OXDEV-7202 Add restriction for updatable fields user register

Author: Daniil Tkachev

CHANGELOG-7.0.md

@@ -4,6 +4,7 @@
 
 ### Fixed
 - Fix skipped backend startup checks [PR-927](https://github.com/OXID-eSales/oxideshop_ce/pull/927)
+- Private Sales user registration 
 
 ## v7.0.2 - 2023-11-28
 

source/Application/Component/UserComponent.php

@@ -15,8 +15,8 @@
 use OxidEsales\Eshop\Core\Form\UpdatableFieldsConstructor;
 use Exception;
 use OxidEsales\Eshop\Core\Contract\AbstractUpdatableFields;
-use OxidEsales\Eshop\Application\Model\User\UserUpdatableFields;
-use OxidEsales\Eshop\Application\Model\User\UserShippingAddressUpdatableFields;
+use OxidEsales\Eshop\Application\Model\Address\ShippingAddressUpdatableFields;
+use OxidEsales\Eshop\Application\Model\User\UserInvoiceAddressUpdatableFields;
 use OxidEsales\EshopCommunity\Application\Model\User;
 
 // defining login/logout states
@@ -433,12 +433,11 @@ public function createUser()
         $sPassword2 = Registry::getRequest()->getRequestParameter('lgn_pwd2');
 
         $aInvAdress = Registry::getRequest()->getRequestParameter('invadr');
-
-        $aInvAdress = $this->cleanAddress($aInvAdress, oxNew(UserUpdatableFields::class));
+        $aInvAdress = $this->cleanAddress($aInvAdress, oxNew(UserInvoiceAddressUpdatableFields::class));
         $aInvAdress = $this->trimAddress($aInvAdress);
 
         $aDelAdress = $this->getDelAddressData();
-        $aDelAdress = $this->cleanAddress($aDelAdress, oxNew(UserShippingAddressUpdatableFields::class));
+        $aDelAdress = $this->cleanAddress($aDelAdress, oxNew(ShippingAddressUpdatableFields::class));
         $aDelAdress = $this->trimAddress($aDelAdress);
 
         try {
@@ -462,6 +461,7 @@ public function createUser()
                 $oUser->createUser();
                 $oUser = $this->configureUserBeforeCreation($oUser);
                 $oUser->load($oUser->getId());
+
                 $oUser->changeUserData(
                     $oUser->oxuser__oxusername->value,
                     $sPassword,
@@ -671,12 +671,12 @@ protected function changeUserWithoutRedirect()
 
         // collecting values to check
         $aDelAdress = $this->getDelAddressData();
-        $aDelAdress = $this->cleanAddress($aDelAdress, oxNew(UserShippingAddressUpdatableFields::class));
+        $aDelAdress = $this->cleanAddress($aDelAdress, oxNew(ShippingAddressUpdatableFields::class));
         $aDelAdress = $this->trimAddress($aDelAdress);
 
         // if user company name, user name and additional info has special chars
         $aInvAdress = Registry::getRequest()->getRequestParameter('invadr');
-        $aInvAdress = $this->cleanAddress($aInvAdress, oxNew(UserUpdatableFields::class));
+        $aInvAdress = $this->cleanAddress($aInvAdress, oxNew(UserInvoiceAddressUpdatableFields::class));
         $aInvAdress = $this->trimAddress($aInvAdress);
 
         $sUserName = $oUser->oxuser__oxusername->value;

source/Application/Model/User/UserShippingAddressUpdatableFields.php source/Application/Model/Address/ShippingAddressUpdatableFields.php

@@ -5,30 +5,18 @@
  * See LICENSE file for license details.
  */
 
-namespace OxidEsales\EshopCommunity\Application\Model\User;
+namespace OxidEsales\EshopCommunity\Application\Model\Address;
 
 use OxidEsales\Eshop\Application\Model\Address;
 use OxidEsales\Eshop\Core\Contract\AbstractUpdatableFields;
 
-/**
- * @inheritdoc
- */
-class UserShippingAddressUpdatableFields extends AbstractUpdatableFields
+class ShippingAddressUpdatableFields extends AbstractUpdatableFields
 {
-    /**
-     * UserShippingAddressUpdatableFields constructor.
-     */
     public function __construct()
     {
-        $address = oxNew(Address::class);
-        $this->tableName = $address->getCoreTableName();
+        $user = oxNew(Address::class);
+        $this->tableName = $user->getCoreTableName();
     }
-
-    /**
-     * Return list of fields which could be updated by shop customer.
-     *
-     * @return array
-     */
     public function getUpdatableFields()
     {
         return [

source/Application/Model/User/UserInvoiceAddressUpdatableFields.php

@@ -0,0 +1,45 @@
+<?php
+
+/**
+ * Copyright © OXID eSales AG. All rights reserved.
+ * See LICENSE file for license details.
+ */
+
+namespace OxidEsales\EshopCommunity\Application\Model\User;
+
+/**
+ * @inheritdoc
+ */
+class UserInvoiceAddressUpdatableFields extends UserUpdatableFields
+{
+    public function getUpdatableFields()
+    {
+        return [
+            'OXUSERNAME',
+            'OXCUSTNR',
+            'OXUSTID',
+            'OXCOMPANY',
+            'OXFNAME',
+            'OXLNAME',
+            'OXSTREET',
+            'OXSTREETNR',
+            'OXADDINFO',
+            'OXCITY',
+            'OXCOUNTRYID',
+            'OXSTATEID',
+            'OXZIP',
+            'OXFON',
+            'OXFAX',
+            'OXSAL',
+            'OXCREATE',
+            'OXREGISTER',
+            'OXPRIVFON',
+            'OXMOBFON',
+            'OXBIRTHDATE',
+            'OXURL',
+            'OXUPDATEKEY',
+            'OXUPDATEEXP',
+            'OXTIMESTAMP'
+        ];
+    }
+}

source/Core/Autoload/UnifiedNameSpaceClassMap.php

@@ -2079,6 +2079,12 @@
         'isInterface'      => false,
         'isDeprecated'     => false
     ],
+    'OxidEsales\Eshop\Application\Model\User\UserInvoiceAddressUpdatableFields' => [
+        'editionClassName' => \OxidEsales\EshopCommunity\Application\Model\User\UserInvoiceAddressUpdatableFields::class,
+        'isAbstract'       => false,
+        'isInterface'      => false,
+        'isDeprecated'     => false
+    ],
     'OxidEsales\Eshop\Application\Model\User\UserUpdatableFields'                => [
         'editionClassName' => \OxidEsales\EshopCommunity\Application\Model\User\UserUpdatableFields::class,
         'isAbstract'       => false,

tests/Integration/Application/Component/UserComponentTest.php

@@ -0,0 +1,124 @@
+<?php
+
+/**
+ * Copyright © OXID eSales AG. All rights reserved.
+ * See LICENSE file for license details.
+ */
+
+declare(strict_types=1);
+
+namespace OxidEsales\EshopCommunity\Tests\Integration\Application\Component;
+
+use OxidEsales\Eshop\Application\Component\UserComponent;
+use OxidEsales\Eshop\Application\Controller\FrontendController;
+use OxidEsales\Eshop\Core\Registry;
+use OxidEsales\Eshop\Core\Session;
+use OxidEsales\EshopCommunity\Internal\Framework\Database\QueryBuilderFactoryInterface;
+use OxidEsales\EshopCommunity\Tests\Integration\IntegrationTestCase;
+
+final class UserComponentTest extends IntegrationTestCase
+{
+    public function testCreateUserFields(): void
+    {
+        Registry::getConfig()->setConfigParam('blPsLoginEnabled', true);
+
+        $userComponentMock = $this->getUserComponent();
+        $userComponentMock->createUser();
+        $user = $this->fetchUserData();
+
+        $this->assertEquals('fname', $user['OXFNAME']);
+        $this->assertEquals('lname', $user['OXLNAME']);
+        $this->assertEquals('street', $user['OXSTREET']);
+        $this->assertEquals('zip', $user['OXZIP']);
+        $this->assertEquals('nr', $user['OXSTREETNR']);
+        $this->assertEquals('city', $user['OXCITY']);
+        $this->assertEquals('a7c40f631fc920687.20179984', $user['OXCOUNTRYID']);
+    }
+
+    public function testCreateUserResponse(): void
+    {
+        Registry::getConfig()->setConfigParam('blPsLoginEnabled', true);
+        $userComponentMock = $this->getUserComponent();
+        $createUserReturn = $userComponentMock->createUser();
+
+        $this->assertEquals('payment?new_user=1&success=1', $createUserReturn);
+    }
+
+    public function testCreateUserPrivateSales(): void
+    {
+        Registry::getConfig()->setConfigParam('blPsLoginEnabled', true);
+
+        $userComponentMock = $this->getUserComponent();
+        $userComponentMock->createUser();
+        $user = $this->fetchUserData();
+
+        $this->assertEquals(0, $user['OXACTIVE']);
+    }
+
+    public function testCreateUser(): void
+    {
+        Registry::getConfig()->setConfigParam('blPsLoginEnabled', false);
+
+        $userComponentMock = $this->getUserComponent();
+        $userComponentMock->createUser();
+        $user = $this->fetchUserData();
+
+        $this->assertEquals(1, $user['OXACTIVE']);
+    }
+
+    private function getUserComponent(): UserComponent
+    {
+        $rawVal = [
+            'oxuser__oxfname' => 'fname',
+            'oxuser__oxlname' => 'lname',
+            'oxuser__oxstreetnr' => 'nr',
+            'oxuser__oxstreet' => 'street',
+            'oxuser__oxzip' => 'zip',
+            'oxuser__oxcity' => 'city',
+            'oxuser__oxcountryid' => 'a7c40f631fc920687.20179984',
+            'oxuser__oxactive' => 1
+        ];
+
+        $_POST = array_merge($_POST,
+            [
+                'lgn_usr' => 'test@oxid-esales.com',
+                'lgn_pwd' => 'Test@oxid-esales.com',
+                'lgn_pwd2' => 'Test@oxid-esales.com',
+                'invadr' => $rawVal
+            ]
+        );
+
+        $fronendController = oxNew(FrontendController::class);
+        $userComponent = oxNew(UserComponent::class);
+        $userComponent->setParent($fronendController);
+        $this->setSessionChallenge();
+
+        return $userComponent;
+    }
+
+    private function fetchUserData(): array
+    {
+        $queryBuilder = $this->get(QueryBuilderFactoryInterface::class)->create();
+
+        return $queryBuilder
+            ->select('*')
+            ->from('oxuser')
+            ->where('oxusername = :oxusername')
+            ->setParameters([
+                'oxusername' => 'test@oxid-esales.com',
+            ])
+        ->execute()
+        ->fetch();
+    }
+
+    private function setSessionChallenge(): void
+    {
+        Registry::set(
+            Session::class,
+            $this->createConfiguredMock(
+                Session::class,
+                ['checkSessionChallenge' => true]
+            )
+        );
+    }
+}