Merge pull request #6617 from magento-cia/cia-2.3.7-2102021-CE

admanesachin · web-flow · commit c1025c0d57ec · 2021-02-17T19:02:24.000-06:00
cia-bugfixes-2.3.7
diff --git a/app/code/Magento/Customer/Model/Validator/Name.php b/app/code/Magento/Customer/Model/Validator/Name.php
@@ -0,0 +1,74 @@
+<?php
+/**
+ * Copyright © Magento, Inc. All rights reserved.
+ * See COPYING.txt for license details.
+ */
+declare(strict_types=1);
+
+namespace Magento\Customer\Model\Validator;
+
+use Magento\Customer\Model\Customer;
+use Magento\Framework\Validator\AbstractValidator;
+
+/**
+ * Customer name fields validator.
+ */
+class Name extends AbstractValidator
+{
+    /**
+     * Validate name fields.
+     *
+     * @param Customer $customer
+     * @return bool
+     */
+    public function isValid($customer)
+    {
+        if (!$this->isValidName($customer->getFirstname())) {
+            $this->_addErrorMessages('firstname', (array)['First Name is not valid!']);
+        }
+
+        if (!$this->isValidName($customer->getLastname())) {
+            $this->_addErrorMessages('lastname', (array)['Last Name is not valid!']);
+        }
+
+        if (!$this->isValidName($customer->getMiddlename())) {
+            $this->_addErrorMessages('middlename', (array)['Middle Name is not valid!']);
+        }
+
+        return count($this->_messages) == 0;
+    }
+
+    /**
+     * Check if name field is valid.
+     *
+     * @param string|null $nameValue
+     * @return bool
+     */
+    private function isValidName($nameValue)
+    {
+        if ($nameValue != null) {
+            $pattern = '/(?:[\p{L}\p{M}\,\-\_\.\'\"\s\d]){1,255}+/u';
+            if (preg_match($pattern, $nameValue, $matches)) {
+                return $matches[0] == $nameValue;
+            }
+        }
+
+        return true;
+    }
+
+    /**
+     * Add error messages.
+     *
+     * @param string $code
+     * @param array $messages
+     * @return void
+     */
+    protected function _addErrorMessages($code, array $messages)
+    {
+        if (!array_key_exists($code, $this->_messages)) {
+            $this->_messages[$code] = $messages;
+        } else {
+            $this->_messages[$code] = array_merge($this->_messages[$code], $messages);
+        }
+    }
+}
diff --git a/app/code/Magento/Customer/Test/Mftf/Test/StorefrontVerifyNoXssInjectionOnUpdateCustomerInformationAddAddressTest.xml b/app/code/Magento/Customer/Test/Mftf/Test/StorefrontVerifyNoXssInjectionOnUpdateCustomerInformationAddAddressTest.xml
@@ -11,12 +11,15 @@
     <test name="StorefrontVerifyNoXssInjectionOnUpdateCustomerInformationAddAddressTest">
         <annotations>
             <stories value="Update Customer Address"/>
-            <title value="[Security] Verify No XSS Injection on Update Customer Information Add Address"/>
+            <title value="DEPRECATED [Security] Verify No XSS Injection on Update Customer Information Add Address"/>
             <description value="Test log in to Storefront and Verify No XSS Injection on Update Customer Information Add Address"/>
             <testCaseId value="MC-10910"/>
             <severity value="CRITICAL"/>
             <group value="customer"/>
             <group value="mtf_migrated"/>
+            <skip>
+                <issueId value="DEPRECATED">Test outdated</issueId>
+            </skip>
         </annotations>
 
         <before>
@@ -54,4 +57,4 @@
             <argument name="customer" value="Colorado_US_Customer"/>
         </actionGroup>
     </test>
-</tests>
+</tests>
diff --git a/app/code/Magento/Customer/etc/validation.xml b/app/code/Magento/Customer/etc/validation.xml
@@ -18,11 +18,17 @@
                     <constraint alias="metadata_data_validator" class="Magento\Customer\Model\Metadata\Validator" />
                 </entity_constraints>
             </rule>
+            <rule name="check_name">
+                <entity_constraints>
+                    <constraint alias="name_validator" class="Magento\Customer\Model\Validator\Name" />
+                </entity_constraints>
+            </rule>
         </rules>
         <groups>
             <group name="save">
                 <uses>
                     <use rule="check_eav"/>
+                    <use rule="check_name"/>
                 </uses>
             </group>
             <group name="form">
diff --git a/dev/tests/api-functional/testsuite/Magento/Customer/Api/CustomerRepositoryTest.php b/dev/tests/api-functional/testsuite/Magento/Customer/Api/CustomerRepositoryTest.php
@@ -933,4 +933,207 @@ protected function _createCustomer()
         $this->currentCustomerId[] = $customerData['id'];
         return $customerData;
     }
+
+    /**
+     * Test customer create with invalid name's.
+     *
+     * @param string $fieldName
+     * @param string $fieldValue
+     * @param string $expectedMessage
+     * @return void
+     *
+     * @dataProvider customerDataProvider
+     */
+    public function testCreateCustomerWithInvalidCustomerFirstName(
+        string $fieldName,
+        string $fieldValue,
+        string $expectedMessage
+    ): void {
+        $customerData = $this->dataObjectProcessor->buildOutputDataArray(
+            $this->customerHelper->createSampleCustomerDataObject(),
+            Customer::class
+        );
+        $customerData[$fieldName] = $fieldValue;
+
+        $serviceInfo = [
+            'rest' => [
+                'resourcePath' => self::RESOURCE_PATH,
+                'httpMethod' => Request::HTTP_METHOD_POST,
+            ],
+            'soap' => [
+                'service' => self::SERVICE_NAME,
+                'serviceVersion' => self::SERVICE_VERSION,
+                'operation' => self::SERVICE_NAME . 'Save',
+            ],
+        ];
+
+        $requestData = ['customer' => $customerData];
+
+        try {
+            $this->_webApiCall($serviceInfo, $requestData);
+            $this->fail('Expected exception was not raised');
+        } catch (\SoapFault $e) {
+            $this->assertEquals($expectedMessage, $e->getMessage());
+        } catch (\Exception $e) {
+            $errorObj = $this->processRestExceptionResult($e);
+            $this->assertEquals(HTTPExceptionCodes::HTTP_BAD_REQUEST, $e->getCode());
+            $this->assertEquals($expectedMessage, $errorObj['message']);
+        }
+    }
+
+    /**
+     * Invalid customer data provider
+     *
+     * @return array
+     */
+    public function customerDataProvider(): array
+    {
+        return [
+            ['firstname', 'Jane ☺ ', 'First Name is not valid!'],
+            ['lastname', '☏ - Doe', 'Last Name is not valid!'],
+            ['middlename', '⚐ $(date)', 'Middle Name is not valid!'],
+            [
+                'firstname',
+                str_repeat('खाना अच्छा है', 20),
+                'First Name is not valid!',
+            ],
+            [
+                'lastname',
+                str_repeat('المغلوطة حول استنكار  النشوة وتمجيد الألمالمغلوطة حول', 5),
+                'Last Name is not valid!',
+            ],
+        ];
+    }
+
+    /**
+     * Test customer create with ultibyte chanracters in name's.
+     *
+     * @param string $fieldName
+     * @param string $fieldValue
+     * @return void
+     *
+     * @dataProvider customerWithMultiByteDataProvider
+     */
+    public function testCreateCustomerWithMultibyteCharacters(string $fieldName, string $fieldValue): void
+    {
+        $customerData = $this->dataObjectProcessor->buildOutputDataArray(
+            $this->customerHelper->createSampleCustomerDataObject(),
+            Customer::class
+        );
+        $customerData[$fieldName] = $fieldValue;
+
+        $serviceInfo = [
+            'rest' => [
+                'resourcePath' => self::RESOURCE_PATH,
+                'httpMethod' => Request::HTTP_METHOD_POST,
+            ],
+            'soap' => [
+                'service' => self::SERVICE_NAME,
+                'serviceVersion' => self::SERVICE_VERSION,
+                'operation' => self::SERVICE_NAME . 'Save',
+            ],
+        ];
+
+        $requestData = ['customer' => $customerData];
+
+        $response = $this->_webApiCall($serviceInfo, $requestData);
+
+        $this->assertNotNull($response);
+        $this->assertEquals($fieldValue, $response[$fieldName]);
+    }
+
+    /**
+     * Customer with multibyte characters data provider.
+     *
+     * @return array
+     */
+    public function customerWithMultiByteDataProvider(): array
+    {
+        return [
+            [
+                'firstname',
+                str_repeat('हैखान', 51),
+            ],
+            [
+                'lastname',
+                str_repeat('مغلوطة حول استنكار  النشوة وتمجيد الألمالمغلوطة حول', 5),
+            ],
+        ];
+    }
+
+    /**
+     * Test customer create with valid name's.
+     *
+     * @param string $fieldName
+     * @param string $fieldValue
+     * @return void
+     *
+     * @dataProvider customerValidNameDataProvider
+     */
+    public function testCreateCustomerWithValidName(string $fieldName, string $fieldValue): void
+    {
+        $customerData = $this->dataObjectProcessor->buildOutputDataArray(
+            $this->customerHelper->createSampleCustomerDataObject(),
+            Customer::class
+        );
+        $customerData[$fieldName] = $fieldValue;
+
+        $serviceInfo = [
+            'rest' => [
+                'resourcePath' => self::RESOURCE_PATH,
+                'httpMethod' => Request::HTTP_METHOD_POST,
+            ],
+            'soap' => [
+                'service' => self::SERVICE_NAME,
+                'serviceVersion' => self::SERVICE_VERSION,
+                'operation' => self::SERVICE_NAME . 'Save',
+            ],
+        ];
+
+        $requestData = ['customer' => $customerData];
+
+        $response = $this->_webApiCall($serviceInfo, $requestData);
+
+        $this->assertNotNull($response);
+        $this->assertEquals($fieldValue, $response[$fieldName]);
+    }
+
+    /**
+     * Customer valid name data provider.
+     *
+     * @return array
+     */
+    public function customerValidNameDataProvider(): array
+    {
+        return [
+            [
+                'firstname',
+                'Anne-Marie',
+            ],
+            [
+                'lastname',
+                'D\'Artagnan',
+            ],
+            [
+                'lastname',
+                'Guðmundsdóttir',
+            ],
+            [
+                'lastname',
+                'María José Carreño Quiñones',
+            ],
+            [
+                'lastname',
+                'Q. Public',
+            ],
+            [
+                'firstname',
+                'Elizabeth II',
+            ],
+            [
+                'firstname',
+                'X Æ A-12 Musk',
+            ],
+        ];
+    }
 }
