Merge branch 'MAGETWO-93786' into 2.3-bugfixes-150818

Dmytro Voskoboinikov · Dmytro Voskoboinikov · commit 9b9ad6f5bac7 · 2018-08-15T14:12:21.000+03:00
diff --git a/app/code/Magento/Authorizenet/Controller/Directpost/Payment/BackendResponse.php b/app/code/Magento/Authorizenet/Controller/Directpost/Payment/BackendResponse.php
@@ -10,12 +10,15 @@
 use Magento\Authorizenet\Model\Directpost;
 use Magento\Authorizenet\Model\DirectpostFactory;
 use Magento\Framework\App\Action\Context;
+use Magento\Framework\App\CsrfAwareActionInterface;
+use Magento\Framework\App\Request\InvalidRequestException;
+use Magento\Framework\App\RequestInterface;
 use Magento\Framework\Controller\ResultFactory;
 use Magento\Framework\Exception\LocalizedException;
 use Magento\Framework\Registry;
 use Psr\Log\LoggerInterface;
 
-class BackendResponse extends \Magento\Authorizenet\Controller\Directpost\Payment
+class BackendResponse extends \Magento\Authorizenet\Controller\Directpost\Payment implements CsrfAwareActionInterface
 {
     /**
      * @var LoggerInterface
@@ -48,6 +51,23 @@ public function __construct(
         $this->logger = $logger ?: $this->_objectManager->get(LoggerInterface::class);
     }
 
+    /**
+     * @inheritDoc
+     */
+    public function createCsrfValidationException(
+        RequestInterface $request
+    ): ?InvalidRequestException {
+        return null;
+    }
+
+    /**
+     * @inheritDoc
+     */
+    public function validateForCsrf(RequestInterface $request): ?bool
+    {
+        return true;
+    }
+
     /**
      * Response action.
      * Action for Authorize.net SIM Relay Request.
diff --git a/app/code/Magento/Authorizenet/Controller/Directpost/Payment/Response.php b/app/code/Magento/Authorizenet/Controller/Directpost/Payment/Response.php
@@ -6,8 +6,29 @@
  */
 namespace Magento\Authorizenet\Controller\Directpost\Payment;
 
-class Response extends \Magento\Authorizenet\Controller\Directpost\Payment
+use Magento\Framework\App\CsrfAwareActionInterface;
+use Magento\Framework\App\Request\InvalidRequestException;
+use Magento\Framework\App\RequestInterface;
+
+class Response extends \Magento\Authorizenet\Controller\Directpost\Payment implements CsrfAwareActionInterface
 {
+    /**
+     * @inheritDoc
+     */
+    public function createCsrfValidationException(
+        RequestInterface $request
+    ): ?InvalidRequestException {
+        return null;
+    }
+
+    /**
+     * @inheritDoc
+     */
+    public function validateForCsrf(RequestInterface $request): ?bool
+    {
+        return true;
+    }
+
     /**
      * Response action.
      * Action for Authorize.net SIM Relay Request.
diff --git a/app/code/Magento/Paypal/Controller/Ipn/Index.php b/app/code/Magento/Paypal/Controller/Ipn/Index.php
@@ -7,12 +7,15 @@
 
 namespace Magento\Paypal\Controller\Ipn;
 
+use Magento\Framework\App\CsrfAwareActionInterface;
+use Magento\Framework\App\Request\InvalidRequestException;
+use Magento\Framework\App\RequestInterface;
 use Magento\Framework\Exception\RemoteServiceUnavailableException;
 
 /**
  * Unified IPN controller for all supported PayPal methods
  */
-class Index extends \Magento\Framework\App\Action\Action
+class Index extends \Magento\Framework\App\Action\Action implements CsrfAwareActionInterface
 {
     /**
      * @var \Psr\Log\LoggerInterface
@@ -39,6 +42,23 @@ public function __construct(
         parent::__construct($context);
     }
 
+    /**
+     * @inheritDoc
+     */
+    public function createCsrfValidationException(
+        RequestInterface $request
+    ): ?InvalidRequestException {
+        return null;
+    }
+
+    /**
+     * @inheritDoc
+     */
+    public function validateForCsrf(RequestInterface $request): ?bool
+    {
+        return true;
+    }
+
     /**
      * Instantiate IPN model and pass IPN request to it
      *
diff --git a/app/code/Magento/Paypal/Controller/Payflow/CancelPayment.php b/app/code/Magento/Paypal/Controller/Payflow/CancelPayment.php
@@ -6,8 +6,29 @@
  */
 namespace Magento\Paypal\Controller\Payflow;
 
-class CancelPayment extends \Magento\Paypal\Controller\Payflow
+use Magento\Framework\App\CsrfAwareActionInterface;
+use Magento\Framework\App\Request\InvalidRequestException;
+use Magento\Framework\App\RequestInterface;
+
+class CancelPayment extends \Magento\Paypal\Controller\Payflow implements CsrfAwareActionInterface
 {
+    /**
+     * @inheritDoc
+     */
+    public function createCsrfValidationException(
+        RequestInterface $request
+    ): ?InvalidRequestException {
+        return null;
+    }
+
+    /**
+     * @inheritDoc
+     */
+    public function validateForCsrf(RequestInterface $request): ?bool
+    {
+        return true;
+    }
+
     /**
      * When a customer cancel payment from payflow gateway.
      *
diff --git a/app/code/Magento/Paypal/Controller/Payflow/ReturnUrl.php b/app/code/Magento/Paypal/Controller/Payflow/ReturnUrl.php
@@ -6,11 +6,14 @@
  */
 namespace Magento\Paypal\Controller\Payflow;
 
+use Magento\Framework\App\CsrfAwareActionInterface;
+use Magento\Framework\App\Request\InvalidRequestException;
+use Magento\Framework\App\RequestInterface;
 use Magento\Paypal\Controller\Payflow;
 use Magento\Paypal\Model\Config;
 use Magento\Sales\Model\Order;
 
-class ReturnUrl extends Payflow
+class ReturnUrl extends Payflow implements CsrfAwareActionInterface
 {
     /**
      * @var array of allowed order states on frontend
@@ -30,6 +33,23 @@ class ReturnUrl extends Payflow
         Config::METHOD_PAYFLOWLINK
     ];
 
+    /**
+     * @inheritDoc
+     */
+    public function createCsrfValidationException(
+        RequestInterface $request
+    ): ?InvalidRequestException {
+        return null;
+    }
+
+    /**
+     * @inheritDoc
+     */
+    public function validateForCsrf(RequestInterface $request): ?bool
+    {
+        return true;
+    }
+
     /**
      * When a customer return to website from payflow gateway.
      *
diff --git a/app/code/Magento/Paypal/Controller/Payflow/SilentPost.php b/app/code/Magento/Paypal/Controller/Payflow/SilentPost.php
@@ -6,8 +6,29 @@
  */
 namespace Magento\Paypal\Controller\Payflow;
 
-class SilentPost extends \Magento\Paypal\Controller\Payflow
+use Magento\Framework\App\CsrfAwareActionInterface;
+use Magento\Framework\App\Request\InvalidRequestException;
+use Magento\Framework\App\RequestInterface;
+
+class SilentPost extends \Magento\Paypal\Controller\Payflow implements CsrfAwareActionInterface
 {
+    /**
+     * @inheritDoc
+     */
+    public function createCsrfValidationException(
+        RequestInterface $request
+    ): ?InvalidRequestException {
+        return null;
+    }
+
+    /**
+     * @inheritDoc
+     */
+    public function validateForCsrf(RequestInterface $request): ?bool
+    {
+        return true;
+    }
+
     /**
      * Get response from PayPal by silent post method
      *
diff --git a/app/code/Magento/Paypal/Controller/Transparent/Response.php b/app/code/Magento/Paypal/Controller/Transparent/Response.php
@@ -6,6 +6,8 @@
 namespace Magento\Paypal\Controller\Transparent;
 
 use Magento\Framework\App\CsrfAwareActionInterface;
+use Magento\Framework\App\Request\InvalidRequestException;
+use Magento\Framework\App\RequestInterface;
 use Magento\Framework\Registry;
 use Magento\Framework\App\Action\Context;
 use Magento\Framework\View\Result\LayoutFactory;
@@ -17,8 +19,6 @@
 use Magento\Paypal\Model\Payflow\Transparent;
 use Magento\Sales\Api\PaymentFailuresInterface;
 use Magento\Framework\Session\Generic as Session;
-use Magento\Framework\App\RequestInterface;
-use Magento\Framework\App\Request\InvalidRequestException;
 
 /**
  * @SuppressWarnings(PHPMD.CouplingBetweenObjects)
diff --git a/lib/internal/Magento/Framework/App/FrontController.php b/lib/internal/Magento/Framework/App/FrontController.php
@@ -13,6 +13,7 @@
 use Magento\Framework\Exception\NotFoundException;
 use Magento\Framework\Message\ManagerInterface as MessageManager;
 use Magento\Framework\App\Action\AbstractAction;
+use Psr\Log\LoggerInterface;
 
 /**
  * @SuppressWarnings(PHPMD.CouplingBetweenObjects)
@@ -39,24 +40,33 @@ class FrontController implements FrontControllerInterface
      */
     private $messages;
 
+    /**
+     * @var LoggerInterface
+     */
+    private $logger;
+
     /**
      * @param RouterListInterface $routerList
      * @param ResponseInterface $response
      * @param RequestValidator|null $requestValidator
      * @param MessageManager|null $messageManager
+     * @param LoggerInterface|null $logger
      */
     public function __construct(
         RouterListInterface $routerList,
         ResponseInterface $response,
         ?RequestValidator $requestValidator = null,
-        ?MessageManager $messageManager = null
+        ?MessageManager $messageManager = null,
+        ?LoggerInterface $logger = null
     ) {
         $this->_routerList = $routerList;
         $this->response = $response;
         $this->requestValidator = $requestValidator
             ?? ObjectManager::getInstance()->get(RequestValidator::class);
         $this->messages = $messageManager
             ?? ObjectManager::getInstance()->get(MessageManager::class);
+        $this->logger = $logger
+            ?? ObjectManager::getInstance()->get(LoggerInterface::class);
     }
 
     /**
@@ -125,6 +135,10 @@ private function processRequest(
             }
         } catch (InvalidRequestException $exception) {
             //Validation failed - processing validation results.
+            $this->logger->debug(
+                'Request validation failed for action "'
+                .get_class($actionInstance) .'"'
+            );
             $result = $exception->getReplaceResult();
             if ($messages = $exception->getMessages()) {
                 foreach ($messages as $message) {
