merge magento/2.4.0-develop into magento-borg/MC-22963

Author: magento-mts-svc

app/code/Magento/Braintree/Test/Mftf/ActionGroup/AdminDeleteRoleActionGroup.xml

@@ -10,18 +10,32 @@
         xsi:noNamespaceSchemaLocation="urn:magento:mftf:Test/etc/actionGroupSchema.xsd">
     <actionGroup name="AdminDeleteRoleActionGroup">
         <annotations>
-            <description>Deletes a User Role that contains the text 'Role'. PLEASE NOTE: The Action Group values are Hardcoded.</description>
+            <description>Deletes a User Role.</description>
         </annotations>
         <arguments>
             <argument name="role" defaultValue=""/>
         </arguments>
 
-        <click stepKey="clickOnRole" selector="{{AdminDeleteRoleSection.theRole}}"/>
+        <click stepKey="clickResetFilterButtonBefore" selector="{{AdminRoleGridSection.resetButton}}"/>
+        <waitForPageLoad stepKey="waitForRolesGridFilterResetBefore" time="10"/>
+        <fillField stepKey="TypeRoleFilter" selector="{{AdminRoleGridSection.roleNameFilterTextField}}" userInput="{{role.name}}"/>
+        <waitForElementVisible stepKey="waitForFilterSearchButtonBefore" selector="{{AdminRoleGridSection.searchButton}}" time="10"/>
+        <click stepKey="clickFilterSearchButton" selector="{{AdminRoleGridSection.searchButton}}"/>
+        <waitForPageLoad stepKey="waitForUserRoleFilter" time="10"/>
+        <waitForElementVisible stepKey="waitForRoleInRoleGrid" selector="{{AdminDeleteRoleSection.role(role.name)}}" time="10"/>
+        <click stepKey="clickOnRole" selector="{{AdminDeleteRoleSection.role(role.name)}}"/>
+        <waitForPageLoad stepKey="waitForRolePageToLoad" time="10"/>
         <fillField stepKey="TypeCurrentPassword" selector="{{AdminDeleteRoleSection.current_pass}}" userInput="{{_ENV.MAGENTO_ADMIN_PASSWORD}}"/>
+        <waitForElementVisible stepKey="waitForDeleteRoleButton" selector="{{AdminDeleteRoleSection.delete}}" time="10"/>
         <click stepKey="clickToDeleteRole" selector="{{AdminDeleteRoleSection.delete}}"/>
-        <waitForAjaxLoad stepKey="waitForDeleteConfirmationPopup" time="5"/>
+        <waitForPageLoad stepKey="waitForDeleteConfirmationPopup" time="5"/>
+        <waitForElementVisible stepKey="waitForConfirmButton" selector="{{AdminDeleteRoleSection.confirm}}" time="10"/>
         <click stepKey="clickToConfirm" selector="{{AdminDeleteRoleSection.confirm}}"/>
         <waitForPageLoad stepKey="waitForPageLoad" time="10"/>
         <see stepKey="seeSuccessMessage" userInput="You deleted the role."/>
+        <waitForPageLoad stepKey="waitForRolesGridLoad" />
+        <waitForElementVisible stepKey="waitForResetFilterButtonAfter" selector="{{AdminRoleGridSection.resetButton}}" time="10"/>
+        <click stepKey="clickResetFilterButtonAfter" selector="{{AdminRoleGridSection.resetButton}}"/>
+        <waitForPageLoad stepKey="waitForRolesGridFilterResetAfter" time="10"/>
     </actionGroup>
 </actionGroups>

app/code/Magento/CardinalCommerce/Model/JwtManagement.php

@@ -8,6 +8,7 @@
 namespace Magento\CardinalCommerce\Model;
 
 use Magento\Framework\Serialize\Serializer\Json;
+use Magento\Framework\Encryption\Helper\Security;
 
 /**
  * JSON Web Token management.
@@ -62,7 +63,8 @@ public function decode(string $jwt, string $key): array
         $payload = $this->json->unserialize($payloadJson);
 
         $signature = $this->urlSafeB64Decode($signatureB64);
-        if ($signature !== $this->sign($headB64 . '.' . $payloadB64, $key, $header['alg'])) {
+
+        if (!Security::compareStrings($signature, $this->sign($headB64 . '.' . $payloadB64, $key, $header['alg']))) {
             throw new \InvalidArgumentException('JWT signature verification failed');
         }
 

app/code/Magento/Catalog/Block/Product/ListProduct.php

@@ -353,18 +353,16 @@ public function getIdentities()
 
         $category = $this->getLayer()->getCurrentCategory();
         if ($category) {
-            $identities[] = Product::CACHE_PRODUCT_CATEGORY_TAG . '_' . $category->getId();
+            $identities[] = [Product::CACHE_PRODUCT_CATEGORY_TAG . '_' . $category->getId()];
         }
 
         //Check if category page shows only static block (No products)
-        if ($category->getData('display_mode') == Category::DM_PAGE) {
-            return $identities;
-        }
-
-        foreach ($this->_getProductCollection() as $item) {
-            // phpcs:ignore Magento2.Performance.ForeachArrayMerge
-            $identities = array_merge($identities, $item->getIdentities());
+        if ($category->getData('display_mode') != Category::DM_PAGE) {
+            foreach ($this->_getProductCollection() as $item) {
+                $identities[] = $item->getIdentities();
+            }
         }
+        $identities = array_merge(...$identities);
 
         return $identities;
     }
@@ -377,7 +375,7 @@ public function getIdentities()
      */
     public function getAddToCartPostParams(Product $product)
     {
-        $url = $this->getAddToCartUrl($product);
+        $url = $this->getAddToCartUrl($product, ['_escape' => false]);
         return [
             'action' => $url,
             'data' => [

app/code/Magento/Catalog/Controller/Adminhtml/Product/Action/Attribute/Save.php

@@ -7,15 +7,17 @@
 namespace Magento\Catalog\Controller\Adminhtml\Product\Action\Attribute;
 
 use Magento\AsynchronousOperations\Api\Data\OperationInterface;
+use Magento\Catalog\Model\ProductFactory;
 use Magento\Catalog\Api\Data\ProductAttributeInterface;
 use Magento\Eav\Model\Config;
 use Magento\Framework\App\Action\HttpPostActionInterface;
 use Magento\Backend\App\Action;
 use Magento\Framework\App\ObjectManager;
+use Magento\Framework\Exception\LocalizedException;
 use Magento\Framework\Stdlib\DateTime\TimezoneInterface;
 
 /**
- * Class used for saving mass updated products attributes.
+ * Class responsible for saving product attributes.
  * @SuppressWarnings(PHPMD.CouplingBetweenObjects)
  */
 class Save extends \Magento\Catalog\Controller\Adminhtml\Product\Action\Attribute implements HttpPostActionInterface
@@ -60,6 +62,11 @@ class Save extends \Magento\Catalog\Controller\Adminhtml\Product\Action\Attribut
      */
     private $eavConfig;
 
+    /**
+     * @var ProductFactory
+     */
+    private $productFactory;
+
     /**
      * @param Action\Context $context
      * @param \Magento\Catalog\Helper\Product\Edit\Action\Attribute $attributeHelper
@@ -71,6 +78,7 @@ class Save extends \Magento\Catalog\Controller\Adminhtml\Product\Action\Attribut
      * @param int $bulkSize
      * @param TimezoneInterface $timezone
      * @param Config $eavConfig
+     * @param ProductFactory $productFactory
      * @SuppressWarnings(PHPMD.ExcessiveParameterList)
      */
     public function __construct(
@@ -83,7 +91,8 @@ public function __construct(
         \Magento\Authorization\Model\UserContextInterface $userContext,
         int $bulkSize = 100,
         TimezoneInterface $timezone = null,
-        Config $eavConfig = null
+        Config $eavConfig = null,
+        ProductFactory $productFactory = null
     ) {
         parent::__construct($context, $attributeHelper);
         $this->bulkManagement = $bulkManagement;
@@ -96,6 +105,7 @@ public function __construct(
             ->get(TimezoneInterface::class);
         $this->eavConfig = $eavConfig ?: ObjectManager::getInstance()
             ->get(Config::class);
+        $this->productFactory = $productFactory ?? ObjectManager::getInstance()->get(ProductFactory::class);
     }
 
     /**
@@ -121,9 +131,10 @@ public function execute()
         $attributesData = $this->sanitizeProductAttributes($attributesData);
 
         try {
+            $this->validateProductAttributes($attributesData);
             $this->publish($attributesData, $websiteRemoveData, $websiteAddData, $storeId, $websiteId, $productIds);
             $this->messageManager->addSuccessMessage(__('Message is added to queue'));
-        } catch (\Magento\Framework\Exception\LocalizedException $e) {
+        } catch (LocalizedException $e) {
             $this->messageManager->addErrorMessage($e->getMessage());
         } catch (\Exception $e) {
             $this->messageManager->addExceptionMessage(
@@ -152,10 +163,12 @@ private function sanitizeProductAttributes($attributesData)
             }
 
             $attribute = $this->eavConfig->getAttribute(\Magento\Catalog\Model\Product::ENTITY, $attributeCode);
+
             if (!$attribute->getAttributeId()) {
                 unset($attributesData[$attributeCode]);
                 continue;
             }
+
             if ($attribute->getBackendType() === 'datetime') {
                 if (!empty($value)) {
                     $filterInput = new \Zend_Filter_LocalizedToNormalized(['date_format' => $dateFormat]);
@@ -183,6 +196,25 @@ private function sanitizeProductAttributes($attributesData)
         return $attributesData;
     }
 
+    /**
+     * Validate product attributes data.
+     *
+     * @param array $attributesData
+     *
+     * @return void
+     * @throws LocalizedException
+     */
+    private function validateProductAttributes(array $attributesData): void
+    {
+        $product = $this->productFactory->create();
+        $product->setData($attributesData);
+
+        foreach (array_keys($attributesData) as $attributeCode) {
+            $attribute = $this->eavConfig->getAttribute(\Magento\Catalog\Model\Product::ENTITY, $attributeCode);
+            $attribute->getBackend()->validate($product);
+        }
+    }
+
     /**
      * Schedule new bulk
      *
@@ -192,7 +224,7 @@ private function sanitizeProductAttributes($attributesData)
      * @param int $storeId
      * @param int $websiteId
      * @param array $productIds
-     * @throws \Magento\Framework\Exception\LocalizedException
+     * @throws LocalizedException
      *
      * @return void
      */
@@ -246,7 +278,7 @@ private function publish(
                 $this->userContext->getUserId()
             );
             if (!$result) {
-                throw new \Magento\Framework\Exception\LocalizedException(
+                throw new LocalizedException(
                     __('Something went wrong while processing the request.')
                 );
             }

app/code/Magento/Catalog/Controller/Adminhtml/Product/Attribute/Save.php

@@ -221,7 +221,7 @@ public function execute()
                     return $this->returnResult('catalog/*/', [], ['error' => true]);
                 }
                 // entity type check
-                if ($model->getEntityTypeId() != $this->_entityTypeId) {
+                if ($model->getEntityTypeId() != $this->_entityTypeId || array_key_exists('backend_model', $data)) {
                     $this->messageManager->addErrorMessage(__('We can\'t update the attribute.'));
                     $this->_session->setAttributeData($data);
                     return $this->returnResult('catalog/*/', [], ['error' => true]);
@@ -258,6 +258,8 @@ public function execute()
                 unset($data['apply_to']);
             }
 
+            unset($data['entity_type_id']);
+
             $model->addData($data);
 
             if (!$attributeId) {

app/code/Magento/Catalog/Model/Product.php

@@ -73,9 +73,9 @@ class Product extends \Magento\Catalog\Model\AbstractModel implements
     const STORE_ID = 'store_id';
 
     /**
-     * @var string
+     * @var string|bool
      */
-    protected $_cacheTag = self::CACHE_TAG;
+    protected $_cacheTag = false;
 
     /**
      * @var string
@@ -878,7 +878,6 @@ public function getAttributes($groupId = null, $skipSuper = false)
      */
     public function beforeSave()
     {
-        $this->cleanCache();
         $this->setTypeHasOptions(false);
         $this->setTypeHasRequiredOptions(false);
         $this->setHasOptions(false);

app/code/Magento/Catalog/Test/Unit/Block/Product/ListProductTest.php

@@ -213,7 +213,7 @@ public function testGetAddToCartPostParams()
             ->will($this->returnValue(true));
         $this->cartHelperMock->expects($this->any())
             ->method('getAddUrl')
-            ->with($this->equalTo($this->productMock), $this->equalTo([]))
+            ->with($this->equalTo($this->productMock), $this->equalTo(['_escape' => false]))
             ->will($this->returnValue($url));
         $this->productMock->expects($this->once())
             ->method('getEntityId')

app/code/Magento/Checkout/Controller/Sidebar/RemoveItem.php

@@ -17,6 +17,9 @@
 use Magento\Framework\Exception\LocalizedException;
 use Psr\Log\LoggerInterface;
 
+/**
+ * Controller for removing quote item from shopping cart.
+ */
 class RemoveItem implements HttpPostActionInterface
 {
     /**
@@ -91,6 +94,9 @@ public function execute()
             $this->sidebar->removeQuoteItem($itemId);
         } catch (LocalizedException $e) {
             $error = $e->getMessage();
+        } catch (\Zend_Db_Exception $e) {
+            $this->logger->critical($e);
+            $error = __('An unspecified error occurred. Please contact us for assistance.');
         } catch (Exception $e) {
             $this->logger->critical($e);
             $error = $e->getMessage();

app/code/Magento/Checkout/Test/Unit/Controller/Sidebar/RemoveItemTest.php

@@ -221,6 +221,57 @@ public function testExecuteWithException()
         $this->assertEquals($resultJson, $this->action->execute());
     }
 
+    /**
+     * Test controller when DB exception is thrown.
+     *
+     * @return void
+     */
+    public function testExecuteWithDbException(): void
+    {
+        $itemId = 1;
+        $dbError = 'Error';
+        $message = __('An unspecified error occurred. Please contact us for assistance.');
+        $responseData = [
+            'success' => false,
+            'error_message' => $message,
+        ];
+
+        $this->formKeyValidatorMock
+            ->expects($this->once())
+            ->method('validate')
+            ->with($this->requestMock)
+            ->willReturn(true);
+        $this->requestMock->expects($this->once())
+            ->method('getParam')
+            ->with('item_id')
+            ->willReturn($itemId);
+
+        $exception = new \Zend_Db_Exception($dbError);
+
+        $this->sidebarMock->expects($this->once())
+            ->method('checkQuoteItem')
+            ->with($itemId)
+            ->willThrowException($exception);
+
+        $this->loggerMock->expects($this->once())->method('critical')->with($exception);
+
+        $this->sidebarMock->expects($this->once())
+            ->method('getResponseData')
+            ->with($message)
+            ->willReturn($responseData);
+
+        $resultJson = $this->createMock(ResultJson::class);
+        $resultJson->expects($this->once())
+            ->method('setData')
+            ->with($responseData)
+            ->willReturnSelf();
+        $this->resultJsonFactoryMock->expects($this->once())
+            ->method('create')
+            ->willReturn($resultJson);
+
+        $this->action->execute();
+    }
+
     public function testExecuteWhenFormKeyValidationFailed()
     {
         $resultRedirect = $this->createMock(ResultRedirect::class);

app/code/Magento/Cms/Controller/Adminhtml/Wysiwyg/Images/DeleteFolder.php

@@ -4,6 +4,9 @@
  * Copyright © Magento, Inc. All rights reserved.
  * See COPYING.txt for license details.
  */
+
+declare(strict_types=1);
+
 namespace Magento\Cms\Controller\Adminhtml\Wysiwyg\Images;
 
 use Magento\Framework\App\Action\HttpPostActionInterface;
@@ -60,13 +63,8 @@ public function execute()
     {
         try {
             $path = $this->getStorage()->getCmsWysiwygImages()->getCurrentPath();
-            if (!$this->directoryResolver->validatePath($path, DirectoryList::MEDIA)) {
-                throw new \Magento\Framework\Exception\LocalizedException(
-                    __('Directory %1 is not under storage root path.', $path)
-                );
-            }
             $this->getStorage()->deleteDirectory($path);
-            
+
             return $this->resultRawFactory->create();
         } catch (\Exception $e) {
             $result = ['error' => true, 'message' => $e->getMessage()];