Merge pull request #4218 from magento-tsg/2.1.18-develop-pr75

Fixed Issues:
- MAGETWO-99567: Update Url ActionList
- MC-16365: [2.1.x] Fix CompanyUserManagerInterfaceTest failing on mainline

Author: dvoskoboinikov

app/code/Magento/Backend/Test/Unit/Model/UrlTest.php

@@ -155,7 +155,7 @@ protected function getOrder()
         }
 
         $data = (string)$this->request->getParam('data');
-        if ((string)$this->request->getParam('signature') !== $this->signature->signData($data)) {
+        if (!$this->signature->isValid($data, (string)$this->request->getParam('signature'))) {
             return null;
         }
         $json = base64_decode($data);

app/code/Magento/Sales/Model/Rss/OrderStatus.php

@@ -6,65 +6,47 @@
 
 namespace Magento\Sales\Model\Rss;
 
-use Magento\Framework\Config\ConfigOptionsListConstants;
+use Magento\Framework\Encryption\EncryptorInterface;
 
 /**
  * Class for generating signature.
  */
 class Signature
 {
     /**
-     * Version of encryption key.
-     *
-     * @var int
-     */
-    private $keyVersion;
-
-    /**
-     * Array of encryption keys.
-     *
-     * @var string[]
-     */
-    private $keys = [];
-
-    /**
-     * @var \Magento\Framework\App\DeploymentConfig
+     * @var EncryptorInterface
      */
-    private $deploymentConfig;
+    private $encryptor;
 
     /**
-     * @param \Magento\Framework\App\DeploymentConfig $deploymentConfig
+     * @param EncryptorInterface $encryptor
      */
     public function __construct(
-        \Magento\Framework\App\DeploymentConfig $deploymentConfig
+        EncryptorInterface $encryptor
     ) {
-        $this->deploymentConfig = $deploymentConfig;
-        // load all possible keys
-        $this->keys = preg_split(
-            '/\s+/s',
-            (string)$this->deploymentConfig->get(ConfigOptionsListConstants::CONFIG_PATH_CRYPT_KEY)
-        );
-        $this->keyVersion = count($this->keys) - 1;
+        $this->encryptor = $encryptor;
     }
 
     /**
-     * Get secret key.
+     * Sign data.
      *
+     * @param string $data
      * @return string
      */
-    private function getSecretKey()
+    public function signData($data)
     {
-        return (string)$this->keys[$this->keyVersion];
+        return $this->encryptor->hash($data);
     }
 
     /**
-     * Sign data.
+     * Check if valid signature is provided for given data.
      *
      * @param string $data
-     * @return string
+     * @param string $signature
+     * @return bool
      */
-    public function signData($data)
+    public function isValid($data, $signature)
     {
-        return hash_hmac('sha256', $data, pack('H*', $this->getSecretKey()));
+        return $this->encryptor->validateHash($data, $signature);
     }
 }

app/code/Magento/Sales/Model/Rss/Signature.php

@@ -145,11 +145,18 @@ protected function setUp()
         );
     }
 
+    /**
+     * Positive scenario.
+     */
     public function testGetRssData()
     {
         $this->orderFactory->expects($this->once())->method('create')->willReturn($this->order);
         $requestData = base64_encode('{"order_id":1,"increment_id":"100000001","customer_id":1}');
-        $this->signature->expects($this->any())->method('signData')->willReturn('signature');
+        $this->signature->expects($this->never())->method('signData');
+        $this->signature->expects($this->any())
+            ->method('isValid')
+            ->with($requestData, 'signature')
+            ->willReturn(true);
 
         $this->requestInterface->expects($this->any())
             ->method('getParam')
@@ -180,14 +187,20 @@ public function testGetRssData()
     }
 
     /**
+     * Case when invalid data is provided.
+     *
      * @expectedException \InvalidArgumentException
      * @expectedExceptionMessage Order not found.
      */
     public function testGetRssDataWithError()
     {
         $this->orderFactory->expects($this->once())->method('create')->willReturn($this->order);
         $requestData = base64_encode('{"order_id":"1","increment_id":true,"customer_id":true}');
-        $this->signature->expects($this->any())->method('signData')->willReturn('signature');
+        $this->signature->expects($this->never())->method('signData');
+        $this->signature->expects($this->any())
+            ->method('isValid')
+            ->with($requestData, 'signature')
+            ->willReturn(true);
         $this->requestInterface->expects($this->any())
             ->method('getParam')
             ->willReturnMap(
@@ -202,16 +215,20 @@ public function testGetRssDataWithError()
     }
 
     /**
+     * Case when invalid signature is provided.
+     *
      * @expectedException \InvalidArgumentException
      * @expectedExceptionMessage Order not found.
      */
     public function testGetRssDataWithWrongSignature()
     {
         $requestData = base64_encode('{"order_id":"1","increment_id":true,"customer_id":true}');
+        $this->signature->expects($this->never())
+            ->method('signData');
         $this->signature->expects($this->any())
-            ->method('signData')
-            ->with($requestData)
-            ->willReturn('wrong_signature');
+            ->method('isValid')
+            ->with($requestData, 'signature')
+            ->willReturn(false);
         $this->requestInterface->expects($this->any())
             ->method('getParam')
             ->willReturnMap(
@@ -225,6 +242,9 @@ public function testGetRssDataWithWrongSignature()
         $this->assertEquals($this->feedData, $this->model->getRssData());
     }
 
+    /**
+     * Testing allowed getter.
+     */
     public function testIsAllowed()
     {
         $this->scopeConfigInterface->expects($this->once())->method('getValue')
@@ -234,6 +254,8 @@ public function testIsAllowed()
     }
 
     /**
+     * Test caching.
+     *
      * @param string $requestData
      * @param string $result
      * @dataProvider getCacheKeyDataProvider
@@ -245,12 +267,18 @@ public function testGetCacheKey($requestData, $result)
                 ['data', null, $requestData],
                 ['signature', null, 'signature'],
             ]);
-        $this->signature->expects($this->any())->method('signData')->willReturn('signature');
+        $this->signature->expects($this->never())->method('signData');
+        $this->signature->expects($this->any())
+            ->method('isValid')
+            ->with($requestData, 'signature')
+            ->willReturn(true);
         $this->orderFactory->expects($this->once())->method('create')->will($this->returnValue($this->order));
         $this->assertEquals('rss_order_status_data_' . $result, $this->model->getCacheKey());
     }
 
     /**
+     * Test data for caching test.
+     *
      * @return array
      */
     public function getCacheKeyDataProvider()
@@ -261,6 +289,9 @@ public function getCacheKeyDataProvider()
         ];
     }
 
+    /**
+     * Test for cache lifetime getter.
+     */
     public function testGetCacheLifetime()
     {
         $this->assertEquals(600, $this->model->getCacheLifetime());

app/code/Magento/Sales/Test/Unit/Model/Rss/OrderStatusTest.php

@@ -17,7 +17,7 @@ class SignatureTest extends \PHPUnit_Framework_TestCase
     /**
      * @var \PHPUnit_Framework_MockObject_MockObject | \Magento\Framework\App\DeploymentConfig
      */
-    private $deploymentConfigMock;
+    private $encryptorMock;
 
     /**
      * @var ObjectManagerHelper
@@ -34,19 +34,14 @@ class SignatureTest extends \PHPUnit_Framework_TestCase
      */
     protected function setUp()
     {
-        $this->deploymentConfigMock = $this->getMockBuilder(\Magento\Framework\App\DeploymentConfig::class)
+        $this->encryptorMock = $this->getMockBuilder(\Magento\Framework\Encryption\EncryptorInterface::class)
             ->disableOriginalConstructor()
-            ->getMock();
-        $this->deploymentConfigMock->expects($this->any())
-            ->method('get')
-            ->with('crypt/key')
-            ->willReturn('1234567890abc');
-
+            ->getMockForAbstractClass();
         $this->objectManagerHelper = new ObjectManagerHelper($this);
         $this->model = $this->objectManagerHelper->getObject(
             Signature::class,
             [
-                'deploymentConfig' => $this->deploymentConfigMock,
+                'encryptor' => $this->encryptorMock,
             ]
         );
     }
@@ -61,6 +56,7 @@ protected function setUp()
      */
     public function testSignData($data, $expected)
     {
+        $this->encryptorMock->expects($this->any())->method('hash')->with($data)->willReturn($expected);
         $this->assertEquals($expected, $this->model->signData($data));
     }
 
@@ -76,4 +72,42 @@ public function checkSignatureDataProvider()
             ],
         ];
     }
+
+    /**
+     * Test signature validation.
+     *
+     * @param string $data
+     * @param string $signature
+     * @param bool $expected
+     * @return void
+     * @dataProvider checkIsValidDataProvider
+     */
+    public function testIsValid($data, $signature, $expected)
+    {
+        $this->encryptorMock->expects($this->any())
+            ->method('validateHash')
+            ->with($data, $signature)
+            ->willReturn($expected);
+
+        $this->assertEquals($expected, $this->model->isValid($data, $signature));
+    }
+
+    /**
+     * @return array
+     */
+    public function checkIsValidDataProvider()
+    {
+        return [
+            [
+                'eyJvcmRlcl9pZCI6IjEiLCJjdXN0b21lcl9pZCI6IjEiLCJpbmNyZW1lbnRfaWQiOiIwMDAwMDAwMDEifQ==',
+                '651932dfc862406b72628d95623bae5ea18242be757b3493b337942d61f834be',
+                true,
+            ],
+            [
+                'eyJvcmRlcl9pZCI6IjEiLCJjdXN0b21lcl9pZCI6IjEiLCJpbmNyZW1lbnRfaWQiOiIwMDAwMDAwMDEifQ==',
+                'blabla',
+                false,
+            ],
+        ];
+    }
 }

app/code/Magento/Sales/Test/Unit/Model/Rss/SignatureTest.php

@@ -18,6 +18,9 @@
 use Magento\Vault\Observer\AfterPaymentSaveObserver;
 use PHPUnit_Framework_MockObject_MockObject as MockObject;
 
+/**
+ * Test for payment observer.
+ */
 class AfterPaymentSaveObserverTest extends \PHPUnit_Framework_TestCase
 {
     /**
@@ -61,14 +64,18 @@ class AfterPaymentSaveObserverTest extends \PHPUnit_Framework_TestCase
     protected $salesOrderPaymentMock;
 
     /**
-     * @return void
+     * @inheritdoc
      */
     protected function setUp()
     {
         /** @var Random|MockObject $encryptorRandomGenerator */
         $encryptorRandomGenerator = $this->getMock(Random::class, [], [], '', false);
         /** @var DeploymentConfig|MockObject $deploymentConfigMock */
         $deploymentConfigMock = $this->getMock(DeploymentConfig::class, [], [], '', false);
+        $deploymentConfigMock->expects($this->any())
+            ->method('get')
+            ->with(Encryptor::PARAM_CRYPT_KEY)
+            ->willReturn('g9mY9KLrcuAVJfsmVUSRkKFLDdUPVkaZ');
         $this->encryptorModel = new Encryptor($encryptorRandomGenerator, $deploymentConfigMock);
 
         $this->paymentExtension = $this->getMockBuilder(OrderPaymentExtension::class)
@@ -117,12 +124,14 @@ protected function setUp()
     }
 
     /**
+     * Case when payment successfully made.
+     *
      * @param int $customerId
      * @param string $createdAt
      * @param string $token
      * @param bool $isActive
      * @param string $method
-     * @dataProvider testPositiveCaseDataProvider
+     * @dataProvider positiveCaseDataProvider
      */
     public function testPositiveCase($customerId, $createdAt, $token, $isActive, $method)
     {
@@ -161,9 +170,11 @@ public function testPositiveCase($customerId, $createdAt, $token, $isActive, $me
     }
 
     /**
+     * Data for positiveCase test.
+     *
      * @return array
      */
-    public function testPositiveCaseDataProvider()
+    public function positiveCaseDataProvider()
     {
         return [
             [

app/code/Magento/Vault/Test/Unit/Observer/AfterPaymentSaveObserverTest.php

@@ -98,6 +98,7 @@ public function testGetProductsIfOneOfChildIsDisabledPerStore()
      */
     public function testGetProductsIfOneOfChildIsOutOfStock()
     {
+        $this->markTestSkipped('Test skipped due to MAGETWO-99629');
         $configurableProduct = $this->productRepository->get('configurable', false, null, true);
         $lowestPriceChildrenProducts = $this->createLowestPriceOptionsProvider()->getProducts($configurableProduct);
         $this->assertCount(1, $lowestPriceChildrenProducts);

dev/tests/integration/testsuite/Magento/ConfigurableProduct/Pricing/Price/LowestPriceOptionProviderTest.php

@@ -39,7 +39,7 @@ protected function tearDown()
     }
 
     /**
-     * @magentoDataFixture Magento/Customer/_files/two_customers.php
+     * @magentoDataFixture Magento/Customer/_files/two_customers_with_reindex.php
      */
     public function testMassUnsubscribAction()
     {