AC-1271: Add rate limiting for payment information endpoint and mutation

Author: arhiopterecs

app/code/Magento/Authorization/Test/Unit/Model/IdentityProviderTest.php

@@ -11,10 +11,14 @@
 use Magento\Authorization\Model\IdentityProvider;
 use Magento\Authorization\Model\UserContextInterface;
 use Magento\Framework\App\Backpressure\ContextInterface;
+use Magento\Framework\Exception\RuntimeException;
 use Magento\Framework\HTTP\PhpEnvironment\RemoteAddress;
 use PHPUnit\Framework\MockObject\MockObject;
 use PHPUnit\Framework\TestCase;
 
+/**
+* Tests the IdentityProvider class
+*/
 class IdentityProviderTest extends TestCase
 {
     /**
@@ -102,4 +106,28 @@ public function testFetchIdentity(
         $this->assertEquals($expectedType, $this->model->fetchIdentityType());
         $this->assertEquals($expectedIdentity, $this->model->fetchIdentity());
     }
+
+    /**
+     * Tests fetching an identity type when user type can't be defined
+     */
+    public function testFetchIdentityTypeUserTypeNotDefined()
+    {
+        $this->userContext->method('getUserId')->willReturn(2);
+        $this->userContext->method('getUserType')->willReturn(null);
+        $this->expectException(RuntimeException::class);
+        $this->expectExceptionMessage(__('User type not defined')->getText());
+        $this->model->fetchIdentityType();
+    }
+
+    /**
+     * Tests fetching an identity when user address can't be extracted
+     */
+    public function testFetchIdentityFailedToExtractRemoteAddress()
+    {
+        $this->userContext->method('getUserId')->willReturn(null);
+        $this->remoteAddress->method('getRemoteAddress')->willReturn(false);
+        $this->expectException(RuntimeException::class);
+        $this->expectExceptionMessage(__('Failed to extract remote address')->getText());
+        $this->model->fetchIdentity();
+    }
 }

app/code/Magento/Checkout/Test/Unit/Model/Backpressure/WebapiRequestTypeExtractorTest.php

@@ -0,0 +1,67 @@
+<?php
+/**
+ * Copyright © Magento, Inc. All rights reserved.
+ * See COPYING.txt for license details.
+ */
+declare(strict_types=1);
+
+namespace Magento\Checkout\Test\Unit\Model\Backpressure;
+
+use Magento\Checkout\Model\Backpressure\WebapiRequestTypeExtractor;
+use Magento\Quote\Model\Backpressure\OrderLimitConfigManager;
+use PHPUnit\Framework\MockObject\MockObject;
+use PHPUnit\Framework\TestCase;
+
+/**
+ * Tests the WebapiRequestTypeExtractor class
+ */
+class WebapiRequestTypeExtractorTest extends TestCase
+{
+    /**
+     * @var OrderLimitConfigManager|MockObject
+     */
+    private $orderLimitConfigManagerMock;
+
+    /**
+     * @var WebapiRequestTypeExtractor
+     */
+    private WebapiRequestTypeExtractor $webapiRequestTypeExtractor;
+
+    /**
+     * @inheritDoc
+     */
+    protected function setUp(): void
+    {
+        $this->orderLimitConfigManagerMock = $this->createMock(OrderLimitConfigManager::class);
+
+        $this->webapiRequestTypeExtractor = new WebapiRequestTypeExtractor($this->orderLimitConfigManagerMock);
+    }
+
+    /**
+     * @param bool $isEnforcementEnabled
+     * @param string $method
+     * @param string|null $expected
+     * @dataProvider dataProvider
+     */
+    public function testExtract(bool $isEnforcementEnabled, string $method, $expected)
+    {
+        $this->orderLimitConfigManagerMock->method('isEnforcementEnabled')->willReturn($isEnforcementEnabled);
+
+        $this->assertEquals(
+            $expected,
+            $this->webapiRequestTypeExtractor->extract('someService', $method, 'someEndpoint')
+        );
+    }
+
+    /**
+     * @return array
+     */
+    public function dataProvider(): array
+    {
+        return [
+            [false, 'someMethod', null],
+            [false, 'savePaymentInformationAndPlaceOrder', null],
+            [true, 'savePaymentInformationAndPlaceOrder', 'quote-order'],
+        ];
+    }
+}

app/code/Magento/Quote/Test/Unit/Model/Backpressure/WebapiRequestTypeExtractorTest.php

@@ -0,0 +1,71 @@
+<?php
+/**
+ * Copyright © Magento, Inc. All rights reserved.
+ * See COPYING.txt for license details.
+ */
+declare(strict_types=1);
+
+namespace Magento\Quote\Test\Unit\Model\Backpressure;
+
+use Magento\Quote\Model\Backpressure\WebapiRequestTypeExtractor;
+use PHPUnit\Framework\MockObject\MockObject;
+use Magento\Quote\Model\Backpressure\OrderLimitConfigManager;
+use PHPUnit\Framework\TestCase;
+use Magento\Quote\Api\CartManagementInterface;
+use Magento\Quote\Api\GuestCartManagementInterface;
+
+/**
+ * Tests the WebapiRequestTypeExtractor class
+ */
+class WebapiRequestTypeExtractorTest extends TestCase
+{
+    /**
+     * @var OrderLimitConfigManager|MockObject
+     */
+    private $configManagerMock;
+
+    /**
+     * @var WebapiRequestTypeExtractor
+     */
+    private WebapiRequestTypeExtractor $typeExtractor;
+
+    /**
+     * @inheritDoc
+     */
+    protected function setUp(): void
+    {
+        $this->configManagerMock = $this->createMock(OrderLimitConfigManager::class);
+        $this->typeExtractor = new WebapiRequestTypeExtractor($this->configManagerMock);
+    }
+
+    /**
+     * Tests CompositeRequestTypeExtractor
+     *
+     * @param string $service
+     * @param string $method
+     * @param bool $isEnforcementEnabled
+     * @param mixed $expected
+     * @dataProvider dataProvider
+     */
+    public function testExtract(string $service, string $method, bool $isEnforcementEnabled, $expected)
+    {
+        $this->configManagerMock->method('isEnforcementEnabled')
+            ->willReturn($isEnforcementEnabled);
+
+        $this->assertEquals($expected, $this->typeExtractor->extract($service, $method, 'someEndPoint'));
+    }
+
+    /**
+     * @return array[]
+     */
+    public function dataProvider(): array
+    {
+        return [
+            ['wrongService', 'wrongMethod', false, null],
+            [CartManagementInterface::class, 'wrongMethod', false, null],
+            [GuestCartManagementInterface::class, 'wrongMethod', false, null],
+            [GuestCartManagementInterface::class, 'placeOrder', false, null],
+            [GuestCartManagementInterface::class, 'placeOrder', true, 'quote-order'],
+        ];
+    }
+}

app/code/Magento/Webapi/Controller/Soap/Request/Handler.php

@@ -110,9 +110,9 @@ class Handler
      * @param DataObjectProcessor $dataObjectProcessor
      * @param MethodsMap $methodsMapProcessor
      * @param ParamsOverrider|null $paramsOverrider
+     * @param InputArraySizeLimitValue|null $inputArraySizeLimitValue
      * @param BackpressureContextFactory|null $backpressureContextFactory
      * @param BackpressureEnforcerInterface|null $backpressureEnforcer
-     * @param InputArraySizeLimitValue|null $inputArraySizeLimitValue
      * @SuppressWarnings(PHPMD.ExcessiveParameterList)
      */
     public function __construct(
@@ -125,9 +125,9 @@ public function __construct(
         DataObjectProcessor $dataObjectProcessor,
         MethodsMap $methodsMapProcessor,
         ?ParamsOverrider $paramsOverrider = null,
+        ?InputArraySizeLimitValue $inputArraySizeLimitValue = null,
         ?BackpressureContextFactory $backpressureContextFactory = null,
-        ?BackpressureEnforcerInterface $backpressureEnforcer = null,
-        ?InputArraySizeLimitValue $inputArraySizeLimitValue = null
+        ?BackpressureEnforcerInterface $backpressureEnforcer = null
     ) {
         $this->_request = $request;
         $this->_objectManager = $objectManager;
@@ -138,12 +138,12 @@ public function __construct(
         $this->_dataObjectProcessor = $dataObjectProcessor;
         $this->methodsMapProcessor = $methodsMapProcessor;
         $this->paramsOverrider = $paramsOverrider ?? ObjectManager::getInstance()->get(ParamsOverrider::class);
+        $this->inputArraySizeLimitValue = $inputArraySizeLimitValue
+            ?? ObjectManager::getInstance()->get(InputArraySizeLimitValue::class);
         $this->backpressureContextFactory = $backpressureContextFactory
             ?? ObjectManager::getInstance()->get(BackpressureContextFactory::class);
         $this->backpressureEnforcer = $backpressureEnforcer
             ?? ObjectManager::getInstance()->get(BackpressureEnforcerInterface::class);
-        $this->inputArraySizeLimitValue = $inputArraySizeLimitValue ?? ObjectManager::getInstance()
-                ->get(InputArraySizeLimitValue::class);
     }
 
     /**