Merge pull request #177 from websharp/bugfix/#167_password_reset_create

Fixes #167
bitExpert · Dec 16, 2019 · 8867ae6 · 8867ae6
2 parents 828f038 + f0e4719
commit 8867ae6
Show file tree

Hide file tree

Showing 6 changed files with 164 additions and 20 deletions.
diff --git a/Controller/LoginCheck.php b/Controller/LoginCheck.php
@@ -72,6 +72,10 @@ class LoginCheck implements LoginCheckInterface
      * @var ResponseHttp
      */
     private $response;
+    /**
+     * @var PasswordResetHelper
+     */
+    private $passwordResetHelper;
 
     /**
      * Creates a new {@link \BitExpert\ForceCustomerLogin\Controller\LoginCheck}.
@@ -85,6 +89,7 @@ class LoginCheck implements LoginCheckInterface
      * @param StrategyManager $strategyManager
      * @param ModuleCheck $moduleCheck
      * @param ResponseHttp $response
+     * @param PasswordResetHelper $passwordResetHelper
      */
     public function __construct(
         Context $context,
@@ -95,7 +100,8 @@ public function __construct(
         WhitelistRepositoryInterface $whitelistRepository,
         StrategyManager $strategyManager,
         ModuleCheck $moduleCheck,
-        ResponseHttp $response
+        ResponseHttp $response,
+        PasswordResetHelper $passwordResetHelper
     ) {
         $this->customerSession = $customerSession;
         $this->session = $session;
@@ -105,6 +111,7 @@ public function __construct(
         $this->strategyManager = $strategyManager;
         $this->moduleCheck = $moduleCheck;
         $this->response = $response;
+        $this->passwordResetHelper = $passwordResetHelper;
         $this->request = $context->getRequest();
         $this->url = $context->getUrl();
     }
@@ -136,19 +143,25 @@ public function execute()
         if (strpos($path, $targetUrl)!== false) {
             return false;
         }
+
+        // Explicit behaviour for password reset creation
+        if ($this->passwordResetHelper->processDirectCreatePasswordRequest($this->url, $this->request)) {
+            return false;
+        }
 
-        // Set Url To redrect ,using standard method of magento
-        $this->customerSession->setBeforeAuthUrl($url);     
+        // Set Url To redirect ,using standard method of magento
+        $this->customerSession->setBeforeAuthUrl($url);
 
         // check if current url is a match with one of the ignored urls
         /** @var \BitExpert\ForceCustomerLogin\Model\WhitelistEntry $rule */
         foreach ($this->whitelistRepository->getCollection()->getItems() as $rule) {
             $strategy = $rule->getStrategy();
-            if($strategy) {
-                $strategy = $this->strategyManager->get($strategy);
-                if ($strategy->isMatch($path, $rule)) {
-                    return false;
-                }
+            if(!$strategy) {
+                return false;
+            }
+            $strategy = $this->strategyManager->get($strategy);
+            if ($strategy->isMatch($path, $rule)) {
+                return false;
             }
         }
 

diff --git a/Controller/PasswordResetHelper.php b/Controller/PasswordResetHelper.php
@@ -0,0 +1,49 @@
+<?php
+
+/*
+ * This file is part of the Force Login module for Magento2.
+ *
+ * (c) bitExpert AG
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace BitExpert\ForceCustomerLogin\Controller;
+
+use Magento\Framework\App\RequestInterface;
+use Magento\Framework\UrlInterface;
+
+/**
+ * Class PasswordResetHelper
+ * @package BitExpert\ForceCustomerLogin\Controller
+ */
+class PasswordResetHelper
+{
+    const CREATE_PASSWORD_DIRECT_URL_SCHEME = '/customer/account/createpassword/\?.*token=';
+
+    /**
+     * @param UrlInterface $url
+     * @param RequestInterface $request
+     * @return bool
+     */
+    public function processDirectCreatePasswordRequest(UrlInterface $urlInstance, RequestInterface $request)
+    {
+        $url = $urlInstance->getCurrentUrl();
+
+        // Explicit behaviour for special urls
+        if (preg_match(
+                sprintf(
+                    '#^.*%s.*$#i',
+                    self::CREATE_PASSWORD_DIRECT_URL_SCHEME
+                ),
+                $url
+            ) === 1) {
+            $params = $request->getParams();
+            unset($params['token']);
+            $request->setParams($params);
+            return true;
+        }
+        return false;
+    }
+}
diff --git a/Setup/UpgradeData.php b/Setup/UpgradeData.php
@@ -84,6 +84,10 @@ public function upgrade(ModuleDataSetupInterface $setup, ModuleContextInterface
             $this->runUpgrade305($setup);
         }
 
+        if (version_compare($context->getVersion(), '4.0.0', '<')) {
+            $this->runUpgrade400($setup);
+        }
+
         $setup->endSetup();
     }
 
@@ -284,4 +288,23 @@ private function runUpgrade305(ModuleDataSetupInterface $setup)
             $whitelistEntries
         );
     }
+
+    /**
+     * @param ModuleDataSetupInterface $setup
+     */
+    private function runUpgrade400(ModuleDataSetupInterface $setup)
+    {
+        $whitelistEntries = [
+            $this->getWhitelistEntryAsArray(
+                0,
+                'Customer Create (Post)',
+                '/customer/account/createpost'
+            ),
+        ];
+
+        $setup->getConnection()->insertMultiple(
+            $setup->getTable('bitexpert_forcelogin_whitelist'),
+            $whitelistEntries
+        );
+    }
 }
diff --git a/Test/Unit/Controller/LoginCheckUnitTest.php b/Test/Unit/Controller/LoginCheckUnitTest.php
@@ -15,6 +15,7 @@
 use BitExpert\ForceCustomerLogin\Api\Repository\WhitelistRepositoryInterface;
 use BitExpert\ForceCustomerLogin\Controller\LoginCheck;
 use BitExpert\ForceCustomerLogin\Controller\ModuleCheck;
+use BitExpert\ForceCustomerLogin\Controller\PasswordResetHelper;
 use BitExpert\ForceCustomerLogin\Helper\Strategy\StrategyInterface;
 use BitExpert\ForceCustomerLogin\Helper\Strategy\StrategyManager;
 use BitExpert\ForceCustomerLogin\Model\ResourceModel\WhitelistEntry\Collection;
@@ -66,7 +67,8 @@ public function testConstructor()
             $this->getWhitelistRepository(),
             $this->getStrategyManager(),
             $this->getModuleCheck(),
-            $this->getResponseHttp()
+            $this->getResponseHttp(),
+            $this->getPasswordResetHelper()
         );
 
         // check if mandatory interfaces are implemented
@@ -205,7 +207,8 @@ public function skipMatchingWhenModuleIsDisabled()
             $this->getWhitelistRepository(),
             $this->getStrategyManager(),
             $moduleCheck,
-            $this->getResponseHttp()
+            $this->getResponseHttp(),
+            $this->getPasswordResetHelper()
         );
 
         $loginCheck->execute();
@@ -235,6 +238,16 @@ private function getRedirect()
         return $this->createMock(RedirectInterface::class);
     }
 
+    /**
+     * @return MockObject|PasswordResetHelper
+     */
+    private function getPasswordResetHelper()
+    {
+        return $this->getMockBuilder(PasswordResetHelper::class)
+            ->disableOriginalConstructor()
+            ->getMock();
+    }
+
     /**
      * Run test with existing customer session, so no redirecting is happening.
      *
@@ -264,7 +277,8 @@ public function skipMatchingWhenCustomerSessionIsActive()
             $this->getWhitelistRepository(),
             $this->getStrategyManager(),
             $moduleCheck,
-            $this->getResponseHttp()
+            $this->getResponseHttp(),
+            $this->getPasswordResetHelper()
         );
 
         $loginCheck->execute();
@@ -338,7 +352,8 @@ public function urlMatchesTargetUrlExactlyAndNoRedirectIsForced()
             $whitelistRepository,
             $strategyManager,
             $this->getModuleCheck(),
-            $responseHttp
+            $responseHttp,
+            $this->getPasswordResetHelper()
         );
 
         $loginCheck->execute();
@@ -376,10 +391,15 @@ public function ruleMatchingPositiveWithoutRedirect()
             ->method('getCurrentUrl')
             ->willReturn($urlString);
 
+        $request = $this->getRequest();
+
         $context = $this->getContext();
         $context->expects($this->once())
             ->method('getUrl')
             ->willReturn($url);
+        $context->expects($this->once())
+            ->method('getRequest')
+            ->willReturn($request);
 
         // --- Response
         $responseHttp = $this->getResponseHttp();
@@ -431,7 +451,8 @@ public function ruleMatchingPositiveWithoutRedirect()
             $whitelistRepository,
             $strategyManager,
             $this->getModuleCheck(),
-            $responseHttp
+            $responseHttp,
+            $this->getPasswordResetHelper()
         );
 
         $loginCheck->execute();
@@ -564,7 +585,8 @@ public function ruleMatchingFailsAndResultsInRedirect()
             $whitelistRepository,
             $strategyManager,
             $this->getModuleCheck(),
-            $responseHttp
+            $responseHttp,
+            $this->getPasswordResetHelper()
         );
 
         $loginCheck->execute();
@@ -703,7 +725,8 @@ public function ensureSetBeforeAuthUrlBeforeRedirect()
             $whitelistRepository,
             $strategyManager,
             $this->getModuleCheck(),
-            $responseHttp
+            $responseHttp,
+            $this->getPasswordResetHelper()
         );
 
         $loginCheck->execute();
@@ -836,7 +859,8 @@ public function ruleMatchingFailsAndResultsInSecureRedirect()
             $whitelistRepository,
             $strategyManager,
             $this->getModuleCheck(),
-            $responseHttp
+            $responseHttp,
+            $this->getPasswordResetHelper()
         );
 
         $loginCheck->execute();
@@ -972,7 +996,8 @@ public function requestIsAjaxAndRuleMatchingFails()
             $whitelistRepository,
             $strategyManager,
             $this->getModuleCheck(),
-            $responseHttp
+            $responseHttp,
+            $this->getPasswordResetHelper()
         );
 
         $loginCheck->execute();
@@ -1107,7 +1132,8 @@ public function ruleMatchingFailsAjaxCheckUsesHttpObject()
             $whitelistRepository,
             $strategyManager,
             $this->getModuleCheck(),
-            $responseHttp
+            $responseHttp,
+            $this->getPasswordResetHelper()
         );
 
         $loginCheck->execute();
@@ -1244,7 +1270,8 @@ public function redirectMatchesReferrerUrlWithQueryParameters()
             $whitelistRepository,
             $strategyManager,
             $this->getModuleCheck(),
-            $responseHttp
+            $responseHttp,
+            $this->getPasswordResetHelper()
         );
 
         $loginCheck->execute();

diff --git a/Test/Unit/Helper/Strategy/RegExAllMatcherUnitTest.php b/Test/Unit/Helper/Strategy/RegExAllMatcherUnitTest.php
@@ -136,4 +136,36 @@ public function matchHomepageRuleCorrectly()
         $this->assertFalse($matcher->isMatch('/foobar/baz', $rule));
         $this->assertFalse($matcher->isMatch('/foobar/baz/', $rule));
     }
+
+    /**
+     * @test
+     */
+    public function matchPartialPathCorrectly()
+    {
+        $matcher = new RegExAllMatcher('foobarPost');
+
+        /** @var $rule MockObject|WhitelistEntry */
+        $rule = $this->getMockBuilder(WhitelistEntry::class)
+            ->disableOriginalConstructor()
+            ->getMock();
+        $rule->expects($this->any())
+            ->method('getUrlRule')
+            ->willReturn('/foobarPost');
+
+        /**
+         * Rule: ^/?$
+         */
+        // simple
+        $this->assertFalse($matcher->isMatch('', $rule));
+        $this->assertFalse($matcher->isMatch('/', $rule));
+        // subpage
+        $this->assertFalse($matcher->isMatch('/foobar', $rule));
+        $this->assertFalse($matcher->isMatch('/foobar/', $rule));
+        $this->assertTrue($matcher->isMatch('/foobarPost', $rule));
+        $this->assertTrue($matcher->isMatch('/foobarPost/', $rule));
+        $this->assertTrue($matcher->isMatch('/foobarpost', $rule));
+        $this->assertTrue($matcher->isMatch('/foobarpost/', $rule));
+        $this->assertFalse($matcher->isMatch('/foobar/baz', $rule));
+        $this->assertFalse($matcher->isMatch('/foobar/baz/', $rule));
+    }
 }
diff --git a/etc/module.xml b/etc/module.xml
@@ -11,7 +11,7 @@
 -->
 <config xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:noNamespaceSchemaLocation="urn:magento:framework:Module/etc/module.xsd">
-    <module name="BitExpert_ForceCustomerLogin" setup_version="3.0.5">
+    <module name="BitExpert_ForceCustomerLogin" setup_version="4.0.0">
         <sequence>
             <module name="Magento_Customer"/>
         </sequence>