magento · sfritzsche · Aug 30, 2024
diff --git a/app/code/Magento/Customer/Controller/Account/ForgotPasswordPost.php b/app/code/Magento/Customer/Controller/Account/ForgotPasswordPost.php
@@ -5,6 +5,8 @@
  */
 namespace Magento\Customer\Controller\Account;
 
+use Magento\Customer\Api\CustomerRepositoryInterface;
+use Magento\Customer\Api\SessionCleanerInterface;
 use Magento\Framework\App\Action\HttpPostActionInterface as HttpPostActionInterface;
 use Magento\Customer\Api\AccountManagementInterface;
 use Magento\Customer\Model\AccountManagement;
@@ -16,6 +18,7 @@
 use Magento\Framework\Exception\SecurityViolationException;
 use Magento\Framework\Validator\EmailAddress;
 use Magento\Framework\Validator\ValidatorChain;
+use Magento\Framework\App\ObjectManager;
 
 /**
  * ForgotPasswordPost controller
@@ -38,21 +41,38 @@ class ForgotPasswordPost extends \Magento\Customer\Controller\AbstractAccount im
      */
     protected $session;
 
+    /**
+     * @var CustomerRepositoryInterface
+     */
+    private $customerRepository;
+
+    /**
+     * @var SessionCleanerInterface
+     */
+    private $sessionCleaner;
+
     /**
      * @param Context $context
      * @param Session $customerSession
      * @param AccountManagementInterface $customerAccountManagement
      * @param Escaper $escaper
+     * @param CustomerRepositoryInterface $customerRepository
+     * @param SessionCleanerInterface|null $sessionCleaner
      */
     public function __construct(
         Context $context,
         Session $customerSession,
         AccountManagementInterface $customerAccountManagement,
-        Escaper $escaper
+        Escaper $escaper,
+        CustomerRepositoryInterface $customerRepository,
+        SessionCleanerInterface $sessionCleaner = null
     ) {
         $this->session = $customerSession;
         $this->customerAccountManagement = $customerAccountManagement;
         $this->escaper = $escaper;
+        $this->customerRepository = $customerRepository;
+        $objectManager = ObjectManager::getInstance();
+        $this->sessionCleaner = $sessionCleaner ?? $objectManager->get(SessionCleanerInterface::class);
         parent::__construct($context);
     }
 
@@ -80,6 +100,8 @@ public function execute()
                     $email,
                     AccountManagement::EMAIL_RESET
                 );
+                $customer = $this->customerRepository->get($email);
+                $this->sessionCleaner->clearFor((int)$customer->getId());
                 // phpcs:ignore Magento2.CodeAnalysis.EmptyBlock.DetectedCatch
             } catch (NoSuchEntityException $exception) {
                 // Do nothing, we don't want anyone to use this action to determine which email accounts are registered.
@@ -93,7 +115,6 @@ public function execute()
                 );
                 return $resultRedirect->setPath('*/*/forgotpassword');
             }
-            $this->session->destroy(['send_expire_cookie']);
             $this->messageManager->addSuccessMessage($this->getSuccessMessage($email));
             return $resultRedirect->setPath('*/*/');
         } else {

diff --git a/app/code/Magento/Customer/Test/Unit/Controller/Account/ForgotPasswordPostTest.php b/app/code/Magento/Customer/Test/Unit/Controller/Account/ForgotPasswordPostTest.php
@@ -8,8 +8,11 @@
 namespace Magento\Customer\Test\Unit\Controller\Account;
 
 use Magento\Customer\Api\AccountManagementInterface;
+use Magento\Customer\Api\CustomerRepositoryInterface;
+use Magento\Customer\Api\SessionCleanerInterface;
 use Magento\Customer\Controller\Account\ForgotPasswordPost;
 use Magento\Customer\Model\AccountManagement;
+use Magento\Customer\Model\Data\Customer;
 use Magento\Customer\Model\Session;
 use Magento\Framework\App\Action\Context;
 use Magento\Framework\App\Request\Http as Request;
@@ -71,6 +74,16 @@ class ForgotPasswordPostTest extends TestCase
      */
     protected $messageManager;
 
+    /**
+     * @var CustomerRepositoryInterface|MockObject
+     */
+    private $customerRepository;
+
+    /**
+     * @var SessionCleanerInterface|MockObject
+     */
+    private $sessionCleanerMock;
+
     protected function setUp(): void
     {
         $this->prepareContext();
@@ -86,11 +99,18 @@ protected function setUp(): void
             ->disableOriginalConstructor()
             ->getMock();
 
+        $this->customerRepository = $this->getMockBuilder(CustomerRepositoryInterface::class)
+            ->getMockForAbstractClass();
+
+        $this->sessionCleanerMock = $this->createMock(SessionCleanerInterface::class);
+
         $this->controller = new ForgotPasswordPost(
             $this->context,
             $this->session,
             $this->accountManagement,
-            $this->escaper
+            $this->escaper,
+            $this->customerRepository,
+            $this->sessionCleanerMock
         );
     }
 
@@ -117,6 +137,7 @@ public function testExecuteEmptyEmail()
     public function testExecute()
     {
         $email = 'user1@example.com';
+        $customerId = '1';
 
         $this->request->expects($this->once())
             ->method('getPost')
@@ -128,6 +149,21 @@ public function testExecute()
             ->with($email, AccountManagement::EMAIL_RESET)
             ->willReturnSelf();
 
+        $customer = $this->getMockBuilder(Customer::class)
+            ->disableOriginalConstructor()
+            ->getMock();
+
+        $customer->expects($this->once())
+            ->method('getId')
+            ->willReturn($customerId);
+
+        $this->customerRepository->expects($this->once())
+            ->method('get')
+            ->with($email)
+            ->willReturn($customer);
+
+        $this->sessionCleanerMock->expects($this->once())->method('clearFor')->with($customerId)->willReturnSelf();
+
         $this->escaper->expects($this->once())
             ->method('escapeHtml')
             ->with($email)
@@ -147,8 +183,6 @@ public function testExecute()
             ->with('*/*/')
             ->willReturnSelf();
 
-        $this->session->expects($this->once())->method('destroy')->with(['send_expire_cookie']);
-
         $this->controller->execute();
     }
 
@@ -166,6 +200,15 @@ public function testExecuteNoSuchEntityException()
             ->with($email, AccountManagement::EMAIL_RESET)
             ->willThrowException(new NoSuchEntityException(__('NoSuchEntityException')));
 
+        $customer = $this->getMockBuilder(Customer::class)
+            ->disableOriginalConstructor()
+            ->getMock();
+
+        $customer->expects($this->never())
+            ->method('getId');
+
+        $this->sessionCleanerMock->expects($this->never())->method('clearFor');
+
         $this->escaper->expects($this->once())
             ->method('escapeHtml')
             ->with($email)