MAGETWO-95238: Cannot reset customer password from Admin Panel

irenelagno · irenelagno · commit b8b6adea3d2f · 2018-10-03T11:43:32.000-05:00
diff --git a/app/code/Magento/Customer/Block/Adminhtml/Edit/ResetPasswordButton.php b/app/code/Magento/Customer/Block/Adminhtml/Edit/ResetPasswordButton.php
@@ -13,6 +13,8 @@
 class ResetPasswordButton extends GenericButton implements ButtonProviderInterface
 {
     /**
+     * Retrieve button-specified settings
+     *
      * @return array
      */
     public function getButtonData()
@@ -23,14 +25,19 @@ public function getButtonData()
             $data = [
                 'label' => __('Reset Password'),
                 'class' => 'reset reset-password',
-                'on_click' => sprintf("location.href = '%s';", $this->getResetPasswordUrl()),
+                'data_attribute' => [
+                    'url' => $this->getResetPasswordUrl()
+                ],
+                'on_click' => '',
                 'sort_order' => 60,
             ];
         }
         return $data;
     }
 
     /**
+     * Get reset password url
+     *
      * @return string
      */
     public function getResetPasswordUrl()
diff --git a/app/code/Magento/Customer/view/adminhtml/web/edit/post-wrapper.js b/app/code/Magento/Customer/view/adminhtml/web/edit/post-wrapper.js
@@ -44,4 +44,12 @@ define([
 
         return false;
     });
+
+    $('#resetPassword').click(function () {
+        var url = $('#resetPassword').data('url');
+
+        getForm(url).appendTo('body').submit();
+
+        return false;
+    });
 });
diff --git a/dev/tests/integration/testsuite/Magento/Customer/Controller/Adminhtml/Index/ResetPasswordTest.php b/dev/tests/integration/testsuite/Magento/Customer/Controller/Adminhtml/Index/ResetPasswordTest.php
@@ -43,6 +43,23 @@ public function testResetPasswordSuccess()
         $this->assertRedirect($this->stringStartsWith($this->baseControllerUrl . 'edit'));
     }
 
+    /**
+     * Checks reset password functionality cannot be performed with GET request
+     *
+     * @magentoConfigFixture current_store customer/password/limit_password_reset_requests_method 0
+     * @magentoConfigFixture current_store customer/password/min_time_between_password_reset_requests 0
+     * @magentoDataFixture Magento/Customer/_files/customer.php
+     */
+    public function testResetPasswordWithGet()
+    {
+        $this->passwordResetRequestEventCreate(
+            \Magento\Security\Model\PasswordResetRequestEvent::CUSTOMER_PASSWORD_RESET_REQUEST
+        );
+        $this->getRequest()->setPostValue(['customer_id' => '1'])->setMethod(HttpRequest::METHOD_GET);
+        $this->dispatch('backend/customer/index/resetPassword');
+        $this->assertEquals('noroute', $this->getRequest()->getControllerName());
+    }
+
     /**
      * Checks reset password functionality with default restrictive min time between
      * password reset requests and customer reset request event.
