Magento 2 Documentation  2.3
Documentation for Magento 2 CMS v2.3 (December 2018)
AuthObserver.php
Go to the documentation of this file.
1 <?php
8 
19 use Magento\User\Model\UserFactory;
20 
26 {
32  protected $observerConfig;
33 
39  protected $userResource;
40 
46  protected $url;
47 
53  protected $authSession;
54 
60  protected $userFactory;
61 
67  protected $encryptor;
68 
74  protected $messageManager;
75 
85  public function __construct(
90  UserFactory $userFactory,
93  ) {
94  $this->observerConfig = $observerConfig;
95  $this->userResource = $userResource;
96  $this->url = $url;
97  $this->authSession = $authSession;
98  $this->userFactory = $userFactory;
99  $this->encryptor = $encryptor;
100  $this->messageManager = $messageManager;
101  }
102 
110  public function execute(EventObserver $observer)
111  {
112  $password = $observer->getEvent()->getPassword();
114  $user = $observer->getEvent()->getUser();
115  $authResult = $observer->getEvent()->getResult();
116 
117  if (!$authResult && $user->getId()) {
118  // update locking information regardless whether user locked or not
119  $this->_updateLockingInformation($user);
120  }
121 
122  // check whether user is locked
123  $lockExpires = $user->getLockExpires();
124  if ($lockExpires) {
125  $lockExpires = new \DateTime($lockExpires);
126  if ($lockExpires > new \DateTime()) {
127  throw new UserLockedException(
128  __(
129  'The account sign-in was incorrect or your account is disabled temporarily. '
130  . 'Please wait and try again later.'
131  )
132  );
133  }
134  }
135 
136  if (!$authResult) {
137  return;
138  }
139 
140  $this->userResource->unlock($user->getId());
141 
142  $latestPassword = $this->userResource->getLatestPassword($user->getId());
143  $this->_checkExpiredPassword($latestPassword);
144 
145  if (!$this->encryptor->validateHashVersion($user->getPassword(), true)) {
146  $user->setPassword($password)
147  ->setData('force_new_password', true)
148  ->save();
149  }
150  }
151 
158  private function _updateLockingInformation($user)
159  {
160  $now = new \DateTime();
161  $lockThreshold = $this->observerConfig->getAdminLockThreshold();
162  $maxFailures = $this->observerConfig->getMaxFailures();
163  if (!($lockThreshold && $maxFailures)) {
164  return;
165  }
166  $failuresNum = (int)$user->getFailuresNum() + 1;
168  if ($firstFailureDate = $user->getFirstFailure()) {
169  $firstFailureDate = new \DateTime($firstFailureDate);
170  }
171 
172  $newFirstFailureDate = false;
173  $updateLockExpires = false;
174  $lockThreshInterval = new \DateInterval('PT' . $lockThreshold.'S');
175  // set first failure date when this is first failure or last first failure expired
176  if (1 === $failuresNum || !$firstFailureDate || $now->diff($firstFailureDate) > $lockThreshInterval) {
177  $newFirstFailureDate = $now;
178  // otherwise lock user
179  } elseif ($failuresNum >= $maxFailures) {
180  $updateLockExpires = $now->add($lockThreshInterval);
181  }
182  $this->userResource->updateFailure($user, $updateLockExpires, $newFirstFailureDate);
183  }
184 
192  private function _checkExpiredPassword($latestPassword)
193  {
194  if ($latestPassword && $this->observerConfig->_isLatestPasswordExpired($latestPassword)) {
195  if ($this->observerConfig->isPasswordChangeForced()) {
196  $message = __('It\'s time to change your password.');
197  } else {
198  $myAccountUrl = $this->url->getUrl('adminhtml/system_account/');
199  $message = __('It\'s time to <a href="%1">change your password</a>.', $myAccountUrl);
200  }
201 
202  $messages = $this->messageManager->getMessages();
203 
204  // Remove existing messages with same ID to avoid duplication
205  $messages->deleteMessageByIdentifier(User::MESSAGE_ID_PASSWORD_EXPIRED);
206 
207  $this->messageManager->addNoticeMessage($message);
208  $message = $messages->getLastAddedMessage();
209  if ($message) {
210  $message->setIdentifier(User::MESSAGE_ID_PASSWORD_EXPIRED)->setIsSticky(true);
211  $this->authSession->setPciAdminUserIsPasswordExpired(true);
212  }
213  }
214  }
215 }
elseif(isset( $params[ 'redirect_parent']))
Definition: iframe.phtml:17
__()
Definition: __.php:13
$message
$user
Definition: dummy_user.php:13
const MESSAGE_ID_PASSWORD_EXPIRED
Definition: User.php:61
__construct(ObserverConfig $observerConfig, ResourceUser $userResource, UrlInterface $url, Session $authSession, UserFactory $userFactory, EncryptorInterface $encryptor, ManagerInterface $messageManager)