public function testGetOldPassword() { $returnData = ['password1', 'password2']; $this->resourceMock->expects($this->atLeastOnce())->method('getConnection')->willReturn($this->dbAdapterMock); $this->dbAdapterMock->expects($this->atLeastOnce())->method('select')->willReturn($this->selectMock); $this->selectMock->expects($this->atLeastOnce())->method('from')->willReturn($this->selectMock); $this->selectMock->expects($this->atLeastOnce())->method('order')->willReturn($this->selectMock); $this->selectMock->expects($this->atLeastOnce())->method('where')->willReturn($this->selectMock); $this->dbAdapterMock->expects($this->atLeastOnce())->method('fetchCol')->willReturn($returnData); $this->assertEquals($returnData, $this->model->getOldPasswords($this->userMock)); }
/** * Harden admin password change. * * New password must be minimum 7 chars length and include alphanumeric characters * The password is compared to at least last 4 previous passwords to prevent setting them again * * @param EventObserver $observer * @return void * @throws \Magento\Framework\Exception\LocalizedException */ public function execute(EventObserver $observer) { /* @var $user \Magento\User\Model\User */ $user = $observer->getEvent()->getObject(); if ($user->getNewPassword()) { $password = $user->getNewPassword(); } else { $password = $user->getPassword(); } if ($password && !$user->getForceNewPassword() && $user->getId()) { if ($this->encryptor->isValidHash($password, $user->getOrigData('password'))) { throw new \Magento\Framework\Exception\LocalizedException(__('Sorry, but this password has already been used. Please create another.')); } // check whether password was used before $passwordHash = $this->encryptor->getHash($password, false); foreach ($this->userResource->getOldPasswords($user) as $oldPasswordHash) { if ($passwordHash === $oldPasswordHash) { throw new \Magento\Framework\Exception\LocalizedException(__('Sorry, but this password has already been used. Please create another.')); } } } }