/**
* Force admin to change password
*
* @param EventObserver $observer
* @return void
*/
public function execute(EventObserver $observer)
{
if (!$this->observerConfig->isPasswordChangeForced()) {
return;
}
if (!$this->authSession->isLoggedIn()) {
return;
}
$actionList = ['adminhtml_system_account_index', 'adminhtml_system_account_save', 'adminhtml_auth_logout'];
/** @var \Magento\Framework\App\Action\Action $controller */
$controller = $observer->getEvent()->getControllerAction();
/** @var \Magento\Framework\App\RequestInterface $request */
$request = $observer->getEvent()->getRequest();
if ($this->authSession->getPciAdminUserIsPasswordExpired()) {
if (!in_array($request->getFullActionName(), $actionList)) {
if ($this->authorization->isAllowed('Magento_Backend::myaccount')) {
$controller->getResponse()->setRedirect($this->url->getUrl('adminhtml/system_account/'));
$this->actionFlag->set('', \Magento\Framework\App\Action\Action::FLAG_NO_DISPATCH, true);
$this->actionFlag->set('', \Magento\Framework\App\Action\Action::FLAG_NO_POST_DISPATCH, true);
} else {
/*
* if admin password is expired and access to 'My Account' page is denied
* than we need to do force logout with error message
*/
$this->authSession->clearStorage();
$this->session->clearStorage();
$this->messageManager->addErrorMessage(__('Your password has expired; please contact your administrator.'));
$controller->getRequest()->setDispatched(false);
}
}
}
}
/**
* Save current admin password to prevent its usage when changed in the future.
*
* @param EventObserver $observer
* @return void
*/
public function execute(EventObserver $observer)
{
/* @var $user \Magento\User\Model\User */
$user = $observer->getEvent()->getObject();
if ($user->getId()) {
$passwordHash = $user->getPassword();
$passwordLifetime = $this->observerConfig->getAdminPasswordLifetime();
if ($passwordLifetime && $passwordHash && !$user->getForceNewPassword()) {
$this->userResource->trackPassword($user, $passwordHash, $passwordLifetime);
$this->messageManager->getMessages()->deleteMessageByIdentifier('magento_user_password_expired');
$this->authSession->unsPciAdminUserIsPasswordExpired();
}
}
}
/**
* Check whether the latest password is expired
* Side-effect can be when passwords were changed with different lifetime configuration settings
*
* @param array $latestPassword
* @return void
*/
private function _checkExpiredPassword($latestPassword)
{
if ($latestPassword && $this->observerConfig->_isLatestPasswordExpired($latestPassword)) {
if ($this->observerConfig->isPasswordChangeForced()) {
$message = __('It\'s time to change your password.');
} else {
$myAccountUrl = $this->url->getUrl('adminhtml/system_account/');
$message = __('It\'s time to <a href="%1">change your password</a>.', $myAccountUrl);
}
$this->messageManager->addNoticeMessage($message);
$message = $this->messageManager->getMessages()->getLastAddedMessage();
if ($message) {
$message->setIdentifier('magento_user_password_expired')->setIsSticky(true);
$this->authSession->setPciAdminUserIsPasswordExpired(true);
}
}
}
