/** * Prepare collection * * @param int $securityEventType * @param string $accountReference * @param int $longIp * @return \Magento\Security\Model\ResourceModel\PasswordResetRequestEvent\Collection */ protected function prepareCollection($securityEventType, $accountReference, $longIp) { if (null === $longIp) { $longIp = $this->remoteAddress->getRemoteAddress(); } $collection = $this->collectionFactory->create($securityEventType, $accountReference, $longIp); $periodToCheck = $this->securityConfig->getLimitationTimePeriod(); $collection->filterByLifetime($periodToCheck); return $collection; }
/** * {@inheritdoc} */ public function check($securityEventType, $accountReference = null, $longIp = null) { $isEnabled = $this->securityConfig->getPasswordResetProtectionType() != ResetMethod::OPTION_NONE; $limitTimeBetweenRequests = $this->securityConfig->getMinTimeBetweenPasswordResetRequests(); if ($isEnabled && $limitTimeBetweenRequests) { if (null === $longIp) { $longIp = $this->remoteAddress->getRemoteAddress(); } $lastRecordCreationTimestamp = $this->loadLastRecordCreationTimestamp($securityEventType, $accountReference, $longIp); if ($lastRecordCreationTimestamp && $limitTimeBetweenRequests > $this->dateTime->gmtTimestamp() - $lastRecordCreationTimestamp) { throw new SecurityViolationException(__('Too many password reset requests. Please wait and try again or contact %1.', $this->securityConfig->getCustomerServiceEmail())); } } }
/** * @param int $requestsMethod * @param int $limitTimeBetweenPasswordResetRequests */ protected function prepareTestCheck($requestsMethod, $limitTimeBetweenPasswordResetRequests) { $this->remoteAddressMock->expects($this->once())->method('getRemoteAddress')->will($this->returnValue(12345)); $this->securityConfigMock->expects($this->any())->method('getPasswordResetProtectionType')->will($this->returnValue($requestsMethod)); $this->securityConfigMock->expects($this->once())->method('getMinTimeBetweenPasswordResetRequests')->will($this->returnValue($limitTimeBetweenPasswordResetRequests)); $this->securityConfigMock->expects($this->any())->method('getCustomerServiceEmail')->will($this->returnValue('*****@*****.**')); $this->collectionFactoryMock->expects($this->once())->method('create')->willReturn($this->collectionMock); $this->collectionMock->expects($this->any())->method('addFieldToFilter')->willReturnSelf(); $this->collectionMock->expects($this->once())->method('filterLastItem')->willReturnSelf(); }
/** * Create class instance with specified parameters * * @param int $securityEventType * @param string $accountReference * @param string $longIp * @return Collection */ public function create($securityEventType = null, $accountReference = null, $longIp = null) { /** @var Collection $collection */ $collection = $this->objectManager->create($this->instanceName); if (null !== $securityEventType) { $collection->filterByRequestType($securityEventType); switch ($this->securityConfig->getPasswordResetProtectionType()) { case ResetMethod::OPTION_BY_EMAIL: $collection->filterByAccountReference($accountReference); break; case ResetMethod::OPTION_BY_IP: $collection->filterByIp($longIp); break; case ResetMethod::OPTION_BY_IP_AND_EMAIL: $collection->filterByIpOrAccountReference($longIp, $accountReference); break; default: } } return $collection; }
/** * @return void */ public function testLogoutOtherUserSessions() { $useId = 1; $sessionLifetime = 100; $sessionId = 50; $this->adminSessionInfoCollectionFactoryMock->expects($this->once())->method('create')->willReturn($this->adminSessionInfoCollectionMock); $this->authSessionMock->expects($this->once())->method('getUser')->willReturn($this->userMock); $this->authSessionMock->expects($this->once())->method('getSessionId')->willReturn($sessionId); $this->userMock->expects($this->once())->method('getId')->willReturn($useId); $this->adminSessionInfoCollectionMock->expects($this->once())->method('filterByUser')->with($useId, \Magento\Security\Model\AdminSessionInfo::LOGGED_IN, $sessionId)->willReturnSelf(); $this->securityConfigMock->expects($this->once())->method('getAdminSessionLifetime')->willReturn($sessionLifetime); $this->adminSessionInfoCollectionMock->expects($this->once())->method('filterExpiredSessions')->with($sessionLifetime)->willReturnSelf(); $this->adminSessionInfoCollectionMock->expects($this->once())->method('loadData')->willReturnSelf(); $this->adminSessionInfoCollectionMock->expects($this->once())->method('setDataToAll')->with($this->equalTo('status'), \Magento\Security\Model\AdminSessionInfo::LOGGED_OUT_MANUALLY)->willReturnSelf(); $this->adminSessionInfoCollectionMock->expects($this->once())->method('save'); $this->model->logoutOtherUserSessions(); }
/** * @param int $limitTime * @param int $scope * @dataProvider dataProviderNumberValueWithScope */ public function testGetMinTimeBetweenPasswordResetRequests($limitTime, $scope) { $this->scopeConfigMock->expects($this->once())->method('getValue')->with($this->getXmlPathPrefix($scope) . \Magento\Security\Model\Config::XML_PATH_MIN_TIME_BETWEEN_PASSWORD_RESET_REQUESTS)->willReturn($limitTime); $this->scopeMock->expects($this->once())->method('getCurrentScope')->willReturn($scope); $this->assertEquals($limitTime * 60, $this->model->getMinTimeBetweenPasswordResetRequests()); }
/** * Logout another user sessions * * @return $this */ public function logoutOtherUserSessions() { $collection = $this->createAdminSessionInfoCollection()->filterByUser($this->authSession->getUser()->getId(), \Magento\Security\Model\AdminSessionInfo::LOGGED_IN, $this->authSession->getSessionId())->filterExpiredSessions($this->securityConfig->getAdminSessionLifetime())->loadData(); $collection->setDataToAll('status', \Magento\Security\Model\AdminSessionInfo::LOGGED_OUT_MANUALLY)->save(); return $this; }