Merge branch '2.4-develop' into AC-1685

Author: xmav

app/code/Magento/GraphQl/etc/adminhtml/system.xml

@@ -0,0 +1,32 @@
+<?xml version="1.0"?>
+<!--
+/**
+ * Representation of Webapi module in System Configuration (Magento admin panel).
+ *
+ * Copyright © Magento, Inc. All rights reserved.
+ * See COPYING.txt for license details.
+ */
+-->
+<config xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="urn:magento:module:Magento_Config:etc/system_file.xsd">
+    <system>
+        <section id="webapi">
+            <group id="graphql_validation" translate="label" type="text" sortOrder="10" showInDefault="1" showInWebsite="1" showInStore="1">
+                <label>GraphQl Input Limits</label>
+                <field id="input_limit_enabled" translate="label" type="select" sortOrder="5" showInDefault="1" showInWebsite="1" showInStore="1">
+                    <source_model>Magento\Config\Model\Config\Source\Yesno</source_model>
+                    <label>Enable Input Limits</label>
+                    <config_path>graphql/validation/input_limit_enabled</config_path>
+                </field>
+                <field id="maximum_page_size" translate="label comment" type="text" sortOrder="15" showInDefault="1" showInWebsite="1" showInStore="1">
+                    <label>Maximum Page Size</label>
+                    <comment>Maximum number of items allowed in a paginated search result.</comment>
+                    <config_path>graphql/validation/maximum_page_size</config_path>
+                    <depends>
+                        <field id="input_limit_enabled">1</field>
+                    </depends>
+                </field>
+            </group>
+        </section>
+    </system>
+</config>
+

app/code/Magento/Webapi/etc/adminhtml/system.xml

@@ -20,6 +20,31 @@
                     <comment>If empty, UTF-8 will be used.</comment>
                 </field>
             </group>
+            <group id="validation" translate="label" type="text" sortOrder="10" showInDefault="1" showInWebsite="1" showInStore="1">
+                <label>Web Api Input Limits</label>
+                <field id="input_limit_enabled" translate="label" type="select" sortOrder="5" showInDefault="1" showInWebsite="1" showInStore="1">
+                    <source_model>Magento\Config\Model\Config\Source\Yesno</source_model>
+                    <label>Enable Input Limits</label>
+                </field>
+                <field id="complex_array_limit" translate="label comment" type="text" sortOrder="10" showInDefault="1" showInWebsite="1" showInStore="1">
+                    <label>Input List Limit</label>
+                    <comment>Maximum number of items allowed in an entity's array property.</comment>
+                    <depends>
+                        <field id="input_limit_enabled">1</field>
+                    </depends>
+                </field>
+                <field id="maximum_page_size" translate="label comment" type="text" sortOrder="15" showInDefault="1" showInWebsite="1" showInStore="1">
+                    <label>Maximum Page Size</label>
+                    <comment>Maximum number of items allowed in a paginated search result.</comment>
+                    <depends>
+                        <field id="input_limit_enabled">1</field>
+                    </depends>
+                </field>
+                <field id="default_page_size" translate="label comment" type="text" sortOrder="20" showInDefault="1" showInWebsite="1" showInStore="1">
+                    <label>Default Page Size</label>
+                    <comment>Default number of items a paginated search result.</comment>
+                </field>
+            </group>
         </section>
     </system>
 </config>

lib/internal/Magento/Framework/GraphQl/Query/Resolver/Argument/Validator/IOLimit/IOLimitConfigProvider.php

@@ -0,0 +1,64 @@
+<?php
+/**
+ * Copyright © Magento, Inc. All rights reserved.
+ * See COPYING.txt for license details.
+ */
+
+declare(strict_types=1);
+
+namespace Magento\Framework\GraphQl\Query\Resolver\Argument\Validator\IOLimit;
+
+use Magento\Framework\App\Config\ScopeConfigInterface;
+use Magento\Store\Model\ScopeInterface;
+
+/**
+ * Provides configuration related to the GraphQL input limit validation
+ */
+class IOLimitConfigProvider
+{
+    /**
+     * Path to the configuration setting for if the input limiting is enabled
+     */
+    public const CONFIG_PATH_INPUT_LIMIT_ENABLED = 'graphql/validation/input_limit_enabled';
+
+    /**
+     * Path to the configuration setting for maximum page size allowed
+     */
+    public const CONFIG_PATH_MAXIMUM_PAGE_SIZE = 'graphql/validation/maximum_page_size';
+
+    /**
+     * @var ScopeConfigInterface
+     */
+    private $scopeConfig;
+
+    /**
+     * @param ScopeConfigInterface $scopeConfig
+     */
+    public function __construct(ScopeConfigInterface $scopeConfig)
+    {
+        $this->scopeConfig = $scopeConfig;
+    }
+
+    /**
+     * Get the stored configuration for if the input limiting is enabled
+     */
+    public function isInputLimitingEnabled(): bool
+    {
+        return $this->scopeConfig->isSetFlag(
+            self::CONFIG_PATH_INPUT_LIMIT_ENABLED,
+            ScopeInterface::SCOPE_STORE
+        );
+    }
+
+    /**
+     * Get the stored configuration for the maximum page size
+     */
+    public function getMaximumPageSize(): ?int
+    {
+        $value = $this->scopeConfig->getValue(
+            self::CONFIG_PATH_MAXIMUM_PAGE_SIZE,
+            ScopeInterface::SCOPE_STORE
+        );
+        return isset($value) ? (int)$value : null;
+    }
+}

lib/internal/Magento/Framework/GraphQl/Query/Resolver/Argument/Validator/SearchCriteriaValidator.php

@@ -8,8 +8,10 @@
 
 namespace Magento\Framework\GraphQl\Query\Resolver\Argument\Validator;
 
+use Magento\Framework\App\ObjectManager;
 use Magento\Framework\GraphQl\Config\Element\Field;
 use Magento\Framework\GraphQl\Exception\GraphQlInputException;
+use Magento\Framework\GraphQl\Query\Resolver\Argument\Validator\IOLimit\IOLimitConfigProvider;
 use Magento\Framework\GraphQl\Query\Resolver\Argument\ValidatorInterface;
 
 /**
@@ -22,22 +24,36 @@ class SearchCriteriaValidator implements ValidatorInterface
      */
     private $maxPageSize;
 
+    /**
+     * @var IOLimitConfigProvider|null
+     */
+    private $configProvider;
+
     /**
      * @param int $maxPageSize
+     * @param IOLimitConfigProvider|null $configProvider
      */
-    public function __construct(int $maxPageSize)
+    public function __construct(int $maxPageSize, ?IOLimitConfigProvider $configProvider = null)
     {
         $this->maxPageSize = $maxPageSize;
+        $this->configProvider = $configProvider ?? ObjectManager::getInstance()
+            ->get(IOLimitConfigProvider::class);
     }
 
     /**
      * @inheritDoc
      */
     public function validate(Field $field, $args): void
     {
-        if (isset($args['pageSize']) && $args['pageSize'] > $this->maxPageSize) {
+        if (!$this->configProvider->isInputLimitingEnabled()) {
+            return;
+        }
+
+        $max = $this->configProvider->getMaximumPageSize() ?? $this->maxPageSize;
+
+        if (isset($args['pageSize']) && $args['pageSize'] > $max) {
             throw new GraphQlInputException(
-                __("Maximum pageSize is %max", ['max' => $this->maxPageSize])
+                __("Maximum pageSize is %max", ['max' => $max])
             );
         }
     }

lib/internal/Magento/Framework/GraphQl/Test/Unit/Query/Resolver/Argument/Validator/SearchCriteriaValidatorTest.php

@@ -10,34 +10,102 @@
 
 use Magento\Framework\GraphQl\Config\Element\Field;
 use Magento\Framework\GraphQl\Exception\GraphQlInputException;
+use Magento\Framework\GraphQl\Query\Resolver\Argument\Validator\IOLimit\IOLimitConfigProvider;
 use Magento\Framework\GraphQl\Query\Resolver\Argument\Validator\SearchCriteriaValidator;
+use PHPUnit\Framework\MockObject\MockObject;
 use PHPUnit\Framework\TestCase;
 
 /**
  * Verify behavior of graphql search criteria validator
  */
 class SearchCriteriaValidatorTest extends TestCase
 {
+    /**
+     * @var IOLimitConfigProvider|MockObject
+     */
+    private $configProvider;
+
+    /**
+     * @var SearchCriteriaValidator
+     */
+    private $validator;
+
+    protected function setUp(): void
+    {
+        $this->configProvider = self::getMockBuilder(IOLimitConfigProvider::class)
+            ->disableOriginalConstructor()
+            ->getMock();
+        $this->validator = new SearchCriteriaValidator(3, $this->configProvider);
+    }
+
+    /**
+     * @doesNotPerformAssertions
+     */
+    public function testValidValueWithDisabledDefaultConfig()
+    {
+        $this->configProvider->method('isInputLimitingEnabled')
+            ->willReturn(false);
+        $field = self::getMockBuilder(Field::class)
+            ->disableOriginalConstructor()
+            ->getMock();
+        $this->validator->validate($field, ['pageSize' => 50]);
+    }
+
     /**
      * @doesNotPerformAssertions
      */
     public function testValidValue()
     {
-        $validator = new SearchCriteriaValidator(3);
+        $this->configProvider->method('isInputLimitingEnabled')
+            ->willReturn(false);
         $field = self::getMockBuilder(Field::class)
             ->disableOriginalConstructor()
             ->getMock();
-        $validator->validate($field, ['pageSize' => 3]);
+        $this->validator->validate($field, ['pageSize' => 3]);
     }
 
-    public function testValidInvalidMaxValue()
+    /**
+     * @doesNotPerformAssertions
+     */
+    public function testValidValueWithConfig()
+    {
+        $this->configProvider->method('isInputLimitingEnabled')
+            ->willReturn(true);
+        $this->configProvider->method('getMaximumPageSize')
+            ->willReturn(10);
+
+        $field = self::getMockBuilder(Field::class)
+            ->disableOriginalConstructor()
+            ->getMock();
+        $this->validator->validate($field, ['pageSize' => 10]);
+    }
+
+    public function testInvalidMaxValue()
     {
         $this->expectException(GraphQlInputException::class);
         $this->expectExceptionMessage("Maximum pageSize is 3");
-        $validator = new SearchCriteriaValidator(3);
+
+        $this->configProvider->method('isInputLimitingEnabled')
+            ->willReturn(true);
+        $field = self::getMockBuilder(Field::class)
+            ->disableOriginalConstructor()
+            ->getMock();
+        $this->validator->validate($field, ['pageSize' => 4]);
+    }
+
+    public function testInvalidValueWithConfig()
+    {
+        $this->expectException(GraphQlInputException::class);
+        $this->expectExceptionMessage("Maximum pageSize is 10");
+
+        $this->configProvider->method('isInputLimitingEnabled')
+            ->willReturn(true);
+        $this->configProvider->method('getMaximumPageSize')
+            ->willReturn(10);
+
         $field = self::getMockBuilder(Field::class)
             ->disableOriginalConstructor()
             ->getMock();
-        $validator->validate($field, ['pageSize' => 4]);
+        $this->validator->validate($field, ['pageSize' => 11]);
     }
 }

lib/internal/Magento/Framework/Webapi/ServiceInputProcessor.php

@@ -1,7 +1,5 @@
 <?php
 /**
- * Service Input Processor
- *
  * Copyright © Magento, Inc. All rights reserved.
  * See COPYING.txt for license details.
  */
@@ -24,6 +22,7 @@
 use Magento\Framework\Webapi\Exception as WebapiException;
 use Magento\Framework\Webapi\CustomAttribute\PreprocessorInterface;
 use Laminas\Code\Reflection\ClassReflection;
+use Magento\Framework\Webapi\Validator\IOLimit\DefaultPageSizeSetter;
 use Magento\Framework\Webapi\Validator\ServiceInputValidatorInterface;
 
 /**
@@ -35,7 +34,7 @@
  */
 class ServiceInputProcessor implements ServicePayloadConverterInterface
 {
-    const EXTENSION_ATTRIBUTES_TYPE = \Magento\Framework\Api\ExtensionAttributesInterface::class;
+    public const EXTENSION_ATTRIBUTES_TYPE = \Magento\Framework\Api\ExtensionAttributesInterface::class;
 
     /**
      * @var \Magento\Framework\Reflection\TypeProcessor
@@ -97,6 +96,11 @@ class ServiceInputProcessor implements ServicePayloadConverterInterface
      */
     private $defaultPageSize;
 
+    /**
+     * @var DefaultPageSizeSetter|null
+     */
+    private $defaultPageSizeSetter;
+
     /**
      * Initialize dependencies.
      *
@@ -110,6 +114,8 @@ class ServiceInputProcessor implements ServicePayloadConverterInterface
      * @param array $customAttributePreprocessors
      * @param ServiceInputValidatorInterface|null $serviceInputValidator
      * @param int $defaultPageSize
+     * @param DefaultPageSizeSetter|null $defaultPageSizeSetter
+     * @SuppressWarnings(PHPMD.ExcessiveParameterList)
      */
     public function __construct(
         TypeProcessor $typeProcessor,
@@ -121,7 +127,8 @@ public function __construct(
         ConfigInterface $config = null,
         array $customAttributePreprocessors = [],
         ServiceInputValidatorInterface $serviceInputValidator = null,
-        int $defaultPageSize = 20
+        int $defaultPageSize = 20,
+        ?DefaultPageSizeSetter $defaultPageSizeSetter = null
     ) {
         $this->typeProcessor = $typeProcessor;
         $this->objectManager = $objectManager;
@@ -136,6 +143,8 @@ public function __construct(
         $this->serviceInputValidator = $serviceInputValidator
             ?: ObjectManager::getInstance()->get(ServiceInputValidatorInterface::class);
         $this->defaultPageSize = $defaultPageSize >= 10 ? $defaultPageSize : 10;
+        $this->defaultPageSizeSetter = $defaultPageSizeSetter ?? ObjectManager::getInstance()
+            ->get(DefaultPageSizeSetter::class);
     }
 
     /**
@@ -309,10 +318,8 @@ protected function _createFromArray($className, $data)
             }
         }
 
-        if ($object instanceof SearchCriteriaInterface
-            && $object->getPageSize() === null
-        ) {
-            $object->setPageSize($this->defaultPageSize);
+        if ($object instanceof SearchCriteriaInterface) {
+            $this->defaultPageSizeSetter->processSearchCriteria($object, $this->defaultPageSize);
         }
 
         return $object;