MC-38676: Fixed force logout after email change

Author: SeruyV

app/code/Magento/Customer/Controller/Account/EditPost.php

@@ -7,7 +7,9 @@
 
 namespace Magento\Customer\Controller\Account;
 
+use Exception;
 use Magento\Customer\Api\Data\CustomerInterface;
+use Magento\Customer\Api\SessionCleanerInterface;
 use Magento\Customer\Model\AddressRegistry;
 use Magento\Framework\App\Action\HttpPostActionInterface as HttpPostActionInterface;
 use Magento\Customer\Model\AuthenticationInterface;
@@ -27,13 +29,15 @@
 use Magento\Framework\Escaper;
 use Magento\Framework\Exception\InputException;
 use Magento\Framework\Exception\InvalidEmailOrPasswordException;
+use Magento\Framework\Exception\LocalizedException;
 use Magento\Framework\Exception\NoSuchEntityException;
 use Magento\Framework\Exception\State\UserLockedException;
 use Magento\Customer\Controller\AbstractAccount;
 use Magento\Framework\Phrase;
 
 /**
- * Class EditPost
+ * Customer edit page.
+ *
  * @SuppressWarnings(PHPMD.CouplingBetweenObjects)
  */
 class EditPost extends AbstractAccount implements CsrfAwareActionInterface, HttpPostActionInterface
@@ -69,7 +73,7 @@ class EditPost extends AbstractAccount implements CsrfAwareActionInterface, Http
     protected $session;
 
     /**
-     * @var \Magento\Customer\Model\EmailNotificationInterface
+     * @var EmailNotificationInterface
      */
     private $emailNotification;
 
@@ -93,6 +97,11 @@ class EditPost extends AbstractAccount implements CsrfAwareActionInterface, Http
      */
     private $addressRegistry;
 
+    /**
+     * @var SessionCleanerInterface|null
+     */
+    private $sessionCleaner;
+
     /**
      * @param Context $context
      * @param Session $customerSession
@@ -102,6 +111,7 @@ class EditPost extends AbstractAccount implements CsrfAwareActionInterface, Http
      * @param CustomerExtractor $customerExtractor
      * @param Escaper|null $escaper
      * @param AddressRegistry|null $addressRegistry
+     * @param SessionCleanerInterface|null $sessionCleaner
      */
     public function __construct(
         Context $context,
@@ -111,7 +121,8 @@ public function __construct(
         Validator $formKeyValidator,
         CustomerExtractor $customerExtractor,
         ?Escaper $escaper = null,
-        AddressRegistry $addressRegistry = null
+        AddressRegistry $addressRegistry = null,
+        ?SessionCleanerInterface $sessionCleaner = null
     ) {
         parent::__construct($context);
         $this->session = $customerSession;
@@ -121,6 +132,7 @@ public function __construct(
         $this->customerExtractor = $customerExtractor;
         $this->escaper = $escaper ?: ObjectManager::getInstance()->get(Escaper::class);
         $this->addressRegistry = $addressRegistry ?: ObjectManager::getInstance()->get(AddressRegistry::class);
+        $this->sessionCleaner = $sessionCleaner ?: ObjectManager::getInstance()->get(SessionCleanerInterface::class);
     }
 
     /**
@@ -132,9 +144,7 @@ private function getAuthentication()
     {
 
         if (!($this->authentication instanceof AuthenticationInterface)) {
-            return ObjectManager::getInstance()->get(
-                \Magento\Customer\Model\AuthenticationInterface::class
-            );
+            return ObjectManager::getInstance()->get(AuthenticationInterface::class);
         } else {
             return $this->authentication;
         }
@@ -149,9 +159,7 @@ private function getAuthentication()
     private function getEmailNotification()
     {
         if (!($this->emailNotification instanceof EmailNotificationInterface)) {
-            return ObjectManager::getInstance()->get(
-                EmailNotificationInterface::class
-            );
+            return ObjectManager::getInstance()->get(EmailNotificationInterface::class);
         } else {
             return $this->emailNotification;
         }
@@ -160,9 +168,8 @@ private function getEmailNotification()
     /**
      * @inheritDoc
      */
-    public function createCsrfValidationException(
-        RequestInterface $request
-    ): ?InvalidRequestException {
+    public function createCsrfValidationException(RequestInterface $request): ?InvalidRequestException
+    {
         /** @var Redirect $resultRedirect */
         $resultRedirect = $this->resultRedirectFactory->create();
         $resultRedirect->setPath('*/*/edit');
@@ -184,11 +191,11 @@ public function validateForCsrf(RequestInterface $request): ?bool
     /**
      * Change customer email or password action
      *
-     * @return \Magento\Framework\Controller\Result\Redirect
+     * @return Redirect
      */
     public function execute()
     {
-        /** @var \Magento\Framework\Controller\Result\Redirect $resultRedirect */
+        /** @var Redirect $resultRedirect */
         $resultRedirect = $this->resultRedirectFactory->create();
         $validFormKey = $this->formKeyValidator->validate($this->getRequest());
 
@@ -217,6 +224,7 @@ public function execute()
                 );
                 $this->dispatchSuccessEvent($customerCandidateDataObject);
                 $this->messageManager->addSuccessMessage(__('You saved the account information.'));
+
                 return $resultRedirect->setPath('customer/account');
             } catch (InvalidEmailOrPasswordException $e) {
                 $this->messageManager->addErrorMessage($this->escaper->escapeHtml($e->getMessage()));
@@ -228,15 +236,16 @@ public function execute()
                 $this->session->logout();
                 $this->session->start();
                 $this->messageManager->addErrorMessage($message);
+
                 return $resultRedirect->setPath('customer/account/login');
             } catch (InputException $e) {
                 $this->messageManager->addErrorMessage($this->escaper->escapeHtml($e->getMessage()));
                 foreach ($e->getErrors() as $error) {
                     $this->messageManager->addErrorMessage($this->escaper->escapeHtml($error->getMessage()));
                 }
-            } catch (\Magento\Framework\Exception\LocalizedException $e) {
+            } catch (LocalizedException $e) {
                 $this->messageManager->addErrorMessage($e->getMessage());
-            } catch (\Exception $e) {
+            } catch (Exception $e) {
                 $this->messageManager->addException($e, __('We can\'t save the customer.'));
             }
 
@@ -246,16 +255,17 @@ public function execute()
         /** @var Redirect $resultRedirect */
         $resultRedirect = $this->resultRedirectFactory->create();
         $resultRedirect->setPath('*/*/edit');
+
         return $resultRedirect;
     }
 
     /**
      * Account editing action completed successfully event
      *
-     * @param \Magento\Customer\Api\Data\CustomerInterface $customerCandidateDataObject
+     * @param CustomerInterface $customerCandidateDataObject
      * @return void
      */
-    private function dispatchSuccessEvent(\Magento\Customer\Api\Data\CustomerInterface $customerCandidateDataObject)
+    private function dispatchSuccessEvent(CustomerInterface $customerCandidateDataObject)
     {
         $this->_eventManager->dispatch(
             'customer_account_edited',
@@ -268,7 +278,7 @@ private function dispatchSuccessEvent(\Magento\Customer\Api\Data\CustomerInterfa
      *
      * @param int $customerId
      *
-     * @return \Magento\Customer\Api\Data\CustomerInterface
+     * @return CustomerInterface
      */
     private function getCustomerDataObject($customerId)
     {
@@ -278,13 +288,13 @@ private function getCustomerDataObject($customerId)
     /**
      * Create Data Transfer Object of customer candidate
      *
-     * @param \Magento\Framework\App\RequestInterface $inputData
-     * @param \Magento\Customer\Api\Data\CustomerInterface $currentCustomerData
-     * @return \Magento\Customer\Api\Data\CustomerInterface
+     * @param RequestInterface $inputData
+     * @param CustomerInterface $currentCustomerData
+     * @return CustomerInterface
      */
     private function populateNewCustomerDataObject(
-        \Magento\Framework\App\RequestInterface $inputData,
-        \Magento\Customer\Api\Data\CustomerInterface $currentCustomerData
+        RequestInterface $inputData,
+        CustomerInterface $currentCustomerData
     ) {
         $attributeValues = $this->getCustomerMapper()->toFlatArray($currentCustomerData);
         $customerDto = $this->customerExtractor->extract(
@@ -330,12 +340,12 @@ protected function changeCustomerPassword($email)
     /**
      * Process change email request
      *
-     * @param \Magento\Customer\Api\Data\CustomerInterface $currentCustomerDataObject
+     * @param CustomerInterface $currentCustomerDataObject
      * @return void
      * @throws InvalidEmailOrPasswordException
      * @throws UserLockedException
      */
-    private function processChangeEmailRequest(\Magento\Customer\Api\Data\CustomerInterface $currentCustomerDataObject)
+    private function processChangeEmailRequest(CustomerInterface $currentCustomerDataObject)
     {
         if ($this->getRequest()->getParam('change_email')) {
             // authenticate user for changing email
@@ -344,6 +354,7 @@ private function processChangeEmailRequest(\Magento\Customer\Api\Data\CustomerIn
                     $currentCustomerDataObject->getId(),
                     $this->getRequest()->getPost('current_password')
                 );
+                $this->sessionCleaner->clearFor($currentCustomerDataObject->getId());
             } catch (InvalidEmailOrPasswordException $e) {
                 throw new InvalidEmailOrPasswordException(
                     __("The password doesn't match this account. Verify the password and try again.")
@@ -362,7 +373,7 @@ private function processChangeEmailRequest(\Magento\Customer\Api\Data\CustomerIn
     private function getCustomerMapper()
     {
         if ($this->customerMapper === null) {
-            $this->customerMapper = ObjectManager::getInstance()->get(\Magento\Customer\Model\Customer\Mapper::class);
+            $this->customerMapper = ObjectManager::getInstance()->get(Mapper::class);
         }
         return $this->customerMapper;
     }

app/code/Magento/Customer/Test/Mftf/Test/StorefrontChangeCustomerEmailTest.xml

@@ -0,0 +1,60 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ /**
+  * Copyright © Magento, Inc. All rights reserved.
+  * See COPYING.txt for license details.
+  */
+-->
+
+<tests xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+       xsi:noNamespaceSchemaLocation="urn:magento:mftf:Test/etc/testSchema.xsd">
+    <test name="StorefrontChangeCustomerEmailTest">
+        <annotations>
+            <features value="Customer"/>
+            <stories value="Update Customer"/>
+            <title value="Changing Customer Email Test"/>
+            <description value="Changing Customer's email with correct and wrong passwords"/>
+            <testCaseId value="MC-38725"/>
+            <severity value="MAJOR"/>
+            <group value="customer"/>
+        </annotations>
+        <before>
+            <createData entity="Simple_US_Customer" stepKey="customer"/>
+        </before>
+        <after>
+            <deleteData createDataKey="customer" stepKey="deleteCustomer"/>
+        </after>
+
+        <actionGroup ref="StorefrontOpenHomePageActionGroup" stepKey="openStorefrontHomePage"/>
+        <actionGroup ref="LoginToStorefrontActionGroup" stepKey="loginToStorefrontAccount">
+            <argument name="Customer" value="$customer$"/>
+        </actionGroup>
+        <!-- Navigate to "Account Information" tab First Time-->
+        <actionGroup ref="StorefrontOpenCustomerAccountInfoEditPageActionGroup" stepKey="goToCustomerEditPageFirstTime"/>
+        <!-- Entering new email, saving with correct password -->
+        <actionGroup ref="StorefrontCustomerChangeEmailActionGroup" stepKey="changeEmailCorrectAttempt">
+            <argument name="email" value="$customer.email$"/>
+            <argument name="password" value="$customer.password$"/>
+        </actionGroup>
+        <!-- See Success Notify, check that customer was force logged out -->
+        <actionGroup ref="AssertMessageCustomerChangeAccountInfoActionGroup" stepKey="seeSuccessMessage">
+            <argument name="message" value="You saved the account information."/>
+        </actionGroup>
+        <see userInput="Default welcome msg!" selector="{{StorefrontPanelHeaderSection.WelcomeMessage}}" stepKey="assertWelcomeMessage"/>
+        <actionGroup ref="LoginToStorefrontActionGroup" stepKey="loginToStorefrontAccountAfterEmailChange">
+            <argument name="Customer" value="$customer$"/>
+        </actionGroup>
+        <!-- Navigate to "Account Information" tab Second Time-->
+        <actionGroup ref="StorefrontOpenCustomerAccountInfoEditPageActionGroup" stepKey="goToCustomerEditPageSecondTime" />
+        <!-- Checking Email checkbox, entering new email, saving with incorrect password -->
+        <actionGroup ref="StorefrontCustomerChangeEmailActionGroup" stepKey="changeEmailWrongAttempt">
+            <argument name="email" value="$customer.email$"/>
+            <argument name="password" value="WRONG_PASSWORD_123123q"/>
+        </actionGroup>
+        <!-- See Failure Message-->
+        <actionGroup ref="AssertMessageCustomerChangeAccountInfoActionGroup" stepKey="seeFailureMessage">
+            <argument name="message" value="The password doesn't match this account. Verify the password and try again."/>
+            <argument name="messageType" value="error"/>
+        </actionGroup>
+    </test>
+</tests>