/**
* Finds the bearer token and looks up the value.
*
* @return void
*/
protected function processRequest()
{
if ($this->isRequestProcessed) {
return;
}
$authorizationHeaderValue = $this->request->getHeader('Authorization');
if (!$authorizationHeaderValue) {
$this->isRequestProcessed = true;
return;
}
$headerPieces = explode(" ", $authorizationHeaderValue);
if (count($headerPieces) !== 2) {
$this->isRequestProcessed = true;
return;
}
$tokenType = strtolower($headerPieces[0]);
if ($tokenType !== 'bearer') {
$this->isRequestProcessed = true;
return;
}
$bearerToken = $headerPieces[1];
$token = $this->tokenFactory->create()->loadByToken($bearerToken);
if (!$token->getId() || $token->getRevoked()) {
$this->isRequestProcessed = true;
return;
}
$this->setUserDataViaToken($token);
$this->isRequestProcessed = true;
}
/**
* Handler for all SOAP operations.
*
* @param string $operation
* @param array $arguments
* @return \stdClass|null
* @throws WebapiException
* @throws \LogicException
* @throws AuthorizationException
*/
public function __call($operation, $arguments)
{
$requestedServices = $this->_request->getRequestedServices();
$serviceMethodInfo = $this->_apiConfig->getServiceMethodInfo($operation, $requestedServices);
$serviceClass = $serviceMethodInfo[ServiceMetadata::KEY_CLASS];
$serviceMethod = $serviceMethodInfo[ServiceMetadata::KEY_METHOD];
// check if the operation is a secure operation & whether the request was made in HTTPS
if ($serviceMethodInfo[ServiceMetadata::KEY_IS_SECURE] && !$this->_request->isSecure()) {
throw new WebapiException(__("Operation allowed only in HTTPS"));
}
$isAllowed = false;
foreach ($serviceMethodInfo[ServiceMetadata::KEY_ACL_RESOURCES] as $resource) {
if ($this->_authorization->isAllowed($resource)) {
$isAllowed = true;
break;
}
}
if (!$isAllowed) {
throw new AuthorizationException(__(AuthorizationException::NOT_AUTHORIZED, ['resources' => implode(', ', $serviceMethodInfo[ServiceMetadata::KEY_ACL_RESOURCES])]));
}
$service = $this->_objectManager->get($serviceClass);
$inputData = $this->_prepareRequestData($serviceClass, $serviceMethod, $arguments);
$outputData = call_user_func_array([$service, $serviceMethod], $inputData);
return $this->_prepareResponseData($outputData, $serviceClass, $serviceMethod);
}
/**
* {@inheritdoc}
*/
public function getUserId()
{
if ($this->integrationId) {
return $this->integrationId;
}
$oauthRequest = $this->oauthHelper->prepareRequest($this->request);
//If its not a valid Oauth request no further processing is needed
if (empty($oauthRequest)) {
return null;
}
$consumerId = $this->oauthService->validateAccessTokenRequest($oauthRequest, $this->oauthHelper->getRequestUrl($this->request), $this->request->getMethod());
$integration = $this->integrationService->findActiveIntegrationByConsumerId($consumerId);
return $this->integrationId = $integration->getId() ? (int) $integration->getId() : null;
}
/**
* @dataProvider getValidTokenData
*/
public function testValidToken($userType, $userId, $expectedUserType, $expectedUserId)
{
$bearerToken = 'bearer1234';
$this->request->expects($this->once())->method('getHeader')->with('Authorization')->will($this->returnValue("Bearer {$bearerToken}"));
$token = $this->getMockBuilder('Magento\\Integration\\Model\\Oauth\\Token')->disableOriginalConstructor()->setMethods(['loadByToken', 'getId', 'getUserType', 'getCustomerId', 'getAdminId', '__wakeup'])->getMock();
$this->tokenFactory->expects($this->once())->method('create')->will($this->returnValue($token));
$token->expects($this->once())->method('loadByToken')->with($bearerToken)->will($this->returnSelf());
$token->expects($this->once())->method('getId')->will($this->returnValue(1));
$token->expects($this->once())->method('getUserType')->will($this->returnValue($userType));
$integration = $this->getMockBuilder('Magento\\Integration\\Model\\Integration')->disableOriginalConstructor()->setMethods(['getId', '__wakeup'])->getMock();
switch ($userType) {
case UserContextInterface::USER_TYPE_INTEGRATION:
$integration->expects($this->once())->method('getId')->will($this->returnValue($userId));
$this->integrationService->expects($this->once())->method('findByConsumerId')->will($this->returnValue($integration));
break;
case UserContextInterface::USER_TYPE_ADMIN:
$token->expects($this->once())->method('getAdminId')->will($this->returnValue($userId));
break;
case UserContextInterface::USER_TYPE_CUSTOMER:
$token->expects($this->once())->method('getCustomerId')->will($this->returnValue($userId));
break;
}
$this->assertEquals($expectedUserType, $this->tokenUserContext->getUserType());
$this->assertEquals($expectedUserId, $this->tokenUserContext->getUserId());
/* check again to make sure that the above methods were only called once */
$this->assertEquals($expectedUserType, $this->tokenUserContext->getUserType());
$this->assertEquals($expectedUserId, $this->tokenUserContext->getUserId());
}
/**
* Get SOAP endpoint URL.
*
* @param bool $isWsdl
* @return string
*/
public function generateUri($isWsdl = false)
{
$params = [self::REQUEST_PARAM_SERVICES => $this->_request->getParam(self::REQUEST_PARAM_SERVICES)];
if ($isWsdl) {
$params[self::REQUEST_PARAM_WSDL] = true;
}
$query = http_build_query($params, '', '&');
return $this->getEndpointUri() . '?' . $query;
}
/**
* Test generate uri with wsdl param as true
*/
public function testGenerateUriWithNoWsdlParam()
{
$param = "testModule1AllSoapAndRest:V1,testModule2AllSoapNoRest:V1";
$serviceKey = \Magento\Webapi\Model\Soap\Server::REQUEST_PARAM_SERVICES;
$this->_requestMock->expects($this->any())->method('getParam')->will($this->returnValue($param));
$expectedResult = "http://magento.com/soap/storeCode?{$serviceKey}={$param}";
$actualResult = $this->_soapServer->generateUri(false);
$this->assertEquals($expectedResult, urldecode($actualResult), 'URI (without WSDL param) generated is invalid.');
}
public function testCall()
{
$requestedServices = ['requestedServices'];
$this->_requestMock->expects($this->once())->method('getRequestedServices')->will($this->returnValue($requestedServices));
$this->_dataObjectConverter->expects($this->once())->method('convertStdObjectToArray')->will($this->returnValue(['field' => 1]));
$operationName = 'soapOperation';
$className = 'Magento\\Framework\\DataObject';
$methodName = 'testMethod';
$isSecure = false;
$aclResources = [['Magento_TestModule::resourceA']];
$this->_apiConfigMock->expects($this->once())->method('getServiceMethodInfo')->with($operationName, $requestedServices)->will($this->returnValue([ServiceMetadata::KEY_CLASS => $className, ServiceMetadata::KEY_METHOD => $methodName, ServiceMetadata::KEY_IS_SECURE => $isSecure, ServiceMetadata::KEY_ACL_RESOURCES => $aclResources]));
$this->_authorizationMock->expects($this->once())->method('isAllowed')->will($this->returnValue(true));
$serviceMock = $this->getMockBuilder($className)->disableOriginalConstructor()->setMethods([$methodName])->getMock();
$serviceResponse = ['foo' => 'bar'];
$serviceMock->expects($this->once())->method($methodName)->will($this->returnValue($serviceResponse));
$this->_objectManagerMock->expects($this->once())->method('get')->with($className)->will($this->returnValue($serviceMock));
$this->_serviceInputProcessorMock->expects($this->once())->method('process')->will($this->returnArgument(2));
/** Execute SUT. */
$this->assertEquals(['result' => $serviceResponse], $this->_handler->__call($operationName, [(object) ['field' => 1]]));
}
/**
* Validate wsdl request
*
* @return void
* @throws \Magento\Framework\Webapi\Exception
*/
protected function validateWsdlRequest()
{
$wsdlParam = \Magento\Webapi\Model\Soap\Server::REQUEST_PARAM_WSDL;
$servicesParam = Request::REQUEST_PARAM_SERVICES;
$requestParams = array_keys($this->_request->getParams());
$allowedParams = [$wsdlParam, $servicesParam];
$notAllowedParameters = array_diff($requestParams, $allowedParams);
if (count($notAllowedParameters)) {
$notAllowed = implode(', ', $notAllowedParameters);
$message = __('Not allowed parameters: %1. Please use only %2 and %3.', $notAllowed, $wsdlParam, $servicesParam);
throw new \Magento\Framework\Webapi\Exception($message);
}
}
/**
* Mock getParam() of request object to return given value.
*
* @param $param
* @param $value
*/
protected function _mockGetParam($param, $value)
{
$this->_requestMock->expects($this->any())->method('getParam')->with($param)->will($this->returnValue($value));
}
/**
* @dataProvider providerTestGetRequestedServicesSuccess
* @param $requestParamServices
* @param $expectedResult
*/
public function testGetRequestedServicesSuccess($requestParamServices, $expectedResult)
{
$requestParams = [\Magento\Webapi\Model\Soap\Server::REQUEST_PARAM_WSDL => true, \Magento\Webapi\Model\Soap\Server::REQUEST_PARAM_SERVICES => $requestParamServices];
$this->request->setParams($requestParams);
$this->assertEquals($expectedResult, $this->request->getRequestedServices());
}
/**
* Initialize dependencies
*
* @param \Magento\Framework\Stdlib\Cookie\CookieReaderInterface $cookieReader
* @param \Magento\Framework\App\AreaList $areaList
* @param \Magento\Framework\Config\ScopeInterface $configScope
* @param \Magento\Framework\Webapi\Rest\Request\DeserializerFactory $deserializerFactory
* @param null|string $uri
*/
public function __construct(\Magento\Framework\Stdlib\Cookie\CookieReaderInterface $cookieReader, \Magento\Framework\App\AreaList $areaList, \Magento\Framework\Config\ScopeInterface $configScope, \Magento\Framework\Webapi\Rest\Request\DeserializerFactory $deserializerFactory, $uri = null)
{
parent::__construct($cookieReader, $areaList, $configScope, $uri);
$this->_deserializerFactory = $deserializerFactory;
}
