LYNX-339: private_content_version cookie returned in GQL queries

bl4de · web-flow · commit 9d99362a3182 · 2024-04-30T11:21:09.000+01:00
diff --git a/dev/tests/Magento/GraphQl/PageCache/DisableSessionTest.php b/dev/tests/Magento/GraphQl/PageCache/DisableSessionTest.php
@@ -0,0 +1,72 @@
+<?php
+/**
+ * Copyright 2024 Adobe
+ * All Rights Reserved.
+ *
+ * NOTICE: All information contained herein is, and remains
+ * the property of Adobe and its suppliers, if any. The intellectual
+ * and technical concepts contained herein are proprietary to Adobe
+ * and its suppliers and are protected by all applicable intellectual
+ * property laws, including trade secret and copyright laws.
+ * Dissemination of this information or reproduction of this material
+ * is strictly forbidden unless prior written permission is obtained from
+ * Adobe.
+ */
+declare(strict_types=1);
+
+namespace Magento\GraphQl\PageCache;
+
+use Magento\TestFramework\TestCase\GraphQlAbstract;
+use Magento\TestFramework\Fixture\Config;
+use Magento\Framework\App\PageCache\Version;
+
+/**
+ * Test absence/presence of private_content_version cookie in GraphQl POST HTTP responses
+ */
+class DisableSessionTest extends GraphQlAbstract
+{
+    #[
+        Config('graphql/session/disable', '1')
+    ]
+    public function testPrivateSessionContentCookieNotPresentWhenSessionDisabled()
+    {
+        $result = $this->graphQlMutationWithResponseHeaders($this->getMutation());
+        $this->assertArrayHasKey('headers', $result);
+        if (!empty($result['headers']['Set-Cookie'])) {
+            $this->assertStringNotContainsString(
+                Version::COOKIE_NAME,
+                $result['headers']['Set-Cookie'],
+                Version::COOKIE_NAME . ' should not be present in Set-Cookie header'
+            );
+        }
+    }
+
+    #[
+        Config('graphql/session/disable', '0')
+    ]
+    public function testPrivateSessionContentCookiePresentWhenSessionEnabled()
+    {
+        $result = $this->graphQlMutationWithResponseHeaders($this->getMutation());
+        $this->assertArrayHasKey('headers', $result);
+        $this->assertArrayHasKey('Set-Cookie', $result['headers'], 'Set-Cookie HTTP response header should be present');
+        $this->assertStringContainsString(
+            Version::COOKIE_NAME,
+            $result['headers']['Set-Cookie'],
+            Version::COOKIE_NAME . ' should be set by the server'
+        );
+    }
+
+    /**
+     * Provides dummy mutation to test GraphQl HTTP POST response
+     *
+     * @return string
+     */
+    private function getMutation(): string
+    {
+        return <<<GRAPHQL
+mutation {
+  createEmptyCart
+}
+GRAPHQL;
+    }
+}
diff --git a/lib/internal/Magento/Framework/App/PageCache/Version.php b/lib/internal/Magento/Framework/App/PageCache/Version.php
@@ -3,8 +3,14 @@
  * Copyright © Magento, Inc. All rights reserved.
  * See COPYING.txt for license details.
  */
+
 namespace Magento\Framework\App\PageCache;
 
+use Magento\Framework\App\Config\ScopeConfigInterface;
+use Magento\Framework\Stdlib\CookieManagerInterface;
+use Magento\Framework\Stdlib\Cookie\CookieMetadataFactory;
+use Magento\Framework\App\Request\Http;
+
 /**
  * PageCache Version
  *
@@ -15,53 +21,38 @@ class Version
     /**
      * Name of cookie that holds private content version
      */
-    const COOKIE_NAME = 'private_content_version';
+    public const COOKIE_NAME = 'private_content_version';
 
     /**
      * Ten years cookie period
      */
-    const COOKIE_PERIOD = 315360000;
-
-    /**
-     * Cookie Manager
-     *
-     * @var \Magento\Framework\Stdlib\CookieManagerInterface
-     */
-    protected $cookieManager;
-
-    /**
-     * Request
-     *
-     * @var \Magento\Framework\App\Request\Http
-     */
-    protected $request;
+    public const COOKIE_PERIOD = 315360000;
 
     /**
-     * @var \Magento\Framework\Stdlib\Cookie\CookieMetadataFactory
+     * Config setting for disabling session for GraphQl
      */
-    protected $cookieMetadataFactory;
+    private const XML_PATH_GRAPHQL_DISABLE_SESSION = 'graphql/session/disable';
 
     /**
-     * @param \Magento\Framework\Stdlib\CookieManagerInterface $cookieManager
-     * @param \Magento\Framework\Stdlib\Cookie\CookieMetadataFactory $cookieMetadataFactory
-     * @param \Magento\Framework\App\Request\Http $request
+     * @param CookieManagerInterface $cookieManager
+     * @param CookieMetadataFactory $cookieMetadataFactory
+     * @param Http $request
+     * @param ScopeConfigInterface $scopeConfig
      */
     public function __construct(
-        \Magento\Framework\Stdlib\CookieManagerInterface $cookieManager,
-        \Magento\Framework\Stdlib\Cookie\CookieMetadataFactory $cookieMetadataFactory,
-        \Magento\Framework\App\Request\Http $request
+        private readonly CookieManagerInterface $cookieManager,
+        private readonly CookieMetadataFactory $cookieMetadataFactory,
+        private readonly Http $request,
+        private readonly ScopeConfigInterface $scopeConfig
     ) {
-        $this->cookieManager = $cookieManager;
-        $this->request = $request;
-        $this->cookieMetadataFactory = $cookieMetadataFactory;
     }
 
     /**
      * Generate unique version identifier
      *
      * @return string
      */
-    protected function generateValue()
+    protected function generateValue(): string
     {
         //phpcs:ignore
         return md5(rand() . time());
@@ -75,16 +66,35 @@ protected function generateValue()
      *
      * @return void
      */
-    public function process()
+    public function process(): void
     {
-        if ($this->request->isPost()) {
-            $publicCookieMetadata = $this->cookieMetadataFactory->createPublicCookieMetadata()
-                ->setDuration(self::COOKIE_PERIOD)
-                ->setPath('/')
-                ->setSecure($this->request->isSecure())
-                ->setHttpOnly(false)
-                ->setSameSite('Lax');
-            $this->cookieManager->setPublicCookie(self::COOKIE_NAME, $this->generateValue(), $publicCookieMetadata);
+        if (!$this->request->isPost()) {
+            return;
         }
+
+        if ($this->request->getOriginalPathInfo() === '/graphql' && $this->isSessionDisabled() === true) {
+            return;
+        }
+
+        $publicCookieMetadata = $this->cookieMetadataFactory->createPublicCookieMetadata()
+            ->setDuration(self::COOKIE_PERIOD)
+            ->setPath('/')
+            ->setSecure($this->request->isSecure())
+            ->setHttpOnly(false)
+            ->setSameSite('Lax');
+        $this->cookieManager->setPublicCookie(self::COOKIE_NAME, $this->generateValue(), $publicCookieMetadata);
+    }
+
+    /**
+     * Returns configuration setting for disable session for GraphQl
+     *
+     * @return bool
+     */
+    private function isSessionDisabled(): bool
+    {
+        return (bool)$this->scopeConfig->getValue(
+            self::XML_PATH_GRAPHQL_DISABLE_SESSION,
+            ScopeConfigInterface::SCOPE_TYPE_DEFAULT
+        );
     }
 }
