Merge remote-tracking branch 'mainline/develop' into MAGETWO-45226-unserialize-rce

Author: Dale Sikkema

app/code/Magento/Braintree/view/frontend/web/js/view/payment/method-renderer/cc-form.js

@@ -31,6 +31,7 @@
         <form class="form" id="co-transparent-form" action="#" method="post" data-bind="mageInit: {
             'transparent':{
                 'context': context(),
+                'gateway': getCode(),
                 'controller': getControllerName(),
                 'orderSaveUrl':getPlaceOrderUrl(),
             }, 'validation':[]}">
@@ -111,8 +112,15 @@
                     </label>
                     <div class="control">
                         <input type="number" name="payment[cc_number]" class="input-text" value=""
-                            data-bind="attr: {id: getCode() + '_cc_number', title: $t('Credit Card Number'), 'data-container': getCode() + '-cc-number', 'data-validate': JSON.stringify({'required-number':true, 'validate-cc-number':'#' + getCode() + '_cc_type', 'validate-cc-type':'#' + getCode() + '_cc_type'})},
-                            enable: true, value: creditCardNumber"/>
+                               data-bind="attr: {
+                                    autocomplete: off,
+                                    id: getCode() + '_cc_number',
+                                    title: $t('Credit Card Number'),
+                                    'data-container': getCode() + '-cc-number',
+                                    'data-validate': JSON.stringify({'required-number':true, 'validate-card-type':getCcAvailableTypesValues(), 'validate-card-number':'#' + getCode() + '_cc_type', 'validate-cc-type':'#' + getCode() + '_cc_type'})},
+                              enable: isActive($parents),
+                              value: creditCardNumber,
+                              valueUpdate: 'keyup' "/>
                     </div>
                 </div>
                 <div class="field date required" data-bind="attr: {id: getCode() + '_cc_type_exp_div'}, visible: isCcFormShown">

app/code/Magento/Braintree/view/frontend/web/template/payment/cc-form.html

@@ -10,10 +10,9 @@ define([
     'Magento_Customer/js/customer-data',
     'Magento_Ui/js/modal/alert',
     'Magento_Ui/js/modal/confirm',
-    'Magento_Customer/js/customer-data',
     "jquery/ui",
     "mage/decorate"
-], function($, authenticationPopup, customerData, alert, confirm, customerData){
+], function($, authenticationPopup, customerData, alert, confirm){
 
     $.widget('mage.sidebar', {
         options: {
@@ -27,14 +26,16 @@ define([
          * @private
          */
         _create: function () {
-            var self = this;
-
             this._initContent();
-            customerData.get('cart').subscribe(function () {
-                $(self.options.targetElement).trigger('contentUpdated');
-                self._calcHeight();
-                self._isOverflowed();
-            });
+        },
+
+        /**
+         * Update sidebar block.
+         */
+        update: function () {
+            $(this.options.targetElement).trigger('contentUpdated');
+            this._calcHeight();
+            this._isOverflowed();
         },
 
         _initContent: function() {
@@ -219,6 +220,7 @@ define([
                     console.log(JSON.stringify(error));
                 });
         },
+
         /**
          * Calculate height of minicart list
          *
@@ -228,22 +230,18 @@ define([
             var self = this,
                 height = 0,
                 counter = this.options.maxItemsVisible,
-                target = $(this.options.minicart.list)
-                    .clone()
-                    .attr('style', 'position: absolute !important; top: -10000 !important;')
-                    .appendTo('body');
+                target = $(this.options.minicart.list);
+
+            target.children().each(function () {
+                var outerHeight = $(this).outerHeight();
 
-            this.scrollHeight = 0;
-            target.children().each(function() {
                 if (counter-- > 0) {
-                    height += $(this).height();
+                    height += outerHeight;
                 }
-                self.scrollHeight += $(this).height();
+                self.scrollHeight += outerHeight;
             });
 
-            target.remove();
-
-            $(this.options.minicart.list).css('height', height);
+            target.height(height);
         }
     });
 

app/code/Magento/Checkout/view/frontend/web/js/sidebar.js

@@ -20,6 +20,10 @@ define([
     });
 
     function initSidebar() {
+        if (minicart.data('mageSidebar')) {
+            minicart.sidebar('update');
+        }
+
         if (!$('[data-role=product-item]').length) {
             return false;
         }

app/code/Magento/Checkout/view/frontend/web/js/view/minicart.js

@@ -67,7 +67,7 @@
     <div data-action="scroll" class="minicart-items-wrapper">
         <ol id="mini-cart" class="minicart-items" data-bind="foreach: { data: cart().items, as: 'item' }">
             <!-- ko foreach: $parent.getRegion($parent.getItemRenderer(item.product_type)) -->
-                <!-- ko template: {name: getTemplate(), data: item, afterRender: $parents[1].initSidebar()} --><!-- /ko -->
+                <!-- ko template: {name: getTemplate(), data: item, afterRender: function() {$parents[1].initSidebar()}} --><!-- /ko -->
             <!-- /ko -->
         </ol>
     </div>

app/code/Magento/Checkout/view/frontend/web/template/minicart/content.html

@@ -9,6 +9,9 @@
 use Magento\Customer\Model\Url;
 use Magento\Framework\UrlInterface;
 use Magento\Store\Model\StoreManagerInterface;
+use Magento\Framework\App\Config\ScopeConfigInterface;
+use Magento\Customer\Model\Form;
+use Magento\Store\Model\ScopeInterface;
 
 class ConfigProvider implements ConfigProviderInterface
 {
@@ -22,16 +25,24 @@ class ConfigProvider implements ConfigProviderInterface
      */
     protected $urlBuilder;
 
+    /**
+     * @var ScopeConfigInterface
+     */
+    protected $scopeConfig;
+
     /**
      * @param UrlInterface $urlBuilder
      * @param StoreManagerInterface $storeManager
+     * @param ScopeConfigInterface $scopeConfig
      */
     public function __construct(
         UrlInterface $urlBuilder,
-        StoreManagerInterface $storeManager
+        StoreManagerInterface $storeManager,
+        ScopeConfigInterface $scopeConfig
     ) {
         $this->urlBuilder = $urlBuilder;
         $this->storeManager = $storeManager;
+        $this->scopeConfig = $scopeConfig;
     }
 
     /**
@@ -42,9 +53,24 @@ public function getConfig()
         return [
             'customerLoginUrl' => $this->getLoginUrl(),
             'isRedirectRequired' => $this->isRedirectRequired(),
+            'autocomplete' => $this->isAutocompleteEnabled(),
         ];
     }
 
+    /**
+     * Is autocomplete enabled for storefront
+     *
+     * @return string
+     * @codeCoverageIgnore
+     */
+    protected function isAutocompleteEnabled()
+    {
+        return $this->scopeConfig->getValue(
+            Form::XML_PATH_ENABLE_AUTOCOMPLETE,
+            ScopeInterface::SCOPE_STORE
+        ) ? 'on' : 'off';
+    }
+
     /**
      * Returns URL to login controller action
      *

app/code/Magento/Customer/Model/Checkout/ConfigProvider.php

@@ -0,0 +1,138 @@
+<?php
+/**
+ * Copyright © 2015 Magento. All rights reserved.
+ * See COPYING.txt for license details.
+ */
+namespace Magento\Customer\Test\Unit\Model\Checkout;
+
+use Magento\Customer\Model\Checkout\ConfigProvider;
+use Magento\Framework\UrlInterface;
+use Magento\Store\Model\StoreManagerInterface;
+use Magento\Store\Api\Data\StoreInterface;
+use Magento\Framework\App\Config\ScopeConfigInterface;
+use Magento\Customer\Model\Url;
+use Magento\Customer\Model\Form;
+use Magento\Store\Model\ScopeInterface;
+
+class ConfigProviderTest extends \PHPUnit_Framework_TestCase
+{
+    /**
+     * @var ConfigProvider
+     */
+    protected $provider;
+
+    /**
+     * @var StoreManagerInterface|\PHPUnit_Framework_MockObject_MockObject
+     */
+    protected $storeManager;
+
+    /**
+     * @var UrlInterface|\PHPUnit_Framework_MockObject_MockObject
+     */
+    protected $urlBuilder;
+
+    /**
+     * @var ScopeConfigInterface|\PHPUnit_Framework_MockObject_MockObject
+     */
+    protected $scopeConfig;
+
+    /**
+     * @var StoreInterface|\PHPUnit_Framework_MockObject_MockObject
+     */
+    protected $store;
+
+    public function setUp()
+    {
+        $this->storeManager = $this->getMockForAbstractClass(
+            'Magento\Store\Model\StoreManagerInterface',
+            [],
+            '',
+            false
+        );
+        $this->urlBuilder = $this->getMockForAbstractClass(
+            'Magento\Framework\UrlInterface',
+            [],
+            '',
+            false
+        );
+        $this->scopeConfig = $this->getMockForAbstractClass(
+            'Magento\Framework\App\Config\ScopeConfigInterface',
+            [],
+            '',
+            false
+        );
+        $this->store = $this->getMockForAbstractClass(
+            'Magento\Store\Api\Data\StoreInterface',
+            [],
+            '',
+            false,
+            false,
+            true,
+            ['getBaseUrl']
+        );
+
+        $this->provider = new ConfigProvider(
+            $this->urlBuilder,
+            $this->storeManager,
+            $this->scopeConfig
+        );
+    }
+
+    public function testGetConfigWithoutRedirect()
+    {
+        $loginUrl = 'http://url.test/customer/login';
+        $baseUrl = 'http://base-url.test';
+
+        $this->urlBuilder->expects($this->exactly(2))
+            ->method('getUrl')
+            ->with(Url::ROUTE_ACCOUNT_LOGIN)
+            ->willReturn($loginUrl);
+        $this->storeManager->expects($this->once())
+            ->method('getStore')
+            ->willReturn($this->store);
+        $this->store->expects($this->once())
+            ->method('getBaseUrl')
+            ->willReturn($baseUrl);
+        $this->scopeConfig->expects($this->once())
+            ->method('getValue')
+            ->with(Form::XML_PATH_ENABLE_AUTOCOMPLETE, ScopeInterface::SCOPE_STORE)
+            ->willReturn(1);
+        $this->assertEquals(
+            [
+                'customerLoginUrl' => $loginUrl,
+                'isRedirectRequired' => true,
+                'autocomplete' => 'on',
+            ],
+            $this->provider->getConfig()
+        );
+    }
+
+    public function testGetConfig()
+    {
+        $loginUrl = 'http://base-url.test/customer/login';
+        $baseUrl = 'http://base-url.test';
+
+        $this->urlBuilder->expects($this->exactly(2))
+            ->method('getUrl')
+            ->with(Url::ROUTE_ACCOUNT_LOGIN)
+            ->willReturn($loginUrl);
+        $this->storeManager->expects($this->once())
+            ->method('getStore')
+            ->willReturn($this->store);
+        $this->store->expects($this->once())
+            ->method('getBaseUrl')
+            ->willReturn($baseUrl);
+        $this->scopeConfig->expects($this->once())
+            ->method('getValue')
+            ->with(Form::XML_PATH_ENABLE_AUTOCOMPLETE, ScopeInterface::SCOPE_STORE)
+            ->willReturn(0);
+        $this->assertEquals(
+            [
+                'customerLoginUrl' => $loginUrl,
+                'isRedirectRequired' => false,
+                'autocomplete' => 'off',
+            ],
+            $this->provider->getConfig()
+        );
+    }
+}

app/code/Magento/Customer/Test/Unit/Model/Checkout/ConfigProviderTest.php

@@ -22,6 +22,7 @@ define(
         return Component.extend({
             registerUrl: window.authenticationPopup.customerRegisterUrl,
             forgotPasswordUrl: window.authenticationPopup.customerForgotPasswordUrl,
+            autocomplete: window.checkout.autocomplete,
             modalWindow: null,
             isLoading: ko.observable(false),
 

app/code/Magento/Customer/view/frontend/web/js/view/authentication-popup.js

@@ -60,6 +60,7 @@
                                    id="email"
                                    type="email"
                                    class="input-text"
+                                   data-bind="attr: {autocomplete: autocomplete}"
                                    data-validate="{required:true, 'validate-email':true}">
                         </div>
                     </div>
@@ -70,6 +71,7 @@
                                    type="password"
                                    class="input-text"
                                    id="pass"
+                                   data-bind="attr: {autocomplete: autocomplete}"
                                    data-validate="{required:true, 'validate-password':true}">
                         </div>
                     </div>

app/code/Magento/Customer/view/frontend/web/template/authentication-popup.html

@@ -174,17 +174,11 @@ protected function _getAmountData(Order $order)
     private function getNonTaxableAmount(Order $order)
     {
         return [
-            'subtotal' => $this->_formatPrice(
-                $this->_formatPrice(
-                    $order->getPayment()->getBaseAmountAuthorized()
-                ) - $this->_formatPrice(
-                    $order->getBaseTaxAmount()
-                ) - $this->_formatPrice(
-                    $order->getBaseShippingAmount()
-                )
-            ),
+            'subtotal' => $this->_formatPrice($order->getBaseSubtotal()),
+            'total' => $this->_formatPrice($order->getPayment()->getBaseAmountAuthorized()),
             'tax' => $this->_formatPrice($order->getBaseTaxAmount()),
             'shipping' => $this->_formatPrice($order->getBaseShippingAmount()),
+            'discount' => $this->_formatPrice(abs($order->getBaseDiscountAmount()))
         ];
     }