Merge remote-tracking branch 'sprank/fix-38238' into AC10654

Rachana · Rachana · commit 42f1b60fd0f1 · 2024-06-06T23:07:33.000-07:00
diff --git a/app/code/Magento/Security/Model/Plugin/AccountManagement.php b/app/code/Magento/Security/Model/Plugin/AccountManagement.php
@@ -3,9 +3,12 @@
  * Copyright © Magento, Inc. All rights reserved.
  * See COPYING.txt for license details.
  */
+declare(strict_types=1);
+
 namespace Magento\Security\Model\Plugin;
 
 use Magento\Customer\Model\AccountManagement as AccountManagementOriginal;
+use Magento\Framework\App\Area;
 use Magento\Framework\App\ObjectManager;
 use Magento\Framework\Config\ScopeInterface;
 use Magento\Framework\Exception\SecurityViolationException;
@@ -58,6 +61,8 @@ public function __construct(
     }
 
     /**
+     * Security check before reset password
+     *
      * @param AccountManagementOriginal $accountManagement
      * @param string $email
      * @param string $template
@@ -73,8 +78,10 @@ public function beforeInitiatePasswordReset(
         $template,
         $websiteId = null
     ) {
-        if ($this->scope->getCurrentScope() == \Magento\Framework\App\Area::AREA_FRONTEND
-            || $this->passwordRequestEvent == PasswordResetRequestEvent::ADMIN_PASSWORD_RESET_REQUEST) {
+        if ($this->scope->getCurrentScope() == Area::AREA_FRONTEND
+            || $this->passwordRequestEvent == PasswordResetRequestEvent::ADMIN_PASSWORD_RESET_REQUEST
+            || ($this->scope->getCurrentScope() == Area::AREA_WEBAPI_REST
+            && $this->passwordRequestEvent == PasswordResetRequestEvent::CUSTOMER_PASSWORD_RESET_REQUEST)) {
             $this->securityManager->performSecurityCheck(
                 $this->passwordRequestEvent,
                 $email
diff --git a/app/code/Magento/Security/Test/Unit/Model/Plugin/AccountManagementTest.php b/app/code/Magento/Security/Test/Unit/Model/Plugin/AccountManagementTest.php
@@ -92,7 +92,7 @@ public function testBeforeInitiatePasswordReset($area, $passwordRequestEvent, $e
             ]
         );
 
-        $this->scope->expects($this->once())
+        $this->scope->expects($this->any())
             ->method('getCurrentScope')
             ->willReturn($area);
 
@@ -119,6 +119,7 @@ public function beforeInitiatePasswordResetDataProvider()
             [Area::AREA_FRONTEND, PasswordResetRequestEvent::CUSTOMER_PASSWORD_RESET_REQUEST, 1],
             // This should never happen, but let's cover it with tests
             [Area::AREA_FRONTEND, PasswordResetRequestEvent::ADMIN_PASSWORD_RESET_REQUEST, 1],
+            [Area::AREA_WEBAPI_REST, PasswordResetRequestEvent::CUSTOMER_PASSWORD_RESET_REQUEST, 1],
         ];
     }
 }

Original file line number	Diff line number	Diff line change
`@@ -92,7 +92,7 @@ public function testBeforeInitiatePasswordReset($area, $passwordRequestEvent, $e`
`92`	`92`	`]`
`93`	`93`	`);`
`94`	`94`
`95`		`- $this->scope->expects($this->once())`
	`95`	`+ $this->scope->expects($this->any())`
`96`	`96`	`->method('getCurrentScope')`
`97`	`97`	`->willReturn($area);`
`98`	`98`
`@@ -119,6 +119,7 @@ public function beforeInitiatePasswordResetDataProvider()`
`119`	`119`	`[Area::AREA_FRONTEND, PasswordResetRequestEvent::CUSTOMER_PASSWORD_RESET_REQUEST, 1],`
`120`	`120`	`// This should never happen, but let's cover it with tests`
`121`	`121`	`[Area::AREA_FRONTEND, PasswordResetRequestEvent::ADMIN_PASSWORD_RESET_REQUEST, 1],`
	`122`	`+ [Area::AREA_WEBAPI_REST, PasswordResetRequestEvent::CUSTOMER_PASSWORD_RESET_REQUEST, 1],`
`122`	`123`	`];`
`123`	`124`	`}`
`124`	`125`	`}`