LYNX-306: Guest Order View GraphQL

Author: sivaschenko

app/code/Magento/QuoteGraphQl/Model/Resolver/PlaceOrder.php

@@ -19,6 +19,7 @@
 use Magento\QuoteGraphQl\Model\Cart\GetCartForCheckout;
 use Magento\QuoteGraphQl\Model\Cart\PlaceOrder as PlaceOrderModel;
 use Magento\Sales\Api\OrderRepositoryInterface;
+use Magento\SalesGraphQl\Model\Formatter\Order as OrderFormatter;
 
 /**
  * Resolver for placing order after payment method has already been set
@@ -53,21 +54,6 @@ class PlaceOrder implements ResolverInterface, ResetAfterRequestInterface
         'Some of the products are out of stock' => self::ERROR_UNABLE_TO_PLACE_ORDER,
     ];
 
-    /**
-     * @var GetCartForCheckout
-     */
-    private $getCartForCheckout;
-
-    /**
-     * @var PlaceOrderModel
-     */
-    private $placeOrder;
-
-    /**
-     * @var OrderRepositoryInterface
-     */
-    private $orderRepository;
-
     /**
      * @var \string[]
      */
@@ -77,15 +63,14 @@ class PlaceOrder implements ResolverInterface, ResetAfterRequestInterface
      * @param GetCartForCheckout $getCartForCheckout
      * @param PlaceOrderModel $placeOrder
      * @param OrderRepositoryInterface $orderRepository
+     * @param OrderFormatter $orderFormatter
      */
     public function __construct(
-        GetCartForCheckout $getCartForCheckout,
-        PlaceOrderModel $placeOrder,
-        OrderRepositoryInterface $orderRepository
+        private readonly GetCartForCheckout $getCartForCheckout,
+        private readonly PlaceOrderModel $placeOrder,
+        private readonly OrderRepositoryInterface $orderRepository,
+        private readonly OrderFormatter $orderFormatter
     ) {
-        $this->getCartForCheckout = $getCartForCheckout;
-        $this->placeOrder = $placeOrder;
-        $this->orderRepository = $orderRepository;
     }
 
     /**
@@ -130,6 +115,7 @@ public function resolve(Field $field, $context, ResolveInfo $info, array $value
                 // @deprecated The order_id field is deprecated, use order_number instead
                 'order_id' => $order->getIncrementId(),
             ],
+            'orderV2' => $this->orderFormatter->format($order),
             'errors' => []
         ];
     }

app/code/Magento/QuoteGraphQl/composer.json

@@ -12,6 +12,7 @@
         "magento/module-customer": "*",
         "magento/module-customer-graph-ql": "*",
         "magento/module-sales": "*",
+        "magento/module-sales-graph-ql": "*",
         "magento/module-directory": "*",
         "magento/module-graph-ql": "*",
         "magento/module-gift-message": "*",

app/code/Magento/QuoteGraphQl/etc/schema.graphqls

@@ -224,7 +224,8 @@ type ApplyCouponToCartOutput @doc(description: "Contains details about the cart
 }
 
 type PlaceOrderOutput @doc(description: "Contains the results of the request to place an order.") {
-    order: Order @doc(description: "The ID of the order.")
+    order: Order @deprecated(reason: "Use `orderV2` instead.") @doc(description: "The ID of the order.")
+    orderV2: CustomerOrder! @doc(description: "Full order information.")
     errors: [PlaceOrderError!]! @doc(description:"An array of place order errors.")
 }
 

app/code/Magento/SalesGraphQl/Model/Order/Token.php

@@ -0,0 +1,59 @@
+<?php
+/************************************************************************
+ *
+ * Copyright 2024 Adobe
+ * All Rights Reserved.
+ *
+ * NOTICE: All information contained herein is, and remains
+ * the property of Adobe and its suppliers, if any. The intellectual
+ * and technical concepts contained herein are proprietary to Adobe
+ * and its suppliers and are protected by all applicable intellectual
+ * property laws, including trade secret and copyright laws.
+ * Dissemination of this information or reproduction of this material
+ * is strictly forbidden unless prior written permission is obtained
+ * from Adobe.
+ * ***********************************************************************
+ */
+declare(strict_types=1);
+
+namespace Magento\SalesGraphQl\Model\Order;
+
+use Magento\Framework\Encryption\EncryptorInterface;
+
+/**
+ * Encrypt or decrypt order token
+ */
+class Token
+{
+    /**
+     * @param EncryptorInterface $encryptor
+     */
+    public function __construct(
+        private readonly EncryptorInterface $encryptor
+    ) {
+    }
+
+    /**
+     * Encrypt number, email and postcode to create a token
+     *
+     * @param string $number
+     * @param string $email
+     * @param string $postcode
+     * @return string
+     */
+    public function encrypt(string $number, string $email, string $postcode): string
+    {
+        return $this->encryptor->encrypt(implode('|', [$number, $email, $postcode]));
+    }
+
+    /**
+     * Retrieve number, email and postcode from token
+     *
+     * @param string $token
+     * @return string[]
+     */
+    public function decrypt(string $token): array
+    {
+        return explode('|', $this->encryptor->decrypt($token));
+    }
+}

app/code/Magento/SalesGraphQl/Model/Resolver/GuestOrder.php

@@ -0,0 +1,160 @@
+<?php
+/************************************************************************
+ *
+ * Copyright 2024 Adobe
+ * All Rights Reserved.
+ *
+ * NOTICE: All information contained herein is, and remains
+ * the property of Adobe and its suppliers, if any. The intellectual
+ * and technical concepts contained herein are proprietary to Adobe
+ * and its suppliers and are protected by all applicable intellectual
+ * property laws, including trade secret and copyright laws.
+ * Dissemination of this information or reproduction of this material
+ * is strictly forbidden unless prior written permission is obtained
+ * from Adobe.
+ * ***********************************************************************
+ */
+declare(strict_types=1);
+
+namespace Magento\SalesGraphQl\Model\Resolver;
+
+use Magento\Framework\Api\SearchCriteriaBuilderFactory;
+use Magento\Framework\GraphQl\Config\Element\Field;
+use Magento\Framework\GraphQl\Exception\GraphQlAuthorizationException;
+use Magento\Framework\GraphQl\Exception\GraphQlNoSuchEntityException;
+use Magento\Framework\GraphQl\Query\ResolverInterface;
+use Magento\Framework\GraphQl\Schema\Type\ResolveInfo;
+use Magento\Sales\Api\Data\OrderInterface;
+use Magento\Sales\Api\OrderRepositoryInterface;
+use Magento\SalesGraphQl\Model\Formatter\Order as OrderFormatter;
+use Magento\SalesGraphQl\Model\Order\Token;
+use Magento\Store\Model\StoreManagerInterface;
+
+/**
+ * Retrieve guest order based
+ */
+class GuestOrder implements ResolverInterface
+{
+    /**
+     * @param OrderFormatter $orderFormatter
+     * @param OrderRepositoryInterface $orderRepository
+     * @param SearchCriteriaBuilderFactory $searchCriteriaBuilderFactory
+     * @param StoreManagerInterface $storeManager
+     * @param Token $token
+     */
+    public function __construct(
+        private readonly OrderFormatter $orderFormatter,
+        private readonly OrderRepositoryInterface $orderRepository,
+        private readonly SearchCriteriaBuilderFactory $searchCriteriaBuilderFactory,
+        private readonly StoreManagerInterface $storeManager,
+        private readonly Token $token
+    ) {
+    }
+
+    /**
+     * @inheritDoc
+     */
+    public function resolve(
+        Field $field,
+        $context,
+        ResolveInfo $info,
+        array $value = null,
+        array $args = null
+    ) {
+        list($number, $email, $postcode) = $this->getNumberEmailPostcode($args['input'] ?? []);
+        $order = $this->getOrder($number);
+        $this->validateOrder($order, $postcode, $email);
+        return $this->orderFormatter->format($order);
+    }
+
+    /**
+     * Retrieve order based on order number
+     *
+     * @param string $number
+     * @return OrderInterface
+     * @throws GraphQlNoSuchEntityException
+     */
+    private function getOrder(string $number): OrderInterface
+    {
+        $searchCriteria = $this->searchCriteriaBuilderFactory->create()
+            ->addFilter('increment_id', $number)
+            ->addFilter('store_id', $this->storeManager->getStore()->getId())
+            ->create();
+
+        $orders = $this->orderRepository->getList($searchCriteria)->getItems();
+        if (empty($orders)) {
+            $this->cannotLocateOrder();
+        }
+
+        return reset($orders);
+    }
+
+    /**
+     * Ensure the order matches the provided criteria
+     *
+     * @param OrderInterface $order
+     * @param string $postcode
+     * @param string $email
+     * @return void
+     * @throws GraphQlAuthorizationException
+     * @throws GraphQlNoSuchEntityException
+     */
+    private function validateOrder(OrderInterface $order, string $postcode, string $email): void
+    {
+        if ($order->getBillingAddress()->getPostcode() !== $postcode) {
+            $this->cannotLocateOrder();
+        }
+
+        if ($order->getBillingAddress()->getEmail() !== $email) {
+            $this->cannotLocateOrder();
+        }
+
+        if ($order->getCustomerId()) {
+            $this->customerHasToLogin();
+        }
+    }
+
+    /**
+     * Retrieve number, email and postcode from input
+     *
+     * @param array $input
+     * @return array
+     * @throws GraphQlNoSuchEntityException
+     */
+    private function getNumberEmailPostcode(array $input): array
+    {
+        if (isset($input['token'])) {
+            $data = $this->token->decrypt($input['token']);
+            if (count($data) !== 3) {
+                $this->cannotLocateOrder();
+            }
+            return $data;
+        }
+        if (!isset($input['number']) || !isset($input['email']) || !isset($input['postcode'])) {
+            $this->cannotLocateOrder();
+        }
+        return [$input['number'], $input['email'], $input['postcode']];
+    }
+
+    /**
+     * Throw exception when the order cannot be found or does not match the criteria
+     *
+     * @return void
+     * @throws GraphQlNoSuchEntityException
+     */
+    private function cannotLocateOrder(): void
+    {
+        throw new GraphQlNoSuchEntityException(__('We couldn\'t locate an order with the information provided.'));
+    }
+
+    /**
+     * Throw exception when the guest checkout is not enabled or order is customer order
+     *
+     * @return void
+     * @throws GraphQlAuthorizationException
+     */
+    private function customerHasToLogin(): void
+    {
+        throw new GraphQlAuthorizationException(__('Please login to view the order.'));
+    }
+}

app/code/Magento/SalesGraphQl/Model/Resolver/OrderItems.php

@@ -49,10 +49,6 @@ public function __construct(
      */
     public function resolve(Field $field, $context, ResolveInfo $info, array $value = null, array $args = null)
     {
-        /** @var ContextInterface $context */
-        if (false === $context->getExtensionAttributes()->getIsCustomer()) {
-            throw new GraphQlAuthorizationException(__('The current customer isn\'t authorized.'));
-        }
         if (!(($value['model'] ?? null) instanceof OrderInterface)) {
             throw new LocalizedException(__('"model" value should be specified'));
         }

app/code/Magento/SalesGraphQl/Model/Resolver/Token.php

@@ -0,0 +1,61 @@
+<?php
+/************************************************************************
+ *
+ * Copyright 2024 Adobe
+ * All Rights Reserved.
+ *
+ * NOTICE: All information contained herein is, and remains
+ * the property of Adobe and its suppliers, if any. The intellectual
+ * and technical concepts contained herein are proprietary to Adobe
+ * and its suppliers and are protected by all applicable intellectual
+ * property laws, including trade secret and copyright laws.
+ * Dissemination of this information or reproduction of this material
+ * is strictly forbidden unless prior written permission is obtained
+ * from Adobe.
+ * ***********************************************************************
+ */
+declare(strict_types=1);
+
+namespace Magento\SalesGraphQl\Model\Resolver;
+
+use Magento\Framework\Exception\LocalizedException;
+use Magento\Framework\GraphQl\Config\Element\Field;
+use Magento\Framework\GraphQl\Query\ResolverInterface;
+use Magento\Framework\GraphQl\Schema\Type\ResolveInfo;
+use Magento\Sales\Api\Data\OrderInterface;
+
+/**
+ * Retrieve order token
+ */
+class Token implements ResolverInterface
+{
+    /**
+     * @param Token $token
+     */
+    public function __construct(
+        private readonly \Magento\SalesGraphQl\Model\Order\Token $token
+    ) {
+    }
+
+    /**
+     * @inheritDoc
+     */
+    public function resolve(
+        Field $field,
+        $context,
+        ResolveInfo $info,
+        array $value = null,
+        array $args = null
+    ) {
+        if (!(($value['model'] ?? null) instanceof OrderInterface)) {
+            throw new LocalizedException(__('"model" value should be specified'));
+        }
+        /** @var OrderInterface $order */
+        $order = $value['model'];
+        return $this->token->encrypt(
+            $order->getIncrementId(),
+            $order->getBillingAddress()->getEmail(),
+            $order->getBillingAddress()->getPostcode()
+        );
+    }
+}