Validate additional input is present for associated payment method

app/code/Magento/BraintreeGraphQl/Model/BraintreeDataProvider.php

@@ -7,8 +7,8 @@
 
 namespace Magento\BraintreeGraphQl\Model;
 
+use Magento\Framework\GraphQl\Exception\GraphQlInputException;
 use Magento\QuoteGraphQl\Model\Cart\Payment\AdditionalDataProviderInterface;
-use Magento\Framework\Stdlib\ArrayManager;
 
 /**
  * Format Braintree input into value expected when setting payment method
@@ -17,28 +17,21 @@ class BraintreeDataProvider implements AdditionalDataProviderInterface
 {
  private const PATH_ADDITIONAL_DATA = 'braintree';
 
- /**
- * @var ArrayManager
- */
- private $arrayManager;
-
- /**
- * @param ArrayManager $arrayManager
- */
- public function __construct(
- ArrayManager $arrayManager
- ) {
- $this->arrayManager = $arrayManager;
- }
-
  /**
  * Format Braintree input into value expected when setting payment method
  *
  * @param array $args
  * @return array
+ * @throws GraphQlInputException
  */
  public function getData(array $args): array
  {
- return $this->arrayManager->get(static::PATH_ADDITIONAL_DATA, $args) ?? [];
+ if (!isset($args[static::PATH_ADDITIONAL_DATA])) {
+ throw new GraphQlInputException(
+ __('Required parameter "braintree" for "payment_method" is missing.')
+ );
+ }
+
+ return $args[static::PATH_ADDITIONAL_DATA];
  }
 }

app/code/Magento/BraintreeGraphQl/Model/BraintreeVaultDataProvider.php

@@ -7,8 +7,8 @@
 
 namespace Magento\BraintreeGraphQl\Model;
 
+use Magento\Framework\GraphQl\Exception\GraphQlInputException;
 use Magento\QuoteGraphQl\Model\Cart\Payment\AdditionalDataProviderInterface;
-use Magento\Framework\Stdlib\ArrayManager;
 
 /**
  * Format Braintree input into value expected when setting payment method
@@ -17,20 +17,6 @@ class BraintreeVaultDataProvider implements AdditionalDataProviderInterface
 {
  private const PATH_ADDITIONAL_DATA = 'braintree_cc_vault';
 
- /**
- * @var ArrayManager
- */
- private $arrayManager;
-
- /**
- * @param ArrayManager $arrayManager
- */
- public function __construct(
- ArrayManager $arrayManager
- ) {
- $this->arrayManager = $arrayManager;
- }
-
  /**
  * Format Braintree input into value expected when setting payment method
  *
@@ -39,6 +25,12 @@ public function __construct(
  */
  public function getData(array $args): array
  {
- return $this->arrayManager->get(static::PATH_ADDITIONAL_DATA, $args) ?? [];
+ if (!isset($args[static::PATH_ADDITIONAL_DATA])) {
+ throw new GraphQlInputException(
+ __('Required parameter "braintree_cc_vault" for "payment_method" is missing.')
+ );
+ }
+
+ return $args[static::PATH_ADDITIONAL_DATA];
  }
 }

app/code/Magento/BraintreeGraphQl/Plugin/SetVaultPaymentNonce.php

@@ -53,7 +53,9 @@ public function beforeExecute(
  \Magento\Quote\Model\Quote $quote,
  array $paymentData
  ): array {
- if ($paymentData['code'] !== ConfigProvider::CC_VAULT_CODE) {
+ if ($paymentData['code'] !== ConfigProvider::CC_VAULT_CODE
+ || !isset($paymentData[ConfigProvider::CC_VAULT_CODE])
+ ) {
  return [$quote, $paymentData];
  }
 

dev/tests/api-functional/testsuite/Magento/GraphQl/Braintree/Customer/SetPaymentMethodTest.php

@@ -183,6 +183,41 @@ public function testPlaceOrderWithVault()
  $this->assertPlaceOrderResponse($placeOrderResponse, $reservedOrderId);
  }
 
+ /**
+ * @magentoApiDataFixture Magento/Customer/_files/customer.php
+ * @magentoApiDataFixture Magento/GraphQl/Catalog/_files/simple_product.php
+ * @magentoApiDataFixture Magento/GraphQl/Quote/_files/enable_offline_shipping_methods.php
+ * @magentoApiDataFixture Magento/GraphQl/Quote/_files/customer/create_empty_cart.php
+ * @magentoApiDataFixture Magento/GraphQl/Quote/_files/add_simple_product.php
+ * @magentoApiDataFixture Magento/GraphQl/Quote/_files/set_new_shipping_address.php
+ * @magentoApiDataFixture Magento/GraphQl/Quote/_files/set_new_billing_address.php
+ * @magentoApiDataFixture Magento/GraphQl/Quote/_files/set_flatrate_shipping_method.php
+ * @magentoApiDataFixture Magento/GraphQl/Braintree/_files/enable_braintree_payment.php
+ * @dataProvider dataProviderTestSetPaymentMethodInvalidInput
+ * @expectedException \Exception
+ * @param string $methodCode
+ */
+ public function testSetPaymentMethodInvalidInput(string $methodCode)
+ {
+ $reservedOrderId = 'test_quote';
+ $maskedQuoteId = $this->getMaskedQuoteIdByReservedOrderId->execute($reservedOrderId);
+
+ $setPaymentQuery = $this->getSetPaymentBraintreeQueryInvalidInput(
+ $maskedQuoteId,
+ $methodCode
+ );
+ $this->expectExceptionMessage("Required parameter \"$methodCode\" for \"payment_method\" is missing.");
+ $this->graphQlMutation($setPaymentQuery, [], '', $this->getHeaderMap());
+ }
+
+ public function dataProviderTestSetPaymentMethodInvalidInput(): array
+ {
+ return [
+ ['braintree'],
+ ['braintree_cc_vault'],
+ ];
+ }
+
  private function assertPlaceOrderResponse(array $response, string $reservedOrderId): void
  {
  self::assertArrayHasKey('placeOrder', $response);
@@ -260,6 +295,31 @@ private function getSetPaymentBraintreeVaultQuery(
 QUERY;
  }
 
+ /**
+ * @param string $maskedQuoteId
+ * @param string $methodCode
+ * @return string
+ */
+ private function getSetPaymentBraintreeQueryInvalidInput(string $maskedQuoteId, string $methodCode): string
+ {
+ return <<<QUERY
+mutation {
+ setPaymentMethodOnCart(input:{
+ cart_id:"{$maskedQuoteId}"
+ payment_method:{
+ code:"{$methodCode}"
+ }
+ }) {
+ cart {
+ selected_payment_method {
+ code
+ }
+ }
+ }
+}
+QUERY;
+ }
+
  /**
  * @param string $maskedQuoteId
  * @return string

dev/tests/api-functional/testsuite/Magento/GraphQl/Braintree/Guest/SetPaymentMethodTest.php

@@ -68,13 +68,14 @@ protected function setUp()
  * @magentoApiDataFixture Magento/GraphQl/Quote/_files/set_new_billing_address.php
  * @magentoApiDataFixture Magento/GraphQl/Quote/_files/set_flatrate_shipping_method.php
  * @magentoApiDataFixture Magento/GraphQl/Braintree/_files/enable_braintree_payment.php
+ * @dataProvider dataProviderTestPlaceOrder
  */
- public function testPlaceOrder()
+ public function testPlaceOrder(string $nonce)
  {
  $reservedOrderId = 'test_quote';
  $maskedQuoteId = $this->getMaskedQuoteIdByReservedOrderId->execute($reservedOrderId);
 
- $setPaymentQuery = $this->getSetPaymentBraintreeQuery($maskedQuoteId);
+ $setPaymentQuery = $this->getSetPaymentBraintreeQuery($maskedQuoteId, $nonce);
  $setPaymentResponse = $this->graphQlMutation($setPaymentQuery);
 
  $this->assertSetPaymentMethodResponse($setPaymentResponse, 'braintree');
@@ -85,6 +86,41 @@ public function testPlaceOrder()
  $this->assertPlaceOrderResponse($placeOrderResponse, $reservedOrderId);
  }
 
+ /**
+ * Data provider for testPlaceOrder
+ *
+ * @return array
+ */
+ public function dataProviderTestPlaceOrder(): array
+ {
+ return [
+ ['fake-valid-nonce'],
+ ['fake-apple-pay-visa-nonce'],
+ ];
+ }
+
+ /**
+ * @magentoApiDataFixture Magento/GraphQl/Catalog/_files/simple_product.php
+ * @magentoApiDataFixture Magento/GraphQl/Quote/_files/enable_offline_shipping_methods.php
+ * @magentoApiDataFixture Magento/GraphQl/Quote/_files/guest/create_empty_cart.php
+ * @magentoApiDataFixture Magento/GraphQl/Quote/_files/guest/set_guest_email.php
+ * @magentoApiDataFixture Magento/GraphQl/Quote/_files/add_simple_product.php
+ * @magentoApiDataFixture Magento/GraphQl/Quote/_files/set_new_shipping_address.php
+ * @magentoApiDataFixture Magento/GraphQl/Quote/_files/set_new_billing_address.php
+ * @magentoApiDataFixture Magento/GraphQl/Quote/_files/set_flatrate_shipping_method.php
+ * @magentoApiDataFixture Magento/GraphQl/Braintree/_files/enable_braintree_payment.php
+ * @expectedException \Exception
+ */
+ public function testSetPaymentMethodInvalidInput()
+ {
+ $reservedOrderId = 'test_quote';
+ $maskedQuoteId = $this->getMaskedQuoteIdByReservedOrderId->execute($reservedOrderId);
+
+ $setPaymentQuery = $this->getSetPaymentBraintreeQueryInvalidInput($maskedQuoteId);
+ $this->expectExceptionMessage("Required parameter \"braintree\" for \"payment_method\" is missing.");
+ $this->graphQlMutation($setPaymentQuery);
+ }
+
  private function assertPlaceOrderResponse(array $response, string $reservedOrderId): void
  {
  self::assertArrayHasKey('placeOrder', $response);
@@ -106,7 +142,7 @@ private function assertSetPaymentMethodResponse(array $response, string $methodC
  * @param string $maskedQuoteId
  * @return string
  */
- private function getSetPaymentBraintreeQuery(string $maskedQuoteId): string
+ private function getSetPaymentBraintreeQuery(string $maskedQuoteId, string $nonce): string
  {
  return <<<QUERY
 mutation {
@@ -130,6 +166,30 @@ private function getSetPaymentBraintreeQuery(string $maskedQuoteId): string
 QUERY;
  }
 
+ /**
+ * @param string $maskedQuoteId
+ * @return string
+ */
+ private function getSetPaymentBraintreeQueryInvalidInput(string $maskedQuoteId): string
+ {
+ return <<<QUERY
+mutation {
+ setPaymentMethodOnCart(input:{
+ cart_id:"{$maskedQuoteId}"
+ payment_method:{
+ code:"braintree"
+ }
+ }) {
+ cart {
+ selected_payment_method {
+ code
+ }
+ }
+ }
+}
+QUERY;
+ }
+
  /**
  * @param string $maskedQuoteId
  * @return string