[ReadyForReview] Exposing cart links for GUEST CARTS (magento only allows logged-in carts by default); (#747)

* creating a route that allows access to guest carts

* Final tweaks to add rsa functionality

* removing changes to admin urls

* removing log exposure of public key

* helper function for signature verification

* addressing suggestions

* Missing module.xml

* protected usage is discouraged

* modifying composer

* Moving logic into Meta Sales module due to etalon-composer mismatch

* fixing module.xml issue

* Incorrect namespace

Author: sol-loup

app/code/Meta/BusinessExtension/Model/Api/CustomApiKey/Authenticator.php

@@ -160,4 +160,25 @@ private function authenticateSignature(?string $storeId = null): void
             throw $ex;
         }
     }
+
+    /**
+     * Verify the RSA signature for an arbitrary data string.
+     *
+     * @param string $data
+     * @param string $signature
+     * @return bool
+     * @throws LocalizedException
+     */
+    public function verifySignature(string $data, string $signature): bool
+    {
+        // phpcs:ignore Magento2.Functions.DiscouragedFunction
+        $publicKey = file_get_contents(__DIR__ . '/PublicKey.pem');
+        $publicKeyResource = openssl_get_publickey($publicKey);
+        if ($publicKeyResource === false) {
+            throw new LocalizedException(__('Invalid Public Key'));
+        }
+        // phpcs:ignore Magento2.Functions.DiscouragedFunction
+        $decodedSignature = base64_decode($signature);
+        return openssl_verify($data, $decodedSignature, $publicKeyResource, OPENSSL_ALGO_SHA256) === 1;
+    }
 }

app/code/Meta/Sales/Controller/Checkout/LoadMetaCart.php

@@ -0,0 +1,131 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Meta\Sales\Controller\Checkout;
+
+use Magento\Checkout\Model\Session as CheckoutSession;
+use Magento\Framework\App\Action\HttpGetActionInterface;
+use Magento\Framework\App\RequestInterface;
+use Magento\Framework\App\ResponseInterface;
+use Magento\Framework\Controller\Result\RedirectFactory;
+use Magento\Framework\Exception\LocalizedException;
+use Magento\Quote\Model\QuoteIdMaskFactory;
+use Magento\Quote\Model\QuoteRepository;
+use Meta\BusinessExtension\Helper\FBEHelper;
+use Meta\BusinessExtension\Model\Api\CustomApiKey\Authenticator;
+
+/**
+ * Controller for loading cart based on masked ID.
+ */
+class LoadMetaCart implements HttpGetActionInterface
+{
+    /**
+     * @var RedirectFactory
+     */
+    private $resultRedirectFactory;
+
+    /**
+     * @var QuoteIdMaskFactory
+     */
+    private $quoteIdMaskFactory;
+
+    /**
+     * @var QuoteRepository
+     */
+    private $quoteRepository;
+
+    /**
+     * @var CheckoutSession
+     */
+    private $checkoutSession;
+
+    /**
+     * @var RequestInterface
+     */
+    private $request;
+
+    /**
+     * @var FBEHelper
+     */
+    private $fbeHelper;
+
+    /**
+     * @var Authenticator
+     */
+    private $authenticator;
+
+    /**
+     * Constructor.
+     *
+     * @param RequestInterface $request
+     * @param RedirectFactory $resultRedirectFactory
+     * @param QuoteIdMaskFactory $quoteIdMaskFactory
+     * @param QuoteRepository $quoteRepository
+     * @param CheckoutSession $checkoutSession
+     * @param FBEHelper $fbeHelper
+     * @param Authenticator $authenticator
+     */
+    public function __construct(
+        RequestInterface $request,
+        RedirectFactory $resultRedirectFactory,
+        QuoteIdMaskFactory $quoteIdMaskFactory,
+        QuoteRepository $quoteRepository,
+        CheckoutSession $checkoutSession,
+        FBEHelper $fbeHelper,
+        Authenticator $authenticator
+    ) {
+        $this->request = $request;
+        $this->resultRedirectFactory = $resultRedirectFactory;
+        $this->quoteIdMaskFactory = $quoteIdMaskFactory;
+        $this->quoteRepository = $quoteRepository;
+        $this->checkoutSession = $checkoutSession;
+        $this->fbeHelper = $fbeHelper;
+        $this->authenticator = $authenticator;
+    }
+
+    /**
+     * Execute action based on request.
+     *
+     * IMPORTANT: Signatures must be URL-Encoded after being Base64 Encoded, or verification will fail.
+     *
+     * @return ResponseInterface
+     */
+    public function execute()
+    {
+        try {
+
+            $cartId = $this->request->getParam('cart_id');
+            $signature = $this->request->getParam('signature');
+
+            if (!$this->authenticator->verifySignature($cartId, $signature)) {
+                $this->fbeHelper->log(
+                    "RSA Verification Failed for cartId: {$cartId} with signature: {$signature}"
+                );
+                throw new LocalizedException(__('RSA Signature Validation Failed'));
+            }
+
+            $quoteId = $this->quoteIdMaskFactory->create()->load($cartId, 'masked_id')->getQuoteId();
+            $quote = $this->quoteRepository->get($quoteId);
+            $this->checkoutSession->replaceQuote($quote);
+            $resultRedirect = $this->resultRedirectFactory->create();
+            $resultRedirect->setPath('checkout/cart');
+            return $resultRedirect;
+        } catch (\Exception $e) {
+            $this->fbeHelper->logExceptionImmediatelyToMeta(
+                $e,
+                [
+                    'event' => 'guest_cart_link',
+                    'event_type' => 'cart_redirect',
+                    'extra_data' => [
+                        'signature' => $signature,
+                        'cart_id' => $cartId,
+                    ],
+                ]
+            );
+            $resultRedirect = $this->resultRedirectFactory->create();
+            $resultRedirect->setPath('checkout/cart');
+            return $resultRedirect;
+        }
+    }
+}

app/code/Meta/Sales/etc/frontend/routes.xml

@@ -0,0 +1,8 @@
+<?xml version="1.0"?>
+<config xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="urn:magento:framework:App/etc/routes.xsd">
+    <router id="standard">
+        <route id="meta" frontName="meta">
+            <module name="Meta_Sales"/>
+        </route>
+    </router>
+</config>