bug #105 [bug] ensure all requests are removed for user (kbond)

This PR was merged into the master branch.

Discussion
----------

[bug] ensure all requests are removed for user

A user can have multiple valid requests. This change removes them all when any one of them is used to successfully reset the user's password.

I think the BC break is negligible. Only unfortunate thing is I think the method name no longer implies what should happen here.

Commits
-------

e27a702 [bug] ensure all requests are removed for user

Author: weaverryan

src/Persistence/Repository/ResetPasswordRequestRepositoryTrait.php

@@ -61,8 +61,13 @@ public function getMostRecentNonExpiredRequestDate(object $user): ?\DateTimeInte
 
     public function removeResetPasswordRequest(ResetPasswordRequestInterface $resetPasswordRequest): void
     {
-        $this->getEntityManager()->remove($resetPasswordRequest);
-        $this->getEntityManager()->flush();
+        $this->createQueryBuilder('t')
+            ->delete()
+            ->where('t.user = :user')
+            ->setParameter('user', $resetPasswordRequest->getUser())
+            ->getQuery()
+            ->execute()
+        ;
     }
 
     public function removeExpiredResetPasswordRequests(): int

src/Persistence/ResetPasswordRequestRepositoryInterface.php

@@ -53,7 +53,10 @@ public function findResetPasswordRequest(string $selector): ?ResetPasswordReques
     public function getMostRecentNonExpiredRequestDate(object $user): ?\DateTimeInterface;
 
     /**
-     * Remove a single password reset request from persistence.
+     * Remove this reset password request from persistence and any other for this user.
+     *
+     * This method should remove this ResetPasswordRequestInterface and also all
+     * other ResetPasswordRequestInterface objects in storage for the same user.
      */
     public function removeResetPasswordRequest(ResetPasswordRequestInterface $resetPasswordRequest): void;
 

tests/Fixtures/Entity/ResetPasswordTestFixtureRequest.php

@@ -26,7 +26,7 @@ final class ResetPasswordTestFixtureRequest implements ResetPasswordRequestInter
      * @ORM\GeneratedValue()
      * @ORM\Column(type="integer")
      */
-    private $id;
+    public $id;
 
     /**
      * @ORM\Column(type="string", nullable=true)
@@ -68,5 +68,6 @@ public function getHashedToken(): string
 
     public function getUser(): object
     {
+        return $this->user;
     }
 }

tests/FunctionalTests/Persistence/ResetPasswordRequestRepositoryTest.php

@@ -152,16 +152,45 @@ public function testGetMostRecentNonExpiredRequestDateReturnsNullIfRequestNotFou
 
     public function testRemoveResetPasswordRequestRemovedGivenObjectFromPersistence(): void
     {
-        $fixture = new ResetPasswordTestFixtureRequest();
+        $userFixture = new ResetPasswordTestFixtureUser();
+        $requestFixture = new ResetPasswordTestFixtureRequest();
+        $requestFixture->user = $userFixture;
 
-        $this->manager->persist($fixture);
+        $this->manager->persist($requestFixture);
+        $this->manager->persist($userFixture);
         $this->manager->flush();
 
-        $this->repository->removeResetPasswordRequest($fixture);
+        $this->repository->removeResetPasswordRequest($requestFixture);
 
         $this->assertCount(0, $this->repository->findAll());
     }
 
+    public function testRemoveResetPasswordRequestRemovesAllRequestsForUser(): void
+    {
+        $userFixtureA = new ResetPasswordTestFixtureUser();
+        $userFixtureB = new ResetPasswordTestFixtureUser();
+        $requestFixtureA = new ResetPasswordTestFixtureRequest();
+        $requestFixtureA->user = $userFixtureA;
+        $requestFixtureB = new ResetPasswordTestFixtureRequest();
+        $requestFixtureB->user = $userFixtureA;
+        $requestFixtureC = new ResetPasswordTestFixtureRequest();
+        $requestFixtureC->user = $userFixtureB;
+
+        $this->manager->persist($requestFixtureA);
+        $this->manager->persist($requestFixtureB);
+        $this->manager->persist($requestFixtureC);
+        $this->manager->persist($userFixtureA);
+        $this->manager->persist($userFixtureB);
+        $this->manager->flush();
+
+        $this->repository->removeResetPasswordRequest($requestFixtureB);
+
+        $requests = $this->repository->findAll();
+
+        $this->assertCount(1, $requests);
+        $this->assertSame($requestFixtureC->id, $requests[0]->id);
+    }
+
     public function testRemovedExpiredResetPasswordRequestsOnlyRemovedExpiredRequestsFromPersistence(): void
     {
         $expiredFixture = new ResetPasswordTestFixtureRequest();