From 0abb68250cd1b8ed94bcda557b1ec4b2849e2969 Mon Sep 17 00:00:00 2001
From: Riccardo Tempesta <info@riccardotempesta.com>
Date: Sat, 28 Apr 2018 21:49:49 +0200
Subject: [PATCH 1/2] Fix issue #14895 - Change Password warning message appear
 two times The password change notice was a sticky message activated by
 admin_user_authenticate_after event. The password change page requires the
 current user password and thus triggering admin_user_authenticate_after while
 saving. One message was added every time the user was saved.

---
 app/code/Magento/User/Model/User.php                      | 2 ++
 app/code/Magento/User/Observer/Backend/AuthObserver.php   | 8 ++++++--
 .../Observer/Backend/TrackAdminNewPasswordObserver.php    | 3 ++-
 3 files changed, 10 insertions(+), 3 deletions(-)

diff --git a/app/code/Magento/User/Model/User.php b/app/code/Magento/User/Model/User.php
index a5dd6ac2e7813..29618c981a2b9 100644
--- a/app/code/Magento/User/Model/User.php
+++ b/app/code/Magento/User/Model/User.php
@@ -48,6 +48,8 @@ class User extends AbstractModel implements StorageInterface, UserInterface
     /** @deprecated */
     const XML_PATH_RESET_PASSWORD_TEMPLATE = 'admin/emails/reset_password_template';
 
+    const MESSAGE_ID_PASSWORD_EXPIRED = 'magento_user_password_expired';
+
     /**
      * Model event prefix
      *
diff --git a/app/code/Magento/User/Observer/Backend/AuthObserver.php b/app/code/Magento/User/Observer/Backend/AuthObserver.php
index 6021302a5aeb7..feffdcee31f76 100644
--- a/app/code/Magento/User/Observer/Backend/AuthObserver.php
+++ b/app/code/Magento/User/Observer/Backend/AuthObserver.php
@@ -152,7 +152,7 @@ public function execute(EventObserver $observer)
     /**
      * Update locking information for the user
      *
-     * @param \Magento\User\Model\User $user
+     * @param User $user
      * @return void
      */
     private function _updateLockingInformation($user)
@@ -198,10 +198,14 @@ private function _checkExpiredPassword($latestPassword)
                 $myAccountUrl = $this->url->getUrl('adminhtml/system_account/');
                 $message = __('It\'s time to <a href="%1">change your password</a>.', $myAccountUrl);
             }
+
+            // Avoid duplicating the message
+            $this->messageManager->getMessages()->deleteMessageByIdentifier(User::MESSAGE_ID_PASSWORD_EXPIRED);
+
             $this->messageManager->addNoticeMessage($message);
             $message = $this->messageManager->getMessages()->getLastAddedMessage();
             if ($message) {
-                $message->setIdentifier('magento_user_password_expired')->setIsSticky(true);
+                $message->setIdentifier(User::MESSAGE_ID_PASSWORD_EXPIRED)->setIsSticky(true);
                 $this->authSession->setPciAdminUserIsPasswordExpired(true);
             }
         }
diff --git a/app/code/Magento/User/Observer/Backend/TrackAdminNewPasswordObserver.php b/app/code/Magento/User/Observer/Backend/TrackAdminNewPasswordObserver.php
index 09605372df181..059879ab9613f 100644
--- a/app/code/Magento/User/Observer/Backend/TrackAdminNewPasswordObserver.php
+++ b/app/code/Magento/User/Observer/Backend/TrackAdminNewPasswordObserver.php
@@ -8,6 +8,7 @@
 
 use Magento\Framework\Event\Observer as EventObserver;
 use Magento\Framework\Event\ObserverInterface;
+use Magento\User\Model\User;
 
 /**
  * User backend observer model for passwords
@@ -74,7 +75,7 @@ public function execute(EventObserver $observer)
             $passwordHash = $user->getPassword();
             if ($passwordHash && !$user->getForceNewPassword()) {
                 $this->userResource->trackPassword($user, $passwordHash);
-                $this->messageManager->getMessages()->deleteMessageByIdentifier('magento_user_password_expired');
+                $this->messageManager->getMessages()->deleteMessageByIdentifier(User::MESSAGE_ID_PASSWORD_EXPIRED);
                 $this->authSession->unsPciAdminUserIsPasswordExpired();
             }
         }

From 8d8706efe5330a62217603bfea8ee511ae138bd5 Mon Sep 17 00:00:00 2001
From: Riccardo Tempesta <info@riccardotempesta.com>
Date: Sun, 29 Apr 2018 17:26:18 +0200
Subject: [PATCH 2/2] Single call for getMessages()
 app/code/Magento/User/Test/Unit/Observer/Backend/AuthObserverTest.php is
 checking for a single getMessages() call

---
 app/code/Magento/User/Observer/Backend/AuthObserver.php | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/app/code/Magento/User/Observer/Backend/AuthObserver.php b/app/code/Magento/User/Observer/Backend/AuthObserver.php
index feffdcee31f76..06b15a477d84d 100644
--- a/app/code/Magento/User/Observer/Backend/AuthObserver.php
+++ b/app/code/Magento/User/Observer/Backend/AuthObserver.php
@@ -199,11 +199,13 @@ private function _checkExpiredPassword($latestPassword)
                 $message = __('It\'s time to <a href="%1">change your password</a>.', $myAccountUrl);
             }
 
-            // Avoid duplicating the message
-            $this->messageManager->getMessages()->deleteMessageByIdentifier(User::MESSAGE_ID_PASSWORD_EXPIRED);
+            $messages = $this->messageManager->getMessages();
+
+            // Remove existing messages with same ID to avoid duplication
+            $messages->deleteMessageByIdentifier(User::MESSAGE_ID_PASSWORD_EXPIRED);
 
             $this->messageManager->addNoticeMessage($message);
-            $message = $this->messageManager->getMessages()->getLastAddedMessage();
+            $message = $messages->getLastAddedMessage();
             if ($message) {
                 $message->setIdentifier(User::MESSAGE_ID_PASSWORD_EXPIRED)->setIsSticky(true);
                 $this->authSession->setPciAdminUserIsPasswordExpired(true);