ACP2E-973: Product is not getting added in wishlist from product list page and product view page when customer confirms account from confirmation email

Author: bubasuma

app/code/Magento/Wishlist/Controller/Index/Add.php

@@ -8,6 +8,7 @@
 use Magento\Catalog\Api\ProductRepositoryInterface;
 use Magento\Customer\Model\Session;
 use Magento\Framework\App\Action\Context;
+use Magento\Framework\App\Action\HttpGetActionInterface;
 use Magento\Framework\App\Action\HttpPostActionInterface;
 use Magento\Framework\Controller\Result\Redirect;
 use Magento\Framework\Data\Form\FormKey\Validator;
@@ -20,9 +21,6 @@
 use Magento\Framework\App\Response\RedirectInterface;
 use Magento\Framework\Controller\ResultInterface;
 use Magento\Wishlist\Controller\WishlistProviderInterface;
-use Magento\Framework\App\Action\HttpGetActionInterface;
-use Magento\Wishlist\Model\DataSerializer;
-use Magento\Framework\Data\Form\FormKey;
 
 /**
  * Wish list Add controller
@@ -61,16 +59,6 @@ class Add extends \Magento\Wishlist\Controller\AbstractIndex implements HttpPost
      */
     private $urlBuilder;
 
-    /**
-     * @var DataSerializer
-     */
-    private $dataSerializer;
-
-    /**
-     * @var FormKey
-     */
-    private $formKey;
-
     /**
      * @param Context $context
      * @param Session $customerSession
@@ -79,8 +67,6 @@ class Add extends \Magento\Wishlist\Controller\AbstractIndex implements HttpPost
      * @param Validator $formKeyValidator
      * @param RedirectInterface|null $redirect
      * @param UrlInterface|null $urlBuilder
-     * @param DataSerializer|null $dataSerializer
-     * @param FormKey|null $formKey
      */
     public function __construct(
         Context $context,
@@ -89,18 +75,14 @@ public function __construct(
         ProductRepositoryInterface $productRepository,
         Validator $formKeyValidator,
         ?RedirectInterface $redirect = null,
-        ?UrlInterface $urlBuilder = null,
-        ?DataSerializer $dataSerializer = null,
-        ?FormKey $formKey = null
+        ?UrlInterface $urlBuilder = null
     ) {
         $this->_customerSession = $customerSession;
         $this->wishlistProvider = $wishlistProvider;
         $this->productRepository = $productRepository;
         $this->formKeyValidator = $formKeyValidator;
         $this->redirect = $redirect ?: ObjectManager::getInstance()->get(RedirectInterface::class);
         $this->urlBuilder = $urlBuilder ?: ObjectManager::getInstance()->get(UrlInterface::class);
-        $this->dataSerializer = $dataSerializer ?: ObjectManager::getInstance()->get(DataSerializer::class);
-        $this->formKey = $formKey ?: ObjectManager::getInstance()->get(FormKey::class);
         parent::__construct($context);
     }
 
@@ -120,20 +102,6 @@ public function execute()
         $resultRedirect = $this->resultFactory->create(ResultFactory::TYPE_REDIRECT);
         $session = $this->_customerSession;
         $requestParams = $this->getRequest()->getParams();
-
-        if ($session->getBeforeWishlistRequest()) {
-            $requestParams = $session->getBeforeWishlistRequest();
-            $session->unsBeforeWishlistRequest();
-            $this->getRequest()->setParam('form_key', $requestParams['form_key']);
-        }
-
-        if (isset($requestParams['token'])) {
-            $wishlistRequestBeforeLogin = $this->dataSerializer->unserialize($requestParams['token']);
-            $requestParams['product'] = isset($wishlistRequestBeforeLogin['product']) ?
-                (int)$wishlistRequestBeforeLogin['product'] : null;
-            $this->getRequest()->setParam('form_key', $this->formKey->getFormKey());
-        }
-
         if (!$this->formKeyValidator->validate($this->getRequest())) {
             return $resultRedirect->setPath('*/');
         }

app/code/Magento/Wishlist/Controller/Index/Plugin.php

@@ -6,11 +6,13 @@
 namespace Magento\Wishlist\Controller\Index;
 
 use Magento\Customer\Model\Session as CustomerSession;
+use Magento\Framework\Data\Form\FormKey;
 use Magento\Framework\Exception\NotFoundException;
 use Magento\Framework\App\Config\ScopeConfigInterface;
 use Magento\Framework\App\RequestInterface;
 use Magento\Framework\App\Response\RedirectInterface;
 use Magento\Store\Model\ScopeInterface;
+use Magento\Wishlist\Model\DataSerializer;
 
 /**
  * Wishlist plugin before dispatch
@@ -42,25 +44,41 @@ class Plugin
      */
     private $messageManager;
 
+    /**
+     * @var DataSerializer
+     */
+    private $dataSerializer;
+
+    /**
+     * @var FormKey
+     */
+    private $formKey;
+
     /**
      * @param CustomerSession $customerSession
      * @param \Magento\Wishlist\Model\AuthenticationStateInterface $authenticationState
      * @param ScopeConfigInterface $config
      * @param RedirectInterface $redirector
      * @param \Magento\Framework\Message\ManagerInterface $messageManager
+     * @param DataSerializer $dataSerializer
+     * @param FormKey $formKey
      */
     public function __construct(
         CustomerSession $customerSession,
         \Magento\Wishlist\Model\AuthenticationStateInterface $authenticationState,
         ScopeConfigInterface $config,
         RedirectInterface $redirector,
-        \Magento\Framework\Message\ManagerInterface $messageManager
+        \Magento\Framework\Message\ManagerInterface $messageManager,
+        DataSerializer $dataSerializer,
+        FormKey $formKey
     ) {
         $this->customerSession = $customerSession;
         $this->authenticationState = $authenticationState;
         $this->config = $config;
         $this->redirector = $redirector;
         $this->messageManager = $messageManager;
+        $this->dataSerializer = $dataSerializer;
+        $this->formKey = $formKey;
     }
 
     /**
@@ -70,6 +88,7 @@ public function __construct(
      * @param RequestInterface $request
      * @return void
      * @throws \Magento\Framework\Exception\NotFoundException
+     * @SuppressWarnings(PHPMD.CyclomaticComplexity)
      */
     public function beforeDispatch(\Magento\Framework\App\ActionInterface $subject, RequestInterface $request)
     {
@@ -86,9 +105,22 @@ public function beforeDispatch(\Magento\Framework\App\ActionInterface $subject,
             $this->customerSession->setBeforeControllerName('index');
             $this->customerSession->setBeforeAction('add');
 
-            if ($request->getActionName() == 'add') {
+            if ($request->getActionName() === 'add') {
                 $this->messageManager->addErrorMessage(__('You must login or register to add items to your wishlist.'));
             }
+        } elseif ($this->customerSession->authenticate()) {
+            if ($this->customerSession->getBeforeWishlistRequest()) {
+                $request->setParams($this->customerSession->getBeforeWishlistRequest());
+                $this->customerSession->unsBeforeWishlistRequest();
+            } elseif ($request->getParam('token')) {
+                // check if the token is valid and retrieve the data
+                $data = $this->dataSerializer->unserialize($request->getParam('token'));
+                // Bypass CSRF validation if the token is valid
+                if ($data) {
+                    $data['form_key'] = $this->formKey->getFormKey();
+                    $request->setParams($data);
+                }
+            }
         }
         if (!$this->config->isSetFlag('wishlist/general/active', ScopeInterface::SCOPE_STORES)) {
             throw new NotFoundException(__('Page not found.'));

app/code/Magento/Wishlist/Test/Unit/Controller/Index/PluginTest.php

@@ -14,13 +14,15 @@
 use Magento\Framework\App\Config\ScopeConfigInterface;
 use Magento\Framework\App\Request\Http;
 use Magento\Framework\App\Response\RedirectInterface;
+use Magento\Framework\Data\Form\FormKey;
 use Magento\Framework\Message\ManagerInterface;
 use Magento\Store\App\Response\Redirect;
 use Magento\Store\Model\ScopeInterface;
 use Magento\Wishlist\Controller\Index\Index;
 use Magento\Wishlist\Controller\Index\Plugin;
 use Magento\Wishlist\Model\AuthenticationState;
 use Magento\Wishlist\Model\AuthenticationStateInterface;
+use Magento\Wishlist\Model\DataSerializer;
 use PHPUnit\Framework\MockObject\MockObject;
 use PHPUnit\Framework\TestCase;
 
@@ -61,6 +63,16 @@ class PluginTest extends TestCase
      */
     protected $request;
 
+    /**
+     * @var DataSerializer|MockObject
+     */
+    private $dataSerializer;
+
+    /**
+     * @var FormKey|MockObject
+     */
+    private $formKey;
+
     /**
      * @inheritdoc
      */
@@ -87,21 +99,8 @@ protected function setUp(): void
         $this->redirector = $this->createMock(Redirect::class);
         $this->messageManager = $this->getMockForAbstractClass(ManagerInterface::class);
         $this->request = $this->createMock(Http::class);
-    }
-
-    /**
-     * @inheritdoc
-     */
-    protected function tearDown(): void
-    {
-        unset(
-            $this->customerSession,
-            $this->authenticationState,
-            $this->config,
-            $this->redirector,
-            $this->messageManager,
-            $this->request
-        );
+        $this->dataSerializer = $this->createMock(DataSerializer::class);
+        $this->formKey = $this->createMock(FormKey::class);
     }
 
     /**
@@ -114,7 +113,9 @@ protected function getPlugin()
             $this->authenticationState,
             $this->config,
             $this->redirector,
-            $this->messageManager
+            $this->messageManager,
+            $this->dataSerializer,
+            $this->formKey
         );
     }
 

dev/tests/integration/testsuite/Magento/Wishlist/Controller/Index/AddTest.php

@@ -242,7 +242,8 @@ public function testAddToWishlistOnCustomerConfirmation(): void
         $this->customerRepository->save($customer);
         $this->assertEquals(null, $customer->getConfirmation());
         $this->customerSession->setCustomerId((int)$customer->getId());
-        $this->performAddToWishListRequest(['token' => $token]);
+        $this->getRequest()->setParams(['token' => $token])->setMethod(HttpRequest::METHOD_GET);
+        $this->dispatch('wishlist/index/add');
         $this->assertSuccess((int)$customer->getId(), 1, $product->getName());
     }