Sylius
diff --git a/‎features/account/resetting_password.feature‎
Lines changed: 1 addition & 1 deletion b/‎features/account/resetting_password.feature‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎features/account/resetting_password_validation.feature‎
Lines changed: 2 additions & 2 deletions b/‎features/account/resetting_password_validation.feature‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎src/Sylius/Behat/Context/Api/Shop/LoginContext.php‎
Lines changed: 46 additions & 10 deletions b/‎src/Sylius/Behat/Context/Api/Shop/LoginContext.php‎
Lines changed: 46 additions & 10 deletions
diff --git a/‎src/Sylius/Behat/Resources/config/services/contexts/api/shop.xml‎
Lines changed: 0 additions & 1 deletion b/‎src/Sylius/Behat/Resources/config/services/contexts/api/shop.xml‎
Lines changed: 0 additions & 1 deletion
diff --git a/‎src/Sylius/Bundle/ApiBundle/Command/ResetPassword.php‎
Lines changed: 42 additions & 0 deletions b/‎src/Sylius/Bundle/ApiBundle/Command/ResetPassword.php‎
Lines changed: 42 additions & 0 deletions
diff --git a/‎src/Sylius/Bundle/ApiBundle/CommandHandler/RequestResetPasswordTokenHandler.php‎
Lines changed: 2 additions & 1 deletion b/‎src/Sylius/Bundle/ApiBundle/CommandHandler/RequestResetPasswordTokenHandler.php‎
Lines changed: 2 additions & 1 deletion
diff --git a/‎src/Sylius/Bundle/ApiBundle/CommandHandler/ResetPasswordHandler.php‎
Lines changed: 68 additions & 0 deletions b/‎src/Sylius/Bundle/ApiBundle/CommandHandler/ResetPasswordHandler.php‎
Lines changed: 68 additions & 0 deletions
diff --git a/‎src/Sylius/Bundle/ApiBundle/DataProvider/ResetPasswordItemDataProvider.php‎
Lines changed: 33 additions & 0 deletions b/‎src/Sylius/Bundle/ApiBundle/DataProvider/ResetPasswordItemDataProvider.php‎
Lines changed: 33 additions & 0 deletions
diff --git a/‎src/Sylius/Bundle/ApiBundle/Resources/config/api_resources/PasswordReset.xml‎
Lines changed: 0 additions & 46 deletions b/‎src/Sylius/Bundle/ApiBundle/Resources/config/api_resources/PasswordReset.xml‎
Lines changed: 0 additions & 46 deletions
@@ -22,7 +22,7 @@ Feature: Resetting a password
         When I reset password for email "[email protected]" in "Polish (Poland)" locale
         Then an email with reset token should be sent to "[email protected]" in "Polish (Poland)" locale
 
-    @ui @email
+    @ui @email @api
     Scenario: Changing my account password with token I received
         Given I have already received a resetting password email
         When I follow link on my email to reset my password
 
@@ -15,7 +15,7 @@ Feature: Resetting a password validation
         And I try to reset it
         Then I should be notified that the email is required
 
-    @ui
+    @ui @api
     Scenario: Trying to reset password with a wrong confirmation password
         Given I have already received a resetting password email
         When I follow link on my email to reset my password
@@ -24,7 +24,7 @@ Feature: Resetting a password validation
         And I try to reset it
         Then I should be notified that the entered passwords do not match
 
-    @ui
+    @ui @api
     Scenario: Trying to reset my password with a too short password
         Given I have already received a resetting password email
         When I follow link on my email to reset my password
 
@@ -17,7 +17,8 @@
 use Sylius\Behat\Client\ApiClientInterface;
 use Sylius\Behat\Client\ApiSecurityClientInterface;
 use Sylius\Behat\Client\Request;
-use Sylius\Behat\Client\ResponseCheckerInterface;
+use Sylius\Component\User\Model\UserInterface;
+use Symfony\Component\HttpFoundation\Request as HTTPRequest;
 use Webmozart\Assert\Assert;
 
 final class LoginContext implements Context
@@ -28,20 +29,15 @@ final class LoginContext implements Context
     /** @var ApiClientInterface */
     private $apiClient;
 
-    /** @var ResponseCheckerInterface */
-    private $responseChecker;
-
     /** @var Request|null */
     private $request;
 
     public function __construct(
         ApiSecurityClientInterface $apiSecurityClient,
-        ApiClientInterface $apiClient,
-        ResponseCheckerInterface $responseChecker
+        ApiClientInterface $apiClient
     ) {
         $this->apiSecurityClient = $apiSecurityClient;
         $this->apiClient = $apiClient;
-        $this->responseChecker = $responseChecker;
     }
 
     /**
@@ -79,6 +75,17 @@ public function iResetPasswordForEmailInLocale(string $email, string $localeCode
         $this->iResetIt();
     }
 
+    /**
+     * @When /^I follow link on (my) email to reset my password$/
+     */
+    public function iFollowLinkOnMyEmailToResetPassword(UserInterface $user): void
+    {
+        $this->request = Request::custom(
+            sprintf('api/v2/shop/reset-password/%s', $user->getPasswordResetToken()),
+            HttpRequest::METHOD_PATCH
+        );
+    }
+
     /**
      * @When I reset it
      * @When I try to reset it
@@ -102,7 +109,25 @@ public function iSpecifyTheUsername(string $username): void
      */
     public function iSpecifyTheEmail(string $email = ''): void
     {
-        $this->request->setContent(['email' => $email]);
+        $this->request->updateContent(['email' => $email]);
+    }
+
+    /**
+     * @When I specify my new password as :password
+     * @When I do not specify my new password
+     */
+    public function iSpecifyMyNewPassword(?string $password = null): void
+    {
+        $this->request->updateContent(['newPassword' => $password]);
+    }
+
+    /**
+     * @When I confirm my new password as :password
+     * @When I do not confirm my new password
+     */
+    public function iConfirmMyNewPassword(?string $password = null): void
+    {
+        $this->request->updateContent(['confirmNewPassword' => $password]);
     }
 
     /**
@@ -168,11 +193,22 @@ public function iShouldBeNotifiedAboutBadCredentials(): void
 
     /**
      * @Then I should be notified that email with reset instruction has been sent
+     * @Then I should be notified that my password has been successfully reset
      */
     public function iShouldBeNotifiedThatEmailWithResetInstructionWasSent(): void
     {
-        $response = $this->apiClient->getLastResponse();
-        Assert::same($response->getStatusCode(), 202);
+        Assert::same($this->apiClient->getLastResponse()->getStatusCode(), 202);
+    }
+
+    /**
+     * @Then I should be able to log in as :email with :password password
+     * @Then the customer should be able to log in as :email with :password password
+     */
+    public function iShouldBeAbleToLogInAsWithPassword(string $email, string $password): void
+    {
+        $this->iLogInAsWithPassword($email, $password);
+
+        $this->iShouldBeLoggedIn();
     }
 
     private function addLocaleCode(string $localeCode): void
 
@@ -75,7 +75,6 @@
         <service id="sylius.behat.context.api.shop.login" class="Sylius\Behat\Context\Api\Shop\LoginContext">
             <argument type="service" id="sylius.behat.client.shop_api_platform_security_client" />
             <argument type="service" id="sylius.behat.api_platform_client.shop.account" />
-            <argument type="service" id="Sylius\Behat\Client\ResponseCheckerInterface" />
         </service>
 
         <service id="sylius.behat.context.api.shop.product" class="Sylius\Behat\Context\Api\Shop\ProductContext">
 
@@ -0,0 +1,42 @@
+<?php
+
+/*
+ * This file is part of the Sylius package.
+ *
+ * (c) Paweł Jędrzejewski
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+declare(strict_types=1);
+
+namespace Sylius\Bundle\ApiBundle\Command;
+
+/** @experimental */
+class ResetPassword
+{
+    /** @var string */
+    public $newPassword;
+
+    /** @var string */
+    public $confirmNewPassword;
+
+    /** @var string */
+    public $resetPasswordToken;
+
+    public function __construct(string $resetPasswordToken)
+    {
+        $this->resetPasswordToken = $resetPasswordToken;
+    }
+
+    public function getResetPasswordToken(): string
+    {
+        return $this->resetPasswordToken;
+    }
+
+    public function setResetPasswordToken(string $token): void
+    {
+        $this->resetPasswordToken = $token;
+    }
+}
@@ -17,12 +17,13 @@
 use Sylius\Bundle\ApiBundle\Command\SendResetPasswordEmail;
 use Sylius\Component\User\Repository\UserRepositoryInterface;
 use Sylius\Component\User\Security\Generator\GeneratorInterface;
+use Symfony\Component\Messenger\Handler\MessageHandlerInterface;
 use Symfony\Component\Messenger\MessageBusInterface;
 use Symfony\Component\Messenger\Stamp\DispatchAfterCurrentBusStamp;
 use Webmozart\Assert\Assert;
 
 /** @experimental */
-final class RequestResetPasswordTokenHandler
+final class RequestResetPasswordTokenHandler implements MessageHandlerInterface
 {
     /** @var UserRepositoryInterface */
     private $userRepository;
 
@@ -0,0 +1,68 @@
+<?php
+
+/*
+ * This file is part of the Sylius package.
+ *
+ * (c) Paweł Jędrzejewski
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+declare(strict_types=1);
+
+namespace Sylius\Bundle\ApiBundle\CommandHandler;
+
+use Sylius\Bundle\ApiBundle\Command\ResetPassword;
+use Sylius\Component\Core\Model\ShopUserInterface;
+use Sylius\Component\Resource\Metadata\MetadataInterface;
+use Sylius\Component\User\Repository\UserRepositoryInterface;
+use Sylius\Component\User\Security\PasswordUpdaterInterface;
+use Symfony\Component\Messenger\Handler\MessageHandlerInterface;
+use Webmozart\Assert\Assert;
+
+/** @experimental */
+final class ResetPasswordHandler implements MessageHandlerInterface
+{
+    /** @var UserRepositoryInterface */
+    private $userRepository;
+
+    /** @var MetadataInterface */
+    private $metadata;
+
+    /** @var PasswordUpdaterInterface */
+    private $passwordUpdater;
+
+    public function __construct(
+        UserRepositoryInterface $userRepository,
+        MetadataInterface $metadata,
+        PasswordUpdaterInterface $passwordUpdater
+    ) {
+        $this->userRepository = $userRepository;
+        $this->metadata = $metadata;
+        $this->passwordUpdater = $passwordUpdater;
+    }
+
+    public function __invoke(ResetPassword $command): void
+    {
+        /** @var ShopUserInterface|null $user */
+        $user = $this->userRepository->findOneBy(['passwordResetToken' => $command->getResetPasswordToken()]);
+
+        Assert::notNull($user);
+
+        $resetting = $this->metadata->getParameter('resetting');
+        $lifetime = new \DateInterval($resetting['token']['ttl']);
+
+        if (!$user->isPasswordRequestNonExpired($lifetime)) {
+            throw new \InvalidArgumentException('Password reset token has expired');
+        }
+
+        if ($command->getResetPasswordToken() !== $user->getPasswordResetToken()) {
+            throw new \InvalidArgumentException('Password reset token do not match.');
+        }
+
+        $user->setPlainPassword($command->newPassword);
+
+        $this->passwordUpdater->updatePassword($user);
+    }
+}
@@ -0,0 +1,33 @@
+<?php
+
+/*
+ * This file is part of the Sylius package.
+ *
+ * (c) Paweł Jędrzejewski
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+declare(strict_types=1);
+
+namespace Sylius\Bundle\ApiBundle\DataProvider;
+
+use ApiPlatform\Core\DataProvider\ItemDataProviderInterface;
+use ApiPlatform\Core\DataProvider\RestrictedDataProviderInterface;
+use Sylius\Bundle\ApiBundle\Command\ResetPassword;
+use Sylius\Component\User\Repository\UserRepositoryInterface;
+
+/** @experimental */
+final class ResetPasswordItemDataProvider implements RestrictedDataProviderInterface, ItemDataProviderInterface
+{
+    public function getItem(string $resourceClass, $id, string $operationName = null, array $context = [])
+    {
+        return new ResetPassword($id);
+    }
+
+    public function supports(string $resourceClass, string $operationName = null, array $context = []): bool
+    {
+        return is_a($resourceClass, ResetPassword::class, true);
+    }
+}