Skip to content

Commit d40f1f3

Browse files
author
Oleksandr Karpenko
committed
MAGETWO-52338: Csrf delete the customer addresses
1 parent efc35bb commit d40f1f3

File tree

3 files changed

+220
-3
lines changed

3 files changed

+220
-3
lines changed

app/code/Magento/Customer/Controller/Address/Delete.php

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -15,7 +15,7 @@ public function execute()
1515
{
1616
$addressId = $this->getRequest()->getParam('id', false);
1717

18-
if ($addressId) {
18+
if ($addressId && $this->_formKeyValidator->validate($this->getRequest())) {
1919
try {
2020
$address = $this->_addressRepository->getById($addressId);
2121
if ($address->getCustomerId() === $this->_getSession()->getCustomerId()) {
Lines changed: 215 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,215 @@
1+
<?php
2+
/**
3+
* Copyright © 2016 Magento. All rights reserved.
4+
* See COPYING.txt for license details.
5+
*/
6+
namespace Magento\Customer\Test\Unit\Controller\Address;
7+
8+
use Magento\Customer\Controller\Address\Delete;
9+
use Magento\Framework\TestFramework\Unit\Helper\ObjectManager as ObjectManagerHelper;
10+
11+
class DeleteTest extends \PHPUnit_Framework_TestCase
12+
{
13+
/** @var Delete */
14+
protected $model;
15+
16+
/** @var \Magento\Framework\App\Action\Context */
17+
protected $context;
18+
19+
/** @var \Magento\Customer\Model\Session|\PHPUnit_Framework_MockObject_MockObject */
20+
protected $sessionMock;
21+
22+
/** @var \Magento\Framework\Data\Form\FormKey\Validator|\PHPUnit_Framework_MockObject_MockObject */
23+
protected $validatorMock;
24+
25+
/** @var \Magento\Customer\Model\Metadata\FormFactory|\PHPUnit_Framework_MockObject_MockObject */
26+
protected $formFactoryMock;
27+
28+
/** @var \Magento\Customer\Api\AddressRepositoryInterface|\PHPUnit_Framework_MockObject_MockObject */
29+
protected $addressRepositoryMock;
30+
31+
/** @var \Magento\Customer\Api\Data\AddressInterfaceFactory|\PHPUnit_Framework_MockObject_MockObject */
32+
protected $addressInterfaceFactoryMock;
33+
34+
/** @var \Magento\Customer\Api\Data\RegionInterfaceFactory|\PHPUnit_Framework_MockObject_MockObject */
35+
protected $regionInterfaceFactoryMock;
36+
37+
/** @var \Magento\Framework\Reflection\DataObjectProcessor|\PHPUnit_Framework_MockObject_MockObject */
38+
protected $dataObjectProcessorMock;
39+
40+
/** @var \Magento\Framework\Api\DataObjectHelper|\PHPUnit_Framework_MockObject_MockObject */
41+
protected $dataObjectHelperMock;
42+
43+
/** @var \Magento\Framework\Controller\Result\ForwardFactory|\PHPUnit_Framework_MockObject_MockObject */
44+
protected $forwardFactoryMock;
45+
46+
/** @var \Magento\Framework\View\Result\PageFactory|\PHPUnit_Framework_MockObject_MockObject */
47+
protected $pageFactoryMock;
48+
49+
/** @var \Magento\Framework\App\RequestInterface|\PHPUnit_Framework_MockObject_MockObject */
50+
protected $request;
51+
52+
/** @var \Magento\Customer\Api\Data\AddressInterface|\PHPUnit_Framework_MockObject_MockObject */
53+
protected $address;
54+
55+
/** @var \Magento\Framework\Message\ManagerInterface|\PHPUnit_Framework_MockObject_MockObject */
56+
protected $messageManager;
57+
58+
/** @var \Magento\Framework\Controller\Result\RedirectFactory|\PHPUnit_Framework_MockObject_MockObject */
59+
protected $resultRedirectFactory;
60+
61+
/** @var \Magento\Framework\Controller\Result\Redirect|\PHPUnit_Framework_MockObject_MockObject */
62+
protected $resultRedirect;
63+
64+
protected function setUp()
65+
{
66+
$this->sessionMock = $this->getMockBuilder('Magento\Customer\Model\Session')
67+
->disableOriginalConstructor()
68+
->getMock();
69+
$this->validatorMock = $this->getMockBuilder('Magento\Framework\Data\Form\FormKey\Validator')
70+
->disableOriginalConstructor()
71+
->getMock();
72+
$this->formFactoryMock = $this->getMockBuilder('Magento\Customer\Model\Metadata\FormFactory')
73+
->disableOriginalConstructor()
74+
->getMock();
75+
$this->addressRepositoryMock = $this->getMockBuilder('Magento\Customer\Api\AddressRepositoryInterface')
76+
->getMockForAbstractClass();
77+
$this->addressInterfaceFactoryMock = $this->getMockBuilder('Magento\Customer\Api\Data\AddressInterfaceFactory')
78+
->disableOriginalConstructor()
79+
->setMethods(['create'])
80+
->getMock();
81+
$this->regionInterfaceFactoryMock = $this->getMockBuilder('Magento\Customer\Api\Data\RegionInterfaceFactory')
82+
->disableOriginalConstructor()
83+
->setMethods(['create'])
84+
->getMock();
85+
$this->dataObjectProcessorMock = $this->getMockBuilder('Magento\Framework\Reflection\DataObjectProcessor')
86+
->disableOriginalConstructor()
87+
->getMock();
88+
$this->dataObjectHelperMock = $this->getMockBuilder('Magento\Framework\Api\DataObjectHelper')
89+
->disableOriginalConstructor()
90+
->getMock();
91+
$this->forwardFactoryMock = $this->getMockBuilder('Magento\Framework\Controller\Result\ForwardFactory')
92+
->disableOriginalConstructor()
93+
->setMethods(['create'])
94+
->getMock();
95+
$this->pageFactoryMock = $this->getMockBuilder('Magento\Framework\View\Result\PageFactory')
96+
->disableOriginalConstructor()
97+
->getMock();
98+
$this->request = $this->getMockBuilder('Magento\Framework\App\RequestInterface')
99+
->getMockForAbstractClass();
100+
$this->address = $this->getMockBuilder('Magento\Customer\Api\Data\AddressInterface')
101+
->getMockForAbstractClass();
102+
$this->messageManager = $this->getMockBuilder('Magento\Framework\Message\ManagerInterface')
103+
->getMockForAbstractClass();
104+
$this->resultRedirectFactory = $this->getMockBuilder('Magento\Framework\Controller\Result\RedirectFactory')
105+
->disableOriginalConstructor()
106+
->getMock();
107+
$this->resultRedirect = $this->getMockBuilder('Magento\Framework\Controller\Result\Redirect')
108+
->disableOriginalConstructor()
109+
->getMock();
110+
111+
$objectManager = new ObjectManagerHelper($this);
112+
$this->context = $objectManager->getObject(
113+
'Magento\Framework\App\Action\Context',
114+
[
115+
'request' => $this->request,
116+
'messageManager' => $this->messageManager,
117+
'resultRedirectFactory' => $this->resultRedirectFactory,
118+
]
119+
);
120+
121+
$this->model = new Delete(
122+
$this->context,
123+
$this->sessionMock,
124+
$this->validatorMock,
125+
$this->formFactoryMock,
126+
$this->addressRepositoryMock,
127+
$this->addressInterfaceFactoryMock,
128+
$this->regionInterfaceFactoryMock,
129+
$this->dataObjectProcessorMock,
130+
$this->dataObjectHelperMock,
131+
$this->forwardFactoryMock,
132+
$this->pageFactoryMock
133+
);
134+
}
135+
136+
public function testExecute()
137+
{
138+
$addressId = 1;
139+
$customerId = 2;
140+
141+
$this->resultRedirectFactory->expects($this->once())
142+
->method('create')
143+
->willReturn($this->resultRedirect);
144+
$this->request->expects($this->once())
145+
->method('getParam')
146+
->with('id', false)
147+
->willReturn($addressId);
148+
$this->validatorMock->expects($this->once())
149+
->method('validate')
150+
->with($this->request)
151+
->willReturn(true);
152+
$this->addressRepositoryMock->expects($this->once())
153+
->method('getById')
154+
->with($addressId)
155+
->willReturn($this->address);
156+
$this->sessionMock->expects($this->once())
157+
->method('getCustomerId')
158+
->willReturn($customerId);
159+
$this->address->expects($this->once())
160+
->method('getCustomerId')
161+
->willReturn($customerId);
162+
$this->addressRepositoryMock->expects($this->once())
163+
->method('deleteById')
164+
->with($addressId);
165+
$this->messageManager->expects($this->once())
166+
->method('addSuccess')
167+
->with(__('You deleted the address.'));
168+
$this->resultRedirect->expects($this->once())
169+
->method('setPath')
170+
->with('*/*/index')
171+
->willReturnSelf();
172+
$this->assertSame($this->resultRedirect, $this->model->execute());
173+
}
174+
175+
public function testExecuteWithException()
176+
{
177+
$addressId = 1;
178+
$customerId = 2;
179+
180+
$this->resultRedirectFactory->expects($this->once())
181+
->method('create')
182+
->willReturn($this->resultRedirect);
183+
$this->request->expects($this->once())
184+
->method('getParam')
185+
->with('id', false)
186+
->willReturn($addressId);
187+
$this->validatorMock->expects($this->once())
188+
->method('validate')
189+
->with($this->request)
190+
->willReturn(true);
191+
$this->addressRepositoryMock->expects($this->once())
192+
->method('getById')
193+
->with($addressId)
194+
->willReturn($this->address);
195+
$this->sessionMock->expects($this->once())
196+
->method('getCustomerId')
197+
->willReturn($customerId);
198+
$this->address->expects($this->once())
199+
->method('getCustomerId')
200+
->willReturn(34);
201+
$exception = new \Exception('Exception');
202+
$this->messageManager->expects($this->once())
203+
->method('addError')
204+
->with(__('We can\'t delete the address right now.'))
205+
->willThrowException($exception);
206+
$this->messageManager->expects($this->once())
207+
->method('addException')
208+
->with($exception, __('We can\'t delete the address right now.'));
209+
$this->resultRedirect->expects($this->once())
210+
->method('setPath')
211+
->with('*/*/index')
212+
->willReturnSelf();
213+
$this->assertSame($this->resultRedirect, $this->model->execute());
214+
}
215+
}

app/code/Magento/Customer/view/frontend/web/address.js

Lines changed: 4 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -61,10 +61,12 @@ define([
6161
actions: {
6262
confirm: function() {
6363
if (typeof $(e.target).parent().data('address') !== 'undefined') {
64-
window.location = self.options.deleteUrlPrefix + $(e.target).parent().data('address');
64+
window.location = self.options.deleteUrlPrefix + $(e.target).parent().data('address')
65+
+ '/form_key/' + $.mage.cookies.get('form_key');
6566
}
6667
else {
67-
window.location = self.options.deleteUrlPrefix + $(e.target).data('address');
68+
window.location = self.options.deleteUrlPrefix + $(e.target).data('address')
69+
+ '/form_key/' + $.mage.cookies.get('form_key');
6870
}
6971
}
7072
}

0 commit comments

Comments
 (0)