Merge pull request #33 from IrinaZhadzinets/issue-3243

#3243 - Reset confirmation when reset password
scandipwa · Jul 11, 2022 · 869114d · 869114d
2 parents 4b4f910 + 282b6f9
commit 869114d
Showing 1 changed file with 17 additions and 1 deletion.
diff --git a/src/Model/Resolver/ResetPassword.php b/src/Model/Resolver/ResetPassword.php
@@ -23,6 +23,7 @@
 use Magento\Framework\GraphQl\Schema\Type\ResolveInfo;
 use Magento\Customer\Model\Session;
 use Magento\Customer\Api\AccountManagementInterface;
+use Magento\Customer\Model\ForgotPasswordToken\ConfirmCustomerByToken;
 
 class ResetPassword implements ResolverInterface {
     const STATUS_PASSWORDS_MISS_MATCH = 'passwords_miss_match';
@@ -49,21 +50,31 @@ class ResetPassword implements ResolverInterface {
      */
     protected $authentication;
 
+    /**
+     * @var ConfirmCustomerByToken
+     */
+    protected ConfirmCustomerByToken $confirmByToken;
+
     /**
      * ResetPassword constructor.
      *
+     * @param Session $customerSession
+     * @param AccountManagementInterface $accountManagement
      * @param CustomerRepositoryInterface $customerRepository
+     * @param ConfirmCustomerByToken|null $confirmByToken
      */
     public function __construct(
         Session $customerSession,
         CustomerRepositoryInterface $customerRepository,
         AccountManagementInterface $accountManagement,
-        AuthenticationInterface $authenctication
+        AuthenticationInterface $authenctication,
+        ConfirmCustomerByToken $confirmByToken = null
     ) {
         $this->session = $customerSession;
         $this->accountManagement = $accountManagement;
         $this->customerRepository = $customerRepository;
         $this->authentication = $authenctication;
+        $this->confirmByToken = $confirmByToken;
     }
 
     /**
@@ -102,9 +113,14 @@ public function resolve(
         }
 
         try {
+            // Check if the user has not yet confirmed the account
+            // and if not do this along with changing the password
+            $this->confirmByToken->execute($resetPasswordToken);
+
             $this->accountManagement->resetPassword($customerEmail, $resetPasswordToken, $password);
             $this->authentication->unlock($customerId);
             $this->session->unsRpToken();
+
             return [ 'status' => self::STATUS_PASSWORD_UPDATED ];
         } catch (InputException $e) {
             throw new GraphQlInputException(__($e->getMessage()));