Skip to content
This repository was archived by the owner on Dec 19, 2019. It is now read-only.

Fix for getting shipping/billing address data of any other customer #376

Merged
merged 8 commits into from
Feb 18, 2019
Merged

Fix for getting shipping/billing address data of any other customer #376

merged 8 commits into from
Feb 18, 2019

Conversation

rogyar
Copy link
Contributor

@rogyar rogyar commented Feb 15, 2019

Description (*)

This PR provides a fix for an issue when a customer is able to use address ID of another customer for setting billing/shipping address.

Fixed Issues (if relevant)

  1. Customer can get shipping/billing address data of any other customer #375: Customer can get shipping/billing address data of any other customer

Manual testing scenarios (*)

Please, check preconditions described in the issue.
For checking a shipping address use the following query:

mutation {
  setShippingAddressesOnCart(
    input: {
      cart_id: "$maskedQuoteId"
      shipping_addresses: [
        {
          customer_address_id: 1 <!-- Address id of first customer
        }
      ]
    }
  ) {
    cart {
      shipping_addresses {
        firstname
        lastname
        company
        street
        city
        postcode
        telephone
      }
    }
  }
}

For checking billing address use the following query:

mutation {
  setBillingAddressOnCart(
    input: {
      cart_id: "$maskedQuoteId"
      billing_address: 
        {
          customer_address_id: 1  <!-- Address id of first customer
        }
    }
  ) {
    cart {
      billing_address {
        firstname
        lastname
        company
        street
        city
        postcode
        telephone
      }
    }
  }
}

@naydav naydav force-pushed the 375-unauthorized-quote-address-fix branch from 2a6a6c6 to fa5613b Compare February 15, 2019 23:03
@naydav naydav closed this Feb 16, 2019
@ghost
Copy link

ghost commented Feb 16, 2019

Hi @rogyar, thank you for your contribution!
Please, complete Contribution Survey, it will take less than a minute.
Your feedback will help us to improve contribution process.

@naydav naydav reopened this Feb 16, 2019
@magento-engcom-team magento-engcom-team merged commit dde488f into 2.3-develop Feb 18, 2019
@ghost
Copy link

ghost commented Feb 18, 2019

Hi @rogyar, thank you for your contribution!
Please, complete Contribution Survey, it will take less than a minute.
Your feedback will help us to improve contribution process.

magento-engcom-team pushed a commit that referenced this pull request Feb 18, 2019
@naydav
ENGCOM-4295: Fix for getting shipping/billing address data of any oth…
76e1e1a 
…er customer #376
@naydav naydav deleted the 375-unauthorized-quote-address-fix branch April 12, 2019 19:35
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees

@naydav naydav

Labels
Award: bug fix Award: test coverage Partner: Atwix partners-contribution Release Line: 2.3
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@rogyar @naydav @magento-engcom-team