Merge remote-tracking branch 'origin/MC-20420' into 2.3-develop-pr82

Author: svitja

dev/tests/integration/testsuite/Magento/Customer/Controller/AccountTest.php

@@ -9,6 +9,7 @@
 use Magento\Customer\Api\CustomerRepositoryInterface;
 use Magento\Customer\Api\Data\CustomerInterface;
 use Magento\Customer\Model\Account\Redirect;
+use Magento\Customer\Model\CustomerRegistry;
 use Magento\Customer\Model\Session;
 use Magento\Framework\Api\FilterBuilder;
 use Magento\Framework\Api\SearchCriteriaBuilder;
@@ -25,6 +26,7 @@
 use Magento\TestFramework\Request;
 use Magento\TestFramework\Response;
 use Magento\Theme\Controller\Result\MessagePlugin;
+use PHPUnit\Framework\Constraint\StringContains;
 use Zend\Stdlib\Parameters;
 
 /**
@@ -796,6 +798,141 @@ public function testConfirmationEmailWithSpecialCharacters(): void
         );
     }
 
+    /**
+     * Check that Customer which change email can't log in with old email.
+     *
+     * @magentoDataFixture Magento/Customer/_files/customer.php
+     * @magentoConfigFixture current_store customer/captcha/enable 0
+     *
+     * @return void
+     */
+    public function testResetPasswordWhenEmailChanged(): void
+    {
+        $email = 'customer@example.com';
+        $newEmail = 'new_customer@example.com';
+
+        /* Reset password and check mail with token */
+        $this->getRequest()->setPostValue(['email' => $email]);
+        $this->getRequest()->setMethod(HttpRequest::METHOD_POST);
+
+        $this->dispatch('customer/account/forgotPasswordPost');
+        $this->assertRedirect($this->stringContains('customer/account/'));
+        $this->assertSessionMessages(
+            $this->equalTo(
+                [
+                    "If there is an account associated with {$email} you will receive an email with a link "
+                    . "to reset your password."
+                ]
+            ),
+            MessageInterface::TYPE_SUCCESS
+        );
+
+        /** @var CustomerRegistry $customerRegistry */
+        $customerRegistry = $this->_objectManager->get(CustomerRegistry::class);
+        $customerData = $customerRegistry->retrieveByEmail($email);
+        $token = $customerData->getRpToken();
+        $this->assertForgotPasswordEmailContent($token);
+
+        /* Set new email */
+        /** @var CustomerRepositoryInterface $customerRepository */
+        $customerRepository = $this->_objectManager->create(CustomerRepositoryInterface::class);
+        /** @var \Magento\Customer\Api\Data\CustomerInterface $customer */
+        $customer = $customerRepository->getById($customerData->getId());
+        $customer->setEmail($newEmail);
+        $customerRepository->save($customer);
+
+        /* Goes through the link in a mail */
+        $this->resetRequest();
+        $this->getRequest()
+            ->setParam('token', $token)
+            ->setParam('id', $customerData->getId());
+
+        $this->dispatch('customer/account/createPassword');
+
+        $this->assertRedirect($this->stringContains('customer/account/forgotpassword'));
+        $this->assertSessionMessages(
+            $this->equalTo(['Your password reset link has expired.']),
+            MessageInterface::TYPE_ERROR
+        );
+        /* Trying to log in with old email */
+        $this->resetRequest();
+        $this->clearCookieMessagesList();
+        $customerRegistry->removeByEmail($email);
+
+        $this->dispatchLoginPostAction($email, 'password');
+        $this->assertSessionMessages(
+            $this->equalTo(
+                [
+                    'The account sign-in was incorrect or your account is disabled temporarily. '
+                    . 'Please wait and try again later.'
+                ]
+            ),
+            MessageInterface::TYPE_ERROR
+        );
+        $this->assertRedirect($this->stringContains('customer/account/login'));
+        /** @var Session $session */
+        $session = $this->_objectManager->get(Session::class);
+        $this->assertFalse($session->isLoggedIn());
+
+        /* Trying to log in with correct(new) email */
+        $this->resetRequest();
+        $this->dispatchLoginPostAction($newEmail, 'password');
+        $this->assertRedirect($this->stringContains('customer/account/'));
+        $this->assertTrue($session->isLoggedIn());
+        $session->logout();
+    }
+
+    /**
+     * Set needed parameters and dispatch Customer loginPost action.
+     *
+     * @param string $email
+     * @param string $password
+     * @return void
+     */
+    private function dispatchLoginPostAction(string $email, string $password): void
+    {
+        $this->getRequest()->setMethod(HttpRequest::METHOD_POST);
+        $this->getRequest()->setPostValue(
+            [
+                'login' => [
+                    'username' => $email,
+                    'password' => $password,
+                ],
+            ]
+        );
+        $this->dispatch('customer/account/loginPost');
+    }
+
+    /**
+     * Check that 'Forgot password' email contains correct data.
+     *
+     * @param string $token
+     * @return void
+     */
+    private function assertForgotPasswordEmailContent(string $token): void
+    {
+        $message = $this->transportBuilderMock->getSentMessage();
+        $pattern = "/<a.+customer\/account\/createPassword\/\?token={$token}.+Set\s+a\s+New\s+Password<\/a\>/";
+        $rawMessage = $message->getBody()->getParts()[0]->getRawContent();
+        $messageConstraint = $this->logicalAnd(
+            new StringContains('There was recently a request to change the password for your account.'),
+            $this->matchesRegularExpression($pattern)
+        );
+        $this->assertThat($rawMessage, $messageConstraint);
+    }
+
+    /**
+     * Clear request object.
+     *
+     * @return void
+     */
+    private function resetRequest(): void
+    {
+        $this->_objectManager->removeSharedInstance(Http::class);
+        $this->_objectManager->removeSharedInstance(Request::class);
+        $this->_request = null;
+    }
+
     /**
      * Data provider for testLoginPostRedirect.
      *