Merge pull request #1141 from CakeDC/feature/reset-password-config

Feature/reset password config

Author: steinkel

Docs/Documentation/Authentication.md

@@ -237,3 +237,34 @@ Add the following to your ``config/users.php`` configuration to change the authe
 ```php
 'Auth.Authentication.serviceLoader' => \App\Loader\AppAuthenticationServiceLoader::class,
 ```
+
+
+Password Reset
+--------------
+
+When a user requests to reset their password, the plugin needs to find their account. By default, it searches using both the `username` and `email` fields.
+You can customize which fields are used for this lookup by configuring the `Users.PasswordReset.findWith` setting in your `config/users.php` file.
+
+The value should be an array of column names that exist in your `users` table. The system will dynamically build a query to search using these fields.
+
+For example, if your application only uses email for identification, you can restrict the search to just the `email` column to avoid errors and improve performance:
+
+```php
+// in config/users.php
+'Users' => [
+    'PasswordReset' => [
+        'findWith' => ['email']
+    ],
+]
+```
+
+If you need to search by `username` and another custom field, you could configure it like this:
+
+```php
+// in config/users.php
+'Users' => [
+    'PasswordReset' => [
+        'findWith' => ['username', 'legacy_user_id']
+    ],
+]
+```

config/users.php

@@ -52,6 +52,10 @@
             'updateLastLogin' => true,
             'lastLoginField' => 'last_login',
         ],
+        'PasswordReset' => [
+            // A list of fields to use when looking up a user for password reset.
+            'findWith' => ['username', 'email'],
+        ],
         'Registration' => [
             // determines if the register is enabled
             'active' => true,

phpstan-baseline.neon

@@ -110,11 +110,6 @@ parameters:
 			count: 1
 			path: src/Model/Behavior/LinkSocialBehavior.php
 
-		-
-			message: "#^Call to an undefined method Cake\\\\ORM\\\\Table\\:\\:findByUsernameOrEmail\\(\\)\\.$#"
-			count: 1
-			path: src/Model/Behavior/PasswordBehavior.php
-
 		-
 			message: "#^Method CakeDC\\\\Users\\\\Model\\\\Behavior\\\\PasswordBehavior\\:\\:resetToken\\(\\) should return string but returns Cake\\\\Datasource\\\\EntityInterface\\|false\\.$#"
 			count: 1

src/Model/Behavior/PasswordBehavior.php

@@ -122,7 +122,23 @@ protected function _sendValidationEmail($user, $options = [])
      */
     protected function _getUser($reference)
     {
-        return $this->_table->findByUsernameOrEmail($reference, $reference)->first();
+        $findWith = (array)Configure::read('Users.PasswordReset.findWith', ['username', 'email']);
+        $schema = $this->_table->getSchema();
+        $orConditions = [];
+
+        foreach ($findWith as $field) {
+            if ($schema->hasColumn($field)) {
+                $orConditions[$field] = $reference;
+            }
+        }
+
+        if (empty($orConditions)) {
+            return null;
+        }
+
+        return $this->_table->find()
+            ->where(['OR' => $orConditions])
+            ->first();
     }
 
     /**

tests/TestCase/Model/Behavior/PasswordBehaviorTest.php

@@ -23,6 +23,8 @@
 use CakeDC\Users\Exception\UserNotFoundException;
 use CakeDC\Users\Model\Behavior\PasswordBehavior;
 use CakeDC\Users\Model\Entity\User;
+use InvalidArgumentException;
+use ReflectionMethod;
 use TestApp\Mailer\OverrideMailer;
 
 /**
@@ -41,6 +43,16 @@ class PasswordBehaviorTest extends TestCase
         'plugin.CakeDC/Users.Users',
     ];
 
+    /**
+     * Table
+     */
+    protected $table;
+
+    /**
+     * Behavior
+     */
+    protected $Behavior;
+
     /**
      * setup
      *
@@ -122,7 +134,7 @@ public function testResetTokenSendEmail()
      */
     public function testResetTokenWithNullParams()
     {
-        $this->expectException(\InvalidArgumentException::class);
+        $this->expectException(InvalidArgumentException::class);
         $this->Behavior->resetToken(null);
     }
 
@@ -131,7 +143,7 @@ public function testResetTokenWithNullParams()
      */
     public function testResetTokenNoExpiration()
     {
-        $this->expectException(\InvalidArgumentException::class);
+        $this->expectException(InvalidArgumentException::class);
         $this->expectExceptionMessage('Token expiration cannot be empty');
         $this->Behavior->resetToken('ref');
     }
@@ -237,4 +249,51 @@ public function testEmailOverride()
         ]);
         $this->assertInstanceOf(User::class, $result);
     }
+
+    /**
+     * Test getUser finds by email when configured
+     */
+    public function testGetUserFindsByEmailWhenConfigured()
+    {
+        Configure::write('Users.PasswordReset.findWith', ['email']);
+        $user = $this->_executeGetUser('user-1@test.com');
+        $this->assertNotNull($user);
+
+        $user = $this->_executeGetUser('user-1');
+        $this->assertNull($user);
+    }
+
+    /**
+     * Test getUser finds by username and email by default
+     */
+    public function testGetUserFindsByUsernameAndEmailByDefault()
+    {
+        $userByEmail = $this->_executeGetUser('user-1@test.com');
+        $this->assertNotNull($userByEmail);
+
+        $userByUsername = $this->_executeGetUser('user-1');
+        $this->assertNotNull($userByUsername);
+
+        $this->assertEquals($userByEmail->id, $userByUsername->id);
+    }
+
+    /**
+     * Execute getUser method
+     *
+     * @param string $reference Reference to get user by
+     * @return \CakeDC\Users\Model\Entity\User|null
+     */
+    protected function _executeGetUser($reference)
+    {
+        if ($this->table->hasBehavior('Password')) {
+            $this->table->removeBehavior('Password');
+        }
+        $this->table->addBehavior('CakeDC/Users.Password');
+        $realBehavior = $this->table->getBehavior('Password');
+
+        $method = new ReflectionMethod(get_class($realBehavior), '_getUser');
+        $method->setAccessible(true);
+
+        return $method->invoke($realBehavior, $reference);
+    }
 }