OXDEV-9216 Fix password constraints usage

NikolaIvanovski · NikolaIvanovski · commit 19ea99a871bd · 2025-04-07T13:17:37.000+03:00
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -12,6 +12,9 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - Honeypot Captcha to detect and block bots without disrupting user experience.
 - Support of PHP 8.4
 
+### Fixed
+- Password validators are no longer used when password policy is disabled
+
 ## [1.0.0] - 2024-11-27
 This is the stable release of v1.0.0. No changes have been made since v1.0.0-rc.1.
 
diff --git a/src/Shared/Core/InputValidator.php b/src/Shared/Core/InputValidator.php
@@ -29,7 +29,7 @@ public function checkPassword($user, $newPassword, $confirmationPassword, $shoul
     {
         $settingsService = $this->getService(ModuleSettingsServiceInterface::class);
         if (!$settingsService->isPasswordPolicyEnabled()) {
-            parent::checkPassword($user, $newPassword, $confirmationPassword, $shouldCheckPasswordLength);
+            return parent::checkPassword($user, $newPassword, $confirmationPassword, $shouldCheckPasswordLength);
         }
 
         $passwordValidator = $this->getService(PasswordValidatorChainInterface::class);
diff --git a/tests/Integration/Shared/Core/InputValidatorTest.php b/tests/Integration/Shared/Core/InputValidatorTest.php
@@ -13,7 +13,9 @@
 use OxidEsales\Eshop\Core\Exception\InputException;
 use OxidEsales\Eshop\Core\Exception\UserException;
 use OxidEsales\Eshop\Core\Registry;
+use OxidEsales\EshopCommunity\Internal\Container\ContainerFactory;
 use OxidEsales\EshopCommunity\Tests\Integration\IntegrationTestCase;
+use OxidEsales\SecurityModule\PasswordPolicy\Service\ModuleSettingsServiceInterface;
 use OxidEsales\SecurityModule\Shared\Core\InputValidator;
 use PHPUnit\Framework\Attributes\DataProvider;
 
@@ -22,6 +24,8 @@ class InputValidatorTest extends IntegrationTestCase
     #[DataProvider('dataProviderPasswordError')]
     public function testInputValidationError($password, $expectedException): void
     {
+        $this->setPasswordState(true);
+
         $userModelMock = $this->createMock(User::class);
 
         $validator = oxNew(InputValidator::class);
@@ -86,4 +90,26 @@ public function testShopPasswordCheck(): void
             $exception->getMessage()
         );
     }
+
+    public function testInputValidatorPasswordConstrainsAreSkipped(): void
+    {
+        $this->setPasswordState();
+
+        $userModelMock = $this->createMock(User::class);
+
+        $password = '12345678';
+
+        $validator = oxNew(InputValidator::class);
+        $result = $validator->checkPassword($userModelMock, $password, $password);
+
+        $this->assertNull($result);
+    }
+
+    private function setPasswordState(bool $state = false)
+    {
+        return ContainerFactory::getInstance()
+            ->getContainer()
+            ->get(ModuleSettingsServiceInterface::class)
+            ->saveIsPasswordPolicyEnabled($state);
+    }
 }

Original file line number	Diff line number	Diff line change
`@@ -29,7 +29,7 @@ public function checkPassword($user, $newPassword, $confirmationPassword, $shoul`
`29`	`29`	`{`
`30`	`30`	`$settingsService = $this->getService(ModuleSettingsServiceInterface::class);`
`31`	`31`	`if (!$settingsService->isPasswordPolicyEnabled()) {`
`32`		`- parent::checkPassword($user, $newPassword, $confirmationPassword, $shouldCheckPasswordLength);`
	`32`	`+ return parent::checkPassword($user, $newPassword, $confirmationPassword, $shouldCheckPasswordLength);`
`33`	`33`	`}`
`34`	`34`
`35`	`35`	`$passwordValidator = $this->getService(PasswordValidatorChainInterface::class);`