Exemple #1
0
 /**
  * @param int|null $integrationId
  * @param array $oauthRequest
  * @return void
  */
 public function setupUserId($integrationId, $oauthRequest)
 {
     $integration = $this->getMockBuilder('Magento\\Integration\\Model\\Integration')->disableOriginalConstructor()->setMethods(['getId', '__wakeup'])->getMock();
     $this->integrationService->expects($this->any())->method('findActiveIntegrationByConsumerId')->will($this->returnValue($integration));
     $this->oauthRequestHelper->expects($this->once())->method('prepareRequest')->will($this->returnValue($oauthRequest));
     $this->oauthService->expects($this->any())->method('validateAccessTokenRequest')->will($this->returnValue(1));
     $integration->expects($this->any())->method('getId')->will($this->returnValue($integrationId));
 }
Exemple #2
0
 /**
  * Set the selected resources, which is an array of resource ids. If everything is allowed, the
  * array will contain just the root resource id, which is "Magento_Backend::all".
  *
  * @return void
  */
 protected function _construct()
 {
     parent::_construct();
     $integrationData = $this->_coreRegistry->registry(IntegrationController::REGISTRY_KEY_CURRENT_INTEGRATION);
     if (is_array($integrationData) && isset($integrationData['integration_id']) && $integrationData['integration_id']) {
         $this->_selectedResources = $this->integrationService->getSelectedResources($integrationData['integration_id']);
     } else {
         $this->_selectedResources = [];
     }
 }
Exemple #3
0
 /**
  * {@inheritdoc}
  */
 public function getUserId()
 {
     if ($this->integrationId) {
         return $this->integrationId;
     }
     $oauthRequest = $this->oauthHelper->prepareRequest($this->request);
     //If its not a valid Oauth request no further processing is needed
     if (empty($oauthRequest)) {
         return null;
     }
     $consumerId = $this->oauthService->validateAccessTokenRequest($oauthRequest, $this->oauthHelper->getRequestUrl($this->request), $this->request->getMethod());
     $integration = $this->integrationService->findActiveIntegrationByConsumerId($consumerId);
     return $this->integrationId = $integration->getId() ? (int) $integration->getId() : null;
 }
Exemple #4
0
 public function testFindByConsumerIdNotFound()
 {
     $this->_emptyIntegrationMock->expects($this->any())->method('getData')->will($this->returnValue(null));
     $this->_integrationMock->expects($this->once())->method('load')->with(self::VALUE_INTEGRATION_CONSUMER_ID, 'consumer_id')->will($this->returnValue($this->_emptyIntegrationMock));
     $integration = $this->_service->findByConsumerId(1);
     $this->assertNull($integration->getData());
 }
Exemple #5
0
 /**
  * @dataProvider getValidTokenData
  */
 public function testValidToken($userType, $userId, $expectedUserType, $expectedUserId)
 {
     $bearerToken = 'bearer1234';
     $this->request->expects($this->once())->method('getHeader')->with('Authorization')->will($this->returnValue("Bearer {$bearerToken}"));
     $token = $this->getMockBuilder('Magento\\Integration\\Model\\Oauth\\Token')->disableOriginalConstructor()->setMethods(['loadByToken', 'getId', 'getUserType', 'getCustomerId', 'getAdminId', '__wakeup'])->getMock();
     $this->tokenFactory->expects($this->once())->method('create')->will($this->returnValue($token));
     $token->expects($this->once())->method('loadByToken')->with($bearerToken)->will($this->returnSelf());
     $token->expects($this->once())->method('getId')->will($this->returnValue(1));
     $token->expects($this->once())->method('getUserType')->will($this->returnValue($userType));
     $integration = $this->getMockBuilder('Magento\\Integration\\Model\\Integration')->disableOriginalConstructor()->setMethods(['getId', '__wakeup'])->getMock();
     switch ($userType) {
         case UserContextInterface::USER_TYPE_INTEGRATION:
             $integration->expects($this->once())->method('getId')->will($this->returnValue($userId));
             $this->integrationService->expects($this->once())->method('findByConsumerId')->will($this->returnValue($integration));
             break;
         case UserContextInterface::USER_TYPE_ADMIN:
             $token->expects($this->once())->method('getAdminId')->will($this->returnValue($userId));
             break;
         case UserContextInterface::USER_TYPE_CUSTOMER:
             $token->expects($this->once())->method('getCustomerId')->will($this->returnValue($userId));
             break;
     }
     $this->assertEquals($expectedUserType, $this->tokenUserContext->getUserType());
     $this->assertEquals($expectedUserId, $this->tokenUserContext->getUserId());
     /* check again to make sure that the above methods were only called once */
     $this->assertEquals($expectedUserType, $this->tokenUserContext->getUserType());
     $this->assertEquals($expectedUserId, $this->tokenUserContext->getUserId());
 }
Exemple #6
0
 /**
  * Check whether integration is inactive and don't allow using this integration in this case.
  *
  * It's ok that we break invocation chain since we're dealing with ACL here - if something is not allowed at any
  * point it couldn't be made allowed at some other point.
  *
  * @param \Magento\Authz\Service\AuthorizationV1 $subject
  * @param callable $proceed
  * @param mixed $resources
  * @param UserIdentifier $userIdentifier
  *
  * @return bool
  * @SuppressWarnings(PHPMD.UnusedFormalParameter)
  */
 public function aroundIsAllowed(\Magento\Authz\Service\AuthorizationV1 $subject, \Closure $proceed, $resources, \Magento\Authz\Model\UserIdentifier $userIdentifier = null)
 {
     /** @var UserIdentifier $userIdentifierObject */
     $userIdentifierObject = $userIdentifier ?: $this->_userIdentifier;
     if ($userIdentifierObject->getUserType() !== UserIdentifier::USER_TYPE_INTEGRATION) {
         return $proceed($resources, $userIdentifier);
     }
     try {
         $integration = $this->_integrationService->get($userIdentifierObject->getUserId());
     } catch (\Exception $e) {
         // Wrong integration ID or DB not reachable or whatever - give up and don't allow just in case
         $this->_logger->logException($e);
         return false;
     }
     if ($integration->getStatus() !== Integration::STATUS_ACTIVE) {
         return false;
     }
     return $proceed($resources, $userIdentifier);
 }
Exemple #7
0
 /**
  * @param Token $token
  * @return void
  */
 protected function setUserDataViaToken(Token $token)
 {
     $this->userType = $token->getUserType();
     switch ($this->userType) {
         case UserContextInterface::USER_TYPE_INTEGRATION:
             $this->userId = $this->integrationService->findByConsumerId($token->getConsumerId())->getId();
             $this->userType = UserContextInterface::USER_TYPE_INTEGRATION;
             break;
         case UserContextInterface::USER_TYPE_ADMIN:
             $this->userId = $token->getAdminId();
             $this->userType = UserContextInterface::USER_TYPE_ADMIN;
             break;
         case UserContextInterface::USER_TYPE_CUSTOMER:
             $this->userId = $token->getCustomerId();
             $this->userType = UserContextInterface::USER_TYPE_CUSTOMER;
             break;
         default:
             /* this is an unknown user type so reset the cached user type */
             $this->userType = null;
     }
 }