Merge pull request #526 from magento-api/S55-Bug-Fixes

[API] Sprint 55 Bug Fixes

Author: Paliarush, Alexander(apaliarush)

app/code/Magento/User/Model/User.php

@@ -470,7 +470,9 @@ public function verifyIdentity($password)
         $result = false;
         if ($this->_encryptor->validateHash($password, $this->getPassword())) {
             if ($this->getIsActive() != '1') {
-                throw new AuthenticationException(__('This account is inactive.'));
+                throw new AuthenticationException(
+                    __('You did not sign in correctly or your account is temporarily disabled.')
+                );
             }
             if (!$this->hasAssigned2Role($this->getId())) {
                 throw new AuthenticationException(__('You need more permissions to access this.'));

app/code/Magento/User/Test/Unit/Model/UserTest.php

@@ -364,7 +364,7 @@ public function testVerifyIdentityInactiveRecord()
         $this->_model->setIsActive(false);
         $this->setExpectedException(
             'Magento\\Framework\\Exception\\AuthenticationException',
-            'This account is inactive.'
+            'You did not sign in correctly or your account is temporarily disabled.'
         );
         $this->_model->verifyIdentity($password);
     }

app/code/Magento/User/i18n/de_DE.csv

@@ -85,7 +85,7 @@ Permissions,Permissions
 "Your password must be at least %1 characters.","Your password must be at least %1 characters."
 "Your password must include both numeric and alphabetic characters.","Your password must include both numeric and alphabetic characters."
 "Your password confirmation must match your password.","Your password confirmation must match your password."
-"This account is inactive.","This account is inactive."
+"You did not sign in correctly or your account is temporarily disabled.","You did not sign in correctly or your account is temporarily disabled."
 "Forgot your user name or password?","Forgot your user name or password?"
 "Retrieve Password","Retrieve Password"
 "Forgot your password?","Forgot your password?"

app/code/Magento/User/i18n/en_US.csv

@@ -85,7 +85,7 @@ Permissions,Permissions
 "Your password must be at least %1 characters.","Your password must be at least %1 characters."
 "Your password must include both numeric and alphabetic characters.","Your password must include both numeric and alphabetic characters."
 "Your password confirmation must match your password.","Your password confirmation must match your password."
-"This account is inactive.","This account is inactive."
+"You did not sign in correctly or your account is temporarily disabled.","You did not sign in correctly or your account is temporarily disabled."
 "Forgot your user name or password?","Forgot your user name or password?"
 "Retrieve Password","Retrieve Password"
 "Forgot your password?","Forgot your password?"

app/code/Magento/User/i18n/es_ES.csv

@@ -85,7 +85,7 @@ Permissions,Permissions
 "Your password must be at least %1 characters.","Your password must be at least %1 characters."
 "Your password must include both numeric and alphabetic characters.","Your password must include both numeric and alphabetic characters."
 "Your password confirmation must match your password.","Your password confirmation must match your password."
-"This account is inactive.","This account is inactive."
+"You did not sign in correctly or your account is temporarily disabled.","You did not sign in correctly or your account is temporarily disabled."
 "Forgot your user name or password?","Forgot your user name or password?"
 "Retrieve Password","Retrieve Password"
 "Forgot your password?","Forgot your password?"

app/code/Magento/User/i18n/fr_FR.csv

@@ -85,7 +85,7 @@ Permissions,Permissions
 "Your password must be at least %1 characters.","Your password must be at least %1 characters."
 "Your password must include both numeric and alphabetic characters.","Your password must include both numeric and alphabetic characters."
 "Your password confirmation must match your password.","Your password confirmation must match your password."
-"This account is inactive.","This account is inactive."
+"You did not sign in correctly or your account is temporarily disabled.","You did not sign in correctly or your account is temporarily disabled."
 "Forgot your user name or password?","Forgot your user name or password?"
 "Retrieve Password","Retrieve Password"
 "Forgot your password?","Forgot your password?"

app/code/Magento/User/i18n/nl_NL.csv

@@ -85,7 +85,7 @@ Permissions,Permissions
 "Your password must be at least %1 characters.","Your password must be at least %1 characters."
 "Your password must include both numeric and alphabetic characters.","Your password must include both numeric and alphabetic characters."
 "Your password confirmation must match your password.","Your password confirmation must match your password."
-"This account is inactive.","This account is inactive."
+"You did not sign in correctly or your account is temporarily disabled.","You did not sign in correctly or your account is temporarily disabled."
 "Forgot your user name or password?","Forgot your user name or password?"
 "Retrieve Password","Retrieve Password"
 "Forgot your password?","Forgot your password?"

app/code/Magento/User/i18n/pt_BR.csv

@@ -85,7 +85,7 @@ Permissions,Permissions
 "Your password must be at least %1 characters.","Your password must be at least %1 characters."
 "Your password must include both numeric and alphabetic characters.","Your password must include both numeric and alphabetic characters."
 "Your password confirmation must match your password.","Your password confirmation must match your password."
-"This account is inactive.","This account is inactive."
+"You did not sign in correctly or your account is temporarily disabled.","You did not sign in correctly or your account is temporarily disabled."
 "Forgot your user name or password?","Forgot your user name or password?"
 "Retrieve Password","Retrieve Password"
 "Forgot your password?","Forgot your password?"

app/code/Magento/User/i18n/zh_CN.csv

@@ -85,7 +85,7 @@ Permissions,Permissions
 "Your password must be at least %1 characters.","Your password must be at least %1 characters."
 "Your password must include both numeric and alphabetic characters.","Your password must include both numeric and alphabetic characters."
 "Your password confirmation must match your password.","Your password confirmation must match your password."
-"This account is inactive.","This account is inactive."
+"You did not sign in correctly or your account is temporarily disabled.","You did not sign in correctly or your account is temporarily disabled."
 "Forgot your user name or password?","Forgot your user name or password?"
 "Retrieve Password","Retrieve Password"
 "Forgot your password?","Forgot your password?"

app/code/Magento/User/view/adminhtml/templates/admin/resetforgottenpassword.phtml

@@ -8,7 +8,7 @@
 
 ?>
 
-<form method="post" data-mage-init='{"form": {}, "validation": {}}' action="<?php echo $block->getUrl('*/auth/resetpasswordpost', ['_query' => ['id' => $block->getUserId(), 'token' => $block->getResetPasswordLinkToken()]]); ?>" id="reset-password-form">
+<form method="post" data-mage-init='{"form": {}, "validation": {}}' action="<?php echo $block->getUrl('*/auth/resetpasswordpost', ['_query' => ['id' => $block->getUserId(), 'token' => $block->getResetPasswordLinkToken()]]); ?>" id="reset-password-form" autocomplete="off">
     <fieldset class="admin__fieldset">
         <legend class="admin__legend"><span><?php echo __('Reset a Password'); ?></span></legend><br />
         <input name="form_key" type="hidden" value="<?php echo $block->getFormKey(); ?>" />

app/code/Magento/Webapi/Test/Unit/Model/Authorization/OauthUserContextTest.php

@@ -70,7 +70,7 @@ protected function setUp()
 
         $this->oauthRequestHelper = $this->getMockBuilder('Magento\Framework\Oauth\Helper\Request')
             ->disableOriginalConstructor()
-            ->setMethods(['prepareRequest'])
+            ->setMethods(['prepareRequest', 'getRequestUrl'])
             ->getMock();
 
         $this->oauthService = $this->getMockBuilder('Magento\Framework\Oauth\Oauth')

dev/tests/integration/framework/tests/unit/testsuite/Magento/Test/RequestTest.php

@@ -18,6 +18,7 @@ protected function setUp()
     {
         $this->_model = new \Magento\TestFramework\Request(
             $this->getMock('Magento\Framework\Stdlib\Cookie\CookieReaderInterface'),
+            $this->getMock('Magento\Framework\Stdlib\StringUtils'),
             $this->getMock('Magento\Framework\App\Route\ConfigInterface\Proxy', [], [], '', false),
             $this->getMock('Magento\Framework\App\Request\PathInfoProcessorInterface'),
             $this->getMock('Magento\Framework\ObjectManagerInterface')

lib/internal/Magento/Framework/App/Request/Http.php

@@ -1,7 +1,5 @@
 <?php
 /**
- * Http request
- *
  * Copyright © 2015 Magento. All rights reserved.
  * See COPYING.txt for license details.
  */
@@ -13,7 +11,11 @@
 use Magento\Framework\HTTP\PhpEnvironment\Request;
 use Magento\Framework\ObjectManagerInterface;
 use Magento\Framework\Stdlib\Cookie\CookieReaderInterface;
+use Magento\Framework\Stdlib\StringUtils;
 
+/**
+ * Http request
+ */
 class Http extends Request implements RequestInterface
 {
     /**#@+
@@ -79,6 +81,7 @@ class Http extends Request implements RequestInterface
 
     /**
      * @param CookieReaderInterface $cookieReader
+     * @param StringUtils $converter
      * @param ConfigInterface $routeConfig
      * @param PathInfoProcessorInterface $pathInfoProcessor
      * @param ObjectManagerInterface  $objectManager
@@ -87,13 +90,14 @@ class Http extends Request implements RequestInterface
      */
     public function __construct(
         CookieReaderInterface $cookieReader,
+        StringUtils $converter,
         ConfigInterface $routeConfig,
         PathInfoProcessorInterface $pathInfoProcessor,
         ObjectManagerInterface $objectManager,
         $uri = null,
         $directFrontNames = []
     ) {
-        parent::__construct($cookieReader, $uri);
+        parent::__construct($cookieReader, $converter, $uri);
         $this->routeConfig = $routeConfig;
         $this->pathInfoProcessor = $pathInfoProcessor;
         $this->objectManager = $objectManager;
@@ -302,6 +306,7 @@ public function isAjax()
     public function getDistroBaseUrl()
     {
         $headerHttpHost = $this->getServer('HTTP_HOST');
+        $headerHttpHost = $this->converter->cleanString($headerHttpHost);
         $headerServerPort = $this->getServer('SERVER_PORT');
         $headerScriptName = $this->getServer('SCRIPT_NAME');
         $headerHttps = $this->getServer('HTTPS');

lib/internal/Magento/Framework/App/Test/Unit/HttpTest.php

@@ -65,8 +65,30 @@ class HttpTest extends \PHPUnit_Framework_TestCase
     public function setUp()
     {
         $this->objectManager = new \Magento\Framework\TestFramework\Unit\Helper\ObjectManager($this);
-        $this->requestMock = $this->getMockBuilder('Magento\Framework\App\Request\Http')
+        $cookieReaderMock = $this->getMockBuilder('Magento\Framework\Stdlib\Cookie\CookieReaderInterface')
+            ->disableOriginalConstructor()
+            ->getMock();
+        $routeConfigMock = $this->getMockBuilder('Magento\Framework\App\Route\ConfigInterface\Proxy')
             ->disableOriginalConstructor()
+            ->getMock();
+        $pathInfoProcessorMock = $this->getMockBuilder('Magento\Framework\App\Request\PathInfoProcessorInterface')
+            ->disableOriginalConstructor()
+            ->getMock();
+        $converterMock = $this->getMockBuilder('Magento\Framework\Stdlib\StringUtils')
+            ->disableOriginalConstructor()
+            ->setMethods(['cleanString'])
+            ->getMock();
+        $objectManagerMock = $this->getMockBuilder('Magento\Framework\ObjectManagerInterface')
+            ->disableOriginalConstructor()
+            ->getMock();
+        $this->requestMock = $this->getMockBuilder('Magento\Framework\App\Request\Http')
+            ->setConstructorArgs([
+                'cookieReader' => $cookieReaderMock,
+                'converter' => $converterMock,
+                'routeConfig' => $routeConfigMock,
+                'pathInfoProcessor' => $pathInfoProcessorMock,
+                'objectManager' => $objectManagerMock
+            ])
             ->setMethods(['getFrontName'])
             ->getMock();
         $this->areaListMock = $this->getMockBuilder('Magento\Framework\App\AreaList')

lib/internal/Magento/Framework/App/Test/Unit/Request/HttpTest.php

@@ -36,6 +36,11 @@ class HttpTest extends \PHPUnit_Framework_TestCase
      */
     protected $objectManager;
 
+    /**
+     * @var \Magento\Framework\Stdlib\StringUtils  | \PHPUnit_Framework_MockObject_MockObject
+     */
+    protected $converterMock;
+
     /**
      * @var array
      */
@@ -54,6 +59,11 @@ protected function setUp()
         $this->_infoProcessorMock = $this->getMock('Magento\Framework\App\Request\PathInfoProcessorInterface');
         $this->_infoProcessorMock->expects($this->any())->method('process')->will($this->returnArgument(1));
         $this->objectManager = $this->getMock('Magento\Framework\ObjectManagerInterface');
+        $this->converterMock = $this->getMockBuilder('Magento\Framework\Stdlib\StringUtils')
+            ->disableOriginalConstructor()
+            ->setMethods(['cleanString'])
+            ->getMock();
+        $this->converterMock->expects($this->any())->method('cleanString')->will($this->returnArgument(0));
 
         // Stash the $_SERVER array to protect it from modification in test
         $this->serverArray = $_SERVER;
@@ -76,6 +86,7 @@ private function getModel($uri = null)
                 'routeConfig' => $this->_routerListMock,
                 'pathInfoProcessor' => $this->_infoProcessorMock,
                 'objectManager' => $this->objectManager,
+                'converter' => $this->converterMock,
                 'uri' => $uri,
             ]
         );

lib/internal/Magento/Framework/HTTP/PhpEnvironment/Request.php

@@ -6,6 +6,7 @@
 namespace Magento\Framework\HTTP\PhpEnvironment;
 
 use Magento\Framework\Stdlib\Cookie\CookieReaderInterface;
+use Magento\Framework\Stdlib\StringUtils;
 use Zend\Http\Header\HeaderInterface;
 use Zend\Stdlib\Parameters;
 use Zend\Stdlib\ParametersInterface;
@@ -79,12 +80,19 @@ class Request extends \Zend\Http\PhpEnvironment\Request
      */
     protected $cookieReader;
 
+    /**
+     * @var StringUtils
+     */
+    protected $converter;
+
     /**
      * @param CookieReaderInterface $cookieReader
+     * @param StringUtils $converter
      * @param UriInterface|string|null $uri
      */
     public function __construct(
         CookieReaderInterface $cookieReader,
+        StringUtils $converter,
         $uri = null
     ) {
         $this->cookieReader = $cookieReader;
@@ -103,6 +111,7 @@ public function __construct(
                 throw new \InvalidArgumentException('Invalid URI provided to constructor');
             }
         }
+        $this->converter = $converter;
         parent::__construct();
     }
 
@@ -608,6 +617,7 @@ public function getHeader($name, $default = false)
     public function getHttpHost($trimPort = true)
     {
         $httpHost = $this->getServer('HTTP_HOST');
+        $httpHost = $this->converter->cleanString($httpHost);
         if (empty($httpHost)) {
             return false;
         }

lib/internal/Magento/Framework/HTTP/Test/Unit/PhpEnvironment/RequestTest.php

@@ -26,6 +26,11 @@ class RequestTest extends \PHPUnit_Framework_TestCase
      */
     private $cookieReader;
 
+    /**
+     * @var \Magento\Framework\Stdlib\StringUtils | \PHPUnit_Framework_MockObject_MockObject
+     */
+    private $converter;
+
     /**
      * @var array
      */
@@ -35,6 +40,7 @@ protected function setUp()
     {
         $this->objectManager = $this->getMock('Magento\Framework\ObjectManagerInterface');
         $this->cookieReader = $this->getMock('Magento\Framework\Stdlib\Cookie\CookieReaderInterface');
+        $this->converter = $this->getMock('Magento\Framework\Stdlib\StringUtils');
         // Stash the $_SERVER array to protect it from modification in test
         $this->serverArray = $_SERVER;
     }
@@ -46,7 +52,7 @@ public function tearDown()
 
     private function getModel($uri = null)
     {
-        return new Request($this->cookieReader, $uri);
+        return new Request($this->cookieReader, $this->converter, $uri);
     }
 
     public function testSetPathInfoWithNullValue()

lib/internal/Magento/Framework/Webapi/Request.php

@@ -12,24 +12,27 @@
 use Magento\Framework\Config\ScopeInterface;
 use Magento\Framework\HTTP\PhpEnvironment\Request as HttpRequest;
 use Magento\Framework\Stdlib\Cookie\CookieReaderInterface;
+use Magento\Framework\Stdlib\StringUtils;
 
 class Request extends HttpRequest implements RequestInterface
 {
     /**
      * Modify pathInfo: strip down the front name and query parameters.
      *
+     * @param CookieReaderInterface $cookieReader
+     * @param StringUtils $converter
      * @param AreaList $areaList
      * @param ScopeInterface $configScope
-     * @param CookieReaderInterface $cookieReader
      * @param null|string|\Zend_Uri $uri
      */
     public function __construct(
         CookieReaderInterface $cookieReader,
+        StringUtils $converter,
         AreaList $areaList,
         ScopeInterface $configScope,
         $uri = null
     ) {
-        parent::__construct($cookieReader, $uri);
+        parent::__construct($cookieReader, $converter, $uri);
 
         $pathInfo = $this->getRequestUri();
         /** Remove base url and area from path */

lib/internal/Magento/Framework/Webapi/Rest/Request.php

@@ -48,19 +48,21 @@ class Request extends \Magento\Framework\Webapi\Request
      * Initialize dependencies
      *
      * @param \Magento\Framework\Stdlib\Cookie\CookieReaderInterface $cookieReader
+     * @param \Magento\Framework\Stdlib\StringUtils $converter
      * @param \Magento\Framework\App\AreaList $areaList
      * @param \Magento\Framework\Config\ScopeInterface $configScope
      * @param \Magento\Framework\Webapi\Rest\Request\DeserializerFactory $deserializerFactory
      * @param null|string $uri
      */
     public function __construct(
         \Magento\Framework\Stdlib\Cookie\CookieReaderInterface $cookieReader,
+        \Magento\Framework\Stdlib\StringUtils $converter,
         \Magento\Framework\App\AreaList $areaList,
         \Magento\Framework\Config\ScopeInterface $configScope,
         \Magento\Framework\Webapi\Rest\Request\DeserializerFactory $deserializerFactory,
         $uri = null
     ) {
-        parent::__construct($cookieReader, $areaList, $configScope, $uri);
+        parent::__construct($cookieReader, $converter, $areaList, $configScope, $uri);
         $this->_deserializerFactory = $deserializerFactory;
     }
 

lib/internal/Magento/Framework/Webapi/Test/Unit/Rest/RequestTest.php

@@ -38,10 +38,14 @@ protected function setUp()
         /** Instantiate request. */
         // TODO: Get rid of SUT mocks.
         $this->_cookieManagerMock = $this->getMock('Magento\Framework\Stdlib\CookieManagerInterface');
+        $converterMock = $this->getMockBuilder('Magento\Framework\Stdlib\StringUtils')
+            ->disableOriginalConstructor()
+            ->setMethods(['cleanString'])
+            ->getMock();
         $this->_request = $this->getMock(
             'Magento\Framework\Webapi\Rest\Request',
             ['getHeader', 'getMethod', 'isGet', 'isPost', 'isPut', 'isDelete', 'getContent'],
-            [$this->_cookieManagerMock, $areaListMock, $configScopeMock, $this->_deserializerFactory, ]
+            [$this->_cookieManagerMock, $converterMock, $areaListMock, $configScopeMock, $this->_deserializerFactory]
         );
 
         parent::setUp();

pub/get.php

@@ -27,7 +27,12 @@
     return $isResourceAllowed;
 };
 
-$request = new \Magento\MediaStorage\Model\File\Storage\Request(new Request(new PhpCookieReader()));
+$request = new \Magento\MediaStorage\Model\File\Storage\Request(
+    new Request(
+        new PhpCookieReader(),
+        new Magento\Framework\Stdlib\StringUtils()
+    )
+);
 $relativePath = $request->getPathInfo();
 if (file_exists($configCacheFile) && is_readable($configCacheFile)) {
     $config = json_decode(file_get_contents($configCacheFile), true);

setup/view/magento/setup/add-database.phtml

@@ -51,6 +51,7 @@
     novalidate
     name="database"
     role="form"
+    autocomplete="off"
     >
 
 <?php

setup/view/magento/setup/create-admin-account.phtml

@@ -49,6 +49,7 @@ $passwordWizard = sprintf(
     novalidate
     name="account"
     role="form"
+    autocomplete="off"
     >
 
     <div