Merge remote-tracking branch 'tango/MAGETWO-93628' into tango-PR-04

dhorytskyi · dhorytskyi · commit 202bf5a55881 · 2019-04-16T09:47:24.000-05:00
diff --git a/app/code/Magento/Customer/Model/AccountManagement.php b/app/code/Magento/Customer/Model/AccountManagement.php
@@ -624,7 +624,6 @@ public function initiatePasswordReset($email, $template, $websiteId = null)
      * @param string $rpToken
      * @throws ExpiredException
      * @throws NoSuchEntityException
-     *
      * @return CustomerInterface
      * @throws LocalizedException
      */
@@ -703,7 +702,12 @@ public function resetPassword($email, $resetToken, $newPassword)
         $customerSecure->setRpTokenCreatedAt(null);
         $customerSecure->setPasswordHash($this->createPasswordHash($newPassword));
         $this->destroyCustomerSessions($customer->getId());
-        $this->sessionManager->destroy();
+        if ($this->sessionManager->isSessionExists()) {
+            //delete old session and move data to the new session
+            //use this instead of $this->sessionManager->regenerateId because last one doesn't delete old session
+            // phpcs:ignore Magento2.Functions.DiscouragedFunction
+            session_regenerate_id(true);
+        }
         $this->customerRepository->save($customer);
 
         return true;
@@ -1564,6 +1568,7 @@ private function getEmailNotification()
 
     /**
      * Destroy all active customer sessions by customer id (current session will not be destroyed).
+     *
      * Customer sessions which should be deleted are collecting from the "customer_visitor" table considering
      * configured session lifetime.
      *
diff --git a/app/code/Magento/Customer/Test/Unit/Model/AccountManagementTest.php b/app/code/Magento/Customer/Test/Unit/Model/AccountManagementTest.php
@@ -1238,8 +1238,7 @@ public function testInitiatePasswordResetEmailReminder()
 
         $storeId = 1;
 
-        mt_srand(mt_rand() + (100000000 * (float)microtime()) % PHP_INT_MAX);
-        $hash = md5(uniqid(microtime() . mt_rand(0, mt_getrandmax()), true));
+        $hash = hash('sha256', microtime() . random_int(PHP_INT_MIN, PHP_INT_MAX));
 
         $this->emailNotificationMock->expects($this->once())
             ->method('passwordReminder')
@@ -1263,8 +1262,7 @@ public function testInitiatePasswordResetEmailReset()
         $templateIdentifier = 'Template Identifier';
         $sender = 'Sender';
 
-        mt_srand(mt_rand() + (100000000 * (float)microtime()) % PHP_INT_MAX);
-        $hash = md5(uniqid(microtime() . mt_rand(0, mt_getrandmax()), true));
+        $hash = hash('sha256', microtime() . random_int(PHP_INT_MIN, PHP_INT_MAX));
 
         $this->emailNotificationMock->expects($this->once())
             ->method('passwordResetConfirmation')
@@ -1288,8 +1286,7 @@ public function testInitiatePasswordResetNoTemplate()
         $templateIdentifier = 'Template Identifier';
         $sender = 'Sender';
 
-        mt_srand(mt_rand() + (100000000 * (float)microtime()) % PHP_INT_MAX);
-        $hash = md5(uniqid(microtime() . mt_rand(0, mt_getrandmax()), true));
+        $hash = hash('sha256', microtime() . random_int(PHP_INT_MIN, PHP_INT_MAX));
 
         $this->prepareInitiatePasswordReset($email, $templateIdentifier, $sender, $storeId, $customerId, $hash);
 
@@ -1610,7 +1607,7 @@ function ($string) {
         $this->customerSecure->expects($this->once())->method('setRpTokenCreatedAt')->with(null);
         $this->customerSecure->expects($this->any())->method('setPasswordHash')->willReturn(null);
 
-        $this->sessionManager->expects($this->atLeastOnce())->method('destroy');
+        $this->sessionManager->method('isSessionExists')->willReturn(false);
         $this->sessionManager->expects($this->atLeastOnce())->method('getSessionId');
         $visitor = $this->getMockBuilder(\Magento\Customer\Model\Visitor::class)
             ->disableOriginalConstructor()
