontProductActionSection.inputFormKey}}" stepKey="grabCachedValue"/>
+        <resetCookie userInput="PHPSESSID" stepKey="resetSessionCookie"/>
+        <resetCookie userInput="form_key" stepKey="resetFormKeyCookie"/>
+        <actionGroup ref="StorefrontOpenProductPageActionGroup" stepKey="reopenProductPage">
+            <argument name="productUrl" value="$createProduct.custom_attributes[url_key]$"/>
+        </actionGroup>
+        <actionGroup ref="AssertStorefrontAddToCartFormKeyValueIsNotCachedActionGroup" stepKey="assertValueIsUpdatedByScript">
+            <argument name="cachedValue" value="{$grabCachedValue}"/>
+        </actionGroup>
+    </test>
+</tests>

app/code/Magento/PageCache/ViewModel/FormKeyProvider.php

@@ -0,0 +1,41 @@
+<?php
+/**
+ * Copyright © Magento, Inc. All rights reserved.
+ * See COPYING.txt for license details.
+ */
+declare(strict_types=1);
+
+namespace Magento\PageCache\ViewModel;
+
+use Magento\Framework\View\Element\Block\ArgumentInterface;
+use Magento\PageCache\Model\Config;
+
+/**
+ * Adds script to update form key from cookie after script rendering
+ */
+class FormKeyProvider implements ArgumentInterface
+{
+    /**
+     * @var Config
+     */
+    private $config;
+
+    /**
+     * @param Config $config
+     */
+    public function __construct(
+        Config $config
+    ) {
+        $this->config = $config;
+    }
+
+    /**
+     * Is full page cache enabled
+     *
+     * @return bool
+     */
+    public function isFullPageCacheEnabled(): bool
+    {
+        return $this->config->isEnabled();
+    }
+}

app/code/Magento/PageCache/view/frontend/layout/default.xml

@@ -10,6 +10,13 @@
         <referenceBlock name="head.components">
             <block class="Magento\Framework\View\Element\Js\Components" name="pagecache_page_head_components" template="Magento_PageCache::js/components.phtml"/>
         </referenceBlock>
+        <referenceBlock name="head.additional">
+            <block name="form_key_provider" template="Magento_PageCache::form_key_provider.phtml">
+                <arguments>
+                    <argument name="form_key_provider" xsi:type="object">Magento\PageCache\ViewModel\FormKeyProvider</argument>
+                </arguments>
+            </block>
+        </referenceBlock>
         <referenceContainer name="content">
             <block class="Magento\PageCache\Block\Javascript" template="Magento_PageCache::javascript.phtml" name="pageCache" as="pageCache"/>
         </referenceContainer>

app/code/Magento/PageCache/view/frontend/requirejs-config.js

@@ -8,5 +8,6 @@ var config = {
         '*': {
             pageCache:  'Magento_PageCache/js/page-cache'
         }
-    }
+    },
+    deps: ['Magento_PageCache/js/form-key-provider']
 };

app/code/Magento/PageCache/view/frontend/templates/form_key_provider.phtml

@@ -0,0 +1,14 @@
+<?php
+/**
+ * Copyright © Magento, Inc. All rights reserved.
+ * See COPYING.txt for license details.
+ */
+if ($block->getFormKeyProvider()->isFullPageCacheEnabled()): ?>
+    <script type="text/x-magento-init">
+        {
+            "*": {
+                "Magento_PageCache/js/form-key-provider": {}
+            }
+        }
+    </script>
+<?php endif; ?>

app/code/Magento/PageCache/view/frontend/web/js/form-key-provider.js

@@ -0,0 +1,93 @@
+/**
+ * Copyright © Magento, Inc. All rights reserved.
+ * See COPYING.txt for license details.
+ */
+define(function () {
+    'use strict';
+
+    return function () {
+        var formKey,
+            inputElements,
+            inputSelector = 'input[name="form_key"]';
+
+        /**
+         * Set form_key cookie
+         * @private
+         */
+        function setFormKeyCookie(value) {
+            var expires,
+                secure,
+                date = new Date(),
+                isSecure = !!window.cookiesConfig && window.cookiesConfig.secure;
+
+            date.setTime(date.getTime() + 86400000);
+            expires = '; expires=' + date.toUTCString();
+            secure = isSecure ? '; secure' : '';
+
+            document.cookie = 'form_key=' + (value || '') + expires + secure + '; path=/';
+        }
+
+        /**
+         * Retrieves form key from cookie
+         * @private
+         */
+        function getFormKeyCookie() {
+            var cookie,
+                i,
+                nameEQ = 'form_key=',
+                cookieArr = document.cookie.split(';');
+
+            for (i = 0; i < cookieArr.length; i++) {
+                cookie = cookieArr[i];
+
+                while (cookie.charAt(0) === ' ') {
+                    cookie = cookie.substring(1, cookie.length);
+                }
+
+                if (cookie.indexOf(nameEQ) === 0) {
+                    return cookie.substring(nameEQ.length, cookie.length);
+                }
+            }
+
+            return null;
+        }
+
+        /**
+         * Generate form key string
+         * @private
+         */
+        function generateFormKeyString() {
+            var result = '',
+                length = 16,
+                chars = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';
+
+            while (length--) {
+                result += chars[Math.round(Math.random() * (chars.length - 1))];
+            }
+
+            return result;
+        }
+
+        /**
+         * Init form_key inputs with value
+         * @private
+         */
+        function initFormKey() {
+            formKey = getFormKeyCookie();
+
+            if (!formKey) {
+                formKey = generateFormKeyString();
+                setFormKeyCookie(formKey);
+            }
+            inputElements = document.querySelectorAll(inputSelector);
+
+            if (inputElements.length) {
+                Array.prototype.forEach.call(inputElements, function (element) {
+                    element.setAttribute('value', formKey);
+                });
+            }
+        }
+
+        initFormKey();
+    };
+});

app/code/Magento/PageCache/view/frontend/web/js/page-cache.js

@@ -7,9 +7,10 @@ define([
     'jquery',
     'domReady',
     'consoleLogger',
+    'Magento_PageCache/js/form-key-provider',
     'jquery-ui-modules/widget',
     'mage/cookies'
-], function ($, domReady, consoleLogger) {
+], function ($, domReady, consoleLogger, formKeyInit) {
     'use strict';
 
     /**
@@ -99,6 +100,7 @@ define([
 
     /**
      * FormKey Widget - this widget is generating from key, saves it to cookie and
+     * @deprecated see Magento/PageCache/view/frontend/web/js/form-key-provider.js
      */
     $.widget('mage.formKey', {
         options: {
@@ -298,8 +300,7 @@ define([
     });
 
     domReady(function () {
-        $('body')
-            .formKey();
+        formKeyInit();
     });
 
     return {