Refactor: Move CspNonceProvider to Model and deprecate old Helper class

app/code/Magento/AdminAnalytics/ViewModel/Metadata.php

@@ -8,12 +8,12 @@
 
 namespace Magento\AdminAnalytics\ViewModel;
 
+use Magento\Backend\Model\Auth\Session;
 use Magento\Config\Model\Config\Backend\Admin\Custom;
-use Magento\Csp\Helper\CspNonceProvider;
+use Magento\Csp\Model\CspNonceProvider;
 use Magento\Framework\App\Config\ScopeConfigInterface;
 use Magento\Framework\App\ObjectManager;
 use Magento\Framework\App\ProductMetadataInterface;
-use Magento\Backend\Model\Auth\Session;
 use Magento\Framework\App\State;
 use Magento\Framework\View\Element\Block\ArgumentInterface;
 use Magento\Store\Model\Information;

app/code/Magento/Csp/Helper/CspNonceProvider.php

@@ -8,79 +8,33 @@
 
 namespace Magento\Csp\Helper;
 
-use Magento\Csp\Model\Collector\DynamicCollector;
-use Magento\Csp\Model\Policy\FetchPolicy;
-use Magento\Framework\Exception\LocalizedException;
-use Magento\Framework\Math\Random;
+use Magento\Csp\Model\CspNonceProvider as CspNonceProviderModel;
 
 /**
- * This helper class is used to provide nonce for CSP
- *
- * It also adds a nonce to the CSP header.
+ * @deprecated This class was moved to Magento\Csp\Model\CspNonceProvider.
+ * It is kept for backward compatibility and will be removed in a future major version.
+ * @see \Magento\Csp\Model\CspNonceProvider
  */
 class CspNonceProvider
 {
     /**
-     * @var string
+     * @var CspNonceProviderModel
      */
-    private const NONCE_LENGTH = 32;
+    private CspNonceProviderModel $model;
 
     /**
-     * @var string
+     * @param CspNonceProviderModel $model
      */
-    private string $nonce;
-
-    /**
-     * @var Random
-     */
-    private Random $random;
-
-    /**
-     * @var DynamicCollector
-     */
-    private DynamicCollector $dynamicCollector;
-
-    /**
-     * @param Random $random
-     * @param DynamicCollector $dynamicCollector
-     */
-    public function __construct(
-        Random $random,
-        DynamicCollector $dynamicCollector
-    ) {
-        $this->random = $random;
-        $this->dynamicCollector = $dynamicCollector;
+    public function __construct(CspNonceProviderModel $model)
+    {
+        $this->model = $model;
     }
 
     /**
-     * Generate nonce and add it to the CSP header
-     *
-     * @return string
-     * @throws LocalizedException
+     * @deprecated
      */
     public function generateNonce(): string
     {
-        if (empty($this->nonce)) {
-            $this->nonce = $this->random->getRandomString(
-                self::NONCE_LENGTH,
-                Random::CHARS_DIGITS . Random::CHARS_LOWERS
-            );
-
-            $policy = new FetchPolicy(
-                'script-src',
-                false,
-                [],
-                [],
-                false,
-                false,
-                false,
-                [$this->nonce],
-                []
-            );
-
-            $this->dynamicCollector->add($policy);
-        }
-
-        return base64_encode($this->nonce);
+        return $this->model->generateNonce();
     }
 }

app/code/Magento/Csp/Helper/InlineUtil.php

@@ -11,6 +11,7 @@
 use Magento\Csp\Api\InlineUtilInterface;
 use Magento\Csp\Model\Collector\ConfigCollector;
 use Magento\Csp\Model\Collector\DynamicCollector;
+use Magento\Csp\Model\CspNonceProvider;
 use Magento\Csp\Model\Policy\FetchPolicy;
 use Magento\Framework\App\ObjectManager;
 use Magento\Framework\View\Helper\SecureHtmlRender\EventHandlerData;

app/code/Magento/Csp/Model/CspNonceProvider.php

@@ -0,0 +1,86 @@
+<?php
+/**
+ * Copyright 2024 Adobe
+ * All Rights Reserved.
+ */
+
+declare(strict_types=1);
+
+namespace Magento\Csp\Model;
+
+use Magento\Csp\Model\Collector\DynamicCollector;
+use Magento\Csp\Model\Policy\FetchPolicy;
+use Magento\Framework\Exception\LocalizedException;
+use Magento\Framework\Math\Random;
+
+/**
+ * This helper class is used to provide nonce for CSP
+ *
+ * It also adds a nonce to the CSP header.
+ */
+class CspNonceProvider
+{
+    /**
+     * @var string
+     */
+    private const NONCE_LENGTH = 32;
+
+    /**
+     * @var string
+     */
+    private string $nonce;
+
+    /**
+     * @var Random
+     */
+    private Random $random;
+
+    /**
+     * @var DynamicCollector
+     */
+    private DynamicCollector $dynamicCollector;
+
+    /**
+     * @param Random $random
+     * @param DynamicCollector $dynamicCollector
+     */
+    public function __construct(
+        Random $random,
+        DynamicCollector $dynamicCollector
+    ) {
+        $this->random = $random;
+        $this->dynamicCollector = $dynamicCollector;
+    }
+
+    /**
+     * Generate nonce and add it to the CSP header
+     *
+     * @return string
+     * @throws LocalizedException
+     */
+    public function generateNonce(): string
+    {
+        if (empty($this->nonce)) {
+            $this->nonce = $this->random->getRandomString(
+                self::NONCE_LENGTH,
+                Random::CHARS_DIGITS . Random::CHARS_LOWERS
+            );
+
+            $policy = new FetchPolicy(
+                'script-src',
+                false,
+                [],
+                [],
+                false,
+                false,
+                false,
+                [$this->nonce],
+                []
+            );
+
+            $this->dynamicCollector->add($policy);
+        }
+
+        return base64_encode($this->nonce);
+    }
+}

app/code/Magento/Csp/Test/Unit/Model/CspNonceProviderTest.php

@@ -0,0 +1,70 @@
+<?php
+/**
+ * Copyright 2020 Adobe
+ * All Rights Reserved.
+ */
+
+declare(strict_types=1);
+
+namespace Magento\Csp\Model\Test;
+
+use Magento\Csp\Model\CspNonceProvider;
+use Magento\Csp\Model\Collector\DynamicCollector;
+use Magento\Framework\Math\Random;
+use Magento\Csp\Model\Policy\FetchPolicy;
+use PHPUnit\Framework\MockObject\MockObject;
+use PHPUnit\Framework\TestCase;
+
+class CspNonceProviderTest extends TestCase
+{
+    private Random|MockObject $randomMock;
+    private MockObject|DynamicCollector $collectorMock;
+    private CspNonceProvider $provider;
+
+    protected function setUp(): void
+    {
+        $this->randomMock = $this->createMock(Random::class);
+        $this->collectorMock = $this->createMock(DynamicCollector::class);
+
+        $this->provider = new CspNonceProvider(
+            $this->randomMock,
+            $this->collectorMock
+        );
+    }
+
+    public function testGenerateNonce(): void
+    {
+        $nonce = 'abc123nonce';
+        $this->randomMock
+            ->method('getRandomString')
+            ->willReturn($nonce);
+        $this->collectorMock
+            ->expects($this->once())
+            ->method('add')
+            ->with($this->callback(function ($policy) use ($nonce) {
+                return $policy instanceof FetchPolicy
+                    && in_array($nonce, $policy->getNonceValues());
+            }));
+
+        $result = $this->provider->generateNonce();
+        $this->assertEquals(base64_encode($nonce), $result);
+    }
+
+    public function testGenerateNonceCalledTwiceReturnsSameValue(): void
+    {
+        $nonce = 'firstnonce';
+
+        $this->randomMock
+            ->method('getRandomString')
+            ->willReturn($nonce);
+
+        $this->collectorMock
+            ->expects($this->once())
+            ->method('add');
+
+        $firstCall = $this->provider->generateNonce();
+        $secondCall = $this->provider->generateNonce();
+
+        $this->assertSame($firstCall, $secondCall);
+    }
+}

app/code/Magento/Csp/ViewModel/NonceProvider.php

@@ -7,7 +7,7 @@
 
 namespace Magento\Csp\ViewModel;
 
-use Magento\Csp\Helper\CspNonceProvider;
+use Magento\Csp\Model\CspNonceProvider;
 use Magento\Framework\Exception\LocalizedException;
 use Magento\Framework\View\Element\Block\ArgumentInterface;
 

app/code/Magento/Paypal/Model/Config.php

@@ -6,7 +6,7 @@
 
 namespace Magento\Paypal\Model;
 
-use Magento\Csp\Helper\CspNonceProvider;
+use Magento\Csp\Model\CspNonceProvider;
 use Magento\Framework\App\ObjectManager;
 use Magento\Payment\Helper\Formatter;
 

app/code/Magento/Paypal/Test/Unit/Model/ConfigTest.php

@@ -7,7 +7,7 @@
 
 namespace Magento\Paypal\Test\Unit\Model;
 
-use Magento\Csp\Helper\CspNonceProvider;
+use Magento\Csp\Model\CspNonceProvider;
 use Magento\Directory\Helper\Data;
 use Magento\Framework\App\Config\ScopeConfigInterface;
 use Magento\Framework\TestFramework\Unit\Helper\ObjectManager;

dev/tests/integration/testsuite/Magento/Csp/Helper/InlineUtilTest.php

@@ -7,9 +7,11 @@
 
 namespace Magento\Csp\Helper;
 
+use Magento\Csp\Model\CspNonceProviderMock;
 use Magento\Csp\Api\Data\PolicyInterface;
 use Magento\Csp\Model\Collector\DynamicCollector;
 use Magento\Csp\Model\Collector\DynamicCollectorMock;
+use Magento\Csp\Model\CspNonceProvider;
 use Magento\Csp\Model\Policy\FetchPolicy;
 use Magento\Framework\View\Helper\SecureHtmlRenderer;
 use Magento\TestFramework\Helper\Bootstrap;

dev/tests/integration/testsuite/Magento/Csp/Helper/CspNonceProviderMock.php → dev/tests/integration/testsuite/Magento/Csp/Model/CspNonceProviderMock.php

@@ -5,9 +5,10 @@
  */
 declare(strict_types=1);
 
-namespace Magento\Csp\Helper;
+namespace Magento\Csp\Model;
 
 use Magento\Csp\Model\Collector\DynamicCollector;
+use Magento\Csp\Model\CspNonceProvider;
 use Magento\Csp\Model\Policy\FetchPolicy;
 use Magento\Framework\Math\Random;