#28570: createCustomer does not match validation requirements

Author: michalderlatka

app/code/Magento/CustomerGraphQl/Model/Resolver/UpdateCustomerEmail.php

@@ -1,20 +1,24 @@
 <?php
-
+/**
+ * Copyright © Magento, Inc. All rights reserved.
+ * See COPYING.txt for license details.
+ */
+declare(strict_types=1);
 
 namespace Magento\CustomerGraphQl\Model\Resolver;
 
-
 use Magento\CustomerGraphQl\Model\Customer\ExtractCustomerData;
 use Magento\CustomerGraphQl\Model\Customer\GetCustomer;
 use Magento\CustomerGraphQl\Model\Customer\UpdateCustomerAccount;
 use Magento\Framework\GraphQl\Config\Element\Field;
 use Magento\Framework\GraphQl\Exception\GraphQlAuthorizationException;
-use Magento\Framework\GraphQl\Exception\GraphQlInputException;
-use Magento\Framework\GraphQl\Query\Resolver\ContextInterface;
-use Magento\Framework\GraphQl\Query\Resolver\Value;
 use Magento\Framework\GraphQl\Query\ResolverInterface;
 use Magento\Framework\GraphQl\Schema\Type\ResolveInfo;
+use Magento\GraphQl\Model\Query\ContextInterface;
 
+/**
+ * Customer email update, used for GraphQL request processing
+ */
 class UpdateCustomerEmail implements ResolverInterface
 {
     /**
@@ -55,15 +59,11 @@ public function resolve(
         array $value = null,
         array $args = null
     ) {
-        /** @var \Magento\GraphQl\Model\Query\ContextInterface $context */
+        /** @var ContextInterface $context */
         if (false === $context->getExtensionAttributes()->getIsCustomer()) {
             throw new GraphQlAuthorizationException(__('The current customer isn\'t authorized.'));
         }
 
-        if (empty($args['email']) || empty($args['password'])) {
-            throw new GraphQlInputException(__('"email" and "password" values should be specified'));
-        }
-
         $customer = $this->getCustomer->execute($context);
         $this->updateCustomerAccount->execute(
             $customer,

dev/tests/api-functional/testsuite/Magento/GraphQl/Customer/CreateCustomerTest.php

@@ -116,14 +116,18 @@ public function testCreateCustomerAccountWithoutPassword()
      */
     public function testCreateCustomerIfInputDataIsEmpty()
     {
+        $exceptionMessage = 'Field CustomerCreateInput.email of required type String! was not provided.
+Field CustomerCreateInput.firstname of required type String! was not provided.
+Field CustomerCreateInput.lastname of required type String! was not provided.';
+
         $this->expectException(\Exception::class);
-        $this->expectExceptionMessage('"input" value should be specified');
+        $this->expectExceptionMessage($exceptionMessage);
 
         $query = <<<QUERY
 mutation {
     createCustomer(
         input: {
-        
+
         }
     ) {
         customer {
@@ -144,7 +148,7 @@ public function testCreateCustomerIfInputDataIsEmpty()
     public function testCreateCustomerIfEmailMissed()
     {
         $this->expectException(\Exception::class);
-        $this->expectExceptionMessage('Required parameters are missing: Email');
+        $this->expectExceptionMessage('Field CustomerCreateInput.email of required type String! was not provided');
 
         $newFirstname = 'Richard';
         $newLastname = 'Rowe';
@@ -234,7 +238,7 @@ public function invalidEmailAddressDataProvider(): array
     public function testCreateCustomerIfPassedAttributeDosNotExistsInCustomerInput()
     {
         $this->expectException(\Exception::class);
-        $this->expectExceptionMessage('Field "test123" is not defined by type CustomerInput.');
+        $this->expectExceptionMessage('Field "test123" is not defined by type CustomerCreateInput.');
 
         $newFirstname = 'Richard';
         $newLastname = 'Rowe';

dev/tests/api-functional/testsuite/Magento/GraphQl/Customer/UpdateCustomerEmailTest.php

@@ -0,0 +1,171 @@
+<?php
+/**
+ * Copyright © Magento, Inc. All rights reserved.
+ * See COPYING.txt for license details.
+ */
+declare(strict_types=1);
+
+namespace Magento\GraphQl\Customer;
+
+use Exception;
+use Magento\Customer\Api\CustomerRepositoryInterface;
+use Magento\CustomerGraphQl\Model\Customer\UpdateCustomerAccount;
+use Magento\Framework\Exception\AuthenticationException;
+use Magento\Integration\Api\CustomerTokenServiceInterface;
+use Magento\Store\Api\StoreRepositoryInterface;
+use Magento\TestFramework\Helper\Bootstrap;
+use Magento\TestFramework\TestCase\GraphQlAbstract;
+
+/**
+ * Test for update customer's email
+ */
+class UpdateCustomerEmailTest extends GraphQlAbstract
+{
+    /**
+     * @var CustomerTokenServiceInterface
+     */
+    private $customerTokenService;
+
+    /**
+     * @var CustomerRepositoryInterface
+     */
+    private $customerRepository;
+    /**
+     * @var UpdateCustomerAccount
+     */
+    private $updateCustomerAccount;
+    /**
+     * @var StoreRepositoryInterface
+     */
+    private $storeRepository;
+
+    /**
+     * Setting up tests
+     */
+    protected function setUp(): void
+    {
+        parent::setUp();
+
+        $this->customerTokenService = Bootstrap::getObjectManager()->get(CustomerTokenServiceInterface::class);
+        $this->customerRepository = Bootstrap::getObjectManager()->get(CustomerRepositoryInterface::class);
+        $this->updateCustomerAccount = Bootstrap::getObjectManager()->get(UpdateCustomerAccount::class);
+        $this->storeRepository = Bootstrap::getObjectManager()->get(StoreRepositoryInterface::class);
+    }
+
+    /**
+     * @magentoApiDataFixture Magento/Customer/_files/customer.php
+     */
+    public function testUpdateCustomerEmail(): void
+    {
+        $currentEmail = '[email protected]';
+        $currentPassword = 'password';
+
+        $newEmail = '[email protected]';
+
+        $query = <<<QUERY
+mutation {
+    updateCustomerEmail(
+        email: "{$newEmail}"
+        password: "{$currentPassword}"
+    ) {
+        customer {
+            email
+        }
+    }
+}
+QUERY;
+
+        $response = $this->graphQlMutation(
+            $query,
+            [],
+            '',
+            $this->getCustomerAuthHeaders($currentEmail, $currentPassword)
+        );
+
+        $this->assertEquals($newEmail, $response['updateCustomerEmail']['customer']['email']);
+
+/*        $this->updateCustomerAccount->execute(
+            $this->customerRepository->get($newEmail),
+            ['email' => $currentEmail, 'password' => $currentPassword],
+            $this->storeRepository->getById(1)
+        );*/
+    }
+
+    /**
+     * @magentoApiDataFixture Magento/Customer/_files/customer.php
+     */
+    public function testUpdateCustomerEmailIfPasswordIsWrong(): void
+    {
+        $this->expectException(Exception::class);
+        $this->expectExceptionMessage('Invalid login or password.');
+
+        $currentEmail = '[email protected]';
+        $currentPassword = 'password';
+
+        $newEmail = '[email protected]';
+        $wrongPassword = 'wrongpassword';
+
+        $query = <<<QUERY
+mutation {
+    updateCustomerEmail(
+        email: "{$newEmail}"
+        password: "{$wrongPassword}"
+    ) {
+        customer {
+            email
+        }
+    }
+}
+QUERY;
+
+        $this->graphQlMutation(
+            $query,
+            [],
+            '',
+            $this->getCustomerAuthHeaders($currentEmail, $currentPassword)
+        );
+    }
+
+    /**
+     * @magentoApiDataFixture Magento/Customer/_files/two_customers.php
+     */
+    public function testUpdateEmailIfEmailAlreadyExists()
+    {
+        $this->expectException(Exception::class);
+        $this->expectExceptionMessage(
+            'A customer with the same email address already exists in an associated website.'
+        );
+
+        $currentEmail = '[email protected]';
+        $currentPassword = 'password';
+        $existedEmail = '[email protected]';
+
+        $query = <<<QUERY
+mutation {
+    updateCustomerEmail(
+        email: "{$existedEmail}"
+        password: "{$currentPassword}"
+    ) {
+        customer {
+            firstname
+        }
+    }
+}
+QUERY;
+        $this->graphQlMutation($query, [], '', $this->getCustomerAuthHeaders($currentEmail, $currentPassword));
+    }
+
+    /**
+     * Get customer authorization headers
+     *
+     * @param string $email
+     * @param string $password
+     * @return array
+     * @throws AuthenticationException
+     */
+    private function getCustomerAuthHeaders(string $email, string $password): array
+    {
+        $customerToken = $this->customerTokenService->createCustomerAccessToken($email, $password);
+        return ['Authorization' => 'Bearer ' . $customerToken];
+    }
+}