From f91224efb2b1e38541569348c7f20bfbef9e5ce9 Mon Sep 17 00:00:00 2001
From: Volodymyr Vygovskyi <v.vygovskyi@atwix.com>
Date: Thu, 16 May 2019 16:44:14 +0300
Subject: [PATCH] #486 added customer account validation in Quote operations

---
 .../GraphQl/Quote/Customer/GetCartTest.php    | 37 +++++++++++++++++++
 1 file changed, 37 insertions(+)

diff --git a/dev/tests/api-functional/testsuite/Magento/GraphQl/Quote/Customer/GetCartTest.php b/dev/tests/api-functional/testsuite/Magento/GraphQl/Quote/Customer/GetCartTest.php
index 77c69ee3e2b83..314e930515b3a 100644
--- a/dev/tests/api-functional/testsuite/Magento/GraphQl/Quote/Customer/GetCartTest.php
+++ b/dev/tests/api-functional/testsuite/Magento/GraphQl/Quote/Customer/GetCartTest.php
@@ -8,6 +8,8 @@
 namespace Magento\GraphQl\Quote\Customer;
 
 use Exception;
+use Magento\Customer\Model\CustomerAuthUpdate;
+use Magento\Customer\Model\CustomerRegistry;
 use Magento\GraphQl\Quote\GetMaskedQuoteIdByReservedOrderId;
 use Magento\Integration\Api\CustomerTokenServiceInterface;
 use Magento\TestFramework\Helper\Bootstrap;
@@ -28,11 +30,23 @@ class GetCartTest extends GraphQlAbstract
      */
     private $customerTokenService;
 
+    /**
+     * @var CustomerAuthUpdate
+     */
+    private $customerAuthUpdate;
+
+    /**
+     * @var CustomerRegistry
+     */
+    private $customerRegistry;
+
     protected function setUp()
     {
         $objectManager = Bootstrap::getObjectManager();
         $this->getMaskedQuoteIdByReservedOrderId = $objectManager->get(GetMaskedQuoteIdByReservedOrderId::class);
         $this->customerTokenService = $objectManager->get(CustomerTokenServiceInterface::class);
+        $this->customerRegistry = Bootstrap::getObjectManager()->get(CustomerRegistry::class);
+        $this->customerAuthUpdate = Bootstrap::getObjectManager()->get(CustomerAuthUpdate::class);
     }
 
     /**
@@ -208,6 +222,29 @@ public function testGetCartWithNotExistingStore()
         $this->graphQlQuery($query, [], '', $headerMap);
     }
 
+    /**
+     * _security
+     * @magentoApiDataFixture Magento/Customer/_files/customer.php
+     * @magentoApiDataFixture Magento/GraphQl/Catalog/_files/simple_product.php
+     * @magentoApiDataFixture Magento/GraphQl/Quote/_files/customer/create_empty_cart.php
+     * @magentoApiDataFixture Magento/GraphQl/Quote/_files/add_simple_product.php
+     */
+    public function testGetCartForLockedCustomer()
+    {
+        /* lock customer */
+        $customerSecure = $this->customerRegistry->retrieveSecureData(1);
+        $customerSecure->setLockExpires('2030-12-31 00:00:00');
+        $this->customerAuthUpdate->saveAuth(1);
+
+        $maskedQuoteId = $this->getMaskedQuoteIdByReservedOrderId->execute('test_quote');
+        $query = $this->getQuery($maskedQuoteId);
+
+        $this->expectExceptionMessage(
+            "The account is locked"
+        );
+        $this->graphQlQuery($query, [], '', $this->getHeaderMap());
+    }
+
     /**
      * @param string $maskedQuoteId
      * @return string