magento2 icon indicating copy to clipboard operation
magento2 copied to clipboard

Published 20 hours ago verified publisher icon magento

Reset password email sent from wrong store

Open Axel29 opened this issue 4 years ago • 17 comments

Preconditions (*)

  1. Magento >= 2.3.4 (tested on Magento 2.3.4)

Steps to reproduce (*)

  1. Login to Magento Backend
  2. Go to Stores > All Stores and create a new website and a new store associated to that website
  3. Go to Stores > Configuration > General > Web and use a different domain for the new website
  4. Go to Stores > Configuration > General > General > Locale Options and set the new store's language to a different one from the default store
  5. Go to Stores > Configuration > Customers > Customer Configuration > Account Sharing Options and enable account sharing
  6. Go to Magento Store Frontend in the first (default) store
  7. Create a customer account
  8. Go to the second store
  9. Go to the forgot password page and send the form using the email used in step 6 (create a customer account)

Expected result (*)

  1. Customer receives an email sent in the correct language
  2. Customer gets redirected to the login page of the second store view
  3. The URL in the footer is the one of the second store view

Actual result (*)

  1. Customer receives an email sent in the language of the store he created his account in
  2. Customer gets redirected to the login page of the store he created his account in
  3. The URL in the footer is the one of the store he created his account in

Explanation

The bug seems to have appeared in Magento 2.3.4 after changing the method \Magento\Customer\Model\EmailNotification::passwordResetConfirmation.

Before Magento 2.3.4, the code did this:

    public function passwordResetConfirmation(CustomerInterface $customer)
    {
        $storeId = $this->storeManager->getStore()->getId();
        if (!$storeId) {
            $storeId = $this->getWebsiteStoreId($customer);
        }

        $customerEmailData = $this->getFullCustomerObject($customer);

        $this->sendEmailTemplate(
            $customer,
            self::XML_PATH_FORGOT_EMAIL_TEMPLATE,
            self::XML_PATH_FORGOT_EMAIL_IDENTITY,
            ['customer' => $customerEmailData, 'store' => $this->storeManager->getStore($storeId)],
            $storeId
        );
    }

but was changed to this:

    public function passwordResetConfirmation(CustomerInterface $customer)
    {
        $storeId = $customer->getStoreId();
        if (!$storeId) {
            $storeId = $this->getWebsiteStoreId($customer);
        }

        $customerEmailData = $this->getFullCustomerObject($customer);

        $this->sendEmailTemplate(
            $customer,
            self::XML_PATH_FORGOT_EMAIL_TEMPLATE,
            self::XML_PATH_FORGOT_EMAIL_IDENTITY,
            ['customer' => $customerEmailData, 'store' => $this->storeManager->getStore($storeId)],
            $storeId
        );
    }

The problem si that the customer's store ID is retrieved instead of the current store ID.

I think the issue was introduced in this GitHub issue: https://github.com/magento/magento2/issues/5726 which clearly didn't take into account the multi-website / multi-domain and frontend email.

Axel29 avatar Nov 04 '20 17:11 Axel29