MAGETWO-83288: [Backport 2.1] #11825: Generate new FormKey and replace for oldRequestParams Wishlist #12041

Author: ishakhsuvarov

app/code/Magento/Customer/Model/Plugin/CustomerFlushFormKey.php

@@ -0,0 +1,55 @@
+<?php
+/**
+ * Copyright © 2013-2017 Magento, Inc. All rights reserved.
+ * See COPYING.txt for license details.
+ */
+namespace Magento\Customer\Model\Plugin;
+
+use Magento\Customer\Model\Session;
+use Magento\Framework\Data\Form\FormKey as DataFormKey;
+use \Magento\Framework\Event\Observer;
+use Magento\PageCache\Observer\FlushFormKey;
+
+class CustomerFlushFormKey
+{
+    /**
+     * @var Session
+     */
+    private $session;
+
+    /**
+     * @var DataFormKey
+     */
+    private $dataFormKey;
+
+    /**
+     * Initialize dependencies.
+     *
+     * @param Session $session
+     * @param DataFormKey $dataFormKey
+     */
+    public function __construct(Session $session, DataFormKey $dataFormKey)
+    {
+        $this->session = $session;
+        $this->dataFormKey = $dataFormKey;
+    }
+
+    /**
+     * @param FlushFormKey $subject
+     * @param callable $proceed
+     * @param Observer $observer
+     * @return void
+     *
+     * @SuppressWarnings(PHPMD.UnusedFormalParameter)
+     */
+    public function aroundExecute(FlushFormKey $subject, callable $proceed, Observer $observer)
+    {
+        $currentFormKey = $this->dataFormKey->getFormKey();
+        $proceed($observer);
+        $beforeParams = $this->session->getBeforeRequestParams();
+        if ($beforeParams['form_key'] == $currentFormKey) {
+            $beforeParams['form_key'] = $this->dataFormKey->getFormKey();
+            $this->session->setBeforeRequestParams($beforeParams);
+        }
+    }
+}

app/code/Magento/Customer/Test/Unit/Model/Plugin/CustomerFlushFormKeyTest.php

@@ -0,0 +1,106 @@
+<?php
+/**
+ * Copyright © 2013-2017 Magento, Inc. All rights reserved.
+ * See COPYING.txt for license details.
+ */
+namespace Magento\Customer\Test\Unit\Model\Plugin;
+
+use Magento\Customer\Model\Plugin\CustomerFlushFormKey;
+use Magento\Customer\Model\Session;
+use Magento\Framework\App\PageCache\FormKey as CookieFormKey;
+use Magento\Framework\Data\Form\FormKey as DataFormKey;
+use Magento\Framework\Event\Observer;
+use Magento\PageCache\Observer\FlushFormKey;
+use PHPUnit_Framework_TestCase as TestCase;
+use PHPUnit_Framework_MockObject_MockObject as MockObject;
+
+class CustomerFlushFormKeyTest extends TestCase
+{
+    /**
+     * @var CookieFormKey | MockObject
+     */
+    private $cookieFormKey;
+
+    /**
+     * @var Session | MockObject
+     */
+    private $customerSession;
+
+    /**
+     * @var DataFormKey | MockObject
+     */
+    private $dataFormKey;
+
+    protected function setUp()
+    {
+
+        /** @var CookieFormKey | MockObject */
+        $this->cookieFormKey = $this->getMockBuilder(CookieFormKey::class)
+            ->disableOriginalConstructor()
+            ->getMock();
+
+        /** @var DataFormKey | MockObject */
+        $this->dataFormKey = $this->getMockBuilder(DataFormKey::class)
+            ->disableOriginalConstructor()
+            ->getMock();
+
+        /** @var Session | MockObject */
+        $this->customerSession = $this->getMockBuilder(Session::class)
+            ->disableOriginalConstructor()
+            ->setMethods(['getBeforeRequestParams', 'setBeforeRequestParams'])
+            ->getMock();
+
+    }
+
+    /**
+     * @dataProvider aroundFlushFormKeyProvider
+     * @param $beforeFormKey
+     * @param $currentFormKey
+     * @param $getFormKeyTimes
+     * @param $setBeforeParamsTimes
+     */
+    public function testAroundFlushFormKey(
+        $beforeFormKey,
+        $currentFormKey,
+        $getFormKeyTimes,
+        $setBeforeParamsTimes
+    ) {
+        $observerDto = new Observer();
+        $observer = new FlushFormKey($this->cookieFormKey, $this->dataFormKey);
+        $plugin = new CustomerFlushFormKey($this->customerSession, $this->dataFormKey);
+
+        $beforeParams['form_key'] = $beforeFormKey;
+
+        $this->dataFormKey->expects($this->exactly($getFormKeyTimes))
+            ->method('getFormKey')
+            ->willReturn($currentFormKey);
+
+        $this->customerSession->expects($this->once())
+            ->method('getBeforeRequestParams')
+            ->willReturn($beforeParams);
+
+        $this->customerSession->expects($this->exactly($setBeforeParamsTimes))
+            ->method('setBeforeRequestParams')
+            ->with($beforeParams);
+
+        $proceed = function ($observerDto) use ($observer) {
+            return $observer->execute($observerDto);
+        };
+
+        $plugin->aroundExecute($observer, $proceed, $observerDto);
+    }
+
+    /**
+     * Data provider for testAroundFlushFormKey
+     *
+     * @return array
+     */
+    public function aroundFlushFormKeyProvider()
+    {
+        return [
+            'valid form key' => ['form_key_value', 'form_key_value', 2, 1],
+            'corrupted form key' => ['form_old_key_value', 'form_key_value', 1, 0],
+            'missed form key' => [null, 'form_key_value', 1, 0]
+        ];
+    }
+}

app/code/Magento/Customer/etc/di.xml

@@ -313,6 +313,9 @@
     <type name="Magento\Framework\App\Action\AbstractAction">
         <plugin name="customerNotification" type="Magento\Customer\Model\Plugin\CustomerNotification"/>
     </type>
+    <type name="Magento\PageCache\Observer\FlushFormKey">
+        <plugin name="customerFlushFormKey" type="Magento\Customer\Model\Plugin\CustomerFlushFormKey"/>
+    </type>
     <type name="Magento\Customer\Model\Customer\NotificationStorage">
         <arguments>
             <argument name="cache" xsi:type="object">Magento\Customer\Model\Cache\Type\Notification</argument>