Merge branch 'AC-1450' of github.com:magento-cia/magento2ce into cia-2.4.4-develop-bugfixes-04112021

Author: admanesachin

app/code/Magento/Swagger/Controller/Index/Index.php

@@ -10,8 +10,12 @@
 use Magento\Framework\App\Action\Action;
 use Magento\Framework\App\Action\Context;
 use Magento\Framework\App\Action\HttpGetActionInterface;
+use Magento\Framework\App\ObjectManager;
+use Magento\Framework\App\RequestInterface;
+use Magento\Framework\Exception\NotFoundException;
 use Magento\Framework\View\Page\Config as PageConfig;
 use Magento\Framework\View\Result\PageFactory as PageFactory;
+use Magento\Swagger\Model\Config;
 
 class Index extends Action implements HttpGetActionInterface
 {
@@ -25,16 +29,28 @@ class Index extends Action implements HttpGetActionInterface
      */
     private $pageFactory;
 
+    /**
+     * @var Config
+     */
+    private $config;
+
     /**
      * @param Context $context
      * @param PageConfig $pageConfig
      * @param PageFactory $pageFactory
+     * @param Config|null $config
      */
-    public function __construct(Context $context, PageConfig $pageConfig, PageFactory $pageFactory)
-    {
+    public function __construct(
+        Context $context,
+        PageConfig $pageConfig,
+        PageFactory $pageFactory,
+        ?Config $config = null
+    ) {
         parent::__construct($context);
         $this->pageConfig = $pageConfig;
         $this->pageFactory = $pageFactory;
+        $this->config = $config ?? ObjectManager::getInstance()
+                ->get(Config::class);
     }
 
     /**
@@ -45,4 +61,16 @@ public function execute()
         $this->pageConfig->addBodyClass('swagger-section');
         return $this->pageFactory->create();
     }
+
+    /**
+     * @inheritDoc
+     */
+    public function dispatch(RequestInterface $request)
+    {
+        if (!$this->config->isEnabled()) {
+            throw new NotFoundException(__('Page not found.'));
+        }
+
+        return parent::dispatch($request);
+    }
 }

app/code/Magento/Swagger/Model/Config.php

@@ -0,0 +1,47 @@
+<?php
+/**
+ * Copyright © Magento, Inc. All rights reserved.
+ * See COPYING.txt for license details.
+ */
+
+declare(strict_types=1);
+
+namespace Magento\Swagger\Model;
+
+use Magento\Framework\App\State;
+
+/**
+ * Configuration for Swagger
+ */
+class Config
+{
+    /**
+     * @var State
+     */
+    private $state;
+
+    /**
+     * @var bool
+     */
+    private $enabledInProduction;
+
+    /**
+     * @param State $state
+     * @param bool $enabledInProduction
+     */
+    public function __construct(State $state, bool $enabledInProduction = false)
+    {
+        $this->state = $state;
+        $this->enabledInProduction = $enabledInProduction;
+    }
+
+    /**
+     * Is Swagger enabled
+     *
+     * @return bool
+     */
+    public function isEnabled(): bool
+    {
+        return $this->state->getMode() === State::MODE_DEVELOPER || $this->enabledInProduction;
+    }
+}

app/code/Magento/Swagger/Test/Mftf/Test/StorefrontMagentoApiSwaggerActionsExistTest.xml

@@ -13,6 +13,7 @@
             <title value="Authorize and logout on Swagger page"/>
             <description value="Authorize and logout on Swagger page use API Key"/>
             <severity value="CRITICAL"/>
+            <group value="developer_mode_only"/>
         </annotations>
         <before>
             <getOTP stepKey="getOtpCode"/>

app/code/Magento/Swagger/Test/Unit/Controller/Index/IndexTest.php

@@ -9,32 +9,105 @@
 namespace Magento\Swagger\Test\Unit\Controller\Index;
 
 use Magento\Framework\App\Action\Context;
+use Magento\Framework\App\Request\Http;
+use Magento\Framework\Exception\NotFoundException;
 use Magento\Framework\View\Page\Config as PageConfig;
 use Magento\Framework\View\Result\PageFactory;
 use Magento\Swagger\Controller\Index\Index;
+use Magento\Swagger\Model\Config;
 use PHPUnit\Framework\MockObject\MockObject;
 use PHPUnit\Framework\TestCase;
 
 class IndexTest extends TestCase
 {
-    public function testExecute()
+    /**
+     * @var PageConfig|MockObject
+     */
+    private $pageConfigMock;
+
+    /**
+     * @var PageFactory|MockObject
+     */
+    private $resultPageFactory;
+
+    /**
+     * @var Config|MockObject
+     */
+    private $config;
+
+    /**
+     * @var Index
+     */
+    private $indexAction;
+
+    protected function setUp(): void
     {
         /** @var MockObject|Context $pageConfigMock */
         $contextMock = $this->createMock(Context::class);
 
         /** @var MockObject|PageConfig $pageConfigMock */
-        $pageConfigMock = $this->getMockBuilder(PageConfig::class)
+        $this->pageConfigMock = $this->getMockBuilder(PageConfig::class)
             ->disableOriginalConstructor()
             ->getMock();
         /** @var MockObject|PageFactory $resultPageFactory */
-        $resultPageFactory = $this->getMockBuilder(PageFactory::class)
+        $this->resultPageFactory = $this->getMockBuilder(PageFactory::class)
             ->disableOriginalConstructor()
             ->getMock();
 
-        $pageConfigMock->expects($this->once())->method('addBodyClass')->with('swagger-section');
-        $resultPageFactory->expects($this->once())->method('create');
+        $this->config = self::getMockBuilder(Config::class)
+            ->disableOriginalConstructor()
+            ->getMock();
+
+        $this->indexAction = new Index(
+            $contextMock,
+            $this->pageConfigMock,
+            $this->resultPageFactory,
+            $this->config
+        );
+    }
+
+    /**
+     * @doesNotPerformAssertions
+     */
+    public function testExecute()
+    {
+        $this->pageConfigMock->expects($this->once())
+            ->method('addBodyClass')
+            ->with('swagger-section');
+        $this->resultPageFactory->expects($this->once())
+            ->method('create');
+
+        $this->indexAction->execute();
+    }
+
+    public function testDispatchRejectsWhenDisabled()
+    {
+        $this->expectException(NotFoundException::class);
+        $this->expectExceptionMessage('Page not found.');
+
+        $request = self::getMockBuilder(Http::class)
+            ->disableOriginalConstructor()
+            ->getMock();
+
+        $this->config->method('isEnabled')
+            ->willReturn(false);
+        $this->indexAction->dispatch($request);
+    }
+
+    /**
+     * @doesNotPerformAssertions
+     */
+    public function testDispatchIsSuccessfulWhenEnabled()
+    {
+        $request = self::getMockBuilder(Http::class)
+            ->disableOriginalConstructor()
+            ->getMock();
+        // Assert that execute is called
+        $request->expects($this->once())
+            ->method('getFullActionName');
+        $this->config->method('isEnabled')
+            ->willReturn(true);
 
-        $indexAction = new Index($contextMock, $pageConfigMock, $resultPageFactory);
-        $indexAction->execute();
+        $this->indexAction->dispatch($request);
     }
 }

app/code/Magento/Swagger/Test/Unit/Model/ConfigTest.php

@@ -0,0 +1,68 @@
+<?php
+/**
+ * Copyright © Magento, Inc. All rights reserved.
+ * See COPYING.txt for license details.
+ */
+
+declare(strict_types=1);
+
+namespace Magento\Swagger\Test\Unit\Model;
+
+use Magento\Framework\App\State;
+use Magento\Swagger\Model\Config;
+use PHPUnit\Framework\MockObject\MockObject;
+use PHPUnit\Framework\TestCase;
+
+class ConfigTest extends TestCase
+{
+    /**
+     * @var State|MockObject
+     */
+    private $state;
+
+    protected function setUp(): void
+    {
+        $this->state = self::getMockBuilder(State::class)
+            ->disableOriginalConstructor()
+            ->getMock();
+    }
+
+    public function testDisabledInProductionByDefault()
+    {
+        $this->state->method('getMode')
+            ->willReturn(State::MODE_PRODUCTION);
+        $config = new Config($this->state);
+
+        self::assertFalse($config->isEnabled());
+    }
+
+    /**
+     * @param string $mode
+     * @param bool $configuredValue
+     * @param bool $expectedResult
+     * @dataProvider useCaseProvider
+     */
+    public function testUseCases(string $mode, bool $configuredValue, bool $expectedResult)
+    {
+        $this->state->method('getMode')
+            ->willReturn($mode);
+        $config = new Config($this->state, $configuredValue);
+
+        self::assertSame($expectedResult, $config->isEnabled());
+    }
+
+    /**
+     * Use cases for modes
+     *
+     * @return array[]
+     */
+    public function useCaseProvider(): array
+    {
+        return [
+            [State::MODE_PRODUCTION, false, false],
+            [State::MODE_PRODUCTION, true, true],
+            [State::MODE_DEVELOPER, true, true],
+            [State::MODE_DEVELOPER, false, true],
+        ];
+    }
+}

app/code/Magento/Swagger/etc/csp_whitelist.xml

@@ -0,0 +1,17 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+/**
+ * Copyright © Magento, Inc. All rights reserved.
+ * See COPYING.txt for license details.
+ */
+-->
+<csp_whitelist xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+        xsi:noNamespaceSchemaLocation="urn:magento:module:Magento_Csp:etc/csp_whitelist.xsd">
+        <policies>
+            <policy id="img-src">
+                <values>
+                    <value id="swagger" type="host">validator.swagger.io</value>
+                </values>
+            </policy>
+        </policies>
+</csp_whitelist>

lib/internal/Magento/Framework/Filesystem/Driver/File/Mime.php

@@ -15,8 +15,6 @@
 class Mime
 {
     /**
-     * Mime types
-     *
      * @var array
      */
     private $mimeTypes = [
@@ -91,6 +89,7 @@ class Mime
     private $genericMimeTypes = [
         'application/x-empty',
         'inode/x-empty',
+        'application/octet-stream'
     ];
 
     /**