/**
* {@inheritdoc}
*/
public function getSectionData()
{
$messages = $this->messageManager->getMessages(true);
return ['messages' => array_reduce($messages->getItems(), function (array $result, MessageInterface $message) {
$result[] = ['type' => $message->getType(), 'text' => $message->getText()];
return $result;
}, [])];
}
/**
* Return messages array and clean message manager messages
*
* @return array
*/
protected function getMessages()
{
$messages = $this->getCookiesMessages();
/** @var MessageInterface $message */
foreach ($this->messageManager->getMessages(true)->getItems() as $message) {
$messages[] = ['type' => $message->getType(), 'text' => $this->interpretationStrategy->interpret($message)];
}
return $messages;
}
/**
* @magentoDataFixture Magento/Catalog/_files/product_simple_xss.php
* @magentoDataFixture Magento/Customer/_files/customer.php
*/
public function testAddActionProductNameXss()
{
$this->dispatch('wishlist/index/add/product/1?nocookie=1');
$messages = $this->_messages->getMessages()->getItems();
$isProductNamePresent = false;
foreach ($messages as $message) {
if (strpos($message->getText(), '<script>alert("xss");</script>') !== false) {
$isProductNamePresent = true;
}
$this->assertNotContains('<script>alert("xss");</script>', (string) $message->getText());
}
$this->assertTrue($isProductNamePresent, 'Product name was not found in session messages');
}
/**
* Save current admin password to prevent its usage when changed in the future.
*
* @param EventObserver $observer
* @return void
*/
public function execute(EventObserver $observer)
{
/* @var $user \Magento\User\Model\User */
$user = $observer->getEvent()->getObject();
if ($user->getId()) {
$passwordHash = $user->getPassword();
$passwordLifetime = $this->observerConfig->getAdminPasswordLifetime();
if ($passwordLifetime && $passwordHash && !$user->getForceNewPassword()) {
$this->userResource->trackPassword($user, $passwordHash, $passwordLifetime);
$this->messageManager->getMessages()->deleteMessageByIdentifier('magento_user_password_expired');
$this->authSession->unsPciAdminUserIsPasswordExpired();
}
}
}
/**
* @magentoDataFixture Magento/Catalog/_files/product_simple_xss.php
* @magentoDataFixture Magento/Customer/_files/customer.php
* @magentoAppArea frontend
*/
public function testAddActionProductNameXss()
{
$this->dispatch('wishlist/index/add/product/1?nocookie=1');
$messages = $this->_messages->getMessages()->getItems();
$isProductNamePresent = false;
/** @var InterpretationStrategyInterface $interpretationStrategy */
$interpretationStrategy = $this->_objectManager->create('Magento\\Framework\\View\\Element\\Message\\InterpretationStrategyInterface');
foreach ($messages as $message) {
if (strpos($interpretationStrategy->interpret($message), '<script>alert("xss");</script>') !== false) {
$isProductNamePresent = true;
}
$this->assertNotContains('<script>alert("xss");</script>', $interpretationStrategy->interpret($message));
}
$this->assertTrue($isProductNamePresent, 'Product name was not found in session messages');
}
/**
* Preparing global layout
*
* @return $this
*/
protected function _prepareLayout()
{
$this->addStorageType($this->messageManager->getDefaultGroup());
$this->addMessages($this->messageManager->getMessages(true));
parent::_prepareLayout();
return $this;
}
/**
* Renders CMS page
*
* @param Action $action
* @param int $pageId
* @param bool $renderLayout
* @return bool
*/
protected function _renderPage(Action $action, $pageId = null, $renderLayout = true)
{
if (!is_null($pageId) && $pageId !== $this->_page->getId()) {
$delimiterPosition = strrpos($pageId, '|');
if ($delimiterPosition) {
$pageId = substr($pageId, 0, $delimiterPosition);
}
$this->_page->setStoreId($this->_storeManager->getStore()->getId());
if (!$this->_page->load($pageId)) {
return false;
}
}
if (!$this->_page->getId()) {
return false;
}
$inRange = $this->_localeDate->isScopeDateInInterval(null, $this->_page->getCustomThemeFrom(), $this->_page->getCustomThemeTo());
if ($this->_page->getCustomTheme()) {
if ($inRange) {
$this->_design->setDesignTheme($this->_page->getCustomTheme());
}
}
$this->_view->getLayout()->getUpdate()->addHandle('default')->addHandle('cms_page_view');
$this->_view->addPageLayoutHandles(array('id' => $this->_page->getIdentifier()));
$this->_view->addActionLayoutHandles();
if ($this->_page->getRootTemplate()) {
if ($this->_page->getCustomRootTemplate() && $this->_page->getCustomRootTemplate() != 'empty' && $inRange) {
$handle = $this->_page->getCustomRootTemplate();
} else {
$handle = $this->_page->getRootTemplate();
}
$this->_pageLayout->applyHandle($handle);
}
$this->_eventManager->dispatch('cms_page_render', array('page' => $this->_page, 'controller_action' => $action));
$this->_view->loadLayoutUpdates();
if ($this->_page->getCustomLayoutUpdateXml() && $inRange) {
$layoutUpdate = $this->_page->getCustomLayoutUpdateXml();
} else {
$layoutUpdate = $this->_page->getLayoutUpdateXml();
}
if (!empty($layoutUpdate)) {
$this->_view->getLayout()->getUpdate()->addUpdate($layoutUpdate);
}
$this->_view->generateLayoutXml()->generateLayoutBlocks();
$contentHeadingBlock = $this->_view->getLayout()->getBlock('page_content_heading');
if ($contentHeadingBlock) {
$contentHeading = $this->_escaper->escapeHtml($this->_page->getContentHeading());
$contentHeadingBlock->setContentHeading($contentHeading);
}
if ($this->_page->getRootTemplate()) {
$this->_pageLayout->applyTemplate($this->_page->getRootTemplate());
}
/* @TODO: Move catalog and checkout storage types to appropriate modules */
$messageBlock = $this->_view->getLayout()->getMessagesBlock();
$messageBlock->addStorageType($this->messageManager->getDefaultGroup());
$messageBlock->addMessages($this->messageManager->getMessages(true));
if ($renderLayout) {
$this->_view->renderLayout();
}
return true;
}
/**
* Check if server is applicable for Magento
* @return $this
*/
public function checkServer()
{
$result = $this->installer->checkServer();
if (!$result) {
foreach ($this->messageManager->getMessages()->getItems() as $message) {
$this->addError($message->toString());
}
}
return $this;
}
/**
* @magentoDataFixture Magento/Catalog/_files/product_simple_xss.php
* @magentoDataFixture Magento/Customer/_files/customer.php
* @magentoAppArea frontend
*/
public function testAddActionProductNameXss()
{
/** @var \Magento\Framework\Data\Form\FormKey $formKey */
$formKey = $this->_objectManager->get('Magento\\Framework\\Data\\Form\\FormKey');
$this->getRequest()->setPostValue(['form_key' => $formKey->getFormKey()]);
/** @var \Magento\Catalog\Api\ProductRepositoryInterface $productRepository */
$productRepository = \Magento\TestFramework\Helper\Bootstrap::getObjectManager()->create('Magento\\Catalog\\Api\\ProductRepositoryInterface');
$product = $productRepository->get('product-with-xss');
$this->dispatch('wishlist/index/add/product/' . $product->getId() . '?nocookie=1');
$messages = $this->_messages->getMessages()->getItems();
$isProductNamePresent = false;
/** @var InterpretationStrategyInterface $interpretationStrategy */
$interpretationStrategy = $this->_objectManager->create('Magento\\Framework\\View\\Element\\Message\\InterpretationStrategyInterface');
foreach ($messages as $message) {
if (strpos($interpretationStrategy->interpret($message), '<script>alert("xss");</script>') !== false) {
$isProductNamePresent = true;
}
$this->assertNotContains('<script>alert("xss");</script>', $interpretationStrategy->interpret($message));
}
$this->assertTrue($isProductNamePresent, 'Product name was not found in session messages');
}
/**
* Check whether the latest password is expired
* Side-effect can be when passwords were changed with different lifetime configuration settings
*
* @param array $latestPassword
* @return void
*/
private function _checkExpiredPassword($latestPassword)
{
if ($latestPassword && $this->observerConfig->_isLatestPasswordExpired($latestPassword)) {
if ($this->observerConfig->isPasswordChangeForced()) {
$message = __('It\'s time to change your password.');
} else {
$myAccountUrl = $this->url->getUrl('adminhtml/system_account/');
$message = __('It\'s time to <a href="%1">change your password</a>.', $myAccountUrl);
}
$this->messageManager->addNoticeMessage($message);
$message = $this->messageManager->getMessages()->getLastAddedMessage();
if ($message) {
$message->setIdentifier('magento_user_password_expired')->setIsSticky(true);
$this->authSession->setPciAdminUserIsPasswordExpired(true);
}
}
}
/**
* Return result CMS page
*
* @param Action $action
* @param null $pageId
* @return \Magento\Framework\View\Result\Page|bool
*/
public function prepareResultPage(Action $action, $pageId = null)
{
if ($pageId !== null && $pageId !== $this->_page->getId()) {
$delimiterPosition = strrpos($pageId, '|');
if ($delimiterPosition) {
$pageId = substr($pageId, 0, $delimiterPosition);
}
$this->_page->setStoreId($this->_storeManager->getStore()->getId());
if (!$this->_page->load($pageId)) {
return false;
}
}
if (!$this->_page->getId()) {
return false;
}
$inRange = $this->_localeDate->isScopeDateInInterval(null, $this->_page->getCustomThemeFrom(), $this->_page->getCustomThemeTo());
if ($this->_page->getCustomTheme()) {
if ($inRange) {
$this->_design->setDesignTheme($this->_page->getCustomTheme());
}
}
/** @var \Magento\Framework\View\Result\Page $resultPage */
$resultPage = $this->resultPageFactory->create();
$this->setLayoutType($inRange, $resultPage);
$resultPage->addHandle('cms_page_view');
$resultPage->addPageLayoutHandles(['id' => $this->_page->getIdentifier()]);
$this->_eventManager->dispatch('cms_page_render', ['page' => $this->_page, 'controller_action' => $action]);
if ($this->_page->getCustomLayoutUpdateXml() && $inRange) {
$layoutUpdate = $this->_page->getCustomLayoutUpdateXml();
} else {
$layoutUpdate = $this->_page->getLayoutUpdateXml();
}
if (!empty($layoutUpdate)) {
$resultPage->getLayout()->getUpdate()->addUpdate($layoutUpdate);
}
$contentHeadingBlock = $resultPage->getLayout()->getBlock('page_content_heading');
if ($contentHeadingBlock) {
$contentHeading = $this->_escaper->escapeHtml($this->_page->getContentHeading());
$contentHeadingBlock->setContentHeading($contentHeading);
}
/* @TODO: Move catalog and checkout storage types to appropriate modules */
$messageBlock = $resultPage->getLayout()->getMessagesBlock();
$messageBlock->addStorageType($this->messageManager->getDefaultGroup());
$messageBlock->addMessages($this->messageManager->getMessages(true));
return $resultPage;
}
/**
* Initialize review form
*
* @return void
*/
protected function _construct()
{
parent::_construct();
$data = $this->_reviewSession->getFormData(true);
$data = new \Magento\Framework\Object((array) $data);
// add logged in customer name as nickname
if (!$data->getNickname()) {
$customer = $this->_customerSession->getCustomerDataObject();
if ($customer && $customer->getId()) {
$data->setNickname($customer->getFirstname());
}
}
$this->setAllowWriteReviewFlag($this->httpContext->getValue(\Magento\Customer\Helper\Data::CONTEXT_AUTH) || $this->_reviewData->getIsGuestAllowToWrite());
if (!$this->getAllowWriteReviewFlag()) {
$queryParam = $this->_coreData->urlEncode($this->getUrl('*/*/*', array('_current' => true)) . '#review-form');
$this->setLoginLink($this->getUrl('customer/account/login/', array(\Magento\Customer\Helper\Data::REFERER_QUERY_PARAM_NAME => $queryParam)));
}
$this->setTemplate('form.phtml')->assign('data', $data)->assign('messages', $this->messageManager->getMessages(true));
}
/**
* Prepare preconditions for createOrder method invocation.
*
* @param int $productIdFromFixture
* @param string $customerEmail
* @param string $shippingMethod
* @param int $shippingAddressAsBilling
* @param array $paymentData
* @param array $orderData
* @param string $paymentMethod
* @param int|null $customerIdFromFixture
*/
protected function _preparePreconditionsForCreateOrder($productIdFromFixture, $customerEmail, $shippingMethod, $shippingAddressAsBilling, $paymentData, $orderData, $paymentMethod, $customerIdFromFixture = null)
{
/** Disable product options */
/** @var \Magento\Catalog\Model\Product $product */
$product = Bootstrap::getObjectManager()->create('Magento\\Catalog\\Model\\Product');
$product->load($productIdFromFixture)->setHasOptions(false)->save();
/** Set current customer */
/** @var \Magento\Backend\Model\Session\Quote $session */
$session = Bootstrap::getObjectManager()->get('Magento\\Backend\\Model\\Session\\Quote');
if ($customerIdFromFixture !== null) {
$session->setCustomerId($customerIdFromFixture);
/** Unset fake IDs for default billing and shipping customer addresses */
/** @var \Magento\Customer\Model\Customer $customer */
$customer = Bootstrap::getObjectManager()->create('Magento\\Customer\\Model\\Customer');
$customer->load($customerIdFromFixture)->setDefaultBilling(null)->setDefaultShipping(null)->save();
} else {
/**
* Customer ID must be set to session to pass \Magento\Sales\Model\AdminOrder\Create::_validate()
* This code emulates order placement via admin panel.
*/
$session->setCustomerId(0);
}
/** Emulate availability of shipping method (all are disabled by default) */
/** @var $rate \Magento\Quote\Model\Quote\Address\Rate */
$rate = Bootstrap::getObjectManager()->create('Magento\\Quote\\Model\\Quote\\Address\\Rate');
$rate->setCode($shippingMethod);
$this->_model->getQuote()->getShippingAddress()->addShippingRate($rate);
$this->_model->setShippingAsBilling($shippingAddressAsBilling);
$this->_model->addProduct($productIdFromFixture, ['qty' => 1]);
$this->_model->setPaymentData($paymentData);
$this->_model->setIsValidate(true)->importPostData($orderData);
/** Check preconditions */
$this->assertEquals(0, $this->_messageManager->getMessages()->getCount(), "Precondition failed: Errors occurred before SUT execution.");
/** Selectively check quote data */
$createOrderData = $this->_model->getData();
$this->assertEquals($shippingMethod, $createOrderData['shipping_method'], 'Precondition failed: Shipping method specified in create order model is invalid');
$this->assertEquals('FirstName', $createOrderData['billing_address']['firstname'], 'Precondition failed: Address data is invalid in create order model');
$this->assertEquals('Simple Product', $this->_model->getQuote()->getItemByProduct($product)->getData('name'), 'Precondition failed: Quote items data is invalid in create order model');
$this->assertEquals($customerEmail, $this->_model->getQuote()->getCustomer()->getEmail(), 'Precondition failed: Customer data is invalid in create order model');
$this->assertEquals($paymentMethod, $this->_model->getQuote()->getPayment()->getData('method'), 'Precondition failed: Payment method data is invalid in create order model');
}
/**
* Retrieve item messages
* Return array with keys
*
* text => the message text
* type => type of a message
*
* @return array
*/
public function getMessages()
{
$messages = [];
$quoteItem = $this->getItem();
// Add basic messages occurring during this page load
$baseMessages = $quoteItem->getMessage(false);
if ($baseMessages) {
foreach ($baseMessages as $message) {
$messages[] = ['text' => $message, 'type' => $quoteItem->getHasError() ? 'error' : 'notice'];
}
}
/* @var $collection \Magento\Framework\Message\Collection */
$collection = $this->messageManager->getMessages(true, 'quote_item' . $quoteItem->getId());
if ($collection) {
$additionalMessages = $collection->getItems();
foreach ($additionalMessages as $message) {
/* @var $message \Magento\Framework\Message\MessageInterface */
$messages[] = ['text' => $this->messageInterpretationStrategy->interpret($message), 'type' => $message->getType()];
}
}
$this->messageManager->getMessages(true, 'quote_item' . $quoteItem->getId())->clear();
return $messages;
}
/**
* Init messages by message storage(s), loading and adding messages to layout messages block
*
* @param string|array $messageGroups
* @return void
* @throws \UnexpectedValueException
*/
public function initMessages($messageGroups = [])
{
$this->build();
foreach ($this->_prepareMessageGroup($messageGroups) as $group) {
$block = $this->getMessagesBlock();
$block->addMessages($this->messageManager->getMessages(true, $group));
$block->addStorageType($group);
}
}
/**
* @return Collection
*/
public function getMessages()
{
return $this->messageManager->getMessages(true);
}
