Merge branch 'ACP2E-2969' of https://github.com/adobe-commerce-tier-4/magento2ce into PR-2024-07-11

Author: aplapana

app/code/Magento/Integration/Test/Unit/Oauth/OauthTest.php

@@ -7,7 +7,7 @@
 
 namespace Magento\Integration\Test\Unit\Oauth;
 
-use Laminas\OAuth\Http\Utility;
+use Magento\Framework\Oauth\Helper\Utility;
 use Magento\Framework\DataObject;
 use Magento\Framework\Math\Random;
 use Magento\Framework\Oauth\Helper\Oauth;
@@ -55,8 +55,8 @@ class OauthTest extends TestCase
     /** @var \Magento\Framework\Oauth\Oauth */
     private $_oauth;
 
-    /** @var  \Zend_Oauth_Http_Utility */
-    private $_httpUtilityMock;
+    /** @var  Utility */
+    private $utility;
 
     /** @var DateTime */
     private $_dateMock;
@@ -160,9 +160,7 @@ protected function setUp(): void
         $this->_oauthHelperMock = $this->getMockBuilder(Oauth::class)
             ->setConstructorArgs([new Random()])
             ->getMock();
-        $this->_httpUtilityMock = $this->getMockBuilder(Utility::class)
-            ->onlyMethods(['sign'])
-            ->getMock();
+        $this->utility = $this->createMock(Utility::class);
         $this->_dateMock = $this->getMockBuilder(DateTime::class)
             ->disableOriginalConstructor()
             ->getMock();
@@ -190,7 +188,7 @@ protected function setUp(): void
             $this->_oauthHelperMock,
             $nonceGenerator,
             $tokenProvider,
-            $this->_httpUtilityMock
+            $this->utility
         );
         $this->_oauthToken = $this->_generateRandomString(Oauth::LENGTH_TOKEN);
         $this->_oauthSecret = $this->_generateRandomString(Oauth::LENGTH_TOKEN_SECRET);
@@ -199,17 +197,6 @@ protected function setUp(): void
         );
     }
 
-    protected function tearDown(): void
-    {
-        unset($this->_consumerFactory);
-        unset($this->_nonceFactory);
-        unset($this->_tokenFactory);
-        unset($this->_oauthHelperMock);
-        unset($this->_httpUtilityMock);
-        unset($this->_dateMock);
-        unset($this->_oauth);
-    }
-
     /**
      * @param array $amendments
      * @return array
@@ -477,7 +464,7 @@ public function testGetRequestTokenTokenRejected()
         $this->_setupToken(false);
 
         $signature = 'valid_signature';
-        $this->_httpUtilityMock->expects($this->any())->method('sign')->willReturn($signature);
+        $this->utility->expects($this->any())->method('sign')->willReturn($signature);
 
         $this->_oauth->getRequestToken(
             $this->_getRequestTokenParams(['oauth_signature' => $signature]),
@@ -498,7 +485,7 @@ public function testGetRequestTokenTokenRejectedByType()
         // wrong type
 
         $signature = 'valid_signature';
-        $this->_httpUtilityMock->expects($this->any())->method('sign')->willReturn($signature);
+        $this->utility->expects($this->any())->method('sign')->willReturn($signature);
 
         $this->_oauth->getRequestToken(
             $this->_getRequestTokenParams(['oauth_signature' => $signature]),
@@ -548,7 +535,7 @@ public function testGetRequestToken()
         $this->_setupToken();
 
         $signature = 'valid_signature';
-        $this->_httpUtilityMock->expects($this->any())->method('sign')->willReturn($signature);
+        $this->utility->expects($this->any())->method('sign')->willReturn($signature);
 
         $requestToken = $this->_oauth->getRequestToken(
             $this->_getRequestTokenParams(['oauth_signature' => $signature]),
@@ -802,7 +789,13 @@ public function testValidateAccessToken()
     public function testBuildAuthorizationHeader()
     {
         $signature = 'valid_signature';
-        $this->_httpUtilityMock->expects($this->any())->method('sign')->willReturn($signature);
+        $this->utility->expects($this->once())->method('sign')->willReturn($signature);
+        $this->utility->expects($this->once())
+            ->method('toAuthorizationHeader')
+            ->willReturn('OAuth oauth_nonce="tyukmnjhgfdcvxstyuioplkmnhtfvert",oauth_timestamp="1657789046",' .
+            'oauth_version="1.0",oauth_consumer_key="edf957ef88492f0a32eb7e1731e85da2",' .
+            'oauth_consumer_secret="asdawwewefrtyh2f0a32eb7e1731e85d",oauth_token="7c0709f789e1f38a17aa4b9a28e1b06c",' .
+            'oauth_token_secret="a6agsfrsfgsrjjjjyy487939244ssggg",oauth_signature="valid_signature"');
 
         $this->_setupConsumer(false);
         $this->_oauthHelperMock->expects(

dev/tests/api-functional/framework/Magento/TestFramework/Authentication/Rest/OauthClient.php

@@ -6,7 +6,9 @@
 
 namespace Magento\TestFramework\Authentication\Rest;
 
+use Magento\Framework\Oauth\Helper\Utility;
 use Magento\TestFramework\Helper\Bootstrap;
+use Magento\TestFramework\ObjectManager;
 use OAuth\Common\Consumer\Credentials;
 use OAuth\Common\Http\Client\ClientInterface;
 use OAuth\Common\Http\Exception\TokenResponseException;
@@ -17,6 +19,8 @@
 use OAuth\OAuth1\Signature\SignatureInterface;
 use OAuth\OAuth1\Token\StdOAuth1Token;
 use OAuth\OAuth1\Token\TokenInterface;
+use Laminas\OAuth\Http\Utility as HTTPUtility;
+use Magento\Framework\Oauth\Helper\Signature\HmacFactory;
 
 /**
  * @SuppressWarnings(PHPMD.CouplingBetweenObjects)
@@ -37,13 +41,15 @@ class OauthClient extends AbstractService
      * @param TokenStorageInterface|null $storage
      * @param SignatureInterface|null $signature
      * @param UriInterface|null $baseApiUri
+     * @param Utility|null $helper
      */
     public function __construct(
         Credentials $credentials,
         ClientInterface $httpClient = null,
         TokenStorageInterface $storage = null,
         SignatureInterface $signature = null,
-        UriInterface $baseApiUri = null
+        UriInterface $baseApiUri = null,
+        Utility $helper = null
     ) {
         if (!isset($httpClient)) {
             $httpClient = new \Magento\TestFramework\Authentication\Rest\CurlClient();
@@ -52,8 +58,12 @@ public function __construct(
         if (!isset($storage)) {
             $storage = new \OAuth\Common\Storage\Memory();
         }
+        if (!isset($helper)) {
+            /** @phpstan-ignore-next-line */
+            $helper = new Utility(new HTTPUtility(), new HmacFactory(ObjectManager::getInstance()));
+        }
         if (!isset($signature)) {
-            $signature = new \Magento\TestFramework\Authentication\Rest\OauthClient\Signature($credentials);
+            $signature = new \Magento\TestFramework\Authentication\Rest\OauthClient\Signature($helper, $credentials);
         }
         parent::__construct($credentials, $httpClient, $storage, $signature, $baseApiUri);
     }

dev/tests/api-functional/framework/Magento/TestFramework/Authentication/Rest/OauthClient/Signature.php

@@ -6,17 +6,29 @@
 
 namespace Magento\TestFramework\Authentication\Rest\OauthClient;
 
+use OAuth\Common\Consumer\CredentialsInterface;
 use OAuth\Common\Http\Uri\UriInterface;
+use Magento\Framework\Oauth\Helper\Utility;
 
 /**
  * Signature class for Magento REST API.
  */
 class Signature extends \OAuth\OAuth1\Signature\Signature
 {
+    /**
+     * @param Utility $helper
+     * @param CredentialsInterface $credentials
+     */
+    public function __construct(private readonly Utility $helper, CredentialsInterface $credentials)
+    {
+        parent::__construct($credentials);
+    }
+
     /**
      * @inheritDoc
      *
-     * In addition to the original method, allows array parameters for filters.
+     * In addition to the original method, allows array parameters for filters
+     * and matches validation signature algorithm
      */
     public function getSignature(UriInterface $uri, array $params, $method = 'POST')
     {
@@ -32,37 +44,16 @@ function ($carry, $item) {
 
         $signatureData = [];
         foreach (array_merge($queryStringData, $params) as $key => $value) {
-            $signatureData[rawurlencode($key)] = rawurlencode($value);
-        }
-
-        ksort($signatureData);
-
-        // determine base uri
-        $baseUri = $uri->getScheme() . '://' . $uri->getRawAuthority();
-
-        if ('/' == $uri->getPath()) {
-            $baseUri .= $uri->hasExplicitTrailingHostSlash() ? '/' : '';
-        } else {
-            $baseUri .= $uri->getPath();
+            $signatureData[rawurldecode($key)] = rawurlencode($value);
         }
 
-        $baseString = strtoupper($method) . '&';
-        $baseString .= rawurlencode($baseUri) . '&';
-        $baseString .= rawurlencode($this->buildSignatureDataString($signatureData));
-
-        return base64_encode($this->hash($baseString));
-    }
-
-    /**
-     * @inheritDoc
-     */
-    protected function hash($data)
-    {
-        switch (strtoupper($this->algorithm)) {
-            case 'HMAC-SHA256':
-                return hash_hmac('sha256', $data, $this->getSigningKey(), true);
-            default:
-                return parent::hash($data);
-        }
+        return $this->helper->sign(
+            $signatureData,
+            $this->algorithm,
+            $this->credentials->getConsumerSecret(),
+            $this->tokenSecret,
+            $method,
+            (string) $uri
+        );
     }
 }

lib/internal/Magento/Framework/Oauth/Helper/Request.php

@@ -43,6 +43,11 @@ public function prepareRequest($httpRequest)
             $httpRequest->getContent(),
             $this->getRequestUrl($httpRequest)
         );
+        foreach ($oauthParams as $key => $value) {
+            if ($key !== 'oauth_signature') {
+                $oauthParams[$key] = rawurlencode($value);
+            }
+        }
         return $oauthParams;
     }
 

lib/internal/Magento/Framework/Oauth/Helper/Signature/Hmac.php

@@ -0,0 +1,40 @@
+<?php
+/**
+ * Copyright 2024 Adobe
+ * All Rights Reserved.
+ */
+declare(strict_types=1);
+
+namespace Magento\Framework\Oauth\Helper\Signature;
+
+use Laminas\Uri;
+use Laminas\OAuth\Signature\Hmac as HmacSignature;
+use Magento\Framework\Oauth\Helper\Uri\Http;
+
+class Hmac extends HmacSignature
+{
+    /**
+     * @inheritDoc
+     */
+    public function normaliseBaseSignatureUrl($url): string
+    {
+        $registeredHttpScheme = Uri\UriFactory::getRegisteredSchemeClass('http');
+        $registeredHttpsScheme = Uri\UriFactory::getRegisteredSchemeClass('https');
+        Uri\UriFactory::registerScheme('http', Http::class);
+        Uri\UriFactory::registerScheme('https', Http::class);
+        $uri = Uri\UriFactory::factory($url);
+        Uri\UriFactory::registerScheme('http', $registeredHttpScheme);
+        Uri\UriFactory::registerScheme('https', $registeredHttpsScheme);
+        $uri->normalize();
+        if ($uri->getScheme() == 'http' && $uri->getPort() == '80') {
+            $uri->setPort('');
+        } elseif ($uri->getScheme() == 'https' && $uri->getPort() == '443') {
+            $uri->setPort('');
+        } elseif (! in_array($uri->getScheme(), ['http', 'https'])) {
+            throw new \InvalidArgumentException('Invalid URL provided; must be an HTTP or HTTPS scheme');
+        }
+        $uri->setQuery('');
+        $uri->setFragment('');
+        return $uri->toString();
+    }
+}

lib/internal/Magento/Framework/Oauth/Helper/Uri/Http.php

@@ -0,0 +1,26 @@
+<?php
+/**
+ * Copyright 2024 Adobe
+ * All Rights Reserved.
+ */
+declare(strict_types=1);
+
+namespace Magento\Framework\Oauth\Helper\Uri;
+
+use Laminas\Uri\Http as LaminasHttp;
+
+class Http extends LaminasHttp
+{
+    /**
+     * @inheritDoc
+     */
+    protected static function normalizePath($path): string
+    {
+        return self::encodePath(
+            self::decodeUrlEncodedChars(
+                self::removePathDotSegments($path),
+                '/[' . self::CHAR_UNRESERVED . ':@&=\+\$,;%]/'
+            )
+        );
+    }
+}

lib/internal/Magento/Framework/Oauth/Helper/Utility.php

@@ -0,0 +1,83 @@
+<?php
+/**
+ * Copyright 2024 Adobe
+ * All Rights Reserved.
+ */
+declare(strict_types=1);
+
+namespace Magento\Framework\Oauth\Helper;
+
+use Laminas\OAuth\Http\Utility as LaminasUtility;
+use Magento\Framework\Oauth\Helper\Signature\HmacFactory;
+
+class Utility
+{
+    /**
+     * @param LaminasUtility $httpUtility
+     * @param HmacFactory $hmacFactory
+     */
+    public function __construct(private readonly LaminasUtility $httpUtility, private readonly HmacFactory $hmacFactory)
+    {
+    }
+
+    /**
+     * Generate signature string
+     *
+     * @param array $params
+     * @param string $signatureMethod
+     * @param string $consumerSecret
+     * @param string|null $tokenSecret
+     * @param string|null $method
+     * @param string|null $url
+     * @return string
+     */
+    public function sign(
+        array  $params,
+        string $signatureMethod,
+        string $consumerSecret,
+        ?string $tokenSecret = null,
+        ?string $method = null,
+        ?string $url = null
+    ): string {
+        if ($this->isHmac256($signatureMethod)) {
+            $hmac = $this->hmacFactory->create(
+                ['consumerSecret' => $consumerSecret,
+                    'tokenSecret' => $tokenSecret,
+                    'hashAlgo' => 'sha256'
+                ]
+            );
+
+            return $hmac->sign($params, $method, $url);
+        } else {
+            return $this->httpUtility->sign($params, $signatureMethod, $consumerSecret, $tokenSecret, $method, $url);
+        }
+    }
+
+    /**
+     * Check if signature method is HMAC-SHA256
+     *
+     * @param string $signatureMethod
+     * @return bool
+     */
+    private function isHmac256(string $signatureMethod): bool
+    {
+        if (strtoupper(preg_replace('/[\W]/', '', $signatureMethod)) === 'HMACSHA256') {
+            return true;
+        }
+
+        return false;
+    }
+
+    /**
+     * Cast to authorization header
+     *
+     * @param array $params
+     * @param string|null $realm
+     * @param bool $excludeCustomParams
+     */
+    public function toAuthorizationHeader(array $params, ?string $realm = null, bool $excludeCustomParams = true)
+    {
+        $authorizationHeader = $this->httpUtility->toAuthorizationHeader($params, $realm, $excludeCustomParams);
+        return str_replace('realm="",', '', $authorizationHeader);
+    }
+}