Skip to content

Commit

Permalink
Merge branch 'b-7.3.x' into b-8.0.x
Browse files Browse the repository at this point in the history 
# Conflicts:
#	CHANGELOG-7.3.md
  • Loading branch information
@moritzdemmer
moritzdemmer committed Nov 28, 2024
2 parents 59a1c53 + bf9d700 commit 3358670
Show file tree
Hide file tree
Showing 11 changed files with 293 additions and 113 deletions.
65 changes: 33 additions & 32 deletions source/Application/Component/UserComponent.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -643,59 +643,60 @@ protected function changeUserWithoutRedirect()
if (!$user) {
return;
}

$currentEmail = $user->getFieldData('oxusername');
$password = $user->getFieldData('oxpassword');
$shippingAddress = $this->getShippingAddress();
$billingAddress = $this->getBillingAddress();
$newEmail = $billingAddress['oxuser__oxusername'] ?? '';

$username = $user->getFieldData('oxusername');
$password = $user->getFieldData('oxpassword');
try {
$newName = $billingAddress['oxuser__oxusername'] ?? '';
$isUsernameUpdated = $this->isUserNameUpdated($currentEmail ?? '', $newEmail);
if ($isUsernameUpdated && $this->isGuestUser($user)) {
$this->deleteExistingGuestUser($newEmail);
}
if (
$this->isGuestUser($user)
&& $this->isUserNameUpdated($user->oxuser__oxusername->value ?? '', $newName)
!$this->isGuestUser($user)
&& $isUsernameUpdated
&& $user->isEmailInUse($newEmail)
) {
$this->deleteExistingGuestUser($newName);
Registry::getUtilsView()->addErrorToDisplay('ERROR_MESSAGE_USER_USEREXISTS');
return false;
}
$user->changeUserData($username, $password, $password, $billingAddress, $shippingAddress);
$user->changeUserData($currentEmail, $password, $password, $billingAddress, $shippingAddress);

$isSubscriptionRequested = Registry::getRequest()->getRequestEscapedParameter('blnewssubscribed');
$userSubscriptionStatus = $isSubscriptionRequested
?? $user->getNewsSubscription()->getOptInStatus();
// check if email address changed, if so, force check newsletter subscription settings.
$billingUsername = $billingAddress['oxuser__oxusername'] ?? null;
$forceSubscriptionCheck = ($billingUsername !== null && $billingUsername !== $username);
$userSubscriptionStatus = $isSubscriptionRequested ?? $user->getNewsSubscription()->getOptInStatus();
$isSubscriptionEmailRequested = Registry::getConfig()->getConfigParam('blOrderOptInEmail');

$this->_blNewsSubscriptionStatus = $user->setNewsSubscription(
$userSubscriptionStatus,
$isSubscriptionEmailRequested,
$forceSubscriptionCheck
$isUsernameUpdated
);

$this->resetPermissions();

$orderRemark = Registry::getRequest()->getRequestParameter('order_remark', true);
if ($orderRemark) {
$session->setVariable('ordrem', $orderRemark);
} else {
$session->deleteVariable('ordrem');
}

if ($basket = $session->getBasket()) {
$basket->setBasketUser(null);
$basket->onUpdate();
}

return true;
} catch (UserException | ConnectionException | InputException $exception) {
Registry::getUtilsView()->addErrorToDisplay($exception, false, true);

return;
} catch (\Throwable) {
Registry::getUtilsView()->addErrorToDisplay('ERROR_MESSAGE_USER_UPDATE_FAILED', false, true);
return false;
}

$this->resetPermissions();

// order remark
$orderRemark = Registry::getRequest()->getRequestParameter('order_remark', true);

if ($orderRemark) {
$session->setVariable('ordrem', $orderRemark);
} else {
$session->deleteVariable('ordrem');
}

if ($basket = $session->getBasket()) {
$basket->setBasketUser(null);
$basket->onUpdate();
}

return true;
}

/**
Expand Down
25 changes: 11 additions & 14 deletions source/Application/Controller/Admin/UserMain.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@

namespace OxidEsales\EshopCommunity\Application\Controller\Admin;

use OxidEsales\Eshop\Application\Model\User;
use OxidEsales\Eshop\Core\Registry;
use stdClass;
use Exception;
Expand All @@ -26,7 +27,7 @@ public function render()
parent::render();

// malladmin stuff
$oAuthUser = oxNew(\OxidEsales\Eshop\Application\Model\User::class);
$oAuthUser = oxNew(User::class);
$oAuthUser->loadAdminUser();
$blisMallAdmin = $oAuthUser->oxuser__oxrights->value == "malladmin";

Expand All @@ -52,7 +53,7 @@ public function render()
$soxId = $this->_aViewData["oxid"] = $this->getEditObjectId();
if (isset($soxId) && $soxId != "-1") {
// load object
$oUser = oxNew(\OxidEsales\Eshop\Application\Model\User::class);
$oUser = oxNew(User::class);
$oUser->load($soxId);
$this->_aViewData["edit"] = $oUser;

Expand Down Expand Up @@ -102,50 +103,46 @@ public function save()
{
parent::save();

//allow admin information edit only for MALL admins
$soxId = $this->getEditObjectId();
if ($this->allowAdminEdit($soxId)) {
$aParams = Registry::getRequest()->getRequestEscapedParameter("editval");

// checkbox handling
if (!isset($aParams['oxuser__oxactive'])) {
$aParams['oxuser__oxactive'] = 0;
}

$oUser = oxNew(\OxidEsales\Eshop\Application\Model\User::class);
$oUser = oxNew(User::class);
if ($soxId != "-1") {
$oUser->load($soxId);
} else {
$aParams['oxuser__oxid'] = null;
}

//setting new password
if (($sNewPass = Registry::getRequest()->getRequestEscapedParameter("newPassword"))) {
$oUser->setPassword($sNewPass);
}

//FS#2167 V checks for already used email

if (isset($aParams['oxuser__oxusername']) && $oUser->checkIfEmailExists($aParams['oxuser__oxusername'])) {
if (
isset($aParams['oxuser__oxusername'])
&& ($aParams['oxuser__oxusername'] !== $oUser->getRawFieldData('oxusername'))
&& $oUser->isEmailInUse($aParams['oxuser__oxusername'])
) {
$this->_sSaveError = 'EXCEPTION_USER_USEREXISTS';

return;
}

$oUser->assign($aParams);

//seting shop id for ONLY for new created user
if ($soxId == "-1") {
$this->onUserCreation($oUser);
}

// A. changing field type to save birth date correctly
$oUser->oxuser__oxbirthdate->fldtype = 'char';

try {
$oUser->save();

// set oxid if inserted
$this->setEditObjectId($oUser->getId());
} catch (Exception $oExcp) {
$this->_sSaveError = $oExcp->getMessage();
Expand All @@ -168,9 +165,9 @@ protected function calculateAdditionalRights($userRights)
/**
* Additional actions on user creation.
*
* @param \OxidEsales\Eshop\Application\Model\User $user
* @param User $user
*
* @return \OxidEsales\Eshop\Application\Model\User
* @return User
*/
protected function onUserCreation($user)
{
Expand Down
98 changes: 61 additions & 37 deletions source/Application/Model/User.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,7 @@
use OxidEsales\EshopCommunity\Core\Di\ContainerFacade;
use OxidEsales\EshopCommunity\Internal\Domain\Authentication\Bridge\PasswordServiceBridgeInterface;
use OxidEsales\EshopCommunity\Internal\Domain\Authentication\Bridge\RandomTokenGeneratorBridgeInterface;
use OxidEsales\EshopCommunity\Internal\Framework\Database\QueryBuilderFactoryInterface;

/**
* User manager.
Expand Down Expand Up @@ -1711,53 +1712,76 @@ protected function update()
/**
* Checks for already used email
*
* @param string $sEmail user email/login
* @param string $email user email/login
*
* @return bool
*/
public function checkIfEmailExists($sEmail)
public function checkIfEmailExists($email)
{
$myConfig = \OxidEsales\Eshop\Core\Registry::getConfig();
// We force reading from master to prevent issues with slow replications or open transactions (see ESDEV-3804).
$masterDb = \OxidEsales\Eshop\Core\DatabaseProvider::getMaster();
$iShopId = $myConfig->getShopId();
$blExists = false;
if (!$email) {
return false;
}

$sQ = 'select oxshopid, oxrights, oxpassword from oxuser where oxusername = :oxusername';
$params = [
':oxusername' => (string) $sEmail
];
if (($sOxid = $this->getId())) {
$sQ .= " and oxid <> :notoxid";
$params[':notoxid'] = $sOxid;
$config = Registry::getConfig();
$masterDb = DatabaseProvider::getMaster();
$shopId = $config->getShopId();

$query = 'SELECT oxshopid, oxrights, oxpassword FROM oxuser WHERE oxusername = :oxusername';
$params = [':oxusername' => (string) $email];

if ($id = $this->getId()) {
$query .= " AND oxid <> :notoxid";
$params[':notoxid'] = $id;
}
$oRs = $masterDb->select($sQ, $params);
if ($oRs != false && $oRs->count() > 0) {
if ($this->_blMallUsers) {
$blExists = true;
if ($oRs->fields[1] == 'user' && !$oRs->fields[2]) {
// password is not set - allow to override
$blExists = false;
}
} else {
$blExists = false;
while (!$oRs->EOF) {
if ($oRs->fields[1] != 'user') {
// exists admin with same login - must not allow
$blExists = true;
break;
} elseif ($oRs->fields[0] == $iShopId && $oRs->fields[2]) {
// exists same login (with password) in same shop
$blExists = true;
break;
}

$oRs->fetchRow();
}
$result = $masterDb->select($query, $params);

if (!$result || $result->count() === 0) {
return false;
}

if ($this->_blMallUsers) {
if ($result->fields[1] === 'user' && !$result->fields[2]) {
return false; // No password set - allow override
}
return true;
}

while (!$result->EOF) {
if ($result->fields[1] !== 'user') {
return true; // Admin user exists
}

if ($result->fields[0] == $shopId && ($result->fields[2])) {
return true; // User exists in same shop with password
}

$result->fetchRow();
}

return false;
}

public function isEmailInUse(string $email): bool
{
$queryBuilder = ContainerFacade::get(QueryBuilderFactoryInterface::class)->create();
$queryBuilder
->select('1')
->from('oxuser')
->where('oxusername = :email')
->andWhere('oxshopid = :shopId')
->setParameters([
'email' => $email,
'shopId' => Registry::getConfig()->getShopId()
]);

if ($this->getId()) {
$queryBuilder
->andWhere('oxid != :currentUserId')
->setParameter('currentUserId', $this->getId());
}

return $blExists;
return (bool) $queryBuilder->execute()->fetchOne();
}

/**
Expand Down
2 changes: 1 addition & 1 deletion source/Application/translations/de/lang.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -163,7 +163,7 @@
'ERROR_MESSAGE_USER_NOVALUES' => 'E-Mail und Passwort müssen ausgefüllt sein!',
'ERROR_MESSAGE_USER_USERCREATIONFAILED' => 'Fehler beim Anlegen des Benutzers!',
'ERROR_MESSAGE_USER_UPDATE_FAILED' => 'Fehler beim Aktualisieren der Benutzerdaten!',
'ERROR_MESSAGE_USER_USEREXISTS' => '%s konnte nicht registriert werden. Haben Sie bereits ein Kundenkonto bei uns?',
'ERROR_MESSAGE_USER_USEREXISTS' => 'Bei dieser E-Mail-Adresse ist ein Fehler aufgetreten. Bitte wenden Sie sich an unseren Support.',
'ERROR_MESSAGE_VERSION_EXPIRED1' => 'Ihre Version ist leider abgelaufen. Bitte kontaktieren Sie',
'ERROR_MESSAGE_VOUCHER_INCORRECTPRICE' => 'Einkaufswert ist zu niedrig für diesen Gutschein!',
'ERROR_MESSAGE_VOUCHER_ISRESERVED' => 'Gutschein ist reserviert!',
Expand Down
2 changes: 1 addition & 1 deletion source/Application/translations/en/lang.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -163,7 +163,7 @@
'ERROR_MESSAGE_USER_NOVALUES' => 'E-mail address and password have to be entered!',
'ERROR_MESSAGE_USER_USERCREATIONFAILED' => 'Error creating the user!',
'ERROR_MESSAGE_USER_UPDATE_FAILED' => 'Error while updating the user data!',
'ERROR_MESSAGE_USER_USEREXISTS' => 'Not possible to register %s. Maybe you have already registered?',
'ERROR_MESSAGE_USER_USEREXISTS' => 'An error has occurred with this e-mail address. Please contact our support.',
'ERROR_MESSAGE_VERSION_EXPIRED1' => 'Your version is expired. Please contact',
'ERROR_MESSAGE_VOUCHER_INCORRECTPRICE' => 'The total price is too low for this coupon!',
'ERROR_MESSAGE_VOUCHER_ISRESERVED' => 'This coupon is reserved!',
Expand Down
35 changes: 20 additions & 15 deletions source/Core/InputValidator.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,9 @@
use OxidEsales\Eshop\Application\Model\Address;
use OxidEsales\Eshop\Application\Model\User;
use OxidEsales\Eshop\Core\Exception\ArticleInputException;
use OxidEsales\Eshop\Core\Exception\InputException;
use OxidEsales\Eshop\Core\Exception\StandardException;
use OxidEsales\Eshop\Core\Exception\UserException;
use OxidEsales\Eshop\Core\Registry;
use OxidEsales\Eshop\Core\Str;
use OxidEsales\EshopCommunity\Core\Di\ContainerFacade;
Expand Down Expand Up @@ -107,34 +109,37 @@ public function validateBasketAmount($amount)
*/
public function checkLogin($user, $login, $invAddress)
{
$login = (isset($invAddress['oxuser__oxusername'])) ? $invAddress['oxuser__oxusername'] : $login;
$login = (isset($invAddress['oxuser__oxusername']))
? $invAddress['oxuser__oxusername']
: $login;

if (
isset($user->oxuser__oxpassword->value) &&
$user->oxuser__oxpassword->value &&
$login != $user->oxuser__oxusername->value
) {
$newPassword = (isset($invAddress['oxuser__oxpassword']) && $invAddress['oxuser__oxpassword'])
? $invAddress['oxuser__oxpassword']
: Registry::getRequest()->getRequestEscapedParameter('user_password');

// check only for users with password during registration
// if user wants to change user name - we must check if passwords are ok before changing
if (isset($user->oxuser__oxpassword->value) && $user->oxuser__oxpassword->value && $login != $user->oxuser__oxusername->value) {
// on this case password must be taken directly from request
$newPassword = (isset($invAddress['oxuser__oxpassword']) && $invAddress['oxuser__oxpassword']) ? $invAddress['oxuser__oxpassword'] : Registry::getRequest()->getRequestEscapedParameter('user_password');
if (!$newPassword) {
// 1. user forgot to enter password
$exception = oxNew(\OxidEsales\Eshop\Core\Exception\InputException::class);
$exception->setMessage(\OxidEsales\Eshop\Core\Registry::getLang()->translateString('ERROR_MESSAGE_INPUT_NOTALLFIELDS'));
$message = Registry::getLang()->translateString('ERROR_MESSAGE_INPUT_NOTALLFIELDS');
$exception = oxNew(InputException::class, $message);

return $this->addValidationError("oxuser__oxpassword", $exception);
} else {
// 2. entered wrong password
if (!$user->isSamePassword($newPassword)) {
$exception = oxNew(\OxidEsales\Eshop\Core\Exception\UserException::class);
$exception->setMessage(\OxidEsales\Eshop\Core\Registry::getLang()->translateString('ERROR_MESSAGE_PASSWORD_DO_NOT_MATCH'));
$message = Registry::getLang()->translateString('ERROR_MESSAGE_PASSWORD_DO_NOT_MATCH');
$exception = oxNew(UserException::class, $message);

return $this->addValidationError("oxuser__oxpassword", $exception);
}
}
}

if ($user->checkIfEmailExists($login)) {
//if exists then we do not allow to do that
$exception = oxNew(\OxidEsales\Eshop\Core\Exception\UserException::class);
$exception->setMessage(sprintf(\OxidEsales\Eshop\Core\Registry::getLang()->translateString('ERROR_MESSAGE_USER_USEREXISTS'), $login));
$message = Registry::getLang()->translateString('ERROR_MESSAGE_USER_USEREXISTS');
$exception = oxNew(UserException::class, $message);

return $this->addValidationError("oxuser__oxusername", $exception);
}
Expand Down
Loading

0 comments on commit 3358670

Please sign in to comment.