Merge branch 'MAGETWO-43952' into MAGETWO-42988

Author: Oleksandr Karpenko

app/code/Magento/Customer/Controller/Address/FormPost.php

@@ -106,7 +106,6 @@ protected function _extractAddress()
             array_merge($existingAddressData, $attributeValues),
             '\Magento\Customer\Api\Data\AddressInterface'
         );
-
         $addressDataObject->setCustomerId($this->_getSession()->getCustomerId())
             ->setIsDefaultBilling($this->getRequest()->getParam('default_billing', false))
             ->setIsDefaultShipping($this->getRequest()->getParam('default_shipping', false));
@@ -118,12 +117,16 @@ protected function _extractAddress()
      * Retrieve existing address data
      *
      * @return array
+     * @throws \Exception
      */
     protected function getExistingAddressData()
     {
         $existingAddressData = [];
         if ($addressId = $this->getRequest()->getParam('id')) {
             $existingAddress = $this->_addressRepository->getById($addressId);
+            if ($existingAddress->getCustomerId() !== $this->_getSession()->getCustomerId()) {
+                throw new \Exception();
+            }
             $existingAddressData = $this->_dataProcessor->buildOutputDataArray(
                 $existingAddress,
                 '\Magento\Customer\Api\Data\AddressInterface'
@@ -175,6 +178,7 @@ protected function updateRegionData(&$attributeValues)
      */
     public function execute()
     {
+        $redirectUrl = null;
         if (!$this->_formKeyValidator->validate($this->getRequest())) {
             return $this->resultRedirectFactory->create()->setPath('*/*/');
         }
@@ -198,11 +202,16 @@ public function execute()
                 $this->messageManager->addError($error->getMessage());
             }
         } catch (\Exception $e) {
+            $redirectUrl = $this->_buildUrl('*/*/index');
             $this->messageManager->addException($e, __('We can\'t save the address.'));
         }
 
-        $this->_getSession()->setAddressFormData($this->getRequest()->getPostValue());
-        $url = $this->_buildUrl('*/*/edit', ['id' => $this->getRequest()->getParam('id')]);
+        $url = $redirectUrl;
+        if (!$redirectUrl) {
+            $this->_getSession()->setAddressFormData($this->getRequest()->getPostValue());
+            $url = $this->_buildUrl('*/*/edit', ['id' => $this->getRequest()->getParam('id')]);
+        }
+
         return $this->resultRedirectFactory->create()->setUrl($this->_redirect->error($url));
     }
 }

app/code/Magento/Customer/Test/Unit/Controller/Address/FormPostTest.php

@@ -528,7 +528,10 @@ public function testExecute(
                 ],
             ]);
 
-        $this->session->expects($this->once())
+        $this->session->expects($this->atLeastOnce())
+            ->method('getCustomerId')
+            ->willReturn($customerId);
+        $this->addressData->expects($this->once())
             ->method('getCustomerId')
             ->willReturn($customerId);
 
@@ -682,11 +685,11 @@ public function testExecuteException()
         $this->request->expects($this->once())
             ->method('isPost')
             ->willReturn(true);
-        $this->request->expects($this->exactly(2))
+        $this->request->expects($this->once())
             ->method('getParam')
             ->with('id')
             ->willReturn($addressId);
-        $this->request->expects($this->once())
+        $this->request->expects($this->never())
             ->method('getPostValue')
             ->willReturn($postValue);
 
@@ -701,7 +704,7 @@ public function testExecuteException()
             ->with($exception, __('We can\'t save the address.'))
             ->willReturnSelf();
 
-        $this->session->expects($this->once())
+        $this->session->expects($this->never())
             ->method('setAddressFormData')
             ->with($postValue)
             ->willReturnSelf();
@@ -710,7 +713,7 @@ public function testExecuteException()
             ->getMockForAbstractClass();
         $urlBuilder->expects($this->once())
             ->method('getUrl')
-            ->with('*/*/edit', ['id' => $addressId])
+            ->with('*/*/index')
             ->willReturn($url);
 
         $this->objectManager->expects($this->once())