documentation/_auth_observer_8php_source.html

 <?php
 namespace Magento\User\Observer\Backend;

 use Magento\Backend\Model\Auth\Session;
 use Magento\Backend\Model\UrlInterface;
 use Magento\Framework\Encryption\EncryptorInterface;
 use Magento\Framework\Event\Observer as EventObserver;
 use Magento\Framework\Exception\State\UserLockedException;
 use Magento\Framework\Message\ManagerInterface;
 use Magento\User\Model\Backend\Config\ObserverConfig;
 use Magento\User\Model\ResourceModel\User as ResourceUser;
 use Magento\User\Model\User;
 use Magento\Framework\Event\ObserverInterface;
 use Magento\User\Model\UserFactory;

 class AuthObserver implements ObserverInterface
 {
     protected $observerConfig;

     protected $userResource;

     protected $url;

     protected $authSession;

     protected $userFactory;

     protected $encryptor;

     protected $messageManager;

     public function __construct(
         ObserverConfig $observerConfig,
         ResourceUser $userResource,
         UrlInterface $url,
         Session $authSession,
         UserFactory $userFactory,
         EncryptorInterface $encryptor,
         ManagerInterface $messageManager
     ) {
         $this->observerConfig = $observerConfig;
         $this->userResource = $userResource;
         $this->url = $url;
         $this->authSession = $authSession;
         $this->userFactory = $userFactory;
         $this->encryptor = $encryptor;
         $this->messageManager = $messageManager;
     }

     public function execute(EventObserver $observer)
     {
         $password = $observer->getEvent()->getPassword();
         $user = $observer->getEvent()->getUser();
         $authResult = $observer->getEvent()->getResult();

         if (!$authResult && $user->getId()) {
             // update locking information regardless whether user locked or not
             $this->_updateLockingInformation($user);
         }

         // check whether user is locked
         $lockExpires = $user->getLockExpires();
         if ($lockExpires) {
             $lockExpires = new \DateTime($lockExpires);
             if ($lockExpires > new \DateTime()) {
                 throw new UserLockedException(
                     __(
                         'The account sign-in was incorrect or your account is disabled temporarily. '
                         . 'Please wait and try again later.'
                     )
                 );
             }
         }

         if (!$authResult) {
             return;
         }

         $this->userResource->unlock($user->getId());

         $latestPassword = $this->userResource->getLatestPassword($user->getId());
         $this->_checkExpiredPassword($latestPassword);

         if (!$this->encryptor->validateHashVersion($user->getPassword(), true)) {
             $user->setPassword($password)
                 ->setData('force_new_password', true)
                 ->save();
         }
     }

     private function _updateLockingInformation($user)
     {
         $now = new \DateTime();
         $lockThreshold = $this->observerConfig->getAdminLockThreshold();
         $maxFailures = $this->observerConfig->getMaxFailures();
         if (!($lockThreshold && $maxFailures)) {
             return;
         }
         $failuresNum = (int)$user->getFailuresNum() + 1;
         if ($firstFailureDate = $user->getFirstFailure()) {
             $firstFailureDate = new \DateTime($firstFailureDate);
         }

         $newFirstFailureDate = false;
         $updateLockExpires = false;
         $lockThreshInterval = new \DateInterval('PT' . $lockThreshold.'S');
         // set first failure date when this is first failure or last first failure expired
         if (1 === $failuresNum || !$firstFailureDate || $now->diff($firstFailureDate) > $lockThreshInterval) {
             $newFirstFailureDate = $now;
             // otherwise lock user
         } elseif ($failuresNum >= $maxFailures) {
             $updateLockExpires = $now->add($lockThreshInterval);
         }
         $this->userResource->updateFailure($user, $updateLockExpires, $newFirstFailureDate);
     }

     private function _checkExpiredPassword($latestPassword)
     {
         if ($latestPassword && $this->observerConfig->_isLatestPasswordExpired($latestPassword)) {
             if ($this->observerConfig->isPasswordChangeForced()) {
                 $message = __('It\'s time to change your password.');
             } else {
                 $myAccountUrl = $this->url->getUrl('adminhtml/system_account/');
                 $message = __('It\'s time to <a href="%1">change your password</a>.', $myAccountUrl);
             }

             $messages = $this->messageManager->getMessages();

             // Remove existing messages with same ID to avoid duplication
             $messages->deleteMessageByIdentifier(User::MESSAGE_ID_PASSWORD_EXPIRED);

             $this->messageManager->addNoticeMessage($message);
             $message = $messages->getLastAddedMessage();
             if ($message) {
                 $message->setIdentifier(User::MESSAGE_ID_PASSWORD_EXPIRED)->setIsSticky(true);
                 $this->authSession->setPciAdminUserIsPasswordExpired(true);
             }
         }
     }
 }
Magento\User\Model\ResourceModel\User
Definition: Collection.php:6

elseif
elseif(isset( $params[ 'redirect_parent']))
Definition: iframe.phtml:17

Magento\User\Observer\Backend\AuthObserver\$userResource
$userResource
Definition: AuthObserver.php:39

Magento\User\Observer\Backend\AuthObserver\$userFactory
$userFactory
Definition: AuthObserver.php:60

Magento\Backend\Model\Auth\Session
Definition: Session.php:27

Magento\Backend\Model\UrlInterface
Definition: UrlInterface.php:12

Magento\Framework\Event\ObserverInterface
Definition: ObserverInterface.php:16

__
__()
Definition: __.php:13

$message
$message
Definition: notifications.php:7

Magento\User\Observer\Backend\AuthObserver\$url
$url
Definition: AuthObserver.php:46

Magento\User\Model\User
Definition: User.php:38

Magento\User\Observer\Backend\AuthObserver\$authSession
$authSession
Definition: AuthObserver.php:53

Magento\Framework\Exception\State\UserLockedException
Definition: UserLockedException.php:14

Magento\Framework\Encryption\EncryptorInterface
Definition: EncryptorInterface.php:14

$user
$user
Definition: dummy_user.php:13

$observer
$observer
Definition: second_website_with_second_currency.php:38

Magento\Framework\Message\ManagerInterface
Definition: ManagerInterface.php:14

Magento\User\Model\User\MESSAGE_ID_PASSWORD_EXPIRED
const MESSAGE_ID_PASSWORD_EXPIRED
Definition: User.php:61

Magento\User\Observer\Backend\AuthObserver\__construct
__construct(ObserverConfig $observerConfig, ResourceUser $userResource, UrlInterface $url, Session $authSession, UserFactory $userFactory, EncryptorInterface $encryptor, ManagerInterface $messageManager)
Definition: AuthObserver.php:85

Magento\User\Observer\Backend
Definition: AuthObserver.php:7

Magento\Framework\Event\Observer
Definition: Collection.php:12

Magento\User\Observer\Backend\AuthObserver\$messageManager
$messageManager
Definition: AuthObserver.php:74

Magento\User\Observer\Backend\AuthObserver\$observerConfig
$observerConfig
Definition: AuthObserver.php:32

Magento\User\Model\Backend\Config\ObserverConfig
Definition: ObserverConfig.php:12

Magento\User\Observer\Backend\AuthObserver\$encryptor
$encryptor
Definition: AuthObserver.php:67

Magento\Framework\Event\ObserverInterface\execute
execute(Observer $observer)

Magento\User\Observer\Backend\AuthObserver
Definition: AuthObserver.php:25