Merge remote-tracking branch 'mainline/2.3-develop' into MAGETWO-55806

Author: eug123

SECURITY.md

@@ -0,0 +1,10 @@
+# Reporting Security Issues
+
+Magento values the contributions of the security research community, and we look forward to working with you to minimize risk to Magento merchants. 
+
+## Where should I report security issues?
+
+We strongly encourage you to report all security issues privately via our [bug bounty program](https://hackerone.com/magento).  Please provide us with relevant technical details and repro steps to expedite our investigation.  If you prefer not to use HackerOne, email us directly at `psirt@adobe.com` with details and repro steps.  
+
+## Learning More About Security
+To learn more about securing a Magento store, please visit the [Security Center](https://magento.com/security).

app/code/Magento/Customer/view/frontend/layout/customer_account_forgotpassword.xml

@@ -7,7 +7,7 @@
 -->
 <page xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" layout="1column" xsi:noNamespaceSchemaLocation="urn:magento:framework:View/Layout/etc/page_configuration.xsd">
     <head>
-        <title>Forgot Your Password</title>
+        <title>Forgot Your Password?</title>
     </head>
     <body>
         <referenceBlock name="root">

app/code/Magento/Deploy/Service/DeployPackage.php

@@ -107,6 +107,8 @@ function () use ($package, $options, $skipLogging) {
     }
 
     /**
+     * Execute package deploy procedure when area already emulated
+     *
      * @param Package $package
      * @param array $options
      * @param bool $skipLogging
@@ -136,7 +138,9 @@ public function deployEmulated(Package $package, array $options, $skipLogging =
                 $this->errorsCount++;
                 $this->logger->critical($errorMessage);
             } catch (\Exception $exception) {
-                $this->logger->critical($exception->getTraceAsString());
+                $this->logger->critical(
+                    'Compilation from source ' . $file->getSourcePath() . ' failed' . PHP_EOL . (string)$exception
+                );
                 $this->errorsCount++;
             }
         }
@@ -219,7 +223,9 @@ private function checkIfCanCopy(PackageFile $file, Package $package, Package $pa
     private function checkFileSkip($filePath, array $options)
     {
         if ($filePath !== '.') {
+            // phpcs:ignore Magento2.Functions.DiscouragedFunction
             $ext = strtolower(pathinfo($filePath, PATHINFO_EXTENSION));
+            // phpcs:ignore Magento2.Functions.DiscouragedFunction
             $basename = pathinfo($filePath, PATHINFO_BASENAME);
             if ($ext === 'less' && strpos($basename, '_') === 0) {
                 return true;

app/design/frontend/Magento/luma/Magento_Customer/layout/customer_account.xml

@@ -7,52 +7,12 @@
 -->
 <page layout="2columns-left" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="urn:magento:framework:View/Layout/etc/page_configuration.xsd">
     <body>
-        <referenceContainer name="sidebar.main">
-            <block class="Magento\Framework\View\Element\Template" name="customer_account_navigation_block" template="Magento_Theme::html/collapsible.phtml" before="-">
-                <arguments>
-                    <argument name="block_title" translate="true" xsi:type="string">My Account</argument>
-                    <argument name="block_css" xsi:type="string">block-collapsible-nav</argument>
-                </arguments>
-                <block class="Magento\Customer\Block\Account\Navigation" name="customer_account_navigation" before="-">
-                    <arguments>
-                        <argument name="css_class" xsi:type="string">nav items</argument>
-                    </arguments>
-                    <block class="Magento\Customer\Block\Account\SortLinkInterface" name="customer-account-navigation-account-link">
-                        <arguments>
-                            <argument name="label" xsi:type="string" translate="true">My Account</argument>
-                            <argument name="path" xsi:type="string">customer/account</argument>
-                            <argument name="sortOrder" xsi:type="number">250</argument>
-                        </arguments>
-                    </block>
-                    <block class="Magento\Customer\Block\Account\Delimiter" name="customer-account-navigation-delimiter-1"
-                           template="Magento_Customer::account/navigation-delimiter.phtml">
-                        <arguments>
-                            <argument name="sortOrder" xsi:type="number">200</argument>
-                        </arguments>
-                    </block>
-                    <block class="Magento\Customer\Block\Account\SortLinkInterface" name="customer-account-navigation-address-link">
-                        <arguments>
-                            <argument name="label" xsi:type="string" translate="true">Address Book</argument>
-                            <argument name="path" xsi:type="string">customer/address</argument>
-                            <argument name="sortOrder" xsi:type="number">190</argument>
-                        </arguments>
-                    </block>
-                    <block class="Magento\Customer\Block\Account\SortLinkInterface" name="customer-account-navigation-account-edit-link">
-                        <arguments>
-                            <argument name="label" xsi:type="string" translate="true">Account Information</argument>
-                            <argument name="path" xsi:type="string">customer/account/edit</argument>
-                            <argument name="sortOrder" xsi:type="number">180</argument>
-                        </arguments>
-                    </block>
-                    <block class="Magento\Customer\Block\Account\Delimiter" name="customer-account-navigation-delimiter-2"
-                           template="Magento_Customer::account/navigation-delimiter.phtml">
-                        <arguments>
-                            <argument name="sortOrder" xsi:type="number">130</argument>
-                        </arguments>
-                    </block>
-                </block>
-            </block>
-        </referenceContainer>
+        <referenceBlock name="sidebar.main.account_nav">
+            <arguments>
+                <argument name="block_title" translate="true" xsi:type="string">My Account</argument>
+                <argument name="block_css" xsi:type="string">block-collapsible-nav</argument>
+            </arguments>
+        </referenceBlock>
         <move element="page.main.title" destination="content.top" before="-"/>
     </body>
 </page>

dev/tests/integration/testsuite/Magento/AuthorizenetGraphQl/Model/Resolver/Customer/PlaceOrderWithAuthorizeNetTest.php

@@ -0,0 +1,183 @@
+<?php
+/**
+ * Copyright © Magento, Inc. All rights reserved.
+ * See COPYING.txt for license details.
+ */
+declare(strict_types=1);
+
+namespace Magento\AuthorizenetGraphQl\Model\Resolver\Customer;
+
+use Magento\Framework\App\Request\Http;
+use Magento\Framework\Serialize\SerializerInterface;
+use Magento\GraphQl\Controller\GraphQl;
+use Magento\GraphQl\Quote\GetMaskedQuoteIdByReservedOrderId;
+use Magento\Integration\Api\CustomerTokenServiceInterface;
+use Magento\Framework\Webapi\Request;
+use Magento\TestFramework\Helper\Bootstrap;
+use Magento\Framework\HTTP\ZendClient;
+use Magento\Framework\HTTP\ZendClientFactory;
+use Magento\TestFramework\ObjectManager;
+use PHPUnit\Framework\MockObject\Builder\InvocationMocker;
+use Magento\Payment\Gateway\Data\PaymentDataObjectFactory;
+use PHPUnit\Framework\MockObject\MockObject;
+use Magento\Quote\Model\Quote\PaymentFactory;
+use PHPUnit\Framework\TestCase;
+use Zend_Http_Response;
+
+/**
+ * Tests end to end Place Order process for customer via authorizeNet
+ *
+ * @magentoAppArea graphql
+ * @magentoDbIsolation disabled
+ * @SuppressWarnings(PHPMD.CouplingBetweenObjects)
+ */
+class PlaceOrderWithAuthorizeNetTest extends TestCase
+{
+    const CONTENT_TYPE = 'application/json';
+
+    /** @var  ObjectManager */
+    private $objectManager;
+
+    /** @var  GetMaskedQuoteIdByReservedOrderId */
+    private $getMaskedQuoteIdByReservedOrderId;
+
+    /** @var SerializerInterface */
+    private $jsonSerializer;
+
+    /** @var Http */
+    private $request;
+
+    /** @var ZendClient|MockObject|InvocationMocker */
+    private $clientMock;
+
+    /** @var  CustomerTokenServiceInterface */
+    private $customerTokenService;
+
+    /** @var Zend_Http_Response */
+    protected $responseMock;
+
+    /** @var  PaymentFactory */
+    private $paymentFactory;
+
+    protected function setUp() : void
+    {
+        $this->objectManager = Bootstrap::getObjectManager();
+        $this->jsonSerializer = $this->objectManager->get(SerializerInterface::class);
+        $this->request = $this->objectManager->get(Http::class);
+        $this->getMaskedQuoteIdByReservedOrderId = $this->objectManager->get(GetMaskedQuoteIdByReservedOrderId::class);
+        $this->customerTokenService = $this->objectManager->get(CustomerTokenServiceInterface::class);
+        $this->clientMock = $this->createMock(ZendClient::class);
+        $this->responseMock = $this->createMock(Zend_Http_Response::class);
+        $this->clientMock->method('request')
+            ->willReturn($this->responseMock);
+        $this->clientMock->method('setUri')
+            ->with('https://apitest.authorize.net/xml/v1/request.api');
+        $clientFactoryMock = $this->createMock(ZendClientFactory::class);
+        $clientFactoryMock->method('create')
+            ->willReturn($this->clientMock);
+        /** @var PaymentDataObjectFactory $paymentFactory */
+        $this->paymentFactory = $this->objectManager->get(PaymentDataObjectFactory::class);
+        $this->objectManager->addSharedInstance($clientFactoryMock, ZendClientFactory::class);
+    }
+
+    /**
+     * @magentoConfigFixture default_store payment/authorizenet_acceptjs/active 1
+     * @magentoConfigFixture default_store payment/authorizenet_acceptjs/environment sandbox
+     * @magentoConfigFixture default_store payment/authorizenet_acceptjs/login someusername
+     * @magentoConfigFixture default_store payment/authorizenet_acceptjs/trans_key somepassword
+     * @magentoConfigFixture default_store payment/authorizenet_acceptjs/trans_signature_key abc
+     * @magentoDataFixture Magento/Sales/_files/default_rollback.php
+     * @magentoDataFixture Magento/Customer/_files/customer.php
+     * @magentoDataFixture Magento/AuthorizenetGraphQl/_files/simple_product_authorizenet.php
+     * @magentoDataFixture Magento/GraphQl/Quote/_files/customer/create_empty_cart.php
+     * @magentoDataFixture Magento/AuthorizenetGraphQl/_files/set_new_shipping_address_authorizenet.php
+     * @magentoDataFixture Magento/AuthorizenetGraphQl/_files/set_new_billing_address_authorizenet.php
+     * @magentoDataFixture Magento/AuthorizenetGraphQl/_files/add_simple_products_authorizenet.php
+     * @magentoDataFixture Magento/GraphQl/Quote/_files/set_flatrate_shipping_method.php
+     */
+    public function testDispatchToPlaceOrderWithRegisteredCustomer(): void
+    {
+        $paymentMethod = 'authorizenet_acceptjs';
+        $cartId = $this->getMaskedQuoteIdByReservedOrderId->execute('test_quote');
+        $query
+            = <<<QUERY
+ mutation {
+  setPaymentMethodOnCart(input: {
+      cart_id: "$cartId"
+      payment_method: {
+          code: "$paymentMethod"
+          additional_data:
+         {authorizenet_acceptjs: 
+            {opaque_data_descriptor: "mydescriptor",
+             opaque_data_value: "myvalue",
+             cc_last_4: 1111}}
+      }
+  }) {    
+       cart {
+          selected_payment_method {
+          code
+      }
+    }
+  }
+    placeOrder(input: {cart_id: "$cartId"}) {
+      order {
+        order_id
+      }
+    }
+}
+QUERY;
+        $postData = [
+            'query' => $query,
+            'variables' => null,
+            'operationName' => null
+        ];
+        $this->request->setPathInfo('/graphql');
+        $this->request->setMethod('POST');
+        $this->request->setContent($this->jsonSerializer->serialize($postData));
+        $customerToken = $this->customerTokenService->createCustomerAccessToken('customer@example.com', 'password');
+        $bearerCustomerToken = 'Bearer ' . $customerToken;
+        $webApiRequest = $this->objectManager->get(Request::class);
+        $webApiRequest->getHeaders()->addHeaderLine('Content-Type', 'application/json')
+            ->addHeaderLine('Accept', 'application/json')
+            ->addHeaderLine('Authorization', $bearerCustomerToken);
+        $this->request->setHeaders($webApiRequest->getHeaders());
+        $graphql = $this->objectManager->get(\Magento\GraphQl\Controller\GraphQl::class);
+
+        // phpcs:ignore Magento2.Security.IncludeFile
+        $expectedRequest = include __DIR__ . '/../../../_files/request_authorize_customer.php';
+        // phpcs:ignore Magento2.Security.IncludeFile
+        $authorizeResponse = include __DIR__ . '/../../../_files/response_authorize.php';
+
+        $this->clientMock->method('setRawData')
+            ->with(json_encode($expectedRequest), 'application/json');
+
+        $this->responseMock->method('getBody')->willReturn(json_encode($authorizeResponse));
+
+        $response = $graphql->dispatch($this->request);
+        $responseData = $this->jsonSerializer->unserialize($response->getContent());
+
+        $this->assertArrayNotHasKey('errors', $responseData, 'Response has errors');
+        $this->assertTrue(
+            isset($responseData['data']['setPaymentMethodOnCart']['cart']['selected_payment_method']['code'])
+        );
+        $this->assertEquals(
+            $paymentMethod,
+            $responseData['data']['setPaymentMethodOnCart']['cart']['selected_payment_method']['code']
+        );
+
+        $this->assertTrue(
+            isset($responseData['data']['placeOrder']['order']['order_id'])
+        );
+
+        $this->assertEquals(
+            'test_quote',
+            $responseData['data']['placeOrder']['order']['order_id']
+        );
+    }
+
+    protected function tearDown()
+    {
+        $this->objectManager->removeSharedInstance(ZendClientFactory::class);
+        parent::tearDown();
+    }
+}

dev/tests/integration/testsuite/Magento/GraphQl/Quote/Customer/SetAuthorizenetPaymentMethodOnCustomerCartTest.php renamed to dev/tests/integration/testsuite/Magento/AuthorizenetGraphQl/Model/Resolver/Customer/SetAuthorizeNetPaymentMethodOnCartTest.php

@@ -5,14 +5,15 @@
  */
 declare(strict_types=1);
 
-namespace Magento\GraphQl\Quote\Customer;
+namespace Magento\AuthorizenetGraphQl\Model\Resolver\Customer;
 
 use Magento\Framework\App\Request\Http;
 use Magento\Framework\Serialize\SerializerInterface;
 use Magento\Framework\Webapi\Request;
 use Magento\GraphQl\Quote\GetMaskedQuoteIdByReservedOrderId;
 use Magento\Integration\Api\CustomerTokenServiceInterface;
 use Magento\TestFramework\Helper\Bootstrap;
+use PHPUnit\Framework\TestCase;
 
 /**
  * Tests SetPaymentMethod mutation for customer via authorizeNet payment
@@ -21,7 +22,7 @@
  * @magentoDbIsolation disabled
  * @SuppressWarnings(PHPMD.CouplingBetweenObjects)
  */
-class SetAuthorizenetPaymentMethodOnCustomerCartTest extends \PHPUnit\Framework\TestCase
+class SetAuthorizeNetPaymentMethodOnCartTest extends TestCase
 {
     const CONTENT_TYPE = 'application/json';