From b98b04ceff5c793b5fa62b75092005070225bf4c Mon Sep 17 00:00:00 2001
From: Dmytro Vilchynskyi <dvilchynskyi@magento.com>
Date: Fri, 2 Dec 2016 19:09:59 +0200
Subject: [PATCH] MAGETWO-60185: Remove distinction in http/https for
requirejs-config.js
- test logic automation.
---
.../Magento/Mtf/Util/Command/Cli/Cache.php | 9 +-
.../Mtf/Util/Command/Cli/StaticContent.php | 30 ++++
.../Constraint/AssertHttpUsedOnFrontend.php | 109 ++++++++++++
.../Constraint/AssertHttpsUsedOnBackend.php | 138 +++++++++++++++
.../Backend/Test/Repository/ConfigData.xml | 20 ++-
.../Test/TestCase/ConfigureSecureUrlsTest.php | 157 ++++++++++++++++++
.../Test/TestCase/ConfigureSecureUrlsTest.xml | 16 ++
7 files changed, 475 insertions(+), 4 deletions(-)
create mode 100644 dev/tests/functional/lib/Magento/Mtf/Util/Command/Cli/StaticContent.php
create mode 100644 dev/tests/functional/tests/app/Magento/Backend/Test/Constraint/AssertHttpUsedOnFrontend.php
create mode 100644 dev/tests/functional/tests/app/Magento/Backend/Test/Constraint/AssertHttpsUsedOnBackend.php
create mode 100644 dev/tests/functional/tests/app/Magento/Backend/Test/TestCase/ConfigureSecureUrlsTest.php
create mode 100644 dev/tests/functional/tests/app/Magento/Backend/Test/TestCase/ConfigureSecureUrlsTest.xml
diff --git a/dev/tests/functional/lib/Magento/Mtf/Util/Command/Cli/Cache.php b/dev/tests/functional/lib/Magento/Mtf/Util/Command/Cli/Cache.php
index 425abfd8559..97045e88214 100644
--- a/dev/tests/functional/lib/Magento/Mtf/Util/Command/Cli/Cache.php
+++ b/dev/tests/functional/lib/Magento/Mtf/Util/Command/Cli/Cache.php
@@ -29,13 +29,16 @@ class Cache extends Cli
const PARAM_CACHE_ENABLE = 'cache:enable';
/**
- * Flush cache.
+ * Flush Cache.
+ * If no parameters are set, all cache types are flushed.
*
+ * @param array $cacheTypes
* @return void
*/
- public function flush()
+ public function flush(array $cacheTypes = [])
{
- parent::execute(Cache::PARAM_CACHE_FLUSH);
+ $options = empty($cacheTypes) ? '' : ' ' . implode(' ', $cacheTypes);
+ parent::execute(Cache::PARAM_CACHE_FLUSH . $options);
}
/**
diff --git a/dev/tests/functional/lib/Magento/Mtf/Util/Command/Cli/StaticContent.php b/dev/tests/functional/lib/Magento/Mtf/Util/Command/Cli/StaticContent.php
new file mode 100644
index 00000000000..9a430aad35d
--- /dev/null
+++ b/dev/tests/functional/lib/Magento/Mtf/Util/Command/Cli/StaticContent.php
@@ -0,0 +1,30 @@
+<?php
+/**
+ * Copyright © 2016 Magento. All rights reserved.
+ * See COPYING.txt for license details.
+ */
+
+namespace Magento\Mtf\Util\Command\Cli;
+
+use Magento\Mtf\Util\Command\Cli;
+
+/**
+ * Merchant Developer deploys static view files during test executions so that Storefront UI updates are applied.
+ */
+class StaticContent extends Cli
+{
+ /**
+ * Parameter for deploy static view files.
+ */
+ const PARAM_SETUP_STATIC_CONTENT_DEPLOY = 'setup:static-content:deploy';
+
+ /**
+ * Deploy static view files.
+ *
+ * @return void
+ */
+ public function deploy()
+ {
+ parent::execute(StaticContent::PARAM_SETUP_STATIC_CONTENT_DEPLOY);
+ }
+}
diff --git a/dev/tests/functional/tests/app/Magento/Backend/Test/Constraint/AssertHttpUsedOnFrontend.php b/dev/tests/functional/tests/app/Magento/Backend/Test/Constraint/AssertHttpUsedOnFrontend.php
new file mode 100644
index 00000000000..e2100af13b7
--- /dev/null
+++ b/dev/tests/functional/tests/app/Magento/Backend/Test/Constraint/AssertHttpUsedOnFrontend.php
@@ -0,0 +1,109 @@
+<?php
+/**
+ * Copyright © 2016 Magento. All rights reserved.
+ * See COPYING.txt for license details.
+ */
+
+namespace Magento\Backend\Test\Constraint;
+
+use Magento\Mtf\ObjectManager;
+use Magento\Mtf\System\Event\EventManagerInterface;
+use Magento\Mtf\Constraint\AbstractConstraint;
+use Magento\Mtf\Client\BrowserInterface;
+use Magento\Customer\Test\Fixture\Customer;
+use Magento\Customer\Test\TestStep\LoginCustomerOnFrontendStep as LogInCustomerOnStorefront;
+use Magento\Customer\Test\TestStep\LogoutCustomerOnFrontendStep as LogOutCustomerOnStorefront;
+
+/**
+ * Assert that http is used all over the Storefront.
+ * It would be great to assert somehow that browser console does not contain JS-related errors as well.
+ */
+class AssertHttpUsedOnFrontend extends AbstractConstraint
+{
+ /**
+ * Unsecured protocol format.
+ *
+ * @var string
+ */
+ private $unsecuredProtocol = 'http://';
+
+ /**
+ * Browser interface.
+ *
+ * @var BrowserInterface
+ */
+ protected $browser;
+
+ /**
+ * Customer account.
+ *
+ * @var Customer
+ */
+ protected $customer;
+
+ /**
+ * Prepare data for further validations execution.
+ *
+ * @param ObjectManager $objectManager
+ * @param EventManagerInterface $eventManager
+ * @param BrowserInterface $browser
+ * @param Customer $customer
+ * @param string $severity
+ * @param bool $active
+ */
+ public function __construct(
+ ObjectManager $objectManager,
+ EventManagerInterface $eventManager,
+ BrowserInterface $browser,
+ Customer $customer,
+ $severity = 'low',
+ $active = true
+ ) {
+ parent::__construct($objectManager, $eventManager, $severity, $active);
+ $this->browser = $browser;
+ $this->customer = $customer;
+
+ $this->customer->persist();
+ }
+
+ /**
+ * Validations execution.
+ *
+ * @return void
+ */
+ public function processAssert()
+ {
+ // Log in to Customer Account on Storefront to assert that http is used indeed.
+ $this->objectManager->create(LogInCustomerOnStorefront::class, ['customer' => $this->customer])->run();
+ $this->assertUsedProtocol($this->unsecuredProtocol);
+
+ // Log out from Customer Account on Storefront to assert that JS is deployed validly as a part of statics.
+ $this->objectManager->create(LogOutCustomerOnStorefront::class)->run();
+ $this->assertUsedProtocol($this->unsecuredProtocol);
+ }
+
+ /**
+ * Assert that specified protocol is used on current page.
+ *
+ * @param string $expectedProtocol
+ * @return void
+ */
+ protected function assertUsedProtocol($expectedProtocol)
+ {
+ \PHPUnit_Framework_Assert::assertStringStartsWith(
+ $expectedProtocol,
+ $this->browser->getUrl(),
+ "$expectedProtocol is not used."
+ );
+ }
+
+ /**
+ * Returns a string representation of the object.
+ *
+ * @return string
+ */
+ public function toString()
+ {
+ return 'Unsecured URLs are used for Storefront pages.';
+ }
+}
diff --git a/dev/tests/functional/tests/app/Magento/Backend/Test/Constraint/AssertHttpsUsedOnBackend.php b/dev/tests/functional/tests/app/Magento/Backend/Test/Constraint/AssertHttpsUsedOnBackend.php
new file mode 100644
index 00000000000..b02652c54b7
--- /dev/null
+++ b/dev/tests/functional/tests/app/Magento/Backend/Test/Constraint/AssertHttpsUsedOnBackend.php
@@ -0,0 +1,138 @@
+<?php
+/**
+ * Copyright © 2016 Magento. All rights reserved.
+ * See COPYING.txt for license details.
+ */
+
+namespace Magento\Backend\Test\Constraint;
+
+use Magento\Mtf\ObjectManager;
+use Magento\Mtf\System\Event\EventManagerInterface;
+use Magento\Mtf\Constraint\AbstractConstraint;
+use Magento\Mtf\Client\BrowserInterface;
+use Magento\Backend\Test\Page\Adminhtml\Dashboard;
+
+/**
+ * Assert that https protocol is used all over the Admin panel
+ * It would be great if several different pages to validate are selected randomly in order to increase the coverage.
+ * It would be great to assert somehow that browser console does not contain JS-related errors as well.
+ */
+class AssertHttpsUsedOnBackend extends AbstractConstraint
+{
+ /**
+ * Secured protocol format.
+ *
+ * @var string
+ */
+ private $securedProtocol = 'https://';
+
+ /**
+ * Unsecured protocol format.
+ *
+ * @var string
+ */
+ private $unsecuredProtocol = 'http://';
+
+ /**
+ * Browser interface.
+ *
+ * @var BrowserInterface
+ */
+ protected $browser;
+
+ /**
+ * "Dashboard" page in Admin panel.
+ *
+ * @var Dashboard
+ */
+ protected $adminDashboardPage;
+
+ /**
+ * The list of Navigation Menu paths for Admin pages to verify.
+ *
+ * @var array
+ */
+ protected $pagesPaths;
+
+ /**
+ * Prepare data for further validations execution.
+ *
+ * @param ObjectManager $objectManager
+ * @param EventManagerInterface $eventManager
+ * @param BrowserInterface $browser
+ * @param Dashboard $adminDashboardPage
+ * @param string $severity
+ * @param bool $active
+ */
+ public function __construct(
+ ObjectManager $objectManager,
+ EventManagerInterface $eventManager,
+ BrowserInterface $browser,
+ Dashboard $adminDashboardPage,
+ $severity = 'low',
+ $active = true
+ ) {
+ parent::__construct($objectManager, $eventManager, $severity, $active);
+ $this->browser = $browser;
+ $this->adminDashboardPage = $adminDashboardPage;
+ $this->pagesPaths = ['Products>Catalog', 'Marketing>Catalog Price Rule'];
+ }
+
+ /**
+ * Validations execution.
+ *
+ * @return void
+ */
+ public function processAssert()
+ {
+ // Open specified Admin pages using Navigation Menu to assert that JS is deployed validly as a part of statics.
+ foreach ($this->pagesPaths as $pagePath) {
+ $this->adminDashboardPage->open()->getMenuBlock()->navigate($pagePath);
+ $this->assertUsedProtocol($this->securedProtocol);
+ $this->assertDirectHttpUnavailable();
+ }
+ }
+
+ /**
+ * Assert that specified protocol is used on current page.
+ *
+ * @param string $expectedProtocol
+ * @return void
+ */
+ protected function assertUsedProtocol($expectedProtocol)
+ {
+ \PHPUnit_Framework_Assert::assertStringStartsWith(
+ $expectedProtocol,
+ $this->browser->getUrl(),
+ "$expectedProtocol is not used."
+ );
+ }
+
+ /**
+ *
+ * Assert that Merchant is redirected to https if trying to access the page directly via http.
+ *
+ * @return void
+ */
+ protected function assertDirectHttpUnavailable()
+ {
+ $fakeUrl = str_replace($this->securedProtocol, $this->unsecuredProtocol, $this->browser->getUrl());
+ $this->browser->open($fakeUrl);
+ \PHPUnit_Framework_Assert::assertStringStartsWith(
+ $this->securedProtocol,
+ $this->browser->getUrl(),
+ 'Merchant is not redirected to https if tries to access the Admin panel page directly via http.'
+ );
+
+ }
+
+ /**
+ * Returns a string representation of the object.
+ *
+ * @return string
+ */
+ public function toString()
+ {
+ return 'Unsecured URLs are used for Storefront pages.';
+ }
+}
diff --git a/dev/tests/functional/tests/app/Magento/Backend/Test/Repository/ConfigData.xml b/dev/tests/functional/tests/app/Magento/Backend/Test/Repository/ConfigData.xml
index a341341cf7c..96e5399052e 100644
--- a/dev/tests/functional/tests/app/Magento/Backend/Test/Repository/ConfigData.xml
+++ b/dev/tests/functional/tests/app/Magento/Backend/Test/Repository/ConfigData.xml
@@ -5,7 +5,8 @@
* See COPYING.txt for license details.
*/
-->
-<config xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="../../../../../../vendor/magento/mtf/Magento/Mtf/Repository/etc/repository.xsd">
+<config xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:noNamespaceSchemaLocation="../../../../../../vendor/magento/mtf/Magento/Mtf/Repository/etc/repository.xsd">
<repository class="Magento\Config\Test\Repository\ConfigData">
<dataset name="store_information_US">
<field name="general/store_information/name" xsi:type="array">
@@ -156,12 +157,14 @@
<item name="scope_id" xsi:type="number">0</item>
<item name="label" xsi:type="string">Yes</item>
<item name="value" xsi:type="number">1</item>
+ <item name="inherit" xsi:type="number">1</item>
</field>
<field name="web/secure/use_in_adminhtml" xsi:type="array">
<item name="scope" xsi:type="string">default</item>
<item name="scope_id" xsi:type="number">0</item>
<item name="label" xsi:type="string">Yes</item>
<item name="value" xsi:type="number">1</item>
+ <item name="inherit" xsi:type="number">1</item>
</field>
</dataset>
<dataset name="enable_hsts">
@@ -195,6 +198,21 @@
</field>
</dataset>
+ <dataset name="disable_https_frontend_admin">
+ <field name="web/secure/use_in_frontend" xsi:type="array">
+ <item name="scope" xsi:type="string">default</item>
+ <item name="scope_id" xsi:type="number">0</item>
+ <item name="label" xsi:type="string">No</item>
+ <item name="value" xsi:type="number">0</item>
+ </field>
+ <field name="web/secure/use_in_adminhtml" xsi:type="array">
+ <item name="scope" xsi:type="string">default</item>
+ <item name="scope_id" xsi:type="number">0</item>
+ <item name="label" xsi:type="string">No</item>
+ <item name="value" xsi:type="number">0</item>
+ </field>
+ </dataset>
+
<dataset name="custom_allowed_country">
<field name="general/country/allow" xsi:type="array">
<item name="scope" xsi:type="string">default</item>
diff --git a/dev/tests/functional/tests/app/Magento/Backend/Test/TestCase/ConfigureSecureUrlsTest.php b/dev/tests/functional/tests/app/Magento/Backend/Test/TestCase/ConfigureSecureUrlsTest.php
new file mode 100644
index 00000000000..5d9885995ee
--- /dev/null
+++ b/dev/tests/functional/tests/app/Magento/Backend/Test/TestCase/ConfigureSecureUrlsTest.php
@@ -0,0 +1,157 @@
+<?php
+/**
+ * Copyright © 2016 Magento. All rights reserved.
+ * See COPYING.txt for license details.
+ */
+
+namespace Magento\Backend\Test\TestCase;
+
+use Magento\Mtf\TestCase\Injectable;
+use Magento\Mtf\Fixture\FixtureFactory;
+use Magento\Backend\Test\Page\Adminhtml\SystemConfigEdit;
+use Magento\Mtf\Util\Command\Cli\Cache;
+use Magento\Mtf\Util\Command\Cli\StaticContent;
+
+/**
+ * Verify that Merchant can configure secure URLs for Storefront and/or Admin panel in order to improve Store security.
+ *
+ * Preconditions:
+ * # SSL on server is configured.
+ * # Secure URLs are disabled for Storefront & Admin (out-of-the-box Magento state).
+ *
+ * Steps:
+ * # Log in to Admin panel.
+ * # Go to "Stores > Configuration" page.
+ * # Select needed scope.
+ * # Go to "General > Web > Base URLs (Secure)" section.
+ * # Specify Base URL with Secure protocol in the same format as a Secure Base URL.
+ * (i) Make sure that Secure Base URL ends with a "/".
+ * # Enable Secure URLs for Storefront if there is a need.
+ * # Enable Secure URLs for Admin if there is a need.
+ * # Save the Config & refresh invalidated caches (Configuration, Page Cache).
+ * # Deploy static view files.
+ *
+ * # If Secure URLs for Storefront were enabled:
+ * # Assert that https is used all over the Storefront.
+ * # Assert that static content is deployed validly (ex: JS functionality works on Storefront).
+ * # Assert that Customer is redirected to https if trying to access the page directly via http.
+ * # If secure URLs for Storefront were disabled:
+ * # Assert that http is used all over the Storefront.
+ * # Assert that static content is deployed validly (ex: JS functionality works on Storefront).
+ *
+ * # If secure URLs for Admin were enabled:
+ * # Assert that https is used all over the Admin panel.
+ * # Assert that static content is deployed validly (ex: JS functionality works in Admin panel).
+ * # Assert that Merchant is redirected to https if trying to access the page directly via http.
+ * # If secure URLs for Admin were disabled:
+ * # Assert that http is used all over the Admin panel.
+ * # Assert that static content is deployed validly (ex: JS functionality works in Admin panel).
+ * # Assert that Merchant is redirected to http if trying to access the page directly via https.
+ *
+ * Postconditions:
+ * # Turn the Secure URLs usage off (with further cache refreshing & static content deploying).
+ *
+ * @ZephyrId MAGETWO-35408
+ */
+class ConfigureSecureUrlsTest extends Injectable
+{
+ /* tags */
+ const MVP = 'no';
+ const SEVERITY = 'S1';
+ /* end tags */
+
+ /**
+ * Fixture factory.
+ *
+ * @var FixtureFactory
+ */
+ protected $fixtureFactory;
+
+ /**
+ * "Configuration" page in Admin panel.
+ *
+ * @var SystemConfigEdit
+ */
+ protected $configurationAdminPage;
+
+ /**
+ * Cache CLI.
+ *
+ * @var Cache
+ */
+ protected $cache;
+
+ /**
+ * Static content CLI.
+ *
+ * @var StaticContent
+ */
+ protected $staticContent;
+
+ /**
+ * Prepare data for further test execution.
+ *
+ * @param FixtureFactory $fixtureFactory
+ * @param SystemConfigEdit $configurationAdminPage
+ * @param Cache $cache
+ * @param StaticContent $staticContent
+ * @return void
+ */
+ public function __inject(
+ FixtureFactory $fixtureFactory,
+ SystemConfigEdit $configurationAdminPage,
+ Cache $cache,
+ StaticContent $staticContent
+ ) {
+ $this->fixtureFactory = $fixtureFactory;
+ $this->configurationAdminPage = $configurationAdminPage;
+ $this->cache = $cache;
+ $this->staticContent = $staticContent;
+ }
+
+ /**
+ * Test execution.
+ *
+ * @param $configData
+ * @return $this
+ */
+ public function test($configData)
+ {
+ $data = [
+ 'web/secure/base_url' => [
+ 'scope' => 'default',
+ 'scope_id' => 0,
+ 'value' => str_replace(['http', 'index.php/'], ['https', ''], $_ENV['app_frontend_url'])
+ ]
+ ];
+ $config = $this->fixtureFactory->createByCode('configData', ['dataset' => $configData, 'data' => $data]);
+ $config->persist();
+
+ // Workaround until MTA-3879 is delivered.
+ $this->configurationAdminPage->open();
+ $this->configurationAdminPage->getForm()
+ ->getGroup('web', 'secure')
+ ->setValue('web', 'secure', 'use_in_adminhtml', 'Yes');
+ $this->configurationAdminPage->getPageActions()->save();
+ $_ENV['app_backend_url'] = str_replace('http', 'https', $_ENV['app_backend_url']);
+
+ $this->cache->flush(['config', 'full_page']);
+ $this->staticContent->deploy();
+ }
+
+ /**
+ * Revert all applied high-level changes.
+ *
+ * @return void
+ */
+ public function tearDown()
+ {
+ $this->configurationAdminPage->open();
+ $this->configurationAdminPage->getForm()
+ ->getGroup('web', 'secure')
+ ->setValue('web', 'secure', 'use_in_adminhtml', 'No');
+ $this->configurationAdminPage->getPageActions()->save();
+ $this->cache->flush(['config', 'full_page']);
+ $this->staticContent->deploy();
+ }
+}
diff --git a/dev/tests/functional/tests/app/Magento/Backend/Test/TestCase/ConfigureSecureUrlsTest.xml b/dev/tests/functional/tests/app/Magento/Backend/Test/TestCase/ConfigureSecureUrlsTest.xml
new file mode 100644
index 00000000000..c35b69e86e6
--- /dev/null
+++ b/dev/tests/functional/tests/app/Magento/Backend/Test/TestCase/ConfigureSecureUrlsTest.xml
@@ -0,0 +1,16 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+/**
+ * Copyright © 2016 Magento. All rights reserved.
+ * See COPYING.txt for license details.
+ */
+ -->
+<config xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="../../../../../../vendor/magento/mtf/etc/variations.xsd">
+ <testCase name="Magento\Backend\Test\TestCase\EnableSecureUrlsTest" summary="Configure secure URLs" ticketId="MAGETWO-35408">
+ <variation name="http for Storefront, https for Admin" summary="http for Storefront, https for Admin" ticketId="MAGETWO-35408">
+ <data name="configData" xsi:type="string">disable_https_frontend_admin</data>
+ <constraint name="Magento\Backend\Test\Constraint\AssertHttpUsedOnFrontend"/>
+ <constraint name="Magento\Backend\Test\Constraint\AssertHttpsUsedOnBackend"/>
+ </variation>
+ </testCase>
+</config>
--
GitLab