Skip to content

[Backport 2.1-develop] #11409: Too many password reset requests even when disabled in settings #11436

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Dec 7, 2017
Merged

[Backport 2.1-develop] #11409: Too many password reset requests even when disabled in settings #11436

merged 1 commit into from
Dec 7, 2017

Conversation

adrian-martinez-interactiv4
Copy link
Contributor

When attempting to reset a customer's password via the admin, the system tells me 'Too many password reset requests' even when I have disabled the 'max wait time between password resets' in the store configuration settings.

Related with PR#11434

Description

\Magento\Security\Model\Config::getXmlPathPrefix() method fails to use the customer configuration customer/password/, using the admin/security/ settings instead, when reset password is triggered from admin, due to current scope:

    /**
     * {@inheritDoc}
     *
     * @return string
     */
    protected function getXmlPathPrefix()
    {
        if ($this->scope->getCurrentScope() == \Magento\Framework\App\Area::AREA_ADMINHTML) {
            return self::XML_PATH_ADMIN_AREA;
        }
        return self::XML_PATH_FRONTEND_AREA;
    }

Emulated frontend area in scope in plugin method \Magento\Security\Model\Plugin\AccountManagement::beforeInitiatePasswordReset, also fixed di.xml parameter injection that caused customer password reset requests also counting as admin user requests when emails coincide for admin user and customer.

Fixed Issues (if relevant)

  1. Too many password reset requests even when disabled in settings #11409: Too many password reset requests even when disabled in settings

Manual testing scenarios

  • Login to the admin
  • Go to Customers > All Customers
  • Click to edit a customer and click 'Reset Password' from the options in the top
  • This works the first time, but only then. Every subsequent request fails.

Contribution checklist

  • Pull request has a meaningful description of its purpose
  • All commits are accompanied by meaningful commit messages
  • All new or changed code is covered with unit/integration tests (if applicable)
  • All automated tests passed successfully (all builds on Travis CI are green)

@adrian-martinez-interactiv4 adrian-martinez-interactiv4 changed the title [Backport 2.1-develop] Issue #11409: Too many password reset requests even when disabled in settings [Backport 2.1-develop] #11409: Too many password reset requests even when disabled in settings Oct 14, 2017
@dmanners dmanners self-assigned this Oct 24, 2017
@dmanners
Copy link
Contributor

See #11434 (comment) for comment on change.

@adrian-martinez-interactiv4 adrian-martinez-interactiv4 force-pushed the FR21#11409-TOO-MANY-PASSWORD-RESET-REQUESTS branch 2 times, most recently from af932aa to ebdd554 Compare October 28, 2017 15:57
@dmanners
Copy link
Contributor

dmanners commented Nov 1, 2017
edited
Loading

I will put this on hold until #11434 has been merged into 2.3-develop

@magento-engcom-team magento-engcom-team added 2.2.x Reproduced on 2.1.x The issue has been reproduced on latest 2.1 release Reproduced on 2.2.x The issue has been reproduced on latest 2.2 release Reproduced on 2.3.x The issue has been reproduced on latest 2.3 release labels Nov 7, 2017
@dmanners
Copy link
Contributor

Now that #11434 has been sorted can you make the same changes into the backported PRs @adrian-martinez-interactiv4

@adrian-martinez-interactiv4 adrian-martinez-interactiv4 force-pushed the FR21#11409-TOO-MANY-PASSWORD-RESET-REQUESTS branch 2 times, most recently from 4db4015 to b4dbe4c Compare November 30, 2017 18:14
@adrian-martinez-interactiv4 adrian-martinez-interactiv4 force-pushed the FR21#11409-TOO-MANY-PASSWORD-RESET-REQUESTS branch from b4dbe4c to fca05b2 Compare December 1, 2017 10:13
@adrian-martinez-interactiv4
Copy link
Contributor Author

@will-b this issue was previous to this PR, replaced all double spaces after = sign in that file.

@dmanners dmanners added this to the December 2017 milestone Dec 1, 2017
@magento-team magento-team merged commit fca05b2 into magento:2.1-develop Dec 7, 2017
magento-team pushed a commit that referenced this pull request Dec 7, 2017
@ishakhsuvarov
MAGETWO-84861: [Backport 2.1-develop] #11409: Too many password reset…
bebeb53 
… requests even when disabled in settings #11436
magento-team pushed a commit that referenced this pull request Dec 7, 2017
@ishakhsuvarov
Merge pull request #1809 from magento-engcom/2.1-develop-prs
90074e7 
[EngCom] Public Pull Requests - 2.1-develop
 - MAGETWO-85104: Fixes #8009 #12548
 - MAGETWO-84861: [Backport 2.1-develop] #11409: Too many password reset requests even when disabled in settings #11436
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@dmanners dmanners

Labels
Award: complex Award: test coverage Progress: accept Progress: on hold Release Line: 2.1 Reproduced on 2.1.x The issue has been reproduced on latest 2.1 release Reproduced on 2.2.x The issue has been reproduced on latest 2.2 release Reproduced on 2.3.x The issue has been reproduced on latest 2.3 release
Projects
None yet
Milestone
December 2017
Development

Successfully merging this pull request may close these issues.
5 participants
@adrian-martinez-interactiv4 @dmanners @magento-team @vkublytskyi @magento-engcom-team