MAGETWO-62966: Storefront Password Strength validator ignores case when Email = Password

- Refactor after CR

Author: Oleksandr Dubovyk

Diff for: app/code/Magento/Customer/Model/AccountManagement.php

@@ -666,7 +666,11 @@ public function createAccount(CustomerInterface $customer, $password = null, $re
         if ($password !== null) {
             $this->checkPasswordStrength($password);
             $customerEmail = $customer->getEmail();
-            $this->credentialsValidator->checkPasswordDifferentFromEmail($customerEmail, $password);
+            try {
+                $this->credentialsValidator->checkPasswordDifferentFromEmail($customerEmail, $password);
+            } catch (InputException $e) {
+                throw new LocalizedException(__('Password cannot be the same as email address.'));
+            }
             $hash = $this->createPasswordHash($password);
         } else {
             $hash = null;
@@ -838,6 +842,8 @@ private function changePasswordForCustomer($customer, $currentPassword, $newPass
         } catch (InvalidEmailOrPasswordException $e) {
             throw new InvalidEmailOrPasswordException(__('The password doesn\'t match this account.'));
         }
+        $customerEmail = $customer->getEmail();
+        $this->credentialsValidator->checkPasswordDifferentFromEmail($customerEmail, $newPassword);
         $customerSecure = $this->customerRegistry->retrieveSecureData($customer->getId());
         $customerSecure->setRpToken(null);
         $customerSecure->setRpTokenCreatedAt(null);

Diff for: app/code/Magento/Customer/Model/Customer/CredentialsValidator.php

@@ -12,7 +12,7 @@
 class CredentialsValidator
 {
     /**
-     * Check that password is different from login.
+     * Check that password is different from email.
      *
      * @param string $email
      * @param string $password

Diff for: app/code/Magento/Customer/view/frontend/web/change-email-password.js

@@ -140,7 +140,7 @@ define([
                 'data-validate',
                 '{required:true, ' +
                 '\'validate-customer-password\':true, ' +
-                '\'password-not-equal-to-email\':\'' + $(this.options.emailSelector).val() + '\'}'
+                '\'password-not-equal-to-user-name\':\'' + $(this.options.emailSelector).val() + '\'}'
             ).prop('disabled', false);
         }
     });

Diff for: dev/tests/js/jasmine/tests/lib/mage/validation.test.js

@@ -163,4 +163,24 @@ define([
             )).toBeFalsy();
         });
     });
+
+    describe('Validation of the password against the user name', function () {
+        it("rejects data, if password is the same as user name", function() {
+            var password = $('<input id="password" type="password" value="EmailPasswordTheSame" />');
+            var email = $('<input id="email" type="email" value="EmailPasswordTheSame" />');
+
+            expect($.validator.methods['password-not-equal-to-user-name'].call(
+                $.validator.prototype, password.val(), null, email.val()
+            )).toEqual(false);
+        });
+
+        it("approves data, if password is different from user name", function() {
+            var password = $('<input id="password" type="password" value="SomePassword" />');
+            var email = $('<input id="email" type="email" value="SomeEmail" />');
+
+            expect($.validator.methods['password-not-equal-to-user-name'].call(
+                $.validator.prototype, password.val(), null, email.val()
+            )).toEqual(true);
+        });
+    });
 });

Diff for: lib/web/mage/validation.js

@@ -1556,7 +1556,7 @@
             },
             ''
         ],
-        'password-not-equal-to-email': [
+        'password-not-equal-to-user-name': [
             function (value, element, params) {
                 if (typeof params === 'string') {
                     return value.toLowerCase() !== params.toLowerCase();

Diff for: setup/pub/magento/setup/create-admin-account.js

@@ -107,11 +107,10 @@ angular.module('create-admin-account', ['ngStorage'])
             }
         };
     })
-    .directive('checkEmailPassword', function() {
+    .directive('checkUserNamePassword', function() {
         return{
             require: "ngModel",
             link: function(scope, elm, attrs, ctrl){
-
                 var validator = function(value){
                     var password = value,
                         userName = scope.account.adminUsername.$viewValue;
@@ -120,11 +119,10 @@ angular.module('create-admin-account', ['ngStorage'])
                         password = password.toLowerCase();
                     }
                     if (userName) {
-                        userName = scope.account.adminUsername.$viewValue.toLowerCase();
+                        userName = userName.toLowerCase();
                     }
 
-                    ctrl.$setValidity('checkEmailPasswordDifferent', password !== userName);
-
+                    ctrl.$setValidity('checkUserNamePasswordDifferent', password !== userName);
                     return value;
                 };
 

Diff for: setup/view/magento/setup/create-admin-account.phtml

@@ -162,13 +162,13 @@ $passwordWizard = sprintf(
                 ng-class="{'invalid': account.adminPassword.$invalid && account.submitted}"
                 required
                 check-Password
-                check-Email-Password
+                check-User-Name-Password
                 >
             <div class="error-container">
                 <span ng-show="account.adminPassword.$error.checkPassword">
                     Please enter a mix of at least 7 alpha-numeric characters.
                 </span>
-                <span ng-show="account.adminPassword.$error.checkEmailPasswordDifferent">
+                <span ng-show="account.adminPassword.$error.checkUserNamePasswordDifferent">
                     Password cannot be the same as the user name.
                 </span>
                 <span ng-show="account.adminPassword.$error.required">