Merge branch 'AC-1344' of github.com:magento-cia/magento2ce into cia-bugfixes-2.4.4-develop-04112021

Author: admanesachin

app/code/Magento/Integration/Test/Unit/Oauth/OauthTest.php

@@ -61,10 +61,19 @@ class OauthTest extends TestCase
      */
     private $_loggerMock;
 
+    /**
+     * @var string
+     */
     private $_oauthToken;
 
+    /**
+     * @var string
+     */
     private $_oauthSecret;
 
+    /**
+     * @var string
+     */
     private $_oauthVerifier;
 
     const CONSUMER_ID = 1;
@@ -187,7 +196,7 @@ protected function _getRequestTokenParams($amendments = [])
             ),
             'oauth_nonce' => '',
             'oauth_timestamp' => time(),
-            'oauth_signature_method' => OauthInterface::SIGNATURE_SHA1,
+            'oauth_signature_method' => OauthInterface::SIGNATURE_SHA256,
             'oauth_signature' => 'invalid_signature',
         ];
 
@@ -871,7 +880,7 @@ protected function _getAccessTokenRequiredParams($amendments = [])
                 Oauth::LENGTH_CONSUMER_KEY
             ),
             'oauth_signature' => '',
-            'oauth_signature_method' => OauthInterface::SIGNATURE_SHA1,
+            'oauth_signature_method' => OauthInterface::SIGNATURE_SHA256,
             'oauth_nonce' => '',
             'oauth_timestamp' => (string)time(),
             'oauth_token' => $this->_generateRandomString(Oauth::LENGTH_TOKEN),

dev/tests/api-functional/framework/Magento/TestFramework/Authentication/Rest/OauthClient.php

@@ -32,6 +32,13 @@ class OauthClient extends AbstractService
     /** @var string|null */
     protected $_oauthVerifier = null;
 
+    /**
+     * @param Credentials $credentials
+     * @param ClientInterface|null $httpClient
+     * @param TokenStorageInterface|null $storage
+     * @param SignatureInterface|null $signature
+     * @param UriInterface|null $baseApiUri
+     */
     public function __construct(
         Credentials $credentials,
         ClientInterface $httpClient = null,
@@ -53,17 +60,15 @@ public function __construct(
     }
 
     /**
-     * @return UriInterface
+     * @inheritDoc
      */
     public function getRequestTokenEndpoint()
     {
         return new Uri(TESTS_BASE_URL . '/oauth/token/request');
     }
 
     /**
-     * Returns the authorization API endpoint.
-     *
-     * @return UriInterface
+     * @inheritDoc
      */
     public function getAuthorizationEndpoint()
     {
@@ -171,19 +176,22 @@ protected function _parseResponseBody($responseBody)
      */
     public function getOauthVerifier()
     {
-        if (!isset($this->_oauthVerifier) || isEmpty($this->_oauthVerifier)) {
+        if (empty($this->_oauthVerifier)) {
             throw new TokenResponseException("oAuth verifier must be obtained during request token request.");
         }
         return $this->_oauthVerifier;
     }
 
     /**
-     * @override to fix since parent implementation from lib not sending the oauth_verifier when requesting access token
-     * Builds the authorization header for an authenticated API request
+     * Builds the authorization header for an authenticated API request.
+     *
+     * Fixing this method since parent implementation from lib not sending the oauth_verifier
+     * when requesting access token.
+     *
      * @param string $method
      * @param UriInterface $uri the uri the request is headed
      * @param \OAuth\OAuth1\Token\TokenInterface $token
-     * @param $bodyParams array
+     * @param array|null $bodyParams
      * @return string
      */
     protected function buildAuthorizationHeaderForAPIRequest(
@@ -278,4 +286,12 @@ public function validateAccessToken($token, $method = 'GET')
 
         return json_decode($responseBody);
     }
+
+    /**
+     * @inheritDoc
+     */
+    protected function getSignatureMethod()
+    {
+        return 'HMAC-SHA256';
+    }
 }

dev/tests/api-functional/framework/Magento/TestFramework/Authentication/Rest/OauthClient/Signature.php

@@ -14,7 +14,7 @@
 class Signature extends \OAuth\OAuth1\Signature\Signature
 {
     /**
-     * {@inheritdoc}
+     * @inheritDoc
      *
      * In addition to the original method, allows array parameters for filters.
      */
@@ -30,6 +30,7 @@ function ($carry, $item) {
             []
         );
 
+        $signatureData = [];
         foreach (array_merge($queryStringData, $params) as $key => $value) {
             $signatureData[rawurlencode($key)] = rawurlencode($value);
         }
@@ -51,4 +52,17 @@ function ($carry, $item) {
 
         return base64_encode($this->hash($baseString));
     }
+
+    /**
+     * @inheritDoc
+     */
+    protected function hash($data)
+    {
+        switch (strtoupper($this->algorithm)) {
+            case 'HMAC-SHA256':
+                return hash_hmac('sha256', $data, $this->getSigningKey(), true);
+            default:
+                return parent::hash($data);
+        }
+    }
 }

lib/internal/Magento/Framework/Oauth/Helper/Request.php

@@ -63,18 +63,7 @@ public function getRequestUrl($httpRequest)
      * @param string $contentTypeHeader
      * @param string $requestBodyString
      * @param string $requestUrl
-     * @return array
-     * merged array of oauth protocols and request parameters. eg :
-     * <pre>
-     * array (
-     *         'oauth_version' => '1.0',
-     *         'oauth_signature_method' => 'HMAC-SHA1',
-     *         'oauth_nonce' => 'rI7PSWxTZRHWU3R',
-     *         'oauth_timestamp' => '1377183099',
-     *         'oauth_consumer_key' => 'a6aa81cc3e65e2960a4879392445e718',
-     *         'oauth_signature' => 'VNg4mhFlXk7%2FvsxMqqUd5DWIj9s%3D'
-     * )
-     * </pre>
+     * @return array Merged array of oauth protocols and request parameters.
      */
     protected function _processRequest($authHeaderValue, $contentTypeHeader, $requestBodyString, $requestUrl)
     {

lib/internal/Magento/Framework/Oauth/Oauth.php

@@ -8,6 +8,7 @@
 
 use Magento\Framework\Encryption\Helper\Security;
 use Magento\Framework\Phrase;
+use Magento\Framework\Oauth\Exception as AuthException;
 
 /**
  * Authorization service.
@@ -56,11 +57,11 @@ public function __construct(
     /**
      * Retrieve array of supported signature methods.
      *
-     * @return string[] - Supported HMAC-SHA1 and HMAC-SHA256 signature methods.
+     * @return string[]
      */
     public static function getSupportedSignatureMethods()
     {
-        return [self::SIGNATURE_SHA1, self::SIGNATURE_SHA256];
+        return [self::SIGNATURE_SHA256];
     }
 
     /**
@@ -141,7 +142,7 @@ public function validateAccessToken($accessToken)
     public function buildAuthorizationHeader(
         $params,
         $requestUrl,
-        $signatureMethod = self::SIGNATURE_SHA1,
+        $signatureMethod = self::SIGNATURE_SHA256,
         $httpMethod = 'POST'
     ) {
         $required = ["oauth_consumer_key", "oauth_consumer_secret", "oauth_token", "oauth_token_secret"];
@@ -202,7 +203,7 @@ protected function _validateSignature($params, $consumerSecret, $httpMethod, $re
         );
 
         if (!Security::compareStrings($calculatedSign, $params['oauth_signature'])) {
-            throw new Exception(new Phrase('The signature is invalid. Verify and try again.'));
+            throw new AuthException(new Phrase('The signature is invalid. Verify and try again.'));
         }
     }
 

lib/internal/Magento/Framework/Oauth/OauthInterface.php

@@ -59,6 +59,10 @@ interface OauthInterface
     /**#@+
      * Signature Methods
      */
+    /**
+     * @deprecated SHA1 is deprecated
+     * @see SIGNATURE_SHA256
+     */
     const SIGNATURE_SHA1 = 'HMAC-SHA1';
 
     const SIGNATURE_SHA256 = 'HMAC-SHA256';
@@ -69,16 +73,6 @@ interface OauthInterface
      * Issue a pre-authorization request token to the caller.
      *
      * @param array $params - Array containing parameters necessary for requesting Request Token.
-     * <pre>
-     * array (
-     *         'oauth_version' => '1.0',
-     *         'oauth_signature_method' => 'HMAC-SHA1',
-     *         'oauth_nonce' => 'rI7PSWxTZRHWU3R',
-     *         'oauth_timestamp' => '1377183099',
-     *         'oauth_consumer_key' => 'a6aa81cc3e65e2960a4879392445e718',
-     *         'oauth_signature' => 'VNg4mhFlXk7%2FvsxMqqUd5DWIj9s%3D'
-     * )
-     * </pre>
      * @param string $requestUrl - The request Url.
      * @param string $httpMethod - (default: 'POST')
      * @return array - The request token/secret pair.
@@ -96,18 +90,6 @@ public function getRequestToken($params, $requestUrl, $httpMethod = 'POST');
      * Get access token for a pre-authorized request token.
      *
      * @param array $params - Array containing parameters necessary for requesting Access Token.
-     * <pre>
-     * array (
-     *         'oauth_version' => '1.0',
-     *         'oauth_signature_method' => 'HMAC-SHA1',
-     *         'oauth_token' => 'a6aa81cc3e65e2960a487939244sssss',
-     *         'oauth_nonce' => 'rI7PSWxTZRHWU3R',
-     *         'oauth_timestamp' => '1377183099',
-     *         'oauth_consumer_key' => 'a6aa81cc3e65e2960a4879392445e718',
-     *         'oauth_signature' => 'VNg4mhFlXk7%2FvsxMqqUd5DWIj9s%3D',
-     *         'oauth_verifier' => 'a6aa81cc3e65e2960a487939244vvvvv'
-     * )
-     * </pre>
      * @param string $requestUrl - The request Url.
      * @param string $httpMethod - (default: 'POST')
      * @return array - The access token/secret pair.
@@ -125,17 +107,6 @@ public function getAccessToken($params, $requestUrl, $httpMethod = 'POST');
      * Validate an access token request.
      *
      * @param array $params - Array containing parameters necessary for validating Access Token.
-     * <pre>
-     * array (
-     *         'oauth_version' => '1.0',
-     *         'oauth_signature_method' => 'HMAC-SHA1',
-     *         'oauth_token' => 'a6aa81cc3e65e2960a487939244sssss',
-     *         'oauth_nonce' => 'rI7PSWxTZRHWU3R',
-     *         'oauth_timestamp' => '1377183099',
-     *         'oauth_consumer_key' => 'a6aa81cc3e65e2960a4879392445e718',
-     *         'oauth_signature' => 'VNg4mhFlXk7%2FvsxMqqUd5DWIj9s%3D'
-     * )
-     * </pre>
      * @param string $requestUrl - The request Url.
      * @param string $httpMethod - (default: 'POST')
      * @return int Consumer ID.
@@ -167,20 +138,15 @@ public function validateAccessToken($accessToken);
      *   );
      * </pre>
      * @param string $requestUrl e.g 'http://www.example.com/endpoint'
-     * @param string $signatureMethod (default: 'HMAC-SHA1')
+     * @param string $signatureMethod (default: 'HMAC-SHA256')
      * @param string $httpMethod (default: 'POST')
      * @return string
-     * <pre>
-     * OAuth oauth_version="1.0", oauth_signature_method="HMAC-SHA1", oauth_nonce="5X1aWR2qzf2uFm1",
-     * oauth_timestamp="1381930661", oauth_consumer_key="34edf957ef88492f0a32eb7e1731e85d",
-     * oauth_token="7c0709f789e1f38a17aa4b9a28e1b06c", oauth_signature="agVxK0epXOOeQK4%2Bc7UAqUXoAok%3D"
-     * <pre>
      * @throws \Magento\Framework\Oauth\Exception
      */
     public function buildAuthorizationHeader(
         $params,
         $requestUrl,
-        $signatureMethod = self::SIGNATURE_SHA1,
+        $signatureMethod = self::SIGNATURE_SHA256,
         $httpMethod = 'POST'
     );
 }