ENGCOM-5295: #486 added customer account validation in Quote operations

#714

 - Merge Pull Request magento/graphql-ce#714 from vovsky/graphql-ce:486-add-customer-account-validation-in-quote-operations
 - Merged commits:
   1. f91224e
   2. 65c6327
   3. 0a68474
   4. a8ea439
   5. d983e25
   6. 7fc5494
   7. 0890aa8

app/code/Magento/CustomerGraphQl/Model/Context/AddUserInfoToContext.php

@@ -39,14 +39,27 @@ public function execute(ContextParametersInterface $contextParameters): ContextP
  if (null !== $currentUserId) {
  $currentUserId = (int)$currentUserId;
  }
+ $contextParameters->setUserId($currentUserId);
 
  $currentUserType = $this->userContext->getUserType();
  if (null !== $currentUserType) {
  $currentUserType = (int)$currentUserType;
  }
-
- $contextParameters->setUserId($currentUserId);
  $contextParameters->setUserType($currentUserType);
+
+ $contextParameters->addExtensionAttribute('is_customer', $this->isCustomer($currentUserId, $currentUserType));
  return $contextParameters;
  }
+
+ /**
+ * Checking if current user is logged
+ *
+ * @param int|null $customerId
+ * @param int|null $customerType
+ * @return bool
+ */
+ private function isCustomer(?int $customerId, ?int $customerType): bool
+ {
+ return !empty($customerId) && !empty($customerType) && $customerType !== UserContextInterface::USER_TYPE_GUEST;
+ }
 }

app/code/Magento/CustomerGraphQl/Model/Customer/GetCustomer.php

@@ -7,7 +7,6 @@
 
 namespace Magento\CustomerGraphQl\Model\Customer;
 
-use Magento\Authorization\Model\UserContextInterface;
 use Magento\Customer\Api\AccountManagementInterface;
 use Magento\Customer\Api\CustomerRepositoryInterface;
 use Magento\Customer\Api\Data\CustomerInterface;
@@ -18,7 +17,7 @@
 use Magento\Framework\GraphQl\Exception\GraphQlAuthorizationException;
 use Magento\Framework\GraphQl\Exception\GraphQlInputException;
 use Magento\Framework\GraphQl\Exception\GraphQlNoSuchEntityException;
-use Magento\Framework\GraphQl\Query\Resolver\ContextInterface;
+use Magento\GraphQl\Model\Query\ContextInterface;
 
 /**
  * Get customer
@@ -68,11 +67,6 @@ public function __construct(
  public function execute(ContextInterface $context): CustomerInterface
  {
  $currentUserId = $context->getUserId();
- $currentUserType = $context->getUserType();
-
- if (true === $this->isUserGuest($currentUserId, $currentUserType)) {
- throw new GraphQlAuthorizationException(__('The current customer isn\'t authorized.'));
- }
 
  try {
  $customer = $this->customerRepository->getById($currentUserId);
@@ -100,19 +94,4 @@ public function execute(ContextInterface $context): CustomerInterface
  }
  return $customer;
  }
-
- /**
- * Checking if current customer is guest
- *
- * @param int|null $customerId
- * @param int|null $customerType
- * @return bool
- */
- private function isUserGuest(?int $customerId, ?int $customerType): bool
- {
- if (null === $customerId || null === $customerType) {
- return true;
- }
- return 0 === (int)$customerId || (int)$customerType === UserContextInterface::USER_TYPE_GUEST;
- }
 }

app/code/Magento/CustomerGraphQl/Model/Resolver/ChangePassword.php

@@ -13,9 +13,11 @@
 use Magento\CustomerGraphQl\Model\Customer\GetCustomer;
 use Magento\Framework\Exception\LocalizedException;
 use Magento\Framework\GraphQl\Config\Element\Field;
+use Magento\Framework\GraphQl\Exception\GraphQlAuthorizationException;
 use Magento\Framework\GraphQl\Exception\GraphQlInputException;
 use Magento\Framework\GraphQl\Query\ResolverInterface;
 use Magento\Framework\GraphQl\Schema\Type\ResolveInfo;
+use Magento\GraphQl\Model\Query\ContextInterface;
 
 /**
  * Change customer password resolver
@@ -70,6 +72,11 @@ public function resolve(
  array $value = null,
  array $args = null
  ) {
+ /** @var ContextInterface $context */
+ if (false === $context->getExtensionAttributes()->getIsCustomer()) {
+ throw new GraphQlAuthorizationException(__('The current customer isn\'t authorized.'));
+ }
+
  if (!isset($args['currentPassword']) || '' == trim($args['currentPassword'])) {
  throw new GraphQlInputException(__('Specify the "currentPassword" value.'));
  }
@@ -78,16 +85,16 @@ public function resolve(
  throw new GraphQlInputException(__('Specify the "newPassword" value.'));
  }
 
- $customer = $this->getCustomer->execute($context);
- $customerId = (int)$customer->getId();
-
+ $customerId = $context->getUserId();
  $this->checkCustomerPassword->execute($args['currentPassword'], $customerId);
 
  try {
  $this->accountManagement->changePasswordById($customerId, $args['currentPassword'], $args['newPassword']);
  } catch (LocalizedException $e) {
  throw new GraphQlInputException(__($e->getMessage()), $e);
  }
+
+ $customer = $this->getCustomer->execute($context);
  return $this->extractCustomerData->execute($customer);
  }
 }

app/code/Magento/CustomerGraphQl/Model/Resolver/CreateCustomerAddress.php

@@ -9,22 +9,18 @@
 
 use Magento\CustomerGraphQl\Model\Customer\Address\CreateCustomerAddress as CreateCustomerAddressModel;
 use Magento\CustomerGraphQl\Model\Customer\Address\ExtractCustomerAddressData;
-use Magento\CustomerGraphQl\Model\Customer\GetCustomer;
+use Magento\Framework\GraphQl\Exception\GraphQlAuthorizationException;
 use Magento\Framework\GraphQl\Exception\GraphQlInputException;
 use Magento\Framework\GraphQl\Schema\Type\ResolveInfo;
 use Magento\Framework\GraphQl\Config\Element\Field;
 use Magento\Framework\GraphQl\Query\ResolverInterface;
+use Magento\GraphQl\Model\Query\ContextInterface;
 
 /**
  * Customers address create, used for GraphQL request processing
  */
 class CreateCustomerAddress implements ResolverInterface
 {
- /**
- * @var GetCustomer
- */
- private $getCustomer;
-
  /**
  * @var CreateCustomerAddressModel
  */
@@ -36,16 +32,13 @@ class CreateCustomerAddress implements ResolverInterface
  private $extractCustomerAddressData;
 
  /**
- * @param GetCustomer $getCustomer
  * @param CreateCustomerAddressModel $createCustomerAddress
  * @param ExtractCustomerAddressData $extractCustomerAddressData
  */
  public function __construct(
- GetCustomer $getCustomer,
  CreateCustomerAddressModel $createCustomerAddress,
  ExtractCustomerAddressData $extractCustomerAddressData
  ) {
- $this->getCustomer = $getCustomer;
  $this->createCustomerAddress = $createCustomerAddress;
  $this->extractCustomerAddressData = $extractCustomerAddressData;
  }
@@ -60,13 +53,16 @@ public function resolve(
  array $value = null,
  array $args = null
  ) {
+ /** @var ContextInterface $context */
+ if (false === $context->getExtensionAttributes()->getIsCustomer()) {
+ throw new GraphQlAuthorizationException(__('The current customer isn\'t authorized.'));
+ }
+
  if (!isset($args['input']) || !is_array($args['input']) || empty($args['input'])) {
  throw new GraphQlInputException(__('"input" value should be specified'));
  }
 
- $customer = $this->getCustomer->execute($context);
-
- $address = $this->createCustomerAddress->execute((int)$customer->getId(), $args['input']);
+ $address = $this->createCustomerAddress->execute($context->getUserId(), $args['input']);
  return $this->extractCustomerAddressData->execute($address);
  }
 }

app/code/Magento/CustomerGraphQl/Model/Resolver/Customer.php

@@ -8,10 +8,12 @@
 namespace Magento\CustomerGraphQl\Model\Resolver;
 
 use Magento\CustomerGraphQl\Model\Customer\GetCustomer;
+use Magento\Framework\GraphQl\Exception\GraphQlAuthorizationException;
 use Magento\Framework\GraphQl\Schema\Type\ResolveInfo;
 use Magento\CustomerGraphQl\Model\Customer\ExtractCustomerData;
 use Magento\Framework\GraphQl\Config\Element\Field;
 use Magento\Framework\GraphQl\Query\ResolverInterface;
+use Magento\GraphQl\Model\Query\ContextInterface;
 
 /**
  * Customers field resolver, used for GraphQL request processing.
@@ -50,8 +52,12 @@ public function resolve(
  array $value = null,
  array $args = null
  ) {
- $customer = $this->getCustomer->execute($context);
+ /** @var ContextInterface $context */
+ if (false === $context->getExtensionAttributes()->getIsCustomer()) {
+ throw new GraphQlAuthorizationException(__('The current customer isn\'t authorized.'));
+ }
 
+ $customer = $this->getCustomer->execute($context);
  return $this->extractCustomerData->execute($customer);
  }
 }

app/code/Magento/CustomerGraphQl/Model/Resolver/CustomerAddresses.php

@@ -8,7 +8,6 @@
 namespace Magento\CustomerGraphQl\Model\Resolver;
 
 use Magento\Customer\Model\Customer;
-use Magento\CustomerGraphQl\Model\Customer\GetCustomer;
 use Magento\Framework\Exception\LocalizedException;
 use Magento\Framework\GraphQl\Schema\Type\ResolveInfo;
 use Magento\Framework\GraphQl\Config\Element\Field;
@@ -20,25 +19,17 @@
  */
 class CustomerAddresses implements ResolverInterface
 {
- /**
- * @var GetCustomer
- */
- private $getCustomer;
-
  /**
  * @var ExtractCustomerAddressData
  */
  private $extractCustomerAddressData;
 
  /**
- * @param GetCustomer $getCustomer
  * @param ExtractCustomerAddressData $extractCustomerAddressData
  */
  public function __construct(
- GetCustomer $getCustomer,
  ExtractCustomerAddressData $extractCustomerAddressData
  ) {
- $this->getCustomer = $getCustomer;
  $this->extractCustomerAddressData = $extractCustomerAddressData;
  }
 

app/code/Magento/CustomerGraphQl/Model/Resolver/DeleteCustomerAddress.php

@@ -9,22 +9,18 @@
 
 use Magento\CustomerGraphQl\Model\Customer\Address\DeleteCustomerAddress as DeleteCustomerAddressModel;
 use Magento\CustomerGraphQl\Model\Customer\Address\GetCustomerAddress;
-use Magento\CustomerGraphQl\Model\Customer\GetCustomer;
+use Magento\Framework\GraphQl\Exception\GraphQlAuthorizationException;
 use Magento\Framework\GraphQl\Exception\GraphQlInputException;
 use Magento\Framework\GraphQl\Schema\Type\ResolveInfo;
 use Magento\Framework\GraphQl\Config\Element\Field;
 use Magento\Framework\GraphQl\Query\ResolverInterface;
+use Magento\GraphQl\Model\Query\ContextInterface;
 
 /**
  * Customers address delete, used for GraphQL request processing.
  */
 class DeleteCustomerAddress implements ResolverInterface
 {
- /**
- * @var GetCustomer
- */
- private $getCustomer;
-
  /**
  * @var GetCustomerAddress
  */
@@ -36,16 +32,13 @@ class DeleteCustomerAddress implements ResolverInterface
  private $deleteCustomerAddress;
 
  /**
- * @param GetCustomer $getCustomer
  * @param GetCustomerAddress $getCustomerAddress
  * @param DeleteCustomerAddressModel $deleteCustomerAddress
  */
  public function __construct(
- GetCustomer $getCustomer,
  GetCustomerAddress $getCustomerAddress,
  DeleteCustomerAddressModel $deleteCustomerAddress
  ) {
- $this->getCustomer = $getCustomer;
  $this->getCustomerAddress = $getCustomerAddress;
  $this->deleteCustomerAddress = $deleteCustomerAddress;
  }
@@ -60,13 +53,16 @@ public function resolve(
  array $value = null,
  array $args = null
  ) {
+ /** @var ContextInterface $context */
+ if (false === $context->getExtensionAttributes()->getIsCustomer()) {
+ throw new GraphQlAuthorizationException(__('The current customer isn\'t authorized.'));
+ }
+
  if (!isset($args['id']) || empty($args['id'])) {
  throw new GraphQlInputException(__('Address "id" value should be specified'));
  }
 
- $customer = $this->getCustomer->execute($context);
- $address = $this->getCustomerAddress->execute((int)$args['id'], (int)$customer->getId());
-
+ $address = $this->getCustomerAddress->execute((int)$args['id'], $context->getUserId());
  $this->deleteCustomerAddress->execute($address);
  return true;
  }

app/code/Magento/CustomerGraphQl/Model/Resolver/RevokeCustomerToken.php

@@ -7,36 +7,29 @@
 
 namespace Magento\CustomerGraphQl\Model\Resolver;
 
-use Magento\CustomerGraphQl\Model\Customer\GetCustomer;
 use Magento\Framework\GraphQl\Config\Element\Field;
+use Magento\Framework\GraphQl\Exception\GraphQlAuthorizationException;
 use Magento\Framework\GraphQl\Query\ResolverInterface;
 use Magento\Framework\GraphQl\Schema\Type\ResolveInfo;
+use Magento\GraphQl\Model\Query\ContextInterface;
 use Magento\Integration\Api\CustomerTokenServiceInterface;
 
 /**
  * Customers Revoke Token resolver, used for GraphQL request processing.
  */
 class RevokeCustomerToken implements ResolverInterface
 {
- /**
- * @var GetCustomer
- */
- private $getCustomer;
-
  /**
  * @var CustomerTokenServiceInterface
  */
  private $customerTokenService;
 
  /**
- * @param GetCustomer $getCustomer
  * @param CustomerTokenServiceInterface $customerTokenService
  */
  public function __construct(
- GetCustomer $getCustomer,
  CustomerTokenServiceInterface $customerTokenService
  ) {
- $this->getCustomer = $getCustomer;
  $this->customerTokenService = $customerTokenService;
  }
 
@@ -50,8 +43,11 @@ public function resolve(
  array $value = null,
  array $args = null
  ) {
- $customer = $this->getCustomer->execute($context);
+ /** @var ContextInterface $context */
+ if (false === $context->getExtensionAttributes()->getIsCustomer()) {
+ throw new GraphQlAuthorizationException(__('The current customer isn\'t authorized.'));
+ }
 
- return ['result' => $this->customerTokenService->revokeCustomerAccessToken((int)$customer->getId())];
+ return ['result' => $this->customerTokenService->revokeCustomerAccessToken($context->getUserId())];
  }
 }

app/code/Magento/CustomerGraphQl/Model/Resolver/UpdateCustomer.php

@@ -9,11 +9,13 @@
 
 use Magento\CustomerGraphQl\Model\Customer\GetCustomer;
 use Magento\CustomerGraphQl\Model\Customer\UpdateCustomerAccount;
+use Magento\Framework\GraphQl\Exception\GraphQlAuthorizationException;
 use Magento\Framework\GraphQl\Exception\GraphQlInputException;
 use Magento\Framework\GraphQl\Schema\Type\ResolveInfo;
 use Magento\CustomerGraphQl\Model\Customer\ExtractCustomerData;
 use Magento\Framework\GraphQl\Config\Element\Field;
 use Magento\Framework\GraphQl\Query\ResolverInterface;
+use Magento\GraphQl\Model\Query\ContextInterface;
 
 /**
  * Update customer data resolver
@@ -60,6 +62,11 @@ public function resolve(
  array $value = null,
  array $args = null
  ) {
+ /** @var ContextInterface $context */
+ if (false === $context->getExtensionAttributes()->getIsCustomer()) {
+ throw new GraphQlAuthorizationException(__('The current customer isn\'t authorized.'));
+ }
+
  if (!isset($args['input']) || !is_array($args['input']) || empty($args['input'])) {
  throw new GraphQlInputException(__('"input" value should be specified'));
  }