Allow requesting password reset token with a non existent customer email

This commit is contained in:
Jan Goralski 2022-07-12 16:34:48 +02:00
parent 720b267936
commit 50140d7a89
No known key found for this signature in database
GPG key ID: 95D91BA380F31EDD
3 changed files with 20 additions and 9 deletions

View file

@ -22,7 +22,15 @@ Feature: Resetting a password
When I reset password for email "goodman@example.com" in "Polish (Poland)" locale
Then an email with reset token should be sent to "goodman@example.com" in "Polish (Poland)" locale
@ui @email @api
@email @api @ui
Scenario: Notifying about sending reset instructions even when an account with email does not exist
When I want to reset password
And I specify customer email as "does-not-exist@example.com"
And I reset it
Then I should be notified that email with reset instruction has been sent
But "does-not-exist@example.com" should receive no emails
@ui @api
Scenario: Changing my account password with token I received
Given I have already received a resetting password email
When I follow link on my email to reset my password
@ -32,7 +40,7 @@ Feature: Resetting a password
Then I should be notified that my password has been successfully reset
And I should be able to log in as "goodman@example.com" with "newp@ssw0rd" password
@ui @email @api
@ui @api
Scenario: Trying to change my account password twice with token I received
Given I have already received a resetting password email
When I follow link on my email to reset my password

View file

@ -37,7 +37,9 @@ final class RequestResetPasswordTokenHandler implements MessageHandlerInterface
public function __invoke(RequestResetPasswordToken $command): void
{
$user = $this->userRepository->findOneByEmail($command->getEmail());
Assert::notNull($user);
if (null === $user) {
return;
}
$user->setPasswordResetToken($this->generator->generate());
$user->setPasswordRequestedAt($this->calendar->now());

View file

@ -70,17 +70,18 @@ final class RequestResetPasswordTokenHandlerSpec extends ObjectBehavior
$this($requestResetPasswordToken);
}
function it_throws_exception_if_shop_user_has_not_been_found(UserRepositoryInterface $userRepository): void
{
function it_does_nothing_when_shop_user_has_not_been_found(
UserRepositoryInterface $userRepository,
MessageBusInterface $messageBus,
): void {
$userRepository->findOneByEmail('test@email.com')->willReturn(null);
$messageBus->dispatch(Argument::any())->shouldNotBeCalled();
$requestResetPasswordToken = new RequestResetPasswordToken('test@email.com');
$requestResetPasswordToken->setChannelCode('WEB');
$requestResetPasswordToken->setLocaleCode('en_US');
$this
->shouldThrow(\InvalidArgumentException::class)
->during('__invoke', [$requestResetPasswordToken])
;
$this($requestResetPasswordToken);
}
}