ENGCOM-8388: ISSUE-27954: Forgot password save user only one column #27972

 - Merge Pull Request #27972 from sheepfy/magento2:issue-27954/forgot-password
 - Merged commits:
   1. 29621ba
   2. bc52285
   3. 4f8f9f2
   4. 09964ae
   5. b7d5fa5

Author: magento-engcom-team

app/code/Magento/Customer/Model/ForgotPasswordToken/ConfirmCustomerByToken.php

@@ -8,6 +8,8 @@
 namespace Magento\Customer\Model\ForgotPasswordToken;
 
 use Magento\Customer\Api\CustomerRepositoryInterface;
+use Magento\Customer\Api\Data\CustomerInterface;
+use Magento\Framework\Exception\LocalizedException;
 
 /**
  * Confirm customer by reset password token
@@ -25,15 +27,11 @@ class ConfirmCustomerByToken
     private $customerRepository;
 
     /**
-     * ConfirmByToken constructor.
-     *
      * @param GetCustomerByToken $getByToken
      * @param CustomerRepositoryInterface $customerRepository
      */
-    public function __construct(
-        GetCustomerByToken $getByToken,
-        CustomerRepositoryInterface $customerRepository
-    ) {
+    public function __construct(GetCustomerByToken $getByToken, CustomerRepositoryInterface $customerRepository)
+    {
         $this->getByToken = $getByToken;
         $this->customerRepository = $customerRepository;
     }
@@ -42,17 +40,29 @@ public function __construct(
      * Confirm customer account my rp_token
      *
      * @param string $resetPasswordToken
-     *
      * @return void
-     * @throws \Magento\Framework\Exception\LocalizedException
+     * @throws LocalizedException
      */
     public function execute(string $resetPasswordToken): void
     {
         $customer = $this->getByToken->execute($resetPasswordToken);
         if ($customer->getConfirmation()) {
-            $this->customerRepository->save(
-                $customer->setConfirmation(null)
-            );
+            $this->resetConfirmation($customer);
         }
     }
+
+    /**
+     * Reset customer confirmation
+     *
+     * @param CustomerInterface $customer
+     * @return void
+     */
+    private function resetConfirmation(CustomerInterface $customer): void
+    {
+        // skip unnecessary address and customer validation
+        $customer->setData('ignore_validation_flag', true);
+        $customer->setConfirmation(null);
+
+        $this->customerRepository->save($customer);
+    }
 }

app/code/Magento/Customer/Model/ForgotPasswordToken/GetCustomerByToken.php

@@ -54,7 +54,7 @@ public function __construct(
      * @throws NoSuchEntityException
      * @throws \Magento\Framework\Exception\LocalizedException
      */
-    public function execute(string $resetPasswordToken):CustomerInterface
+    public function execute(string $resetPasswordToken): CustomerInterface
     {
         $this->searchCriteriaBuilder->addFilter(
             'rp_token',

app/code/Magento/Customer/Test/Unit/Model/ForgotPasswordToken/ConfirmCustomerByTokenTest.php

@@ -0,0 +1,95 @@
+<?php
+/**
+ * Copyright © Magento, Inc. All rights reserved.
+ * See COPYING.txt for license details.
+ */
+declare(strict_types=1);
+
+namespace Magento\Customer\Test\Unit\Model\ForgotPasswordToken;
+
+use Magento\Customer\Api\CustomerRepositoryInterface;
+use Magento\Customer\Api\Data\CustomerInterface;
+use Magento\Customer\Model\ForgotPasswordToken\ConfirmCustomerByToken;
+use Magento\Customer\Model\ForgotPasswordToken\GetCustomerByToken;
+use PHPUnit\Framework\MockObject\MockObject;
+use PHPUnit\Framework\TestCase;
+
+/**
+ * Test for \Magento\Customer\Model\ForgotPasswordToken\ConfirmCustomerByToken.
+ */
+class ConfirmCustomerByTokenTest extends TestCase
+{
+    private const STUB_RESET_PASSWORD_TOKEN = 'resetPassword';
+
+    /**
+     * @var ConfirmCustomerByToken;
+     */
+    private $model;
+
+    /**
+     * @var CustomerInterface|MockObject
+     */
+    private $customerMock;
+
+    /**
+     * @var CustomerRepositoryInterface|MockObject
+     */
+    private $customerRepositoryMock;
+
+    /**
+     * @inheritDoc
+     */
+    protected function setUp(): void
+    {
+        $this->customerMock = $this->getMockBuilder(CustomerInterface::class)
+            ->disableOriginalConstructor()
+            ->addMethods(['setData'])
+            ->getMockForAbstractClass();
+
+        $this->customerRepositoryMock = $this->createMock(CustomerRepositoryInterface::class);
+
+        $getCustomerByTokenMock = $this->createMock(GetCustomerByToken::class);
+        $getCustomerByTokenMock->method('execute')->willReturn($this->customerMock);
+
+        $this->model = new ConfirmCustomerByToken($getCustomerByTokenMock, $this->customerRepositoryMock);
+    }
+
+    /**
+     * Confirm customer with confirmation
+     *
+     * @return void
+     */
+    public function testExecuteWithConfirmation(): void
+    {
+        $this->customerMock->expects($this->once())
+            ->method('getConfirmation')
+            ->willReturn('GWz2ik7Kts517MXAgrm4DzfcxKayGCm4');
+        $this->customerMock->expects($this->once())
+            ->method('setData')
+            ->with('ignore_validation_flag', true);
+        $this->customerMock->expects($this->once())
+            ->method('setConfirmation')
+            ->with(null);
+        $this->customerRepositoryMock->expects($this->once())
+            ->method('save')
+            ->with($this->customerMock);
+
+        $this->model->execute(self::STUB_RESET_PASSWORD_TOKEN);
+    }
+
+    /**
+     * Confirm customer without confirmation
+     *
+     * @return void
+     */
+    public function testExecuteWithoutConfirmation(): void
+    {
+        $this->customerMock->expects($this->once())
+            ->method('getConfirmation')
+            ->willReturn(null);
+        $this->customerRepositoryMock->expects($this->never())
+            ->method('save');
+
+        $this->model->execute(self::STUB_RESET_PASSWORD_TOKEN);
+    }
+}

dev/tests/integration/testsuite/Magento/Customer/Model/ForgotPasswordToken/ConfirmCustomerByTokenTest.php

@@ -0,0 +1,92 @@
+<?php
+/**
+ * Copyright © Magento, Inc. All rights reserved.
+ * See COPYING.txt for license details.
+ */
+declare(strict_types=1);
+
+namespace Magento\Customer\Model\ForgotPasswordToken;
+
+use Magento\Customer\Model\Customer;
+use Magento\Framework\App\ResourceConnection;
+use Magento\Framework\DB\Adapter\AdapterInterface;
+use Magento\Framework\ObjectManagerInterface;
+use Magento\TestFramework\Helper\Bootstrap;
+use PHPUnit\Framework\TestCase;
+
+/**
+ * Test for \Magento\Customer\Model\ForgotPasswordToken\ConfirmCustomerByToken.
+ */
+class ConfirmCustomerByTokenTest extends TestCase
+{
+    private const STUB_CUSTOMER_RESET_TOKEN = 'token12345';
+
+    /**
+     * @var ObjectManagerInterface
+     */
+    private $objectManager;
+
+    /**
+     * @var ConfirmCustomerByToken
+     */
+    private $confirmCustomerByToken;
+
+    /**
+     * @var AdapterInterface
+     */
+    private $connection;
+
+    /**
+     * @inheritDoc
+     */
+    protected function setUp(): void
+    {
+        $this->objectManager = Bootstrap::getObjectManager();
+
+        $resource = $this->objectManager->get(ResourceConnection::class);
+        $this->connection = $resource->getConnection();
+
+        $this->confirmCustomerByToken = $this->objectManager->get(ConfirmCustomerByToken::class);
+    }
+
+    /**
+     * Customer address shouldn't validate during confirm customer by token
+     *
+     * @magentoDataFixture Magento/Customer/_files/customer.php
+     * @magentoDataFixture Magento/Customer/_files/customer_address.php
+     *
+     * @return void
+     */
+    public function testExecuteWithInvalidAddress(): void
+    {
+        $id = 1;
+
+        $customerModel = $this->objectManager->create(Customer::class);
+        $customerModel->load($id);
+        $customerModel->setRpToken(self::STUB_CUSTOMER_RESET_TOKEN);
+        $customerModel->setRpTokenCreatedAt(date('Y-m-d H:i:s'));
+        $customerModel->setConfirmation($customerModel->getRandomConfirmationKey());
+        $customerModel->save();
+
+        //make city address invalid
+        $this->makeCityInvalid($id);
+
+        $this->confirmCustomerByToken->execute(self::STUB_CUSTOMER_RESET_TOKEN);
+        $this->assertNull($customerModel->load($id)->getConfirmation());
+    }
+
+    /**
+     * Set city invalid for customer address
+     *
+     * @param int $id
+     * @return void
+     */
+    private function makeCityInvalid(int $id): void
+    {
+        $this->connection->update(
+            $this->connection->getTableName('customer_address_entity'),
+            ['city' => ''],
+            $this->connection->quoteInto('entity_id = ?', $id)
+        );
+    }
+}