Merge remote-tracking branch 'origin/MAGETWO-52338' into BUGS

Author: slavvka

app/code/Magento/Customer/Controller/Address/Delete.php

@@ -15,7 +15,7 @@ public function execute()
     {
         $addressId = $this->getRequest()->getParam('id', false);
 
-        if ($addressId) {
+        if ($addressId && $this->_formKeyValidator->validate($this->getRequest())) {
             try {
                 $address = $this->_addressRepository->getById($addressId);
                 if ($address->getCustomerId() === $this->_getSession()->getCustomerId()) {

app/code/Magento/Customer/Test/Unit/Controller/Address/DeleteTest.php

@@ -0,0 +1,197 @@
+<?php
+/**
+ * Copyright © 2016 Magento. All rights reserved.
+ * See COPYING.txt for license details.
+ */
+namespace Magento\Customer\Test\Unit\Controller\Address;
+
+use Magento\Customer\Controller\Address\Delete;
+use Magento\Framework\TestFramework\Unit\Helper\ObjectManager as ObjectManagerHelper;
+
+/**
+ * @SuppressWarnings(PHPMD.CouplingBetweenObjects)
+ */
+class DeleteTest extends \PHPUnit_Framework_TestCase
+{
+    /** @var Delete */
+    protected $model;
+
+    /** @var \Magento\Framework\App\Action\Context */
+    protected $context;
+
+    /** @var \Magento\Customer\Model\Session|\PHPUnit_Framework_MockObject_MockObject */
+    protected $sessionMock;
+
+    /** @var \Magento\Framework\Data\Form\FormKey\Validator|\PHPUnit_Framework_MockObject_MockObject */
+    protected $validatorMock;
+
+    /** @var \Magento\Customer\Api\AddressRepositoryInterface|\PHPUnit_Framework_MockObject_MockObject */
+    protected $addressRepositoryMock;
+
+    /** @var \Magento\Framework\App\RequestInterface|\PHPUnit_Framework_MockObject_MockObject */
+    protected $request;
+
+    /** @var \Magento\Customer\Api\Data\AddressInterface|\PHPUnit_Framework_MockObject_MockObject */
+    protected $address;
+
+    /** @var \Magento\Framework\Message\ManagerInterface|\PHPUnit_Framework_MockObject_MockObject */
+    protected $messageManager;
+
+    /** @var \Magento\Framework\Controller\Result\RedirectFactory|\PHPUnit_Framework_MockObject_MockObject */
+    protected $resultRedirectFactory;
+
+    /** @var \Magento\Framework\Controller\Result\Redirect|\PHPUnit_Framework_MockObject_MockObject */
+    protected $resultRedirect;
+
+    protected function setUp()
+    {
+        $this->sessionMock = $this->getMockBuilder('Magento\Customer\Model\Session')
+            ->disableOriginalConstructor()
+            ->getMock();
+        $this->validatorMock = $this->getMockBuilder('Magento\Framework\Data\Form\FormKey\Validator')
+            ->disableOriginalConstructor()
+            ->getMock();
+        $formFactoryMock = $this->getMockBuilder('Magento\Customer\Model\Metadata\FormFactory')
+            ->disableOriginalConstructor()
+            ->getMock();
+        $this->addressRepositoryMock = $this->getMockBuilder('Magento\Customer\Api\AddressRepositoryInterface')
+            ->getMockForAbstractClass();
+        $addressInterfaceFactoryMock = $this->getMockBuilder('Magento\Customer\Api\Data\AddressInterfaceFactory')
+            ->disableOriginalConstructor()
+            ->setMethods(['create'])
+            ->getMock();
+        $regionInterfaceFactoryMock = $this->getMockBuilder('Magento\Customer\Api\Data\RegionInterfaceFactory')
+            ->disableOriginalConstructor()
+            ->setMethods(['create'])
+            ->getMock();
+        $dataObjectProcessorMock = $this->getMockBuilder('Magento\Framework\Reflection\DataObjectProcessor')
+            ->disableOriginalConstructor()
+            ->getMock();
+        $dataObjectHelperMock = $this->getMockBuilder('Magento\Framework\Api\DataObjectHelper')
+            ->disableOriginalConstructor()
+            ->getMock();
+        $forwardFactoryMock = $this->getMockBuilder('Magento\Framework\Controller\Result\ForwardFactory')
+            ->disableOriginalConstructor()
+            ->setMethods(['create'])
+            ->getMock();
+        $pageFactoryMock = $this->getMockBuilder('Magento\Framework\View\Result\PageFactory')
+            ->disableOriginalConstructor()
+            ->getMock();
+        $this->request = $this->getMockBuilder('Magento\Framework\App\RequestInterface')
+            ->getMockForAbstractClass();
+        $this->address = $this->getMockBuilder('Magento\Customer\Api\Data\AddressInterface')
+            ->getMockForAbstractClass();
+        $this->messageManager = $this->getMockBuilder('Magento\Framework\Message\ManagerInterface')
+            ->getMockForAbstractClass();
+        $this->resultRedirectFactory = $this->getMockBuilder('Magento\Framework\Controller\Result\RedirectFactory')
+            ->disableOriginalConstructor()
+            ->getMock();
+        $this->resultRedirect = $this->getMockBuilder('Magento\Framework\Controller\Result\Redirect')
+            ->disableOriginalConstructor()
+            ->getMock();
+
+        $objectManager = new ObjectManagerHelper($this);
+        $this->context = $objectManager->getObject(
+            'Magento\Framework\App\Action\Context',
+            [
+                'request' => $this->request,
+                'messageManager' => $this->messageManager,
+                'resultRedirectFactory' => $this->resultRedirectFactory,
+            ]
+        );
+
+        $this->model = new Delete(
+            $this->context,
+            $this->sessionMock,
+            $this->validatorMock,
+            $formFactoryMock,
+            $this->addressRepositoryMock,
+            $addressInterfaceFactoryMock,
+            $regionInterfaceFactoryMock,
+            $dataObjectProcessorMock,
+            $dataObjectHelperMock,
+            $forwardFactoryMock,
+            $pageFactoryMock
+        );
+    }
+
+    public function testExecute()
+    {
+        $addressId = 1;
+        $customerId = 2;
+
+        $this->resultRedirectFactory->expects($this->once())
+            ->method('create')
+            ->willReturn($this->resultRedirect);
+        $this->request->expects($this->once())
+            ->method('getParam')
+            ->with('id', false)
+            ->willReturn($addressId);
+        $this->validatorMock->expects($this->once())
+            ->method('validate')
+            ->with($this->request)
+            ->willReturn(true);
+        $this->addressRepositoryMock->expects($this->once())
+            ->method('getById')
+            ->with($addressId)
+            ->willReturn($this->address);
+        $this->sessionMock->expects($this->once())
+            ->method('getCustomerId')
+            ->willReturn($customerId);
+        $this->address->expects($this->once())
+            ->method('getCustomerId')
+            ->willReturn($customerId);
+        $this->addressRepositoryMock->expects($this->once())
+            ->method('deleteById')
+            ->with($addressId);
+        $this->messageManager->expects($this->once())
+            ->method('addSuccess')
+            ->with(__('You deleted the address.'));
+        $this->resultRedirect->expects($this->once())
+            ->method('setPath')
+            ->with('*/*/index')
+            ->willReturnSelf();
+        $this->assertSame($this->resultRedirect, $this->model->execute());
+    }
+
+    public function testExecuteWithException()
+    {
+        $addressId = 1;
+        $customerId = 2;
+
+        $this->resultRedirectFactory->expects($this->once())
+            ->method('create')
+            ->willReturn($this->resultRedirect);
+        $this->request->expects($this->once())
+            ->method('getParam')
+            ->with('id', false)
+            ->willReturn($addressId);
+        $this->validatorMock->expects($this->once())
+            ->method('validate')
+            ->with($this->request)
+            ->willReturn(true);
+        $this->addressRepositoryMock->expects($this->once())
+            ->method('getById')
+            ->with($addressId)
+            ->willReturn($this->address);
+        $this->sessionMock->expects($this->once())
+            ->method('getCustomerId')
+            ->willReturn($customerId);
+        $this->address->expects($this->once())
+            ->method('getCustomerId')
+            ->willReturn(34);
+        $exception = new \Exception('Exception');
+        $this->messageManager->expects($this->once())
+            ->method('addError')
+            ->with(__('We can\'t delete the address right now.'))
+            ->willThrowException($exception);
+        $this->messageManager->expects($this->once())
+            ->method('addException')
+            ->with($exception, __('We can\'t delete the address right now.'));
+        $this->resultRedirect->expects($this->once())
+            ->method('setPath')
+            ->with('*/*/index')
+            ->willReturnSelf();
+        $this->assertSame($this->resultRedirect, $this->model->execute());
+    }
+}

app/code/Magento/Customer/view/frontend/web/address.js

@@ -61,10 +61,12 @@ define([
                 actions: {
                     confirm: function() {
                         if (typeof $(e.target).parent().data('address') !== 'undefined') {
-                            window.location = self.options.deleteUrlPrefix + $(e.target).parent().data('address');
+                            window.location = self.options.deleteUrlPrefix + $(e.target).parent().data('address')
+                                + '/form_key/' + $.mage.cookies.get('form_key');
                         }
                         else {
-                            window.location = self.options.deleteUrlPrefix + $(e.target).data('address');
+                            window.location = self.options.deleteUrlPrefix + $(e.target).data('address')
+                                + '/form_key/' + $.mage.cookies.get('form_key');
                         }
                     }
                 }

dev/tests/integration/testsuite/Magento/Customer/Controller/AddressTest.php

@@ -5,13 +5,18 @@
  */
 namespace Magento\Customer\Controller;
 
+use Magento\Customer\Api\AccountManagementInterface;
+use Magento\Framework\Data\Form\FormKey;
 use Magento\TestFramework\Helper\Bootstrap;
 
 class AddressTest extends \Magento\TestFramework\TestCase\AbstractController
 {
-    /** @var \Magento\Customer\Api\AccountManagementInterface */
+    /** @var AccountManagementInterface */
     private $accountManagement;
 
+    /** @var FormKey */
+    private $formKey;
+
     protected function setUp()
     {
         parent::setUp();
@@ -20,9 +25,8 @@ protected function setUp()
             'Magento\Customer\Model\Session',
             [$logger]
         );
-        $this->accountManagement = \Magento\TestFramework\Helper\Bootstrap::getObjectManager()->create(
-            'Magento\Customer\Api\AccountManagementInterface'
-        );
+        $this->accountManagement = Bootstrap::getObjectManager()->create(AccountManagementInterface::class);
+        $this->formKey = Bootstrap::getObjectManager()->create(FormKey::class);
         $customer = $this->accountManagement->authenticate('customer@example.com', 'password');
         $session->setCustomerDataAsLoggedIn($customer);
     }
@@ -152,6 +156,7 @@ public function testFailedFormPostAction()
     public function testDeleteAction()
     {
         $this->getRequest()->setParam('id', 1);
+        $this->getRequest()->setParam('form_key', $this->formKey->getFormKey());
         // we are overwriting the address coming from the fixture
         $this->dispatch('customer/address/delete');
 
@@ -169,6 +174,7 @@ public function testDeleteAction()
     public function testWrongAddressDeleteAction()
     {
         $this->getRequest()->setParam('id', 555);
+        $this->getRequest()->setParam('form_key', $this->formKey->getFormKey());
         // we are overwriting the address coming from the fixture
         $this->dispatch('customer/address/delete');