Merge pull request #175 from magento-cia/cia-2.4.8-beta2-develop-bugfix-101272024

AC-10142: Wishlist sharing email issue fixed

Author: pawan-adobe-security

ReCaptchaWishlist/Observer/ShareWishlistObserver.php

@@ -0,0 +1,76 @@
+<?php
+/**
+ * Copyright © Magento, Inc. All rights reserved.
+ * See COPYING.txt for license details.
+ */
+declare(strict_types=1);
+
+namespace Magento\ReCaptchaWishlist\Observer;
+
+use Magento\Framework\App\Action\Action;
+use Magento\Framework\App\Response\RedirectInterface;
+use Magento\Framework\Event\Observer;
+use Magento\Framework\Event\ObserverInterface;
+use Magento\Framework\Exception\InputException;
+use Magento\ReCaptchaUi\Model\IsCaptchaEnabledInterface;
+use Magento\ReCaptchaUi\Model\RequestHandlerInterface;
+
+/**
+ * Adds Captcha support for share wishlist
+ */
+class ShareWishlistObserver implements ObserverInterface
+{
+    /**
+     * @var string Captcha key
+     */
+    private const CAPTCHA_KEY = 'wishlist';
+
+    /**
+     * @var RedirectInterface
+     */
+    private $redirect;
+
+    /**
+     * @var IsCaptchaEnabledInterface
+     */
+    private $isCaptchaEnabled;
+
+    /**
+     * @var RequestHandlerInterface
+     */
+    private $requestHandler;
+
+    /**
+     * @param RedirectInterface $redirect
+     * @param IsCaptchaEnabledInterface $isCaptchaEnabled
+     * @param RequestHandlerInterface $requestHandler
+     */
+    public function __construct(
+        RedirectInterface $redirect,
+        IsCaptchaEnabledInterface $isCaptchaEnabled,
+        RequestHandlerInterface $requestHandler
+    ) {
+        $this->redirect = $redirect;
+        $this->isCaptchaEnabled = $isCaptchaEnabled;
+        $this->requestHandler = $requestHandler;
+    }
+
+    /**
+     * @inheritdoc
+     * @param Observer $observer
+     * @return void
+     * @throws InputException
+     */
+    public function execute(Observer $observer): void
+    {
+        if ($this->isCaptchaEnabled->isCaptchaEnabledFor(self::CAPTCHA_KEY)) {
+            /** @var Action $controller */
+            $controller = $observer->getControllerAction();
+            $request = $controller->getRequest();
+            $response = $controller->getResponse();
+            $redirectOnFailureUrl = $this->redirect->getRefererUrl();
+
+            $this->requestHandler->execute(self::CAPTCHA_KEY, $request, $response, $redirectOnFailureUrl);
+        }
+    }
+}

ReCaptchaWishlist/README.md

@@ -0,0 +1 @@
+Please refer to: https://github.com/magento/security-package

ReCaptchaWishlist/Test/Integration/ShareWishlistFormTest.php

@@ -0,0 +1,271 @@
+<?php
+/**
+ * Copyright © Magento, Inc. All rights reserved.
+ * See COPYING.txt for license details.
+ */
+declare(strict_types=1);
+
+namespace Magento\ReCaptchaWishlist\Test\Integration;
+
+use Magento\Customer\Model\Session;
+use Magento\Framework\App\Request\Http;
+use Magento\Framework\Data\Form\FormKey;
+use Magento\Framework\Message\MessageInterface;
+use Magento\Framework\Validation\ValidationResult;
+use Magento\ReCaptchaValidation\Model\Validator;
+use Magento\TestFramework\TestCase\AbstractController;
+use Magento\TestFramework\Wishlist\Model\GetWishlistByCustomerId;
+use Magento\ReCaptchaUi\Model\CaptchaResponseResolverInterface;
+use Magento\Framework\UrlInterface;
+use PHPUnit\Framework\MockObject\MockObject;
+
+/**
+ * Tests for create wish list
+ *
+ * @magentoDataFixture Magento/Customer/_files/customer.php
+ * @magentoDbIsolation enabled
+ * @magentoAppArea frontend
+ */
+class ShareWishlistFormTest extends AbstractController
+{
+    /**
+     * @var string Customer ID
+     */
+    private const CUSTOMER_ID = 1;
+
+    /**
+     * @var Session
+     */
+    private $customerSession;
+
+    /**
+     * @var string
+     */
+    private $formKey;
+
+    /**
+     * @var UrlInterface
+     */
+    private $url;
+
+    /**
+     * @var int
+     */
+    private $wishlistId;
+
+    /**
+     * @var ValidationResult|MockObject
+     */
+    private $captchaValidationResultMock;
+
+    /**
+     * @inheritdoc
+     */
+    protected function setUp(): void
+    {
+        parent::setUp();
+        $this->formKey = $this->_objectManager->get(FormKey::class)->getFormKey();
+        $this->customerSession = $this->_objectManager->get(Session::class);
+        $this->customerSession->setCustomerId(self::CUSTOMER_ID);
+        $this->wishlistId = $this->_objectManager->get(GetWishlistByCustomerId::class)
+            ->execute(self::CUSTOMER_ID)
+            ->getId();
+        $this->url = $this->_objectManager->get(UrlInterface::class);
+        $this->captchaValidationResultMock = $this->createMock(ValidationResult::class);
+        $captchaValidatorMock = $this->createMock(Validator::class);
+        $captchaValidatorMock->expects($this->any())
+            ->method('isValid')
+            ->willReturn($this->captchaValidationResultMock);
+        $this->_objectManager->addSharedInstance($captchaValidatorMock, Validator::class);
+    }
+
+    /**
+     * Checks the content of the 'Wish List Sharing' page when ReCaptcha is disabled
+     */
+    public function testGetRequestIfReCaptchaIsDisabled(): void
+    {
+        $this->checkSuccessfulGetResponse();
+    }
+
+    /**
+     * Checks the content of the 'Wish List Sharing' page when ReCaptcha is enabled
+     * but keys are not configured
+     *
+     * @magentoConfigFixture base_website recaptcha_frontend/type_for/wishlist invisible
+     *
+     * It's  needed for proper work of "ifconfig" in layout during tests running
+     * @magentoConfigFixture default_store recaptcha_frontend/type_for/wishlist invisible
+     */
+    public function testGetRequestIfReCaptchaKeysAreNotConfigured(): void
+    {
+        $this->checkSuccessfulGetResponse();
+    }
+
+    /**
+     * Checks the content of the 'Wish List Sharing' page when ReCaptcha is enabled
+     * and keys are configured
+     *
+     * @magentoConfigFixture base_website recaptcha_frontend/type_invisible/public_key test_public_key
+     * @magentoConfigFixture base_website recaptcha_frontend/type_invisible/private_key test_private_key
+     * @magentoConfigFixture base_website recaptcha_frontend/type_for/wishlist invisible
+     *
+     * It's  needed for proper work of "ifconfig" in layout during tests running
+     * @magentoConfigFixture default_store recaptcha_frontend/type_for/wishlist invisible
+     */
+    public function testGetRequestIfReCaptchaIsEnabled(): void
+    {
+        $this->checkSuccessfulGetResponse(true);
+    }
+
+    /**
+     * Checks GET response
+     *
+     * @param bool $shouldContainReCaptcha
+     * @return void
+     */
+    private function checkSuccessfulGetResponse(bool $shouldContainReCaptcha = false): void
+    {
+        $this->dispatch('wishlist/index/share/wishlist_id/' . $this->wishlistId);
+        $content = $this->getResponse()->getBody();
+
+        $this->assertNotEmpty($content);
+
+        $shouldContainReCaptcha
+            ? $this->assertStringContainsString('field-recaptcha', $content)
+            : $this->assertStringNotContainsString('field-recaptcha', $content);
+
+        $this->assertEmpty($this->getSessionMessages(MessageInterface::TYPE_ERROR));
+    }
+
+    /**
+     * Checks the sharing process without ReCaptcha validation
+     */
+    public function testPostRequestWithoutReCaptchaValidation(): void
+    {
+        $this->checkSuccessfulPostRequest();
+    }
+
+    /**
+     * Checks the sharing process if ReCaptcha is enabled but keys are not configured
+     *
+     * @magentoConfigFixture base_website recaptcha_frontend/type_for/wishlist invisible
+     *
+     * It's  needed for proper work of "ifconfig" in layout during tests running
+     * @magentoConfigFixture default_store recaptcha_frontend/type_for/wishlist invisible
+     */
+    public function testPostRequestIfReCaptchaKeysAreNotConfigured(): void
+    {
+        $this->checkSuccessfulPostRequest();
+    }
+
+    /**
+     * Checks the successful sharing process with ReCaptcha validation
+     *
+     * @magentoConfigFixture base_website recaptcha_frontend/type_invisible/public_key test_public_key
+     * @magentoConfigFixture base_website recaptcha_frontend/type_invisible/private_key test_private_key
+     * @magentoConfigFixture base_website recaptcha_frontend/type_for/wishlist invisible
+     *
+     * It's  needed for proper work of "ifconfig" in layout during tests running
+     * @magentoConfigFixture default_store recaptcha_frontend/type_for/wishlist invisible
+     */
+    public function testPostRequestWithSuccessfulReCaptchaValidation(): void
+    {
+        $this->captchaValidationResultMock->expects($this->once())
+            ->method('isValid')
+            ->willReturn(true);
+        $this->checkSuccessfulPostRequest(true);
+    }
+
+    /**
+     * Checks successful sharing process
+     *
+     * @param bool $withParamReCaptcha
+     */
+    private function checkSuccessfulPostRequest(bool $withParamReCaptcha = false):void
+    {
+        $this->makePostRequest($withParamReCaptcha);
+        $url = $this->url->getRouteUrl('wishlist/index/index/wishlist_id/' . $this->wishlistId . '/');
+        $this->assertRedirect(self::equalTo($url));
+        $this->assertEmpty($this->getSessionMessages(MessageInterface::TYPE_ERROR));
+    }
+
+    /**
+     * Checks the sharing process with ReCaptcha validation when `g-recaptcha-response` missed
+     *
+     * @magentoConfigFixture base_website recaptcha_frontend/type_invisible/public_key test_public_key
+     * @magentoConfigFixture base_website recaptcha_frontend/type_invisible/private_key test_private_key
+     * @magentoConfigFixture base_website recaptcha_frontend/type_for/wishlist invisible
+     *
+     * It's  needed for proper work of "ifconfig" in layout during tests running
+     * @magentoConfigFixture default_store recaptcha_frontend/type_for/wishlist invisible
+     */
+    public function testPostRequestIfReCaptchaParameterIsMissed(): void
+    {
+        $this->checkFailedPostRequest();
+    }
+
+    /**
+     * Checks the failed sharing process with ReCaptcha validation
+     *
+     * @magentoConfigFixture base_website recaptcha_frontend/type_invisible/public_key test_public_key
+     * @magentoConfigFixture base_website recaptcha_frontend/type_invisible/private_key test_private_key
+     * @magentoConfigFixture base_website recaptcha_frontend/type_for/wishlist invisible
+     *
+     * It's  needed for proper work of "ifconfig" in layout during tests running
+     * @magentoConfigFixture default_store recaptcha_frontend/type_for/wishlist invisible
+     */
+    public function testPostRequestWithFailedReCaptchaValidation(): void
+    {
+        $this->captchaValidationResultMock->expects($this->once())
+            ->method('isValid')
+            ->willReturn(false);
+        $this->checkFailedPostRequest(true);
+    }
+
+    /**
+     * Checks failed sharing process
+     *
+     * @param bool $withParamReCaptcha
+     */
+    private function checkFailedPostRequest(bool $withParamReCaptcha = false): void
+    {
+        $this->makePostRequest($withParamReCaptcha);
+        $this->assertSessionMessages(
+            $this->equalTo(['Something went wrong with reCAPTCHA. Please contact the store owner.']),
+            MessageInterface::TYPE_ERROR
+        );
+    }
+
+    /**
+     * Makes post request
+     *
+     * @param bool $withParamReCaptcha
+     * @return void
+     */
+    private function makePostRequest(bool $withParamReCaptcha = false): void
+    {
+        $postValue = [
+            'form_key' => $this->formKey,
+            'emails' => '[email protected], [email protected], [email protected]',
+        ];
+
+        if ($withParamReCaptcha) {
+            $postValue[CaptchaResponseResolverInterface::PARAM_RECAPTCHA] = 'test';
+        }
+
+        $this->getRequest()
+            ->setMethod(Http::METHOD_POST)
+            ->setPostValue($postValue);
+
+        $this->dispatch('wishlist/index/send/wishlist_id/' . $this->wishlistId);
+    }
+
+    /**
+     * @inheritDoc
+     */
+    public function tearDown(): void
+    {
+        $this->customerSession->setCustomerId(null);
+        parent::tearDown();
+    }
+}

ReCaptchaWishlist/composer.json

@@ -0,0 +1,19 @@
+{
+    "name": "magento/module-re-captcha-wishlist",
+    "description": "Google reCAPTCHA integration for Magento2",
+    "type": "magento2-module",
+    "license": "OSL-3.0",
+    "require": {
+        "php": "~8.1.0||~8.2.0||~8.3.0",
+        "magento/framework": "*",
+        "magento/module-re-captcha-ui": "*"
+    },
+    "autoload": {
+        "files": [
+            "registration.php"
+        ],
+        "psr-4": {
+            "Magento\\ReCaptchaWishlist\\": ""
+        }
+    }
+}

ReCaptchaWishlist/etc/adminhtml/system.xml

@@ -0,0 +1,21 @@
+<?xml version="1.0"?>
+<!--
+/**
+ * Copyright © Magento, Inc. All rights reserved.
+ * See COPYING.txt for license details.
+ */
+ -->
+<config xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+        xsi:noNamespaceSchemaLocation="urn:magento:module:Magento_Config:etc/system_file.xsd">
+    <system>
+        <section id="recaptcha_frontend">
+            <group id="type_for">
+                <field id="wishlist" translate="label" type="select" sortOrder="180" showInDefault="1"
+                       showInWebsite="1" showInStore="0" canRestore="1">
+                    <label>Enable for Wishlist Sharing</label>
+                    <source_model>Magento\ReCaptchaAdminUi\Model\OptionSource\Type</source_model>
+                </field>
+            </group>
+        </section>
+    </system>
+</config>