/** * Finds the bearer token and looks up the value. * * @return void */ protected function processRequest() { if ($this->isRequestProcessed) { return; } $authorizationHeaderValue = $this->request->getHeader('Authorization'); if (!$authorizationHeaderValue) { $this->isRequestProcessed = true; return; } $headerPieces = explode(" ", $authorizationHeaderValue); if (count($headerPieces) !== 2) { $this->isRequestProcessed = true; return; } $tokenType = strtolower($headerPieces[0]); if ($tokenType !== 'bearer') { $this->isRequestProcessed = true; return; } $bearerToken = $headerPieces[1]; $token = $this->tokenFactory->create()->loadByToken($bearerToken); if (!$token->getId() || $token->getRevoked()) { $this->isRequestProcessed = true; return; } $this->setUserDataViaToken($token); $this->isRequestProcessed = true; }
/** * Handler for all SOAP operations. * * @param string $operation * @param array $arguments * @return \stdClass|null * @throws WebapiException * @throws \LogicException * @throws AuthorizationException */ public function __call($operation, $arguments) { $requestedServices = $this->_request->getRequestedServices(); $serviceMethodInfo = $this->_apiConfig->getServiceMethodInfo($operation, $requestedServices); $serviceClass = $serviceMethodInfo[ServiceMetadata::KEY_CLASS]; $serviceMethod = $serviceMethodInfo[ServiceMetadata::KEY_METHOD]; // check if the operation is a secure operation & whether the request was made in HTTPS if ($serviceMethodInfo[ServiceMetadata::KEY_IS_SECURE] && !$this->_request->isSecure()) { throw new WebapiException(__("Operation allowed only in HTTPS")); } $isAllowed = false; foreach ($serviceMethodInfo[ServiceMetadata::KEY_ACL_RESOURCES] as $resource) { if ($this->_authorization->isAllowed($resource)) { $isAllowed = true; break; } } if (!$isAllowed) { throw new AuthorizationException(__(AuthorizationException::NOT_AUTHORIZED, ['resources' => implode(', ', $serviceMethodInfo[ServiceMetadata::KEY_ACL_RESOURCES])])); } $service = $this->_objectManager->get($serviceClass); $inputData = $this->_prepareRequestData($serviceClass, $serviceMethod, $arguments); $outputData = call_user_func_array([$service, $serviceMethod], $inputData); return $this->_prepareResponseData($outputData, $serviceClass, $serviceMethod); }
/** * {@inheritdoc} */ public function getUserId() { if ($this->integrationId) { return $this->integrationId; } $oauthRequest = $this->oauthHelper->prepareRequest($this->request); //If its not a valid Oauth request no further processing is needed if (empty($oauthRequest)) { return null; } $consumerId = $this->oauthService->validateAccessTokenRequest($oauthRequest, $this->oauthHelper->getRequestUrl($this->request), $this->request->getMethod()); $integration = $this->integrationService->findActiveIntegrationByConsumerId($consumerId); return $this->integrationId = $integration->getId() ? (int) $integration->getId() : null; }
/** * @dataProvider getValidTokenData */ public function testValidToken($userType, $userId, $expectedUserType, $expectedUserId) { $bearerToken = 'bearer1234'; $this->request->expects($this->once())->method('getHeader')->with('Authorization')->will($this->returnValue("Bearer {$bearerToken}")); $token = $this->getMockBuilder('Magento\\Integration\\Model\\Oauth\\Token')->disableOriginalConstructor()->setMethods(['loadByToken', 'getId', 'getUserType', 'getCustomerId', 'getAdminId', '__wakeup'])->getMock(); $this->tokenFactory->expects($this->once())->method('create')->will($this->returnValue($token)); $token->expects($this->once())->method('loadByToken')->with($bearerToken)->will($this->returnSelf()); $token->expects($this->once())->method('getId')->will($this->returnValue(1)); $token->expects($this->once())->method('getUserType')->will($this->returnValue($userType)); $integration = $this->getMockBuilder('Magento\\Integration\\Model\\Integration')->disableOriginalConstructor()->setMethods(['getId', '__wakeup'])->getMock(); switch ($userType) { case UserContextInterface::USER_TYPE_INTEGRATION: $integration->expects($this->once())->method('getId')->will($this->returnValue($userId)); $this->integrationService->expects($this->once())->method('findByConsumerId')->will($this->returnValue($integration)); break; case UserContextInterface::USER_TYPE_ADMIN: $token->expects($this->once())->method('getAdminId')->will($this->returnValue($userId)); break; case UserContextInterface::USER_TYPE_CUSTOMER: $token->expects($this->once())->method('getCustomerId')->will($this->returnValue($userId)); break; } $this->assertEquals($expectedUserType, $this->tokenUserContext->getUserType()); $this->assertEquals($expectedUserId, $this->tokenUserContext->getUserId()); /* check again to make sure that the above methods were only called once */ $this->assertEquals($expectedUserType, $this->tokenUserContext->getUserType()); $this->assertEquals($expectedUserId, $this->tokenUserContext->getUserId()); }
/** * Get SOAP endpoint URL. * * @param bool $isWsdl * @return string */ public function generateUri($isWsdl = false) { $params = [self::REQUEST_PARAM_SERVICES => $this->_request->getParam(self::REQUEST_PARAM_SERVICES)]; if ($isWsdl) { $params[self::REQUEST_PARAM_WSDL] = true; } $query = http_build_query($params, '', '&'); return $this->getEndpointUri() . '?' . $query; }
/** * Test generate uri with wsdl param as true */ public function testGenerateUriWithNoWsdlParam() { $param = "testModule1AllSoapAndRest:V1,testModule2AllSoapNoRest:V1"; $serviceKey = \Magento\Webapi\Model\Soap\Server::REQUEST_PARAM_SERVICES; $this->_requestMock->expects($this->any())->method('getParam')->will($this->returnValue($param)); $expectedResult = "http://magento.com/soap/storeCode?{$serviceKey}={$param}"; $actualResult = $this->_soapServer->generateUri(false); $this->assertEquals($expectedResult, urldecode($actualResult), 'URI (without WSDL param) generated is invalid.'); }
public function testCall() { $requestedServices = ['requestedServices']; $this->_requestMock->expects($this->once())->method('getRequestedServices')->will($this->returnValue($requestedServices)); $this->_dataObjectConverter->expects($this->once())->method('convertStdObjectToArray')->will($this->returnValue(['field' => 1])); $operationName = 'soapOperation'; $className = 'Magento\\Framework\\DataObject'; $methodName = 'testMethod'; $isSecure = false; $aclResources = [['Magento_TestModule::resourceA']]; $this->_apiConfigMock->expects($this->once())->method('getServiceMethodInfo')->with($operationName, $requestedServices)->will($this->returnValue([ServiceMetadata::KEY_CLASS => $className, ServiceMetadata::KEY_METHOD => $methodName, ServiceMetadata::KEY_IS_SECURE => $isSecure, ServiceMetadata::KEY_ACL_RESOURCES => $aclResources])); $this->_authorizationMock->expects($this->once())->method('isAllowed')->will($this->returnValue(true)); $serviceMock = $this->getMockBuilder($className)->disableOriginalConstructor()->setMethods([$methodName])->getMock(); $serviceResponse = ['foo' => 'bar']; $serviceMock->expects($this->once())->method($methodName)->will($this->returnValue($serviceResponse)); $this->_objectManagerMock->expects($this->once())->method('get')->with($className)->will($this->returnValue($serviceMock)); $this->_serviceInputProcessorMock->expects($this->once())->method('process')->will($this->returnArgument(2)); /** Execute SUT. */ $this->assertEquals(['result' => $serviceResponse], $this->_handler->__call($operationName, [(object) ['field' => 1]])); }
/** * Validate wsdl request * * @return void * @throws \Magento\Framework\Webapi\Exception */ protected function validateWsdlRequest() { $wsdlParam = \Magento\Webapi\Model\Soap\Server::REQUEST_PARAM_WSDL; $servicesParam = Request::REQUEST_PARAM_SERVICES; $requestParams = array_keys($this->_request->getParams()); $allowedParams = [$wsdlParam, $servicesParam]; $notAllowedParameters = array_diff($requestParams, $allowedParams); if (count($notAllowedParameters)) { $notAllowed = implode(', ', $notAllowedParameters); $message = __('Not allowed parameters: %1. Please use only %2 and %3.', $notAllowed, $wsdlParam, $servicesParam); throw new \Magento\Framework\Webapi\Exception($message); } }
/** * Mock getParam() of request object to return given value. * * @param $param * @param $value */ protected function _mockGetParam($param, $value) { $this->_requestMock->expects($this->any())->method('getParam')->with($param)->will($this->returnValue($value)); }
/** * @dataProvider providerTestGetRequestedServicesSuccess * @param $requestParamServices * @param $expectedResult */ public function testGetRequestedServicesSuccess($requestParamServices, $expectedResult) { $requestParams = [\Magento\Webapi\Model\Soap\Server::REQUEST_PARAM_WSDL => true, \Magento\Webapi\Model\Soap\Server::REQUEST_PARAM_SERVICES => $requestParamServices]; $this->request->setParams($requestParams); $this->assertEquals($expectedResult, $this->request->getRequestedServices()); }
/** * Initialize dependencies * * @param \Magento\Framework\Stdlib\Cookie\CookieReaderInterface $cookieReader * @param \Magento\Framework\App\AreaList $areaList * @param \Magento\Framework\Config\ScopeInterface $configScope * @param \Magento\Framework\Webapi\Rest\Request\DeserializerFactory $deserializerFactory * @param null|string $uri */ public function __construct(\Magento\Framework\Stdlib\Cookie\CookieReaderInterface $cookieReader, \Magento\Framework\App\AreaList $areaList, \Magento\Framework\Config\ScopeInterface $configScope, \Magento\Framework\Webapi\Rest\Request\DeserializerFactory $deserializerFactory, $uri = null) { parent::__construct($cookieReader, $areaList, $configScope, $uri); $this->_deserializerFactory = $deserializerFactory; }