Add validation for additonal data input

Author: pmclain

app/code/Magento/BraintreeGraphQl/Model/BraintreeDataProvider.php

@@ -32,6 +32,18 @@ public function getData(array $args): array
             );
         }
 
+        if (!isset($args[static::PATH_ADDITIONAL_DATA]['payment_method_nonce'])) {
+            throw new GraphQlInputException(
+                __('Required parameter "payment_method_nonce" for "braintree" is missing.')
+            );
+        }
+
+        if (!isset($args[static::PATH_ADDITIONAL_DATA]['is_active_payment_token_enabler'])) {
+            throw new GraphQlInputException(
+                __('Required parameter "is_active_payment_token_enabler" for "braintree" is missing.')
+            );
+        }
+
         return $args[static::PATH_ADDITIONAL_DATA];
     }
 }

app/code/Magento/BraintreeGraphQl/Model/BraintreeVaultDataProvider.php

@@ -31,6 +31,12 @@ public function getData(array $args): array
             );
         }
 
+        if (!isset($args[static::PATH_ADDITIONAL_DATA]['public_hash'])) {
+            throw new GraphQlInputException(
+                __('Required parameter "public_hash" for "braintree_cc_vault" is missing.')
+            );
+        }
+
         return $args[static::PATH_ADDITIONAL_DATA];
     }
 }

app/code/Magento/BraintreeGraphQl/Plugin/SetVaultPaymentNonce.php

@@ -55,6 +55,7 @@ public function beforeExecute(
     ): array {
         if ($paymentData['code'] !== ConfigProvider::CC_VAULT_CODE
             || !isset($paymentData[ConfigProvider::CC_VAULT_CODE])
+            || !isset($paymentData[ConfigProvider::CC_VAULT_CODE]['public_hash'])
         ) {
             return [$quote, $paymentData];
         }

dev/tests/api-functional/testsuite/Magento/GraphQl/Braintree/Customer/SetPaymentMethodTest.php

@@ -210,6 +210,33 @@ public function testSetPaymentMethodInvalidInput(string $methodCode)
         $this->graphQlMutation($setPaymentQuery, [], '', $this->getHeaderMap());
     }
 
+    /**
+     * @magentoApiDataFixture Magento/Customer/_files/customer.php
+     * @magentoApiDataFixture Magento/GraphQl/Catalog/_files/simple_product.php
+     * @magentoApiDataFixture Magento/GraphQl/Quote/_files/enable_offline_shipping_methods.php
+     * @magentoApiDataFixture Magento/GraphQl/Quote/_files/customer/create_empty_cart.php
+     * @magentoApiDataFixture Magento/GraphQl/Quote/_files/add_simple_product.php
+     * @magentoApiDataFixture Magento/GraphQl/Quote/_files/set_new_shipping_address.php
+     * @magentoApiDataFixture Magento/GraphQl/Quote/_files/set_new_billing_address.php
+     * @magentoApiDataFixture Magento/GraphQl/Quote/_files/set_flatrate_shipping_method.php
+     * @magentoApiDataFixture Magento/GraphQl/Braintree/_files/enable_braintree_payment.php
+     * @dataProvider dataProviderTestSetPaymentMethodInvalidInput
+     * @expectedException \Exception
+     * @param string $methodCode
+     */
+    public function testSetPaymentMethodInvalidMethodInput(string $methodCode)
+    {
+        $reservedOrderId = 'test_quote';
+        $maskedQuoteId = $this->getMaskedQuoteIdByReservedOrderId->execute($reservedOrderId);
+
+        $setPaymentQuery = $this->getSetPaymentBraintreeQueryInvalidMethodInput(
+            $maskedQuoteId,
+            $methodCode
+        );
+        $this->expectExceptionMessage("for \"$methodCode\" is missing.");
+        $this->graphQlMutation($setPaymentQuery, [], '', $this->getHeaderMap());
+    }
+
     public function dataProviderTestSetPaymentMethodInvalidInput(): array
     {
         return [
@@ -320,6 +347,32 @@ private function getSetPaymentBraintreeQueryInvalidInput(string $maskedQuoteId,
 QUERY;
     }
 
+    /**
+     * @param string $maskedQuoteId
+     * @param string $methodCode
+     * @return string
+     */
+    private function getSetPaymentBraintreeQueryInvalidMethodInput(string $maskedQuoteId, string $methodCode): string
+    {
+        return <<<QUERY
+mutation {
+  setPaymentMethodOnCart(input:{
+    cart_id:"{$maskedQuoteId}"
+    payment_method:{
+      code:"{$methodCode}"
+      {$methodCode}: {}
+    }
+  }) {
+    cart {
+      selected_payment_method {
+        code
+      }
+    }
+  }
+}
+QUERY;
+    }
+
     /**
      * @param string $maskedQuoteId
      * @return string

dev/tests/api-functional/testsuite/Magento/GraphQl/Braintree/Guest/SetPaymentMethodTest.php

@@ -121,6 +121,28 @@ public function testSetPaymentMethodInvalidInput()
         $this->graphQlMutation($setPaymentQuery);
     }
 
+    /**
+     * @magentoApiDataFixture Magento/GraphQl/Catalog/_files/simple_product.php
+     * @magentoApiDataFixture Magento/GraphQl/Quote/_files/enable_offline_shipping_methods.php
+     * @magentoApiDataFixture Magento/GraphQl/Quote/_files/guest/create_empty_cart.php
+     * @magentoApiDataFixture Magento/GraphQl/Quote/_files/guest/set_guest_email.php
+     * @magentoApiDataFixture Magento/GraphQl/Quote/_files/add_simple_product.php
+     * @magentoApiDataFixture Magento/GraphQl/Quote/_files/set_new_shipping_address.php
+     * @magentoApiDataFixture Magento/GraphQl/Quote/_files/set_new_billing_address.php
+     * @magentoApiDataFixture Magento/GraphQl/Quote/_files/set_flatrate_shipping_method.php
+     * @magentoApiDataFixture Magento/GraphQl/Braintree/_files/enable_braintree_payment.php
+     * @expectedException \Exception
+     */
+    public function testSetPaymentMethodInvalidMethodInput()
+    {
+        $reservedOrderId = 'test_quote';
+        $maskedQuoteId = $this->getMaskedQuoteIdByReservedOrderId->execute($reservedOrderId);
+
+        $setPaymentQuery = $this->getSetPaymentBraintreeQueryInvalidMethodInput($maskedQuoteId);
+        $this->expectExceptionMessage("for \"braintree\" is missing.");
+        $this->graphQlMutation($setPaymentQuery);
+    }
+
     private function assertPlaceOrderResponse(array $response, string $reservedOrderId): void
     {
         self::assertArrayHasKey('placeOrder', $response);
@@ -152,7 +174,7 @@ private function getSetPaymentBraintreeQuery(string $maskedQuoteId, string $nonc
       code:"braintree"
       braintree:{
         is_active_payment_token_enabler:false
-        payment_method_nonce:"fake-valid-nonce"
+        payment_method_nonce:"{$nonce}"
       }
     }
   }) {
@@ -190,6 +212,31 @@ private function getSetPaymentBraintreeQueryInvalidInput(string $maskedQuoteId):
 QUERY;
     }
 
+    /**
+     * @param string $maskedQuoteId
+     * @return string
+     */
+    private function getSetPaymentBraintreeQueryInvalidMethodInput(string $maskedQuoteId): string
+    {
+        return <<<QUERY
+mutation {
+  setPaymentMethodOnCart(input:{
+    cart_id:"{$maskedQuoteId}"
+    payment_method:{
+      code:"braintree"
+      braintree: {}
+    }
+  }) {
+    cart {
+      selected_payment_method {
+        code
+      }
+    }
+  }
+}
+QUERY;
+    }
+
     /**
      * @param string $maskedQuoteId
      * @return string