B2B-2206: [Spike] Find All Areas in GraphQL That Break When Session is Disabled

Author: rganin

app/code/Magento/GraphQl/Test/Unit/Plugin/DisableSessionTest.php

@@ -55,7 +55,6 @@ public function setUp(): void
         );
     }
 
-
     /**
      * Test afterCheck plugin result over original method result.
      *

dev/tests/api-functional/framework/Magento/TestFramework/TestCase/GraphQl/Client.php

@@ -139,7 +139,8 @@ public function getWithResponseHeaders(
         string $query,
         array $variables = [],
         string $operationName = '',
-        array $headers = []
+        array $headers = [],
+        bool $flushCookies = false
     ): array {
         $url = $this->getEndpointUrl();
         $requestArray = [
@@ -149,11 +150,12 @@ public function getWithResponseHeaders(
         ];
         array_filter($requestArray);
 
-        $response = $this->curlClient->getWithFullResponse($url, $requestArray, $headers);
+        $response = $this->curlClient->getWithFullResponse($url, $requestArray, $headers, $flushCookies);
         $responseBody = $this->processResponse($response['body']);
         $responseHeaders = !empty($response['header']) ? $this->processResponseHeaders($response['header']) : [];
+        $responseCookies = !empty($response['header']) ? $this->processResponseCookies($response['header']) : [];
 
-        return ['headers' => $responseHeaders, 'body' => $responseBody];
+        return ['headers' => $responseHeaders, 'body' => $responseBody, 'cookies' => $responseCookies];
     }
 
     /**
@@ -169,7 +171,8 @@ public function postWithResponseHeaders(
         string $query,
         array $variables = [],
         string $operationName = '',
-        array $headers = []
+        array $headers = [],
+        bool $flushCookies = false
     ): array {
         $url = $this->getEndpointUrl();
         $headers = array_merge($headers, ['Accept: application/json', 'Content-Type: application/json']);
@@ -180,11 +183,12 @@ public function postWithResponseHeaders(
         ];
         $postData = $this->json->jsonEncode($requestArray);
 
-        $response = $this->curlClient->postWithFullResponse($url, $postData, $headers);
+        $response = $this->curlClient->postWithFullResponse($url, $postData, $headers, $flushCookies);
         $responseBody = $this->processResponse($response['body']);
         $responseHeaders = !empty($response['header']) ? $this->processResponseHeaders($response['header']) : [];
+        $responseCookies = !empty($response['header']) ? $this->processResponseCookies($response['header']) : [];
 
-        return ['headers' => $responseHeaders, 'body' => $responseBody];
+        return ['headers' => $responseHeaders, 'body' => $responseBody, 'cookies' => $responseCookies];
     }
 
     /**
@@ -254,4 +258,25 @@ private function processResponseHeaders(string $headers): array
 
         return $headersArray;
     }
+
+    /**
+     * Prepare separate array of cookies.
+     *
+     * @param string $headers
+     * @return array
+     */
+    private function processResponseCookies(string $headers): array
+    {
+        $cookiesArray = [];
+        $headers = preg_split('/((\r?\n)|(\r\n?))/', $headers);
+        foreach ($headers as $header) {
+            if (strpos($header, 'Set-Cookie:') === 0) {
+                $cookie = preg_split('/: /', $header, 2);
+                if (isset($cookie[1]) && !empty($cookie[1])) {
+                    $cookiesArray[] = $cookie[1];
+                }
+            }
+        }
+        return $cookiesArray;
+    }
 }

dev/tests/api-functional/framework/Magento/TestFramework/TestCase/HttpClient/CurlClient.php

@@ -38,16 +38,20 @@ public function get($url, $data = [], $headers = [])
      * @param string $url
      * @param array $data
      * @param array $headers
+     * @param bool $flushCookies
      * @return array
      */
-    public function getWithFullResponse($url, $data = [], $headers = []): array
+    public function getWithFullResponse($url, $data = [], $headers = [], $flushCookies = false): array
     {
         if (!empty($data)) {
             $url .= '?' . http_build_query($data);
         }
 
         $curlOpts = [];
         $curlOpts[CURLOPT_CUSTOMREQUEST] = \Magento\Framework\Webapi\Rest\Request::HTTP_METHOD_GET;
+        if ($flushCookies) {
+            $curlOpts[CURLOPT_COOKIELIST] = 'ALL';
+        }
         return $this->invokeApi($url, $curlOpts, $headers);
     }
 
@@ -57,14 +61,18 @@ public function getWithFullResponse($url, $data = [], $headers = []): array
      * @param string $url
      * @param array|string $data
      * @param array $headers
+     * @param bool $flushCookies
      * @return array
      */
-    public function postWithFullResponse($url, $data, $headers = []): array
+    public function postWithFullResponse($url, $data, $headers = [], $flushCookies = false): array
     {
         $curlOpts = [];
         $curlOpts[CURLOPT_CUSTOMREQUEST] = \Magento\Framework\Webapi\Rest\Request::HTTP_METHOD_POST;
         $headers[] = 'Content-Length: ' . strlen($data);
         $curlOpts[CURLOPT_POSTFIELDS] = $data;
+        if ($flushCookies) {
+            $curlOpts[CURLOPT_COOKIELIST] = 'ALL';
+        }
 
         return $this->invokeApi($url, $curlOpts, $headers);
     }

dev/tests/api-functional/testsuite/Magento/GraphQl/GraphQl/GraphQlSessionTest.php

@@ -0,0 +1,268 @@
+<?php
+/**
+ * Copyright © Magento, Inc. All rights reserved.
+ * See COPYING.txt for license details.
+ */
+declare(strict_types=1);
+
+namespace Magento\GraphQl\GraphQl;
+
+use Magento\Framework\Exception\AuthenticationException;
+use Magento\Integration\Api\CustomerTokenServiceInterface;
+use Magento\TestFramework\Helper\Bootstrap;
+use Magento\TestFramework\TestCase\GraphQl\Client;
+use Magento\TestFramework\TestCase\GraphQlAbstract;
+use Magento\GraphQl\Quote\GetMaskedQuoteIdByReservedOrderId;
+
+/**
+ * Test class to verify category uid, available as product aggregation type
+ */
+class GraphQlSessionTest extends GraphQlAbstract
+{
+    /**
+     * @var Client
+     */
+    private $graphQlClient;
+
+    /**
+     * @var \Magento\GraphQl\Quote\GetMaskedQuoteIdByReservedOrderId
+     */
+    private $getMaskedQuoteIdByReservedOrderId;
+
+    /**
+     * @var CustomerTokenServiceInterface
+     */
+    private $customerTokenService;
+
+    /**
+     * @inheirtdoc
+     */
+    public function setUp(): void
+    {
+        $objectManager = Bootstrap::getObjectManager();
+        $this->customerTokenService = $objectManager->get(CustomerTokenServiceInterface::class);
+        $this->getMaskedQuoteIdByReservedOrderId = $objectManager->get(GetMaskedQuoteIdByReservedOrderId::class);
+        $this->graphQlClient = $objectManager->get(Client::class);
+    }
+
+    /**
+     * Test for checking if graphQL query sets session cookies
+     *
+     * @magentoApiDataFixture Magento/Catalog/_files/categories.php
+     * @magentoConfigFixture graphql/session/disable 0
+     */
+    public function testCheckSessionCookieWithGetCategoryList(): void
+    {
+        $query = <<<QUERY
+{
+    categoryList{
+        id
+        uid
+        name
+        url_key
+        url_path
+        children_count
+        path
+        position
+    }
+}
+QUERY;
+        // Using cURL feature of flushing cookies upon completion of request
+        $this->graphQlClient->getWithResponseHeaders($query, [], '', [], true);
+        // perform secondary request after cookies have been flushed
+        $result = $this->graphQlClient->getWithResponseHeaders($query, [], '', []);
+        $this->assertNotEmpty($result['cookies']);
+        $this->assertAnyCookieMatchesRegex('/PHPSESSID=[a-z0-9]+;/', $result['cookies']);
+        $this->assertCount(1, $result['body']['categoryList']);
+    }
+
+    /**
+     * Test for checking if graphQL query does not set session cookies when session is disabled
+     *
+     * @magentoApiDataFixture Magento/Catalog/_files/categories.php
+     * @magentoConfigFixture graphql/session/disable 1
+     */
+    public function testCheckSessionCookieNotPresentWithGetCategoryList(): void
+    {
+        $query = <<<QUERY
+{
+    categoryList{
+        id
+        uid
+        name
+        url_key
+        url_path
+        children_count
+        path
+        position
+    }
+}
+QUERY;
+        // CURL flushes cookies only upon completion of the request is the flag is set
+        // perform graphql request with flushing cookies upon completion
+        $this->graphQlClient->getWithResponseHeaders($query, [], '', [], true);
+        // perform secondary request after cookies have been flushed
+        $result = $this->graphQlClient->getWithResponseHeaders($query, [], '', []);
+        // may have other cookies than session
+        $this->assertNoCookiesMatchRegex('/PHPSESSID=[a-z0-9]+;/', $result['cookies']);
+        $this->assertCount(1, $result['body']['categoryList']);
+    }
+
+    /**
+     * @magentoApiDataFixture Magento/Customer/_files/customer.php
+     * @magentoApiDataFixture Magento/GraphQl/Catalog/_files/simple_product.php
+     * @magentoApiDataFixture Magento/GraphQl/Quote/_files/customer/create_empty_cart.php
+     * @magentoConfigFixture graphql/session/disable 0
+     */
+    public function testSessionStartsInAddProductToCartMutation()
+    {
+        $sku = 'simple_product';
+        $quantity = 2;
+        $maskedQuoteId = $this->getMaskedQuoteIdByReservedOrderId->execute('test_quote');
+        $query = $this->getQuery($maskedQuoteId, $sku, $quantity);
+
+        $this->graphQlClient->postWithResponseHeaders($query, [], '', $this->getAuthHeaders(), true);
+        $result = $this->graphQlClient->postWithResponseHeaders($query, [], '', $this->getAuthHeaders());
+        $this->assertNotEmpty($result['cookies']);
+        $this->assertAnyCookieMatchesRegex('/PHPSESSID=[a-z0-9]+;/', $result['cookies']);
+    }
+
+    /**
+     * @magentoApiDataFixture Magento/Customer/_files/customer.php
+     * @magentoApiDataFixture Magento/GraphQl/Catalog/_files/simple_product.php
+     * @magentoApiDataFixture Magento/GraphQl/Quote/_files/customer/create_empty_cart.php
+     * @magentoConfigFixture graphql/session/disable 1
+     */
+    public function testSessionDoesNotStartInAddProductToCartMutation()
+    {
+        $sku = 'simple_product';
+        $quantity = 2;
+        $maskedQuoteId = $this->getMaskedQuoteIdByReservedOrderId->execute('test_quote');
+        $query = $this->getQuery($maskedQuoteId, $sku, $quantity);
+
+        $this->graphQlClient->postWithResponseHeaders($query, [], '', $this->getAuthHeaders(), true);
+        $result = $this->graphQlClient->postWithResponseHeaders($query, [], '', $this->getAuthHeaders());
+        $this->assertNoCookiesMatchRegex('/PHPSESSID=[a-z0-9]+;/', $result['cookies']);
+    }
+
+    /**
+     * Retrieve customer authorization headers
+     *
+     * @param string $username
+     * @param string $password
+     * @return array
+     * @throws AuthenticationException
+     */
+    private function getAuthHeaders(string $username = '[email protected]', string $password = 'password'): array
+    {
+        $customerToken = $this->customerTokenService->createCustomerAccessToken($username, $password);
+        return [sprintf('%s: %s', 'Authorization', 'Bearer ' . $customerToken)];
+    }
+
+    /**
+     * @param string $maskedQuoteId
+     * @param string $sku
+     * @param float $quantity
+     * @return string
+     */
+    private function getQuery(string $maskedQuoteId, string $sku, float $quantity): string
+    {
+        return <<<QUERY
+mutation {
+  addSimpleProductsToCart(input: {
+    cart_id: "{$maskedQuoteId}",
+    cart_items: [
+      {
+        data: {
+          quantity: {$quantity}
+          sku: "{$sku}"
+        }
+      }
+    ]
+  }) {
+    cart {
+      items {
+        id
+        quantity
+        product {
+          sku
+        }
+        prices {
+          price {
+           value
+           currency
+          }
+          row_total {
+           value
+           currency
+          }
+          row_total_including_tax {
+           value
+           currency
+          }
+        }
+      }
+      shipping_addresses {
+        firstname
+        lastname
+        company
+        street
+        city
+        postcode
+        telephone
+        country {
+          code
+          label
+        }
+        __typename
+      }
+    }
+  }
+}
+QUERY;
+    }
+
+    /**
+     * Assert that at least one cookie in the array matches pattern.
+     *
+     * @param string $pattern
+     * @param array $cookies
+     * @return void
+     */
+    private function assertAnyCookieMatchesRegex(string $pattern, array $cookies): void
+    {
+        if (empty($cookies)) {
+            return;
+        }
+        $result = false;
+        foreach ($cookies as $cookie) {
+            if (preg_match($pattern, $cookie)) {
+                $result = true;
+                break;
+            }
+        }
+        $this->assertTrue($result, 'Failed asserting that any cookie in the array matches pattern: ' . $pattern);
+    }
+
+    /**
+     * Assert that no cookie in the array matches pattern.
+     *
+     * @param string $pattern
+     * @param array $cookies
+     * @return void
+     */
+    private function assertNoCookiesMatchRegex(string $pattern, array $cookies): void
+    {
+        if (empty($cookies)) {
+            return;
+        }
+        $result = true;
+        foreach ($cookies as $cookie) {
+            if (preg_match($pattern, $cookie)) {
+                $result = false;
+                break;
+            }
+        }
+        $this->assertTrue($result, 'Failed assertion. At least one cookie in the array matches pattern: ' . $pattern);
+    }
+}