MAGETWO-97456: Cart's customer and address mismatch

StasKozar · StasKozar · commit 720f05ce559e · 2019-01-25T11:02:02.000+02:00
diff --git a/app/code/Magento/Quote/Model/Quote/Address/BillingAddressPersister.php b/app/code/Magento/Quote/Model/Quote/Address/BillingAddressPersister.php
@@ -12,6 +12,9 @@
 use Magento\Quote\Model\QuoteAddressValidator;
 use Magento\Customer\Api\AddressRepositoryInterface;
 
+/**
+ * Saves billing address for quotes.
+ */
 class BillingAddressPersister
 {
     /**
@@ -37,17 +40,17 @@ public function __construct(
     }
 
     /**
+     * Save address for billing.
+     *
      * @param CartInterface $quote
      * @param AddressInterface $address
      * @param bool $useForShipping
      * @return void
-     * @throws NoSuchEntityException
-     * @throws InputException
      */
     public function save(CartInterface $quote, AddressInterface $address, $useForShipping = false)
     {
         /** @var \Magento\Quote\Model\Quote $quote */
-        $this->addressValidator->validate($address);
+        $this->addressValidator->validateForCart($quote, $address);
         $customerAddressId = $address->getCustomerAddressId();
         $shippingAddress = null;
         $addressData = [];
diff --git a/app/code/Magento/Quote/Model/QuoteAddressValidator.php b/app/code/Magento/Quote/Model/QuoteAddressValidator.php
@@ -6,10 +6,13 @@
 namespace Magento\Quote\Model;
 
 use Magento\Framework\Exception\NoSuchEntityException;
+use Magento\Quote\Api\Data\AddressInterface;
+use Magento\Quote\Api\Data\CartInterface;
 
 /**
  * Quote shipping/billing address validator service.
  *
+ * @SuppressWarnings(PHPMD.CookieAndSessionMisuse)
  */
 class QuoteAddressValidator
 {
@@ -28,7 +31,7 @@ class QuoteAddressValidator
     protected $customerRepository;
 
     /**
-     * @var \Magento\Customer\Model\Session
+     * @deprecated This class is not a part of HTML presentation layer and should not use sessions.
      */
     protected $customerSession;
 
@@ -50,44 +53,77 @@ public function __construct(
     }
 
     /**
-     * Validates the fields in a specified address data object.
+     * Validate address.
      *
-     * @param \Magento\Quote\Api\Data\AddressInterface $addressData The address data object.
-     * @return bool
-     * @throws \Magento\Framework\Exception\InputException The specified address belongs to another customer.
+     * @param AddressInterface $address
+     * @param int|null $customerId Cart belongs to
+     * @return void
      * @throws \Magento\Framework\Exception\NoSuchEntityException The specified customer ID or address ID is not valid.
      */
-    public function validate(\Magento\Quote\Api\Data\AddressInterface $addressData)
+    private function doValidate(AddressInterface $address, $customerId)
     {
         //validate customer id
-        if ($addressData->getCustomerId()) {
-            $customer = $this->customerRepository->getById($addressData->getCustomerId());
+        if ($customerId) {
+            $customer = $this->customerRepository->getById($customerId);
             if (!$customer->getId()) {
                 throw new \Magento\Framework\Exception\NoSuchEntityException(
-                    __('Invalid customer id %1', $addressData->getCustomerId())
+                    __('Invalid customer id %1', $customerId)
                 );
             }
         }
 
-        if ($addressData->getCustomerAddressId()) {
+        if ($address->getCustomerAddressId()) {
+            //Existing address cannot belong to a guest
+            if (!$customerId) {
+                throw new \Magento\Framework\Exception\NoSuchEntityException(
+                    __('Invalid customer address id %1', $address->getCustomerAddressId())
+                );
+            }
+            //Validating address ID
             try {
-                $this->addressRepository->getById($addressData->getCustomerAddressId());
+                $this->addressRepository->getById($address->getCustomerAddressId());
             } catch (NoSuchEntityException $e) {
                 throw new \Magento\Framework\Exception\NoSuchEntityException(
-                    __('Invalid address id %1', $addressData->getId())
+                    __('Invalid address id %1', $address->getId())
                 );
             }
-
+            //Finding available customer's addresses
             $applicableAddressIds = array_map(function ($address) {
                 /** @var \Magento\Customer\Api\Data\AddressInterface $address */
                 return $address->getId();
-            }, $this->customerRepository->getById($addressData->getCustomerId())->getAddresses());
-            if (!in_array($addressData->getCustomerAddressId(), $applicableAddressIds)) {
+            }, $this->customerRepository->getById($customerId)->getAddresses());
+            if (!in_array($address->getCustomerAddressId(), $applicableAddressIds)) {
                 throw new \Magento\Framework\Exception\NoSuchEntityException(
-                    __('Invalid customer address id %1', $addressData->getCustomerAddressId())
+                    __('Invalid customer address id %1', $address->getCustomerAddressId())
                 );
             }
         }
+    }
+
+    /**
+     * Validates the fields in a specified address data object.
+     *
+     * @param \Magento\Quote\Api\Data\AddressInterface $addressData The address data object.
+     * @return bool
+     * @throws \Magento\Framework\Exception\NoSuchEntityException The specified customer ID or address ID is not valid.
+     */
+    public function validate(AddressInterface $addressData): bool
+    {
+        $this->doValidate($addressData, $addressData->getCustomerId());
+
         return true;
     }
+
+    /**
+     * Validate address to be used for cart.
+     *
+     * @param CartInterface $cart
+     * @param AddressInterface $address
+     * @return void
+     * @throws \Magento\Framework\Exception\NoSuchEntityException The specified customer ID or address ID is not valid.
+     */
+    public function validateForCart(CartInterface $cart, AddressInterface $address)
+    {
+        $this->doValidate($address, $cart->getCustomerIsGuest() ? null : $cart->getCustomer()->getId());
+    }
 }
diff --git a/app/code/Magento/Quote/Model/ShippingAddressManagement.php b/app/code/Magento/Quote/Model/ShippingAddressManagement.php
@@ -78,7 +78,7 @@ public function __construct(
     }
 
     /**
-     * {@inheritDoc}
+     * @inheritDoc
      * @SuppressWarnings(PHPMD.NPathComplexity)
      */
     public function assign($cartId, \Magento\Quote\Api\Data\AddressInterface $address)
@@ -94,7 +94,7 @@ public function assign($cartId, \Magento\Quote\Api\Data\AddressInterface $addres
         $saveInAddressBook = $address->getSaveInAddressBook() ? 1 : 0;
         $sameAsBilling = $address->getSameAsBilling() ? 1 : 0;
         $customerAddressId = $address->getCustomerAddressId();
-        $this->addressValidator->validate($address);
+        $this->addressValidator->validateForCart($quote, $address);
         $quote->setShippingAddress($address);
         $address = $quote->getShippingAddress();
 
@@ -122,7 +122,7 @@ public function assign($cartId, \Magento\Quote\Api\Data\AddressInterface $addres
     }
 
     /**
-     * {@inheritDoc}
+     * @inheritDoc
      */
     public function get($cartId)
     {
diff --git a/app/code/Magento/Quote/Test/Unit/Model/QuoteAddressValidatorTest.php b/app/code/Magento/Quote/Test/Unit/Model/QuoteAddressValidatorTest.php
@@ -77,17 +77,13 @@ public function testValidateInvalidCustomer()
 
     /**
      * @expectedException \Magento\Framework\Exception\NoSuchEntityException
-     * @expectedExceptionMessage Invalid address id 101
+     * @expectedExceptionMessage Invalid customer address id 101
      */
     public function testValidateInvalidAddress()
     {
         $address = $this->createMock(\Magento\Quote\Api\Data\AddressInterface::class);
         $this->customerRepositoryMock->expects($this->never())->method('getById');
-        $address->expects($this->atLeastOnce())->method('getCustomerAddressId')->willReturn(101);
-        $address->expects($this->once())->method('getId')->willReturn(101);
-
-        $this->addressRepositoryMock->expects($this->once())->method('getById')
-            ->willThrowException(new \Magento\Framework\Exception\NoSuchEntityException());
+        $address->expects($this->exactly(2))->method('getCustomerAddressId')->willReturn(101);
 
         $this->model->validate($address);
     }
diff --git a/app/code/Magento/Quote/Test/Unit/Model/ShippingAddressManagementTest.php b/app/code/Magento/Quote/Test/Unit/Model/ShippingAddressManagementTest.php
@@ -110,7 +110,7 @@ public function testSetAddressValidationFailed()
             ->with('cart654')
             ->will($this->returnValue($quoteMock));
 
-        $this->validatorMock->expects($this->once())->method('validate')
+        $this->validatorMock->expects($this->once())->method('validateForCart')
             ->will($this->throwException(new \Magento\Framework\Exception\NoSuchEntityException(__('error345'))));
 
         $this->service->assign('cart654', $this->quoteAddressMock);
@@ -143,8 +143,8 @@ public function testSetAddress()
             ->with($customerAddressId)
             ->willReturn($customerAddressMock);
 
-        $this->validatorMock->expects($this->once())->method('validate')
-            ->with($this->quoteAddressMock)
+        $this->validatorMock->expects($this->once())->method('validateForCart')
+            ->with($quoteMock, $this->quoteAddressMock)
             ->willReturn(true);
 
         $quoteMock->expects($this->exactly(3))->method('getShippingAddress')->willReturn($this->quoteAddressMock);
@@ -218,8 +218,8 @@ public function testSetAddressWithInabilityToSaveQuote()
             ->with($customerAddressId)
             ->willReturn($customerAddressMock);
 
-        $this->validatorMock->expects($this->once())->method('validate')
-            ->with($this->quoteAddressMock)
+        $this->validatorMock->expects($this->once())->method('validateForCart')
+            ->with($quoteMock, $this->quoteAddressMock)
             ->willReturn(true);
 
         $this->quoteAddressMock->expects($this->once())->method('getSaveInAddressBook')->willReturn(1);
diff --git a/dev/tests/integration/testsuite/Magento/Checkout/Api/GuestShippingInformationManagementTest.php b/dev/tests/integration/testsuite/Magento/Checkout/Api/GuestShippingInformationManagementTest.php
@@ -0,0 +1,126 @@
+<?php
+/**
+ * Copyright © Magento, Inc. All rights reserved.
+ * See COPYING.txt for license details.
+ */
+declare(strict_types=1);
+
+namespace Magento\Checkout\Api;
+
+use Magento\Checkout\Api\Data\ShippingInformationInterface;
+use Magento\Checkout\Api\Data\ShippingInformationInterfaceFactory;
+use Magento\Customer\Api\CustomerRepositoryInterface;
+use Magento\Framework\Api\SearchCriteriaBuilder;
+use Magento\Quote\Api\CartRepositoryInterface;
+use Magento\Quote\Api\Data\ShippingAssignmentInterface;
+use Magento\TestFramework\Helper\Bootstrap;
+use PHPUnit\Framework\TestCase;
+use Magento\Quote\Model\QuoteIdMask;
+use Magento\Quote\Model\QuoteIdMaskFactory;
+
+/**
+ * Test GuestShippingInformationManagement API.
+ */
+class GuestShippingInformationManagementTest extends TestCase
+{
+    /**
+     * @var GuestShippingInformationManagementInterface
+     */
+    private $management;
+
+    /**
+     * @var CartRepositoryInterface
+     */
+    private $cartRepo;
+
+    /**
+     * @var CustomerRepositoryInterface
+     */
+    private $customerRepo;
+
+    /**
+     * @var ShippingInformationInterfaceFactory
+     */
+    private $shippingFactory;
+
+    /**
+     * @var SearchCriteriaBuilder
+     */
+    private $searchCriteria;
+
+    /**
+     * @var QuoteIdMaskFactory
+     */
+    private $maskFactory;
+
+    /**
+     * @inheritdoc
+     */
+    protected function setUp()
+    {
+        $objectManager = Bootstrap::getObjectManager();
+        $this->management = $objectManager->get(GuestShippingInformationManagementInterface::class);
+        $this->cartRepo = $objectManager->get(CartRepositoryInterface::class);
+        $this->customerRepo = $objectManager->get(CustomerRepositoryInterface::class);
+        $this->shippingFactory = $objectManager->get(ShippingInformationInterfaceFactory::class);
+        $this->searchCriteria = $objectManager->get(SearchCriteriaBuilder::class);
+        $this->maskFactory = $objectManager->get(QuoteIdMaskFactory::class);
+    }
+
+    /**
+     * Test using another address for quote.
+     *
+     * @param bool $swapShipping Whether to swap shipping or billing addresses.
+     * @return void
+     *
+     * @magentoDataFixture Magento/Sales/_files/quote.php
+     * @magentoDataFixture Magento/Customer/_files/customer_with_addresses.php
+     * @dataProvider differentAddressesDataProvider
+     * @expectedException  \Magento\Framework\Exception\InputException
+     * @expectedExceptionMessage Unable to save shipping information. Please check input data.
+     */
+    public function testDifferentAddresses(bool $swapShipping)
+    {
+        $carts = $this->cartRepo->getList(
+            $this->searchCriteria->addFilter('reserved_order_id', 'test01')->create()
+        )->getItems();
+        $cart = array_pop($carts);
+        $otherCustomer = $this->customerRepo->get('customer_with_addresses@test.com');
+        $otherAddresses = $otherCustomer->getAddresses();
+        $otherAddress = array_pop($otherAddresses);
+
+        //Setting invalid IDs.
+        /** @var ShippingAssignmentInterface $shippingAssignment */
+        $shippingAssignment = $cart->getExtensionAttributes()->getShippingAssignments()[0];
+        $shippingAddress = $shippingAssignment->getShipping()->getAddress();
+        $billingAddress = $cart->getBillingAddress();
+        if ($swapShipping) {
+            $address = $shippingAddress;
+        } else {
+            $address = $billingAddress;
+        }
+        $address->setCustomerAddressId($otherAddress->getId());
+        $address->setCustomerId($otherCustomer->getId());
+        $address->setId(null);
+        /** @var ShippingInformationInterface $shippingInformation */
+        $shippingInformation = $this->shippingFactory->create();
+        $shippingInformation->setBillingAddress($billingAddress);
+        $shippingInformation->setShippingAddress($shippingAddress);
+        $shippingInformation->setShippingMethodCode('flatrate');
+        /** @var QuoteIdMask $idMask */
+        $idMask = $this->maskFactory->create();
+        $idMask->load($cart->getId(), 'quote_id');
+        $this->management->saveAddressInformation($idMask->getMaskedId(), $shippingInformation);
+    }
+
+    /**
+     * @return array
+     */
+    public function differentAddressesDataProvider(): array
+    {
+        return [
+            'Shipping address swap' => [true],
+            'Billing address swap' => [false],
+        ];
+    }
+}
diff --git a/dev/tests/integration/testsuite/Magento/Checkout/Api/ShippingInformationManagementTest.php b/dev/tests/integration/testsuite/Magento/Checkout/Api/ShippingInformationManagementTest.php
diff --git a/dev/tests/integration/testsuite/Magento/Customer/_files/customer_with_addresses.php b/dev/tests/integration/testsuite/Magento/Customer/_files/customer_with_addresses.php
diff --git a/dev/tests/integration/testsuite/Magento/Customer/_files/customer_with_addresses_rollback.php b/dev/tests/integration/testsuite/Magento/Customer/_files/customer_with_addresses_rollback.php
