ENGCOM-7611: #7213 prevent pointless session start in webapi scope #26032

magento-engcom-team · magento-engcom-team · commit d1124d94aa54 · 2020-07-29T13:28:36.000-05:00
- Merge Pull Request #26032 from maqlec/magento2:issue-7213 - Merged commits: 1. 859307b 2. 8aed39f 3. 4a05e78 4. cfa889e 5. b219c4e 6. c5ad40b 7. fe0bd17 8. ac0dea5 9. ea10595 10. b4a02dd 11. 4f20656 12. 192bc7e 13. f149763 14. ac0f4e6 15. 3e833b3 16. c1f5509 17. edd0ccd 18. 4dac67d 19. 97b235d 20. 16797c3
diff --git a/app/code/Magento/Customer/etc/webapi_rest/di.xml b/app/code/Magento/Customer/etc/webapi_rest/di.xml
@@ -13,7 +13,7 @@
         <arguments>
             <argument name="userContexts" xsi:type="array">
                 <item name="customerSessionUserContext" xsi:type="array">
-                    <item name="type" xsi:type="object">Magento\Customer\Model\Authorization\CustomerSessionUserContext</item>
+                    <item name="type" xsi:type="object">Magento\Customer\Model\Authorization\CustomerSessionUserContext\Proxy</item>
                     <item name="sortOrder" xsi:type="string">20</item>
                 </item>
             </argument>
diff --git a/app/code/Magento/PageCache/etc/di.xml b/app/code/Magento/PageCache/etc/di.xml
@@ -37,9 +37,6 @@
             <argument name="layoutCacheKey" xsi:type="object">Magento\Framework\View\Layout\LayoutCacheKeyInterface</argument>
         </arguments>
     </type>
-    <type name="Magento\Framework\App\FrontControllerInterface">
-        <plugin name="page_cache_from_key_from_cookie" type="Magento\PageCache\Plugin\RegisterFormKeyFromCookie" />
-    </type>
     <type name="Magento\Framework\App\Cache\RuntimeStaleCacheStateModifier">
         <arguments>
             <argument name="cacheTypes" xsi:type="array">
diff --git a/app/code/Magento/PageCache/etc/frontend/di.xml b/app/code/Magento/PageCache/etc/frontend/di.xml
@@ -9,6 +9,7 @@
     <type name="Magento\Framework\App\FrontControllerInterface">
         <plugin name="front-controller-builtin-cache" type="Magento\PageCache\Model\App\FrontController\BuiltinPlugin"/>
         <plugin name="front-controller-varnish-cache" type="Magento\PageCache\Model\App\FrontController\VarnishPlugin"/>
+        <plugin name="page_cache_form_key_from_cookie" type="Magento\PageCache\Plugin\RegisterFormKeyFromCookie" />
     </type>
     <type name="Magento\Framework\Controller\ResultInterface">
         <plugin name="result-builtin-cache" type="Magento\PageCache\Model\Controller\Result\BuiltinPlugin"/>
diff --git a/app/code/Magento/PageCache/etc/graphql/di.xml b/app/code/Magento/PageCache/etc/graphql/di.xml
@@ -0,0 +1,12 @@
+<?xml version="1.0"?>
+<!--
+/**
+ * Copyright © Magento, Inc. All rights reserved.
+ * See COPYING.txt for license details.
+ */
+-->
+<config xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="urn:magento:framework:ObjectManager/etc/config.xsd">
+    <type name="Magento\Framework\App\FrontControllerInterface">
+        <plugin name="page_cache_form_key_from_cookie" type="Magento\PageCache\Plugin\RegisterFormKeyFromCookie" />
+    </type>
+</config>
diff --git a/app/code/Magento/User/etc/webapi_rest/di.xml b/app/code/Magento/User/etc/webapi_rest/di.xml
@@ -10,7 +10,7 @@
         <arguments>
             <argument name="userContexts" xsi:type="array">
                 <item name="adminSessionUserContext" xsi:type="array">
-                    <item name="type" xsi:type="object">Magento\User\Model\Authorization\AdminSessionUserContext</item>
+                    <item name="type" xsi:type="object">Magento\User\Model\Authorization\AdminSessionUserContext\Proxy</item>
                     <item name="sortOrder" xsi:type="string">30</item>
                 </item>
             </argument>
diff --git a/dev/tests/api-functional/testsuite/Magento/Webapi/RestSessionCookieTest.php b/dev/tests/api-functional/testsuite/Magento/Webapi/RestSessionCookieTest.php
@@ -0,0 +1,71 @@
+<?php
+/**
+ * Copyright © Magento, Inc. All rights reserved.
+ * See COPYING.txt for license details.
+ */
+
+namespace Magento\Webapi;
+
+use Magento\Framework\Module\Manager;
+use Magento\TestFramework\Helper\Bootstrap;
+
+/**
+ * Class for RestSessionCookieTest
+ */
+class RestSessionCookieTest extends \Magento\TestFramework\TestCase\WebapiAbstract
+{
+
+    private $moduleManager;
+    private $objectManager;
+
+    /**
+     * @inheritdoc
+     */
+    protected function setUp(): void
+    {
+        $this->objectManager = Bootstrap::getObjectManager();
+        $this->moduleManager = $this->objectManager->get(Manager::class);
+        if ($this->moduleManager->isEnabled('Magento_B2b')) {
+            $this->markTestSkipped('Skipped, because this logic is rewritten on B2B.');
+        }
+    }
+
+    /**
+     * Check for non exist cookie PHPSESSID
+     */
+    public function testRestSessionNoCookie()
+    {
+        $this->_markTestAsRestOnly();
+        /** @var $curlClient CurlClientWithCookies */
+
+        $curlClient = $this->objectManager
+            ->get(\Magento\TestFramework\TestCase\HttpClient\CurlClientWithCookies::class);
+        $phpSessionCookieName =
+            [
+                'cookie_name' => 'PHPSESSID',
+            ];
+
+        $response = $curlClient->get('/rest/V1/directory/countries', []);
+
+        $cookie = $this->findCookie($phpSessionCookieName['cookie_name'], $response['cookies']);
+        $this->assertNull($cookie);
+    }
+
+    /**
+     * Find cookie with given name in the list of cookies
+     *
+     * @param string $cookieName
+     * @param array $cookies
+     * @return $cookie|null
+     * @SuppressWarnings(PHPMD.UnusedLocalVariable)
+     */
+    private function findCookie($cookieName, $cookies)
+    {
+        foreach ($cookies as $cookieIndex => $cookie) {
+            if ($cookie['name'] === $cookieName) {
+                return $cookie;
+            }
+        }
+        return null;
+    }
+}
