Description
Preconditions (*)
- Magento 2.4-develop
- Open
Create New Account Options
and enableRequire Emails Confirmation
- Create user with address (no special validation) via admin
Steps to reproduce (*)
- Add some kind of validation to address fields (limit length for city name)
UPDATE customer_eav_attribute SET validate_rules='{"input_validation":1,"min_text_length":0,"max_text_length":2}'
WHERE attribute_id=(SELECT attribute_id FROM eav_attribute WHERE entity_type_id=2 AND attribute_code='city');
OR for example you could create a plugin beforeSave
on \Magento\Customer\Api\AddressRepositoryInterface
that will add custom validation of address data.
2. Go to frontend
3. Click Sign In
4. Click Forgot Your Password?
5. Fill fields and click Reset My Password
6. Open email and click Set a New Password
Expected result (*)
- Forgot password functionality should allow the user to reset password
- Address data shouldn't be used in reset password process
Actual result (*)
- You will be redirected to
Forgot Your Password?
page
Problem is in class Magento\Customer\Model\ForgotPasswordToken\ConfirmCustomerByToken
in method execute
which runs save on customer object.
We should disable address validation in this process or make an error message more clear for user.
Metadata
Metadata
Assignees
Labels
Type
Projects
Status