magento/magento2#: Remove oauthUserContext from app/code/Magento/GraphQl/etc/graphql/di.xml

[atwixfirster]

Description (*)

Issue:
With an active customer's cookies and empty Authorization token GraphQl uses cookies to retrieve a type of user and it's ID.

That's incorrect behavior because GraphQl should use an Authorization token ONLY to retrieve a type of user and it's ID.

Technical details:
Magento_Customer/etc/graphql/di.xml adds customerSessionUserContext into \Magento\Authorization\Model\CompositeUserContext. It allows to retrieves a customer ID from the session (cookies) wihtin GraphQl operations.

Related Pull Requests

Fixed Issues (if relevant)

1. GraphQl. Retrieve customer's shopping cart without an authorization token #28040: GraphQl. Retrieve customer's shopping cart without an authorization token

Manual testing scenarios (*)

Preconditions:

• Cloud environment
• PWA and Magento installed on the same <Magento_root> folder
• PWA and Magento are available for user per configured Magento_UpwardConnector

1. PWA storefront: login as registered user
2. PWA storefront: as a customer please add any product into shopping cart
3. Open a new tab in the same browser window and login as a registered customer in Magento standard storefront
4. PWA storefront: customer makes a logout
5. PWA storefront: verify Shopping cart.

Actual result: guest sees a product which customer has been added into shopping cart. Current quote as a masked quote ID of registered customer.

Expected result: a new guest quote has been created after customer's logout.

Questions or comments

Contribution checklist (*)

• Pull request has a meaningful description of its purpose
• All commits are accompanied by meaningful commit messages
• All new or changed code is covered with unit/integration tests (if applicable)
• All automated tests passed successfully (all builds are green)

[atwixfirster]

Failed Functional tests are not tie to the PR changes.

[dmytro-ch]

Hello @atwixfirster, thank you for your contribution!
Due to Magento Definition of Done the changes should be covered by automated tests. Could you please cover this case by API functional test?
Thank you!

[atwixfirster]

Could you please cover this case by API functional test?

done

Thank you, @dmytro-ch

[m2-assistant]

Hi @atwixfirster, thank you for your contribution!
Please, complete Contribution Survey, it will take less than a minute.
Your feedback will help us to improve contribution process.

[m2-assistant]

Hi @atwixfirster. Thank you for your contribution
Here is some useful tips how you can test your changes using Magento test environment.
Add the comment under your pull request to deploy test or vanilla Magento instance:

• @magento give me test instance - deploy test instance based on PR changes
• @magento give me 2.4-develop instance - deploy vanilla Magento instance

For more details, please, review the Magento Contributor Guide documentation.

[lenaorobei]

Please see comment #28040 (comment)

Could you please remove oauthUserContext from the ce/app/code/Magento/GraphQl/etc/graphql/di.xml:18 instead.

[atwixfirster]

Could you please remove oauthUserContext from the ce/app/code/Magento/GraphQl/etc/graphql/di.xml:18 instead.

@lenaorobei ,

done

[magento-engcom-team]

Hi @lenaorobei, thank you for the review.
ENGCOM-7512 has been created to process this Pull Request
✳️ @lenaorobei, could you please add one of the following labels to the Pull Request?

Label	Description
Auto-Tests: Covered	All changes in Pull Request is covered by auto-tests
Auto-Tests: Not Covered	Changes in Pull Request requires coverage by auto-tests
Auto-Tests: Not Required	Changes in Pull Request does not require coverage by auto-tests

[m2-assistant]

Hi @atwixfirster, thank you for your contribution!
Please, complete Contribution Survey, it will take less than a minute.
Your feedback will help us to improve contribution process.

[nrkapoor]

@danielrenaud @lenaorobei @paliarush Will this PR break the staging functionality in GraphQL?