Merge branch '2.4.0-develop' of github.com:magento-engcom/magento2ce into async-opetation-status-issue

Author: lenaorobei

.php_cs.dist

@@ -10,9 +10,6 @@
 
 $finder = PhpCsFixer\Finder::create()
     ->name('*.phtml')
-    ->exclude('dev/tests/functional/generated')
-    ->exclude('dev/tests/functional/var')
-    ->exclude('dev/tests/functional/vendor')
     ->exclude('dev/tests/integration/tmp')
     ->exclude('dev/tests/integration/var')
     ->exclude('lib/internal/Cm')

app/code/Magento/Backend/App/AbstractAction.php

@@ -16,6 +16,7 @@
 use Magento\Framework\Data\Form\FormKey\Validator as FormKeyValidator;
 use Magento\Framework\Locale\ResolverInterface;
 use Magento\Framework\View\Element\AbstractBlock;
+use Magento\Framework\Encryption\Helper\Security;
 
 /**
  * Generic backend controller
@@ -386,7 +387,7 @@ protected function _validateSecretKey()
         }
 
         $secretKey = $this->getRequest()->getParam(UrlInterface::SECRET_KEY_PARAM_NAME, null);
-        if (!$secretKey || $secretKey != $this->_backendUrl->getSecretKey()) {
+        if (!$secretKey || !Security::compareStrings($secretKey, $this->_backendUrl->getSecretKey())) {
             return false;
         }
         return true;

app/code/Magento/Backend/Test/Mftf/Test/AdminLoginSuccessfulTest.xml

@@ -20,6 +20,7 @@
             <group value="login"/>
         </annotations>
 
+
         <actionGroup ref="AdminLoginActionGroup" stepKey="loginAsAdmin"/>
         <actionGroup ref="AssertAdminSuccessLoginActionGroup" stepKey="assertLoggedIn"/>
         <actionGroup ref="AdminLogoutActionGroup" stepKey="logoutFromAdmin"/>

app/code/Magento/Captcha/Controller/Refresh/Index.php

@@ -8,6 +8,8 @@
 namespace Magento\Captcha\Controller\Refresh;
 
 use Magento\Captcha\Helper\Data as CaptchaHelper;
+use Magento\Framework\App\Action\Action;
+use Magento\Framework\App\Action\Context;
 use Magento\Framework\App\Action\HttpPostActionInterface;
 use Magento\Framework\App\RequestInterface;
 use Magento\Framework\Controller\Result\JsonFactory as JsonResultFactory;
@@ -18,7 +20,7 @@
  * Refreshes captcha and returns JSON encoded URL to image (AJAX action)
  * Example: {'imgSrc': 'http://example.com/media/captcha/67842gh187612ngf8s.png'}
  */
-class Index implements HttpPostActionInterface
+class Index extends Action implements HttpPostActionInterface
 {
     /**
      * @var CaptchaHelper
@@ -46,19 +48,22 @@ class Index implements HttpPostActionInterface
     private $jsonResultFactory;
 
     /**
+     * @param Context $context
      * @param RequestInterface $request
      * @param JsonResultFactory $jsonFactory
      * @param CaptchaHelper $captchaHelper
      * @param LayoutInterface $layout
      * @param JsonSerializer $serializer
      */
     public function __construct(
+        Context $context,
         RequestInterface $request,
         JsonResultFactory $jsonFactory,
         CaptchaHelper $captchaHelper,
         LayoutInterface $layout,
         JsonSerializer $serializer
     ) {
+        parent::__construct($context);
         $this->request = $request;
         $this->jsonResultFactory = $jsonFactory;
         $this->captchaHelper = $captchaHelper;

app/code/Magento/Captcha/Test/Unit/Controller/Refresh/IndexTest.php

@@ -10,6 +10,7 @@
 use Magento\Captcha\Controller\Refresh\Index;
 use Magento\Captcha\Helper\Data as CaptchaHelper;
 use Magento\Captcha\Model\CaptchaInterface;
+use Magento\Framework\App\Action\Context;
 use Magento\Framework\App\RequestInterface;
 use Magento\Framework\Controller\Result\Json as ResultJson;
 use Magento\Framework\Controller\Result\JsonFactory as ResultJsonFactory;
@@ -45,6 +46,9 @@ class IndexTest extends TestCase
     /** @var MockObject|JsonSerializer */
     private $jsonSerializerMock;
 
+    /** @var MockObject|Context */
+    private $contextMock;
+
     /** @var Index */
     private $refreshAction;
 
@@ -66,13 +70,16 @@ protected function setUp(): void
         $this->jsonSerializerMock = $this->createMock(JsonSerializer::class);
         $this->captchaHelperMock = $this->createMock(CaptchaHelper::class);
 
+        $this->contextMock = $this->createMock(Context::class);
+
         $this->blockMock->method('setIsAjax')
             ->willReturnSelf();
 
         $this->layoutMock->method('createBlock')
             ->willReturn($this->blockMock);
 
         $this->refreshAction = new Index(
+            $this->contextMock,
             $this->requestMock,
             $this->jsonResultFactoryMock,
             $this->captchaHelperMock,

app/code/Magento/CardinalCommerce/Model/JwtManagement.php

@@ -8,6 +8,7 @@
 namespace Magento\CardinalCommerce\Model;
 
 use Magento\Framework\Serialize\Serializer\Json;
+use Magento\Framework\Encryption\Helper\Security;
 
 /**
  * JSON Web Token management.
@@ -62,7 +63,8 @@ public function decode(string $jwt, string $key): array
         $payload = $this->json->unserialize($payloadJson);
 
         $signature = $this->urlSafeB64Decode($signatureB64);
-        if ($signature !== $this->sign($headB64 . '.' . $payloadB64, $key, $header['alg'])) {
+
+        if (!Security::compareStrings($signature, $this->sign($headB64 . '.' . $payloadB64, $key, $header['alg']))) {
             throw new \InvalidArgumentException('JWT signature verification failed');
         }
 

app/code/Magento/Catalog/Block/Product/ListProduct.php

@@ -353,18 +353,16 @@ public function getIdentities()
 
         $category = $this->getLayer()->getCurrentCategory();
         if ($category) {
-            $identities[] = Product::CACHE_PRODUCT_CATEGORY_TAG . '_' . $category->getId();
+            $identities[] = [Product::CACHE_PRODUCT_CATEGORY_TAG . '_' . $category->getId()];
         }
 
         //Check if category page shows only static block (No products)
-        if ($category->getData('display_mode') == Category::DM_PAGE) {
-            return $identities;
-        }
-
-        foreach ($this->_getProductCollection() as $item) {
-            // phpcs:ignore Magento2.Performance.ForeachArrayMerge
-            $identities = array_merge($identities, $item->getIdentities());
+        if ($category->getData('display_mode') != Category::DM_PAGE) {
+            foreach ($this->_getProductCollection() as $item) {
+                $identities[] = $item->getIdentities();
+            }
         }
+        $identities = array_merge(...$identities);
 
         return $identities;
     }
@@ -377,7 +375,7 @@ public function getIdentities()
      */
     public function getAddToCartPostParams(Product $product)
     {
-        $url = $this->getAddToCartUrl($product);
+        $url = $this->getAddToCartUrl($product, ['_escape' => false]);
         return [
             'action' => $url,
             'data' => [

app/code/Magento/Catalog/Controller/Adminhtml/Product/Action/Attribute/Save.php

@@ -7,15 +7,17 @@
 namespace Magento\Catalog\Controller\Adminhtml\Product\Action\Attribute;
 
 use Magento\AsynchronousOperations\Api\Data\OperationInterface;
+use Magento\Catalog\Model\ProductFactory;
 use Magento\Catalog\Api\Data\ProductAttributeInterface;
 use Magento\Eav\Model\Config;
 use Magento\Framework\App\Action\HttpPostActionInterface;
 use Magento\Backend\App\Action;
 use Magento\Framework\App\ObjectManager;
+use Magento\Framework\Exception\LocalizedException;
 use Magento\Framework\Stdlib\DateTime\TimezoneInterface;
 
 /**
- * Class used for saving mass updated products attributes.
+ * Class responsible for saving product attributes.
  * @SuppressWarnings(PHPMD.CouplingBetweenObjects)
  */
 class Save extends \Magento\Catalog\Controller\Adminhtml\Product\Action\Attribute implements HttpPostActionInterface
@@ -60,6 +62,11 @@ class Save extends \Magento\Catalog\Controller\Adminhtml\Product\Action\Attribut
      */
     private $eavConfig;
 
+    /**
+     * @var ProductFactory
+     */
+    private $productFactory;
+
     /**
      * @param Action\Context $context
      * @param \Magento\Catalog\Helper\Product\Edit\Action\Attribute $attributeHelper
@@ -71,6 +78,7 @@ class Save extends \Magento\Catalog\Controller\Adminhtml\Product\Action\Attribut
      * @param int $bulkSize
      * @param TimezoneInterface $timezone
      * @param Config $eavConfig
+     * @param ProductFactory $productFactory
      * @SuppressWarnings(PHPMD.ExcessiveParameterList)
      */
     public function __construct(
@@ -83,7 +91,8 @@ public function __construct(
         \Magento\Authorization\Model\UserContextInterface $userContext,
         int $bulkSize = 100,
         TimezoneInterface $timezone = null,
-        Config $eavConfig = null
+        Config $eavConfig = null,
+        ProductFactory $productFactory = null
     ) {
         parent::__construct($context, $attributeHelper);
         $this->bulkManagement = $bulkManagement;
@@ -96,6 +105,7 @@ public function __construct(
             ->get(TimezoneInterface::class);
         $this->eavConfig = $eavConfig ?: ObjectManager::getInstance()
             ->get(Config::class);
+        $this->productFactory = $productFactory ?? ObjectManager::getInstance()->get(ProductFactory::class);
     }
 
     /**
@@ -121,9 +131,10 @@ public function execute()
         $attributesData = $this->sanitizeProductAttributes($attributesData);
 
         try {
+            $this->validateProductAttributes($attributesData);
             $this->publish($attributesData, $websiteRemoveData, $websiteAddData, $storeId, $websiteId, $productIds);
             $this->messageManager->addSuccessMessage(__('Message is added to queue'));
-        } catch (\Magento\Framework\Exception\LocalizedException $e) {
+        } catch (LocalizedException $e) {
             $this->messageManager->addErrorMessage($e->getMessage());
         } catch (\Exception $e) {
             $this->messageManager->addExceptionMessage(
@@ -152,10 +163,12 @@ private function sanitizeProductAttributes($attributesData)
             }
 
             $attribute = $this->eavConfig->getAttribute(\Magento\Catalog\Model\Product::ENTITY, $attributeCode);
+
             if (!$attribute->getAttributeId()) {
                 unset($attributesData[$attributeCode]);
                 continue;
             }
+
             if ($attribute->getBackendType() === 'datetime') {
                 if (!empty($value)) {
                     $filterInput = new \Zend_Filter_LocalizedToNormalized(['date_format' => $dateFormat]);
@@ -183,6 +196,25 @@ private function sanitizeProductAttributes($attributesData)
         return $attributesData;
     }
 
+    /**
+     * Validate product attributes data.
+     *
+     * @param array $attributesData
+     *
+     * @return void
+     * @throws LocalizedException
+     */
+    private function validateProductAttributes(array $attributesData): void
+    {
+        $product = $this->productFactory->create();
+        $product->setData($attributesData);
+
+        foreach (array_keys($attributesData) as $attributeCode) {
+            $attribute = $this->eavConfig->getAttribute(\Magento\Catalog\Model\Product::ENTITY, $attributeCode);
+            $attribute->getBackend()->validate($product);
+        }
+    }
+
     /**
      * Schedule new bulk
      *
@@ -192,7 +224,7 @@ private function sanitizeProductAttributes($attributesData)
      * @param int $storeId
      * @param int $websiteId
      * @param array $productIds
-     * @throws \Magento\Framework\Exception\LocalizedException
+     * @throws LocalizedException
      *
      * @return void
      */
@@ -246,7 +278,7 @@ private function publish(
                 $this->userContext->getUserId()
             );
             if (!$result) {
-                throw new \Magento\Framework\Exception\LocalizedException(
+                throw new LocalizedException(
                     __('Something went wrong while processing the request.')
                 );
             }

app/code/Magento/Catalog/Controller/Adminhtml/Product/Attribute/Save.php

@@ -224,7 +224,7 @@ public function execute()
                     return $this->returnResult('catalog/*/', [], ['error' => true]);
                 }
                 // entity type check
-                if ($model->getEntityTypeId() != $this->_entityTypeId) {
+                if ($model->getEntityTypeId() != $this->_entityTypeId || array_key_exists('backend_model', $data)) {
                     $this->messageManager->addErrorMessage(__('We can\'t update the attribute.'));
                     $this->_session->setAttributeData($data);
                     return $this->returnResult('catalog/*/', [], ['error' => true]);
@@ -261,6 +261,8 @@ public function execute()
                 unset($data['apply_to']);
             }
 
+            unset($data['entity_type_id']);
+
             $model->addData($data);
 
             if (!$attributeId) {

app/code/Magento/Catalog/Model/Product/Webapi/Rest/RequestTypeBasedDeserializer.php

@@ -0,0 +1,62 @@
+<?php
+/**
+ * Copyright © Magento, Inc. All rights reserved.
+ * See COPYING.txt for license details.
+ */
+declare(strict_types=1);
+
+namespace Magento\Catalog\Model\Product\Webapi\Rest;
+
+use Magento\Framework\Webapi\Rest\Request\DeserializerInterface;
+use Magento\Framework\Webapi\Rest\Request\DeserializerFactory;
+use Magento\Framework\Webapi\Rest\Request;
+
+/**
+ * Class RequestTypeBasedDeserializer
+ *
+ * Used for deserialization rest request body.
+ * Runs appropriate deserialization class object based on request body content type.
+ */
+class RequestTypeBasedDeserializer implements DeserializerInterface
+{
+    /**
+     * @var Request
+     */
+    private $request;
+
+    /**
+     * @var DeserializerFactory
+     */
+    private $deserializeFactory;
+
+    /**
+     * RequestTypeBasedDeserializer constructor.
+     *
+     * @param DeserializerFactory $deserializeFactory
+     * @param Request $request
+     */
+    public function __construct(
+        DeserializerFactory $deserializeFactory,
+        Request $request
+    ) {
+        $this->deserializeFactory = $deserializeFactory;
+        $this->request = $request;
+    }
+
+    /**
+     * @inheritdoc
+     *
+     * Parse request body into array of params with identifying request body content type
+     * to use appropriate instance of deserializer class
+     *
+     * @param string $body Posted content from request
+     * @return array|null Return NULL if content is invalid
+     * @throws \Magento\Framework\Exception\InputException
+     * @throws \Magento\Framework\Webapi\Exception
+     */
+    public function deserialize($body)
+    {
+        $deserializer = $this->deserializeFactory->get($this->request->getContentType());
+        return $deserializer->deserialize($body);
+    }
+}