/**
  * Force admin to change password
  *
  * @param EventObserver $observer
  * @return void
  */
 public function execute(EventObserver $observer)
 {
     if (!$this->observerConfig->isPasswordChangeForced()) {
         return;
     }
     if (!$this->authSession->isLoggedIn()) {
         return;
     }
     $actionList = ['adminhtml_system_account_index', 'adminhtml_system_account_save', 'adminhtml_auth_logout'];
     /** @var \Magento\Framework\App\Action\Action $controller */
     $controller = $observer->getEvent()->getControllerAction();
     /** @var \Magento\Framework\App\RequestInterface $request */
     $request = $observer->getEvent()->getRequest();
     if ($this->authSession->getPciAdminUserIsPasswordExpired()) {
         if (!in_array($request->getFullActionName(), $actionList)) {
             if ($this->authorization->isAllowed('Magento_Backend::myaccount')) {
                 $controller->getResponse()->setRedirect($this->url->getUrl('adminhtml/system_account/'));
                 $this->actionFlag->set('', \Magento\Framework\App\Action\Action::FLAG_NO_DISPATCH, true);
                 $this->actionFlag->set('', \Magento\Framework\App\Action\Action::FLAG_NO_POST_DISPATCH, true);
             } else {
                 /*
                  * if admin password is expired and access to 'My Account' page is denied
                  * than we need to do force logout with error message
                  */
                 $this->authSession->clearStorage();
                 $this->session->clearStorage();
                 $this->messageManager->addErrorMessage(__('Your password has expired; please contact your administrator.'));
                 $controller->getRequest()->setDispatched(false);
             }
         }
     }
 }
 /**
  * Check whether the latest password is expired
  * Side-effect can be when passwords were changed with different lifetime configuration settings
  *
  * @param array $latestPassword
  * @return void
  */
 private function _checkExpiredPassword($latestPassword)
 {
     if ($latestPassword && $this->observerConfig->_isLatestPasswordExpired($latestPassword)) {
         if ($this->observerConfig->isPasswordChangeForced()) {
             $message = __('It\'s time to change your password.');
         } else {
             $myAccountUrl = $this->url->getUrl('adminhtml/system_account/');
             $message = __('It\'s time to <a href="%1">change your password</a>.', $myAccountUrl);
         }
         $this->messageManager->addNoticeMessage($message);
         $message = $this->messageManager->getMessages()->getLastAddedMessage();
         if ($message) {
             $message->setIdentifier('magento_user_password_expired')->setIsSticky(true);
             $this->authSession->setPciAdminUserIsPasswordExpired(true);
         }
     }
 }