CIF-2097 - Consume the configured custom HTTP headers in MagentoGraphqlClient

bundles/core/src/main/java/com/adobe/cq/commerce/core/components/client/DeniedHttpHeaders.java

@@ -0,0 +1,77 @@
+/*
+ *  Copyright 2021 Adobe. All rights reserved.
+ *
+ *   This file is licensed to you under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
+ */
+
+package com.adobe.cq.commerce.core.components.client;
+
+import java.util.Set;
+
+import com.google.common.collect.ImmutableSet;
+
+public interface DeniedHttpHeaders {
+    /**
+     * A list of HTTP headers that cannot be overriden when configuring a list of custom HTTP headers
+     */
+    final Set<String> DENYLIST = ImmutableSet.of(org.apache.http.HttpHeaders.ACCEPT,
+        org.apache.http.HttpHeaders.ACCEPT_CHARSET,
+        org.apache.http.HttpHeaders.ACCEPT_ENCODING,
+        org.apache.http.HttpHeaders.ACCEPT_LANGUAGE,
+        org.apache.http.HttpHeaders.ACCEPT_RANGES,
+        org.apache.http.HttpHeaders.AGE,
+        org.apache.http.HttpHeaders.ALLOW,
+        org.apache.http.HttpHeaders.AUTHORIZATION,
+        org.apache.http.HttpHeaders.CACHE_CONTROL,
+        org.apache.http.HttpHeaders.CONNECTION,
+        org.apache.http.HttpHeaders.CONTENT_ENCODING,
+        org.apache.http.HttpHeaders.CONTENT_LANGUAGE,
+        org.apache.http.HttpHeaders.CONTENT_LENGTH,
+        org.apache.http.HttpHeaders.CONTENT_LOCATION,
+        org.apache.http.HttpHeaders.CONTENT_MD5,
+        org.apache.http.HttpHeaders.CONTENT_RANGE,
+        org.apache.http.HttpHeaders.CONTENT_TYPE,
+        org.apache.http.HttpHeaders.DATE,
+        org.apache.http.HttpHeaders.DAV,
+        org.apache.http.HttpHeaders.DEPTH,
+        org.apache.http.HttpHeaders.DESTINATION,
+        org.apache.http.HttpHeaders.ETAG,
+        org.apache.http.HttpHeaders.EXPECT,
+        org.apache.http.HttpHeaders.EXPIRES,
+        org.apache.http.HttpHeaders.FROM,
+        org.apache.http.HttpHeaders.HOST,
+        org.apache.http.HttpHeaders.IF,
+        org.apache.http.HttpHeaders.IF_MATCH,
+        org.apache.http.HttpHeaders.IF_MODIFIED_SINCE,
+        org.apache.http.HttpHeaders.IF_NONE_MATCH,
+        org.apache.http.HttpHeaders.IF_RANGE,
+        org.apache.http.HttpHeaders.IF_UNMODIFIED_SINCE,
+        org.apache.http.HttpHeaders.LAST_MODIFIED,
+        org.apache.http.HttpHeaders.LOCATION,
+        org.apache.http.HttpHeaders.LOCK_TOKEN,
+        org.apache.http.HttpHeaders.MAX_FORWARDS,
+        org.apache.http.HttpHeaders.OVERWRITE,
+        org.apache.http.HttpHeaders.PRAGMA,
+        org.apache.http.HttpHeaders.PROXY_AUTHENTICATE,
+        org.apache.http.HttpHeaders.PROXY_AUTHORIZATION,
+        org.apache.http.HttpHeaders.RANGE,
+        org.apache.http.HttpHeaders.REFERER,
+        org.apache.http.HttpHeaders.RETRY_AFTER,
+        org.apache.http.HttpHeaders.SERVER,
+        org.apache.http.HttpHeaders.STATUS_URI,
+        org.apache.http.HttpHeaders.TE,
+        org.apache.http.HttpHeaders.TIMEOUT,
+        org.apache.http.HttpHeaders.TRAILER,
+        org.apache.http.HttpHeaders.TRANSFER_ENCODING,
+        org.apache.http.HttpHeaders.UPGRADE,
+        org.apache.http.HttpHeaders.USER_AGENT,
+        org.apache.http.HttpHeaders.VARY,
+        org.apache.http.HttpHeaders.VIA,
+        org.apache.http.HttpHeaders.WARNING,
+        org.apache.http.HttpHeaders.WWW_AUTHENTICATE,
+        "Store",
+        "Preview-Version");
+}

bundles/core/src/main/java/com/adobe/cq/commerce/core/components/client/MagentoGraphqlClient.java

@@ -16,9 +16,13 @@
 
 import java.time.OffsetDateTime;
 import java.util.ArrayList;
+import java.util.Arrays;
 import java.util.Calendar;
 import java.util.List;
+import java.util.Map;
+import java.util.Objects;
 import java.util.TimeZone;
+import java.util.stream.Collectors;
 
 import javax.servlet.http.Cookie;
 
@@ -69,6 +73,8 @@ public class MagentoGraphqlClient {
 
     private RequestOptions requestOptions;
 
+    private List<Header> httpHeaders;
+
     /**
      * Instantiates and returns a new MagentoGraphqlClient.
      * This method returns <code>null</code> if the client cannot be instantiated.<br>
@@ -150,6 +156,7 @@ private MagentoGraphqlClient(Resource resource, Page page, SlingHttpServletReque
             graphqlClient = configurationResource.adaptTo(GraphqlClient.class);
         } else {
             LOGGER.debug("Crafting a configuration resource and attempting to get a GraphQL client from it...");
+
             // The Context-Aware Configuration API does return a ValueMap with all the collected properties from /conf and /libs,
             // but if you ask it for a resource via ConfigurationResourceResolver#getConfigurationResource() you get the resource that
             // resolves first (e.g. /conf/.../settings/cloudonfigs/commerce). This resource might not contain the properties
@@ -171,7 +178,7 @@ private MagentoGraphqlClient(Resource resource, Page page, SlingHttpServletReque
             .withDataFetchingPolicy(DataFetchingPolicy.CACHE_FIRST);
         requestOptions.withCachingStrategy(cachingStrategy);
 
-        List<Header> headers = new ArrayList<>();
+        List<Header> headers = configuration.size() > 0 ? getCustomHttpHeaders(configuration) : new ArrayList<>();
 
         String storeCode;
         if (configuration.size() > 0) {
@@ -215,6 +222,30 @@ private MagentoGraphqlClient(Resource resource, Page page, SlingHttpServletReque
         if (!headers.isEmpty()) {
             requestOptions.withHeaders(headers);
         }
+
+        this.httpHeaders = headers;
+    }
+
+    private List<Header> getCustomHttpHeaders(ComponentsConfiguration configuration) {
+        List<Header> headers = new ArrayList<>();
+
+        String[] customHeaders = configuration.get("httpHeaders", String[].class);
+
+        if (customHeaders != null) {
+            headers = Arrays.stream(customHeaders)
+                .map(headerConfig -> {
+                    String name = headerConfig.substring(0, headerConfig.indexOf('='));
+                    if (DeniedHttpHeaders.DENYLIST.stream().noneMatch(name::equalsIgnoreCase)) {
+                        String value = headerConfig.substring(headerConfig.indexOf('=') + 1, headerConfig.length());
+                        return new BasicHeader(name, value);
+                    }
+                    return null;
+                })
+                .filter(Objects::nonNull)
+                .collect(Collectors.toList());
+        }
+
+        return headers;
     }
 
     private Long getTimeWarpEpoch(SlingHttpServletRequest request) {
@@ -272,6 +303,15 @@ public GraphqlClientConfiguration getConfiguration() {
         return graphqlClient.getConfiguration();
     }
 
+    /**
+     * Returns the list of custom HTTP headers used by the GraphQL client.
+     * 
+     * @return a {@link Map} with header names as keys and header values as values
+     */
+    public Map<String, String> getHttpHeaders() {
+        return httpHeaders.stream().collect(Collectors.toMap(Header::getName, Header::getValue));
+    }
+
     private String readFallBackConfiguration(Resource resource, String propertyName) {
 
         InheritanceValueMap properties;

bundles/core/src/main/java/com/adobe/cq/commerce/core/components/client/package-info.java

@@ -12,7 +12,7 @@
  *
  ******************************************************************************/
 
-@Version("1.6.0")
+@Version("1.7.0")
 package com.adobe.cq.commerce.core.components.client;
 
 import org.osgi.annotation.versioning.Version;

bundles/core/src/main/java/com/adobe/cq/commerce/core/components/internal/models/v1/storeconfigexporter/StoreConfigExporterImpl.java

@@ -14,6 +14,10 @@
 
 package com.adobe.cq.commerce.core.components.internal.models.v1.storeconfigexporter;
 
+import java.util.List;
+import java.util.Map;
+import java.util.stream.Collectors;
+
 import javax.annotation.PostConstruct;
 import javax.inject.Inject;
 
@@ -56,6 +60,7 @@ public class StoreConfigExporterImpl implements StoreConfigExporter {
     private String graphqlEndpoint = "/magento/graphql";
     private HttpMethod method = HttpMethod.POST;
     private Page storeRootPage;
+    private Map<String, String> httpHeaders;
 
     @PostConstruct
     void initModel() {
@@ -70,6 +75,7 @@ void initModel() {
         if (magentoGraphqlClient != null) {
             GraphqlClientConfiguration graphqlClientConfiguration = magentoGraphqlClient.getConfiguration();
             method = graphqlClientConfiguration.httpMethod();
+            httpHeaders = magentoGraphqlClient.getHttpHeaders();
         }
     }
 
@@ -88,6 +94,11 @@ public String getMethod() {
         return method.toString();
     }
 
+    public List<String> getHttpHeaders() {
+        return httpHeaders.entrySet().stream().map(entry -> new String(entry.getKey() + "=" + entry.getValue()))
+            .collect(Collectors.toList());
+    }
+
     @Override
     public String getStoreRootUrl() {
         if (storeRootPage == null) {

bundles/core/src/test/java/com/adobe/cq/commerce/core/components/client/MagentoGraphqlClientTest.java

@@ -105,6 +105,34 @@ private void executeAndCheck(boolean withStoreHeader, MagentoGraphqlClient clien
         Mockito.verify(graphqlClient).execute(Mockito.any(), Mockito.any(), Mockito.any(), Mockito.argThat(matcher));
     }
 
+    @Test
+    public void testCustomHeaders() {
+
+        List<Header> expectedHeaders = new ArrayList<>();
+        expectedHeaders.add(new BasicHeader("Store", "my-store"));
+        expectedHeaders.add(new BasicHeader("customHeader-1", "value1"));
+        expectedHeaders.add(new BasicHeader("customHeader-2", "value2"));
+        expectedHeaders.add(new BasicHeader("customHeader-3", "=value3=3=3=3=3"));
+
+        ValueMap MOCK_CONFIGURATION_CUSTOM_HEADERS = new ValueMapDecorator(ImmutableMap.of("cq:graphqlClient", "default", "magentoStore",
+            "my-store", "httpHeaders", new String[] { "customHeader-1=value1", "customHeader-2=value2", "customHeader-3==value3=3=3=3=3",
+                "Authorization=099sx8x7v1" }));
+        ComponentsConfiguration MOCK_CONFIGURATION_OBJECT = new ComponentsConfiguration(MOCK_CONFIGURATION_CUSTOM_HEADERS);
+
+        Page pageWithConfig = Mockito.spy(context.pageManager().getPage(PAGE_A));
+        Resource pageResource = Mockito.spy(pageWithConfig.adaptTo(Resource.class));
+        when(pageWithConfig.adaptTo(Resource.class)).thenReturn(pageResource);
+        when(pageResource.adaptTo(GraphqlClient.class)).thenReturn(graphqlClient);
+        when(pageResource.adaptTo(ComponentsConfiguration.class)).thenReturn(MOCK_CONFIGURATION_OBJECT);
+
+        RequestOptionsMatcher matcher = new RequestOptionsMatcher(expectedHeaders, HttpMethod.GET);
+        MagentoGraphqlClient client = MagentoGraphqlClient.create(pageWithConfig.adaptTo(Resource.class), pageWithConfig);
+        client.execute("{dummy}", HttpMethod.GET);
+        graphqlClient.getConfiguration();
+
+        Mockito.verify(graphqlClient).execute(Mockito.any(), Mockito.any(), Mockito.any(), Mockito.argThat(matcher));
+    }
+
     @Test
     public void testMagentoStorePropertyWithConfigBuilder() {
         Page pageWithConfig = Mockito.spy(context.pageManager().getPage(PAGE_A));
@@ -318,10 +346,16 @@ public boolean matches(Object obj) {
                     return false;
                 }
 
+                List<Header> actualHeaders = requestOptions.getHeaders();
+
+                if (headers.size() != actualHeaders.size()) {
+                    return false;
+                }
+
                 for (Header header : headers) {
-                    if (!requestOptions.getHeaders()
+                    if (actualHeaders
                         .stream()
-                        .anyMatch(h -> h.getName()
+                        .noneMatch(h -> h.getName()
                             .equals(header.getName()) && h.getValue()
                                 .equals(header.getValue()))) {
                         return false;

bundles/core/src/test/java/com/adobe/cq/commerce/core/components/internal/models/v1/storeconfigexporter/StoreConfigExporterTest.java

@@ -43,7 +43,7 @@ public class StoreConfigExporterTest {
 
     private static final ValueMap MOCK_CONFIGURATION = new ValueMapDecorator(
         ImmutableMap.of("magentoGraphqlEndpoint", "/my/magento/graphql", "magentoStore", "my-magento-store", "cq:graphqlClient",
-            "my-graphql-client"));
+            "my-graphql-client", "httpHeaders", new String[] { "customHeader-1=value1", "customHeader-2=value2" }));
     private static final ComponentsConfiguration MOCK_CONFIGURATION_OBJECT = new ComponentsConfiguration(MOCK_CONFIGURATION);
 
     @Rule
@@ -122,6 +122,15 @@ public void testGetStoreRootUrl() {
         Assert.assertEquals("/content/pageB.html", storeConfigExporter.getStoreRootUrl());
     }
 
+    @Test
+    public void testCustomHttpHeaders() {
+        String[] expectedHeaders = new String[] { "Store=my-magento-store", "customHeader-1=value1", "customHeader-2=value2" };
+        setupWithPage("/content/pageH", HttpMethod.POST);
+        StoreConfigExporterImpl storeConfigExporter = context.request().adaptTo(StoreConfigExporterImpl.class);
+        String[] actualHeaders = storeConfigExporter.getHttpHeaders().stream().sorted().toArray(String[]::new);
+        Assert.assertArrayEquals("The custom HTTP headers are correctly parsed", expectedHeaders, actualHeaders);
+    }
+
     private void setupWithPage(String pagePath, HttpMethod method) {
         Page page = context.pageManager().getPage(pagePath);
         SlingBindings slingBindings = (SlingBindings) context.request().getAttribute(SlingBindings.class.getName());

ui.apps/src/main/content/jcr_root/apps/core/cif/components/structure/page/v1/page/page.html

@@ -1,15 +1,15 @@
 <!--/*~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-  ~ 
+  ~
   ~ Copyright 2019 Adobe. All rights reserved.
   ~ This file is licensed to you under the Apache License, Version 2.0 (the "License");
   ~ you may not use this file except in compliance with the License. You may obtain a copy
   ~ of the License at http://www.apache.org/licenses/LICENSE-2.0
-  ~ 
+  ~
   ~ Unless required by applicable law or agreed to in writing, software distributed under
   ~ the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR REPRESENTATIONS
   ~ OF ANY KIND, either express or implied. See the License for the specific language
   ~ governing permissions and limitations under the License.
-  ~ 
+  ~
   ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~*/-->
 <!DOCTYPE html>
 <html
@@ -21,14 +21,15 @@
     data-sly-use.redirect="redirect.html"
 >
     <head data-sly-call="${head.head @ page = page}"></head>
-    <body 
+    <body
         id="${page.id}"
-        class="${page.cssClassNames}" 
-        data-store-view="${storeView.storeView}" 
+        class="${page.cssClassNames}"
+        data-store-view="${storeView.storeView}"
         data-store-root-url="${storeView.storeRootUrl}"
         data-cmp-data-layer-enabled="${page.data ? true : false}"
         data-graphql-endpoint="${storeView.graphqlEndpoint}"
-        data-graphql-method="${storeView.method}">
+        data-graphql-method="${storeView.method}"
+        data-http-headers="${storeView.httpHeaders}">
         <script data-sly-test.dataLayerEnabled="${page.data}">
             window.adobeDataLayer = window.adobeDataLayer || [];
             adobeDataLayer.push({