Merge remote-tracking branch 'origin/MC-31575' into 2.3-develop-pr38

serhii-balko · serhii-balko · commit 52a52d9509d5 · 2020-03-02T12:38:53.000+02:00
diff --git a/app/code/Magento/Customer/Model/AccountManagement.php b/app/code/Magento/Customer/Model/AccountManagement.php
@@ -1045,10 +1045,10 @@ private function changePasswordForCustomer($customer, $currentPassword, $newPass
         }
         $customerEmail = $customer->getEmail();
         $this->credentialsValidator->checkPasswordDifferentFromEmail($customerEmail, $newPassword);
+        $this->checkPasswordStrength($newPassword);
         $customerSecure = $this->customerRegistry->retrieveSecureData($customer->getId());
         $customerSecure->setRpToken(null);
         $customerSecure->setRpTokenCreatedAt(null);
-        $this->checkPasswordStrength($newPassword);
         $customerSecure->setPasswordHash($this->createPasswordHash($newPassword));
         $this->destroyCustomerSessions($customer->getId());
         $this->disableAddressValidation($customer);
@@ -1630,6 +1630,7 @@ private function getEmailNotification()
      */
     private function destroyCustomerSessions($customerId)
     {
+        $this->sessionManager->regenerateId();
         $sessionLifetime = $this->scopeConfig->getValue(
             \Magento\Framework\Session\Config::XML_PATH_COOKIE_LIFETIME,
             \Magento\Store\Model\ScopeInterface::SCOPE_STORE
diff --git a/app/code/Magento/Customer/Test/Unit/Model/AccountManagementTest.php b/app/code/Magento/Customer/Test/Unit/Model/AccountManagementTest.php
@@ -1551,6 +1551,7 @@ public function testChangePassword()
             ->with($customer);
 
         $this->sessionManager->expects($this->atLeastOnce())->method('getSessionId');
+        $this->sessionManager->expects($this->atLeastOnce())->method('regenerateId');
 
         $visitor = $this->getMockBuilder(\Magento\Customer\Model\Visitor::class)
             ->disableOriginalConstructor()
@@ -1628,6 +1629,7 @@ function ($string) {
 
         $this->sessionManager->method('isSessionExists')->willReturn(false);
         $this->sessionManager->expects($this->atLeastOnce())->method('getSessionId');
+        $this->sessionManager->expects($this->atLeastOnce())->method('regenerateId');
         $visitor = $this->getMockBuilder(\Magento\Customer\Model\Visitor::class)
             ->disableOriginalConstructor()
             ->setMethods(['getSessionId'])
