From e8232460b532c762ae80f453c77078416177a0be Mon Sep 17 00:00:00 2001
From: Adam Kasperczak <adamkasperczak123@gmail.com>
Date: Wed, 28 Oct 2020 11:43:45 +0100
Subject: [PATCH] [Api][Address] Add missing behats scenario

---
 config/packages/security.yaml                 |  4 +--
 ...er_from_operations_on_address_book.feature | 27 ++++++++++++++++
 .../address_book/viewing_addresses.feature    |  5 ---
 .../Behat/Context/Api/Shop/AddressContext.php | 31 +++++++++++++++++--
 .../Context/Transform/AddressContext.php      |  2 +-
 5 files changed, 58 insertions(+), 11 deletions(-)
 create mode 100644 features/account/customer_account/address_book/preventing_not_logged_user_from_operations_on_address_book.feature

diff --git a/config/packages/security.yaml b/config/packages/security.yaml
index 0d2c3862fe89..a6be9253a5f8 100644
--- a/config/packages/security.yaml
+++ b/config/packages/security.yaml
@@ -147,6 +147,6 @@ security:
 
         - { path: "%sylius.security.new_api_admin_regex%/.*", role: ROLE_API_ACCESS }
         - { path: "%sylius.security.new_api_route%/admin/authentication-token", role: IS_AUTHENTICATED_ANONYMOUSLY }
-        - { path: "%sylius.security.new_api_shop_regex%/.*", role: IS_AUTHENTICATED_ANONYMOUSLY }
-        - { path: "%sylius.security.new_api_route%/shop/authentication-token", role: IS_AUTHENTICATED_ANONYMOUSLY }
         - { path: "%sylius.security.new_api_user_account_regex%/.*", role: ROLE_USER }
+        - { path: "%sylius.security.new_api_route%/shop/authentication-token", role: IS_AUTHENTICATED_ANONYMOUSLY }
+        - { path: "%sylius.security.new_api_shop_regex%/.*", role: IS_AUTHENTICATED_ANONYMOUSLY }
diff --git a/features/account/customer_account/address_book/preventing_not_logged_user_from_operations_on_address_book.feature b/features/account/customer_account/address_book/preventing_not_logged_user_from_operations_on_address_book.feature
new file mode 100644
index 000000000000..b689a9a06468
--- /dev/null
+++ b/features/account/customer_account/address_book/preventing_not_logged_user_from_operations_on_address_book.feature
@@ -0,0 +1,27 @@
+@address_book
+Feature: Preventing not logged user from operations on the address book
+    In order to protect address book from unauthorised operation
+    As a Visitor
+    I want to not be able to operate on address book
+
+    Background:
+        Given the store operates on a single channel in "United States"
+        And there is a customer "John Doe" identified by an email "doe@example.com" and a password "banana"
+        And this customer has an address "John Doe", "Banana Street", "90232", "New York", "United States", "Kansas" in their address book
+
+    @api
+    Scenario: Trying to add new address as a Visitor
+        When I want to add a new address to my address book
+        And I specify the address as "Lucifer Morningstar", "Seaside Fwy", "90802", "Los Angeles", "United States", "Arkansas"
+        And I try to add it
+        Then I should not be able to add it
+
+    @api
+    Scenario: Trying to view address as a Visitor
+        When I try to view details of address belongs to "John Doe"
+        Then I should not see any details of address
+
+    @api
+    Scenario: Trying to delete address as a Visitor
+        When I try to delete address belongs to "John Doe"
+        Then I should not be able to delete it
diff --git a/features/account/customer_account/address_book/viewing_addresses.feature b/features/account/customer_account/address_book/viewing_addresses.feature
index 015354ca11e0..a4171a7fc4df 100644
--- a/features/account/customer_account/address_book/viewing_addresses.feature
+++ b/features/account/customer_account/address_book/viewing_addresses.feature
@@ -22,8 +22,3 @@ Feature: Viewing my address book
         Then I should have a single address in my address book
         And this address should be assigned to "Lucifer Morningstar"
         And I should not see the address assigned to "John Doe"
-
-    @api
-    Scenario: Inability to view details of an address belonging to other customer
-        When I try to view details of address belonging to "John Doe"
-        Then I should not see any details of address
diff --git a/src/Sylius/Behat/Context/Api/Shop/AddressContext.php b/src/Sylius/Behat/Context/Api/Shop/AddressContext.php
index 7d1cc3833ae9..0918c08dde24 100644
--- a/src/Sylius/Behat/Context/Api/Shop/AddressContext.php
+++ b/src/Sylius/Behat/Context/Api/Shop/AddressContext.php
@@ -92,6 +92,7 @@ public function iSpecifyTheAddressAs(AddressInterface $address): void
 
     /**
      * @When I add it
+     * @When I try to add it
      */
     public function iAddIt(): void
     {
@@ -157,6 +158,14 @@ public function iDeleteTheAddress(string $fullName): void
         $this->addressClient->delete($id);
     }
 
+    /**
+     * @When /^I try to delete (address belongs to "([^"]+)")$/
+     */
+    public function iDeleteTheAddressBelongsTo(AddressInterface $address): void
+    {
+        $this->addressClient->delete($this->iriConverter->getIriFromItem($address));
+    }
+
     /**
      * @When I set the address of :fullName as default
      */
@@ -170,11 +179,11 @@ public function iSetTheAddressOfAsDefault(string $fullName): void
     }
 
     /**
-     * @When /^I try to view details of (address belonging to "([^"]+)")$/
+     * @When /^I try to view details of (address belongs to "([^"]+)")$/
      */
     public function iTryToViewDetailsOfAddressBelongingTo(AddressInterface $address): void
     {
-        $this->client->showByIri($this->iriConverter->getIriFromItem($address));
+        $this->addressClient->showByIri($this->iriConverter->getIriFromItem($address));
     }
 
     /**
@@ -325,7 +334,23 @@ public function iShouldBeNotifiedThatAddressHasBeenSetAsDefault(): void
      */
     public function iShouldNotSeeAnyDetailsOfAddress(): void
     {
-        Assert::same($this->responseChecker->getError($this->client->getLastResponse()), 'Not Found');
+        Assert::same($this->responseChecker->getError($this->addressClient->getLastResponse()), 'JWT Token not found');
+    }
+
+    /**
+     * @Then I should not be able to add it
+     */
+    public function iShouldNotBeAbleToDoIt(): void
+    {
+        Assert::false($this->responseChecker->isCreationSuccessful($this->addressClient->getLastResponse()));
+    }
+
+    /**
+     * @Then I should not be able to delete it
+     */
+    public function iShouldNotBeAbleToDeleteIt(): void
+    {
+        Assert::false($this->responseChecker->isDeletionSuccessful($this->addressClient->getLastResponse()));
     }
 
     private function addressBookHasAddress(array $addressBook, AddressInterface $addressToCompare): bool
diff --git a/src/Sylius/Behat/Context/Transform/AddressContext.php b/src/Sylius/Behat/Context/Transform/AddressContext.php
index 8b18d73b76e5..83d8911a079b 100644
--- a/src/Sylius/Behat/Context/Transform/AddressContext.php
+++ b/src/Sylius/Behat/Context/Transform/AddressContext.php
@@ -150,7 +150,7 @@ public function getByStreet($street)
 
     /**
      * @Transform /^address of "([^"]+)"$/
-     * @Transform /^address belonging to "([^"]+)"$/
+     * @Transform /^address belongs to "([^"]+)"$/
      */
     public function getByFullName(string $fullName): AddressInterface
     {