ENGCOM-5813: Add input validation for authorizenet_acceptjs payment method #915

Author: lenaorobei

app/code/Magento/AuthorizenetGraphQl/Model/AuthorizenetDataProvider.php

@@ -9,6 +9,7 @@
 
 use Magento\QuoteGraphQl\Model\Cart\Payment\AdditionalDataProviderInterface;
 use Magento\Framework\Stdlib\ArrayManager;
+use Magento\Framework\GraphQl\Exception\GraphQlInputException;
 
 /**
  * SetPaymentMethod additional data provider model for Authorizenet payment method
@@ -36,10 +37,32 @@ public function __construct(
      *
      * @param array $data
      * @return array
+     * @throws GraphQlInputException
      */
     public function getData(array $data): array
     {
-        $additionalData = $this->arrayManager->get(static::PATH_ADDITIONAL_DATA, $data) ?? [];
+        if (!isset($data[self::PATH_ADDITIONAL_DATA])) {
+            throw new GraphQlInputException(
+                __('Required parameter "authorizenet_acceptjs" for "payment_method" is missing.')
+            );
+        }
+        if (!isset($data[self::PATH_ADDITIONAL_DATA]['opaque_data_descriptor'])) {
+            throw new GraphQlInputException(
+                __('Required parameter "opaque_data_descriptor" for "authorizenet_acceptjs" is missing.')
+            );
+        }
+        if (!isset($data[self::PATH_ADDITIONAL_DATA]['opaque_data_value'])) {
+            throw new GraphQlInputException(
+                __('Required parameter "opaque_data_value" for "authorizenet_acceptjs" is missing.')
+            );
+        }
+        if (!isset($data[self::PATH_ADDITIONAL_DATA]['cc_last_4'])) {
+            throw new GraphQlInputException(
+                __('Required parameter "cc_last_4" for "authorizenet_acceptjs" is missing.')
+            );
+        }
+
+        $additionalData = $this->arrayManager->get(static::PATH_ADDITIONAL_DATA, $data);
         foreach ($additionalData as $key => $value) {
             $additionalData[$this->convertSnakeCaseToCamelCase($key)] = $value;
             unset($additionalData[$key]);

dev/tests/api-functional/testsuite/Magento/GraphQl/AuthorizenetAcceptjs/Customer/SetPaymentMethodTest.php

@@ -109,6 +109,113 @@ public function dataProviderTestPlaceOrder(): array
         ];
     }
 
+    /**
+     * @magentoConfigFixture default_store carriers/flatrate/active 1
+     * @magentoConfigFixture default_store payment/authorizenet_acceptjs/active 1
+     * @magentoConfigFixture default_store payment/authorizenet_acceptjs/environment sandbox
+     * @magentoConfigFixture default_store payment/authorizenet_acceptjs/login def_login
+     * @magentoConfigFixture default_store payment/authorizenet_acceptjs/trans_key def_trans_key
+     * @magentoConfigFixture default_store payment/authorizenet_acceptjs/public_client_key def_public_client_key
+     * @magentoConfigFixture default_store payment/authorizenet_acceptjs/trans_signature_key def_trans_signature_key
+     * @magentoApiDataFixture Magento/Customer/_files/customer.php
+     * @magentoApiDataFixture Magento/GraphQl/Catalog/_files/simple_product.php
+     * @magentoApiDataFixture Magento/GraphQl/Quote/_files/customer/create_empty_cart.php
+     * @magentoApiDataFixture Magento/GraphQl/Quote/_files/add_simple_product.php
+     * @magentoApiDataFixture Magento/GraphQl/Quote/_files/set_new_shipping_address.php
+     * @magentoApiDataFixture Magento/GraphQl/Quote/_files/set_new_billing_address.php
+     * @magentoApiDataFixture Magento/GraphQl/Quote/_files/set_flatrate_shipping_method.php
+     * @dataProvider dataProviderSetPaymentInvalidInput
+     * @param \Closure $getMutationClosure
+     * @param string $expectedMessage
+     * @expectedException \Exception
+     */
+    public function testSetPaymentInvalidInput(\Closure $getMutationClosure, string $expectedMessage)
+    {
+        $reservedOrderId = 'test_quote';
+        $maskedQuoteId = $this->getMaskedQuoteIdByReservedOrderId->execute($reservedOrderId);
+
+        $setPaymentMutation = $getMutationClosure($maskedQuoteId);
+
+        $this->expectExceptionMessage($expectedMessage);
+        $this->graphQlMutation($setPaymentMutation, [], '', $this->getHeaderMap());
+    }
+
+    /**
+     * Data provider for testSetPaymentInvalidInput
+     *
+     * @return array
+     */
+    public function dataProviderSetPaymentInvalidInput(): array
+    {
+        return [
+            [
+                function (string $maskedQuoteId) {
+                    return $this->getInvalidSetPaymentMutation($maskedQuoteId);
+                },
+                'Required parameter "authorizenet_acceptjs" for "payment_method" is missing.',
+            ],
+            [
+                function (string $maskedQuoteId) {
+                    return $this->getInvalidAcceptJsInput($maskedQuoteId);
+                },
+                'for "authorizenet_acceptjs" is missing.'
+            ],
+        ];
+    }
+
+    /**
+     * Get setPaymentMethodOnCart missing additional data property
+     *
+     * @param string $maskedQuoteId
+     * @return string
+     */
+    private function getInvalidSetPaymentMutation(string $maskedQuoteId): string
+    {
+        return <<<QUERY
+mutation {
+  setPaymentMethodOnCart(input:{
+    cart_id:"{$maskedQuoteId}"
+    payment_method:{
+      code:"authorizenet_acceptjs"
+    }
+  }) {
+    cart {
+      selected_payment_method {
+        code
+      }
+    }
+  }
+}
+QUERY;
+    }
+
+    /**
+     * Get setPaymentMethodOnCart missing require additional data properties
+     *
+     * @param string $maskedQuoteId
+     * @return string
+     */
+    private function getInvalidAcceptJsInput(string $maskedQuoteId): string
+    {
+        return <<<QUERY
+mutation {
+  setPaymentMethodOnCart(input:{
+    cart_id:"{$maskedQuoteId}"
+    payment_method:{
+      code:"authorizenet_acceptjs"
+      authorizenet_acceptjs: {}
+    }
+  }) {
+    cart {
+      selected_payment_method {
+        code
+      }
+    }
+  }
+}
+QUERY;
+    }
+
     private function assertPlaceOrderResponse(array $response, string $reservedOrderId): void
     {
         self::assertArrayHasKey('placeOrder', $response);