ACP2E-3501: VAPT: Business Logic Error - future date as customer date of birth

Author: veloraven

app/code/Magento/Customer/Model/Validator/Dob.php

@@ -0,0 +1,84 @@
+<?php
+/**
+ * Copyright 2024 Adobe
+ * All Rights Reserved.
+ */
+declare(strict_types=1);
+
+namespace Magento\Customer\Model\Validator;
+
+use Magento\Customer\Model\Customer;
+use Magento\Framework\Validator\AbstractValidator;
+use Magento\Store\Model\StoreManagerInterface;
+
+/**
+ * Customer name fields validator.
+ */
+class Dob extends AbstractValidator
+{
+    /**
+     * @var \DateTime
+     */
+    private $currentDate;
+
+   /**
+    * @var StoreManagerInterface
+    */
+    private $storeManager;
+
+    /**
+     * @param StoreManagerInterface $storeManager
+     */
+    public function __construct(StoreManagerInterface $storeManager)
+    {
+        $this->currentDate = new \DateTime();
+        $this->storeManager = $storeManager;
+    }
+
+    /**
+     * Validate name fields.
+     *
+     * @param Customer $customer
+     * @return bool
+     */
+    public function isValid($customer)
+    {
+        if (!$this->isValidDob($customer->getDob(), $customer->getStoreId())) {
+            parent::_addMessages([['dob' => 'The Date of Birth should not be greater than today.']]);
+        }
+
+        return count($this->_messages) == 0;
+    }
+
+    /**
+     * Check if specified dob is not in the future
+     *
+     * @param string|null $dobValue
+     * @param int $storeId
+     * @return bool
+     */
+    private function isValidDob($dobValue, $storeId)
+    {
+        if ($dobValue != null) {
+
+            // Get the timezone of the store
+            $store = $this->storeManager->getStore($storeId);
+            $timezone = $store->getConfig('general/locale/timezone');
+
+            // Get the date of birth and set the time to 00:00:00
+            $dobDate = new \DateTime($dobValue, new \DateTimeZone($timezone));
+            $dobDate->setTime(0, 0, 0);
+
+            // Get the timestamp of the date of birth and the current date
+            $dobTimestamp = $dobDate->getTimestamp();
+            $currentTimestamp = $this->currentDate->getTimestamp();
+
+            // If the date's of birth first minute is in the future, return false - the day has not started yet
+            if ($dobTimestamp > $currentTimestamp) {
+                return false;
+            }
+        }
+
+        return true;
+    }
+}

app/code/Magento/Customer/etc/validation.xml

@@ -1,8 +1,8 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <!--
 /**
- * Copyright © Magento, Inc. All rights reserved.
- * See COPYING.txt for license details.
+ * Copyright 2012 Adobe
+ * All Rights Reserved.
  */
 -->
 <validation xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="urn:magento:framework:Validator/etc/validation.xsd">
@@ -23,12 +23,18 @@
                     <constraint alias="name_validator" class="Magento\Customer\Model\Validator\Name" />
                 </entity_constraints>
             </rule>
+            <rule name="check_dob">
+                <entity_constraints>
+                    <constraint alias="dob_validator" class="Magento\Customer\Model\Validator\Dob" />
+                </entity_constraints>
+            </rule>
         </rules>
         <groups>
             <group name="save">
                 <uses>
                     <use rule="check_eav"/>
                     <use rule="check_name"/>
+                    <use rule="check_dob"/>
                 </uses>
             </group>
             <group name="form">

dev/tests/api-functional/testsuite/Magento/Customer/Api/AccountManagementTest.php

@@ -1,7 +1,7 @@
 <?php
 /**
- * Copyright © Magento, Inc. All rights reserved.
- * See COPYING.txt for license details.
+ * Copyright 2015 Adobe
+ * All Rights Reserved.
  */
 
 namespace Magento\Customer\Api;
@@ -223,6 +223,50 @@ public function testCreateCustomerWithErrors()
         }
     }
 
+    public function testCreateCustomerWithDateOfBirthInFuture()
+    {
+        $serviceInfo = [
+            'rest' => [
+                'resourcePath' => self::RESOURCE_PATH,
+                'httpMethod' => \Magento\Framework\Webapi\Rest\Request::HTTP_METHOD_POST, ],
+            'soap' => [
+                'service' => self::SERVICE_NAME,
+                'serviceVersion' => self::SERVICE_VERSION,
+                'operation' => self::SERVICE_NAME . 'CreateAccount',
+            ],
+        ];
+
+        $customerDataArray = $this->dataObjectProcessor->buildOutputDataArray(
+            $this->customerHelper->createSampleCustomerDataObject(),
+            \Magento\Customer\Api\Data\CustomerInterface::class
+        );
+        $futureDob = '14-12-2044';
+        $customerDataArray['dob'] = $futureDob;
+        $requestData = ['customer' => $customerDataArray, 'password' => CustomerHelper::PASSWORD];
+        try {
+            $this->_webApiCall($serviceInfo, $requestData);
+            $this->fail('Expected exception did not occur.');
+        } catch (\Exception $e) {
+            if (TESTS_WEB_API_ADAPTER == self::ADAPTER_SOAP) {
+                $expectedException = new InputException();
+                $expectedException->addError(__('The Date of Birth should not be greater than today.'));
+                $this->assertInstanceOf('SoapFault', $e);
+                $this->checkSoapFault(
+                    $e,
+                    $expectedException->getRawMessage(),
+                    'env:Sender',
+                    $expectedException->getParameters() // expected error parameters
+                );
+            } else {
+                $this->assertEquals(HTTPExceptionCodes::HTTP_BAD_REQUEST, $e->getCode());
+                $exceptionData = $this->processRestExceptionResult($e);
+                $expectedExceptionData = [
+                    'message' => 'The Date of Birth should not be greater than today.',
+                ];
+                $this->assertEquals($expectedExceptionData, $exceptionData);
+            }
+        }
+    }
     public function testCreateCustomerWithoutOptionalFields()
     {
         $serviceInfo = [