ACPT-1718

JacobBrownAustin · JacobBrownAustin · commit 84b8d2af2f02 · 2024-01-25T09:03:44.000-06:00
Adding new test to GraphQlSessionTest that validates the Magento\Customer\Model\Session works properly when graphql/session/disable=0
diff --git a/dev/tests/api-functional/testsuite/Magento/GraphQl/GraphQl/GraphQlSessionTest.php b/dev/tests/api-functional/testsuite/Magento/GraphQl/GraphQl/GraphQlSessionTest.php
@@ -283,4 +283,46 @@ private function assertNoCookiesMatchRegex(string $pattern, array $cookies): voi
         }
         $this->assertTrue($result, 'Failed assertion. At least one cookie in the array matches pattern: ' . $pattern);
     }
+
+    /**
+     * Tests that Magento\Customer\Model\Session works properly when graphql/session/disable=0
+     *
+     * @magentoApiDataFixture Magento/Customer/_files/customer.php
+     * @magentoConfigFixture graphql/session/disable 0
+     */
+    public function testCustomerCanQueryOwnEmailUsingSession() : void
+    {
+        $query = '{customer{email}}';
+        $result = $this->graphQlClient->postWithResponseHeaders($query, [], '', $this->getAuthHeaders(), true);
+        // cookies are never empty and session is restarted for the authorized customer regardless current session
+        $this->assertNotEmpty($result['cookies']);
+        $this->assertAnyCookieMatchesRegex('/PHPSESSID=[a-z0-9]+;/', $result['cookies']);
+        $this->assertEquals('customer@example.com', $result['body']['customer']['email'] ?? '');
+        $result = $this->graphQlClient->postWithResponseHeaders($query, [], '', $this->getAuthHeaders());
+        // cookies are never empty and session is restarted for the authorized customer
+        // regardless current session and missing flush
+        $this->assertNotEmpty($result['cookies']);
+        $this->assertAnyCookieMatchesRegex('/PHPSESSID=[a-z0-9]+;/', $result['cookies']);
+        $this->assertEquals('customer@example.com', $result['body']['customer']['email'] ?? '');
+        /* Note: This third request is the actual one that tests that the session cookie is properly used.
+         * This time we don't send the Authorization header and rely on Cookie header instead.
+         * Because of bug in postWithResponseHeaders's $flushCookies parameter not being properly used,
+         * We have to manually set cookie header ourselves. :-(
+         */
+        $cookiesToSend = '';
+        foreach ($result['cookies'] as $cookie) {
+            preg_match('/^([^;]*);/', $cookie, $matches);
+            if (!strlen($matches[1] ?? '')) {
+                continue;
+            }
+            if (!empty($cookiesToSend)) {
+                $cookiesToSend .= '; ';
+            }
+            $cookiesToSend .= $matches[1];
+        }
+        $result = $this->graphQlClient->postWithResponseHeaders($query, [], '', ['Cookie: ' . $cookiesToSend]);
+        $this->assertNotEmpty($result['cookies']);
+        $this->assertAnyCookieMatchesRegex('/PHPSESSID=[a-z0-9]+;/', $result['cookies']);
+        $this->assertEquals('customer@example.com', $result['body']['customer']['email'] ?? '');
+    }
 }
