Merge branch 'develop' of https://github.corp.magento.com/magento2/magento2ce into MAGETWO-43102

Conflicts:
	dev/tests/functional/tests/app/Magento/CatalogRule/Test/Block/Adminhtml/Promo/Catalog/Edit/PromoForm.xml

Author: rganin

app/code/Magento/Backend/Controller/Adminhtml/System/Account/Save.php

@@ -9,9 +9,27 @@
 use Magento\Framework\Exception\AuthenticationException;
 use Magento\Framework\Exception\LocalizedException;
 use Magento\Framework\Controller\ResultFactory;
+use Magento\Framework\Exception\State\UserLockedException;
 
 class Save extends \Magento\Backend\Controller\Adminhtml\System\Account
 {
+    /**
+     * @var \Magento\Security\Helper\SecurityCookie
+     */
+    protected $securityCookieHelper;
+
+    /**
+     * @param \Magento\Backend\App\Action\Context $context
+     * @param \Magento\Security\Helper\SecurityCookie $securityCookieHelper
+     */
+    public function __construct(
+        \Magento\Backend\App\Action\Context $context,
+        \Magento\Security\Helper\SecurityCookie $securityCookieHelper
+    ) {
+        parent::__construct($context);
+        $this->securityCookieHelper = $securityCookieHelper;
+    }
+
     /**
      * Saving edited user information
      *
@@ -43,21 +61,22 @@ public function execute()
         /** Before updating admin user data, ensure that password of current admin user is entered and is correct */
         $currentUserPasswordField = \Magento\User\Block\User\Edit\Tab\Main::CURRENT_USER_PASSWORD_FIELD;
         $currentUserPassword = $this->getRequest()->getParam($currentUserPasswordField);
-        $isCurrentUserPasswordValid = !empty($currentUserPassword) && is_string($currentUserPassword);
         try {
-            if (!($isCurrentUserPasswordValid && $user->verifyIdentity($currentUserPassword))) {
-                throw new AuthenticationException(__('You have entered an invalid password for current user.'));
-            }
+            $user->performIdentityCheck($currentUserPassword);
             if ($password !== '') {
                 $user->setPassword($password);
                 $user->setPasswordConfirmation($passwordConfirmation);
             }
             $user->save();
-            /** Send password reset email notification only when password was changed */
-            if ($password !== '') {
-                $user->sendPasswordResetNotificationEmail();
-            }
+
+            $user->sendNotificationEmailsIfRequired();
+
             $this->messageManager->addSuccess(__('You saved the account.'));
+        } catch (UserLockedException $e) {
+            $this->_auth->logout();
+            $this->securityCookieHelper->setLogoutReasonCookie(
+                \Magento\Security\Model\AdminSessionsManager::LOGOUT_REASON_USER_LOCKED
+            );
         } catch (ValidatorException $e) {
             $this->messageManager->addMessages($e->getMessages());
             if ($e->getMessage()) {

app/code/Magento/Backend/Test/Unit/Controller/Adminhtml/System/Account/SaveTest.php

@@ -42,6 +42,9 @@ class SaveTest extends \PHPUnit_Framework_TestCase
     /** @var \PHPUnit_Framework_MockObject_MockObject|\Magento\Framework\TranslateInterface */
     protected $_translatorMock;
 
+    /** @var \PHPUnit_Framework_MockObject_MockObject |\Magento\Framework\Event\ManagerInterface */
+    protected $eventManagerMock;
+
     protected function setUp()
     {
         $this->_requestMock = $this->getMockBuilder('Magento\Framework\App\Request\Http')
@@ -76,7 +79,7 @@ protected function setUp()
         $this->_userMock = $this->getMockBuilder('Magento\User\Model\User')
             ->disableOriginalConstructor()
             ->setMethods(
-                ['load', 'save', 'sendPasswordResetNotificationEmail', 'verifyIdentity', '__sleep', '__wakeup']
+                ['load', 'save', 'sendNotificationEmailsIfRequired', 'performIdentityCheck', '__sleep', '__wakeup']
             )
             ->getMock();
 
@@ -190,10 +193,9 @@ public function testSaveAction()
         );
 
         $this->_userMock->setUserId($userId);
-
+        $this->_userMock->expects($this->once())->method('performIdentityCheck')->will($this->returnValue(true));
         $this->_userMock->expects($this->once())->method('save');
-        $this->_userMock->expects($this->once())->method('verifyIdentity')->will($this->returnValue(true));
-        $this->_userMock->expects($this->once())->method('sendPasswordResetNotificationEmail');
+        $this->_userMock->expects($this->once())->method('sendNotificationEmailsIfRequired');
 
         $this->_requestMock->setParams($requestParams);
 

app/code/Magento/Backend/composer.json

@@ -13,6 +13,7 @@
         "magento/module-quote": "100.0.*",
         "magento/module-catalog": "100.0.*",
         "magento/module-user": "100.0.*",
+        "magento/module-security": "100.0.*",
         "magento/module-backup": "100.0.*",
         "magento/module-customer": "100.0.*",
         "magento/module-translation": "100.0.*",

app/code/Magento/Backend/etc/adminhtml/system.xml

@@ -368,12 +368,6 @@
                     <label>Forgot and Reset Email Sender</label>
                     <source_model>Magento\Config\Model\Config\Source\Email\Identity</source_model>
                 </field>
-                <field id="password_reset_link_expiration_period" translate="label comment" type="text" sortOrder="30" showInDefault="1" showInWebsite="0" showInStore="0">
-                    <label>Recovery Link Expiration Period (days)</label>
-                    <comment>Please enter a number 1 or greater in this field.</comment>
-                    <validate>required-entry integer validate-greater-than-zero</validate>
-                    <backend_model>Magento\Config\Model\Config\Backend\Admin\Password\Link\Expirationperiod</backend_model>
-                </field>
             </group>
             <group id="startup" translate="label" type="text" sortOrder="20" showInDefault="1" showInWebsite="0" showInStore="0">
                 <label>Startup Page</label>
@@ -414,6 +408,12 @@
             </group>
             <group id="security" translate="label" type="text" sortOrder="35" showInDefault="1" showInWebsite="0" showInStore="0">
                 <label>Security</label>
+                <field id="password_reset_link_expiration_period" translate="label comment" type="text" sortOrder="7" showInDefault="1" showInWebsite="0" showInStore="0">
+                    <label>Recovery Link Expiration Period (hours)</label>
+                    <comment>Please enter a number 1 or greater in this field.</comment>
+                    <validate>required-entry integer validate-greater-than-zero</validate>
+                    <backend_model>Magento\Config\Model\Config\Backend\Admin\Password\Link\Expirationperiod</backend_model>
+                </field>
                 <field id="use_form_key" translate="label" type="select" sortOrder="10" showInDefault="1" showInWebsite="0" showInStore="0">
                     <label>Add Secret Key to URLs</label>
                     <source_model>Magento\Config\Model\Config\Source\Yesno</source_model>

app/code/Magento/Captcha/Model/DefaultModel.php

@@ -333,12 +333,27 @@ public function logAttempt($login)
         if ($this->_isEnabled() && in_array($this->_formId, $this->_getTargetForms())) {
             $this->_getResourceModel()->logAttempt($login);
             if ($this->_isOverLimitLoginAttempts($login)) {
-                $this->_session->setData($this->_getFormIdKey('show_captcha'), 1);
+                $this->setShowCaptchaInSession(true);
             }
         }
         return $this;
     }
 
+    /**
+     * Set show_captcha flag in session
+     *
+     * @param bool $value
+     * @return void
+     */
+    public function setShowCaptchaInSession($value = true)
+    {
+        if ($value !== true) {
+            $value = false;
+        }
+
+        $this->_session->setData($this->_getFormIdKey('show_captcha'), $value);
+    }
+
     /**
      * Generate word used for captcha render
      *

app/code/Magento/Captcha/Observer/CheckUserEditObserver.php

@@ -0,0 +1,163 @@
+<?php
+/**
+ * Copyright © 2015 Magento. All rights reserved.
+ * See COPYING.txt for license details.
+ */
+namespace Magento\Captcha\Observer;
+
+use Magento\Framework\Event\ObserverInterface;
+use Magento\Framework\Exception\NoSuchEntityException;
+use Magento\Customer\Helper\AccountManagement as AccountManagementHelper;
+use Magento\Customer\Model\Session;
+use Magento\Framework\App\Config\ScopeConfigInterface;
+use Magento\Customer\Api\CustomerRepositoryInterface;
+
+/**
+ * @SuppressWarnings(PHPMD.CouplingBetweenObjects)
+ */
+class CheckUserEditObserver implements ObserverInterface
+{
+    /**
+     * Form ID
+     */
+    const FORM_ID = 'user_edit';
+
+    /**
+     * @var \Magento\Captcha\Helper\Data
+     */
+    protected $helper;
+
+    /**
+     * @var \Magento\Framework\App\ActionFlag
+     */
+    protected $actionFlag;
+
+    /**
+     * @var \Magento\Framework\Message\ManagerInterface
+     */
+    protected $messageManager;
+
+    /**
+     * @var \Magento\Framework\App\Response\RedirectInterface
+     */
+    protected $redirect;
+
+    /**
+     * @var CaptchaStringResolver
+     */
+    protected $captchaStringResolver;
+
+    /**
+     * Account manager
+     *
+     * @var AccountManagementHelper
+     */
+    protected $accountManagementHelper;
+
+    /**
+     * @var Session
+     */
+    protected $session;
+
+    /**
+     * @var ScopeConfigInterface
+     */
+    protected $scopeConfig;
+
+    /**
+     * @var CustomerRepositoryInterface
+     */
+    protected $customerRepository;
+
+    /**
+     * @param \Magento\Captcha\Helper\Data $helper
+     * @param \Magento\Framework\App\ActionFlag $actionFlag
+     * @param \Magento\Framework\Message\ManagerInterface $messageManager
+     * @param \Magento\Framework\App\Response\RedirectInterface $redirect
+     * @param CaptchaStringResolver $captchaStringResolver
+     * @param AccountManagementHelper $accountManagementHelper
+     * @param Session $customerSession
+     * @param ScopeConfigInterface $scopeConfig
+     * @param CustomerRepositoryInterface $customerRepository
+     */
+    public function __construct(
+        \Magento\Captcha\Helper\Data $helper,
+        \Magento\Framework\App\ActionFlag $actionFlag,
+        \Magento\Framework\Message\ManagerInterface $messageManager,
+        \Magento\Framework\App\Response\RedirectInterface $redirect,
+        CaptchaStringResolver $captchaStringResolver,
+        AccountManagementHelper $accountManagementHelper,
+        Session $customerSession,
+        ScopeConfigInterface $scopeConfig,
+        CustomerRepositoryInterface $customerRepository
+    ) {
+        $this->helper = $helper;
+        $this->actionFlag = $actionFlag;
+        $this->messageManager = $messageManager;
+        $this->redirect = $redirect;
+        $this->captchaStringResolver = $captchaStringResolver;
+        $this->accountManagementHelper = $accountManagementHelper;
+        $this->customerSession = $customerSession;
+        $this->scopeConfig = $scopeConfig;
+        $this->customerRepository = $customerRepository;
+    }
+
+    /**
+     * Check Captcha On Forgot Password Page
+     *
+     * @param \Magento\Framework\Event\Observer $observer
+     * @return $this
+     */
+    public function execute(\Magento\Framework\Event\Observer $observer)
+    {
+        $captchaModel = $this->helper->getCaptcha(self::FORM_ID);
+        if ($captchaModel->isRequired()) {
+            /** @var \Magento\Framework\App\Action\Action $controller */
+            $controller = $observer->getControllerAction();
+            if (!$captchaModel->isCorrect(
+                $this->captchaStringResolver->resolve(
+                    $controller->getRequest(),
+                    self::FORM_ID
+                )
+            )) {
+                try {
+                    $customer = $this->customerRepository->getById($this->customerSession->getCustomerId());
+                    $this->accountManagementHelper->processCustomerLockoutData($customer->getId());
+                    $this->customerRepository->save($customer);
+                } catch (NoSuchEntityException $e) {
+                    //do nothing as customer existance is validated later in authenticate method
+                }
+                $this->workWithLock();
+                $this->messageManager->addError(__('Incorrect CAPTCHA'));
+                $this->actionFlag->set('', \Magento\Framework\App\Action\Action::FLAG_NO_DISPATCH, true);
+                $this->redirect->redirect($controller->getResponse(), '*/*/edit');
+            }
+        }
+
+        $customer = $this->customerSession->getCustomer();
+        $login = $customer->getEmail();
+        $captchaModel->logAttempt($login);
+
+        return $this;
+    }
+
+    /**
+     * Logout a user if it is locked
+     *
+     * @throws \Magento\Framework\Exception\SessionException
+     * @return void
+     */
+    protected function workWithLock()
+    {
+        $customerModel = $this->customerSession->getCustomer();
+        if ($customerModel->isCustomerLocked()) {
+            $this->customerSession->logout();
+            $this->customerSession->start();
+            $message = __(
+                'The account is locked. Please wait and try again or contact %1.',
+                $this->scopeConfig->getValue('contact/email/recipient_email')
+            );
+            $this->messageManager->addError($message);
+        }
+    }
+}