AC-1323: Rest Token Improvement.

admanesachin · admanesachin · commit 25a31a8010e6 · 2021-12-01T14:00:54.000-06:00
diff --git a/app/code/Magento/Customer/Controller/Account/CreatePassword.php b/app/code/Magento/Customer/Controller/Account/CreatePassword.php
@@ -102,6 +102,7 @@ public function execute()
 
         try {
             $this->accountManagement->validateResetPasswordLinkToken($customerId, $resetPasswordToken);
+            $this->confirmByToken->resetCustomerConfirmation($customerId);
 
             // Extend token validity to avoid expiration while this form is
             // being completed by the user.
diff --git a/app/code/Magento/Customer/Model/AccountManagement.php b/app/code/Magento/Customer/Model/AccountManagement.php
@@ -1467,7 +1467,7 @@ public function isResetPasswordLinkTokenExpired($rpToken, $rpTokenCreatedAt)
      * @throws LocalizedException
      * @throws NoSuchEntityException
      */
-    public function changeResetPasswordLinkToken($customer, $passwordLinkToken)
+    public function changeResetPasswordLinkToken(CustomerInterface $customer, string $passwordLinkToken): bool
     {
         if (!is_string($passwordLinkToken) || empty($passwordLinkToken)) {
             throw new InputException(
@@ -1476,8 +1476,7 @@ public function changeResetPasswordLinkToken($customer, $passwordLinkToken)
                     ['value' => $passwordLinkToken, 'fieldName' => 'password reset token']
                 )
             );
-        }
-        if (is_string($passwordLinkToken) && !empty($passwordLinkToken)) {
+        } else {
             $customerSecure = $this->customerRegistry->retrieveSecureData($customer->getId());
             $customerSecure->setRpToken($passwordLinkToken);
             $customerSecure->setRpTokenCreatedAt(
diff --git a/app/code/Magento/Customer/Model/ForgotPasswordToken/ConfirmCustomerByToken.php b/app/code/Magento/Customer/Model/ForgotPasswordToken/ConfirmCustomerByToken.php
@@ -65,4 +65,19 @@ private function resetConfirmation(CustomerInterface $customer): void
 
         $this->customerRepository->save($customer);
     }
+
+    /**
+     * Check if customer confirmation needs to be reset
+     *
+     * @param int $customerId
+     * @return void
+     */
+    public function resetCustomerConfirmation(int $customerId): void
+    {
+        $customer = $this->customerRepository->getById($customerId);
+
+        if ($customer) {
+            $this->resetConfirmation($customer);
+        }
+    }
 }
diff --git a/app/code/Magento/Customer/Model/ResourceModel/Customer.php b/app/code/Magento/Customer/Model/ResourceModel/Customer.php
@@ -73,6 +73,7 @@ class Customer extends \Magento\Eav\Model\Entity\VersionControl\AbstractEntity
      * @param array $data
      * @param AccountConfirmation $accountConfirmation
      * @param EncryptorInterface|null $encryptor
+     * @SuppressWarnings(PHPMD.ExcessiveParameterList)
      */
     public function __construct(
         \Magento\Eav\Model\Entity\Context $context,
diff --git a/app/code/Magento/User/Model/ResourceModel/User.php b/app/code/Magento/User/Model/ResourceModel/User.php
@@ -17,6 +17,7 @@
 use Magento\Framework\Model\AbstractModel;
 use Magento\User\Model\Backend\Config\ObserverConfig;
 use Magento\User\Model\User as ModelUser;
+use Magento\Framework\Encryption\EncryptorInterface;
 
 /**
  * ACL user resource
@@ -49,6 +50,11 @@ class User extends \Magento\Framework\Model\ResourceModel\Db\AbstractDb
      */
     private $observerConfig;
 
+    /**
+     * @var EncryptorInterface|null
+     */
+    private $encryptor;
+
     /**
      * Construct
      *
@@ -58,20 +64,23 @@ class User extends \Magento\Framework\Model\ResourceModel\Db\AbstractDb
      * @param string $connectionName
      * @param CacheInterface $aclDataCache
      * @param ObserverConfig|null $observerConfig
+     * @param EncryptorInterface|null $encryptor
      */
     public function __construct(
         \Magento\Framework\Model\ResourceModel\Db\Context $context,
         \Magento\Authorization\Model\RoleFactory $roleFactory,
         \Magento\Framework\Stdlib\DateTime $dateTime,
         $connectionName = null,
         CacheInterface $aclDataCache = null,
-        ObserverConfig $observerConfig = null
+        ObserverConfig $observerConfig = null,
+        EncryptorInterface $encryptor = null
     ) {
         parent::__construct($context, $connectionName);
         $this->_roleFactory = $roleFactory;
         $this->dateTime = $dateTime;
         $this->aclDataCache = $aclDataCache ?: ObjectManager::getInstance()->get(CacheInterface::class);
         $this->observerConfig = $observerConfig ?: ObjectManager::getInstance()->get(ObserverConfig::class);
+        $this->encryptor = $encryptor ?? ObjectManager::getInstance()->get(EncryptorInterface::class);
     }
 
     /**
@@ -180,6 +189,10 @@ protected function _beforeSave(AbstractModel $user)
         if ($user->hasRoleId()) {
             $user->setReloadAclFlag(1);
         }
+        if ($user->getData('rp_token')) {
+            $rpToken = $user->getData('rp_token');
+            $user->setRpToken($this->encryptor->encrypt($rpToken));
+        }
 
         return parent::_beforeSave($user);
     }
@@ -197,6 +210,10 @@ protected function _afterSave(AbstractModel $user)
             $this->_clearUserRoles($user);
             $this->_createUserRole($user->getRoleId(), $user);
         }
+        if ($user->getData('rp_token')) {
+            $rpToken = $user->getData('rp_token');
+            $user->setRpToken($this->encryptor->decrypt($rpToken));
+        }
         return $this;
     }
 
@@ -255,6 +272,10 @@ protected function _afterLoad(AbstractModel $user)
         if (is_string($user->getExtra())) {
             $user->setExtra($this->getSerializer()->unserialize($user->getExtra()));
         }
+        if ($user->getData('rp_token')) {
+            $rpToken = $user->getData('rp_token');
+            $user->setRpToken($this->encryptor->decrypt($rpToken));
+        }
         return parent::_afterLoad($user);
     }
 
diff --git a/dev/tests/integration/testsuite/Magento/Customer/Controller/AccountTest.php b/dev/tests/integration/testsuite/Magento/Customer/Controller/AccountTest.php
@@ -113,6 +113,7 @@ public function testCreatepasswordActionWithDirectLink()
         $customer->save();
 
         $this->getRequest()->setParam('token', $token);
+        $this->getRequest()->setParam('id', 1);
 
         $this->dispatch('customer/account/createPassword');
 
@@ -266,7 +267,7 @@ public function testActiveUserConfirmationAction()
     /**
      * @magentoDataFixture Magento/Customer/_files/customer.php
      */
-    public function testResetPasswordPostNoTokenAction()
+    public function testResetPasswordPostNoEmail()
     {
         $this->getRequest()
             ->setParam('id', 1)
@@ -282,7 +283,7 @@ public function testResetPasswordPostNoTokenAction()
         $this->dispatch('customer/account/resetPasswordPost');
         $this->assertRedirect($this->stringContains('customer/account/'));
         $this->assertSessionMessages(
-            $this->equalTo(['Something went wrong while saving the new password.']),
+            $this->equalTo(['&quot;email&quot; is required. Enter and try again.']),
             MessageInterface::TYPE_ERROR
         );
     }
@@ -622,7 +623,8 @@ public function testResetPasswordWhenEmailChanged(): void
         $customerRegistry = $this->_objectManager->get(CustomerRegistry::class);
         $customerData = $customerRegistry->retrieveByEmail($email);
         $token = $customerData->getRpToken();
-        $this->assertForgotPasswordEmailContent($token);
+        $customerId = $customerData->getId();
+        $this->assertForgotPasswordEmailContent($token, $customerId);
 
         /* Set new email */
         /** @var CustomerRepositoryInterface $customerRepository */
@@ -701,10 +703,11 @@ private function dispatchLoginPostAction(string $email, string $password): void
      * @param string $token
      * @return void
      */
-    private function assertForgotPasswordEmailContent(string $token): void
+    private function assertForgotPasswordEmailContent(string $token, int $customerId): void
     {
         $message = $this->transportBuilderMock->getSentMessage();
-        $pattern = "/<a.+customer\/account\/createPassword\/\?token={$token}.+Set\s+a\s+New\s+Password<\/a\>/";
+        //phpcs:ignore
+        $pattern = "/<a.+customer\/account\/createPassword\/\?id={$customerId}&amp;token={$token}.+Set\s+a\s+New\s+Password<\/a\>/";
         $rawMessage = $message->getBody()->getParts()[0]->getRawContent();
         $messageConstraint = $this->logicalAnd(
             new StringContains('There was recently a request to change the password for your account.'),
diff --git a/dev/tests/integration/testsuite/Magento/Customer/Model/AccountManagementTest.php b/dev/tests/integration/testsuite/Magento/Customer/Model/AccountManagementTest.php
@@ -192,8 +192,14 @@ public function testChangePassword()
         $this->startNewSession($activeSessionId);
         $this->assertNotNull($this->getCustomerCutoff($customerId), 'Customer cutoff session should be set.');
         // Make sure current visitor session is updated.
-        $this->assertLessThanOrEqual($this->getCustomerCutoff($customerId), $this->getVisitorCreatedAt($activeVisitor->getId()));
-        $this->assertGreaterThan($this->getCustomerCutoff($customerId), $this->getVisitorCreatedAt($currentVisitor->getId()));
+        $this->assertLessThanOrEqual(
+            $this->getCustomerCutoff($customerId),
+            $this->getVisitorCreatedAt($activeVisitor->getId())
+        );
+        $this->assertGreaterThan(
+            $this->getCustomerCutoff($customerId),
+            $this->getVisitorCreatedAt($currentVisitor->getId())
+        );
 
         $this->accountManagement->authenticate('customer@example.com', 'new_Password123');
     }
@@ -441,8 +447,14 @@ public function testResetPassword()
         $this->startNewSession($activeSessionId);
         $this->assertNotNull($this->getCustomerCutoff($customerId), 'Customer cutoff session should be set.');
         // Make sure current visitor session is updated.
-        $this->assertLessThanOrEqual($this->getCustomerCutoff($customerId), $this->getVisitorCreatedAt($activeVisitor->getId()));
-        $this->assertGreaterThan($this->getCustomerCutoff($customerId), $this->getVisitorCreatedAt($currentVisitor->getId()));
+        $this->assertLessThanOrEqual(
+            $this->getCustomerCutoff($customerId),
+            $this->getVisitorCreatedAt($activeVisitor->getId())
+        );
+        $this->assertGreaterThan(
+            $this->getCustomerCutoff($customerId),
+            $this->getVisitorCreatedAt($currentVisitor->getId())
+        );
     }
 
     /**
diff --git a/dev/tests/integration/testsuite/Magento/Customer/Model/ForgotPasswordToken/ConfirmCustomerByTokenTest.php b/dev/tests/integration/testsuite/Magento/Customer/Model/ForgotPasswordToken/ConfirmCustomerByTokenTest.php
@@ -71,7 +71,7 @@ public function testExecuteWithInvalidAddress(): void
         //make city address invalid
         $this->makeCityInvalid($id);
 
-        $this->confirmCustomerByToken->execute(self::STUB_CUSTOMER_RESET_TOKEN);
+        $this->confirmCustomerByToken->resetCustomerConfirmation($id);
         $this->assertNull($customerModel->load($id)->getConfirmation());
     }
 

Original file line number	Diff line number	Diff line change
`@@ -71,7 +71,7 @@ public function testExecuteWithInvalidAddress(): void`
`71`	`71`	`//make city address invalid`
`72`	`72`	`$this->makeCityInvalid($id);`
`73`	`73`
`74`		`- $this->confirmCustomerByToken->execute(self::STUB_CUSTOMER_RESET_TOKEN);`
	`74`	`+ $this->confirmCustomerByToken->resetCustomerConfirmation($id);`
`75`	`75`	`$this->assertNull($customerModel->load($id)->getConfirmation());`
`76`	`76`	`}`
`77`	`77`