/**
* @return void
*/
public function testBeforeInitiatePasswordReset()
{
$email = '*****@*****.**';
$template = \Magento\Customer\Model\AccountManagement::EMAIL_RESET;
$this->securityManager->expects($this->once())->method('performSecurityCheck')->with(\Magento\Security\Model\PasswordResetRequestEvent::CUSTOMER_PASSWORD_RESET_REQUEST, $email)->willReturnSelf();
$this->model->beforeInitiatePasswordReset($this->accountManagement, $email, $template);
}
/**
* @return void
*/
public function testCleanExpiredRecords()
{
$timestamp = time();
$this->passwordResetRequestEventCollectionFactoryMock->expects($this->once())->method('create')->willReturn($this->passwordResetRequestEventCollectionMock);
$this->securityConfigMock->expects($this->once())->method('getCurrentTimestamp')->willReturn($timestamp);
$this->passwordResetRequestEventCollectionMock->expects($this->once())->method('deleteRecordsOlderThen')->with($timestamp - \Magento\Security\Model\SecurityManager::SECURITY_CONTROL_RECORDS_LIFE_TIME)->willReturnSelf();
$this->model->cleanExpiredRecords();
}
/**
* Forgot administrator password action
*
* @return void
* @SuppressWarnings(PHPMD.CyclomaticComplexity)
*/
public function execute()
{
$email = (string) $this->getRequest()->getParam('email');
$params = $this->getRequest()->getParams();
/** @var \Magento\Framework\Controller\Result\Redirect $resultRedirect */
$resultRedirect = $this->resultRedirectFactory->create();
if (!empty($email) && !empty($params)) {
// Validate received data to be an email address
if (\Zend_Validate::is($email, 'EmailAddress')) {
try {
$this->securityManager->performSecurityCheck(\Magento\Security\Model\PasswordResetRequestEvent::ADMIN_PASSWORD_RESET_REQUEST, $email);
} catch (\Magento\Framework\Exception\SecurityViolationException $exception) {
$this->messageManager->addErrorMessage($exception->getMessage());
return $resultRedirect->setPath('admin');
}
$collection = $this->_objectManager->get('Magento\\User\\Model\\ResourceModel\\User\\Collection');
/** @var $collection \Magento\User\Model\ResourceModel\User\Collection */
$collection->addFieldToFilter('email', $email);
$collection->load(false);
try {
if ($collection->getSize() > 0) {
foreach ($collection as $item) {
/** @var \Magento\User\Model\User $user */
$user = $this->_userFactory->create()->load($item->getId());
if ($user->getId()) {
$newPassResetToken = $this->_objectManager->get('Magento\\User\\Helper\\Data')->generateResetPasswordLinkToken();
$user->changeResetPasswordLinkToken($newPassResetToken);
$user->save();
$user->sendPasswordResetConfirmationEmail();
}
break;
}
}
} catch (\Exception $exception) {
$this->messageManager->addExceptionMessage($exception, __('We\'re unable to send the password reset email.'));
return $resultRedirect->setPath('admin');
}
// @codingStandardsIgnoreStart
$this->messageManager->addSuccess(__('We\'ll email you a link to reset your password.'));
// @codingStandardsIgnoreEnd
$this->getResponse()->setRedirect($this->_objectManager->get('Magento\\Backend\\Helper\\Data')->getHomePageUrl());
return;
} else {
$this->messageManager->addError(__('Please correct this email address:'));
}
} elseif (!empty($params)) {
$this->messageManager->addError(__('Please enter an email address.'));
}
$this->_view->loadLayout();
$this->_view->renderLayout();
}
/**
* Test for performSecurityCheck() method when time between password reset events is exceeded
*
* @magentoConfigFixture current_store customer/password/limit_password_reset_requests_method 1
* @magentoConfigFixture current_store customer/password/max_number_password_reset_requests 0
* @magentoConfigFixture current_store customer/password/min_time_between_password_reset_requests 1
* @magentoConfigFixture current_store contact/email/recipient_email hi@example.com
* @expectedException \Magento\Framework\Exception\SecurityViolationException
* @expectedExceptionMessage Too many password reset requests. Please wait and try again or contact hi@example.com.
* @magentoDbIsolation enabled
*/
public function testPerformSecurityCheckLimitTime()
{
$attempts = 2;
$requestType = \Magento\Security\Model\PasswordResetRequestEvent::CUSTOMER_PASSWORD_RESET_REQUEST;
$longIp = 127001;
$accountReference = '*****@*****.**';
$i = 0;
try {
for ($i = 0; $i < $attempts; $i++) {
$this->securityManager->performSecurityCheck($requestType, $accountReference, $longIp);
}
} catch (\Magento\Framework\Exception\SecurityViolationException $e) {
$this->assertEquals(1, $i);
throw new \Magento\Framework\Exception\SecurityViolationException(__($e->getMessage()));
}
$this->fail('Something went wrong. Please check method execution logic.');
}
/**
* @param AccountManagementOriginal $accountManagement
* @param string $email
* @param string $template
* @param int|null $websiteId
* @return array
* @throws SecurityViolationException
*
* @SuppressWarnings(PHPMD.UnusedFormalParameter)
*/
public function beforeInitiatePasswordReset(AccountManagementOriginal $accountManagement, $email, $template, $websiteId = null)
{
$this->securityManager->performSecurityCheck(PasswordResetRequestEvent::CUSTOMER_PASSWORD_RESET_REQUEST, $email);
return [$email, $template, $websiteId];
}
