MC-37089: Create automated test for "[Security] Customer's Order Data are not available for Guests"

ysapiga · ysapiga · commit a7cd4a5ce4a3 · 2020-09-10T16:17:39.000+03:00
diff --git a/dev/tests/integration/testsuite/Magento/Sales/Controller/Guest/ViewTest.php b/dev/tests/integration/testsuite/Magento/Sales/Controller/Guest/ViewTest.php
@@ -7,22 +7,70 @@
 
 namespace Magento\Sales\Controller\Guest;
 
+use Magento\Framework\Stdlib\CookieManagerInterface;
+use Magento\Sales\Api\Data\OrderInterfaceFactory;
+use Magento\Sales\Api\OrderRepositoryInterface;
 use Magento\TestFramework\Request;
 use Magento\TestFramework\TestCase\AbstractController;
 
 /**
- * Test for \Magento\Sales\Controller\Guest\View class.
+ * Test for orders and returns controller.
+ *
+ * @see \Magento\Sales\Controller\Guest\View
  */
 class ViewTest extends AbstractController
 {
+    /** @var CookieManagerInterface */
+    private $cookieManager;
+
+    /** @var OrderInterfaceFactory */
+    private $orderFactory;
+
+    /** @var OrderRepositoryInterface */
+    private $orderRepository;
+
+    /**
+     * @inheritdoc
+     */
+    protected function setUp(): void
+    {
+        parent::setUp();
+
+        $this->cookieManager = $this->_objectManager->get(CookieManagerInterface::class);
+        $this->orderFactory = $this->_objectManager->get(OrderInterfaceFactory::class);
+        $this->orderRepository = $this->_objectManager->get(OrderRepositoryInterface::class);
+    }
+
     /**
      * Check that controller applied GET requests.
+     *
+     * @return void
      */
-    public function testExecuteWithGetRequest()
+    public function testExecuteWithGetRequest(): void
     {
         $this->getRequest()->setMethod(Request::METHOD_GET);
         $this->dispatch('sales/guest/view/');
 
         $this->assertRedirect($this->stringContains('sales/guest/form'));
     }
+
+    /**
+     * @magentoDataFixture Magento/Sales/_files/order.php
+     *
+     * @return void
+     */
+    public function testExecuteWithWrongCookie(): void
+    {
+        $order = $this->orderFactory->create()->loadByIncrementId('100000001');
+        $order->setProtectCode('0e6640');
+        $this->orderRepository->save($order);
+        $cookieValue = base64_encode('0' . ':' . $order->getIncrementId());
+        $this->cookieManager->setPublicCookie(\Magento\Sales\Helper\Guest::COOKIE_NAME, $cookieValue);
+        $this->getRequest()->setMethod(Request::METHOD_GET);
+        $this->dispatch('sales/guest/view/');
+        $this->assertRedirect($this->stringContains('sales/guest/form/'));
+        $this->assertSessionMessages(
+            $this->containsEqual((string)__('You entered incorrect data. Please try again.'))
+        );
+    }
 }
