Fix lost password page visibility when logged in (#49670)

* Split logged in/logged out views in my account rendering

* Redirect to edit account when using lost password when logged in

* changelog

* logout before running test

* esc_url_raw

plugins/woocommerce/changelog/fix-lost-password-page-visibility-28956

@@ -0,0 +1,4 @@
+Significance: minor
+Type: fix
+
+Redirect the lost password page to edit account while logged in.

plugins/woocommerce/includes/shortcodes/class-wc-shortcode-my-account.php

@@ -39,7 +39,12 @@ class WC_Shortcode_My_Account {
 			return;
 		}
 
-		if ( ! is_user_logged_in() || isset( $wp->query_vars['lost-password'] ) ) {
+		if ( ! is_user_logged_in() ) {
+			/**
+			 * Filters the message shown on the 'my account' page when the user is not logged in.
+			 *
+			 * @since 2.6.0
+			 */
 			$message = apply_filters( 'woocommerce_my_account_message', '' );
 
 			if ( ! empty( $message ) ) {
@@ -56,50 +61,16 @@ class WC_Shortcode_My_Account {
 			} else {
 				wc_get_template( 'myaccount/form-login.php' );
 			}
-		} else {
-			// Start output buffer since the html may need discarding for BW compatibility.
-			ob_start();
-
-			if ( isset( $wp->query_vars['customer-logout'] ) ) {
-				/* translators: %s: logout url */
-				wc_add_notice( sprintf( __( 'Are you sure you want to log out? <a href="%s">Confirm and log out</a>', 'woocommerce' ), wc_logout_url() ) );
-			}
-
-			// Collect notices before output.
-			$notices = wc_get_notices();
-
-			// Output the new account page.
-			self::my_account( $atts );
-
-			/**
-			 * Deprecated my-account.php template handling. This code should be
-			 * removed in a future release.
-			 *
-			 * If woocommerce_account_content did not run, this is an old template
-			 * so we need to render the endpoint content again.
-			 */
-			if ( ! did_action( 'woocommerce_account_content' ) ) {
-				if ( ! empty( $wp->query_vars ) ) {
-					foreach ( $wp->query_vars as $key => $value ) {
-						if ( 'pagename' === $key ) {
-							continue;
-						}
-						if ( has_action( 'woocommerce_account_' . $key . '_endpoint' ) ) {
-							ob_clean(); // Clear previous buffer.
-							wc_set_notices( $notices );
-							wc_print_notices();
-							do_action( 'woocommerce_account_' . $key . '_endpoint', $value );
-							break;
-						}
-					}
-
-					wc_deprecated_function( 'Your theme version of my-account.php template', '2.6', 'the latest version, which supports multiple account pages and navigation, from WC 2.6.0' );
-				}
-			}
-
-			// Send output buffer.
-			ob_end_flush();
+			return;
 		}
+
+		if ( isset( $wp->query_vars['customer-logout'] ) ) {
+			/* translators: %s: logout url */
+			wc_add_notice( sprintf( __( 'Are you sure you want to log out? <a href="%s">Confirm and log out</a>', 'woocommerce' ), wc_logout_url() ) );
+		}
+
+		// Output the my account page.
+		self::my_account( $atts );
 	}
 
 	/**

plugins/woocommerce/includes/wc-template-functions.php

@@ -46,6 +46,12 @@ function wc_template_redirect() {
 		exit;
 	}
 
+	// Redirect to edit account if trying to recover password whilst logged in.
+	if ( isset( $wp->query_vars['lost-password'] ) && is_user_logged_in() ) {
+		wp_safe_redirect( esc_url_raw( wc_get_endpoint_url( 'edit-account', '', wc_get_page_permalink( 'myaccount' ) ) ) );
+		exit;
+	}
+
 	// Trigger 404 if trying to access an endpoint on wrong page.
 	if ( is_wc_endpoint_url() && ! is_account_page() && ! is_checkout() && apply_filters( 'woocommerce_account_endpoint_page_not_found', true ) ) {
 		$wp_query->set_404();

plugins/woocommerce/tests/e2e-pw/tests/shopper/account-email-receiving.spec.js

@@ -226,6 +226,9 @@ test.describe(
 		test( 'should receive an email when initiating a password reset', async ( {
 			page,
 		} ) => {
+			// Effect a log out/simulate a new browsing session by dropping all cookies.
+			await page.context().clearCookies();
+			await page.reload();
 			await page.goto( 'my-account/lost-password/' );
 
 			await test.step( 'initiate password reset from my account', async () => {