This repository has been archived by the owner on Oct 12, 2021. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 25
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #40 from bartoszpietrzak1994/fix-security-issue
Fix security issue
- Loading branch information
Showing
13 changed files
with
304 additions
and
16 deletions.
There are no files selected for viewing
21 changes: 21 additions & 0 deletions
21
features/being_unable_to_reorder_the_order_placed_by_another_customer.feature
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,21 @@ | ||
@reordering | ||
Feature: Being unable to reorder the order placed by another customer | ||
In order to maintain shop security | ||
As a Store Owner | ||
I want Customer to be the only person allowed to reorder their previously placed order | ||
|
||
Background: | ||
Given the store operates on a single channel in "United States" | ||
And the store has a product "Angel T-Shirt" | ||
And the store ships everywhere for free | ||
And the store allows paying with "Cash on Delivery" | ||
And there is a customer "Rick Sanchez" identified by an email "[email protected]" and a password "Morty" | ||
And there is a customer "Morty Smith" identified by an email "[email protected]" and a password "Rick" | ||
And a customer "Morty Smith" placed an order "#00000666" | ||
And the customer bought a single "Angel T-Shirt" | ||
And the customer chose "Free" shipping method to "United States" with "Cash on Delivery" payment | ||
|
||
@application | ||
Scenario: Being unable to reorder the order placed by another customer | ||
When the customer "[email protected]" tries to reorder the order "#00000666" | ||
Then the order "#00000666" should not be reordered |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,53 @@ | ||
<?php | ||
|
||
declare(strict_types=1); | ||
|
||
namespace spec\Sylius\CustomerReorderPlugin\Checker; | ||
|
||
use PhpSpec\ObjectBehavior; | ||
use Sylius\Component\Core\Model\CustomerInterface; | ||
use Sylius\Component\Core\Model\OrderInterface; | ||
use Sylius\CustomerReorderPlugin\Checker\OrderCustomerRelationCheckerInterface; | ||
|
||
final class OrderCustomerRelationCheckerSpec extends ObjectBehavior | ||
{ | ||
function it_implements_order_customer_relation_checker_interface(): void | ||
{ | ||
$this->shouldImplement(OrderCustomerRelationCheckerInterface::class); | ||
} | ||
|
||
function it_returns_true_when_order_was_placed_by_customer( | ||
CustomerInterface $orderCustomer, | ||
CustomerInterface $customer, | ||
OrderInterface $order | ||
): void { | ||
$orderCustomer->getId()->willReturn(1); | ||
$customer->getId()->willReturn(1); | ||
|
||
$order->getCustomer()->willReturn($orderCustomer); | ||
|
||
$this->wasOrderPlacedByCustomer($order, $customer)->shouldReturn(true); | ||
} | ||
|
||
function it_returns_false_when_order_was_not_placed_by_customer( | ||
CustomerInterface $orderCustomer, | ||
CustomerInterface $customer, | ||
OrderInterface $order | ||
): void { | ||
$orderCustomer->getId()->willReturn(1); | ||
$customer->getId()->willReturn(2); | ||
|
||
$order->getCustomer()->willReturn($orderCustomer); | ||
|
||
$this->wasOrderPlacedByCustomer($order, $customer)->shouldReturn(false); | ||
} | ||
|
||
function it_returns_false_when_order_has_no_customer_assigned( | ||
CustomerInterface $customer, | ||
OrderInterface $order | ||
): void { | ||
$order->getCustomer()->willReturn(null); | ||
|
||
$this->wasOrderPlacedByCustomer($order, $customer)->shouldReturn(false); | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,22 @@ | ||
<?php | ||
|
||
declare(strict_types=1); | ||
|
||
namespace Sylius\CustomerReorderPlugin\Checker; | ||
|
||
use Sylius\Component\Core\Model\CustomerInterface; | ||
use Sylius\Component\Core\Model\OrderInterface; | ||
|
||
final class OrderCustomerRelationChecker implements OrderCustomerRelationCheckerInterface | ||
{ | ||
public function wasOrderPlacedByCustomer(OrderInterface $order, CustomerInterface $customer): bool | ||
{ | ||
/** @var CustomerInterface|null $orderCustomer */ | ||
$orderCustomer = $order->getCustomer(); | ||
|
||
return | ||
null !== $orderCustomer && | ||
$orderCustomer->getId() === $customer->getId() | ||
; | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,13 @@ | ||
<?php | ||
|
||
declare(strict_types=1); | ||
|
||
namespace Sylius\CustomerReorderPlugin\Checker; | ||
|
||
use Sylius\Component\Core\Model\CustomerInterface; | ||
use Sylius\Component\Core\Model\OrderInterface; | ||
|
||
interface OrderCustomerRelationCheckerInterface | ||
{ | ||
public function wasOrderPlacedByCustomer(OrderInterface $order, CustomerInterface $customer): bool; | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.