Merge pull request #5347 from magento-tsg/2.3.5-develop-pr109

[TSG] Fixes for 2.3 (pr109) (2.3.5-develop)

Author: zakdma

app/code/Magento/Catalog/Controller/Adminhtml/Product/Action/Attribute/Save.php

@@ -7,14 +7,16 @@
 namespace Magento\Catalog\Controller\Adminhtml\Product\Action\Attribute;
 
 use Magento\AsynchronousOperations\Api\Data\OperationInterface;
+use Magento\Catalog\Model\ProductFactory;
 use Magento\Eav\Model\Config;
 use Magento\Framework\App\Action\HttpPostActionInterface;
 use Magento\Backend\App\Action;
 use Magento\Framework\App\ObjectManager;
+use Magento\Framework\Exception\LocalizedException;
 use Magento\Framework\Stdlib\DateTime\TimezoneInterface;
 
 /**
- * Class Save
+ * Class responsible for saving product attributes.
  * @SuppressWarnings(PHPMD.CouplingBetweenObjects)
  */
 class Save extends \Magento\Catalog\Controller\Adminhtml\Product\Action\Attribute implements HttpPostActionInterface
@@ -59,6 +61,11 @@ class Save extends \Magento\Catalog\Controller\Adminhtml\Product\Action\Attribut
      */
     private $eavConfig;
 
+    /**
+     * @var ProductFactory
+     */
+    private $productFactory;
+
     /**
      * @param Action\Context $context
      * @param \Magento\Catalog\Helper\Product\Edit\Action\Attribute $attributeHelper
@@ -70,6 +77,7 @@ class Save extends \Magento\Catalog\Controller\Adminhtml\Product\Action\Attribut
      * @param int $bulkSize
      * @param TimezoneInterface $timezone
      * @param Config $eavConfig
+     * @param ProductFactory $productFactory
      * @SuppressWarnings(PHPMD.ExcessiveParameterList)
      */
     public function __construct(
@@ -82,7 +90,8 @@ public function __construct(
         \Magento\Authorization\Model\UserContextInterface $userContext,
         int $bulkSize = 100,
         TimezoneInterface $timezone = null,
-        Config $eavConfig = null
+        Config $eavConfig = null,
+        ProductFactory $productFactory = null
     ) {
         parent::__construct($context, $attributeHelper);
         $this->bulkManagement = $bulkManagement;
@@ -95,6 +104,7 @@ public function __construct(
             ->get(TimezoneInterface::class);
         $this->eavConfig = $eavConfig ?: ObjectManager::getInstance()
             ->get(Config::class);
+        $this->productFactory = $productFactory ?? ObjectManager::getInstance()->get(ProductFactory::class);
     }
 
     /**
@@ -120,9 +130,10 @@ public function execute()
         $attributesData = $this->sanitizeProductAttributes($attributesData);
 
         try {
+            $this->validateProductAttributes($attributesData);
             $this->publish($attributesData, $websiteRemoveData, $websiteAddData, $storeId, $websiteId, $productIds);
             $this->messageManager->addSuccessMessage(__('Message is added to queue'));
-        } catch (\Magento\Framework\Exception\LocalizedException $e) {
+        } catch (LocalizedException $e) {
             $this->messageManager->addErrorMessage($e->getMessage());
         } catch (\Exception $e) {
             $this->messageManager->addExceptionMessage(
@@ -147,10 +158,12 @@ private function sanitizeProductAttributes($attributesData)
 
         foreach ($attributesData as $attributeCode => $value) {
             $attribute = $this->eavConfig->getAttribute(\Magento\Catalog\Model\Product::ENTITY, $attributeCode);
+
             if (!$attribute->getAttributeId()) {
                 unset($attributesData[$attributeCode]);
                 continue;
             }
+
             if ($attribute->getBackendType() === 'datetime') {
                 if (!empty($value)) {
                     $filterInput = new \Zend_Filter_LocalizedToNormalized(['date_format' => $dateFormat]);
@@ -178,6 +191,25 @@ private function sanitizeProductAttributes($attributesData)
         return $attributesData;
     }
 
+    /**
+     * Validate product attributes data.
+     *
+     * @param array $attributesData
+     *
+     * @return void
+     * @throws LocalizedException
+     */
+    private function validateProductAttributes(array $attributesData): void
+    {
+        $product = $this->productFactory->create();
+        $product->setData($attributesData);
+
+        foreach (array_keys($attributesData) as $attributeCode) {
+            $attribute = $this->eavConfig->getAttribute(\Magento\Catalog\Model\Product::ENTITY, $attributeCode);
+            $attribute->getBackend()->validate($product);
+        }
+    }
+
     /**
      * Schedule new bulk
      *
@@ -187,7 +219,7 @@ private function sanitizeProductAttributes($attributesData)
      * @param int $storeId
      * @param int $websiteId
      * @param array $productIds
-     * @throws \Magento\Framework\Exception\LocalizedException
+     * @throws LocalizedException
      *
      * @return void
      */
@@ -241,7 +273,7 @@ private function publish(
                 $this->userContext->getUserId()
             );
             if (!$result) {
-                throw new \Magento\Framework\Exception\LocalizedException(
+                throw new LocalizedException(
                     __('Something went wrong while processing the request.')
                 );
             }

app/code/Magento/Catalog/Controller/Adminhtml/Product/Attribute/Save.php

@@ -221,7 +221,7 @@ public function execute()
                     return $this->returnResult('catalog/*/', [], ['error' => true]);
                 }
                 // entity type check
-                if ($model->getEntityTypeId() != $this->_entityTypeId) {
+                if ($model->getEntityTypeId() != $this->_entityTypeId || array_key_exists('backend_model', $data)) {
                     $this->messageManager->addErrorMessage(__('We can\'t update the attribute.'));
                     $this->_session->setAttributeData($data);
                     return $this->returnResult('catalog/*/', [], ['error' => true]);
@@ -258,6 +258,8 @@ public function execute()
                 unset($data['apply_to']);
             }
 
+            unset($data['entity_type_id']);
+
             $model->addData($data);
 
             if (!$attributeId) {

app/code/Magento/Catalog/Model/ResourceModel/Eav/Attribute.php

@@ -8,6 +8,7 @@
 
 use Magento\Catalog\Model\Attribute\LockValidatorInterface;
 use Magento\Framework\Api\AttributeValueFactory;
+use Magento\Framework\Exception\LocalizedException;
 use Magento\Framework\Stdlib\DateTime\DateTimeFormatterInterface;
 
 /**
@@ -180,7 +181,7 @@ protected function _construct()
      * Processing object before save data
      *
      * @return \Magento\Framework\Model\AbstractModel
-     * @throws \Magento\Framework\Exception\LocalizedException
+     * @throws LocalizedException
      * @SuppressWarnings(PHPMD.CyclomaticComplexity)
      */
     public function beforeSave()
@@ -193,13 +194,14 @@ public function beforeSave()
             if ($this->_data[self::KEY_IS_GLOBAL] != $this->_origData[self::KEY_IS_GLOBAL]) {
                 try {
                     $this->attrLockValidator->validate($this);
-                } catch (\Magento\Framework\Exception\LocalizedException $exception) {
-                    throw new \Magento\Framework\Exception\LocalizedException(
+                } catch (LocalizedException $exception) {
+                    throw new LocalizedException(
                         __('Do not change the scope. %1', $exception->getMessage())
                     );
                 }
             }
         }
+
         if ($this->getFrontendInput() == 'price') {
             if (!$this->getBackendModel()) {
                 $this->setBackendModel(\Magento\Catalog\Model\Product\Attribute\Backend\Price::class);
@@ -285,7 +287,7 @@ protected function _isOriginalEnabledInFlat()
      * Register indexing event before delete catalog eav attribute
      *
      * @return $this
-     * @throws \Magento\Framework\Exception\LocalizedException
+     * @throws LocalizedException
      */
     public function beforeDelete()
     {

app/code/Magento/Customer/Api/SessionCleanerInterface.php

@@ -0,0 +1,22 @@
+<?php
+/**
+ * Copyright © Magento, Inc. All rights reserved.
+ * See COPYING.txt for license details.
+ */
+declare(strict_types=1);
+
+namespace Magento\Customer\Api;
+
+/**
+ * Interface for cleaning customer session data.
+ */
+interface SessionCleanerInterface
+{
+    /**
+     * Destroy all active customer sessions related to given customer id, including current session.
+     *
+     * @param int $customerId
+     * @return void
+     */
+    public function clearFor(int $customerId): void;
+}

app/code/Magento/Customer/Model/AccountManagement.php

@@ -13,6 +13,7 @@
 use Magento\Customer\Api\Data\AddressInterface;
 use Magento\Customer\Api\Data\CustomerInterface;
 use Magento\Customer\Api\Data\ValidationResultsInterfaceFactory;
+use Magento\Customer\Api\SessionCleanerInterface;
 use Magento\Customer\Helper\View as CustomerViewHelper;
 use Magento\Customer\Model\Config\Share as ConfigShare;
 use Magento\Customer\Model\Customer as CustomerModel;
@@ -200,6 +201,7 @@ class AccountManagement implements AccountManagementInterface
      * Minimum password length
      *
      * @deprecated Get rid of Helpers in Password Security Management
+     * @see \Magento\Customer\Model\AccountManagement::XML_PATH_MINIMUM_PASSWORD_LENGTH
      */
     const MIN_PASSWORD_LENGTH = 6;
 
@@ -283,21 +285,6 @@ class AccountManagement implements AccountManagementInterface
      */
     private $transportBuilder;
 
-    /**
-     * @var SessionManagerInterface
-     */
-    private $sessionManager;
-
-    /**
-     * @var SaveHandlerInterface
-     */
-    private $saveHandler;
-
-    /**
-     * @var CollectionFactory
-     */
-    private $visitorCollectionFactory;
-
     /**
      * @var DataObjectProcessor
      */
@@ -383,6 +370,11 @@ class AccountManagement implements AccountManagementInterface
      */
     private $getByToken;
 
+    /**
+     * @var SessionCleanerInterface
+     */
+    private $sessionCleaner;
+
     /**
      * @param CustomerFactory $customerFactory
      * @param ManagerInterface $eventManager
@@ -417,10 +409,12 @@ class AccountManagement implements AccountManagementInterface
      * @param AddressRegistry|null $addressRegistry
      * @param GetCustomerByToken|null $getByToken
      * @param AllowedCountries|null $allowedCountriesReader
+     * @param SessionCleanerInterface|null $sessionCleaner
      * @SuppressWarnings(PHPMD.CyclomaticComplexity)
      * @SuppressWarnings(PHPMD.ExcessiveParameterList)
      * @SuppressWarnings(PHPMD.NPathComplexity)
      * @SuppressWarnings(PHPMD.LongVariable)
+     * @SuppressWarnings(PHPMD.UnusedFormalParameter)
      */
     public function __construct(
         CustomerFactory $customerFactory,
@@ -455,7 +449,8 @@ public function __construct(
         SearchCriteriaBuilder $searchCriteriaBuilder = null,
         AddressRegistry $addressRegistry = null,
         GetCustomerByToken $getByToken = null,
-        AllowedCountries $allowedCountriesReader = null
+        AllowedCountries $allowedCountriesReader = null,
+        SessionCleanerInterface $sessionCleaner = null
     ) {
         $this->customerFactory = $customerFactory;
         $this->eventManager = $eventManager;
@@ -486,12 +481,6 @@ public function __construct(
         $this->dateTimeFactory = $dateTimeFactory ?: $objectManager->get(DateTimeFactory::class);
         $this->accountConfirmation = $accountConfirmation ?: $objectManager
             ->get(AccountConfirmation::class);
-        $this->sessionManager = $sessionManager
-            ?: $objectManager->get(SessionManagerInterface::class);
-        $this->saveHandler = $saveHandler
-            ?: $objectManager->get(SaveHandlerInterface::class);
-        $this->visitorCollectionFactory = $visitorCollectionFactory
-            ?: $objectManager->get(CollectionFactory::class);
         $this->searchCriteriaBuilder = $searchCriteriaBuilder
             ?: $objectManager->get(SearchCriteriaBuilder::class);
         $this->addressRegistry = $addressRegistry
@@ -500,6 +489,7 @@ public function __construct(
             ?: $objectManager->get(GetCustomerByToken::class);
         $this->allowedCountriesReader = $allowedCountriesReader
             ?: $objectManager->get(AllowedCountries::class);
+        $this->sessionCleaner = $sessionCleaner ?? $objectManager->get(SessionCleanerInterface::class);
     }
 
     /**
@@ -538,6 +528,8 @@ public function resendConfirmation($email, $websiteId = null, $redirectUrl = '')
         } catch (MailException $e) {
             // If we are not able to send a new account email, this should be ignored
             $this->logger->critical($e);
+
+            return false;
         }
         return true;
     }
@@ -725,7 +717,7 @@ public function resetPassword($email, $resetToken, $newPassword)
         $customerSecure->setRpToken(null);
         $customerSecure->setRpTokenCreatedAt(null);
         $customerSecure->setPasswordHash($this->createPasswordHash($newPassword));
-        $this->destroyCustomerSessions($customer->getId());
+        $this->sessionCleaner->clearFor((int)$customer->getId());
         $this->customerRepository->save($customer);
 
         return true;
@@ -1050,7 +1042,7 @@ private function changePasswordForCustomer($customer, $currentPassword, $newPass
         $customerSecure->setRpTokenCreatedAt(null);
         $this->checkPasswordStrength($newPassword);
         $customerSecure->setPasswordHash($this->createPasswordHash($newPassword));
-        $this->destroyCustomerSessions($customer->getId());
+        $this->sessionCleaner->clearFor((int)$customer->getId());
         $this->disableAddressValidation($customer);
         $this->customerRepository->save($customer);
 
@@ -1619,36 +1611,6 @@ private function getEmailNotification()
         }
     }
 
-    /**
-     * Destroy all active customer sessions by customer id (current session will not be destroyed).
-     *
-     * Customer sessions which should be deleted are collecting from the "customer_visitor" table considering
-     * configured session lifetime.
-     *
-     * @param string|int $customerId
-     * @return void
-     */
-    private function destroyCustomerSessions($customerId)
-    {
-        $sessionLifetime = $this->scopeConfig->getValue(
-            \Magento\Framework\Session\Config::XML_PATH_COOKIE_LIFETIME,
-            \Magento\Store\Model\ScopeInterface::SCOPE_STORE
-        );
-        $dateTime = $this->dateTimeFactory->create();
-        $activeSessionsTime = $dateTime->setTimestamp($dateTime->getTimestamp() - $sessionLifetime)
-            ->format(DateTime::DATETIME_PHP_FORMAT);
-        /** @var \Magento\Customer\Model\ResourceModel\Visitor\Collection $visitorCollection */
-        $visitorCollection = $this->visitorCollectionFactory->create();
-        $visitorCollection->addFieldToFilter('customer_id', $customerId);
-        $visitorCollection->addFieldToFilter('last_visit_at', ['from' => $activeSessionsTime]);
-        $visitorCollection->addFieldToFilter('session_id', ['neq' => $this->sessionManager->getSessionId()]);
-        /** @var \Magento\Customer\Model\Visitor $visitor */
-        foreach ($visitorCollection->getItems() as $visitor) {
-            $sessionId = $visitor->getSessionId();
-            $this->saveHandler->destroy($sessionId);
-        }
-    }
-
     /**
      * Set ignore_validation_flag for reset password flow to skip unnecessary address and customer validation
      *