ACP2E-2969: REST API unable to make requests with slash (/) in SKU when using Oauth1

aplapana · aplapana · commit c1bc36ec8d2b · 2024-06-26T11:58:04.000+03:00
diff --git a/dev/tests/api-functional/framework/Magento/TestFramework/Authentication/Rest/OauthClient/Signature.php b/dev/tests/api-functional/framework/Magento/TestFramework/Authentication/Rest/OauthClient/Signature.php
@@ -49,7 +49,7 @@ function ($carry, $item) {
 
         return $this->helper->sign(
             $signatureData,
-            'SHA256',
+            $this->algorithm,
             $this->credentials->getConsumerSecret(),
             $this->tokenSecret,
             $method,
diff --git a/lib/internal/Magento/Framework/Oauth/Helper/Signature/Hmac256.php b/lib/internal/Magento/Framework/Oauth/Helper/Signature/Hmac256.php
@@ -0,0 +1,126 @@
+<?php
+
+namespace Magento\Framework\Oauth\Helper\Signature;
+
+use Laminas\Crypt\Hmac as HMACEncryption;
+
+class Hmac256
+{
+    /**
+     * Sign a request
+     *
+     * @param array $params
+     * @param string $signatureMethod
+     * @param string $consumerSecret
+     * @param string|null $tokenSecret
+     * @param mixed $method
+     * @param mixed $url
+     * @return string
+     */
+    public function sign(
+        array   $params,
+        string  $signatureMethod,
+        string  $consumerSecret,
+        ?string $tokenSecret = null,
+        ?string $method = null,
+        ?string $url = null
+    ): string {
+        unset($params['oauth_signature']);
+
+        $binaryHash = HMACEncryption::compute(
+            $this->assembleKey($consumerSecret, $tokenSecret),
+            $signatureMethod,
+            $this->getBaseSignatureString($params, $method, $url),
+            HMACEncryption::OUTPUT_BINARY
+        );
+
+        return base64_encode($binaryHash);
+    }
+
+    /**
+     * Assemble key from consumer and token secrets
+     *
+     * @param string $consumerSecret
+     * @param string|null $tokenSecret
+     * @return string
+     */
+    private function assembleKey(string $consumerSecret, ?string $tokenSecret): string
+    {
+        $parts = [$consumerSecret];
+        if ($tokenSecret !== null) {
+            $parts[] = $tokenSecret;
+        }
+        foreach ($parts as $key => $secret) {
+            $parts[$key] = $this->urlEncode($secret);
+        }
+
+        return implode('&', $parts);
+    }
+
+    /**
+     * Get base signature string
+     *
+     * @param array $params
+     * @param null|string $method
+     * @param null|string $url
+     * @return string
+     */
+    private function getBaseSignatureString(array $params, $method = null, $url = null): string
+    {
+        $encodedParams = [];
+        foreach ($params as $key => $value) {
+            $encodedParams[$this->urlEncode($key)] =
+                $this->urlEncode($value);
+        }
+        $baseStrings = [];
+        if (isset($method)) {
+            $baseStrings[] = strtoupper($method);
+        }
+        if (isset($url)) {
+            $baseStrings[] = $this->urlEncode($url);
+        }
+        if (isset($encodedParams['oauth_signature'])) {
+            unset($encodedParams['oauth_signature']);
+        }
+        $baseStrings[] = $this->urlEncode(
+            $this->toByteValueOrderedQueryString($encodedParams)
+        );
+
+        return implode('&', $baseStrings);
+    }
+
+    /**
+     * Transform an array to a byte value ordered query string
+     *
+     * @param array $params
+     * @return string
+     */
+    private function toByteValueOrderedQueryString(array $params): string
+    {
+        $return = [];
+        uksort($params, 'strnatcmp');
+        foreach ($params as $key => $value) {
+            if (is_array($value)) {
+                natsort($value);
+                foreach ($value as $keyduplicate) {
+                    $return[] = $key . '=' . $keyduplicate;
+                }
+            } else {
+                $return[] = $key . '=' . $value;
+            }
+        }
+        return implode('&', $return);
+    }
+
+    /**
+     * URL encode a value
+     *
+     * @param string $value
+     * @return string
+     */
+    private function urlEncode(string $value): string
+    {
+        $encoded = rawurlencode($value);
+        return str_replace('%7E', '~', $encoded);
+    }
+}
diff --git a/lib/internal/Magento/Framework/Oauth/Helper/Utility.php b/lib/internal/Magento/Framework/Oauth/Helper/Utility.php
@@ -7,10 +7,19 @@
 
 namespace Magento\Framework\Oauth\Helper;
 
-use Laminas\Crypt\Hmac as HMACEncryption;
+use Laminas\OAuth\Http\Utility as LaminasUtility;
+use Magento\Framework\Oauth\Helper\Signature\Hmac256;
 
 class Utility
 {
+    /**
+     * @param LaminasUtility $httpUtility
+     * @param Hmac256 $hmac256
+     */
+    public function __construct(private readonly LaminasUtility $httpUtility, private readonly Hmac256 $hmac256)
+    {
+    }
+
     /**
      * Generate signature string
      *
@@ -30,17 +39,26 @@ public function sign(
         ?string $method = null,
         ?string $url = null
     ): string {
-        unset($params['oauth_signature']);
+        if ($this->isHmac256($signatureMethod)) {
+            return $this->hmac256->sign($params, 'sha256', $consumerSecret, $tokenSecret, $method, $url);
+        } else {
+            return $this->httpUtility->sign($params, $signatureMethod, $consumerSecret, $tokenSecret, $method, $url);
+        }
+    }
 
-        $parts     = explode('-', $signatureMethod);
-        $binaryHash = HMACEncryption::compute(
-            $this->assembleKey($consumerSecret, $tokenSecret),
-            count($parts) > 1 ? $parts[1] : $signatureMethod,
-            $this->getBaseSignatureString($params, $method, $url),
-            HMACEncryption::OUTPUT_BINARY
-        );
+    /**
+     * Check if signature method is HMAC256
+     *
+     * @param string $signatureMethod
+     * @return bool
+     */
+    private function isHmac256(string $signatureMethod): bool
+    {
+        if (strtoupper(preg_replace( '/[\W]/', '', $signatureMethod)) === 'HMAC256') {
+            return true;
+        }
 
-        return base64_encode($binaryHash);
+        return false;
     }
 
     /**
@@ -59,97 +77,10 @@ public function toAuthorizationHeader(array $params, bool $excludeCustomParams =
                     continue;
                 }
             }
-            $headerValue[] = $this->urlEncode((string)$key)
+            $headerValue[] = $this->httpUtility::urlEncode((string)$key)
                 . '="'
-                . $this->urlEncode((string)$value) . '"';
+                . $this->httpUtility::urlEncode((string)$value) . '"';
         }
         return 'OAuth ' . implode(",", $headerValue);
     }
-
-    /**
-     * Assemble key from consumer and token secrets
-     *
-     * @param string $consumerSecret
-     * @param string|null $tokenSecret
-     * @return string
-     */
-    private function assembleKey(string $consumerSecret, ?string $tokenSecret): string
-    {
-        $parts = [$consumerSecret];
-        if ($tokenSecret !== null) {
-            $parts[] = $tokenSecret;
-        }
-        foreach ($parts as $key => $secret) {
-            $parts[$key] = $this->urlEncode($secret);
-        }
-
-        return implode('&', $parts);
-    }
-
-    /**
-     * Get base signature string
-     *
-     * @param  array $params
-     * @param  null|string $method
-     * @param  null|string $url
-     * @return string
-     */
-    private function getBaseSignatureString(array $params, $method = null, $url = null): string
-    {
-        $encodedParams = [];
-        foreach ($params as $key => $value) {
-            $encodedParams[$this->urlEncode($key)] =
-                $this->urlEncode($value);
-        }
-        $baseStrings = [];
-        if (isset($method)) {
-            $baseStrings[] = strtoupper($method);
-        }
-        if (isset($url)) {
-            $baseStrings[] = $this->urlEncode($url);
-        }
-        if (isset($encodedParams['oauth_signature'])) {
-            unset($encodedParams['oauth_signature']);
-        }
-        $baseStrings[] = $this->urlEncode(
-            $this->toByteValueOrderedQueryString($encodedParams)
-        );
-
-        return implode('&', $baseStrings);
-    }
-
-    /**
-     * Transform an array to a byte value ordered query string
-     *
-     * @param  array $params
-     * @return string
-     */
-    private function toByteValueOrderedQueryString(array $params): string
-    {
-        $return = [];
-        uksort($params, 'strnatcmp');
-        foreach ($params as $key => $value) {
-            if (is_array($value)) {
-                natsort($value);
-                foreach ($value as $keyduplicate) {
-                    $return[] = $key . '=' . $keyduplicate;
-                }
-            } else {
-                $return[] = $key . '=' . $value;
-            }
-        }
-        return implode('&', $return);
-    }
-
-    /**
-     * URL encode a value
-     *
-     * @param string $value
-     * @return string
-     */
-    private function urlEncode(string $value): string
-    {
-        $encoded = rawurlencode($value);
-        return str_replace('%7E', '~', $encoded);
-    }
 }
