ACP2E-3657: Weak Password Management

soklymeach · soklymeach · commit 751d6df42be6 · 2025-03-05T13:20:44.000-06:00
diff --git a/app/code/Magento/User/Controller/Adminhtml/User/Save.php b/app/code/Magento/User/Controller/Adminhtml/User/Save.php
@@ -1,7 +1,7 @@
 <?php
 /**
- * Copyright © Magento, Inc. All rights reserved.
- * See COPYING.txt for license details.
+ * Copyright 2014 Adobe
+ * All Rights Reserved.
  */
 
 namespace Magento\User\Controller\Adminhtml\User;
@@ -64,6 +64,22 @@ public function execute()
             return;
         }
         $model->setData($this->_getAdminUserData($data));
+        try {
+            $errors = $model->validate();
+            if ($errors !== true && !empty($errors)) {
+                foreach ($errors as $error) {
+                    $this->messageManager->addError($error);
+                }
+                $this->redirectToEdit($model, $data);
+                return;
+            }
+        } catch (\Magento\Framework\Validator\Exception $e) {
+            if ($e->getMessage()) {
+                $this->messageManager->addError($e->getMessage());
+            }
+            $this->redirectToEdit($model, $data);
+            return;
+        }
         $userRoles = $this->getRequest()->getParam('roles', []);
         if (count($userRoles)) {
             $model->setRoleId($userRoles[0]);
diff --git a/app/code/Magento/User/Test/Unit/Controller/Adminhtml/User/SaveTest.php b/app/code/Magento/User/Test/Unit/Controller/Adminhtml/User/SaveTest.php
@@ -0,0 +1,159 @@
+<?php
+/**
+ * Copyright 2025 Adobe
+ * All Rights Reserved.
+ */
+declare(strict_types=1);
+
+namespace Magento\User\Test\Unit\Controller\Adminhtml\User;
+
+use Magento\Backend\App\Action\Context;
+use Magento\Backend\Model\Session;
+use Magento\Framework\App\Request\Http;
+use Magento\Framework\App\Response\RedirectInterface;
+use Magento\Framework\App\ResponseInterface;
+use Magento\Framework\Message\ManagerInterface;
+use Magento\Framework\ObjectManagerInterface;
+use Magento\Framework\Registry;
+use Magento\User\Controller\Adminhtml\User\Save;
+use Magento\User\Model\User;
+use Magento\User\Model\UserFactory;
+use PHPUnit\Framework\MockObject\MockObject;
+use PHPUnit\Framework\TestCase;
+
+class SaveTest extends TestCase
+{
+    /**
+     * @var Save|MockObject
+     */
+    private $controller;
+
+    /**
+     * @var Http|MockObject
+     */
+    private $requestMock;
+
+    /**
+     * @var ManagerInterface|MockObject
+     */
+    private $messageManagerMock;
+
+    /**
+     * @var UserFactory|MockObject
+     */
+    private $userFactoryMock;
+
+    /**
+     * @var User|MockObject
+     */
+    private $userModelMock;
+
+    /**
+     * @var ObjectManagerInterface|MockObject
+     */
+    private $objectManagerMock;
+
+    /**
+     * @var Session|MockObject
+     */
+    private $sessionMock;
+
+    /**
+     * @var Context|MockObject
+     */
+    private $contextMock;
+
+    /**
+     * @var Registry|MockObject
+     */
+    private $registryMock;
+
+    protected function setUp(): void
+    {
+        $this->requestMock = $this->createMock(Http::class);
+        $this->messageManagerMock = $this->createMock(ManagerInterface::class);
+        $this->userFactoryMock = $this->createPartialMock(UserFactory::class, ['create']);
+        $this->userModelMock = $this->getMockBuilder(User::class)
+            ->disableOriginalConstructor()
+            ->onlyMethods(['isObjectNew', 'load', 'setData', 'validate'])
+            ->addMethods(['setRoleId'])
+            ->getMock();
+        $this->objectManagerMock = $this->createMock(ObjectManagerInterface::class);
+        $this->sessionMock = $this->getMockBuilder(Session::class)
+            ->disableOriginalConstructor()
+            ->addMethods(['setUserData'])
+            ->getMock();
+        $this->contextMock = $this->createMock(Context::class);
+        $this->registryMock = $this->createMock(Registry::class);
+        $this->userFactoryMock->expects($this->any())
+            ->method('create')
+            ->willReturn($this->userModelMock);
+        $responseMock = $this->createMock(ResponseInterface::class);
+        $redirectMock = $this->createMock(RedirectInterface::class);
+        $this->contextMock->expects($this->any())
+            ->method('getRequest')
+            ->willReturn($this->requestMock);
+        $this->contextMock->expects($this->any())
+            ->method('getMessageManager')
+            ->willReturn($this->messageManagerMock);
+        $this->contextMock->expects($this->any())
+            ->method('getResponse')
+            ->willReturn($responseMock);
+        $this->contextMock->expects($this->any())
+            ->method('getRedirect')
+            ->willReturn($redirectMock);
+        $this->contextMock->expects($this->any())
+            ->method('getSession')
+            ->willReturn($this->sessionMock);
+        $this->contextMock->expects($this->any())
+            ->method('getObjectManager')
+            ->willReturn($this->objectManagerMock);
+        $this->controller = $this->getMockBuilder(Save::class)
+            ->setConstructorArgs([
+                'context' => $this->contextMock,
+                'userFactory' => $this->userFactoryMock,
+                'coreRegistry' => $this->registryMock
+            ])
+            ->onlyMethods(['redirectToEdit'])
+            ->getMock();
+    }
+
+    public function testExecuteValidationFailure()
+    {
+        $userId = 1;
+        $postData = ['username' => 'testuser'];
+        $this->requestMock->expects($this->once())
+            ->method('getParam')
+            ->with('user_id')
+            ->willReturn($userId);
+        $this->requestMock->expects($this->once())
+            ->method('getPostValue')
+            ->willReturn($postData);
+        $this->userModelMock->expects($this->once())
+            ->method('load')
+            ->with($userId)
+            ->willReturnSelf();
+        $this->userModelMock->expects($this->once())
+            ->method('isObjectNew')
+            ->willReturn(false);
+        $this->userModelMock->expects($this->once())
+            ->method('setData')
+            ->willReturnSelf();
+        $this->userModelMock->expects($this->once())
+            ->method('validate')
+            ->willReturn(['Validation error message']);
+        $this->messageManagerMock->expects($this->once())
+            ->method('addError')
+            ->with('Validation error message');
+        $this->sessionMock->expects($this->once())
+            ->method('setUserData')
+            ->with($postData);
+        $this->controller->expects($this->once())
+            ->method('redirectToEdit')
+            ->with($this->userModelMock, $postData)
+            ->willReturnCallback(function ($model, $data) {
+                $this->sessionMock->setUserData($data);
+            });
+        $this->controller->execute();
+    }
+}
