Magento 2 Documentation  2.3
Documentation for Magento 2 CMS v2.3 (December 2018)
AdminSessionsManager.php
Go to the documentation of this file.
1 <?php
7 namespace Magento\Security\Model;
8 
10 use \Magento\Security\Model\ResourceModel\AdminSessionInfo\CollectionFactory;
11 
19 {
23  const ADMIN_SESSION_LIFETIME = 86400;
24 
29 
34  protected $securityConfig;
35 
40  protected $authSession;
41 
47 
53 
58  protected $currentSession;
59 
63  private $dateTime;
64 
68  private $remoteAddress;
69 
76  private $maxIntervalBetweenConsecutiveProlongs = 60;
77 
86  public function __construct(
88  \Magento\Backend\Model\Auth\Session $authSession,
89  \Magento\Security\Model\AdminSessionInfoFactory $adminSessionInfoFactory,
91  \Magento\Framework\Stdlib\DateTime\DateTime $dateTime,
92  RemoteAddress $remoteAddress
93  ) {
94  $this->securityConfig = $securityConfig;
95  $this->authSession = $authSession;
96  $this->adminSessionInfoFactory = $adminSessionInfoFactory;
97  $this->adminSessionInfoCollectionFactory = $adminSessionInfoCollectionFactory;
98  $this->dateTime = $dateTime;
99  $this->remoteAddress = $remoteAddress;
100  }
101 
108  public function processLogin()
109  {
110  $this->createNewSession();
111 
112  $olderThen = $this->dateTime->gmtTimestamp() - $this->securityConfig->getAdminSessionLifetime();
113  if (!$this->securityConfig->isAdminAccountSharingEnabled()) {
114  $result = $this->createAdminSessionInfoCollection()->updateActiveSessionsStatus(
116  $this->getCurrentSession()->getUserId(),
117  $this->getCurrentSession()->getSessionId(),
118  $olderThen
119  );
120  if ($result) {
121  $this->getCurrentSession()->setIsOtherSessionsTerminated(true);
122  }
123  }
124 
125  return $this;
126  }
127 
134  public function processProlong()
135  {
136  if ($this->lastProlongIsOldEnough()) {
137  $this->getCurrentSession()->setData(
138  'updated_at',
139  date(
140  \Magento\Framework\Stdlib\DateTime::DATETIME_PHP_FORMAT,
141  $this->authSession->getUpdatedAt()
142  )
143  );
144  $this->getCurrentSession()->save();
145  }
146 
147  return $this;
148  }
149 
156  public function processLogout()
157  {
158  $this->getCurrentSession()->setData(
159  'status',
161  );
162  $this->getCurrentSession()->save();
163 
164  return $this;
165  }
166 
173  public function getCurrentSession()
174  {
175  if (!$this->currentSession) {
176  $this->currentSession = $this->adminSessionInfoFactory->create();
177  $this->currentSession->load($this->authSession->getSessionId(), 'session_id');
178  }
179 
180  return $this->currentSession;
181  }
182 
190  public function getLogoutReasonMessageByStatus($statusCode)
191  {
192  switch ((int)$statusCode) {
194  $reasonMessage = null;
195  break;
197  $reasonMessage = __(
198  'Someone logged into this account from another device or browser.'
199  .' Your current session is terminated.'
200  );
201  break;
203  $reasonMessage = __(
204  'Your current session is terminated by another user of this account.'
205  );
206  break;
208  $reasonMessage = __(
209  'Your account is temporarily disabled. Please try again later.'
210  );
211  break;
212  default:
213  $reasonMessage = __('Your current session has been expired.');
214  break;
215  }
216 
217  return $reasonMessage;
218  }
219 
226  public function getLogoutReasonMessage()
227  {
228  return $this->getLogoutReasonMessageByStatus(
229  $this->getCurrentSession()->getStatus()
230  );
231  }
232 
239  public function getSessionsForCurrentUser()
240  {
241  return $this->createAdminSessionInfoCollection()
242  ->filterByUser($this->authSession->getUser()->getId(), \Magento\Security\Model\AdminSessionInfo::LOGGED_IN)
243  ->filterExpiredSessions($this->securityConfig->getAdminSessionLifetime())
244  ->loadData();
245  }
246 
253  public function logoutOtherUserSessions()
254  {
256  ->filterByUser(
257  $this->authSession->getUser()->getId(),
259  $this->authSession->getSessionId()
260  )
261  ->filterExpiredSessions($this->securityConfig->getAdminSessionLifetime())
262  ->loadData();
263 
264  $collection->setDataToAll('status', \Magento\Security\Model\AdminSessionInfo::LOGGED_OUT_MANUALLY)
265  ->save();
266 
267  return $this;
268  }
269 
276  public function cleanExpiredSessions()
277  {
278  $this->createAdminSessionInfoCollection()->deleteSessionsOlderThen(
279  $this->dateTime->gmtTimestamp() - self::ADMIN_SESSION_LIFETIME
280  );
281 
282  return $this;
283  }
284 
291  protected function createNewSession()
292  {
293  $this->adminSessionInfoFactory
294  ->create()
295  ->setData(
296  [
297  'session_id' => $this->authSession->getSessionId(),
298  'user_id' => $this->authSession->getUser()->getId(),
299  'ip' => $this->remoteAddress->getRemoteAddress(),
300  'status' => AdminSessionInfo::LOGGED_IN
301  ]
302  )->save();
303 
304  return $this;
305  }
306 
311  protected function createAdminSessionInfoCollection()
312  {
313  return $this->adminSessionInfoCollectionFactory->create();
314  }
315 
327  private function lastProlongIsOldEnough()
328  {
329  $lastProlongTimestamp = strtotime($this->getCurrentSession()->getUpdatedAt());
330  $nowTimestamp = $this->authSession->getUpdatedAt();
331 
332  $diff = $nowTimestamp - $lastProlongTimestamp;
333 
334  return (float) $diff > $this->getIntervalBetweenConsecutiveProlongs();
335  }
336 
346  private function getIntervalBetweenConsecutiveProlongs()
347  {
348  return (float) max(
349  1,
350  min(
351  4 * log((float)$this->securityConfig->getAdminSessionLifetime()),
352  $this->maxIntervalBetweenConsecutiveProlongs
353  )
354  );
355  }
356 }
__()
Definition: __.php:13
__construct(ConfigInterface $securityConfig, \Magento\Backend\Model\Auth\Session $authSession, \Magento\Security\Model\AdminSessionInfoFactory $adminSessionInfoFactory, \Magento\Security\Model\ResourceModel\AdminSessionInfo\CollectionFactory $adminSessionInfoCollectionFactory, \Magento\Framework\Stdlib\DateTime\DateTime $dateTime, RemoteAddress $remoteAddress)
$dateTime