AC-1619: Integration access tokens do not work as Bearer tokens

Author: nathanjosiah

app/code/Magento/Webapi/Model/Authorization/SoapUserContext.php

@@ -8,6 +8,7 @@
 
 use Magento\Authorization\Model\UserContextInterface;
 use Magento\Framework\App\ObjectManager;
+use Magento\Integration\Model\Config\AuthorizationConfig;
 use Magento\Integration\Model\Oauth\Token;
 use Magento\Integration\Model\Oauth\TokenFactory;
 use Magento\Integration\Api\IntegrationServiceInterface;
@@ -51,24 +52,30 @@ class SoapUserContext implements UserContextInterface
      */
     private $integrationService;
 
+    /**
+     * @var AuthorizationConfig
+     */
+    private $authorizationConfig;
+
     /**
      * Initialize dependencies.
      *
      * @param Request $request
      * @param TokenFactory $tokenFactory
      * @param IntegrationServiceInterface $integrationService
-     * @param DateTime|null $dateTime
-     * @param Date|null $date
-     * @param OauthHelper|null $oauthHelper
+     * @param AuthorizationConfig|null $authorizationConfig
      */
     public function __construct(
         Request $request,
         TokenFactory $tokenFactory,
-        IntegrationServiceInterface $integrationService
+        IntegrationServiceInterface $integrationService,
+        ?AuthorizationConfig $authorizationConfig = null
     ) {
         $this->request = $request;
         $this->tokenFactory = $tokenFactory;
         $this->integrationService = $integrationService;
+        $this->authorizationConfig = $authorizationConfig ?? ObjectManager::getInstance()
+                ->get(AuthorizationConfig::class);
     }
 
     /**
@@ -110,10 +117,11 @@ private function processRequest() //phpcs:ignore CopyPaste
             return;
         }
         $tokenType = strtolower($headerPieces[0]);
-        if ($tokenType !== 'bearer') {
+        if ($tokenType !== 'bearer' || !$this->authorizationConfig->isIntegrationAsBearerEnabled()) {
             $this->isRequestProcessed = true;
             return;
         }
+
         $bearerToken = $headerPieces[1];
 
         /** @var Token $token */

app/code/Magento/Webapi/etc/webapi_soap/di.xml

@@ -6,22 +6,21 @@
  */
 -->
 <config xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="urn:magento:framework:ObjectManager/etc/config.xsd">
-    <type name="Magento\Webapi\Model\Authorization\OauthUserContext">
-        <arguments>
-            <argument name="request" xsi:type="object">Magento\Webapi\Controller\Soap\Request</argument>
-        </arguments>
-    </type>
     <type name="Magento\Authorization\Model\CompositeUserContext">
         <arguments>
             <argument name="userContexts" xsi:type="array">
-                <item name="soapUserContext" xsi:type="array">
-                    <item name="type" xsi:type="object">Magento\Webapi\Model\Authorization\SoapUserContext</item>
-                    <item name="sortOrder" xsi:type="string">9</item>
+                <item name="oauthUserContext" xsi:type="array">
+                    <item name="type" xsi:type="object">Magento\Webapi\Model\Authorization\OauthUserContext</item>
+                    <item name="sortOrder" xsi:type="string">5</item>
                 </item>
                 <item name="tokenUserContext" xsi:type="array">
                     <item name="type" xsi:type="object">Magento\Webapi\Model\Authorization\TokenUserContext</item>
                     <item name="sortOrder" xsi:type="string">10</item>
                 </item>
+                <item name="soapUserContext" xsi:type="array">
+                    <item name="type" xsi:type="object">Magento\Webapi\Model\Authorization\SoapUserContext</item>
+                    <item name="sortOrder" xsi:type="string">15</item>
+                </item>
                 <item name="guestUserContext" xsi:type="array">
                     <item name="type" xsi:type="object">Magento\Webapi\Model\Authorization\GuestUserContext</item>
                     <item name="sortOrder" xsi:type="string">100</item>

dev/tests/api-functional/testsuite/Magento/Webapi/WsdlGenerationFromDataObjectTest.php

@@ -6,6 +6,8 @@
 
 namespace Magento\Webapi;
 
+use Magento\TestFramework\Authentication\OauthHelper;
+use Magento\TestFramework\Authentication\Rest\OauthClient;
 use Magento\TestFramework\Helper\Bootstrap;
 
 /**
@@ -33,6 +35,39 @@ protected function setUp(): void
         parent::setUp();
     }
 
+    public function testDisabledIntegrationAsBearer()
+    {
+        $wsdlUrl = $this->_getBaseWsdlUrl() . 'testModule5AllSoapAndRestV1,testModule5AllSoapAndRestV2';
+        $accessCredentials = \Magento\TestFramework\Authentication\OauthHelper::getApiAccessCredentials()['key'];
+        $connection = curl_init($wsdlUrl);
+        curl_setopt($connection, CURLOPT_RETURNTRANSFER, 1);
+        curl_setopt($connection, CURLOPT_HTTPHEADER, ['header' => "Authorization: Bearer " . $accessCredentials]);
+        $responseContent = curl_exec($connection);
+        $this->assertEquals(curl_getinfo($connection, CURLINFO_HTTP_CODE), 401);
+        $this->assertStringContainsString(
+            "The consumer isn't authorized to access %resources.",
+            htmlspecialchars_decode($responseContent, ENT_QUOTES)
+        );
+    }
+
+    public function testAuthenticationWithOAuth()
+    {
+        $wsdlUrl = $this->_getBaseWsdlUrl() . 'testModule5AllSoapAndRestV2';
+        $this->_soapUrl = "{$this->_baseUrl}/soap/{$this->_storeCode}?services=testModule5AllSoapAndRestV2";
+        $this->isSingleService = true;
+
+        $connection = curl_init($wsdlUrl);
+        curl_setopt($connection, CURLOPT_RETURNTRANSFER, 1);
+        curl_setopt($connection, CURLOPT_HTTPHEADER, ['header' => $this->getAuthHeader($wsdlUrl)]);
+        $responseContent = curl_exec($connection);
+        $this->assertEquals(curl_getinfo($connection, CURLINFO_HTTP_CODE), 200);
+        $wsdlContent = $this->_convertXmlToString($responseContent);
+        $this->checkAll($wsdlContent);
+    }
+
+    /**
+     * @magentoConfigFixture default_store oauth/consumer/enable_integration_as_bearer 1
+     */
     public function testMultiServiceWsdl()
     {
         $this->_soapUrl = "{$this->_baseUrl}/soap/{$this->_storeCode}"
@@ -41,27 +76,20 @@ public function testMultiServiceWsdl()
         $wsdlContent = $this->_convertXmlToString($this->_getWsdlContent($wsdlUrl));
         $this->isSingleService = false;
 
-        $this->_checkTypesDeclaration($wsdlContent);
-        $this->_checkPortTypeDeclaration($wsdlContent);
-        $this->_checkBindingDeclaration($wsdlContent);
-        $this->_checkServiceDeclaration($wsdlContent);
-        $this->_checkMessagesDeclaration($wsdlContent);
-        $this->_checkFaultsDeclaration($wsdlContent);
+        $this->checkAll($wsdlContent);
     }
 
+    /**
+     * @magentoConfigFixture default_store oauth/consumer/enable_integration_as_bearer 1
+     */
     public function testSingleServiceWsdl()
     {
         $this->_soapUrl = "{$this->_baseUrl}/soap/{$this->_storeCode}?services=testModule5AllSoapAndRestV2";
         $wsdlUrl = $this->_getBaseWsdlUrl() . 'testModule5AllSoapAndRestV2';
         $wsdlContent = $this->_convertXmlToString($this->_getWsdlContent($wsdlUrl));
         $this->isSingleService = true;
 
-        $this->_checkTypesDeclaration($wsdlContent);
-        $this->_checkPortTypeDeclaration($wsdlContent);
-        $this->_checkBindingDeclaration($wsdlContent);
-        $this->_checkServiceDeclaration($wsdlContent);
-        $this->_checkMessagesDeclaration($wsdlContent);
-        $this->_checkFaultsDeclaration($wsdlContent);
+        $this->checkAll($wsdlContent);
     }
 
     public function testNoAuthorizedServices()
@@ -983,4 +1011,28 @@ protected function _checkFaultsComplexTypeSection($wsdlContent)
             'Details wrapped errors (array of wrapped errors) complex types declaration is invalid.'
         );
     }
+
+    private function getAuthHeader(string $url): string
+    {
+        $accessCredentials = OauthHelper::getApiAccessCredentials();
+        /** @var OauthClient $oAuthClient */
+        $oAuthClient = $accessCredentials['oauth_client'];
+        return $oAuthClient->buildOauthAuthorizationHeader(
+            $url,
+            $accessCredentials['key'],
+            $accessCredentials['secret'],
+            [],
+            'GET'
+        )[0];
+    }
+
+    private function checkAll(string $wsdlContent): void
+    {
+        $this->_checkTypesDeclaration($wsdlContent);
+        $this->_checkPortTypeDeclaration($wsdlContent);
+        $this->_checkBindingDeclaration($wsdlContent);
+        $this->_checkServiceDeclaration($wsdlContent);
+        $this->_checkMessagesDeclaration($wsdlContent);
+        $this->_checkFaultsDeclaration($wsdlContent);
+    }
 }