Merge pull request #9573 from adobe-commerce-tier-4/ACP2E-3643-1

Author: alzota

dev/tests/api-functional/framework/Magento/TestFramework/Authentication/Rest/OauthClient/Signature.php

@@ -1,7 +1,7 @@
 <?php
 /**
- * Copyright © Magento, Inc. All rights reserved.
- * See COPYING.txt for license details.
+ * Copyright 2015 Adobe
+ * All Rights Reserved.
  */
 
 namespace Magento\TestFramework\Authentication\Rest\OauthClient;
@@ -42,13 +42,8 @@ function ($carry, $item) {
             []
         );
 
-        $signatureData = [];
-        foreach (array_merge($queryStringData, $params) as $key => $value) {
-            $signatureData[rawurldecode($key)] = rawurlencode($value);
-        }
-
         return $this->helper->sign(
-            $signatureData,
+            array_merge($queryStringData, $params),
             $this->algorithm,
             $this->credentials->getConsumerSecret(),
             $this->tokenSecret,

dev/tests/api-functional/testsuite/Magento/Catalog/Api/ProductSkuTest.php

@@ -0,0 +1,46 @@
+<?php
+/**
+ * Copyright 2025 Adobe
+ * All Rights Reserved.
+ */
+declare(strict_types=1);
+
+namespace Magento\Catalog\Api;
+
+use Magento\Catalog\Test\Fixture\Product as ProductFixture;
+use Magento\TestFramework\Fixture\DataFixture;
+use Magento\TestFramework\TestCase\WebapiAbstract;
+
+class ProductSkuTest extends WebapiAbstract
+{
+    private const RESOURCE_PATH = '/V1/products/';
+
+    /**
+     * @return void
+     */
+    #[
+        DataFixture(ProductFixture::class, [
+            'sku' => 'SKU:@&=$\,;1234',
+            'name' => 'Test product 1'
+        ])
+    ]
+    public function testGetProductDetailsWithSpecialCharsSKUAndQueryParams(): void
+    {
+        $this->_markTestAsRestOnly();
+
+        $sku = 'SKU:@&=$\,;1234';
+        $requestData = [
+            'assetId' => 'urn:aaid:aeme47fc635-c87e-4a7e-8eb1-f74b4b77866c' . $sku
+        ];
+        $serviceInfo = [
+            'rest' => [
+                'resourcePath' => self::RESOURCE_PATH . $sku . '?' . http_build_query($requestData),
+                'httpMethod' => 'GET',
+            ],
+        ];
+        $response = $this->_webApiCall($serviceInfo);
+        self::assertArrayHasKey('id', $response);
+        self::assertArrayHasKey('sku', $response);
+        self::assertEquals($sku, $response['sku']);
+    }
+}

lib/internal/Magento/Framework/Oauth/Helper/Uri/Http.php

@@ -19,7 +19,7 @@ protected static function normalizePath($path): string
         return self::encodePath(
             self::decodeUrlEncodedChars(
                 self::removePathDotSegments($path),
-                '/[' . self::CHAR_UNRESERVED . ':@&=\+\$,;%]/'
+                '/[' . self::CHAR_UNRESERVED . ']/'
             )
         );
     }

lib/internal/Magento/Framework/Oauth/Oauth.php

@@ -1,7 +1,7 @@
 <?php
 /**
- * Copyright © Magento, Inc. All rights reserved.
- * See COPYING.txt for license details.
+ * Copyright 2013 Adobe
+ * All Rights Reserved.
  */
 
 namespace Magento\Framework\Oauth;
@@ -189,7 +189,7 @@ protected function _validateSignature($params, $consumerSecret, $httpMethod, $re
         }
 
         $calculatedSign = $this->httpUtility->sign(
-            $params,
+            $this->processNonRequiredParams($params),
             $params['oauth_signature_method'],
             $consumerSecret,
             $tokenSecret,
@@ -202,6 +202,30 @@ protected function _validateSignature($params, $consumerSecret, $httpMethod, $re
         }
     }
 
+    /**
+     * Avoid double encoding for query param values
+     *
+     * @param array $params
+     * @return array
+     */
+    private function processNonRequiredParams(array $params): array
+    {
+        $requiredParams = [
+            "oauth_consumer_key",
+            "oauth_consumer_secret",
+            "oauth_token",
+            "oauth_token_secret",
+            "oauth_signature"
+        ];
+        foreach ($params as $key => $value) {
+            if (!in_array($key, $requiredParams)) {
+                $params[$key] = urldecode($value);
+            }
+        }
+
+        return $params;
+    }
+
     /**
      * Validate oauth version.
      *