From e7708581371ea4b41376774dec803d20d653365b Mon Sep 17 00:00:00 2001
From: Valerii Naida <vnayda@adobe.com>
Date: Mon, 6 Apr 2020 23:33:53 -0500
Subject: [PATCH] security-package/issues/113: Cover ReCaptchaReview module
 with integration tests

---
 .../Test/Integration/NewsletterFormTest.php   |   2 +-
 .../Test/Integration/ReviewFormTest.php       | 275 ++++++++++++++++++
 .../Test/Integration/SendFriendFormTest.php   |   5 +-
 3 files changed, 279 insertions(+), 3 deletions(-)
 create mode 100644 ReCaptchaReview/Test/Integration/ReviewFormTest.php

diff --git a/ReCaptchaNewsletter/Test/Integration/NewsletterFormTest.php b/ReCaptchaNewsletter/Test/Integration/NewsletterFormTest.php
index 8779f38d..1a56fe0d 100644
--- a/ReCaptchaNewsletter/Test/Integration/NewsletterFormTest.php
+++ b/ReCaptchaNewsletter/Test/Integration/NewsletterFormTest.php
@@ -233,7 +233,7 @@ private function checkPostResponse(bool $isSuccessfulRequest, array $postValues
             self::assertEmpty($this->getSessionMessages(MessageInterface::TYPE_ERROR));
         } else {
             $this->assertSessionMessages(
-                $this->equalTo(['reCAPTCHA verification failed']),
+                self::equalTo(['reCAPTCHA verification failed']),
                 MessageInterface::TYPE_ERROR
             );
         }
diff --git a/ReCaptchaReview/Test/Integration/ReviewFormTest.php b/ReCaptchaReview/Test/Integration/ReviewFormTest.php
new file mode 100644
index 00000000..0df69b12
--- /dev/null
+++ b/ReCaptchaReview/Test/Integration/ReviewFormTest.php
@@ -0,0 +1,275 @@
+<?php
+/**
+ * Copyright © Magento, Inc. All rights reserved.
+ * See COPYING.txt for license details.
+ */
+declare(strict_types=1);
+
+namespace Magento\ReCaptchaReview\Test\Integration;
+
+use Magento\Framework\App\Request\Http;
+use Magento\Framework\App\Response\RedirectInterface;
+use Magento\Framework\Data\Form\FormKey;
+use Magento\Framework\Exception\InputException;
+use Magento\Framework\Message\MessageInterface;
+use Magento\Framework\Validation\ValidationResult;
+use Magento\ReCaptchaUi\Model\CaptchaResponseResolverInterface;
+use Magento\ReCaptchaValidation\Model\Validator;
+use Magento\Review\Model\ResourceModel\Review as ReviewResourceModel;
+use Magento\Store\Model\ScopeInterface;
+use Magento\TestFramework\App\MutableScopeConfig;
+use Magento\TestFramework\TestCase\AbstractController;
+use PHPUnit\Framework\MockObject\MockObject;
+
+/**
+ * @magentoDataFixture Magento/Catalog/_files/product_simple.php
+ * @magentoAppArea frontend
+ * @magentoAppIsolation enabled
+ */
+class ReviewFormTest extends AbstractController
+{
+    /**
+     * @var MutableScopeConfig
+     */
+    private $mutableScopeConfig;
+
+    /**
+     * @var FormKey
+     */
+    private $formKey;
+
+    /**
+     * @var
+     */
+    private $reviewResourceModel;
+
+    /**
+     * @var ValidationResult|MockObject
+     */
+    private $captchaValidationResultMock;
+
+    /**
+     * @inheritDoc
+     */
+    protected function setUp()
+    {
+        parent::setUp();
+        $this->mutableScopeConfig = $this->_objectManager->get(MutableScopeConfig::class);
+        $this->formKey = $this->_objectManager->get(FormKey::class);
+        $this->reviewResourceModel = $this->_objectManager->get(ReviewResourceModel::class);
+
+        $this->captchaValidationResultMock = $this->createMock(ValidationResult::class);
+        $captchaValidatorMock = $this->createMock(Validator::class);
+        $captchaValidatorMock->expects($this->any())
+            ->method('isValid')
+            ->willReturn($this->captchaValidationResultMock);
+        $this->_objectManager->addSharedInstance($captchaValidatorMock, Validator::class);
+    }
+
+    /**
+     * @magentoConfigFixture default_store customer/captcha/enable 0
+     * @magentoConfigFixture default_store recaptcha_frontend/type_for/product_review invisible
+     * @magentoConfigFixture base_website recaptcha_frontend/type_invisible/public_key test_public_key
+     * @magentoConfigFixture base_website recaptcha_frontend/type_invisible/private_key test_private_key
+     */
+    public function testGetRequestIfReCaptchaIsDisabled()
+    {
+        $this->setConfig(false, 'test_public_key', 'test_private_key');
+
+        $this->checkSuccessfulGetResponse();
+    }
+
+    /**
+     * @magentoConfigFixture default_store customer/captcha/enable 0
+     * @magentoConfigFixture base_website recaptcha_frontend/type_for/product_review invisible
+     *
+     * It's  needed for proper work of "ifconfig" in layout during tests running
+     * @magentoConfigFixture default_store recaptcha_frontend/type_for/product_review invisible
+     */
+    public function testGetRequestIfReCaptchaKeysAreNotConfigured()
+    {
+        $this->setConfig(true, null, null);
+
+        $this->checkSuccessfulGetResponse();
+    }
+
+    /**
+     * @magentoConfigFixture default_store customer/captcha/enable 0
+     * @magentoConfigFixture base_website recaptcha_frontend/type_invisible/public_key test_public_key
+     * @magentoConfigFixture base_website recaptcha_frontend/type_invisible/private_key test_private_key
+     * @magentoConfigFixture base_website recaptcha_frontend/type_for/product_review invisible
+     *
+     * It's  needed for proper work of "ifconfig" in layout during tests running
+     * @magentoConfigFixture default_store recaptcha_frontend/type_for/product_review invisible
+     */
+    public function testGetRequestIfReCaptchaIsEnabled()
+    {
+        $this->setConfig(true, 'test_public_key', 'test_private_key');
+
+        $this->checkSuccessfulGetResponse(true);
+    }
+
+    /**
+     * @magentoConfigFixture default_store customer/captcha/enable 0
+     * @magentoConfigFixture base_website recaptcha_frontend/type_invisible/public_key test_public_key
+     * @magentoConfigFixture base_website recaptcha_frontend/type_invisible/private_key test_private_key
+     */
+    public function testPostRequestIfReCaptchaIsDisabled()
+    {
+        $this->setConfig(false, 'test_public_key', 'test_private_key');
+
+        $this->checkPostResponse(true);
+    }
+
+    /**
+     * @magentoConfigFixture default_store customer/captcha/enable 0
+     * @magentoConfigFixture base_website recaptcha_frontend/type_for/product_review invisible
+     */
+    public function testPostRequestIfReCaptchaKeysAreNotConfigured()
+    {
+        $this->setConfig(true, null, null);
+
+        $this->checkPostResponse(true);
+    }
+
+    /**
+     * @magentoConfigFixture default_store customer/captcha/enable 0
+     * @magentoConfigFixture base_website recaptcha_frontend/type_invisible/public_key test_public_key
+     * @magentoConfigFixture base_website recaptcha_frontend/type_invisible/private_key test_private_key
+     * @magentoConfigFixture base_website recaptcha_frontend/type_for/product_review invisible
+     */
+    public function testPostRequestWithSuccessfulReCaptchaValidation()
+    {
+        $this->setConfig(true, 'test_public_key', 'test_private_key');
+        $this->captchaValidationResultMock->expects($this->once())->method('isValid')->willReturn(true);
+
+        $this->checkPostResponse(
+            true,
+            [CaptchaResponseResolverInterface::PARAM_RECAPTCHA => 'test']
+        );
+    }
+
+    /**
+     * @magentoConfigFixture default_store customer/captcha/enable 0
+     * @magentoConfigFixture base_website recaptcha_frontend/type_invisible/public_key test_public_key
+     * @magentoConfigFixture base_website recaptcha_frontend/type_invisible/private_key test_private_key
+     * @magentoConfigFixture base_website recaptcha_frontend/type_for/product_review invisible
+     */
+    public function testPostRequestIfReCaptchaParameterIsMissed()
+    {
+        $this->setConfig(true, 'test_public_key', 'test_private_key');
+
+        $this->expectException(InputException::class);
+        $this->expectExceptionMessage('Can not resolve reCAPTCHA parameter.');
+
+        $this->checkPostResponse(false);
+    }
+
+    /**
+     * @magentoConfigFixture default_store customer/captcha/enable 0
+     * @magentoConfigFixture base_website recaptcha_frontend/type_invisible/public_key test_public_key
+     * @magentoConfigFixture base_website recaptcha_frontend/type_invisible/private_key test_private_key
+     * @magentoConfigFixture base_website recaptcha_frontend/type_for/product_review invisible
+     */
+    public function testPostRequestWithFailedReCaptchaValidation()
+    {
+        $this->setConfig(true, 'test_public_key', 'test_private_key');
+        $this->captchaValidationResultMock->expects($this->once())->method('isValid')->willReturn(false);
+
+        $this->checkPostResponse(
+            false,
+            [CaptchaResponseResolverInterface::PARAM_RECAPTCHA => 'test']
+        );
+    }
+
+    /**
+     * @param bool $shouldContainReCaptcha
+     */
+    private function checkSuccessfulGetResponse($shouldContainReCaptcha = false)
+    {
+        $this->dispatch('/simple-product.html');
+        $content = $this->getResponse()->getBody();
+
+        self::assertNotEmpty($content);
+
+        $shouldContainReCaptcha
+            ? self::assertContains('field-recaptcha', $content)
+            : self::assertNotContains('field-recaptcha', $content);
+
+        self::assertEmpty($this->getSessionMessages(MessageInterface::TYPE_ERROR));
+    }
+
+    /**
+     * @param bool $isSuccessfulRequest
+     * @param array $postValues
+     */
+    private function checkPostResponse(bool $isSuccessfulRequest, array $postValues = [])
+    {
+        $expectedRedirectUrl = 'http://localhost/index.php/simple-product.html';
+
+        $this->getRequest()
+            ->setMethod(Http::METHOD_POST)
+            ->setParam(RedirectInterface::PARAM_NAME_REFERER_URL, $expectedRedirectUrl)
+            ->setPostValue(array_replace_recursive(
+                [
+                    'form_key' => $this->formKey->getFormKey(),
+                    'nickname' => 'review_author',
+                    'title' => 'review_title',
+                    'detail' => 'review_detail',
+                ],
+                $postValues
+            ));
+
+        $this->dispatch('review/product/post/id/1');
+
+        $this->assertRedirect(self::equalTo($expectedRedirectUrl));
+
+        if ($isSuccessfulRequest) {
+            $this->assertSessionMessages(
+                self::contains(
+                    'You submitted your review for moderation.'
+                ),
+                MessageInterface::TYPE_SUCCESS
+            );
+            self::assertEmpty($this->getSessionMessages(MessageInterface::TYPE_ERROR));
+            self::assertEquals(1, $this->reviewResourceModel->getTotalReviews(1));
+        } else {
+            $this->assertSessionMessages(
+                self::equalTo(['reCAPTCHA verification failed']),
+                MessageInterface::TYPE_ERROR
+            );
+            self::assertEquals(0, $this->reviewResourceModel->getTotalReviews(1));
+        }
+    }
+
+    /**
+     * @param bool $isEnabled
+     * @param string|null $public
+     * @param string|null $private
+     */
+    private function setConfig(bool $isEnabled, ?string $public, ?string $private): void
+    {
+        $this->mutableScopeConfig->setValue(
+            'recaptcha_frontend/type_for/product_review',
+            $isEnabled ? 'invisible' : null,
+            ScopeInterface::SCOPE_WEBSITE
+        );
+        $this->mutableScopeConfig->setValue(
+            'recaptcha_frontend/type_invisible/public_key',
+            $public,
+            ScopeInterface::SCOPE_WEBSITE
+        );
+        $this->mutableScopeConfig->setValue(
+            'recaptcha_frontend/type_invisible/private_key',
+            $private,
+            ScopeInterface::SCOPE_WEBSITE
+        );
+    }
+
+    protected function tearDown(): void
+    {
+        parent::tearDown();
+
+        $this->reviewResourceModel->deleteReviewsByProductId(1);
+    }
+}
diff --git a/ReCaptchaSendFriend/Test/Integration/SendFriendFormTest.php b/ReCaptchaSendFriend/Test/Integration/SendFriendFormTest.php
index db05572a..2458ce3e 100644
--- a/ReCaptchaSendFriend/Test/Integration/SendFriendFormTest.php
+++ b/ReCaptchaSendFriend/Test/Integration/SendFriendFormTest.php
@@ -8,6 +8,7 @@
 namespace Magento\ReCaptchaSendFriend\Test\Integration;
 
 use Magento\Framework\App\Request\Http;
+use Magento\Framework\App\Response\RedirectInterface;
 use Magento\Framework\Data\Form\FormKey;
 use Magento\Framework\Exception\InputException;
 use Magento\Framework\Message\MessageInterface;
@@ -230,7 +231,7 @@ private function checkPostResponse(bool $isSuccessfulRequest, array $postValues
         $expectedUrl = 'http://localhost/index.php/simple-product.html';
 
         $this->getRequest()
-            ->setParam(\Magento\Framework\App\Response\RedirectInterface::PARAM_NAME_REFERER_URL, $expectedUrl)
+            ->setParam(RedirectInterface::PARAM_NAME_REFERER_URL, $expectedUrl)
             ->setMethod(Http::METHOD_POST)
             ->setPostValue(array_replace_recursive(
                 [
@@ -270,7 +271,7 @@ private function checkPostResponse(bool $isSuccessfulRequest, array $postValues
             self::assertEquals((string)__('Welcome, Recipient'), $message->getSubject());
         } else {
             $this->assertSessionMessages(
-                $this->equalTo(['reCAPTCHA verification failed']),
+                self::equalTo(['reCAPTCHA verification failed']),
                 MessageInterface::TYPE_ERROR
             );
             self::assertEmpty($this->transportMock->getSentMessage());