/** * @return void */ public function testBeforeInitiatePasswordReset() { $email = '*****@*****.**'; $template = \Magento\Customer\Model\AccountManagement::EMAIL_RESET; $this->securityManager->expects($this->once())->method('performSecurityCheck')->with(\Magento\Security\Model\PasswordResetRequestEvent::CUSTOMER_PASSWORD_RESET_REQUEST, $email)->willReturnSelf(); $this->model->beforeInitiatePasswordReset($this->accountManagement, $email, $template); }
/** * @return void */ public function testCleanExpiredRecords() { $timestamp = time(); $this->passwordResetRequestEventCollectionFactoryMock->expects($this->once())->method('create')->willReturn($this->passwordResetRequestEventCollectionMock); $this->securityConfigMock->expects($this->once())->method('getCurrentTimestamp')->willReturn($timestamp); $this->passwordResetRequestEventCollectionMock->expects($this->once())->method('deleteRecordsOlderThen')->with($timestamp - \Magento\Security\Model\SecurityManager::SECURITY_CONTROL_RECORDS_LIFE_TIME)->willReturnSelf(); $this->model->cleanExpiredRecords(); }
/** * Forgot administrator password action * * @return void * @SuppressWarnings(PHPMD.CyclomaticComplexity) */ public function execute() { $email = (string) $this->getRequest()->getParam('email'); $params = $this->getRequest()->getParams(); /** @var \Magento\Framework\Controller\Result\Redirect $resultRedirect */ $resultRedirect = $this->resultRedirectFactory->create(); if (!empty($email) && !empty($params)) { // Validate received data to be an email address if (\Zend_Validate::is($email, 'EmailAddress')) { try { $this->securityManager->performSecurityCheck(\Magento\Security\Model\PasswordResetRequestEvent::ADMIN_PASSWORD_RESET_REQUEST, $email); } catch (\Magento\Framework\Exception\SecurityViolationException $exception) { $this->messageManager->addErrorMessage($exception->getMessage()); return $resultRedirect->setPath('admin'); } $collection = $this->_objectManager->get('Magento\\User\\Model\\ResourceModel\\User\\Collection'); /** @var $collection \Magento\User\Model\ResourceModel\User\Collection */ $collection->addFieldToFilter('email', $email); $collection->load(false); try { if ($collection->getSize() > 0) { foreach ($collection as $item) { /** @var \Magento\User\Model\User $user */ $user = $this->_userFactory->create()->load($item->getId()); if ($user->getId()) { $newPassResetToken = $this->_objectManager->get('Magento\\User\\Helper\\Data')->generateResetPasswordLinkToken(); $user->changeResetPasswordLinkToken($newPassResetToken); $user->save(); $user->sendPasswordResetConfirmationEmail(); } break; } } } catch (\Exception $exception) { $this->messageManager->addExceptionMessage($exception, __('We\'re unable to send the password reset email.')); return $resultRedirect->setPath('admin'); } // @codingStandardsIgnoreStart $this->messageManager->addSuccess(__('We\'ll email you a link to reset your password.')); // @codingStandardsIgnoreEnd $this->getResponse()->setRedirect($this->_objectManager->get('Magento\\Backend\\Helper\\Data')->getHomePageUrl()); return; } else { $this->messageManager->addError(__('Please correct this email address:')); } } elseif (!empty($params)) { $this->messageManager->addError(__('Please enter an email address.')); } $this->_view->loadLayout(); $this->_view->renderLayout(); }
/** * Test for performSecurityCheck() method when time between password reset events is exceeded * * @magentoConfigFixture current_store customer/password/limit_password_reset_requests_method 1 * @magentoConfigFixture current_store customer/password/max_number_password_reset_requests 0 * @magentoConfigFixture current_store customer/password/min_time_between_password_reset_requests 1 * @magentoConfigFixture current_store contact/email/recipient_email hi@example.com * @expectedException \Magento\Framework\Exception\SecurityViolationException * @expectedExceptionMessage Too many password reset requests. Please wait and try again or contact hi@example.com. * @magentoDbIsolation enabled */ public function testPerformSecurityCheckLimitTime() { $attempts = 2; $requestType = \Magento\Security\Model\PasswordResetRequestEvent::CUSTOMER_PASSWORD_RESET_REQUEST; $longIp = 127001; $accountReference = '*****@*****.**'; $i = 0; try { for ($i = 0; $i < $attempts; $i++) { $this->securityManager->performSecurityCheck($requestType, $accountReference, $longIp); } } catch (\Magento\Framework\Exception\SecurityViolationException $e) { $this->assertEquals(1, $i); throw new \Magento\Framework\Exception\SecurityViolationException(__($e->getMessage())); } $this->fail('Something went wrong. Please check method execution logic.'); }
/** * @param AccountManagementOriginal $accountManagement * @param string $email * @param string $template * @param int|null $websiteId * @return array * @throws SecurityViolationException * * @SuppressWarnings(PHPMD.UnusedFormalParameter) */ public function beforeInitiatePasswordReset(AccountManagementOriginal $accountManagement, $email, $template, $websiteId = null) { $this->securityManager->performSecurityCheck(PasswordResetRequestEvent::CUSTOMER_PASSWORD_RESET_REQUEST, $email); return [$email, $template, $websiteId]; }