MAGETWO-31999: oAuth issue [from github]

- Fixed oauth validation to return aggregated error message
- Fixed to return HTTP 400 instead of 500 for missing parameters
- Fixed to return HTTP 400 for invalid token length

Author: anupdugar

dev/tests/api-functional/testsuite/Magento/Webapi/Authentication/RestTest.php

@@ -175,7 +175,7 @@ public function testGetAccessTokenConsumerMismatch()
 
     /**
      * @expectedException \Exception
-     * @expectedExceptionMessage HTTP/1.1 401
+     * @expectedExceptionMessage HTTP/1.1 400
      */
     public function testAccessApiInvalidAccessToken()
     {

dev/tests/unit/testsuite/Magento/Integration/Oauth/OauthTest.php

@@ -217,6 +217,7 @@ public function testGetRequestTokenConsumerKeyNotFound()
     public function testGetRequestTokenOutdatedConsumerKey()
     {
         $this->_setupConsumer();
+        $this->_setupNonce();
         $this->_consumerMock
             ->expects($this->any())
             ->method('isValidForTokenExchange')
@@ -521,7 +522,7 @@ public function testGetAccessTokenParameterAbsent()
     /**
      * \Magento\Framework\Oauth\OauthInterface::ERR_TOKEN_REJECTED
      *
-     * @expectedException \Magento\Framework\Oauth\Exception
+     * @expectedException \Magento\Framework\Oauth\OauthInputException
      */
     public function testGetAccessTokenTokenRejected()
     {

lib/internal/Magento/Framework/Oauth/Helper/Request.php

@@ -196,6 +196,9 @@ public function prepareErrorResponse(\Exception $exception, \Zend_Controller_Res
             $responseCode = self::HTTP_UNAUTHORIZED;
         } elseif ($exception instanceof \Magento\Framework\Oauth\OauthInputException) {
             $responseCode = self::HTTP_BAD_REQUEST;
+            if ($errorMsg == \Magento\Framework\Oauth\OauthInputException::DEFAULT_MESSAGE) {
+                $errorMsg = $exception->getAggregatedErrorMessage();
+            }
         } else {
             $errorMsg = 'internal_error&message=' . ($errorMsg ? $errorMsg : 'empty_message');
             $responseCode = self::HTTP_INTERNAL_ERROR;

lib/internal/Magento/Framework/Oauth/Oauth.php

@@ -60,11 +60,9 @@ public static function getSupportedSignatureMethods()
      */
     public function getRequestToken($params, $requestUrl, $httpMethod = 'POST')
     {
-        $this->_validateVersionParam($params['oauth_version']);
+        $this->_validateProtocolParams($params);
         $consumer = $this->_tokenProvider->getConsumerByKey($params['oauth_consumer_key']);
         $this->_tokenProvider->validateConsumer($consumer);
-        $this->_nonceGenerator->validateNonce($consumer, $params['oauth_nonce'], $params['oauth_timestamp']);
-
         $this->_validateSignature($params, $consumer->getSecret(), $httpMethod, $requestUrl);
 
         return $this->_tokenProvider->createRequestToken($consumer);
@@ -219,9 +217,9 @@ protected function _validateVersionParam($version)
      * @param array $protocolParams
      * @param array $requiredParams
      * @return void
-     * @throws Exception|OauthInputException
+     * @throws OauthInputException
      */
-    protected function _validateProtocolParams($protocolParams, $requiredParams)
+    protected function _validateProtocolParams($protocolParams, $requiredParams = [])
     {
         // validate version if specified.
         if (isset($protocolParams['oauth_version'])) {
@@ -246,7 +244,7 @@ protected function _validateProtocolParams($protocolParams, $requiredParams)
             $protocolParams['oauth_token']
         )
         ) {
-            throw new Exception('Token is not the correct length');
+            throw new OauthInputException('Token is not the correct length');
         }
 
         // Validate signature method.
@@ -275,10 +273,14 @@ protected function _validateProtocolParams($protocolParams, $requiredParams)
      */
     protected function _checkRequiredParams($protocolParams, $requiredParams)
     {
+        $exception = new OauthInputException();
         foreach ($requiredParams as $param) {
             if (!isset($protocolParams[$param])) {
-                throw new OauthInputException(OauthInputException::REQUIRED_FIELD, ['fieldName' => $param]);
+                $exception->addError(OauthInputException::REQUIRED_FIELD, ['fieldName' => $param]);
             }
         }
+        if ($exception->wasErrorAdded()) {
+            throw $exception;
+        }
     }
 }

lib/internal/Magento/Framework/Oauth/OauthInputException.php

@@ -12,4 +12,22 @@
  */
 class OauthInputException extends InputException
 {
+    /**
+     * Get error messages as a single comma separated string
+     *
+     * @return string
+     */
+    public function getAggregatedErrorMessage()
+    {
+        $errors = [];
+        foreach ($this->getErrors() as $error) {
+            // Clean up any trailing period
+            $errors[] = rtrim($error->getMessage(), '.');
+        }
+        $errorMsg = '';
+        if (!empty($errors)) {
+            $errorMsg = implode(', ', $errors);
+        }
+        return $errorMsg;
+    }
 }